目录
1.3.1 在controller和compute节点上编辑selinux文件
1.3.2 controller和compute节点关闭防火墙
1.4.1 controller和compute节点安装chrony
1.5.2 controller和compute节点升级软件包
1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务
1.7.1 在controller节点安装rabbitmq-server
1.8.1 在controller节点上安装memcached
2.3.1修改/etc/keystone/keystone.conf配置文件
3.3 添加admin角色到glance用户和service项目中
3.7.1在/etc/glance/glance-api.conf中添加以下内容
3.7.2在/etc/glance/glance-registry.conf文件中添加以下内容
4.1 创建nova,nova_api,nova_cell0数据库
4.12 编辑/etc/httpd/conf.d/00-nova-placement-api.conf,添加以下内容
在compute节点安装nova-compute服务(4.20-4.24)
4.24 在controller节点添加compute到cell数据库中
首先在controller安装Neutron服务(4.1-4.16)
4.7 编辑/etc/neutron/neutron.conf文件
4.8 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
4.9 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
4.10 编辑/etc/neutron/l3_agent.ini文件
4.11 编辑/etc/neutron/dhcp_agent.ini文件
4.11 编辑/etc/neutron/metadata_agent.ini文件
4.18 编辑/etc/neutron/neutron.conf文件
4.19 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
5.2 编辑 /etc/openstack-dashboard/local_settings文件
5.3 编辑/etc/httpd/conf.d/openstack-dashboard.conf文件
6.7 添加Self-service网络到router的接口上
1 基础环境配置
controller节点:172.24.19.10
compute节点:172.24.19.20
1.1 配置网络、主机名
修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*(具体的网口)文件。
(1)controller节点
配置网络:
enp8s0: 172.24.19.10
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=172.24.19.10
PREFIX=24
GATEWAY=172.24.19.1
enp9s0: 172.24.20.10
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=172.24.20.10
PREFIX=24
配置主机名:
# hostnamectl set-hostname controller
按ctrl+d 退出 重新登陆
(2)compute 节点
配置网络:
enp8s0: 172.24.19.20
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=172.24.19.20
PREFIX=24
GATEWAY=172.24.19.1
enp9s0: 172.24.20.20
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=172.24.20.20
PREFIX=24
配置主机名:
# hostnamectl set-hostname compute
按ctrl+d 退出 重新登陆
1.2 配置域名解析
在controller和compute节点上修改/etc/hosts添加一下内容
172.24.19.10 controller
172.24.19.20 compute
1.3配置防火墙和Selinux
1.3.1 在controller和compute节点上编辑selinux文件
# vi /etc/selinux/config
SELINUX=disabled
1.3.2 controller和compute节点关闭防火墙
关闭防火墙,并且开机不自启
[root@compute ~]# systemctl stop firewalld
syst[root@compute ~]# systemctl disable firewalld
清空防火墙规则
[root@compute ~]# iptables -F
[root@compute ~]# iptables -X
[root@compute ~]# iptables -Z
[root@compute ~]# /usr/sbin/iptables-save
1.4 安装chrony服务
1.4.1 controller和compute节点安装chrony
# yum install -y chrony
1.4.2 配置controller 节点
编辑/etc/chrony.conf文件
添加以下内容
server controller iburst
allow 172.24.0.0/16
启动服务
[root@controller ~]# systemctl start chronyd
[root@controller ~]# systemctl enable chronyd
1.4.3 配置compute节点
编辑/etc/chrony.conf文件
添加以下内容
server controller iburst
启动服务
[root@compute ~]# systemctl start chronyd
[root@compute ~]# systemctl enable chronyd
1.4.4 验证
在controller和compute节点运行以下命令查看是否同步成功
[root@compute ~]# chronyc sources
1.5 安装openstack存储库包
1.5.1 在controller和compute节点安装
# yum install -y centos-release-openstack-queens
1.5.2 controller和compute节点升级软件包
# yum upgrade
1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务
# yum install python-openstackclient openstack-selinux -y
1.5.4 重启系统
controller和compute节点安装完以上服务后,重启系统
# reboot
1.6 安装数据库服务
1.6.1 在controller节点安装数据库
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
1.6.2修改数据库配置文件
新建数据库配置文件/etc/my.cnf.d/openstack.cnf,添加以下内容
[mysqld]
bind-address = 172.24.19.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
1.6.3 启动数据库服务
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
1.6.4 设置数据库密码
运行mysql_secure_installation命令,创建数据库root密码
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: ## 此处为root用户密码,这里设为000000
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
1.7 安装消息队列服务
1.7.1 在controller节点安装rabbitmq-server
[root@controller ~]# yum install -y rabbitmq-server -y
1.7.2 启动消息队列服务
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
1.7.3 添加openstack用户
[root@controller ~]# rabbitmqctl add_user openstack 000000
Creating user "openstack" ...
