openstack mitaka 完整安装详细文档(亲测,花了3天时间)
openstack 官方文档安装
系统版本 centos7 (最小化安装即可)
2台机器 内存2g(控制节点建议可以给到4-6g,因为2g我试验起来感觉比较卡顿,dashboard感觉反应有些缓慢),cpu2个 硬盘100g,每台机器需要2个网卡,具体可以查看
说明:
下面是官方截图:
control节点安装mysql rabbitmq keystone glance nova dashboard neutron
compute节点安装 nova neutron
openstack官网 配置说明
openstack安装步骤:
1.[ntp安装]
ntp主要为同步时间所用,时间不同步,可能造成你不能创建云主机
yum install chrony
vi /etc/chrony.conf增加
server NTP_SERVER iburst
allow 你的ip地址网段(允许你的ip地址网段可以访问ntp)
systemctl enable chronyd.service(加入系统自启动)
systemctl start chronyd.service(启动ntp服务)
注意:在centos7以前的版本安装ntp
yum install ntp
ntpdate time.nist.gov(同步时钟)
hwclock -w (写入bios)
2.[openstack packages]
安装openstack最新的源:
yum install centos-release-openstack-mitaka
yum install https://rdoproject.org/repos/rdo-release.rpm
yum upgrade (更新源)
yum install python-openstackclient(安装opentack必须的插件)
yum install openstack-selinux(可选则安装这个插件,我直接关闭了selinux,因为不熟,对后续不会有影响)
3.[database]
openstack支持很多的数据库,MySQL or PostgreSQL等
这里我们使用mysql。
yum install mariadb mariadb-server python2-PyMySQL(mariadb是mysql的新版本而已,无需惊讶)
vi /etc/my.cnf
加入:
[mysqld]
bind-address = 192.168.1.48(安装mysql的机器的IP地址)
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8
将mysql加入自启动
systemctl enable mariadb.service
启动mysql
systemctl start mariadb.service
设置mysql属性:
直接输入脚本命令:
mysql_secure_installation
按照相关设置即可
注意:注意检查mysqld是否运行。3306端口是否起来
3.[rabbitmq]
安装openstack的消息使者rabbitmq,如果rabbitmq没有运行起来,你的整openstack平台将无法使用。rabbitmq使用5672端口。
yum install rabbitmq-server
systemctl enable rabbitmq-server.service(加入自启动)
systemctl start rabbitmq-server.service(启动)
rabbitmqctl add_user openstack RABBIT_PASS(增加用户openstack,密码自己设置替换掉RABBIT_PASS)
rabbitmqctl set_permissions openstack ".*" ".*" ".*"(给新增的用户授权,没有授权的用户将不能接受和传递消息)
4.[memcached]
memcache为选择安装项目。使用端口11211
yum install memcached python-memcached
systemctl enable memcached.service
systemctl start memcached.service
5.[keystone认证服务]
注意:在之前需要设置好hosts解析,控制节点和计算节点都要做。我的为:
192.168.1.48 control
192.168.1.49 compute
登录数据库创建keystone数据库。
mysql -u root -p
CREATE DATABASE keystone;
设置授权用户和密码:
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '密码';
生成admin_token的随机值:
openssl rand -hex 10
安装keystone
yum install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
使用刚刚生成的随机值替换掉:
admin_token = 随机值(主要为安全,也可以不用替换)
配置数据库连接:
connection = mysql+pymysql://keystone:密码@数据库ip地址/keystone
设置:provider = fernet、
同步keystone数据库:keystone-manage db_sync(一点要查看数据库是否生成表成功)
初始化keys:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置apache:
vi /etc/httpd/conf/httpd.conf
将ServerName 后面改成主机名,防止启动报错
ServerName control
生成wsgi配置文件:
vi /etc/httpd/conf.d/wsgi-keystone.conf加入:
Listen 5000
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
启动httpd:
systemctl enable httpd.service
systemctl start httpd.service
6.[创建keystone的service目录和endpoint]
export OS_TOKEN=上面生成的随机值
export OS_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3
创建keystone的service:
openstack service create --name keystone --description "OpenStack Identity" identity (identity这个认证类型一定不可以错)
创建keystone的endpoint:
openstack endpoint create --region RegionOne \
identity public http://control:5000/v3
openstack endpoint create --region RegionOne \
identity internel http://control:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://control:35357/v3
7.[创建域,用户,租户,角色]
创建默认域default:
openstack domain create --description "Default Domain" default
创建admin的租户:
openstack project create --domain default \
--description "Admin Project" admin
创建admin用户:
openstack user create --domain default \
--password-prompt admin(会提示输入密码为登录dashboard的密码)
创建admin角色:
openstack role create admin
将用户租户角色连接起来:
openstack role add --project admin --user admin admin
创建服务目录:
openstack project create --domain default \
--description "Service Project" service
创建demo信息类似admin:
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
创建完成之后可以使用命令验证:
openstack --os-auth-url http://control:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
输入密码之后,有正确的输出即为配置正确。
可将环境变量设置为脚本:
vi admin-openrc 加入:
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=xxxx
export OS_AUTH_URL=http://control:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
demo的变量类似即可。
运行使用 . admin-openrc或者使用source admin-openrc
验证输入命令:
openstack token issue
有正确的输出即为配置正确。
8.[glance镜像服务]
建立glance数据
登录mysql
mysql -u root -p
CREATE DATABASE glance;
授权
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '密码';
运行环境变量:
. admin-openrc
创建glance用户信息:
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
创建镜像服务目录:
openstack service create --name glance \
--description "OpenStack Image" p_w_picpath
创建镜像endpoint:
penstack endpoint create --region RegionOne \
p_w_picpath public http://control:9292
penstack endpoint create --region RegionOne \
p_w_picpath internal http://control:9292
penstack endpoint create --region RegionOne \
p_w_picpath admin http://control:9292
安装:
yum install openstack-glance
vi /etc/glance/glance-api.conf
配置数据库连接:
connection = mysql+pymysql://glance:密码@数据库ip/glance
找到[keystone_authtoken](配置认证)
加入:
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = xxxx
找到:[paste_deploy]
flavor = keystone
找到[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/p_w_picpaths/
编辑/etc/glance/glance-registry.conf
找到[database]
connection = mysql+pymysql://glance:密码@数据库ip/glance
找到[keystone_authtoken](配置认证)
加入:
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = xxxx
找到:[paste_deploy]
flavor = keystone
同步数据库:
glance-manage db_sync
启动glance:
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
验证:
运行环境变量:
. admin-openrc
下载一个比较小的镜像:
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
上传镜像:
openstack p_w_picpath create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
查看:
openstack p_w_picpath list
有输出 证明glance配置正确
9.[nova 控制节点]
建立nova的数据库:、
mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
授权:
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY '密码';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY '密码';
运行环境变量:
. admin-openrc
创建nova用户:
openstack user create --domain default \
--password-prompt nova
openstack role add --project service --user nova admin
创建计算服务:
openstack service create --name nova \
--description "OpenStack Compute" compute
创建endpoint:
openstack endpoint create --region RegionOne \
compute public http://control:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://control:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://control:8774/v2.1/%\(tenant_id\)s
安装:
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
编辑/etc/nova/nova.conf
找到:[DEFAULT]
enabled_apis = osapi_compute,metadata
找到:
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = xxx
[DEFAULT]
my_ip = ip地址
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://control:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步数据库:
nova-manage api_db sync
nova-manage db sync
启动服务:
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
10.[nova计算节点]
yum install openstack-nova-compute
编辑/etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = xxx
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = xxx
[DEFAULT]
...
my_ip =计算节点ip地址
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://control:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
注意:
egrep -c '(vmx|svm)' /proc/cpuinfo
如果为0则需要修改/etc/nova/nova.conf
[libvirt]
...
virt_type = qemu
为大于0则不需要
启动:
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
在控制节点验证:
运行环境变量:
. admin-openrc
openstack compute service list
输出正常即为配置正确
11.[neutron 控制节点]
创建neutron数据库
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
运行环境变量:
. admin-openrc
创建用户:
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
创建网络服务:
openstack service create --name neutron \
--description "OpenStack Networking" network
创建neutron endpoint
openstack endpoint create --region RegionOne \
network public http://control:9696
openstack endpoint create --region RegionOne \
network internal http://control:9696
openstack endpoint create --region RegionOne \
network admin http://control:9696
创建vxlan网络:
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
编辑:/etc/neutron/neutron.conf
[database]
...
connection = mysql+pymysql://neutron:密码@control/neutron
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxx
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
...
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = xxxx
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
配置ml2扩展:
编辑:/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
...
flat_networks = provider
[ml2_type_vxlan]
...
vni_ranges = 1:1000
[securitygroup]
...
enable_ipset = True
配置网桥:
编辑:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:使用的网卡名称
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置3层网络:
编辑:/etc/neutron/l3_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
配置dhcp:
编辑:/etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
配置metadata agent
编辑:/etc/neutron/metadata_agent.ini
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
编辑/etc/nova/nova.conf
[neutron]
...
url = http://control:9696
auth_url = http://control:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxx
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
创建扩展连接:
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
启动:
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
12.[neutron计算节点]
yum install openstack-neutron-linuxbridge ebtables ipset
编辑: /etc/neutron/neutron.conf
[DEFAULT]
...
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
[keystone_authtoken]
...
auth_uri = http://control:5000
auth_url = http://control:35357
memcached_servers = control:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = xxxx
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
配置vxlan
编辑:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = True
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = True
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑/etc/nova/nova.conf
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = xxxx
启动:
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service
验证:
运行环境变量:
. admin-openrc
neutron ext-list
输出正常即可
13.[dashboard]
yum install openstack-dashboard
编辑:/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "control"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"p_w_picpath": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
启动:
systemctl restart httpd.service memcached.service
到此openstack安装完,你可以去dashboard上面去创建云主机了。
参考文献:http://docs.openstack.org/mitaka/install-guide-rdo/common/conventions.html