controller控制节点搭建 安装keystone ------------- 所有主机hosts: 取消其中127.0.0.1 10.0.0.11 controller 10.0.0.21 neutron 10.0.0.31 compute to configure prerequisites: apt-get install python-software-properties add-apt-repository cloud-archive:juno apt-get update && apt-get dist-upgrade 安装数据库 apt-get install mariadb-server python-mysqldb vi /etc/mysql/my.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 重启服务 service mysql restart 初始化数据库 mysql_secure_installation MQ服务安装: apt-get install rabbitmq-server rabbitmqctl change_password guest RABBIT_PASS (可以不设置保持默认) install and configureIdentity service on the controller node: #mysql -u root -p CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'KEYSTONE_DBPASS'; 生成token keys: openssl rand -hex 10 安装Keystone : apt-get install keystone python-keystoneclient vi /etc/keystone/keystone.conf [DEFAULT] admin_token = ADMIN_TOKEN 写上前面生成的token: verbose = True [database] connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.sql.Token 同步数据库 su -s /bin/sh -c "keystone-manage db_sync" keystone 重启服务 service keystone restart 删除默认数据库 rm -f /var/lib/keystone/keystone.db 定时清理过期令牌 (crontab -l -u keystone 2>&1 | grep -q token_flush) || \ echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \ >> /var/spool/cron/crontabs/keystone 生成一定的环境变量: vi source.sh export OS_SERVICE_TOKEN=ADMIN_TOKEN export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0 创建租户、角色 keystone tenant-create --name admin --description "Admin Tenant" keystone user-create --name admin --pass ADMIN_PASS --email EMAIL_ADDRESS keystone role-create --name admin keystone user-role-add --tenant admin --user admin --role admin keystone role-create --name _member_ keystone user-role-add --tenant admin --user admin --role _member_ keystone tenant-create --name demo --description "Demo Tenant" keystone user-create --name demo --pass DEMO_PASS --email EMAIL_ADDRESS keystone user-role-add --tenant demo --user demo --role _member_ keystone tenant-create --name service --description "Service Tenant" To create the service entity and API endpoint: keystone service-create --name keystone --type identity \ --description "OpenStack Identity" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ identity / {print $2}') \ --publicurl http://controller:5000/v2.0 \ --internalurl http://controller:5000/v2.0 \ --adminurl http://controller:35357/v2.0 \ --region regionOne keystone配置租户管理员 unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 token-get keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 tenant-list keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 user-list keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \ --os-auth-url http://controller:35357/v2.0 role-list keystone --os-tenant-name demo --os-username demo --os-password DEMO_PASS \ --os-auth-url http://controller:35357/v2.0 token-get keystone --os-tenant-name demo --os-username demo --os-password DEMO_PASS \ --os-auth-url http://controller:35357/v2.0 user-list You are not authorized to perform the requested action, admin_required. (HTTP 403) vi admin-openrc.sh export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v2.0 vi demo-openrc.sh export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v2.0 source admin-openrc.sh ------------------- 安装nova-controller ------------------- 创建数据库 CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; 注册nova服务用户 source admin-openrc.sh keystone user-create --name nova --pass NOVA_PASS keystone user-role-add --user nova --tenant service --role admin keystone service-create --name nova --type compute \ --description "OpenStack Compute" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ compute / {print $2}') \ --publicurl http://controller:8774/v2/%\(tenant_id\)s \ --internalurl http://controller:8774/v2/%\(tenant_id\)s \ --adminurl http://controller:8774/v2/%\(tenant_id\)s \ --region regionOne 安装nova controller服务 apt-get install nova-api nova-cert nova-conductor nova-consoleauth \ nova-novncproxy nova-scheduler python-novaclient 编辑配置文件 vi /etc/nova/nova.conf [database] connection = mysql://nova:NOVA_DBPASS@controller/nova [DEFAULT] rpc_backend = rabbit rabbit_host = controller rabbit_password = RABBIT_PASS [DEFAULT] verbose = True auth_strategy = keystone my_ip = 10.0.0.11 (controller ip) vncserver_listen = 10.0.0.11 vncserver_proxyclient_address = 10.0.0.11 [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = nova admin_password = NOVA_PASS [glance] host = controller 同步数据库 su -s /bin/sh -c "nova-manage db sync" nova 重启服务 service nova-api restart service nova-cert restart service nova-consoleauth restart service nova-scheduler restart service nova-conductor restart service nova-novncproxy restart 脚本: for i in api cert consoleauth scheduler conductor novncproxy;do service nova-$i restart; done 删除默认数据库 rm -f /var/lib/nova/nova.sqlite ------------------ neutron-server -------------------- 在控制节点上创建数据库: mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS'; 执行变量注册neutron用户 source admin-openrc.sh keystone user-create --name neutron --pass NEUTRON_PASS keystone user-role-add --user neutron --tenant service --role admin keystone service-create --name neutron --type network \ --description "OpenStack Networking" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ network / {print $2}') \ --publicurl http://controller:9696 \ --adminurl http://controller:9696 \ --internalurl http://controller:9696 \ --region regionOne 安装neutron-server服务 apt-get install neutron-server neutron-plugin-ml2 python-neutronclient 编辑配置文件 vi /etc/neutron/neutron.conf [DEFAULT] verbose = True rpc_backend = rabbit rabbit_host = controller rabbit_password = RABBIT_PASS auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = True notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True nova_url = http://controller:8774/v2 nova_admin_auth_url = http://controller:35357/v2.0 nova_region_name = regionOne nova_admin_username = nova nova_admin_tenant_id = SERVICE_TENANT_ID 此ID下面命令产生 nova_admin_password = NOVA_PASS 执行脚本查看租户ID source admin-openrc.sh keystone tenant-get service 继续编辑配置文件 [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = neutron admin_password = NEUTRON_PASS [database] connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron 编辑ml2配置文件 vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,gre tenant_network_types = gre mechanism_drivers = openvswitch [ml2_type_gre] tunnel_id_ranges = 1:1000 [securitygroup] enable_security_group = True enable_ipset = True firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver 编辑nova配置文件 vi /etc/nova/nova.conf [DEFAULT] network_api_class = nova.network.neutronv2.api.API security_group_api = neutron linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver firewall_driver = nova.virt.firewall.NoopFirewallDriver [neutron] url = http://controller:9696 auth_strategy = keystone admin_auth_url = http://controller:35357/v2.0 admin_tenant_name = service admin_username = neutron admin_password = NEUTRON_PASS 同步数据库 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron 重启服务 service nova-api restart service nova-scheduler restart service nova-conductor restart service neutron-server restart 验证neutron是否搭建成功 source admin-openrc.sh neutron ext-list 在控制节点mysql上创建glance数据库 CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS'; 在keystone节点注册glance用户 source admin-openrc.sh keystone user-create --name glance --pass GLANCE_PASS keystone user-role-add --user glance --tenant service --role admin keystone service-create --name glance --type image \ --description "OpenStack Image Service" keystone endpoint-create \ --service-id $(keystone service-list | awk '/ image / {print $2}') \ --publicurl http://controller:9292 \ --internalurl http://controller:9292 \ --adminurl http://controller:9292 \ --region regionOne 安装并且配置glance服务 apt-get install glance python-glanceclient vi /etc/glance/glance-api.conf [database] connection = mysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = glance admin_password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] default_store = file filesystem_store_datadir = /var/lib/glance/images/ [DEFAULT] verbose = True 编辑配置文件 vi /etc/glance/glance-registry.conf [database] connection = mysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] auth_uri = http://controller:5000/v2.0 identity_uri = http://controller:35357 admin_tenant_name = service admin_user = glance admin_password = GLANCE_PASS [paste_deploy] flavor = keystone [DEFAULT] verbose = True 同步数据库: su -s /bin/sh -c "glance-manage db_sync" glance 重启服务 service glance-registry restart service glance-api restart 删除默认数据库 rm -f /var/lib/glance/glance.sqlite 下载镜像 mkdir /tmp/images cd /tmp/images source admin-openrc.sh glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img \ --disk-format qcow2 --container-format bare --is-public True --progress 验证glance是否搭建成功 glance image-list
|