centos7部署openstack（queens）

目录

1 基础环境配置

1.1 配置网络、主机名

1.2  配置域名解析

1.3配置防火墙和Selinux

1.3.1 在controller和compute节点上编辑selinux文件

1.3.2 controller和compute节点关闭防火墙

1.4 安装chrony服务

1.4.1 controller和compute节点安装chrony

1.4.2 配置controller 节点

1.4.3 配置compute节点

1.4.4 验证

1.5 安装openstack存储库包

1.5.1 在controller和compute节点安装

1.5.2 controller和compute节点升级软件包

1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务

1.5.4 重启系统

1.6 安装数据库服务

1.6.1 在controller节点安装数据库

1.6.2修改数据库配置文件

1.6.3 启动数据库服务

1.6.4 设置数据库密码

1.7 安装消息队列服务

1.7.1 在controller节点安装rabbitmq-server

1.7.2 启动消息队列服务

1.7.3 添加openstack用户

1.7.4 设置openstack用户最高权限

1.8 安装memcached 服务

1.8.1 在controller节点上安装memcached

1.8.2 修改memcached配置文件

1.8.3 启动memcached服务

1.9 安装etcd服务

1.9.1 在controller节点上安装etcd服务

1.9.2 修改etcd配置文件，使其他节点能够访问

1.9.3 启动etcd服务

2 安装Keystone认证服务

此服务只安装在controller节点上

2.1 创建keystone数据库

2.2 安装keystone服务软件包

2.3 修改配置文件

2.3.1修改/etc/keystone/keystone.conf配置文件

2.4同步数据库

2.5 初始化秘钥库

2.6 引导身份服务

2.7 配置Apache服务

2.8 创建wsgi-keystone.conf文件连接

2.9 启动服务

2.10 设置环境变量

2.11 创建service项目

2.12 创建demo项目

2.13 创建demo用户

2.14 添加user角色到demo项目和用户

2.15 创建环境变量脚本

2.16 验证环境变量

3 安装Glance镜像服务

此服务只安装在controller节点上

3.1 创建glance数据库

3.2 创建glance用户

3.3 添加admin角色到glance用户和service项目中

3.4 创建glance服务实体

3.5 创建glance服务端点

3.6 安装glance软件包

3.7 修改glance相关配置文件

3.7.1在/etc/glance/glance-api.conf中添加以下内容

3.7.2在/etc/glance/glance-registry.conf文件中添加以下内容

3.8 同步数据库

3.9 启动服务

3.10 上传镜像

4 安装Nova服务

首先先在controller节点安装（4.1-4.19）

4.1 创建nova,nova_api,nova_cell0数据库

4.2 创建nova用户

4.3 添加admin角色到nova用户

4.4 创建nova服务实体

4.5 创建nova服务端点

4.6 创建placement用户

4.7添加admin角色到placement用户

4.8 创建placement服务实体

4.9 创建 placement服务端点

4.10 安装nova软件包

4.11 编辑/etc/nova/nova.conf文件

4.12 编辑/etc/httpd/conf.d/00-nova-placement-api.conf，添加以下内容

4.13 重启httpd服务

4.14 同步nova_api数据库

4.15 注册cell0数据库

4.16 创建cell1单元格

4.17 同步nova数据库

4.18 验证nova cell0和cell1是否注册正确

4.19 启动服务

在compute节点安装nova-compute服务（4.20-4.24）

4.20 安装nova-compute软件包

4.21 编辑/etc/nova/nova.conf文件

4.22 验证系统是否支持硬件加速

4.23 启动服务

4.24 在controller节点添加compute到cell数据库中

5 安装Neutron服务

首先在controller安装Neutron服务（4.1-4.16）

4.1 创建neutron数据库

4.2 创建neutron用户

4.3 添加admin角色到neutron用户

4.4 创建服务实体

4.5 创建服务端点

4.6 安装neutron相关软件包

4.7 编辑/etc/neutron/neutron.conf文件

4.8 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件

4.9 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

4.10 编辑/etc/neutron/l3_agent.ini文件

4.11 编辑/etc/neutron/dhcp_agent.ini文件

4.11 编辑/etc/neutron/metadata_agent.ini文件

4.12 编辑/etc/nova/nova.conf文件

4.13 创建链接

4.14 同步数据库

4.15 重启nova-api服务

4.16 启动neutron相关服务

在compute节点执行以下操作（4.17-4.22）

4.17 安装neutron相关服务

4.18 编辑/etc/neutron/neutron.conf文件

4.19 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

4.20 编辑/etc/nova/nova.conf文件

4.21 重启nova-compute服务

4.22 启动网桥代理服务

4.23 验证neutron服务是否成功安装

5 安装dashboard组件

5.1 安装dashboard软件包

5.2 编辑 /etc/openstack-dashboard/local_settings文件

5.3 编辑/etc/httpd/conf.d/openstack-dashboard.conf文件

5.4 重启web服务

5.5 浏览器访问

6 启动云主机

6.1 创建flavor

6.2 创建keypair

6.3设置安全组规则

6.4 创建provider网络

6.4.1 创建provider网络

6.4.2 设置provider的子网ip网段

6.5 创建Self-service网络

6.5.1 创建Self-service网络

6.5.2 创建Self-service的子网ip网段

6.6 创建路由

6.7 添加Self-service网络到router的接口上

6.8 在router上provider网络设置网关

6.9 验证router

6.6 创建云主机

6.7 查看云主机列表

 

 

---

1 基础环境配置

controller节点：172.24.19.10

compute节点：172.24.19.20

1.1 配置网络、主机名

修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*（具体的网口）文件。

（1）controller节点

配置网络：

enp8s0: 172.24.19.10

