手动部署OpenStack社区Train版本非容器化单机环境操作步骤

最新推荐文章于 2024-04-23 23:59:36 发布

领悟云计算

最新推荐文章于 2024-04-23 23:59:36 发布

阅读量1k

点赞数 1

分类专栏： OpenStack架构及源码分析文章标签：云计算 openstack python

本文链接：https://blog.csdn.net/weixin_43620963/article/details/127850597

版权

OpenStack架构及源码分析专栏收录该内容

2 篇文章 1 订阅

订阅专栏

对于OpenStack初学者来说，由于OpenStack涉及的组件众多，直接阅读OpenStack代码较为困难，并且亟需一套OpenStack环境进行实际操作，在实践中学习OpenStack架构及原理。下面将介绍基于CentOS7.6 mini操作系统手动部署OpenStack Train版本环境步骤。

1：配置OpenStack Packages安装源

yum install centos-release-openstack-train

执行yum upgrade命令更新每个节点上的packages:

yum upgrade

2：安装并配置SQL

安装SQL相关的packages

yum install mariadb mariadb-server python2-PyMySQL

修改配置文件，在/etc/my.cnf…d/目录下创建openstack.cnf配置文件，其中bind-address配置为控制节点的VIP。

[mysqld]
bind-address = 192.168.86.137

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启动mariadb服务

systemctl enable mariadb.service
systemctl start mariadb.service

对数据库进行安全配置

mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] n
 ... skipping.

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

配置完成后校验数据库服务是否正常。

3：安装部署消息队列服务rabbitmq

安装rabbitmq packages

yum install rabbitmq-server

enable并启动rabbitmq服务

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

创建openstack用户

rabbitmqctl add_user openstack openstack

修改配置，赋予openstack用户消息的读写权限

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

4：安装部署memcached

安装memcached package

yum install memcached python-memcached

配置memechaced

vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 192.168.86.137,::1"

enable并启动memcached服务

systemctl enable memcached.service
systemctl start memcached.service

5：安装部署etcd服务

安装etcd package

yum install etcd

配置etcd

#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.86.137:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.86.137:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.86.137:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.86.137:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.86.137:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

enable并启动etcd服务

systemctl enable etcd
systemctl start etcd

6：安装部署keystone
使用root用户登录数据库

mysql -u root -p

创建keystone database

MariaDB [(none)]> CREATE DATABASE keystone;

设置权限

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'cloud';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'cloud';

安装keystone相关的package

yum install openstack-keystone apache2 apache2-mod_wsgi

修改keystone配置文件

vim /etc/keystone/keystone.conf
[database]
connection= mysql+pymysql://keystone:cloud@admin@node0/keystone
同步keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet key
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Bootstrap the Identity service
keystone-manage bootstrap --bootstrap-password cloudadmin --bootstrap-admin-url http://node0:5000/v3/ --bootstrap-internal-url http://node0:5000/v3/ --bootstrap-public-url http://node0:5000/v3/ --bootstrap-region-id RegionOne

编辑/etc/sysconfig/apache2并配置APACHE_SERVERNAME

APACHE_SERVERNAME="node0"

创建/etc/apache2/conf.d/wsgi-keystone.conf配置文件

Listen 5000

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/apache2/keystone.log
    CustomLog /var/log/apache2/keystone_access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

修改/etc/keystone目录权限

chown -R keystone:keystone /etc/keystone

enable并启动apache2服务

systemctl enable apache2.service
systemctl start apache2.service

export admin用户的环境变量

$ export OS_USERNAME=admin
$ export OS_PASSWORD=cloudadmin
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://node0:5000/v3
$ export OS_IDENTITY_API_VERSION=3

创建projects, users, and roles

 openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

openstack project create --domain default  --description "Demo Project" myproject
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain   | False                            |
| name        | myproject                        |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

openstack user create --domain default  --password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | aeda23aa78f44e859900e22c24817832 |
| name                | myuser                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

openstack role create myrole
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 997ce8d05fc143ac97d83fdfb5998552 |
| name      | myrole                           |
+-----------+----------------------------------+

openstack role add --project myproject --user myuser myrole

创建admin用户环境变量文件/roo/admin.rc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=cloudadmin
export OS_AUTH_URL=http://node0:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

7：安装部署glance

创建glance database

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE glance;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'cloud';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'cloud';

创建glance user

# source /root/admin.rc

# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 3f4e777c4062483ab8d9edd7dff829df |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# openstack role add --project service --user glance admin

# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------

创建glance endpoint

 # openstack endpoint create --region RegionOne image public http://node0:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 340be3625e9b4239a6415d034e98aace |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne image internal http://node0:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne image admin http://node0:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0c37ed58103f4300a84ff125a539032d |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

安装glance package

yum install glance

修改glance配置

[DEFAULT]
debug = True
bind_host = node0
workers = 2
public_endpoint = http://node0:9292
registry_host = node0
registry_port = 10191
show_image_direct_url = true
rpc_backend = rabbit
[database]
connection = mysql+pymysql://glance:cloud@node0@node0:3306/glance
[keystone_authtoken]
auth_uri = http://node0:5000
auth_url = http://node0:35357
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = cloudadmin
memcached_servers = node0:12211
[paste_deploy]
flavor = keystone
[oslo_messaging_notifications]
driver =
[oslo_messaging_rabbit]
heartbeat_timeout_threshold = 10
rabbit_userid = openstack
rabbit_password = openstack
rabbit_hosts = node0:5671
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/