Openstack实验文档
一、base节点
1.1配置网络
vim /etc/sysconfig/network-scripts/ifcfg-eth0
1.2关闭防火墙和selinux
systemctl stop firewalld
systemctl disabled firewalld
vim /etc/sysconfig/selinux ---------------------------将enforcing改为disabled
1.3搭建时间同步服务器
vim /etc/chrony.conf
server ip地址 ##服务器地址
local stratum 10 ##取消注释
allow 网段地址 ##允许的网段
systemctl restart chronyd ##重启服务
systemctl enable chronyd ##自启服务
1.4搭建DNS服务
yum -y install bind ##安装软件
vim /etc/named.conf ##修改配置文件
options {
listen-on port 53 { any; };
directory "/var/named";
allow-query { any; };
};
zone "." IN {
type hint;
file "named.ca";
};
zone "xiaoai.edu" IN {
type master;
file "xiaoai.db";
};
zone "16.172.in-addr.arpa" IN {
type master;
file "db.xiaoai";
vim /var/named/xiaoai.db ##编辑正解配置文件
$TTL 3H
@ IN SOA dns1.xiaoai.edu. root.blue.edu. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xiaoai.edu.
dns1 IN A 172.16.4.100
base IN A 172.16.4.100
ctrl IN A 172.16.4.101
com1 IN A 172.16.4.102
com2 IN A 172.16.4.103
cin1 IN A 172.16.4.104
cin2 IN A 172.16.4.105
swift1 IN A 172.16.4.106
swift2 IN A 172.16.4.107
vim /var/named/db.xiaoai ##编辑反解配置文件
$TTL 3H
@ IN SOA dns1.xiaoai.edu. root.xiaoai.edu. (
0 ; serial
1D ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
@ IN NS dns1.xiaoai.edu.
100.4 IN PTR dns1.xiaoai.edu.
100.4 IN PTR base.xiaoai.edu.
101.4 IN PTR ctrl.xiaoai.edu.
102.4 IN PTR com1.xiaoai.edu.
103.4 IN PTR com2.xiaoai.edu.
104.4 IN PTR cin1.xiaoai.edu.
105.4 IN PTR cin2.xiaoai.edu.
106.4 IN PTR swift1.xiaoai.edu.
107.4 IN PTR swift2.xiaoai.edu.
systemctl enable named ##自启服务
systemctl restart named ##重启服务
nslookuo base.xiaoai.edu ##解析下
1.5数据库
yum -y install mariadb mariadb-server python2-PyMySQL
systemctl restart mariadb.service
systemctl enable mariadb.service
mysql_secure_installation ##初始化数据库
mysql -uroot -p123 ##登陆数据库
select user,host from mysql.user;
vim /etc/my.cnf.d/openstack.cnf ##修改环境
[mysqld]
bind-address = 172.16.3.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
1.6rabbitmq搭建
yum install rabbitmq-server -y
systemctl start rabbitmq-server
systemctl enable rabbitmq-server
netstat -lantu |grep 5672
rabbitmqctl change_password guest guest ##修改密码
rabbitmq-plugins enable rabbitmq_management ##自启服务
systemctl restart rabbitmq-server ##重启服务
netstat -lantu |grep 15672
登陆 ip:15672 验证(guest guest)
1.7memcached搭建
yum install memcached python-memcached -y
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller" ##修改内容
systemctl enable memcached.service
systemctl start memcached.service
keystone数据库创建
mysql -uroot -p123
CREATE DATABASE keystone; ##创建Keystone数据库
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
##创建keystone用户,密码为KEYSTONE_DBPASS,并授权访问keystone数据库
Glance数据库创建
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
Nova数据库创建
CREATE DATABASE nova_api;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;
Cinder数据库创建
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
SHOW DATABASES;
二、ctrl节点
2.1必要的软件安装
yum -y install python-openstackclient ##python软件包安装
yum -y install openstack-selinux ##python模块安装
yum -y install openstack-keystone httpd mod_wsgi
2.2和数据库做关联
vim /etc/keystone/keystone.conf ##通过密码访问base节点keystone的数据库,做keystone组件与数据库的连接,token采用的加密方式 fernet
[database]
Connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@base.blue.edu/keystone
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone ##同步数据
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
##给keystone用户以及所在的组进行加密
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
##给keystone用户配置凭证
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://ctrl.blue.edu:35357/v3/ \
--bootstrap-internal-url http://ctrl.blue.edu:5000/v3/ \
--bootstrap-public-url http://ctrl.blue.edu:5000/v3/ \
--bootstrap-region-id RegionOne
##给keystone声明访问点设置通道,密码为ADMIN_PASS
2.3给keystone 提供http服务
vim /etc/httpd/conf/httpd.conf
serverName ctrl.xiaoai.edu
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
##软连接建立,当每个组件做认证注册时,默认的token+URL以HTTP服务形式访问
2.4声明环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://ctrl.blue.edu:35357/v3
export OS_IDENTITY_API_VERSION=3
2.5openstack环境的设置
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user
##创建用户密码,创建角色,给demo项目下的用户赋予user角色;在default域下创建service项目非管理员任务应用非特权项目和用户。在defalut域下创建Demo项目创建demo用户密码DEMO_PASS;创建user角色将User角色添加到demo项目和demo用户
2.6编辑openstack配置文件
cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.ds.bak
vim /etc/keystone/keystone-paste.ini
[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service
[pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service
[pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3
##删除多的功能模块:admin_token_auth
2.7取消密码方式的登陆的环境变量
unset OS_AUTH_URL OS_PASSWORD
##改为token的方式
2.8获取admin的token
openstack --os-auth-url http://ctrl.blue.edu:35357/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name admin \
--os-username admin token issue
ADMIN_PASS
2.9获取demo的token
openstack --os-auth-url http://ctrl.blue.edu:5000/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name demo \
--os-username demo token issue
DEMO_PASS
2.10生成管理员获取token脚本
vim ~/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://ctrl.blue.edu:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.11普通用户获取token脚本
Vim ~/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://ctrl.blue.edu:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.12执行脚本获取token
.admin-openrc
openstack token issue
.demo-openrc
openstack token issue
crtl节点glance配置
3.1执行脚本
.admin-openrc
3.2创建
openstack user create --domain default --password GLANCE_PASS glance
openstackc rloe add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://ctrl.blue.edu:9292
openstack endpoint create --region RegionOne image internal http://ctrl.blue.edu:9292
openstack endpoint create --region RegionOne image admin http://ctrl.blue.edu:9292
##创建一个GLANCE用户密码GLANCE_PASS;授予glance admin权限;创建glance服务;基于服务注册endpoint的3种通道
3.3安装glance服务
yum -y install openstack-glance
3.4配置文件编辑
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@base.xiaoai.edu/glance
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
##api:配置与数据库的连接;与keystone认证,设置IP路径 admin管理员用户 uri 组件用户url
采用密码认证;验证GLance用户名密码;配置用户名和密码;pate_deploy;flavor:实例类型为keystone;glance_store:设置存储方式,存储路径
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@base.xiaoai.edu/glance
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste-deploy]
flavor= keystone
##配置与数据库的连接;与keystone认证,设置IP路径 admin管理员用户 uri 组间用户url
采用密码认证;验证GLance用户名密码;配置用户名和密码;设置实例类型
3.5数据库同步
su -s /bin/sh -c "glance-manage db_sync" glance
3.6启动服务
systemctl restart openstack-glance-api.service
systemctl enalbe openstack-glance-api.service
systemctl restart openstack-glance-registry.server
systemctl enalbe openstack-glance-registry.server
3.6启动环境
. admin-openrc
3.7下载镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86-disk.img
3.8上传镜像
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
3.9查看镜像
openstack image list
Ctrl节点 Nova节点搭建
4.1环境变量
. admin-openrc
4.2设置
openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://ctrl.blue.edu:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://ctrl.blue.edu:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://ctrl.blue.edu:8774/v2.1
openstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://ctrl.blue.edu:8778
openstack endpoint create --region RegionOne placement internal http://ctrl.blue.edu:8778
openstack endpoint create --region RegionOne placement admin http://ctrl.blue.edu:8778
4.3安装软件
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
4.4编辑配置文件
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@base.xiaoai.edu/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@base.xiaoai.edu/nova
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@base.xiaoai.edu
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 172.16.4.102
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://ctrl.xiaoai.edu:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ctrl.xiaoai.edu:35357/v3
username = placement
password = PLACEMENT_PASS
4.5协调文件
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
4.6生成数据库表格
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
4.7验证
nova-manage cell_v2 list_cells
4.8重启服务
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
三、Compute节点 Nova-compute节点
5.1安装虚拟化软件
yum -y install qemu-kvm* virt-* libvirt*
5.2安装O版OpenStack
yum -y install centos-release-openstack-ocata
5.3安装o版本openstack
yum -y install openstack-nova-compute
5.4编辑nova配置文件
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@base.blue.edu
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.blue.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 172.16.3.12
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://ctrl.xiaoai.edu:6080/vnc_auto.html
[glance]
api_servers = http://ctrl.xiaoai.edu:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://ctrl.xiaoai.edu:35357/v3
username = placement
password = PLACEMENT_PASS
[libvirt]
virt_type = qemu
5.5查询CPU是否正常开启
grep -c '(vmx|svm)' /proc/cpuinfo
5.6重启服务
systemctl restart libvirtd
systemctl enable libvirtd
systemctl restart openstack-nova-compute.service
systemctl enable openstack-nova-compute.service
5.7返回ctrl节点验证
. admin-openrc
openstack hypervisor list
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
openstack compute service list
openstack catalog list
openstack image list
##运行环境;查看虚拟化层列表;同步到数据库发现的主机;查看计算服务列表;列出Identity(实体)服务中的API端点,以验证与Idientity(实体)服务的连接;查看镜像服务中的镜像,以验证与镜像服务的连接
Ctrl节点 Cinder搭建
6.1运行环境
. admin-openrc
6.2设置
openstack user create --domain default --password CINDER_PASS cinder
openstack role add --project service --user cinder admin
openstack service create --name cinder --description "OpenStack Black Storage" volume
openstack service create --name cinderv2 --description "OpenStack Black Storage" volumev2
openstack endpoint create--region RegionOne volume public http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s
openstack endpoint create--region RegionOne volume admin http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s
openstack endpoint create--region RegionOne volume internal http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s
6.3安装软件
yum -y install openstack-cinder
6.4编辑配置文件
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@base.xiaoai.edu/cinder
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@base.xiaoai.edu
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[DEFALUT]
my_ip = 172.16.4.101
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
6.5同步数据库
su -s /bin/sh -c "cinder-manage db sync" cinder
##共34张表格
6.6编辑配置文件
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
##在nova指明cinder的位置
6.7重启nova
systemctl restart openstack-nova-api.service
6.8重启cinder
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
6.9运行环境
. admin-openrc
6.10查看状态
cinder service list
openstack volume service list
四、cinder节点cinder搭建
7.1主机名
Cin1
7.2安装软件
yum -y install lvm2
7.3启动软件
systemctl restart lvm2-lvmetad.service
systemctl enable lvm2-lvmetad.service
7.4制作lvm格式磁盘
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb
7.5更改配置文件
vim /etc/lvm/lvm.conf ##50行
devices {
filter = [ "a/vda/", "a/vdb/", "r/.*/"]
7.6安装软件
yum -y install openstack-cinder targetcli python-keystone
7.7编辑配置文件
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@base.xiaoai.edu/cinder
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@base.xiaoai.edu
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://ctrl.xiaoai.edu:5000
auth_url = http://ctrl.xiaoai.edu:35357
memcached_servers = base.xiaoai.edu:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[DEFALUT]
my_ip = 172.16.4.104
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[DEFAULT]
enabled_backends = lvm
[DEFAULT]
glance_api_servers = http://ctrl.xiaoai.edu:9292
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
7.8重启服务
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service
来源:https://www.cnblogs.com/ybc823/p/11221086.html