一、虚拟机安装操作系统
主机名 | 计算资源 | 网络 | 磁盘 | root密码 |
node1-czy | 6vcpu/8G | NAT(192.168.16.16)VMnet5网卡(10.16.16.16) | 100G | 123456 |
node2-czy | 6vcpu/8G | NAT(192.168.16.17)VMnet5网卡(10.16.16.17) | 100G | 123456 |
虚拟机文件存放位置建议选择电脑容量较大的分区,大概占用四五十GB
安装操作系统过程中需要打开网卡功能,如果不能正常获取IP地址,则检查网络的配置是否配置正确,检查“更改网络适配器”中Vmnet8的网卡是否正常、VMware Workstation“虚拟网络适配器”中的网络配置是否正常、虚拟机的网卡配置是否正确
二、增加域名解析(控制和计算节点)
1. vim /etc/hosts
192.168.16.16 node1czy
192.168.16.17 node1czy
2.scp /etc/hosts 10.16.16.17:/etc/hosts
三、关闭firewalld和selinux(控制和计算节点)
systemctl stop firewalld
systemctl disable firewalld
vi /etc/sysconfig/selinux
SELINUX=disabled
setenforce 0
四、准备yum源(控制和计算节点)
备份://如果没有下载wget工具,下载wget,用wget --help检验
yum -y install wget
wget --help
/备份 mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
//阿里源,与原配置文件同名,但内容不同
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
清理yum缓存,并生成新的缓存
yum clean all
yum makecache
五、安装chrony服务
node1虚拟机:
yum -y install chrony
vim /etc/chrony.conf(添加)
server node1czy iburst
allow 192.168.0.0/24
systemctl start chronyd
systemctl enable chronyd
node2虚拟机:
yum clean all
yum -y install chrony
vi /etc/chrony.conf(添加)
server node1 iburst
systemctl start chronyd
systemctl enable chronyd
六、安装openstack客户端(node1和node2)
yum -y install centos-release-openstack-queens
修改yum源
vim /etc/yum.repos.d/CentOS-Ceph-Luminous.repo
[centos-ceph-luminous]
.....
baseurl=http://mirrors.163.com/centos/7/storage/x86_64/ceph-luminous/
gpgcheck=0
vi /etc/yum.repos.d/CentOS-OpenStack-queens.repo
[centos-openstack-queens]
....
baseurl=http://mirrors.163.com/centos/7/cloud/x86_64/openstack-queens/
gpgcheck=0
...
vi /etc/yum.repos.d/CentOS-QEMU-EV.repo
[centos-qemu-ev]
....
baseurl=http://mirrors.163.com/centos/7/virt/x86_64/kvm-common/
gpgcheck=0
....
node2同理
安装openstack客户端
yum -y install python-openstackclient
可以看到安装成功了
node2同理
安装openstack-selinux
yum -y install openstack-selinux
node2同理
安装数据库(控制节点)
yum -y install mariadb mariadb-server python2-PyMySQL
创建并编辑配置文件
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.16.16
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动并开机自启
systemctl start mariadb
systemctl enable mariadb
为数据库设置密码(我设置的123456)
mysql_secure_installation
七、安装消息队列(控制节点)
安装Rabbitmq-server服务
yum -y install rabbitmq-server
启动并开机自启
systemctl start rabbitmq-server
systemctl enable rabbitmq-server
创建用户和密码
rabbitmqctl add_user openstack openstack
授权
rabbitmqctl set_permissions -p / openstack '.*' '.*' '.*'
设置角色
rabbitmqctl set_user_tags openstack administrator
启用web插件
rabbitmq-plugins enable rabbitmq_management
打开浏览器输入http://192.168.16.16:15672
八、安装memcached服务(控制节点)
yum -y install memcached python-memcached
修改配置文件
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,node1czy"
启动并开机自启
systemctl start memcached
systemctl enable memcached
九、安装etcd服务(控制节点)
yum -y install etcd
修改配置文件
vim /etc/etcd/etcd.conf
#[Member]
#ETCD_CORS=""
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
ETCD_LISTEN_PEER_URLS="http://localhost:2380"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME="node1czy"
#ETCD_SNAPSHOT_COUNT="100000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
# [Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
ETCD_INITIAL_CLUSTER="default=http://localhost:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
启动并开机自启
systemctl start etcd
systemctl enable etcd
十、安装keystone认证服务(控制节点)
创建并设置keystone的数据库
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
安装keystone服务
yum -y install openstack-keystone httpd mod_wsgi
修改配置文件
vim /etc/keystone/keystone.conf
……
[database]
connection = mysql+pymysql://keystone:123456@node1czy/keystone(备注:要是下面创建example的域日志报111错误的话这里可以改为@ip地址)
……
[token]
provider = fernet
……
导入keystone数据库表结构
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导认证服务
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://node1czy:35357/v3/
--bootstrap-internal-url http://node1czy:5000/v3/
--bootstrap-public-url http://node1czy:5000/v3/
--bootstrap-region-id RegionOne
配置apache服务
vim /etc/httpd/conf/httpd.conf
ServerName node1czy
创建配置文件链接文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动并开机自启
systemctl start httpd
systemctl enable httpd
创建相关域、项目、用户和角色
1)先导入管理员环境变量信息
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://node1czy:35357/v3
export OS_IDENTITY_API_VERSION=3
2)创建名为example的域
openstack domain create --description "An Example Domain" example
3)创建名为service的项目
openstack project create --domain default --description "Service Project" service
4)创建名为demo的项目
openstack project create --domain default --description "Demo Project" demo
5)创建名为demo的用户(为了统一,密码我设置为123456)
openstack user create --domain default --password-prompt demo
6)创建名为user的角色
openstack role create user
7)把demo用户添加到user角色
openstack role add --project demo --user demo user
验证
解除环境变量的设置
使用admin用户请求token(这里需要输入admin用户的密码,我刚刚设置的是123456)
openstack --os-auth-url http://node1czy:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
使用demo用户请求token(这里需要输入demo用户的密码,我刚刚设置的是123456)
openstack --os-auth-url http://node1czy:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
创建环境变量脚本
1)创建admin用户的环境变量脚本
vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://node1czy:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2)创建demo用户的环境变量脚本
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://node1czy:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3)验证脚本的效果
. admin-openrc
openstack token issue
十一、安装glance镜像服务(控制节点)
创建并设置glance的数据库
mysql -u root -p123456
[(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
[(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
创建glance镜像服务的keystone相关认证信息
设置admin用户的环境变量
. admin-openrc
创建glance用户(密码我设置的123456)
openstack user create --domain default --password-prompt glance
将glance用户加入service项目,并设置为amdin角色
openstack role add --project service --user glance admin
创建名为glance的服务
openstack service create --name glance --description "OpenStack Image" image
创建镜像的api端口
openstack endpoint create --region RegionOne image public http://node1czy:9292
openstack endpoint create --region RegionOne image internal http://node1czy:9292
openstack endpoint create --region RegionOne image admin http://node1czy:9292
安装glance服务
yum -y install openstack-glance
修改配置文件
vi /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123456@node1czy/glance
……
[keystone_authtoken]
auth_uri = http://node1czy:5000
auth_url = http://node1czy:5000
memcached_servers = node1czy:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
……
[paste_deploy]
flavor = keystone
……
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
……
修改配置文件
vim /etc/glance/glance-registry.conf
……
[database]
connection = mysql+pymysql://glance:123456@192.168.16.16/glance
……
[keystone_authtoken]
auth_uri = http://node1czy:5000
auth_url = http://node1czy:5000
memcached_servers = node1czy:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
……
[paste_deploy]
flavor = keystone
……
同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
启动并设置开机自启
systemctl start openstack-glance-api
systemctl start openstack-glance-registry
systemctl enable openstack-glance-api
systemctl enable openstack-glance-registry
验证
设置admin用户的环境变量
下载镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
查看下载的镜像
上传镜像
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
十二、安装nova计算服务(控制节点)
创建并设置nova的数据库
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';
创建nova计算服务的keystone相关认证信息
设置admin用户的环境变量
. admin-openrc
创建nova用户(密码我设置的123456)
openstack user create --domain default --password-prompt nova
将nova用户加入service项目,并设置为amdin角色
openstack role add --project service --user nova admin
创建名为nova的服务
创建nova计算的api端口
openstack endpoint create --region RegionOne compute public http://node1czy:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://node1czy:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://node1czy:8774/v2.1
创建placement服务的keystone相关认证信息
设置admin用户的环境变量
. admin-openrc
创建placement用户(密码我设置的123456)
openstack user create --domain default --password-prompt placement
将placement用户加入service项目,并设置为amdin角色
openstack role add --project service --user placement admin
创建名为placement的服务
openstack service create --name placement --description "Placement API" placement
创建placement的api端口
openstack endpoint create --region RegionOne placement public http://node1czy:8778
openstack endpoint create --region RegionOne placement internal http://node1czy:8778
openstack endpoint create --region RegionOne placement admin http://node1czy:8778
安装nova服务
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
修改配置文件
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@node1czy
my_ip = 192.168.16.16
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:123456@192.168.16.16/nova_api
[database]
connection = mysql+pymysql://nova:123456@192.168.16.16/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://node1czy:5000
auth_url = http://node1czy:35357
memcached_servers = node1czy:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://node1czy:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://node1czy:35357/v3
username = placement
password = 123456
因为软件包的bug,修改配置文件添加以下内容
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
验证cell0和cell1是否成功注册
nova-manage cell_v2 list_cells
启动并开机自启
systemctl start openstack-nova-api
systemctl start openstack-nova-consoleauth
systemctl start openstack-nova-scheduler
systemctl start openstack-nova-conductor
systemctl start openstack-nova-novncproxy
systemctl enable openstack-nova-api
systemctl enable openstack-nova-consoleauth
systemctl enable openstack-nova-scheduler
systemctl enable openstack-nova-conductor
systemctl enable openstack-nova-novncproxy
十三、安装nova计算服务(计算节点)
安装计算节点nova服务
yum -y install openstack-nova-compute
修改配置文件
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@node1czy
my_ip = 192.168.16.17
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://node1czy:5000
auth_url = http://node1czy:35357
memcached_servers = node1czy:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.16.16:6080/vnc_auto.html
[glance]
api_servers = http://node1czy:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://node1czy:35357/v3
username = placement
password = 123456
检查计算节点是否支持硬件虚拟化
关机之后记得打个快照以防开启该功能导致虚拟机起不来。
egrep -c '(vmx|svm)' /proc/cpuinfo
如果回显数字4则表示有开启硬件虚拟化,如果显示0则需要将虚拟机关机再“设置”选项中进行配置。
启动并开机自启
systemctl start libvirtd
systemctl start openstack-nova-compute
systemctl enable libvirtd
systemctl enable openstack-nova-compute
向cell数据库添加计算节点(控制节点)
1、设置admin用户环境变量
. admin-openrc
2、查看计算节点的信息是否已经在数据库中
openstack compute service list --service nova-compute
3、发现计算节点
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
4、验证
1)设置admin用户环境变量
. admin-openrc
2)列出计算服务的运行状态
openstack compute service list
3)列出认证服务的端口
openstack catalog list
4)列出镜像信息,确认能访问镜像服务
openstack image list
5)确认cells和placement的api成功运行
nova-status upgrade check
十四、安装neutron网络服务(控制节点)
1、创建并设置neutron的数据库
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
2、创建neutron网络服务的keystone相关认证信息
1)设置admin用户的环境变量
. admin-openrc
2)创建neutron用户(密码我设置的123456)
openstack user create --domain default --password-prompt neutron
3)将neutron用户加入service项目,并设置为amdin角色
openstack role add --project service --user neutron admin
4)创建名为neutron的服务
openstack service create --name neutron --description "OpenStack Networking" network
5)将网络服务端口信息注册到认证服务(neutron网络服务的api端口)
openstack endpoint create --region RegionOne network public http://node1czy:9696
openstack endpoint create --region RegionOne network internal http://node1czy:9696
openstack endpoint create --region RegionOne network admin http://node1czy:9696
3、安装neutron服务(采用self-service network的方式部署网络)
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
4、修改配置文件
vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:123456@192.168.16.16/neutron
……
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@node1czy
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
……
[keystone_authtoken]
auth_url = http://node1czy:5000
auth_url = http://node1czy:35357
memcached_servers = node1czy:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456
……
[nova]
auth_url = http://node1czy:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123456
……
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
5、修改配置文件配置二层插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
……
[ml2_type_flat]
flat_networks = provider
……
[ml2_type_vxlan]
vni_ranges = 1:1000
……
[securitygroup]
enable_ipset = true