0. Prepare
添加hosts(本处为单节点)
# echo "114.118.28.118 controller" >>/etc/hosts
# hostnamectl set-hostname --static controller
ntp时间同步
# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# yum install -y chrony
# systemctl start chronyd
# systemctl enable chronyd
安装openstack对应版本的yum源
# yum install -y yum-utils centos-release-openstack-stein
# sed -i "s/mirror.centos.org/mirrors.163.com/g" /etc/yum.repos.d/*.repo
# yum makecache fast
# yum install -y openstack-utils python2-openstackclient
系统优化
# systemctl stop firewalld && systemctl disable firewalld
# systemctl start iptables && systemctl enable iptables
# systemctl disable NetworkManager && systemctl stop NetworkManager
# iptables -F && service iptables save
# 关闭selinux
# sed -i "s/^SELINUX=enforcing$/SELINUX=disabled/g" /etc/selinux/config
# 设置文件句柄
# sed -i "s/^#DefaultLimitNPROC=$/DefaultLimitNPROC=102400/g" /etc/systemd/system.conf
# sed -i "s/^#DefaultLimitNOFILE=$/DefaultLimitNOFILE=102400/g" /etc/systemd/system.conf
# sed -i "s/4096/102400/g" /etc/security/limits.d/20-nproc.conf
# echo "* soft nofile 102400">>/etc/security/limits.conf
# echo "* hard nofile 102400" >>/etc/security/limits.conf
# echo "* soft nproc 102400" >>/etc/security/limits.conf
# echo "* hard nproc 102400" >>/etc/security/limits.conf
1. MariaDB
安装软件包
# yum install -y mariadb mariadb-server python2-PyMySQL
修改配置文件 /etc/my.cnf
[mysqld]
bind-address = 114.118.28.117
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 40960
collation-server = utf8_general_ci
character-set-server = utf8
启动服务
# systemctl enable mariadb
# systemctl start mariadb
初始化数据库
# mysql_secure_installation
2. Memcached
安装软件包
# yum install -y memcached python-memcached
修改配置文件/etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
启动服务
# systemctl enable memcached
# systemctl start memcached
3. RabbitMQ
安装软件包
# yum install -y rabbitmq-server
启动服务
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
创建用户与配置权限
# rabbitmqctl add_user openstack openstack
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
启用rannbitmq的webgui界面管理功能
# rabbitmq-plugins enable rabbitmq_management
# rabbitmqctl set_user_tags openstack administrator
# rabbitmqctl delete_user guest
4. Keystone认证
创建数据库
# mysql -uroot -popenstack
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> flush privileges;
安装软件包
# yum install -y openstack-keystone httpd mod_wsgi
修改配置文件/etc/keystone/keystone.conf
[database]
# ...
connection = mysql+pymysql://keystone:openstack@controller/keystone
[token]
# ...
provider = fernet
[cache]
# ...
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = controller:11211
数据库同步
# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化 Fernet key
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置认证信息
# keystone-manage bootstrap --bootstrap-password openstack \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置http启动服务
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动服务
# systemctl enable httpd
# systemctl start httpd
配置认证信息keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='openstack'
export OS_AUTH_URL=http://controller:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
创建openstack服务project
# . keystonerc_admin
# openstack project create --domain default \
--description "Service Project" service
5. Glance镜像
创建数据库
# mysql -uroot
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'openstack';
加载admin认证keystonerc_admin
# . /root/keystonerc_admin
创建用户,授权,service以及endpoint
# openstack user create --domain default --password openstack glance
# openstack role add --project service --user glance admin
# openstack service create --name glance \
--description "OpenStack Image" image
# openstack endpoint create --region RegionOne \
image public http://controller:9292