Openstack环境搭建配置:
3台linux的机器。选用的是ubutun的64位的系统。配置IP地址,修改主机名。
• controller Node:1 processor, 3 GB memory, and 50 GB storage
• computer Node: 1 processor, 3 GB memory, and 50 GB storage
• network Node: 1 processor, 3 GB memory, and 50 GB storage
IP地址:
controller:10.17.x.x1
computer:10.17.x.x2
network:10.17.x.x3
一、安装准备
1安装vim编辑器(若使用gedit编辑,此步可省略):
#apt-get install vim;
2 修改本机名称
#vim /etc/hostname
controller
3 配置本机网络
# vim /etc/hosts
本机IP controller
计算节点IP 计算节点名称
网络节点IP 网络节点名称
# vim /etc/network/interfaces
#The primary network interface
auto eth0
iface eth0 inet static
address 10.17.x.x1 (以本机IP:10.17.x.x1为例)
netmask 255.255.0.0
network 10.17.0.0
broadcast 10.17.255.255
gateway 10.17.xxx.xxx
dns-nameservers 10.0.xxx.xxx(可选)
4 源包升级:
apt-get update
5 重启计算机,使改动生效
二、安装服务
1 安装ntp服务
#apt-get install ntp
2 安装MySQL
#apt-get install python-mysqldb mysql-server (此处需为MySQL设定密码)
修改Mysql配置
#vi /etc/mysql/my.cnf
[mysqld]
…
#bind-address = 127.0.0.1 (使用#屏蔽bind-address)
…
[mysqld]
...
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
重启mysql服务
#service mysql restart
删除mysql自行创建的anonymous用户,命令执行后会出现一些选项,除了修改mysql密码的选项输入no以外,其他全部输入yes即可。
# mysql_secure_installation
若上条命令执行出错,则执行下面的命令(若不出错,则以下两条命令无需执行):
#mysql_install_db
# mysql_secure_installation
3 安装RabbitMQ
# apt-get install rabbitmq-server
为guest用户修改密码,其中1234为自己指定的密码
# rabbitmqctl change_password guest 1234
4 安装keystone 服务
# apt-get install keystone
修改keystone配置,其中1234为自己指定的keystone数据库的密码。
# vi /etc/keystone/keystone.conf
...
[database]
# The SQLAlchemy connection string used toconnect to the database
connection = mysql://keystone: 1234@controller/keystone
...
删除ubuntu创建的SQLite数据库,以免误用
# rm /var/lib/keystone/keystone.db
在数据库中创建keystone数据用户,其中1234为keystone数据库密码
# mysql -u root –p (此处需输入之前为MySQL设置的密码)
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '1234';
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'%' \
IDENTIFIED BY '1234';
mysql> exit;
为Identity Service创建数据表
# su -s /bin/sh -c "keystone-managedb_sync" keystone
修改keystone配置
# vi /etc/keystone/keystone.conf
[DEFAULT]
# A "shared secret" betweenkeystone and other openstack services
admin_token = ADMIN_TOKEN
logdir = /var/log/keystone
...
重启keystone服务
# service keystone restart
5 创建用户、租户和角色
设置环境变量:
# export OS_SERVICE_TOKEN=ADMIN_TOKEN
# exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
创建admin用户,其中admin为admin用户的密码
#keystoneuser-create --name=admin --pass=admin --email=admin@controller.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | admin@controller.com |
| enabled | True |
| id |5df9525600bf46e4ab1bc1baa95de3da |
| name | admin |
| username | admin |
+----------+----------------------------------+
创建admin角色
# keystone role-create --name=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| id |1a10b624d02b45c9afd94fd4b5be3cc5 |
| name | admin |
+----------+----------------------------------+
创建admin租户
# keystone tenant-create --name=admin--description="Admin Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Admin Tenant |
| enabled | True |
| id |a11688df95f94e87b85ff985d728a39b |
| name | admin |
+-------------+----------------------------------+
将admin用户、admin角色、admin租户绑定
# keystone user-role-add --user=admin--tenant=admin --role=admin
将admin用户、_member_角色、admin租户绑定
(_member角色为IdentityService服务自动创建)
# keystone user-role-add --user=admin--role=_member_ --tenant=admin
创建普通用户demo,其中demo为demo用户密码
# keystone user-create --name=demo --pass=demo--email=demo@controller.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | |
| enabled | True |
| id |1b21c51c6ad84ca0a33ec92f18f797b6 |
| name | demo |
| username | demo |
+----------+----------------------------------+
创建demo租户
# keystone tenant-create --name=demo--description="Demo Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Demo Tenant |
| enabled | True |
| id |4ab2bcfdf0c44dbcbafb1aa730d955e6 |
| name | demo |
+-------------+----------------------------------+
将demo用户、_member_角色、demo租户绑定
# keystone user-role-add --user=demo--role=_member_ --tenant=demo
创建service租户
# keystone tenant-create --name=service--description="Service Tenant"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | Service Tenant |
| enabled | True |
| id |cd4af72da9b34f62a976a6de7dd4a0ce |
| name | service |
+-------------+----------------------------------+
6 定义service和API endpoints
创建keystone服务
# keystone service-create --name=keystone--type=identity --description="OpenStack Identity"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id |45a222fdee304517ba3e1195cc8e7d33 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
添加keystone服务对应的服务端点
# keystone endpoint-create \
--service-id=$(keystone service-list | awk '/identity / {print $2}') \
--publicurl=http://controller:5000/v2.0 \
--internalurl=http://controller:5000/v2.0 \
--adminurl=http://controller:35357/v2.0
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://controller:35357/v2.0 |
| id |671d46d298c14b94aec5994386a86164 |
| internalurl | http://controller:5000/v2.0 |
| publicurl | http://controller:5000/v2.0 |
| region | regionOne |
| service_id | 45a222fdee304517ba3e1195cc8e7d33 |
+-------------+----------------------------------+
清除环境变量
# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
验证服务正常运行,其中admin为之前为admin用户设定的密码
# keystone --os-username=admin--os-password=admin\
--os-auth-url=http://controller:35357/v2.0 token-get
# keystone --os-username=admin--os-password=admin\
--os-tenant-name=admin--os-auth-url=http://controller:35357/v2.0 token-get
设置环境变量文件,以便之后引用
# vi /opt/admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
exportOS_AUTH_URL=http://controller:35357/v2.0
# vi /opt/demo-openrc.sh
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_TENANT_NAME=demo
exportOS_AUTH_URL=http://controller:35357/v2.0
验证服务
#keystone user-list
+----------------------------------+---------+---------+----------------------+
| id | name | enabled | email |
+----------------------------------+----------+---------+----------------------+
|5df9525600bf46e4ab1bc1baa95de3da | admin | True | admin@controller.com |
|1b21c51c6ad84ca0a33ec92f18f797b6 | demo | True | |
+----------------------------------+-------+---------+----------------------+
#keystone user-role-list --user admin --tenant admin
+----------------------------------+----------+----------------------------------+----------------------------------+
| id | name | user_id | tenant_id |
+----------------------------------+----------+----------------------------------+----------------------------------+
| 9fe2ff9ee4384b1894a90878d3e92bab| _member_ | 5df9525600bf46e4ab1bc1baa95de3da |a11688df95f94e87b85ff985d728a39b |
| 7a13a86f97724c939d19761fe13b6c63| admin | 5df9525600bf46e4ab1bc1baa95de3da | a11688df95f94e87b85ff985d728a39b |
+----------------------------------+----------+----------------------------------+----------------------------------+
以上各项如果正常均返回相应表格
7 配置镜像服务
安装镜像服务
# apt-get install glance python-glanceclient
编辑配置文件,其中glance为glance服务的密码
# vi /etc/glance/glance-api.conf
...
[database]
connection= mysql://glance:glance@controller/glance
# vi/etc/glance/glance-registry.conf
...
[database]
connection= mysql://glance:glance@controller/glance
删除ubuntu创建的SQLite数据库,以免误用
# rm /var/lib/glance/glance.sqlite
在数据库中创建glance数据用户,其中glance为glance数据库密码
# mysql –u root-p (此处需输入之前为MySQL设置的密码)
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.*TO 'glance'@'localhost' \
IDENTIFIED BY 'glance';
mysql> GRANT ALL PRIVILEGES ON glance.*TO 'glance'@'%' \
IDENTIFIEDBY 'glance';
mysql>exit;
为glance创建数据表
# su -s /bin/sh -c "glance-managedb_sync" glance
引用环境变量
#source /opt/admin-openrc.sh
使用keystone服务创建glance用户,其中glance为glance用户密码
# keystone user-create --name=glance--pass=glance \
--email=glance@controller.com
将glance用户、admin角色、service租户绑定
# keystone user-role-add --user=glance --tenant=service --role=admin
编辑配置文件
#vi /etc/glance/glance-api.conf
[keystone_authtoken]
auth_uri= http://controller:5000
auth_host= controller
auth_port= 35357
auth_protocol= http
admin_tenant_name= service
admin_user= glance
admin_password= glance
…
[paste_deploy]
...
flavor= keystone
#vi /etc/glance/glance-registry.conf
[keystone_authtoken]
auth_uri= http://controller:5000
auth_host= controller
auth_port= 35357
auth_protocol= http
admin_tenant_name= service
admin_user= glance
admin_password= glance
…
[paste_deploy]
...
flavor= keystone
创建glance服务
# keystone service-create --name=glance--type=image --description="OpenStack Image Service"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
|description | OpenStack ImageService |
| enabled | True |
| id | a9cb755e738544b49dd5e8d274c83c73 |
| name | glance |
| type | image |
+-------------+----------------------------------+
添加glance服务对应的服务端点
#keystone endpoint-create \
--service-id=$(keystoneservice-list | awk '/ image / {print $2}') \
--publicurl=http://controller:9292\
--internalurl=http://controller:9292\
--adminurl=http://controller:9292
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| adminurl | http://controller:9292 |
| id |cdf0190727be4a36b8cb026acb984ab0 |
| internalurl | http://controller:9292 |
| publicurl | http://controller:9292 |
| region | regionOne |
| service_id | a9cb755e738544b49dd5e8d274c83c73 |
+-------------+----------------------------------+
重启glance服务
#service glance-registry restart
#service glance-api restart
验证下载镜像
# mkdir /tmp/images
# cd /tmp/images/
# wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-Azure-1710.qcow2
验证上传镜像
# source /opt/admin-openrc.sh
# glance image-create --name "centos"--disk-format qcow2 --container-formatbare --is-public True --progress <CentOS-7-x86_64-Azure-1710.qcow2
镜像下载地址
CentOS6:http://cloud.centos.org/centos/6/images/
CentOS7:http://cloud.centos.org/centos/7/images/
Ubuntu14.04:http://cloud-images.ubuntu.com/trusty/current/
Ubuntu16.04:http://cloud-images.ubuntu.com/xenial/current/
查看镜像列表
# glance image-list
8 配置计算服务
安装计算服务
# apt-get install nova-api nova-cert nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler python-novaclient
编辑配置文件
# vi /etc/nova/nova.conf
[database]
connection = mysql://nova:nova@controller/nova
[DEFAULT]
...
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = 1234
my_ip =本机IP
vncserver_listen =本机IP
vncserver_proxyclient_address =本机IP
删除ubuntu创建的SQLite数据库,以免误用
# rm /var/lib/nova/nova.sqlite
在数据库中创建nova数据用户,其中nova为nova数据库密码
#mysql –u root-p (此处需输入之前为MySQL设置的密码)
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO'nova'@'localhost' \
IDENTIFIED BY 'nova';
mysql> GRANT ALL PRIVILEGES ON nova.* TO'nova'@'%' \
IDENTIFIED BY 'nova';
mysql>exit;
为nova创建数据表
# su -s /bin/sh -c "nova-manage dbsync" nova
使用keystone服务创建nova用户,其中nova为nova用户密码
#keystone user-create --name=nova--pass=nova --email=nova@controller.com
将nova用户、admin角色、service租户绑定
# keystone user-role-add --user=nova--tenant=service --role=admin
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | nova@controller.com |
| enabled | True |
| id |4318c958d39940f8b0dfac73d938b54d |
| name | nova |
| username | nova |
+----------+----------------------------------+
编辑配置文件
#vi /etc/nova/nova.conf
[DEFAULT]
...
auth_strategy= keystone
[keystone_authtoken]
...
auth_uri= http://controller:5000
auth_host= controller
auth_port= 35357
auth_protocol= http
admin_tenant_name= service
admin_user= nova
admin_password= nova
创建nova服务
#keystone service-create --name=nova--type=compute --description="OpenStack Compute"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id |3f6530ee7f1c483db701dcaf82363885 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
将nova用户、admin角色、service租户绑定
# keystone user-role-add --user=nova--tenant=service --role=admin
添加nova服务对应的服务端点
# keystone endpoint-create \
--service-id=$(keystone service-list | awk'/ compute / {print $2}') \
--publicurl=http://controller:8774/v2/%\(tenant_id\)s\
--internalurl=http://controller:8774/v2/%\(tenant_id\)s\
--adminurl=http://controller:8774/v2/%\(tenant_id\)s
+-------------+-----------------------------------------+
| Property | Value |
+-------------+-----------------------------------------+
| adminurl |http://controller:8774/v2/%(tenant_id)s |
| id | 6fccfc21205a418ea235a93ed07a1027 |
| internalurl |http://controller:8774/v2/%(tenant_id)s |
| publicurl | http://controller:8774/v2/%(tenant_id)s |
| region | regionOne |
| service_id | 3f6530ee7f1c483db701dcaf82363885 |
+-------------+-----------------------------------------+
重启nova服务
# service nova-api restart
# service nova-cert restart
# service nova-consoleauth restart
# service nova-scheduler restart
# service nova-conductor restart
# service nova-novncproxy restart
验证nova服务,运行正常返回对应表格
# nova image-list
9 配置网络服务
在数据库中创建neutron数据用户,其中neutron为neutron数据库密码
#mysql –u root-p (此处需输入之前为MySQL设置的密码)
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.*TO 'neutron'@'localhost' \
IDENTIFIED BY 'neutron';
mysql> GRANT ALL PRIVILEGES ON neutron.*TO 'neutron'@'%' \
IDENTIFIED BY 'neutron';
mysql>exit;
使用keystone服务创建neutron用户,其中neutron为neutron用户密码
# keystone user-create --name neutron--pass neutron --email neutron@controller.com
+----------+----------------------------------+
| Property | Value |
+----------+----------------------------------+
| email | neutron@controller.com |
| enabled | True |
| id |7a9c28c1f76c4658b7a1b8f05e50b152 |
| name | neutron |
| username | neutron |
+----------+----------------------------------+
将neutron用户、admin角色、service租户绑定
# keystone user-role-add --user neutron--tenant service --role admin
创建neutron服务
# keystone service-create --name neutron--type network --description "OpenStack Networking"
+-------------+----------------------------------+
| Property | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id |2940618c1643478885d3631588cf47a5 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
添加neutron服务对应的服务端点
# keystone endpoint-create --service-id$(keystone service-list | awk '/ network / {print $2}') \
--publicurl http://controller:9696 \
--adminurl http://controller:9696 \
--internalurl http://controller:9696
安装网络组件
# apt-get install neutron-server neutron-plugin-ml2
编辑配置文件,其中 [DEFAULT]字段的SERVICE_TENANT_ID需执行
# source admin-openrc.sh
# keystone tenant-get service
命令获得其中的id (cd4af72da9b34f62a976a6de7dd4a0ce)
#vi /etc/neutron/neutron.conf
[database]
...
connection =mysql://neutron:123456wp@controller/neutron
[DEFAULT]
...
auth_strategy = keystone
rpc_backend =neutron.openstack.common.rpc.impl_kombu
rabbit_host = controller
rabbit_password = 1234
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_username = nova
nova_admin_tenant_id = SERVICE_TENANT_ID
nova_admin_password = nova
nova_admin_auth_url =http://controller:35357/v2.0
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_host = controller
auth_protocol = http
auth_port = 35357
admin_tenant_name = service
admin_user = neutron
admin_password = neutron
#vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
...
tunnel_id_ranges = 1:1000
[securitygroup]
...
firewall_driver =neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True
修改nova配置来使用网络
# vi /etc/nova/nova.conf
[DEFAULT]
...
network_api_class =nova.network.neutronv2.api.API
neutron_url = http://controller:9696
neutron_auth_strategy = keystone
neutron_admin_tenant_name = service
neutron_admin_username = neutron
neutron_admin_password = neutron
neutron_admin_auth_url =http://controller:35357/v2.0
linuxnet_interface_driver =nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver =nova.virt.firewall.NoopFirewallDriver
security_group_api = neutron
重启nova服务
# service nova-api restart
# service nova-scheduler restart
# service nova-conductor restart
# service neutron-server restart
# source /opt/admin-openrc.sh
10. 创建租户网络
引用环境变量
# source /opt/demo-openrc.sh
创建网络
# neutron net-create demo-net
创建demo子网
# neutron subnet-create demo-net --namedemo-subnet \
--gateway 192.168.0.1 192.168.0.0/24
创建demo路由
# neutron router-create demo-router
将demo路由与demo子网绑定
# neutron router-interface-add demo-routerdemo-subnet
11 创建管理面板
安装管理面板
# apt-get install apache2 memcached libapache2-mod-wsgi openstack-dashboard
删除面板自带的主题包
# apt-get remove --purge openstack-dashboard-ubuntu-theme
编辑配置文件
# vi/etc/openstack-dashboard/local_settings.py
…
CACHES = {
'default': {
'BACKEND' :'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '本机IP:11211'
}
}
…
# vi /etc/memcached.conf
…
-l 本机IP
…
# vi/etc/openstack-dashboard/local_settings.py
…
ALLOWED_HOSTS = ['controller','my-desktop']
…
OPENSTACK_HOST = "controller"
重启服务
# service apache2 restart
# service memcached restart
至此,可在控制端浏览器中输入http://controller/horizon来访问控制面板
账号:admin
密码:admin
或者:
账号:demo
密码:demo