一、安装环境准备
1.修改网卡ip
X视情况而定
网段10.0.0.X/24 172.129.X.0/24
网关10.0.0.254 172.129.X.254
controller 10.0.0.35
172.129.35.1
compute 10.0.0.36
172.129.35.2
2.修改主机名,并添加hosts映射 /etc/hosts
[root@控制 ~]# hostnamectl set-hostname controller
[root@计算 ~]# hostnamectl set-hostname compute
[root@计算&控制 ~]# vi /etc/hosts
#在最后添加
10.0.0.35 controller
10.0.0.36 compute
3.关闭防火墙Selinux
[root@计算&控制 ~]# iptables -F
[root@计算&控制 ~]# iptables -X
[root@计算&控制 ~]# iptables -Z
[root@计算&控制 ~]# setenforce 0
[root@计算&控制 ~]# vi /etc/selinux/config
#将SELINUX=enforcing更改为SELINUX=Permissive
4.上传镜像
通过CRT上传镜像至/root目录下
5.配置本地yum源
[root@计算&控制 ~]# rm -rf /etc/yum.repos.d/*
[root@控制 ~]# mkdir /opt/openstack
[root@控制 ~]# mkdir /opt/centos
[root@控制 ~]# mount CentOS-7-x86_64-DVD-1804.iso /opt/centos/
[root@控制 ~]# mount openstack-queens-7.5.iso /opt/openstack/
[root@控制 ~]# vi /etc/yum.repo.d/ftp.repo
#添加如下
[openstack]
name=openstack
baseurl=file:///opt/openstack
gpgcheck=0
enabled=1
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[root@计算 ~]# vi /etc/yum.repo.d/ftp.repo
#添加如下
[openstack]
name=openstack
baseurl=ftp://source/openstack
gpgcheck=0
enabled=1
[centos]
name=centos
baseurl=ftp://source/centos
gpgcheck=0
enabled=1
二、Openstack基础环境安装
1.在控制节点和计算节点安装ntp服务
[root@计算&控制 ~]# yum -y install chrony
[root@控制 ~]# vi /etc/chrony.conf
编辑配置文件/etc/chrony.conf增加以下内容
server 172.129.35.0/24
local stratum 10
[root@控制 ~]# systemctl restart chronyd
[root@控制 ~]# systemctl enable chronyd
[root@计算 ~]# vi /etc/chrony.conf
#server 0.centos.pool.ntp.org iburst //注释掉这一行
#server 1.centos.pool.ntp.org iburst //注释掉这一行
#server 2.centos.pool.ntp.org iburst //注释掉这一行
#server 3.centos.pool.ntp.org iburst //注释掉这一行
server 172.129.35.1 iburst //添加
[root@计算 ~]# systemctl restart chronyd
[root@计算 ~]# systemctl enable chronyd
2.创建磁盘分区
[root@计算 ~]# fdisk -l //查看磁盘
[root@计算 ~]# fdisk /dev/md126 //对md126进行分区,按实际情况
Welcome to fdisk (util-linux 2.23.2).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Device does not contain a recognized partition table
Building a new DOS disklabel with disk identifier 0x89a2c7f8.
Command (m for help): n //输入n表示new一个分区
Partition type:
p primary (0 primary, 0 extended, 4 free)
e extended
Select (default p): p //输入p,p表示主分区,e表示扩展分区
Partition number (1-4, default 1): 1 //输入主分区号
First sector (2048-207615999, default 2048): Enter //起始分区,回车即可
Last sector, +sectors or +size{K,M,G} (20-2076, default 207615999): +100G //输入+100G表示分区大小为100
Partition 1 of type Linux and of size 10 GiB is set
Command (m for help): p //打印输入当前分区
Disk /dev/sda2: 106.3 GB, 106299392000 bytes, 207616000 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk label type: dos
Disk identifier: 0x89a2c7f8
Device Boot Start End Blocks Id System
/dev/md126p1 20971520 41943039 10485760 83 Linux
Command (m for help): w //对结果进行保存
按上述步骤再次创建一个分区
3.Openstack client安装
离线安装
在controller和compute节点上分别安装Openstack client。
[root@计算&控制 ~]# yum -y install openstack-utils openstack-selinux python-openstackclient
在线安装
cd /etc/pki/rpm-gpg
yum install -y wget
wget https://archive.fedoraproject.org/pub/epel/RPM-GPG-KEY-EPEL-7
yum install -y https://rdoproject.org/repos/rdo-release.rpm
yum install -y centos-release-openstack-queens
yum install -y python-openstackclient
yum install openstack-selinux -y
4.安装mariadb服务
在controller节点上安装mariadb服务并完成配置
[root@控制 ~]# yum install mariadb mariadb-server python2-PyMySQL -y
创建并编辑文件/etc/my.cnf.d/openstack.cnf增加如下内容
[mysqld]
bind-address=172.129.35.1
default-storage-engine=innodb
innodb_file_per_table=on
max_connections=4096
collation-server=utf8_general_ci
character-set-server=utf8
设置数据库服务开机启动,并启动
[root@控制 ~]# systemctl restart mariadb
[root@控制 ~]# systemctl enable mariadb
初始化数据库
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): Enter
OK, successfully used password, moving on...
Set root password? [Y/n] y
New password: 000000 //默认输入不会显示
Re-enter new password: 000000
Password updated successfully!
... Success!
Remove anonymous users? [Y/n] y
... Success!
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
... Success!
Thanks for using MariaDB!
5.安装rabbitmq消息队列
[root@控制 ~]# yum -y install rabbitmq-server
[root@控制 ~]# systemctl restart rabbitmq-server
[root@控制 ~]# systemctl enable rabbitmq-server
创建openstack用户、授权和角色设置
[root@controller ~]# rabbitmqctl add_user openstack 000000 //用户创建
Creating user "openstack" ...
[root@controller ~]# rabbitmqctl set_user_tags openstack administrator //角色赋予
Setting tags for user "openstack" to [administrator] ...
对何种资源具有配置、写、读的权限通过正则表达式来匹配,具体命令如下:
set_permissions [-p <vhostpath>] <user> <conf> <write> <read>
其中,<conf> <write> <read>的位置分别用正则表达式来匹配特定的资源,如'^(amq\.gen.*|amq\.default)$'可以匹配server生成的和默认的exchange,'^$'不匹配任何资源
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" //权限赋予
Setting permissions for user "openstack" in vhost "/" ...
[root@controller ~]# rabbitmqctl list_user_permissions user_admin //查看权限
[root@controller ~]# rabbitmqctl list_users //查看确认
6.安装memcached服务
在控制节点安装memcached服务
[root@controller ~]# yum install memcached python-memcached -y
编辑/etc/sysconfig/memcached文件设置一下内容
[root@controller ~]# vi /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1" //原内容
OPTIONS="" //添加
[root@controller ~]# systemctl restart memcached
[root@controller ~]# systemctl enable memcached
7.安装etcd服务
[root@controller ~]# yum -y install etcd
编辑文件/etc/etcd/etcd.conf设置以下内容
[root@controller ~]# vi /etc/etcd/etcd.conf
#ETCD_LISTEN_PEER_URLS="http://localhost:2380" //取消注释
#ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" //取消注释
ETCD_NAME="controller"
#ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380" //取消注释
#ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" //取消注释
#ETCD_INITIAL_CLUSTER="default=http://localhost:2380" //取消注释
#ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster" //取消注释
#ETCD_INITIAL_CLUSTER_STATE="new" //取消注释
[root@controller ~]# systemctl restart etcd
[root@controller ~]# systemctl enable etcd
8.安装Keystone服务
在mariadb上为keystone创建管理数据库
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by '000000';
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by '000000';
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
编辑文件/etc/keystone/keystone.conf修改如下配置
[root@controller ~]# ADMIN_TOKEN=$(openssl rand -hex 10)
[root@controller ~]# echo $ADMIN_TOKEN
8b6c120fab18b64f493
[root@controller ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
//过滤掉空格和注释,然后导入配置文件
[root@controller ~]# grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
//下面语句特殊情况用
grep -Ev '# |^$|#$' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
[root@controller ~]# vi /etc/keystone/keystone.conf
[DEFAULT]
...
admin_token = 8b6c120fab18b64f493 //echo $ADMIN_TOKEN生成的值
[database]
...
connection = mysql+pymysql://keystone:这里用密码替换@controller/keystone
[token]
...
provider = fernet
driver = memcache
[cache]
memcache_servers = 172.129.35.1:11211
在keystone上同步认证服务的数据库:
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# ll /var/log/keystone/
//正常情况显示
- rw-rw---- 1 root keystone 24812 May 10 15:25 keystone.log
检查数据库连接:
[root@controller ~]# mysql -h 172.129.35.1 -ukeystone -p000000 -e "use keystone;show tables;" //正常返回一堆表
初始化keystone Fernet keys密匙:
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller keystone]# ll /etc/keystone/ #初始化后创建fernet-keys目录,里面有KEY文件
drwx------ 2 keystone keystone 24 May 14 16:25 credential-keys
-rw-r----- 1 root keystone 2303 Feb 28 19:28 default_catalog.templates
drwx------ 2 keystone keystone 24 May 14 16:25 fernet-keys
-rw-r----- 1 root keystone 122660 May 14 16:24 keystone.conf
-rw-r----- 1 root keystone 122684 May 14 14:23 keystone.conf.rpmsave
-rw-r----- 1 root keystone 2493 Feb 28 19:28 keystone-paste.ini
-rw-r----- 1 root keystone 1046 Feb 28 19:28 logging.conf
-rw-r----- 1 root keystone 3 Feb 28 21:02 policy.json
-rw-r----- 1 keystone keystone 665 Feb 28 19:28 sso_callback_template.html
配置keystone引导身份服务
keystone-manage bootstrap \
--bootstrap-password 000000 \
--bootstrap-admin-url http://172.129.35.1:35357/v3/ \
--bootstrap-internal-url http://172.129.35.1:5000/v3/ \
--bootstrap-public-url http://172.129.35.1:5000/v3/ \
--bootstrap-region-id RegionOne
在keystone上配置 Apache HTTP 服务器:
编辑/etc/httpd/conf/httpd.conf 文件,配置ServerName 选项为控制节点
[root@controller ~]# vi /etc/httpd/conf/httpd.conf
ServerName controller
在apache目录下创建keystone配置文件,将keystone在apache中的配置文件软链接到apache目录下
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
重启httpd服务
[root@controller ~]# systemctl enable httpd
[root@controller ~]# systemctl restart httpd
查看5000和35357端口服务是否正常启动
[root@controller1 conf.d]# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 928/sshd
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1130/master
tcp6 0 0 :::5000 :::* LISTEN 1886/httpd
tcp6 0 0 :::80 :::* LISTEN 1886/httpd
tcp6 0 0 :::22 :::* LISTEN 928/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1130/master
tcp6 0 0 :::35357 :::* LISTEN 1886/httpd
注意!!!若出现35357端口没启动则按以下步骤,缺什么加什么
[root@controller ~]# vi /usr/share/keystone/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /identity /usr/bin/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin /usr/bin/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
curl验证是否正确
[root@controller ~]# curl 172.129.35.1:5000
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://172.129.35.1:5000/v3/", "rel": "self"}]}]}}[root@controller keystone]#
[root@controller ~]# curl 172.129.35.1:35357
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://172.129.35.1:5000/v3/", "rel": "self"}]}]}}[root@controller keystone]#
连接到keystone
配置keystone连接的环境变量
[root@controller ~]# export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://172.129.35.1:35357/v3
export OS_IDENTITY_API_VERSION=3
下面的操作都将按这些环境变量中的参数进行设定,记住admin用户和密码
创建名为service的服务
[root@controller]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 078bc842002c4ba2a005e0bb4ab4114b |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建平台demo项目
[root@controller]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 580791afda7142e3a7edea67c639a2b1 |
| is_domain | False |
| name | demo |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建demo用户
[root@controller]# openstack user create --domain default --password-prompt demo
User Password: 000000 //默认输入不显示
Repeat User Password: 000000
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | f2465f8034ac4f9aa6d411e3413fe05e |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建用户角色
[root@controller]# openstack role create user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | df3ed49e53dc48c4acb233c5080c6703 |
| name | user |
| options | {} |
+-------------+----------------------------------+
添加用户角色,给demo用户增加user权限
[root@controller# openstack role add --project demo --user demo user
//说明:此条命令执行成功后不返回参数
验证操作
先取消环境变量
[root@controller# unset OS_AUTH_URL OS_PASSWORD
使用export|grep OS_ 查看环境变量是否取消
[root@controller]# export|grep OS_
declare -x OS_IDENTITY_API_VERSION="3"
declare -x OS_PROJECT_DOMAIN_NAME="Default"
declare -x OS_PROJECT_NAME="admin"
declare -x OS_USERNAME="admin"
declare -x OS_USER_DOMAIN_NAME="Default"
admin用户返回的认证token
[root@controller]# openstack --os-auth-url http://172.129.35.1:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
Password: 000000 //默认不显示
Password: 000000
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-04-15T06:21:04+0000 |
| id | gAAAAABgd81A0yPfSXXvt0hMcyFWxoPJKeY7ArYXhpTAkvS11UXcGa3peUO-4N4lSUkXZVq3MuMbI2xXeH5MUceAL1bQHoZG9VU3YAKjzrE2HaXGqO-7S0XEdSd6MzNW9mnPoxPZuNo7bXwGjKZrBUzWzr-UdVFnkDuYLmih97emgPqnOTrRec0 |
| project_id | 8381345527d94cfc9991f8fd5a8d9e5b |
| user_id | d3f93386317e437bbea9240ce6133df5 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
demo用户返回的认证token
[root@controller]# openstack --os-auth-url http://172.129.35.1:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
Password: 000000 //密码默认不显示
Password: 000000
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-04-15T06:24:20+0000 |
| id | gAAAAABgd84EochlZqh-0D05CQHlEokMv2Cz-Ar_Ao5Z2-E3k0BFAqEvi7eeqsyRpchqoAD7g4xCwxnCiO1cAdztsq_4Zyh4J4zcxLcWFqonkWnKTBLiWghFUWwWemgsqnVIgZwq8pyOtuAkpzldGI0Eg4eR3S-3fjqiiQSVW-Bv6DEkSCCsinY |
| project_id | 580791afda7142e3a7edea67c639a2b1 |
| user_id | f2465f8034ac4f9aa6d411e3413fe05e |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建openstack 客户端环境脚本
每次都设环境变量,很不方便。创建下面的脚本,开机就执行
创建admin-openrc脚本
[root@controller ~]# vi /root/admin-openrc
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://172.129.35.1:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
创建demo-openrc脚本
[root@controller ~]# vi /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=000000
export OS_AUTH_URL=http://10.0.0.100:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# chmod 600 /root/admin-openrc #只有root用户才有读写权限
[root@controller ~]# source admin-openrc #执行source命令用法: source FileName 作用是在当前bash环境下读取并执行FileName中的命令。 注:该命令通常用命令“.”来替代
[root@controller ~]# export|grep OS_
在环境脚本中加上开机就能执行
[root@controller ~]# vi ~/.bash_profile
source ~/admin-openrc #在后面加上这一条
执行脚本测试keystone
[root@controller]# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 67a4f4fe192943bbbfa5657b9efd20fc | admin |
| 791b7cf737e142009dc0d5823cd0c0f6 | member |
| c972456f088a43c49f34533e82471d30 | reader |
| df3ed49e53dc48c4acb233c5080c6703 | user |
+----------------------------------+--------+
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2021-04-15T06:38:56+0000 |
| id | gAAAAABgd9Fwy0_V8UqMUogG0WxxlQIvQVhdBosAdUq7yATZLExCO5_459Sc3E3wyoow2OkVI-WWycG5ALpsdRXilNWAyXnCCrQwP2f6ed1v9w1izGdaL88wGiM3CLG12xqcgHDWAAnDCYURracJ9XQsolHSJAczrx5OTEEiTE9os_rWZyEQal4 |
| project_id | 8381345527d94cfc9991f8fd5a8d9e5b |
| user_id | d3f93386317e437bbea9240ce6133df5 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9.配置glance
在mariadb上为glance创建管理数据库并授权
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 23
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance; //here
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> flush privileges; //here
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000'; //here
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000'; //here
Query OK, 0 rows affected (0.001 sec)
在keystone上创建glance服务
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e84d735431f94b78b7d0839aee913b31 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加用户角色,给glance用户添加admin权限
[root@controller ~]# openstack role add --project service --user glance admin
说明:此条命令执行成功后不返回参数
创建名称为glance的镜像服务
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | da07188d559f43c29e9d1f642aaa013d |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建镜像服务三个API端点public,internal,admin
public API端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://172.129.35.1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fb1852ea514a45deb367ff04a2640368 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | da07188d559f43c29e9d1f642aaa013d |
| service_name | glance |
| service_type | image |
| url | http://172.129.35.1:9292 |
+--------------+----------------------------------+
internal API端点
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://172.129.35.1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7a473342d82942bd970241aceb7084c9 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | da07188d559f43c29e9d1f642aaa013d |
| service_name | glance |
| service_type | image |
| url | http://172.129.35.1:9292 |
+--------------+----------------------------------+
admin API端点
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://172.129.35.1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2e21228164dc48d8b7e98a8a8202e4cf |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | da07188d559f43c29e9d1f642aaa013d |
| service_name | glance |
| service_type | image |
| url | http://172.129.35.1:9292 |
+--------------+----------------------------------+
在glance1服务器上安装并配置glance
安装glance
[root@controller ~]# yum install openstack-glance -y
编辑/etc/glance/glance-api.conf参数
[root@controller ~]# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
[root@controller ~]# vi /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:000000@172.129.35.1/glance
[keystone_authtoken]
auth_uri = http://172.129.35.1:5000
auth_url = http://172.129.35.1:35357
memcached_servers = 172.129.35.1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 000000
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /glance/images/ #新挂载一个大硬盘,用于存放镜像文件,这里改了文件存放位置,一定要编辑/etc/passwd 中glance用户的家目,默认是:
glance:x:161:161:OpenStack Glance Daemons:/var/lib/glance:/sbin/nologin
[root@controller ~]# vi /etc/passwd
修改为
glance:x:161:161:OpenStack Glance Daemons:/glance:/sbin/nologin
不更改这里,镜像上传不了。
[root@controller /]# mkdir -p /glance/images/
还要更改/glance目录所有者权限:chown -hR glance:glance /glance
编辑/etc/glance/glance-registry.conf参数
[root@controller ~]# cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf
[root@controller ~]# vi /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@172.16.70.203/glance
[keystone_authtoken]
auth_uri = http://172.129.35.1:5000
auth_url = http://172.129.35.1:35357
memcached_servers = 172.129.35.1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
同步Glance数据库服务
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Database is synced successfully.(同步数据库成功)
启动Glance服务并将其配置为在系统启动时启动
[root@controller ~]# systemctl enable openstack-glance-api openstack-glance-registry
[root@controller ~]# systemctl restart openstack-glance-api openstack-glance-registry
验证Glance服务
1.获取admin凭证以获得对admin-only CLI命令的访问权
[root@controller ~]# . /root/admin-openrc
2.下载镜像
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
3.使用QCOW2磁盘格式、bare container格式和公共可见性讲镜像上传到Glance服务中,这样所有项目都可以访问它
[root@controller ~]# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2021-04-15T13:09:03Z |
| disk_format | qcow2 |
| file | /v2/images/9c573b70-d478-4d13-b9fd-1ee0b2409f38/file |
| id | 9c573b70-d478-4d13-b9fd-1ee0b2409f38 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 4bf30300a09a465aa214e455b8c74d11 |
| properties | os_hash_algo='sha512', os_hash_value='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 12716032 |
| status | active |
| tags | |
| updated_at | 2021-04-15T13:09:03Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- 确认镜像的上传和验证属性
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 9c573b70-d478-4d13-b9fd-1ee0b2409f38 | cirros | active |
+--------------------------------------+--------+--------+
10.Nova
创建数据库
[root@controller ~]# mysql -uroot -p000000
MariaDB [(none)]> create database nova_api;
MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'localhost' identified by '123456';
MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'%' identified by '123456';
MariaDB [(none)]> create database nova;
MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by '123456';
MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by '123456';
MariaDB [(none)]> create database nova_cell0;
MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by '123456';
MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'%' identified by '123456';
MariaDB [(none)]> exit
获取admin凭证以获得对admin-only CLI命令的访问:
[root@controller ~]# . /root/admin-openrc
创建计算服务证书:
创建nova用户
[root@controller ~]# openstack user create --domain default --password-prompt nova
将admin角色添加到nova用户中(无返回值)
[root@controller ~]# openstack role add --project service --user nova admin
创建nova服务实体
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 214b64570e9b45189d7028c598733481 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建Compute API服务端点
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0083d9b465fb4841b203185cb2cae155 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 214b64570e9b45189d7028c598733481 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cafe28032ae84b28b26a168055db03f6 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 214b64570e9b45189d7028c598733481 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1901f834f60747ff91ff9a779621049d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 214b64570e9b45189d7028c598733481 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
使用您选择的placementpass创建一个Placement service用户
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c01ee7a863664d5aaf6f67d69b56cb9a |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将Placement用户添加到服务项目中,并具有admin角色(无返回值)
[root@controller ~]# openstack role add --project service --user placement admin
在服务目录中创建Place API入口
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 32f167e6945641259b80ae278bd71b2c |
| name | placement |
| type | placement |
+-------------+----------------------------------+
创建Placement API服务端点
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6fac37667475468ebd331b2ee680fc2d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 32f167e6945641259b80ae278bd71b2c |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 76d49ab17d8c4775b6b7ea25d41f5d33 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 32f167e6945641259b80ae278bd71b2c |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a512fd605b094c6ea8853f8d24fbbc4f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 32f167e6945641259b80ae278bd71b2c |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
安装和配置组件
安装相关包
[root@controller ~]#yum install -y openstack-nova-api openstack-nova-conductor \
[root@controller ~]#openstack-nova-console openstack-nova-novncproxy \
[root@controller ~]#openstack-nova-scheduler openstack-nova-placement-api
编辑/etc/nova/nova.conf文件
[root@controller ~]# vi /etc/nova/nova.conf
在[DEFAULT]选项
只启用计算和元数据API
配置RabbitMQ消息队列访问
配置my_ip选项来使用控制器节点的管理接口IP地址
开启对网络服务的支持
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 192.168.100.10
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
默认情况下,Compute使用内部防火墙驱动程序。因为网络服务包括一个防火墙驱动程序,所以您必须使用nova.virt.防火墙来禁用计算防火墙驱动程序。NoopFirewallDriver防火墙的司机。
扫一扫
583
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
