openstack搭建教程(openstack平台搭建步骤)

多条告白如次剧本只需引入一次

OpenStack安置安置

一、普通筹备处事

安置情况：CentOS764

1、封闭当地iptables风火墙并树立开机不自启用

#systemctlstopfirewalld.service#systemctldisablefirewalld.service2、封闭当地selinux风火墙

#vim/etc/sysconfig/selinuxSELINUX=disabled#setenforce03、树立长机计划机称呼

#hostnamectlset-hostnamecontroller4、当地长机称呼和ip的领会

#vim/etc/hosts192.168.0.104controller5、安置ntp功夫校准东西

#yum-yinstallntp#ntpdateasia.pool.ntp.org6、安置第三方yum源

#yum-yinstallyum-plugin-priorities#yum-yinstallhttp://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm#yum-yinstallhttp://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm7、晋级体例软硬件包并从新体例

#yumupgrade#reboot二、安置摆设mariadb数据库

1、安置mariadb数据库

#yum-yinstallmariadbmariadb-serverMySQL-python2、摆设mariadb数据库

#cp/etc/my.cnf/etc/my.cnf.bak#rpm-qlmariadb#vim/etc/my.cnf.d/server.cnf[mysqld]bind-address=0.0.0.0default-storage-engine=innodbinnodb_file_per_tablecollation-server=utf8_general_ciinit-connect='SETNAMESutf8'character-set-server=utf83、启用mariadb数据库

#systemctlenablemariadb.service#systemctlstartmariadb.service三、安置动静部队效劳

1、安置rabbit所需软硬件包

#yum-yinstallrabbitmq-server2、启用rabbit效劳

#systemctlenablerabbitmq-server.service#systemctlstartrabbitmq-server.service3、树立rabbit效劳暗号

#rabbitmqctlchange_passwordguestrabbit四、安置keyston用户认证组件

1、创造keystone数据库和受权用户

mysql-uroot-pCREATEDATABASEkeystone;GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'keystone';GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'keystone';2、安置keystone组件包

#yum-yinstallopenstack-utilsopenstack-keystonepython-keystoneclient3、摆设keystone文献

#cp/etc/keystone/keystone.conf/etc/keystone/keystone.conf.bak#vim/etc/keystone/keystone.conf[DEFAULT]verbose=True[database]connection=mysql://keystone:keystone@controller/keystone[token]provider=keystone.token.providers.uuid.Providerdriver=keystone.token.persistence.backends.sql.Token4、创造文凭和秘钥文献

#keystone-managepki_setup--keystone-userkeystone--keystone-groupkeystone#chown-Rkeystone:keystone/var/log/keystone#chown-Rkeystone:keystone/etc/keystone/ssl#chmod-Ro-rwx/etc/keystone/ssl5、同步keystone到mariadb数据库

#su-s/bin/sh-c"keystone-managedb_sync"keystone6、启用keystone效劳并开机自启用

#systemctlenableopenstack-keystone.service#systemctlstartopenstack-keystone.service7、废除过时的令牌

默许情景下，身份效劳保存在数据库中过时的令牌无穷。到时令牌的积聚大大减少数据库的巨细，大概会贬低效劳的本能，更加是在资源有限的情况中。咱们倡导您运用cron摆设一个周期性工作，废除过时的令牌时

#(crontab-l-ukeystone2>&1|grep-qtoken_flush)||echo'@hourly/usr/bin/keystone-managetoken_flush>/var/log/keystone/keystone-tokenflush.log2>&1'>>/var/spool/cron/keystone—————————-Createtenants,user,androles———————————

1、摆设admin的token

#exportOS_SERVICE_TOKEN=$(opensslrand-hex10)#exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0#echo$OS_SERVICE_TOKEN>~/ks_admin_token#openstack-config--set/etc/keystone/keystone.confDEFAULTadmin_token$OS_SERVICE_TOKEN#serviceopenstack-keystonerestart2、创造tenant、userandrole

a.Createtheadmintenant、user、role#keystonetenant-create--nameadmin--description"AdminTenant"#keystoneuser-create--nameadmin--passadmin--emailadmin@zhengyansheng.com#keystonerole-create--nameadminb.Addtheadmintenantandusertotheadminrole:#keystoneuser-role-add--tenantadmin--useradmin--roleadminc.Bydefault,thedashboardlimitsaccesstouserswiththe_member_role.#keystonerole-create--name_member_d.Addtheadmintenantandusertothe_member_role:#keystoneuser-role-add--tenantadmin--useradmin--role_member_3、创造一个普遍demo名目和用户

a.Createthedemotenant:#keystonetenant-create--namedemo--description"DemoTenant"b.Createthedemouser:#keystoneuser-create--namedemo--passdemo--emaildemo@zhengyansheng.comc.Addthedemotenantandusertothe_member_role:#keystoneuser-role-add--tenantdemo--userdemo--role_member_4、创造一个service名目

#keystonetenant-create--nameservice--description"ServiceTenant"————————CreatetheserviceentityandAPIendpoint————————

1、CreatetheserviceentityandAPIendpoint|CreatetheserviceentityfortheIdentityservice:

#keystoneservice-create--namekeystone--typeidentity--description"OpenStackIdentity"2、CreatetheAPIendpointfortheIdentityservice:

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/identity/{print$2}')--publicurlhttp://controller:5000/v2.0--internalurlhttp://controller:5000/v2.0--adminurlhttp://controller:35357/v2.0--regionregionOne3、察看keystone认证消息

[root@controller~]#keystoneuser-list+----------------------------------+-------+---------+-------------------------+|id|name|enabled|email|+----------------------------------+-------+---------+-------------------------+|7053cfacc4b047dcabe82f6be0e5dc77|admin|True|admin@zhengyansheng.com||eea569106329465996e9e09a666838bd|demo|True|demo@zhengyansheng.com|+----------------------------------+-------+---------+-------------------------+[root@controller~]#keystonetenant-list+----------------------------------+---------+---------+|id|name|enabled|+----------------------------------+---------+---------+|307fd76766eb4b02a28779f4e88717ce|admin|True||f054bd56851b4a318a19233a13e13d31|demo|True||d865c3b49f6f4bf7b2a0b93e0110e546|service|True|+----------------------------------+---------+---------+[root@controller~]#keystoneservice-list+----------------------------------+----------+----------+--------------------+|id|name|type|description|+----------------------------------+----------+----------+--------------------+|9754f7bdf78c4000875f1aa5f3291b19|keystone|identity|OpenStackIdentity|+----------------------------------+----------+----------+--------------------+[root@controller~]#keystoneendpoint-list+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+|id|region|publicurl|internalurl|adminurl|service_id|+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+|6831d6708fe4469fa653b9b5adf801d9|regionOne|http://controller:5000/v2.0|http://controller:5000/v2.0|http://controller:35357/v2.0|9754f7bdf78c4000875f1aa5f3291b19|+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+4、废除偶尔树立的情况变量

#unsetOS_SERVICE_TOKEN#unsetOS_SERVICE_ENDPOINT5、运用keystone举行用户认证

#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0token-get#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0tenant-list#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0user-list#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0role-list6、运用普遍用户demo认证尝试

#keystone--os-tenant-namedemo--os-usernamedemo--os-passworddemo--os-auth-urlhttp://controller:35357/v2.0token-get#keystone--os-tenant-namedemo--os-usernamedemo--os-passworddemo--os-auth-urlhttp://controller:35357/v2.0user-listYouarenotauthorizedtoperformtherequestedaction:admin_required(HTTP403)7、存户端cli吩咐行剧本

#vim~/admin-openrc.shexportOS_TENANT_NAME=adminexportOS_USERNAME=adminexportOS_PASSWORD=adminexportOS_AUTH_URL=http://controller:35357/v2.0#vim~/demo-openrc.shexportOS_TENANT_NAME=demoexportOS_USERNAME=demoexportOS_PASSWORD=demoexportOS_AUTH_URL=http://controller:5000/v2.0#sourceadmin-openrc.sh8、尝试即使废除情况变量，经过keystone仍旧不妨认证经过证明keystone是摆设胜利的

四、安置glance组件

1、创造keystone数据库和受权用户

mysql-uroot-pCREATEDATABASEglance;GRANTALLPRIVILEGESONglance.*TO'glance'@'localhost'IDENTIFIEDBY'glance';GRANTALLPRIVILEGESONglance.*TO'glance'@'%'IDENTIFIEDBY'glance';2、创造glance用户并介入到admin组中

#keystoneuser-create--nameglance--passglance#keystoneuser-role-add--userglance--tenantservice--roleadmin3、创造glance效劳

#keystoneservice-create--nameglance--typeimage--description"OpenStackImageService"4、创造Identity的效劳考察rul

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/image/{print$2}')--publicurlhttp://controller:9292--internalurlhttp://controller:9292--adminurlhttp://controller:9292--regionregionOne5、安置摆设glance包

#yum-yinstallopenstack-glancepython-glanceclient6、窜改glance摆设文献

#cp/etc/glance/glance-api.conf/etc/glance/glance-api.conf.bak#vim/etc/glance/glance-api.conf[DEFAULT]verbose=True[database]connection=mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=glanceadmin_password=glance[paste_deploy]flavor=keystone[glance_store]default_store=filefilesystem_store_datadir=/var/lib/glance/images/#cp/etc/glance/glance-registry.conf/etc/glance/glance-registry.conf.bak#vim/etc/glance/glance-registry.conf[DEFAULT]verbose=True[database]connection=mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=glanceadmin_password=glance[paste_deploy]flavor=keystone7、同步glance到mariadb数据库

#su-s/bin/sh-c"glance-managedb_sync"glance8、启用和开机自启用

#systemctlenableopenstack-glance-api.serviceopenstack-glance-registry.service#systemctlstartopenstack-glance-api.serviceopenstack-glance-registry.service9、载入上传image镜像

#mkdir/tmp/images#cd/tmp/images#wgethttp://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img#glanceimage-create--name"cirros-0.3.3-x86_64"--filecirros-0.3.3-x86_64-disk.img--disk-formatqcow2--container-formatbare--is-publicTrue--progress#glanceimage-list#mv/tmp/images/opt五、增添一个计划节点

1、创造nova数据库和受权用户

mysql-uroot-pCREATEDATABASEnova;GRANTALLPRIVILEGESONnova.*TO'nova'@'localhost'IDENTIFIEDBY'nova';GRANTALLPRIVILEGESONnova.*TO'nova'@'%'IDENTIFIEDBY'nova';2、创造Nova的用户，介入到admin组、service效劳

#keystoneuser-create--namenova--passnova#keystoneuser-role-add--usernova--tenantservice--roleadmin#keystoneservice-create--namenova--typecompute--description"OpenStackCompute"3、创造计划节点的考察url

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/compute/{print$2}')--publicurlhttp://controller:8774/v2/%(tenant_id)s--internalurlhttp://controller:8774/v2/%(tenant_id)s--adminurlhttp://controller:8774/v2/%(tenant_id)s--regionregionOne4、安置Nova包

#yum-yinstallopenstack-nova-apiopenstack-nova-certopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-schedulerpython-novaclient#yum-yinstallopenstack-nova-computesysfsutils5、窜改nova摆设文献

#cp/etc/nova/nova.conf/etc/nova/nova.conf.bak#vim/etc/nova/nova.conf[DEFAULT]my_ip=controllervncserver_listen=controllervncserver_proxyclient_address=controllerverbose=Truerpc_backend=rabbitrabbit_host=controllerrabbit_password=rabbitauth_strategy=keystonevnc_enabled=Truevncserver_listen=0.0.0.0vncserver_proxyclient_address=controllernovncproxy_base_url=http://controller:6080/vnc_auto.html[database]connection=mysql://nova:nova@controller/nova[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=novaadmin_password=nova[glance]host=controller[libvirt]virt_type=qemu6、同步nova到moriadb数据库

#su-s/bin/sh-c"nova-managedbsync"nova7、启用稠密效劳开机自启用

#systemctlenableopenstack-nova-api.serviceopenstack-nova-cert.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service#systemctlstartopenstack-nova-api.serviceopenstack-nova-cert.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service#systemctlenablelibvirtd.serviceopenstack-nova-compute.service#systemctlstartlibvirtd.service#systemctlstartopenstack-nova-compute.service#novaservice-list#novaimage-list六、增添一个搜集节点

1、创造neutron数据库和受权用户

mysql-uroot-pCREATEDATABASEneutron;GRANTALLPRIVILEGESONneutron.*TO'neutron'@'localhost'IDENTIFIEDBY'neutron';GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'IDENTIFIEDBY'neutron';2、创造neutron用户，介入到admin组中，并创造neutron效劳

#keystoneuser-create--nameneutron--passneutron#keystoneuser-role-add--userneutron--tenantservice--roleadmin#keystoneservice-create--nameneutron--typenetwork--description"OpenStackNetworking"3、创造neutron的endponit考察url

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/image/{print$2}')--publicurlhttp://controller:5672--internalurlhttp://controller:5672--adminurlhttp://controller:5672--regionregionOne4、安置neutron包

#yum-yinstallopenstack-neutronopenstack-neutron-ml2python-neutronclientwhich5、窜改neutron摆设文献

#cp/etc/neutron/neutron.conf/etc/neutron/neutron.conf.bak#vim/etc/neutron/neutron.conf[DEFAULT]rpc_backend=rabbitrabbit_host=controllerrabbit_password=rabbitauth_strategy=keystonecore_plugin=ml2service_plugins=routerallow_overlapping_ips=Truenotify_nova_on_port_status_changes=Truenotify_nova_on_port_data_changes=Truenova_url=http://controller:8774/v2nova_admin_auth_url=http://controller:35357/v2.0nova_region_name=regionOnenova_admin_username=novanova_admin_tenant_id=SERVICE_TENANT_IDnova_admin_password=novaverbose=True[database]connection=mysql://neutron:neutron@controller/neutron[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=neutronadmin_password=neutron6、尝试

#keystonetenant-getservice#cp/etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugins/ml2/ml2_conf.ini.bak#vim/etc/neutron/plugins/ml2/ml2_conf.ini[ml2]type_drivers=flat,gretenant_network_types=gremechani***_drivers=openvswitch[ml2_type_gre]tunnel_id_ranges=1:1000[securitygroup]enable_security_group=Trueenable_ipset=Truefirewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver#vim/etc/nova/nova.conf[DEFAULT]network_api_class=nova.network.neutronv2.api.APIsecurity_group_api=neutronlinuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriverfirewall_driver=nova.virt.firewall.NoopFirewallDriver[neutron]url=http://controller:9696auth_strategy=keystoneadmin_auth_url=http://controller:35357/v2.0admin_tenant_name=serviceadmin_username=neutronadmin_password=neutron#ln-s/etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini7、同步neutron到mariadb数据库

#su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf--config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradejuno"neutron8、从新启用compute效劳

#systemctlrestartopenstack-nova-api.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.service9、开机自启用效劳

#systemctlenableneutron-server.service#systemctlstartneutron-server.service10、察看neutron-server过程

#neutronext-list11、察看关系消息

#tail-f/var/log/neutron/server.log12、摆设内核搜集参数

#cp/etc/sysctl.conf/etc/sysctl.conf.bak#vim/etc/sysctl.confnet.ipv4.ip_forward=1net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0#sysctl-p13、安置搜集组件包

#yum-yinstallopenstack-neutronopenstack-neutron-ml2openstack-neutron-openvswitch14、摆设常用的搜集组件

#vim/etc/neutron/plugins/ml2/ml2_conf.ini[ml2_type_flat]flat_networks=external[ovs]local_ip=INSTANCE_TUNNELS_INTERFACE_IP_ADDRESSenable_tunneling=Truebridge_mappings=external:br-ex[agent]tunnel_types=gre#cp/etc/neutron/l3_agent.ini/etc/neutron/l3_agent.ini.bak#vim/etc/neutron/l3_agent.ini[DEFAULT]interface_driver=neutron.agent.linux.interface.OVSInterfaceDriveruse_namespaces=Trueexternal_network_bridge=br-exverbose=True#cp/etc/neutron/dhcp_agent.ini/etc/neutron/dhcp_agent.ini.bak#vim/etc/neutron/dhcp_agent.ini[DEFAULT]interface_driver=neutron.agent.linux.interface.OVSInterfaceDriverdhcp_driver=neutron.agent.linux.dhcp.Dn***asquse_namespaces=Trueverbose=Truedn***asq_config_file=/etc/neutron/dn***asq-neutron.conf#cp/etc/neutron/metadata_agent.ini/etc/neutron/metadata_agent.ini.bak#vim/etc/neutron/metadata_agent.ini[DEFAULT]auth_url=http://controller:5000/v2.0auth_region=regionOneadmin_tenant_name=serviceadmin_user=neutronadmin_password=neutronnova_metadata_ip=controllermetadata_proxy_shared_secret=METADATA_SECRETverbose=True#vim/etc/nova/nova.conf[neutron]service_metadata_proxy=Truemetadata_proxy_shared_secret=METADATA_SECRET15、在遏制节点上从新启用API效劳

#systemctlrestartopenstack-nova-api.service七、安置摆设dashboard

1、安置dashboard和所需的和依附包

#yuminstallopenstack-dashboardhttpdmod_wsgimemcachedpython-memcached2、窜改dashboard摆设文献

#cp/etc/openstack-dashboard/local_settings/etc/openstack-dashboard/local_settings.bak#vim/etc/openstack-dashboard/local_settingsOPENSTACK_HOST="controller"ALLOWED_HOSTS=['*']CACHES={'default':{'BACKEND':'django.core.cache.backends.memcached.MemcachedCache','LOCATION':'127.0.0.1:11211',}}TIME_ZONE="TIME_ZONE"3、运转web效劳贯穿OpenStack效劳

#setsebool-Phttpd_can_network_connecton4、因为包装缺点，风度板不许精确加载CSS。运转以次吩咐来处置这个题目：

#chown-Rapache:apache/usr/share/openstack-dashboard/static5、启用Web效劳器和对话保存效劳和摆设启用体例启用时：

#systemctlenablehttpd.servicememcached.service#systemctlstarthttpd.servicememcached.service八、考察尝试

1、鉴于HTTP举行考察尝试：

好了，即日就先到这边吧！