DEVICE=enp8s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.19.10

PREFIX=24

GATEWAY=172.24.19.1

 

enp9s0: 172.24.20.10

DEVICE=enp9s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.20.10

PREFIX=24

配置主机名：

# hostnamectl set-hostname controller

按ctrl+d 退出  重新登陆

（2）compute 节点

配置网络：

enp8s0: 172.24.19.20

DEVICE=enp8s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.19.20

PREFIX=24

GATEWAY=172.24.19.1

 

enp9s0: 172.24.20.20

DEVICE=enp9s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.20.20

PREFIX=24

 

配置主机名：

# hostnamectl set-hostname compute

按ctrl+d 退出  重新登陆

 

1.2  配置域名解析

在controller和compute节点上修改/etc/hosts添加一下内容

172.24.19.10   controller

172.24.19.20   compute

 

1.3配置防火墙和Selinux

1.3.1 在controller和compute节点上编辑selinux文件

# vi /etc/selinux/config

SELINUX=disabled

1.3.2 controller和compute节点关闭防火墙

关闭防火墙，并且开机不自启

[root@compute ~]# systemctl stop firewalld

syst[root@compute ~]# systemctl disable firewalld

 

清空防火墙规则

[root@compute ~]# iptables -F

[root@compute ~]# iptables -X

[root@compute ~]# iptables -Z

[root@compute ~]# /usr/sbin/iptables-save

 

1.4 安装chrony服务

1.4.1 controller和compute节点安装chrony

# yum install -y chrony

1.4.2 配置controller 节点

编辑/etc/chrony.conf文件

添加以下内容

server controller iburst

allow 172.24.0.0/16

 

启动服务

[root@controller ~]# systemctl start chronyd

[root@controller ~]# systemctl enable chronyd

 

1.4.3 配置compute节点

编辑/etc/chrony.conf文件

添加以下内容

server controller iburst

 

启动服务

[root@compute ~]# systemctl start chronyd

[root@compute ~]# systemctl enable chronyd

 

1.4.4 验证

在controller和compute节点运行以下命令查看是否同步成功

[root@compute ~]# chronyc sources

 

 

 

1.5 安装openstack存储库包

1.5.1 在controller和compute节点安装

# yum install -y centos-release-openstack-queens

 

1.5.2 controller和compute节点升级软件包

# yum upgrade

 

 

1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务

# yum install python-openstackclient openstack-selinux -y

1.5.4 重启系统

controller和compute节点安装完以上服务后，重启系统

# reboot

 

1.6 安装数据库服务

1.6.1 在controller节点安装数据库

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

 

1.6.2修改数据库配置文件

新建数据库配置文件/etc/my.cnf.d/openstack.cnf，添加以下内容

[mysqld]

bind-address = 172.24.19.10

 

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

 

1.6.3 启动数据库服务

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

1.6.4 设置数据库密码

运行mysql_secure_installation命令，创建数据库root密码

[root@controller ~]# mysql_secure_installation

 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

 

Enter current password for root (enter for none):

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

Set root password? [Y/n] y

New password:                                   ## 此处为root用户密码，这里设为000000

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!

 

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

 ... Success!

 

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] n

 ... skipping.

 

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

 ... Success!

 

Cleaning up...

 

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

 

Thanks for using MariaDB!

 

 

 

1.7 安装消息队列服务

1.7.1 在controller节点安装rabbitmq-server

[root@controller ~]# yum install -y rabbitmq-server -y

 

1.7.2 启动消息队列服务

[root@controller ~]# systemctl start rabbitmq-server.service

[root@controller ~]# systemctl enable rabbitmq-server.service

Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.

 

1.7.3 添加openstack用户

[root@controller ~]# rabbitmqctl add_user openstack 000000

Creating user "openstack" ...

1.7.4 设置openstack用户最高权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setting permissions for user "openstack" in vhost "/" ...

 

1.8 安装memcached 服务

1.8.1 在controller节点上安装memcached

[root@controller ~]# yum install -y memcached

 

1.8.2 修改memcached配置文件

编辑/etc/sysconfig/memcached，修改以下内容

修改OPTIONS="-l 127.0.0.1,::1"为

OPTIONS="-l 127.0.0.1,::1,controller"

 

1.8.3 启动memcached服务

[root@controller ~]# systemctl start memcached.service

[root@controller ~]# systemctl enable memcached.service

 

 

1.9 安装etcd服务

1.9.1 在controller节点上安装etcd服务

[root@controller ~]# yum install etcd -y

 

1.9.2 修改etcd配置文件，使其他节点能够访问

编辑/etc/etcd/etcd.conf，在各自的位置修改以下内容

#[Member]

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="http://172.24.19.10:2380"

ETCD_LISTEN_CLIENT_URLS="http://172.24.19.10:2379"

ETCD_NAME="controller"

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.24.19.10:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://172.24.19.10:2379"

ETCD_INITIAL_CLUSTER="controller=http://172.24.19.10:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

 

1.9.3 启动etcd服务

[root@controller ~]# systemctl start etcd

[root@controller ~]# systemctl enable etcd

 

WARNING：（在我想查看集群状态的时候，报错了，但是不影响后面的操作）

[root@controller ~]# etcdctl cluster-health

cluster may be unhealthy: failed to list members

Error:  client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

; error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

 

error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

2 安装Keystone认证服务

此服务只安装在controller节点上

2.1 创建keystone数据库

[root@controller ~]# mysql -uroot -p000000（此处为之前设置的数据库密码）

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 9

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

2.2 安装keystone服务软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

 

2.3 修改配置文件

2.3.1修改/etc/keystone/keystone.conf配置文件

[database]

connection = mysql+pymysql://keystone:000000@controller/keystone

 

[token]

provider = fernet

 

2.4同步数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

 

2.5 初始化秘钥库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

2.6 引导身份服务

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

 

2.7 配置Apache服务

编辑/etc/httpd/conf/httpd.conf，添加以下内容

ServerName controller

 

2.8 创建wsgi-keystone.conf文件连接

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 

 

2.9 启动服务

[root@controller ~]# systemctl enable httpd.service

 [root@controller ~]# systemctl start httpd.service

 

2.10 设置环境变量

[root@controller ~]# export OS_USERNAME=admin

[root@controller ~]# export OS_PASSWORD=000000

[root@controller ~]# export OS_PROJECT_NAME=admin

[root@controller ~]# export OS_USER_DOMAIN_NAME=Default

[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default

[root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

 

2.11 创建service项目

[root@controller ~]# openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 81f0e32c420540b5b8fad85a3eba2bbf |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

 

2.12 创建demo项目

[root@controller ~]# openstack project create --domain default --description "Demo Project" demo

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 3e3303c90e3f402fab379e6df5e88714 |

| is_domain   | False                            |

| name        | demo                             |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

 

2.13 创建demo用户

[root@controller ~]# openstack user create --domain default --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 21a99cec8f9048bd9b926a2f263fa27a |

| name                | demo                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

[root@controller ~]# openstack role create user

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | 03a3dd3efd1c4867ba928922a11531a9 |

| name      | user                             |

+-----------+----------------------------------+

 

2.14 添加user角色到demo项目和用户

[root@controller ~]# openstack role add --project demo --user demo user

 

2.15 创建环境变量脚本

admin用户环境变量脚本

[root@controller ~]# cat admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

 

demo用户环境变量脚本

[root@controller ~]# cat demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

 

2.16 验证环境变量

[root@controller ~]# source admin-openrc

[root@controller ~]# openstack token issue

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| Field      | Value                                                                                                                                                                                   |

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| expires    | 2018-06-19T19:16:03+0000                                                                                                                                                                |

| id         | gAAAAABbKUhj2ER9OBwUrpgSZw_x347DjgN53JKCu7gQaDCAZUwQosVZ-OOV-YZbJnr-WcascWMfetb_OUN5H_lV8-gjAuag_bJmsa23kywejyUwOkh1viiyqyqQMyJbLXrUuHJI5bvErxnywad4dMhvg8HCjA9-ZDxsWOKV0zwHhSvNtz-wcdw |

| project_id | 14774f73585d4ed48d5198c778645baa                                                                                                                                                        |

| user_id    | a07017719a364efa913cae79bbddbe19                                                                                                                                                        |

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

 

 

3 安装Glance镜像服务

此服务只安装在controller节点上