当前位置:文档之家› centos7安装配置openstack-kilo(详细部署实施版)

centos7安装配置openstack-kilo(详细部署实施版)

######################################安装service之前#####################1.安装openstack-selinux和SQL数据库RHEL and CentOS enable SELinux by default. Install the openstack-selinux package toautomatically manage security policies for OpenStack services:yum install openstack-selinuxyum install mariadb mariadb-server MySQL-python2.配置mariadb:Create and edit the /etc/my.cnf.d/mariadb_openstack.cnf file[mysqld]bind-address = 192.168.142.13 [mysqld]default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = 'SET NAMES utf8'character-set-server = utf83.重启服务systemctl enable mariadb.servicesystemctl start mariadb.service4.加强mariadb数据库安全,这是root账户密码 mysql_secure_installation5.安装信息队列 yum install rabbitmq-server6.启动和配置rabbitmq服务 systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service7.在MQ中添加openstack 用户(密码:openstack) rabbitmqctl add_user openstack openstack 为openstack用户配置read,write权限 rabbitmqctl set_permissions openstack ".*" ".*" ".*"###############################################################################################安装配置keystone############################1.安装keystone之前需要新建一个keystone数据库,同时设置初始administrator tokenmysql -u root -p创建database:CREATE DATABASE keystone;设置 keystone database的访问权限:GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';手动生成administrator token:openssl rand -hex 107f5f1f6b6ab54bad78f62.安装keystone相关的packages,kilo版本不在使用eventlet而是采用mod_wsgi来提供keystone服务.因此在kilo中,keystone服务是不会启动的 yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached3.启动Memcached服务 systemctl enable memcached.service systemctl start memcached.service4.配置 /etc/keystone/keystone.conf 文件[DEFAULT]admin_token = 7f5f1f6b6ab54bad78f6verbose = Truedebug = True[database]connection = mysql://keystone:KEYSTONE_DBPASS@ceph3/keystone[memcache]servers = localhost:11211[token]provider = keystone.token.providers.uuid.Providerdriver = keystone.token.persistence.backends.memcache.Token[revoke]driver = keystone.contrib.revoke.backends.sql.Revoke设置命令:sed '/#admin_token = ADMIN/a admin_token = 7f5f1f6b6ab54bad78f6' -i /etc/keystone/keystone.confsed '/#admin_token = ADMIN/a debug = True' -i /etc/keystone/keystone.confsed '/#admin_token = ADMIN/a verbose = True' -i /etc/keystone/keystone.confsed '/#connection = <None>/a connection = mysql://keystone:KEYSTONE_DBPASS@controller/keystone' -i /etc/keystone/keystone.confsed -i '/\[token\]¥/a provider = keystone.token.providers.uuid.Provider' /etc/keystone/keystone.confsed -i '/\[token\]¥/a driver = keystone.token.persistence.backends.memcache.Token' /etc/keystone/keystone.confsed -i '/\[revoke\]¥/a driver = keystone.contrib.revoke.backends.sql.Revoke' /etc/keystone/keystone.conf5.同步keystone数据库 su -s /bin/sh -c "keystone-manage db_sync" keystone #修改keystone.conf文件之后需要重新同步数据库,否则数据库操作失败6. 配置Apache HTTP serverEdit the /etc/httpd/conf/httpd.conf file :ServerName ceph3Create the /etc/httpd/conf.d/wsgi-keystone.conf and edit:Listen 5000Listen 35357<VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /var/www/cgi-bin/keystone/main WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On LogLevel info ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined</VirtualHost><VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /var/www/cgi-bin/keystone/admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On LogLevel info ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined</VirtualHost>7.创建配置keystone WSGI components: mkdir -p /var/www/cgi-bin/keystone curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo|tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin更改权限:chown -R keystone:keystone /var/www/cgi-bin/keystonechmod 755 /var/www/cgi-bin/keystone/*8.完成安装,启动apache httpdsystemctl enable httpd.servicesystemctl start httpd.service9.创建keystone service,任何与keystone的交互都要token认证,但是此时keystone本身的service还没用建立起来,此时需要手工赋值token和service的URL export OS_TOKEN=7f5f1f6b6ab54bad78f6 export OS_URL=http://ceph3:35357/v2.0创建keystone service: openstack service create --name keystone --description "OpenStack Identity" identity10.创建keystone 的service endpoint openstack endpoint create --publicurl http://ceph3:5000/v2.0 --internalurl http://ceph3:5000/v2.0 --adminurl http://ceph3:35357/v2.0 --region RegionOne identity11.创建admin project  openstack project create --description "Admin Project" admin12.创建admin 用户 openstack user create --password-prompt admin13.创建admin role openstack role create admin14,将admin role添加到admin 项目和用户中 openstack role add --project admin --user admin admin15,创建一个service项目,用于后面包括各个openstack组件的service用户 openstack project create --description "Service Project" service16.创建一个普通项目和用户,该用户不具有admin权限 openstack project create --description "Demo Project" demo openstack user create --password-prompt demo17.为demo用户创建一个user角色 openstack role create user18.将demo角色添加到demo项目和用户中 openstack role add --project demo --user demo user19.编辑admin用户的openrc文件export OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=adminexport OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://ceph3:35357/v320.编辑demo用户的demorc文件export OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=demoexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://ceph3:5000/v3######################################################################################安装配置glance####################################3glance暂时使用file backend模式,images存储在 /var/lib/glance/images/目录下1.创建glance数据库并授权访问CREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';2.在keystone中创建glance用户openstack user create --password-prompt glance3.为glance用户添加admin角色openstack role add --project service --user glance admin 4.创建glance service entryopenstack service create --name glance --description "openstack image service" image5.创建glance service endpoint openstack endpoint create --publicurl http://ceph3:9292 --internalurl http://ceph3:9292 --adminurl http://ceph3:9292 --region RegionOne image6.安装glance yum install openstack-glance python-glance python-glanceclient7.配置 /etc/glance/glance-api.conf文件[database]connection = mysql://glance:GLANCE_DBPASS@ceph3/glance[keystone_authtoken]auth_uri = http://ceph3:5000auth_url = http://ceph3:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystone[glance_store]default_store = filefilesystem_store_datadir = /var/lib/glance/images/[DEFAULT]notification_driver = noopverbose = Truedebug = True配置命令:sed '/\[DEFAULT\]¥/a debug = True' -i glance-api.confsed '/\[DEFAULT\]¥/a verbose = True' -i glance-api.confsed '/\[DEFAULT\]¥/a notification_driver = noop' -i glance-api.confsed '/\[database\]¥/a connection = mysql://glance:GLANCE_DBPASS@ceph3/glance' -i glance-api.confsed '/\[paste_deploy\]¥/a flavor = keystone' -i glance-api.confsed -e '/\[glance_store\]¥/a default_store = file' -e '/\[glance_store\]¥/a filesystem_store_datadir = /var/lib/glance/images/' -i glance-api.confsed '/\[keystone_authtoken\]¥/a auth_uri = http://ceph3:5000\nauth_url = http://ceph3:35357\nauth_plugin = password\nproject_domain_id = default\nuser_domain_id = default\nproject_name = service\nusername = glance\npassword = glance ' -i glance-api.conf8.配置 /etc/glance/glance-registry.conf 文件[database]connection = mysql://glance:GLANCE_DBPASS@ceph3/glance[keystone_authtoken]auth_uri = http://ceph3:5000auth_url = http://ceph3:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystone[DEFAULT]notification_driver = noopverbose = Truedebug = True配置命令:sed '/\[DEFAULT\]¥/a debug = True\nverbose = True\nnotification_driver = noop' -i glance-registry.confsed '/\[database\]¥/a connection = mysql://glance:GLANCE_DBPASS@ceph3/glance' -i glance-registry.confsed '/\[paste_deploy\]¥/a flavor = keystone' -i glance-registry.confsed '/\[keystone_authtoken\]¥/a auth_uri = http://ceph3:5000\nauth_url = http://ceph3:35357\nauth_plugin = password\nproject_domain_id = default\nuser_domain_id = default\nproject_name = service\nusername = glance\npassword = glance ' -i glance-registry.conf9.同步数据库 su -s /bin/sh -c "glance-manage db_sync" glance10.启动glance服务 systemctl enable openstack-glance-api.service openstack-glance-registry.service systemctl start openstack-glance-api.service openstack-glance-registry.service11.设置image API版本 echo "export OS_IMAGE_API_VERSION=2" | tee -a openrc demorc12.download cirros image and create image wget -P /tmp/images http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img glance image-create --name "cirros-0.3.4-x86_64" --file /tmp/images/cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress#########################################################################################################安装配置Nova #############################################1.创建数据库并设置访问权限create database nova;GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';2.创建Nova用户,服务和endpointopenstack user create --password-prompt novaopenstack service create --name nova --description "openstack compute" computeopenstack role add --project service --user nova adminopenstack endpoint create --publicurl http://ceph3:8774/v2/%\(tenant_id\)s --internalurl http://ceph3:8774/v2/%\(tenant_id\)s --adminurl http://ceph3:8774/v2/%\(tenant_id\)s --region RegionOne compute3.安装nova yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient4.配置 /etc/nova/nova.conf file[database]connection = mysql://nova:NOVA_DBPASS@ceph3/nova[DEFAULT]rpc_backend = rabbitauth_strategy = keystonemy_ip = 192.168.142.13vncserver_listen = 192.168.142.13vncserver_proxyclient_address = 192.168.142.13verbose = Truedebug = True[oslo_messaging_rabbit]rabbit_host = ceph3rabbit_userid = openstackrabbit_password = openstack[keystone_authtoken]auth_uri = http://ceph3:5000auth_url = http://ceph3:35357auth_plugin = passwordproject_domain_id = defaultuser_domain_id = defaultproject_name = serviceusername = novapassword = nova[glance]host = ceph3[oslo_concurrency]lock_path = /var/lib/nova/tmp配置命令:sed '/\[DEFAULT\]¥/a debug = True\nverbose = True\nrpc_backend = rabbit\nauth_strategy = keystone\nmy_ip = 192.168.142.13\nvncserver_listen = 192.168.142.13\nvncserver_proxyclient_address = 192.168.142.13' -i /etc/nova/nova.conf sed '/\[database\]¥/a connection = mysql://nova:NOVA_DBPASS@ceph3/nova' -i /etc/nova/nova.confsed '/\[keystone_authtoken\]¥/a auth_uri = http://ceph3:5000\nauth_url = http://ceph3:35357\nauth_plugin = password\nproject_domain_id = default\nuser_domain_id = default\nproject_name = service\nusername = nova\npassword = nova ' -i /etc/nova/nova.conf sed '/\[oslo_messaging_rabbit\]¥/a rabbit_host = ceph3\nrabbit_userid = openstack\nrabbit_password = openstack' -i /etc/nova/nova.conf sed '/\[glance\]/a host = ceph3' -i /etc/nova/nova.confsed '/\[oslo_concurrency\]¥/a lock_path = /var/lib/nova/tmp' -i /etc/nova/nova.conf5.同步数据库 su -s /bin/sh -c "nova-manage db sync" nova6.启动服务 systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service7.安装nova-compute,此处将nova-compute 安装到controller节点上。

相关主题

相关文档推荐: