在CentOS 7上安装OpenStack Mitaka版本

共计 39945 个字符，预计需要花费 100 分钟才能阅读完成。

前言：openstack 真是一个庞然大物，想要吃透还真不容易，所以在对 openstack 大概有了一个了解的时候，就应该是部署，虽然 openstack 的安装方式有 rdo 或者 devstack 等一键安装工具，但是最好浅尝辄止，有了大概的使用经验之后就应该是从头到尾的安装一遍了，不然对于那些报错，以及故障的解决一定是不够气定神闲的，因此，当你有了 openstack 的基本认识后，开始安装吧~

注：openstack 的官方文档写得真的是，好的不要不要的，但是看英文总是感觉有点不溜，因此在官方文档的基础上写得这篇笔记。

参考:http://docs.openstack.org/mitaka/install-guide-rdo/

下面是小编为你精选的 Openstack 相关知识，看看是否有你喜欢的：

在 Ubuntu 12.10 上安装部署 Openstack http://www.linuxidc.com/Linux/2013-08/88184.htm

Ubuntu 12.04 OpenStack Swift 单节点部署手册 http://www.linuxidc.com/Linux/2013-08/88182.htm

OpenStack 云计算快速入门教程 http://www.linuxidc.com/Linux/2013-08/88186.htm

企业部署 OpenStack：该做与不该做的事 http://www.linuxidc.com/Linux/2013-09/90428.htm

CentOS 6.5 x64bit 快速安装 OpenStack http://www.linuxidc.com/Linux/2014-06/103775.htm

首先应该是大概的规划，需要几个节点，选择什么操作系统，网络怎么划分~

下面是我的大概规划

  节点数：2 (控制节点，计算节点)

  操作系统：CentOS Linux release 7.2.1511 (Core)

  网络配置：

    控制节点：10.0.0.101 192.168.15.101 

    结算节点：10.0.0.102 192.168.15.102

先决条件：

The following minimum requirements should support a proof-of-concept environment with core services and several CirrOS instances:

Controller Node: 1 processor, 4 GB memory, and 5 GB storage

Compute Node: 1 processor, 2 GB memory, and 10 GB storage

官方建议概念验证的最小硬件需求。

  控制节点 1 处理器，4 GB 内存，5 GB 硬盘

  计算节点 1 处理器，2 GB 内存，10 GB 硬盘

参考：http://docs.openstack.org/mitaka/install-guide-rdo/environment.html

注：如果你是用手动一步一步的创建操作系统，配置网络，那么笔者就得好好的鄙视你了~~ 研究研究 vagrant 吧，通过下面的配置文件你就能一条命令生成两个虚拟机，并配置好网络了，vagrant 简易教程参考：http://youerning.blog.51cto.com/10513771/1745102

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
    config.vm.box = “centos7”
    node_servers = {:control => [‘10.0.0.101′,’192.168.15.101’],
                    :compute => [‘10.0.0.102′,’192.168.15.102’]
                }
    node_servers.each do |node_name,node_ip|
        config.vm.define node_name do |node_config|
            node_config.vm.host_name = node_name.to_s
            node_config.vm.network :private_network,ip: node_ip[0]
            node_config.vm.network :private_network,ip: node_ip[1],virtualbox_inet: true
        config.vm.boot_timeout = 300
            node_config.vm.provider “virtualbox” do |v|
                v.memory = 4096
                v.cpus = 1
            end
        end
    end
end

通过 vagrant up 一条命令，稍等一会，两个热腾腾的虚拟机就出炉了，我们的环境就 OK 了~~

环境如下

  操作系统：CentOS Linux release 7.2.1511 (Core)

  网络配置：

    控制节点：10.0.0.101 192.168.15.101 

    结算节点：10.0.0.102 192.168.15.102

注意：上面的 config.vm.box = “centos7″，首先需要有个 centos7 的 box

在开始部署前，我们先捋一捋 openstack 安装步骤

首先是软件环境准备，我们需要将一些通用的软件以及源仓库等进行配置，基本如下

  NTP 服务器

      控制节点，其他节点

  openstack 安装包仓库

  通用组件：

    SQL 数据库 ===> MariaDB

    NoSQL 数据库 ==> MongoDB(基本组件不需要，)

