OpenStack安装布署

一、基本准备工作

布署自然环境：CentOS 7 64

1、关掉本地iptables防火墙并设定开机不自动运行

# systemctl stop firewalld.service# systemctl disable firewalld.service

2、关掉当地selinux防火墙

# vim /etc/sysconfig/selinux SELINUX=disabled# setenforce 0

3、设定服务器计算机名称

# hostnamectl set-hostname controller

4、当地服务器名字和ip的分析

# vim /etc/hosts192.168.0.104 controller

5、安装ntp时间校对专用工具

# yum -y install ntp# ntpdate asia.pool.ntp.org

6、安装第三方yum源

# yum -y install yum-plugin-priorities# yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm	# yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm

7、在线升级程序包并再次系统软件

# yum upgrade# reboot

二、安装配备mariadb数据库

1、安装mariadb数据库

# yum -y install mariadb mariadb-server MySQL-python

2、配置mariadb数据库

# cp /etc/my.cnf /etc/my.cnf.bak# rpm -ql mariadb# vim /etc/my.cnf.d/server.cnf[mysqld]bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = \'SET NAMES utf8\'character-set-server = utf8

3、运行mariadb数据库

# systemctl enable mariadb.service# systemctl start mariadb.service

三、安装线程池服务项目

1、安装rabbit需要程序包

# yum -y install rabbitmq-server

2、运行rabbit服务项目

# systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service

3、设定rabbit服务密码

# rabbitmqctl change_password guest rabbit

四、安装keyston用户认证部件

1、建立keystone数据库和受权客户

mysql -u root -p
CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO \'keystone\'@\'localhost\' IDENTIFIED BY \'keystone\';GRANT ALL PRIVILEGES ON keystone.* TO \'keystone\'@\'%\' IDENTIFIED BY \'keystone\';

2、安装keystone部件包

# yum -y install openstack-utils openstack-keystone python-keystoneclient

3、配备keystone文档

# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak# vim /etc/keystone/keystone.conf [DEFAULT]verbose = True[database]connection = mysql://keystone:keystone@controller/keystone[token]provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token

4、建立资格证书和密匙文档

# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /var/log/keystone# chown -R keystone:keystone /etc/keystone/ssl# chmod -R o-rwx /etc/keystone/ssl

5、同歩keystone到mariadb数据库

# su -s /bin/sh -c \"keystone-manage db_sync\" keystone

6、运行keystone服务项目并开机自动运行

# systemctl enable openstack-keystone.service# systemctl start openstack-keystone.service

7、消除到期的动态口令

默认设置状况下，真实身份服务项目储存在数据库中到期的动态口令无尽。期满动态口令的累积大大增加数据库的尺寸，很有可能会减少服务项目的特性，特别是在資源不足的条件中。大家我们建议您应用cron配备一个规律性每日任务，消除到期的动态口令时

# (crontab -l -u keystone 2>&1 | grep -q token_flush) || 
  echo \'@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1\'   >> /var/spool/cron/keystone

—————————-Create tenants,user,and roles———————————

1、配备admin的token

# export OS_SERVICE_TOKEN=$(openssl rand -hex 10)# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0# echo $OS_SERVICE_TOKEN > ~/ks_admin_token# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  $OS_SERVICE_TOKEN# service openstack-keystone restart

2、建立tenant、user and role

a.Create the admin tenant、user、role# keystone tenant-create --name admin --description \"Admin Tenant\"# keystone user-create --name admin --pass admin --email admin@zhengyansheng.com# keystone role-create --name adminb.Add the admin tenant and user to the admin role:# keystone user-role-add --tenant admin --user admin --role adminc.By default, the dashboard limits access to users with the _member_ role.# keystone role-create --name _member_d.Add the admin tenant and user to the _member_ role:# keystone user-role-add --tenant admin --user admin --role _member_

