openstack mitaka 完整安装详细文档（亲测，花了3天时间）

openstack 官方文档安装

系统版本 centos7 （最小化安装即可）

2台机器 内存2g（控制节点建议可以给到4-6g，因为2g我试验起来感觉比较卡顿，dashboard感觉反应有些缓慢），cpu2个 硬盘100g，每台机器需要2个网卡，具体可以查看

说明：

下面是官方截图：

control节点安装mysql rabbitmq keystone glance nova dashboard neutron

compute节点安装 nova neutron

openstack官网 配置说明

openstack安装步骤：

1.[ntp安装]

ntp主要为同步时间所用，时间不同步，可能造成你不能创建云主机

yum install chrony

vi /etc/chrony.conf增加

server NTP_SERVER iburst

allow 你的ip地址网段（允许你的ip地址网段可以访问ntp）

systemctl enable chronyd.service(加入系统自启动)

systemctl start chronyd.service（启动ntp服务）

注意：在centos7以前的版本安装ntp

yum install ntp

ntpdate time.nist.gov(同步时钟)

hwclock -w （写入bios）

2.[openstack packages]

安装openstack最新的源：

yum install centos-release-openstack-mitaka

yum install https://rdoproject.org/repos/rdo-release.rpm

yum upgrade (更新源)

yum install python-openstackclient（安装opentack必须的插件）

yum install openstack-selinux（可选则安装这个插件，我直接关闭了selinux，因为不熟，对后续不会有影响）

3.[database]

openstack支持很多的数据库，MySQL or PostgreSQL等

这里我们使用mysql。

yum install mariadb mariadb-server python2-PyMySQL（mariadb是mysql的新版本而已，无需惊讶）

vi /etc/my.cnf

加入：

[mysqld]

bind-address = 192.168.1.48（安装mysql的机器的IP地址）

default-storage-engine = innodb

innodb_file_per_table

collation-server = utf8_general_ci

character-set-server = utf8

将mysql加入自启动

systemctl enable mariadb.service

启动mysql

systemctl start mariadb.service

设置mysql属性：

直接输入脚本命令：

mysql_secure_installation

按照相关设置即可

注意：注意检查mysqld是否运行。3306端口是否起来

3.[rabbitmq]

安装openstack的消息使者rabbitmq，如果rabbitmq没有运行起来，你的整openstack平台将无法使用。rabbitmq使用5672端口。

yum install rabbitmq-server

systemctl enable rabbitmq-server.service（加入自启动）

systemctl start rabbitmq-server.service（启动）

rabbitmqctl add_user openstack RABBIT_PASS（增加用户openstack，密码自己设置替换掉RABBIT_PASS）

rabbitmqctl set_permissions openstack ".*" ".*" ".*"（给新增的用户授权，没有授权的用户将不能接受和传递消息）

4.[memcached]

memcache为选择安装项目。使用端口11211

yum install memcached python-memcached

systemctl enable memcached.service

systemctl start memcached.service

5.[keystone认证服务]

注意：在之前需要设置好hosts解析，控制节点和计算节点都要做。我的为：

192.168.1.48 control

192.168.1.49 compute

登录数据库创建keystone数据库。

mysql -u root -p

CREATE DATABASE keystone;

设置授权用户和密码：

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

IDENTIFIED BY '密码';

生成admin_token的随机值：

openssl rand -hex 10

安装keystone

yum install openstack-keystone httpd mod_wsgi

vi /etc/keystone/keystone.conf

使用刚刚生成的随机值替换掉：

admin_token = 随机值（主要为安全，也可以不用替换）

配置数据库连接：

connection = mysql+pymysql://keystone:密码@数据库ip地址/keystone

设置：provider = fernet、

同步keystone数据库：keystone-manage db_sync（一点要查看数据库是否生成表成功）

初始化keys：

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

配置apache：

vi /etc/httpd/conf/httpd.conf

将ServerName 后面改成主机名，防止启动报错

ServerName control

生成wsgi配置文件：

vi /etc/httpd/conf.d/wsgi-keystone.conf加入：

Listen 5000

Listen 35357

WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-public

WSGIScriptAlias / /usr/bin/keystone-wsgi-public

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.log combined

Require all granted

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-admin

WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.log combined

Require all granted

启动httpd：

systemctl enable httpd.service

systemctl start httpd.service

6.[创建keystone的service目录和endpoint]

export OS_TOKEN=上面生成的随机值

export OS_URL=http://control:35357/v3

export OS_IDENTITY_API_VERSION=3

创建keystone的service：

openstack service create --name keystone --description "OpenStack Identity" identity （identity这个认证类型一定不可以错）

