域名解析
vim /etc/hosts
192.168.245.172 controller01
192.168.245.171 controller02
192.168.245.173 controller03
配置源码
配置 dns 全局解释器:
vim /etc/resolv.conf
nameserver 192.168.254.251 #连接learn.yunwei.edu的内网
nameserver 223.5.5.5
wget http://download2.yunwei.edu/shell/yum-repo.sh
sh yum-repo.sh
清空,更新下源码
yum clean all (清空)
yum makecache (更新)
OpenStack 环境组件安装
由于我们配置好了公司源码,所以直接下载所需的组件
安装 OpenStack包:
1.安装启用 OpenStack 仓库的包
# yum install centos-release-openstack-ocata -y
2.安装 OpenStack 客户端
# yum install pythone-openstackclient -y
3.安装 OpenStack-selinux 软件包以便自动管理 OpenStack 服务的安全策略
# yum install openstack-selinux -y
安装 SQL 数据库:
1.安装软件包
# yum install mariadb mariadb-server python2-PyMySQL -y
2.创建并编辑 /etc/my.cnf.d/openstack.cnf,然后完成如下动作:
在 [mysqld] 部分,设置 ``bind-address``值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库:
# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.245.172 #绑定控制节点IP,填主机名或者Ip
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
3.启动数据库服务,并将其配置为开机自启
# systemctl start mariadb.service
# systemctl enable mariadb.service
并检查端口是否存在
ss -ntl | grep 3306 或者 netstat -ntpl | grep 3306
4.为了保证数据库服务的安全性,运行 mysql_secure_installation 设置密码
# mysql_secure_installation
安装rabbitmq消息队列
yum -y install rabbitmq-server
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service
在rabbitmq中添加用户
rabbitmqctl add_user openstack admin
设置权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
安装memcached
yum -y install memcached python-memcached
编辑配置文件
vim /etc/sysconfig/memcached
PORT=“11211” USER=“memcached” MAXCONN=“1024” CACHESIZE=“64” OPTIONS="-l 127.0.0.1,::1,controller01"
systemctl start memcached.service
systemctl enable memcached.service
Identity service安装
mysql -uroot -p123
CREATE DATABASE keystone;
建立keystone用户与权限
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’
IDENTIFIED BY ‘123’;
设置远程登录
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’
IDENTIFIED BY ‘123’;
下载keystone httpd mod_wsgi
yum -y install openstack-keystone httpd mod_wsgi
先备份配置文件
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
编辑配置文件,在database模块中添加
[DEFAULT] [assignment] [auth] [cache] [catalog] [cors] [cors.subdomain] [credential] [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [domain_config] [endpoint_filter] [endpoint_policy] [eventlet_server] [federation] [fernet_tokens] [healthcheck] [identity] [identity_mapping] [kvs] [ldap] [matchmaker_redis] [memcache] [oauth1] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy] [paste_deploy] [policy] [profiler] [resource] [revoke] [role] [saml] [security_compliance] [shadow_users] [signing] [token] provider = fernet [tokenless_auth] [trust]
导入数据库
su -s /bin/sh -c “keystone-manage db_sync” keystone
mysql -ukeystone -p123
use keystone;
show tables;
+------------------------+ | access_token | | assignment | | config_register | | consumer | | credential | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | local_user | | mapping | | migrate_version | | nonlocal_user | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | region | | request_token | | revocation_event | | role | | sensitive_config | | service | | service_provider | | token | | trust | | trust_role | | user | | user_group_membership | | user_option | | whitelisted_config | +------------------------+ 38 rows in set (0.00 sec)
建立管理员的用户
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
设置keystone服务端点
keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://controller01:35357/v3/ --bootstrap-internal-url http://controller01:5000/v3/ --bootstrap-public-url http:///controller01:5000/v3/ --bootstrap-region-id RegionOne
链接keystone的配置文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ #软链接
开启httpd服务
systemctl start httpd.service
systemctl enable httpd.service
httpd中写入服务器的地址
vim /etc//httpd/conf/httpd.conf #在ServerName模块下写入
ServerName comtroller01
systemctl restart httpd
宣告环境变量
vim openrc
export OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller01:35357/v3 export OS_IDENTITY_API_VERSa
source openrc 启动环境变量
显示如下则为成功
openstack user list
创建名为service的项目
openstack project create --domain default
--description "Service Project" service
创建demo项目
openstack project create --domain default
--description "Demo Project" demo
创建demo项目的用户,并设置为管理员
openstack user create --domain default
--password=demo demo
创建用户user的角色
openstack role create user
在项目demo中添加角色,并设为普通
openstack role add --project demo --user demo user