我已经不想写了,这几天又安装了N多遍,这次试试手动安装。
准备
基础服务
网络
把网卡改成桥接模式,修改配置文件/etc/sysconfig/network-scripts/ifcfg-eno16777736
,DNS要设置好,不然解析不了域名了。GATEWAY可以通过netstat -rn
查看。
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=acd2af84-eb36-4ffe-8a43-8528e2d8e87c
DEVICE=eno16777736
ONBOOT=yes
PEERDNS=yes
PEERROUTES=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPADDR=192.168.1.104
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=114.114.114.114
DNS2=8.8.4.4
重启网络
systemctl restart network
安装epel-release
yum install -y epel-release
然后换一下源,给yum和epel都换一下,这个epel我不知道换的对不对,应该是epel.repo。
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
wget -O /etc/yum.repos.d/epel-7.repo http://mirrors.aliyun.com/repo/epel-7.repo
中科大
sed -e 's|^metalink=|#metalink=|g' \
-e 's|^#baseurl=https\?://download.fedoraproject.org/pub/epel/|baseurl=https://mirrors.ustc.edu.cn/epel/|g' \
-i.bak \
/etc/yum.repos.d/epel.repo
更新一下缓存
yum clean all
yum makecache
这里也可以使用yum upgrade -y
更新一下所有的程序。
修改主机名
hostnamectl set-hostname controller
修改一下host文件/etc/hosts
,然后添加192.168.1.104
,执行/etc/init.d/network restart
立刻生效host,就不用重启了。
关闭firewalld
和NetworkManager
systemctl stop firewalld && systemctl disable firewalld
systemctl stop NetworkManager && systemctl disable NetworkManager
关闭selinux,修改/etc/selinux/config
,设置SELINUX
为disabled
。
重启一下网络
systemctl restart network
库
安装openstack的基础库和客户端
yum install -y centos-release-openstack-stein
yum install -y python-openstackclient
yum install -y openstack-selinux
安装时间同步服务chrony
yum -y install chrony
编辑配置文件/etc/chrony.conf
,注释掉前面几个server
allow 192.168.1.104
server 127.127.1.0 prefer
启动服务,设置时区
systemctl start chronyd
systemctl enable chronyd
timedatectl set-timezone Asia/Shanghai
timedatectl status
数据库
安装mariadb
yum install -y mariadb mariadb-server MySQL-python
配置一下,/etc/my.cnf.d/mariadb-server.cnf
,修改mysqld
。
[mysqld]
。。。。。。
default-storage-engine = innodb
innodb_file_per_table = on
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
启动服务,开机自启动
systemctl start mariadb
systemctl enable mariadb
可以设置一下密码,加固数据库
mysql_secure_installation
我使用工作站安装的时候,不知道是不是系统问题,数据库出现两个问题
- too many connections
- lost connection
Too many connections
第一个问题就是因为数据库的最大连接数设置的太小了,在mysql里查询一下
show variables like 'max_connections';
show status like 'max_used_connections';
前者数据库允许的最大连接数,我这里都是151,系统管理员还使用一个,因此一共是152,后者指的是当前已经使用的连接数,虚拟机里这个数很小,但是物理机里它很大,到了152,所以报错了,修改一下。
编辑数据库的配置文件/etc/my.cnf.d/mariadb-server.cnf
,在[mysqld]
字段中添加如下一行,这个数值需要根据硬件配置和实际使用需求进行设置,不是越大越好,我这是工作站,所以问题不大,最大好像是4096
max_connections=2048
然后重启一下数据库systemctl restart mysqld
。
memcache
安装memcache
yum install -y memcached python-memcached
sed -i 's/127.0.0.1/0.0.0.0/' /etc/sysconfig/memcached
systemctl start memcached.service
systemctl enable memcached.service
消息队列rabbitmq
消息队列
# 1、安装
yum install -y rabbitmq-server
# 2、启动服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
# 3、创建用户
rabbitmqctl add_user openstack openstack
# 4、授权
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
# 5、启用web管理界面
rabbitmq-plugins list # 查看rabbitmq有哪些插件
rabbitmq-plugins enable rabbitmq_management # 启用web管理界面
# 6、浏览器上登录
# 在浏览器上输入http://192.168.1.104:15672/
# 用户名、密码均为:guest(第一次登录必须使用该用户密码)
# 7、在浏览器上为刚创建的openstack更新Tags为:administrator
# 点击Admin -> 点击Users列表中的openstack ->在Update this user中输入两次openstack作为密码(密码必须写,因此我们写原密码),Tags设置为administrator -> 点击Update user
keystone
创建数据库
mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
安装软件包
yum install -y openstack-keystone httpd mod_wsgi
编辑配置文件/etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone_user:keystone@192.168.1.104/keystone
[token]
provider = fernet
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
创建一个管理员,这个密码最好为admin。
keystone-manage bootstrap --bootstrap-password keystone --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
配置一下apache
修改配置文件/etc/httpd/conf/httpd.conf
,修改ServerName
为controller
。
建立一个连接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动服务
systemctl start httpd.service
systemctl enable httpd.service
编辑环境变量,这里的keystone就是刚才设置的管理员密码。
export OS_USERNAME=admin
export OS_PASSWORD=keystone
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
创建域、项目,用户和角色
Create a domain, projects, users, and roles
域
这里只是示范,默认有一个default了。
[root@controller OpenStack]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | c7118ce3f2994db689dd977d460f0006 |
| name | example |
| tags | [] |
+-------------+----------------------------------+
这是一个服务项目,包含nova等服务
[root@controller OpenStack]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 2086941073d3473dbb7e3f6475a7f711 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建普通项目demo
[root@controller OpenStack]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 09baebcf699543f68e4687f2231e4e88 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建一个普通用户demo
[root@controller OpenStack]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3642b8322c424b9e96fd47e93a2c9d1a |
| name | demo |
| options | {
} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建一个角色
[root@controller OpenStack]# openstack role create high
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | bffbfe5936cf4dd981b93dd4dab27aac |
| name | high |
+-------------+----------------------------------+
添加角色
openstack role add --project demo --user demo member
验证
unset OS_AUTH_URL OS_PASSWORD
验证admin
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
验证demo
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
脚本
创建keystone_admin
export OS_USERNAME=admin
export OS_PASSWORD=keystone
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
创建keystone_demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
执行source keystone_demo
或者source keystone_admin
,执行openstack token issue
。如果有输出,说明正常。
glance
Install and configure (Red Hat)
准备
创建数据库
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
source keystone_admin
创建用户,密码glance
[root@controller OpenStack]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 78e1c0bfdb7242938043a0f08a195744 |
| name | glance |
| options | {
} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加角色
openstack role add --project service --user glance admin
创建服务实体
[root@controller OpenStack]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | d8cec436caa949caad7baeecddc2cf56 |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建服务端点
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
安装配置
安装
yum install openstack-glance -y
编辑配置文件/etc/glance/glance-api.conf
[database]
......
connection=mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor=keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑/etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
这一步会有一个回显
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1371: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
但是官网说:Ignore any deprecation messages in this output.,就不管了。
启动服务,自启动
systemctl enable openstack-glance-api openstack-glance-registry
systemctl start openstack-glance-api openstack-glance-registry
镜像
执行wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
可以下载一个镜像,能不能下下来就看你的网好不好了。
上传镜像
[root@controller OpenStack]# openstack image create "cirros" --file Image/cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at