您好,登錄后才能下訂單哦!
openstack 官方文檔安裝
系統(tǒng)版本 centos7 (最小化安裝即可)
2臺機器 內存2g(控制節(jié)點建議可以給到4-6g,因為2g我試驗起來感覺比較卡頓,dashboard感覺反應有些緩慢),cpu2個 硬盤100g,每臺機器需要2個網卡,具體可以查看
說明:
下面是官方截圖:
control節(jié)點安裝mysql rabbitmq keystone glance nova dashboard neutron
compute節(jié)點安裝 nova neutron
openstack官網 配置說明
openstack安裝步驟:
1.[ntp安裝]
ntp主要為同步時間所用,時間不同步,可能造成你不能創(chuàng)建云主機
yum install chrony
vi /etc/chrony.conf增加
server NTP_SERVER iburst
allow 你的ip地址網段(允許你的ip地址網段可以訪問ntp)
systemctl enable chronyd.service(加入系統(tǒng)自啟動)
systemctl start chronyd.service(啟動ntp服務)
注意:在centos7以前的版本安裝ntp
yum install ntp
ntpdate time.nist.gov(同步時鐘)
hwclock -w (寫入bios)
2.[openstack packages]
安裝openstack最新的源:
yum install centos-release-openstack-mitaka
yum install https://rdoproject.org/repos/rdo-release.rpm
yum upgrade (更新源)
yum install python-openstackclient(安裝opentack必須的插件)
yum install openstack-selinux(可選則安裝這個插件,我直接關閉了selinux,因為不熟,對后續(xù)不會有影響)
3.[database]
openstack支持很多的數據庫,MySQL or PostgreSQL等
這里我們使用mysql。
yum install mariadb mariadb-server python2-PyMySQL(mariadb是mysql的新版本而已,無需驚訝)
vi /etc/my.cnf
加入:
[mysqld]
bind-address = 192.168.1.48(安裝mysql的機器的IP地址)
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8
將mysql加入自啟動
systemctl enable mariadb.service
啟動mysql
systemctl start mariadb.service
設置mysql屬性:
直接輸入腳本命令:
mysql_secure_installation
按照相關設置即可
注意:注意檢查mysqld是否運行。3306端口是否起來
3.[rabbitmq]
安裝openstack的消息使者rabbitmq,如果rabbitmq沒有運行起來,你的整openstack平臺將無法使用。rabbitmq使用5672端口。
yum install rabbitmq-server
systemctl enable rabbitmq-server.service(加入自啟動)
systemctl start rabbitmq-server.service(啟動)
rabbitmqctl add_user openstack RABBIT_PASS(增加用戶openstack,密碼自己設置替換掉RABBIT_PASS)
rabbitmqctl set_permissions openstack ".*" ".*" ".*"(給新增的用戶授權,沒有授權的用戶將不能接受和傳遞消息)
4.[memcached]
memcache為選擇安裝項目。使用端口11211
yum install memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
5.[keystone認證服務]
注意:在之前需要設置好hosts解析,控制節(jié)點和計算節(jié)點都要做。我的為:
192.168.1.48 control
192.168.1.49 compute
登錄數據庫創(chuàng)建keystone數據庫。
mysql -u root -p
CREATE DATABASE keystone;
設置授權用戶和密碼:
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '密碼';
生成admin_token的隨機值:
openssl rand -hex 10
安裝keystone
yum install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
使用剛剛生成的隨機值替換掉:
admin_token = 隨機值(主要為安全,也可以不用替換)
配置數據庫連接:
connection = mysql+pymysql://keystone:密碼@數據庫ip地址/keystone
設置:provider = fernet、
同步keystone數據庫:keystone-manage db_sync(一點要查看數據庫是否生成表成功)
初始化keys:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置apache:
vi /etc/httpd/conf/httpd.conf
將ServerName 后面改成主機名,防止啟動報錯
ServerName control
生成wsgi配置文件:
vi /etc/httpd/conf.d/wsgi-keystone.conf加入:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
啟動httpd:
systemctl enable httpd.service
systemctl start httpd.service
6.[創(chuàng)建keystone的service目錄和endpoint]
export OS_TOKEN=上面生成的隨機值
export OS_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3
創(chuàng)建keystone的service:
openstack service create --name keystone --description "OpenStack Identity" identity (identity這個認證類型一定不可以錯)
創(chuàng)建keystone的endpoint:
openstack endpoint create --region RegionOne \
identity public http://control:5000/v3
openstack endpoint create --region RegionOne \
identity internel http://control:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://control:35357/v3
7.[創(chuàng)建域,用戶,租戶,角色]
創(chuàng)建默認域default:
openstack domain create --description "Default Domain" default
創(chuàng)建admin的租戶:
openstack project create --domain default \
--description "Admin Project" admin
創(chuàng)建admin用戶:
openstack user create --domain default \
--password-prompt admin(會提示輸入密碼為登錄dashboard的密碼)
創(chuàng)建admin角色:
openstack role create admin
將用戶租戶角色連接起來:
openstack role add --project admin --user admin admin
創(chuàng)建服務目錄:
openstack project create --domain default \
--description "Service Project" service
創(chuàng)建demo信息類似admin:
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
創(chuàng)建完成之后可以使用命令驗證:
openstack --os-auth-url http://control:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
輸入密碼之后,有正確的輸出即為配置正確。
可將環(huán)境變量設置為腳本:
vi admin-openrc 加入:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxx
export OS_AUTH_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
demo的變量類似即可。
運行使用 . admin-openrc或者使用source admin-openrc
驗證輸入命令:
openstack token issue
有正確的輸出即為配置正確。
8.[glance鏡像服務]
建立glance數據
登錄mysql
mysql -u root -p
CREATE DATABASE glance;
授權
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '密碼';
運行環(huán)境變量:
. admin-openrc
創(chuàng)建glance用戶信息:
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
創(chuàng)建鏡像服務目錄:
openstack service create --name glance \
--description "OpenStack Image" p_w_picpath
創(chuàng)建鏡像endpoint:
penstack endpoint create --region RegionOne \
p_w_picpath public http://control:9292
penstack endpoint create --region RegionOne \
p_w_picpath internal http://control:9292
penstack endpoint create --region RegionOne \
p_w_picpath admin http://control:9292
安裝:
yum install openstack-glance
vi /etc/glance/glance-api.conf
配置數據庫連接:
connection = mysql+pymysql://glance:密碼@數據庫ip/glance
找到[keystone_authtoken](配置認證)
加入:
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = xxxx
找到:[paste_deploy]
flavor = keystone
找到[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/p_w_picpaths/
編輯/etc/glance/glance-registry.conf
找到[database]
connection = mysql+pymysql://glance:密碼@數據庫ip/glance
找到[keystone_authtoken](配置認證)
加入:
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = xxxx
找到:[paste_deploy]
flavor = keystone
同步數據庫:
glance-manage db_sync
啟動glance:
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
驗證:
運行環(huán)境變量:
. admin-openrc
下載一個比較小的鏡像:
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
上傳鏡像:
openstack p_w_picpath create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
查看:
openstack p_w_picpath list
有輸出 證明glance配置正確
9.[nova 控制節(jié)點]
建立nova的數據庫:、
mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
授權:
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY '密碼';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY '密碼';
運行環(huán)境變量:
. admin-openrc
創(chuàng)建nova用戶:
openstack user create --domain default \
--password-prompt nova
openstack role add --project service --user nova admin
創(chuàng)建計算服務:
openstack service create --name nova \
--description "OpenStack Compute" compute
創(chuàng)建endpoint:
openstack endpoint create --region RegionOne \
compute public http://control:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://control:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://control:8774/v2.1/%\(tenant_id\)s
安裝:
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
編輯/etc/nova/nova.conf
找到:[DEFAULT]
enabled_apis = osapi_compute,metadata
找到:
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = xxx
[DEFAULT]
my_ip = ip地址
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://control:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步數據庫:
nova-manage api_db sync
nova-manage db sync
啟動服務:
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
10.[nova計算節(jié)點]
yum install openstack-nova-compute
編輯/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = xxx
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = xxx
[DEFAULT]
...
my_ip =計算節(jié)點ip地址
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://control:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
注意:
egrep -c '(vmx|svm)' /proc/cpuinfo
如果為0則需要修改/etc/nova/nova.conf
[libvirt]
...
virt_type = qemu
為大于0則不需要
啟動:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
在控制節(jié)點驗證:
運行環(huán)境變量:
. admin-openrc
openstack compute service list
輸出正常即為配置正確
11.[neutron 控制節(jié)點]
創(chuàng)建neutron數據庫
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
運行環(huán)境變量:
. admin-openrc
創(chuàng)建用戶:
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
創(chuàng)建網絡服務:
openstack service create --name neutron \
--description "OpenStack Networking" network
創(chuàng)建neutron endpoint
openstack endpoint create --region RegionOne \
network public http://control:9696
openstack endpoint create --region RegionOne \
network internal http://control:9696
openstack endpoint create --region RegionOne \
network admin http://control:9696
創(chuàng)建vxlan網絡:
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
編輯:/etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:密碼@control/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxx
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
...
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = xxxx
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
配置ml2擴展:
編輯:/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[ml2_type_vxlan]
...
vni_ranges = 1:1000
[securitygroup]
...
enable_ipset = True
配置網橋:
編輯:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:使用的網卡名稱
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置3層網絡:
編輯:/etc/neutron/l3_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
配置dhcp:
編輯:/etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
配置metadata agent
編輯:/etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
編輯/etc/nova/nova.conf
[neutron]
...
url = http://control:9696
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxx
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
創(chuàng)建擴展連接:
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
啟動:
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
12.[neutron計算節(jié)點]
yum install openstack-neutron-linuxbridge ebtables ipset
編輯: /etc/neutron/neutron.conf
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxx
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
配置vxlan
編輯:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
編輯/etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxx
啟動:
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service
驗證:
運行環(huán)境變量:
. admin-openrc
neutron ext-list
輸出正常即可
13.[dashboard]
yum install openstack-dashboard
編輯:/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "control"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"p_w_picpath": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
啟動:
systemctl restart httpd.service memcached.service
到此openstack安裝完,你可以去dashboard上面去創(chuàng)建云主機了。
參考文獻:http://docs.openstack.org/mitaka/install-guide-rdo/common/conventions.html
免責聲明:本站發(fā)布的內容(圖片、視頻和文字)以原創(chuàng)、轉載和分享為主,文章觀點不代表本網站立場,如果涉及侵權請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關證據,一經查實,將立刻刪除涉嫌侵權內容。