openstack安装文档
#########################################openstack m版本部署安装#################################
# 控制节点、网络节点、计算节点======控制节点
#1、防火墙 关闭
#2、主机规划:192.168.40.151
#3、主机名:controller vim /etc/hosts
#4、yum配置:
#5、系统更新
#6、时间同步,时间服务器 ntp
####################################################################################################
#1、关闭防火墙
[root@localhost ~]# systemctl stop firewalld
[root@localhost ~]# systemctl disable firewalld
[root@localhost ~]# setenforce 0
[root@localhost ~]# vim /etc/selinux/config
SELINUX=disabled
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl disable NetworkManager
#2、静态IP地址配置
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736
HWADDR=00:0C:29:A9:29:A9
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=eno16777736
UUID=69b7cbcb-4f9a-4a3e-85f1-332a76f233c4
ONBOOT=yes
IPADDR=192.168.40.151
NETMASK=255.255.255.0
GATEWAY=192.168.40.2
#3、主机名设置
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# vim /etc/hosts
192.168.40.151 controller
#4、yum配置:
[root@localhost yum.repos.d]# vim 122.repo
[base]
name=CentOS-$releasever - Base
baseurl=http://10.1.1.161/centos-yum/7/os/x86_64/
gpgcheck=0
enabled=1
[m]
name=m
baseurl=http://10.1.1.161/openstack-rpms/openstack-mitaka/openstack-mitaka/
gpgcheck=0
enabled=1
#released updates
[updates]
name=CentOS-$releasever - Updates
baseurl=http://10.1.1.161/centos-yum/7/updates/x86_64/
gpgcheck=0
enabled=1
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
baseurl=http://10.1.1.161/centos-yum/7/extras/x86_64/
gpgcheck=0
enabled=1
#5、系统更新
[root@localhost yum.repos.d]# yum update
#重启系统,主机名称生效
[root@localhost ~]# reboot
#6、时间同步服务端
[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf 添加
server controller iburst
allow 192.168.40.0/24
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl start chronyd.service
#7、安装数据库MySQL
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.40.151
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller ~]# systemctl start mariadb.service
#8、nosql安装
[root@controller ~]# yum install mongodb-server mongodb -y
[root@controller ~]# vim /etc/mongod.conf
bind_ip = 192.168.40.151
smallfiles = true
[root@controller ~]# systemctl enable mongod.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mongod.service to /usr/lib/systemd/system/mongod.service.
[root@controller ~]# systemctl start mongod.service
#9、消息队列安装
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack 123
Creating user "openstack" ...
...done.
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
...done.
#10、memcached安装
[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]# systemctl start memcached.service
########################################################################################################
# 第一个组件:keystone部署安装
########################################################################################################
#1、数据库创建以及用户授权
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 4
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)] create database keystone;
#验证 查看数据库======================================================================================
show databases;
select * from mysql.user \G;
=======================================================================================================
#2、keystone 认证组件部署安装
[root@controller ~]# yum install python-openstackclient openstack-keystone httpd mod_wsgi -y
#3、配置keystone配置文件
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
[DEFAULT]
admin_token = 1234567890
vim /etc/httpd/conf/httpd.conf
ServerName controller
vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
#http启动
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
#keystone数据库初始化
su -s /bin/sh -c "keystone-manage db_sync" keystone #----------需要验证=====进到数据库里查看keystone库是否有表
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
#验证
mysql
use keystone;
show tables;
#设置客户登录令牌
[root@controller ~]# export OS_TOKEN=1234567890 #令牌字符串 一定和admin_token = 1234567890要一致
[root@controller ~]# export OS_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
#创建keysthone服务
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | e888e28f3f984274ad2e2c95a2645017 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
#注意:不能能重复执行、是重复的
#验证: 只能有一个
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| e888e28f3f984274ad2e2c95a2645017 | keystone | identity |
+----------------------------------+----------+----------+
#如果多创建的话
#删除多出的
注意:没有多的就不用删除
[root@controller ~]# openstack service delete e888e28f3f984274ad2e2c95a2645017
#实例化keystone服务
[root@controller ~]# openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3cbb0b02ab3242378a37af6bd3427c0a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e888e28f3f984274ad2e2c95a2645017 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
#实例化keystone服务
[root@controller ~]# openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | df7f6ff4993241bab8057e2b3314c4d8 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e888e28f3f984274ad2e2c95a2645017 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
#实例化keystone服务
[root@controller ~]# openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 109cc84d9446455b82e9013e7a2c8556 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e888e28f3f984274ad2e2c95a2645017 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
#验证:
[root@controller ~]# openstack endpoint list
-----------------------------------------------------------------------------------------------------------------------
#创建default域
[root@controller ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 904d501c4e7545b5a532b11838648a89 |