3、创建一个一般demo新项目和客户

a.Create the demo tenant:# keystone tenant-create --name demo --description \"Demo Tenant\"b.Create the demo user:# keystone user-create --name demo --pass demo --email demo@zhengyansheng.comc.Add the demo tenant and user to the _member_ role:# keystone user-role-add --tenant demo --user demo --role _member_

4、创建一个service项目

# keystone tenant-create --name service --description \"Service Tenant\"

————————Create the service entity and API endpoint————————

1、Create the service entity and API endpoint | Create the service entity for the Identity service:

# keystone service-create --name keystone --type identity --description \"OpenStack Identity\"

2、Create the API endpoint for the Identity service:

# keystone endpoint-create --service-id $(keystone service-list | awk \'/ identity / {print $2}\') 
--publicurl http://controller:5000/v2.0 
--internalurl http://controller:5000/v2.0 
--adminurl http://controller:35357/v2.0 
--region regionOne

3、查询keystone验证信息内容

[root@controller ~]# keystone user-list ---------------------------------- ------- --------- ------------------------- |                id                |  name | enabled |          email          | ---------------------------------- ------- --------- ------------------------- | 7053cfacc4b047dcabe82f6be0e5dc77 | admin |   True  | admin@zhengyansheng.com || eea569106329465996e9e09a666838bd |  demo |   True  |  demo@zhengyansheng.com | ---------------------------------- ------- --------- ------------------------- [root@controller ~]# keystone tenant-list ---------------------------------- --------- --------- |                id                |   name  | enabled | ---------------------------------- --------- --------- | 307fd76766eb4b02a28779f4e88717ce |  admin  |   True  || f054bd56851b4a318a19233a13e13d31 |   demo  |   True  || d865c3b49f6f4bf7b2a0b93e0110e546 | service |   True  | ---------------------------------- --------- --------- [root@controller ~]# keystone service-list ---------------------------------- ---------- ---------- -------------------- |                id                |   name   |   type   |    description     | ---------------------------------- ---------- ---------- -------------------- | 9754f7bdf78c4000875f1aa5f3291b19 | keystone | identity | OpenStack Identity | ---------------------------------- ---------- ---------- -------------------- [root@controller ~]# keystone endpoint-list ---------------------------------- ----------- ----------------------------- ----------------------------- ------------------------------ ---------------------------------- 	|                id                |   region  |          publicurl          |         internalurl         |           adminurl           |            service_id            |
	 ---------------------------------- ----------- ----------------------------- ----------------------------- ------------------------------ ---------------------------------- 	| 6831d6708fe4469fa653b9b5adf801d9 | regionOne | http://controller:5000/v2.0 | http://controller:5000/v2.0 | http://controller:35357/v2.0 | 9754f7bdf78c4000875f1aa5f3291b19 |
	 ---------------------------------- ----------- ----------------------------- ----------------------------- ------------------------------ ---------------------------------- 

4、撤销临时性设定的系统变量

# unset OS_SERVICE_TOKEN # unset OS_SERVICE_ENDPOINT

5、应用keystone开展用户认证

# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 tenant-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 user-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 role-list

6、应用本地用户demo验证检测

# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 user-listYou are not authorized to perform the requested action: admin_required (HTTP 403)

7、手机客户端cli命令脚本制作

# vim ~/admin-openrc.sh export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://controller:35357/v2.0

# vim ~/demo-openrc.shexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://controller:5000/v2.0

# source admin-openrc.sh

8、检测假如撤销系统变量，根据keystone依然可以验证根据表明keystone是配置取得成功的

四、安装glance部件

1、创建keystone数据库查询和受权用户

mysql -u root -p
CREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO \'glance\'@\'localhost\' IDENTIFIED BY \'glance\';GRANT ALL PRIVILEGES ON glance.* TO \'glance\'@\'%\' IDENTIFIED BY \'glance\';

2、创建glance用户并添加到admin组中

# keystone user-create --name glance --pass glance# keystone user-role-add --user glance --tenant service --role admin

3、创建glance服务

# keystone service-create --name glance --type image --description \"OpenStack Image Service\"

4、创建Identity的服务浏览rul

# keystone endpoint-create --service-id $(keystone service-list | awk \'/ image / {print $2}\') 
--publicurl http://controller:9292 
--internalurl http://controller:9292 
--adminurl http://controller:9292 
--region regionOne

