Openstack-Queens详细安装教程

1、Openstack-Queens详细安装教程NASAApache1301350、（Infrastructure as a ），基础设施即服务。InternetInternet8CPU5T、是的缩写，开发平台即服务。 把服务器平台作为种服务提 供的商业模式。、是的缩写，软件即服务。、版本发布以 A-Z字母顺序来发布，很好记。: Austin Bexar Cactus Diablo Essex Folsom Grizzly 发布 Havana Icehouse、查看下现在的最新版本/Rocky、核组件主要有Keystone（份认证）（计算）（络）Glance（镜像存储）（块存储）Swift（对象存

2、储）web UI界）（计量）（部署编排）（数据库）: 3A(Authentication)，验证户的份不可使的络服务；(Authorization)：依据认证结果开放络服务给户；(Accounting)：记录户对各种络服务的量，并提供给计费系统。整个系统在络管理与安全问题中分有效。3ANovaNovaNova Xen、ipCinder， HDFS1000TCinder。web/openstack、实验环境操作系统IP 地址内存 内核 主机名Centos7.4 minimal 64位系统 2 6G 4核 node1Centos7.4 minimal 64位系统 4 6G 4核 node2、增加域

3、名解析（控制和计算节点）vim /etc/hosts2 node14 node2scp /etc/hosts 4:/etc/hosts三、关闭 firewalld和selinux（控制和计算节点）systemctl stop firewalldsystemctl disable firewalldvim /etc/sysconfig/selinuxSELINUX=disabled四、准备 yum源（控制和计算节点）、修改 源cd /etc/yum.repos.d/mv * /opt/mv /opt/CentOS-Base.repo /etc/yum.repos.d/vim CentOS-Bas

4、e.repobasename=CentOS-$releasever - Base#mirrorlist=/?release=$releasever&arch=$basearch&repo=os&infra=$infra#baseurl=/centos/$releasever/os/$basearch/baseurl=/7.4.1708/os/x86_64/gpgcheck=0gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7#released updatesupdatesname=CentOS-$releasever - Updates#mirr

5、orlist=/?release=$releasever&arch=$basearch&repo=updates&infra=$infra#baseurl=/centos/$releasever/updates/$basearch/baseurl=/7.4.1708/updates/x86_64/gpgcheck=0gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7#additional packages that may be usefulextrasname=CentOS-$releasever - Extras#mirrorlist=/?r

6、elease=$releasever&arch=$basearch&repo=extras&infra=$infra#baseurl=/centos/$releasever/extras/$basearch/baseurl=/7.4.1708/extras/x86_64/gpgcheck=0gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7#additional packages that extend functionality of existing packagescentosplusname=CentOS-$releasever - Pl

7、us#mirrorlist=/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra#baseurl=/centos/$releasever/centosplus/$basearch/baseurl=/7.4.1708/centosplus/x86_64/gpgcheck=0enabled=0gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7、修改 配置件vim /etc/yum.confkeepcache=1五、安装 chrony服务、控制节点安装yum clean al

8、lyum -y install chronyvim /etc/chrony.conf（添加）server node1 iburstallow ./24systemctl start chronydsystemctl enable chronyd、计算节点安装yum clean allyum -y install chronyvim /etc/chrony.conf（添加）server node1 iburstsystemctl start chronydsystemctl enable chronyd六、安装 openstack客户端（控制和计算节点）yum -y install centos

9、-release-openstack-queens、修改 源（否则法继续下步安装，会报错）vim /etc/yum.repos.d/CentOS-Ceph-Luminous.repo（修改红部分）centos-ceph-luminousname=CentOS-$releasever - Ceph Luminous#baseurl=/centos/$releasever/storage/$basearch/ceph-luminous/baseurl=/7.4.1708/storage/x86_64/ceph-luminous/gpgcheck=0enabled=1gpgkey=file:/etc

10、/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storagevim /etc/yum.repos.d/CentOS-OpenStack-queens.repo（修改红部分）centos-openstack-queensname=CentOS-7 - OpenStack queens#baseurl=/centos/7/cloud/$basearch/openstack-queens/baseurl=/7.4.1708/cloud/x86_64/openstack-queens/gpgcheck=0enabled=1gpgkey=file:/etc/pki/rpm-gp

