Opestack Juno for CentOS7 架构安装笔记(安装篇)
1、节点信息test-node1 10.90.2.1 控制节点
test-node2 10.90.2.10 计算节点
2、节点初始化
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
(1)同步时间
ntpdate pool.ntp.org && clock -w
(2)关闭防火墙selinux
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i 's/enforcing/disabled/g' /etc/selinux/config
echo 0 > /sys/fs/selinux/enforce
(3)yum源配置
rpm -Uvh http://centos.ustc.edu.cn/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -ivh http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el7.rf.x86_64.rpm
rpm -ivh https://repos.fedorapeople.org/repos/openstack/openstack-juno/rdo-release-juno-1.noarch.rpm
sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck=1/gpgcheck=0/' epel.repo
sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck=1/gpgcheck=0/' CentOS-Base.repo
sed -i -e 's/#baseurl/baseurl/' -e 's/mirrorlist/#mirrorlist/' -e 's/gpgcheck = 1/gpgcheck = 0/' rpmforge.repo
3、rabbitmq和mysql安装配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
(1)安装基本软件
yum -y install vim-enhanced net-tools ntpdate wget lrzsy libvirt mariadb mariadb-server MySQL-python rabbitmq-server
(2)修改my.cnf配置文件
cat /etc/my.cnf
……
bind-address = 10.90.2.1
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
……
(3)添加mysql开机启动
systemctl enable mariadb.service
systemctl start mariadb.service
(4)mysql初始化
mysql_secure_installation
(5)添加rabbitmq开机启动
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
(6)创建数据库并授权
CREATE DATABASE nova;
CREATE DATABASE glance;
CREATE DATABASE keystone;
CREATE DATABASE neutron;
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'Service123';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'Service123';
FLUSH PRIVILEGES;
4、Identity安装配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
(1)安装keystone
yum -y install openstack-keystone python-keystoneclient
(2)生成随机10字符
#openssl rand -hex 10
3189f74b3432bd24764f
(3)配置keystone.conf,添加token、数据库信息
/etc/keystone/keystone.conf
admin_token=3189f74b3432bd24764f
connection = mysql://keystone:Service123@10.90.2.1/keystone
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token
(4)默认keystone使用PKI令牌,创建签名秘钥和证书
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
(5)同步数据库,启动服务
keystone-manage db_sync
systemctl enable openstack-keystone.service
systemctl start openstack-keystone.service
(6)添加计划任务清理过期令牌
(crontab -l -u keystone 2>&1 | grep -q token_flush) || \
echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \
>> /var/spool/cron/keystone
(7)用临时变量,创建admin token信息
export OS_SERVICE_TOKEN=3189f74b3432bd24764f
export OS_SERVICE_ENDPOINT=
keystone tenant-create --name admin --description "Admin Tenant"
keystone user-create --name admin --pass password
keystone role-create --name admin
keystone user-role-add --tenant admin --user admin --role admin
keystone role-create --name _member_
keystone user-role-add --tenant admin --user admin --role _member_
keystone tenant-create --name demo --description "Demo Tenant"
keystone user-create --name demo --pass password
keystone user-role-add --tenant demo --user demo --role _member_
keystone tenant-create --name service --description "Service Tenant"
keystone service-create --name keystone --type identity \
--description "OpenStack Identity"
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ identity / {print $2}') \
--publicurl http://10.90.2.1:5000/v2.0 \
--internalurl http://10.90.2.1:5000/v2.0 \
--adminurl http://10.90.2.1:35357/v2.0 \
--region regionOne
(8)取消临时变量
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
(9)创建admin信息文件admin_token
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=password
export OS_AUTH_URL=
source admin_token
5、Glance
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
(1)安装glance软件
yum -y install python-keystoneclient openstack-glance python-glanceclient
(2)创建glance token信息
keystone user-create --name glance --pass Service123
keystone user-role-add --user glance --tenant service --role admin
keystone service-create --name glance --type image \
--description "OpenStack Image Service"
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ image / {print $2}') \
--publicurl http://10.90.2.1:9292 \
--internalurl http://10.90.2.1:9292 \
--adminurl http://10.90.2.1:9292 \
--region regionOne
(3)修改glance-api配置文件/etc/glance/glance-api.conf
connection = mysql://glance:Service123@10.90.2.1/glance
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = glance
admin_password = Service123
flavor = keystone
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
(4)修改glance配置文件/etc/glance/glance-registry.conf
connection = mysql://glance:Service123@10.90.2.1/glance
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = glance
admin_password = Service123
flavor = keystone
(5)同步glance数据库并添加开机启动
glance-manage db_sync
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
注:启动api一直报错,添加日志权限启动正常
chown -R glance:glance /var/log/glance/api.log
(6)上传glance镜像测试
wget http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img \