    消息队列 ==> RabbitMQ

    Memcached

再就是 openstack 整个框架下的各个组件，基本组件如下

  认证服务 ===> Keystone

  镜像服务 ===> Glance

  计算资源服务 ===> Nova

  网络资源服务 ===> Neutron

  Dashboard ===> Horizon

  块存储服务 ===> Cinder

其他存储服务，如下

  文件共享服务 ===> Manila

  对象存储服务 ===> Swift

其他组件，如下

  编排服务 ===> Heat

  遥测服务 ===> Ceilometer

  数据库服务 ===>  Trove

环境准备

域名解析：

在各个节点编辑 hosts 文件, 加入以下配置

    10.0.0.101 controller

    10.0.0.102 compute

ntp 时间服务器

控制节点

    1) 安装 chrony 软件包

    yum install chrony

    2) 编辑配置文件 /etc/chrony.conf，添加以下内容，202.108.6.95 可根据自己需求自行更改。

    server 202.108.6.95 iburst

    allow 10.0.0.0/24

  3)加入自启动，并启动

    # systemctl enable chronyd.service

    # systemctl start chronyd.service

其他节点

    1) 安装 chrony 软件包

    yum install chrony

    2) 编辑配置文件 /etc/chrony.conf，添加以下内容

    server controller iburst

    allow 10.0.0.0/24

  3)加入自启动，并启动

    # systemctl enable chronyd.service

    # systemctl start chronyd.service

验证：

控制节点

 chronyc sources

  210 Number of sources = 2

  MS Name/IP address        Stratum Poll Reach LastRx Last sample

  =============================================================

  ^- 192.0.2.11                    2  7    12  137  -2814us[-3000us] +/-  43ms

  ^* 192.0.2.12                    2  6  177    46    +17us[-23us] +/-  68ms 

其他节点

 # chronyc sources

  210 Number of sources = 1

  MS Name/IP address        Stratum Poll Reach LastRx Last sample

  ===============================================================================

  ^* controller                    3    9  377  421    +15us[-87us] +/-  15ms

 
openstack 安装包仓库

  安装相应 openstack 版本 yum 源

yum install centos-release-openstack-mitaka

  系统更新

yum upgrade

  注：如果系统内核有更新，需要重启

安装 openstackclient，openstack-selinux

yum install python-openstackclient
yum install openstack-selinux

注：如果报什么 Package does not match intended download，则 yum clean all 或者直接下载 rpm 包安装吧。

参考下载地址：http://ftp.usf.edu/pub/centos/7/cloud/x86_64/openstack-kilo/common/

SQL 数据库

  安装

1 yum install mariadb mariadb-server python2-PyMySQL

创建 /etc/my.cnf.d/openstack.cnf 配置文件，加入以下内容

# 绑定 IP
[mysqld]
bind-address = 10.0.0.11
# 设置字符集等
default-storage-engine = innodb    .
innodb_file_per_table
collation-server = utf8_general_ci 
character-set-server = utf8
 
配置启动项，启动等 

systemctl enable mariadb.service 
systemctl start mariadb.service

数据库初始化，创建 root 密码等，操作如下

mysql_secure_installation

    Enter current password for root (enter for none):[Enter] 

    Set root password? [Y/n] Y 

    New password: openstack 

    Re-enter new password:openstack 

    Remove anonymous users? [Y/n] Y 

    Disallow root login remotely? [Y/n] n 

    Remove test database and access to it? [Y/n] Y 

    Reload privilege tables now? [Y/n] Y

消息队列 rabbitmq

  安装

yum install rabbitmq-server

配置启动项，启动

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

  添加 openstack 用户

rabbitmqctl add_user openstack RABBIT_PASS

  设置 openstack 用户的权限，依次分别为写，读，访问

rabbitmqctl set_permissions openstack “.*””.*””.*”

NoSQL Mongodb

安装

yum install mongodb-server mongodb

配置 /etc/mongod.conf 配置文件

bind_ip = 10.0.0.11
#smallfile=true 可选
smallfiles = true

配置启动项，启动

# systemctl enable mongod.service
# systemctl start mongod.service

Memcached

安装

# yum install memcached python-memcached

配置启动项，启动

# systemctl enable memcached.service
# systemctl start memcached.service

至此，openstack 整个框架的软件环境基本搞定，下面就是各组件了。

安装各组件很有意思，除了 keystone 基本上是差不多的步骤，唯一的区别就是创建时指定的名字不同而已，基本是一般以下步骤。
 
1)配置数据库

create database xxx
GRANT ALL PRIVILEGES ON keystone.* TO ‘xxxx’@’localhost’ \
  IDENTIFIED BY ‘XXXX_DBPASS’;
GRANT ALL PRIVILEGES ON keystone.* TO ‘xxxx’@’%’ \
  IDENTIFIED BY ‘XXXX_DBPASS’;

2)安装

yum install xxx

3)配置文件

配置各项服务的连接, 比如数据库，rabbitmq 等

认证配置

特定配置

5)数据库同步

创建需要的表

4)加入启动项，启动

# systemctl enable openstack-xxx.service
# systemctl start openstack-xxxx.service

5)创建用户，service，endpoint 等

openstack user create xxx
openstack service create xxx
openstack endpoint create xxx

6)验证服务是否成功

注：配置文件的配置建议首先备份，然后为了省略不必要的篇幅，在此说明配置文件的编辑方式，如下。

[DEFAULT]

…

admin_token = ADMIN_TOKEN

上面的内容，指明在 [DEFAULT] 的段落加入 admin_token = ADMIN_TOKEN 内容。

各组件安装

认证服务 Keystone

配置数据库

$ mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ \
  IDENTIFIED BY ‘KEYSTONE_DBPASS’;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ \
  IDENTIFIED BY ‘KEYSTONE_DBPASS’;

