Steward_Xu

  博客园  :: 首页  :: 新随笔  :: 联系 :: 订阅 订阅  :: 管理

一、部署环境:
    两台centos7,  内存2G

         控制计算节点:

         Hostname1:                    ip:172.22.0.218

         计算节点及存储节点

         Hostname2:                    ip:172.22.0.209

二、管理节点环境准备

  1、安装时间同步并配置 

[root@linux-node1 ~]#yum install -y chrony
[root@linux-node1 ~]# vi /etc/chrony.conf 
# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 172.22.0.0/24
View Code

  2、启动时间同步

[root@linux-node1 ~]# systemctl enable chronyd.service
[root@linux-node1 ~]# systemctl start chronyd.service
[root@linux-node1 ~]# timedatectl  set-timezone Asia/Shanghai
View Code

  3、安装openstack-newton版本

[root@linux-node1 ~]#•yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm -y
[root@linux-node1 ~]# yum install centos-release-openstack-newton -y
[root@linux-node1 ~]# yum install python-openstackclient -y
View Code

  4、安装mysql

[root@linux-node1 ~]# yum install  mariadb mariadb-server MySQL-python -y
[root@linux-node1 /]# cp /usr/share/mariadb/my-medium.cnf  /etc/my.cnf
[root@linux-node1 /]# vim /etc/my.cnf
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8 
[root@linux-node1 /]# systemctl enable mariadb.service    #设置开机自动启动
[root@linux-node1 /]# systemctl start mariadb.service      #启动mysql
[root@linux-node1 /]# mysql_secure_installation          #设置密码
[root@linux-node1 /]# mysql -u root -p                  #登录数据库
View Code

  5、创建各个组件的数据库:

CREATE DATABASE keystone;                   #服务注册中心
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE nova_api;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY ' nova ';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY ' nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
View Code

  6、Rabbitmq消息队列安装

[root@linux-node1 /]# yum install  rabbitmq-server -y
[root@linux-node1 /]# systemctl enable rabbitmq-server.service      #开机启动rabbitmq
[root@linux-node1 /]# systemctl start rabbitmq-server.service      #启动rabbitmq 监听端口:5672     netstat -nplt
[root@linux-node1 /]# rabbitmqctl add_user openstack openstack   #创建用户openstack密码是openstack
[root@linux-node1 /]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"  #授权
View Code

  7、查看支持插件启动web管理插件端口是25672和15672

[root@localhost ~]# rabbitmq-plugins list                  #查看支持插件
 Configured: E = explicitly enabled; e = implicitly enabled
 | Status:   * = running on rabbit@localhost
 |/
[e*] amqp_client                       3.6.5
[  ] cowboy                            1.0.3
[  ] cowlib                            1.0.1
[e*] mochiweb                          2.13.1
[  ] rabbitmq_amqp1_0                  3.6.5
[  ] rabbitmq_auth_backend_ldap        3.6.5
[  ] rabbitmq_auth_mechanism_ssl       3.6.5
[  ] rabbitmq_consistent_hash_exchange 3.6.5
[  ] rabbitmq_event_exchange           3.6.5
[  ] rabbitmq_federation               3.6.5
[  ] rabbitmq_federation_management    3.6.5
[  ] rabbitmq_jms_topic_exchange       3.6.5
[E*] rabbitmq_management               3.6.5
[e*] rabbitmq_management_agent         3.6.5
[  ] rabbitmq_management_visualiser    3.6.5
[  ] rabbitmq_mqtt                     3.6.5
[  ] rabbitmq_recent_history_exchange  1.2.1
[  ] rabbitmq_sharding                 0.1.0
[  ] rabbitmq_shovel                   3.6.5
[  ] rabbitmq_shovel_management        3.6.5
[  ] rabbitmq_stomp                    3.6.5
[  ] rabbitmq_top                      3.6.5
[  ] rabbitmq_tracing                  3.6.5
[  ] rabbitmq_trust_store              3.6.5
[e*] rabbitmq_web_dispatch             3.6.5
[  ] rabbitmq_web_stomp                3.6.5
[  ] rabbitmq_web_stomp_examples       3.6.5
[  ] sockjs                            0.3.4
[e*] webmachine                        1.10.3
[root@localhost ~]# rabbitmq-plugins enable rabbitmq_management   #启动web管理插件端口是25672和15672 
View Code

