openstack 平台搭建

环境:

Controller  42.62.55.71

Compute   42.62.114.207

Controller+ Compute

#yum install -y yum-plugin-priorities

配置 yum

Controller     compute

vim/etc/yum.repos.d/openstack.repo

       [openstack]

name=openstack

baseurl=http://mirrors.ustc.edu.cn/centos/7/cloud/x86_64/openstack-kilo/

enabled=1

gpgcheck=0

安装ntp

Controller

#Yum install ntp �Cy

Vim  /etc/ntp.conf    (添加)

restrict -4 default kod notrap nomodify

restrict -6 default kod notrap nomodify

server controller iburst

#systemctl enablentpd.service

#systemctl start ntpd.service

Compute

#Yum install ntp �Cy

Vim/etc/ntp.conf    (添加)

server controller iburst

#systemctl enablentpd.service

#systemctl startntpd.service

 

Controller 操作

安装数据库

#yum installmariadb mariadb-server MySQL-python

Vim/etc/my.cnf  (添加)

[mysqld]

bind-address = 10.0.0.11 
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

#systemctl enable mariadb.service

#Systemctl restartmariadb.service

设置数据库密码

#mysql_secure_installation

 

安装rabbit-server

#Yum installrebbitmq-server

#systemctl enablerabbitmq-server.service

#systemctl startrabbitmq-server.service

#rabbitmqctlchange_password guest 密码

spacer.gif

 

安装keystone

创建数据库

#Mysql �Curoot �Cp

#create databasekeystone;

#grant allprivileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';

#grant allprivileges on keystone.* to 'keystone'@’%' identified by 'keystone';

生成秘钥

#openssl rand -hex 10

1cb775e98f2375ab3ba7(随机生成)

安装软件

#yum install openstack-keystonepython-keystoneclient

#vim /etc/keystone/keystone.conf

admin_token = d9cc00b3a9afaced6a36   #这是刚刚产生的随机值
verbose = True
[database]
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider =keystone.token.providers.uuid.Provider
driver =keystone.token.persistence.backends.sql.Token

创建管理证书与密钥,设置相关文件权限
# keystone-manage pki_setup --keystone-userkeystone --keystone-group keystone
# chown -R keystone:keystone /var/log/keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl

填充数据库数据
# su -s /bin/sh -c "keystone-managedb_sync" keystone

进入数据库查看是否有表产生  没有产生重启mariadb

# mkdir /etc/apache2/sites-available

# vim /etc/apache2/sites-available/wsgi-keystone.conf    (添加)

Listen 5000

Listen 35357

<VirtualHost *:5000>

   WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystonedisplay-name=%{GROUP}

   WSGIProcessGroup keystone-public

   WSGIScriptAlias / /var/www/cgi-bin/keystone/main

   WSGIApplicationGroup %{GLOBAL}

   WSGIPassAuthorization On

<IfVersion >= 2.4>

     ErrorLogFormat "%{cu}t %M"

</IfVersion>

   LogLevel info

   ErrorLog /var/log/apache2/keystone-error.log

   CustomLog /var/log/apache2/keystone-access.log combined

</VirtualHost>

<VirtualHost *:35357>

   WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystonedisplay-name=%{GROUP}

   WSGIProcessGroup keystone-admin

   WSGIScriptAlias / /var/www/cgi-bin/keystone/admin

   WSGIApplicationGroup %{GLOBAL}

   WSGIPassAuthorization On

<IfVersion >= 2.4>

     ErrorLogFormat "%{cu}t %M"

</IfVersion>

   LogLevel info

   ErrorLog /var/log/apache2/keystone-error.log

   CustomLog /var/log/apache2/keystone-access.log combined

</VirtualHost>

 

# ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
# mkdir -p /var/www/cgi-bin/keystone
# curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo|tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
# chown -R keystone:keystone /var/www/cgi-bin/keystone
# chmod 755 /var/www/cgi-bin/keystone/*
# service apache2 restart
# rm -f /var/lib/keystone/keystone.db

