在centos7上安装openstack mitaka版本

sszxf · 发表于 2018-4-26 11:14:05

　　前言：openstack真是一个庞然大物，想要吃透还真不容易，所以在对openstack大概有了一个了解的时候，就应该是部署，虽然openstack的安装方式有rdo或者devstack等一键安装工具，但是最好浅尝辄止，有了大概的使用经验之后就应该是从头到尾的安装一遍了，不然对于那些报错，以及故障的解决一定是不够气定神闲的，因此，当你有了openstack的基本认识后，开始安装吧~
　　

　　注：openstack的官方文档写得真的是，好的不要不要的，但是看英文总是感觉有点不溜，因此在官方文档的基础上写得这篇笔记。
　　参考:http://docs.openstack.org/mitaka/install-guide-rdo/
　　

　　首先应该是大概的规划，需要几个节点，选择什么操作系统，网络怎么划分~
　　下面是我的大概规划
　　节点数：2 (控制节点，计算节点)
　　操作系统：CentOS Linux release 7.2.1511 (Core)
　　网络配置：
　　控制节点：  10.0.0.101 192.168.15.101
　　结算节点：  10.0.0.102 192.168.15.102
　　

　　先决条件：
　　The following minimum requirements should support a proof-of-concept environment with core services and several CirrOS instances:
　　Controller Node: 1 processor, 4 GB memory, and 5 GB storage
　　Compute Node: 1 processor, 2 GB memory, and 10 GB storage
　　官方建议概念验证的最小硬件需求。
　　控制节点 1 处理器，4 GB内存，5 GB硬盘
　　计算节点 1 处理器，2 GB内存，10 GB硬盘
　　参考：http://docs.openstack.org/mitaka/install-guide-rdo/environment.html
　　

　　注：如果你是用手动一步一步的创建操作系统，配置网络，那么笔者就得好好的鄙视你了~~研究研究vagrant吧，通过下面的配置文件你就能一条命令生成两个虚拟机，并配置好网络了，vagrant简易教程参考：http://youerning.blog.51cto.com/10513771/1745102
# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
config.vm.box = "centos7"
node_servers = { :control => ['10.0.0.101','192.168.15.101'],
                  :compute => ['10.0.0.102','192.168.15.102']
            }
node_servers.each do |node_name,node_ip|
      config.vm.define node_name do |node_config|
         node_config.vm.host_name = node_name.to_s
         node_config.vm.network :private_network,ip: node_ip[0]
         node_config.vm.network :private_network,ip: node_ip[1],virtualbox_inet: true
      config.vm.boot_timeout = 300
         node_config.vm.provider "virtualbox" do |v|
            v.memory = 4096
            v.cpus = 1
         end
      end
end
end　　

　　通过vagrant up一条命令，稍等一会，两个热腾腾的虚拟机就出炉了，我们的环境就OK了~~
　　环境如下
　　操作系统：CentOS Linux release 7.2.1511 (Core)
　　网络配置：
　　控制节点：  10.0.0.101 192.168.15.101
　　结算节点：  10.0.0.102 192.168.15.102
　　

　　注意：上面的config.vm.box = "centos7"，首先需要有个centos7的box
　　

　　在开始部署前，我们先捋一捋openstack安装步骤
　　首先是软件环境准备，我们需要将一些通用的软件以及源仓库等进行配置，基本如下
　　NTP服务器
　　控制节点，其他节点
　　openstack 安装包仓库
　　通用组件：
　　SQL 数据库 ===> MariaDB
　　NoSQL 数据库 ==> MongoDB(基本组件不需要，)
　　消息队列 ==> RabbitMQ
　　Memcached
　　

　　再就是openstack整个框架下的各个组件，基本组件如下
　　认证服务 ===> Keystone
　　镜像服务 ===> Glance
　　计算资源服务 ===> Nova
　　网络资源服务 ===> Neutron
　　Dashboard ===> Horizon
　　块存储服务 ===> Cinder
　　

