OpenStack安裝部署

時間 2019-12-23

標籤 openstack 安裝部署简体版

原文原文鏈接

1、基礎準備工做html

部署環境：CentOS 7 64python

一、關閉本地iptables防火牆並設置開機不自啓動mysql

1linux

2web

# systemctl stop firewalld.servicesql

# systemctl disable firewalld.service數據庫

二、關閉本地selinux防火牆apache

1django

2vim

# vim /etc/sysconfig/selinux

SELINUX=disabled

# setenforce 0

三、設置主機計算機名稱

1	`# hostnamectl set-hostname controller`

四、本地主機名稱和ip的解析

1 2	`# vim /etc/hosts` `192.168.0.104 controller`

五、安裝ntp時間校準工具

1 2	`# yum -y install ntp` `# ntpdate asia.pool.ntp.org`

六、安裝第三方yum源

# yum -y install yum-plugin-priorities

# yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm

# yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm

七、升級系統軟件包並從新系統

1 2	`# yum upgrade` `# reboot`

2、安裝配置mariadb數據庫

一、安裝mariadb數據庫

1	`# yum -y install mariadb mariadb-server MySQL-python`

二、配置mariadb數據庫

# cp /etc/my.cnf /etc/my.cnf.bak

# rpm -ql mariadb

# vim /etc/my.cnf.d/server.cnf

[mysqld]

bind-address = 0.0.0.0

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

init-connect = 'SET NAMES utf8'

character-set-server = utf8

三、啓動mariadb數據庫

1 2	`# systemctl enable mariadb.service` `# systemctl start mariadb.service`

3、安裝消息隊列服務

一、安裝rabbit所需軟件包

1	`# yum -y install rabbitmq-server`

二、啓動rabbit服務

1 2	`# systemctl enable rabbitmq-server.service` `# systemctl start rabbitmq-server.service`

三、設置rabbit服務密碼

1	`# rabbitmqctl change_password guest rabbit`

4、安裝keyston用戶認證組件

一、建立keystone數據庫和受權用戶

mysql -u root -p

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

二、安裝keystone組件包

1	`# yum -y install openstack-utils openstack-keystone python-keystoneclient`

三、配置keystone文件

# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak

# vim /etc/keystone/keystone.conf

[DEFAULT]

verbose = True

[database]

connection = mysql://keystone:keystone@controller/keystone

[token]

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

四、建立證書和祕鑰文件

# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone

# chown -R keystone:keystone /var/log/keystone

# chown -R keystone:keystone /etc/keystone/ssl

# chmod -R o-rwx /etc/keystone/ssl

五、同步keystone到mariadb數據庫

1	`# su -s /bin/sh -c "keystone-manage db_sync" keystone`

六、啓動keystone服務並開機自啓動

1 2	`# systemctl enable openstack-keystone.service` `# systemctl start openstack-keystone.service`

七、清除過時的令牌

默認狀況下，身份服務存儲在數據庫中過時的令牌無限。到期令牌的積累大大增長數據庫的大小，可能會下降服務的性能，特別是在資源有限的環境中。咱們建議您使用cron配置一個週期性任務，清除過時的令牌時

# (crontab -l -u keystone 2>&1 | grep -q token_flush) || \

echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \

>> /var/spool/cron/keystone

----------------------------Create tenants,user,and roles---------------------------------

一、配置admin的token

# export OS_SERVICE_TOKEN=$(openssl rand -hex 10)

# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

# echo $OS_SERVICE_TOKEN > ~/ks_admin_token

# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $OS_SERVICE_TOKEN

# service openstack-keystone restart

二、建立tenant、user and role

a.Create the admin tenant、user、role

# keystone tenant-create --name admin --description "Admin Tenant"

# keystone user-create --name admin --pass admin --email admin@zhengyansheng.com

# keystone role-create --name admin

b.Add the admin tenant and user to the admin role:

# keystone user-role-add --tenant admin --user admin --role admin

c.By default, the dashboard limits access to users with the _member_ role.

# keystone role-create --name _member_

d.Add the admin tenant and user to the _member_ role:

# keystone user-role-add --tenant admin --user admin --role _member_

三、建立一個普通demo項目和用戶

a.Create the demo tenant:

# keystone tenant-create --name demo --description "Demo Tenant"

b.Create the demo user:

# keystone user-create --name demo --pass demo --email demo@zhengyansheng.com

c.Add the demo tenant and user to the _member_ role:

# keystone user-role-add --tenant demo --user demo --role _member_

四、建立一個service項目

1	`# keystone tenant-create --name service --description "Service Tenant"`

------------------------Create the service entity and API endpoint------------------------

一、Create the service entity and API endpoint | Create the service entity for the Identity service:

1	`# keystone service-create --name keystone --type identity --description "OpenStack Identity"`

二、Create the API endpoint for the Identity service:

# keystone endpoint-create \

--service-id $(keystone service-list | awk '/ identity / {print $2}') \

--publicurl http://controller:5000/v2.0 \

--internalurl http://controller:5000/v2.0 \

--adminurl http://controller:35357/v2.0 \

--region regionOne

三、查看keystone認證信息

[root@controller ~]# keystone user-list

+----------------------------------+-------+---------+-------------------------+

| id | name | enabled | email |

+----------------------------------+-------+---------+-------------------------+

+----------------------------------+-------+---------+-------------------------+

[root@controller ~]# keystone tenant-list

+----------------------------------+---------+---------+

| id | name | enabled |

+----------------------------------+---------+---------+

| 307fd76766eb4b02a28779f4e88717ce | admin | True |

| f054bd56851b4a318a19233a13e13d31 | demo | True |

| d865c3b49f6f4bf7b2a0b93e0110e546 | service | True |

+----------------------------------+---------+---------+

[root@controller ~]# keystone service-list

+----------------------------------+----------+----------+--------------------+

| id | name | type | description |

+----------------------------------+----------+----------+--------------------+

+----------------------------------+----------+----------+--------------------+

[root@controller ~]# keystone endpoint-list

+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+

+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+

+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+

四、取消臨時設置的環境變量

1 2	`# unset OS_SERVICE_TOKEN` `# unset OS_SERVICE_ENDPOINT`

五、使用keystone進行用戶認證

# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 token-get

# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 tenant-list

# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 user-list

# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 role-list

六、使用普通用戶demo認證測試

# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 token-get

# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 user-list

You are not authorized to perform the requested action: admin_required (HTTP 403)

七、客戶端cli命令行腳本

# vim ~/admin-openrc.sh

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_AUTH_URL=http://controller:35357/v2.0

# vim ~/demo-openrc.sh

export OS_TENANT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=demo

export OS_AUTH_URL=http://controller:5000/v2.0

1	`# source admin-openrc.sh`

八、測試若是取消環境變量，經過keystone仍然可以認證經過說明keystone是配置成功的

4、安裝glance組件

一、建立keystone數據庫和受權用戶

mysql -u root -p

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

二、建立glance用戶並加入到admin組中

1 2	`# keystone user-create --name glance --pass glance` `# keystone user-role-add --user glance --tenant service --role admin`

三、建立glance服務

1	`# keystone service-create --name glance --type image --description "OpenStack Image Service"`

四、建立Identity的服務訪問rul

# keystone endpoint-create \

--service-id $(keystone service-list | awk '/ image / {print $2}') \

--publicurl http://controller:9292 \

--internalurl http://controller:9292 \

--adminurl http://controller:9292 \

--region regionOne

五、安裝配置glance包

1	`# yum -y install openstack-glance python-glanceclient`

六、修改glance配置文件

# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak

# vim /etc/glance/glance-api.conf

[DEFAULT]

verbose = True

[database]

connection = mysql://glance:glance@controller/glance

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = glance

admin_password = glance

[paste_deploy]

flavor = keystone

[glance_store]

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

# cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak

# vim /etc/glance/glance-registry.conf

[DEFAULT]

verbose = True

[database]

connection = mysql://glance:glance@controller/glance

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = glance

admin_password = glance

[paste_deploy]

flavor = keystone

七、同步glance到mariadb數據庫

1	`# su -s /bin/sh -c "glance-manage db_sync" glance`

八、啓動和開機自啓動

1 2	`# systemctl enable openstack-glance-api.service openstack-glance-registry.service` `# systemctl start openstack-glance-api.service openstack-glance-registry.service`

九、下載上傳image鏡像

# mkdir /tmp/images

# cd /tmp/images

# wget http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img

# glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress

# glance image-list

# mv /tmp/images /opt

5、添加一個計算節點

一、建立nova數據庫和受權用戶

mysql -u root -p

CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

二、建立Nova的用戶，加入到admin組、service服務

# keystone user-create --name nova --pass nova

# keystone user-role-add --user nova --tenant service --role admin

# keystone service-create --name nova --type compute --description "OpenStack Compute"

三、建立計算節點的訪問url

# keystone endpoint-create \

--service-id $(keystone service-list | awk '/ compute / {print $2}') \

--publicurl http://controller:8774/v2/%$tenant_id$s \

--internalurl http://controller:8774/v2/%$tenant_id$s \

--adminurl http://controller:8774/v2/%$tenant_id$s \

--region regionOne

四、安裝Nova包

1 2	`# yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient` `# yum -y install openstack-nova-compute sysfsutils`

