环境

去官网的路上
主机配置
IP分配 系统
10.0.0.11 controller (控制节点) CentOS Linux release 7.4.1708 (Core)
10.0.0.12 compute1 (计算节点) CentOS Linux release 7.4.1708 (Core)

1、基础配置

mount /dev/cdrom /mnt    #两节点都执行
rz 上传openstack_rpm.tar.gz到/opt,并解压
[root@compute01 opt]# ll -h openstack_rpm.tar.gz 
-rw-r--r-- 1 root root 237M Jul 19  2017 openstack_rpm.tar.gz
[root@compute01 opt]# tar xf openstack_rpm.tar.gz 
生成repo配置文件
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0

2、网络时间协议ntp

  • 服务端配置controlle
    [root@controller ~]# yum install chrony
    [root@controller ~]# vim /etc/chrony.conf
    allow 10.0.0.0/8    #26取消注释 
    [root@controller ~]# systemctl restart chronyd.service 
    [root@controller ~]# systemctl enable chronyd.service 
  • 客户端compute1
    [root@compute1 ~]# vim /etc/chrony.conf 
    server 10.0.0.11 iburst  注释4-6行即可。
  • 时间对比看误差如下:
        [root@controller ~]# date
        Fri Sep  6 17:30:42 CST 2019
        [root@compute1 ~]# date
        Fri Sep  6 17:30:42 CST 2019

    http://vault.centos.org/  #所有版本的源都在
    图片
    图片

    3、openstack的包

  • 安装 OpenStack 客户端:
    yum install python-openstackclient  #两节点都要装
  • 2.RHEL 和 CentOS 默认启用了 SELinux . 安装 openstack-selinux 软件包以便自动管理 OpenStack 服务的安全策略:
    yum install openstack-selinux       #两节点都要装

    4、安装数据库

  • 安装软件包:
    [root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
  • 创建并编辑 /etc/my.cnf.d/openstack.cnf,然后完成如下动作:
    [root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
    [mysqld]
    bind-address = 10.0.0.11
    default-storage-engine = innodb
    innodb_file_per_table
    max_connections = 4096
    collation-server = utf8_general_ci
    character-set-server = utf8
    [root@controller ~]# systemctl start mariadb.service 
    [root@controller ~]# systemctl enable mariadb.service 
    Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
  • 安装初始化

为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。

[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none): 
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] n
 ... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
 - Dropping test database...
 ... Success!
 - Removing privileges on test database...
 ... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

回车-------》n--->y----》y--------》y--------》y

5、安装消息队列

  • 安装包:
    [root@controller ~]# yum install rabbitmq-server -y
    [root@controller ~]# systemctl start rabbitmq-server.service 
    [root@controller ~]# systemctl enable rabbitmq-server.service 
    Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
  • 添加 openstack 用户:
    [root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
    Creating user "openstack" ...
    用合适的密码替换 RABBIT_DBPASS。
  • openstack用户配置写和读权限:
    [root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
    Setting permissions for user "openstack" in vhost "/" ...

    6、安装memcached

  • 安装服务
    [root@controller ~]# yum install memcached python-memcached
  • 修改配置
    [root@controller ~]# cat /etc/sysconfig/memcached 
    PORT="11211"
    USER="memcached"
    MAXCONN="1024"
    CACHESIZE="64"
    OPTIONS="-l 10.0.0.11,::1"
  • 启动Memcached服务,并且配置它随机启动。
    # systemctl enable memcached.service
    # systemctl start memcached.service

    图片

    一、keystone服务

    一、keystone服务简介和配置

    为认证管理,授权管理和服务目录服务管理提供单点整合。其它OpenStack服务将身份认证服务当做通用统一API来使用
    图片
    keystone的认证服务,由于openstack节点有许多,想要访问的路径位置不一样,所以这样很难让人记住,此时keystone服务就是实现只登录认证服务,然后都保存有其他的服务地址。
    图片
    openstack的安装顺序

    1、登入数据库创库授权
    2、在keystone创建用户并授权,串联角色。
    3、在keyston创建API(例如glance服务注册)
    4、YUM安装服务的软件包
    5、修改服务的配置文件
    6、同步数据库
    7、启动服务
    以上keyston必须的流程。

在你配置 OpenStack 身份认证服务前,你必须创建一个数据库和管理员令牌。

  • 完成下面的步骤以创建数据库:

用数据库连接客户端以 root 用户连接到数据库服务器:

$ mysql -u root -p
  • 创建 keystone 数据库:
    MariaDB [(none)]> CREATE DATABASE keystone;
    Query OK, 1 row affected (0.00 sec)
  • keystone数据库授予恰当的权限:
    
    MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
        ->   IDENTIFIED BY 'KEYSTONE_DBPASS';
    Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
    ->   IDENTIFIED BY 'KEYSTONE_DBPASS';
Query OK, 0 rows affected (0.00 sec)

* 用合适的密码替换 KEYSTONE_DBPASS 。
* 退出数据库客户端。
### 安装软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

mod_wsgi 的意思和fastcgi意思相近
![图片](https://uploader.shimo.im/f/Vc2sx63mXS4Zlk9g.png!thumbnail)
### 编辑文件 /etc/keystone/keystone.conf 并完成如下动作:
* 安装修改文件工具

[root@controller ~]# yum install openstack-utils.noarch -y  #有利于修改
\cp /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connection  pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider  fernet

* 最终文件校验码如下

![图片](https://uploader.shimo.im/f/58re4OTtfeYmigdv.png!thumbnail)
* 初始化身份认证服务的数据库:同步数据库