　　其他存储服务，如下
　　文件共享服务 ===> Manila
　　对象存储服务 ===> Swift
　　

　　其他组件，如下
　　编排服务 ===> Heat
　　遥测服务 ===> Ceilometer
　　数据库服务 ===>  Trove
　　

环境准备

　　域名解析：
　　在各个节点编辑hosts文件,加入以下配置
　　10.0.0.101 controller
　　10.0.0.102 compute
　　

　　ntp时间服务器
　　控制节点
　　1) 安装chrony软件包
　　yum install chrony
　　

　　2) 编辑配置文件 /etc/chrony.conf，添加以下内容，202.108.6.95可根据自己需求自行更改。
　　server 202.108.6.95 iburst
　　allow 10.0.0.0/24
　　

　　3)加入自启动，并启动
　　# systemctl enable chronyd.service
　　# systemctl start chronyd.service
　　

　　其他节点
　　1) 安装chrony软件包
　　yum install chrony
　　

　　2) 编辑配置文件 /etc/chrony.conf，添加以下内容
　　server controller iburst
　　allow 10.0.0.0/24
　　

　　3)加入自启动，并启动
　　# systemctl enable chronyd.service
　　# systemctl start chronyd.service
　　

　　验证：
　　控制节点
chronyc sources　　210 Number of sources = 2
　　MS Name/IP address       Stratum Poll Reach LastRx Last sample
　　=============================================================
　　^- 192.0.2.11                   2 7 12 137  -2814us[-3000us] +/- 43ms
　　^* 192.0.2.12                   2 6 177 46 +17us[  -23us] +/- 68ms
　　

　　其他节点
# chronyc sources　　210 Number of sources = 1
　　MS Name/IP address       Stratum Poll Reach LastRx Last sample
　　===============================================================================
　　^* controller                   3 9 377 421 +15us[  -87us] +/- 15ms
　　

　　

　　openstack 安装包仓库
　　安装相应openstack版本yum源
yum install centos-release-openstack-mitaka　　系统更新
yum upgrade

　　注：如果系统内核有更新，需要重启
　　

　　安装openstackclient，openstack-selinux
yum install python-openstackclient
yum install openstack-selinux　　

　　注：如果报什么 Package does not match intended download，则yum clean all或者直接下载rpm包安装吧。
　　参考下载地址：http://ftp.usf.edu/pub/centos/7/cloud/x86_64/openstack-kilo/common/

　　

　　SQL数据库
　　安装
yum install mariadb mariadb-server python2-PyMySQL　　创建/etc/my.cnf.d/openstack.cnf配置文件，加入以下内容
#绑定IP
[mysqld]
bind-address = 10.0.0.11
#设置字符集等
default-storage-engine = innodb    .
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8　　

　　配置启动项，启动等
systemctl enable mariadb.service
systemctl start mariadb.service　　

　　数据库初始化，创建root密码等，操作如下
mysql_secure_installation

　　Enter current password for root (enter for none):[Enter]
　　Set root password? [Y/n] Y
　　New password: openstack
　　Re-enter new password:openstack
　　Remove anonymous users? [Y/n] Y
　　Disallow root login remotely? [Y/n] n
　　Remove test database and access to it? [Y/n] Y
　　Reload privilege tables now? [Y/n] Y

　　

　　消息队列rabbitmq
　　安装
yum install rabbitmq-server　　配置启动项，启动
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service　　添加openstack用户
rabbitmqctl add_user openstack RABBIT_PASS　　设置openstack用户的权限，依次分别为写，读，访问
rabbitmqctl set_permissions openstack ".*"".*"".*"　　

　　NoSQL Mongodb
　　安装
yum install mongodb-server mongodb　　配置/etc/mongod.conf配置文件
bind_ip = 10.0.0.11
#smallfile=true可选
smallfiles = true　　配置启动项，启动

# systemctl enable mongod.service
# systemctl start mongod.service　　

　　Memcached
　　安装

# yum install memcached python-memcached　　配置启动项，启动

# systemctl enable memcached.service
# systemctl start memcached.service　　

　　至此，openstack整个框架的软件环境基本搞定，下面就是各组件了。
　　安装各组件很有意思，除了keystone基本上是差不多的步骤，唯一的区别就是创建时指定的名字不同而已，基本是一般以下步骤。
　　

　　1)配置数据库
create database xxx
GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'localhost' \
IDENTIFIED BY 'XXXX_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'%' \
IDENTIFIED BY 'XXXX_DBPASS';　　2)安装

yum install xxx　　3)配置文件
　　配置各项服务的连接,比如数据库，rabbitmq等
　　认证配置
　　特定配置

　　5)数据库同步
　　创建需要的表
　　4)加入启动项，启动
# systemctl enable openstack-xxx.service
# systemctl start openstack-xxxx.service　　5)创建用户，service，endpoint等
openstack user create xxx
openstack service create xxx
openstack endpoint create xxx　　6)验证服务是否成功
　　

　　注：配置文件的配置建议首先备份，然后为了省略不必要的篇幅，在此说明配置文件的编辑方式，如下。

[DEFAULT]

　　...

　　admin_token = ADMIN_TOKEN
　　上面的内容，指明在[DEFAULT]的段落加入admin_token = ADMIN_TOKEN内容。
　　

各组件安装

　　认证服务 Keystone
　　配置数据库
$ mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';　　

　　安装
# yum install openstack-keystone httpd mod_wsgi　　

　　配置文件/etc/keystone/keystone.conf
　　admin令牌

[DEFAULT]
...
admin_token = ADMIN_TOKEN　　数据库

[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone　　令牌生成方式

[token]
...
provider = fernet　　

　　注：上面的ADMIN_TOKEN可用openssl rand -hex 10命令生成，或者填入一串自定义的字符串
　　

　　数据库同步
# su -s /bin/sh -c "keystone-manage db_sync" keystone　　

　　初始化fernet秘钥。
　　令牌的生成方式参考：http://blog.csdn.net/miss_yang_cloud/article/details/49633719
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone　　

　　配置Apache
　　编辑/etc/httpd/conf/httpd.conf
　　更改一下内容
ServerName controller　　

　　创建/etc/httpd/conf.d/wsgi-keystone.conf配置文件，加入以下内容
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
      Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
      Require all granted
</Directory>
</VirtualHost>　　

　　配置启动项，启动
# systemctl enable httpd.service
# systemctl start httpd.service　　

　　创建service，API endpoint
　　为了避免不必要的篇幅，将admin_token，endpoint url配置到环境变量。
$ export OS_TOKEN=ADMIN_TOKEN
$ export OS_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3　　

　　创建service
$ openstack service create \
  --name keystone --description "OpenStack Identity" identity　　

　　创建endpoint，依次有public，internal，admin
$ openstack endpoint create --region RegionOne \
  identity public http://controller:5000/v3
$ openstack endpoint create --region RegionOne \
  identity internal http://controller:5000/v3
$ openstack endpoint create --region RegionOne \
  identity admin http://controller:35357/v3　　

　　创建域，项目，用户，角色 domain,project,user,role
　　创建domain
openstack domain create --description "Default Domain" default　　创建project
openstack user create --domain default \
  --password-prompt admin　　创建admin role
openstack role create admin　　将admin角色加入admin项目中
openstack role add --project admin --user admin admin　　创建service项目
openstack project create --domain default \
  --description "Service Project" service　　创建demo项目
openstack project create --domain default \
  --description "Demo Project" demo　　创建demo用户
openstack user create --domain default \
  --password-prompt demo　　创建user角色
openstack role create user　　将user角色加入到demo项目中
openstack role add --project demo --user demo user　　

　　注：记住创建用户时的密码。
　　验证admin用户
unset OS_TOKEN OS_URL
openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name default --os-user-domain-name default \
  --os-project-name admin --os-username admin token issue

　　Password:
　　+------------+-----------------------------------------------------------------+
　　| Field    | Value                                                          |
　　+------------+-----------------------------------------------------------------+
　　| expires | 2016-02-12T20:14:07.056119Z                                  |
　　| id       | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
　　|          | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
　　|          | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws    |
　　| project_id | 343d245e850143a096806dfaefa9afdc                               |
　　| user_id | ac3377633149401296f6c0d92d79dc16                               |
　　+------------+-----------------------------------------------------------------+

　　验证demo用户
$ openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue

　　Password:
　　+------------+-----------------------------------------------------------------+
　　| Field    | Value                                                          |
　　+------------+-----------------------------------------------------------------+
　　| expires | 2016-02-12T20:15:39.014479Z                                  |
　　| id       | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
　　|          | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
　　|          | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U    |
　　| project_id | ed0b60bf607743088218b0a533d5943f                               |
　　| user_id | 58126687cbcc4888bfa9ab73a2256f27                               |
　　+------------+-----------------------------------------------------------------+

　　如果有以上格式返回，验证通过
　　

　　admin，demo用户的环境变量脚本
　　正常情况下，当然吧诸如os-xxxx的参数放在环境变量中，为了更快的在admin，demo用户之间切换，创建环境脚本
　　创建admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2　　创建demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2　　

　　在此验证admin
　　首先 . admin-openrc
$ openstack token issue

　　+------------+-----------------------------------------------------------------+
　　| Field    | Value                                                          |
　　+------------+-----------------------------------------------------------------+
　　| expires | 2016-02-12T20:44:35.659723Z                                  |
　　| id       | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
　　|          | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
　　|          | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E    |
　　| project_id | 343d245e850143a096806dfaefa9afdc                               |
　　| user_id | ac3377633149401296f6c0d92d79dc16                               |
　　+------------+-----------------------------------------------------------------+

　　

　　

　　镜像服务 Glance
　　配置数据库
$ mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';　　

　　创建service，user，role
$ . admin-openrc
$ openstack user create --domain default --password-prompt glance
$ openstack role add --project service --user glance admin　　

　　创建endpoint，依次有public，internal，admin
$ openstack service create --name glance \
  --description "OpenStack Image" image
$ openstack endpoint create --region RegionOne \
  image public http://controller:9292
$ openstack endpoint create --region RegionOne \
  image internal http://controller:9292
$ openstack endpoint create --region RegionOne \
  image admin http://controller:9292　　

　　安装
# yum install openstack-glance　　

　　配置文件/etc/glance/glance-api.conf
　　数据库
[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance　　keystone认证
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
...
flavor = keystone　　glance存储
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/　　

　　配置文件/etc/glance/glance-registry.conf
　　数据库
[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance　　keystone认证
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
...
flavor = keystone　　

　　同步数据库
# su -s /bin/sh -c "glance-manage db_sync" glance　　

　　启动
# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service　　

　　验证
$ . admin-openrc　　下载cirros镜像
$ wget
http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img　　

　　创建镜像
$ openstack image create "cirros" \
  --file cirros-0.3.4-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --public　　

　　如果执行以下命令，显示如下，则成功
$ openstack image list
+--------------------------------------+--------+
| ID                                  | Name |
+--------------------------------------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros |
+--------------------------------------+--------+　　

　　计算资源服务 nova
　　控制节点
　　数据库
$ mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';　　

　　创建service，user，role

$ . admin-openrc
$ openstack user create --domain default \
  --password-prompt nova
$ openstack role add --project service --user nova admin
$ openstack service create --name nova \
  --description "OpenStack Compute" compute　　

　　创建endpoint，依次有public，internal，admin

$ openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1/%$tenant_id$s
$ openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1/%$tenant_id$s
$ openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1/%$tenant_id$s　　

　　安装
# yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler　　配置文件/etc/nova/nova.conf
　　启用的api
[DEFAULT]
...
enabled_apis = osapi_compute,metadata
[api_database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api　　数据库
[database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova　　rabbitmq队列
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS　　keystone认证
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS　　绑定ip
[DEFAULT]
...
my_ip = 10.0.0.101　　

　　支持neutron
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver　　vnc配置
[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip　　glance配置
[glance]
...
api_servers = http://controller:9292　　并发锁
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp　　

　　同步数据库
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova　　

　　启动
# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service　　

　　计算节点
　　安装
# yum install openstack-nova-compute　　

　　配置文件/etc/nova/nova.conf
　　rabbitmq队列
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS　　keystone认证
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS　　绑定ip
[DEFAULT]
...
my_ip = 10.0.0.102　　支持neutron
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver　　配置VNC
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html　　配置Glance
[glance]
...
api_servers = http://controller:9292　　并发锁

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp　　虚拟化驱动
[libvirt]
...
virt_type = qemu　　

　　启动
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service　　

　　验证
$ . admin-openrc$ openstack compute service list　　+----+--------------------+------------+----------+---------+-------+----------------------------+
　　| Id | Binary          | Host    | Zone    | Status  | State | Updated At                |
　　+----+--------------------+------------+----------+---------+-------+----------------------------+
　　|  1 | nova-consoleauth | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
　　|  2 | nova-scheduler    | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
　　|  3 | nova-conductor    | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 |
　　|  4 | nova-compute    | compute1 | nova    | enabled | up | 2016-02-09T23:11:20.000000 |
　　+----+--------------------+------------+----------+---------+-------+----------------------------+
　　

　　

　　网络服务 neutron
　　控制节点
　　数据库
$ mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';　　

　　

　　创建service，user，role
$ . admin-openrc
$ openstack user create --domain default --password-prompt neutron
$ openstack role add --project service --user neutron admin
$ openstack service create --name neutron \
  --description "OpenStack Networking" network　　

　　创建endpoint，依次有public，internal，admin

$ openstack endpoint create --region RegionOne \
  network public http://controller:9696
$ openstack endpoint create --region RegionOne \
  network internal http://controller:9696
$ openstack endpoint create --region RegionOne \
  network admin http://controller:9696　　

　　配置提供者网络 provider network，
　　参考：http://docs.openstack.org/mitaka/install-guide-rdo/neutron-controller-install-option1.html
　　

　　安装
# yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables　　

　　配置文件/etc/neutron/neutron.conf
　　数据库
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron　　启用二层插件，禁用其他插件
[DEFAULT]
...
core_plugin = ml2
service_plugins =　　rabbitmq队列
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS　　keystone认证
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS　　并发锁
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp　　

　　配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
　　驱动
[ml2]
...
type_drivers = flat,vlan　　禁用个人(selfservice)网络
[ml2]
...
tenant_network_types =　　启用linux网桥
[ml2]
...
mechanism_drivers = linuxbridge　　端口安装扩展
[ml2]
...
extension_drivers = port_security　　flat网络
[ml2_type_flat]
...
flat_networks = provider　　启用ipset
[securitygroup]
...
enable_ipset = True　　配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = False
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver　　注：PROVIDER_INTERFACE_NAME为网络接口，如eth 1之类的
　　

　　配置文件/etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True　　

　　配置文件/etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET　　

　　配置文件/etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET　　

　　软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini　　

　　数据库同步
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron　　

　　重启nova-api
systemctl restart openstack-nova-api.service　　

　　启动
# systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
# systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service　　

　　

　　计算节点
　　安装
yum install openstack-neutron-linuxbridge ebtables　　

　　配置文件 /etc/neutron/neutron.conf
　　rabbitmq队列
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS　　keystone认证
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS　　并发锁
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp　　

　　配置文件/etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS　　

　　重启nova-compute
# systemctl restart openstack-nova-compute.service　　

　　启动
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service　　

　　

　　验证
$ . admin-openrc
$ neutron ext-list　　+---------------------------+-----------------------------------------------+
　　| alias                   | name                                        |
　　+---------------------------+-----------------------------------------------+
　　| default-subnetpools    | Default Subnetpools                         |
　　| network-ip-availability | Network IP Availability                      |
　　| network_availability_zone | Network Availability Zone                   |
　　| auto-allocated-topology | Auto Allocated Topology Services             |
　　| ext-gw-mode             | Neutron L3 Configurable external gateway mode |
　　| binding                | Port Binding                               |
　　............
　　

　　

　　Dashboard horizon
　　注：必须在控制节点
　　安装
# yum install openstack-dashboard　　

　　配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
      'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
      'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"　　

　　启动
# systemctl restart httpd.service memcached.service　　

　　验证
　　访问http://controller/dashboard
　　

　　

　　块存储 cinder
　　数据库
$ mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
  IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
  IDENTIFIED BY 'CINDER_DBPASS';　　

　　创建service，user，role

$ . admin-openrc
$ openstack user create --domain default --password-prompt cinder
$ openstack role add --project service --user cinder admin　　

　　注意，这里创建两个service
$ openstack service create --name cinder \
  --description "OpenStack Block Storage" volume
$ openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2　　

　　创建endpoint，依次有public，internal，admin

$ openstack endpoint create --region RegionOne \
  volume public http://controller:8776/v1/%$tenant_id$s
$ openstack endpoint create --region RegionOne \
  volume internal http://controller:8776/v1/%$tenant_id$s
$ openstack endpoint create --region RegionOne \
  volume admin http://controller:8776/v1/%$tenant_id$s　　

　　注意，每个service对应三个endpoint
$ openstack endpoint create --region RegionOne \
  volumev2 public http://controller:8776/v2/%$tenant_id$s
$ openstack endpoint create --region RegionOne \
  volumev2 internal http://controller:8776/v2/%$tenant_id$s
$ openstack endpoint create --region RegionOne \
  volumev2 admin http://controller:8776/v2/%$tenant_id$s　　

　　安装
　　控制节点
# yum install openstack-cinder　　

　　配置文件/etc/cinder/cinder.conf
　　数据库
[database]
...
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder　　rabbitmq队列
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS　　keystone认证
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS　　绑定ip
[DEFAULT]
...
my_ip = 10.0.0.11　　并行锁
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp　　同步数据库
# su -s /bin/sh -c "cinder-manage db sync" cinder　　

　　配置文件/etc/nova/nova.conf
[cinder]
os_region_name = RegionOne　　

　　重启nova-api
# systemctl restart openstack-nova-api.service　　

　　启动
# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service　　

　　其他节点，可在计算节点加一块硬盘
　　注：需要另外一块硬盘
　　安装
# yum install lvm2
# systemctl enable lvm2-lvmetad.service
# systemctl start lvm2-lvmetad.service　　

　　创建逻辑卷
# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created# vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created　　

　　配置文件/etc/lvm/lvm.conf
devices {
...
filter = [ "a/sdb/", "r/.*/"]　　

　　注：新添加的硬盘一般为sdb，如果有sdc，sde等，则为filter = [ "a/sdb/", "a/sdb/"，"a/sdb/"，"r/.*/"]，以此类推
　　

　　安装
# yum install openstack-cinder targetcli　　

　　配置文件/etc/cinder/cinder.conf
　　数据库
[database]
...
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder　　rabbitmq队列
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS　　keystone认证
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS　　绑定ip
[DEFAULT]
...
my_ip = 10.0.0.102　　

　　增加[lvm]及其内容
[lvm]
...
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm　　后端启用lvm
[DEFAULT]
...
enabled_backends = lvm　　配置Glance API
[DEFAULT]
...
glance_api_servers = http://controller:9292　　并行锁
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp　　

　　启动
# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service　　

　　验证
$ . admin-openrc
$ cinder service-list　　+------------------+------------+------+---------+-------+----------------------------+-----------------+
　　|    Binary    | Host | Zone |  Status | State |       Updated_at       | Disabled Reason |
　　+------------------+------------+------+---------+-------+----------------------------+-----------------+
　　| cinder-scheduler | controller | nova | enabled | up  | 2014-10-18T01:30:54.000000 |    None    |
　　| cinder-volume | block1@lvm | nova | enabled | up  | 2014-10-18T01:30:57.000000 |    None    |
　　

　　至此。基本上完成了，所有的安装，你可以在dashboard上首先用admin用户创建一个网络，然后用新建一个实例
　　

　　

　　后记：虽然手动安装一整套实在有点夸张，这里还是用yum的呢~但是至少得这么手动来一次，其他时候就脚本或者安装工具吧，复制粘贴都把我复制的眼花了~
　　其他组件就另起一篇文章了，值得注意的是，官方文档才是最好的文档

账号		自动登录	找回密码
密码			立即注册

Centos6.5×64安装配置openmeetings3.0.3详

大疆运维招人啦，

C++ :try 语句块和异常处理

C++的多态

Red Hat RHCE 8 (EX294) Cert Guide

Java/C++ 区别：看完这一篇，就够用！

别再用过时库了！这 13 个顶级 C++ 库才是

[经验分享] 在centos7上安装openstack mitaka版本

浏览过的版块

扫码加入运维网微信交流群