环境:
Controller 42.62.55.71
Compute 42.62.114.207
Controller+ Compute
#yum install -y yum-plugin-priorities
配置 yum 源
Controller compute
vim/etc/yum.repos.d/openstack.repo
[openstack]
name=openstack
baseurl=http://mirrors.ustc.edu.cn/centos/7/cloud/x86_64/openstack-kilo/
enabled=1
gpgcheck=0
安装ntp
Controller
#Yum install ntp �Cy
Vim /etc/ntp.conf (添加)
restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify
server controller iburst
#systemctl enablentpd.service
#systemctl start ntpd.service
Compute
#Yum install ntp �Cy
Vim/etc/ntp.conf (添加)
server controller iburst
#systemctl enablentpd.service
#systemctl startntpd.service
Controller 操作
安装数据库
#yum installmariadb mariadb-server MySQL-python
Vim/etc/my.cnf (添加)
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
#systemctl enable mariadb.service
#Systemctl restartmariadb.service
设置数据库密码
#mysql_secure_installation
安装rabbit-server
#Yum installrebbitmq-server
#systemctl enablerabbitmq-server.service
#systemctl startrabbitmq-server.service
#rabbitmqctlchange_password guest 密码
安装keystone
创建数据库
#Mysql �Curoot �Cp
#create databasekeystone;
#grant allprivileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';
#grant allprivileges on keystone.* to 'keystone'@’%' identified by 'keystone';
生成秘钥
#openssl rand -hex 10
1cb775e98f2375ab3ba7(随机生成)
安装软件
#yum install openstack-keystonepython-keystoneclient
#vim /etc/keystone/keystone.conf
admin_token = d9cc00b3a9afaced6a36 #这是刚刚产生的随机值
verbose = True
[database]
connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider =keystone.token.providers.uuid.Provider
driver =keystone.token.persistence.backends.sql.Token
创建管理证书与密钥,设置相关文件权限
# keystone-manage pki_setup --keystone-userkeystone --keystone-group keystone
# chown -R keystone:keystone /var/log/keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl
填充数据库数据
# su -s /bin/sh -c "keystone-managedb_sync" keystone
进入数据库查看是否有表产生 没有产生重启mariadb
# mkdir /etc/apache2/sites-available
# vim /etc/apache2/sites-available/wsgi-keystone.conf (添加)
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystonedisplay-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystonedisplay-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
LogLevel info
ErrorLog /var/log/apache2/keystone-error.log
CustomLog /var/log/apache2/keystone-access.log combined
</VirtualHost>
# ln -s /etc/apache2/sites-available/wsgi-keystone.conf /etc/apache2/sites-enabled
# mkdir -p /var/www/cgi-bin/keystone
# curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo|tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
# chown -R keystone:keystone /var/www/cgi-bin/keystone
# chmod 755 /var/www/cgi-bin/keystone/*
# service apache2 restart
# rm -f /var/lib/keystone/keystone.db
# export OS_SERVICE_TOKEN=1cb775e98f2375ab3ba7
# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0
# systemctl restartopenstack-keystone.service
# keystone tenant-create --name admin--description "Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled |True |
| id | 89109628fdf840249f2b9fd716404527|
| name | admin |
+-------------+----------------------------------+
# keystone user-create --name admin --passADMIN_PASS --email root@localhost
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email |root@localhost |
| enabled | True |
| id | 7f78bf6957154df998638833f061f196 |
| name |admin |
| username | admin |
+----------+----------------------------------+
# keystone role-create --name admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 59e125307ef447bbb11e6bb015b8c6e4 |
| name |admin |
+----------+----------------------------------+
# keystone user-role-add --tenant admin --useradmin --role admin
# keystone role-create --name _member_
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id | 2910a8344595471995e02b23fc93124f |
| name |_member_ |
+----------+----------------------------------+
# keystone user-role-add --tenant admin --useradmin --role _member_
这个是没输出的
上面是加admin,下面是加demo
# keystone tenant-create --name demo--description "Demo Tenant"
+-------------+----------------------------------+
| Property |Value |
+-------------+----------------------------------+
| description | Demo Tenant |
| enabled |True |
| id | 98aeedd6814142e68bc9ee88846d654c|
| name | demo |
+-------------+----------------------------------+
# keystone user-create --name demo --passDEMO_PASS --email EMAIL_ADDRESS
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email |EMAIL_ADDRESS |
| enabled | True |
| id | c7172284f56e44baaae83d9351e28c31 |
| name |demo |
| username | demo |
+----------+----------------------------------+
# keystone user-role-add --tenant demo --userdemo --role _member_
# keystone tenant-create --name service--description "Service Tenant"
+-------------+----------------------------------+
| Property |Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id | 9870c4478e0448ba87a38e1e3c80448c |
| name |service |
+-------------+----------------------------------+
# keystone service-create --name keystone --typeidentity \
> --description "OpenStackIdentity"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStackIdentity |
| enabled |True |
| id | b2f1cfca40c64a6583b19e4475312e85|
| name | keystone |
| type | identity |
+-------------+----------------------------------+
# keystone endpoint-create \
> --service-id $(keystone service-list | awk'/ identity / {print $2}') \
> --publicurl http://controller:5000/v2.0 \
> --internalurl http://controller:5000/v2.0 \
> --adminurl http://controller:35357/v2.0 \
> --region regionOne
+-------------+----------------------------------+
| Property |Value |
+-------------+----------------------------------+
| adminurl |http://controller:35357/v2.0 |
| id | 5fbc07aa73ef4891859d01eac5ac9253|
| internalurl |http://controller:5000/v2.0 |
| publicurl |http://controller:5000/v2.0 |
| region | regionOne |
| service_id | b2f1cfca40c64a6583b19e4475312e85 |
+-------------+----------------------------------+
上面的操作完了,下面验证一下看看有没有出错
先退出刚刚的操作环境
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
# keystone --os-tenant-name admin --os-usernameadmin --os-password ADMIN_PASS \
> --os-auth-url http://controller:35357/v2.0token-get
+-----------+----------------------------------+
| Property | Value |
+-----------+----------------------------------+
| expires |2014-12-18T07:27:22Z |
| id | f571c6b396904e4b93220d82a38605e2 |
| tenant_id | 89109628fdf840249f2b9fd716404527|
| user_id |7f78bf6957154df998638833f061f196 |
+-----------+----------------------------------+
# keystone --os-tenant-name admin --os-usernameadmin --os-password ADMIN_PASS \
> --os-auth-url http://controller:35357/v2.0 tenant-list
+----------------------------------+---------+---------+
| id | name | enabled |
+----------------------------------------+---------+---------+
| 89109628fdf840249f2b9fd716404527 |admin | True |
| 98aeedd6814142e68bc9ee88846d654c | demo | True |
| 9870c4478e0448ba87a38e1e3c80448c |service | True |
+-----------------------------------------+---------+---------+
以上不出错后
以上操作完成后,建两下用户环境,以后在cli下操作只要sourceadmin-openrc.sh就进入的操作权限。
# export OS_SERVICE_TOKEN=1cb775e98f2375ab3ba7
# exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
# vi admin-openrc.sh
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v2.0
# vi demo-openrc.sh
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v2.0
controller节点安装glance
# mysql �Curoot �Cp
# create dabatase glance;
# grant all privileges on glance.* to 'glance'@'localhost' identifiedby 'glance';
# grant all privileges on glance.* to 'glance'@'%' identified by'glance';
填加用户glance 与密码
# keystone user-create --name glance --passGLANCE_PASS
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | d51571512faf4c148cca450d75396893 |
| name | glance |
| username | glance |
+----------+----------------------------------+
# keystone user-role-add --user glance--tenant service --role admin
# keystone service-create --name glance --typeimage \
> --description "OpenStack ImageService"
+-------------+----------------------------------+
| Property |Value |
+-------------+----------------------------------+
| description | OpenStack ImageService |
| enabled | True |
| id | 990d6863283141ff9dbaa7a4e3a06795|
| name | glance |
| type | image |
+-------------+----------------------------------+
# keystone endpoint-create \
> --service-id $(keystone service-list |awk '/ image / {print $2}') \
> --publicurl http://controller:9292 \
> --internalurl http://controller:9292 \
> --adminurl http://controller:9292 \
> --region regionOne
+-------------+----------------------------------+
| Property |Value |
+-------------+----------------------------------+
| adminurl |http://controller:9292 |
| id | 37172288d36f4c1b8dc3fa7935174aa7|
| internalurl |http://controller:9292 |
| publicurl |http://controller:9292 |
| region | regionOne |
| service_id |990d6863283141ff9dbaa7a4e3a06795 |
+-------------+----------------------------------+
安装相关包
#yum install openstack-glancepython-glanceclient
编辑相关文件
# vi /etc/glance/glance-api.conf
[DEFAULT]
verbose=True
[database]
connection =mysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[store_type_location_strategy]
[profiler]
[task]
[glance_store]
default_store = file
filesystem_store_datadir =/var/lib/glance/images/
# vi /etc/glance/glance-registry.conf
[DEFAULT]
verbose=True
[database]
connection =mysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[profiler]
同步数据库
# su -s /bin/sh -c "glance-managedb_sync" glance
填加到开机自启动与启动程序。
#systemctl enable openstack-glance-api.serviceopenstack-glance-registry.service
#systemctl start openstack-glance-api.serviceopenstack-glance-registry.service
添加计算服务
先在controller中
先在数据库中操作,进入、增加、与加用户权限,秘密为NOVA_DBPASS
$ mysql -u root -p
CREATE DATABASE nova;
Grant proper access to the nova database:
GRANT ALL PRIVILEGES ON nova.* TO'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
2. 填加Identity 身份认证,建nova用户与密码并加入role组
$ source admin-openrc.sh
$ keystone user-create --name nova --passNOVA_PASS
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id | 387dd4f7e46d4f72965ee99c76ae748c |
| name | nova |
| username | nova |