[root@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone

* 检查是否同步成功

[root@controller keystone]# mysql keystone -e 'show tables;'
+------------------------+
| Tables_in_keystone     |
+------------------------+
| access_token           |
| assignment             |
| config_register        |
| consumer               |
| credential             |
| domain                 |
| endpoint               |
| endpoint_group         |
| federated_user         |
| federation_protocol    |
| group                  |
| id_mapping             |
| identity_provider      |
| idp_remote_ids         |
| implied_role           |
| local_user             |
| mapping                |
| migrate_version        |
| password               |
| policy                 |
| policy_association     |
| project                |
| project_endpoint       |
| project_endpoint_group |
| region                 |
| request_token          |
| revocation_event       |
| role                   |
| sensitive_config       |
| service                |
| service_provider       |
| token                  |
| trust                  |
| trust_role             |
| user                   |
| user_group_membership  |
| whitelisted_config     |
+------------------------+

* 初始化Fernet keys

[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

![图片](https://uploader.shimo.im/f/A4YgEZnGAU0RXjA6.png!thumbnail)
## 配置 Apache HTTP 服务器[¶](file:///E:/%E8%AF%BE%E5%90%8E%E9%97%AE%E6%96%87%E4%BB%B6%E5%85%B1%E4%BA%AB/50%E6%9C%9F%E4%BA%91%E8%AE%A1%E7%AE%97%E9%A2%84%E4%B9%A0%E8%A7%86%E9%A2%91/openstack%E8%B5%84%E6%96%99%E5%8C%85/html/keystone-install.html#configure-the-apache-http-server)
* 编辑``/etc/httpd/conf/httpd.conf`` 文件,配置``ServerName`` 选项为控制节点:

方法一:

[root@controller keystone]# vim /etc/httpd/conf/httpd.conf
ServerName controller

* 方法二:

[root@controller keystone]# echo "ServerName controller" >>/etc/httpd/conf/httpd.conf

* 用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf。

vim  /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
    Require all granted
</Directory>

</VirtualHost>

<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
    Require all granted
</Directory>

</VirtualHost>

* 校验:

![图片](https://uploader.shimo.im/f/kH1eoYuR2h8HxDEW.png!thumbnail)
* 启动 Apache HTTP 服务并配置其随系统启动:

[root@controller keystone]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller keystone]# systemctl start httpd.service

![图片](https://uploader.shimo.im/f/imxXtEoK6AAiGUsA.png!thumbnail)
## 二、创建服务实体和API端点

[root@controller keystone]# export OS_TOKEN=ADMIN_TOKEN #配置认证令牌:
[root@controller keystone]# export OS_URL=http://controller:35357/v3 #配置端点URL:
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3 #配置认证 API 版本:
[root@controller keystone]# env |grep OS
HOSTNAME=controller
OS_IDENTITY_API_VERSION=3
OS_TOKEN=ADMIN_TOKEN
OS_URL=http://controller:35357/v3

* 在你的Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定您的环境中可用的服务。
* 创建服务实体和身份认证服务:

[root@controller keystone]# openstack service create \

   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | 779367e67e2241f69f94a9b5c9df4aa9 |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+

* 创建认证服务的 API 端点:

[root@controller keystone]# openstack endpoint create --region RegionOne \
   identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | f94857ae91044e88b8fe3ab0b5624d34 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 779367e67e2241f69f94a9b5c9df4aa9 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+

[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 1e61fb08ea1d4ea4833f373c2803ed60 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 779367e67e2241f69f94a9b5c9df4aa9 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[root@controller keystone]# openstack endpoint create --region RegionOne \
>   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e4cb24f931474bd78c1cde0bb9b5ec70 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 779367e67e2241f69f94a9b5c9df4aa9 |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+

以上操作比较麻烦啰嗦,直接命令行执行以下操作
openstack service create \
  --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne \
  identity public http://controller:5000/v3
openstack endpoint create --region RegionOne \
  identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne \
  identity admin http://controller:35357/v3

  • 校验
    [root@controller keystone]# openstack endpoint list
    +---------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
    | ID                        | Region    | Service Name | Service Type | Enabled | Interface | URL                       |
    +---------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
    | 1e61fb08ea1d4ea4833f373c2 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3 |
    | 803ed60                   |           |              |              |         |           |                           |
    | e4cb24f931474bd78c1cde0bb | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v |
    | 9b5ec70                   |           |              |              |         |           | 3                         |
    | f94857ae91044e88b8fe3ab0b | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3 |
    | 5624d34                   |           |              |              |         |           |                           |
    +---------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
[root@controller keystone]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 779367e67e2241f69f94a9b5c9df4aa9 | keystone | identity |
+----------------------------------+----------+----------+

图片

  • 报错集结

图片
图片

三、创建域、项目、用户和角色

  • 创建域、项目、用户、角色
    [root@controller keystone]# openstack domain create --description "Default Domain" default
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | Default Domain                   |
    | enabled     | True                             |
    | id          | dc39c5e1af2c4b7b875b1564ec03b144 |
    | name        | default                          |
    +-------------+----------------------------------+
[root@controller keystone]# openstack project create --domain default \
>   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled     | True                             |
| id          | 00e5f59a1b434ad8b3e82000d345ca83 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | dc39c5e1af2c4b7b875b1564ec03b144 |
+-------------+----------------------------------+
[root@controller keystone]# openstack user create --domain default \
>   --password 123456 admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled   | True                             |
| id        | 919d9a3071994ef4a881c23596c964a1 |
| name      | admin                            |
+-----------+----------------------------------+
[root@controller keystone]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 31cea6a8a47a4d89bf65b1f61286bacd |
| name      | admin                            |
+-----------+----------------------------------+
  • 关联项目,用户,角色
    [root@controller keystone]# openstack role add --project admin --user admin admin
[root@controller keystone]# openstack project create --domain default \
>   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled     | True                             |
| id          | 36231b61eacf45d4aa8bc7660f3418ab |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | dc39c5e1af2c4b7b875b1564ec03b144 |
+-------------+----------------------------------+

