Centos7上部署openstack mitaka配置详解(将疑难点都进行划分)
Centos7上部署openstack mitaka配置详解(将疑难点都进行划分)
在配置openstack项目时很多人认为到处是坑,特别是新手,一旦进坑没有人指导,身体将会感觉一次次被掏空,作为菜鸟的我也感同身受,因为已经被掏空n次了。
以下也是我将整个openstack配置过程进行汇总,并对难点进行分析,希望对您们有所帮助,如果在配置过程中有疑问,也可以进行留言。
尝试自己配置前可阅读《菜鸟帮你跳过openstack配置过程中的坑http://www.cnblogs.com/yaohong/p/7352386.html》。
同时如果不想一步步安装,可以执行安装脚本:http://www.cnblogs.com/yaohong/p/7251852.html
一:环境
1.1主机网络
- 系统版本 CentOS7
- 控制节点: 1 处理器, 4 GB 内存, 及5 GB 存储
- 计算节点: 1 处理器, 2 GB 内存, 及10 GB 存储
说明:
1:以CentOS7为镜像,安装两台机器(怎样安装详见http://www.cnblogs.com/yaohong/p/7240387.html)并注意配置双网卡和控制两台机器的内存。
2:修改机器主机名分别为:controller和compute1
#hostnamectl set-hostname hostname
3:编辑controller和compute1的 /etc/hosts 文件
#vi /etc/hosts
4:验证
采取互ping以及ping百度的方式
1.2网络时间协议(NTP)
[控制节点安装NTP]
NTP主要为同步时间所用,时间不同步,可能造成你不能创建云主机
#yum install chrony(安装软件包)
#vi /etc/chrony.conf增加
server NTP_SERVER iburst
allow 你的ip地址网段 (可以去掉,指代允许你的ip地址网段可以访问NTP)
#systemctl enable chronyd.service (设置为系统自启动)
#systemctl start chronyd.service (启动NTP服务)
[计算节点安装NTP]
# yum install chrony
#vi /etc/chrony.conf`` 释除``server`` 值外的所有内容。修改它引用控制节点:server controller iburst
# systemctl enable chronyd.service (加入系统自启动)
# systemctl start chronyd.service (启动ntp服务)
[验证NTP]
控制节点和计算节点分别执行#chronyc sources,出现如下
1.3Openstack包
[openstack packages安装在控制和计算节点] 安装openstack最新的源: #yum install centos-release-openstack-mitaka #yum install https://repos.fedorapeople.org/repos/openstack/openstack-mitaka/rdo-release-mitaka-6.noarch.rpm #yum upgrade (在主机上升级包) #yum install python-openstackclient (安装opentack必须的插件) #yum install openstack-selinux (可选则安装这个插件,我直接关闭了selinux,因为不熟,对后续不会有影响)
1.4SQL数据库
安装在控制节点,指南中的步骤依据不同的发行版使用MariaDB或 MySQL。OpenStack 服务也支持其他 SQL 数据库。 #yum install mariadb mariadb-server MySQL-python #vi /etc/mysql/conf.d/mariadb_openstack.cnf 加入: [mysqld] bind-address = 192.168.1.73 (安装mysql的机器的IP地址,这里为controller地址) default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci character-set-server = utf8 #systemctl enable mariadb.service (将数据库服务设置为自启动) #systemctl start mariadb.service (将数据库服务设置为开启) 设置mysql属性: #mysql_secure_installation (此处参照http://www.cnblogs.com/yaohong/p/7352386.html,中坑一)
1.5消息队列
消息队列在openstack整个架构中扮演着至关重要(交通枢纽)的作用,正是因为openstack部署的灵活性、模块的松耦合、架构的扁平化,反而使openstack更加依赖于消息队列(不一定使用RabbitMQ,
可以是其他的消息队列产品),所以消息队列收发消息的性能和消息队列的HA能力直接影响openstack的性能。如果rabbitmq没有运行起来,你的整openstack平台将无法使用。rabbitmq使用5672端口。 #yum install rabbitmq-server #systemctl enable rabbitmq-server.service(加入自启动) #systemctl start rabbitmq-server.service(启动) #rabbitmqctl add_user openstack RABBIT_PASS (增加用户openstack,密码自己设置替换掉RABBIT_PASS) #rabbitmqctl set_permissions openstack ".*" ".*" ".*" (给新增的用户授权,没有授权的用户将不能接受和传递消息)
1.6Memcached
memcache为选择安装项目。使用端口11211 #yum install memcached python-memcached #systemctl enable memcached.service #systemctl start memcached.service
二:认证服务
[keystone认证服务] 注意:在之前需要设置好hosts解析,控制节点和计算节点都要做。我的为: 192.168.1.73 controller 192.168.1.74compute1
2.1安装和配置
登录数据库创建keystone数据库。 #mysql -u root -p #CREATE DATABASE keystone; 设置授权用户和密码: #GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ IDENTIFIED BY '密码'; #GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY '密码'; 生成admin_token的随机值: # openssl rand -hex 10 安全并配置组件 #yum install openstack-keystone httpd mod_wsgi #vi /etc/keystone/keystone.conf 使用刚刚生成的随机值替换掉[DEFAULT]中的 #admin_token = 随机值 (主要为安全,也可以不用替换) 配置数据库连接
[database]
connection = mysql+pymysql://keystone:密码@controller/keystone provider = fernet 初始化身份认证服务的数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone(一点要查看数据库是否生成表成功) 初始化keys: #keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone 配置apache: #vi /etc/httpd/conf/httpd.conf 将ServerName 后面改成主机名,防止启动报错 ServerName controller 生成wsgi配置文件: #vi /etc/httpd/conf.d/wsgi-keystone.conf加入:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>启动httpd: #systemctl enable httpd.service #systemctl start httpd.service
2.2创建服务实体和API端点
#export OS_TOKEN=上面生成的随机值 #export OS_URL=http://controller:35357/v3 #export OS_IDENTITY_API_VERSION=3 创建keystone的service: #openstack service create --name keystone --description "OpenStack Identity" identity (identity这个认证类型一定不可以错) 创建keystone的endpoint: #openstack endpoint create --region RegionOne \ identity public http://controller:5000/v3 #openstack endpoint create --region RegionOne \ identity internel http://controller:5000/v3 #openstack endpoint create --region RegionOne \ identity admin http://controller:35357/v3
2.3创建域、项目、用户和角色
创建默认域default: openstack domain create --description "Default Domain" default 创建admin的租户: #openstack project create --domain default \ --description "Admin Project" admin
创建admin用户: #openstack user create --domain default \ --password-prompt admin(会提示输入密码为登录dashboard的密码) 创建admin角色: #openstack role create admin 将用户租户角色连接起来: #openstack role add --project admin --user admin admin 创建服务目录: #openstack project create --domain default \ --description "Service Project" service 创建demo信息类似admin: #openstack project create --domain default \ --description "Demo Project" demo #openstack user create --domain default \ --password-prompt demo #openstack role create user #openstack role add --project demo --user demo user
2.4验证
作为 admin 用户,请求认证令牌: #openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue 输入密码之后,有正确的输出即为配置正确。
作为``demo`` 用户,请求认证令牌:
#openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
2.5创建 OpenStack 客户端环境脚本
可将环境变量设置为脚本: #vi admin-openrc 加入:
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
#vi demo-openrc 加入: export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=123456 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 运行使用 #. admin-openrc或者使用#source admin-openrc 验证输入命令: openstack token issue 有正确的输出即为配置正确。
三:镜像服务
3.1安装配置
建立glance数据 登录mysql #mysql -u root -p #CREATE DATABASE glance; 授权 #GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY '密码'; #GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY '密码'; 运行环境变量: #. admin-openrc 创建glance用户信息: openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin 创建镜像服务目录: #openstack service create --name glance \ --description "OpenStack Image" image 创建镜像endpoint: #penstack endpoint create --region RegionOne \ image public http://controller:9292 #penstack endpoint create --region RegionOne \ image internal http://controller:9292 #penstack endpoint create --region RegionOne \ image admin http://controller:9292 安装: #yum install openstack-glance #vi /etc/glance/glance-api.conf 配置数据库连接: connection = mysql+pymysql://glance:密码@controller/glance 找到[keystone_authtoken](配置认证) 加入: auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = xxxx 找到[paste_deploy] flavor = keystone 找到[glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ #vi /etc/glance/glance-registry.conf 找到[database] connection = mysql+pymysql://glance:密码@controller/glance 找到[keystone_authtoken](配置认证) 加入: auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = xxxx 找到:[paste_deploy] flavor = keystone 同步数据库: #su -s /bin/sh -c "glance-manage db_sync" glance 启动glance: #systemctl enable openstack-glance-api.service \ openstack-glance-registry.service systemctl start openstack-glance-api.service \ openstack-glance-registry.service
3.2验证
运行环境变量: #. admin-openrc 下载一个比较小的镜像: #wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img 上传镜像: #openstack image create "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public 查看: #openstack image list 有输出 证明glance配置正确
四:计算服务
4.1安装并配置控制节点
建立nova的数据库: #mysql -u root -p #CREATE DATABASE nova_api; #CREATE DATABASE nova; 授权: #GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY '密码'; #GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY '密码'; #GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY '密码'; #GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY '密码'; 运行环境变量: #. admin-openrc 创建nova用户: #openstack user create --domain default \ --password-prompt nova #openstack role add --project service --user nova admin 创建计算服务: #openstack service create --name nova \ --description "OpenStack Compute" compute 创建endpoint: #openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1/%\(tenant_id\)s #openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1/%\(tenant_id\)s #openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1/%\(tenant_id\)s 安装: #yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler #vi /etc/nova/nova.conf 找到:[DEFAULT] enabled_apis = osapi_compute,metadata 找到[api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = xxx [DEFAULT] my_ip = ip地址 [DEFAULT] use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp 同步数据库: #nova-manage api_db sync #nova-manage db sync 启动服务: #systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service # systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