安装

# yum install openstack-keystone httpd mod_wsgi

配置文件 /etc/keystone/keystone.conf

admin 令牌

[DEFAULT]
… 
admin_token = ADMIN_TOKEN

数据库

[database]
…
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

令牌生成方式

[token]
…
provider = fernet

注：上面的 ADMIN_TOKEN 可用 openssl rand -hex 10 命令生成，或者填入一串自定义的字符串

数据库同步

# su -s /bin/sh -c “keystone-manage db_sync” keystone

初始化 fernet 秘钥。

令牌的生成方式参考：http://blog.csdn.net/miss_yang_cloud/article/details/49633719

# keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone

配置 Apache

编辑 /etc/httpd/conf/httpd.conf

更改一下内容

ServerName controller

创建 /etc/httpd/conf.d/wsgi-keystone.conf 配置文件，加入以下内容

Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat “%{cu}t %M”
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat “%{cu}t %M”
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

配置启动项，启动

# systemctl enable httpd.service
# systemctl start httpd.service

创建 service，API endpoint

为了避免不必要的篇幅，将 admin_token，endpoint url 配置到环境变量。

$ export OS_TOKEN=ADMIN_TOKEN
$ export OS_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

创建 service

 $ openstack service create \
  –name keystone –description “OpenStack Identity” identity

创建 endpoint，依次有 public，internal，admin

$ openstack endpoint create –region RegionOne \
  identity public http://controller:5000/v3
$ openstack endpoint create –region RegionOne \
  identity internal http://controller:5000/v3
$ openstack endpoint create –region RegionOne \
  identity admin http://controller:35357/v3

创建域，项目，用户，角色 domain,project,user,role

创建 domain

openstack domain create –description “Default Domain” default

创建 project

openstack user create –domain default \
  –password-prompt admin

创建 admin role

openstack role create admin

将 admin 角色加入 admin 项目中

openstack role add –project admin –user admin admin

创建 service 项目

openstack project create –domain default \
  –description “Service Project” service

创建 demo 项目

openstack project create –domain default \
  –description “Demo Project” demo

创建 demo 用户

openstack user create –domain default \
  –password-prompt demo

创建 user 角色

openstack role create user

将 user 角色加入到 demo 项目中

openstack role add –project demo –user demo user

注：记住创建用户时的密码。

验证 admin 用户

unset OS_TOKEN OS_URL
openstack –os-auth-url http://controller:35357/v3 \
  –os-project-domain-name default –os-user-domain-name default \
  –os-project-name admin –os-username admin token issue

Password:

+————+—————————————————————–+

| Field      | Value                                                          |

+————+—————————————————————–+

| expires    | 2016-02-12T20:14:07.056119Z                                    |

| id        | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |

|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |

|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws      |

| project_id | 343d245e850143a096806dfaefa9afdc                                |

| user_id    | ac3377633149401296f6c0d92d79dc16                                |

+————+—————————————————————–+

验证 demo 用户

$ openstack –os-auth-url http://controller:5000/v3 \
  –os-project-domain-name default –os-user-domain-name default \
  –os-project-name demo –os-username demo token issue

Password:

+————+—————————————————————–+

| Field      | Value                                                          |

+————+—————————————————————–+

| expires    | 2016-02-12T20:15:39.014479Z                                    |

| id        | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |

|            | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |

|            | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U      |

| project_id | ed0b60bf607743088218b0a533d5943f                                |

| user_id    | 58126687cbcc4888bfa9ab73a2256f27                                |

+————+—————————————————————–+

如果有以上格式返回，验证通过

admin，demo 用户的环境变量脚本

正常情况下，当然吧诸如 os-xxxx 的参数放在环境变量中，为了更快的在 admin，demo 用户之间切换，创建环境脚本

创建 admin-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

创建 demo-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

在此验证 admin

首先 . admin-openrc

$ openstack token issue

+————+—————————————————————–+

| Field      | Value                                                          |

+————+—————————————————————–+

| expires    | 2016-02-12T20:44:35.659723Z                                    |

| id        | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |

|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |

|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E      |

| project_id | 343d245e850143a096806dfaefa9afdc                                |

| user_id    | ac3377633149401296f6c0d92d79dc16                                |

+————+—————————————————————–+

镜像服务 Glance

配置数据库

$ mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’localhost’ \
  IDENTIFIED BY ‘GLANCE_DBPASS’;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ \
  IDENTIFIED BY ‘GLANCE_DBPASS’;

创建 service，user，role

$ . admin-openrc
$ openstack user create –domain default –password-prompt glance
$ openstack role add –project service –user glance admin

创建 endpoint，依次有 public，internal，admin

$ openstack service create –name glance \
  –description “OpenStack Image” image
$ openstack endpoint create –region RegionOne \
  image public http://controller:9292
$ openstack endpoint create –region RegionOne \
  image internal http://controller:9292
$ openstack endpoint create –region RegionOne \
  image admin http://controller:9292

安装

# yum install openstack-glance

配置文件 /etc/glance/glance-api.conf

数据库

[database]
…
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

keystone 认证

[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
…
flavor = keystone

glance 存储

[glance_store]
…
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

配置文件 /etc/glance/glance-registry.conf

数据库

[database]
…
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

keystone 认证

[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
…
flavor = keystone
 
同步数据库

# su -s /bin/sh -c “glance-manage db_sync” glance
 
启动

# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service

验证

$ . admin-openrc

下载 cirros 镜像

$ wget
 
http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

创建镜像

$ openstack image create “cirros” \
  –file cirros-0.3.4-x86_64-disk.img \
  –disk-format qcow2 –container-format bare \
  –public

如果执行以下命令，显示如下，则成功

$ openstack image list
+————————————–+——–+
| ID                                  | Name  |
+————————————–+——–+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros |
+————————————–+——–+

计算资源服务 nova

控制节点

数据库

$ mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’localhost’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’localhost’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;

创建 service，user，role

$ . admin-openrc
$ openstack user create –domain default \
  –password-prompt nova
$ openstack role add –project service –user nova admin
$ openstack service create –name nova \
  –description “OpenStack Compute” compute

创建 endpoint，依次有 public，internal，admin

$ openstack endpoint create –region RegionOne \
  compute public http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  compute internal http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  compute admin http://controller:8774/v2.1/%\(tenant_id\)s

安装

# yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler

 配置文件 /etc/nova/nova.conf

启用的 api

[DEFAULT]
…
enabled_apis = osapi_compute,metadata
[api_database]
…
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

数据库

[database]
…
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

rabbitmq 队列

[DEFAULT]
…
rpc_backend = rabbit
[oslo_messaging_rabbit]
…
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

keystone 认证

[DEFAULT]
…
auth_strategy = keystone
[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS

绑定 ip

[DEFAULT]
…
my_ip = 10.0.0.101

支持 neutron

[DEFAULT]
…
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

vnc 配置

[vnc]
…
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

glance 配置

[glance]
…
api_servers = http://controller:9292

并发锁

[oslo_concurrency]
…
lock_path = /var/lib/nova/tmp

同步数据库

# su -s /bin/sh -c “nova-manage api_db sync” nova
# su -s /bin/sh -c “nova-manage db sync” nova

启动

# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

更多详情见请继续阅读下一页的精彩内容：http://www.linuxidc.com/Linux/2016-05/130933p2.htm

计算节点

安装

yum install openstack-neutron-linuxbridge ebtables

配置文件 /etc/neutron/neutron.conf

rabbitmq 队列

[DEFAULT]
…
rpc_backend = rabbit
[oslo_messaging_rabbit]
…
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

keystone 认证

[DEFAULT]
…
auth_strategy = keystone
[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

并发锁

[oslo_concurrency]
…
lock_path = /var/lib/neutron/tmp

配置文件 /etc/nova/nova.conf

[neutron]
…
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

重启 nova-compute

# systemctl restart openstack-nova-compute.service

启动

# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service

验证

$ . admin-openrc
$ neutron ext-list

+—————————+———————————————–+

| alias                    | name                                          |

+—————————+———————————————–+

| default-subnetpools      | Default Subnetpools                          |

| network-ip-availability  | Network IP Availability                      |

| network_availability_zone | Network Availability Zone                    |

| auto-allocated-topology  | Auto Allocated Topology Services              |

| ext-gw-mode              | Neutron L3 Configurable external gateway mode |

| binding                  | Port Binding                                  |

…………

Dashboard horizon

注：必须在控制节点

安装

# yum install openstack-dashboard

配置文件 /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = “controller”
ALLOWED_HOSTS = [‘*’,]
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’
CACHES = {
    ‘default’: {
        ‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’,
        ‘LOCATION’: ‘controller:11211’,
    }
}
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v3” % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    “identity”: 3,
    “image”: 2,
    “volume”: 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = “default”
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
OPENSTACK_NEUTRON_NETWORK = {
    …
    ‘enable_router’: False,
    ‘enable_quotas’: False,
    ‘enable_distributed_router’: False,
    ‘enable_ha_router’: False,
    ‘enable_lb’: False,
    ‘enable_firewall’: False,
    ‘enable_vpn’: False,
    ‘enable_fip_topology_check’: False,
}
TIME_ZONE = “Asia/Shanghai”

启动

# systemctl restart httpd.service memcached.service

验证

访问 http://controller/dashboard

块存储 cinder

数据库

$ mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’localhost’ \
  IDENTIFIED BY ‘CINDER_DBPASS’;
GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’ \
  IDENTIFIED BY ‘CINDER_DBPASS’;

创建 service，user，role

$ . admin-openrc
$ openstack user create –domain default –password-prompt cinder
$ openstack role add –project service –user cinder admin

注意，这里创建两个 service

$ openstack service create –name cinder \
  –description “OpenStack Block Storage” volume
$ openstack service create –name cinderv2 \
  –description “OpenStack Block Storage” volumev2

创建 endpoint，依次有 public，internal，admin

$ openstack endpoint create –region RegionOne \
  volume public http://controller:8776/v1/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  volume internal http://controller:8776/v1/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  volume admin http://controller:8776/v1/%\(tenant_id\)s

注意，每个 service 对应三个 endpoint

$ openstack endpoint create –region RegionOne \
  volumev2 public http://controller:8776/v2/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  volumev2 admin http://controller:8776/v2/%\(tenant_id\)s

安装

控制节点

# yum install openstack-cinder

配置文件 /etc/cinder/cinder.conf

数据库

[database]
…
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

rabbitmq 队列

[DEFAULT]
…
rpc_backend = rabbit
[oslo_messaging_rabbit]
…
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

keystone 认证

[DEFAULT]
…
auth_strategy = keystone
[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS

绑定 ip

[DEFAULT]
…
my_ip = 10.0.0.11

并行锁

[oslo_concurrency]
…
lock_path = /var/lib/cinder/tmp

同步数据库

# su -s /bin/sh -c “cinder-manage db sync” cinder

配置文件 /etc/nova/nova.conf

[cinder]
os_region_name = RegionOne

重启 nova-api

# systemctl restart openstack-nova-api.service

启动

# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

其他节点，可在计算节点加一块硬盘

注：需要另外一块硬盘

安装

# yum install lvm2
# systemctl enable lvm2-lvmetad.service
# systemctl start lvm2-lvmetad.service

创建逻辑卷

# pvcreate /dev/sdb
Physical volume “/dev/sdb” successfully created

# vgcreate cinder-volumes /dev/sdb
Volume group “cinder-volumes” successfully created

配置文件 /etc/lvm/lvm.conf

devices {
…
filter = [“a/sdb/”, “r/.*/”]

注：新添加的硬盘一般为 sdb，如果有 sdc，sde 等，则为 filter = [“a/sdb/”, “a/sdb/”，”a/sdb/”，”r/.*/”]，以此类推

安装

# yum install openstack-cinder targetcli

配置文件 /etc/cinder/cinder.conf

数据库

1
2
3 [database]
…
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

rabbitmq 队列

[DEFAULT]
…
rpc_backend = rabbit
[oslo_messaging_rabbit]
…
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

keystone 认证

[DEFAULT]
…
auth_strategy = keystone
[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS

绑定 ip

[DEFAULT]
…
my_ip = 10.0.0.102

增加 [lvm] 及其内容

[lvm]
…
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm

后端启用 lvm

[DEFAULT]
…
enabled_backends = lvm

配置 Glance API

1
2
3 [DEFAULT]
…
glance_api_servers = http://controller:9292

并行锁

[oslo_concurrency]
…
lock_path = /var/lib/cinder/tmp

启动

# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service

验证

$ . admin-openrc
$ cinder service-list

+——————+————+——+———+——-+—————————-+—————–+

|      Binary      |    Host    | Zone |  Status | State |        Updated_at        | Disabled Reason |

+——————+————+——+———+——-+—————————-+—————–+

| cinder-scheduler | controller | nova | enabled |  up  | 2014-10-18T01:30:54.000000 |      None      |

| cinder-volume    | block1@lvm | nova | enabled |  up  | 2014-10-18T01:30:57.000000 |      None      |

至此。基本上完成了，所有的安装，你可以在 dashboard 上首先用 admin 用户创建一个网络，然后用新建一个实例

后记：虽然手动安装一整套实在有点夸张，这里还是用 yum 的呢~ 但是至少得这么手动来一次，其他时候就脚本或者安装工具吧，复制粘贴都把我复制的眼花了~

其他组件就另起一篇文章了，值得注意的是，官方文档才是最好的文档

更多 CentOS 相关信息见CentOS 专题页面 http://www.linuxidc.com/topicnews.aspx?tid=14

本文永久更新链接地址：http://www.linuxidc.com/Linux/2016-05/130933.htm

前言：openstack 真是一个庞然大物，想要吃透还真不容易，所以在对 openstack 大概有了一个了解的时候，就应该是部署，虽然 openstack 的安装方式有 rdo 或者 devstack 等一键安装工具，但是最好浅尝辄止，有了大概的使用经验之后就应该是从头到尾的安装一遍了，不然对于那些报错，以及故障的解决一定是不够气定神闲的，因此，当你有了 openstack 的基本认识后，开始安装吧~

注：openstack 的官方文档写得真的是，好的不要不要的，但是看英文总是感觉有点不溜，因此在官方文档的基础上写得这篇笔记。

参考:http://docs.openstack.org/mitaka/install-guide-rdo/

下面是小编为你精选的 Openstack 相关知识，看看是否有你喜欢的：

在 Ubuntu 12.10 上安装部署 Openstack http://www.linuxidc.com/Linux/2013-08/88184.htm

Ubuntu 12.04 OpenStack Swift 单节点部署手册 http://www.linuxidc.com/Linux/2013-08/88182.htm

OpenStack 云计算快速入门教程 http://www.linuxidc.com/Linux/2013-08/88186.htm

企业部署 OpenStack：该做与不该做的事 http://www.linuxidc.com/Linux/2013-09/90428.htm

CentOS 6.5 x64bit 快速安装 OpenStack http://www.linuxidc.com/Linux/2014-06/103775.htm

首先应该是大概的规划，需要几个节点，选择什么操作系统，网络怎么划分~

下面是我的大概规划

  节点数：2 (控制节点，计算节点)

  操作系统：CentOS Linux release 7.2.1511 (Core)

  网络配置：

    控制节点：10.0.0.101 192.168.15.101 

    结算节点：10.0.0.102 192.168.15.102

先决条件：

The following minimum requirements should support a proof-of-concept environment with core services and several CirrOS instances:

