centos7.3安装openstack-mitaka

前端之家收集整理的这篇文章主要介绍了centos7.3安装openstack-mitaka前端之家小编觉得挺不错的,现在分享给大家,也给大家做个参考。

https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/

按照官网安装文档,step by step


准备:配置ip和host、安装chrony的NTP


1 yum install centos-release-openstack-mitaka

说明:这步用纯净环境安装没问题,但是之前装过newton就该先yum remove newton

2 yum upgrade

说明:

(2.1)Error: Package: ceph-deploy-1.5.37-0.noarch (@ceph-noarch)

解决办法:

rm -rf /etc/yum.repos.d/ceph*

yum upgrade

yum remove ceph-deploy

yum upgrade

3 yum install python-openstackclient

4 yum install openstack-selinux

5 yum install mariadb mariadb-server python2-PyMysqL

说明:

(5.1)Error: Package: 2:postfix-2.10.1-6.el7.x86_64 (@anaconda)

解决办法:

需要解决冲突,最后达到用rpm -qa| grep mariadb-*是下面的结果

mariadb-10.1.20-1.el7.x86_64
mariadb-libs-10.1.20-1.el7.x86_64
mariadb-common-10.1.20-1.el7.x86_64
mariadb-server-10.1.20-1.el7.x86_64
mariadb-errmsg-10.1.20-1.el7.x86_64
mariadb-config-10.1.20-1.el7.x86_64

rpm -qa | grep MysqL-*是什么都没有的结果
具体操作可以手动删除rpm -e MysqL-* --nodeps

6 创建并编辑vim /etc/my.cnf.d/openstack.cnf

[MysqLd]
bind-address = 20.1.92.42
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

7 启动数据库

systemctl enable mariadb.service

systemctl start mariadb.service

(7.1)失败时,请确保/var/lib/MysqL这个目录是空,可以用rm -rf /var/lib/MysqL/*来保证

8 MysqL_secure_installation

说明:提示Enter current password for root (enter for none):直接回车,然后设置root密码,这里设置为root

9 yum install mongodb-server mongodb//不用Telemetry的话可以不做

10 systemctl enable mongod//不用Telemetry的话可以不做

11 systemctl start mongod//不用Telemetry的话可以不做

12 yum install rabbitmq-server -y

13 systemctl enable rabbitmq-server.service

14 systemctl start rabbitmq-server.service

15 rabbitmqctl add_user openstack root

16 rabbitmqctl set_permissions openstack ".*" ".*" ".*"

17 yum install memcached python-memcached -y

18 systemctl enablememcached.service

19 systemctl start memcached.service

// 认证服务安装开始

20 MysqL -u root p

输入密码root

21 create database keystone;

22 grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'root';

23 grant all privileges on keystone.* to 'keystone'@'%' identified by 'root';

24 openssl rand -hex 10

ba98e1b457341b8e07e8

25 yum install openstack-keystone httpd mod_wsgi

26 vim /etc/keystone/keystone.conf

[DEFAULT]

admin_token = ba98e1b457341b8e07e8

[database]

connection = MysqL+pyMysqL://keystone:root@controller/keystone

[token]

provider = fernet

27 su -s /bin/sh -c "keystone-manage db_sync" keystone

28 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

29 vim /etc/httpd/conf/httpd.conf

ServerName controller

30 vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
31 export OS_TOKEN=ba98e1b457341b8e07e8
32 export OS_URL=http://controller:35357/v3
33 export OS_IDENTITY_API_VERSION=3
34 
openstack service create \
 --name keystone --description "OpenStack Identity" identity
35 
openstack endpoint create --region RegionOne \
 identity public http://controller:5000/v3
36
openstack endpoint create --region RegionOne \
 identity internal http://controller:5000/v3
37
openstack endpoint create --region RegionOne \
 identity admin http://controller:35357/v3
38
openstack domain create --description "Default Domain" default
39
openstack project create --domain default \
 --description "Admin Project" admin
40
openstack user create --domain default \
 --password-prompt admin
输入密码:admin
41
openstack role create admin
42
openstack role add --project admin --user admin admin
43
openstack project create --domain default \
 --description "Service Project" service
44
openstack project create --domain default \
 --description "Demo Project" demo
45
openstack user create --domain default \
 --password-prompt demo
密码:demo
46
openstack role create user
47
openstack role add --project demo --user demo user
48
vim /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth
49
unset OS_TOKEN OS_URL
50

openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue

说明:这一步,若是有错,重新执行一遍前面的,看是不是哪一步没做

51

openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue

52创建admin-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

53创建demo-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

54请求令牌

//. admin-openrc

//openstack token issue

//结束认证服务安装

//开始镜像服务安装glance

55

MysqL -u root -p

密码:root

56

create database glance;

57

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'root';

58

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'root';

59

. admin-openrc

60

openstack user create --domain default --password-prompt glance

密码:root

61

openstack role add --project service --user glance admin

62

openstack service create --name glance \
--description "OpenStack Image" image

63

openstack endpoint create --region RegionOne \
image public http://controller:9292

64

openstack endpoint create --region RegionOne \
image internal http://controller:9292

65

openstack endpoint create --region RegionOne \
image admin http://controller:9292

66

yum install openstack-glance

67

编辑文件 /etc/glance/glance-api.conf

[database]
connection = MysqL+pyMysqL://glance:root@controller/glance

68

在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = root
[paste_deploy]
flavor = keystone

