OpenStack(centos7.3,centos-release-openstack-ocata)
nova:计算节点
queue:消息队列,系统瓶颈所在
scheduler:调度机制
conductor:更新数据库
cert(objectstore):证书
console:连接端口
consoleauth:连接端口认证
glance:存储映像文件和硬盘
registry:调用数据库的接口,检索接口
database:映像文件的存储位置等
swift:分布式存储
neutron:网络服务,负责接收对网络的调用请求
plugins:插件
agents:网络服务器
cinder:块存储
api:接受请求并分配volume
vloume:
database
scheduler:
swift:存储对象节点
account:账号管理
container:容量管理,管理阿布管理
object:对象管理
环境准备
hostname:linux-node1.oldboyedu.com
计算节点:
hostname:linux-node2.oldboyedu.com
ip地址:192.168.1.31
先配置控制节点192.168.1.30
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
DEVICE=ens33
NM_CONTROLLLER=yes
NETMASK=255.255.255.0
重启网卡使设置生效
nmcli connection up ens33
修改主机名
需要修改两处:一处是/etc/hostname,另一处是/etc/hosts
[root@localhost ~]# vi /etc/hostname
linux-node1
[root@localhost ~]# systemctlrestart NetworkManager
[root@localhost ~]# hostname
linux-node1
[root@localhost ~]# vi /etc/hosts
192.168.1.30 linux-node1 linux-node1.oldboyedu.com
192.168.1.31 linux-node2 linux-node2.oldboyedu.com
将上面两个文件修改完后,并不能立刻生效。如果要立刻生效的话,可以用 hostname your-hostname 作临时修改,它只是临时地修改主机名,系统重启后会恢复原样的。
hostname linux-node1
安装时间同步
[root@localhost ~]# vi /etc/chrony.conf
[root@localhost ~]# systemctlenable chronyd.service
启动chronyd
[root@localhost ~]# systemctl start chronyd.service
[root@localhost ~]# timedatectl set-timezone Asia/Shanghai
Thu Nov 2 16:23:07 CST 2017
关闭 selinux(centos7.3需要改2个地方/etc/sysconfig/selinux和/etc/selinux/config)
sed -i's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config
setenforce 0
getenforce可查看selinux的状态
关闭 iptables
systemctlstop firewalld.service
systemctldisable firewalld.service
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.3.1611 (Core)
[root@localhost ~]# yum update-y
[root@localhost ~]#yum installcentos-release-openstack-liberty -y
Loaded plugins: fastestmirror
epel/x86_64/metalink | 6.1kB 00:00
epel | 4.3 kB 00:00
(1/3): epel/x86_64/group_gz | 261 kB 00:00
(2/3): epel/x86_64/updateinfo | 842 kB 00:01
(3/3): epel/x86_64/primary_db | 6.1 MB 00:04
Loading mirror speeds from cached hostfile
* base: mirrors.163.com
* epel: mirrors.ustc.edu.cn
* extras: mirrors.cn99.com
* updates: mirrors.163.com
No package centos-release-openstack-liberty available.
Error: Nothing to do
解决:选择安装Ocata的yum源(我的噩梦开始了。。。。。。。。。。。。。)
[root@localhost ~]#yum install centos-release-openstack-ocata -y
再升级一遍,以防万一,防止软件版本过低。
[root@localhost ~]#yumupgrade -y
验证yum源是否可用:
[root@localhost ~]#yum repolist
[root@localhost~]#yum install python-openstackclient -y
[root@localhost yum.repos.d]# yum install mariadb mariadb-server MySQL-python-y [root@localhostyum.repos.d]# cp /usr/share/mysql/my-medium.cnf /etc/my.cnf
[root@localhostyum.repos.d]# vi /etc/my.cnf
default-storage-engine= innodb
innodb_file_per_table
collation-server =utf8_general_ci
init-connect = 'SETNAMES utf8'
character-set-server = utf8
[root@localhostyum.repos.d]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.serviceto /usr/lib/systemd/system/mariadb.service.
[root@localhostyum.repos.d]#systemctlstart mariadb.service
[root@localhostyum.repos.d]# mysql_secure_installation (一路 y 回车) (设置mysql的密码123456)
[root@localhostyum.repos.d]# mysql -uroot -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ONglance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ONglance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ONnova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ONnova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ONneutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ONneutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ONcinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ONcinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
[root@localhost ~]# yum install rabbitmq-server -y
Error: Package:erlang-erts-18.3.4.4-2.el7.x86_64 (centos-openstack-liberty)
Requires: lksctp-tools
解决:
[root@localhost ~]# rpm -ivhlksctp-tools-1.0.17-2.el7.x86_64.rpm
[root@localhost ~]# yuminstall rabbitmq-server -y
[root@localhost~]# systemctl enable rabbitmq-server.service
Created symlink from/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to/usr/lib/systemd/system/rabbitmq-server.service.
[root@localhost ~]# systemctl start rabbitmq-server.service
[root@localhost ~]# netstat-ntlp
5672是rabbitmq端口号
新建Rabbitmq用户并授权
[root@localhost ~]# rabbitmqctl add_user openstack openstack
Creating user"openstack" ...
[root@localhost ~]#rabbitmqctl set_permissions openstack".*" ".*" ".*"
Setting permissions for user"openstack" in vhost "/" ...
启用Rabbitmq的web管理插件
[root@localhost ~]#rabbitmq-plugins list
[root@localhost ~]# rabbitmq-pluginsenable rabbitmq_management
The following plugins havebeen enabled:
mochiweb
webmachine
rabbitmq_web_dispatch
amqp_client
rabbitmq_management_agent
rabbitmq_management
Applying pluginconfiguration to rabbit@localhost... started 6 plugins.
重启Rabbitmq
[root@localhost ~]# systemctlrestart rabbitmq-server.service
查看Rabbit的端口,其中5672是服务端口,15672是web管理端口,25672是做集群的端口
[root@localhost ~]# netstat -lntup |grep 5672
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 6984/beam
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 6984/beam
tcp6 0 0 :::5672 :::* LISTEN 6984/beam
登陆http://192.168.1.30:15672 (用户名:guest密码:guest)
http://192.168.1.30:15672/#/users
点update this user
密码中输入:openstack,Tags: administrator
再登陆http://192.168.1.30:15672(用户名:openstack密码:openstack)
现在已经有了2个用户可以登陆
若想要监控Rabbit,即可使用下图中的API
yum install openstack-keystonehttpd mod_wsgi memcached python-memcached -y
修改keystone的配置文件
vi /etc/keystone/keystone.conf
admin_token= 7fff823bda267b2db6cc (通过openssl rand -hex 10产生的随机数)(用作无用户时,创建用户来链接,此内容使用openssl随机产生)
#Deprecated group/name - [sql]/connection
#connection = <None>
connection =mysql://keystone:keystone@192.168.1.30/keystone
(用作链接数据库,三个keysthone分别为keystone组件,keystone用户名,mysql中的keysthone库名)
provider = uuid
# DEPRECATED: If set tofalse, the logging level will be set to WARNING instead
# of the default INFO level. (boolean value)
# This option is deprecatedfor removal.
# Its value may be silentlyignored in the future.
[root@linux-node2 keystone]#grep '^[a-z]'/etc/keystone/keystone.conf
admin_token =7fff823bda267b2db6cc
connection =mysql://keystone:keystone@192.168.1.30/keystone
servers = 192.168.1.30:11211
driver = sql
provider = uuid
driver = memcache
切换到keystone用户,导入keystoe数据库
[root@localhost ~]#su -s /bin/sh -c "keystone-manage db_sync" keystone(因为keystone程序启动时需要以keystone用户写入到该keystone.log文件,如果用root执行,这里keystone程序就不能以keystone用户权限写入到该log文件,以至于程序无法启动。)
[root@localhost ~]#cd /var/log/keystone/
[root@localhost keystone]# ll
total 8
-rw-r--r--. 1 keystonekeystone 6754 Nov 3 08:26 keystone.log
[root@localhost keystone]# mysql-h 192.168.1.30 -u keystone -pkeystone
MariaDB [(none)]> use keystone;
Database changed
MariaDB [keystone]> showtables;
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| user_option |
| whitelisted_config |
+------------------------+
38 rows in set (0.00 sec)
删除数据库(这里删除会和表一起全部删除)
mysql -h 192.168.1.30 -u keystone -pkeystone
MariaDB[(none)]>dropdatabase keystone;
然后创建数据库(这里只是创建一个数据名字,并没有实际的表)
MariaDB[(none)]>createdatabase keystone;
MariaDB[(none)]> quit;
同步keystone;
root@controller1:~#keystone-managedb_sync;
如果数据库同步后没数据,执行以下
[root@localhostyum.repos.d]# mysql-uroot-p123456
CREATE DATABASEkeystone;
GRANT ALLPRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO'keystone'@'%' IDENTIFIED BY 'keystone';
添加一个apache的wsgi-keystone配置文件,其中5000端口是提供该服务的,35357是为admin提供管理用的
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-publicprocesses=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.logcombined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-adminprocesses=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias //usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.logcombined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
配置apache的servername,如果不配置servername,会影响keystone服务
#ServerName www.example.com:80
[root@localhost etc]#systemctl enable memcached
Created symlink from/etc/systemd/system/multi-user.target.wants/memcached.service to/usr/lib/systemd/system/memcached.service.