简单执行
创建域、项目、用户、角色
openstack domain create --description "Default Domain" default
openstack project create --domain default \
  --description "Admin Project" admin
openstack user create --domain default \
  --password 123456 admin
openstack role create admin
#关联项目,用户,角色
openstack role add --project admin --user admin admin
openstack project create --domain default \
  --description "Service Project" service

  • 校验

图片

 openstack domain list
 openstack project list
 openstack user list
 openstack role list

四、验证操作

  • 重置OS_TOKENOS_URL 环境变量:
    [root@controller keystone]# env |grep OS
    HOSTNAME=controller
    OS_IDENTITY_API_VERSION=3
    OS_TOKEN=ADMIN_TOKEN
    OS_URL=http://controller:35357/v3
    [root@controller keystone]# unset OS_TOKEN OS_URL
    [root@controller keystone]# env |grep OS
    HOSTNAME=controller
    OS_IDENTITY_API_VERSION=3
  • 作为 admin 用户,请求认证令牌:
    [root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 \
    >   --os-project-domain-name default --os-user-domain-name default \
    >   --os-project-name admin --os-username admin token issue
    Password:   123456
    +------------+----------------------------------------------------------------------------------------------------------+
    | Field      | Value                                                                                                    |
    +------------+----------------------------------------------------------------------------------------------------------+
    | expires    | 2019-09-07T08:52:38.000000Z                                                                              |
    | id         | gAAAAABdc2HGn9ySSctxdzPfiIHHcf7YkEgs-F2_hyCc8dEuQVRT7qbdXQF6vhpINFFlcYn-7Iyc4uH4OUM5mW53lZNE0QDU5WX4ikYC |
    |            | rOfGMAG_NlMbpVPAdEqfQyUYsA2zbNH3kLL_TMG1Tnv715dWPnpO_rvOlppbE1lFp68cw_1SXvW7OhM                          |
    | project_id | 00e5f59a1b434ad8b3e82000d345ca83                                                                         |
    | user_id    | 919d9a3071994ef4a881c23596c964a1                                                                         |
    +------------+----------------------------------------------------------------------------------------------------------+
  • 查看过期时间
    [root@controller keystone]# timedatectl 
          Local time: Sat 2019-09-07 15:52:54 CST
      Universal time: Sat 2019-09-07 07:52:54 UTC
            RTC time: Sat 2019-09-07 07:52:55
           Time zone: Asia/Shanghai (CST, +0800)
         NTP enabled: yes
    NTP synchronized: yes
     RTC in local TZ: no
          DST active: n/a

    五、创建 OpenStack 客户端环境脚本

  • 切换路劲到root目录吓
    [root@controller ~]# pwd 
    /root
  • 编辑环境变量
    [root@controller ~]# cat admin-openrc 
    export OS_PROJECT_DOMAIN_NAME=default
    export OS_USER_DOMAIN_NAME=default
    export OS_PROJECT_NAME=admin
    export OS_USERNAME=admin
    export OS_PASSWORD=123456
    export OS_AUTH_URL=http://controller:35357/v3
    export OS_IDENTITY_API_VERSION=3
    export OS_IMAGE_API_VERSION=2
  • 校验(环境变量可以使查询语句比较简短)

图片

图片

语句整理
openstack user list
openstack --os-auth-url http://controller:35357/v3   --os-project-domain-name default --os-user-domain-name default   --os-project-name admin --os-username admin user list

二、镜像服务glance

1、创建数据库授权

  • 用数据库连接客户端以 root 用户连接到数据库服务器:
    $ mysql -u root -p
  • 创建 glance 数据库:
    CREATE DATABASE glance;
  • glance数据库授予恰当的权限:
    GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
    IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';
  • 在keystone创建glance用户关联角色
    [root@controller ~]# openstack user create --domain default --password GLANCE_PASS glance
    +-----------+----------------------------------+
    | Field     | Value                            |
    +-----------+----------------------------------+
    | domain_id | dc39c5e1af2c4b7b875b1564ec03b144 |
    | enabled   | True                             |
    | id        | e948ddc58d3a4e10aab7ee2ea2e24ba1 |
    | name      | glance                           |
    +-----------+----------------------------------+
    [root@controller ~]# openstack role add --project service --user glance admin
  • 语句整理

    [root@controller ~]# openstack user create --domain default --password GLANCE_PASS glance
    [root@controller ~]# openstack role add --project service --user glance admin