Controller Node: 1 processor, 4 GB memory, and 5 GB storage

Compute Node: 1 processor, 2 GB memory, and 10 GB storage

官方建议概念验证的最小硬件需求。

  控制节点 1 处理器，4 GB 内存，5 GB 硬盘

  计算节点 1 处理器，2 GB 内存，10 GB 硬盘

参考：http://docs.openstack.org/mitaka/install-guide-rdo/environment.html

注：如果你是用手动一步一步的创建操作系统，配置网络，那么笔者就得好好的鄙视你了~~ 研究研究 vagrant 吧，通过下面的配置文件你就能一条命令生成两个虚拟机，并配置好网络了，vagrant 简易教程参考：http://youerning.blog.51cto.com/10513771/1745102

# -*- mode: ruby -*-
# vi: set ft=ruby :
Vagrant.configure(2) do |config|
    config.vm.box = “centos7”
    node_servers = {:control => [‘10.0.0.101′,’192.168.15.101’],
                    :compute => [‘10.0.0.102′,’192.168.15.102’]
                }
    node_servers.each do |node_name,node_ip|
        config.vm.define node_name do |node_config|
            node_config.vm.host_name = node_name.to_s
            node_config.vm.network :private_network,ip: node_ip[0]
            node_config.vm.network :private_network,ip: node_ip[1],virtualbox_inet: true
        config.vm.boot_timeout = 300
            node_config.vm.provider “virtualbox” do |v|
                v.memory = 4096
                v.cpus = 1
            end
        end
    end
end

通过 vagrant up 一条命令，稍等一会，两个热腾腾的虚拟机就出炉了，我们的环境就 OK 了~~

环境如下

  操作系统：CentOS Linux release 7.2.1511 (Core)

  网络配置：

    控制节点：10.0.0.101 192.168.15.101 

    结算节点：10.0.0.102 192.168.15.102

注意：上面的 config.vm.box = “centos7″，首先需要有个 centos7 的 box

在开始部署前，我们先捋一捋 openstack 安装步骤

首先是软件环境准备，我们需要将一些通用的软件以及源仓库等进行配置，基本如下

  NTP 服务器

      控制节点，其他节点

  openstack 安装包仓库

  通用组件：

    SQL 数据库 ===> MariaDB

    NoSQL 数据库 ==> MongoDB(基本组件不需要，)

    消息队列 ==> RabbitMQ

    Memcached

再就是 openstack 整个框架下的各个组件，基本组件如下

  认证服务 ===> Keystone

  镜像服务 ===> Glance

  计算资源服务 ===> Nova

  网络资源服务 ===> Neutron

  Dashboard ===> Horizon

  块存储服务 ===> Cinder

其他存储服务，如下

  文件共享服务 ===> Manila

  对象存储服务 ===> Swift

其他组件，如下

  编排服务 ===> Heat

  遥测服务 ===> Ceilometer

  数据库服务 ===>  Trove

环境准备

域名解析：

在各个节点编辑 hosts 文件, 加入以下配置

    10.0.0.101 controller

    10.0.0.102 compute

ntp 时间服务器

控制节点

    1) 安装 chrony 软件包

    yum install chrony

    2) 编辑配置文件 /etc/chrony.conf，添加以下内容，202.108.6.95 可根据自己需求自行更改。

    server 202.108.6.95 iburst

    allow 10.0.0.0/24

  3)加入自启动，并启动

    # systemctl enable chronyd.service

    # systemctl start chronyd.service

其他节点

    1) 安装 chrony 软件包

    yum install chrony

    2) 编辑配置文件 /etc/chrony.conf，添加以下内容

    server controller iburst

    allow 10.0.0.0/24

  3)加入自启动，并启动

    # systemctl enable chronyd.service

    # systemctl start chronyd.service

验证：

控制节点

 chronyc sources

  210 Number of sources = 2

  MS Name/IP address        Stratum Poll Reach LastRx Last sample

  =============================================================

  ^- 192.0.2.11                    2  7    12  137  -2814us[-3000us] +/-  43ms

  ^* 192.0.2.12                    2  6  177    46    +17us[-23us] +/-  68ms 

其他节点

 # chronyc sources

  210 Number of sources = 1

  MS Name/IP address        Stratum Poll Reach LastRx Last sample

  ===============================================================================

  ^* controller                    3    9  377  421    +15us[-87us] +/-  15ms

 
openstack 安装包仓库

  安装相应 openstack 版本 yum 源

yum install centos-release-openstack-mitaka

  系统更新

yum upgrade

  注：如果系统内核有更新，需要重启

安装 openstackclient，openstack-selinux

yum install python-openstackclient
yum install openstack-selinux

注：如果报什么 Package does not match intended download，则 yum clean all 或者直接下载 rpm 包安装吧。

参考下载地址：http://ftp.usf.edu/pub/centos/7/cloud/x86_64/openstack-kilo/common/

SQL 数据库

  安装

1 yum install mariadb mariadb-server python2-PyMySQL

创建 /etc/my.cnf.d/openstack.cnf 配置文件，加入以下内容

# 绑定 IP
[mysqld]
bind-address = 10.0.0.11
# 设置字符集等
default-storage-engine = innodb    .
innodb_file_per_table
collation-server = utf8_general_ci 
character-set-server = utf8
 
