CentOS7.5安装OpenStack Rocky版本

CentOS7.5安装OpenStack Rocky版本

刚刚更新了版本,就忍不住想安装一下,因时间有限,只安装到了dashboard

搭建过程中,跟着官网走了遍流程,基本上没啥问题

建议还是跟着官网搭一遍会舒服很多 https://docs.openstack.org/install-guide/

因为是自己搭着玩,为了方便,所有关于密码的设置,都设置成000000

 

配置

主机

系统

网卡1:eth0

网卡2:eth1

controller

CentOS7.5

192.168.100.10

192.168.200.10

compute

CentOS7.5

192.168.100.20

192.168.200.20

 

关闭防火墙

# systemctl restart network

# systemctl stop firewalld

# systemctl disable firewalld

# setenforce 0

# sed -i 's/=enforcing/=disabled/' /etc/selinux/config

 

更新软件包

# yum upgrade -y

更新完成后重启系统

# reboot

 

设置主机名

# hostnamectl set-hostname controller

# hostnamectl set-hostname compute

 

添加主机映射

# cat << EOF >> /etc/hosts

192.168.100.10 controller

192.168.100.20 compute

EOF

 

 

配置时间同步

controller节点

安装软件包

[root@controller ~]# yum install -y chrony

 

编辑/etc/chrony.conf文件

server controller iburst

allow 192.168.0.0/16

 

启动服务

[root@controller ~]# systemctl start chronyd

[root@controller ~]# systemctl enable chronyd

 

 

compute节点

安装软件包

[root@compute ~]# yum install -y chrony

 

编辑/etc/chrony.conf文件

server controller iburst

 

启动服务

[root@compute ~]# systemctl start chronyd

[root@compute ~]# systemctl enable chronyd

 

 

 

配置OpenStack-rocky的yum源文件

官网是yum安装centos-release-openstack-rocky,用的是国外的源,会比较慢,这里我自己手动配置了阿里的源

# cat << EOF >> /etc/yum.repos.d/openstack.repo

[openstack-rocky]

name=openstack-rocky

baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/

enabled=1

gpgcheck=0

[qume-kvm]

name=qemu-kvm

baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/

enabled=1

gpgcheck=0

EOF

 

安装OpenStack客户端和selinux服务

# yum install -y python-openstackclient openstack-selinux

 

安装数据库服务

在controller节点安装数据库

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

 

修改数据库配置文件

新建数据库配置文件/etc/my.cnf.d/openstack.cnf,添加以下内容

[mysqld]

bind-address = 192.168.100.10

 

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

 

启动数据库服务

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

 

设置数据库密码

运行mysql_secure_installation命令,创建数据库root密码

[root@controller ~]# mysql_secure_installation

 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

 

Enter current password for root (enter for none):

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

Set root password? [Y/n] y

New password:                                   ## 此处为root用户密码,这里设为000000

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

 

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

... Success!

 

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] n

... skipping.

 

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

Dropping test database...

... Success!

Removing privileges on test database...

... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

... Success!

 

Cleaning up...

 

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

 

Thanks for using MariaDB!

 

 

安装消息队列服务

在controller节点安装rabbitmq-server

[root@controller ~]# yum install -y rabbitmq-server -y

 

启动消息队列服务

[root@controller ~]# systemctl start rabbitmq-server.service

[root@controller ~]# systemctl enable rabbitmq-server.service

Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.

 

添加openstack用户

[root@controller ~]# rabbitmqctl add_user openstack 000000

Creating user "openstack" ...

设置openstack用户最高权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setting permissions for user "openstack" in vhost "/" ...

 

安装memcached 服务

在controller节点上安装memcached

[root@controller ~]# yum install -y memcached

 

修改memcached配置文件

编辑/etc/sysconfig/memcached,修改以下内容

修改OPTIONS="-l 127.0.0.1,::1"为

OPTIONS="-l 127.0.0.1,::1,controller"

 

启动memcached服务

[root@controller ~]# systemctl start memcached.service

[root@controller ~]# systemctl enable memcached.service

 

 

安装etcd服务

在controller节点上安装etcd服务

[root@controller ~]# yum install etcd -y

 

修改etcd配置文件,使其他节点能够访问

编辑/etc/etcd/etcd.conf,在各自的位置修改以下内容

#[Member]

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="http://192.168.100.10:2380"

ETCD_LISTEN_CLIENT_URLS="http://192.168.100.10:2379"

ETCD_NAME="controller"

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.10:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.10:2379"

ETCD_INITIAL_CLUSTER="controller=http://192.168.100.10:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

 

启动etcd服务

[root@controller ~]# systemctl start etcd

[root@controller ~]# systemctl enable etcd

 

(在我想查看集群的时候,报错了,但是因为不影响,所以我先跳过这里)

[root@controller ~]# etcdctl cluster-health

cluster may be unhealthy: failed to list members

Error:  client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

; error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

 

error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

 

 

安装keystone服务

创建数据库

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 9

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'\

IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

 

安装软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

 

编辑配置文件/etc/keystone/keystone.conf

[database]

connection = mysql+pymysql://keystone:000000@controller/keystone

[token]

provider = fernet

 

同步数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

 

初始化fernet key库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

引导身份认证

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 \

--bootstrap-admin-url http://controller:5000/v3/ \

--bootstrap-internal-url http://controller:5000/v3/ \

--bootstrap-public-url http://controller:5000/v3/ \

--bootstrap-region-id RegionOne

 

编辑httpd配置文件/etc/httpd/conf/httpd.conf

ServerName controller

 

创建文件链接

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

 

启动httpd服务

[root@controller ~]# systemctl start httpd

[root@controller ~]# systemctl enable httpd

Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

 

编写环境变量脚本admin-openrc

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

 

创建service项目

[root@controller ~]# openstack project create --domain default \

--description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 617e64ff415b45ef975b8faf3d5207dd |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

 

验证

[root@controller ~]# openstack user list  

+----------------------------------+-------+

| ID                               | Name  |

+----------------------------------+-------+

| 5238d646322346be9e3f9750422bcf4d | admin |

+----------------------------------+-------+

[root@controller ~]# openstack token issue

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| Field      | Value                                                                                                                                                                                   |

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| expires    | 2018-09-03T14:30:02+0000                                                                                                                                                                |

| id         | gAAAAABbjTdauHEUmA_PQ1deLrPsMXiITgOyGu325OkqBYxhwYK5pS5A217gFJcnt_T50T6vfVXDTPR1HJ-HM7_Dlmm5GbPBAe_4KuWygSebGPAU7_NQoZT5gH0gjtyW5aF0mw-dyqvVykcXQWeeZ_q15HOjUZ2ujn_O2GYfjFhUmhaagrUvYys |

| project_id | 1a74d2a87e734feea8577477955e0b06                                                                                                                                                        |

| user_id    | 5238d646322346be9e3f9750422bcf4d                                                                                                                                                        |

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

 

glance安装

创建数据库

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 17

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> CREATE DATABASE glance;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

 

创建用户、服务等

[root@controller ~]# source admin-openrc

[root@controller ~]# openstack user create --domain default --password-prompt glance

User Password:000000

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 73e040b3ca46485dad6ce8c49bfbd8e2 |

| name                | glance                           |

| options             | {}                               |

| pass

  • 6
    点赞
  • 48
    收藏
    觉得还不错? 一键收藏
  • 13
    评论
评论 13
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值