+----------+----------------------------------+
# keystone user-role-add --user nova --tenantservice --role admin
创建nova service:
#keystone service-create --name nova --typecompute \
--description "OpenStackCompute"
+-------------+----------------------------------+
| Property |Value |
+-------------+----------------------------------+
| description | OpenStackCompute |
| enabled |True |
| id | 6c7854f52ce84db795557ebc0373f6b9|
| name | nova |
| type | compute |
+-------------+----------------------------------+
$ keystone endpoint-create \
--service-id $(keystone service-list| awk '/ compute / {print $2}') \
--publicurlhttp://controller:8774/v2/%\(tenant_id\)s \
--internalurlhttp://controller:8774/v2/%\(tenant_id\)s \
--adminurlhttp://controller:8774/v2/%\(tenant_id\)s \
--region regionOne
+-------------+-----------------------------------------+
| Property |Value |
+-------------+-----------------------------------------+
| adminurl |http://controller:8774/v2/%(tenant_id)s |
| id | c397438bd82c41198ec1a9d85cb7cc74|
| internalurl |http://controller:8774/v2/%(tenant_id)s |
| publicurl | http://controller:8774/v2/%(tenant_id)s |
| region | regionOne |
| service_id |6c7854f52ce84db795557ebc0373f6b9 |
+-------------+-----------------------------------------+
安装包
# yum install openstack-nova-apiopenstack-nova-cert openstack-nova-conductor \ openstack-nova-consoleopenstack-nova-novncproxy openstack-nova-scheduler \ python-novaclient
编辑配置文件,在配置文件时,每行的前面不能有空格,要不然会出错的
vi /etc/nova/nova.conf
[database]
connection =mysql://nova:NOVA_DBPASS@controller/nova #连数据库
rpc_backend = rabbit #连 rabbit
rabbit_host = controller
rabbit_password = RABBIT_PASS
auth_strategy = keystone #使用keystone做身份认证
my_ip = 10.0.0.11
vncserver_listen = 10.0.0.11
vncserver_proxyclient_address = 10.0.0.11
verbose = True
[keystone_authtoken] #连到keystone
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
[glance] #glance 主机位置
host = controller
同步数据库
# su -s /bin/sh -c "nova-manage dbsync" nova
增加自启动与启动进程
# systemctl enable openstack-nova-api.service openstack-nova-cert.service\
openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \ openstack-nova-conductor.serviceopenstack-nova-novncproxy.service
# systemctl start openstack-nova-api.serviceopenstack-nova-cert.service \
openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \ openstack-nova-conductor.serviceopenstack-nova-novncproxy.service
以上在controller中的操作就完成了
下面是在compute1中的操作
安装文件包
# yum install openstack-nova-compute sysfsutils
编辑配置文件
[DEFAULT]
rpc_backend = rabbit #连数据库
rabbit_host = controller
rabbit_password = RABBIT_PASS
auth_strategy = keystone
my_ip =10.0.0.31 #本机的管理ip
vnc_enabled = True #novnc使用
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.0.0.31
novncproxy_base_url =http://controller:6080/vnc_auto.html
verbose = True
[keystone_authtoken]
auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
[glance]
host = controller
增加自启动与启动进程
# systemctl enable libvirtd.serviceopenstack-nova-compute.service
# systemctl start libvirtd.service
# systemctl start openstack-nova-compute.service
上面就操作完成,就填加好了nova service
测试一下,看到以下的就成功了。
要在controller节点上操作
# source admin-openrc.sh
# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-conductor |controller | internal | enabled | up | 2014-09-16T23:54:02.000000| - |
| 2 | nova-consoleauth | controller |internal | enabled | up | 2014-09-16T23:54:04.000000 | - |
| 3 | nova-scheduler |controller | internal | enabled | up | 2014-09-16T23:54:07.000000| - |
| 4 | nova-cert | controller | internal | enabled | up |2014-09-16T23:54:00.000000 | - |
| 5 | nova-compute | compute1 | nova |enabled | up | 2014-09-16T23:54:06.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
添加网络服务 ---网络模式为nova-network------flatdhcp
一.安装和配置控制节点
1. Edit the /etc/nova/nova.conf file and complete the following actions:
[DEFAULT]
network_api_class = nova.network.api.API
security_group_api = nova
2. service nova-api restart
service nova-scheduler restart
service nova-conductor restart
二.安装和配置计算节点
1. apt-get install nova-network nova-api-metadata
2. Edit the /etc/nova/nova.conf file and complete the following actions:
[DEFAULT]
network_api_class = nova.network.api.API
security_group_api = nova
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
network_size = 254
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_network_bridge = br100
flat_interface = eth2
public_interface = eth2
3. service nova-network restart
4. service nova-api-metadata restart
三.控制节点执行一下命令
1. source admin-openrc.sh
2. nova network-create demo-net --bridge br100 --multi-host T --fixed-range-v4 203.0.113.24/29
3. nova net-list
控制节点安装dashboard服务
apt-get installopenstack-dashboard
Edit /etc/openstack-dashboard/local_settings.pyfile and complete the following actions:
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = '*'
CACHES ={
'default': {
'BACKEND':'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '127.0.0.1:11211',
}
}
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "TIME_ZONE"
3. service apache2 reload
访问 192.168.1.11/dashboard