Install OpenStack Kilo

玥殇

安装openstack k版本
完善中

操作系统OSCentOS Linux release 7.0.1406 (Core)

虚拟机(要能上网)
node1 (管理): 10.10.0.10                      192.168.74.211
node2网络:10.10.0.20    10.20.0.20   10.30.0.20     192.168.74.212
node3计算:10.10.0.30    10.20.0.30             192.168.74.213


一、环境准备
1关闭防火墙
systemctl stop firewalld
systemctl disable firewalld

2:关闭SELinux
vim /etc/selinux/config
...
SELINUX=disabled

setenforce  0

3:时间同步管理节点做时间服务器其它节点从管理节点同步时间
管理节点
yum install ntp
vim /etc/ntp.conf
...
server  127.127.1.0     # local clock
fudge   127.127.1.0 stratum 10
systemctl enable ntpd.service
systemctl start ntpd.service
[root@node1 ~]# ntpq  -c peers
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
*LOCAL(0)        .LOCL.          10 l   57   64  177    0.000    0.000   0.000

其它节点安装服务将时间服务器直接管理节点即可

4:yum 源
注每个节点都要做
安装EPEL源
yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
安装K版本的源
yum install http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm

示例
[root@node1 yum.repos.d]# cat media.repo
[media]
name=media
baseurl=http://vault.centos.org/7.0.1406/os/x86_64
enabled=1
gpgcheck=0

[root@node1 yum.repos.d]# cat rdo-release.repo
[openstack-kilo]
name=OpenStack Kilo Repository
baseurl=http://repos.fedorapeople.org/repos/openstack/openstack-kilo/el7/
skip_if_unavailable=0
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-RDO-kilo

[root@node1 yum.repos.d]# cat epel.repo
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-7&arch=$basearch
failovermethod=priority
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7

[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
#baseurl=http://download.fedoraproject.org/pub/epel/7/$basearch/debug
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-debug-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
#baseurl=http://download.fedoraproject.org/pub/epel/7/SRPMS
mirrorlist=https://mirrors.fedoraproject.org/metalink?repo=epel-source-7&arch=$basearch
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=1

5:各节点之间做互信
vim /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
10.10.0.10 node1
10.10.0.20 node2
10.10.0.30 node3

ssh-keygen
cat id_rsa.pub >> authorized_keys   #进入authorized_keys复制并修改

cat authorized_keys
ssh-rsa ----- root@node1
ssh-rsa ----- root@node2
ssh-rsa ----- root@node3

scp -r /root/.ssh node2:/root/
scp -r /root/.ssh node3:/root/




二、安装数据库服务
管理节点
yum install mariadb mariadb-server MySQL-python
vim /etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = 10.10.0.10
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8

mysql_secure_installation
#设置密码后面全部输入Y

三、安装消息队列服务
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

四、安装keystone
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
MariaDB [(none)]> flush PRIVILEGES ;

yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached

systemctl enable memcached.service
systemctl start memcached.service

vim /etc/keystone/keystone.conf
DEFAULT]
verbose = True
admin_token = openstack
[database]
connection = mysql://keystone:keystone@10.10.0.10/keystone
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token

su -s /bin/sh -c "keystone-manage db_sync" keystone

vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /var/www/cgi-bin/keystone/main
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    LogLevel info
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    LogLevel info
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>

mkdir -p /var/www/cgi-bin/keystone
curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo| tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
chown -R keystone:keystone /var/www/cgi-bin/keystone
chmod 755 /var/www/cgi-bin/keystone/*

systemctl enable httpd.service
systemctl start httpd.service

export OS_TOKEN=openstack
export OS_URL=http://10.10.0.10:35357/v2.0
keystone user-list

openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --publicurl http://10.10.0.10:5000/v2.0 --internalurl http://10.10.0.10:5000/v2.0  --adminurl http://10.10.0.10:35357/v2.0 --region RegionOne identity
openstack project create --description "Admin Project" admin
openstack user create --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --description "Service Project" service
openstack project create --description "Demo Project" demo
openstack user create --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
unset OS_TOKEN OS_URL

openstack --os-auth-url http://controller:35357 --os-project-name admin --os-username admin --os-auth-type password
openstack --os-auth-url http://10.10.0.10:35357 --os-project-name admin --os-username admin --os-auth-type password token issue
openstack --os-auth-url http://10.10.0.10:35357 --os-project-name admin --os-username admin --os-auth-type password project list


vim openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://10.10.0.10:35357/v3

source  openrc.sh
openstack token issue
keystone user-list

五、安装glance镜像服务
mysql -u root -p
MariaDB [(none)]>  GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
MariaDB [(none)]>  GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
MariaDB [(none)]> flush PRIVILEGES ;

source  openrc.sh
openstack user create --password-prompt glance
openstack role add --project service --user glance admin
penstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --publicurl http://10.10.0.10:9292 --internalurl http://10.10.0.10:9292 --adminurl http://10.10.0.10:9292 --region RegionOne image
yum install openstack-glance python-glance python-glanceclient

vim /etc/glance/glance-api.conf
[DEFAULT]
notification_driver = noop
verbose = True
[oslo_policy]
[database]
connection = mysql://glance:glance@node1/glance
[oslo_concurrency]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[store_type_location_strategy]
[profiler]
[task]
[taskflow_executor]
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

vim /etc/glance/glance-registry.conf
[DEFAULT]
notification_driver = noop
verbose = True
[oslo_policy]
[database]
connection = mysql://glance:glance@10.10.0.10/glance
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

wget -P /tmp/images http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

glance image-create --name="cirros" --disk-format=qcow2 --container-format=bare --is-public=true < cirros-0.3.3-x86_64-disk.img
glance image-update --property architecture=x86_64 --property os_distro=ubuntu --property os_version=0.3.3 --property vol_size=1 4aaaebae-4c34-45c9-9b7d-fb8911de7c6e
glance image-list

六:安装nova计算服务
1管理节点
  mysql -u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> flush PRIVILEGES ;

openstack user create --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --publicurl http://10.10.0.10:8774/v2/%\(tenant_id\)s --internalurl http://10.10.0.10:8774/v2/%\(tenant_id\)s  --adminurl http://10.10.0.10:8774/v2/%\(tenant_id\)s

--region RegionOne compute

yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

vim  /etc/nova/nova.conf
[DEFAULT]
my_ip = 10.10.0.10
rpc_backend = rabbit
auth_strategy = keystone
vncserver_listen = 10.10.0.10
vncserver_proxyclient_address = 10.10.0.10
verbose = True
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
network_api_class = nova.network.api.API
security_group_api = nova
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[database]
connection = mysql://nova:nova@10.10.0.10/nova
[ephemeral_storage_encryption]
[glance]
host = node1
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
[metrics]
[neutron]
url = http://10.10.0.10:9696
auth_strategy = keystone
admin_auth_url = http://10.10.0.10:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = 10.10.0.10
[osapi_v3]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[workarounds]
[xenserver]
[zookeeper]
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack

su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service  openstack-nova-conductor.service openstack-

nova-novncproxy.service
systemctl start  openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service  openstack-nova-conductor.service openstack-

nova-novncproxy.service


2计算节点
yum install openstack-nova-compute sysfsutils
[root@node3 ~]# vim /etc/nova/nova.conf
[DEFAULT]
verbose = True
my_ip = 10.10.0.30
rpc_backend = rabbit
auth_strategy = keystone
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 10.10.0.10
novncproxy_base_url = http://10.10.0.10:6080/vnc_auto.html
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[database]
[ephemeral_storage_encryption]
[glance]
host = 10.10.0.10
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type = qemu
[metrics]
[neutron]
url = http://10.10.0.10:9696
auth_strategy = keystone
admin_auth_url = http://10.10.0.10:35357/v2.0
admin_tenant_name = service
admin_username = neutron
admin_password = neutron
[osapi_v3]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[workarounds]
[xenserver]
[zookeeper]
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack

grep -c '(vmx|svm)' /proc/cpuinfo

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service



管理节点
[root@node1 ~]#  nova service-list
+----+------------------+-------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary           | Host  | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+----+------------------+-------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-conductor   | node1 | internal | enabled | up    | 2015-12-28T22:43:53.000000 | -               |
| 2  | nova-consoleauth | node1 | internal | enabled | up    | 2015-12-28T22:43:53.000000 | -               |
| 3  | nova-cert        | node1 | internal | enabled | up    | 2015-12-28T22:43:52.000000 | -               |
| 4  | nova-scheduler   | node1 | internal | enabled | up    | 2015-12-28T22:43:54.000000 | -               |
| 5  | nova-compute     | node3 | nova     | enabled | up    | 2015-12-28T22:43:56.000000 | -               |
+----+------------------+-------+----------+---------+-------+----------------------------+-----------------+

