OpenStack 部署
一、环境准备
版本介绍
CentOS Linux release 7.6.1810 (Core)
内核版本:3.10.0-957.el7.x86_64
$ openstack versions show
+-------------+--------------+---------+-----------+------------------------------+------------------+------------------+
| Region Name | Service Type | Version | Status | Endpoint | Min Microversion | Max Microversion |
+-------------+--------------+---------+-----------+------------------------------+------------------+------------------+
| RegionOne | compute | 2.0 | SUPPORTED | http://controller:8774/v2/ | None | None |
| RegionOne | compute | 2.1 | CURRENT | http://controller:8774/v2.1/ | 2.1 | 2.65 |
| RegionOne | image | 2.0 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.1 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.2 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.3 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.4 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.5 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.6 | SUPPORTED | http://controller:9292/v2/ | None | None |
| RegionOne | image | 2.7 | CURRENT | http://controller:9292/v2/ | None | None |
| RegionOne | placement | 1.0 | CURRENT | http://controller:8778/ | 1.0 | 1.29 |
| RegionOne | network | 2.0 | CURRENT | http://controller:9696/v2.0/ | None | None |
| RegionOne | identity | 3.11 | CURRENT | http://controller:5000/v3/ | None | None |
+-------------+--------------+---------+-----------+------------------------------+------------------+------------------+
1、网络环境
主机 | IP |
---|---|
controller | 10.0.0.51 |
compute1 | 10.0.0.61 |
修改hosts文件
cat /etc/hosts
10.0.0.51 controller
10.0.0.61 compute1
关闭selinux、firewalld
cat env_set.sh
#!/bin/bash
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
yum install -y wget
配置阿里yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
手动配置阿里源
[centotack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
安装openstack客户端和openstack-selinux
yum install python-openstackclient openstack-selinux -y
2、同步时间
安装相关软件
yum install chrony vim net-tools lsof -y
#controller节点
allow 10.0.0.0/24
#其他节点
server 10.0.0.51 iburst
重启服务
systemctl enable chronyd.service
systemctl start chronyd.service
3、部署mariadb数据库
数据库节点
yum install mariadb mariadb-server python2-PyMySQL -y
修改数据库配置文件 /etc/my.cnf
bind-address = 10.0.0.51
default-storage-engine = innodb
innodb_file_per_table #innodb使用独立的表结构
max_connections = 4096 #最大的连接数
collation-server = utf8_general_ci #使用utf-8字符集
character-set-server = utf8
启动数据库
systemctl enable mariadb
systemctl start mariadb
数据库安全初始化
mysql_secure_installation
#回车 n y y y y
4、消息队列RabbitMQ
安装rabbit
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#添加openstack用户,设置密码
rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
#给openstack用户配置写和读权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
Rabbitmq默认会开启25672和5672端口
验证:
# netstat -antplu|grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 11226/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 11226/beam.smp
开启插件,监控. 端口:15672
rabbitmq-plugins enable rabbitmq_management
# netstat -antplu|grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 11226/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 11226/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 11226/beam.smp
5、配置memcached
yum install -y memcached python-memcached
#默认监听需要修改
sed -i 's/127.0.0.1/10.0.0.51/g' /etc/sysconfig/memcached
systemctl restart memcached.service
验证:
# netstat -anpl|grep 11211
tcp 0 0 10.0.0.51:11211 0.0.0.0:* LISTEN 12152/memcached
6、openstack服务安装的通用步骤:
1.创库授权
2.在keystone创建用户,关联角色
3.在keystone上注册服务,注册api
4.安装服务相关的软件包
5.修改配置文件 数据库的连接信息 rabbitmq的连接信息 keystone认证授权信息
6.同步数据库,创建表
7.启动服务
二、keystone服务的安装
1、创库授权
create DATABASE keystone;
GRANT ALL PRIVILEGES on keystone.* to 'keystone'@'localhost' identified by 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
2、安装keystone相关软件包
yum install -y openstack-keystone httpd mod_wsgi
修改配置文件
cp /etc/keystone/keystone.conf{
,.back}
grep -Ev '^$|^#' /etc/keystone/keystone.conf.back > /etc/keystone/keystone.conf
cat /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ADMIN_TOKEN
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
#同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
#验证
ll /etc/keystone
3、配置httpd
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{
GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{
GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
重启
systemctl enable httpd.service
systemctl restart httpd.service
4、创建服务和注册api:
#配置认证令牌:
export OS_TOKEN=ADMIN_TOKEN
#配置端点URL:
export OS_URL=http://controller:35357/v3
#配置认证 API 版本:
export OS_IDENTITY_API_VERSION=3
openstack service create \
--name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3
创建域、项目、用户、角色
openstack domain create --description "Default Domain" default
openstack project create --domain default \
--description "Admin Project" admin
openstack user create --domain default \
--password ADMIN_PASS admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default \
--description "Service Project" service
退出bash
给定初始变量