记录实体服务器安装 openstack 过程 (感谢强哥):
系统版本 cetnos7.4-1708
openstack版 M版
一 安装centos7.4 并做优化 ( yum.repo.d 下 只保留 local.repo 文件)
# 制作centos7.4-1708 镜像
# 见本目录视频
# 一 安装系统
# 1
开始安装装作系统 install 界面按tab键输入: net-ifnames=0 boisdevname=0
# 2
设置network IP
langviage seppot 选择支持英文+中文
minimal+选择前三个软件
勾选时区右上角ON-安装chrony-NTP
如果是虚拟机不建议选择lvm
分区右边有个内核崩溃备份 取消节省内存
# 二 系统优化
#修改sshd配置文件
echo 'UseDNS no' >> /etc/ssh/sshd_config
echo 'GSSAPIAuthentication yes' >> /etc/ssh/sshd_config
cat /etc/ssh/sshd_config | grep -v ^$ | grep -v ^#
systemctl restart sshd
#停止防火墙 selinux NetworkManger 邮件服务
# 关闭防火墙:
systemctl stop firewalld
systemctl disable firewalld
iptables -F
# 关闭selinux:
# sed -i 's#^SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
sed -i "s/^SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config
sed -i "s/^SELINUX=permissive/SELINUX=disabled/g" /etc/selinux/config
setenforce 0
# 关闭NetworkManager 和 邮件服务
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl stop postfix
systemctl diable postfix
mv /etc/sysconfig/network-scripts/ifcfg-eno5 /etc/sysconfig/network-scripts/ifcfg-eno5.bak
echo 'TYPE=Ethernet
BOOTPROTO=none
NAME=eno5
DEVICE=eno5
ONBOOT=yes
IPADDR=10.69.15.131
NETMASK=255.255.255.0
GATEWAY=10.69.15.1
DNS1=223.5.5.5' > /etc/sysconfig/network-scripts/ifcfg-eno5
cat /etc/sysconfig/network-scripts/ifcfg-eno5
systemctl restart network
# --------------- 两台机器都要操作
# 配置hostname 并且修改 /etc/hosts 文件
echo 10.69.15.111 controller >> /etc/hosts
echo 10.69.15.131 compute1 >> /etc/hosts
# 挂载本地yum
mount -o loop /root/CentOS-7-x86_64-DVD-1708.iso /mnt
# mount /dev/cdrom /mnt
cd /opt/
tar -zxvf openstack_rpm.tar.gz
echo '[local]
name=local
baseurl=file:///mnt
gpgcheck=0
[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0' >/etc/yum.repos.d/local.repo
yum cleanall
yum makecache
yum repolist
# 开机挂载启动
echo 'mount -o loop /root/CentOS-7-x86_64-DVD-1708.iso /mnt' >> /etc/rc.local
chmod +x /etc/rc.d/rc.local
#安装常用插件
yum install -y bash-completion # base-completion.noarch补全
yum -y install net-tools lrzsz wget tree screen lsof tcpdump
# 检查
netstat -lntup # 只有22端口
二 安装 openstack 控制节点和计算节点 (未安装存储服务 和 vxlan私有网络)
hostnamectl set-hostname controller
hostnamectl set-hostname compute1
# 9:安装基础服务
# 在所有节点上执行:
yum -y install chrony
a:时间同步
控制节点:
echo 'allow 10/8' >> /etc/chrony.conf
systemctl restart chronyd
cat /etc/chrony.conf | grep -v ^# | grep -v ^$
计算节点:
vim /etc/chrony.conf
修改第3行为
server 10.69.15.111 iburst
systemctl restart chronyd
systemctl status chronyd
netstat -lntup
b:安装openstack客户端和openstack-selinux
yum install python-openstackclient openstack-selinux -y
仅控制节点执行:
c: 安装配置mariadb
yum install mariadb mariadb-server python2-PyMySQL -y
echo '[mysqld]
bind-address = 10.69.15.111
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8' >/etc/my.cnf.d/openstack.cnf
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
回车
n
y
y
y
y
d:安装rabbitmq并创建用户
yum install rabbitmq-server -y
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS # 授权openstack并创建密码 Creating user "openstack" ...
rabbitmqctl set_permissions openstack ".*" ".*" ".*" # 给 openstack 配置 写 读 权限 Setting permissions for user "openstack" in vhost "/" ...
