openstack Juno系列之控制节点搭建

324232

controller控制节点搭建

安装keystone

-------------

所有主机hosts:

取消其中127.0.0.1

10.0.0.11  controller

10.0.0.21  neutron

10.0.0.31  compute

to configure prerequisites:

apt-get install python-software-properties

add-apt-repository cloud-archive:juno

apt-get update && apt-get dist-upgrade  

  

安装数据库

apt-get install mariadb-server python-mysqldb

vi /etc/mysql/my.cnf

[mysqld]

bind-address = 10.0.0.11

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

init-connect = 'SET NAMES utf8'

character-set-server = utf8

重启服务

service mysql restart

初始化数据库

mysql_secure_installation

MQ服务安装：

apt-get install rabbitmq-server

rabbitmqctl change_password guest RABBIT_PASS （可以不设置保持默认）

install and configureIdentity service on the controller node：

#mysql -u root -p

　CREATE DATABASE keystone;

　GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

  IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

  IDENTIFIED BY 'KEYSTONE_DBPASS';

生成token keys:

openssl rand -hex 10

安装Keystone ：  

apt-get install keystone python-keystoneclient

vi /etc/keystone/keystone.conf

[DEFAULT]

admin_token = ADMIN_TOKEN  写上前面生成的token:

verbose = True

[database]

connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]

provider = keystone.token.providers.uuid.Provider

driver = keystone.token.persistence.backends.sql.Token

同步数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

重启服务

service keystone restart

删除默认数据库

rm -f /var/lib/keystone/keystone.db

定时清理过期令牌

(crontab -l -u keystone 2>&1 | grep -q token_flush) || \

  echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \

  >> /var/spool/cron/crontabs/keystone

生成一定的环境变量：

vi source.sh

export OS_SERVICE_TOKEN=ADMIN_TOKEN

export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0

创建租户、角色

keystone tenant-create --name admin --description "Admin Tenant"

keystone user-create --name admin --pass ADMIN_PASS --email EMAIL_ADDRESS

keystone role-create --name admin

keystone user-role-add --tenant admin --user admin --role admin

keystone role-create --name _member_

keystone user-role-add --tenant admin --user admin --role _member_

keystone tenant-create --name demo --description "Demo Tenant"

keystone user-create --name demo --pass DEMO_PASS --email EMAIL_ADDRESS

keystone user-role-add --tenant demo --user demo --role _member_

keystone tenant-create --name service --description "Service Tenant"

To create the service entity and API endpoint：

keystone service-create --name keystone --type identity \

  --description "OpenStack Identity"

keystone endpoint-create \

  --service-id $(keystone service-list | awk '/ identity / {print $2}') \

  --publicurl http://controller:5000/v2.0 \

  --internalurl http://controller:5000/v2.0 \

  --adminurl http://controller:35357/v2.0 \

  --region regionOne

keystone配置租户管理员

unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \

  --os-auth-url http://controller:35357/v2.0 token-get

keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \

  --os-auth-url http://controller:35357/v2.0 tenant-list

keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \

  --os-auth-url http://controller:35357/v2.0 user-list

keystone --os-tenant-name admin --os-username admin --os-password ADMIN_PASS \

  --os-auth-url http://controller:35357/v2.0 role-list

keystone --os-tenant-name demo --os-username demo --os-password DEMO_PASS \

  --os-auth-url http://controller:35357/v2.0 token-get

keystone --os-tenant-name demo --os-username demo --os-password DEMO_PASS \

  --os-auth-url http://controller:35357/v2.0 user-list

You are not authorized to perform the requested action, admin_required. (HTTP 403)

vi admin-openrc.sh

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_AUTH_URL=http://controller:35357/v2.0

vi demo-openrc.sh

export OS_TENANT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=DEMO_PASS

export OS_AUTH_URL=http://controller:5000/v2.0

source admin-openrc.sh

-------------------

安装nova-controller

-------------------

创建数据库

CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

  IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

  IDENTIFIED BY 'NOVA_DBPASS';

注册nova服务用户

source admin-openrc.sh

keystone user-create --name nova --pass NOVA_PASS

keystone user-role-add --user nova --tenant service --role admin

keystone service-create --name nova --type compute \

  --description "OpenStack Compute"

keystone endpoint-create \

  --service-id $(keystone service-list | awk '/ compute / {print $2}') \

  --publicurl http://controller:8774/v2/%\(tenant_id\)s \

  --internalurl http://controller:8774/v2/%\(tenant_id\)s \

  --adminurl http://controller:8774/v2/%\(tenant_id\)s \

  --region regionOne

安装nova controller服务

apt-get install nova-api nova-cert nova-conductor nova-consoleauth \

  nova-novncproxy nova-scheduler python-novaclient

编辑配置文件

vi /etc/nova/nova.conf

[database]

connection = mysql://nova:NOVA_DBPASS@controller/nova

[DEFAULT]

rpc_backend = rabbit

rabbit_host = controller

rabbit_password = RABBIT_PASS

[DEFAULT]

verbose = True

auth_strategy = keystone

my_ip = 10.0.0.11  (controller ip)

vncserver_listen = 10.0.0.11

vncserver_proxyclient_address = 10.0.0.11

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = nova

admin_password = NOVA_PASS

[glance]

host = controller

同步数据库

su -s /bin/sh -c "nova-manage db sync" nova

重启服务

service nova-api restart

service nova-cert restart

service nova-consoleauth restart

service nova-scheduler restart

service nova-conductor restart

service nova-novncproxy restart

脚本：

for i in api cert consoleauth scheduler conductor novncproxy;do service nova-$i restart; done