| name | default |
+-------------+----------------------------------+
#验证:
[root@controller ~]# openstack domain list
#在default域里创建一个admin项目
[root@controller ~]# openstack project create --domain default \
--description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | a5aabcc966b24cdfa3dd0992e06c91e7 |
| is_domain | False |
| name | admin |
| parent_id | 904d501c4e7545b5a532b11838648a89 |
+-------------+----------------------------------+
#验证:
[root@controller ~]# openstack project list
#
[root@controller ~]# openstack user create --domain default \
--password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | 5d89fa642a17460285b49838a2007798 |
| name | admin |
+-----------+----------------------------------+
#验证:
[root@controller ~]# openstack user list
[root@controller ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 8336f472aeea4541a67d8f2734ed5c82 |
| name | admin |
+-----------+----------------------------------+
#验证:
[root@controller ~]# openstack role list
#赋予权限
[root@controller ~]# openstack role add --project admin --user admin admin
#创建服务项目
[root@controller ~]# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | ebdc49f3845248818e2cf83a26adf2f5 |
| is_domain | False |
| name | service |
| parent_id | 904d501c4e7545b5a532b11838648a89 |
+-------------+----------------------------------+
#创建项目
[root@controller ~]# openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | 44d8fbbb7d0340fb832e082a8c6537c9 |
| is_domain | False |
| name | demo |
| parent_id | 904d501c4e7545b5a532b11838648a89 |
+-------------+----------------------------------+
#创建普通用户
[root@controller ~]# openstack user create --domain default \
--password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | 1ad0bbfa8b044d5da05157859acefb1b |
| name | demo |
+-----------+----------------------------------+
#创建普通权限
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | f1a40d9c758d473e8cab974897849e78 |
| name | user |
+-----------+----------------------------------+
#赋予普通权限
[root@controller ~]# openstack role add --project demo --user demo user
#卸载令牌
[root@controller ~]# unset OS_TOKEN OS_URL
export OS_IDENTITY_API_VERSION=3
#通过用户登录keystone 管理keystone(查看、修改、添加)
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
+------------+----------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+----------------------------------------------------------------------------------------------------------------------+
| expires | 2016-11-03T11:43:30.818127Z |
| id | gAAAAABYGxTTdl7AMYBkoqmgjJwiFn4EPwXtmLw4MqRg2YZxpRrTVeaaNoDWM0_4DtUtjfhKuPItHYG-WT_vplj_AgHtOCt- |
| | PJDdI_5aMn2Y2nag3Dqc2zsHhqfz21sCovhqNuTZSPrz03hj10NjlSkif2ssRlb9knf7kd-ryA2FP5w1SMoBA8w |
| project_id | a5aabcc966b24cdfa3dd0992e06c91e7 |
| user_id | 5d89fa642a17460285b49838a2007798 |
+------------+----------------------------------------------------------------------------------------------------------------------+
==============================================================================================================================
#keysone identity
#!/bin/bash
read -p "请输入登录keystone用户名称:" name
read -p "请输入登录密码:" passwd
read -p "请输入项目名称:" project
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=$project
export OS_USERNAME=$name
export OS_PASSWORD=$passwd
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
=============================================================================================================================
[root@controller ~]# vim admin.sh
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# . admin.sh
[root@controller ~]# openstack token issue
+------------+----------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+----------------------------------------------------------------------------------------------------------------------+
| expires | 2016-11-03T12:02:26.826413Z |
| id | gAAAAABYGxlCjWGgBPM7fdyHei47fmfq8eyC3A5NFBHkEzaDLYaJAoMSAvrnZ2bD7_zysjERbyROuHeqKNV5SeJoG1L6uPntOI9gLqnvs2iNcOq5Rrlx |
| | fb9Wm53psciBCR5pb06KLcXQavz1IspQGiUmeV7fMfkgJIEtf91LowiwdS-otoyWesg |
| project_id | a5aabcc966b24cdfa3dd0992e06c91e7 |
| user_id | 5d89fa642a17460285b49838a2007798 |
+------------+----------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
#注意:
#1、拷贝正确
#每一步都要验证
#看日志:、[root@controller keystone]# tail -f /var/log/keystone/keystone.log
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
# glance 镜像管理组件安装部署
------------------------------------------------------------------------------------------------------------------------------
#1、创建数据库
#2、glance 使用mysql权限
[root@controller keystone]# mysql
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> \q
#安装glance组件
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | f3b94d472f1e4a66ae2cc7a5143875fe |
| name | glance |
+-----------+----------------------------------+
#添加admin权限
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 3991b06fe09543b4aadbe53895823bb5 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5a8360ee94144508ab84a98a4edbe49c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3991b06fe09543b4aadbe53895823bb5 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b58a1141f7e84f24a813e73d9ceb4f31 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3991b06fe09543b4aadbe53895823bb5 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3319922b552c4ff087ac4572a1f4ede1 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3991b06fe09543b4aadbe53895823bb5 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]#yum -y install openstack-glance
[root@controller ~]#vim /etc/glance/glance-api.conf
[database]
...
