搭建openstack平台需在[VMware]上准备两台虚拟机,分别作为controller(控制)节点和compute节点. 下面是VMware上虚拟机的基础配置。
这里的NET模式的子网地址给的是0段(cidr)WEB访问的IP地址
controller节点给的IP是192.168.0.60
compute节点给的IP是192.168.0.61
配置网卡
1.利用vi文本编辑器去配置虚拟机的虚拟网卡
[root@controller ~]vi /etc/sysconfig/network-scripts/ifcfg-ens33 #ifcfg-需要配置的网卡名
BOOTPROTO=dhcp #修改为static静态IP
ONBOOT=no # 修改为yes,设为开机自启
#结尾添加
IPADDR=192.168.0.60 #配置的IP地址,根据虚拟网络编辑器的网段来配置
NETMASK=255.255.255.0 #子网掩码,也可以用PREFIX=24来表示
GATEWAY=192.168.0.2 #网关
DNS1=114.114.114.114 #DNS域名解析
DNS2=8.8.8.8 #备用DNS域名解析
# :wq (保存退出)
修改主机名
#controller执行
[root@controller ~]hostnamectl set-hostname controller
#compute
[root@compute ~]hostnamectl set-hostname compute
##修改后重新连接终端
##MobaXterm中按ctrl+d 退出 按R重新登陆
##SecureCRTPortable中按ctrl+d 退出 按回车重新登陆
##直接bash执行也可,不过后面执行脚本可能报错
##su也可以使之生效
[root@controller ~]systemctl restart network #第一种重启网络的方法
[root@controller ~]service network restart #第二种重启网络的方法
配置域名解析
[root@controller ~]vim /etc/hosts
#结尾添加这两行IP地址+主机名
192.168.100.10 controller
192.168.100.20 compute
[root@controller ~]scp /etc/hosts 192.168.100.20:/etc/hosts
#将controller节点上的配置文件传输到compute节点上将其替换,省的两头来回切换的敲代码了,在后面这点好处会体现的更明显
#这一步做完后,后面就可以直接使用域名(controller,compute)来代替IP地址了
关闭防火墙
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config;setenforce 0;systemctl stop firewalld.service ;systemctl disable firewalld.service
systemctl status firewalld
getenforce
配置网络时间服务
yum install -y chrony
vim /etc/chrony.conf
systemctl enable chronyd.service;systemctl start chronyd.service
systemctl status chronyd
chronyc sources -v
date
安装OpenStack包
yum list | grep openstack*
#所有节点
yum install -y centos-release-openstack-train.noarch
#必须先安装包,再安装下面的
yum install python-openstackclient openstack-selinux -y
安装SQL
#con
yum install mariadb mariadb-server python2-PyMySQL -y
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.0.60
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb.service;systemctl start mariadb.service
mysql_secure_installation
回车
Set root password? [Y/n] y 123
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
消息队列 rabbitMQ
yum install -y rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack openstack123
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
#查看是否创建成功
rabbitmqctl list_users
#查看需要启动的服务
rabbitmq-plugins list
#开启图形化界面
rabbitmq-plugins enable rabbitmq_management rabbitmq_management_agent
安装memcahce服务(内存缓存服务)
yum install -y memcached python-memcached
vim /etc/sysconfig/memcached
#将服务配置为使用控制器节点的管理 IP 地址。这是为了允许其他节点通过管理网络访问:
OPTIONS="-l 127.0.0.1,::1,controller"
systemctl enable memcached.service;systemctl start memcached.service
#查看运行状态
systemctl status memcached.service
安装Keystone服务
mysql -p123(此处数据库密码为之前安装Mysql设置的密码)
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
mysql> exit
yum install openstack-keystone httpd mod_wsgi -y
cp /etc/keystone/keystone.conf{
,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone123@controller/keystone
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
# 配置Apache HTTP
vim /etc/httpd/conf/httpd.conf
ServerName controller:80
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service;systemctl start httpd.service
vim admin.sh
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
source admin.sh
openstack endpoint list
查看令牌授权
openstack token issue
openstack domain create --description "An Example Domain" example
openstack project create --domain default \
--description "Service Project" service
openstack project create --domain default \
--description "Demo Project" myproject
openstack user create --domain default \
--password-prompt myuser myuser #密码 myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
#验证
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
#密码 admin
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
#密码 myuser
vim admin.sh
#替换一下内容
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim myuser.sh
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Glance
mysql -p123
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'glance123';
openstack user create --domain default --password-prompt glance #密码glance
openstack role add --project service --user glance admin
openstack service create --name glance \
--description "OpenStack Image" image
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
#查看端口
openstack endpoint list
yum install openstack-glance -y
cp /etc/glance/glance-api.conf{
,.bak}
grep -Ev "^$|#" /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:glance123@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service;systemctl start openstack-glance-api.service
#验证
上传镜像 cirros-0.4.0-x86_64-disk.img
glance image-create --name "cirros4" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public
openstack image list
Placement
mysql -p123
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'placement123';
openstack user create --domain default --password-prompt placement #密码placement
openstack role add --project service --user placement admin
openstack service create --name placement \
--description "Placement API" placement
openstack endpoin