################################################################################################################### ## 控制节点部署安装 # ################################################################################################################### ## 控制节点规划: ## 主机名:controller ## IP地址:192.168.40.151 os:centos7 ################################################################################################################### 一、环境配置 1、主机名修改 [root@controller ~]# hostnamectl set-hostname controller [root@controller ~]# vim /etc/hosts 192.168.40.151 controller 2、关闭防火墙 [root@controller ~]# systemctl stop firewalld [root@controller ~]# systemctl disable firewalld #永久性关闭防火墙 3、关闭selinux [root@controller ~]# setenforce 0 #临时关闭selinux [root@controller ~]# vim /etc/selinux/config #永久性关闭selinux SELINUX=disabled 4、配置yum源 [os] name=os baseurl=http://192.168.50.124/centos-yum/7/os/x86_64/ gpgcheck=0 enabled=1 [update] name=update baseurl=http://192.168.50.124/centos-yum/7/updates/x86_64/ gpgcheck=0 enabled=1 [ext] name=ext baseurl=http://192.168.50.124/centos-yum/7/extras/x86_64/ gpgcheck=0 enabled=1 [openstack] name=n baseurl=http://192.168.50.124/openstack-rpms/openstack-newton/ gpgcheck=0 enabled=1 [root@controller ~]# reboot #重启系统 ################################################################################################################# 二、keystone组件部署安装
################################################################################################################# 1、时间服务部署安装 [root@controller ~]# yum install chrony -y [root@controller ~]# vim /etc/chrony.conf server 192.168.40.151 iburst allow 10.0.0.0/24 [root@controller ~]# systemctl enable chronyd.service #设置开机自启动 [root@controller ~]# systemctl start chronyd.service #启动时间服务 [root@controller ~]# yum install python-openstackclient #安装openstack管理工具 2、数据库部署安装 [root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y #yum安装MySQL [root@controller ~]# vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 192.168.40.151 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 [root@controller ~]# systemctl enable mariadb.service #开机自启动 [root@controller ~]# systemctl start mariadb.service #开启MySQL服务 [root@controller ~]# mysqladmin -uroot password 123 #设置MySQL密码为123 3、部署安装rabbit消息队列 [root@controller ~]# yum install rabbitmq-server -y [root@controller ~]# systemctl enable rabbitmq-server.service [root@controller ~]# systemctl start rabbitmq-server.service [root@controller ~]# rabbitmqctl add_user openstack 123 #创建rabbit用户密码 Creating user "openstack" ... [root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允许所有人排队 Setting permissions for user "openstack" in vhost "/" ... 4、部署安装memcached缓存服务 [root@controller ~]# yum install memcached python-memcached -y [root@controller ~]# systemctl enable memcached.service [root@controller ~]# systemctl start memcached.service 5、keystone数据库创建 [root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 11 Server version: 10.1.18-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> create database keystone; MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | keystone | #显示keystone库 ,表示创建库成功 | mysql | | performance_schema | | test | +--------------------+ 5 rows in set (0.01 sec) ##创建keystone用户密码设置为123 MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123'; Query OK, 0 rows affected (0.00 sec) 6、安装keystone包 [root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y [root@controller ~]# vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:123@controller/keystone #关联数据库 [token] provider = fernet [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化keystone数据库 [root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone #为管理员账户admin创建密码为123 [root@controller ~]# keystone-manage bootstrap --bootstrap-password 123 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:35357/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne [root@controller ~]# vim /etc/httpd/conf/httpd.conf #添加以下内容 ServerName controller [root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ [root@controller ~]# systemctl enable httpd.service [root@controller ~]# systemctl start httpd.service [root@controller ~]# #通过admin用户登录keystone export OS_USERNAME=admin export OS_PASSWORD=123 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 #创建service项目 [root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 24ac7f19cd944f4cba1d77469b2a73ed | | is_domain | False | | name | service | | parent_id | default | +-------------+----------------------------------+ #创建demo项目 [root@controller ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 231ad6e7ebba47d6a1e57e1cc07ae446 | | is_domain | False | | name | demo | | parent_id | default | +-------------+----------------------------------+ #创建demo普通用户密码为123 [root@controller ~]# openstack user create --domain default --password-prompt demo User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | aeda23aa78f44e859900e22c24817832 | | name | demo | | password_expires_at | None | +---------------------+----------------------------------+ #创建user角色 [root@controller ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 997ce8d05fc143ac97d83fdfb5998552 | | name | user | +-----------+----------------------------------+ #为demo普通用户赋予权限 [root@controller ~]# openstack role add --project demo --user demo user #创建admin认证脚本 [root@controller ~]# vim admin.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 #创建普通用户demo认证脚本 [root@controller ~]# vim demo.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 #验证 [root@controller ~]# source admin.sh #查看所有用户 [root@controller ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 13a142d7c342441f8bfc7b9ea5150105 | demo | | 62246126b9d8407291b9799c63d4e4d0 | admin | +----------------------------------+-------+ #查看角色 [root@controller ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 49d6e90dc3d14870a94613f2d4c382e0 | admin | | 5406975b73f84c9686881b688d41c8ef | user | +----------------------------------+-------+ #查看项目 [root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0acd609715164bc4a6fc769c23d98fcc | admin | | 1ba73fa460b5446e945f5883e5e27b80 | demo | | ee697d3eec9b4653b69a599ac2308edb | service | +----------------------------------+---------+ #查看域 [root@controller ~]# openstack domain list +---------+---------+---------+--------------------+ | ID | Name | Enabled | Description | +---------+---------+---------+--------------------+ | default | Default | True | The default domain | +---------+---------+---------+--------------------+
三、openstack glance组件部署安装
################################################################################################################## ****************************************************************************************************************** ## glance 部署安装 ################################################################################################################## glance:管理镜像。(上传 下载 ,查看 ,修改,删除,快照、容灾、克隆) 镜像:所有东西都可以克隆,并且按照一定的格式生成镜像 iso镜像 vmdk镜像 quw2镜像 ################################################################################################################### [root@controller ~]# mysql -u root -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 56 Server version: 10.1.18-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; #创建glance数据库 MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123'; #创建用户并赋予权限 MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '123'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123'; [root@controller ~]# source admin.sh #登录keystone,admin认证 #在keystone里创建glance的认证用户和密码 [root@controller ~]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 3f4e777c4062483ab8d9edd7dff829df | | name | glance | | password_expires_at | None | +---------------------+----------------------------------+ [root@controller ~]# openstack role add --project service --user glance admin #给glance用户赋予admin权限 #创建glance服务 [root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 400e77749e8c4f29a5ab0e124a408fda | | name | glance | | type | image | +-------------+----------------------------------+ #创建公共的glance API [root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 795e80b3501d4478a03de400887623df | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 400e77749e8c4f29a5ab0e124a408fda | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ #创建私有的glance API [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | c9253e145b334a01b5ce7406390ecbb1 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 400e77749e8c4f29a5ab0e124a408fda | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ #创建admin的glance API [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0190aabbba724c18971fe459df77f5a5 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 400e77749e8c4f29a5ab0e124a408fda | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# yum install openstack-glance -y #安装openstack glance组件 [root@controller ~]# vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:123@controller/glance #关联到glance数据库里 #glance认证设置 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = 123 [paste_deploy] flavor = keystone #设置glance存储路径 [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [root@controller ~]# vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:123@controller/glance #关联数据库 [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = 123 [paste_deploy] flavor = keystone [root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance #初始化glance数据库 #验证数据库初始化是否成功 [root@controller ~]# mysql -uroot -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or g. Your MariaDB connection id is 54 Server version: 10.1.18-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or 'h' for help. Type 'c' to clear the current input statement. MariaDB [(none)]> use glance; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [glance]> show tables; +----------------------------------+ | Tables_in_glance | +----------------------------------+ | artifact_blob_locations | | artifact_blobs | | artifact_dependencies | | artifact_properties | | artifact_tags | | artifacts | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ 20 rows in set (0.00 sec) MariaDB [glance]> q #设置glance 开机自启动和启动glance服务 [root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service [root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service [root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img #如果报错安装wget [root@controller ~]# yum install wget -y #安装wget #上传镜像文件到glance里管理 [root@controller ~]# openstack image create "cirros" > --file cirros-0.3.4-x86_64-disk.img > --disk-format qcow2 --container-format bare > --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2017-02-14T13:30:26Z | | disk_format | qcow2 | | file | /v2/images/1e53e740-de48-49f6-94e4-e1bab71d40b8/file | | id | 1e53e740-de48-49f6-94e4-e1bab71d40b8 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 0acd609715164bc4a6fc769c23d98fcc | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2017-02-14T13:30:28Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+ #验证glance组件安装是否能正常访问 [root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 1e53e740-de48-49f6-94e4-e1bab71d40b8 | cirros | active | +--------------------------------------+--------+--------+
############################################################################################################# # 控制节点 nova组件 部署安装 # ############################################################################################################# nova组件 部署安装 1、[root@controller ~]# mysql -u root -p #登录MySQL数据库 MariaDB [(none)]> CREATE DATABASE nova_api; #创建数据库nova_api MariaDB [(none)]> CREATE DATABASE nova; #创建数据库nova MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123'; #赋予权限 MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY '123'; #赋予权限 MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123'; #赋予权限 [root@controller ~]# source admin.sh [root@controller ~]# openstack user create --domain default --password-prompt nova #创建nova用户和密码123 User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 8a7dbf5279404537b1c7b86c033620fe | | name | nova | | password_expires_at | None | +---------------------+----------------------------------+ [root@controller ~]# openstack role add --project service --user nova admin #给nova用户赋予权限 [root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute #创建service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 060d59eac51b4594815603d75a00aba2 | | name | nova | | type | compute | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s #创建nova public API端口 +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 3c1caa473bfe4390a11e7177894bcc7b | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 060d59eac51b4594815603d75a00aba2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s #创建nova internal API端口 +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | e3c918de680746a586eac1f2d9bc10ab | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 060d59eac51b4594815603d75a00aba2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s #创建nova admin API端口 +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 38f7af91666a47cfb97b4dc790b94424 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 060d59eac51b4594815603d75a00aba2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler #安装nova软件包 [root@controller ~]# vim /etc/nova/nova.conf #配置nova配置文件 [DEFAULT] transport_url = rabbit://openstack:123@controller #消息队列排队关联 enabled_apis = osapi_compute,metadata my_ip = 192.168.40.151 #本地IP地址 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver #防火墙设置 [api_database] connection = mysql+pymysql://nova:123@controller/nova_api #数据库关联 [database] connection = mysql+pymysql://nova:123@controller/nova #数据库管理 [api] auth_strategy = keystone #指定认证组件为keystone [keystone_authtoken] #keystone 认证 auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 123 [vnc] #vnc远程控制设置 enabled = true vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip [glance] api_servers = http://controller:9292 #镜像glance关联 [oslo_concurrency] #临时文件路径设置 lock_path = /var/lib/nova/tmp [root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova #初始化nova数据库 [root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova #初始化nova数据库 [root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service #nova服务开机自启动设置 [root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service #开启所有nova服务 验证安装是否成功: 在控制节点上执行 [root@controller ~]# source admin.sh #admin keystone认证 [root@controller ~]# openstack compute service list #查看nova服务状态 +----+--------------------+------------+----------+---------+-------+----------------------------+ | Id | Binary | Host | Zone | Status | State | Updated At | +----+--------------------+------------+----------+---------+-------+----------------------------+ | 1 | nova-consoleauth | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 | | 2 | nova-scheduler | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 | | 3 | nova-conductor | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 | +----+--------------------+------------+----------+---------+-------+----------------------------+