###################################################################################################################
## 控制节点部署安装 #
###################################################################################################################
## 控制节点规划:
## 主机名:controller
## IP地址:192.168.40.151 os:centos7
###################################################################################################################
一、环境配置
1、主机名修改
[root@controller ~]# hostnamectl set-hostname controller
[root@controller ~]# vim /etc/hosts
192.168.40.151 controller 2、关闭防火墙
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld #永久性关闭防火墙 3、关闭selinux
[root@controller ~]# setenforce 0 #临时关闭selinux
[root@controller ~]# vim /etc/selinux/config #永久性关闭selinux
SELINUX=disabled
4、配置yum源
[os]
name=os
baseurl=http://192.168.50.124/centos-yum/7/os/x86_64/
gpgcheck=0
enabled=1
[update]
name=update
baseurl=http://192.168.50.124/centos-yum/7/updates/x86_64/
gpgcheck=0
enabled=1
[ext]
name=ext
baseurl=http://192.168.50.124/centos-yum/7/extras/x86_64/
gpgcheck=0
enabled=1
[openstack]
name=n
baseurl=http://192.168.50.124/openstack-rpms/openstack-newton/
gpgcheck=0
enabled=1
[root@controller ~]# reboot #重启系统
#################################################################################################################
二、keystone组件部署安装
#################################################################################################################
1、时间服务部署安装
[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf
server 192.168.40.151 iburst
allow 10.0.0.0/24
[root@controller ~]# systemctl enable chronyd.service #设置开机自启动
[root@controller ~]# systemctl start chronyd.service #启动时间服务
[root@controller ~]# yum install python-openstackclient #安装openstack管理工具 2、数据库部署安装
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y #yum安装MySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.40.151
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable mariadb.service #开机自启动
[root@controller ~]# systemctl start mariadb.service #开启MySQL服务
[root@controller ~]# mysqladmin -uroot password 123 #设置MySQL密码为123
3、部署安装rabbit消息队列
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack 123 #创建rabbit用户密码
Creating user "openstack" ...
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允许所有人排队
Setting permissions for user "openstack" in vhost "/" ... 4、部署安装memcached缓存服务
[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service 5、keystone数据库创建
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.18-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> create database keystone; MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone | #显示keystone库 ,表示创建库成功
| mysql |
| performance_schema |
| test |
+--------------------+
5 rows in set (0.01 sec)
##创建keystone用户密码设置为123
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '';
Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '';
Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '';
Query OK, 0 rows affected (0.00 sec) 6、安装keystone包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123@controller/keystone #关联数据库
[token]
provider = fernet [root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化keystone数据库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#为管理员账户admin创建密码为123
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123 \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:35357/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne [root@controller ~]# vim /etc/httpd/conf/httpd.conf #添加以下内容
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
[root@controller ~]# #通过admin用户登录keystone
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3 #创建service项目
[root@controller ~]# openstack project create --domain default \
--description "Service Project" service +-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+ #创建demo项目
[root@controller ~]# openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+ #创建demo普通用户密码为123
[root@controller ~]# openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | demo |
| password_expires_at | None |
+---------------------+----------------------------------+ #创建user角色
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | user |
+-----------+----------------------------------+ #为demo普通用户赋予权限
[root@controller ~]# openstack role add --project demo --user demo user #创建admin认证脚本
[root@controller ~]# vim admin.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2 #创建普通用户demo认证脚本
[root@controller ~]# vim demo.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2 #验证
[root@controller ~]# source admin.sh
#查看所有用户
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 13a142d7c342441f8bfc7b9ea5150105 | demo |
| 62246126b9d8407291b9799c63d4e4d0 | admin |
+----------------------------------+-------+
#查看角色
[root@controller ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 49d6e90dc3d14870a94613f2d4c382e0 | admin |
| 5406975b73f84c9686881b688d41c8ef | user |
+----------------------------------+-------+ #查看项目
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 0acd609715164bc4a6fc769c23d98fcc | admin |
| 1ba73fa460b5446e945f5883e5e27b80 | demo |
| ee697d3eec9b4653b69a599ac2308edb | service |
+----------------------------------+---------+
#查看域
[root@controller ~]# openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
三、openstack glance组件部署安装
##################################################################################################################
******************************************************************************************************************
## glance 部署安装
##################################################################################################################
glance:管理镜像。(上传 下载 ,查看 ,修改,删除,快照、容灾、克隆)
镜像:所有东西都可以克隆,并且按照一定的格式生成镜像
iso镜像
vmdk镜像
quw2镜像
################################################################################################################### [root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is
Server version: 10.1.-MariaDB MariaDB Server Copyright (c) , , Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; #创建glance数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY ''; #创建用户并赋予权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY ''; [root@controller ~]# source admin.sh #登录keystone,admin认证 #在keystone里创建glance的认证用户和密码
