2021-01-05 openstack 之零 安装全过程 现代虚拟化 - 记录实体服务器安装

记录实体服务器安装 openstack 过程 (感谢强哥):

系统版本 cetnos7.4-1708   

openstack版 M版

一  安装centos7.4  并做优化 ( yum.repo.d   下 只保留 local.repo 文件

# 制作centos7.4-1708 镜像
# 见本目录视频

# 一 安装系统
# 1 
开始安装装作系统 install 界面按tab键输入: net-ifnames=0 boisdevname=0

# 2
设置network IP
langviage seppot 选择支持英文+中文 
minimal+选择前三个软件 
勾选时区右上角ON-安装chrony-NTP
如果是虚拟机不建议选择lvm
分区右边有个内核崩溃备份 取消节省内存

# 二 系统优化
#修改sshd配置文件  
echo 'UseDNS no' >> /etc/ssh/sshd_config 
echo 'GSSAPIAuthentication yes' >> /etc/ssh/sshd_config 
cat /etc/ssh/sshd_config | grep -v ^$ | grep -v ^#
systemctl restart sshd

#停止防火墙 selinux NetworkManger 邮件服务
# 关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
iptables -F

# 关闭selinux:
# sed -i 's#^SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
setenforce 0


# 关闭NetworkManager 和 邮件服务
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl stop postfix
systemctl diable postfix

mv /etc/sysconfig/network-scripts/ifcfg-eno5 /etc/sysconfig/network-scripts/ifcfg-eno5.bak
echo 'TYPE=Ethernet
BOOTPROTO=none
NAME=eno5
DEVICE=eno5
ONBOOT=yes
IPADDR=10.69.15.131
NETMASK=255.255.255.0
GATEWAY=10.69.15.1
DNS1=223.5.5.5' > /etc/sysconfig/network-scripts/ifcfg-eno5
cat /etc/sysconfig/network-scripts/ifcfg-eno5
systemctl restart network


# --------------- 两台机器都要操作
# 配置hostname 并且修改 /etc/hosts 文件
echo 10.69.15.111 controller >> /etc/hosts
echo 10.69.15.131 compute1 >> /etc/hosts

# 挂载本地yum
mount -o loop /root/CentOS-7-x86_64-DVD-1708.iso /mnt
# mount /dev/cdrom /mnt
cd /opt/
tar -zxvf openstack_rpm.tar.gz 
echo '[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0' >/etc/yum.repos.d/local.repo

yum cleanall
yum makecache
yum repolist

# 开机挂载启动
echo 'mount -o loop /root/CentOS-7-x86_64-DVD-1708.iso /mnt' >> /etc/rc.local
chmod +x /etc/rc.d/rc.local 

#安装常用插件  
yum install -y bash-completion # base-completion.noarch补全
yum -y install net-tools lrzsz wget tree screen lsof tcpdump 


# 检查
netstat -lntup # 只有22端口



 

二 安装 openstack  控制节点和计算节点 (未安装存储服务 和 vxlan私有网络)


hostnamectl set-hostname controller
hostnamectl set-hostname compute1

# 9:安装基础服务 
# 在所有节点上执行:
yum -y install chrony

a:时间同步
控制节点:
echo 'allow 10/8' >> /etc/chrony.conf
systemctl restart chronyd
cat /etc/chrony.conf | grep -v ^# | grep -v ^$
计算节点:
vim /etc/chrony.conf
修改第3行为
server 10.69.15.111 iburst

systemctl restart chronyd
systemctl status chronyd
netstat -lntup


b:安装openstack客户端和openstack-selinux
yum install python-openstackclient openstack-selinux -y


仅控制节点执行:
c: 安装配置mariadb
yum install mariadb mariadb-server python2-PyMySQL -y

echo '[mysqld]
bind-address = 10.69.15.111
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8'  >/etc/my.cnf.d/openstack.cnf

systemctl start mariadb
systemctl enable mariadb

mysql_secure_installation
回车
n
y
y
y
y

d:安装rabbitmq并创建用户
yum install rabbitmq-server -y
systemctl start rabbitmq-server.service 
systemctl enable rabbitmq-server.service

rabbitmqctl add_user openstack RABBIT_PASS # 授权openstack并创建密码 Creating user "openstack" ...
rabbitmqctl set_permissions openstack ".*" ".*" ".*" # 给 openstack 配置 写 读 权限 Setting permissions for user "openstack" in vhost "/" ...

rabbitmq-plugins enable rabbitmq_management

# e:memcached缓存token
yum install memcached python-memcached -y
sed -i 's#127.0.0.1#10.69.15.111#g' /etc/sysconfig/memcached
systemctl restart memcached.service
systemctl enable memcached.service


10:keystone认证服务
a:创库授权
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
b:安装keystone相关软件包
yum install openstack-keystone httpd mod_wsgi -y
c:修改配置文件
\cp /etc/keystone/keystone.conf{,.bak} # 复制
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf #过滤注释
yum install openstack-utils -y
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider  fernet
#校验
md5sum /etc/keystone/keystone.conf
# d5acb3db852fe3f247f4f872b051b7a9  /etc/keystone/keystone.conf


# d:同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql keystone -e 'show tables'; # j检查是否有表
# e:初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

# f:配置httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

#校验配置文件MD5值
md5sum /etc/httpd/conf.d/wsgi-keystone.conf
# 8f051eb53577f67356ed03e4550315c2  /etc/httpd/conf.d/wsgi-keystone.conf


g:启动httpd
systemctl enable httpd.service
systemctl start httpd.service

h:创建服务和注册api:
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3  
export OS_IDENTITY_API_VERSION=3

# 检查环境变量
env | grep OS


openstack service create \
  --name keystone --description "OpenStack Identity" identity
  
openstack endpoint create --region RegionOne \
  identity public http://controller:5000/v3 
  
openstack endpoint create --region RegionOne \
  identity internal http://controller:5000/v3 
  
openstack endpoint create --region RegionOne \
  identity admin http://controller:35357/v3 

# 验证
openstack service list
openstack endpoint list

# I:创建域、项目、用户、角色
openstack domain create --description "Default Domain" default

openstack project create --domain default \
  --description "Admin Project" admin
  
openstack user create --domain default \
  --password ADMIN_PASS admin # 密码非123456
  
openstack role create admin

#关联项目,用户,角色 。 # 没有创建demo项目 和 user用户
openstack role add --project admin --user admin admin
#在admin项目上,给admin用户赋予admin角色

openstack project create --domain default \
  --description "Service Project" service

# 这里不要去掉 token 暂时
# timedatectl 查看 UTC时间和CST时间

j:创建环境变量脚本
# 去掉上面的两个变量
unset OS_TOKEN OS_URL

cd ~ # 去root家目录新建脚本 admin-openrc
echo "export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2" > admin-openrc

source admin-openrc
# 验证
env | grep OS
openstack user list # 查看user user 可以换成 projeck role 等参数
openstack token issue # 生成 token 如果401是密码错误 如果是'NoneType' object has no attribute 'service_catalog' 缺少 unset OS_TOKEN OS_URL
# | Field      | Value                                                                                   |
# +------------+-----------------------------------------------------------------------------------------+
# | expires    | 2020-12-31T10:18:15.000000Z                                                             |
# | id         | gAAAAABf7ZdXbrrIlT4Bpiw72fWHZ__HymegN8WLR52GCBgv5zyGBdwS-                               |
# |            | H9c_vGi_3FdIbN7ZCGWjiFMDvNNOLE8GtZULTpTNw2Zk-                                           |
# |            | p96LEPYCYKicbBzCim_M9YGHR9ijIdJWMnSDrZG__kclxYDkYpbeqGHrNrurVhd1T57zKWvCjJvkbdjy8       |
# | project_id | afde967f63aa44c0b7d9bbe98b3ed967                                                        |
# | user_id    | 15015bb37e414f34aa9227cc380f0301       