  [root@localhost ~]# systemctl restart rabbitmq-server.service   #启动rabbitmq

  登录验证rabbitmq:

  登录web界面使用自带的用户guest密码guest

 

  

  授权OpenStack可以登录在Admin组件上配置

  

  点击OpenStack将Tagsp配置为administrator

  

  完成后状态:

  

  现在可用openstack用户登录rabbitmq了:

  

三、Keystone部署(用户验证与服务目录,包含所有服务项与相关Api的端点):

  keystone包含:user(用户);tenant(租户、项目);token(令牌);role(角色);service(服务);endpoint(端点)

  1、安装OpenStack

  [root@linux-node1 ~]# yum install  openstack-keystone httpd mod_wsgi memcached python-memcached -y 

  备注: memcache为存储keystone用户认证信息,python-memcached为连接memcache   

  [root@linux-node1 opt]# openssl rand -hex 10    #生产随机码用户admin_token

  e603318ad06187e6239c

  2、编辑keystone配置文件:  

root@localhost ~]# vi /etc/keystone/keystone.conf 
[default]
verbose = true  #开启debug
admin_token = e603318ad06187e6239c
[database]
connection = mysql://keystone:keystone@172.22.0.218/keystone
#用作链接数据库,三个keysthone分别为keystone组件,keystone用户名,mysql中的keysthone库名
[memcache]
servers = 172.22.0.218:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
[root@localhost keystone]# grep '^[a-z]' /etc/keystone/keystone.conf
admin_token = e603318ad06187e6239c
connection = mysql://keystone:keystone@172.22.0.218/keystone
servers = 172.22.0.218:11211
driver = sql
provider = uuid
driver = memcache
View Code

  3、同步数据库及检查数据库:  

  [root@localhost ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone  #同步数据库

  [root@localhost ~]#mysql  -uroot -pP@ssw0rd      #登录到数据库检查数据  

MariaDB [keystone]> show tables    #查看表是否建立token
    -> ;
+------------------------+
| Tables_in_keystone     |
+------------------------+
| access_token           |
| assignment             |
| config_register        |
| consumer               |
| credential             |
| endpoint               |
| endpoint_group         |
| federated_user         |
| federation_protocol    |
| group                  |
| id_mapping             |
| identity_provider      |
| idp_remote_ids         |
| implied_role           |
| local_user             |
| mapping                |
| migrate_version        |
| nonlocal_user          |
| password               |
| policy                 |
| policy_association     |
| project                |
| project_endpoint       |
| project_endpoint_group |
| region                 |
| request_token          |
| revocation_event       |
| role                   |
| sensitive_config       |
| service                |
| service_provider       |
| token                  |
| trust                  |
| trust_role             |
| user                   |
| user_group_membership  |
| whitelisted_config     |
+------------------------+
37 rows in set (0.01 sec)
View Code

  [root@localhost ~]# systemctl start memcached.service  #启动memcache

  4、添加一个apache的wsgi-keystone配置文件,其中5000端口是提供该服务的,35357是为admin提供管理用的   

[root@localhost ~]# vi /etc/httpd/conf.d/wsgi-keystone.conf 

Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>
<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
      ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>
View Code

  5、修改Apache配置

ServerName 172.22.0.218:80
View Code

  6、启动Apache及检查服务:

[root@localhost ~]# systemctl start httpd.service 
[root@localhost ~]# systemctl enable httpd.service 
[root@localhost ~]# netstat -ntlp | grep httpd     #检查
tcp6       0      0 :::80                   :::*                    LISTEN      6381/httpd          
tcp6       0      0 :::35357                :::*                    LISTEN      6381/httpd          
tcp6       0      0 :::5000                 :::*                    LISTEN      6381/httpd  
View Code

  7、设置环境变量及创建项目(project):

创建用户并连接keystone,在这里可以使用两种方式,通过keystone –help后家参数的方式,或者使用环境变量env的方式,下面就将使用环境变量的方式,分别设置了token,API及控制版本(SOA种很适用)  

[root@linux-node1~]# export OS_TOKEN=e603318ad06187e6239c

[root@llinux-node1 ~]# export OS_URL=http://172.22.0.218:35357/v3

[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3  

  创建admin项目(project)

[root@linux-node1 ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | 75d20be284604d22aa6339f4a92092ad |
| name        | default                          |
+-------------+----------------------------------+
[root@linux-node1 ~]# openstack project create --domain default   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | 75d20be284604d22aa6339f4a92092ad |
| enabled     | True                             |
| id          | 7c0763e1b8a84e628eca4603e8170e31 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | 75d20be284604d22aa6339f4a92092ad |
+-------------+----------------------------------+
View Code

  创建admin用户(user)并设置密码(生产环境一定设置一个复杂的)

[root@linux-node1 ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | 75d20be284604d22aa6339f4a92092ad |
| enabled             | True                             |
| id                  | b157751bed2a49fba654b8aca651d6e2 |
| name                | admin                            |
| password_expires_at | None                             |
+---------------------+----------------------------------+
View Code

  创建admin的角色(role)

[root@linux-node1 ~]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | f9d64dd56e924013a5625079afb90bd1 |
| name      | admin                            |
+-----------+----------------------------------+
View Code

  把admin用户加到admin项目,赋予admin角色,把角色,项目,用户关联起来

  [root@localhost ~]# openstack role add --project admin --user admin admin

  创建一个普通用户demo,demo项目,角色为普通用户(uesr),并把它们关联起来  

[root@linux-node1 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | 75d20be284604d22aa6339f4a92092ad |
| enabled     | True                             |
| id          | 0eb713b710f74dddae9c05da5b851813 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | 75d20be284604d22aa6339f4a92092ad |
+-------------+----------------------------------+
[root@linux-node1 keystone]# openstack user create --domain default --password=demo demo
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | 75d20be284604d22aa6339f4a92092ad |
| enabled             | True                             |
| id                  | 2c317424791d40409b9563a6be84eb87 |
| name                | demo                             |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@linux-node1 ~]# openstack role create user
[root@linux-node1 ~]#  openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 81a9712d39cf43c083b1dac1d791220b |
| name      | user                             |
+-----------+----------------------------------+
[root@localhost ~]# openstack role add --project demo --user demo user   #加入user角色
View Code

  创建一个service的项目,此服务用来管理nova,neuturn,glance等组件的服务

[root@linux-node1 keystone]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | 75d20be284604d22aa6339f4a92092ad |
| enabled     | True                             |
| id          | af2f8ddb65f54334aec867f364c3ceb4 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | 75d20be284604d22aa6339f4a92092ad |
+-------------+----------------------------------+
查看创建的用户,角色,项目:
[root@linux-node1 ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 2c317424791d40409b9563a6be84eb87 | demo  |
| b157751bed2a49fba654b8aca651d6e2 | admin |
+----------------------------------+-------+
[root@linux-node1 ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 0eb713b710f74dddae9c05da5b851813 | demo    |
| 7c0763e1b8a84e628eca4603e8170e31 | admin   |
| af2f8ddb65f54334aec867f364c3ceb4 | service |
+----------------------------------+---------+
[root@linux-node1 ~]# openstack role list 
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 81a9712d39cf43c083b1dac1d791220b | user  |
| f9d64dd56e924013a5625079afb90bd1 | admin |
+----------------------------------+-------+
View Code

