Centos7部署openstack-mitaka
詳情參考openstack官網:https://docs.openstack.org/
1.[ntp安裝]
ntp主要爲同步時間所用,時間不一樣步,可能形成你不能建立雲主機
yum install chrony
vi /etc/chrony.conf增長
server NTP_SERVER iburst
allow 你的ip地址網段(容許你的ip地址網段能夠訪問ntp)
systemctl enable chronyd.service(加入系統自啓動)
systemctl start chronyd.service(啓動ntp服務)html
注意:在centos7之前的版本安裝ntp
yum install ntp
ntpdate time.nist.gov(同步時鐘)
hwclock -w (寫入bios)
2.[openstack packages]
安裝openstack最新的源:
yum install centos-release-openstack-mitaka
yum install https://rdoproject.org/repos/rdo-release.rpm
yum upgrade (更新源)
yum install python-openstackclient(安裝opentack必須的插件)
yum install openstack-selinux(可選則安裝這個插件,我直接關閉了selinux,由於不熟,對後續不會有影響)python
3.[database]
openstack支持不少的數據庫,MySQL or PostgreSQL等
這裏咱們使用mysql。
yum install mariadb mariadb-server python2-PyMySQL(mariadb是mysql的新版本而已,無需驚訝)
vi /etc/my.cnf
加入:
[mysqld]
bind-address = 192.168.1.48(安裝mysql的機器的IP地址)
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8
將mysql加入自啓動
systemctl enable mariadb.service
啓動mysql
systemctl start mariadb.service
設置mysql屬性:
直接輸入腳本命令:
mysql_secure_installation
按照相關設置便可
注意:注意檢查mysqld是否運行。3306端口是否起來mysql
3.[rabbitmq]
安裝openstack的消息使者rabbitmq,若是rabbitmq沒有運行起來,你的整openstack平臺將沒法使用。rabbitmq使用5672端口。
yum install rabbitmq-server
systemctl enable rabbitmq-server.service(加入自啓動)
systemctl start rabbitmq-server.service(啓動)
rabbitmqctl add_user openstack RABBIT_PASS(增長用戶openstack,密碼本身設置替換掉RABBIT_PASS)
rabbitmqctl set_permissions openstack "." "." ".*"(給新增的用戶受權,沒有受權的用戶將不能接受和傳遞消息)
rabbitmq-plugins enable rabbitmq_management
curl http://localhost:15672
cd /usr/lib/rabbitmq/lib/rabbitmq_server-3.6.6/plugins(可選)
wget https://dl.bintray.com/rabbitmq/community-plugins/rabbitmq_delayed_message_exchange-0.0.1.ez (可選)
rabbitmq-plugins enable rabbitmq_delayed_message_exchange(可選)
安裝mogondb
添加mongodb的yum源linux
cat >> /etc/yum.repos.d/mongodb-3.4.repo << 'EOF'ios
[mongodb-org-3.4]sql
name=MongoDB 3.4 Repositorymongodb
baseurl=https://repo.mongodb.org/yum/redhat/$releasever/mongodb-org/3.4/x86_64/數據庫
gpgcheck=0apache
enabled=1django
EOF
這裏能夠修改 gpgcheck=0, 省去gpg驗證
yum clean all
yum install mongodb-org
編輯文件 /etc/mongod.conf
bindIP = ip
4.[memcached]
memcache爲選擇安裝項目。使用端口11211
yum install memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
5.[keystone認證服務]
注意:在以前須要設置好hosts解析,控制節點和計算節點都要作。個人爲:
192.168.1.48 control
192.168.1.49 compute
登陸數據庫建立keystone數據庫。
mysql -u root -p
CREATE DATABASE keystone;
設置受權用戶和密碼:
GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'%' \
IDENTIFIED BY '密碼';
生成admin_token的隨機值:
openssl rand -hex 10
安裝keystone
yum install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
使用剛剛生成的隨機值替換掉:
admin_token = 隨機值(主要爲安全,也能夠不用替換)
配置數據庫鏈接:
connection = mysql+pymysql://keystone:密碼@數據庫ip地址/keystone
設置:provider = fernet、
同步keystone數據庫:keystone-manage db_sync(一點要查看數據庫是否生成表成功)
初始化keys:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置apache:
vi /etc/httpd/conf/httpd.conf
將ServerName 後面改爲主機名,防止啓動報錯
ServerName control
生成wsgi配置文件:
vi /etc/httpd/conf.d/wsgi-keystone.conf加入:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
啓動httpd:
systemctl enable httpd.service
systemctl start httpd.service
查詢端口是否啓動
6.[建立keystone的service目錄和endpoint]
export OS_TOKEN=上面生成的隨機值
export OS_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3
建立keystone的service:
openstack service create --name keystone --description "OpenStack Identity" identity (identity這個認證類型必定不能夠錯)
建立keystone的endpoint:
openstack endpoint create --region RegionOne \
identity public http://control:5000/v3
openstack endpoint create --region RegionOne \
identity internel http://control:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://control:35357/v3
7.[建立域,用戶,租戶,角色]
建立默認域default:
openstack domain create --description "Default Domain" default
建立admin的租戶:
openstack project create --domain default \
