openstack安装指南

OpenStack安装指南

配置时间同步服务（NTP）

Controller node

安装并配置chrony
[root@controller ~]# yum install chrony -y

[root@controller ~]# sed -i ‘26a allow 10.0.0.0/24’ /etc/chrony.conf

设置开机自启并启动服务
[root@controller ~]# systemctl enable chronyd.service

[root@controller ~]# systemctl start chronyd.service

Other nodes

安装并配置chrony
[root@compute ~]# sed -i ‘s/^server/#server/’ /etc/chrony.conf

[root@compute ~]# sed -i ‘6a server controller’ /etc/chrony.conf

设置开机自启并启动服务
[root@compute ~]# systemctl enable chronyd.service

[root@compute ~]# systemctl start chronyd.service

安装并配置chrony
[root@storage ~]# sed -i ‘s/^server/#server/’ /etc/chrony.conf

[root@storage ~]# sed -i ‘6a server controller’ /etc/chrony.conf

设置开机自启并启动服务
[root@storage ~]# systemctl enable chronyd.service

[root@storage ~]# systemctl start chronyd.service

验证操作：
[root@compute ~]# date -s ‘2001-09-11 11:30:00’

[root@compute ~]# systemctl restart chronyd

[root@compute ~]# timedatectl #重启后需要等待几分钟方可同步成功

安装openstack包及数据库（所有节点）

Controller node

安装openstack存储库、OpenStack客户端、selinux扩展包

[root@controller ~]# yum install python-openstackclient openstack-selinux \

mariadb mariadb-server python2-PyMySQL -y

[root@controller ~]# tee /etc/my.cnf.d/openstack.cnf <<-‘EOF’

[mysqld]

bind-address = 10.0.0.10

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

EOF

[root@controller ~]# systemctl start mariadb.service

[root@controller ~]# systemctl enable mariadb.service

数据库初始化：

[root@controller ~]# mysql_secure_installation

Enter current password for root (enter for none): #回车

Set root password? [Y/n] y #密码

Remove anonymous users? [Y/n] y #移除匿名用户

Disallow root login remotely? [Y/n] n #不关闭root远程登录

Remove test database and access to it? [Y/n] y #删除测试数据库

Reload privilege tables now? [Y/n] y

Thanks for using MariaDB!

安装memcache缓存服务器，并修改配置文件

[root@controller ~]# yum -y install memcached python-memcached

[root@controller ~]# sed -i ‘s/::1/::1,10.0.0.10/’ /etc/sysconfig/memcached

[root@controller ~]# systemctl start memcached.service

[root@controller ~]# systemctl enable memcached.service

Other nodes

[root@compute ~]# yum install centos-release-openstack-ocata -y

[root@compute ~]# yum upgrade

[root@storage ~]# yum install centos-release-openstack-ocata -y

[root@storage ~]# yum upgrade

安装rabbitmq消息队列

yum -y install erlang rabbitmq-server.noarch（在controller、compute、storage上都安装）

安装服务并设置开机自启动：三台都要做原理相同

[root@controller ~]# yum -y install erlang rabbitmq-server.noarch

[root@controller ~]# systemctl start rabbitmq-server.service

[root@controller ~]# systemctl enable rabbitmq-server.service

查看服务端口是否开启

[root@controller ~]# ss -ntulp |grep 5672

tcp LISTEN 0 128 *:25672 : users:((“beam.smp”,pid=1046,fd=8))

tcp LISTEN 0 128 [::]:5672 [::] users:((“beam.smp”,pid=1046,fd=16))

查看集群状态

[root@controller ~]# rabbitmqctl cluster_status

编辑rabbitmq变量文件

[root@controller ~]# tee /etc/rabbitmq/rabbitmq-env.conf <<-‘EOF’

RABBITMQ_NODE_PORT=5672

ulimit -S -n 4096

RABBITMQ_SERVER_ERL_ARGS=“+K true +A30 +P 1048576 -kernel inet_default_connect_options [{nodelay,true},{raw,6,18,<<5000:64/native>>}] -kernel inet_default_listen_options [{raw,6,18,<<5000:64/native>>}]”

RABBITMQ_NODE_IP_ADDRESS=10.0.0.10

EOF

将配置文件发送到compute、storage节点，并将IP地址改为对应主机的IP

[root@controller ~]# scp /etc/rabbitmq/rabbitmq-env.conf root@compute:/etc/rabbitmq/rabbitmq-env.conf

rabbitmq-env.conf 100% 285 117.2KB/s 00:00

[root@controller ~]# scp /etc/rabbitmq/rabbitmq-env.conf root@storage:/etc/rabbitmq/rabbitmq-env.conf

rabbitmq-env.conf 100% 285 82.4KB/s 00:00

[root@compute ~]# sed -i ‘s/0.10/0.20/’ /etc/rabbitmq/rabbitmq-env.conf

[root@storage ~]# sed -i ‘s/0.10/0.30/’ /etc/rabbitmq/rabbitmq-env.conf

三个节点都开启rabbitmq的web管理页面

[root@controller ~]# rabbitmq-plugins enable rabbitmq_management

查看是否开启：

[root@controller ~]# /usr/lib/rabbitmq/bin/rabbitmq-plugins list

[E] rabbitmq_management 3.3.5 #中括号内有E表示开启

systemctl restart rabbitmq-server.service

systemctl status rabbitmq-server.service

修改guest密码为admin（默认用户为：guest 密码为：guest)

[root@controller ~]# rabbitmqctl change_password guest admin

Changing password for user “guest” …

…done.

