openstack mitaka 完整安裝詳細文檔（親測，花了3天時間）

openstack 官方文檔安裝

系統(tǒng)版本 centos7 （最小化安裝即可）

2臺機器 內存2g（控制節(jié)點建議可以給到4-6g，因為2g我試驗起來感覺比較卡頓，dashboard感覺反應有些緩慢），cpu2個 硬盤100g，每臺機器需要2個網卡，具體可以查看

說明：

下面是官方截圖：

control節(jié)點安裝mysql rabbitmq keystone glance nova dashboard neutron

compute節(jié)點安裝 nova neutron

openstack官網 配置說明

openstack安裝步驟：

1.[ntp安裝]

ntp主要為同步時間所用，時間不同步，可能造成你不能創(chuàng)建云主機

yum install chrony

 vi /etc/chrony.conf增加

  server NTP_SERVER iburst

  allow 你的ip地址網段（允許你的ip地址網段可以訪問ntp）

  systemctl enable chronyd.service(加入系統(tǒng)自啟動)

  systemctl start chronyd.service（啟動ntp服務）

  注意：在centos7以前的版本安裝ntp

  yum install ntp

   ntpdate time.nist.gov(同步時鐘)

   hwclock -w （寫入bios）

2.[openstack packages]

安裝openstack最新的源：

 yum install centos-release-openstack-mitaka

 yum install https://rdoproject.org/repos/rdo-release.rpm

 yum upgrade (更新源)

 yum install python-openstackclient（安裝opentack必須的插件）

 yum install openstack-selinux（可選則安裝這個插件，我直接關閉了selinux，因為不熟，對后續(xù)不會有影響）

 3.[database]

 openstack支持很多的數據庫，MySQL or PostgreSQL等

 這里我們使用mysql。

 yum install mariadb mariadb-server python2-PyMySQL（mariadb是mysql的新版本而已，無需驚訝）

 vi  /etc/my.cnf

 加入：

 [mysqld]

bind-address = 192.168.1.48（安裝mysql的機器的IP地址）

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

character-set-server = utf8

將mysql加入自啟動

systemctl enable mariadb.service

啟動mysql

systemctl start mariadb.service

設置mysql屬性：

直接輸入腳本命令：

 mysql_secure_installation

 按照相關設置即可

 注意：注意檢查mysqld是否運行。3306端口是否起來

 3.[rabbitmq]

 安裝openstack的消息使者rabbitmq，如果rabbitmq沒有運行起來，你的整openstack平臺將無法使用。rabbitmq使用5672端口。

 yum install rabbitmq-server

 systemctl enable rabbitmq-server.service（加入自啟動）

 systemctl start rabbitmq-server.service（啟動）

 rabbitmqctl add_user openstack RABBIT_PASS（增加用戶openstack，密碼自己設置替換掉RABBIT_PASS）

 rabbitmqctl set_permissions openstack ".*" ".*" ".*"（給新增的用戶授權，沒有授權的用戶將不能接受和傳遞消息）

 4.[memcached]

 memcache為選擇安裝項目。使用端口11211

 yum install memcached python-memcached

 systemctl enable memcached.service

 systemctl start memcached.service

 5.[keystone認證服務]

 注意：在之前需要設置好hosts解析，控制節(jié)點和計算節(jié)點都要做。我的為：

 192.168.1.48 control

 192.168.1.49 compute

 登錄數據庫創(chuàng)建keystone數據庫。

 mysql -u root -p

 CREATE DATABASE keystone;

 設置授權用戶和密碼：

 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

  IDENTIFIED BY '密碼';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

  IDENTIFIED BY '密碼';