七:neutron
1管理节点
mysql -u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

openstack user create --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --publicurl http://10.10.0.10:9696 --adminurl http://10.10.0.10:9696 --internalurl http://10.10.0.10:9696 --region RegionOne network

yum install openstack-neutron openstack-neutron-ml2 python-neutronclient

vim /etc/neutron/neutron.conf
[DEFAULT]
verbose = True
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.10.0.10:8774/v2
rpc_backend = rabbit
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.10.0.10:8774/v2
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[database]
connection = mysql://neutron:neutron@10.10.0.10/neutron
rpc_backend = rabbit
[nova]
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack

vim  /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service
systemctl enable neutron-server.service
systemctl start neutron-server.service



2网络节点
[root@node2 ~]# cat /etc/sysctl.conf
...
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

sysctl  -p

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[database]
[nova]
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack

vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
flat_networks = external
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
local_ip = 10.10.0.20
bridge_mappings = external:br-ex
[agent]
tunnel_types = gre

vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =
router_delete_namespaces = True
verbose = True

vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
dhcp_delete_namespaces = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

vim /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454

pkill dnsmasq
vim  /etc/neutron/metadata_agent.ini
[DEFAULT]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = 10.10.0.10
metadata_proxy_shared_secret = 10.10.0.10
verbose = True

systemctl enable openvswitch.service
systemctl start openvswitch.service

ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eno33554992
ethtool -K  eno33554992 gro off
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service
systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

3计算节点
vim /etc/sysctl.conf
pv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

sysctl -p
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch
vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[database]
[nova]
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack
systemctl restart neutron-openvswitch-agent.service


vim  /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
[database]
[nova]
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack

[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_flat]
[ml2_type_vlan]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vxlan]
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
local_ip = 10.20.0.20
[agent]
tunnel_types = gre

systemctl enable openvswitch.service
systemctl start openvswitch.service
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service
systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service





4管理节点
neutron ext-list
neutron net-create ext-net --router:external --provider:physical_network external --provider:network_type flat
neutron subnet-create ext-net 192.168.124.0/24 --name ext-subnet --allocation-pool start=192.168.124.110,end=192.168.124.200 --disable-dhcp --gateway 192.168.124.1
neutron net-create demo-net
neutron subnet-create demo-net 192.168.1.0/24 --name demo-subnet --gateway 192.168.1.1
neutron router-create demo-router
neutron router-interface-add demo-router demo-subnet
neutron router-gateway-set demo-router ext-net


八安装dashboard
yum install openstack-dashboard httpd mod_wsgi memcached python-memcached
vim /etc/openstack-dashboard/local_settings
...
OPENSTACK_HOST = "10.10.0.10"
ALLOWED_HOSTS = ['*']
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
    'LOCATION': '127.0.0.1:11211',
    }
}
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
...

setsebool -P httpd_can_network_connect on
chown -R apache:apache /usr/share/openstack-dashboard/static
systemctl enable httpd.service memcached.service
systemctl start httpd.service memcached.service

登录一下http://10.10.0.10/dashboard


九安装ceph

yum源示例
ceph.repo
[ceph]
name=ceph
baseurl=http://download.ceph.com/rpm/el7/x86_64/
enabled=1
gpgcheck=0
[ceph-noarch]
name=ceph norach
baseurl=http://download.ceph.com/rpm/el7/noarch/
enabled=1
gpgcheck=0
[ceph-SRPMS]
name=ceph srpms
baseurl=http://download.ceph.com/rpm/el7/SRPMS/
enabled=1
gpgcheck=0

先安装这些依赖包~            
yum install ftp://rpmfind.net/linux/centos/7.1.1503/extras/x86_64/Packages/python-werkzeug-0.9.1-2.el7.noarch.rpm
yum install ftp://195.220.108.108/linux/centos/7.1.1503/extras/x86_64/Packages/python-itsdangerous-0.23-2.el7.noarch.rpm
yum install ftp://195.220.108.108/linux/centos/7.1.1503/extras/x86_64/Packages/python-flask-0.10.1-4.el7.noarch.rpm

装包
yum install snappy leveldb gdisk python-argparse gperftools-libs ceph
mkdir /root/ceph
cd /root/ceph
vim /etc/ceph/ceph.conf
[global]
fsid = b74dadd9-c0cc-44da-b19a-e071b760a187
public network = 10.10.0.0/24
cluster network = 10.10.0.0/24
auth cluster required = cephx
auth service required = cephx
auth client required = cephx
filestore xattr use omap = true
osd pool default size = 2
osd pool default min size = 1
osd pool default pg num = 333
osd pool default pgp num = 333
osd crush chooseleaf type = 1
mon osd full ratio = .80
mon osd nearfull ratio = .70

debug lockdep = 0/0
debug context = 0/0
debug crush = 0/0
debug buffer = 0/0
debug timer = 0/0
debug journaler = 0/0
debug osd = 0/0
debug optracker = 0/0
debug objclass = 0/0
debug filestore = 0/0
debug journal = 0/0
debug ms = 0/0
debug monc = 0/0
debug tp = 0/0
debug auth = 0/0
debug finisher = 0/0
debug heartbeatmap = 0/0
debug perfcounter = 0/0
debug asok = 0/0
debug throttle = 0/0

[mon]
mon initial members = node1
mon host = 10.10.0.10:6789


[mon.node1]
host = node1
mon addr = 10.10.0.10:6789
mon data = /var/lib/ceph/mon/ceph-node1


创建key文件及monitor map
使用如下命令生成monitor key:

ceph-authtool --create-keyring ceph.mon.keyring --gen-key -n mon. --cap mon 'allow *'
使用如下命令生成admin key:

ceph-authtool --create-keyring /etc/ceph/ceph.client.admin.keyring --gen-key -n client.admin --set-uid=0 --cap mon 'allow *' --cap osd 'allow *' --cap mds 'allow'
将admin key 加入monitor key:

ceph-authtool ceph.mon.keyring --import-keyring /etc/ceph/ceph.client.admin.keyring
创建monitor map文件:

monmaptool --create --add node1 10.10.0.10  --fsid b74dadd9-c0cc-44da-b19a-e071b760a187 /tmp/monmap


创建第一个monitor
创建monitor的数据目录:

mkdir -p /var/lib/ceph/mon/ceph-mon1_hostname
初始化monitor:

ceph-mon --mkfs -i mon1_hostname --monmap /tmp/monmap --keyring /tmp/ceph.mon.keyring
启动monitor服务:

service ceph start mon


------------------------------------------------------------------------------------------
monitor工作验证
根据配置文件创建好所有的monitor以后在任何一个monitor节点进行验证:

在任何一个monitor节点执行ceph -s 命令可以观察到ceph集群信息由于还没有添加osd集群为非健康状态
-----------------------------------------------------------------------------------------

增加OSD方法如下

首先你要生成一下ID值

uuidgen

执行这条命令这时候会返回一个结果比如3这个值就是ceph分配给你的osd的值记住它后面会用到

ceph osd create 906f693a-acb0-4f24-8e2c-a8d7cdaec63f

创建一个挂载目录到时候分区是要被挂载到这的目录名建议与分配的号一样

mkdir /var/lib/ceph/osd/ceph-3

准备好你的硬盘注意分区不是必须的。

#parted /dev/mapper/mpathc

mkfs -t xfs /dev/mapper/mpathcp

挂载

mount -t xfs /dev/mapper/mpathcp1 /var/lib/ceph/osd/ceph-3

关键步骤在这里老老实实敲把该修改的按需修改注意啊 这里面涉及到几个参数要指对了osd分配的值、UUID、 权重值、主机名

ceph-osd -i 3 --mkfs --mkkey --osd-uuid 906f693a-acb0-4f24-8e2c-a8d7cdaec63f

ceph auth add osd.3 osd 'allow *' mon 'allow profile osd' -i /var/lib/ceph/osd/ceph-3/keyring

ceph osd crush add osd.3 1.0 host=node-6

ceph-disk activate /var/lib/ceph/osd/ceph-3

关键最后一步将挂载写到fstab里

vim /etc/fstab

示例

/dev/mapper/mpathcp    /var/lib/ceph/osd/ceph-3  xfs   defaults,noatime,inode64        0 0

结束语

修改osd的权重如下

ceph osd crush reweight osd.3 4


ceph osd pool create volumes 200 200 replicated
``ceph auth get-or-create client.cinder mon 'allow r' osd 'allow class-read object_prefix rbd_children, allow rwx pool=volumes'``
``ceph auth get-or-create client.cinder | tee /etc/ceph/ceph.client.awcloud.keyring``

将CEPH集群弄好了。再安装cinder



10  cinder
这里我将cinder安装到管理节点然后它的后端用的是ceph

mysql -u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';


openstack user create --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack endpoint create --publicurl http://10.10.0.10:8776/v2/%\(tenant_id\)s --internalurl http://10.10.0.10:8776/v2/%\(tenant_id\)s --adminurl http://10.10.0.10:8776/v2/%\(tenant_id\)s  

--region RegionOne volume
openstack endpoint create --publicurl http://10.10.0.10:8776/v2/%\(tenant_id\)s --internalurl http://10.10.0.10:8776/v2/%\(tenant_id\)s --adminurl http://10.10.0.10:8776/v2/%\(tenant_id\)s

--region RegionOne volumev2

yum install openstack-cinder python-cinderclient python-oslo-db qemu

cp /usr/share/cinder/cinder-dist.conf /etc/cinder/cinder.conf
chown -R cinder:cinder /etc/cinder/cinder.conf

vim /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.10.0.10
verbose = True
volume_driver=cinder.volume.drivers.rbd.RBDDriver
rbd_secret_uuid=b74dadd9-c0cc-44da-b19a-e071b760a187
rbd_user=cinder
rbd_ceph_conf=/etc/ceph/ceph.conf
rbd_max_clone_depth=5
rbd_pool=volumes
rados_connect_timeout=-1
rbd_flatten_volume_from_snapshot=False
rbd_store_chunk_size=4

#logdir = /var/log/cinder
#state_path = /var/lib/cinder
#lock_path = /var/lib/cinder/tmp
#volumes_dir = /etc/cinder/volumes
#iscsi_helper = lioadm
#rootwrap_config = /etc/cinder/rootwrap.conf

[database]
connection = mysql://cinder:cinder@10.10.0.10/cinder

[keystone_authtoken]
auth_uri = http://10.10.0.10:5000
auth_url = http://10.10.0.10:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = cinder
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
#auth_host = 127.0.0.1
#auth_port = 35357
#auth_protocol = http

[oslo_messaging_rabbit]
rabbit_host = 10.10.0.10
rabbit_userid = openstack
rabbit_password = openstack

[oslo_concurrency]
lock_path = /var/lock/cinder

su -s /bin/sh -c "cinder-manage db sync" cinder
chown cinder.cinder -R /etc/ceph/

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

试一下对接效果
[root@node1 ~]# cinder create 1
+---------------------+--------------------------------------+
|       Property      |                Value                 |
+---------------------+--------------------------------------+
|     attachments     |                  []                  |
|  availability_zone  |                 nova                 |
|       bootable      |                false                 |
|      created_at     |      2015-12-30T05:16:33.325201      |
| display_description |                 None                 |
|     display_name    |                 None                 |
|      encrypted      |                False                 |
|          id         | 6e698821-03e7-4298-b91a-768225eddc61 |
|       metadata      |                  {}                  |
|     multiattach     |                false                 |
|         size        |                  1                   |
|     snapshot_id     |                 None                 |
|     source_volid    |                 None                 |
|        status       |               creating               |
|     volume_type     |                 None                 |
+---------------------+--------------------------------------+
[root@node1 ~]# cinder  list
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
|                  ID                  |   Status  | Display Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+--------------+------+-------------+----------+-------------+
| 6106f76d-d824-4ae1-87f3-2754989ea0ee | available |      -       |  1   |      -      |  false   |             |