多条告白如次剧本只需引入一次
OpenStack安置安置
一、普通筹备处事
安置情况:CentOS 7 64
1、封闭当地iptables风火墙并树立开机不自启用
# systemctl stop firewalld.service# systemctl disable firewalld.service2、封闭当地selinux风火墙
# vim /etc/sysconfig/selinux SELINUX=disabled# setenforce 03、树立长机计划机称呼
# hostnamectl set-hostname controller4、当地长机称呼和ip的领会
# vim /etc/hosts192.168.0.104 controller5、安置ntp功夫校准东西
# yum -y install ntp# ntpdate asia.pool.ntp.org6、安置第三方yum源
# yum -y install yum-plugin-priorities# yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm# yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm7、晋级体例软硬件包并从新体例
# yum upgrade# reboot二、安置摆设mariadb数据库
1、安置mariadb数据库
# yum -y install mariadb mariadb-server MySQL-python2、摆设mariadb数据库
# cp /etc/my.cnf /etc/my.cnf.bak# rpm -ql mariadb# vim /etc/my.cnf.d/server.cnf[mysqld]bind-address = 0.0.0.0default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = 'SET NAMES utf8'character-set-server = utf83、启用mariadb数据库
# systemctl enable mariadb.service# systemctl start mariadb.service三、安置动静部队效劳
1、安置rabbit所需软硬件包
# yum -y install rabbitmq-server2、启用rabbit效劳
# systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service3、树立rabbit效劳暗号
# rabbitmqctl change_password guest rabbit四、安置keyston用户认证组件
1、创造keystone数据库和受权用户
mysql -u root -pCREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';2、安置keystone组件包
# yum -y install openstack-utils openstack-keystone python-keystoneclient3、摆设keystone文献
# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak# vim /etc/keystone/keystone.conf [DEFAULT]verbose = True[database]connection = mysql://keystone:keystone@controller/keystone[token]provider = keystone.token.providers.uuid.Providerdriver = keystone.token.persistence.backends.sql.Token4、创造文凭和秘钥文献
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /var/log/keystone# chown -R keystone:keystone /etc/keystone/ssl# chmod -R o-rwx /etc/keystone/ssl5、同步keystone到mariadb数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone6、启用keystone效劳并开机自启用
# systemctl enable openstack-keystone.service# systemctl start openstack-keystone.service7、废除过时的令牌
默许情景下,身份效劳保存在数据库中过时的令牌无穷。到时令牌的积聚大大减少数据库的巨细,大概会贬低效劳的本能,更加是在资源有限的情况中。咱们倡导您运用cron摆设一个周期性工作,废除过时的令牌时
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone—————————-Create tenants,user,and roles———————————
1、摆设admin的token
# export OS_SERVICE_TOKEN=$(openssl rand -hex 10)# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0# echo $OS_SERVICE_TOKEN > ~/ks_admin_token# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $OS_SERVICE_TOKEN# service openstack-keystone restart2、创造tenant、user and role
a.Create the admin tenant、user、role# keystone tenant-create --name admin --description "Admin Tenant"# keystone user-create --name admin --pass admin --email admin@zhengyansheng.com# keystone role-create --name adminb.Add the admin tenant and user to the admin role:# keystone user-role-add --tenant admin --user admin --role adminc.By default, the dashboard limits access to users with the _member_ role.# keystone role-create --name _member_d.Add the admin tenant and user to the _member_ role:# keystone user-role-add --tenant admin --user admin --role _member_3、创造一个普遍demo名目和用户
a.Create the demo tenant:# keystone tenant-create --name demo --description "Demo Tenant"b.Create the demo user:# keystone user-create --name demo --pass demo --email demo@zhengyansheng.comc.Add the demo tenant and user to the _member_ role:# keystone user-role-add --tenant demo --user demo --role _member_4、创造一个service名目
# keystone tenant-create --name service --description "Service Tenant"————————Create the service entity and API endpoint————————
1、Create the service entity and API endpoint | Create the service entity for the Identity service:
# keystone service-create --name keystone --type identity --description "OpenStack Identity"2、Create the API endpoint for the Identity service:
# keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') --publicurl http://controller:5000/v2.0 --internalurl http://controller:5000/v2.0 --adminurl http://controller:35357/v2.0 --region regionOne3、察看keystone认证消息
[root@controller ~]# keystone user-list+----------------------------------+-------+---------+-------------------------+| id | name | enabled | email |+----------------------------------+-------+---------+-------------------------+| 7053cfacc4b047dcabe82f6be0e5dc77 | admin | True | admin@zhengyansheng.com || eea569106329465996e9e09a666838bd | demo | True | demo@zhengyansheng.com |+----------------------------------+-------+---------+-------------------------+[root@controller ~]# keystone tenant-list+----------------------------------+---------+---------+| id | name | enabled |+----------------------------------+---------+---------+| 307fd76766eb4b02a28779f4e88717ce | admin | True || f054bd56851b4a318a19233a13e13d31 | demo | True || d865c3b49f6f4bf7b2a0b93e0110e546 | service | True |+----------------------------------+---------+---------+[root@controller ~]# keystone service-list+----------------------------------+----------+----------+--------------------+| id | name | type | description |+----------------------------------+----------+----------+--------------------+| 9754f7bdf78c4000875f1aa5f3291b19 | keystone | identity | OpenStack Identity |+----------------------------------+----------+----------+--------------------+[root@controller ~]# keystone endpoint-list+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+| id | region | publicurl | internalurl | adminurl | service_id |+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+| 6831d6708fe4469fa653b9b5adf801d9 | regionOne | http://controller:5000/v2.0 | http://controller:5000/v2.0 | http://controller:35357/v2.0 | 9754f7bdf78c4000875f1aa5f3291b19 |+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+4、废除偶尔树立的情况变量
# unset OS_SERVICE_TOKEN # unset OS_SERVICE_ENDPOINT5、运用keystone举行用户认证
# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 tenant-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 user-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 role-list6、运用普遍用户demo认证尝试
# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 user-listYou are not authorized to perform the requested action: admin_required (HTTP 403)7、存户端cli吩咐行剧本
# vim ~/admin-openrc.sh export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://controller:35357/v2.0# vim ~/demo-openrc.shexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://controller:5000/v2.0# source admin-openrc.sh8、尝试即使废除情况变量,经过keystone仍旧不妨认证经过证明keystone是摆设胜利的
四、安置glance组件
1、创造keystone数据库和受权用户
mysql -u root -pCREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';2、创造glance用户并介入到admin组中
# keystone user-create --name glance --pass glance# keystone user-role-add --user glance --tenant service --role admin3、创造glance效劳
# keystone service-create --name glance --type image --description "OpenStack Image Service"4、创造Identity的效劳考察rul
# keystone endpoint-create --service-id $(keystone service-list | awk '/ image / {print $2}') --publicurl http://controller:9292 --internalurl http://controller:9292 --adminurl http://controller:9292 --region regionOne5、安置摆设glance包
# yum -y install openstack-glance python-glanceclient6、窜改glance摆设文献
# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak# vim /etc/glance/glance-api.conf[DEFAULT] verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0identity_uri = http://controller:35357admin_tenant_name = serviceadmin_user = glanceadmin_password = glance[paste_deploy]flavor = keystone[glance_store]default_store = filefilesystem_store_datadir = /var/lib/glance/images/# cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak# vim /etc/glance/glance-registry.conf[DEFAULT]verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0identity_uri = http://controller:35357admin_tenant_name = serviceadmin_user = glanceadmin_password = glance [paste_deploy]flavor = keystone7、同步glance到mariadb数据库
# su -s /bin/sh -c "glance-manage db_sync" glance8、启用和开机自启用
# systemctl enable openstack-glance-api.service openstack-glance-registry.service# systemctl start openstack-glance-api.service openstack-glance-registry.service9、载入上传image镜像
# mkdir /tmp/images# cd /tmp/images# wget http://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img# glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress# glance image-list# mv /tmp/images /opt五、增添一个计划节点
1、创造nova数据库和受权用户
mysql -u root -pCREATE DATABASE nova;GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';2、创造Nova的用户,介入到admin组、service效劳
# keystone user-create --name nova --pass nova# keystone user-role-add --user nova --tenant service --role admin# keystone service-create --name nova --type compute --description "OpenStack Compute"3、创造计划节点的考察url
# keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') --publicurl http://controller:8774/v2/%(tenant_id)s --internalurl http://controller:8774/v2/%(tenant_id)s --adminurl http://controller:8774/v2/%(tenant_id)s --region regionOne4、安置Nova包
# yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient# yum -y install openstack-nova-compute sysfsutils5、窜改nova摆设文献
# cp /etc/nova/nova.conf /etc/nova/nova.conf.bak# vim /etc/nova/nova.conf[DEFAULT]my_ip = controllervncserver_listen = controllervncserver_proxyclient_address = controllerverbose = Truerpc_backend = rabbitrabbit_host = controllerrabbit_password = rabbitauth_strategy = keystonevnc_enabled = Truevncserver_listen = 0.0.0.0vncserver_proxyclient_address = controllernovncproxy_base_url = http://controller:6080/vnc_auto.html[database]connection = mysql://nova:nova@controller/nova[keystone_authtoken]auth_uri = http://controller:5000/v2.0identity_uri = http://controller:35357admin_tenant_name = serviceadmin_user = novaadmin_password = nova[glance]host = controller[libvirt]virt_type = qemu6、同步nova到moriadb数据库
# su -s /bin/sh -c "nova-manage db sync" nova7、启用稠密效劳开机自启用
# systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service# systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service # systemctl enable libvirtd.service openstack-nova-compute.service# systemctl start libvirtd.service# systemctl start openstack-nova-compute.service# nova service-list# nova image-list六、增添一个搜集节点
1、创造neutron数据库和受权用户
mysql -u root -pCREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';2、创造neutron用户,介入到admin组中,并创造neutron效劳
# keystone user-create --name neutron --pass neutron# keystone user-role-add --user neutron --tenant service --role admin# keystone service-create --name neutron --type network --description "OpenStack Networking"3、创造neutron的endponit考察url
# keystone endpoint-create --service-id $(keystone service-list | awk '/ image / {print $2}') --publicurl http://controller:5672 --internalurl http://controller:5672 --adminurl http://controller:5672 --region regionOne4、安置neutron包
# yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which5、窜改neutron摆设文献
# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbitrabbit_host = controllerrabbit_password = rabbitauth_strategy = keystonecore_plugin = ml2service_plugins = routerallow_overlapping_ips = Truenotify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truenova_url = http://controller:8774/v2nova_admin_auth_url = http://controller:35357/v2.0nova_region_name = regionOnenova_admin_username = novanova_admin_tenant_id = SERVICE_TENANT_IDnova_admin_password = novaverbose = True[database]connection = mysql://neutron:neutron@controller/neutron[keystone_authtoken]auth_uri = http://controller:5000/v2.0identity_uri = http://controller:35357admin_tenant_name = serviceadmin_user = neutronadmin_password = neutron6、尝试
# keystone tenant-get service# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]type_drivers = flat,gretenant_network_types = gremechanism_drivers = openvswitch[ml2_type_gre] tunnel_id_ranges = 1:1000[securitygroup] enable_security_group = Trueenable_ipset = Truefirewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver# vim /etc/nova/nova.conf [DEFAULT]network_api_class = nova.network.neutronv2.api.APIsecurity_group_api = neutronlinuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriverfirewall_driver = nova.virt.firewall.NoopFirewallDriver[neutron]url = http://controller:9696auth_strategy = keystoneadmin_auth_url = http://controller:35357/v2.0admin_tenant_name = serviceadmin_username = neutronadmin_password = neutron# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini7、同步neutron到mariadb数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron8、从新启用compute效劳
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service9、开机自启用效劳
# systemctl enable neutron-server.service# systemctl start neutron-server.service10、察看neutron-server过程
# neutron ext-list11、察看关系消息
# tail -f /var/log/neutron/server.log12、摆设内核搜集参数
# cp /etc/sysctl.conf /etc/sysctl.conf.bak# vim /etc/sysctl.conf net.ipv4.ip_forward=1net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0# sysctl -p13、安置搜集组件包
# yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch14、摆设常用的搜集组件
# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2_type_flat] flat_networks = external [ovs] local_ip = INSTANCE_TUNNELS_INTERFACE_IP_ADDRESSenable_tunneling = Truebridge_mappings = external:br-ex [agent]tunnel_types = gre# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak# vim /etc/neutron/l3_agent.ini[DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriveruse_namespaces = Trueexternal_network_bridge = br-ex verbose = True# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak# vim /etc/neutron/dhcp_agent.ini [DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasquse_namespaces = True verbose = Truednsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak# vim /etc/neutron/metadata_agent.ini[DEFAULT] auth_url = http://controller:5000/v2.0auth_region = regionOneadmin_tenant_name = serviceadmin_user = neutronadmin_password = neutronnova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET verbose = True# vim /etc/nova/nova.conf [neutron] service_metadata_proxy = Truemetadata_proxy_shared_secret = METADATA_SECRET15、在遏制节点上从新启用API效劳
# systemctl restart openstack-nova-api.service七、安置摆设dashboard
1、安置dashboard和所需的和依附包
# yum install openstack-dashboard httpd mod_wsgi memcached python-memcached2、窜改dashboard摆设文献
# cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak# vim /etc/openstack-dashboard/local_settingsOPENSTACK_HOST = "controller"ALLOWED_HOSTS = ['*']CACHES = {'default': {'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache','LOCATION': '127.0.0.1:11211',}}TIME_ZONE = "TIME_ZONE"3、运转web效劳贯穿OpenStack效劳
# setsebool -P httpd_can_network_connect on4、因为包装缺点,风度板不许精确加载CSS。运转以次吩咐来处置这个题目:
# chown -R apache:apache /usr/share/openstack-dashboard/static5、启用Web效劳器和对话保存效劳和摆设启用体例启用时:
# systemctl enable httpd.service memcached.service# systemctl start httpd.service memcached.service八、考察尝试
1、鉴于HTTP举行考察尝试:
好了,即日就先到这边吧!