部署前准备
两台机器 3个cpu 3G内存 关闭防火墙 同步时间 关闭selinux 删除epel源,并且保证添加网卡后能上外网,且相互能访问 所有部署过程中涉及的密码均为redhat
controller 两块网卡 eth0:能上网的ip就行 eth1:10.0.0.11
computer1 两快网卡 eth0:能上网的ip就行 eth1:10.0.0.31
两台都进行如下操作
OpenStack packages
yum install centos-release-openstack-queens#可以根据自己需求选择为不同版本。
此操作后会生成各种源,所以可以删除之前电脑里存在的所有源
yum upgrade
yum -y install python-openstackclient
yum -y install openstack-selinux
SQL database controller机器上进行
#yum -y install mariadb mariadb-server python2-PyMySQL
#vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl enable mariadb.service
# systemctl start mariadb.service
# mysql_secure_installation
Message queue for RHEL and CentOS controller机器上进行
# yum install rabbitmq-server
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
# rabbitmqctl add_user openstack redhat #redhat为用户密码
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Memcached for RHEL and CentOS controller机器上进行
# yum -y install memcached python-memcached
#vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
# systemctl enable memcached.service
# systemctl start memcached.service
Etcd for RHEL and CentOS controller机器上进行
# yum install etcd
vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.0.0.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
# systemctl enable etcd
# systemctl start etcd
Keystone Installation Tutorial controller机器上进行
我选择的为queens版本
https://docs.openstack.org/keystone/queens/install/keystone-install-rdo.html
$ mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'redhat';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'redhat';
密码为redhat
#yum install openstack-keystone httpd mod_wsgi
#vim /etc/keystone/keystone.conf
#找到并进行修改
[database]
# ...第720行
connection = mysql+pymysql://keystone:redhat@controller/keystone
[token]
# ...第2879行
provider = fernet
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# keystone-manage bootstrap --bootstrap-password redhat \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
vim /etc/httpd/conf/httpd.conf
ServerName controller
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# systemctl enable httpd.service
# systemctl start httpd.service
# cat a.sh
export OS_USERNAME=admin
export OS_PASSWORD=redhat
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
# source a.sh
[root@controller ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 395a07cc92d649e585b1bdadabbd9fb1 |
| name | example |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | eaebc771028d4b3984120784b8218793 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | fa3a1e0929dc412ba4331e4f49815d19 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | cca50d13e9ec481e845b731c9a2fead4 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 8998bcd80f6242faa5d4307a524d1af9 |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-10-24T12:29:36+0000 |
| id | gAAAAABb0Fegx0amPBdRs6p9WtZVkNrHTgAU1LgWPkbWFNj1qxouZm46X2OswC765rGPiCjj8R9JB8T_b1zUvSeWANR35-weBHOSBAvdNBGp5SErKFvwDhKX8Bu7pU_6HnOWgfWPWv_h5Vpg3lugdW2kfuCDROSz0iW4ibBVzwfhhBFlGCErAvE |
| project_id | 985af2a69a414d559a7571123e0c0d86 |
| user_id | 03406f1222db4da6b7ed14ae28ef8031 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-10-24T12:29:56+0000 |
| id | gAAAAABb0Fe0RQ-qlr-J8bq7OVJDephWW5d43zzZlX7vAu1C5rdEFdRMS-kH20AyZFXnwTNCp73-mjJ4pWdsrEZEAJoRWKT8moT9Eovrav7vtTXpHUtSuqnVatW1rz9WvWf4uGVoyap0KgUuEIINV1CtwjTdeMONgpIp_j6SG0osjLod0jp3m2U |
| project_id | fa3a1e0929dc412ba4331e4f49815d19 |
| user_id | cca50d13e9ec481e845b731c9a2fead4 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=redhat
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=redhat
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-10-24T12:34:23+0000 |
| id | gAAAAABb0Fi_N_uxBNLxhPO34U7-ZKHQOQ3dTU5EJ_Q2-bcY_ybTJ5bf9XJ8_Sa4rkAX2AD7uWYYXXkMduWdMaF4CfbXADmlDqRtZVeTaXBjmZSbqCOebOxlYI7m4wwY_9npmqVCNSkRYYlPeKmR-AL3_ID4lPWjOp7DfWt42nwf179ivRZfixY |
| project_id | 985af2a69a414d559a7571123e0c0d86 |
| user_id | 03406f1222db4da6b7ed14ae28ef8031 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Installation glance controller机器上进行
mysql -u root -p
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'redhat';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'redhat';
# . admin-openrc
#openstack user create --domain default --password-prompt glance
#openstack role add --project service --user glance admin
#openstack service create --name glance \
--description "OpenStack Image" image
#openstack endpoint create --region RegionOne \
image public http://controller:9292
#openstack endpoint create --region RegionOne \
image internal http://controller:9292
#openstack endpoint create --region RegionOne \
image admin http://controller:9292
# yum install openstack-glance
修改配置文件
# vim /etc/glance/glance-api.conf
[database]
# ...第1925行
connection = mysql+pymysql://glance:redhat@controller/glance
[keystone_authtoken]
# ...第3481行
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = redhat
[paste_deploy]
# ...第4486行
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#vim /etc/glance/glance-registry.conf
[database]