# export OS_SERVICE_TOKEN=1cb775e98f2375ab3ba7

# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

# systemctl restartopenstack-keystone.service

# keystone tenant-create --name admin--description "Admin Tenant" 
+-------------+----------------------------------+ 
| Property | Value | 
+-------------+----------------------------------+ 
| description   | Admin Tenant                          | 
| enabled        |True                                        | 
| id                | 89109628fdf840249f2b9fd716404527| 
| name           | admin                                     | 
+-------------+----------------------------------+ 

# keystone user-create --name admin --passADMIN_PASS --email root@localhost 
+----------+----------------------------------+ 
| Property   | Value                                    | 
+----------+----------------------------------+ 
| email        |root@localhost                       | 
| enabled    | True                                      | 
| id             | 7f78bf6957154df998638833f061f196 | 
| name        |admin                                    | 
| username  | admin                                    | 
+----------+----------------------------------+ 

# keystone role-create --name admin 
+----------+----------------------------------+ 
| Property   | Value                                    | 
+----------+----------------------------------+ 
| id             | 59e125307ef447bbb11e6bb015b8c6e4 | 
| name        |admin                                    | 
+----------+----------------------------------+ 

# keystone user-role-add --tenant admin --useradmin --role admin
# keystone role-create --name _member_ 
+----------+----------------------------------+ 
| Property   | Value                                    | 
+----------+----------------------------------+ 
| id            | 2910a8344595471995e02b23fc93124f | 
| name        |_member_                              | 
+----------+----------------------------------+ 

# keystone user-role-add --tenant admin --useradmin --role _member_ 
这个是没输出的
上面是加admin,下面是加demo
# keystone tenant-create --name demo--description "Demo Tenant" 
+-------------+----------------------------------+ 
| Property       |Value                                     | 
+-------------+----------------------------------+ 
| description   | Demo Tenant                         | 
| enabled        |True                                       | 
| id                 | 98aeedd6814142e68bc9ee88846d654c| 
| name            | demo                                   | 
+-------------+----------------------------------+ 

# keystone user-create --name demo --passDEMO_PASS --email EMAIL_ADDRESS 
+----------+----------------------------------+ 
| Property | Value | 
+----------+----------------------------------+ 
| email        |EMAIL_ADDRESS                     | 
| enabled    | True                                      | 
| id             | c7172284f56e44baaae83d9351e28c31 | 
| name         |demo                                   | 
| username   | demo                                   | 
+----------+----------------------------------+ 

# keystone user-role-add --tenant demo --userdemo --role _member_ 
# keystone tenant-create --name service--description "Service Tenant" 
+-------------+----------------------------------+ 
| Property       |Value                                     | 
+-------------+----------------------------------+ 
| description | Service Tenant                          | 
| enabled      | True                                       | 
| id               | 9870c4478e0448ba87a38e1e3c80448c | 
| name          |service                                     | 
+-------------+----------------------------------+ 

# keystone service-create --name keystone --typeidentity \ 
> --description "OpenStackIdentity" 
+-------------+----------------------------------+ 
| Property | Value | 
+-------------+----------------------------------+ 
| description   | OpenStackIdentity                  | 
| enabled        |True                                       | 
| id                | b2f1cfca40c64a6583b19e4475312e85| 
| name          | keystone                                   | 
| type            | identity                                   | 
+-------------+----------------------------------+ 

# keystone endpoint-create \ 
> --service-id $(keystone service-list | awk'/ identity / {print $2}') \ 
> --publicurl http://controller:5000/v2.0 \ 
> --internalurl http://controller:5000/v2.0 \ 
> --adminurl http://controller:35357/v2.0 \ 
> --region regionOne 
+-------------+----------------------------------+ 
| Property       |Value                                     | 
+-------------+----------------------------------+ 
| adminurl      |http://controller:35357/v2.0      | 
| id                | 5fbc07aa73ef4891859d01eac5ac9253| 
| internalurl     |http://controller:5000/v2.0       | 
| publicurl       |http://controller:5000/v2.0        | 
| region          | regionOne                              | 
| service_id       | b2f1cfca40c64a6583b19e4475312e85 | 
+-------------+----------------------------------+ 