    2、创建glance服务实体和API

  • 创建glance服务实体:
    [root@controller ~]# openstack service create --name glance \
    >   --description "OpenStack Image" image
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | OpenStack Image                  |
    | enabled     | True                             |
    | id          | 39329ccc82b3496c94824f1eca5d4281 |
    | name        | glance                           |
    | type        | image                            |
    +-------------+----------------------------------+
  • 创建API
    [root@controller ~]# openstack service create --name glance \
    >   --description "OpenStack Image" image
    +-------------+----------------------------------+
    | Field       | Value                            |
    +-------------+----------------------------------+
    | description | OpenStack Image                  |
    | enabled     | True                             |
    | id          | 39329ccc82b3496c94824f1eca5d4281 |
    | name        | glance                           |
    | type        | image                            |
    +-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c024ee94f3cb4999b68880f096d9bcf8 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 39329ccc82b3496c94824f1eca5d4281 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 161be9f745b1487c8c3d6f57bc4a87b7 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 39329ccc82b3496c94824f1eca5d4281 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
>   image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bd71f23310654c30b52da51652f0d324 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 39329ccc82b3496c94824f1eca5d4281 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

在keystone上创建服务和注册api
openstack service create --name glance \
  --description "OpenStack Image" image
openstack endpoint create --region RegionOne \
  image public http://controller:9292
openstack endpoint create --region RegionOne \
  image internal http://controller:9292
openstack endpoint create --region RegionOne \
  image admin http://controller:9292

3、安全并配置组件

[root@controller ~]# yum install openstack-glance -y
  • 编辑文件 /etc/glance/glance-api.conf 并完成如下动作
    [root@controller ~]# cp /etc/glance/glance-api.conf{,.bak}
    [root@controller ~]# grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak &gt;/etc/glance/glance-api.conf
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  glance_store stores  file,http
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  glance_store default_store  file
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  glance_store filesystem_store_datadir  /var/lib/glance/images/
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_uri  http://controller:5000
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_url  http://controller:35357
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken memcached_servers  controller:11211
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_type  password
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_domain_name  default
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken user_domain_name  default
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_name  service
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken username  glance
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken password  GLANCE_PASS
    [root@controller ~]# openstack-config --set /etc/glance/glance-api.conf  paste_deploy flavor  keystone
  • 一下一次性执行即可和上面效果一样
    cp /etc/glance/glance-api.conf{,.bak}
    grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak &gt;/etc/glance/glance-api.conf
    openstack-config --set /etc/glance/glance-api.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
    openstack-config --set /etc/glance/glance-api.conf  glance_store stores  file,http
    openstack-config --set /etc/glance/glance-api.conf  glance_store default_store  file
    openstack-config --set /etc/glance/glance-api.conf  glance_store filesystem_store_datadir  /var/lib/glance/images/
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_uri  http://controller:5000
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_url  http://controller:35357
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken memcached_servers  controller:11211
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken auth_type  password
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_domain_name  default
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken user_domain_name  default
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken project_name  service
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken username  glance
    openstack-config --set /etc/glance/glance-api.conf  keystone_authtoken password  GLANCE_PASS
    openstack-config --set /etc/glance/glance-api.conf  paste_deploy flavor  keystone
  • 校验

    [root@controller ~]# md5sum /etc/glance/glance-api.conf
    3e1a4234c133eda11b413788e001cba3  /etc/glance/glance-api.con

    图片

  • 编辑文件 ``/etc/glance/glance-registry.conf``并完成如下动作:
    [root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak}
    [root@controller ~]# grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
    /glance/glance-registry.conf  keystone_authtoken username  glance
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password  GLANCE_PASS
    openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor  keystone[root@controller ~]# openstack-confler:5000 /etc/glance/glance-registry.conf  keystone_authtoken auth_uri  http://control 
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_url  http://controller:35357
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken memcached_servers  controller:11211
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_type  password
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_domain_name  default
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken user_domain_name  default
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_name  service
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken username  glance
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password  GLANCE_PASS
    [root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor  keystone

    命令汇总可一次性执行

    cp /etc/glance/glance-registry.conf{,.bak}
    grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak &gt; /etc/glance/glance-registry.conf
    openstack-config --set /etc/glance/glance-registry.conf  database  connection  mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_uri  http://controller:5000
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_url  http://controller:35357
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken memcached_servers  controller:11211
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken auth_type  password
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_domain_name  default
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken user_domain_name  default
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken project_name  service
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken username  glance
    openstack-config --set /etc/glance/glance-registry.conf  keystone_authtoken password  GLANCE_PASS
    openstack-config --set /etc/glance/glance-registry.conf  paste_deploy flavor  keystone
  • 校验

图片

4、写入镜像服务数据库

  • 同步数据库
    [root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
    Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
    /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
      expire_on_commit=expire_on_commit, _conf=conf)
    /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.')
      result = self._query(query)
  •  注解

忽略以上输出中任何不推荐使用的信息

  • 校验
    [root@controller ~]# mysql glance -e "show tables;"
    +----------------------------------+
    | Tables_in_glance                 |
    +----------------------------------+
    | artifact_blob_locations          |
    | artifact_blobs                   |
    | artifact_dependencies            |
    | artifact_properties              |
    | artifact_tags                    |
    | artifacts                        |
    | image_locations                  |
    | image_members                    |
    | image_properties                 |
    | image_tags                       |
    | images                           |
    | metadef_namespace_resource_types |
    | metadef_namespaces               |
    | metadef_objects                  |
    | metadef_properties               |
    | metadef_resource_types           |
    | metadef_tags                     |
    | migrate_version                  |
    | task_info                        |
    | tasks                            |
    +----------------------------------+
  • 启动镜像服务、配置他们随机启动:
    # systemctl enable openstack-glance-api.service \
    openstack-glance-registry.service
    # systemctl start openstack-glance-api.service \
    openstack-glance-registry.service

