1.安装环境
控制节点:
hostname:controller
eth0 10.2.0.40 外网
ens4 172.16.10.40 内网
系统及硬件:CentOS 7 内存2G,硬盘20G
计算节点:
hostname:computer1
eth0 10.2.0.41
ens4 172.16.10.41
系统及硬件:CentOS 7 内存2G,硬盘20G
2.组件安装
- 控制节点:vim yum.sh 内容如下 并在执行/bin/bash yum.sh 等待安装完成(视网络而定)
#!/bin/bash
/usr/bin/yum install https://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-9.noarch.
rpm -y
/usr/bin/yum install centos-release-openstack-liberty -y
/usr/bin/yum install python-openstackclient -y
/usr/bin/yum install openstack-selinux -y
/usr/bin/yum install mariadb mariadb-server MySQL-python -y
/usr/bin/yum install rabbitmq-server -y
/usr/bin/yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
/usr/bin/yum install openstack-glance python-glance python-glanceclient -y
/usr/bin/yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor ope
nstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
-y
/usr/bin/yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbrid
ge python-neutronclient ebtables ipset -y
/usr/bin/yum install openstack-dashboard -y
/usr/bin/yum install -y chrony
- 计算节点:vim yum.sh 内容如下 并在执行/bin/bash yum.sh 等待安装完成(视网络而定)
#!/bin/bash
/usr/bin/yum install https://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-9.noarch.rpm -y
/usr/bin/yum install centos-release-openstack-liberty -y
/usr/bin/yum install python-openstackclient -y
/usr/bin/yum install openstack-selinux -y
/usr/bin/yum install openstack-nova-compute sysfsutils -y
/usr/bin/yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
/usr/bin/yum install -y chrony
3.控制节点安装
3.1系统初始化
- 关闭防火墙和selinux
[root@Contraller ~]# systemctl disable firewalld.service
[root@Contraller ~]# systemctl stop firewalld.service
[root@Contraller ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
查看结果
[root@Contraller ~]# cat /etc/selinux/config |grep SELINUX
# SELINUX= can take one of these three values:
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
SELINUXTYPE=targeted
[root@Contraller ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@Contraller ~]#
- 时间同步
[root@Contraller ~]# echo "allow 10.2.0.0/24" >> /etc/chrony.conf
[root@Contraller ~]# systemctl enable chronyd.service
[root@Contraller ~]# systemctl start chronyd.service
[root@Contraller ~]# timedatectl status
Local time: Mon 2017-04-03 19:36:36 CST
Universal time: Mon 2017-04-03 11:36:36 UTC
RTC time: Mon 2017-04-03 11:36:34
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
3.2数据库配置
mariadb配置文件设置
[root@Contraller ~]# cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf
[root@Contraller ~]# cp /etc/my.cnf{,.bak}
[root@Contraller ~]# cat /etc/my.cnf.bak |grep -v ^$|grep -v ^# > /etc/my.cnf
vim /etc/my.cnf 在[mysqld]下添加如下内容
#Openstack Config
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
bind-address = 172.16.10.40
mariadb设置开机启动
[root@Contraller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@Contraller ~]# systemctl start mariadb.service
[root@Contraller ~]# netstat -lntup |grep mysql
tcp 0 0 172.16.10.40:3306 0.0.0.0:* LISTEN 3495/mysqld
设置mariadb密码并添加数据库和相关用户
[root@Contraller ~]# mysql_secure_installation
[root@Contraller ~]# mysql -u root -p
Enter password:
创建数据库和用户sql:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
3.3Rabbit消息队列配置
启动消息队列服务并将其配置为随系统启动:
[root@Contraller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@Contraller ~]# systemctl start rabbitmq-server.service
添加openstack用户并配置写和读权限:
[root@Contraller ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@Contraller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
3.4Keystone组件配置
- 启动Memcached服务,并且配置它随机启动
[root@Contraller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@Contraller ~]# systemctl start memcached.service
- 生成一个随机值在初始的配置中作为管理员的令牌:
[root@Contraller ~]# openssl rand -hex 10 > key.keystone
[root@Contraller ~]# cat key.keystone
63c41a3b57a5ec05d694
- 编辑文件 /etc/keystone/keystone.conf 并完成如下动作:
[root@Contraller ~]# cp /etc/keystone/keystone.conf{,.bak}
[root@Contraller ~]# cat /etc/keystone/keystone.conf.bak |grep -v ^$|grep -v ^# >/etc/keystone/keystone.conf
[root@Contraller ~]# vim /etc/keystone/keystone.conf
[root@Contraller ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
verbose = True #启动详细日志(可选)
admin_token = 63c41a3b57a5ec05d694 #定义管理员token初始值(openssl rand -hex 10)
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql://keystone:keystone@172.16.10.40/keystone #配置数据库访问
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[matchmaker_ring]
[memcache]
servers = localhost:11211 #配置Memcached服务
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
driver = sql #配置SQL 回滚驱动
[role]
[saml]
[signing]
[ssl]
[token]
provider = uuid #配置 UUID token provider 和Memcached 驱动
driver = memcache
[tokenless_auth]
[trust]
[root@Contraller ~]#
初始化数据库
[root@Contraller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
No handlers could be found for logger "oslo_config.cfg" # 请忽视这个错误 关掉启动详细日志即可
编辑/etc/httpd/conf/httpd.conf
文件,配置ServerName
选项为控制节点:
ServerName controller
[root@Contraller ~]# cat /etc/httpd/conf/httpd.conf |grep ServerName
# ServerName gives the name and port that the server uses to identify itself.
#ServerName www.example.com:80
ServerName controller
用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
其中5000端口是提供该服务的,35357是为admin提供管理用的
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
- 启动 Apache HTTP 服务并配置其随系统启动:
[root@Contraller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@Contraller ~]# systemctl start httpd.service
[root@Contraller ~]# netstat -lntup |grep httpd
tcp6 0 0 :