--description "Admin Project" admin
建立admin用戶:
openstack user create --domain default \
--password-prompt admin(會提示輸入密碼爲登陸dashboard的密碼)
建立admin角色:
openstack role create admin
將用戶租戶角色鏈接起來:
openstack role add --project admin --user admin admin
建立服務目錄:
openstack project create --domain default \
--description "Service Project" service
建立demo信息相似admin:
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
建立完成以後可使用命令驗證:
openstack --os-auth-url http://control:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
輸入密碼以後,有正確的輸出即爲配置正確。
可將環境變量設置爲腳本:
vi admin-openrc 加入:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxx
export OS_AUTH_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
demo的變量相似便可。
運行使用 . admin-openrc或者使用source admin-openrc
驗證輸入命令:
openstack token issue
有正確的輸出即爲配置正確。
8.[glance鏡像服務]
創建glance數據
登陸mysql
mysql -u root -p
CREATE DATABASE glance;
受權
GRANT ALL PRIVILEGES ON glance. TO 'glance'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON glance. TO 'glance'@'%' \
IDENTIFIED BY '密碼';
運行環境變量:
. admin-openrc
建立glance用戶信息:
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
建立鏡像服務目錄:
openstack service create --name glance \
--description "OpenStack Image" image
建立鏡像endpoint:
penstack endpoint create --region RegionOne \
image public http://control:9292
penstack endpoint create --region RegionOne \
image internal http://control:9292
penstack endpoint create --region RegionOne \
image admin http://control:9292
安裝:
yum install openstack-glance
vi /etc/glance/glance-api.conf
配置數據庫鏈接:
connection = mysql+pymysql://glance:密碼@數據庫ip/glance
找到[keystone_authtoken](配置認證)
加入:
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = xxxx
找到:[paste_deploy]
flavor = keystone
找到[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
編輯/etc/glance/glance-registry.conf
找到[database]
connection = mysql+pymysql://glance:密碼@數據庫ip/glance
找到[keystone_authtoken](配置認證)
加入:
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = xxxx
找到:[paste_deploy]
flavor = keystone
同步數據庫:
glance-manage db_sync
啓動glance:
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
驗證:
運行環境變量:
. admin-openrc
下載一個比較小的鏡像:
wget http://download.cirros-cloud.net ... 3.4-x86_64-disk.img
上傳鏡像:
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
查看:
openstack image list
有輸出 證實glance配置正確
9.[nova 控制節點]
創建nova的數據庫:、
mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
受權:
GRANT ALL PRIVILEGES ON nova_api. TO 'nova'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON nova_api. TO 'nova'@'%' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON nova. TO 'nova'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON nova. TO 'nova'@'%' \
IDENTIFIED BY '密碼';
運行環境變量:
. admin-openrc
建立nova用戶:
openstack user create --domain default \
--password-prompt nova
openstack role add --project service --user nova admin
建立計算服務:
openstack service create --name nova \
--description "OpenStack Compute" compute
建立endpoint:
openstack endpoint create --region RegionOne \
compute public http://control:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://control:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://control:8774/v2.1/%\(tenant_id\)s
安裝:
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
編輯/etc/nova/nova.conf
找到:[DEFAULT]
enabled_apis = osapi_compute,metadata
找到:
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = xxx
[DEFAULT]
my_ip = ip地址
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://control:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步數據庫:
nova-manage api_db sync
nova-manage db sync
啓動服務:
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
10.[nova計算節點]
yum install openstack-nova-compute
編輯/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = xxx
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = xxx
[DEFAULT]
...