--disk-format qcow2 --container-format bare --is-public True --progress
glance image-list查看添加镜像即可
6、Nova组件安装
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
(1)安装nova软件
yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
(2)创建nova token信息
keystone user-create --name nova --pass Service123
keystone user-role-add --user nova --tenant service --role admin
keystone service-create --name nova --type compute \
--description "OpenStack Compute"
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ compute / {print $2}') \
--publicurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \
--internalurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \
--adminurl http://10.90.2.1:8774/v2/%\(tenant_id\)s \
--region regionOne
(3)修改nova配置文件/etc/nova/nova.conf
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
my_ip = 10.90.2.1
vncserver_listen = 10.90.2.1
vncserver_proxyclient_address = 10.90.2.1
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
host = 10.90.2.1
connection = mysql://nova:Service123@10.90.2.1/nova
注意:此段需要自己手动添加
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = nova
admin_password = Service123
url = http://10.90.2.1:9696
auth_strategy = keystone
admin_auth_url = http://10.90.2.1:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Service123
service_metadata_proxy = True
(4)同步数据库
nova-manage db sync
(5)添加nova开机启动
systemctl enable openstack-nova-api.service openstack-nova-cert.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-cert.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
(6)启动后查看服务,状态正常OK
nova-manage service list
Binary Host Zone Status State Updated_At
nova-conductor test-node1 internal enabled :-) 2015-10-21 04:33:25
nova-cert test-node1 internal enabled :-) 2015-10-21 04:33:25
nova-consoleauth test-node1 internal enabled :-) 2015-10-21 04:33:25
nova-scheduler test-node1 internal enabled :-) 2015-10-21 04:33:25
7、Neutron
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
(1)安装基本软件
yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which openstack-neutron-linuxbridge
(2)创建neutron token信息
keystone user-create --name neutron --pass Service123
keystone user-role-add --user neutron --tenant service --role admin
keystone service-create --name neutron --type network \
--description "OpenStack Networking"
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ network / {print $2}') \
--publicurl http://10.90.2.1:9696 \
--internalurl http://10.90.2.1:9696 \
--adminurl http://10.90.2.1:9696 \
--region regionOne
(3)查看记录SERVICE的TENANT_ID
keystone tenant-list | awk '/ service / {print $2}'
f6e348cdbd1842fc9aa45d81a564af27
(4)修改neutron配置文件/etc/neutron/neutron.conf
connection = mysql://neutron:Service123@10.90.2.1/neutron
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.90.2.1:8774/v2
nova_admin_auth_url = http://10.90.2.1:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = f6e348cdbd1842fc9aa45d81a564af27
nova_admin_password = Service123
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Service123
(5)修改ml2配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = linuxbridge
flat_networks = physnet1
(6)修改linuxbridge配置文件/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
network_vlan_ranges = physnet1
physical_interface_mappings = physnet1:enp5s0f0
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
(7)同步neutron数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini \
--config-file /etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini upgrade juno
(8)重启nova相关服务,并添加neutron开机启动
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service \
openstack-nova-conductor.service
systemctl enable neutron-server.service
systemctl start neutron-server.service
(9)测试neutron命令输出正常
neutron ext-list
+-----------------------+-----------------------------------------------+
| alias | name |
+-----------------------+-----------------------------------------------+
| security-group | security-group |
| l3_agent_scheduler | L3 Agent Scheduler |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| provider | Provider Network |
| agent | agent |
| quotas | Quota management support |
| dhcp_agent_scheduler| DHCP Agent Scheduler |
| l3-ha | HA Router extension |
| multi-provider | Multi Provider Network |
| external-net | Neutron external network |
| router | Neutron L3 Router |
| allowed-address-pairs | Allowed Address Pairs |
| extraroute | Neutron Extra Route |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dvr | Distributed Virtual Router |
+-----------------------+-----------------------------------------------+
8、Horizon
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
(1)基本软件安装
yum -y install openstack-dashboard httpd mod_wsgi memcached python-memcached
(2)修改dashbord配置文件/etc/openstack-dashboard/local_settings
sed -i -e "s/ALLOWED_HOSTS = \['horizon.example.com', 'localhost'\]/ALLOWED_HOSTS = ['*']/" \
-e 's/OPENSTACK_HOST = "127.0.0.1"/OPENSTACK_HOST = "10.90.2.1"/' /etc/openstack-dashboard/local_settings
