此处为N版
一、准备环境
controller:Ubuntu16.04 192.168.60.219
ncnode: Ubuntu16.04 192.168.60.218
关闭防火墙 :systemctl stop firewalld
关闭SELinux :setenforce 0
vi /etc/hosts
192.168.60.219 controller
192.168.60.218 ncnode
如果yum源用的是国外的源(自己网络非常快的话),最好换成国内的源(163、阿里等),此处不做介绍。
二、启用openstack库(controller和ncnode上操作)
# apt install software-properties-common
# add-apt-repository cloud-archive:newton
完成安装
1.升级主机上的包:
# apt update && apt dist-upgrade(如果更新了一个新内核,重启主机来使用新内核。)
2.安装openstack客户端
# apt install python-openstackclient
三、sql数据库
1.安装软件包:
# apt install mariadb-server python-pymysql
2.创建和编辑/etc/mysql/mariadb.conf.d/99-openstack.cnf
文件,添加如下内容:
[mysqld] bind-address = 192.168.20.219(此处为controller节点的IP) default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
3.重启数据库
# service mysql restart
# mysql_secure_installation(为root用户创建登录数据库的密码,可不做)——
四、消息队列rabbitmq
1.安装rabbitmq
# apt install rabbitmq-server
2.加入openstack用户 # rabbitmqctl add_user openstack RABBIT_PASS Creating user "openstack" ...
3.为openstack用户赋予权限 # rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ...
五、缓存服务memcache
安装memcache
# apt install memcached python-memcache
编辑文件
vi /etc/memcached.conf
-l 192.168.60.219(controller IP)
重启memcache服务
# service memcached restart
六、keystone身份认证
创建数据库,完成以下操作:
$ mysql -u root -p
mysql> CREATE DATABASE keystone; ----创建keystone数据库
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'KEYSTONE_DBPASS';
(用合适的密码替换KEYSTONE_DBPASS)
安装keystone
# apt install keystone
vi /etc/keystone/keystone.conf
[database] ... connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token] ... provider = fernet
初始化数据库 # su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet秘钥数据库 # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导标识服务 # keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ ----admin_pass自定义 --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:35357/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
vi /etc/apache2/apache2.conf
ServerName controller
# service apache2 restart # rm -f /var/lib/keystone/keystone.db
配置管理账户 $ export OS_USERNAME=admin $ export OS_PASSWORD=ADMIN_PASS(密码自定义) $ export OS_PROJECT_NAME=admin $ export OS_USER_DOMAIN_NAME=Default $ export OS_PROJECT_DOMAIN_NAME=Default $ export OS_AUTH_URL=http://controller:35357/v3 $ export OS_IDENTITY_API_VERSION=3
创建项目service $ openstack project create --domain default \ --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 24ac7f19cd944f4cba1d77469b2a73ed | | is_domain | False | | name | service | | parent_id | default | +-------------+----------------------------------+
创建demo项目 $ openstack project create --domain default \ --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 231ad6e7ebba47d6a1e57e1cc07ae446 | | is_domain | False | | name | demo | | parent_id | default | +-------------+----------------------------------+
创建demo用户
$ openstack user create --domain default \ --password-prompt demo User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | aeda23aa78f44e859900e22c24817832 | | name | demo | | password_expires_at | None | +---------------------+----------------------------------+
创建用户角色
$ openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 997ce8d05fc143ac97d83fdfb5998552 | | name | user | +-----------+----------------------------------+
向演示项目和用户添加用户角色
$ openstack role add --project demo --user demo user
编辑 /etc/keystone/keystone-paste.ini 并且删除 admin_token_auth 从 [pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] 三部分.
$ unset OS_AUTH_URL OS_PASSWORD
作为管理员账户,请求身份认证令牌 $ openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue Password: +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2016-02-12T20:14:07.056119Z | | id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv | | | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 | | | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws | | project_id | 343d245e850143a096806dfaefa9afdc | | user_id | ac3377633149401296f6c0d92d79dc16 | +------------+-----------------------------------------------------------------+
作为demo用户,请求身份认证令牌 $ openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue Password: +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2016-02-12T20:15:39.014479Z | | id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW | | | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ | | | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U | | project_id | ed0b60bf607743088218b0a533d5943f | | user_id | 58126687cbcc4888bfa9ab73a2256f27 | +------------+-----------------------------------------------------------------+
vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
vi demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
$ . admin-openrc
$ openstack token issue +------------+-----------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------+ | expires | 2016-02-12T20:44:35.659723Z | | id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl | | | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e | | | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E | | project_id | 343d245e850143a096806dfaefa9afdc | | user_id | ac3377633149401296f6c0d92d79dc16 | +------------+-----------------------------------------------------------------+