openstackM版本安装

部署期间常见问题：http://www.cnblogs.com/bfmq/p/6001233.html，问题跟对架构的理解永远比部署重要！你玩技术是绝对是要基于理论的

一.基本情况：
物理设备：4台惠普dl360，4个千兆网卡（用不了4个）
操作系统统一为：CentOS 7.2.1511
Openstack情况：mitaka版本vxlan模式，一台控制节点一台网络节点两台计算节点
网络情况：
管理网络（一般也就是ssh的ip）：60.34.30.0/24
数据网络：60.34.31.0/24

二.环境准备：
1.对所有机器进行解析，添加对应解析，管理网络ip（数据网络ip不需要加）（所有机器）
vim /etc/hosts新增（这也是此次本人安装的ip分布方式）
60.34.30.11 controller01
60.34.30.12 network01
60.34.30.13 computer01
60.34.30.14 computer02
2.关闭防火墙以及selinux（所有机器）
systemctl stop firewalld
chkconfig firewalld off
setenforce 0
iptables -F
vim /etc/selinux/config修改
SELINUX=disabled
3.配置yum源（你存放mitaka相关rpm包的路径）（所有机器，http://www.cnblogs.com/bfmq/p/6027202.html）
vim /etc/yum.repos.d/mitaka.repo创建
[mitaka]
name=mitaka repo
baseurl=file:///root/mitaka/
enabled=1
gpgcheck=0

sed -i s/gpgchek=1/gpgchek=0/g /etc/yum.repos.d/*
yum clean all
yum makecache
yum groupinstall base -y
4.时间服务部署（所有机器）
yum install chrony -y
vim /etc/chrony.conf修改
原有的server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst全部注释掉
控制节点:
添加server 127.0.0.1 iburst
allow 60.34.30.0/24（管理网段ip/24）

systemctl start chronyd
systemctl enable chronyd
其余节点：
添加server 60.34.30.11 iburst（控制节点管理ip）

systemctl start chronyd
systemctl enable chronyd
chronyc sources

三.正式开始安装
在所有节点执行
yum upgrade
yum install python-openstackclient -y
yum install openstack-selinux -y

1.控制节点
yum install mariadb mariadb-server python2-PyMySQL rabbitmq-server openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler memcached openstack-glance python-memcached openstack-keystone httpd mod_wsgi openstack-dashboard -y

vim /etc/my.cnf.d/openstack.cnf新建内容
[mysqld]
bind-address = 60.34.30.11（控制节点管理网络ip）
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

systemctl enable mariadb.service
systemctl start mariadb.service
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user rabbitmq bfmq
rabbitmqctl set_permissions rabbitmq ".*" ".*" ".*"
systemctl enable memcached.service
systemctl start memcached.service
mysql_secure_installation（设置你的数据库root密码）

mysql -uroot -pbfmq
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller01' IDENTIFIED BY 'bfmq';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller01' IDENTIFIED BY 'bfmq';
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller01' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller01' IDENTIFIED BY 'bfmq';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'bfmq';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller01' IDENTIFIED BY 'bfmq';
flush privileges;
quit

vim /etc/keystone/keystone.conf修改
[DEFAULT]
admin_token = bfmq

[database]
connection = mysql+pymysql://keystone:bfmq@controller01/keystone

[token]
provider = fernet

su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

vim /etc/httpd/conf/httpd.conf修改
ServerName controller01

vim /etc/httpd/conf.d/wsgi-keystone.conf新建内容
Listen 5000
Listen 35357

<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>

<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>

systemctl enable httpd.service
systemctl start httpd.service
export OS_TOKEN=bfmq
export OS_URL=http://controller01:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller01:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller01:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller01:35357/v3
openstack domain create --description "Default Domain" default
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin（会提示设置密码，之后登录页面时候admin用户的密码）
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo（会提示设置密码，之后登录页面时候demo用户的密码）
openstack role create user
openstack role add --project demo --user demo user
openstack project create --domain default --description "Service Project" service
验证：
unset OS_TOKEN OS_URL
openstack --os-auth-url http://controller01:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password:（会提示输入密码，输入刚才admin的，会出现admin的相关信息，如果不成功，请检查操作，切勿继续向下安装！）

vim admin-openrc新建内容（管理员的环境）
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=bfmq
export OS_AUTH_URL=http://controller01:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

vim demo-openrc新建内容（普通用户的环境）
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=bfmq
export OS_AUTH_URL=http://controller01:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

验证：
. admin-openrc
openstack token issue（出现刚才验证的类似内容）
openstack user create --domain default --password-prompt glance（会提示设置密码）
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller01:9292
openstack endpoint create --region RegionOne image internal http://controller01:9292
openstack endpoint create --region RegionOne image admin http://controller01:9292

vim /etc/glance/glance-api.conf修改
[database]
connection = mysql+pymysql://glance:bfmq@controller01/glance

[keystone_authtoken]
auth_url = http://controller01:5000
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = bfmq

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

vim /etc/glance/glance-registry.conf修改
[database]
connection = mysql+pymysql://glance:bfmq@controller01/glance

mkdir -p /var/lib/glance/images/
chown glance. /var/lib/glance/images/
su -s /bin/sh -c "glance-manage db_sync" glance（会有future相关提示，可忽略）
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

验证：
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public（这个cirros-0.3.4-x86_64-disk.img自己下载即可，官网链接wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img）
openstack image list（会列出一个列表，里面有cirros的镜像，如果不成功，请检查操作，切勿继续向下安装！）

openstack user create --domain default --password-prompt nova（会提示设置密码）
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller01:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute internal http://controller01:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute admin http://controller01:8774/v2.1/%(tenant_id)s
vim /etc/nova/nova.conf修改
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 60.34.30.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:bfmq@controller01/nova_api

[database]
connection = mysql+pymysql://nova:bfmq@controller01/nova

[oslo_messaging_rabbit]
rabbit_host = controller01
rabbit_userid = rabbitmq
rabbit_password = bfmq

[keystone_authtoken]
auth_url = http://controller01:5000
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = bfmq

[vnc]
vncserver_listen = 60.34.30.11
vncserver_proxyclient_address = 60.34.30.11

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova（会有future相关提示，可忽略）
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

2.计算节点（所有的计算节点都要操作，我以13为例）
yum install openstack-nova-compute libvirt-daemon-lxc openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
vim /etc/nova/nova.conf修改
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 60.34.30.13
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = controller01
rabbit_userid = rabbitmq
rabbit_password = bfmq

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 60.34.30.13
novncproxy_base_url = http://60.34.30.11:6080/vnc_auto.html

[glance]
api_servers = http://controller01:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

ps:如果在不支持虚拟化的机器上部署nova，请确认
egrep -c '(vmx|svm)' /proc/cpuinfo结果为0
vim /etc/nova/nova.conf修改
[libvirt]
virt_type = qemu

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

验证（控制节点操作）

. admin-openrc
openstack compute service list（会出现计算节点列表，如果不成功，请检查操作，切勿继续向下安装！）

openstack user create --domain default --password-prompt neutron（会提示设置密码）
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller01:9696
openstack endpoint create --region RegionOne network internal http://controller01:9696
openstack endpoint create --region RegionOne network admin http://controller01:9696
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which -y
vim /etc/neutron/neutron.conf修改
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[oslo_messaging_rabbit]
rabbit_host = controller01
rabbit_userid = rabbitmq
rabbit_password = bfmq

[database]
connection = mysql+pymysql://neutron:bfmq@controller01/neutron

[keystone_authtoken]
auth_url = http://controller01:5000
memcached_servers = controller01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = bfmq

[nova]
auth_url = http://controller01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = bfmq

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

vim /etc/neutron/plugins/ml2/ml2_conf.ini修改
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True

vim /etc/nova/nova.conf修改
[neutron]
url = http://controller01:9696
auth_url = http://controller01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = bfmq
service_metadata_proxy = True

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron（会有future相关提示跟许多info信息，可忽略）
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service
systemctl start neutron-server.service

3.网络节点
vim /etc/sysctl.conf新增内容
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

sysctl -p立即生效
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
vim /etc/neutron/neutron.conf修改
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller01
rabbit_userid = rabbitmq
rabbit_password = bfmq

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

vim /etc/neutron/plugins/ml2/openvswitch_agent.ini修改
[ovs]
##################################################
local_ip=60.34.31.12
##################################################
bridge_mappings=external:br-ex

[agent]
tunnel_types=gre,vxlan
l2_population=True
prevent_arp_spoofing=True

vim /etc/neutron/l3_agent.ini修改
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge=br-ex

vim /etc/neutron/dhcp_agent.ini修改
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata=True

vim /etc/neutron/metadata_agent.ini修改
[DEFAULT]
nova_metadata_ip=controller01
metadata_proxy_shared_secret=bfmq

systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
ovs-vsctl add-br br-ex
cat /etc/sysconfig/network-scripts/ifcfg-eno1（惠普默认网卡名字是enoX）
DEVICE=eno1
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"

cat /etc/sysconfig/network-scripts/ifcfg-br-ex 
DEVICE=br-ex
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
IPADDR=60.34.30.12
GATEWAY=60.34.30.254
PREFIX=24
DNS1=60.34.30.254
NM_CONTROLLED=no

systemctl restart network && ovs-vsctl add-port br-ex eno1（ssh连接可能会断开次）

4.计算节点
vim /etc/sysctl.conf新增内容
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

sysctl -p
vim /etc/neutron/neutron.conf修改
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller01
rabbit_userid = rabbitmq
rabbit_password = bfmq

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

vim /etc/neutron/plugins/ml2/openvswitch_agent.ini修改
[ovs]
#######################################
local_ip = 60.34.31.13
#######################################

[agent]
tunnel_types = gre,vxlan
l2_population = True
prevent_arp_spoofing = True

[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

vim /etc/nova/nova.conf修改
[neutron]
url = http://controller01:9696
auth_url = http://controller01:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = bfmq

systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service

5.控制节点
vim /etc/openstack-dashboard/local_settings修改
OPENSTACK_HOST = "controller01"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'（默认没有相应的配置，自行添加在最后一行即可）
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller01:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

systemctl enable httpd.service memcached.service
systemctl restart httpd.service memcached.service

四.完成验证
http://60.34.30.11/dashboard