一,环境准备
配置域名
vim /etc/hosts
192.168.1.135 controller
192.168.1.136 computer1
192.168.1.137 cinder
关闭firewalld(测试很重要)
systemctl stop firewalld
systemctl disable firewalld
更改selinux状态(测试很重要)
vi /etc/sysconfig/selinux
SELINUX=disabled
更改主机名,避免发现计算节点主机时,因主机名都为localhost而产生不必要的冲突
控制节点
hostnamectl set-hostname controller
计算节点
hostnamectl set-hostname compute
cinder存储节点
hostnamectl set-hostname cinder
#yum -y install chrony #所有节点都安装
#vim /etc/chrony.conf #controller节点选择合适的ntp服务器,compute节点只保留server controller iburst 其他注释掉
#systemctl enable chronyd.service
#systemctl restart chronyd.service
#chronyc sources
安装openstack-ocata版本
#yum -y install centos-release-openstack-ocata.noarch
#yum -y install https://rdoproject.org/repos/rdo-release.rpm
#yum -y upgrade
#yum -y install python-openstackclient #安装opentack必须的插件
#yum -y install yum-plugin-priorities #防止软件自动更新,OpenStack组件装完后,某个软件自动更新的话,可能导致整个服务瘫痪
部署mariadb 控制节点安装
yum -y install mariadb mariadb-server python2-PyMySQL
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address=192.168.1.135 #本机地址
default-storage-engine=innodb #mysql存储引擎
max_connections = 4096 #最大连接数
innodb_file_per_table
collation-server=utf8_general_ci
character-set-server=utf8
#systemctl enable mariadb.service
#systemctl start mariadb.service
echo -e “\nY\n123456\n123456\nY\nn\nY\nY\n” | mysql_secure_installation #自动设置mysql密码为123456,跳过手动步骤
部署消息队列rabbitmq 控制节点安装
#yum -y install rabbitmq-server
#systemctl enable rabbitmq-server.service
#systemctl start rabbitmq-server.service
#rabbitmqctl add_user openstack openstack-password 增加用户openstack,密码openstack-password
#rabbitmqctl set_permissions openstack “." ".” “.*” 给openstack用户授权,没有授权的用户将不能接受和传递消息
#rabbitmqctl set_user_tags openstack administrator 赋予其administrator角色
#systemctl restart rabbitmq-server.service
查看端口是否存在
#netstat -nltp |grep 5672
部署memcache 控制节点安装
#yum -y install memcached python-memcached
修改配置文件中现有的OPTIONS选项
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
#systemctl enable memcached.service
#systemctl start memcached.service
二:认证服务
2.1安装配置 控制节点安装
创建keystone数据库
#mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE keystone;
设置数据库权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘controller’ IDENTIFIED BY ‘keystone-password’;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘keystone-password’;
MariaDB [(none)]> flush privileges;
安装keystone及相关组件
#yum -y install openstack-keystone httpd mod_wsgi
#vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone-password@controller/keystone
[token]
provider = fernet
同步数据库
/bin/sh -c “keystone-manage db_sync” keystone
同步完建议进入数据库,查看数据库keystone是否生成表成功,笔者这里用的centos7.2系统,经过多次观察,一般为44个表
mysql -uroot -p123456
MariaDB [(none)]> use keystone;
MariaDB [(keystone)]> show tables;
初始化
#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
引导身份服务:
#keystone-manage bootstrap --bootstrap-password admin-password
–bootstrap-admin-url http://controller:35357/v3/
–bootstrap-internal-url http://controller:5000/v3/
–bootstrap-public-url http://controller:5000/v3/
–bootstrap-region-id RegionOne
修改httpd配置文件:
#vim /etc/httpd/conf/httpd.conf
ServerAdmin root@controller
ServerName controller:80 (将ServerName 后面改成主机名,防止启动报错)
在wsgi-keystone配置文件中加入以下内容
#vim /usr/share/keystone/wsgi-keystone.conf
创建一个指向/usr/share/keystone/wsgi-keystone.conf文件的链接:
#ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动httpd:
#systemctl enable httpd.service
#systemctl start httpd.service
#netstat -ntpl | grep httpd
创建脚本来设置变量
#vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin-password
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
运行环境变量:
#. admin-openrc
创建service项目
#openstack project create --domain default --description “Service Project” service
创建demo项目
#openstack project create --domain default --description “Demo Project” demo
创建demo用户并设置密码 #笔者这里设置的123456,可自行设置
#openstack user create --domain default --password-prompt demo
创建角色user
#openstack role create user
将用户demo以user的角色添加到demo项目
#openstack role add --project demo --user demo user
重置环境变量:
unset OS_AUTH_URL OS_PASSWORD
admin 用户,请求身份验证令牌:
#openstack --os-auth-url http://controller:35357/v3
–os-project-domain-name default --os-user-domain-name default
–os-project-name admin --os-username admin token issue
demo用户,请求身份验证令牌:
#openstack --os-auth-url http://controller:5000/v3 \
–os-project-domain-name default --os-user-domain-name default \
–os-project-name demo --os-username demo token issue
三glance镜像服务
创建glance数据库
#mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE glance;(创建 glance 数据库)
授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘controller’ IDENTIFIED BY ‘glance-password’; (对glance数据库授予恰当的权限)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ IDENTIFIED BY ‘glance-password’; (对glance数据库授予恰当的权限)
MariaDB [(none)]> flush privileges;
运行环境变量