11、g/RPM-GPG-KEY-CentOS-SIG-Cloudexclude=sip,PyQt4vim /etc/yum.repos.d/CentOS-QEMU-EV.repo（修改红部分）centos-qemu-evname=CentOS-$releasever - QEMU EV#baseurl=/centos/$releasever/virt/$basearch/kvm-common/baseurl=/7.4.1708/virt/x86_64/kvm-common/gpgcheck=0enabled=1gpgkey=file:/etc/pki/rpm-gpg/RPM-GPG-KEY-Cen

12、tOS-SIG-Virtualization、安装 客户端yum -y install python-openstackclient、安装 openstack-selinuxyum -y install openstack-selinux七、安装数据库（控制节点）yum -y install mariadb mariadb-server python2-PyMySQL、创建并编辑配置件vim /etc/f.d/fmysqldbind-address = 2default-storage-engine = innodbinnodb_file_per_table = onmax_connectio

13、ns = 4096collation-server = utf8_general_cicharacter-set-server = utf8、启动并开机启systemctl start mariadbsystemctl enable mariadb、为数据库设置密码（我设置的 ）mysql_secure_installationNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDBSERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!In orde

14、r to log into MariaDB to secure it, well need the currentpassword for the root user. If youve just installed MariaDB, andyou havent set the root password yet, the password will be blank,so you should just press enter here.Enter current password for root (enter for none): #直接回车OK, successfully used p

15、assword, moving on.Setting the root password ensures that nobody can log into the MariaDBroot user without the proper authorisation.Set root password? Y/n yNew password: #123456Re-enter new password:Password updated successfully!Reloading privilege tables. Success!By default, a MariaDB installation

16、has an anonymous user, allowing anyoneto log into MariaDB without having to have a user account created forthem. This is intended only for testing, and to make the installationgo a bit smoother. You should remove them before moving into aproduction environment.Remove anonymous users? Y/n y. Success!

17、Normally, root should only be allowed to connect from localhost. Thisensures that someone cannot guess at the root password from the network.Disallow root login remotely? Y/n y. Success!By default, MariaDB comes with a database named test that anyone canaccess. This is also intended only for testing

18、, and should be removedbefore moving into a production environment.Remove test database and access to it? Y/n y- Dropping test database. Success!- Removing privileges on test database. Success!Reloading the privilege tables will ensure that all changes made so farwill take effect immediately.Reload

19、privilege tables now? Y/n y. Success!Cleaning up.All done! If youve completed all of the above steps, your MariaDBinstallation should now be secure.Thanks for using MariaDB!、安装消息队列（控制节点）yum -y install rabbitmq-server、启动并开机启systemctl start rabbitmq-serversystemctl enable rabbitmq-server、创建户和密码rabbitm

20、qctl add_user openstack openstackCreating user openstack .、授权rabbitmqctl set_permissions -p / openstack .* .* .*Setting permissions for user openstack in vhost / .、设置rabbitmqctl set_user_tags openstack administratorSetting tags for user openstack to administrator .、启 插件rabbitmq-plugins enable rabbit

21、mq_managementThe following plugins have been enabled:mochiwebwebmachinerabbitmq_web_dispatchamqp_clientrabbitmq_management_agentrabbitmq_managementApplying plugin configuration to rabbitnode1. started 6 plugins.、访问 （使 户）2:15672九、安装 memcached服务（控制节点）yum -y install memcached python-memcached、修改配置件vim

22、/etc/sysconfig/memcachedOPTIONS=-l ,:1,node1、启动并开机启systemctl start memcachedsystemctl enable memcached、安装 etcd服务（控制节点）yum -y install etcd、修改配置件vim /etc/etcd/etcd.conf#Member#ETCD_CORS=ETCD_DATA_DIR=/var/lib/etcd/default.etcd#ETCD_WAL_DIR=ETCD_LISTEN_PEER_URLS=http:/localhost:2380ETCD_LISTEN_CLIENT_U

