版本centos7.2 openstack版本newton
使用两个节点controller与computer
ip地址为192.168.109.7与192.168.109.6
1.准备工作
关闭防火墙
# systemctl stop firewalld.service
# systemctl disable firewalld.service
关闭selinux
#vi /etc/selinux/config
将SELINUX改为disabled
/usr/sbin/sestatus -v 重启后查看状态
安装常用命令
# yum install net-tools wget vim ntpdate bash-completion -y
添加源
#cd /etc/yum.repos.d
#rm -rf *
# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
更改hostname
#hostnamectl set-hostname controller
配置hosts
#vim /etc/hosts
192.168.109.7 controller
NTP同步时间
#ntpdate cn.pool.ntp.org
#date 查看时间
2.安装mariadb
安装数据库
# yum install mariadb mariadb-server python2-PyMySQL
创建并编辑配置mariadb
#vim /etc/my.cnf.d/mariadb-openstack.cnf
在[mysqld]区块添加如下内容
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
bind-address=192.168.109.7
启动数据库并设置开机启动
#systemctl enable mariadb.service
#systemctl restart mariadb.service
#systemctl status mariadb.service
#systemctl list-unit-files | grep mariadb.service
设置密码
mysql_secure_installation
3.安装RabbitMQ
每个节点都安装erlang
#yum install -y erlang
每个节点安装RabbitMQ
#yum install -y rabbitmq-server
每个节点都启动rabbitmq并设置开机启动
#systemctl enable rabbitmq-server.service
#systemctl restart rabbitmq-server.service
#systemctl status rabbitmq-server.service
#systemctl list-unit-files | grep rabbitmq-server.service
创建openstack
#rabbitmqctl add_user openstack bgops098
赋予权限
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
# rabbitmqctl set_user_tags openstack administrator
# rabbitmqctl list_users
查看端口是否是5672
#netstat -ntlp | grep 5672
查看rabbitmq插件
# /usr/lib/rabbitmq/bin/rabbitmq-plugins list
打开相关插件
# /usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent
重启服务
#systemctl restart rabbitmq-server
查看状态 端口号15672 默认密码guest/guest 也可以用openstack/bgops098
(相关命令,非必须)创建用户
# rabbitmqctl add_user mqadmin mqadmin
# rabbitmqctl set_user_tags mqadmin administrator
# rabbitmqctl set_permissions -p / mqadmin ".*" ".*" ".*"
更改密码
# rabbitmqctl change_password guest bgops098
3.安装keystone
配置源
cd /etc/yum.repos.d
vim openstack.repo
添加
[openstack]
name=newton
baseurl= http://mirror.centos.org/centos/7/cloud/x86_64/openstack-newton/
enabled=1
gpgcheck=0
创建keystone数据库
#mysql -u root -p
# CREATE DATABASE keystone;
创建用户赋予权限
#GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'bgops098';
# GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'bgops098';
安装keystone和memcached
# yum -y install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached openstack-utils
启动memcached
# systemctl enable memcached.service
# systemctl restart memcached.service
# systemctl status memcached.service
配置/etc/keystone/keystone.conf文件
# openssl rand -hex 10 首先需要先产生一个随机数,用作初始配置时的管理员令牌
# ADMIN_TOKEN=929c32c35c315b694536 这个字符串就是上面openssl随机生成的
# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
# >/etc/keystone/keystone.conf
# openstack-config --set /etc/keystone/keystone.conf DEFAULT debug false
# openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose true
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token 929c32c35c315b694536
# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_endpoint http://controller:35357
# openstack-config --set /etc/keystone/keystone.conf DEFAULT public_endpoint http://controller:5000
# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:bgops098@controller/keystone
# openstack-config --set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_host controller
# openstack-config --set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_port 5672
# openstack-config --set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_userid openstack
# openstack-config --set /etc/keystone/keystone.conf oslo_messaging_rabbit rabbit_password bgops098
# openstack-config --set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
# openstack-config --set /etc/keystone/keystone.conf cache enabled true
# openstack-config --set /etc/keystone/keystone.conf cache memcache_servers controller:11211
# openstack-config --set /etc/keystone/keystone.conf memcache servers controller:11211
# openstack-config --set /etc/keystone/keystone.conf token expiration 3600
# openstack-config --set /etc/keystone/keystone.conf token provider fernet
配置httpd.conf和memcached
# sed -i "s/#ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf
# sed -i 's/OPTIONS*.*/OPTIONS="-l 127.0.0.1,::1,192.168.109.7"/' /etc/sysconfig/memcached
配置keystone
创建文件
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost>
数据库同步
# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动httpd
systemctl enable httpd.service
systemctl restart httpd.service
systemctl status httpd.service
systemctl list-unit-files | grep httpd.service
创建admin用户
# keystone-manage bootstrap \
--bootstrap-password bgops098 \
--bootstrap-username admin \
--bootstrap-project-name admin \
--bootstrap-role-name admin \
--bootstrap-service-name keystone \
--bootstrap-region-id RegionOne \
--bootstrap-admin-url http://controller:35357/v3 \
--bootstrap-internal-url http://controller:35357/v3 \
--bootstrap-public-url http://controller:5000/v3
验证
# openstack project list --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url http://controller:5000 --os-password bgops098
创建admin用户环境变量
# vim /root/admin-openrc
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_DOMAIN_ID=default
export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_PASSWORD=bgops098
export OS_IDENTITY_API_VERSION=3
export OS_AUTH_URL=http://controller:35357/v3
创建service项目
# source /root/admin-openrc
# openstack project create --domain default --description "Service Project" service
创建demo项目
# openstack project create --domain default --description "Demo Project" demo
创建demo用户
# openstack user create --domain default demo --password bgops098
创建user角色将demo用户赋予user角色
# openstack role create user
# openstack role add --project demo --user demo user
验证
# unset OS_TOKEN OS_URL
# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue --os-password bgops098
# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue --os-password bgops098
4.安装glance
创建glance数据库
# CREATE DATABASE glance;