一、环境
yum源设置
cat > /etc/yum.repos.d/rdo-release.repo << EOF
[openstack-newton]
name=OpenStack Newton Repository
baseurl=http://mirrors.aliyun.com/centos/\$releasever/cloud/\$basearch/openstack-newton/
gpgcheck=0
enabled=1
EOF
控制节点:192.168.2.24 controller
计算节点:192.168.2.23 compute
所有节点
vim /etc/hosts
...
192.168.2.24 controller
192.168.2.23 compute
配置时间同步服务器
控制节点
yum -y install ntp
vim /etc/ntp.conf
...
server 192.168.2.24 iburst
计算节点
yum -y install ntp
vim /etc/ntp.conf
...
server 192.168.2.24 iburst
#注释掉所有server
控制节点
下载组件
yum -y install python-openstackclient
yum -y install openstack-selinux
yum -y install mariadb mariadb-server python2-PyMySQL
编辑配置文件
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.2.24
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动服务
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
输入密码
创建数据库
mysql -uroot -p123
创建认证服务授权
create database keystone;
grant all on keystone.* to 'keystone'@'localhost' identified by '123';
grant all on keystone.* to 'keystone'@'%' identified by '123';
创建镜像数据库授权
create database glance;
grant all on glance.* to 'glance'@'%' identified by '123';
grant all on glance.* to 'glance'@'localhost' identified by '123';
创建虚拟化数据库授权
create database nova;
grant all on nova.* to 'nova'@'localhost' identified by '123';
grant all on nova.* to 'nova'@'%' identified by '123';
创建nova-api数据库
create database nova_api;
grant all on nova_api.* to 'nova_api'@'localhost' identified by '123';
grant all on nova_api.* to 'nova_api'@'%' identified by '123';
创建网络资源管理数据库
create database neutron;
grant all on neutron.* to 'neutron'@'%' identified by '123';
grant all on neutron.* to 'neutron'@'localhost' identified by '123';
刷新
flush privileges;
exit
下载组件/启动服务
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
配置rabbitmq
rabbitmqctl add_user openstack 123
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
systemctl stop firewalld.service
测试
192.168.2.24:15672
username:guest
password:guest
二、认证服务
控制节点
下载组件
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
openssl rand -hex 10
2d45c09c544cd5528bec
编辑配置文件
vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 2d45c09c544cd5528bec
[database]
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
driver = memcache
[memcache]
servers = controller:11211
grep '^[a-z]' /etc/keystone/keystone.conf
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql -h 192.168.2.24 -ukeystone -p123 -e "use keystone;show tables;"
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
启动服务
systemctl start memcached.service
systemctl enable memcached.service
netstat -anpt | grep 11211
cat /etc/sysconfig/memcached
编辑配置文件
vim /etc/httpd/conf/httpd.conf
...
ServerName controller:80
...
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
设置开机启动
systemctl enable httpd.service
systemctl start httpd.service
netstat -anpt | grep httpd
连接keystone
设置环境变量
export OS_TOKEN=2d45c09c544cd5528bec
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建default域
openstack domain create --description "Default Domain" Default
创建admin项目
openstack project create --domain default --description "Admin Project" admin
创建admin用户
openstack user create --domain default --password-prompt admin
User Password:123
Repeat User Password:123
创建admin角色
openstack role create admin
添加admin角色到admin用户
openstack role add --project admin --user admin admin
创建demo项目
openstack project create --domain default --description "Demo Project" demo
创建demo用户
openstack user create --domain default --password-prompt demo
User Password:123
Repeat User Password:123
创建user角色
openstack role create user
添加user角色到demo用户
openstack role add --project demo --user demo user
创建service项目
openstack project create --domain default --description "Demo Project" service
创建glance用户
openstack user create --domain default --password-prompt glance
User Password:123
Repeat User Password:123
添加glance和admin用户到service项目
openstack role add --project service --user glance admin
创建nova用户
openstack user create --domain default --password-prompt nova
User Password:123
Repeat User Password:123
添加nova和admin用户到service项目
openstack role add --project service --user nova admin
创建neutron用户
openstack user create --domain default --password-prompt neutron
User Password:123
Repeat User Password:123
添加neutron和admin用户到service项目
openstack role add --project service --user neutron admin
出错查看命令
user create
user delete
user list
user password set
user set
user show
service create
service delete
service list
service provider create
service provider delete
service provider list
service provider set
service provider show
service set
service show
openstack project list查看是否有项目
openstack user list 查看是否有用户
创建服务
openstack service create --name keystone --description "OpenStack Identity" identity
创建endpoint(创建公有端点public)
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
创建私有端点(internal)
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
创建admin
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
测试
unset OS_TOKEN OS_URL
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
password:123
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
password:123
创建脚本
vim admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source admin-openstack.sh
openstack token issue
vim demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source demo-openstack.sh
openstack token issue
三、镜像服务
控制节点
安装组件
yum install openstack-glance -y
编辑配置文件
vim /etc/glance/glance-api.conf
...
[database]
connection = mysql+pymysql://glance:123@controller/glance
...
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
...
[paste_deploy]
flavor = keystone
...
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images
...
vim /etc/glance/glance-registry.conf
...
[database]
connection = mysql+pymysql://glance:123@controller/glance
...
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
...
[paste_deploy]
flavor = keystone
...
同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
mysql -h 192.168.2.24 -u glance -p123 -e "use glance;show tables;"
检查
grep '^[a-z]' /etc/glance/glance-api.conf
grep '^[a-z]' /etc/glance/glance-registry.conf
设置开机启动
systemctl enable openstack-glance-api.service
systemctl enable openstack-glance-registry.service
systemctl start openstack-glance-api.service
systemctl start openstack-glance-registry.service
netstat -anpt | grep python2
创建服务
source /admin-openstack.sh
openstack service create --name glance --description "OpenStack Image" image
创建镜像服务api端点
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
测试
openstack image list
glance image-list
上传一个镜像测试
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
glance image list
四、计算服务
控制节点
安装组件
yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novancporxy \
openstack-nova-scheduler
编辑配置文件
vim /etc/nova/nova.conf
...
[database]
connection=mysql+pymysql://nova:123@controller/nova
...
[api_database]
connection=mysql+pymysql://nova_api:123@controller/nova-api
...
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova_api
su -s /bin/sh -c "nova-manage db sync" nova
检查数据库
mysql -h 192.168.2.24 -unova -p123 -e "use nova;show tables;"
mysql -h 192.168.2.24 -unova_api -p123 -e "use nova_api;show tables;"
配置keystone
vim /etc/nova/nova.conf
...
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123
...
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone_authtoken
rabbit_host = controller:5672
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 123
enabled_apis = osapi_compute,metadata
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
...
vncserver_listen = controller
vncserver_proxyclient_address = controller
...
[glance]
api_servers = http://controller:9292
...
[oslo_concurency]
locak_path = /var/lib/nova/tmp
grep '^[a-z]' /etc/nova/nova.conf
设置开机启动
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncporxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncporxy.service
创建nova服务
source /admin-openstack.sh
openstack service create --name nova --description "Openstack Compute" compute
创建Compute服务api端点
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
检查控制节点是否成功
openstack host list
计算节点
安装组件
yum -y install openstack-nova-compute
编辑配置文件
vim /etc/nova/nova.conf
[DEFAULT]
...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
my_ip = 192.168.2.24
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
查看硬件支持虚拟化
egrep -c '(vmx|svm)' /proc/cpuinfo #返回0执行以下操作
vim /etc/nova/nova.conf
[libvirt]
...
virt_type = qemu
启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
验证操作
. admin-openstack.sh
openstack compute service list
五、NetworKing服务
控制节点
创建实体、API端点
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
安装组件
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
编辑配置文件
vim /etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:123@controller/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123
[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[securitygroup]
...
enable_ipset = True
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123
vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = True
metadata_proxy_shared_secret = 123
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
neutron agent-list
计算节点
安装组件
yum -y install openstack-neutron-linuxbridge ebtables ipset
编辑配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
...
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123
重启服务
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
验证操作
. admin-openrc
neutron ext-list
openstack network agent list
六、Dashboard服务
控制节点
安装组件
yum -y install openstack-dashboard
编辑配置文件
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "TIME_ZONE"
启动服务
systemctl restart httpd.service memcached.service
验证操作
http://controller/dashboard
七、Block Storage 服务
控制节点
创建数据库
mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123';
创建服务、实体、API
. admin-openrc
openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
安装组件
yum -y install openstack-cinder
编辑配置文件
vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123@controller/cinder
[DEFAULT]
...
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
my_ip = 192.168.2.24
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
同步数据库
su -s /bin/sh -c "cinder-manage db sync" cinder
重启服务
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
存储节点
安装组件
yum -y install lvm2
yum -y install openstack-cinder targetcli python-keystone
启动服务
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
创建卷/卷组
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
编辑配置文件
vim /etc/lvm/lvm.conf
devices {
...
filter = [ "a/sdb/", "r/.*/"]
vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123@controller/cinder
[DEFAULT]
...
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
my_ip = 192.168.2.24
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
重启服务
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
验证操作
vgs -vvv
. admin-openrc
openstack volume service list
八、启动一个实例
创建虚拟网络
. admin-openrc
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
openstack subnet create --network provider \
--allocation-pool start=203.0.113.101,end=203.0.113.250 \
--dns-nameserver 8.8.4.4 --gateway 203.0.113.1 \
--subnet-range 203.0.113.0/24 provider
创建虚拟主机
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
创建键值对
. demo-openrc
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack keypair list
增加安全组规则
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
确认实例选项
. demo-openrc
openstack flavor list
openstack image list
openstack network list
openstack security group list
创建实例
openstack server create --flavor m1.nano --image cirros \
--security-group default --key-name mykey provider-instance
验证操作
openstack server list
yum源设置
cat > /etc/yum.repos.d/rdo-release.repo << EOF
[openstack-newton]
name=OpenStack Newton Repository
baseurl=http://mirrors.aliyun.com/centos/\$releasever/cloud/\$basearch/openstack-newton/
gpgcheck=0
enabled=1
EOF
控制节点:192.168.2.24 controller
计算节点:192.168.2.23 compute
所有节点
vim /etc/hosts
...
192.168.2.24 controller
192.168.2.23 compute
配置时间同步服务器
控制节点
yum -y install ntp
vim /etc/ntp.conf
...
server 192.168.2.24 iburst
计算节点
yum -y install ntp
vim /etc/ntp.conf
...
server 192.168.2.24 iburst
#注释掉所有server
控制节点
下载组件
yum -y install python-openstackclient
yum -y install openstack-selinux
yum -y install mariadb mariadb-server python2-PyMySQL
编辑配置文件
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.2.24
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动服务
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
输入密码
创建数据库
mysql -uroot -p123
创建认证服务授权
create database keystone;
grant all on keystone.* to 'keystone'@'localhost' identified by '123';
grant all on keystone.* to 'keystone'@'%' identified by '123';
创建镜像数据库授权
create database glance;
grant all on glance.* to 'glance'@'%' identified by '123';
grant all on glance.* to 'glance'@'localhost' identified by '123';
创建虚拟化数据库授权
create database nova;
grant all on nova.* to 'nova'@'localhost' identified by '123';
grant all on nova.* to 'nova'@'%' identified by '123';
创建nova-api数据库
create database nova_api;
grant all on nova_api.* to 'nova_api'@'localhost' identified by '123';
grant all on nova_api.* to 'nova_api'@'%' identified by '123';
创建网络资源管理数据库
create database neutron;
grant all on neutron.* to 'neutron'@'%' identified by '123';
grant all on neutron.* to 'neutron'@'localhost' identified by '123';
刷新
flush privileges;
exit
下载组件/启动服务
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
配置rabbitmq
rabbitmqctl add_user openstack 123
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmq-plugins enable rabbitmq_management
systemctl stop firewalld.service
测试
192.168.2.24:15672
username:guest
password:guest
二、认证服务
控制节点
下载组件
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
openssl rand -hex 10
2d45c09c544cd5528bec
编辑配置文件
vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 2d45c09c544cd5528bec
[database]
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
driver = memcache
[memcache]
servers = controller:11211
grep '^[a-z]' /etc/keystone/keystone.conf
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql -h 192.168.2.24 -ukeystone -p123 -e "use keystone;show tables;"
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
启动服务
systemctl start memcached.service
systemctl enable memcached.service
netstat -anpt | grep 11211
cat /etc/sysconfig/memcached
编辑配置文件
vim /etc/httpd/conf/httpd.conf
...
ServerName controller:80
...
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
设置开机启动
systemctl enable httpd.service
systemctl start httpd.service
netstat -anpt | grep httpd
连接keystone
设置环境变量
export OS_TOKEN=2d45c09c544cd5528bec
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建default域
openstack domain create --description "Default Domain" Default
创建admin项目
openstack project create --domain default --description "Admin Project" admin
创建admin用户
openstack user create --domain default --password-prompt admin
User Password:123
Repeat User Password:123
创建admin角色
openstack role create admin
添加admin角色到admin用户
openstack role add --project admin --user admin admin
创建demo项目
openstack project create --domain default --description "Demo Project" demo
创建demo用户
openstack user create --domain default --password-prompt demo
User Password:123
Repeat User Password:123
创建user角色
openstack role create user
添加user角色到demo用户
openstack role add --project demo --user demo user
创建service项目
openstack project create --domain default --description "Demo Project" service
创建glance用户
openstack user create --domain default --password-prompt glance
User Password:123
Repeat User Password:123
添加glance和admin用户到service项目
openstack role add --project service --user glance admin
创建nova用户
openstack user create --domain default --password-prompt nova
User Password:123
Repeat User Password:123
添加nova和admin用户到service项目
openstack role add --project service --user nova admin
创建neutron用户
openstack user create --domain default --password-prompt neutron
User Password:123
Repeat User Password:123
添加neutron和admin用户到service项目
openstack role add --project service --user neutron admin
出错查看命令
user create
user delete
user list
user password set
user set
user show
service create
service delete
service list
service provider create
service provider delete
service provider list
service provider set
service provider show
service set
service show
openstack project list查看是否有项目
openstack user list 查看是否有用户
创建服务
openstack service create --name keystone --description "OpenStack Identity" identity
创建endpoint(创建公有端点public)
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
创建私有端点(internal)
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
创建admin
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
测试
unset OS_TOKEN OS_URL
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
password:123
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
password:123
创建脚本
vim admin-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source admin-openstack.sh
openstack token issue
vim demo-openstack.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source demo-openstack.sh
openstack token issue
三、镜像服务
控制节点
安装组件
yum install openstack-glance -y
编辑配置文件
vim /etc/glance/glance-api.conf
...
[database]
connection = mysql+pymysql://glance:123@controller/glance
...
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
...
[paste_deploy]
flavor = keystone
...
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images
...
vim /etc/glance/glance-registry.conf
...
[database]
connection = mysql+pymysql://glance:123@controller/glance
...
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
...
[paste_deploy]
flavor = keystone
...
同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
mysql -h 192.168.2.24 -u glance -p123 -e "use glance;show tables;"
检查
grep '^[a-z]' /etc/glance/glance-api.conf
grep '^[a-z]' /etc/glance/glance-registry.conf
设置开机启动
systemctl enable openstack-glance-api.service
systemctl enable openstack-glance-registry.service
systemctl start openstack-glance-api.service
systemctl start openstack-glance-registry.service
netstat -anpt | grep python2
创建服务
source /admin-openstack.sh
openstack service create --name glance --description "OpenStack Image" image
创建镜像服务api端点
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
测试
openstack image list
glance image-list
上传一个镜像测试
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
glance image list
四、计算服务
控制节点
安装组件
yum -y install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novancporxy \
openstack-nova-scheduler
编辑配置文件
vim /etc/nova/nova.conf
...
[database]
connection=mysql+pymysql://nova:123@controller/nova
...
[api_database]
connection=mysql+pymysql://nova_api:123@controller/nova-api
...
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova_api
su -s /bin/sh -c "nova-manage db sync" nova
检查数据库
mysql -h 192.168.2.24 -unova -p123 -e "use nova;show tables;"
mysql -h 192.168.2.24 -unova_api -p123 -e "use nova_api;show tables;"
配置keystone
vim /etc/nova/nova.conf
...
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123
...
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone_authtoken
rabbit_host = controller:5672
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = 123
enabled_apis = osapi_compute,metadata
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
...
vncserver_listen = controller
vncserver_proxyclient_address = controller
...
[glance]
api_servers = http://controller:9292
...
[oslo_concurency]
locak_path = /var/lib/nova/tmp
grep '^[a-z]' /etc/nova/nova.conf
设置开机启动
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncporxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncporxy.service
创建nova服务
source /admin-openstack.sh
openstack service create --name nova --description "Openstack Compute" compute
创建Compute服务api端点
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
检查控制节点是否成功
openstack host list
计算节点
安装组件
yum -y install openstack-nova-compute
编辑配置文件
vim /etc/nova/nova.conf
[DEFAULT]
...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
my_ip = 192.168.2.24
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
查看硬件支持虚拟化
egrep -c '(vmx|svm)' /proc/cpuinfo #返回0执行以下操作
vim /etc/nova/nova.conf
[libvirt]
...
virt_type = qemu
启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
验证操作
. admin-openstack.sh
openstack compute service list
五、NetworKing服务
控制节点
创建实体、API端点
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
安装组件
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
编辑配置文件
vim /etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:123@controller/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123
[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[securitygroup]
...
enable_ipset = True
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123
vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = True
metadata_proxy_shared_secret = 123
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
neutron agent-list
计算节点
安装组件
yum -y install openstack-neutron-linuxbridge ebtables ipset
编辑配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
...
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123
重启服务
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
验证操作
. admin-openrc
neutron ext-list
openstack network agent list
六、Dashboard服务
控制节点
安装组件
yum -y install openstack-dashboard
编辑配置文件
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "TIME_ZONE"
启动服务
systemctl restart httpd.service memcached.service
验证操作
http://controller/dashboard
七、Block Storage 服务
控制节点
创建数据库
mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123';
创建服务、实体、API
. admin-openrc
openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
安装组件
yum -y install openstack-cinder
编辑配置文件
vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123@controller/cinder
[DEFAULT]
...
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
my_ip = 192.168.2.24
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
同步数据库
su -s /bin/sh -c "cinder-manage db sync" cinder
重启服务
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
存储节点
安装组件
yum -y install lvm2
yum -y install openstack-cinder targetcli python-keystone
启动服务
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
创建卷/卷组
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
编辑配置文件
vim /etc/lvm/lvm.conf
devices {
...
filter = [ "a/sdb/", "r/.*/"]
vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123@controller/cinder
[DEFAULT]
...
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
my_ip = 192.168.2.24
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = 123
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
重启服务
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
验证操作
vgs -vvv
. admin-openrc
openstack volume service list
八、启动一个实例
创建虚拟网络
. admin-openrc
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
openstack subnet create --network provider \
--allocation-pool start=203.0.113.101,end=203.0.113.250 \
--dns-nameserver 8.8.4.4 --gateway 203.0.113.1 \
--subnet-range 203.0.113.0/24 provider
创建虚拟主机
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
创建键值对
. demo-openrc
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack keypair list
增加安全组规则
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
确认实例选项
. demo-openrc
openstack flavor list
openstack image list
openstack network list
openstack security group list
创建实例
openstack server create --flavor m1.nano --image cirros \
--security-group default --key-name mykey provider-instance
验证操作
openstack server list
问题解决: