yum install -y bash-completion lrzsz wget unzip ntpdate screen iotop lsof ntpdate time1.aliyun.com yum install -y yum-plugin-ugin-priorities setenforce 0 echo 'Controller220/node221' > /etc/hostname [root@220 ~]# systemctl restart NetworkManager [root@220 ~]# hostname Controller220/node221 Controller220/node221 [root@220 ~]# bash yum install chrony -y vim /etc/chrony.conf ————>allow 192.168.3.0/24 systemctl enable chronyd && systemctl restart chronyd systemctl stop firewalld && systemctl disable firewalld.service setenforce 0 [root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF [openstack] name=openstack mirrors.aliyun.com baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/ enabled=1 gpgcheck=0 EOF yum install epel-release -y yum clean all yum clean metadata yum install -y centos-release-openstack-queens yum upgrade -y Controller220 节点 yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbs yum localinstall -y /root/openstack/* yum install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-server cat > /etc/my.cnf.d/openstack.cnf << EOF [mysqld] bind-address = 192.168.3.220 default-storage-engine = innodb #默认存储引擎 innodb_file_per_table = on #每张表独立表空间文件 max_connections = 4096 #最大连接数 collation-server = utf8_general_ci #默认字符集 character-set-server = utf8 EOF systemctl enable mariadb memcached && systemctl restart mariadb memcached 初始化数据库 mysql_secure_installation yum install rabbitmq-server erlang -y erl -v systemctl enable rabbitmq-server && systemctl restart rabbitmq-server rabbitmqctl add_user openstack openstack rabbitmqctl set_permissions openstack ".*" ".*" ".*" sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g' /etc/sysconfig/memcached systemctl enable memcached && systemctl restart memcached rabbitmq-plugins enable rabbitmq_management (启动web界面) [root@Controller220 ~]# rabbitmq-plugins list |grep management [E] rabbitmq_management 3.3.5 [root@Controller220 ~]# lsof -i:15672 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME beam.smp 31539 rabbitmq 17u IPv4 51731 0t0 TCP *:15672 (LISTEN) ip:15672 u:guest p:guest ---------------------------------------------------------------------------------------------------------------- keystone:用户认证,服务目录 ---------------------------------------------------------------------------------------------------------------- yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi mysql -uroot -p123qwe -e "\ create database if not exists keystone; \ create database if not exists glance;\ create database if not exists nova;\ create database if not exists nova_api;\ create database if not exists neutron; \ create database if not exists cinder;\ create database if not exists placement;\ grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\ grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; \ grant all on glance.* to 'glance'@'localhost' identified by 'glance';\ grant all on glance.* to 'glance'@'%' identified by 'glance'; \ grant all on nova.* to 'nova'@'localhost' identified by 'nova'; \ grant all on nova.* to 'nova'@'%' identified by 'nova'; \ grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';\ grant all on nova_api.* to 'nova'@'%' identified by 'nova'; \ grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; grant all on neutron.* to 'neutron'@'%' identified by 'neutron';\ grant all on cinder.* to 'cinder'@'localhost' identified by 'cinder';\ grant all on cinder.* to 'cinder'@'%' identified by 'cinder'; grant all on placement.* to 'placement'@'localhost' identified by 'placement';\ grant all on placement.* to 'placement'@'%' identified by 'placement';\ flush privileges;\ show databases;\ select user,host from mysql.user;" (改如下) cat > /etc/keystone/keystone.conf <<EOF [database] connection = mysql+pymysql://keystone:[email protected]/keystone [memcache] servers = 192.168.3.220:11211 [token] provider = fernet driver = memcache EOF 初始化数据库 su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;" 初始化Fernet keys: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 建立admin用户 keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://192.168.3.220:35357/v3/ \ --bootstrap-internal-url http://192.168.3.220:35357/v3/ --bootstrap-public-url http://192.168.3.220:5000/v3/ \ --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;" vim /etc/httpd/conf/httpd.conf ——————> ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf) [root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> systemctl enable httpd && systemctl restart httpd [root@Controller220 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 30547/mysqld tcp 0 0 192.168.3.220:11211 0.0.0.0:* LISTEN 48071/memcached tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 30975/epmd tcp6 0 0 :::35357 :::* LISTEN 51483/httpd tcp6 0 0 :::5000 :::* LISTEN 51483/httpd tcp6 0 0 :::5672 :::* LISTEN 31539/beam.smp tcp6 0 0 :::80 :::* LISTEN 51483/httpd tcp6 0 0 :::4369 :::* LISTEN 30975/epmd cat > ~/admin-openstack << EOF export OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=default export OS_PROJECT_DOMAIN_NAME=default export OS_AUTH_URL=http://192.168.3.220:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IIMAGE_API_VERSION=2 EOF cat > ~/demo-openstack << EOF export OS_USERNAME=demo export OS_PASSWORD=demo export OS_PROJECT_NAME=demo export OS_USER_DOMAIN_NAME=default export OS_PROJECT_DOMAIN_NAME=default export OS_AUTH_URL=http://192.168.3.220:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IIMAGE_API_VERSION=2 EOF source admin-openstack openstack user list (admin是数据库初始化建立的) openstack token issue (查看token) 项目 (openstack project list加默认3个) openstack project create --domain default --description "Service Project" service 1>&2 & openstack project create --domain default --description "Demo Project" demo 1>&2 & 角色,默认有admin (角色规定权限,默认openstack role list 中默认menber/reader共4个) openstack role create user 1>&2 & 用户 (默认已有admin,openstack user list共6个) openstack user create --domain default --password-prompt demo openstack user create --domain default --password-prompt glance openstack user create --domain default --password-prompt nova openstack user create --domain default --password-prompt neutron openstack user create --domain default --password-prompt cinder openstack user create --domain default --password-prompt placement 给予角色权限属性 openstack role add --project demo --user demo user 1>&2 & openstack role add --project service --user glance admin 1>&2 & openstack role add --project service --user nova admin 1>&2 & openstack role add --project service --user neutron admin 1>&2 & openstack role add --project service --user cinder admin 1>&2 & openstack role add --project service --user placement admin 1>&2 & 创建服务 openstack service create --name glance --description "OpenStack Image" image 1>&2 & openstack service create --name nova --description "Openstack Compute " compute 1>&2 & openstack service create --name placement --description "Placement API" placement 1>&2 & 创建端点endpoint(public/internal/admin) openstack endpoint create --region RegionOne image public http://192.168.3.220:9292 1>&2 & openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292 1>&2 & openstack endpoint create --region RegionOne image admin http://192.168.3.220:9292 1>&2 & openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 1>&2 & openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 & openstack endpoint create --region RegionOne placement admin http://192.168.3.220:8778 1>&2 & openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 & openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 & openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 & openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1 1>&2 & openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 & openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1 1>&2 & 如果service错误先删endpoint再删service 删除方法先list 再openstack service/project delete [ID] 接下来验证 unset OS_AUTH_URL OS_PASSWORD admin用户 openstack --os-auth-url http://192.168.3.220:35357/v3 --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue demo用户 openstack --os-auth-url http://192.168.3.220:5000/v3 --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue 测试成功后可以删除demo source demo-openstack /admin-openstack openstack token issue [root@Controller220 ~]# openstack token issue (密码有误的报错信息) The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48) ----------------------------------------------------------------------------------------------------------------------- glance ----------------------------------------------------------------------------------------------------------------------- yum install -y openstack-glance [root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [keystone_authtoken] auth_uri = http://192.168.3.220:5000 auth_url = http://192.168.3.220:35357 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [paste_deploy] flavor = keystone EOF [root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF [database] connection = mysql+pymysql://glance:[email protected]/glance [keystone_authtoken] auth_uri = http://192.168.3.220:5000 auth_url = http://192.168.3.220:35357 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [paste_deploy] flavor = keystone EOF 初始化数据库 su -s /bin/sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance;show tables;' systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance-api openstack-glance-registry openstack image list (空白是正常,因为没有镜像,上传后就有数据) glance image-list (列出镜像) wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img (官方小镜像) 上传镜像 source admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --public ================================================================================================================= placement ================================================================================================================= yum install openstack-placement-api -y cat > /etc/placement/placement.conf <<EOF [api] auth_strategy = keystone [cors] [keystone_authtoken] auth_url = http://192.168.3.220:5000/v3 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = placement [placement_database] connection = mysql+pymysql://placement:[email protected]/placement EOF su -s /bin/sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement;show tables;' placement-status upgrade check ------------------------------------------------------------------------------------------------------------------------ NOVA API负责接收和响应外部请求,支持openstackAPI,EC2 API Cert:负责身份认证EC2 Scheduler:用于云主机调度 Conductor:计算节点访问数据的中间件 Consoleauth:用于控制台的授权验证 Novncproxy:vnc代理 ------------------------------------------------------------------------------------------------------------------------ yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler [root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF [DEFAULT] use_neutron=True firewall_driver=nova.virt.firewall.NoopFirewallDriver enabled_apis=osapi_compute,metadata rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host=192.168.3.220 rabbit_userid = openstack rabbit_password = openstack [api] auth_strategy=keystone [api_database] connection = mysql+pymysql://nova:[email protected]/nova_api [database] connection = mysql+pymysql://nova:[email protected]/nova [glance] api_servers=http://192.168.3.220:9292 [keystone_authtoken] auth_uri = http://192.168.3.220:5000 auth_url = http://192.168.3.220:35357 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova [oslo_concurrency] lock_path=/var/lib/nova/tmp [vnc] vncserver_listen= 0.0.0.0 vncserver_proxyclient_address=192.168.3.220 [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://192.168.3.220:35357/v3 username = placement password = placement EOF [root@Controller220 ~]# cat > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> EOF systemctl restart httpd 同步nova-api数据库 su -s /bin/sh -c "nova-manage api_db sync" nova 注册cell0数据库 su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova 创建cell1的cell su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova 同步nova数据库 su -s /bin/sh -c "nova-manage db sync" nova 验证cell0和cell1的注册是否正确 nova-manage cell_v2 list_cells mysql -unova -pnova -e "use nova;show tables;use nova_api;show tables;" systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-console && systemctl restart openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-api openstack-nova-console openstack-nova-scheduler yum install libibverbs -y 已做 Nova服务注册 openstack service create --name nova --description "Openstack Compute " compute openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1 openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 openstack endpoint create --region RegionOne placement admin http://192.168.3.220:8778 nova service-list && nova endpoints @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
yum install -y bash-completion lrzsz wget unzip ntpdate screen iotop lsofntpdate time1.aliyun.com
yum install -y yum-plugin-ugin-priorities
setenforce 0
echo 'Controller220/node221' > /etc/hostname[root@220 ~]# systemctl restart NetworkManager [root@220 ~]# hostname Controller220/node221Controller220/node221[root@220 ~]# bash
yum install chrony -yvim /etc/chrony.conf ————>allow 192.168.3.0/24systemctl enable chronyd && systemctl restart chronydsystemctl stop firewalld && systemctl disable firewalld.servicesetenforce 0
[root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF[openstack]name=openstack mirrors.aliyun.combaseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/enabled=1gpgcheck=0EOFyum install epel-release -yyum clean allyum clean metadatayum install -y centos-release-openstack-queensyum upgrade -yController220 节点
yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbsyum localinstall -y /root/openstack/*yum install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api
yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-servercat > /etc/my.cnf.d/openstack.cnf << EOF[mysqld]bind-address = 192.168.3.220default-storage-engine = innodb #默认存储引擎innodb_file_per_table = on #每张表独立表空间文件max_connections = 4096 #最大连接数collation-server = utf8_general_ci #默认字符集character-set-server = utf8EOFsystemctl enable mariadb memcached && systemctl restart mariadb memcached初始化数据库mysql_secure_installation
yum install rabbitmq-server erlang -yerl -vsystemctl enable rabbitmq-server && systemctl restart rabbitmq-serverrabbitmqctl add_user openstack openstackrabbitmqctl set_permissions openstack ".*" ".*" ".*"sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g' /etc/sysconfig/memcachedsystemctl enable memcached && systemctl restart memcached
rabbitmq-plugins enable rabbitmq_management (启动web界面)[root@Controller220 ~]# rabbitmq-plugins list |grep management [E] rabbitmq_management 3.3.5
[root@Controller220 ~]# lsof -i:15672COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEbeam.smp 31539 rabbitmq 17u IPv4 51731 0t0 TCP *:15672 (LISTEN)ip:15672 u:guest p:guest
----------------------------------------------------------------------------------------------------------------
keystone:用户认证,服务目录
----------------------------------------------------------------------------------------------------------------yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi
mysql -uroot -p123qwe -e "\create database if not exists keystone; \create database if not exists glance;\create database if not exists nova;\create database if not exists nova_api;\create database if not exists neutron; \create database if not exists cinder;\create database if not exists placement;\grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; \grant all on glance.* to 'glance'@'localhost' identified by 'glance';\grant all on glance.* to 'glance'@'%' identified by 'glance'; \grant all on nova.* to 'nova'@'localhost' identified by 'nova'; \grant all on nova.* to 'nova'@'%' identified by 'nova'; \grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';\grant all on nova_api.* to 'nova'@'%' identified by 'nova'; \grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; grant all on neutron.* to 'neutron'@'%' identified by 'neutron';\grant all on cinder.* to 'cinder'@'localhost' identified by 'cinder';\grant all on cinder.* to 'cinder'@'%' identified by 'cinder';grant all on placement.* to 'placement'@'localhost' identified by 'placement';\grant all on placement.* to 'placement'@'%' identified by 'placement';\flush privileges;\show databases;\select user,host from mysql.user;"(改如下)cat > /etc/keystone/keystone.conf <<EOF [database]connection = mysql+pymysql://keystone:[email protected]/keystone[memcache]servers = 192.168.3.220:11211[token]provider = fernetdriver = memcacheEOF初始化数据库su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;"
初始化Fernet keys:keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone 建立admin用户keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://192.168.3.220:35357/v3/ \ --bootstrap-internal-url http://192.168.3.220:35357/v3/ --bootstrap-public-url http://192.168.3.220:5000/v3/ \ --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"
vim /etc/httpd/conf/httpd.conf ——————> ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf)
[root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf Listen 5000Listen 35357<VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin> Require all granted </Directory></VirtualHost>
<VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin> Require all granted </Directory></VirtualHost>
systemctl enable httpd && systemctl restart httpd
[root@Controller220 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 30547/mysqld tcp 0 0 192.168.3.220:11211 0.0.0.0:* LISTEN 48071/memcached tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 30975/epmd tcp6 0 0 :::35357 :::* LISTEN 51483/httpd tcp6 0 0 :::5000 :::* LISTEN 51483/httpd tcp6 0 0 :::5672 :::* LISTEN 31539/beam.smp tcp6 0 0 :::80 :::* LISTEN 51483/httpd tcp6 0 0 :::4369 :::* LISTEN 30975/epmd
cat > ~/admin-openstack << EOFexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFcat > ~/demo-openstack << EOFexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_PROJECT_NAME=demoexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFsource admin-openstack
openstack user list (admin是数据库初始化建立的)openstack token issue (查看token)
项目 (openstack project list加默认3个)openstack project create --domain default --description "Service Project" service 1>&2 &openstack project create --domain default --description "Demo Project" demo 1>&2 &角色,默认有admin (角色规定权限,默认openstack role list 中默认menber/reader共4个)openstack role create user 1>&2 &用户 (默认已有admin,openstack user list共6个)openstack user create --domain default --password-prompt demoopenstack user create --domain default --password-prompt glanceopenstack user create --domain default --password-prompt novaopenstack user create --domain default --password-prompt neutronopenstack user create --domain default --password-prompt cinderopenstack user create --domain default --password-prompt placement给予角色权限属性openstack role add --project demo --user demo user 1>&2 &openstack role add --project service --user glance admin 1>&2 &openstack role add --project service --user nova admin 1>&2 &openstack role add --project service --user neutron admin 1>&2 &openstack role add --project service --user cinder admin 1>&2 &openstack role add --project service --user placement admin 1>&2 &创建服务openstack service create --name glance --description "OpenStack Image" image 1>&2 &openstack service create --name nova --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &
创建端点endpoint(public/internal/admin)
openstack endpoint create --region RegionOne image public http://192.168.3.220:9292 1>&2 &openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292 1>&2 &openstack endpoint create --region RegionOne image admin http://192.168.3.220:9292 1>&2 &
openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1 1>&2 &
如果service错误先删endpoint再删service 删除方法先list 再openstack service/project delete [ID]
接下来验证unset OS_AUTH_URL OS_PASSWORDadmin用户openstack --os-auth-url http://192.168.3.220:35357/v3 --os-project-domain-name default --os-user-domain-name default \--os-project-name admin --os-username admin token issuedemo用户openstack --os-auth-url http://192.168.3.220:5000/v3 --os-project-domain-name default --os-user-domain-name default \--os-project-name demo --os-username demo token issue测试成功后可以删除demosource demo-openstack /admin-openstack openstack token issue
[root@Controller220 ~]# openstack token issue (密码有误的报错信息)The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48)-----------------------------------------------------------------------------------------------------------------------glance
-----------------------------------------------------------------------------------------------------------------------yum install -y openstack-glance[root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF[root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF[database]connection = mysql+pymysql://glance:[email protected]/glance[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF初始化数据库
su -s /bin/sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance;show tables;'
systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance-api openstack-glance-registry
openstack image list (空白是正常,因为没有镜像,上传后就有数据)glance image-list (列出镜像)wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img (官方小镜像)上传镜像source admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --public================================================================================================================= placement=================================================================================================================yum install openstack-placement-api -ycat > /etc/placement/placement.conf <<EOF[api]auth_strategy = keystone[cors][keystone_authtoken]auth_url = http://192.168.3.220:5000/v3memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = placementpassword = placement[placement_database]connection = mysql+pymysql://placement:[email protected]/placementEOFsu -s /bin/sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement;show tables;'placement-status upgrade check
------------------------------------------------------------------------------------------------------------------------
NOVAAPI负责接收和响应外部请求,支持openstackAPI,EC2 APICert:负责身份认证EC2Scheduler:用于云主机调度Conductor:计算节点访问数据的中间件Consoleauth:用于控制台的授权验证Novncproxy:vnc代理------------------------------------------------------------------------------------------------------------------------
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler[root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF[DEFAULT]use_neutron=Truefirewall_driver=nova.virt.firewall.NoopFirewallDriverenabled_apis=osapi_compute,metadatarpc_backend = rabbit[oslo_messaging_rabbit]rabbit_host=192.168.3.220rabbit_userid = openstackrabbit_password = openstack[api]auth_strategy=keystone[api_database]connection = mysql+pymysql://nova:[email protected]/nova_api[database]connection = mysql+pymysql://nova:[email protected]/nova[glance]api_servers=http://192.168.3.220:9292[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = nova[oslo_concurrency]lock_path=/var/lib/nova/tmp[vnc]vncserver_listen= 0.0.0.0vncserver_proxyclient_address=192.168.3.220[placement]os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://192.168.3.220:35357/v3username = placementpassword = placementEOF[root@Controller220 ~]# cat > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion></Directory>EOFsystemctl restart httpd同步nova-api数据库su -s /bin/sh -c "nova-manage api_db sync" nova注册cell0数据库su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova创建cell1的cellsu -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova同步nova数据库su -s /bin/sh -c "nova-manage db sync" nova验证cell0和cell1的注册是否正确nova-manage cell_v2 list_cellsmysql -unova -pnova -e "use nova;show tables;use nova_api;show tables;"systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-console && systemctl restart openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-api openstack-nova-console openstack-nova-scheduleryum install libibverbs -y已做 Nova服务注册openstack service create --name nova --description "Openstack Compute " compute openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1
openstack service create --name placement --description "Placement API" placementopenstack endpoint create --region RegionOne placement public http://192.168.3.220:8778openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778
nova service-list && nova endpoints
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@