23、RLS=http:/localhost:2379#ETCD_MAX_SNAPSHOTS=5#ETCD_MAX_WALS=5ETCD_NAME=node1#ETCD_SNAPSHOT_COUNT=100000#ETCD_HEARTBEAT_INTERVAL=100#ETCD_ELECTION_TIMEOUT=1000#ETCD_QUOTA_BACKEND_BYTES=0#ETCD_MAX_REQUEST_BYTES=1572864#ETCD_GRPC_KEEPALIVE_MIN_TIME=5s#ETCD_GRPC_KEEPALIVE_INTERVAL=2h0m0s#ETCD_GRPC_KEEPA

24、LIVE_TIMEOUT=20s#ClusteringETCD_INITIAL_ADVERTISE_PEER_URLS=http:/localhost:2380ETCD_ADVERTISE_CLIENT_URLS=http:/localhost:2379#ETCD_DISCOVERY=#ETCD_DISCOVERY_FALLBACK=proxy#ETCD_DISCOVERY_PROXY=#ETCD_DISCOVERY_SRV=ETCD_INITIAL_CLUSTER=default=http:/localhost:2380ETCD_INITIAL_CLUSTER_TOKEN=etcd-clus

25、ter-01ETCD_INITIAL_CLUSTER_STATE=new#ETCD_STRICT_RECONFIG_CHECK=true#ETCD_ENABLE_V2=true、启动并开机启systemctl start etcdsystemctl enable etcd、安装 keystone认证服务（控制节点）、创建并设置 的数据库mysql -u root -p123456MariaDB (none) CREATE DATABASE keystone;MariaDB (none) GRANT ALL PRIVILEGES ON keystone.* TO keystonelocalhos

26、t IDENTIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON keystone.* TO keystone% IDENTIFIED BY 123456;、安装 服务yum -y install openstack-keystone httpd mod_wsgi、修改配置件vim /etc/keystone/keystone.confdatabaseconnection = mysql+pymysql:/keystone:123456node1/keystonetokenprovider = fernet、导 数据库表结构su -s

27、/bin/sh -c keystone-manage db_sync keystone、初始化keystone-manage fernet_setup -keystone-user keystone -keystone-group keystonekeystone-manage credential_setup -keystone-user keystone -keystone-group keystone、引导认证服务keystone-manage bootstrap -bootstrap-password 123456 -bootstrap-admin-url http:/node1:35

28、357/v3/ -bootstrap-internal-url http:/node1:5000/v3/ -bootstrap-public-url http:/node1:5000/v3/ -bootstrap-region-id RegionOne、配置 服务vim /etc/httpd/conf/httpd.confServerName node1、创建配置件链接件ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/、启动并开机启systemctl start httpdsystemctl enable httpd

29、、创建相关域、项、户和export OS_USERNAME=adminexport OS_PASSWORD=123456export OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http:/node1:35357/v3export OS_IDENTITY_API_VERSION=3 openstack domain create -description An Example Domain example+-+-+|

30、Field| Value|+-+-+| description | An Example Domain| enabled | True| id| 557282312d1a4c0183eb145fb897c99f | example| | name| tags|+-+-+ openstack project create -domain default -description Service Project service+-+-+| Field| Value|+-+-+| description | Service Project| domain_id | default| enabled

31、| True| id| is_domain | False| name | service| parent_id | default| tags | | 289d416dbeca43eeb3b0cc573f9a764a |+-+-+ openstack project create -domain default -description Demo Project demo+-+-+| Field| Value|+-+-+| description | Demo Project| domain_id | default| enabled | True| id| is_domain | Fals

32、e| name | demo| parent_id | default| tags | | dfd4939227d544e3b022e22b91bf585a |+-+-+ ）openstack user create -domain default -password-prompt demoUser Password:Repeat User Password:+-+-+| Field| Value|+-+-+| domain_id| enabled| id| default| True| 822527c63e6740d49d136a63af470bf8 | name| demo| | opti

33、ons| password_expires_at | None|+-+-+ openstack role create user+-+-+| Field | Value+-+-+| domain_id | None| id| e3a7a7a689534a90aa48cf7e6c506ed4 | user| name|+-+-+ openstack role add -project demo -user demo user、验证unset OS_AUTH_URL OS_PASSWORD ）openstack -os-auth-url http:/node1:35357/v3 -os-proje