69

vim /etc/glance/glance-registry.conf

[database]
connection = MysqL+pyMysqL://glance:root@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = root

[paste_deploy]
flavor = keystone

70

su -s /bin/sh -c "glance-manage db_sync" glance

71

systemctl enable openstack-glance-api.service \
openstack-glance-registry.service

72

systemctl start openstack-glance-api.service \
openstack-glance-registry.service

73

. admin-openrc

74

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

75

使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它

openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public

76

openstack image list

//镜像服务安装结束

//计算服务安装开始

77

MysqL -u root -p

CREATE DATABASE nova_api;
CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'root';

78

. admin-openrc

openstack user create --domain default \
--password-prompt nova

密码:root

79

openstack role add --project service --user nova admin

80

openstack service create --name nova \
--description "OpenStack Compute" compute

81

openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s

82

yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler

83

vim /etc/nova/nova.conf

[DEFAULT]
enabled_apis = osapi_compute,Metadata

[api_database]
connection = MysqL+pyMysqL://nova:root@controller/nova_api
[database]
connection = MysqL+pyMysqL://nova:root@controller/nova

[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = root

[DEFAULT]
my_ip = 20.1.92.42

[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

84

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage db sync" nova

85

systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

//完成计算服务在控制节点的安装

86

yum install openstack-nova-compute

87

vim/etc/nova/nova.conf

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = root

[DEFAULT]
my_ip = 20.1.92.45

use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

88

egrep -c '(vmx|svm)' /proc/cpuinfo

89这一步可以省略,因为我们在88步返回的是8>=1

/etc/nova/nova.conf

[libvirt]
virt_type = qemu

89

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

说明:

遇到口令错误登录不上的问题

rabbitmqctl add_user openstack root

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

90

. admin-openrc

openstack compute service list

//结束计算节点安装

//开始安装网络服务

在控制节点上

91

MysqL -u root -p

CREATE DATABASE neutron;

92

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'root';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'root';

exit

93

. admin-openrc

openstack user create --domain default --password-prompt neutron

密码:root

94

openstack role add --project service --user neutron admin

95

openstack service create --name neutron \
--description "OpenStack Networking" network

96

openstack endpoint create --region RegionOne \
network public http://controller:9696

openstack endpoint create --region RegionOne \
network internal http://controller:9696

openstack endpoint create --region RegionOne \
network admin http://controller:9696

97

选择私有网络

yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables

98

vim/etc/neutron/neutron.conf

[database]
connection = MysqL+pyMysqL://neutron:root@controller/neutron

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = root

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

99

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True

100

vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:bond-manage

enable_vxlan = True
local_ip = 20.1.92.42
l2_population = True

101

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

102

vim /etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =

103

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_Metadata = True

104

vim /etc/neutron/Metadata_agent.ini

[DEFAULT]
nova_Metadata_ip = controller
Metadata_proxy_shared_secret = root

105

vim/etc/nova/nova.conf

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root
service_Metadata_proxy = True
Metadata_proxy_shared_secret = root

106

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

107

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

108

systemctl restart openstack-nova-api.service

109

systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-Metadata-agent.service

systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-Metadata-agent.service

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service

//完成安装配置neutron的控制节点

//开始安装配置neutron的计算节点

110

yum install openstack-neutron-linuxbridge ebtables ipset

111

vim/etc/neutron/neutron.conf

[DEFAULT]
backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = root

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

112

//选择私有网络

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:bond-manage

[vxlan]
enable_vxlan = True
local_ip = 20.1.92.45
l2_population = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

113

vim/etc/nova/nova.conf

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root

114

systemctl restart openstack-nova-compute.service

115

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

116

//在控制节点上

. admin-openrc

neutron ext-list

117

//选择私有网络,在控制节点上

neutron agent-list

118

//安装dashboard

yum install openstack-dashboard

119

vim/etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*',]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}

TIME_ZONE = "TIME_ZONE"

120

systemctl restart httpd.service memcached.service

121

//验证

http://controller/dashboard

domain: default

user:admin

password:admin


122

//启动一个实例(这里用私有网络,所以一个公共网络,一个私有网络)

//创建provider网络

. admin-openrc

123
. admin-openrc
neutron net-create --shared --provider:physical_network provider \
--provider:network_type flat provider

124

neutron subnet-create --name provider \
--dns-nameserver 220.189.127.106--gateway 172.17.92.1 \
provider 172.17.92.0/24 --enable_dhcp=False

125//创建自服务网络

. demo-openrc

neutron net-create selfservice

126//创建子网

neutron subnet-create --name selfservice \
--dns-nameserver 220.189.127.106 --gateway 10.2.1.1\
selfservice 10.2.1.0/24

127

neutron net-update provider --router:external

. demo-openrc

neutron router-create router

neutron router-interface-add router selfservice

//用neutron router-port-list router得到subnet_id然后执行下面命令,设置静态ip

neutron router-gateway-set router provider--fixed-ip subnet_id=ea81edf5-0d7b-4bbc-8fd3-84b905a75bb6,ip_address=172.16.92.4

128

. admin-openrc

ip netns //因为禁用了provider的dhcp,所以现在只有两个

neutron router-port-list router

ping 172.16.92.4 -c 4

猜你在找的CentOS相关文章