OpenStack Train版部署

cat >> ~/admin-openrc << EOF
#admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source ~/admin-openrc

**创建域，项目，用户和角色**

#创建新域的方法
openstack domain create --description “An Example Domain” example

#创建service 项目
openstack project create --domain default --description “Service Project” service

#创建myproject项目
openstack project create --domain default --description “Demo Project” myproject

#创建myuser用户,需要输入新用户的密码(–password-prompt为交互式,–password+密码为非交互式)
openstack user create --domain default --password MYUSER_PASSWORD myuser

#创建user角色
openstack role create user

#查看角色
openstack role list

#将user角色添加到myproject项目和myuser用户
openstack role add --project myproject --user myuser user

#验证keystone
unset OS_AUTH_URL OS_PASSWORD

**以admin用户身份请求身份验证令牌,使用admin用户密码ADMIN\_PASS**

openstack --os-auth-url http://controller:5000/v3
–os-project-domain-name Default --os-user-domain-name Default
–os-project-name admin --os-username admin token issue

**为创建的myuser用户，请请求认证令牌, 使用myuser用户密码MYUSER\_PASSWORD**

openstack --os-auth-url http://controller:5000/v3
–os-project-domain-name Default --os-user-domain-name Default
–os-project-name myproject --os-username myuser token issue

**为myuser用户也添加一个环境变量文件,密码为myuser用户的密码,**

cat >> ~/myuser-openrc << EOF
#myuser-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=MYUSER_PASSWORD
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

#需要用到此用户的时候source生效一下

**官方文档中创建了demo用户，也添加一个环境变量文件**

cat >> ~/demo-openrc << EOF
#demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

**请求身份验证令牌**

openstack token issue

=====================================================


## 5. glance


**安装glance镜像服务**


https://docs.openstack.org/glance/train/install/install-rdo.html


**创建数据库并授权**

mysql -u root
create database glance;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’ IDENTIFIED BY ‘GLANCE_DBPASS’;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘%’ IDENTIFIED BY ‘GLANCE_DBPASS’;
flush privileges;

**创建glance用户**

source ~/admin-openrc
openstack user create --domain default --password GLANCE_PASS glance

**将管理员admin用户添加到glance用户和项目中**

openstack role add --project service --user glance admin

**创建glance服务实体**

openstack service create --name glance --description “OpenStack Image” image

**创建glance服务API端点,OpenStack使用三种API端点变种代表每种服务：admin、internal、public**

openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

**安装glance软件包**

yum install openstack-glance -y

**编辑glance配置文件 /etc/glance/glance-api.conf**

cp -a /etc/glance/glance-api.conf{,.bak}
grep -Ev ‘^$|#’ /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

**编辑镜像服务的另一个组件文件 /etc/glance/glance-registry.conf**

cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev ‘^$|#’ /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf

openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

**同步写入镜像数据库**

su -s /bin/sh -c “glance-manage db_sync” glance

**启动glance服务并设置开机自启**

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
lsof -i:9292

**赋予openstack-glance-api.service服务对存储设备的可写权限**

chown -hR glance:glance /var/lib/glance/

**下载cirros镜像验证glance服务**

wget -c http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-x86_64-disk.img

**上传镜像**

#这里不要使用官方文档里面的glance image-create这样的写法，新版本的OpenStack已经不支持，尽量统一使用以openstack开头的命令写法
openstack image create --file ~/cirros-0.5.1-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros

**查看镜像**

openstack image list
glance image-list

#查看镜像的物理文件
ll /var/lib/glance/images/

##删除镜像的命令
openstack image delete

================================================


## 6. placement


**安装placement放置服务**  
 https://docs.openstack.org/placement/train/install/install-rdo.html  
 https://docs.openstack.org/placement/train/install/


**创建placement数据库**

mysql -uroot
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO ‘placement’@‘localhost’ IDENTIFIED BY ‘PLACEMENT_DBPASS’;
GRANT ALL PRIVILEGES ON placement.* TO ‘placement’@‘%’ IDENTIFIED BY ‘PLACEMENT_DBPASS’;
flush privileges;

**创建placement用户**

openstack user create --domain default --password PLACEMENT_PASS placement

**将Placement用户添加到服务项目中**

openstack role add --project service --user placement admin

**创建placement API服务实体**

openstack service create --name placement --description “Placement API” placement

**创建placement API服务访问端点**

openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

**安装placement软件包**

yum install openstack-placement-api -y

**修改配置文件/etc/placement/placement.conf**

cp /etc/placement/placement.conf /etc/placement/placement.conf.bak
grep -Ev ‘^$|#’ /etc/placement/placement.conf.bak > /etc/placement/placement.conf

openstack-config --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

openstack-config --set /etc/placement/placement.conf api auth_strategy keystone

openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/placement/placement.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_type password
openstack-config --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/placement/placement.conf keystone_authtoken project_name service
openstack-config --set /etc/placement/placement.conf keystone_authtoken username placement
openstack-config --set /etc/placement/placement.conf keystone_authtoken password PLACEMENT_PASS

**填充placement数据库**

su -s /bin/sh -c “placement-manage db sync” placement
mysql placement -e ‘show tables’

**修改placement的apache配置文件，官方文档没有提到，如果不修改，计算服务检查时将会报错**

#启用placement API访问
[root@controller ~]# vim /etc/httpd/conf.d/00-placement-api.conf
…
15 #SSLCertificateKeyFile
#SSLCertificateKeyFile …
<Directory /usr/bin>
= 2.4>
Require all granted

<IfVersion < 2.4>
Order allow,deny
Allow from all


…

#重启apache服务
systemctl restart httpd.service
netstat -lntup|grep 8778
lsof -i:8778

#curl地址看是否能返回json
curl http://controller:8778

**验证检查健康状态**

placement-status upgrade check

==================================================


## 7. nova


**nova计算服务需要在 控制节点 和 计算节点 都安装**  
 https://docs.openstack.org/nova/train/install/


**控制节点主要安装**


​ nova-api（nova主服务）  
 ​ nova-scheduler（nova调度服务）  
 ​ nova-conductor（nova数据库服务，提供数据库访问）  
 ​ nova-novncproxy（nova的vnc服务，提供实例的控制台）


**计算节点主要安装**  
 nova-compute（nova计算服务）


### 7.1 安装nova计算服务（controller控制节点192.168.0.10）


**创建nova\_api，nova和nova\_cell0数据库并授权**

mysql -uroot
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;

GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘%’ IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘%’ IDENTIFIED BY ‘NOVA_DBPASS’;

GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘localhost’ IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘%’ IDENTIFIED BY ‘NOVA_DBPASS’;
flush privileges;

**创建nova用户**

openstack user create --domain default --password NOVA_PASS nova

**向nova用户添加admin角色**

openstack role add --project service --user nova admin

**创建nova服务实体**

openstack service create --name nova --description “OpenStack Compute” compute

**创建Compute API服务端点**

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

**安装nova软件包**

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

**编辑nova服务的配置文件/etc/nova/nova.conf**

cp -a /etc/nova/nova.conf{,.bak}
grep -Ev ‘^$|#’ /etc/nova/nova.conf.bak > /etc/nova/nova.conf

openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata<