openstack(liberty):部署实验平台（二，简单版本软件安装 part1）

软件安装过程中，考虑到现在是一个实验环境，且也考虑到规模不大，还有，网络压力不会大，出于简单考虑，将各个节点的拓扑结构改了一下，主要体现在网络节点和控制节点并在了一起。在一个服务器上安装！ 到目前位置，我的这个平台，只有keystone，glance，neutron，dashboard以及nova几个服务。省出的那个服务器，打算也作为计算节点。所以，最新规划topo如下了:

绿色节点表示目前已经安装了openstack的模块软件，灰色部分，表示下一步即将安装的部分。

下面简要说下安装的过程，重点记录一下我在Centos7下的安装中遇到的问题和解决办法。我若没有说在那个节点上安装，就表示是在控制节点node0上。

1. 安装NTP，官网安装用的是chrony，我折腾了半天，没有配置好，最终选择Linux系统自带的NTPD.相关的配置，参考我的博文NTP配置。

2. 安装yum repo以及openstack的CLI安装包程序以及selinux相关的openstack插件。

yum install centos-release-openstack-liberty

上一步安装完毕后，记得要执行下面一步，并且一定，最好，将操作系统重启，我在这一步没有做重启，直接继续，遇到了不少的问题，安装得我都要抓狂。。。

yum upgrade

客户端命令行插件，selinux的openstack插件

yum install python-openstackclient
yum install openstack-selinux

3. SQL database安装。

yum install mariadb mariadb-server MySQL-python

相关的配置/etc/my.cnf.d/mariadb_openstack.cnf：

[mysqld]
datadir=/var/lib/maria
socket=/var/lib/maria/maria.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd

bind-address = localhost
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

启动mariadb，由于mariadb和mysql是完全兼容的，可以说如何使用mysql的习惯，在mariadb上完全可以用上。启动后登录，执行mysql_secure_installation进行root密码的配置。

systemctl enable mariadb.service
systemctl start mariadb.service

4。 MongoDB的安装与配置 （version: 2.9.11）

yum install mongodb-server mongodb

配置/etc/mongod.conf：

##
### Basic Defaults
##

# Comma separated list of ip addresses to listen on (all local ips by default)
bind_ip = 127.0.0.1

# Specify port number (27017 by default)
#port = 27017

# Fork server process (false by default)
#fork = true

# Full path to pidfile (if not set, no pidfile is created)
pidfilepath = /var/run/mongodb/mongod.pid

# Log file to send write to instead of stdout - has to be a file, not directory
logpath = /var/log/mongodb/mongod.log

# Alternative directory for UNIX domain sockets (defaults to /tmp)
unixSocketPrefix = /var/run/mongodb

# Directory for datafiles (defaults to /data/db/)
dbpath = /var/lib/mongodb

# Enable/Disable journaling (journaling is on by default for 64 bit)
#journal = true
nojournal = true

##
### General options
##

# Be more verbose (include multiple times for more verbosity e.g. -vvvvv) (v by default)
#verbose = v

# Max number of simultaneous connections (1000000 by default)
#maxConns = 1000000              

# Log to system's syslog facility instead of file or stdout (false by default)
#syslog = true

# Syslog facility used for monogdb syslog message (user by defautl)
#syslogFacility = user

# Append to logpath instead of over-writing (false by default)
#logappend = true

# Desired format for timestamps in log messages (One of ctime, iso8601-utc or iso8601-local) (iso8601-local by default)
#timeStampFormat = arg  

# Private key for cluster authentication
#keyFile = arg

# Set a configurable parameter
#setParameter = arg

# Enable http interface (false by default)
#httpinterface = true

# Authentication mode used for cluster authentication. Alternatives are (keyFile|sendKeyFile|sendX509|x509) (keyFile by default)
#clusterAuthMode = arg

# Disable listening on unix sockets (false by default)
#nounixsocket = true

# Run with/without security (without by default)
#auth = true
#noauth = true

# Enable IPv6 support (disabled by default)
#ipv6 = true

# Allow JSONP access via http (has security implications) (false by default)
#jsonp = true

# Turn on simple rest api (false by default)
#rest = true

# Value of slow for profile and console log (100 by default)
#slowms = 100

# 0=off 1=slow, 2=all (0 by default)
#profile = 0

# Periodically show cpu and iowait utilization (false by default)
#cpu = true

# Print some diagnostic system information (false by default)
#sysinfo = true

# Each database will be stored in a separate directory (false by default)
#directoryperdb = true

# Don't retry any index builds that were interrupted by shutdown (false by default)
#noIndexBuildRetry = true

# Disable data file preallocation - will often hurt performance (false by default)
#noprealloc = true

# .ns file size (in MB) for new databases (16 MB by default)
#nssize = 16

# Limits each database to a certain number of files (8 default)
#quota

# Number of files allowed per db, implies --quota (8 by default)
#quotaFiles = 8

# Use a smaller default file size (false by default)
#smallfiles = true

# Seconds between disk syncs (0=never, but not recommended) (60 by default)
#syncdelay = 60

# Upgrade db if needed (false by default)
#upgrade = true

# Run repair on all dbs (false by default)
#repair = true

# Root directory for repair files (defaults to dbpath)
#repairpath = arg

# Disable scripting engine (false by default)
#noscripting = true

# Do not allow table scans (false by default)
#notablescan = true

# Journal diagnostic options (0 by default)
#journalOptions = 0

# How often to group/batch commit (ms) (100 or 30 by default)
#journalCommitInterval = 100 



##
### Replication options
##

# Size to use (in MB) for replication op log (default 5% of disk space - i.e. large is good)
#oplogSize = arg



##
### Master/slave options (old; use replica sets instead)
##

# Master mode
#master = true

# Slave mode
#slave = true

# When slave: specify master as <server:port>
#source = arg

# When slave: specify a single database to replicate
#only = arg

# Specify delay (in seconds) to be used when applying master ops to slave
#slavedelay = arg

# Automatically resync if slave data is stale
#autoresync = true



##
### Replica set options
##

# Arg is <setname>[/<optionalseedhostlist>]
#replSet = arg

# Specify index prefetching behavior (if secondary) [none|_id_only|all] (all by default)
#replIndexPrefetch = all



##
### Sharding options
##

# Declare this is a config db of a cluster (default port 27019; default dir /data/configdb) (false by default)
#configsvr = true

# Declare this is a shard db of a cluster (default port 27018)  (false by default)
#shardsvr = true



##
### SSL options
##

# Use ssl on configured ports
#sslOnNormalPorts = true

# Set the SSL operation mode (disabled|allowSSL|preferSSL|requireSSL)
# sslMode = arg

# PEM file for ssl
#sslPEMKeyFile = arg

# PEM file password
#sslPEMKeyPassword = arg

# Key file for internal SSL authentication
#sslClusterFile = arg

# Internal authentication key file password
#sslClusterPassword = arg

# Certificate Authority file for SSL
#sslCAFile = arg

# Certificate Revocation List file for SSL
#sslCRLFile = arg

# Allow client to connect without presenting a certificate
#sslWeakCertificateValidation = true

# Allow server certificates to provide non-matching hostnames
#sslAllowInvalidHostnames = true

# Allow connections to servers with invalid certificates
#sslAllowInvalidCertificates = true

# Activate FIPS 140-2 mode at startup
#sslFIPSMode = true

启动

systemctl enable mongod.service
systemctl start mongod.service

5. RabbitMQ安装

yum install rabbitmq-server

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

创建用户openstack并修改其在vhost下的配置，读写权限

rabbitmqctl add_user openstack RABBIT_PASS  

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

我为了操作方便简单，易于记忆，将所有的和密码相关的信息，设置了同一个密码，都是openstack。

以上是一些基本的环境的准备，接下来，就是要安装具体的openstack的组成部件了。第一个是keystone的安装。

k1。 创建keystone数据库，设置访问权限（密码也是openstack，偷懒）

mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'   IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'   IDENTIFIED BY 'KEYSTONE_DBPASS';

k2. 安装keystone，httpd，缓存以及wsgi并启动

yum install openstack-keystone httpd mod_wsgi  memcached python-memcached

systemctl enable memcached.service
systemctl start memcached.service

配置/etc/keystone/keystone.conf:

[DEFAULT]
admin_token = 613ae457d94da5033c92
verbose = true

[database]
connection = mysql://keystone:openstack@192.168.1.100/keystone

[memcache]
servers = localhost:11211

[revoke]
driver = sql

[token]
provider = uuid
driver = memcache

接下来就是数据库keystone的同步操作，对于第一次操作这个命令，可能会遇到问题，就是No handlers could be found for logger "oslo_config.cfg"

su -s /bin/sh -c "keystone-manage db_sync" keystone

在我的部署过程中，这个无关大局。就让它在那吧。。

配置httpd /etc/httpd/conf/httpd.conf ，其他的都默认不改。就修改一下下面这行。

ServerName 192.168.1.100

配置wsgi /etc/httpd/conf.d/wsgi-keystone.conf：

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

最后启动httpd，这个是支持后端rest api调用的服务器。

systemctl enable httpd.service
systemctl start httpd.service

k3. 创建keystone的service.首先配置环境变量，这里，我将这个简单版本的安装过程中涉及到的所有环境变量，都列在这里：

export MARIA_DB_ROOT_PW=openstack
export RABBIT_MQ_PASS=openstack
export KEYSTONE_DBPASS=openstack
export keystone_user_pw=openstack

export ADMIN_TOKEN=613ae457d94da5033c92
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://192.168.1.100:35357/v3
export OS_IDENTITY_API_VERSION=3

export GLANCE_DBPASS=openstack
export glance_user_pw=openstack

export NOVA_DBPASS=openstack
export nova_user_pw=openstack

export NEUTRON_DBPASS=openstack
export neutron_user_pw=openstack

export METADATA_SECRET=openstack

接下来，创建服务，以及对应的endpoint。

openstack service create  --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://node0:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://node0:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://node0:5000/v2.0

上面的第一步，创建keystone这个服务时，就遇到错误：

[root@node0 opt]# openstack service create --name keystone --description "OpenStack Identity" identity
Internal Server Error (HTTP 500)

其实，这个通过查看keystone的日志，注意，在httpd目录下哟，会发现访问数据库出错了。这个错误，是因为keystone-manage db_sync keystone没有做成功。我通过多次重新安装keystone组件，最终成功了。汗。。。

k4. 创建project admin以及用户以及角色

openstack project create --domain default --description "Admin Project" admin 
openstack user create --domain default  --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin

k5. 创建project service

openstack project create --domain default --description "Service Project" service

k6. 创建project demo以及用户和角色

openstack project create --domain default  --description "Demo Project" demo
openstack user create --domain default  --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user

k7. 验证keystone的安装正确性。

首先要修改/usr/share/keystone/keystone-dist-paste.ini，关闭临时token的auth机制。将下面红色的部分去掉。其实，在我的配置中，没有做这个操作，最终也可以达到创建instance，且可以操作新建的instance。【我将集群机器的防火墙都关闭了。。。】

[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service

[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service

[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension service_v3

验证一下吧：

openstack --os-auth-url http://node0:35357/v3 --os-project-domain-id default --os-user-domain-id default  --os-project-name admin --os-username admin --os-auth-type password   token issue

是正确的，有数据显示，没有报错！通过demo这个用户操作，也是没有问题的。

k8. 为了操作时方便，将需要的参数source为环境变量吧。admin-openrc.sh/demo-openrc.sh,我这里，两个的文件内容一样。

#!/bin/bash

export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_TYPE=password
export OS_AUTH_URL=http://node0:35357/v3
export OS_IDENTITY_API_VERSION=3

#for glance
export OS_IMAGE_API_VERSION=2

这里，要注意了，将上面的第9行去掉，执行下面的命令，你会遇到一个奇怪的错误。

openstack token issue

错误如下：

[root@node0 opt]# openstack token issue
'NoneType' object has no attribute 'service_catalog'

呵呵，这个问题，我也google才找到原因的，就是官网的guide中少了那个OS_AUTH_TYPE。

到此，所有的keystone的基本配置都完成了。

开始安装image模块glance吧。很简单，这步！

g1. 创建数据库glance并建用户glance（密码还是openstack）

mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'  IDENTIFIED BY 'GLANCE_DBPASS';

接下来创建用户glance

openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin

g2. 创建glance服务和endpoint

openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://node0:9292
openstack endpoint create --region RegionOne image internal http://node0:9292
openstack endpoint create --region RegionOne image admin http://node0:9292

g3. 安装组件。

yum install openstack-glance python-glance python-glanceclient

g4. 配置/etc/glance/glance-api.conf以及/etc/glance/glance-registry.conf,两个的配置一样，其他的都采用默认值。

[DEFAULT]
notification_driver = noop
verbose = True

[database]
connection = mysql://glance:openstack@node0/glance

[keystone_authtoken]
auth_uri = http://node0:5000
auth_url = http://node0:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = openstack

[paste_deploy]
flavor = keystone

[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

g5. 数据库同步以及启动服务

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

g6. 验证。给glance上传一个cirros的镜像

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare  --visibility public --progress

同样，没有问题，很正常，glance image-list命令可以检测。

好了，今天就到这里吧，不早了，要回去收拾一下，要过年了。。。后面的部分，年后，我再将其补上。