5、安装配置glance包

# yum -y install openstack-glance python-glanceclient

6、改动glance配置文档

# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak# vim /etc/glance/glance-api.conf[DEFAULT] verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = serviceadmin_user = glance
admin_password = glance[paste_deploy]flavor = keystone[glance_store]default_store = filefilesystem_store_datadir = /var/lib/glance/images/

# cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak# vim /etc/glance/glance-registry.conf[DEFAULT]verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = serviceadmin_user = glance
admin_password = glance 

[paste_deploy]flavor = keystone

7、同歩glance到mariadb数据库

# su -s /bin/sh -c \"glance-manage db_sync\" glance

8、运行和开机自启动

# systemctl enable openstack-glance-api.service openstack-glance-registry.service# systemctl start openstack-glance-api.service openstack-glance-registry.service

9、免费下载提交image镜像文件

# mkdir /tmp/images# cd /tmp/images# wget http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img# glance image-create --name \"cirros-0.3.3-x86_64\" --file cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress# glance image-list# mv /tmp/images /opt

五、加上一个测算连接点

1、创建nova数据库查询和受权用户

mysql -u root -p
CREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO \'nova\'@\'localhost\' IDENTIFIED BY \'nova\';GRANT ALL PRIVILEGES ON nova.* TO \'nova\'@\'%\' IDENTIFIED BY \'nova\';

2、创建Nova的用户，添加到admin组、service服务

# keystone user-create --name nova --pass nova# keystone user-role-add --user nova --tenant service --role admin# keystone service-create --name nova --type compute --description \"OpenStack Compute\"

3、创建测算连接点的浏览url

# keystone endpoint-create --service-id $(keystone service-list | awk \'/ compute / {print $2}\') 
--publicurl http://controller:8774/v2/%(tenant_id)s 
--internalurl http://controller:8774/v2/%(tenant_id)s 
--adminurl http://controller:8774/v2/%(tenant_id)s 
--region regionOne

4、安装Nova包

# yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient# yum -y install openstack-nova-compute sysfsutils

5、改动nova配置文档

# cp /etc/nova/nova.conf /etc/nova/nova.conf.bak# vim /etc/nova/nova.conf[DEFAULT]my_ip = controller
vncserver_listen = controller
vncserver_proxyclient_address = controller
verbose = True
rpc_backend = rabbit
rabbit_host = controller
rabbit_password = rabbit
auth_strategy = keystone
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = controller
novncproxy_base_url = http://controller:6080/vnc_auto.html[database]connection = mysql://nova:nova@controller/nova[keystone_authtoken]auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = serviceadmin_user = nova
admin_password = nova[glance]host = controller[libvirt]virt_type = qemu

6、同歩nova到moriadb数据库

# su -s /bin/sh -c \"nova-manage db sync\" nova

7、运行诸多服务开机自启动

# systemctl enable openstack-nova-api.service openstack-nova-cert.service 
  openstack-nova-consoleauth.service openstack-nova-scheduler.service 
  openstack-nova-conductor.service openstack-nova-novncproxy.service# systemctl start openstack-nova-api.service openstack-nova-cert.service 
  openstack-nova-consoleauth.service openstack-nova-scheduler.service 
  openstack-nova-conductor.service openstack-nova-novncproxy.service  
# systemctl enable libvirtd.service openstack-nova-compute.service# systemctl start libvirtd.service# systemctl start openstack-nova-compute.service# nova service-list# nova image-list

六、加上一个网络节点

1、创建neutron数据库查询和受权用户

mysql -u root -p
CREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO \'neutron\'@\'localhost\' IDENTIFIED BY \'neutron\';GRANT ALL PRIVILEGES ON neutron.* TO \'neutron\'@\'%\' IDENTIFIED BY \'neutron\';

2、创建neutron用户，添加到admin组中，并创建neutron服务

# keystone user-create --name neutron --pass neutron# keystone user-role-add --user neutron --tenant service --role admin# keystone service-create --name neutron --type network --description \"OpenStack Networking\"

3、创建neutron的endponit访问url

# keystone endpoint-create --service-id $(keystone service-list | awk \'/ image / {print $2}\') 
--publicurl http://controller:5672 
--internalurl http://controller:5672 
--adminurl http://controller:5672 
--region regionOne

4、安裝neutron包

# yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which

5、改动neutron配置文件

# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit
rabbit_host = controller
rabbit_password = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_admin_auth_url = http://controller:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = SERVICE_TENANT_ID
nova_admin_password = nova
verbose = True[database]connection = mysql://neutron:neutron@controller/neutron[keystone_authtoken]auth_uri = http://controller:5000/v2.0
identity_uri = http://controller:35357
admin_tenant_name = serviceadmin_user = neutron
admin_password = neutron

6、检测

# keystone tenant-get service

# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch[ml2_type_gre] tunnel_id_ranges = 1:1000[securitygroup] enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

# vim /etc/nova/nova.conf [DEFAULT]network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver[neutron]url = http://controller:9696
auth_strategy = keystone
admin_auth_url = http://controller:35357/v2.0
admin_tenant_name = serviceadmin_username = neutron
admin_password = neutron

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

7、同歩neutron到mariadb数据库

# su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno\" neutron

8、重启compute服务项目

# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service

9、开机自启动服务

# systemctl enable neutron-server.service# systemctl start neutron-server.service

10、查询neutron-server过程

# neutron ext-list

11、查询有关信息

# tail -f /var/log/neutron/server.log

12、配备核心互联网主要参数

# cp /etc/sysctl.conf /etc/sysctl.conf.bak# vim /etc/sysctl.conf net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0# sysctl -p

13、安裝互联网部件包

# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch

14、配备常见的互联网部件

# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2_type_flat] flat_networks = external 
[ovs] local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
enable_tunneling = True
bridge_mappings = external:br-ex 
[agent]tunnel_types = gre

# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak# vim /etc/neutron/l3_agent.ini[DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
external_network_bridge = br-ex 
verbose = True

# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak# vim /etc/neutron/dhcp_agent.ini [DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True 
verbose = True
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf

# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak# vim /etc/neutron/metadata_agent.ini[DEFAULT] auth_url = http://controller:5000/v2.0
auth_region = regionOne
admin_tenant_name = serviceadmin_user = neutron
admin_password = neutron
nova_metadata_ip = controller 
metadata_proxy_shared_secret = METADATA_SECRET 
verbose = True

# vim /etc/nova/nova.conf [neutron] service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET

15、在操纵连接点上重启API服务项目

# systemctl restart openstack-nova-api.service

七、安裝配备dashboard

1、安裝dashboard和需要的和依赖包

# yum install openstack-dashboard httpd mod_wsgi memcached python-memcached

2、改动dashboard环境变量

# cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak# vim /etc/openstack-dashboard/local_settingsOPENSTACK_HOST = \"controller\"ALLOWED_HOSTS = [\'*\']CACHES = {
	\'default\': {
		\'BACKEND\': \'django.core.cache.backends.memcached.MemcachedCache\',		\'LOCATION\': \'127.0.0.1:11211\',	}}TIME_ZONE = \"TIME_ZONE\"

3、运作web服务联接OpenStack服务项目

# setsebool -P httpd_can_network_connect on

4、因为包裝缺点，汽车仪表板不可以恰当载入CSS。运作下列指令来处理这个问题：

# chown -R apache:apache /usr/share/openstack-dashboard/static

5、运行Web服务端和对话储存服务项目和配备运行开机启动时：

# systemctl enable httpd.service memcached.service# systemctl start httpd.service memcached.service

八、浏览检测

1、根据HTTP开展浏览检测：

好啦，今日就先去这儿吧！