1. 程式人生 > >openstack安裝

openstack安裝

ica strategy sysconf 數據庫服務 版本 serve scripts tables vim配置文件

環境:rhel7.3 配置yum源,軟件名:mitake 註意解析,時間同步,設置節點主機名,為 controller 計算節點computer,添加網卡eth1形成雙網卡
controller:172.25.35.13
computer:172.25.35.14
#註意:後面vim配置文件信息過多沒有貼出來可參考官方中文文檔:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/ 只需註意密碼設置即可

[root@controller network-scripts]# vim ifcfg-eth0
BOOTPROTO=static
DEVICE=eth0

ONBOOT=yes
IPADDR=172.25.35.13
PREFIX=24
[root@controller network-scripts]# vim ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@controller network-scripts]# ifup eth1 啟動無配置eth1網卡
[root@controller network-scripts]# yum install chrony
[root@controller network-scripts]# systemctl disable NetworkManager
[root@controller network-scripts]# vim /etc/chrony.conf 時間和物理機同步

[root@controller network-scripts]# systemctl restart chronyd
[root@controller network-scripts]# systemctl enable chronyd
[root@controller network-scripts]# yum install python-openstackclient
[root@controller network-scripts]# yum install openstack-selinux
[root@controller network-scripts]# yum install mariadb

[root@controller network-scripts]# yum install python2-PyMySQL
[root@controller network-scripts]# systemctl enable mariadb.service
[root@controller network-scripts]# systemctl start mariadb.service
[root@controller network-scripts]# yum install rabbitmy-server
[root@[root@controller network-scripts]# systemctl enable rabbitmq-server
[root@controller network-scripts]# yum install python-openstackclient

[root@controller my.cnf.d]# vim openstack.cnf
[mysqld]
bind-address = 172.25.35.13
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = ‘SET NAMES utf8‘
character-set-server = utf8
[root@controller my.cnf.d]# systemctl enable mariadb.service
[root@controller my.cnf.d]# mysql_secure_installation 初始化數據庫密碼
[root@controller my.cnf.d]# systemctl enable rabbitmq-server.service
[root@controller my.cnf.d]# systemctl start rabbitmq-server.service
[root@controller my.cnf.d]# rabbitmqctl add_user openstack openstack 創建openstack用戶
[root@controller my.cnf.d]# rabbitmqctl set_permissions openstack "." "." ".*"賦予權限
[root@controller my.cnf.d]# yum install memcached python-memcached
[root@controller my.cnf.d]# systemctl enable memcached.service
[root@controller my.cnf.d]# systemctl start memcached.service

[root@controller my.cnf.d]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1"
[root@controller my.cnf.d]# rabbitmq-plugins list
[root@controller my.cnf.d]# rabbitmq-plugins enable rabbitmq_management
[root@controller my.cnf.d]# mysql -u root -p 進入數據庫
創建 keystone 數據庫:建議名稱和密碼一致
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone. TO ‘keystone‘@‘localhost‘ \ IDENTIFIED BY ‘keystone‘;
GRANT ALL PRIVILEGES ON keystone.
TO ‘keystone‘@‘%‘ \ IDENTIFIED BY ‘keystone‘;
退出數據庫:
生成生成一個隨機值在初始的配置中作為管理員的令牌
openssl rand -hex 10
85edd158c03265a1b3d1
[root@controller my.cnf.d]# mysql -ukeystone -pkeystone 可用新建的用戶密碼進以下看可否登陸。
[root@controller my.cnf.d]# yum install openstack-keystone httpd mod_wsgi
定義初始管理令牌的值:
[root@controller ~]# vim /etc/keystone/keystone.conf

初始化身份認證服務的數據庫:
初始化身份認證服務的數據庫:
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet keys:
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# vim /etc/httpd/conf/httpd.conf

創建文件 /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
    Require all granted
</Directory></VirtualHost>

<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
    Require all granted
</Directory></VirtualHost>

[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
配置認證令牌:
[root@controller ~]# export OS_TOKEN=56785451cc7970d2945e 前面生成的令牌
[root@controller ~]# export OS_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
創建服務實體和身份認證服務:
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity
[root@controller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3
[root@controller ~]#openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
[root@controller ~]#openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
[root@controller ~]# openstack domain create --description "Default Domain" default

[root@controller ~]# openstack project create --domain default --description "Admin Project" admin
[root@controller ~]# openstack user create --domain default --password-admin admin
[root@controller ~]# openstack role create admin
[root@controller ~]# openstack role add --project admin --user admin admin
[root@controller ~]# openstack project create --domain default --description "Service Project" service

[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
[root@controller ~]# openstack user create --domain default --password demo demo
[root@controller ~]# openstack role create user
[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]# unset OS_TOKEN OS_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default \
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os username admin token issue
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue

[root@controller ~]# vim admin_openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo_openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin_openrc
[root@controller ~]# openstack token issue

[root@controller ~]# openstack-status
[root@controller ~]# systemctl daemon-reload
[root@controller ~]# openstack-status
[root@controller ~]# systemctl status openstack-keystone
[root@controller ~]# systemctl enable httpd
[root@controller ~]# systemctl restart httpd
[root@controller ~]# openstack-service status openstack-keystone
[root@controller ~]# systemctl status openstack-keystone
[root@controller ~]# yum install -y openstack-utils
[root@controller ~]# openstack token issue

用數據庫連接客戶端以 root 用戶連接到數據庫服務器
[root@controller ~]# mysql -predhat
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance. TO ‘glance‘@‘localhost‘ \ IDENTIFIED BY ‘glance‘;
GRANT ALL PRIVILEGES ON glance.
TO ‘glance‘@‘%‘ \ IDENTIFIED BY ‘glance‘;
退出數據庫:
[root@controller ~]# source admin_openrc
[root@controller ~]# openstack user create --domain default --password glance glance
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \

--description "OpenStack Image" image
[root@controller ~]# openstack endpoint create --region RegionOne \
image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
[root@controller ~]# yum install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone

[root@controller ~]# vim /etc/glance/glance-registry.conf
[paste_deploy]
flavor = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[database]
connection = mysql+pymysql://glance:glance@controller/glance

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \

openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# netstat -antlp|grep :9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 17700/python2
下載 cirros-0.3.5-x86_64-disk.img
[root@controller ~]# openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 0a5a2b41-d69a-43fc-abe9-a03fd418691a | cirros | active |
+--------------------------------------+--------+--------+

計算節點
[root@controller ~]# mysql -predhat
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘localhost‘ \
-> IDENTIFIED BY ‘nova‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘%‘ \
-> IDENTIFIED BY ‘nova‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ \
-> IDENTIFIED BY ‘nova‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ \
-> IDENTIFIED BY ‘nova‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> quit
Bye
[root@controller ~]# openstack user create --domain default --password nova nova
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \

--description "OpenStack Compute" compute
[root@controller ~]# openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.135.13
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# openstack compute service list
+----+---------------+------------+----------+---------+-------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+---------------+------------+----------+---------+-------+-----------------+
| 1 | nova- | controller | internal | enabled | up | 2018-12-01T07:2 |
| | conductor | | | | | 6:43.000000 |
| 2 | nova- | controller | internal | enabled | up | 2018-12-01T07:2 |
| | consoleauth | | | | | 6:44.000000 |
| 3 | nova- | controller | internal | enabled | up | 2018-12-01T07:2 |
| | scheduler | | | | | 6:44.000000 |
+----+---------------+------------+----------+---------+-------+-----------------+
[root@computer ~]# yum install openstack-nova-compute
[root@computer ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 172.25.135.14
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[root@computer ~]# egrep -c ‘(vmx|svm)‘ /proc/cpuinfo
[root@computer ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@computer ~]# systemctl start libvirtd.service openstack-nova-compute.service
[root@controller ~]# openstack compute service list
+----+---------------+------------+----------+---------+-------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+---------------+------------+----------+---------+-------+-----------------+
| 1 | nova- | controller | internal | enabled | up | 2018-12-01T07:3 |
| | conductor | | | | | 3:13.000000 |
| 2 | nova- | controller | internal | enabled | up | 2018-12-01T07:3 |
| | consoleauth | | | | | 3:04.000000 |
| 3 | nova- | controller | internal | enabled | up | 2018-12-01T07:3 |
| | scheduler | | | | | 3:04.000000 |
| 6 | nova-compute | computer | nova | enabled | up | 2018-12-01T07:3 |
| | | | | | | 3:13.000000 |
+----+---------------+------------+----------+---------+-------+-----------------+
[root@controller ~]# vim /etc/nova/nova.conf
[root@controller ~]# mysql -predhat
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ \
-> IDENTIFIED BY ‘neutron‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ \
-> IDENTIFIED BY ‘neutron‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> ^DBye
[root@controller ~]# openstack user create --domain default --password neutron neutron
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \

--description "OpenStack Networking" network
[root@controller ~]# openstack endpoint create --region RegionOne \
network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
network admin http://controller:9696
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
[root@controller ~]# vim /etc/neutron/neutron.conf
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[root@controller ~]# vim /etc/nova/nova.conf
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller ~]# neutron agent-list
[root@controller ~]# neutron agent-list
[root@controller ~]# openstack compute service list
[root@computer ~]# yum install openstack-neutron-linuxbridge ebtables ipset
[root@computer ~]# vim /etc/neutron/neutron.conf
[root@computer ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@computer ~]# vim /etc/nova/nova.conf
[root@computer ~]# systemctl restart openstack-nova-compute.service
[root@computer ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@computer ~]# systemctl start neutron-linuxbridge-agent.service
[root@computer ~]# ls
mitaka qemu
[root@computer ~]# cd qemu/
[root@computer qemu]# ls
libcacard-2.5.2-2.1.el7.x86_64.rpm qemu-kvm-common-ev-2.6.0-28.el7.10.1.x86_64.rpm
qemu-img-ev-2.6.0-28.el7.10.1.x86_64.rpm qemu-kvm-ev-2.6.0-28.el7.10.1.x86_64.rpm
[root@computer qemu]# yum install -y *
[root@computer qemu]# virsh version #版本升級必須,不然起不來
根據庫編譯:libvirt 2.0.0
使用庫:libvirt 2.0.0
使用的 API: QEMU 2.0.0
運行管理程序: QEMU 2.6.0
[root@computer qemu]# vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu
cpu_mode = none #雲主機定在peix上解決辦法
[root@computer qemu]# systemctl restart openstack-nova-compute.service
[root@controller ~]# neutron subnet-create --name provider --allocation-pool start=172.25.135.200,end=172.25.135.230 provider 172.25.135.0/24
[root@controller ~]# openstack network list
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
[root@controller ~]# source demo_openrc
[root@controller ~]# ssh-keygen -q -N ""
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
[root@controller ~]# openstack keypair list
[root@controller ~]# openstack security group rule create --proto icmp default
[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
[root@controller ~]# openstack flavor list
[root@controller ~]# openstack image list
[root@controller ~]# openstack network list
+--------------------------------------+----------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+----------+--------------------------------------+
| 3beaf1bb-eef5-4945-8b6d-363cc85b0bca | provider | aaeb405c-1242-4164-9137-0bdf0e9b7df4 |
+--------------------------------------+----------+--------------------------------------+
[root@controller ~]# openstack security group list
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
--nic net-id=3beaf1bb-eef5-4945-8b6d-363cc85b0bca --security-group default \
--key-name mykey provider-instance
[root@controller ~]# openstack server list
[root@controller ~]# openstack console url show provider-instance
網頁上起雲主機http://controller:6080/vnc_auto.html?token=1503968b-b215-4a10-89ed-0bf8f3f955a0
[root@controller ~]# ssh [email protected] #可以ssh上去
[root@controller ~]# yum install openstack-dashboard #圖形化界面
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
[root@controller ~]# systemctl restart httpd.service memcached.service

openstack安裝