OpenStack Pike版本部署手冊
Openstack安裝部署文件(Pike)
一、 環境準備
本文的安裝部署都是在CentOS 7.4上完成,本文中的控制節點、儲存節點是雙網絡卡設定,網路節點和計算節點是三網絡卡設定。
注意:yum源可以修改成國內的源。
本文有些命令列裡,引數之間 缺少空格,參照時候,請注意。
1. 虛擬機器節點拓撲部署和主機命名
eth0: 管理網路
eth1: 資料網路/隧道
控制節點: eth0: 10.0.2.15/24,eth1: 192.168. 56.101/24
網路節點: eth0: 10.0.2.5/24,eth1: 192.168. 56.102/24, eth2 無具體IP
計算節點: eth0: 10.0.2.4/24
儲存節點: eth0: 10.0.2.6/24,eth1: 192.168. 56.104/24
$ vim /etc/hosts
# controller
192.168.56.101 controller
# compute
192.168.56.103 compute
#network
192.168.56.102 network
#block storage
192.168.56.104 block
2. 虛擬機器網絡卡配置
使用傳統網絡卡命名方式(可跳過)
編輯/etc/default/grub並加入“net.ifnames=0
$ sudo grub2-mkconfig -o /boot/grub2/grub.cfg
#service NetworkManager stop
#chkconfig NetworkManager off
# systemctl stop firewalld.service
# systemctl disable firewalld.service
# /usr/sbin/setenforce 0
##########set SELINUX disabled##############
#vim /etc/sysconfig/selinux
SELINUX=disabled
4. 安裝NTP服務
1)
$ yum install chrony
2) 配置/etc/chrony.conf(控制節點)
修改相應的部分:
$ vim /etc/chrony.conf
……
allow 10.0.0.0/8
重啟server的chrony服務
# systemctl enable chronyd.service
# systemctl start chronyd.service
3) 配置NTP client(網路,計算,儲存節點)
修改相應的部分:
$ vim /etc/chrony.conf
……
server controller iburst
……
啟動ntp服務:
# systemctl enable chronyd.service
# systemctl start chronyd.service
4) 所有節點上進行驗證
$ chronyc sources
5. 安裝Openstack (所有節點)
# yum install centos-release-openstack-pike
# yum upgrade
# yum install python-openstackclient
# yum install openstack-selinux
6. 安裝MariaDB SQL資料庫
1) Controller節點:
安裝mariadb-server
# yum install mariadb mariadb-server python2-PyMySQL
修改mariadb_openstack.cnf配置
# vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.56.101
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
重啟mysqld服務,並設定開機啟動
# systemctl enable mariadb.service
# systemctl start mariadb.service
# mysql_secure_installation
設定密碼 1235456,其他都是Yes
7. 安裝Message Queue(rabbitMQ , Controller node)
#yum install rabbitmq-server
重啟rabbitmq服務
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
新增rabbitmq使用者,並配置許可權
# rabbitmqctl add_user openstack openstack123
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
8. 安裝Memcached(控制節點)
安裝包。
yum install memcached python-memcached
配置/etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1"
修正為
OPTIONS="-l 127.0.0.1,::1,controller"
啟動服務。
systemctl enable memcached.service
systemctl startmemcached.service
二、 安裝KeyStone
[注] keystone只需要安裝在Controller Node上
1) 在mariadb sql節點建立keystone的資料庫
$ mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO'keystone'@'localhost' \
IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON keystone.* TO'keystone'@'%' \
IDENTIFIED BY '123456';
mysql> exit
2) yum安裝rpm包
# yum installopenstack-keystone httpd mod_wsgi
3) 配置/etc/keystone/keystone.conf
[DEFAULT]
verbose=True
admin_token=15fe8a5fd6f8a6c0cb74
log_dir=/var/log/keystone
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
[token]
provider = fernet
4) 載入Keystone資料庫的schema
# su -s /bin/sh -c "keystone-manage db_sync" keystone
5) 建立證書和金鑰
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-userkeystone --keystone-group keystone
6) 啟動 keystone服務
注:ADMIN_PASS 替換成具體的密碼。
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
7) 配置Apache http服務
######配置/etc/httpd/conf/httpd.conf的Servername
ServerName controller
####建立/usr/share/keystone/wsgi-keystone.conf的軟連線。
# ln -s /usr/share/keystone/wsgi-keystone.conf/etc/httpd/conf.d/
#####啟動 http服務
# systemctl enable httpd.service
# systemctl start httpd.service
8) 建立service entity和 API endpoint
## 設定認證環境變數
#export OS_PASSWORD=ADMIN_PASS
#export OS_PROJECT_NAME=admin
#export OS_USER_DOMAIN_NAME=Default
#export OS_PROJECT_DOMAIN_NAME=Default
#exportOS_AUTH_URL=http://controller:35357/v3
#export OS_IDENTITY_API_VERSION=3
#####建立DEMO使用者等資訊。
#openstack project create --domain default --description "Service Project"service
#openstack project create --domain default --description "Demo Project" demo
#openstack user create --domain default --password-prompt demo
#openstack role create user openstack role add --projectdemo --user demo user
9) 驗證安裝是否成功
unset OS_AUTH_URL OS_PASSWORD
# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default--os-user-domain-name Default --os-project-name admin --os-username admin token issue
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
10) 使用環境變數
注:ADMIN_PASS替換成具體的密碼。
#建立admin-openrc.sh
vim admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]#
[[email protected] ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
# 執行 admin-openrc.sh
source admin-openrc.sh
### 驗證
# openstack token issue
#openstack service list
三、 安裝Glance
1) 在MariaDB SQL節點配置Glance資料庫
$ mysql -u root -p123456
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO'glance'@'localhost' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
mysql> exit
2) 建立glance使用者,並新增管理員角色
# openstack user create --domain default --password-promptglance
# openstack role add --project service --user glanceadmin
3) 在keystone建立glance服務和endpoint
# oopenstack service create --name glance --description "OpenStack Image"image
# openstackendpoint create --region RegionOne image public http://controller:9292
# openstack endpoint create --region RegionOne image internal http://controller:9292
#openstack endpoint create --region RegionOne image admin http://controller:9292
4) yum安裝rpm包
# yum install openstack-glance
5) 修改Glance配置檔案/etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance: [email protected]/glance
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
6) 修改glance-registry.conf
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
# ...
flavor = keystone
7) 生成資料庫
# su -s /bin/sh -c "glance-manage db_sync" glance
8) 啟動glance服務
# systemctl enable openstack-glance-api.service openstack-glance-registry.service
# systemctl start openstack-glance-api.service openstack-glance-registry.service
9) 驗證glance安裝是否成功
# . admin-openrc
# mkdir /tmp/images
# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
# glance image-create --name"cirros-0.3.3-x86_64" --file /tmp/images/cirros-0.3.3-x86_64-disk.img\
--disk-format qcow2 --container-format bare --progress
# glance image-list
# rm -r /tmp/images
四、 安裝Nova
1. 安裝 Nova-Controller節點
1) 設定MySQL資料庫,新增nova資料庫
mysql -u root -p123456
mysql> CREATE DATABASE nova_api;
mysql> CREATE DATABASE nova;
mysql> CREATE DATABASE nova_cell0;
mysql> GRANT ALL PRIVILEGES ON nova_api;.* TO'nova'@'localhost' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON nova_api;.* TO'nova'@'%' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON nova.* TO'nova'@'localhost' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
mysql> GRANT ALL PRIVILEGES ON nova_cell0.* TO'nova'@'%' IDENTIFIED BY '123456';
mysql> exit
2) 設定Keystone,建立nova的服務和endpoint
# . admin-openrc
# openstack usercreate --domain default --password-prompt nova # openstack role add --project service --usernova admin #openstack service create --name nova \
--description "OpenStack Compute"compute
# openstack endpoint create --region RegionOne\ compute public http://controller:8774/v2.1
# openstackendpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
# openstack endpoint create --region RegionOne\ compute admin http://controller:8774/v2.1
# openstack usercreate --domain default --password-prompt placement #openstack role add --project service --user placement admin # openstack service create --nameplacement --description "Placement API" placement #openstack endpoint create --region RegionOne placement publichttp://controller:8778 #openstack endpoint create --region RegionOne placement internalhttp://controller:8778 #openstack endpoint create --region RegionOne placement adminhttp://controller:8778
3) yum安裝rpm包
# yum installopenstack-nova-api openstack-nova-conductor \
openstack-nova-consoleopenstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
4) 修改nova.conf,
注:openstack:RABBIT_PASS替換成rabbitMQ的使用者/密碼
NOVA_PASS替換成nova的密碼,其他密碼也相應的替換。
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
enabled_apis = osapi_compute,metadata
my_ip = 192.168. 56.103
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
# ...
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
# ...
connection =mysql+pymysql://nova:[email protected]/nova
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = true
# ...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
5) 配置/etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion>= 2.4>
Require allgranted
</IfVersion>
<IfVersion< 2.4>
Orderallow,deny
Allow fromall
</IfVersion>
</Directory>
6) 重啟http服務。
# systemctl restart httpd
7) 建立資料庫
# su -s /bin/sh -c "nova-manage api_db sync"nova
# su -s /bin/sh -c "nova-manage cell_v2map_cell0" nova
# su -s /bin/sh -c "nova-manage cell_v2 create_cell--name=cell1 --verbose" nova
# su -s /bin/sh -c "nova-manage db sync" nova
8) 驗證cell0 cell1正確性。
# nova-manage cell_v2 list_cells
9) 重啟nova服務並設定開機啟動
# systemctl enable openstack-nova-api.service openstack-nova-cert.service\
openstack-nova-consoleauth.service openstack-nova-scheduler.service\
openstack-nova-conductor.serviceopenstack-nova-novncproxy.service
# systemctl start openstack-nova-api.serviceopenstack-nova-cert.service \
openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service \
openstack-nova-conductor.serviceopenstack-nova-novncproxy.service
10) 下面操作,每次追加了計算節點後執行。 |
# openstack compute service list --service nova-compute
# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts--verbose" nova
# openstack compute service list --service nova-compute
2. 安裝計算節點
1) yum安裝rpm包
# yum installopenstack-nova-compute
2) 修改配置檔案nova.conf
[DEFAULT]
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:[email protected]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
# ...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url =http://controller:6080/vnc_auto.html
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
3) 檢查Compute節點CPU對虛擬化的支援情況
$ egrep -c '(vmx|svm)' /proc/cpuinfo
#####如果沒有返回值,或者返回值為0.修改配置檔案
[libvirt]
virt_type=qemu
4) 重啟nova-compute相關服務並配置開機啟動
# systemctl enable libvirtd.serviceopenstack-nova-compute.service
# systemctl start libvirtd.serviceopenstack-nova-compute.service