环境准备
最少三台虚拟机需要一个对外网段和内网管理网段
controller :管理网络 - 内网192.168.122.11 , 外部网络 192.168.100.11
compute : 管理网络-内网192.168.122.12, 外部网络192.168.100.12
cinder :管理网络-内网192.168.122.13,提供存储不需要外网
①主机名解析
②关闭防火墙与SElinux (SElinux关闭后需要重启生效)
③时间同步
准备好环境开始 ,由于OpenStack需要用的密码很多,我这里统一使用lyh.com
所有节点配置yum源
# yum install yum-plugin-priorities -y
# yum install https://mirrors.aliyun.com/centos-vault/altarch/7.5.1804/extras/aarch64/Packages/centos-release-openstack-pike-1-1.el7.x86_64.rpm -y
# vim /etc/yum.repos.d/CentOS-OpenStack-pike.repo
把
baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-pike/
替换成阿里源
baseurl=https://mirror.tuna.tsinghua.edu.cn/cc/7/cloud/x86_64/openstack-pike/
所有节点安装openstack基础工具
# yum install python-openstackclient openstack-selinux openstack-utils -y
计算节点安装基本软件包
[root@compute ~]# yum install qemu-kvm libvirt bridge-utils -y
[root@compute ~]# ln -sv /usr/libexec/qemu-kvm /usr/bin/
‘/usr/bin/qemu-kvm’ -> ‘/usr/libexec/qemu-kvm’
安装支撑性服务
数据库部署
在控制节点安装mariadb(也可以安装单独的节点,甚至安装数据库集群)
参考: https://docs.openstack.org/zh_CN/install-guide/environment-sql-database-rdo.html
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
增加子配置文件
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.122.11 # ip为控制节点管理网段IP
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动服务
[root@controller ~]# systemctl restart mariadb
[root@controller ~]# systemctl enable mariadb
安装初始化
建议全部统一密码
[root@controller ~]# mysql_secure_installation
第一个直接回车,
第二个按 y 设置新密码
第三个重复输入一遍密码
其余一路按 Y
rabbitmq部署
1,在控制节点安装rabbitmq
[root@controller ~]# yum install erlang socat rabbitmq-server -y
2, 启动服务并验证端口
[root@controller ~]# systemctl restart rabbitmq-server
[root@controller ~]# systemctl enable rabbitmq-server
[root@controller ~]# netstat -ntlup |grep 5672
3,增加openstack用户,并授予权限
密码我这里还是统一为lyh.com
[root@controller ~]# rabbitmqctl add_user openstack lyh.com
给openstack对所有资源有配置,读,写权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
开启rabbitmq_management插件
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
memcache部署
在控制节点安装相关软件包
[root@controller ~]# yum install memcached python-memcached -y
2,配置memcached监听
[root@controller ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 192.168.122.11,::1"
将127.0.0.1改为控制节点的管理网络IP,以便其它节点组件也可以访问memcache
启动服务并验证端口
[root@controller ~]# systemctl restart memcached
[root@controller ~]# systemctl enable memcached
[root@controller ~]# netstat -ntlup |grep :11211
认证服务keystone
参考: https://docs.openstack.org/keystone/pike/install/keystone-install-rdo.html
数据库创建keystone库并授权
[root@controller ~]# mysql -plyh.com (实际工作中不能吧数据库密码敲在命令行,不安全)
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all on keystone.* to 'keystone'@'localhost' identified by 'lyh.com';
MariaDB [(none)]> grant all on keystone.* to 'keystone'@'%' identified by 'lyh.com';
MariaDB [(none)]> flush privileges;
在控制节点安装keystone相关软件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
配置keystone
[root@controller ~]# vim /etc/keystone/keystone.conf
我这里写出了行号,直接找到对应行修改
配置连接rabbitmq 这里的lyh.com改成自己的密码
405 transport_url = rabbit://openstack:lyh.com@controller:5672
配置连接keystone 后面只要看到lyh.com一律改成自己密码
661 connection = mysql+pymysql://keystone:lyh.com@controller/keystone
打开下面这名的注释,fernet为令牌的提供者(也就是令牌的一种方式,fernet方式小巧且加密)
2774 provider = fernet
初始化数据库里的数据
[root@controller ~]# mysql -h controller -u keystone -plyh.com -e 'use keystone;show tables;'
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化keystone认证信息
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
初始化openstack管理员账号的api信息
[root@controller ~]# keystone-manage bootstrap --bootstrap-password lyh.com \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
lyh.com为我设置的openstack管理员的密码
配置httpd,并启动服务
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
95行 ServerName controller:80 修改
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl restart httpd
[root@controller ~]# systemctl enable httpd
[root@controller ~]# netstat -ntlup |grep http
创建domain,project,user和role
1,创建admin用户的变量脚本
[root@controller ~]# vim admin-openstack.sh
export OS_USERNAME=admin
export OS_PASSWORD=lyh.com
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2,创建project
[root@controller ~]# source admin-openstack.sh
[root@controller ~]# openstack project list
3,创建service项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
4,创建demo项目
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
[root@controller ~]# openstack project list
5,创建demo用户
[root@controller ~]# openstack user create --domain default --password lyh.com demo
[root@controller ~]# openstack user list
6,创建role
[root@controller ~]# openstack role create user
[root@controller ~]# openstack role list
7, 把demo用户加入到user角色中
[root@controller ~]# openstack role add --project demo --user demo user
添加用户环境变量脚本
[root@controller ~]# vim demo-openstack.sh
export OS_USERNAME&#