五、修改nova配置文件

# cp /etc/nova/nova.conf /etc/nova/nova.conf.bak

# vim /etc/nova/nova.conf

[DEFAULT]

my_ip = controller

vncserver_listen = controller

vncserver_proxyclient_address = controller

verbose = True

rpc_backend = rabbit

rabbit_host = controller

rabbit_password = rabbit

auth_strategy = keystone

vnc_enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = controller

novncproxy_base_url = http://controller:6080/vnc_auto.html

[database]

connection = mysql://nova:nova@controller/nova

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = nova

admin_password = nova

[glance]

host = controller

[libvirt]

virt_type = qemu

六、同步nova到moriadb數據庫

1	`# su -s /bin/sh -c "nova-manage db sync" nova`

七、啓動衆多服務開機自啓動

# systemctl enable openstack-nova-api.service openstack-nova-cert.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

# systemctl start openstack-nova-api.service openstack-nova-cert.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

# systemctl enable libvirtd.service openstack-nova-compute.service

# systemctl start libvirtd.service

# systemctl start openstack-nova-compute.service

# nova service-list

# nova image-list

6、添加一個網絡節點

一、建立neutron數據庫和受權用戶

mysql -u root -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

二、建立neutron用戶，加入到admin組中，並建立neutron服務

# keystone user-create --name neutron --pass neutron

# keystone user-role-add --user neutron --tenant service --role admin

# keystone service-create --name neutron --type network --description "OpenStack Networking"

三、建立neutron的endponit訪問url

# keystone endpoint-create \

--service-id $(keystone service-list | awk '/ image / {print $2}') \

--publicurl http://controller:5672 \

--internalurl http://controller:5672 \

--adminurl http://controller:5672 \

--region regionOne

四、安裝neutron包

1	`# yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which`

五、修改neutron配置文件

# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak

# vim /etc/neutron/neutron.conf

[DEFAULT]

rpc_backend = rabbit

rabbit_host = controller

rabbit_password = rabbit

auth_strategy = keystone

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

nova_url = http://controller:8774/v2

nova_admin_auth_url = http://controller:35357/v2.0

nova_region_name = regionOne

nova_admin_username = nova

nova_admin_tenant_id = SERVICE_TENANT_ID

nova_admin_password = nova

verbose = True

[database]

connection = mysql://neutron:neutron@controller/neutron

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = neutron

admin_password = neutron

六、測試

1	`# keystone tenant-get service`

# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak

# vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,gre

tenant_network_types = gre

mechanism_drivers = openvswitch

[ml2_type_gre]

tunnel_id_ranges = 1:1000

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# vim /etc/nova/nova.conf

[DEFAULT]

network_api_class = nova.network.neutronv2.api.API

security_group_api = neutron

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]

url = http://controller:9696

auth_strategy = keystone

admin_auth_url = http://controller:35357/v2.0

admin_tenant_name = service

admin_username = neutron

admin_password = neutron

1	`# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini`

七、同步neutron到mariadb數據庫

1	`# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron`

八、從新啓動compute服務

1	`# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service`

九、開機自啓動服務

1 2	`# systemctl enable neutron-server.service` `# systemctl start neutron-server.service`

十、查看neutron-server進程

1	`# neutron ext-list`

十一、查看相關信息

1	`# tail -f /var/log/neutron/server.log`

十二、配置內核網絡參數

# cp /etc/sysctl.conf /etc/sysctl.conf.bak

# vim /etc/sysctl.conf

net.ipv4.ip_forward=1

net.ipv4.conf.all.rp_filter=0

net.ipv4.conf.default.rp_filter=0

# sysctl -p

1三、安裝網絡組件包

1	`# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch`

1四、配置經常使用的網絡組件

# vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2_type_flat]

flat_networks = external

[ovs]

local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS

enable_tunneling = True

bridge_mappings = external:br-ex

[agent]

tunnel_types = gre

# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak

# vim /etc/neutron/l3_agent.ini

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

use_namespaces = True

external_network_bridge = br-ex

verbose = True

# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak

# vim /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

use_namespaces = True

verbose = True

dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak

# vim /etc/neutron/metadata_agent.ini

[DEFAULT]

auth_url = http://controller:5000/v2.0

auth_region = regionOne

admin_tenant_name = service

admin_user = neutron

admin_password = neutron

nova_metadata_ip = controller

metadata_proxy_shared_secret = METADATA_SECRET

verbose = True

# vim /etc/nova/nova.conf

[neutron]

service_metadata_proxy = True

metadata_proxy_shared_secret = METADATA_SECRET

1五、在控制節點上從新啓動API服務

1	`# systemctl restart openstack-nova-api.service`

7、安裝配置dashboard

一、安裝dashboard和所需的和依賴包

1	`# yum install openstack-dashboard httpd mod_wsgi memcached python-memcached`

二、修改dashboard配置文件

# cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak

# vim /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*']

CACHES = {

'default': {

'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

'LOCATION': '127.0.0.1:11211',

}

TIME_ZONE = "TIME_ZONE"

三、運行web服務鏈接OpenStack服務

1	`# setsebool -P httpd_can_network_connect on`

四、因爲包裝缺陷，儀表板不能正確加載CSS。運行如下命令來解決這個問題：

1	`# chown -R apache:apache /usr/share/openstack-dashboard/static`

五、啓動Web服務器和會話存儲服務和配置啓動系統啓動時：

1 2	`# systemctl enable httpd.service memcached.service` `# systemctl start httpd.service memcached.service`

8、訪問測試

一、基於HTTP進行訪問測試：

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。