11:安装glance镜像服务 7步
a:数据库创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';
  
b:在keystone创建glance用户关联角色
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin

c:在keystone上创建服务和注册api
openstack service create --name glance \
  --description "OpenStack Image" image
openstack endpoint create --region RegionOne \
  image public http://controller:9292
openstack endpoint create --region RegionOne \
  image internal http://controller:9292
openstack endpoint create --region RegionOne \
  image admin http://controller:9292

d:安装服务相应软件包
yum install openstack-glance -y

e:修改相应服务的配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf  glance_store stores  file,http
openstack-config --set /etc/glance/glance-api.conf  glance_store default_store  file
openstack-config --set /etc/glance/glance-api.conf  glance_store filesystem_store_datadir  /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf  paste_deploy flavor  keystone
md5sum /etc/glance/glance-api.conf
# 3e1a4234c133eda11b413788e001cba3  /etc/glance/glance-api.conf
#####
cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor  keystone
md5sum /etc/glance/glance-registry.conf
# 46acabd81a65b924256f56fe34d90b8f  /etc/glance/glance-registry.conf

f:同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance # 这一步会有警告
# Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
# /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
#   expire_on_commit=expire_on_commit, _conf=conf)
# /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
#   result = self._query(query)

mysql glance -e "show tables;" # 这一步有表即可

g:启动服务 监听9191 9292端口
systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
systemctl start openstack-glance-api.service \
  openstack-glance-registry.service

h: 验证 上传镜像文件cirros-0.3.4-x86_64-disk.img 到当前目录
openstack image create "cirros" \
  --file cirros-0.3.4-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --public
# +------------------+------------------------------------------------------+
# | Field            | Value                                                |
# +------------------+------------------------------------------------------+
# | checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
# | container_format | bare                                                 |
# | created_at       | 2020-12-31T09:54:28Z                                 |
# | disk_format      | qcow2                                                |
# | file             | /v2/images/ed812f6b-a831-4b00-aa13-94893351d52d/file |
# | id               | ed812f6b-a831-4b00-aa13-94893351d52d                 |
# | min_disk         | 0                                                    |
# | min_ram          | 0                                                    |
# | name             | cirros                                               |
# | owner            | afde967f63aa44c0b7d9bbe98b3ed967                     |
# | protected        | False                                                |
# | schema           | /v2/schemas/image                                    |
# | size             | 13287936                                             |
# | status           | active                                               |
# | tags             |                                                      |
# | updated_at       | 2020-12-31T09:54:29Z                                 |
# | virtual_size     | None                                                 |
# | visibility       | public                                               |


openstack image create "centos7.6" \
  --file centos7.0-1541.qcow2 \
  --disk-format qcow2 --container-format bare \
  --public


# 确认glance服务 
openstack image list

# 对比两个镜像的md5值是否一致 centos7太大了 先不计算了
md5sum cirros-0.3.4-x86_64-disk.img 
md5sum /var/lib/glance/images/ed812f6b-a831-4b00-aa13-94893351d52d 
# ee1eca47dc88f4879d8a229cc70a07c6


  
十二:nova 计算服务
nova-api:接受并响应所有的计算服务请求,管理虚拟机(云主机)生命周期
nova-compute(多个):真正管理虚拟机
nova-scheduler:      nova调度器(挑选出最合适的nova-compute来创建虚机)
nova-conductor:      帮助nova-compute代理修改数据库中虚拟机的状态
nova-network          早期openstack版本管理虚拟机的网络(已弃用,neutron)
nova-consoleauth和nova-novncproxy:web版的vnc来直接操作云主机
novncproxy:web版 vnc客户端
nova-api-metadata:接受来自虚拟机发送的元数据请求

在控制节点上:
1:数据库创库授权
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
  
2:在keystone创建系统用户(glance,nova,neutron)关联角色
openstack user create --domain default \
  --password NOVA_PASS nova
openstack role add --project service --user nova admin


3:在keystone上创建服务和注册api
openstack service create --name nova \
  --description "OpenStack Compute" compute 
openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1/%\(tenant_id\)s 
openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1/%\(tenant_id\)s  
openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1/%\(tenant_id\)s

4:安装服务相应软件包
yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler -y
  
5:修改相应服务的配置文件
cp /etc/nova/nova.conf{,.bak}
grep '^[a-Z\[]' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf  DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf  DEFAULT rpc_backend  rabbit
openstack-config --set /etc/nova/nova.conf  DEFAULT auth_strategy  keystone
openstack-config --set /etc/nova/nova.conf  DEFAULT my_ip  10.69.15.111
openstack-config --set /etc/nova/nova.conf  DEFAULT use_neutron  True
openst
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值