https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/
按照官网安装文档,step by step
准备:配置ip和host、安装chrony的NTP
1 yum install centos-release-openstack-mitaka
说明:这步用纯净环境安装没问题,但是之前装过newton就该先yum remove newton
2 yum upgrade
说明:
(2.1)Error: Package: ceph-deploy-1.5.37-0.noarch (@ceph-noarch)
解决办法:
rm -rf /etc/yum.repos.d/ceph*
yum upgrade
yum remove ceph-deploy
yum upgrade
3 yum install python-openstackclient
4 yum install openstack-selinux
5 yum install mariadb mariadb-server python2-PyMysqL
说明:
(5.1)Error: Package: 2:postfix-2.10.1-6.el7.x86_64 (@anaconda)
解决办法:
需要解决冲突,最后达到用rpm -qa| grep mariadb-*是下面的结果
mariadb-10.1.20-1.el7.x86_64
mariadb-libs-10.1.20-1.el7.x86_64
mariadb-common-10.1.20-1.el7.x86_64
mariadb-server-10.1.20-1.el7.x86_64
mariadb-errmsg-10.1.20-1.el7.x86_64
mariadb-config-10.1.20-1.el7.x86_64
rpm -qa | grep MysqL-*是什么都没有的结果
具体操作可以手动删除rpm -e MysqL-* --nodeps
6 创建并编辑vim /etc/my.cnf.d/openstack.cnf
[MysqLd]
bind-address = 20.1.92.42
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
7 启动数据库
systemctl enable mariadb.service
systemctl start mariadb.service
(7.1)失败时,请确保/var/lib/MysqL这个目录是空,可以用rm -rf /var/lib/MysqL/*来保证
8 MysqL_secure_installation
说明:提示Enter current password for root (enter for none):直接回车,然后设置root密码,这里设置为root
9 yum install mongodb-server mongodb//不用Telemetry的话可以不做
10 systemctl enable mongod//不用Telemetry的话可以不做
11 systemctl start mongod//不用Telemetry的话可以不做
12 yum install rabbitmq-server -y
13 systemctl enable rabbitmq-server.service
14 systemctl start rabbitmq-server.service
15 rabbitmqctl add_user openstack root
16 rabbitmqctl set_permissions openstack ".*" ".*" ".*"
17 yum install memcached python-memcached -y
18 systemctl enablememcached.service
19 systemctl start memcached.service
// 认证服务安装开始
20 MysqL -u root p
输入密码root
21 create database keystone;
22 grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'root';
23 grant all privileges on keystone.* to 'keystone'@'%' identified by 'root';
24 openssl rand -hex 10
ba98e1b457341b8e07e8
25 yum install openstack-keystone httpd mod_wsgi
26 vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = ba98e1b457341b8e07e8
[database]
connection = MysqL+pyMysqL://keystone:root@controller/keystone
[token]
provider = fernet
27 su -s /bin/sh -c "keystone-manage db_sync" keystone
28 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
29 vim /etc/httpd/conf/httpd.conf
ServerName controller
30 vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost>
31 export OS_TOKEN=ba98e1b457341b8e07e8
32 export OS_URL=http://controller:35357/v3
33 export OS_IDENTITY_API_VERSION=3
34
openstack service create \
--name keystone --description "OpenStack Identity" identity
35
openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
36
openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
37
openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3
38
openstack domain create --description "Default Domain" default
39
openstack project create --domain default \
--description "Admin Project" admin
40
openstack user create --domain default \
--password-prompt admin
输入密码:admin
41
openstack role create admin
42
openstack role add --project admin --user admin admin
43
openstack project create --domain default \
--description "Service Project" service
44
openstack project create --domain default \
--description "Demo Project" demo
45
openstack user create --domain default \
--password-prompt demo
密码:demo
46
openstack role create user
47
openstack role add --project demo --user demo user
48
vim /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth
49
unset OS_TOKEN OS_URL
50
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
说明:这一步,若是有错,重新执行一遍前面的,看是不是哪一步没做
51
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
52创建admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
53创建demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
54请求令牌
//. admin-openrc
//openstack token issue
//结束认证服务安装
//开始镜像服务安装glance
55
MysqL -u root -p
密码:root
56
create database glance;
57
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'root';
58
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'root';
59
. admin-openrc
60
openstack user create --domain default --password-prompt glance
密码:root
61
openstack role add --project service --user glance admin
62
openstack service create --name glance \
--description "OpenStack Image" image
63
openstack endpoint create --region RegionOne \
image public http://controller:9292
64
openstack endpoint create --region RegionOne \
image internal http://controller:9292
65
openstack endpoint create --region RegionOne \
image admin http://controller:9292
66
yum install openstack-glance
67
编辑文件 /etc/glance/glance-api.conf
[database]
connection = MysqL+pyMysqL://glance:root@controller/glance
68
在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问:
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = root
[paste_deploy]
flavor = keystone
69
vim /etc/glance/glance-registry.conf
[database]
connection = MysqL+pyMysqL://glance:root@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = root
[paste_deploy]
flavor = keystone
70
su -s /bin/sh -c "glance-manage db_sync" glance
71
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
72
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
73
. admin-openrc
74
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
75
使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
76
openstack image list
//镜像服务安装结束
//计算服务安装开始
77
MysqL -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'root';
78
. admin-openrc
openstack user create --domain default \
--password-prompt nova
密码:root
79
openstack role add --project service --user nova admin
80
openstack service create --name nova \
--description "OpenStack Compute" compute
81
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
82
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
83
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,Metadata
[api_database]
connection = MysqL+pyMysqL://nova:root@controller/nova_api
[database]
connection = MysqL+pyMysqL://nova:root@controller/nova
[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = root
[DEFAULT]
my_ip = 20.1.92.42
[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
84
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
85
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
//完成计算服务在控制节点的安装
86
yum install openstack-nova-compute
87
vim/etc/nova/nova.conf
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = root
[DEFAULT]
my_ip = 20.1.92.45
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
88
egrep -c '(vmx|svm)' /proc/cpuinfo
89这一步可以省略,因为我们在88步返回的是8>=1
/etc/nova/nova.conf
[libvirt]
virt_type = qemu
89
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
说明:
rabbitmqctl add_user openstack root
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
90
. admin-openrc
openstack compute service list
//结束计算节点安装
//开始安装网络服务
在控制节点上
91
MysqL -u root -p
CREATE DATABASE neutron;
92
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'root';
exit
93
. admin-openrc
openstack user create --domain default --password-prompt neutron
密码:root
94
openstack role add --project service --user neutron admin
95
openstack service create --name neutron \
--description "OpenStack Networking" network
96
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
97
选择私有网络
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
98
vim/etc/neutron/neutron.conf
[database]
connection = MysqL+pyMysqL://neutron:root@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = root
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
99
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
100
vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:bond-manage
enable_vxlan = True
local_ip = 20.1.92.42
l2_population = True
101
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
102
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
103
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_Metadata = True
104
vim /etc/neutron/Metadata_agent.ini
[DEFAULT]
nova_Metadata_ip = controller
Metadata_proxy_shared_secret = root
105
vim/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root
service_Metadata_proxy = True
Metadata_proxy_shared_secret = root
106
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
107
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
108
systemctl restart openstack-nova-api.service
109
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-Metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-Metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
//完成安装配置neutron的控制节点
//开始安装配置neutron的计算节点
110
yum install openstack-neutron-linuxbridge ebtables ipset
111
vim/etc/neutron/neutron.conf
[DEFAULT]
backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = root
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
112
//选择私有网络
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:bond-manage
[vxlan]
enable_vxlan = True
local_ip = 20.1.92.45
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
113
vim/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root
114
systemctl restart openstack-nova-compute.service
115
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
116
//在控制节点上
. admin-openrc
neutron ext-list
117
//选择私有网络,在控制节点上
neutron agent-list
118
//安装dashboard
yum install openstack-dashboard
119
vim/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*',]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "TIME_ZONE"
120
systemctl restart httpd.service memcached.service
121
//验证
http://controller/dashboard
domain: default
user:admin
password:admin
122
//启动一个实例(这里用私有网络,所以一个公共网络,一个私有网络)
//创建provider网络
. admin-openrc
123
. admin-openrc
neutron net-create --shared --provider:physical_network provider \
--provider:network_type flat provider
124
neutron subnet-create --name provider \
--dns-nameserver 220.189.127.106--gateway 172.17.92.1 \
provider 172.17.92.0/24 --enable_dhcp=False
125//创建自服务网络
. demo-openrc
neutron net-create selfservice
126//创建子网
neutron subnet-create --name selfservice \
--dns-nameserver 220.189.127.106 --gateway 10.2.1.1\
selfservice 10.2.1.0/24
127
neutron net-update provider --router:external
. demo-openrc
neutron router-create router
neutron router-interface-add router selfservice
//用neutron router-port-list router得到subnet_id然后执行下面命令,设置静态ip
neutron router-gateway-set router provider--fixed-ip subnet_id=ea81edf5-0d7b-4bbc-8fd3-84b905a75bb6,ip_address=172.16.92.4
128
. admin-openrc
ip netns //因为禁用了provider的dhcp,所以现在只有两个
neutron router-port-list router
ping 172.16.92.4 -c 4