1、节点信息
test-node1 10.90.2.1 控制节点
test-node2 10.90.2.10 计算节点
2、节点初始化
(1)同步时间 ntpdate pool.ntp.org && clock -w (2)关闭防火墙selinux systemctl stop firewalld.service systemctl disable firewalld.service sed -i 's/enforcing/disabled/g' /etc/selinux/config echo 0 > /sys/fs/selinux/enforce (3)yum源配置 rpm -Uvh http://centos.ustc.edu.cn/epel/7/x86_64/e/epel-release-7-5.noarch.rpm rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm rpm -ivh https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck=1/gpgcheck=0/' epel.repo sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck=1/gpgcheck=0/' CentOS-Base.repo sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck = 1/gpgcheck = 0/' rpmforge.repo
3、rabbitmq和mysql安装配置
(1)安装基本软件 yum -y install vim-enhanced net-tools ntpdate wget lrzsy libvirt mariadb mariadb-server MySQL-python rabbitmq-server (2)修改my.cnf配置文件 cat /etc/my.cnf …… bind-address = 10.90.2.1 default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 …… (3)添加mysql开机启动 systemctl enable mariadb.service systemctl start mariadb.service (4)mysql初始化 mysql_secure_installation (5)添加rabbitmq开机启动 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service (6)创建数据库并授权 CREATE DATABASE nova; CREATE DATABASE glance; CREATE DATABASE keystone; CREATE DATABASE neutron; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'Service123'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Service123'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Service123'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'Service123'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'Service123'; FLUSH PRIVILEGES;
4、Identity安装配置
(1)安装keystone yum -y install openstack-keystone python-keystoneclient (2)生成随机10字符 #openssl rand -hex 10 3189f74b3432bd24764f (3)配置keystone.conf,添加token、数据库信息 /etc/keystone/keystone.conf admin_token=3189f74b3432bd24764f [database] connection = mysql://keystone:[email protected]/keystone [token] provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.sql.Token (4)默认keystone使用PKI令牌,创建签名秘钥和证书 keystone-manage pki_setup --keystone-user keystone --keystone-group keystone chown -R keystone:keystone /var/log/keystone chown -R keystone:keystone /etc/keystone/ssl chmod -R o-rwx /etc/keystone/ssl (5)同步数据库,启动服务 keystone-manage db_sync systemctl enable openstack-keystone.service systemctl start openstack-keystone.service (6)添加计划任务清理过期令牌 (crontab -l -u keystone 2>&1 | grep -q token_flush) || \ echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \ >> /var/spool/cron/keystone (7)用临时变量,创建admin token信息 export OS_SERVICE_TOKEN=3189f74b3432bd24764f export OS_SERVICE_ENDPOINT= keystone tenant-create --name admin --description "Admin Tenant" keystone user-create --name admin --pass password keystone role-create --name admin keystone user-role-add --tenant admin --user admin --role admin keystone role-create --name _member_ keystone user-role-add --tenant admin --user admin --role _member_ keystone tenant-create --name demo --description "Demo Tenant" keystone user-create --name demo --pass password keystone user-role-add --tenant demo --user demo --role _member_ keystone tenant-create --name service --description "Service Tenant" keystone service-create --name keystone --type identity \ --description "OpenStack Identity" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ identity / {print $2}') \ --publicurl http://10.90.2.1:5000/v2.0 \ --internalurl http://10.90.2.1:5000/v2.0 \ --adminurl http://10.90.2.1:35357/v2.0 \ --region regionOne (8)取消临时变量 unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT (9)创建admin信息文件admin_token export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=password export OS_AUTH_URL= source admin_token
5、Glance
(1)安装glance软件 yum -y install python-keystoneclient openstack-glance python-glanceclient (2)创建glance token信息 keystone user-create --name glance --pass Service123 keystone user-role-add --user glance --tenant service --role admin keystone service-create --name glance --type image \ --description "OpenStack Image Service" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ image / {print $2}') \ --publicurl http://10.90.2.1:9292 \ --internalurl http://10.90.2.1:9292 \ --adminurl http://10.90.2.1:9292 \ --region regionOne (3)修改glance-api配置文件/etc/glance/glance-api.conf [database] connection = mysql://glance:[email protected]/glance [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = glance admin_password = Service123 [paste_deploy] flavor = keystone [glance_store] default_store = file filesystem_store_datadir = /var/lib/glance/images/ (4)修改glance配置文件/etc/glance/glance-registry.conf [database] connection = mysql://glance:[email protected]/glance [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = glance admin_password = Service123 [paste_deploy] flavor = keystone (5)同步glance数据库并添加开机启动 glance-manage db_sync systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service 注:启动api一直报错,添加日志权限启动正常 chown -R glance:glance /var/log/glance/api.log (6)上传glance镜像测试 wget http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img \ --disk-format qcow2 --container-format bare --is-public True --progress glance image-list查看添加镜像即可