4.2安装并配置计算节点
#yum install openstack-nova-compute #vi /etc/nova/nova.conf [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = xxx [DEFAULT] auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = xxx [DEFAULT] my_ip =计算节点ip地址 [DEFAULT] use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp 注意: egrep -c '(vmx|svm)' /proc/cpuinfo 如果为0则需要修改/etc/nova/nova.conf [libvirt] virt_type = qemu 为大于0则不需要 启动: systemctl enable libvirtd.service openstack-nova-compute.service systemctl start libvirtd.service openstack-nova-compute.service
4.3验证
在控制节点验证: 运行环境变量: #. admin-openrc #openstack compute service list 输出正常即为配置正确
五:Networking服务
5.1安装并配置控制节点
创建neutron数据库 #mysql -u root -p #CREATE DATABASE neutron; #GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; #GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS'; 运行环境变量: #. admin-openrc 创建用户: #openstack user create --domain default --password-prompt neutron #openstack role add --project service --user neutron admin 创建网络服务: #openstack service create --name neutron \ --description "OpenStack Networking" network 创建neutron endpoint #openstack endpoint create --region RegionOne \ network public http://controller:9696 #openstack endpoint create --region RegionOne \ network internal http://controller:9696 #openstack endpoint create --region RegionOne \ network admin http://controller:9696 创建vxlan网络: #yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables #vi /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:密码@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = True [DEFAULT] rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [DEFAULT] auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = xxxx [DEFAULT] notify_nova_on_port_status_changes = True notify_nova_on_port_data_changes = True [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = xxxx [oslo_concurrency] lock_path = /var/lib/neutron/tmp 配置ml2扩展: #vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = True 配置网桥: #vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:使用的网卡名称 [vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 配置3层网络: #vi /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver 配置dhcp: #vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True 配置metadata agent #vi /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET #vi /etc/nova/nova.conf [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = xxxx service_metadata_proxy = True metadata_proxy_shared_secret = METADATA_SECRET 创建扩展连接: ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 启动: #systemctl restart openstack-nova-api.service #systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service #systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service # systemctl enable neutron-l3-agent.service #systemctl start neutron-l3-agent.service
5.2安装并配置计算节点
#yum install openstack-neutron-linuxbridge ebtables ipset #vi /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = xxxx [oslo_concurrency] lock_path = /var/lib/neutron/tmp 配置vxlan #vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME [vxlan] enable_vxlan = True local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver #vi /etc/nova/nova.conf [neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = xxxx 启动: #systemctl restart openstack-nova-compute.service #systemctl enable neutron-linuxbridge-agent.service #systemctl enable neutron-linuxbridge-agent.service
5.3验证
运行环境变量: #. admin-openrc #neutron ext-list 输出正常即可
六:Dashboard
6.1配置
#yum install openstack-dashboard #vi /etc/openstack-dashboard/local_settings OPENSTACK_HOST = "controller" ALLOWED_HOSTS = ['*', ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 2, } OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" 启动: #systemctl restart httpd.service memcached.service
6.2登录
在网页上输入网址http://192.168.1.73/dashboard/auth/login
域:default
用户名:admin或者demo
密码:自己设置的
登录后会发现出现一下页面:此处可看http://www.cnblogs.com/yaohong/p/7352386.html中的坑四。
按照坑四解决后会出现一下页面,就可以玩了,但如果是笔记本会运行非常慢,等有了服务器继续玩吧!!
本文网址:http://www.cnblogs.com/yaohong/p/7368297.html
配置完后可尝试已经写好的脚本一键安装模式:http://www.cnblogs.com/yaohong/p/7251852.html