34、ct-domain-name Default -os-user-domain-name Default -os-project-name admin -os-username admin token issue ）openstack -os-auth-url http:/node1:35357/v3 -os-project-domain-name Default -os-user-domain-name Default -os-project-name demo -os-username demo token issue、创建环境变量脚本 vim admin-openrcexport OS_P

35、ROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123456export OS_AUTH_URL=http:/node1:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2 vim demo-openrcexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_U

36、SER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=123456export OS_AUTH_URL=http:/node1:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2. admin-openrcopenstack token issue. demo-openrcopenstack token issue、安装 glance镜像服务（控制节点）、创建并设置 的数据库mys

37、ql -u root -p123456MariaDB (none) CREATE DATABASE glance;MariaDB (none) GRANT ALL PRIVILEGES ON glance.* TO glancelocalhost IDENTIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON glance.* TO glance% IDENTIFIED BY 123456;、创建 镜像服务的 相关认证信息 . admin-openrc ）openstack user create -domain default -pas

38、sword-prompt glanceUser Password:Repeat User Password:+-+-+| Field| Value|+-+-+| domain_id| enabled| id| default| True| 736c8a2d11e04d13aad667a4f5987d1c | name| glance| | options| password_expires_at | None+-+-+| openstack role add -project service -user glance admin openstack service create -name g

39、lance -description OpenStack Image image+-+-+| Field| Value|+-+-+| description | OpenStack Image| enabled | True| id| 785ad98df075454186c64765d1decb40 | name| type| glance| image|+-+-+ openstack endpoint create -region RegionOne image public http:/node1:9292+-+-+| Field| Value|+-+-+| enabled| id| Tr

40、ue| 7c0b5905329749a5af75994ac467b2b9 | interface | public| region| RegionOne| region_id | RegionOne| service_id | 785ad98df075454186c64765d1decb40 | service_name | glance| service_type | image| url| http:/node1:9292|+-+-+openstack endpoint create -region RegionOne image internal http:/node1:9292+-+-

41、+| Field| Value|+-+-+| enabled| id| True| d70646b73bfb42b79303407c7f70e0bf | interface | internal| region| RegionOne| region_id | RegionOne| service_id | 785ad98df075454186c64765d1decb40 | service_name | glance| service_type | image| url| http:/node1:9292|+-+-+openstack endpoint create -region Regio

42、nOne image admin http:/node1:9292+-+-+| Field| Value|+-+-+| enabled| id| True| f53c25dc10a9494cb0fd215d2e227b55 | interface | admin| region| RegionOne| region_id | RegionOne| service_id | 785ad98df075454186c64765d1decb40 | service_name | glance| service_type | image| url| http:/node1:9292|+-+-+、安装 服

43、务yum -y install openstack-glance、修改配置件vim /etc/glance/glance-api.confdatabaseconnection = mysql+pymysql:/glance:123456node1/glancekeystone_authtokenauth_uri = http:/node1:5000auth_url = http:/node1:5000memcached_servers = node1:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name =

44、 Defaultproject_name = serviceusername = glancepassword = 123456paste_deployflavor = keystoneglance_storestores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/、修改配置件vim /etc/glance/glance-registry.confdatabaseconnection = mysql+pymysql:/glance:123456node1/glancekeys

45、tone_authtokenauth_uri = http:/node1:5000auth_url = http:/node1:5000memcached_servers = node1:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = glancepassword = 123456paste_deployflavor = keystone、同步数据库su -s /bin/sh -c glance-manage db_s

46、ync glance/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1334: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacadeexpire_on_commit=expire_on_commit, _conf=conf)INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.runtime

47、.migration Will assume non-transactional DDL.INFO alembic.runtime.migration Running upgrade - liberty, liberty initialINFO alembic.runtime.migration Running upgrade liberty - mitaka01, add index on created_at and updated_at columns of images tableINFO alembic.runtime.migration Running upgrade mitaka

48、01 - mitaka02, update metadef os_nova_serverINFO alembic.runtime.migration Running upgrade mitaka02 - ocata_expand01, add visibility to imagesINFO alembic.runtime.migration Running upgrade ocata_expand01 - pike_expand01, empty expand for symmetry with pike_contract01INFO alembic.runtime.migration Ru

49、nning upgrade pike_expand01 - queens_expand01INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.runtime.migration Will assume non-transactional DDL.Upgraded database to: queens_expand01, current revision(s): queens_expand01INFO alembic.runtime.migration Context impl MySQLImpl.INFO al

50、embic.runtime.migration Will assume non-transactional DDL.INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.runtime.migration Will assume non-transactional DDL.Database migration is up to date. No migration needed.INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.ru

51、ntime.migration Will assume non-transactional DDL.INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.runtime.migration Will assume non-transactional DDL.INFO alembic.runtime.migration Running upgrade mitaka02 - ocata_contract01, remove is_public from imagesINFO alembic.runtime.migrat

52、ion Running upgrade ocata_contract01 - pike_contract01, drop glare artifacts tablesINFO alembic.runtime.migration Running upgrade pike_contract01 - queens_contract01INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.runtime.migration Will assume non-transactional DDL.Upgraded databas

53、e to: queens_contract01, current revision(s): queens_contract01INFO alembic.runtime.migration Context impl MySQLImpl.INFO alembic.runtime.migration Will assume non-transactional DDL.Database is synced successfully.、启动并设置开机启systemctl start openstack-glance-apisystemctl start openstack-glance-registry

54、systemctl enable openstack-glance-apisystemctl enable openstack-glance-registry、验证 . admin-openrcwget /0.3.5/cirros-0.3.5-x86_64-disk.img-2018-05-30 16:32:45- /0.3.5/cirros-0.3.5-x86_64-disk.imgResolving (). 5, 2607:f298:6:a036:bd6:a72aConnecting to ()|5|:80. connected.HTTP request sent, awaiting re

55、sponse. 200 OKLength: 13267968 (13M) text/plainSaving to: cirros-0.3.5-x86_64-disk.img100%= 13,267,968 244KB/s in 2m 24s2018-05-30 16:35:15 (90.1 KB/s) - cirros-0.3.5-x86_64-disk.img saved 13267968/13267968rootnode1 # lsadmin-openrc anaconda-ks.cfg cirros-0.3.5-x86_64-disk.img demo-openrcopenstack i

56、mage create cirros -file cirros-0.3.5-x86_64-disk.img -disk-format qcow2 -container-format bare -public+-+-+| Field+-+-+| checksum | f8ab98ff5e73ebab884d80c9dc9c7290| container_format | bare| Value| created_at| 2018-05-30T08:42:38Z| qcow2| /v2/images/794a74e7-eb18-4fe3-a439-6cae05330da0/file | 794a7

57、4e7-eb18-4fe3-a439-6cae05330da0| disk_format| file| id| min_disk| min_ram| name| 0| 0| cirros| owner| protected| schema| size| 1d78b2e29c9e4263923e9798f7d3ceb7| False| /v2/schemas/image| 13267968| status| tags| active| updated_at| 2018-05-30T08:42:38Z| virtual_size | None| visibility | public|+-+-+o

58、penstack image list+-+-+-+| ID| Name | Status |+-+-+-+| 794a74e7-eb18-4fe3-a439-6cae05330da0 | cirros | active |+-+-+-+三、安装 nova计算服务（控制节点）、创建并设置 的数据库mysql -u root -p123456MariaDB (none) CREATE DATABASE nova_api;MariaDB (none) CREATE DATABASE nova;MariaDB (none) CREATE DATABASE nova_cell0;MariaDB (no

59、ne) GRANT ALL PRIVILEGES ON nova_api.* TO novalocalhost IDENTIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON nova_api.* TO nova% IDENTIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON nova.* TO novalocalhost IDENTIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON nova.* TO nova% IDEN

60、TIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON nova_cell0.* TO novalocalhost IDENTIFIED BY 123456;MariaDB (none) GRANT ALL PRIVILEGES ON nova_cell0.* TO nova% IDENTIFIED BY 123456;、创建 计算服务的 相关认证信息 . admin-openrc ）openstack user create -domain default -password-prompt novaUser Password:Repea