配置启动项，启动等 

systemctl enable mariadb.service 
systemctl start mariadb.service

数据库初始化，创建 root 密码等，操作如下

mysql_secure_installation

    Enter current password for root (enter for none):[Enter] 

    Set root password? [Y/n] Y 

    New password: openstack 

    Re-enter new password:openstack 

    Remove anonymous users? [Y/n] Y 

    Disallow root login remotely? [Y/n] n 

    Remove test database and access to it? [Y/n] Y 

    Reload privilege tables now? [Y/n] Y

消息队列 rabbitmq

  安装

yum install rabbitmq-server

配置启动项，启动

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

  添加 openstack 用户

rabbitmqctl add_user openstack RABBIT_PASS

  设置 openstack 用户的权限，依次分别为写，读，访问

rabbitmqctl set_permissions openstack “.*””.*””.*”

NoSQL Mongodb

安装

yum install mongodb-server mongodb

配置 /etc/mongod.conf 配置文件

bind_ip = 10.0.0.11
#smallfile=true 可选
smallfiles = true

配置启动项，启动

# systemctl enable mongod.service
# systemctl start mongod.service

Memcached

安装

# yum install memcached python-memcached

配置启动项，启动

# systemctl enable memcached.service
# systemctl start memcached.service

至此，openstack 整个框架的软件环境基本搞定，下面就是各组件了。

安装各组件很有意思，除了 keystone 基本上是差不多的步骤，唯一的区别就是创建时指定的名字不同而已，基本是一般以下步骤。
 
1)配置数据库

create database xxx
GRANT ALL PRIVILEGES ON keystone.* TO ‘xxxx’@’localhost’ \
  IDENTIFIED BY ‘XXXX_DBPASS’;
GRANT ALL PRIVILEGES ON keystone.* TO ‘xxxx’@’%’ \
  IDENTIFIED BY ‘XXXX_DBPASS’;

2)安装

yum install xxx

3)配置文件

配置各项服务的连接, 比如数据库，rabbitmq 等

认证配置

特定配置

5)数据库同步

创建需要的表

4)加入启动项，启动

# systemctl enable openstack-xxx.service
# systemctl start openstack-xxxx.service

5)创建用户，service，endpoint 等

openstack user create xxx
openstack service create xxx
openstack endpoint create xxx

6)验证服务是否成功

注：配置文件的配置建议首先备份，然后为了省略不必要的篇幅，在此说明配置文件的编辑方式，如下。

[DEFAULT]

…

admin_token = ADMIN_TOKEN

上面的内容，指明在 [DEFAULT] 的段落加入 admin_token = ADMIN_TOKEN 内容。

各组件安装

认证服务 Keystone

配置数据库

$ mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ \
  IDENTIFIED BY ‘KEYSTONE_DBPASS’;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ \
  IDENTIFIED BY ‘KEYSTONE_DBPASS’;

安装

# yum install openstack-keystone httpd mod_wsgi

配置文件 /etc/keystone/keystone.conf

admin 令牌

[DEFAULT]
… 
admin_token = ADMIN_TOKEN

数据库

[database]
…
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

令牌生成方式

[token]
…
provider = fernet

注：上面的 ADMIN_TOKEN 可用 openssl rand -hex 10 命令生成，或者填入一串自定义的字符串

数据库同步

# su -s /bin/sh -c “keystone-manage db_sync” keystone

初始化 fernet 秘钥。

令牌的生成方式参考：http://blog.csdn.net/miss_yang_cloud/article/details/49633719

# keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone

配置 Apache

编辑 /etc/httpd/conf/httpd.conf

更改一下内容

ServerName controller

创建 /etc/httpd/conf.d/wsgi-keystone.conf 配置文件，加入以下内容

Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat “%{cu}t %M”
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat “%{cu}t %M”
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

配置启动项，启动

# systemctl enable httpd.service
# systemctl start httpd.service

创建 service，API endpoint

为了避免不必要的篇幅，将 admin_token，endpoint url 配置到环境变量。

$ export OS_TOKEN=ADMIN_TOKEN
$ export OS_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

创建 service

 $ openstack service create \
  –name keystone –description “OpenStack Identity” identity

创建 endpoint，依次有 public，internal，admin

$ openstack endpoint create –region RegionOne \
  identity public http://controller:5000/v3
$ openstack endpoint create –region RegionOne \
  identity internal http://controller:5000/v3
$ openstack endpoint create –region RegionOne \
  identity admin http://controller:35357/v3

创建域，项目，用户，角色 domain,project,user,role

创建 domain

openstack domain create –description “Default Domain” default

创建 project

openstack user create –domain default \
  –password-prompt admin

创建 admin role

openstack role create admin

将 admin 角色加入 admin 项目中

openstack role add –project admin –user admin admin

创建 service 项目

openstack project create –domain default \
  –description “Service Project” service

创建 demo 项目

openstack project create –domain default \
  –description “Demo Project” demo

创建 demo 用户

openstack user create –domain default \
  –password-prompt demo

创建 user 角色

openstack role create user

将 user 角色加入到 demo 项目中

openstack role add –project demo –user demo user

注：记住创建用户时的密码。

验证 admin 用户

unset OS_TOKEN OS_URL
openstack –os-auth-url http://controller:35357/v3 \
  –os-project-domain-name default –os-user-domain-name default \
  –os-project-name admin –os-username admin token issue

Password:

+————+—————————————————————–+

| Field      | Value                                                          |

+————+—————————————————————–+

| expires    | 2016-02-12T20:14:07.056119Z                                    |

| id        | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |

|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |

|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws      |

| project_id | 343d245e850143a096806dfaefa9afdc                                |

| user_id    | ac3377633149401296f6c0d92d79dc16                                |

+————+—————————————————————–+

验证 demo 用户

$ openstack –os-auth-url http://controller:5000/v3 \
  –os-project-domain-name default –os-user-domain-name default \
  –os-project-name demo –os-username demo token issue

Password:

+————+—————————————————————–+

| Field      | Value                                                          |

+————+—————————————————————–+

| expires    | 2016-02-12T20:15:39.014479Z                                    |

| id        | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |

|            | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |

|            | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U      |

| project_id | ed0b60bf607743088218b0a533d5943f                                |

| user_id    | 58126687cbcc4888bfa9ab73a2256f27                                |

+————+—————————————————————–+

如果有以上格式返回，验证通过

admin，demo 用户的环境变量脚本

正常情况下，当然吧诸如 os-xxxx 的参数放在环境变量中，为了更快的在 admin，demo 用户之间切换，创建环境脚本

创建 admin-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

创建 demo-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

在此验证 admin

首先 . admin-openrc

$ openstack token issue

+————+—————————————————————–+

| Field      | Value                                                          |

+————+—————————————————————–+

| expires    | 2016-02-12T20:44:35.659723Z                                    |

| id        | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |

|            | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |

|            | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E      |

| project_id | 343d245e850143a096806dfaefa9afdc                                |

| user_id    | ac3377633149401296f6c0d92d79dc16                                |

+————+—————————————————————–+

镜像服务 Glance

配置数据库

$ mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’localhost’ \
  IDENTIFIED BY ‘GLANCE_DBPASS’;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ \
  IDENTIFIED BY ‘GLANCE_DBPASS’;

创建 service，user，role

$ . admin-openrc
$ openstack user create –domain default –password-prompt glance
$ openstack role add –project service –user glance admin

创建 endpoint，依次有 public，internal，admin

$ openstack service create –name glance \
  –description “OpenStack Image” image
$ openstack endpoint create –region RegionOne \
  image public http://controller:9292
$ openstack endpoint create –region RegionOne \
  image internal http://controller:9292
$ openstack endpoint create –region RegionOne \
  image admin http://controller:9292

安装

# yum install openstack-glance

配置文件 /etc/glance/glance-api.conf

数据库

[database]
…
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

keystone 认证

[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
…
flavor = keystone

glance 存储

[glance_store]
…
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

配置文件 /etc/glance/glance-registry.conf

数据库

[database]
…
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

keystone 认证

[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
…
flavor = keystone
 
同步数据库

# su -s /bin/sh -c “glance-manage db_sync” glance
 
启动

# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service

验证

$ . admin-openrc

下载 cirros 镜像

$ wget
 
http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

创建镜像

$ openstack image create “cirros” \
  –file cirros-0.3.4-x86_64-disk.img \
  –disk-format qcow2 –container-format bare \
  –public

如果执行以下命令，显示如下，则成功

$ openstack image list
+————————————–+——–+
| ID                                  | Name  |
+————————————–+——–+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros |
+————————————–+——–+

计算资源服务 nova

控制节点

数据库

$ mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’localhost’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’localhost’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’ \
  IDENTIFIED BY ‘NOVA_DBPASS’;

创建 service，user，role

$ . admin-openrc
$ openstack user create –domain default \
  –password-prompt nova
$ openstack role add –project service –user nova admin
$ openstack service create –name nova \
  –description “OpenStack Compute” compute

创建 endpoint，依次有 public，internal，admin

$ openstack endpoint create –region RegionOne \
  compute public http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  compute internal http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create –region RegionOne \
  compute admin http://controller:8774/v2.1/%\(tenant_id\)s

安装

# yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler

 配置文件 /etc/nova/nova.conf

启用的 api

[DEFAULT]
…
enabled_apis = osapi_compute,metadata
[api_database]
…
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

数据库

[database]
…
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

rabbitmq 队列

[DEFAULT]
…
rpc_backend = rabbit
[oslo_messaging_rabbit]
…
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

keystone 认证

[DEFAULT]
…
auth_strategy = keystone
[keystone_authtoken]
…
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS

绑定 ip

[DEFAULT]
…
my_ip = 10.0.0.101

支持 neutron

[DEFAULT]
…
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

vnc 配置

[vnc]
…
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

glance 配置

[glance]
…
api_servers = http://controller:9292

并发锁

[oslo_concurrency]
…
lock_path = /var/lib/nova/tmp

同步数据库

# su -s /bin/sh -c “nova-manage api_db sync” nova
# su -s /bin/sh -c “nova-manage db sync” nova

启动

# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

更多详情见请继续阅读下一页的精彩内容：http://www.linuxidc.com/Linux/2016-05/130933p2.htm