删除默认数据库

rm -f /var/lib/nova/nova.sqlite

------------------

neutron-server

--------------------

在控制节点上创建数据库：

mysql -u root -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

执行变量注册neutron用户

source admin-openrc.sh

keystone user-create --name neutron --pass NEUTRON_PASS

keystone user-role-add --user neutron --tenant service --role admin

keystone service-create --name neutron --type network \

  --description "OpenStack Networking"

keystone endpoint-create \

  --service-id $(keystone service-list | awk '/ network / {print $2}') \

  --publicurl http://controller:9696 \

  --adminurl http://controller:9696 \

  --internalurl http://controller:9696 \

  --region regionOne

安装neutron-server服务

apt-get install neutron-server neutron-plugin-ml2 python-neutronclient

编辑配置文件

vi  /etc/neutron/neutron.conf

[DEFAULT]

verbose = True

rpc_backend = rabbit

rabbit_host = controller

rabbit_password = RABBIT_PASS

auth_strategy = keystone

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

nova_url = http://controller:8774/v2

nova_admin_auth_url = http://controller:35357/v2.0

nova_region_name = regionOne

nova_admin_username = nova

nova_admin_tenant_id = SERVICE_TENANT_ID   此ＩＤ下面命令产生

nova_admin_password = NOVA_PASS

执行脚本查看租户ID

source admin-openrc.sh

keystone tenant-get service

继续编辑配置文件

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = neutron

admin_password = NEUTRON_PASS

[database]

connection = mysql://neutron:NEUTRON_DBPASS@controller/neutron

编辑ml2配置文件

vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,gre

tenant_network_types = gre

mechanism_drivers = openvswitch

[ml2_type_gre]

tunnel_id_ranges = 1:1000

[securitygroup]

enable_security_group = True

enable_ipset = True

firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

编辑nova配置文件

vi /etc/nova/nova.conf

[DEFAULT]

network_api_class = nova.network.neutronv2.api.API

security_group_api = neutron

linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[neutron]

url = http://controller:9696

auth_strategy = keystone

admin_auth_url = http://controller:35357/v2.0

admin_tenant_name = service

admin_username = neutron

admin_password = NEUTRON_PASS

同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron

重启服务

service nova-api restart

service nova-scheduler restart

service nova-conductor restart

service neutron-server restart

验证neutron是否搭建成功

source admin-openrc.sh

neutron ext-list

在控制节点mysql上创建glance数据库

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

  IDENTIFIED BY 'GLANCE_DBPASS';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

  IDENTIFIED BY 'GLANCE_DBPASS';

在keystone节点注册glance用户

source admin-openrc.sh

keystone user-create --name glance --pass GLANCE_PASS

keystone user-role-add --user glance --tenant service --role admin

keystone service-create --name glance --type image \

  --description "OpenStack Image Service"

keystone endpoint-create \

  --service-id $(keystone service-list | awk '/ image / {print $2}') \

  --publicurl http://controller:9292 \

  --internalurl http://controller:9292 \

  --adminurl http://controller:9292 \

  --region regionOne

安装并且配置glance服务

apt-get install glance python-glanceclient

vi /etc/glance/glance-api.conf

[database]

connection = mysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = glance

admin_password = GLANCE_PASS

[paste_deploy]

flavor = keystone

[glance_store]

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

[DEFAULT]

verbose = True

编辑配置文件

vi  /etc/glance/glance-registry.conf

[database]

connection = mysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]

auth_uri = http://controller:5000/v2.0

identity_uri = http://controller:35357

admin_tenant_name = service

admin_user = glance

admin_password = GLANCE_PASS

[paste_deploy]

flavor = keystone

[DEFAULT]

verbose = True

同步数据库：

su -s /bin/sh -c "glance-manage db_sync" glance

重启服务

service glance-registry restart

service glance-api restart

删除默认数据库

rm -f /var/lib/glance/glance.sqlite

下载镜像

mkdir /tmp/images

cd /tmp/images

wget http://cdn.download.cirros-cloud ... 3.3-x86_64-disk.img

source admin-openrc.sh

glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img \

  --disk-format qcow2 --container-format bare --is-public True --progress

验证glance是否搭建成功

glance image-list