rabbitmq-plugins enable rabbitmq_management
# e:memcached缓存token
yum install memcached python-memcached -y
sed -i 's#127.0.0.1#10.69.15.111#g' /etc/sysconfig/memcached
systemctl restart memcached.service
systemctl enable memcached.service
10:keystone认证服务
a:创库授权
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
b:安装keystone相关软件包
yum install openstack-keystone httpd mod_wsgi -y
c:修改配置文件
\cp /etc/keystone/keystone.conf{,.bak} # 复制
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf #过滤注释
yum install openstack-utils -y
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet
#校验
md5sum /etc/keystone/keystone.conf
# d5acb3db852fe3f247f4f872b051b7a9 /etc/keystone/keystone.conf
# d:同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql keystone -e 'show tables'; # j检查是否有表
# e:初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# f:配置httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
#校验配置文件MD5值
md5sum /etc/httpd/conf.d/wsgi-keystone.conf
# 8f051eb53577f67356ed03e4550315c2 /etc/httpd/conf.d/wsgi-keystone.conf
g:启动httpd
systemctl enable httpd.service
systemctl start httpd.service
h:创建服务和注册api:
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
# 检查环境变量
env | grep OS
openstack service create \
--name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3
# 验证
openstack service list
openstack endpoint list
# I:创建域、项目、用户、角色
openstack domain create --description "Default Domain" default
openstack project create --domain default \
--description "Admin Project" admin
openstack user create --domain default \
--password ADMIN_PASS admin # 密码非123456
openstack role create admin
#关联项目,用户,角色 。 # 没有创建demo项目 和 user用户
openstack role add --project admin --user admin admin
#在admin项目上,给admin用户赋予admin角色
openstack project create --domain default \
--description "Service Project" service
# 这里不要去掉 token 暂时
# timedatectl 查看 UTC时间和CST时间
j:创建环境变量脚本
# 去掉上面的两个变量
unset OS_TOKEN OS_URL
cd ~ # 去root家目录新建脚本 admin-openrc
echo "export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2" > admin-openrc
source admin-openrc
# 验证
env | grep OS
openstack user list # 查看user user 可以换成 projeck role 等参数
openstack token issue # 生成 token 如果401是密码错误 如果是'NoneType' object has no attribute 'service_catalog' 缺少 unset OS_TOKEN OS_URL
# | Field | Value |
# +------------+-----------------------------------------------------------------------------------------+
# | expires | 2020-12-31T10:18:15.000000Z |
# | id | gAAAAABf7ZdXbrrIlT4Bpiw72fWHZ__HymegN8WLR52GCBgv5zyGBdwS- |
# | | H9c_vGi_3FdIbN7ZCGWjiFMDvNNOLE8GtZULTpTNw2Zk- |
# | | p96LEPYCYKicbBzCim_M9YGHR9ijIdJWMnSDrZG__kclxYDkYpbeqGHrNrurVhd1T57zKWvCjJvkbdjy8 |
# | project_id | afde967f63aa44c0b7d9bbe98b3ed967 |
# | user_id | 15015bb37e414f34aa9227cc380f0301
11:安装glance镜像服务 7步
a:数据库创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
b:在keystone创建glance用户关联角色
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
c:在keystone上创建服务和注册api
openstack service create --name glance \
--description "OpenStack Image" image
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
d:安装服务相应软件包
yum install openstack-glance -y
e:修改相应服务的配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
md5sum /etc/glance/glance-api.conf
# 3e1a4234c133eda11b413788e001cba3 /etc/glance/glance-api.conf
#####
cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
md5sum /etc/glance/glance-registry.conf
# 46acabd81a65b924256f56fe34d90b8f /etc/glance/glance-registry.conf
f:同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance # 这一步会有警告
# Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
# /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
# expire_on_commit=expire_on_commit, _conf=conf)
# /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
# result = self._query(query)
mysql glance -e "show tables;" # 这一步有表即可
g:启动服务 监听9191 9292端口
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
h: 验证 上传镜像文件cirros-0.3.4-x86_64-disk.img 到当前目录
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
# +------------------+------------------------------------------------------+
# | Field | Value |
# +------------------+------------------------------------------------------+
# | checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
# | container_format | bare |
# | created_at | 2020-12-31T09:54:28Z |
# | disk_format | qcow2 |
# | file | /v2/images/ed812f6b-a831-4b00-aa13-94893351d52d/file |
# | id | ed812f6b-a831-4b00-aa13-94893351d52d |
# | min_disk | 0 |
# | min_ram | 0 |
# | name | cirros |
# | owner | afde967f63aa44c0b7d9bbe98b3ed967 |
# | protected | False |
# | schema | /v2/schemas/image |
# | size | 13287936 |
# | status | active |
# | tags | |
# | updated_at | 2020-12-31T09:54:29Z |
# | virtual_size | None |
# | visibility | public |
openstack image create "centos7.6" \
--file centos7.0-1541.qcow2 \
--disk-format qcow2 --container-format bare \
--public
# 确认glance服务
openstack image list
# 对比两个镜像的md5值是否一致 centos7太大了 先不计算了
md5sum cirros-0.3.4-x86_64-disk.img
md5sum /var/lib/glance/images/ed812f6b-a831-4b00-aa13-94893351d52d
# ee1eca47dc88f4879d8a229cc70a07c6
十二:nova 计算服务
nova-api:接受并响应所有的计算服务请求,管理虚拟机(云主机)生命周期
nova-compute(多个):真正管理虚拟机
nova-scheduler: nova调度器(挑选出最合适的nova-compute来创建虚机)
nova-conductor: 帮助nova-compute代理修改数据库中虚拟机的状态
nova-network 早期openstack版本管理虚拟机的网络(已弃用,neutron)
nova-consoleauth和nova-novncproxy:web版的vnc来直接操作云主机
novncproxy:web版 vnc客户端
nova-api-metadata:接受来自虚拟机发送的元数据请求
在控制节点上:
1:数据库创库授权
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
2:在keystone创建系统用户(glance,nova,neutron)关联角色
openstack user create --domain default \
--password NOVA_PASS nova
openstack role add --project service --user nova admin
3:在keystone上创建服务和注册api
openstack service create --name nova \
--description "OpenStack Compute" compute
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
4:安装服务相应软件包
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y
5:修改相应服务的配置文件
cp /etc/nova/nova.conf{,.bak}
grep '^[a-Z\[]' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.69.15.111
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openst