    图片

  • 校验是否能用glance镜像

keystone校验是获取一个token

[root@controller ~]# openstack token issue
+------------+----------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                    |
+------------+----------------------------------------------------------------------------------------------------------+
| expires    | 2019-09-07T10:17:12.000000Z                                                                              |
| id         | gAAAAABdc3WYVhvBRhpK0HosaT43ch_I1tsGh3EGPkNg_vH43CGXJsA1sZiUyfLEHxM3Wo1fT8JMPvRAzcrhrnyvgKMEzVBODMBixYfA |
|            | VHeGf8_K9teOCAL1SIOlIX2I-NJNeuz_Xq4tAxoogdF4RQLSQH3mCFZlWaY8aNW8r4jph2hvVFEvIS8                          |
| project_id | 00e5f59a1b434ad8b3e82000d345ca83                                                                         |
| user_id    | 919d9a3071994ef4a881c23596c964a1                                                                         |
+------------+----------------------------------------------------------------------------------------------------------+

glance是上传一个镜像

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

图片

  • 本地验证是否成功
    [root@controller ~]# openstack image create "cirros" \
    >   --file cirros-0.3.4-x86_64-disk.img \
    >   --disk-format qcow2 --container-format bare \
    >   --public                              #公有的
    +------------------+------------------------------------------------------+
    | Field            | Value                                                |
    +------------------+------------------------------------------------------+
    | checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
    | container_format | bare                                                 |
    | created_at       | 2019-09-07T09:21:28Z                                 |
    | disk_format      | qcow2                                                |
    | file             | /v2/images/4785840a-2a8d-441c-8fd9-7227052bc580/file |
    | id               | 4785840a-2a8d-441c-8fd9-7227052bc580                 |
    | min_disk         | 0                                                    |
    | min_ram          | 0                                                    |
    | name             | cirros                                               |
    | owner            | 00e5f59a1b434ad8b3e82000d345ca83                     |
    | protected        | False                                                |
    | schema           | /v2/schemas/image                                    |
    | size             | 13287936                                             |
    | status           | active                                               |
    | tags             |                                                      |
    | updated_at       | 2019-09-07T09:21:31Z                                 |
    | virtual_size     | None                                                 |
    | visibility       | public                                               |
    +------------------+------------------------------------------------------+
  • 上面命令如下
    openstack image create "cirros" \
      --file cirros-0.3.4-x86_64-disk.img \
      --disk-format qcow2 --container-format bare \
      --public
  • 查看glance上传镜像存储路径
    [root@controller ~]# ll -h   /var/lib/glance/images/4785840a-2a8d-441c-8fd9-7227052bc580 
    -rw-r----- 1 glance glance 13M Sep  7 17:21 /var/lib/glance/images/4785840a-2a8d-441c-8fd9-7227052bc580
  • 查看镜像

图片

[root@controller ~]# openstack image list

三、计算服务节点Nova

nova-api:接受并响应所有的计算服务请求,管理虚拟机(云主机)生命周期
nova-compute(多个):真正管理虚拟机
nova-scheduler:      nova调度器(挑选出最合适的nova-compute来创建虚机)
nova-conductor:      帮助nova-compute代理修改数据库中虚拟机的状态
nova-network          早期openstack版本管理虚拟机的网络(已弃用,neutron)
nova-consoleauth和nova-novncproxy:web版的vnc来直接操作云主机
novncproxy:web版 vnc客户端
nova-api-metadata:接受来自虚拟机发送的元数据请求

1、创库授权

[root@controller ~]# mysql -uroot -p

  • 创建 nova_api 和 nova 数据库:
    CREATE DATABASE nova_api;
    CREATE DATABASE nova;
  • 对数据库进行正确的授权:
    GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
    IDENTIFIED BY 'NOVA_DBPASS';
    GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
    IDENTIFIED BY 'NOVA_DBPASS';
    GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
    IDENTIFIED BY 'NOVA_DBPASS';
    GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
    IDENTIFIED BY 'NOVA_DBPASS';
    用合适的密码代替 NOVA_DBPASS。

    2、在keystone创建系统用户nova关联角色

    以下还是controller节点的操作

  • 在keystone创建系统用户(glance,nova,neutron)关联角色
    openstack user create --domain default \
      --password NOVA_PASS nova
    openstack role add --project service --user nova admin  关联角色
  • 在keystone上创建服务和注册api
    openstack service create --name nova \
      --description "OpenStack Compute" compute
    openstack endpoint create --region RegionOne \
      compute public http://controller:8774/v2.1/%\(tenant_id\)s
    openstack endpoint create --region RegionOne \
      compute internal http://controller:8774/v2.1/%\(tenant_id\)s
    openstack endpoint create --region RegionOne \
      compute admin http://controller:8774/v2.1/%\(tenant_id\)s
  • 安装服务相应软件包
    yum install openstack-nova-api openstack-nova-conductor \
      openstack-nova-console openstack-nova-novncproxy \
      openstack-nova-scheduler -y
  • 修改相应服务的配置文件
    cp /etc/nova/nova.conf{,.bak}
    grep '^[a-Z\[]' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
    openstack-config --set /etc/nova/nova.conf  DEFAULT enabled_apis  osapi_compute,metadata
    openstack-config --set /etc/nova/nova.conf  DEFAULT rpc_backend  rabbit
    openstack-config --set /etc/nova/nova.conf  DEFAULT auth_strategy  keystone
    openstack-config --set /etc/nova/nova.conf  DEFAULT my_ip  10.0.0.11
    openstack-config --set /etc/nova/nova.conf  DEFAULT use_neutron  True
    openstack-config --set /etc/nova/nova.conf  DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
    openstack-config --set /etc/nova/nova.conf  api_database connection  mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
    openstack-config --set /etc/nova/nova.conf  database  connection  mysql+pymysql://nova:NOVA_DBPASS@controller/nova
    openstack-config --set /etc/nova/nova.conf  glance api_servers  http://controller:9292
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  auth_uri  http://controller:5000
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  auth_url  http://controller:35357
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  memcached_servers  controller:11211
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  auth_type  password
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  project_domain_name  default
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  user_domain_name  default
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  project_name  service
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  username  nova
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  password  NOVA_PASS
    openstack-config --set /etc/nova/nova.conf  oslo_concurrency lock_path  /var/lib/nova/tmp
    openstack-config --set /etc/nova/nova.conf  oslo_messaging_rabbit   rabbit_host  controller
    openstack-config --set /etc/nova/nova.conf  oslo_messaging_rabbit   rabbit_userid  openstack
    openstack-config --set /etc/nova/nova.conf  oslo_messaging_rabbit   rabbit_password  RABBIT_PASS
    openstack-config --set /etc/nova/nova.conf  vnc vncserver_listen  '$my_ip'
    openstack-config --set /etc/nova/nova.conf  vnc vncserver_proxyclient_address  '$my_ip'

    #校验

    md5sum /etc/nova/nova.conf
    47ded61fdd1a79ab91bdb37ce59ef192  /etc/nova/nova.conf

    图片

  • 同步数据库
    su -s /bin/sh -c "nova-manage api_db sync" nova
    su -s /bin/sh -c "nova-manage db sync" nova
  • 命令行操作
    [root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
    [root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
    /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
      result = self._query(query)
    /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
      result = self._query(query)
    忽略输出中任何不推荐使用的信息。
  • 校验是否同步数据成功,查看如下两个库
    [root@controller ~]# mysql nova_api -e 'show tables;'
    [root@controller ~]# mysql nova -e 'show tables;'

    图片

  • nova库由于表太多,所以。。。。。。。

图片

  • 启动服务
    systemctl enable openstack-nova-api.service \
      openstack-nova-consoleauth.service openstack-nova-scheduler.service \
      openstack-nova-conductor.service openstack-nova-novncproxy.service
    systemctl status openstack-nova-api.service \
      openstack-nova-consoleauth.service openstack-nova-scheduler.service \
      openstack-nova-conductor.service openstack-nova-novncproxy.service
  • 查看是否启动成功
    [root@controller ~]# systemctl status openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-conductor   | controller | internal | enabled | up    | 2019-09-09T08:53:04.000000 |
|  2 | nova-consoleauth | controller | internal | enabled | up    | 2019-09-09T08:53:04.000000 |
|  3 | nova-scheduler   | controller | internal | enabled | up    | 2019-09-09T08:53:04.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

以上控制节点操作全部结束

四、以下配置computer计算节点

  • nova-compute调用libvirtd来创建虚拟机
  • 安装
    yum install openstack-nova-compute -y
    yum install openstack-utils.noarch -y
  • 配置
    cp /etc/nova/nova.conf{,.bak}
    grep '^[a-Z\[]' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
    openstack-config --set /etc/nova/nova.conf  DEFAULT rpc_backend  rabbit
    openstack-config --set /etc/nova/nova.conf  DEFAULT auth_strategy  keystone
    openstack-config --set /etc/nova/nova.conf  DEFAULT my_ip  10.0.0.12
    openstack-config --set /etc/nova/nova.conf  DEFAULT use_neutron  True
    openstack-config --set /etc/nova/nova.conf  DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
    openstack-config --set /etc/nova/nova.conf  glance api_servers  http://controller:9292
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  auth_uri  http://controller:5000
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  auth_url  http://controller:35357
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  memcached_servers  controller:11211
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  auth_type  password
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  project_domain_name  default
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  user_domain_name  default
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  project_name  service
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  username  nova
    openstack-config --set /etc/nova/nova.conf  keystone_authtoken  password  NOVA_PASS
    openstack-config --set /etc/nova/nova.conf  oslo_concurrency lock_path  /var/lib/nova/tmp
    openstack-config --set /etc/nova/nova.conf  oslo_messaging_rabbit   rabbit_host  controller
    openstack-config --set /etc/nova/nova.conf  oslo_messaging_rabbit   rabbit_userid  openstack
    openstack-config --set /etc/nova/nova.conf  oslo_messaging_rabbit   rabbit_password  RABBIT_PASS
    openstack-config --set /etc/nova/nova.conf  vnc enabled  True
    openstack-config --set /etc/nova/nova.conf  vnc vncserver_listen  0.0.0.0
    openstack-config --set /etc/nova/nova.conf  vnc vncserver_proxyclient_address  '$my_ip'
    openstack-config --set /etc/nova/nova.conf  vnc novncproxy_base_url  http://controller:6080/vnc_auto.html
  • 校验
    [root@compute1 nova]# md5sum /etc/nova/nova.conf
    de2878e91f8386669cb38818b782bf5b  /etc/nova/nova.conf

    图片

  • 启动服务
    [root@compute1 nova]# systemctl enable libvirtd.service openstack-nova-compute.service
    Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
    [root@compute1 nova]# systemctl start libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
  • 服务端口检查

图片

  • 服务检查
    1. 检查keystone

[root@controller ~]# openstack token issue  ##检查keystone
图片
2.glance镜像检查
[root@controller ~]# openstack image list
图片
3.Nova节点检查
[root@controller ~]# openstack compute service list
图片
图片
4、时间同步(分布式架构时间同步很重要)

五、neutron 网络服务

OpenStack Networking(neutron),允许创建、插入接口设备,这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件,为OpenStack架构与部署提供了灵活性。
它包含下列组件:
neutron-server
接收和路由API请求到合适的OpenStack网络插件,以达到预想的目的。
OpenStack网络插件和代理
插拔端口,创建网络和子网,以及提供IP地址,这些插件和代理依赖于供应商和技术而不同,OpenStack网络基于插件和代理为Cisco 虚拟和物理交换机、NEC OpenFlow产品,Open vSwitch,Linux bridging以及VMware NSX 产品穿线搭桥。
常见的代理L3(3层),DHCP(动态主机IP地址),以及插件代理。
消息队列
大多数的OpenStack Networking安装都会用到,用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色,以存储网络状态

neutron-server  端口(9696)  api:接受和响应外部的网络管理请求
neutron-linuxbridge-agent:       负责创建桥接网卡
neutron-dhcp-agent:             负责分配IP
neutron-metadata-agent:         配合nova-metadata-api实现虚拟机的定制化操作
L3-agent                         实现三层网络(网络层)

1、安装配置在控制节点上:controller

  • 1:数据库创库授权
    CREATE DATABASE neutron;
    GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
      IDENTIFIED BY 'NEUTRON_DBPASS';
    GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
      IDENTIFIED BY 'NEUTRON_DBPASS';
  • 2:在keystone创建系统用户(glance,nova,neutron)关联角色
    openstack user create --domain default --password NEUTRON_PASS neutron
    openstack role add --project service --user neutron admin   #关联角色
  • 3:在keystone上创建服务和注册api
    openstack service create --name neutron \
      --description "OpenStack Networking" network
    openstack endpoint create --region RegionOne \
      network public http://controller:9696
    openstack endpoint create --region RegionOne \
      network internal http://controller:9696
    openstack endpoint create --region RegionOne \
      network admin http://controller:9696
  • 4:安装服务相应软件包
    yum install openstack-neutron openstack-neutron-ml2 \
      openstack-neutron-linuxbridge ebtables -y
  •   5:修改相应服务的配置文件

    a:/etc/neutron/neutron.conf

    cp /etc/neutron/neutron.conf{,.bak}
    grep '^[a-Z\[]' /etc/neutron/neutron.conf.bak &gt;/etc/neutron/neutron.conf
    openstack-config --set /etc/neutron/neutron.conf  DEFAULT core_plugin  ml2
    openstack-config --set /etc/neutron/neutron.conf  DEFAULT service_plugins
    openstack-config --set /etc/neutron/neutron.conf  DEFAULT rpc_backend  rabbit
    openstack-config --set /etc/neutron/neutron.conf  DEFAULT auth_strategy  keystone
    openstack-config --set /etc/neutron/neutron.conf  DEFAULT notify_nova_on_port_status_changes  True
    openstack-config --set /etc/neutron/neutron.conf  DEFAULT notify_nova_on_port_data_changes  True
    openstack-config --set /etc/neutron/neutron.conf  database connection  mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_uri  http://controller:5000
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_url  http://controller:35357
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken memcached_servers  controller:11211
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_type  password
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken project_domain_name  default
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken user_domain_name  default
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken project_name  service
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken username  neutron
    openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken password  NEUTRON_PASS
    openstack-config --set /etc/neutron/neutron.conf  nova auth_url  http://controller:35357
    openstack-config --set /etc/neutron/neutron.conf  nova auth_type  password 
    openstack-config --set /etc/neutron/neutron.conf  nova project_domain_name  default
    openstack-config --set /etc/neutron/neutron.conf  nova user_domain_name  default
    openstack-config --set /etc/neutron/neutron.conf  nova region_name  RegionOne
    openstack-config --set /etc/neutron/neutron.conf  nova project_name  service
    openstack-config --set /etc/neutron/neutron.conf  nova username  nova
    openstack-config --set /etc/neutron/neutron.conf  nova password  NOVA_PASS
    openstack-config --set /etc/neutron/neutron.conf  oslo_concurrency lock_path  /var/lib/neutron/tmp
    openstack-config --set /etc/neutron/neutron.conf  oslo_messaging_rabbit rabbit_host  controller
    openstack-config --set /etc/neutron/neutron.conf  oslo_messaging_rabbit rabbit_userid  openstack
    openstack-config --set /etc/neutron/neutron.conf  oslo_messaging_rabbit rabbit_password  RABBIT_PASS
    [root@controller ~]# md5sum /etc/neutron/neutron.conf
    e399b7958cd22f47becc6d8fd6d3521a  /etc/neutron/neutron.conf

    图片
    b:/etc/neutron/plugins/ml2/ml2_conf.ini

    cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
    grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini.bak &gt;/etc/neutron/plugins/ml2/ml2_conf.ini
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 type_drivers  flat,vlan
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 tenant_network_types 
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 mechanism_drivers  linuxbridge
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2 extension_drivers  port_security
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  ml2_type_flat flat_networks  provider
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini  securitygroup enable_ipset  True
    [root@controller ~]# md5sum /etc/neutron/plugins/ml2/ml2_conf.ini
    2640b5de519fafcd675b30e1bcd3c7d5  /etc/neutron/plugins/ml2/ml2_conf.ini