(3)添加权限和开机启动
chown -R apache:apache /usr/share/openstack-dashboard/static
systemctl enable httpd.service memcached.service
systemctl start httpd.service memcached.service
(4)浏览器访问测试
http://10.90.2.1/dashboard
(5)创建外部网络
neutron net-create --tenant-id f6e348cdbd1842fc9aa45d81a564af27 ext-net \
--provider:network_type flat \
--provider:physical_network physnet1 \
--router:external=True
(6)创建外部网络子网
neutron subnet-create --tenant-id f6e348cdbd1842fc9aa45d81a564af27 \
--name ext-subnet --allocation-pool start=10.90.2.150,end=10.90.2.200 \
--gateway 10.90.0.1 ext-net 10.90.2.0/16 --disable-dhcp
9、Cinder
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
(1)安装基本软件
yum -y install openstack-cinder python-cinderclient python-osl-db lvm2 targetcli
(2)创建cinder token信息
keystone user-create --name cinder --pass Service123
keystone user-role-add --user cinder --tenant service --role admin
keystone service-create --name cinder --type volume \
--description "OpenStack Block Storage"
keystone service-create --name cinderv2 --type volumev2 \
--description "OpenStack Block Storage"
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ volume / {print $2}') \
--publicurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \
--internalurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \
--adminurl http://10.90.2.1:8776/v1/%\(tenant_id\)s \
--region regionOne
keystone endpoint-create \
--service-id $(keystone service-list | awk '/ volumev2 / {print $2}') \
--publicurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \
--internalurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \
--adminurl http://10.90.2.1:8776/v2/%\(tenant_id\)s \
--region regionOne
(3)修改cinder配置文件/etc/cinder/cinder.conf
connection = mysql://cinder:Service123@10.90.2.1/cinder
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
my_ip = 10.90.2.1
iscsi_helper = lioadm
glance_host = 10.90.2.1
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = cinder
admin_password = Service123
(4)同步并启动cinder
cinder-manage db sync
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
(5)开机启动lvm2,创建cinder的PV
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
partprobe
pvcreate /dev/sda4
Physical volume "/dev/sda4" successfully created
vgcreate cinder-volumes /dev/sda4
Volume group "cinder-volumes" successfully created
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
(6)cinder创建10G卷
cinder create --display-name demo-volume1 10
10、添加计算节点
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
(1)安装基本软件
yum -y install ntp openstack-nova-compute sysfsutils libvirt-daemon-config-nwfilter openstack-neutron-ml2 openstack-neutron-linuxbridge
(2)修改nova配置文件/etc/nova/nova.conf
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
my_ip = 10.90.2.10
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.90.2.10
novncproxy_base_url = http://10.90.2.1:6080/vnc_auto.html
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = nova
admin_password = Service123
host = 10.90.2.1
virt_type = kvm
url = http://10.90.2.1:9696\n\
auth_strategy = keystone
admin_auth_url = http://10.90.2.1:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = Service123
(3)修改neutron配置文件/etc/neutron/neutron.conf
rpc_backend = rabbit
rabbit_host = 10.90.2.1
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
auth_uri = http://10.90.2.1:5000/v2.0
identity_uri = http://10.90.2.1:35357
admin_tenant_name = service
admin_user = neutron
admin_password = Service123
(4)修改ml2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
type_drivers = flat
tenant_network_types = flat
mechanism_drivers = linuxbridge
flat_networks = physnet1
(5)修改linuxbridge插件配置文件/etc/neutron/plugins/linuxbridge/linuxbridge_conf.ini
network_vlan_ranges = physnet1 "
physical_interface_mappings = physnet1:em1
firewall_driver = neutron.agent.firewall.NoopFirewallDriver
(6)修改链接、添加开机自动启动
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-linuxbridge-agent.service \
/usr/lib/systemd/system/neutron-linuxbridge-agent.service.orig
sed -i 's,plugins/linuxbridge/ovs_neutron_plugin.ini,plugin.ini,g' \
/usr/lib/systemd/system/neutron-linuxbridge-agent.service
systemctl enable libvirtd.service openstack-nova-compute.service neutron-linuxbridge-agent
systemctl start libvirtd.service neutron-linuxbridge-agent openstack-nova-compute.service
(7)创建linux虚拟机,glance镜像制作
qemu-img create -f qcow2 Centos-6.6x64-disk.img 10G
virt-install -n CentOS-6.6x64 -r 4096 --vcpu 2 \
-c /data/CentOS-6.6-x86_64-bin-DVD1.iso \
--disk path=/data/image/Centos-6.6x64-disk.img,device=disk,bus=virtio,size=30,format=qcow2 \
--vnc --vncport=5903 --vnclisten=10.90.2.10 -v
device=磁盘设备类型,cdrom,disk,floppy
bus=磁盘总线类型,ide,scsi,usb,virtio,xen
size=存储大小
关闭删除CentOS-6.6x64
virsh shutdown CentOS-6.6x64
virsh undefine CentOS-6.6x64
上传镜像
glance image-create --name "Centos-6.6x64" --file Centos-6.6x64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress
页:
[1]