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| password_expires_at | None |
+---------------------+----------------------------------+ [root@controller ~]# openstack role add --project service --user glance admin #给glance用户赋予admin权限 #创建glance服务
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 400e77749e8c4f29a5ab0e124a408fda |
| name | glance |
| type | image |
+-------------+----------------------------------+ #创建公共的glance API
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 795e80b3501d4478a03de400887623df |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 400e77749e8c4f29a5ab0e124a408fda |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+ #创建私有的glance API
[root@controller ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c9253e145b334a01b5ce7406390ecbb1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 400e77749e8c4f29a5ab0e124a408fda |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+ #创建admin的glance API
[root@controller ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0190aabbba724c18971fe459df77f5a5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 400e77749e8c4f29a5ab0e124a408fda |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+ [root@controller ~]# yum install openstack-glance -y #安装openstack glance组件
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance #关联到glance数据库里 #glance认证设置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = [paste_deploy]
flavor = keystone #设置glance存储路径
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/ [root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance #关联数据库 [keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = [paste_deploy]
flavor = keystone
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance #初始化glance数据库 #验证数据库初始化是否成功
[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is
Server version: 10.1.-MariaDB MariaDB Server Copyright (c) , , Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use glance;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
rows in set (0.00 sec) MariaDB [glance]> \q #设置glance 开机自启动和启动glance服务
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
#如果报错安装wget
[root@controller ~]# yum install wget -y #安装wget #上传镜像文件到glance里管理
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.3.-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | --14T13::26Z |
| disk_format | qcow2 |
| file | /v2/images/1e53e740-de48-49f6-94e4-e1bab71d40b8/file |
| id | 1e53e740-de48-49f6-94e4-e1bab71d40b8 |
| min_disk | |
| min_ram | |
| name | cirros |
| owner | 0acd609715164bc4a6fc769c23d98fcc |
| protected | False |
| schema | /v2/schemas/image |
| size | |
| status | active |
| tags | |
| updated_at | --14T13::28Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+ #验证glance组件安装是否能正常访问
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 1e53e740-de48-49f6-94e4-e1bab71d40b8 | cirros | active |
+--------------------------------------+--------+--------+
#############################################################################################################
# 控制节点 nova组件 部署安装 #
#############################################################################################################
nova组件 部署安装
、[root@controller ~]# mysql -u root -p #登录MySQL数据库
MariaDB [(none)]> CREATE DATABASE nova_api; #创建数据库nova_api
MariaDB [(none)]> CREATE DATABASE nova; #创建数据库nova
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY ''; #赋予权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY ''; #赋予权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY ''; #赋予权限
[root@controller ~]# source admin.sh [root@controller ~]# openstack user create --domain default --password-prompt nova #创建nova用户和密码123
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8a7dbf5279404537b1c7b86c033620fe |
| name | nova |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin #给nova用户赋予权限
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute #创建service +-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s #创建nova public API端口 +--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 3c1caa473bfe4390a11e7177894bcc7b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s #创建nova internal API端口 +--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e3c918de680746a586eac1f2d9bc10ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s #创建nova admin API端口 +--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 38f7af91666a47cfb97b4dc790b94424 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+ [root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler #安装nova软件包
[root@controller ~]# vim /etc/nova/nova.conf #配置nova配置文件
[DEFAULT]
transport_url = rabbit://openstack:123@controller #消息队列排队关联
enabled_apis = osapi_compute,metadata
my_ip = 192.168.40.151 #本地IP地址
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver #防火墙设置 [api_database]
connection = mysql+pymysql://nova:123@controller/nova_api #数据库关联 [database]
connection = mysql+pymysql://nova:123@controller/nova #数据库管理 [api]
auth_strategy = keystone #指定认证组件为keystone [keystone_authtoken] #keystone 认证
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = [vnc] #vnc远程控制设置
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip [glance]
api_servers = http://controller:9292 #镜像glance关联 [oslo_concurrency] #临时文件路径设置
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova #初始化nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova #初始化nova数据库 [root@controller ~]# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service #nova服务开机自启动设置
[root@controller ~]# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service #开启所有nova服务
验证安装是否成功:
在控制节点上执行
[root@controller ~]# source admin.sh #admin keystone认证
[root@controller ~]# openstack compute service list #查看nova服务状态
+----+--------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+--------------------+------------+----------+---------+-------+----------------------------+
| | nova-consoleauth | controller | internal | enabled | up | --09T23::15.000000 |
| | nova-scheduler | controller | internal | enabled | up | --09T23::15.000000 |
| | nova-conductor | controller | internal | enabled | up | --09T23::16.000000 |
+----+--------------------+------------+----------+---------+-------+----------------------------+