  注册keystone服务,虽然keystone本身是搞注册的,但是自己也需要注册服务
创建keystone认证  

[root@linux-node1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 9b0442ce735142b5a895c4e9d5cac0b5 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
View Code

  分别创建三种类型的endpoint,分别为public:对外可见,internal内部使用,admin管理使用

[root@linux-node1 ~]#  openstack endpoint create --region RegionOne identity public http://172.22.0.218:5000/v2.0
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 93feb7dd80b3405893c409f914e39a4e |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9b0442ce735142b5a895c4e9d5cac0b5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://172.22.0.218:5000/v2.0    |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity internal http://172.22.0.218:5000/v2.0
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 444f17d243354ec79bc40cff08123133 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9b0442ce735142b5a895c4e9d5cac0b5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://172.22.0.218:5000/v2.0    |
+--------------+----------------------------------+
[[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity admin http://172.22.0.218:35357/v2.0 
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | db9aaaa9a0cb4b11ae8d0ee610765fea |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9b0442ce735142b5a895c4e9d5cac0b5 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://172.22.0.218:35357/v2.0   |
+--------------+----------------------------------+
View Code

  查看创建的endpoint:

[root@linux-node1 ~]# openstack endpoint list
+---------------------+-----------+--------------+--------------+---------+-----------+----------------------+
| ID                  | Region    | Service Name | Service Type | Enabled | Interface | URL                  |
+---------------------+-----------+--------------+--------------+---------+-----------+----------------------+
| 444f17d243354ec79bc | RegionOne | keystone     | identity     | True    | internal  | http://172.22.0.218: |
| 40cff08123133       |           |              |              |         |           | 5000/v2.0            |
| 93feb7dd80b3405893c | RegionOne | keystone     | identity     | True    | public    | http://172.22.0.218: |
| 409f914e39a4e       |           |              |              |         |           | 5000/v2.0            |
| db9aaaa9a0cb4b11ae8 | RegionOne | keystone     | identity     | True    | admin     | http://172.22.0.218: |
| d0ee610765fea       |           |              |              |         |           | 35357/v2.0           |
+---------------------+-----------+--------------+--------------+---------+-----------+----------------------+
View Code

  删除endpoint:

  [root@localhost ~]# openstack endpoint delete  xxxxxxxxxxxxxxxx(ID号)

四、链接到keystone,请求token,在这里由于已经添加了用户名和密码,就不在使用token,所有就一定要取消环境变量了

[root@localhost ~]# unset OS_TOKEN

[root@localhost ~]# unset OS_URL   

  配置keystone环境变量,方便执行命令:  

[[root@linux-node1 ~]# vi admin-openrc.sh 
export OS_PROJECT_DOMAIN_ID=149851931b7746bdbe239b17a17f2845
export OS_USER_DOMAIN_ID=149851931b7746bdbe239b17a17f2845 
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://172.22.0.218:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

[root@localhost ~]# vi demo-openrc.sh 
export OS_PROJECT_DOMAIN_ID=149851931b7746bdbe239b17a17f2845
export OS_USER_DOMAIN_ID=149851931b7746bdbe239b17a17f2845 
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://172.22.0.218:5000/v3 
export OS_IDENTITY_API_VERSION=3
View Code

[root@localhost ~]# chmod +x admin-openrc.sh  demo-openrc.sh

[root@localhost ~]# source admin-openrc.sh

[root@localhost ~]# openstack token issue

[root@linux-node1 ~]# openstack token issue
+------------+----------------------------------+
| Field      | Value                            |
+------------+----------------------------------+
| expires    | 2018-03-05 10:23:52+00:00        |
| id         | 7267bebbcc1342f68be476ab51671366 |
| project_id | 503b0eab0420454e909a46e476bf1ede |
| user_id    | faa372fc9c4a45e9870b98a0ab4952ef |
+------------+----------------------------------+
View Code

获取token表示部署成功!

 

posted on 2018-03-12 16:23  Steward_Xu  阅读(661)  评论(0编辑  收藏  举报