创建keystone的endpoint：

openstack endpoint create --region RegionOne \

identity public http://control:5000/v3

openstack endpoint create --region RegionOne \

identity internel http://control:5000/v3

openstack endpoint create --region RegionOne \

identity admin http://control:35357/v3

7.[创建域，用户，租户，角色]

创建默认域default:

openstack domain create --description "Default Domain" default

创建admin的租户：

openstack project create --domain default \

--description "Admin Project" admin

创建admin用户：

openstack user create --domain default \

--password-prompt admin（会提示输入密码为登录dashboard的密码）

创建admin角色：

openstack role create admin

将用户租户角色连接起来：

openstack role add --project admin --user admin admin

创建服务目录：

openstack project create --domain default \

--description "Service Project" service

创建demo信息类似admin：

openstack project create --domain default \

--description "Demo Project" demo

openstack user create --domain default \

--password-prompt demo

openstack role create user

openstack role add --project demo --user demo user

创建完成之后可以使用命令验证：

openstack --os-auth-url http://control:35357/v3 \

--os-project-domain-name default --os-user-domain-name default \

--os-project-name admin --os-username admin token issue

输入密码之后，有正确的输出即为配置正确。

可将环境变量设置为脚本：

vi admin-openrc 加入：

export OS_PROJECT_DOMAIN_NAME=default

export OS_USER_DOMAIN_NAME=default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=xxxx

export OS_AUTH_URL=http://control:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

demo的变量类似即可。

运行使用 . admin-openrc或者使用source admin-openrc

验证输入命令：

openstack token issue

有正确的输出即为配置正确。

8.[glance镜像服务]

建立glance数据

登录mysql

mysql -u root -p

CREATE DATABASE glance;

授权

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

IDENTIFIED BY '密码';

运行环境变量：

. admin-openrc

创建glance用户信息：

openstack user create --domain default --password-prompt glance

openstack role add --project service --user glance admin

创建镜像服务目录：

openstack service create --name glance \

--description "OpenStack Image" p_w_picpath

创建镜像endpoint：

penstack endpoint create --region RegionOne \

p_w_picpath public http://control:9292

penstack endpoint create --region RegionOne \

p_w_picpath internal http://control:9292

penstack endpoint create --region RegionOne \

p_w_picpath admin http://control:9292

安装：

yum install openstack-glance

vi /etc/glance/glance-api.conf

配置数据库连接：

connection = mysql+pymysql://glance:密码@数据库ip/glance

找到[keystone_authtoken]（配置认证）

加入：

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = xxxx

找到：[paste_deploy]

flavor = keystone

找到[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/p_w_picpaths/

编辑/etc/glance/glance-registry.conf

找到[database]

connection = mysql+pymysql://glance:密码@数据库ip/glance

找到[keystone_authtoken]（配置认证）

加入：

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = xxxx

找到：[paste_deploy]

flavor = keystone

同步数据库：

glance-manage db_sync

启动glance：

systemctl enable openstack-glance-api.service \

openstack-glance-registry.service

systemctl start openstack-glance-api.service \

openstack-glance-registry.service

验证：

运行环境变量：

. admin-openrc

下载一个比较小的镜像：

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

上传镜像：

openstack p_w_picpath create "cirros" \

--file cirros-0.3.4-x86_64-disk.img \

--disk-format qcow2 --container-format bare \

--public

查看：

openstack p_w_picpath list

有输出 证明glance配置正确

9.[nova 控制节点]

建立nova的数据库：、

mysql -u root -p

CREATE DATABASE nova_api;

CREATE DATABASE nova;

授权：

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

IDENTIFIED BY '密码';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

IDENTIFIED BY '密码';

运行环境变量：

. admin-openrc

创建nova用户：

openstack user create --domain default \

--password-prompt nova

openstack role add --project service --user nova admin

创建计算服务：

openstack service create --name nova \

--description "OpenStack Compute" compute

创建endpoint：

openstack endpoint create --region RegionOne \

compute public http://control:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \

compute internal http://control:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \

compute admin http://control:8774/v2.1/%\(tenant_id\)s

安装：

yum install openstack-nova-api openstack-nova-conductor \

openstack-nova-console openstack-nova-novncproxy \

openstack-nova-scheduler

编辑/etc/nova/nova.conf

找到：[DEFAULT]

enabled_apis = osapi_compute,metadata

找到：

[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = xxx

[DEFAULT]

my_ip = ip地址

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

[glance]

api_servers = http://control:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

同步数据库：

nova-manage api_db sync

nova-manage db sync

启动服务：

systemctl enable openstack-nova-api.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service \

openstack-nova-consoleauth.service openstack-nova-scheduler.service \

openstack-nova-conductor.service openstack-nova-novncproxy.service

10.[nova计算节点]

yum install openstack-nova-compute

编辑/etc/nova/nova.conf

[DEFAULT]

rpc_backend = rabbit

[oslo_messaging_rabbit]

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = xxx

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = xxx

[DEFAULT]

...

my_ip =计算节点ip地址

[DEFAULT]

...

