OpenStack实战安装部署教程，OpenStack安装教程

OpenStack安装部署

一、基础准备工作

部署环境：CentOS 7 64

1、关闭本地iptables防火墙并设置开机不自启动

# systemctl stop firewalld.service# systemctl disable firewalld.service

• 1.

2、关闭本地selinux防火墙

# vim /etc/sysconfig/selinux SELINUX=disabled# setenforce 0

• 1.

3、设置主机计算机名称

# hostnamectl set-hostname controller

• 1.

4、本地主机名称和ip的解析

# vim /etc/hosts192.168.0.104 controller

• 1.

5、安装ntp时间校准工具

# yum -y install ntp# ntpdate asia.pool.ntp.org

• 1.

6、安装第三方yum源

# yum -y install yum-plugin-priorities# yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm	# yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm

• 1.

7、升级系统软件包并重新系统

# yum upgrade# reboot

• 1.

二、安装配置mariadb数据库

1、安装mariadb数据库

# yum -y install mariadb mariadb-server MySQL-python

• 1.

2、配置mariadb数据库

# cp /etc/my.cnf /etc/my.cnf.bak# rpm -ql mariadb# vim /etc/my.cnf.d/server.cnf[mysqld]bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'character-set-server = utf8

• 1.
• 2.
• 3.
• 4.
• 5.

3、启动mariadb数据库

# systemctl enable mariadb.service# systemctl start mariadb.service

• 1.

三、安装消息队列服务

1、安装rabbit所需软件包

# yum -y install rabbitmq-server

• 1.

2、启动rabbit服务

# systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service

• 1.

3、设置rabbit服务密码

# rabbitmqctl change_password guest rabbit

• 1.

四、安装keyston用户认证组件

1、创建keystone数据库和授权用户

mysql -u root -p
CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

• 1.
• 2.

2、安装keystone组件包

# yum -y install openstack-utils openstack-keystone python-keystoneclient

• 1.

3、配置keystone文件

# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak# vim /etc/keystone/keystone.conf [DEFAULT]verbose = True[database]connection = mysql://keystone:keystone@controller/keystone[token]provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token

• 1.
• 2.

4、创建证书和秘钥文件

# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /var/log/keystone# chown -R keystone:keystone /etc/keystone/ssl# chmod -R o-rwx /etc/keystone/ssl

• 1.

5、同步keystone到mariadb数据库

# su -s /bin/sh -c "keystone-manage db_sync" keystone

• 1.

6、启动keystone服务并开机自启动

# systemctl enable openstack-keystone.service# systemctl start openstack-keystone.service

• 1.

7、清除过期的令牌

默认情况下，身份服务存储在数据库中过期的令牌无限。到期令牌的积累大大增加数据库的大小，可能会降低服务的性能，特别是在资源有限的环境中。我们建议您使用cron配置一个周期性任务，清除过期的令牌时

# (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
  echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \  >> /var/spool/cron/keystone

• 1.
• 2.

----------------------------Create tenants,user,and roles---------------------------------

1、配置admin的token

# export OS_SERVICE_TOKEN=$(openssl rand -hex 10)# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0# echo $OS_SERVICE_TOKEN > ~/ks_admin_token# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  $OS_SERVICE_TOKEN# service openstack-keystone restart

• 1.

2、创建tenant、user and role

a.Create the admin tenant、user、role# keystone tenant-create --name admin --description "Admin Tenant"# keystone user-create --name admin --pass admin --email admin@zhengyansheng.com# keystone role-create --name adminb.Add the admin tenant and user to the admin role:# keystone user-role-add --tenant admin --user admin --role adminc.By default, the dashboard limits access to users with the _member_ role.# keystone role-create --na