  生成admin_token的隨機值：

  openssl rand -hex 10 

  安裝keystone

   yum install openstack-keystone httpd mod_wsgi

   vi /etc/keystone/keystone.conf

   使用剛剛生成的隨機值替換掉：

   admin_token = 隨機值（主要為安全，也可以不用替換）

   配置數據庫連接：

   connection = mysql+pymysql://keystone:密碼@數據庫ip地址/keystone

   設置：provider = fernet、

   同步keystone數據庫：keystone-manage db_sync（一點要查看數據庫是否生成表成功）

   初始化keys：

    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置apache：

vi  /etc/httpd/conf/httpd.conf

將ServerName 后面改成主機名，防止啟動報錯

     ServerName control

生成wsgi配置文件：

vi /etc/httpd/conf.d/wsgi-keystone.conf加入：

Listen 5000

Listen 35357

<VirtualHost *:5000>

    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>

        Require all granted

    </Directory>

</VirtualHost>

<VirtualHost *:35357>

    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    ErrorLogFormat "%{cu}t %M"

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>

        Require all granted

    </Directory>

</VirtualHost>

啟動httpd：

systemctl enable httpd.service

systemctl start httpd.service

6.[創(chuàng)建keystone的service目錄和endpoint]

 export OS_TOKEN=上面生成的隨機值

 export OS_URL=http://control:35357/v3

 export OS_IDENTITY_API_VERSION=3

 創(chuàng)建keystone的service：

  openstack service create --name keystone --description "OpenStack Identity" identity （identity這個認證類型一定不可以錯）

  創(chuàng)建keystone的endpoint：

  openstack endpoint create --region RegionOne \

  identity public http://control:5000/v3

    openstack endpoint create --region RegionOne \

  identity internel  http://control:5000/v3

    openstack endpoint create --region RegionOne \

  identity admin  http://control:35357/v3

  7.[創(chuàng)建域，用戶，租戶，角色]

  創(chuàng)建默認域default:

  openstack domain create --description "Default Domain" default

  創(chuàng)建admin的租戶：

  openstack project create --domain default \

  --description "Admin Project" admin

  創(chuàng)建admin用戶：

  openstack user create --domain default \

  --password-prompt admin（會提示輸入密碼為登錄dashboard的密碼）

  創(chuàng)建admin角色：

  openstack role create admin

  將用戶租戶角色連接起來：

  openstack role add --project admin --user admin admin

  創(chuàng)建服務目錄：

   openstack project create --domain default \

  --description "Service Project" service

  創(chuàng)建demo信息類似admin：

   openstack project create --domain default \

  --description "Demo Project" demo

  openstack user create --domain default \

  --password-prompt demo

  openstack role create user

  openstack role add --project demo --user demo user

  創(chuàng)建完成之后可以使用命令驗證：

  openstack --os-auth-url http://control:35357/v3 \

  --os-project-domain-name default --os-user-domain-name default \

  --os-project-name admin --os-username admin token issue

  輸入密碼之后，有正確的輸出即為配置正確。

  可將環(huán)境變量設置為腳本：

  vi admin-openrc 加入：

  export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=xxxx

export OS_AUTH_URL=http://control:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

demo的變量類似即可。

運行使用 . admin-openrc或者使用source admin-openrc

驗證輸入命令：

openstack token issue

有正確的輸出即為配置正確。

8.[glance鏡像服務]

建立glance數據

登錄mysql

mysql -u root -p

CREATE DATABASE glance;

授權

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

  IDENTIFIED BY '密碼';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

  IDENTIFIED BY '密碼';

  運行環(huán)境變量：

  . admin-openrc

  創(chuàng)建glance用戶信息：

   openstack user create --domain default --password-prompt glance

   openstack role add --project service --user glance admin

  創(chuàng)建鏡像服務目錄：

  openstack service create --name glance \

  --description "OpenStack Image" p_w_picpath

  創(chuàng)建鏡像endpoint：

  penstack endpoint create --region RegionOne \

  p_w_picpath public http://control:9292

  penstack endpoint create --region RegionOne \

  p_w_picpath internal http://control:9292

  penstack endpoint create --region RegionOne \

  p_w_picpath admin http://control:9292

  安裝：

  yum install openstack-glance

vi  /etc/glance/glance-api.conf

  配置數據庫連接：

  connection = mysql+pymysql://glance:密碼@數據庫ip/glance

  找到[keystone_authtoken]（配置認證）

  加入：

  auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = xxxx

找到：[paste_deploy]

flavor = keystone

 找到[glance_store] 

 stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/p_w_picpaths/

編輯/etc/glance/glance-registry.conf

找到[database]

connection = mysql+pymysql://glance:密碼@數據庫ip/glance

找到[keystone_authtoken]（配置認證）

  加入：

  auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = xxxx

找到：[paste_deploy]

flavor = keystone

同步數據庫：

glance-manage db_sync

啟動glance：

systemctl enable openstack-glance-api.service \

  openstack-glance-registry.service

   systemctl start openstack-glance-api.service \

  openstack-glance-registry.service

  驗證：

  運行環(huán)境變量：

  . admin-openrc

  下載一個比較小的鏡像：

  wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

  上傳鏡像：

  openstack p_w_picpath create "cirros" \

  --file cirros-0.3.4-x86_64-disk.img \

  --disk-format qcow2 --container-format bare \

  --public

  查看：

  openstack p_w_picpath list

  有輸出 證明glance配置正確

 9.[nova 控制節(jié)點]

 建立nova的數據庫：、

 mysql -u root -p

 CREATE DATABASE nova_api;

CREATE DATABASE nova;

授權：

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

  IDENTIFIED BY '密碼';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

  IDENTIFIED BY '密碼';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

  IDENTIFIED BY '密碼';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

  IDENTIFIED BY '密碼';

  運行環(huán)境變量：

  . admin-openrc

  創(chuàng)建nova用戶：

  openstack user create --domain default \

  --password-prompt nova

  openstack role add --project service --user nova admin

  創(chuàng)建計算服務：

  openstack service create --name nova \

  --description "OpenStack Compute" compute

  創(chuàng)建endpoint：

  openstack endpoint create --region RegionOne \

  compute public http://control:8774/v2.1/%\(tenant_id\)s

   openstack endpoint create --region RegionOne \

  compute internal http://control:8774/v2.1/%\(tenant_id\)s

   openstack endpoint create --region RegionOne \

  compute admin http://control:8774/v2.1/%\(tenant_id\)s

  安裝：

  yum install openstack-nova-api openstack-nova-conductor \

  openstack-nova-console openstack-nova-novncproxy \

  openstack-nova-scheduler

  編輯/etc/nova/nova.conf 

  找到：[DEFAULT]

  enabled_apis = osapi_compute,metadata

  找到：

[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = xxx

[DEFAULT]

my_ip = ip地址

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

[glance]

api_servers = http://control:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

同步數據庫：

nova-manage api_db sync

nova-manage db sync

啟動服務：

systemctl enable openstack-nova-api.service \

  openstack-nova-consoleauth.service openstack-nova-scheduler.service \

  openstack-nova-conductor.service openstack-nova-novncproxy.service

  systemctl start openstack-nova-api.service \

  openstack-nova-consoleauth.service openstack-nova-scheduler.service \

  openstack-nova-conductor.service openstack-nova-novncproxy.service

  10.[nova計算節(jié)點]

  yum install openstack-nova-compute

  編輯/etc/nova/nova.conf

  [DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = xxx

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = xxx

[DEFAULT]

...

my_ip =計算節(jié)點ip地址

[DEFAULT]

...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

...

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://control:6080/vnc_auto.html

[glance]

...

api_servers = http://controller:9292

[oslo_concurrency]

...

lock_path = /var/lib/nova/tmp

注意：

egrep -c '(vmx|svm)' /proc/cpuinfo

如果為0則需要修改/etc/nova/nova.conf

[libvirt]

...

virt_type = qemu

為大于0則不需要

啟動：

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

在控制節(jié)點驗證：

運行環(huán)境變量：

. admin-openrc

 openstack compute service list

 輸出正常即為配置正確

 11.[neutron 控制節(jié)點]

 創(chuàng)建neutron數據庫

  mysql -u root -p

  CREATE DATABASE neutron;

  GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

  運行環(huán)境變量：

   . admin-openrc

   創(chuàng)建用戶：

   openstack user create --domain default --password-prompt neutron

   openstack role add --project service --user neutron admin

   創(chuàng)建網絡服務：

   openstack service create --name neutron \

  --description "OpenStack Networking" network

  創(chuàng)建neutron endpoint

   openstack endpoint create --region RegionOne \

  network public http://control:9696

   openstack endpoint create --region RegionOne \

  network internal http://control:9696

  openstack endpoint create --region RegionOne \

  network admin http://control:9696

  創(chuàng)建vxlan網絡：

  yum install openstack-neutron openstack-neutron-ml2 \

  openstack-neutron-linuxbridge ebtables

  編輯：/etc/neutron/neutron.conf 

  [database]

...

connection = mysql+pymysql://neutron:密碼@control/neutron

[DEFAULT]

...

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

[DEFAULT]

...

rpc_backend = rabbit

[oslo_messaging_rabbit]

...

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[DEFAULT]

...

auth_strategy = keystone

[keystone_authtoken]

...

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = xxxx

[DEFAULT]

...

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

[nova]

...

auth_url = http://control:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = xxxx

[oslo_concurrency]

...

lock_path = /var/lib/neutron/tmp

配置ml2擴展：

編輯：/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

...

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]

...

flat_networks = provider

[ml2_type_vxlan]

...

vni_ranges = 1:1000

[securitygroup]

...

enable_ipset = True

配置網橋：

編輯：/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:使用的網卡名稱

[vxlan]

enable_vxlan = True

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = True

[securitygroup]

...

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置3層網絡：

編輯：/etc/neutron/l3_agent.ini 

[DEFAULT]

...

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

配置dhcp：

編輯：/etc/neutron/dhcp_agent.ini 

[DEFAULT]

...

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = True

配置metadata agent

編輯：/etc/neutron/metadata_agent.ini 

[DEFAULT]

...

nova_metadata_ip = controller

metadata_proxy_shared_secret = METADATA_SECRET

編輯/etc/nova/nova.conf

[neutron]

...

url = http://control:9696

auth_url = http://control:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = xxxx

service_metadata_proxy = True

metadata_proxy_shared_secret = METADATA_SECRET

創(chuàng)建擴展連接：

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

啟動：

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service \

  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

  neutron-metadata-agent.service

  systemctl start neutron-server.service \

  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

  neutron-metadata-agent.service

  systemctl enable neutron-l3-agent.service

  systemctl start neutron-l3-agent.service

  12.[neutron計算節(jié)點]

  yum install openstack-neutron-linuxbridge ebtables ipset

  編輯： /etc/neutron/neutron.conf 

  [DEFAULT]

...

rpc_backend = rabbit

auth_strategy = keystone

[oslo_messaging_rabbit]

...

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[keystone_authtoken]

...

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = xxxx

[oslo_concurrency]

...

lock_path = /var/lib/neutron/tmp

配置vxlan

編輯：/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

[vxlan]

enable_vxlan = True

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = True

[securitygroup]

...

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

編輯/etc/nova/nova.conf

[neutron]

...

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = xxxx

啟動：

 systemctl restart openstack-nova-compute.service

 systemctl enable neutron-linuxbridge-agent.service

 systemctl enable neutron-linuxbridge-agent.service

 驗證：

 運行環(huán)境變量：

 . admin-openrc

  neutron ext-list

  輸出正常即可

  13.[dashboard]

  yum install openstack-dashboard

  編輯：/etc/openstack-dashboard/local_settings

  OPENSTACK_HOST = "control"

  ALLOWED_HOSTS = ['*', ]

 SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': 'controller:11211',

    }

}

 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

 OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "p_w_picpath": 2,

    "volume": 2,

}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

啟動：

systemctl restart httpd.service memcached.service

到此openstack安裝完，你可以去dashboard上面去創(chuàng)建云主機了。

參考文獻：http://docs.openstack.org/mitaka/install-guide-rdo/common/conventions.html