一. 环境准备(先第一台机器)
1.搭建yum源 (3台)
(外网:阿里云源)
2. DNS 域名解析
# vim /etc/hosts
3. 无密钥登录
# ssh
基本的环境Environmet
二. 安装openstack-ocata版 (部署在第一台机器)
(第一台机器为控制节点:openstack的组件和共享服务都是部署在这台机器)
三. 部署数据库
-
下载数据库
yum install -y mariadb mariadb-server python2-PyMySQL
-
创建openstack自己的数据库 /etc/my.cnf.d/openstack.cnf
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 本地ip(ens33的) #监听地址
default-storage-engine = innodb # 默认引擎
innodb_file_per_table = on
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci
character-set-server = utf8
-
启动数据库服务
systemctl start mariadb.service
systemctl enable mariadb.service
-
初始化数据库
mysql_secure_installation
消息队列(Message queue)
四. 部署Message queue消息队列 (之前笔记)
安装rabbitmq
# yum -y install rabbitmq-server
重启服务
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
# systemctl status rabbitmq-server.service
建立 openstack 用户
# rabbitmqctl add_user openstack admin
创建openstack用户密码设置为admin
设置 openstack 权限
# rabbitmqctl set_permissions openstack “." ".” “.*”
给openstack用户设置权限
将openstack设为超级管理员:(超级管理员才能登陆到页面)
# rabbitmqctl set_user_tags openstack administrator
五. 部署 Memcached缓存
-
安装
yum -y install memcached python-memcached
-
设置配置文件 /etc/sysconfig/memcached
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,sheng0" ( 添加本地节点,代表可以监听本地的memcached服务 )
(由于域名解析,∴可以写c1;若没有解析域名,写ip,ip变∴最好解析域名)
-
启动服务
systemctl start memcached.service
systemctl enable memcached.service
认证服务(Identity service)
六. 部署 keystone
-
登录数据库
mysql -u root -proot
-
创建 keystone 的数据库
MariaDB [(none)]> CREATE DATABASE keystone; -
创建keystone的用户,并给权限
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ IDENTIFIED BY ‘KEYSTONE_DBPASS’;(本地登录)
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ IDENTIFIED BY ‘KEYSTONE_DBPASS’; (远程登录) -
安装 httpd、mod_wsgi
yum -y install openstack-keystone httpd mod_wsgi
编辑配置文件 /etc/keystone/keystone.conf
# cd /etc/keystone/keystone.conf
# cp keystone.conf keystone.conf.bak (备份)
配置keystone配置文件
# vim /etc/keystone/keystone.conf (全部删除)(配置文件到keystone配置文件笔记中找)
- 同步数据库导入表
su -s /bin/sh -c “keystone-manage db_sync” keystone
- 创建
在openstack环境中创建一个keystone用户
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone
创建keystone管理员服务端点keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://sheng0:35357/v3/ \ --bootstrap-internal-url http://sheng0:5000/v3/ \ --bootstrap-public-url http://sheng0:5000/v3/ \ --bootstrap-region-id RegionOne
修改http配置文件
vim /etc/httpd/conf/httpd.conf
搜索ServerName 在它下面添加 ServerName sheng0
创建链接文件(软链接)
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
重启http服务
systemctl restart httpd
systemctl enable hettpd
创建环境变量文件openrc
添加
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://sheng0:35357/v3
export OS_IDENTITY_API_VERSION=3
宣告环境变量文件
#source openrc
创建service项目
openstack project create --domain default
–description “Service Project” service
创建demo项目
openstack project create --domain default \
–description “Demo Project” demo
创建一个属于demo的用户并将用户设置为管理员
openstack user create --domain default
–password-prompt demo
创建角色user
openstack role create user
将用户角色添加到demo项目的demo用户
openstack role add --project demo --user demo user
命令
查看服务:openstack service list
查看项目:openstack project list
查看角色:openstack role list
查看用户:openstack user list
查看服务端点:openstack endpoint list
keytone配置文件
vim /etc/keystone/keystone.conf
[DEFAULT]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection =mysql+pymysql://keystone:KEYSTONE_DBPASS@sheng0/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]