# ...
connection = mysql+pymysql://glance:redhat@controller/glance
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = redhat
[paste_deploy]
# ...
flavor = keystone
#su -s /bin/sh -c "glance-manage db_sync" glance
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
Install and configure controller node for Red Hat Enterprise Linux and CentOS
controller机器上进行
https://docs.openstack.org/nova/queens/install/controller-install-rdo.html
[root@controller ~]# source admin-openrc
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> Ctrl-C -- exit!
Aborted
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3386e92c0cfc419cb20394d569d0e2cf |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 6df5c0e15ce944e3a6529747662c6650 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09bd81c419b24da6b338445e9dc8cc06 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6df5c0e15ce944e3a6529747662c6650 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b3ae693afde14053992bf5111559e69b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6df5c0e15ce944e3a6529747662c6650 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2a7dec8ea92846578e88b43d22461f84 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6df5c0e15ce944e3a6529747662c6650 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]#
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 6183a5e31e2445b89cebbb0fe82ffb6e |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 47461d3ccf674391b7ad0de4fbf996b0 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6168421db15c4761b06a7e06ced8a869 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 47461d3ccf674391b7ad0de4fbf996b0 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e1aaec4eb8dd4957b3a4bd046709cf81 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 47461d3ccf674391b7ad0de4fbf996b0 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 805cbb0f46d4419b9c65e7eb282562b5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 47461d3ccf674391b7ad0de4fbf996b0 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
vim /etc/nova/nova.conf
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
[api_database]
# ...
connection = mysql+pymysql://nova:redhat@controller/nova_api
[database]
# ...
connection = mysql+pymysql://nova:redhat@controller/nova
[DEFAULT]
# ...
transport_url = rabbit://openstack:redhat@controller
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
# ...
my_ip = 10.0.0.11
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = redhat
#vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
# systemctl restart httpd
#su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#su -s /bin/sh -c "nova-manage db sync" nova
#nova-manage cell_v2 list_cells
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
Networking service controller上进行
https://docs.openstack.org/neutron/queens/install/controller-install-rdo.html
按照官方文档一步步操作
遇到如下选择第一个即可
Choose one of the following networking options to configure services specific to it. Afterwards, return here and proceed to Configure the metadata agent.
Networking Option 1: Provider networks
其余大写全部替换为redhat 即密码
注意事项将PROVIDER_INTERFACE_NAME替换为controller可以上外网的网卡名
Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables
To enable networking bridge support, typically the br_netfilter kernel module needs to be loaded. Check your operating system’s documentation for additional details on enabling this module.
看到以上说明 即需要手动加载模块
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# lsmod | grep br_netfilter
Networking service compute上进行
https://docs.openstack.org/neutron/queens/install/compute-install-rdo.html
Ensure your Linux operating system kernel supports network bridge filters by verifying all the following sysctl values are set to 1:
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables
To enable networking bridge support, typically the br_netfilter kernel module needs to be loaded. Check your operating system’s documentation for additional details on enabling this module.
看到以上说明 即需要手动加载模块
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# lsmod | grep br_netfilter
测试地址 controller上测试
https://docs.openstack.org/neutron/queens/install/verify.html
https://docs.openstack.org/neutron/queens/install/verify-option1.html
Install and configure a compute node for Red Hat Enterprise Linux and CentOS compute上进行
https://docs.openstack.org/nova/queens/install/compute-install-rdo.html
扫一扫
1693
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
