A-A+

openstack 官方安装文档（2016-05）

2016年05月23日服务暂无评论阅读 2,379 次

系统版本 centos7 （最小化安装即可） 2台机器内存2g（控制节点建议可以给到4-6g，因为2g我试验起来感觉比较卡顿，dashboard感觉反应有些缓慢），cpu2个硬盘100g，每台机器需要2个网卡，视具体情况。 control节点安装mysql rabbitmq keystone glance nova dashboard neutron compute节点安装 nova neutron openstack官网配置说明 openstack安装步骤： 1.[ntp安装] ntp主要为同步时间所用，时间不同步，可能造成你不能创建云主机 yum install chrony vi /etc/chrony.conf增加 server NTP_SERVER iburst allow 你的ip地址网段（允许你的ip地址网段可以访问ntp） systemctl enable chronyd.service(加入系统自启动) systemctl start chronyd.service（启动ntp服务）注意：在centos7以前的版本安装ntp yum install ntp ntpdate time.nist.gov(同步时钟) hwclock -w （写入bios） 2.[openstack packages] 安装openstack最新的源： yum install centos-release-openstack-mitaka yum install https://rdoproject.org/repos/rdo-release.rpm yum upgrade (更新源) yum install python-openstackclient（安装opentack必须的插件） yum install openstack-selinux（可选则安装这个插件，我直接关闭了selinux，因为不熟，对后续不会有影响） 3.[database] openstack支持很多的数据库，MySQL or PostgreSQL等这里我们使用mysql。 yum install mariadb mariadb-server python2-PyMySQL（mariadb是mysql的新版本而已，无需惊讶） vi /etc/my.cnf 加入： [mysqld] bind-address = 192.168.1.48（安装mysql的机器的IP地址） default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci character-set-server = utf8 将mysql加入自启动 systemctl enable mariadb.service 启动mysql systemctl start mariadb.service 设置mysql属性：直接输入脚本命令： mysql_secure_installation 按照相关设置即可注意：注意检查mysqld是否运行。3306端口是否起来 3.[rabbitmq] 安装openstack的消息使者rabbitmq，如果rabbitmq没有运行起来，你的整openstack平台将无法使用。rabbitmq使用5672端口。 yum install rabbitmq-server systemctl enable rabbitmq-server.service（加入自启动） systemctl start rabbitmq-server.service（启动） rabbitmqctl add_user openstack RABBIT_PASS（增加用户openstack，密码自己设置替换掉RABBIT_PASS） rabbitmqctl set_permissions openstack ".*" ".*" ".*"（给新增的用户授权，没有授权的用户将不能接受和传递消息） 4.[memcached] memcache为选择安装项目。使用端口11211 yum install memcached python-memcached systemctl enable memcached.service systemctl start memcached.service 5.[keystone认证服务] 注意：在之前需要设置好hosts解析，控制节点和计算节点都要做。我的为： 192.168.1.48 control 192.168.1.49 compute 登录数据库创建keystone数据库。 mysql -u root -p CREATE DATABASE keystone; 设置授权用户和密码： GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY '密码'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY '密码'; 生成admin_token的随机值： openssl rand -hex 10 安装keystone yum install openstack-keystone httpd mod_wsgi vi /etc/keystone/keystone.conf 使用刚刚生成的随机值替换掉： admin_token = 随机值（主要为安全，也可以不用替换）配置数据库连接： connection = mysql+pymysql://keystone:密码@数据库ip地址/keystone 设置：provider = fernet、同步keystone数据库：keystone-manage db_sync（一点要查看数据库是否生成表成功）初始化keys： keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 配置apache： vi /etc/httpd/conf/httpd.conf 将ServerName 后面改成主机名，防止启动报错 ServerName control 生成wsgi配置文件： vi /etc/httpd/conf.d/wsgi-keystone.conf加入：

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
 
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
 
<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
 
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

启动httpd： systemctl enable httpd.service systemctl start httpd.service 6.[创建keystone的service目录和endpoint] export OS_TOKEN=上面生成的随机值 export OS_URL=http://control:35357/v3 export OS_IDENTITY_API_VERSION=3 创建keystone的service： openstack service create --name keystone --description "OpenStack Identity" identity （identity这个认证类型一定不可以错）创建keystone的endpoint： openstack endpoint create --region RegionOne \ identity public http://control:5000/v3 openstack endpoint create --region RegionOne \ identity internel http://control:5000/v3 openstack endpoint create --region RegionOne \ identity admin http://control:35357/v3 7.[创建域，用户，租户，角色] 创建默认域default: openstack domain create --description "Default Domain" default 创建admin的租户： openstack project create --domain default \ --description "Admin Project" admin 创建admin用户： openstack user create --domain default \ --password-prompt admin（会提示输入密码为登录dashboard的密码）创建admin角色： openstack role create admin 将用户租户角色连接起来： openstack role add --project admin --user admin admin 创建服务目录： openstack project create --domain default \ --description "Service Project" service 创建demo信息类似admin： openstack project create --domain default \ --description "Demo Project" demo openstack user create --domain default \ --password-prompt demo openstack role create user openstack role add --project demo --user demo user 创建完成之后可以使用命令验证： openstack --os-auth-url http://control:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue 输入密码之后，有正确的输出即为配置正确。可将环境变量设置为脚本： vi admin-openrc 加入： export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=xxxx export OS_AUTH_URL=http://control:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 demo的变量类似即可。运行使用 . admin-openrc或者使用source admin-openrc 验证输入命令： openstack token issue 有正确的输出即为配置正确。 8.[glance镜像服务] 建立glance数据登录mysql mysql -u root -p CREATE DATABASE glance; 授权 GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY '密码'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY '密码'; 运行环境变量： . admin-openrc 创建glance用户信息： openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin 创建镜像服务目录： openstack service create --name glance \ --description "OpenStack Image" image 创建镜像endpoint： penstack endpoint create --region RegionOne \ image public http://control:9292 penstack endpoint create --region RegionOne \ image internal http://control:9292 penstack endpoint create --region RegionOne \ image admin http://control:9292 安装： yum install openstack-glance vi /etc/glance/glance-api.conf 配置数据库连接： connection = mysql+pymysql://glance:密码@数据库ip/glance 找到[keystone_authtoken]（配置认证）加入： auth_uri = http://control:5000 auth_url = http://control:35357 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = xxxx 找到：[paste_deploy] flavor = keystone 找到[glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ 编辑/etc/glance/glance-registry.conf 找到[database] connection = mysql+pymysql://glance:密码@数据库ip/glance 找到[keystone_authtoken]（配置认证）加入： auth_uri = http://control:5000 auth_url = http://control:35357 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = xxxx 找到：[paste_deploy] flavor = keystone 同步数据库： glance-manage db_sync 启动glance： systemctl enable openstack-glance-api.service \ openstack-glance-registry.service systemctl start openstack-glance-api.service \ openstack-glance-registry.service 验证：运行环境变量： . admin-openrc 下载一个比较小的镜像（官方提供）： wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img 上传镜像： openstack image create "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public 查看： openstack image list 有输出证明glance配置正确 9.[nova 控制节点] 建立nova的数据库：、 mysql -u root -p CREATE DATABASE nova_api; CREATE DATABASE nova; 授权： GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY '密码'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY '密码'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY '密码'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY '密码'; 运行环境变量： . admin-openrc 创建nova用户： openstack user create --domain default \ --password-prompt nova openstack role add --project service --user nova admin 创建计算服务： openstack service create --name nova \ --description "OpenStack Compute" compute 创建endpoint： openstack endpoint create --region RegionOne \ compute public http://control:8774/v2.1/%$tenant_id$s openstack endpoint create --region RegionOne \ compute internal http://control:8774/v2.1/%$tenant_id$s openstack endpoint create --region RegionOne \ compute admin http://control:8774/v2.1/%$tenant_id$s 安装： yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler 编辑/etc/nova/nova.conf 找到：[DEFAULT] enabled_apis = osapi_compute,metadata 找到： [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = xxx [DEFAULT] my_ip = ip地址 [DEFAULT] use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip [glance] api_servers = http://control:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp 同步数据库： nova-manage api_db sync nova-manage db sync 启动服务： systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service 10.[nova计算节点] yum install openstack-nova-compute 编辑/etc/nova/nova.conf [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = xxx [DEFAULT] auth_strategy = keystone [keystone_authtoken] auth_uri = http://control:5000 auth_url = http://control:35357 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = xxx [DEFAULT] ... my_ip =计算节点ip地址 [DEFAULT] ... use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] ... enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://control:6080/vnc_auto.html [glance] ... api_servers = http://controller:9292 [oslo_concurrency] ... lock_path = /var/lib/nova/tmp 注意： egrep -c '(vmx|svm)' /proc/cpuinfo 如果为0则需要修改/etc/nova/nova.conf [libvirt] ... virt_type = qemu 为大于0则不需要启动： systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service 在控制节点验证：运行环境变量： . admin-openrc openstack compute service list 输出正常即为配置正确 11.[neutron 控制节点] 创建neutron数据库 mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS'; 运行环境变量： . admin-openrc 创建用户： openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin 创建网络服务： openstack service create --name neutron \ --description "OpenStack Networking" network 创建neutron endpoint openstack endpoint create --region RegionOne \ network public http://control:9696 openstack endpoint create --region RegionOne \ network internal http://control:9696 openstack endpoint create --region RegionOne \ network admin http://control:9696 创建vxlan网络： yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables 编辑：/etc/neutron/neutron.conf [database] ... connection = mysql+pymysql://neutron:密码@control/neutron [DEFAULT] ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = True [DEFAULT] ... rpc_backend = rabbit [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] ... auth_strategy = keystone [keystone_authtoken] ... auth_uri = http://control:5000 auth_url = http://control:35357 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = xxxx [DEFAULT] ... notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True [nova] ... auth_url = http://control:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = xxxx [oslo_concurrency] ... lock_path = /var/lib/neutron/tmp 配置ml2扩展：编辑：/etc/neutron/plugins/ml2/ml2_conf.ini [ml2] ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] ... flat_networks = provider [ml2_type_vxlan] ... vni_ranges = 1:1000 [securitygroup] ... enable_ipset = True 配置网桥：编辑：/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:使用的网卡名称 ... [vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True ... [securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 配置3层网络：编辑：/etc/neutron/l3_agent.ini [DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 配置dhcp：编辑：/etc/neutron/dhcp_agent.ini [DEFAULT] ... interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True ... 配置metadata agent 编辑：/etc/neutron/metadata_agent.ini [DEFAULT] ... nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET 编辑/etc/nova/nova.conf [neutron] ... url = http://control:9696 auth_url = http://control:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = xxxx ... service_metadata_proxy = True metadata_proxy_shared_secret = METADATA_SECRET 创建扩展连接： ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini ... 启动： systemctl restart openstack-nova-api.service systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl start neutron-l3-agent.service 12.[neutron计算节点] yum install openstack-neutron-linuxbridge ebtables ipset 编辑： /etc/neutron/neutron.conf [DEFAULT] ... rpc_backend = rabbit auth_strategy = keystone ... [oslo_messaging_rabbit] ... rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS ... [keystone_authtoken] ... auth_uri = http://control:5000 auth_url = http://control:35357 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = xxxx ... ... [oslo_concurrency] ... lock_path = /var/lib/neutron/tmp ... 配置vxlan 编辑：/etc/neutron/plugins/ml2/linuxbridge_agent.ini ... [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME ... [vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True ... [securitygroup] ... enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 编辑/etc/nova/nova.conf ... [neutron] ... url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = xxxx ... 启动： systemctl restart openstack-nova-compute.service systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service ... 验证：运行环境变量： . admin-openrc neutron ext-list 输出正常即可 13.[dashboard] yum install openstack-dashboard 编辑：/etc/openstack-dashboard/local_settings OPENSTACK_HOST = "control" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 2, } OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" 启动： systemctl restart httpd.service memcached.service 到此openstack安装完，你可以去dashboard上面去创建云主机了。参考文献：http://docs.openstack.org/mitaka/install-guide-rdo/