[root@localhost etc]# systemctl enable httpd
Created symlink from/etc/systemd/system/multi-user.target.wants/httpd.service to/usr/lib/systemd/system/httpd.service.
[root@localhost etc]# systemctl start httpd
[root@localhost etc]#netstat-ntlp |grep http
tcp6 0 0 :::80 :::* LISTEN
42732/httpd
tcp6 0 0 :::35357 :::* LISTEN
42732/httpd
tcp6 0 0 :::5000 :::* LISTEN
42732/httpd
keystone监听的两个端口35357和5000。 35357用于管理,5000用于普通用户。
[root@localhost etc]#systemctlstart memcached
创建用户并连接keystone,在这里可以使用两种方式,通过keystone -help后家参数的方式,或者使用环境变量env的方式,下面就将使用环境变量的方式,分别设置了token,API及控制版本(SOA种很适用)
[root@localhost etc]# export OS_TOKEN=7fff823bda267b2db6cc
[root@localhost etc]# export OS_URL=http://192.168.1.30:35357/v3
[root@localhost etc]# exportOS_IDENTITY_API_VERSION=3
提示:--description是域的描述,最后一个default是域的名称
[root@linux-node1~]#openstackdomain create default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| enabled | True |
| id | 660bc70fb8f046ba8c565b08a5f2dd6c |
| name | default |
+-------------+----------------------------------+
命令格式:openstack project --domain 域 --description"描述" 项目名
作用:管理所有的云主机
[root@linux-node1 ~]# openstack projectcreate --domain default --description "Admin Project"admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | AdminProject |
| domain_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled | True |
| id | bc6145f01fb849fcb9ea6a7ba1d84ffe |
| is_domain | False |
| name | admin |
| parent_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
+-------------+----------------------------------+
创建admin用户(user)并设置密码(生产环境一定设置一个复杂的)
[root@linux-node1 ~]#openstack user create --domain default--password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled | True |
| id |009d9c1b575c48a598d1700ea42f2870 |
| name | admin |
| options | {} |
| password_expires_at |None |
+---------------------+----------------------------------+
或者直接创建密码
[root@localhost ~]# openstackuser create --domain default --password=admin admin
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 81f258d962ee49ef8814cc6054ce65c0|
| enabled | True |
| id |89d4ab9674c044928e8ded6ab98b1ebc |
| name | admin |
| options | {} |
| password_expires_at |None |
+---------------------+----------------------------------+
[root@linux-node1 ~]#openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id |be3fa42e824f44758201f249fbd9299d |
| name | admin |
+-----------+----------------------------------+
把admin用户加到admin项目,赋予admin角色,把角色,项目,用户关联起来
[root@localhost keystone]#openstack role add --project admin --user admin admin
创建一个普通用户demo,demo项目,角色为普通用户(uesr),并把它们关联起来
在Openstack中一般的任务我们都应该使用一个没有太多权限的user来操作。在这里我们创建一个demouser。
[root@linux-node1 ~]#openstack project create --domain default--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | DemoProject |
| domain_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled | True |
| id | b0bfa350ea0a4af4934a64f646691eed |
| is_domain | False |
| name | demo |
| parent_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
+-------------+----------------------------------+
[root@linux-node1 ~]#openstack user create --domain default --password=demo demo
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled | True |
| id | 4bd21e87bcfa4f7696d26d5e6bfa7592|
| name | demo |
| options | {} |
| password_expires_at |None |
+---------------------+----------------------------------+
[root@linux-node1 ~]# openstackrole create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 874f576d6a864b0589ffbd1150ee35d4 |
| name | user |
+-----------+----------------------------------+
[root@localhost ~]#openstackrole add --project demo --user demo user
创建一个service的项目,此服务用来管理nova,neuturn,glance等组件的服务
[root@linux-node1 ~]#openstackproject create --domain default --description "Service Project"service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | ServiceProject |
| domain_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
| enabled | True |
| id | 20019fb0d9864523b3015aac8da4a31c |
| is_domain | False |
| name | service |
| parent_id | 660bc70fb8f046ba8c565b08a5f2dd6c |
+-------------+----------------------------------+
[root@linux-node1 ~]#openstackuser list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
|009d9c1b575c48a598d1700ea42f2870 | admin |
|4bd21e87bcfa4f7696d26d5e6bfa7592 | demo |
+----------------------------------+-------+
[root@linux-node1 ~]# openstack projectlist
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
|20019fb0d9864523b3015aac8da4a31c | service |
| b0bfa350ea0a4af4934a64f646691eed| demo |
|bc6145f01fb849fcb9ea6a7ba1d84ffe | admin |
+----------------------------------+---------+
[root@linux-node1 ~]#openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
|874f576d6a864b0589ffbd1150ee35d4 | user |
|be3fa42e824f44758201f249fbd9299d | admin |
+----------------------------------+-------+
注册keystone服务,虽然keystone本身是搞注册的,但是自己也需要注册服务
创建keystone认证
[root@linux-node1 ~]# openstackservice create --name keystone --description "OpenStack Identity"identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStackIdentity |
| enabled | True |
| id | c7688c61f8b3414785528d1aa220d4b9 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
分别创建三种类型的endpoint,分别为public:对外可见,internal内部使用,admin管理使用
[root@linux-node1 ~]# openstackendpoint create --region RegionOne identity publichttp://192.168.1.30:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | dacd7ffd8769460289cba8a5b14ecfc4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c7688c61f8b3414785528d1aa220d4b9 |
| service_name |keystone |
| service_type |identity |
| url | http://192.168.1.30:5000/v2.0 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstack endpoint create --region RegionOneidentity internal http://192.168.1.30:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 084e20b52a4f4b8b9c31fe411819b25e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c7688c61f8b3414785528d1aa220d4b9 |
| service_name |keystone |
| service_type |identity |
| url | http://192.168.1.30:5000/v2.0 |
+--------------+----------------------------------+
[root@linux-node1 ~]# openstackendpoint create --region RegionOne identity admin http://192.168.1.30:35357/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f6e6bf61e92e407c85d4a1d336b095eb |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c7688c61f8b3414785528d1aa220d4b9 |
| service_name |keystone |
| service_type |identity |
| url | http://192.168.1.30:35357/v2.0 |
+--------------+----------------------------------+
[root@linux-node1 ~]#openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID | Region | Service Name | Service Type | Enabled |Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
|084e20b52a4f4b8b9c31fe411819b25e | RegionOne | keystone | identity | True | internal | http://192.168.1.30:5000/v2.0 |
|dacd7ffd8769460289cba8a5b14ecfc4 | RegionOne | keystone | identity | True | public | http://192.168.1.30:5000/v2.0 |
|f6e6bf61e92e407c85d4a1d336b095eb | RegionOne | keystone | identity | True | admin |http://192.168.1.30:35357/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
链接到keystone,请求token,在这里由于已经添加了用户名和密码,就不在使用token,所有就一定要取消环境变量了
[root@localhost keystone]# unset OS_TOKEN
[root@localhost keystone]#unset OS_URL
[root@linux-node1 ~]#openstack --os-auth-url http://192.168.1.30:5000/v3 --os-project-domain-iddefault --os-user-domain-id default --os-project-name demo --os-username demouser list
出的错误无法解决。。。。。。。。。。。。。。。。。。。。。。。。
转载于:https://blog.51cto.com/2290153/1980706
