cat >> ~/admin-openrc << EOF
#admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source ~/admin-openrc
**创建域,项目,用户和角色**
#创建新域的方法
openstack domain create --description “An Example Domain” example
#创建service 项目
openstack project create --domain default --description “Service Project” service
#创建myproject项目
openstack project create --domain default --description “Demo Project” myproject
#创建myuser用户,需要输入新用户的密码(–password-prompt为交互式,–password+密码为非交互式)
openstack user create --domain default --password MYUSER_PASSWORD myuser
#创建user角色
openstack role create user
#查看角色
openstack role list
#将user角色添加到myproject项目和myuser用户
openstack role add --project myproject --user myuser user
#验证keystone
unset OS_AUTH_URL OS_PASSWORD
**以admin用户身份请求身份验证令牌,使用admin用户密码ADMIN\_PASS**
openstack --os-auth-url http://controller:5000/v3
–os-project-domain-name Default --os-user-domain-name Default
–os-project-name admin --os-username admin token issue
**为创建的myuser用户,请请求认证令牌, 使用myuser用户密码MYUSER\_PASSWORD**
openstack --os-auth-url http://controller:5000/v3
–os-project-domain-name Default --os-user-domain-name Default
–os-project-name myproject --os-username myuser token issue
**为myuser用户也添加一个环境变量文件,密码为myuser用户的密码,**
cat >> ~/myuser-openrc << EOF
#myuser-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=MYUSER_PASSWORD
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
#需要用到此用户的时候source生效一下
**官方文档中创建了demo用户,也添加一个环境变量文件**
cat >> ~/demo-openrc << EOF
#demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
**请求身份验证令牌**
openstack token issue
=====================================================
## 5. glance
**安装glance镜像服务**
https://docs.openstack.org/glance/train/install/install-rdo.html
**创建数据库并授权**
mysql -u root
create database glance;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’ IDENTIFIED BY ‘GLANCE_DBPASS’;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘%’ IDENTIFIED BY ‘GLANCE_DBPASS’;
flush privileges;
**创建glance用户**
source ~/admin-openrc
openstack user create --domain default --password GLANCE_PASS glance
**将管理员admin用户添加到glance用户和项目中**
openstack role add --project service --user glance admin
**创建glance服务实体**
openstack service create --name glance --description “OpenStack Image” image
**创建glance服务API端点,OpenStack使用三种API端点变种代表每种服务:admin、internal、public**
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
**安装glance软件包**
yum install openstack-glance -y
**编辑glance配置文件 /etc/glance/glance-api.conf**
cp -a /etc/glance/glance-api.conf{,.bak}
grep -Ev ‘^$|#’ /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
**编辑镜像服务的另一个组件文件 /etc/glance/glance-registry.conf**
cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev ‘^$|#’ /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
**同步写入镜像数据库**
su -s /bin/sh -c “glance-manage db_sync” glance
**启动glance服务并设置开机自启**
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
lsof -i:9292
**赋予openstack-glance-api.service服务对存储设备的可写权限**
chown -hR glance:glance /var/lib/glance/
**下载cirros镜像验证glance服务**
wget -c http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img
**上传镜像**
#这里不要使用官方文档里面的glance image-create这样的写法,新版本的OpenStack已经不支持,尽量统一使用以openstack开头的命令写法
openstack image create --file ~/cirros-0.5.1-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros
**查看镜像**
openstack image list
glance image-list
#查看镜像的物理文件
ll /var/lib/glance/images/
##删除镜像的命令
openstack image delete
================================================
## 6. placement
**安装placement放置服务**
https://docs.openstack.org/placement/train/install/install-rdo.html
https://docs.openstack.org/placement/train/install/
**创建placement数据库**
mysql -uroot
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO ‘placement’@‘localhost’ IDENTIFIED BY ‘PLACEMENT_DBPASS’;
GRANT ALL PRIVILEGES ON placement.* TO ‘placement’@‘%’ IDENTIFIED BY ‘PLACEMENT_DBPASS’;
flush privileges;
**创建placement用户**
openstack user create --domain default --password PLACEMENT_PASS placement
**将Placement用户添加到服务项目中**
openstack role add --project service --user placement admin
**创建placement API服务实体**
openstack service create --name placement --description “Placement API” placement
**创建placement API服务访问端点**
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
**安装placement软件包**
yum install openstack-placement-api -y
**修改配置文件/etc/placement/placement.conf**
cp /etc/placement/placement.conf /etc/placement/placement.conf.bak
grep -Ev ‘^$|#’ /etc/placement/placement.conf.bak > /etc/placement/placement.conf
openstack-config --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
openstack-config --set /etc/placement/placement.conf api auth_strategy keystone
openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/placement/placement.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_type password
openstack-config --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/placement/placement.conf keystone_authtoken project_name service
openstack-config --set /etc/placement/placement.conf keystone_authtoken username placement
openstack-config --set /etc/placement/placement.conf keystone_authtoken password PLACEMENT_PASS
**填充placement数据库**
su -s /bin/sh -c “placement-manage db sync” placement
mysql placement -e ‘show tables’
**修改placement的apache配置文件,官方文档没有提到,如果不修改,计算服务检查时将会报错**
#启用placement API访问
[root@controller ~]# vim /etc/httpd/conf.d/00-placement-api.conf
…
15 #SSLCertificateKeyFile
#SSLCertificateKeyFile …
<Directory /usr/bin>
= 2.4>
Require all granted
<IfVersion < 2.4>
Order allow,deny
Allow from all
…
#重启apache服务
systemctl restart httpd.service
netstat -lntup|grep 8778
lsof -i:8778
#curl地址看是否能返回json
curl http://controller:8778
**验证检查健康状态**
placement-status upgrade check
==================================================
## 7. nova
**nova计算服务需要在 控制节点 和 计算节点 都安装**
https://docs.openstack.org/nova/train/install/
**控制节点主要安装**
nova-api(nova主服务)
nova-scheduler(nova调度服务)
nova-conductor(nova数据库服务,提供数据库访问)
nova-novncproxy(nova的vnc服务,提供实例的控制台)
**计算节点主要安装**
nova-compute(nova计算服务)
### 7.1 安装nova计算服务(controller控制节点192.168.0.10)
**创建nova\_api,nova和nova\_cell0数据库并授权**
mysql -uroot
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘%’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘%’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘%’ IDENTIFIED BY ‘NOVA_DBPASS’;
flush privileges;
**创建nova用户**
openstack user create --domain default --password NOVA_PASS nova
**向nova用户添加admin角色**
openstack role add --project service --user nova admin
**创建nova服务实体**
openstack service create --name nova --description “OpenStack Compute” compute
**创建Compute API服务端点**
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
**安装nova软件包**
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
**编辑nova服务的配置文件/etc/nova/nova.conf**
cp -a /etc/nova/nova.conf{,.bak}
grep -Ev ‘^$|#’ /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata<