参考官网:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/environment.html
实验环境:
控制节点:controller:192.168.43.11, 2CPU,4GB内存,20GB 存储(最少5G)
计算节点: compute: 172.25.1.2 ,2 CPU, 2GB内存, 20GB 存储(最少10G)
1.openstack部署
1.1 环境搭建
1.控制节点服务器主机网络
[root@server1 ~]# cd /boot/grub2/
[root@server1 grub2]# ls
device.map fonts grub.cfg grubenv i386-pc locale
[root@server1 grub2]# vim grub.cfg
inux16 /vmlinuz-3.10.0-957.el7.x86_64 root=UUID=8d5190d9-d50b-49f4-a64e-7a985e53dc81 ro crashkernel=auto rhgb quiet LANG=en_US.UTF-8 net.ifnames=0
提供者网络接口使用一个特殊的配置,不分配给它IP地址。配置第二块网卡作为提供者网络:
将其中的 INTERFACE_NAME替换为实际的接口名称。
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
BOOTPROTO=none
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.43.11
GATEWAY=192.168.43.1
NETMASK=255.255.255.0
DNS1=114.114.114.114
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.1.250 foundation1.ilt.example.com
192.168.43.11 controller
192.168.43.12 computer1
192.168.43.13 block1
2.网络时间协议(NTP)
设置所有节点的时间与宿主机同步
[root@controller ~]#vim /etc/chrony.conf
宿主机设置虚拟机时间同步
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server ntp1.aliyun.com iburst
# Allow NTP client access from local network.
allow 172.25/16
在controller中
[root@controller ~]#yum install chrony -y
[root@controller ~]#vim /etc/chrony.conf
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 192.168.43.10 iburst
systemctl enable chronyd.service --now
chronyc sources -v
3.安装OpenStack包
[root@controller ~]#yum upgrade
在主机上升级包
[root@controller ~]#yum install python-openstackclient
安装 OpenStack 客户端
4.安装SQL数据库
[root@controller ~]#yum install mariadb mariadb-server python2-PyMySQL
安装软件包
[root@controller ~]#vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.1.1 ###设置 ``bind-address``值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库
default-storage-engine = innodb ###设置如下键值来启用一起有用的选项和 UTF-8 字符集
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]#systemctl enable mariadb.service --now
启动数据库服务,并将其配置为开机自启
[root@controller ~]#mysql_secure_installation
初始化数据库
5.消息队列
[root@controller ~]# yum install rabbitmq-server
安装包
[root@controller ~]# systemctl enable rabbitmq-server.service --now
启动消息队列服务并将其配置为随系统启动
[root@controller ~]# rabbitmqctl add_user openstack openstack
添加 openstack 用户及免密
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
给“openstack”用户配置写和读权限
6.Memcached
[root@controller ~]# yum install memcached python-memcached
安装软件包
[root@controller ~]# vim /etc/sysconfig/memcached
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1" ##禁用
[root@controller ~]# systemctl enable memcached.service --now
[root@controller ~]# systemctl enable memcached.service --now
启动Memcached服务,并且配置它随机启动
1.2 认证服务
1.配置组件
keystone提供授权管理和服务目录。
[root@controller ~]# mysql -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> ^DBye
[root@controller ~]# mysql -u keystone -p keystone
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 13
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [keystone]> ^DBye
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi
安装包
[root@controller ~]# openssl rand -hex 10
生成一个随机值在初始的配置中作为管理员的令牌
[root@controller ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化身份认证服务的数据库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
初始化Fernet keys
2.配置 Apache HTTP 服务器
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller ##配置``ServerName`` 选项为控制节点
创建文件
[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[root@controller ~]# systemctl enable httpd.service --now
3.创建服务实体和API端点
为身份认证服务创建的临时身份验证令牌用来初始化的服务实体和API端点
[root@controller ~]# export OS_TOKEN=ADMIN_TOKEN
配置认证令牌
[root@controller ~]# export OS_URL&#