一、准备工作
1.1 物理机(centos7系统)
干净的物理机一台,网卡两个,硬盘两个。
网卡一设置为管理网络:
ip:172.16.4.185
vi /etc/sysconfig/network-scripts/ifcfg-enp2s0
HWADDR=40:8d:5c:1b:31:6e
NETBOOT=yes
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp2s0
UUID=99182195-f56c-4c8d-b50b-b7a678918c69
DEVICE=enp2s0
ONBOOT=yes
IPADDR=172.16.4.185
NETMASK=255.255.0.0
GATEWAY=172.16.1.1
网卡二设置为提供商网络:
ip:192.168.8.8
vi /etc/sysconfig/network-scripts/ifcfg-enp3s0
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=enp3s0
UUID=f5d5c1e1-3bae-4354-913b-2c4dc5fba5f1
DEVICE=enp3s0
ONBOOT=yes
IPADDR=192.168.8.8
NETMASK=255.255.255.0
重启网卡使网卡配置生效
systemctl restart network
编辑host文件
vi /etc/hosts
#controller
172.16.4.185 controller compute1
测试网络是否联通
controller网络
ping -c 4 openstack.org
compute1网络
ping -c 4 compute1
网络时间设置
yum install chrony
systemctl enable chronyd.service
systemctl start chronyd.service
二、开始安装
2.1 openstack rpm库
yum install centos-release-openstack-ocata
yum upgrade
2.2 openstack客户端
yum install python-openstackclient
yum install openstack-selinux
2.3 mysql数据库安装
yum install mariadb mariadb-server python2-PyMySQL
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
设置密码
systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation
set password for 'root'@'localhost' =password('123qwe');
2.4 消息队列
yum -y install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack 123qwe
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
2.5 安装缓存令牌Memcached
yum install memcached python-memcached
vi /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
systemctl enable memcached.service
systemctl start memcached.service
三、身份验证模块
3.1 创建keystone数据库
授予对keystone数据库的正确访问权限
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123qwe';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'
IDENTIFIED BY '123qwe';
3.2 本指南使用Apache HTTP服务器mod_wsgi在端口5000和35357上提供身份服务请求。
yum install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
编辑/etc/keystone/keystone.conf
vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123qwe@controller/keystone
[token]
provider = fernet
填充身份服务数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet密钥存储库
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导身份服务
# keystone-manage bootstrap --bootstrap-password 123qwe \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
3.3 配置Apache HTTP服务器
# vi /etc/httpd/conf/httpd.conf
ServerName controller
创建一个指向该/usr/share/keystone/wsgi-keystone.conf文件的链接
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3.4 完成安装
# systemctl enable httpd.service
# systemctl start httpd.service
# vi /home/admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=123qwe
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
3.5 创建域,项目,用户和角色
引入环境变量
创建service 项目
创建demo项目和用户
创建demo用户
创建user角色:
将user角色添加到demo项目和用户
source /home/admin-openrc.sh
openstack project create --domain default \
--description "Service Project" service
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
3.6验证操作
禁用临时身份验证令牌机制
编辑/etc/keystone/keystone-paste.ini 文件并从 [pipeline:public_api],[pipeline:admin_api]和[pipeline:api_v3]段删除admin_token_auth。
取消设置临时OS_AUTH_URL和OS_PASSWORD 环境变量。
$ unset OS_AUTH_URL OS_PASSWORD
作为admin用户,请求身份验证令牌:
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
作为demo用户,请求身份验证令牌:
$ openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
3.7 创建OpenStack客户端环境脚本
创建admin环境脚本
vi /home/admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
创建demo环境脚本
vi /home/demo-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
引入环境脚本并验证
source /home/admin-openrc.sh
openstack token issue