添加一个openstack的用户，设密码为openstack。并设置权限和成为管理员

[root@controller ~]# rabbitmqctl add_user openstack openstack

Creating user “openstack” …

…done.

[root@controller ~]# rabbitmqctl set_permissions openstack “." ".” “.*”

Setting permissions for user “openstack” in vhost “/” …

…done.

[root@controller ~]# rabbitmqctl set_user_tags openstack administrator

Setting tags for user “openstack” to [administrator] …

…done

controller发送erlang.cookie到其他节点配置集群

[root@controller ~]# scp /var/lib/rabbitmq/.erlang.cookie compute:/var/lib/rabbitmq/.erlang.cookie

.erlang.cookie 100% 20 7.7KB/s 00:00

[root@controller ~]# scp /var/lib/rabbitmq/.erlang.cookie storage:/var/lib/rabbitmq/.erlang.cookie

.erlang.cookie 100% 20 5.1KB/s 00:00

compute和storage停止应用，并以ram的方式加入controller节点，之后重启应用

[root@compute ~]# systemctl restart rabbitmq-server.service

[root@compute ~]# rabbitmqctl stop_app

Stopping node rabbit@controller …

…done.

[root@compute ~]# rabbitmqctl join_cluster --ram rabbit@controller

Clustering node rabbit@controller with rabbit@controller …

…done.

[root@compute ~]# rabbitmqctl start_app

Starting node rabbit@controller …

…done.

在controller上检查集群状态

[root@controller ~]# rabbitmqctl cluster_status

Cluster status of node rabbit@controller …

[{nodes,[{disc,[rabbit@controller]},{ram,[rabbit@storage,rabbit@compute]}]},

{running_nodes,[rabbit@compute,rabbit@storage,rabbit@controller]},

{cluster_name,<<“rabbit@controller”>>},

{partitions,[]}]

至此rabbitmq集群搭建结束,如果有问题检查上面的步骤是否有遗漏

Web访问http://10.0.0.10:15672/

---

至此消息队列部署完毕！

安装keystone身份认证服务

创建keystone数据库
[root@controller ~]# mysql -uroot -p123123 -e "CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;

GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;"

安装和配置的部件：
[root@controller ~]# yum -y install openstack-keystone httpd mod_wsgi

[root@controller ~]# sed -i ‘2790a provider = fernet’ /etc/keystone/keystone.conf

[root@controller ~]# sed -i ‘686a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone’ /etc/keystone/keystone.conf

同步数据库
[root@controller ~]# su -s /bin/sh -c “keystone-manage db_sync” keystone

[root@controller ~]# mysql -uroot -p123123 -e “use keystone; show tables;”

初始化Fernet密钥存储库：
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

修改引导用户密码为admin
[root@controller ~]# keystone-manage bootstrap --bootstrap-password admin \

–bootstrap-admin-url http://controller:35357/v3/ \ #管理网端点服务地址

–bootstrap-internal-url http://controller:5000/v3/ \ #内部网端点服务地址

–bootstrap-public-url http://controller:5000/v3/ \ #公共网端点服务地址

–bootstrap-region-id RegionOne #工作域

修改http服务配置文件，创建keystone的链接文件
[root@controller ~]# sed -i ‘95a ServerName controller’ /etc/httpd/conf/httpd.conf

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

[root@controller ~]# systemctl start httpd.service

[root@controller ~]# systemctl enable httpd.service

声明环境变量
[root@controller ~]# tee /root/openrc <<-‘EOF’

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=demo

export OS_AUTH_URL=http://controller:5000/v3

export OS_IMAGE_API_VERSION=2

EOF

[root@controller ~]# source /root/openrc

[root@controller ~]# openstack user list #列出用户说明上面操作没问题

创建项目
[root@controller ~]# openstack project create --domain default \

–description “Service Project” service

[root@controller ~]# openstack project create --domain default \

–description “Demo Project” demo

[root@controller ~]# openstack project list

创建用户：
[root@controller ~]# openstack user create --domain default \

–password-prompt demo

User Password:

Repeat User Password:

创建角色，并设置demo项目中的用户demo为角色user
[root@controller ~]# openstack role create user

[root@controller ~]# openstack role add --project demo --user demo user

---

至此，keystone部署完毕！

安装glance镜像服务

建立glance数据库，设置密码并进行登录授权
[root@controller ~]# mysql -uroot -p123123 -e "create database glance;

grant all privileges on glance.* to ‘glance’@‘localhost’ identified by ‘GLANCE_DBPASS’;"

[root@controller ~]# mysql -uroot -p123123 -e "grant all privileges on glance.* to ‘glance’@‘%’ \

identified by ‘GLANCE_DBPASS’;"

创建glance用户（执行命令提示没有密码，则需要sourec openrc）
[root@controller ~]# openstack user create --domain default --password=glance glance

设置glance角色为管理员
[root@controller ~]# openstack role add --project service --user glance admin

创建glance镜像服务
[root@controller ~]# openstack service create --name glance \

–description “OpenStack Image” image

[root@controller ~]# openstack service list

设置服务端点（管理、内部、公共）
[root@controller ~]# openstack endpoint create --region RegionOne \

image public http://controller:9292

[root@controller ~]# openstack endpoint create --region RegionOne \

image internal http://controller:9292

[root@controller ~]# openstack endpoint create --region RegionOne \

image admin http://controller:9292

[root@controller ~]# openstack endpoint list |grep glance

安装openstack-glance
[root@controller ~]# yum -y install openstack-glance

修改glanc-api.conf配置文件
[root@controller ~]# cp /etc/glance/glance-api.conf{,.bak}

[root@controller ~]# echo "[DEFAULT]

[cors]

[cors.subdomain]

[database]

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

[image_format]

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = glance

[matchmaker_redis]

[oslo_concurrency]

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[paste_deploy]

flavor = keystone

[profiler]

[store_type_location_strategy]

[task]

[taskflow_executor]" > /etc/glance/glance-api.conf

修改glance-registry.conf配置文件
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak}

[root@controller ~]# echo "[DEFAULT]

[database]

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = glance

[matchmaker_redis]

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_policy]

[paste_deploy]

flavor = keystone

[profiler]" > /etc/glance/glance-registry.conf

同步数据库
[root@controller ~]# su -s /bin/sh -c “glance-manage db_sync” glance

[root@controller ~]# mysql -uroot -p123123 -e “use glance;show tables;”

启动服务，并设置开机自启
[root@controller ~]# systemctl enable openstack-glance-api.service \

openstack-glance-registry.service

[root@controller ~]# systemctl start openstack-glance-api.service \

openstack-glance-registry.service

下载测试镜像，此镜像文件自行下载，然后上传测试镜像
[root@controller images]# openstack image create “cirros” \

–file /var/lib/glance/images/cirros-0.3.4-x86_64-disk.img \

–disk-format qcow2 --container-format bare \

–public

---

至此，glance镜像服务部署完毕！

部署nova计算服务

创建nova的数据库nova_api、nova、nova_cell0，并对用户授权
[root@controller ~]# mysql -uroot -p123123 -e "CREATE DATABASE nova_api;

CREATE DATABASE nova;CREATE DATABASE nova_cell0;"

[root@controller ~]# mysql -uroot -p123123 -e "

GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’ \

IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘%’ \

IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’ \

IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘%’ \

IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘localhost’ \

IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘%’ \

IDENTIFIED BY ‘NOVA_DBPASS’;"

声明环境变量，并且创建nova用户
[root@controller ~]# source /root/openrc

[root@controller ~]# openstack user create --domain default --password=nova nova

将nova用户添加为service项目中的admin角色
[root@controller ~]# openstack role add --project service --user nova admin

创建一个nova的服务
[root@controller ~]# openstack service create --name nova \

–description “OpenStack Compute” compute

为nova服务创建网络服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \

compute public http://controller:8774/v2.1

[root@controller ~]# openstack endpoint create --region RegionOne \

compute internal http://controller:8774/v2.1

[root@controller ~]# openstack endpoint create --region RegionOne \

compute admin http://controller:8774/v2.1

查看已经部署的网络节点：

[root@controller ~]# openstack catalog list

创建用户placement用于服务统计和追踪
[root@controller ~]# openstack user create --domain default --password=placement placement

将用户placement添加为service项目中的admin角色
[root@controller ~]# openstack role add --project service --user placement admin

创建placement服务
[root@controller ~]# openstack service create --name placement --description “Placement API” placement

为placement创建网络服务端点，（公共、内部、私有）
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778

[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778

[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778

[root@controller ~]# openstack catalog list #查看部署好的服务和服务端点

安装nova需要的软件包（ 接口、数据库、控制台、web界面控制台登录、调度服务、 ）
[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api

修改配置文件/etc/nova/nova.conf
[root@controller ~]# cp /etc/nova/nova.conf{,.bak}

[root@controller ~]# tee /etc/nova/nova.conf <<-‘EOF’

[DEFAULT]

my_ip = 10.0.0.10

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:openstack@controller

[api]

auth_strategy = keystone

[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[barbican]