1.7.4 设置openstack用户最高权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
1.8 安装memcached 服务
1.8.1 在controller节点上安装memcached
[root@controller ~]# yum install -y memcached
1.8.2 修改memcached配置文件
编辑/etc/sysconfig/memcached,修改以下内容
修改OPTIONS="-l 127.0.0.1,::1"为
OPTIONS="-l 127.0.0.1,::1,controller"
1.8.3 启动memcached服务
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# systemctl enable memcached.service
1.9 安装etcd服务
1.9.1 在controller节点上安装etcd服务
[root@controller ~]# yum install etcd -y
1.9.2 修改etcd配置文件,使其他节点能够访问
编辑/etc/etcd/etcd.conf,在各自的位置修改以下内容
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.24.19.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.24.19.10:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.24.19.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.24.19.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.24.19.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
1.9.3 启动etcd服务
[root@controller ~]# systemctl start etcd
[root@controller ~]# systemctl enable etcd
WARNING:(在我想查看集群状态的时候,报错了,但是不影响后面的操作)
[root@controller ~]# etcdctl cluster-health
cluster may be unhealthy: failed to list members
Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused
; error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused
error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused
error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused
2 安装Keystone认证服务
此服务只安装在controller节点上
2.1 创建keystone数据库
[root@controller ~]# mysql -uroot -p000000(此处为之前设置的数据库密码)
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)
2.2 安装keystone服务软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
2.3 修改配置文件
2.3.1修改/etc/keystone/keystone.conf配置文件
[database]
connection = mysql+pymysql://keystone:000000@controller/keystone
[token]
provider = fernet
2.4同步数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
2.5 初始化秘钥库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2.6 引导身份服务
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
2.7 配置Apache服务
编辑/etc/httpd/conf/httpd.conf,添加以下内容
ServerName controller
2.8 创建wsgi-keystone.conf文件连接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
2.9 启动服务
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
2.10 设置环境变量
[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=000000
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
2.11 创建service项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 81f0e32c420540b5b8fad85a3eba2bbf |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
2.12 创建demo项目
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 3e3303c90e3f402fab379e6df5e88714 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
2.13 创建demo用户
[root@controller ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 21a99cec8f9048bd9b926a2f263fa27a |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 03a3dd3efd1c4867ba928922a11531a9 |
| name | user |
+-----------+----------------------------------+
2.14 添加user角色到demo项目和用户
[root@controller ~]# openstack role add --project demo --user demo user
2.15 创建环境变量脚本
admin用户环境变量脚本
[root@controller ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
demo用户环境变量脚本
[root@controller ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.16 验证环境变量
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-06-19T19:16:03+0000 |
| id | gAAAAABbKUhj2ER9OBwUrpgSZw_x347DjgN53JKCu7gQaDCAZUwQosVZ-OOV-YZbJnr-WcascWMfetb_OUN5H_lV8-gjAuag_bJmsa23kywejyUwOkh1viiyqyqQMyJbLXrUuHJI5bvErxnywad4dMhvg8HCjA9-ZDxsWOKV0zwHhSvNtz-wcdw |
| project_id | 14774f73585d4ed48d5198c778645baa |
| user_id | a07017719a364efa913cae79bbddbe19 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 安装Glance镜像服务
此服务只安装在controller节点上