##################################################################################################################### 控制节点部署安装 ###################################################################################################################### 控制节点规划:## 主机名:controller## IP地址:192.168.40.151 os:centos7###################################################################################################################一、环境配置1、主机名修改[root@controller ~]# hostnamectl set-hostname controller[root@controller ~]# vim /etc/hosts 192.168.40.151 controller2、关闭防火墙[root@controller ~]# systemctl stop firewalld [root@controller ~]# systemctl disable firewalld #永久性关闭防火墙3、关闭selinux[root@controller ~]# setenforce 0 #临时关闭selinux[root@controller ~]# vim /etc/selinux/config #永久性关闭selinuxSELINUX=disabled 4、配置yum源[os]name=osbaseurl=http://192.168.50.124/centos-yum/7/os/x86_64/gpgcheck=0enabled=1[update]name=updatebaseurl=http://192.168.50.124/centos-yum/7/updates/x86_64/gpgcheck=0enabled=1[ext]name=extbaseurl=http://192.168.50.124/centos-yum/7/extras/x86_64/gpgcheck=0enabled=1[openstack]name=nbaseurl=http://192.168.50.124/openstack-rpms/openstack-newton/gpgcheck=0enabled=1[root@controller ~]# reboot #重启系统################################################################################################################# 二、keystone组件部署安装 #################################################################################################################1、时间服务部署安装[root@controller ~]# yum install chrony -y [root@controller ~]# vim /etc/chrony.confserver 192.168.40.151 iburstallow 10.0.0.0/24[root@controller ~]# systemctl enable chronyd.service #设置开机自启动[root@controller ~]# systemctl start chronyd.service #启动时间服务[root@controller ~]# yum install python-openstackclient #安装openstack管理工具2、数据库部署安装 [root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y #yum安装MySQL[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf[mysqld]bind-address = 192.168.40.151default-storage-engine = innodbinnodb_file_per_tablemax_connections = 4096collation-server = utf8_general_cicharacter-set-server = utf8[root@controller ~]# systemctl enable mariadb.service #开机自启动[root@controller ~]# systemctl start mariadb.service #开启MySQL服务[root@controller ~]# mysqladmin -uroot password 123 #设置MySQL密码为1233、部署安装rabbit消息队列[root@controller ~]# yum install rabbitmq-server -y [root@controller ~]# systemctl enable rabbitmq-server.service [root@controller ~]# systemctl start rabbitmq-server.service[root@controller ~]# rabbitmqctl add_user openstack 123 #创建rabbit用户密码Creating user "openstack" ...[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允许所有人排队Setting permissions for user "openstack" in vhost "/" ...4、部署安装memcached缓存服务[root@controller ~]# yum install memcached python-memcached -y[root@controller ~]# systemctl enable memcached.service[root@controller ~]# systemctl start memcached.service 5、keystone数据库创建[root@controller ~]# mysql -u root -pEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 11Server version: 10.1.18-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database keystone;MariaDB [(none)]> show databases;+--------------------+| Database |+--------------------+| information_schema || keystone | #显示keystone库 ,表示创建库成功| mysql || performance_schema || test |+--------------------+5 rows in set (0.01 sec)##创建keystone用户密码设置为123MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';Query OK, 0 rows affected (0.00 sec) 6、安装keystone包[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y [root@controller ~]# vim /etc/keystone/keystone.conf[database]connection = mysql+pymysql://keystone:123@controller/keystone #关联数据库[token]provider = fernet[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化keystone数据库[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone#为管理员账户admin创建密码为123[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123 \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:35357/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne[root@controller ~]# vim /etc/httpd/conf/httpd.conf #添加以下内容ServerName controller[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/[root@controller ~]# systemctl enable httpd.service[root@controller ~]# systemctl start httpd.service[root@controller ~]# #通过admin用户登录keystoneexport OS_USERNAME=adminexport OS_PASSWORD=123export OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3#创建service项目[root@controller ~]# openstack project create --domain default \ --description "Service Project" service+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Service Project || domain_id | default || enabled | True || id | 24ac7f19cd944f4cba1d77469b2a73ed || is_domain | False || name | service || parent_id | default |+-------------+----------------------------------+#创建demo项目[root@controller ~]# openstack project create --domain default \ --description "Demo Project" demo+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Demo Project || domain_id | default || enabled | True || id | 231ad6e7ebba47d6a1e57e1cc07ae446 || is_domain | False || name | demo || parent_id | default |+-------------+----------------------------------+#创建demo普通用户密码为123[root@controller ~]# openstack user create --domain default \ --password-prompt demoUser Password:Repeat User Password:+---------------------+----------------------------------+| Field | Value |+---------------------+----------------------------------+| domain_id | default || enabled | True || id | aeda23aa78f44e859900e22c24817832 || name | demo || password_expires_at | None |+---------------------+----------------------------------+ #创建user角色[root@controller ~]# openstack role create user+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | None || id | 997ce8d05fc143ac97d83fdfb5998552 || name | user |+-----------+----------------------------------+#为demo普通用户赋予权限[root@controller ~]# openstack role add --project demo --user demo user #创建admin认证脚本[root@controller ~]# vim admin.shexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2#创建普通用户demo认证脚本[root@controller ~]# vim demo.shexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=DEMO_PASSexport OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2#验证[root@controller ~]# source admin.sh #查看所有用户[root@controller ~]# openstack user list+----------------------------------+-------+| ID | Name |+----------------------------------+-------+| 13a142d7c342441f8bfc7b9ea5150105 | demo || 62246126b9d8407291b9799c63d4e4d0 | admin |+----------------------------------+-------+#查看角色[root@controller ~]# openstack role list+----------------------------------+-------+| ID | Name |+----------------------------------+-------+| 49d6e90dc3d14870a94613f2d4c382e0 | admin || 5406975b73f84c9686881b688d41c8ef | user |+----------------------------------+-------+#查看项目[root@controller ~]# openstack project list+----------------------------------+---------+| ID | Name |+----------------------------------+---------+| 0acd609715164bc4a6fc769c23d98fcc | admin || 1ba73fa460b5446e945f5883e5e27b80 | demo || ee697d3eec9b4653b69a599ac2308edb | service |+----------------------------------+---------+#查看域[root@controller ~]# openstack domain list+---------+---------+---------+--------------------+| ID | Name | Enabled | Description |+---------+---------+---------+--------------------+| default | Default | True | The default domain |+---------+---------+---------+--------------------+
三、openstack glance组件部署安装
##################################################################################################################******************************************************************************************************************## glance 部署安装 ##################################################################################################################glance:管理镜像。(上传 下载 ,查看 ,修改,删除,快照、容灾、克隆) 镜像:所有东西都可以克隆,并且按照一定的格式生成镜像 iso镜像 vmdk镜像 quw2镜像################################################################################################################### [root@controller ~]# mysql -u root -pEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 56Server version: 10.1.18-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> CREATE DATABASE glance; #创建glance数据库MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123'; #创建用户并赋予权限MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '123'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123'; [root@controller ~]# source admin.sh #登录keystone,admin认证#在keystone里创建glance的认证用户和密码[root@controller ~]# openstack user create --domain default --password-prompt glanceUser Password:Repeat User Password:+---------------------+----------------------------------+| Field | Value |+---------------------+----------------------------------+| domain_id | default || enabled | True || id | 3f4e777c4062483ab8d9edd7dff829df || name | glance || password_expires_at | None |+---------------------+----------------------------------+ [root@controller ~]# openstack role add --project service --user glance admin #给glance用户赋予admin权限#创建glance服务[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Image || enabled | True || id | 400e77749e8c4f29a5ab0e124a408fda || name | glance || type | image |+-------------+----------------------------------+#创建公共的glance API[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 795e80b3501d4478a03de400887623df || interface | public || region | RegionOne || region_id | RegionOne || service_id | 400e77749e8c4f29a5ab0e124a408fda || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+#创建私有的glance API[root@controller ~]# openstack endpoint create --region RegionOne \image internal http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | c9253e145b334a01b5ce7406390ecbb1 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 400e77749e8c4f29a5ab0e124a408fda || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+#创建admin的glance API[root@controller ~]# openstack endpoint create --region RegionOne \image admin http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 0190aabbba724c18971fe459df77f5a5 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 400e77749e8c4f29a5ab0e124a408fda || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+[root@controller ~]# yum install openstack-glance -y #安装openstack glance组件[root@controller ~]# vim /etc/glance/glance-api.conf[database]connection = mysql+pymysql://glance:123@controller/glance #关联到glance数据库里 #glance认证设置[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123[paste_deploy]flavor = keystone#设置glance存储路径[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/[root@controller ~]# vim /etc/glance/glance-registry.conf [database]connection = mysql+pymysql://glance:123@controller/glance #关联数据库[keystone_authtoken]auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123[paste_deploy]flavor = keystone[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance #初始化glance数据库#验证数据库初始化是否成功[root@controller ~]# mysql -uroot -pEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 54Server version: 10.1.18-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> use glance;Reading table information for completion of table and column namesYou can turn off this feature to get a quicker startup with -ADatabase changedMariaDB [glance]> show tables;+----------------------------------+| Tables_in_glance |+----------------------------------+| artifact_blob_locations || artifact_blobs || artifact_dependencies || artifact_properties || artifact_tags || artifacts || image_locations || image_members || image_properties || image_tags || images || metadef_namespace_resource_types || metadef_namespaces || metadef_objects || metadef_properties || metadef_resource_types || metadef_tags || migrate_version || task_info || tasks |+----------------------------------+20 rows in set (0.00 sec)MariaDB [glance]> \q#设置glance 开机自启动和启动glance服务[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img#如果报错安装wget[root@controller ~]# yum install wget -y #安装wget#上传镜像文件到glance里管理[root@controller ~]# openstack image create "cirros" \> --file cirros-0.3.4-x86_64-disk.img \> --disk-format qcow2 --container-format bare \> --public+------------------+------------------------------------------------------+| Field | Value |+------------------+------------------------------------------------------+| checksum | ee1eca47dc88f4879d8a229cc70a07c6 || container_format | bare || created_at | 2017-02-14T13:30:26Z || disk_format | qcow2 || file | /v2/images/1e53e740-de48-49f6-94e4-e1bab71d40b8/file || id | 1e53e740-de48-49f6-94e4-e1bab71d40b8 || min_disk | 0 || min_ram | 0 || name | cirros || owner | 0acd609715164bc4a6fc769c23d98fcc || protected | False || schema | /v2/schemas/image || size | 13287936 || status | active || tags | || updated_at | 2017-02-14T13:30:28Z || virtual_size | None || visibility | public |+------------------+------------------------------------------------------+#验证glance组件安装是否能正常访问[root@controller ~]# openstack image list+--------------------------------------+--------+--------+| ID | Name | Status |+--------------------------------------+--------+--------+| 1e53e740-de48-49f6-94e4-e1bab71d40b8 | cirros | active |+--------------------------------------+--------+--------+
############################################################################################################## 控制节点 nova组件 部署安装 ##############################################################################################################nova组件 部署安装 1、[root@controller ~]# mysql -u root -p #登录MySQL数据库MariaDB [(none)]> CREATE DATABASE nova_api; #创建数据库nova_apiMariaDB [(none)]> CREATE DATABASE nova; #创建数据库novaMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123'; #赋予权限MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY '123'; #赋予权限MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123'; #赋予权限[root@controller ~]# source admin.sh[root@controller ~]# openstack user create --domain default --password-prompt nova #创建nova用户和密码123User Password:Repeat User Password:+---------------------+----------------------------------+| Field | Value |+---------------------+----------------------------------+| domain_id | default || enabled | True || id | 8a7dbf5279404537b1c7b86c033620fe || name | nova || password_expires_at | None |+---------------------+----------------------------------+[root@controller ~]# openstack role add --project service --user nova admin #给nova用户赋予权限[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute #创建service+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Compute || enabled | True || id | 060d59eac51b4594815603d75a00aba2 || name | nova || type | compute |+-------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s #创建nova public API端口+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | 3c1caa473bfe4390a11e7177894bcc7b || interface | public || region | RegionOne || region_id | RegionOne || service_id | 060d59eac51b4594815603d75a00aba2 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1/%(tenant_id)s |+--------------+-------------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \compute internal http://controller:8774/v2.1/%\(tenant_id\)s #创建nova internal API端口+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | e3c918de680746a586eac1f2d9bc10ab || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 060d59eac51b4594815603d75a00aba2 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1/%(tenant_id)s |+--------------+-------------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1/%\(tenant_id\)s #创建nova admin API端口+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | 38f7af91666a47cfb97b4dc790b94424 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 060d59eac51b4594815603d75a00aba2 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1/%(tenant_id)s |+--------------+-------------------------------------------+[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler #安装nova软件包[root@controller ~]# vim /etc/nova/nova.conf #配置nova配置文件[DEFAULT]transport_url = rabbit://openstack:123@controller #消息队列排队关联enabled_apis = osapi_compute,metadatamy_ip = 192.168.40.151 #本地IP地址use_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver #防火墙设置[api_database]connection = mysql+pymysql://nova:123@controller/nova_api #数据库关联[database]connection = mysql+pymysql://nova:123@controller/nova #数据库管理[api]auth_strategy = keystone #指定认证组件为keystone[keystone_authtoken] #keystone 认证auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = 123[vnc] #vnc远程控制设置 enabled = truevncserver_listen = $my_ipvncserver_proxyclient_address = $my_ip[glance]api_servers = http://controller:9292 #镜像glance关联[oslo_concurrency] #临时文件路径设置lock_path = /var/lib/nova/tmp[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova #初始化nova数据库[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova #初始化nova数据库[root@controller ~]# systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service #nova服务开机自启动设置[root@controller ~]# systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service #开启所有nova服务验证安装是否成功: 在控制节点上执行[root@controller ~]# source admin.sh #admin keystone认证[root@controller ~]# openstack compute service list #查看nova服务状态+----+--------------------+------------+----------+---------+-------+----------------------------+| Id | Binary | Host | Zone | Status | State | Updated At |+----+--------------------+------------+----------+---------+-------+----------------------------+| 1 | nova-consoleauth | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 || 2 | nova-scheduler | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 || 3 | nova-conductor | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 |+----+--------------------+------------+----------+---------+-------+----------------------------+