[cache]

[cells]

[cinder]

[cloudpipe]

[conductor]

[console]

[consoleauth]

[cors]

[cors.subdomain]

[crypto]

[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[ephemeral_storage_encryption]

[filter_scheduler]

[glance]

api_servers = http://controller:9292

[guestfs]

[healthcheck]

[hyperv]

[image_file_url]

[ironic]

[key_manager]

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

[libvirt]

[matchmaker_redis]

[metrics]

[mks]

[neutron]

#url = http://controller:9696

#auth_url = http://controller:35357

#auth_type = password

#project_domain_name = default

#user_domain_name = default

#region_name = RegionOne

#project_name = service

#username = neutron

#password = neutron

#service_metadata_proxy = true

#metadata_proxy_shared_secret = METADATA_SECRET

[notifications]

[osapi_v21]

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[pci]

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = placement

[quota]

[rdp]

[remote_debug]

[scheduler]

[serial_console]

[service_user]

[spice]

[ssl]

[trusted_computing]

[upgrade_levels]

[vendordata_dynamic_auth]

[vmware]

[vnc]

enabled = true

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

[workarounds]

[wsgi]

[xenserver]

[xvp]

EOF

修改配置文件/etc/httpd/conf.d/00-nova-placement-api.conf
[root@controller ~]# cp /etc/httpd/conf.d/00-nova-placement-api.conf{,.bak}

[root@controller ~]# echo "

= 2.4>

  Require all granted

  Order allow,deny

  Allow from all

" >> /etc/httpd/conf.d/00-nova-placement-api.conf

重启httpd服务，同步nova-api数据库
[root@controller ~]# systemctl restart httpd

[root@controller ~]# su -s /bin/sh -c"nova-manage api_db sync" nova

注册cell0数据库，创建cell1认证密钥，同步nova数据库,查看cell版本
[root@controller ~]# su -s /bin/sh -c “nova-manage cell_v2 map_cell0” nova

[root@controller ~]# su -s /bin/sh -c “nova-manage cell_v2 create_cell --name=cell1 --verbose” nova

f0e6774a-eb28-4ee0-a012-82407dac5429

[root@controller ~]# su -s /bin/sh -c “nova-manage db sync” nova

[root@controller ~]# nova-manage cell_v2 list_cells

启动nova的相关服务，并设置为开机自启
[root@controller ~]# systemctl start openstack-nova-api.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

[root@controller ~]# systemctl enable openstack-nova-api.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

在compute上操作

在compute节点上安装openstack-nova-compute（需要的依赖可以从https://cbs.centos.org/koji/buildinfo?buildID=25065下载）
[root@compute opt]# mkdir -p /openstack/nova #创建文件夹

下载依赖包：

[root@compute ~]# wget -O /openstack/nova/qemu-img-ev-2.12.0-18.el7_6.3.1.x86_64.rpm \

https://cbs.centos.org/kojifiles/packages/qemu-kvm-ev/2.12.0/18.el7_6.3.1/x86_64/qemu-img-ev-2.12.0-18.el7_6.3.1.x86_64.rpm

[root@compute ~]# wget -O /openstack/nova/qemu-kvm-ev-2.12.0-18.el7_6.3.1.x86_64.rpm \

https://cbs.centos.org/kojifiles/packages/qemu-kvm-ev/2.12.0/18.el7_6.3.1/x86_64/qemu-kvm-ev-2.12.0-18.el7_6.3.1.x86_64.rpm

[root@compute ~]# wget -O /openstack/nova/qemu-kvm-common-ev-2.12.0-18.el7_6.3.1.x86_64.rpm \

https://cbs.centos.org/kojifiles/packages/qemu-kvm-ev/2.12.0/18.el7_6.3.1/x86_64/qemu-kvm-common-ev-2.12.0-18.el7_6.3.1.x86_64.rpm

安装下载的软件包和需要的依赖包

[root@compute ~]# yum -y localinstall /openstack/nova/*

安装软件包
[root@compute ~]# yum -y install openstack-nova-compute

备份并配置主文件
[root@compute ~]# cp /etc/nova/nova.conf{,.bak}

[root@compute ~]# tee /etc/nova/nova.conf <<-‘EOF’

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:openstack@controller

my_ip = 192.168.0.20

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]

auth_strategy = keystone

[api_database]

[barbican]

[cache]

[cells]

[cinder]

[cloudpipe]

[conductor]

[console]

[consoleauth]

[cors]

[cors.subdomain]

[crypto]

[database]

[ephemeral_storage_encryption]

[filter_scheduler]

[glance]

api_servers = http://controller:9292

[guestfs]

[healthcheck]

[hyperv]

[image_file_url]

[ironic]

[key_manager]

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = nova

[libvirt]

virt_type = qemu

[matchmaker_redis]

[metrics]

[mks]

[neutron]