6、Nova组件安装
(1)安装nova软件 yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient (2)创建nova token信息 keystone user-create --name nova --pass Service123 keystone user-role-add --user nova --tenant service --role admin keystone service-create --name nova --type compute \ --description "OpenStack Compute" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ compute / {print $2}') \ --publicurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \ --internalurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \ --adminurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \ --region regionOne (3)修改nova配置文件/etc/nova/nova.conf [DEFAULT] rpc_backend = rabbit rabbit_host = 10.90.2.1 auth_strategy = keystone my_ip = 10.90.2.1 vncserver_listen = 10.90.2.1 vncserver_proxyclient_address = 10.90.2.1 network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [glance] host = 10.90.2.1 [database] connection = mysql://nova:[email protected]/nova 注意:此段需要自己手动添加 [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = nova admin_password = Service123 [neutron] url = http://10.90.2.1:9696 auth_strategy = keystone admin_auth_url = http://10.90.2.1:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = Service123 service_metadata_proxy = True (4)同步数据库 nova-manage db sync (5)添加nova开机启动 systemctl enable openstack-nova-api.service openstack-nova-cert.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl start openstack-nova-api.service openstack-nova-cert.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service (6)启动后查看服务,状态正常OK nova-manage service list Binary Host Zone Status State Updated_At nova-conductor test-node1 internal enabled :-) 2015-10-21 04:33:25 nova-cert test-node1 internal enabled :-) 2015-10-21 04:33:25 nova-consoleauth test-node1 internal enabled :-) 2015-10-21 04:33:25 nova-scheduler test-node1 internal enabled :-) 2015-10-21 04:33:25
7、Neutron
(1)安装基本软件 yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which openstack-neutron-linuxbridge (2)创建neutron token信息 keystone user-create --name neutron --pass Service123 keystone user-role-add --user neutron --tenant service --role admin keystone service-create --name neutron --type network \ --description "OpenStack Networking" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://10.90.2.1:9696 \ --internalurl http://10.90.2.1:9696 \ --adminurl http://10.90.2.1:9696 \ --region regionOne (3)查看记录SERVICE的TENANT_ID keystone tenant-list | awk '/ service / {print $2}' f6e348cdbd1842fc9aa45d81a564af27 (4)修改neutron配置文件/etc/neutron/neutron.conf [database] connection = mysql://neutron:[email protected]/neutron [DEFAULT] rpc_backend = rabbit rabbit_host = 10.90.2.1 auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://10.90.2.1:8774/v2 nova_admin_auth_url = http://10.90.2.1:35357/v2.0 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id = f6e348cdbd1842fc9aa45d81a564af27 nova_admin_password = Service123 [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = neutron admin_password = Service123 (5)修改ml2配置文件/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat tenant_network_types = flat mechanism_drivers = linuxbridge [ml2_type_flat] flat_networks = physnet1 (6)修改linuxbridge配置文件/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini [vlans] network_vlan_ranges = physnet1 [linux_bridge] physical_interface_mappings = physnet1:enp5s0f0 [securitygroup] firewall_driver = neutron.agent.firewall.NoopFirewallDriver (7)同步neutron数据库 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini \ --config-file /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini upgrade juno (8)重启nova相关服务,并添加neutron开机启动 systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \ openstack-nova-conductor.service systemctl enable neutron-server.service systemctl start neutron-server.service (9)测试neutron命令输出正常 neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | security-group | security-group | | l3_agent_scheduler | L3 Agent Scheduler | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | provider | Provider Network | | agent | agent | | quotas | Quota management support | | dhcp_agent_scheduler | DHCP Agent Scheduler | | l3-ha | HA Router extension | | multi-provider | Multi Provider Network | | external-net | Neutron external network | | router | Neutron L3 Router | | allowed-address-pairs | Allowed Address Pairs | | extraroute | Neutron Extra Route | | extra_dhcp_opt | Neutron Extra DHCP opts | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+
8、Horizon
(1)基本软件安装 yum -y install openstack-dashboard httpd mod_wsgi memcached python-memcached (2)修改dashbord配置文件/etc/openstack-dashboard/local_settings sed -i -e "s/ALLOWED_HOSTS = \['horizon.example.com', 'localhost'\]/ALLOWED_HOSTS = ['*']/" \ -e 's/OPENSTACK_HOST = "127.0.0.1"/OPENSTACK_HOST = "10.90.2.1"/' /etc/openstack-dashboard/local_settings (3)添加权限和开机启动 chown -R apache:apache /usr/share/openstack-dashboard/static systemctl enable httpd.service memcached.service systemctl start httpd.service memcached.service (4)浏览器访问测试 http://10.90.2.1/dashboard (5)创建外部网络 neutron net-create --tenant-id f6e348cdbd1842fc9aa45d81a564af27 ext-net \ --provider:network_type flat \ --provider:physical_network physnet1 \ --router:external=True (6)创建外部网络子网 neutron subnet-create --tenant-id f6e348cdbd1842fc9aa45d81a564af27 \ --name ext-subnet --allocation-pool start=10.90.2.150,end=10.90.2.200 \ --gateway 10.90.0.1 ext-net 10.90.2.0/16 --disable-dhcp
9、Cinder
(1)安装基本软件 yum -y install openstack-cinder python-cinderclient python-osl-db lvm2 targetcli (2)创建cinder token信息 keystone user-create --name cinder --pass Service123 keystone user-role-add --user cinder --tenant service --role admin keystone service-create --name cinder --type volume \ --description "OpenStack Block Storage" keystone service-create --name cinderv2 --type volumev2 \ --description "OpenStack Block Storage" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ volume / {print $2}') \ --publicurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \ --internalurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \ --adminurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \ --region regionOne keystone endpoint-create \ --service-id $(keystone service-list | awk '/ volumev2 / {print $2}') \ --publicurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \ --internalurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \ --adminurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \ --region regionOne (3)修改cinder配置文件/etc/cinder/cinder.conf [database] connection = mysql://cinder:[email protected]/cinder [DEFAULT] rpc_backend = rabbit rabbit_host = 10.90.2.1 auth_strategy = keystone my_ip = 10.90.2.1 iscsi_helper = lioadm glance_host = 10.90.2.1 [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = cinder admin_password = Service123 (4)同步并启动cinder cinder-manage db sync systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (5)开机启动lvm2,创建cinder的PV systemctl enable lvm2-lvmetad.service systemctl start lvm2-lvmetad.service partprobe pvcreate /dev/sda4 Physical volume "/dev/sda4" successfully created vgcreate cinder-volumes /dev/sda4 Volume group "cinder-volumes" successfully created systemctl enable openstack-cinder-volume.service target.service systemctl start openstack-cinder-volume.service target.service (6)cinder创建10G卷 cinder create --display-name demo-volume1 10
10、添加计算节点
(1)安装基本软件 yum -y install ntp openstack-nova-compute sysfsutils libvirt-daemon-config-nwfilter openstack-neutron-ml2 openstack-neutron-linuxbridge (2)修改nova配置文件/etc/nova/nova.conf [DEFAULT] rpc_backend = rabbit rabbit_host = 10.90.2.1 auth_strategy = keystone my_ip = 10.90.2.10 vnc_enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = 10.90.2.10 novncproxy_base_url = http://10.90.2.1:6080/vnc_auto.html network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = nova admin_password = Service123 [glance] host = 10.90.2.1 [libvirt] virt_type = kvm [neutron] url = http://10.90.2.1:9696\n\ auth_strategy = keystone admin_auth_url = http://10.90.2.1:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = Service123 (3)修改neutron配置文件/etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit rabbit_host = 10.90.2.1 auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True [keystone_authtoken] auth_uri = http://10.90.2.1:5000/v2.0 identity_uri = http://10.90.2.1:35357 admin_tenant_name = service admin_user = neutron admin_password = Service123 (4)修改ml2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat tenant_network_types = flat mechanism_drivers = linuxbridge [ml2_type_flat] flat_networks = physnet1 (5)修改linuxbridge插件配置文件/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini [vlans] network_vlan_ranges = physnet1 " [linux_bridge] physical_interface_mappings = physnet1:em1 [securitygroup] firewall_driver = neutron.agent.firewall.NoopFirewallDriver (6)修改链接、添加开机自动启动 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini cp /usr/lib/systemd/system/neutron-linuxbridge-agent.service \ /usr/lib/systemd/system/neutron-linuxbridge-agent.service.orig sed -i 's,plugins/linuxbridge/ovs_neutron_plugin.ini,plugin.ini,g' \ /usr/lib/systemd/system/neutron-linuxbridge-agent.service systemctl enable libvirtd.service openstack-nova-compute.service neutron-linuxbridge-agent systemctl start libvirtd.service neutron-linuxbridge-agent openstack-nova-compute.service (7)创建linux虚拟机,glance镜像制作 qemu-img create -f qcow2 Centos-6.6x64-disk.img 10G virt-install -n CentOS-6.6x64 -r 4096 --vcpu 2 \ -c /data/CentOS-6.6-x86_64-bin-DVD1.iso \ --disk path=/data/image/Centos-6.6x64-disk.img,device=disk,bus=virtio,size=30,format=qcow2 \ --vnc --vncport=5903 --vnclisten=10.90.2.10 -v device=磁盘设备类型,cdrom,disk,floppy bus=磁盘总线类型,ide,scsi,usb,virtio,xen size=存储大小 关闭删除CentOS-6.6x64 virsh shutdown CentOS-6.6x64 virsh undefine CentOS-6.6x64 上传镜像 glance image-create --name "Centos-6.6x64" --file Centos-6.6x64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress