搭建openstack(train)平台

环境装备：
三台虚拟机
ip1:192.168.200.23
ip2:192.168.200.24
Ip3:192.168.200.25
一、关闭selinux

setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

二、关闭防火墙

systemctl stop firewalld

三、配置host解析

echo “192.168.200.23 node1 
192.168.200.24 node2 
192.168.200.25 node3 ” >>/etc/hosts

四、免密登录

ssh-keygen
ssh-copy-id  node2
ssh-copy-id  node3

五、安装rabbitmq
参考：http://t.csdn.cn/bEiq6

六、node1节点部署
#安装python-openstackclient

yum upgrade -y
yum install centos-release-openstack-train -y
yum install python-openstackclient -y
yum install openstack-selinux -y
yum install mariadb mariadb-server python2-PyMySQL -y

#创建openstack配置文件

cat <<END >/etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.200.23

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8” 
END

#启动数据库并进行初始化

systemctl enable mariadb.service
systemctl start mariadb.service

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we’ll need the current
password for the root user. If you’ve just installed MariaDB, and
you haven’t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):
OK, successfully used password, moving on…

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables…
… Success!

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
… Success!

Normally, root should only be allowed to connect from ‘localhost’. This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n
… skipping.

By default, MariaDB comes with a database named ‘test’ that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y

• Dropping test database…
  … Success!
• Removing privileges on test database…
  … Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
… Success!

Cleaning up…

All done! If you’ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

#创建openstack用户

/home/rabbitmq/rabbitmq/sbin/rabbitmqctl add_user openstack admin
/home/rabbitmq/rabbitmq/sbin/rabbitmqctl set_permissions openstack ".*" ".*" ".*"
/home/rabbitmq/rabbitmq/sbin/rabbitmqctl  set_user_tags  openstack administrator

################安装memcache#################

yum install memcached python-memcached

systemctl enable memcached.service && systemctl start memcached.service

#查看memacache配置

cat /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"

[root@node1 ~]# netstat -anptu | grep 11211
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      125364/memcached
tcp6       0      0 ::1:11211               :::*                    LISTEN      125364/memcached

#数据库创建keystone库

mysql -u root -padmin

MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';

############安装keystone模块####################

yum install openstack-keystone httpd mod_wsgi

#修改keystone配置文件

vim /etc/keystone/keystone.conf 

[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@node1/keystone
[token]
provider = fernet

#同步数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

#初始化Fernet密钥存储库

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

#服务认证

keystone-manage bootstrap --bootstrap-password admin \
  --bootstrap-admin-url http://node1:5000/v3/ \
  --bootstrap-internal-url http://node1:5000/v3/ \
  --bootstrap-public-url http://node1:5000/v3/ \
  --bootstrap-region-id RegionOne

#修改httpd服务配置
vim /etc/httpd/conf/httpd.conf

ServerName node1

#配置文件软连接

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

#启动http服务

systemctl enable httpd.service
systemctl start httpd.service

#设置环境变量
vim openrc

 export OS_USERNAME=admin
 export OS_PASSWORD=admin
 export OS_PROJECT_NAME=admin
 export OS_USER_DOMAIN_NAME=Default
 export OS_PROJECT_DOMAIN_NAME=Default
 export OS_AUTH_URL=http://node1:5000/v3
 export OS_IDENTITY_API_VERSION=3

source openrc

#token获取值生成：

openssl rand -hex 10  #######这个就是获取随机值

#查看用户

openstack user list

openstack project  list

openstack service  list

openstack role  list

#创建一个domain, projects, users, and roles

 openstack project create --domain default \
  --description "Service Project" service
  
openstack project create --domain default \
  --description "Demo Project" myproject
  
openstack user create --domain default   --password=myuser  myuser

openstack role create myrole
openstack role add --project myproject --user myuser myrole  

###################安装镜像模块##########################
#创建glance库

mysql -u root -padmin
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';

#创建glance user

openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin

#创建glance 相关endpoint

openstack service create --name glance \
  --description "OpenStack Image" image

openstack endpoint create --region RegionOne \
  image public http://node1:9292

openstack endpoint create --region RegionOne \
  image internal http://node1:9292

openstack endpoint create --region RegionOne \
  image admin http://node1:9292

#安装glance软件

yum install openstack-glance

#修改配置文件
vim /etc/glance/glance-api.conf

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@node1/glance

[keystone_authtoken]
www_authenticate_uri  = http://node1:5000
auth_url = http://controller:5000
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

#同步数据库

su -s /bin/sh -c "glance-manage db_sync" glance

#启动glance服务

systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service 

#下载镜像源

wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

glance image-create --name "cirros" \
  --file cirros-0.4.0-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --visibility public

#查看镜像

 glance image-list

#####################安装nova模块#######################
#创建nova库

 mysql -u root -padmin

CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';

#创建nova的相关endpoint

openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin

openstack service create --name nova \
  --description "OpenStack Compute" compute
 
openstack endpoint create --region RegionOne \
  compute public http://node1:8774/v2.1

openstack endpoint create --region RegionOne \
  compute internal http://node1:8774/v2.1
   
openstack endpoint create --region RegionOne \
  compute admin http://node1:8774/v2.1

#安装nova软件

yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-novncproxy openstack-nova-scheduler -y

#修改配置文件
vim /etc/nova/nova.conf

[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@node1:5672/
my_ip = 192.168.230.131
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@node1/nova_api

[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@node1/nova
[api]
auth_strategy = keystone

[keystone_authtoken]
www_authenticate_uri = http://node1:5000/
auth_url = http://node1:5000/
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova

[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
api_servers = http://node1:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://node1:5000/v3
username = placement
password = placement

#同步数据库

 su -s /bin/sh -c "nova-manage api_db sync" nova
 su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova 
 su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova 
 su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

#启动nova服务

systemctl enable \
    openstack-nova-api.service \
    openstack-nova-scheduler.service \
    openstack-nova-conductor.service \
    openstack-nova-novncproxy.service
    
 systemctl start \
    openstack-nova-api.service \
    openstack-nova-scheduler.service \
    openstack-nova-conductor.service \
    openstack-nova-novncproxy.service

#################安装placement模块#######################
#创建placement库

mysql -u root -padmin
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
  IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
  IDENTIFIED BY 'PLACEMENT_DBPASS';

#创建placement相关endpoint

openstack user create --domain default --password=placement placement
openstack role add --project service --user placement admin

openstack service create --name placement \
  --description "Placement API" placement

openstack endpoint create --region RegionOne \
  placement public http://node1:8778
  
openstack endpoint create --region RegionOne \
  placement internal http://node1:8778 
  
openstack endpoint create --region RegionOne \
  placement admin http://node1:8778 

#安装placement软件

yum install openstack-placement-api -y

#修改配置文件
vim /etc/placement/placement.conf

[placement_database]

connection = mysql+pymysql://placement:PLACEMENT_DBPASS@node1/placement

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_url = http://node1:5000/v3
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement

#同步数据库

 su -s /bin/sh -c "placement-manage db sync" placement

#重启服务

 systemctl restart httpd

################安装neutron#######################
#创建neuron数据库

mysql -u root -padmin

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
  
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';

#创建neutron相关endpoint

 openstack user create --domain default --password-prompt neutron
 openstack role add --project service --user neutron admin

openstack service create --name neutron \
  --description "OpenStack Networking" network

openstack endpoint create --region RegionOne \
  network public http://node1:9696

openstack endpoint create --region RegionOne \
  network internal http://node1:9696

openstack endpoint create --region RegionOne \
  network admin http://node1:9696

#安装neuron软件

yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

#修改配置文件
vim /etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:admin@node1/neutron
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@node1
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
auth_url = http://node1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = true
local_ip = 192.168.230.131
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

vim /etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = linuxbridge
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

#创建软链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

#更新数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

#启动服务

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
  
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
  
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service 

#################安装horizon模块###################
#安装dashboard

 yum install openstack-dashboard -y

#修改配置文件
vim /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "node1"
ALLOWED_HOSTS = ['*']

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

vim /etc/apache2/conf-available/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

#重启服务

systemctl reload apache2.service

#登录界面
http://192.168.200.23/dashboard

######################安装cinder组件##################
#创建cinder库

 mysql -u root -padmin
 
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
  IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
  IDENTIFIED BY 'CINDER_DBPASS';

#创建cinder相关endpoint

openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin

openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2

 openstack service create --name cinderv3 \
  --description "OpenStack Block Storage" volumev3

openstack endpoint create --region RegionOne \
  volumev2 public http://node1:8776/v2/%\(project_id\)s
  
openstack endpoint create --region RegionOne \
  volumev2 internal http://node1:8776/v2/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev2 admin http://node1:8776/v2/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev3 public http://node1:8776/v3/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev3 internal http://node1:8776/v3/%\(project_id\)s

openstack endpoint create --region RegionOne \
  volumev3 admin http://node1:8776/v3/%\(project_id\)s

#安装cinder软件

 yum install openstack-cinder -y

#修改配置文件
vim /etc/cinder/cinder.conf

[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@node1/cinder
[DEFAULT]
auth_strategy = keystone
my_ip = 192.168.230.131
[keystone_authtoken]
www_authenticate_uri = http://node1:5000
auth_url = http://node1:5000
memcached_servers = node1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp

vim /etc/nova/nova.conf

[cinder]
os_region_name = RegionOne

#启动服务

systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
 
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

########################node2节点###################
#安装nova和neutron组件即可

#######################node3节点####################
#安装cider组件