my_ip =計算節點ip地址
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://control:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
注意:
egrep -c '(vmx|svm)' /proc/cpuinfo
若是爲0則須要修改/etc/nova/nova.conf
[libvirt]
...
virt_type = qemu
爲大於0則不須要
啓動:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
在控制節點驗證:
運行環境變量:
. admin-openrc
openstack compute service list
輸出正常即爲配置正確
11.[neutron 控制節點]
建立neutron數據庫
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron. TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron. TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
運行環境變量:
. admin-openrc
建立用戶:
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
建立網絡服務:
openstack service create --name neutron \
--description "OpenStack Networking" network
建立neutron endpoint
openstack endpoint create --region RegionOne \
network public http://control:9696
openstack endpoint create --region RegionOne \
network internal http://control:9696
openstack endpoint create --region RegionOne \
network admin http://control:9696
建立vxlan網絡:
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
編輯:/etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:密碼@control/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxx
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
...
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = xxxx
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
配置ml2擴展:
編輯:/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[ml2_type_vxlan]
...
vni_ranges = 1:1000
[securitygroup]
...
enable_ipset = True
配置網橋:
編輯:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:使用的網卡名稱
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置3層網絡:
編輯:/etc/neutron/l3_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
配置dhcp:
編輯:/etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
配置metadata agent
編輯:/etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
編輯/etc/nova/nova.conf
[neutron]
...
url = http://control:9696
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxx
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
建立擴展鏈接:
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
啓動:
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
12.[neutron計算節點]
yum install openstack-neutron-linuxbridge ebtables ipset
編輯: /etc/neutron/neutron.conf
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxx
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
配置vxlan
編輯:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
編輯/etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxx
啓動:
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service
驗證:
運行環境變量:
. admin-openrc
neutron ext-list
輸出正常便可
13.[dashboard]
yum install openstack-dashboard
編輯:/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "control"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
啓動:
systemctl restart httpd.service memcached.service
到此openstack安裝完,你能夠去dashboard上面去建立雲主機了
- 1. Centos7部署NFS
- 2. centos7 部署YApi
- 3. CentOS7部署GeoServer
- 4. centos7部署sphinx3.1.1
- 5. centos7部署jdk1.8
- 6. centos7部署redis
- 7. Centos7部署mysql
- 8. centos7部署zabbix4.2
- 9. CentOS7 部署docker
- 10. centos7部署Jenkin
- 更多相關文章...
- • Maven 自動化部署 - Maven教程
- • ionic 頭部與底部 - ionic 教程
- • 使用阿里雲OSS+CDN部署前端頁面與加速靜態資源
- • Docker容器實戰(六) - 容器的隔離與限制
-
每一个你不满意的现在,都有一个你没有努力的曾经。
- 1. Centos7部署NFS
- 2. centos7 部署YApi
- 3. CentOS7部署GeoServer
- 4. centos7部署sphinx3.1.1
- 5. centos7部署jdk1.8
- 6. centos7部署redis
- 7. Centos7部署mysql
- 8. centos7部署zabbix4.2
- 9. CentOS7 部署docker
- 10. centos7部署Jenkin