上面的操作完了,下面验证一下看看有没有出错
先退出刚刚的操作环境
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

# keystone --os-tenant-name admin --os-usernameadmin --os-password ADMIN_PASS \ 
> --os-auth-url http://controller:35357/v2.0token-get 
+-----------+----------------------------------+ 
| Property    | Value                                    | 
+-----------+----------------------------------+ 
| expires       |2014-12-18T07:27:22Z              | 
| id              | f571c6b396904e4b93220d82a38605e2 | 
| tenant_id    | 89109628fdf840249f2b9fd716404527| 
| user_id       |7f78bf6957154df998638833f061f196 | 
+-----------+----------------------------------+ 

# keystone --os-tenant-name admin --os-usernameadmin --os-password ADMIN_PASS \ 
> --os-auth-url http://controller:35357/v2.0 tenant-list 
+----------------------------------+---------+---------+ 
| id | name | enabled | 
+----------------------------------------+---------+---------+ 
| 89109628fdf840249f2b9fd716404527  |admin    | True      | 
| 98aeedd6814142e68bc9ee88846d654c | demo   | True      | 
| 9870c4478e0448ba87a38e1e3c80448c |service   | True      | 
+-----------------------------------------+---------+---------+
以上不出错后
以上操作完成后,建两下用户环境,以后在cli下操作只要sourceadmin-openrc.sh就进入的操作权限。

# export OS_SERVICE_TOKEN=1cb775e98f2375ab3ba7

# exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0


# vi admin-openrc.sh 
export OS_TENANT_NAME=admin 
export OS_USERNAME=admin 
export OS_PASSWORD=ADMIN_PASS 
export OS_AUTH_URL=http://controller:35357/v2.0 

# vi demo-openrc.sh 
export OS_TENANT_NAME=demo 
export OS_USERNAME=demo 
export OS_PASSWORD=DEMO_PASS 
export OS_AUTH_URL=http://controller:5000/v2.0

 

controller节点安装glance

# mysql �Curoot �Cp

# create dabatase glance;

# grant all privileges on glance.* to 'glance'@'localhost' identifiedby 'glance';

# grant all privileges on glance.* to 'glance'@'%' identified by'glance';

填加用户glance 与密码
# keystone user-create --name glance --passGLANCE_PASS 
+----------+----------------------------------+ 
| Property   | Value                                    | 
+----------+----------------------------------+ 
| email       |                                              | 
| enabled   | True                                      | 
| id           | d51571512faf4c148cca450d75396893 | 
| name      | glance                                    | 
| username | glance                                    | 
+----------+----------------------------------+ 
# keystone user-role-add --user glance--tenant service --role admin 
# keystone service-create --name glance --typeimage \ 
> --description "OpenStack ImageService" 
+-------------+----------------------------------+ 
| Property       |Value                                     | 
+-------------+----------------------------------+ 
| description   | OpenStack ImageService         | 
| enabled       | True                                       | 
| id                | 990d6863283141ff9dbaa7a4e3a06795| 
| name           | glance                                    | 
| type             | image                                     | 
+-------------+----------------------------------+ 
# keystone endpoint-create \ 
> --service-id $(keystone service-list |awk '/ image / {print $2}') \ 
> --publicurl http://controller:9292 \ 
> --internalurl http://controller:9292 \ 
> --adminurl http://controller:9292 \ 
> --region regionOne 
+-------------+----------------------------------+ 
| Property       |Value                                     | 
+-------------+----------------------------------+ 
| adminurl      |http://controller:9292               | 
| id                | 37172288d36f4c1b8dc3fa7935174aa7| 
| internalurl    |http://controller:9292                | 
| publicurl       |http://controller:9292                | 
| region          | regionOne                               | 
| service_id      |990d6863283141ff9dbaa7a4e3a06795 | 
+-------------+----------------------------------+ 

安装相关包
#yum install openstack-glancepython-glanceclient

编辑相关文件
# vi /etc/glance/glance-api.conf
[DEFAULT] 
verbose=True 
[database] 
connection =mysql://glance:GLANCE_DBPASS@controller/glance 
[keystone_authtoken] 
auth_uri = http://controller:5000/v2.0 
identity_uri = http://controller:35357 
admin_tenant_name = service 
admin_user = glance 
admin_password = GLANCE_PASS 
[paste_deploy] 
flavor = keystone 
[store_type_location_strategy] 
[profiler] 
[task] 
[glance_store] 
default_store = file 
filesystem_store_datadir =/var/lib/glance/images/

# vi /etc/glance/glance-registry.conf
[DEFAULT] 
verbose=True 
[database] 
connection =mysql://glance:GLANCE_DBPASS@controller/glance 
[keystone_authtoken] 
auth_uri = http://controller:5000/v2.0 
identity_uri = http://controller:35357 
admin_tenant_name = service 
admin_user = glance 
admin_password = GLANCE_PASS 
[paste_deploy] 
flavor = keystone 
[profiler]

同步数据库
# su -s /bin/sh -c "glance-managedb_sync" glance
填加到开机自启动与启动程序。
#systemctl enable openstack-glance-api.serviceopenstack-glance-registry.service
#systemctl start openstack-glance-api.serviceopenstack-glance-registry.service

 

添加计算服务

先在controller
 
先在数据库中操作,进入、增加、与加用户权限,秘密为NOVA_DBPASS
$ mysql -u root -p

CREATE DATABASE nova; 
Grant proper access to the nova database: 
GRANT ALL PRIVILEGES ON nova.* TO'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';

2.
填加Identity 身份认证,建nova用户与密码并加入role
$ source admin-openrc.sh
$ keystone user-create --name nova --passNOVA_PASS
+----------+----------------------------------+
| Property  | Value                                      |
+----------+----------------------------------+
| email       |                                              |
| enabled   | True                                      |
| id           | 387dd4f7e46d4f72965ee99c76ae748c |
| name      | nova                                       |
| username | nova                                      |
+----------+----------------------------------+

# keystone user-role-add --user nova --tenantservice --role admin

创建nova service:
#keystone service-create --name nova --typecompute \
  --description "OpenStackCompute"
+-------------+----------------------------------+
| Property       |Value                                     |
+-------------+----------------------------------+
| description   | OpenStackCompute                |
| enabled        |True                                       |
| id                | 6c7854f52ce84db795557ebc0373f6b9|
| name          | nova                                       |
| type            | compute                                |
+-------------+----------------------------------+

$ keystone endpoint-create \
  --service-id $(keystone service-list| awk '/ compute / {print $2}') \
  --publicurlhttp://controller:8774/v2/%\(tenant_id\)s \
  --internalurlhttp://controller:8774/v2/%\(tenant_id\)s \
  --adminurlhttp://controller:8774/v2/%\(tenant_id\)s \
  --region regionOne
+-------------+-----------------------------------------+
| Property       |Value                                               |
+-------------+-----------------------------------------+
| adminurl       |http://controller:8774/v2/%(tenant_id)s |
| id                 | c397438bd82c41198ec1a9d85cb7cc74|
| internalurl     |http://controller:8774/v2/%(tenant_id)s |
| publicurl       | http://controller:8774/v2/%(tenant_id)s |
| region          | regionOne                                          |
| service_id       |6c7854f52ce84db795557ebc0373f6b9 |
+-------------+-----------------------------------------+

安装包
# yum install openstack-nova-apiopenstack-nova-cert openstack-nova-conductor \ openstack-nova-consoleopenstack-nova-novncproxy openstack-nova-scheduler \ python-novaclient

编辑配置文件,在配置文件时,每行的前面不能有空格,要不然会出错的
vi /etc/nova/nova.conf
[database]
connection =mysql://nova:NOVA_DBPASS@controller/nova  #
连数据库

rpc_backend = rabbit                     #
rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS

auth_strategy = keystone    #
使用keystone做身份认证
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11 
vncserver_proxyclient_address = 10.0.0.11
verbose = True

[keystone_authtoken]                                        #
连到keystone
auth_uri = http://controller:5000/v2.0 
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS

[glance]    #glance  
主机位置
host = controller 
  
同步数据库
# su -s /bin/sh -c "nova-manage dbsync" nova
增加自启动与启动进程
# systemctl enable openstack-nova-api.service openstack-nova-cert.service\
openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \ openstack-nova-conductor.serviceopenstack-nova-novncproxy.service 
# systemctl start openstack-nova-api.serviceopenstack-nova-cert.service \
openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \ openstack-nova-conductor.serviceopenstack-nova-novncproxy.service
以上在controller中的操作就完成了

下面是在compute1中的操作

安装文件包
# yum install openstack-nova-compute sysfsutils

编辑配置文件

[DEFAULT]
rpc_backend = rabbit                #
连数据库
rabbit_host = controller
rabbit_password = RABBIT_PASS

auth_strategy = keystone 

my_ip =10.0.0.31    #
本机的管理ip

vnc_enabled = True             #novnc
使用
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.0.0.31
novncproxy_base_url =http://controller:6080/vnc_auto.html 

verbose = True 

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
[glance]

host = controller

增加自启动与启动进程
# systemctl enable libvirtd.serviceopenstack-nova-compute.service
# systemctl start libvirtd.service
# systemctl start openstack-nova-compute.service


上面就操作完成,就填加好了nova service

测试一下,看到以下的就成功了。

要在controller节点上操作

# source admin-openrc.sh
# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary          | Host       | Zone    | Status  | State | Updated_at                | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-conductor   |controller | internal | enabled | up    | 2014-09-16T23:54:02.000000| -               |
| 2  | nova-consoleauth | controller |internal | enabled | up    | 2014-09-16T23:54:04.000000 | -              |
| 3  | nova-scheduler   |controller | internal | enabled | up    | 2014-09-16T23:54:07.000000| -               |
| 4  | nova-cert       | controller | internal | enabled | up    |2014-09-16T23:54:00.000000 | -              |
| 5  | nova-compute    | compute1   | nova     |enabled | up    | 2014-09-16T23:54:06.000000 | -              |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+

 

 

  1. 添加网络服务 ---网络模式为nova-network------flatdhcp

一.安装和配置控制节点

    1. Edit the /etc/nova/nova.conf file and complete the following actions:
               [DEFAULT]
               network_api_class = nova.network.api.API
               security_group_api = nova
2. service nova-api restart
         service nova-scheduler restart
         service nova-conductor restart
二.安装和配置计算节点
1.       apt-get install nova-network nova-api-metadata
2.       Edit the /etc/nova/nova.conf file and complete the following actions:
[DEFAULT]
network_api_class = nova.network.api.API
security_group_api = nova
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
network_size = 254
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_network_bridge = br100
flat_interface = eth2
public_interface = eth2
3.       service nova-network restart
4.       service nova-api-metadata restart
三.控制节点执行一下命令
1.       source admin-openrc.sh
2.       nova network-create demo-net --bridge br100 --multi-host T --fixed-range-v4 203.0.113.24/29
3.       nova net-list


  1. 控制节点安装dashboard服务

  2. apt-get installopenstack-dashboard

  3. Edit /etc/openstack-dashboard/local_settings.pyfile and complete the following actions:

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = '*'

CACHES ={

   'default': {

       'BACKEND':'django.core.cache.backends.memcached.MemcachedCache',

       'LOCATION': '127.0.0.1:11211',

   }

}

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

TIME_ZONE = "TIME_ZONE"

3.       service apache2 reload

 

 

访问 192.168.1.11/dashboard


你可能感兴趣的:(openstack)