Openstack部署
官方文档:https://docs.openstack.org/mitaka/install-guide-rdo/
环境:
controller 172.25.24.1 控制节点
compute1 172.25.24.2 计算节点
关闭firewalld,selinux
控制节点配置网络
虚拟机添加双网卡
修改主及名并关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
hostnamectl set-hostname controller
vim /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BOOTPROTO=none
IPADDR=172.25.24.1
PREFIX=24
GATEWAY=172.25.24.250
DNS1=114.114.114.114
vim /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
TYPE=Ethernet
ONBOOT=yes
BOOTPROTO=none
配置本地域名解析
配置时间同步
配置yum源
vim /etc/yum.repos.d/yum.repo
[rhel7.3]
name=rhel7.3
baseurl=http://172.25.24.250/rhel7.3
gpgcheck=0
[openstack]
name=ocata
baseurl=ftp://172.25.24.250/pub/docs/openstack/mitaka
gpgcheck=0
yum upgrade -y #在主机上升级包
yum install -y python-openstackclient #安装 OpenStack 客户端
安装数据库
yum install -y mariadb mariadb-server python2-PyMySQL #安装时会有依赖
rpm -ivh openssl-libs-1.0.2k-12.el7.x86_64.rpm --force #解决依赖
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.24.1
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb.service
systemctl start mariadb.service
执行 mysql_secure_installation 脚本来对数据库进行安全加固
安装消息队列服务
yum install -y rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS #添加 openstack 用户
rabbitmqctl set_permissions openstack ".*" ".*" ".*" #给``openstack``用户配置写和读权限
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
netstat -antlp
物理机firefox访问172.25.24.1:15672
帐号:guest
密码:guest
Memcache
yum install -y memcached python-memcached
cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1" #注释此条参数
systemctl start memcached.service
systemctl enable memcached.service
创建一个数据库和管理员令牌
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
openssl rand -hex 10 #生成一个随机值在初始的配置中作为管理员的令牌
b1a229ca636fa799fcf0
yum install openstack-keystone httpd mod_wsgi
编辑文件 /etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = b1a229ca636fa799fcf0 #使用刚才生成的随机数
[database]
connection = mysql+pymysql://keystone:keystone@controller/keystone #KEYSTONE_DBPASS为数据库密码
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化身份认证服务的数据库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone #初始化Fernet keys
配置 Apache HTTP 服务器
vim /etc/httpd/conf/httpd.conf
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
systemctl start httpd.service
systemctl enable httpd.service
创建服务实体和API端点
配置认证令牌
export OS_TOKEN=b1a229ca636fa799fcf0
配置端点UR
export OS_URL=http://controller:35357/v3
配置认证 API 版本
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity #为身份认证服务创建服务