#url = http://controller:9696

#auth_url = http://controller:35357

#auth_type = password

#project_domain_name = default

#user_domain_name = default

#region_name = RegionOne

#project_name = service

#username = neutron

#password = neutron

[notifications]

[osapi_v21]

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[pci]

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:35357/v3

username = placement

password = placement

[quota]

[rdp]

[remote_debug]

[scheduler]

[serial_console]

[service_user]

[spice]

[ssl]

[trusted_computing]

[upgrade_levels]

[vendordata_dynamic_auth]

[vmware]

[vnc]

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

[workarounds]

[wsgi]

[xenserver]

[xvp]

EOF

查看是否支持虚拟机硬件加速
[root@compute ~]# egrep -c ‘(vmx|svm)’ /proc/cpuinfo

2 #返回结果2表示支持

设置开机自启动并启动服务
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service

[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service

在controller上操作

修改/etc/nova/nova.conf配置文件
[root@controller nova]# cp /etc/nova/nova.conf{,.compute.bak} #先做备份

[root@controller nova]# sed -i '/vncserver_proxyclient_address/a \

novncproxy_base_url = http://10.0.0.10:6080/vnc_auto.html’ /etc/nova/nova.conf

[root@controller nova]# sed -i ‘/libvirt/a virt_type = qemu’ /etc/nova/nova.conf

确认是否开启了虚拟化功能
[root@controller nova]# egrep -c ‘(vmx|svm)’ /proc/cpuinfo

启动 libvirtd、nova-compute服务，并设置开机自启
[root@controller nova]# systemctl start libvirtd.service openstack-nova-compute.service

[root@controller nova]# systemctl enable libvirtd.service openstack-nova-compute.service

查看openstack虚拟机管理程序列表
[root@controller nova]# openstack hypervisor list

数据库同步发现计算节点，并设置自动发现
[root@controller nova]# su -s /bin/sh -c “nova-manage cell_v2 discover_hosts --verbose” nova

在scheduler下面添加

[root@controller ~]# sed -i ‘/[scheduler]/a discover_hosts_in_cells_interval = 30’ /etc/nova/nova.conf

查看计算服务列表
[root@controller nova]# openstack compute service list

查看openstack目录列表
[root@controller nova]# openstack catalog list

查看openstack映像列表
[root@controller nova]# openstack image list

检查单元格和展示位置API是否正常运行
[root@controller nova]# nova-status upgrade check

---

至此，nova服务部署完毕！

部署neutron网络服务

创建neutron数据库，创建密码并授权

[root@controller ~]# mysql -uroot -p123123 -e "

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@‘localhost’ \

IDENTIFIED BY ‘NEUTRON_DBPASS’;

GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@‘%’ \

IDENTIFIED BY ‘NEUTRON_DBPASS’; "

初始化环境变量

[root@controller ~]# source openrc

创建neutron用户和密码

[root@controller ~]# openstack user create --domain default --password=neutron neutron

把用户neutron添加为service项目中的admin角色
[root@controller ~]# openstack role add --project service --user neutron admin

创建neutron的服务实体
[root@controller ~]# openstack service create --name neutron \

–description “OpenStack Networking” network

创建网络服务端点（公共、内部、管理,所有截图中的node1、node2对应controller、compute）
[root@controller ~]# openstack endpoint create --region RegionOne \

network public http://controller:9696

[root@controller ~]# openstack endpoint create --region RegionOne \

network internal http://controller:9696

[root@controller ~]# openstack endpoint create --region RegionOne \

network admin http://controller:9696

查看用户、服务、服务端点是否部署成功
[root@controller ~]# openstack user list

[root@controller ~]# openstack service list

[root@controller ~]# openstack catalog list

[root@controller ~]# openstack catalog list

安装自助网络服务

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \

openstack-neutron-linuxbridge ebtables -y

复制配置文件，修改配置文件/etc/neutron/neutron.conf
[root@controller ~]# cp /etc/neutron/neutron.conf{,.bak}

[root@controller ~]# tee /etc/neutron/neutron.conf <<-‘EOF’

[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

transport_url = rabbit://openstack:openstack@controller

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

#dhcp_agent_notification = true

[agent]

[cors]

[cors.subdomain]

[database]

connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

[matchmaker_redis]

[nova]

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = nova

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[qos]

[quotas]

[ssl]

EOF

备份配置文件并修改配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

[root@controller ~]# tee /etc/neutron/plugins/ml2/ml2_conf.ini <<-‘EOF’

[DEFAULT]

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]

flat_networks = provider

[ml2_type_geneve]

[ml2_type_gre]

[ml2_type_vlan]

[ml2_type_vxlan]

vni_ranges = 1:1000

[securitygroup]

enable_ipset = true

EOF

备份并修改配置文件etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

[root@controller ~]# tee /etc/neutron/plugins/ml2/linuxbridge_agent.ini <<-‘EOF’

[DEFAULT]

[agent]

[linux_bridge]

physical_interface_mappings = provider:ens33

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[vxlan]

enable_vxlan = true

local_ip = 10.0.0.10

l2_population = true

EOF

备份并修改三层路由代理文件/etc/neutron/l3_agent.ini
[root@controller ~]# cp /etc/neutron/l3_agent.ini{,.bak}

[root@controller ~]# tee /etc/neutron/l3_agent.ini <<-‘EOF’

[DEFAULT]

interface_driver = linuxbridge

#external_network_bridge = br-ex

[agent]

[ovs]

EOF

备份并修改/etc/neutron/dhcp_agent.ini
[root@controller ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}

[root@controller ~]# tee /etc/neutron/dhcp_agent.ini <<-‘EOF’

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

[agent]

[ovs]

EOF

配置元数据代理，备份并编辑/etc/neutron/metadata_agent.ini
[root@controller ~]# tee /etc/neutron/metadata_agent.ini <<-‘EOF’

[DEFAULT]

nova_metadata_ip = controller

metadata_proxy_shared_secret = METADATA_SECRET

[agent]

[cache]

EOF

配置Compute服务以使用网络服务,备份并编辑/etc/nova/nova.conf
[root@controller ~]# cp /etc/nova/nova.conf{,.neutron.bak}

[root@controller ~]# sed -i ‘s/^#//’ /etc/nova/nova.conf (去掉neutron下面的备注符号)

制作软连接，同步数据库，重启计算服务
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

–config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

[root@controller ~]# systemctl restart openstack-nova-api.service

启动网络服务，并设置开机自启
[root@controller ~]# systemctl restart neutron-linuxbridge-agent.service \

neutron-server.service neutron-dhcp-agent.service neutron-metadata-agent.service

[root@controller ~]# systemctl enable neutron-linuxbridge-agent.service \

neutron-server.service neutron-dhcp-agent.service neutron-metadata-agent.service

查看网卡信息，修改第三块网卡名称为ens38(18~20无需操作)
[root@controller ~]# nmcli connection show

NAME UUID TYPE DEVICE

有线连接 1 a05e21cf-0ce1-3fdb-97af-2aef41f56836 ethernet ens38

ens33 3a90c11e-a36f-401e-ba9d-e7961cea63ca ethernet ens33

ens37 526c9943-ba19-48db-80dc-bf3fe4d99505 ethernet ens37

[root@controller ~]# nmcli connection modify ‘有线连接 1’ con-name ens38

[root@controller ~]# nmcli connection show

NAME UUID TYPE DEVICE

ens38 a05e21cf-0ce1-3fdb-97af-2aef41f56836 ethernet ens38

ens33 3a90c11e-a36f-401e-ba9d-e7961cea63ca ethernet ens33

ens37 526c9943-ba19-48db-80dc-bf3fe4d99505 ethernet ens37

[root@controller ~]# sed -i ‘3,4d;6,12d;16d’ /etc/sysconfig/network-scripts/ifcfg-ens38

[root@controller ~]# sed -i ‘s/dhcp/none/’ /etc/sysconfig/network-scripts/ifcfg-ens38

[root@controller ~]# service network restart #如果不生效reboot重启

准备ovs外网用的网桥
[root@controller ~]# source openrc

[root@controller ~]# ovs-vsctl add-br br-ex

[root@controller ~]# ovs-vsctl add-port br-ex ens38

启动neutron-l3-agent.service，并设置开机自启（18~20无需操作）
[root@controller ~]# systemctl start neutron-l3-agent.service

[root@controller ~]# systemctl enable neutron-l3-agent.service

查看服务状态
[root@controller ~]# neutron agent-list 或[root@controller ~]# openstack network agent list

在计算节点compute上部署neutron服务

安装网络服务
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y

备份并配置neutron主服务
[root@compute ~]# cp /etc/neutron/neutron.conf{,.bak}

[root@compute ~]# tee /etc/neutron/neutron.conf <<-‘EOF’

[DEFAULT]

#core_plugin = ml2

#service_plugins = router

#allow_overlapping_ips = true

transport_url = rabbit://openstack:openstack@controller

auth_strategy = keystone

#notify_nova_on_port_status_changes = true

#notify_nova_on_port_data_changes = true

#dhcp_agent_notification = true

[agent]

[cors]

[cors.subdomain]

[database]

#connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = neutron

[matchmaker_redis]

[nova]

#auth_url = http://controller:35357

#auth_type = password

#project_domain_name = default

#user_domain_name = default

#region_name = RegionOne

#project_name = service

#username = nova

#password = nova

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[qos]

[quotas]

[ssl]

EOF

备份并配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[root@compute ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}

[root@compute ~]# tee /etc/neutron/plugins/ml2/linuxbridge_agent.ini <<-‘EOF’

[DEFAULT]

[agent]

[linux_bridge]

physical_interface_mappings = provider:ens33

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[vxlan]

enable_vxlan = true

local_ip = 10.0.0.20

l2_population = true

EOF

备份并修改计算节点的配置文件/etc/nova/nova.conf配置文件
[root@compute ~]# cp /etc/nova/nova.conf{,.nova}

[root@compute ~]# sed -i ‘s/^#//’ /etc/nova/nova.conf

重启nova-compute服务
[root@compute ~]# systemctl restart openstack-nova-compute.service

开启 neutron-linuxbridge-agent，并设置开机自启
[root@compute ~]# systemctl start neutron-linuxbridge-agent

[root@compute ~]# systemctl enable neutron-linuxbridge-agent

在controller上验证效果
[root@controller ~]# openstack network agent list 或是用命令 neutron agent-list

至此，neutron服务部署完毕！

部署dashboard（horizon-web管理）服务

安装openstack-dashboard
[root@controller ~]# yum install openstack-dashboard -y

备份并配置 /etc/openstack-dashboard/local_settings文件
[root@controller ~]# cp /etc/openstack-dashboard/local_settings{,.bak}

[root@controller ~]# sed -i ‘/^OPENSTACK_HOST/c OPENSTACK_HOST = “controller”’ \

/etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i “s/localhost’/localhost’,‘*’/” /etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i “136,140s/^/#/” /etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i “129,134s/^#//” /etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i “128a SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’” \

/etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i “s/127.0.0.1:11211/controller:11211/” \

/etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i “s/v2.0/v3/” /etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i ‘s/_ROLE = “member”/_ROLE = “user”/’ \

/etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i '/^#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT/c \

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True’ \

/etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i ‘54s/#//;56,60s/#//’ /etc/openstack-dashboard/local_settings

[root@controller ~]# sed -i '/^#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN/c \

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = “Default” ’ \

/etc/openstack-dashboard/local_settings

重启httpd.service memcached.service服务
[root@controller ~]# systemctl restart httpd.service memcached.service

在web浏览器上访问openstack页面验证结果
访问网址是控制节点的IP，用户名密码都是admin

至此，dashboard服务部署完毕！

部署cinder存储服务（controller、storage）

创建cinder数据库
[root@controller ~]# mysql -uroot -p123123 -e “CREATE DATABASE cinder;”

对数据库授权，本地和远程都可以登录
[root@controller ~]# mysql -uroot -p123123 -e "

GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘localhost’ \

IDENTIFIED BY ‘CINDER_DBPASS’; \

GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘%’ \

IDENTIFIED BY ‘CINDER_DBPASS’;"

初始化变量，创建cinder用户并设置密码为cinder
[root@controller ~]# openstack user create --domain default --password=cinder cinder

将用户cinder用的的角色设置为admin管理员
[root@controller ~]# openstack role add --project service --user cinder admin

创建cinderv2和cinderv3服务实体
[root@controller ~]# openstack service create --name cinderv2 \

–description “OpenStack Block Storage” volumev2

[root@controller ~]# openstack service create --name cinderv3 \

–description “OpenStack Block Storage” volumev3

创建块存储服务API端点，v2版本（公共、内部、管理）
[root@controller ~]# openstack endpoint create --region RegionOne \

volumev2 public http://controller:8776/v2/%(project_id)s

[root@controller ~]# openstack endpoint create --region RegionOne \

volumev2 internal http://controller:8776/v2/%(project_id)s

[root@controller ~]# openstack endpoint create --region RegionOne \

volumev2 admin http://controller:8776/v2/%(project_id)s

创建块存储服务API端点，v3版本（公共、内部、管理）
[root@controller ~]# openstack endpoint create --region RegionOne \

volumev3 public http://controller:8776/v3/%(project_id)s

[root@controller ~]# openstack endpoint create --region RegionOne \

volumev3 internal http://controller:8776/v3/%(project_id)s

[root@controller ~]# openstack endpoint create --region RegionOne \

volumev3 admin http://controller:8776/v3/%(project_id)s

安装openstack-cinder
[root@controller ~]# yum -y install openstack-cinder

备份并修改配置文件
[root@controller ~]# cp /etc/cinder/cinder.conf{,.bak}

[root@controller ~]# tee /etc/cinder/cinder.conf <<-‘EOF’

[DEFAULT]

my_ip = 10.0.0.10

#glance_api_servers = http://controller:9292

auth_strategy = keystone

#enabled_backends = lvm

transport_url = rabbit://openstack:openstack@controller

[backend]

[barbican]

[brcd_fabric_example]

[cisco_fabric_example]

[coordination]

[cors]

[cors.subdomain]

[database]

connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

[fc-zone-manager]

[healthcheck]

[key_manager]

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = cinder

password = cinder

[matchmaker_redis]

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[oslo_reports]

[oslo_versionedobjects]

[profiler]

[ssl]

[lvm]

#volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

#volume_group = cinder-vg

#volumes_dir = $state_path/volumes

#Iscsi_protocol = iscsi

#iscsi_helper = lioadm

#iscsi_ip_address = 10.0.0.10

EOF

同步数据库
[root@controller ~]# su -s /bin/sh -c “cinder-manage db sync” cinder

Option “logdir” from group “DEFAULT” is deprecated. Use option “log-dir” from group “DEFAULT”.

查询同步结果
[root@controller ~]# mysql -uroot -p123123 -e “use cinder;show tables;”

修改/etc/nova/nova.conf文件,controller和compute上都要操作
[root@controller ~]# sed -i ‘/[cinder]/a os_region_name = RegionOne’ /etc/nova/nova.conf

[root@compute ~]# sed -i ‘/[cinder]/a os_region_name = RegionOne’ /etc/nova/nova.conf

重启nova的API服务
[root@controller ~]# systemctl restart openstack-nova-api.service

启动cinder相关的服务，并设置开机自启
[root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

[root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service

验证结果
[root@controller ~]# cinder service-list

至此，控制节点controller上的cinder部署完毕！

在存储节点storage上部署cinder服务

安装lvm2
[root@storage ~]# yum install lvm2 -y

开启lvm2服务，并设置开机自启
[root@storage ~]# systemctl start lvm2-lvmetad.service

[root@storage ~]# systemctl enable lvm2-lvmetad.service

给虚拟机添加一块硬盘（如果在之前就添加过硬盘此步骤省略）
打开VMware–>找到storage右击设置–>点击添加–>添加磁盘类型为ISCSI类型，大小为40G

查看添加的磁盘
[root@storage ~]# lsblk

创建LVM物理卷/dev/sdb
[root@storage ~]# pvcreate /dev/sdb

Physical volume “/dev/sdb” successfully created.

创建LVM卷组cinder-volumes
[root@storage ~]# vgcreate cinder-volumes /dev/sdb

Volume group “cinder-volumes” successfully created

备份并编辑 /etc/lvm/lvm.conf文件
[root@storage ~]# cp /etc/lvm/lvm.conf{,.bak}

[root@storage ~]# sed -i ‘/devices {/a filter = [ “a/sdb/”, “r/.*/”]’ /etc/lvm/lvm.conf

安装cinder相关软件包(先执行步骤9，不成功再执行步骤8)
首先要配置好yum源，配置方法详见：https://www.cnblogs.com/guarding/p/12321702.html

[root@storage ~]# yum install openstack-cinder targetcli python-keystone -y

在配置好yum源后安装如果报错，执行下面四条命令再尝试！

[root@storage ~]# yum -y install libtommath

[root@storage ~]# mkdir /cinder

[root@storage ~]# wget -O /cinder/libtomcrypt-1.17-33.20170623gitcd6e602.el7.x86_64.rpm https://cbs.centos.org/kojifiles/packages/libtomcrypt/1.17/33.20170623gitcd6e602.el7/x86_64/libtomcrypt-1.17-33.20170623gitcd6e602.el7.x86_64.rpm

[root@storage ~]# rpm -ivh /cinder/libtomcrypt-1.17-33.20170623gitcd6e602.el7.x86_64.rpm

安装cinder
[root@storage ~]# yum install openstack-cinder targetcli python-keystone -y

备份并修改配置文件/etc/cinder/cinder.conf
[root@storage ~]# cp /etc/cinder/cinder.conf{,.bak}

[root@storage ~]# tee /etc/cinder/cinder.conf <<-‘EOF’

[DEFAULT]

my_ip = 192.168.0.30

glance_api_servers = http://controller:9292

auth_strategy = keystone

enabled_backends = lvm

transport_url = rabbit://openstack:openstack@controller

[backend]

[barbican]

[brcd_fabric_example]

[cisco_fabric_example]

[coordination]

[cors]

[cors.subdomain]

[database]

connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

[fc-zone-manager]

[healthcheck]

[key_manager]

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = cinder

password = cinder

[matchmaker_redis]

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

[oslo_messaging_amqp]

[oslo_messaging_kafka]

[oslo_messaging_notifications]

[oslo_messaging_rabbit]

[oslo_messaging_zmq]

[oslo_middleware]

[oslo_policy]

[oslo_reports]

[oslo_versionedobjects]

[profiler]

[ssl]

[lvm]

volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

volume_group = cinder-volumes

#volumes_dir = $state_path/volumes

Iscsi_protocol = iscsi

iscsi_helper = lioadm

#iscsi_ip_address = 192.168.0.30

EOF

设置服务开机自启动，并启动服务
[root@storage ~]# systemctl enable openstack-cinder-volume.service target.service

[root@storage ~]# systemctl start openstack-cinder-volume.service target.service

在controller控制节点验证结果
[root@controller ~]# cinder service-list

至此，cinder服务部署完毕！

至此，OpenStack的基本组件已经部署完毕！