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

...

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://control:6080/vnc_auto.html

[glance]

...

api_servers = http://controller:9292

[oslo_concurrency]

...

lock_path = /var/lib/nova/tmp

注意：

egrep -c '(vmx|svm)' /proc/cpuinfo

如果为0则需要修改/etc/nova/nova.conf

[libvirt]

...

virt_type = qemu

为大于0则不需要

启动：

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

在控制节点验证：

运行环境变量：

. admin-openrc

openstack compute service list

输出正常即为配置正确

11.[neutron 控制节点]

创建neutron数据库

mysql -u root -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \

IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \

IDENTIFIED BY 'NEUTRON_DBPASS';

运行环境变量：

. admin-openrc

创建用户：

openstack user create --domain default --password-prompt neutron

openstack role add --project service --user neutron admin

创建网络服务：

openstack service create --name neutron \

--description "OpenStack Networking" network

创建neutron endpoint

openstack endpoint create --region RegionOne \

network public http://control:9696

openstack endpoint create --region RegionOne \

network internal http://control:9696

openstack endpoint create --region RegionOne \

network admin http://control:9696

创建vxlan网络：

yum install openstack-neutron openstack-neutron-ml2 \

openstack-neutron-linuxbridge ebtables

编辑：/etc/neutron/neutron.conf

[database]

...

connection = mysql+pymysql://neutron:密码@control/neutron

[DEFAULT]

...

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = True

[DEFAULT]

...

rpc_backend = rabbit

[oslo_messaging_rabbit]

...

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[DEFAULT]

...

auth_strategy = keystone

[keystone_authtoken]

...

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = xxxx

[DEFAULT]

...

notify_nova_on_port_status_changes = True

notify_nova_on_port_data_changes = True

[nova]

...

auth_url = http://control:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = xxxx

[oslo_concurrency]

...

lock_path = /var/lib/neutron/tmp

配置ml2扩展：

编辑：/etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

...

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]

...

flat_networks = provider

[ml2_type_vxlan]

...

vni_ranges = 1:1000

[securitygroup]

...

enable_ipset = True

配置网桥：

编辑：/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:使用的网卡名称

[vxlan]

enable_vxlan = True

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = True

[securitygroup]

...

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置3层网络：

编辑：/etc/neutron/l3_agent.ini

[DEFAULT]

...

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

配置dhcp：

编辑：/etc/neutron/dhcp_agent.ini

[DEFAULT]

...

interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = True

配置metadata agent

编辑：/etc/neutron/metadata_agent.ini

[DEFAULT]

...

nova_metadata_ip = controller

metadata_proxy_shared_secret = METADATA_SECRET

编辑/etc/nova/nova.conf

[neutron]

...

url = http://control:9696

auth_url = http://control:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = xxxx

service_metadata_proxy = True

metadata_proxy_shared_secret = METADATA_SECRET

创建扩展连接：

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

启动：

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

systemctl start neutron-server.service \

neutron-linuxbridge-agent.service neutron-dhcp-agent.service \

neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service

12.[neutron计算节点]

yum install openstack-neutron-linuxbridge ebtables ipset

编辑： /etc/neutron/neutron.conf

[DEFAULT]

...

rpc_backend = rabbit

auth_strategy = keystone

[oslo_messaging_rabbit]

...

rabbit_host = controller

rabbit_userid = openstack

rabbit_password = RABBIT_PASS

[keystone_authtoken]

...

auth_uri = http://control:5000

auth_url = http://control:35357

memcached_servers = control:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = xxxx

[oslo_concurrency]

...

lock_path = /var/lib/neutron/tmp

配置vxlan

编辑：/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

[vxlan]

enable_vxlan = True

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = True

[securitygroup]

...

enable_security_group = True

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

编辑/etc/nova/nova.conf

[neutron]

...

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = xxxx

启动：

systemctl restart openstack-nova-compute.service

systemctl enable neutron-linuxbridge-agent.service

systemctl enable neutron-linuxbridge-agent.service

验证：

运行环境变量：

. admin-openrc

neutron ext-list

输出正常即可

13.[dashboard]

yum install openstack-dashboard

编辑：/etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "control"

ALLOWED_HOSTS = ['*', ]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

'default': {

'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

'LOCATION': 'controller:11211',

}

}

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {

"identity": 3,

"p_w_picpath": 2,

"volume": 2,

}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

启动：

systemctl restart httpd.service memcached.service

到此openstack安装完，你可以去dashboard上面去创建云主机了。

参考文献：http://docs.openstack.org/mitaka/install-guide-rdo/common/conventions.html