connection = mysql+pymysql://glance:123@controller/glance
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
[paste_deploy]
...
flavor = keystone
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]#vim /etc/glance/glance-registry.conf
[database]
...
connection = mysql+pymysql://glance:123@controller/glance
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
[paste_deploy]
...
flavor = keystone
[root@controller ~]#su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
[root@controller ~]# . admin.sh
[root@controller ~]# yum -y install wget
[root@controller ~]# wget http://192.168.253.20/openstack-images//cirros-0.3.4-x86_64-disk.img
--2016-11-04 05:02:45-- http://192.168.50.22/openstack-images//cirros-0.3.4-x86_64-disk.img
Connecting to 10.1.1.161:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13287936 (13M) [application/octet-stream]
Saving to: ‘cirros-0.3.4-x86_64-disk.img’
100%[===========================================================================================>] 13,287,936 802KB/s in 16s
2016-11-04 05:03:00 (827 KB/s) - ‘cirros-0.3.4-x86_64-disk.img’ saved [13287936/13287936]
[root@controller ~]# openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2016-11-04T09:03:06Z |
| disk_format | qcow2 |
| file | /v2/images/894a754d-7a1a-4e47-a6cf-897c49f97709/file |
| id | 894a754d-7a1a-4e47-a6cf-897c49f97709 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | a5aabcc966b24cdfa3dd0992e06c91e7 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2016-11-04T09:03:06Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 894a754d-7a1a-4e47-a6cf-897c49f97709 | cirros | active |
+--------------------------------------+--------+--------+
###########################################################################################################################
# nova 控制节点部署安装(nova管理控制端)
###########################################################################################################################
1、数据库创建以及用户授权
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> \q
2、[root@controller ~]# source admin.sh
[root@controller ~]# openstack user create --domain default \
--password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | 904d501c4e7545b5a532b11838648a89 |
| enabled | True |
| id | f775452c47e24ae29acb7c4facb733ea |
| name | nova |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 42213df2abd2445c996b345cb886f7b3 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | f0d1c58e865c418daf4c862a352930bc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 42213df2abd2445c996b345cb886f7b3 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | f25b5f23664c4d8691b374fecaea7730 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 42213df2abd2445c996b345cb886f7b3 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 96fad63994894a85aa540454a83f9847 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 42213df2abd2445c996b345cb886f7b3 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler -y
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata #开启api服务
[api_database]
connection = mysql+pymysql://nova:123@controller/nova_api #关联nova api数据库
[database]
connection = mysql+pymysql://nova:123@controller/nova #关联nova数据库
[DEFAULT]
rpc_backend = rabbit #指定消息队列 为rabbit
[oslo_messaging_rabbit] #关联上rabbit
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[DEFAULT]
auth_strategy = keystone #指定keystone为认知机制
[keystone_authtoken] #关联上keystone 后台自动认证
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123
[DEFAULT]
my_ip = 192.168.253.141
[DEFAULT]
use_neutron = True #启动网络组件neutron
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
...
vncserver_listen = $my_ip #vnc监听地址
vncserver_proxyclient_address = $my_ip #vnc代理地址
[glance] #关联镜像组件glance
api_servers = http://controller:9292
[oslo_concurrency] #生成锁文件目录
lock_path = /var/lib/nova/tmp
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova #两个数据库初始化
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
#开机自启动
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#开启所有服务
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
############################################################################################################################
# nova 计算节点部署安装(nova 运行端)
############################################################################################################################
1、环境准备
1、防火墙关闭
2、yum配置
3、主机名修改
4、vim /etc/hosts
5、重启系统reboot
确保:
在控制节点上 ping computer01 能通
在计算节点上 ping controller 能通
2、安装nova-computer组件
卸载lvm2
[root@computer01 ~]# yum remove lvm2 -y
[root@computer01 ~]# yum install openstack-nova-compute -y
[root@computer01 ~]# vim /etc/nova/nova.conf
[DEFAULT]
...
rpc_backend = rabbit
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123
[DEFAULT]
...
my_ip = 192.168.253.142
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
[libvirt]
...
virt_type = qemu
[root@computer01 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@computer01 ~]# systemctl start libvirtd.service openstack-nova-compute.service
#到控制节点上验证
. admin.sh
[root@controller ~]# openstack compute service list
+----+------------------+-----------------------+----------+----------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-----------------------+----------+----------+-------+----------------------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2016-11-07T13:15:26.000000 |
| 2 | nova-consoleauth | controller | internal | enabled | up | 2016-11-07T13:15:23.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2016-11-07T13:15:22.000000 |
| 6 | nova-compute | localhost.localdomain | nova | disabled | down | 2016-11-07T07:59:15.000000 |
| 7 | nova-compute | computer01 | nova | enabled | up | 2016-11-07T13:15:22.000000 |
+----+------------------+-----------------------+----------+----------+-------+----------------------------+
#state状态必须是up
###########################################################################################################################
# neutron 网络组件 控制节点
###########################################################################################################################
1、创建数据库
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 50
Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)
2、获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
[root@controller ~]# . admin.sh
3、要创建服务证书
openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | b20a6692f77b4258926881bf831eb683 |
| name | neutron |
+-----------+----------------------------------+
4、添加``admin`` 角色到``neutron`` 用户:
[root@controller ~]# openstack role add --project service --user neutron admin
5、创建``neutron``服务实体:
openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
6、创建网络服务API端点:
[root@controller ~]# openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
################网络选项2:私有网络############################
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
#配置服务组件
[root@controller ~]# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:123@controller/neutron
[DEFAULT]
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
tenant_network_types = vxlan
type_drivers = flat,vlan,vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[ml2_type_vxlan]
...
vni_ranges = 1:1000
[securitygroup]
...
enable_ipset = True
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eno16777736
[vxlan]
enable_vxlan = True
local_ip = 192.168.253.141
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service
[root@controller ~]# . admin.sh
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------+----------------+--------------------------
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | :-) | True | neutron-l3-agent |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | :-) | True | neutron-dhcp-agent |
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| flavors | Neutron Service Flavors |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dns-integration | DNS Integration |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
#######################################################################################################################
秘钥认证:
server01 ------远程------ server02
server01 生成一对密码(私钥和公钥) -----------把公钥上传到server02 /root/.ssh/authorized_keys
server01操作
1、生成一对秘钥:
ssh-keygen -t rsa 一直敲回车
2、把公钥上传到所要远程的服务器上server02
ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.253.142地址
3、验证server01远程登录server02
ssh server02
优先秘钥认证:
###########################################################################################################################
@ neutron 计算节点安装部署
##########################################################################################################################
#安装组件
1、yum install openstack-neutron-linuxbridge ebtables ipset
[root@computer01 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
[root@computer01 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eno16777736
[vxlan]
enable_vxlan = True
local_ip = 192.168.253.142
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@computer01 ~]# vim /etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
[root@computer01 ~]# systemctl restart openstack-nova-compute.service
[root@computer01 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@computer01 ~]# systemctl start neutron-linuxbridge-agent.service
#############################登录控制节点进行验证
[root@controller ~]# source admin.sh
[root@controller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| flavors | Neutron Service Flavors |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dns-integration | DNS Integration |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
#验证代理
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | :-) | True | neutron-l3-agent |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | :-) | True | neutron-dhcp-agent |
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
###########################################################################################################################
# Dashboard部署安装
###########################################################################################################################
##安装dashboard仪表盘组件
[root@controller ~]# yum install openstack-dashboard
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#通过仪表盘创建的用户默认角色配置为 user :
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
#启用对域的支持
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
#通过仪表盘创建用户时的默认域配置为 default
#OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
[root@controller ~]# systemctl restart httpd.service memcached.service
###############################################################################################################
# 创建虚拟网络
###############################################################################################################
1、创建虚拟网络
#创建外网网络
[root@controller ~]# . admin.sh
[root@controller ~]# neutron net-create --shared --provider:physical_network provider \
--provider:network_type flat provider
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| mtu | 1500 |
| name | provider |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | provider |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | d84313397390425c8ed50b2f6e18d092 |
+---------------------------+--------------------------------------+
#创建子网
[root@controller ~]# neutron subnet-create --name provider \
--allocation-pool start=192.168.50.37,end=192.168.50.39 \
--dns-nameserver 8.8.4.4 --gateway 192.168.50.30 \
provider 192.168.50.0/24
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.250"} |
| cidr | 203.0.113.0/24 |
| dns_nameservers | 8.8.4.4 |
| enable_dhcp | True |
| gateway_ip | 203.0.113.1 |
| host_routes | |
| id | 5cc70da8-4ee7-4565-be53-b9c011fca011 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | provider |
| network_id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| subnetpool_id | |
| tenant_id | d84313397390425c8ed50b2f6e18d092 |
+-------------------+----------------------------------------------------+
#创建私有网
[root@controller ~]# neutron net-create selfservice
Created a new network:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| id | 7c6f9b37-76b4-463e-98d8-27e5686ed083 |
| mtu | 0 |
| name | selfservice |
| port_security_enabled | True |
| router:external | False |
| shared | False |
| status | ACTIVE |
| subnets | |
| tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |
+-----------------------+--------------------------------------+
#创建内网子网
[root@controller ~]# neutron subnet-create --name selfservice \
--dns-nameserver 8.8.4.4 --gateway 172.16.1.1 \
selfservice 172.16.1.0/24
Created a new subnet:
+-------------------+------------------------------------------------+
| Field | Value |
+-------------------+------------------------------------------------+
| allocation_pools | {"start": "172.16.1.2", "end": "172.16.1.254"} |
| cidr | 172.16.1.0/24 |
| dns_nameservers | 8.8.4.4 |
| enable_dhcp | True |
| gateway_ip | 172.16.1.1 |
| host_routes | |
| id | 3482f524-8bff-4871-80d4-5774c2730728 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | selfservice |
| network_id | 7c6f9b37-76b4-463e-98d8-27e5686ed083 |
| subnetpool_id | |
| tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |
+-------------------+------------------------------------------------+
#添加’ router:external ‘ 到’ provider’ 网络
[root@controller ~]# neutron net-update provider --router:external
Updated network: provider
#创建路由
[root@controller ~]# neutron router-create router
Created a new router:
+-----------------------+--------------------------------------+
| Field | Value |
+-----------------------+--------------------------------------+
| admin_state_up | True |
| external_gateway_info | |
| id | 89dd2083-a160-4d75-ab3a-14239f01ea0b |
| name | router |
| routes | |
| status | ACTIVE |
| tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |
+-----------------------+--------------------------------------+
#给路由器添加一个私网子网的接口
[root@controller ~]# neutron router-interface-add router selfservice
Added interface bff6605d-824c-41f9-b744-21d128fc86e1 to router router.
#给路由器设置公有网络的网关:
[root@controller ~]# neutron router-gateway-set router provider
Set gateway for router router
#验证操作
#列出网络命名空间。你应该可以看到一个’ qrouter ‘命名空间和两个’qdhcp ‘ 命名空间
[root@controller ~]# ip netns
qrouter-89dd2083-a160-4d75-ab3a-14239f01ea0b
qdhcp-7c6f9b37-76b4-463e-98d8-27e5686ed083
qdhcp-0e62efcd-8cee-46c7-b163-d8df05c3c5ad
#列出路由器上的端口来确定公网网关的IP 地址:
[root@controller ~]# neutron router-port-list router
+--------------------------------------+------+-------------------+------------------------------------------+
| id | name | mac_address | fixed_ips |
+--------------------------------------+------+-------------------+------------------------------------------+
| bff6605d-824c-41f9-b744-21d128fc86e1 | | fa:16:3e:2f:34:9b | {"subnet_id": |
| | | | "3482f524-8bff-4871-80d4-5774c2730728", |
| | | | "ip_address": "172.16.1.1"} |
| d6fe98db-ae01-42b0-a860-37b1661f5950 | | fa:16:3e:e8:c1:41 | {"subnet_id": |
| | | | "5cc70da8-4ee7-4565-be53-b9c011fca011", |
| | | | "ip_address": "203.0.113.102"} |
+--------------------------------------+------+-------------------+------------------------------------------+
页面测试
访问:http://192.168.253.141/dashboard
成功访问后测试创建云主机
##############################################################################################
#从控制节点或任意公共物理网络上的节点Ping这个IP地址:
[root@controller ~]# ping -c 4 203.0.113.102
PING 203.0.113.102 (203.0.113.102) 56(84) bytes of data.
64 bytes from 203.0.113.102: icmp_req=1 ttl=64 time=0.619 ms
64 bytes from 203.0.113.102: icmp_req=2 ttl=64 time=0.189 ms
64 bytes from 203.0.113.102: icmp_req=3 ttl=64 time=0.165 ms
64 bytes from 203.0.113.102: icmp_req=4 ttl=64 time=0.216 ms
#####################################创建实例云主机################################################################
[root@controller ~]# . admin.sh
#一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。 列出可用类型:
[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+-----------+-------+------+-----------+-------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | 1 | True |
| 2 | m1.small | 2048 | 20 | 0 | 1 | True |
| 3 | m1.medium | 4096 | 40 | 0 | 2 | True |
| 4 | m1.large | 8192 | 80 | 0 | 4 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |
+----+-----------+-------+------+-----------+-------+-----------+
#列出可用镜像:
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 390eb5f7-8d49-41ec-95b7-68c0d5d54b34 | cirros | active |
+--------------------------------------+--------+--------+
#列出可用网络:
[root@controller ~]# openstack network list
+--------------------------------------+--------------+--------------------------------------+
| ID | Name | Subnets |
+--------------------------------------+--------------+--------------------------------------+
| 4716ddfe-6e60-40e7-b2a8-42e57bf3c31c | selfservice | 2112d5eb-f9d6-45fd-906e-7cabd38b7c7c |
| b5b6993c-ddf9-40e7-91d0-86806a42edb8 | provider | 310911f6-acf0-4a47-824e-3032916582ff |
+--------------------------------------+--------------+--------------------------------------+
#列出可用的安全组:
[root@controller ~]# openstack security group list
+--------------------------------------+---------+------------------------+
| ID | Name | Description |
+--------------------------------------+---------+------------------------+
| dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group |
+--------------------------------------+---------+------------------------+
#启动实例:
[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \
--nic net-id=PROVIDER_NET_ID --security-group default \
--key-name mykey provider-instance
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | nova |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | hdF4LMQqC5PB |
| config_drive | |
| created | 2015-09-17T21:58:18Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf |
| image | cirros (38047887-61a7-41ea-9b49-27987d5e8bb9) |
| key_name | mykey |
| metadata | {} |
| name | provider-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |
| updated | 2015-09-17T21:58:18Z |
| user_id | 684286a9079845359882afc3aa5011fb |
+--------------------------------------+-----------------------------------------------+
#检查实例的状态:
[root@controller ~]# openstack server list
+--------------------------------------+-------------------+--------+---------------------------------+
| ID | Name | Status | Networks |
+--------------------------------------+-------------------+--------+---------------------------------+
| 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | provider-instance | ACTIVE | provider=203.0.113.103 |
+--------------------------------------+-------------------+--------+---------------------------------+
#使用虚拟控制台访问实例
[root@controller ~]# openstack console url show provider-instance
+-------+---------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------+
| type | novnc |
| url | http://controller:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |
+-------+---------------------------------------------------------------------------------+
#登录云主机,验证能否ping通公有网络的网关:
[root@controller ~]# ping -c 4 203.0.113.1
PING 203.0.113.1 (203.0.113.1) 56(84) bytes of data.
64 bytes from 203.0.113.1: icmp_req=1 ttl=64 time=0.357 ms
64 bytes from 203.0.113.1: icmp_req=2 ttl=64 time=0.473 ms
64 bytes from 203.0.113.1: icmp_req=3 ttl=64 time=0.504 ms
64 bytes from 203.0.113.1: icmp_req=4 ttl=64 time=0.470 ms
#验证能否连接到互联网
#验证控制节点或者其他公有网络上的主机能否ping通实例:
#在控制节点或其他公有网络上的主机使用 SSH远程访问实例:
#######################################################################################################################
# 块存储 cinder 安装 控制节点
#######################################################################################################################
登录数据库
[root@controller ~]# mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' \
IDENTIFIED BY '123';
. admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | e0353a670a9e496da891347c589539e9 |
| enabled | True |
| id | bb279f8ffc444637af38811a5e1f0562 |
| name | cinder |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user cinder admin
[root@controller ~]# openstack service create --name cinder \
--description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | ab3bbbef780845a1a283490d281e7fda |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | eb9fd245bdbc414695952e93f29fe3ac |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
volume public http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 03fa2c90153546c295bf30ca86b1344b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ab3bbbef780845a1a283490d281e7fda |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
volume internal http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 94f684395d1b41068c70e4ecb11364b2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ab3bbbef780845a1a283490d281e7fda |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
volume admin http://controller:8776/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 4511c28a0f9840c78bacb25f10f62c98 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ab3bbbef780845a1a283490d281e7fda |
| service_name | cinder |
| service_type | volume |
| url | http://controller:8776/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
volumev2 public http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 513e73819e14460fb904163f41ef3759 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 6436a8a23d014cfdb69c586eff146a32 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | e652cf84dd334f359ae9b045a2c91d96 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | eb9fd245bdbc414695952e93f29fe3ac |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# yum install openstack-cinder
[root@controller ~]# vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123@controller/cinder
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = 123
[DEFAULT]
...
my_ip = 192.168.50.123
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
[root@controller ~]# vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
############################################存储节点也可以安装到控制节点###########################################
#需要添加两块硬盘做lvm
[root@controller ~]# yum install lvm2
[root@controller ~]# systemctl enable lvm2-lvmetad.service
[root@controller ~]# systemctl start lvm2-lvmetad.service
[root@controller ~]# pvcreate /dev/sdb /dev/sdc
Physical volume "/dev/sdb" successfully created
[root@controller ~]# vgcreate cinder-volumes /dev/sdb /dev/sdc
Volume group "cinder-volumes" successfully created
[root@controller ~]# vim /etc/lvm/lvm.conf
devices {
...
filter = [ "a/sdb/", "r/.*/"]
}
[root@controller ~]# yum install openstack-cinder targetcli python-keystone
[root@controller ~]# vim /etc/cinder/cinder.conf
[database]
...
connection = mysql+pymysql://cinder:123@controller/cinder
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = 123
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = 123
[DEFAULT]
...
my_ip = 192.168.50.123
[lvm] #添加上
...
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[DEFAULT]
...
enabled_backends = lvm
glance_api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
[root@controller ~]# . admin-openrc
[root@controller ~]# cinder service-list
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller | nova | enabled | up | 2014-10-18T01:30:54.000000 | None |
| cinder-volume | block1@lvm | nova | enabled | up | 2014-10-18T01:30:57.000000 | None |
+------------------+------------+------+---------+-------+----------------------------+-----------------+
##############################################################################################################
# 创建一个卷 添加到一个云主机上 #################
##############################################################################################################
[root@controller ~]# openstack volume create --size 1 volume1
+---------------------+--------------------------------------+
| Field | Value |
+---------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2016-03-08T14:30:48.391027 |
| description | None |
| encrypted | False |
| id | a1e8be72-a395-4a6f-8e07-856a57c39524 |
| multiattach | False |
| name | volume1 |
| properties | |
| replication_status | disabled |
| size | 1 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| type | None |
| updated_at | None |
| user_id | 684286a9079845359882afc3aa5011fb |
+---------------------+--------------------------------------+
[root@controller ~]# openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+-----------+------+-------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | available | 1 | |
+--------------------------------------+--------------+-----------+------+-------------+
[root@controller ~]# openstack server add volume provider-instance volume1
[root@controller ~]# openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| ID | Display Name | Status | Size | Attached to |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | in-use | 1 | Attached to provider-instance on /dev/vdb |
+--------------------------------------+--------------+--------+------+--------------------------------------------+
[root@controller ~]# fdisk -l
Disk /dev/vda: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Device Boot Start End Blocks Id System
/dev/vda1 * 16065 2088449 1036192+ 83 Linux
Disk /dev/vdb: 1073 MB, 1073741824 bytes
16 heads, 63 sectors/track, 2080 cylinders, total 2097152 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x00000000
Disk /dev/vdb doesn't contain a valid partition table