    图片
    c:/etc/neutron/plugins/ml2/linuxbridge_agent.ini

    cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
    grep '^[a-Z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak &gt;/etc/neutron/plugins/ml2/linuxbridge_agent.ini
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  linux_bridge physical_interface_mappings  provider:eth0
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  securitygroup enable_security_group  True
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  securitygroup firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan enable_vxlan  False
    [root@controller ~]# md5sum /etc/neutron/plugins/ml2/linuxbridge_agent.ini
    3f474907a7f438b34563e4d3f3c29538  /etc/neutron/plugins/ml2/linuxbridge_agent.ini

    图片
    d:/etc/neutron/dhcp_agent.ini

    vi /etc/neutron/dhcp_agent.ini
    [DEFAULT]
    interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
    dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
    enable_isolated_metadata = True
    [root@controller ~]# md5sum /etc/neutron/dhcp_agent.ini
    cac841bdf855fe98617cd5907f2f5d5f  /etc/neutron/dhcp_agent.ini

    图片
    e:/etc/neutron/metadata_agent.ini

    vi /etc/neutron/metadata_agent.ini
    [DEFAULT]
    nova_metadata_ip = controller
    metadata_proxy_shared_secret = METADATA_SECRET
    [root@controller ~]# md5sum /etc/neutron/metadata_agent.ini 
    6d69d28e7e1c9a12b262355047185f8c  /etc/neutron/metadata_agent.ini

    图片
    f:再次修改/etc/nova/nova.conf

    openstack-config --set /etc/nova/nova.conf  neutron url  http://controller:9696
    openstack-config --set /etc/nova/nova.conf  neutron auth_url  http://controller:35357
    openstack-config --set /etc/nova/nova.conf  neutron auth_type  password
    openstack-config --set /etc/nova/nova.conf  neutron project_domain_name  default
    openstack-config --set /etc/nova/nova.conf  neutron user_domain_name  default
    openstack-config --set /etc/nova/nova.conf  neutron region_name  RegionOne
    openstack-config --set /etc/nova/nova.conf  neutron project_name  service
    openstack-config --set /etc/nova/nova.conf  neutron username  neutron
    openstack-config --set /etc/nova/nova.conf  neutron password  NEUTRON_PASS
    openstack-config --set /etc/nova/nova.conf  neutron service_metadata_proxy  True
    openstack-config --set /etc/nova/nova.conf  neutron metadata_proxy_shared_secret  METADATA_SECRET
    [root@controller ~]# md5sum /etc/nova/nova.conf
    6334f359655efdbcf083b812ab94efc1  /etc/nova/nova.conf

    图片

  • 6、数据库同步
    ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
    su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

    图片

  • 7:启动服务
    systemctl restart openstack-nova-api.service
    systemctl enable neutron-server.service \
      neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
      neutron-metadata-agent.service
    systemctl start neutron-server.service \
      neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
      neutron-metadata-agent.service

    2、安装和配置计算节点compute1

  • 1、安装
    [root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
  • 2、配置

配置

cp /etc/neutron/neutron.conf{,.bak}

grep '^[a-Z\[]' /etc/neutron/neutron.conf.bak &gt;/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf  DEFAULT rpc_backend  rabbit
openstack-config --set /etc/neutron/neutron.conf  DEFAULT auth_strategy  keystone
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken auth_type  password
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken project_domain_name  default
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken user_domain_name  default
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken project_name  service
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken username  neutron
openstack-config --set /etc/neutron/neutron.conf  keystone_authtoken password  NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf  oslo_concurrency lock_path  /var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.conf  oslo_messaging_rabbit rabbit_host  controller
openstack-config --set /etc/neutron/neutron.conf  oslo_messaging_rabbit rabbit_userid  openstack
openstack-config --set /etc/neutron/neutron.conf  oslo_messaging_rabbit rabbit_password  RABBIT_PASS
[root@compute1 nova]# md5sum /etc/neutron/neutron.conf
77ffab503797be5063c06e8b956d6ed0  /etc/neutron/neutron.conf

图片
cp -r /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:eth0
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = False
[root@compute1 nova]# md5sum /etc/neutron/plugins/ml2/linuxbridge_agent.ini
3f474907a7f438b34563e4d3f3c29538  /etc/neutron/plugins/ml2/linuxbridge_agent.ini

图片

  • 修改novja节点配置文件,最终配置文件
    openstack-config --set /etc/nova/nova.conf  neutron url  http://controller:9696
    openstack-config --set /etc/nova/nova.conf  neutron auth_url  http://controller:35357
    openstack-config --set /etc/nova/nova.conf  neutron auth_type  password
    openstack-config --set /etc/nova/nova.conf  neutron project_domain_name  default
    openstack-config --set /etc/nova/nova.conf  neutron user_domain_name  default
    openstack-config --set /etc/nova/nova.conf  neutron region_name  RegionOne
    openstack-config --set /etc/nova/nova.conf  neutron project_name  service
    openstack-config --set /etc/nova/nova.conf  neutron username  neutron
    openstack-config --set /etc/nova/nova.conf  neutron password  NEUTRON_PASS
    [root@compute1 nova]# md5sum /etc/nova/nova.conf
    2be5a71f4813fd994a8ba2bcf2a4adfb  /etc/nova/nova.conf

    图片

  • 3、启动
    systemctl restart openstack-nova-compute.service
    systemctl enable neutron-linuxbridge-agent.service
    systemctl start neutron-linuxbridge-agent.service

    4、校验

  • 查看neutron
    [root@controller ~]# neutron agent-list

    图片

    六、安装horizon web界面

    个人建议安装在计算节点

  • 1、安装
    [root@compute1 ~]# yum install openstack-dashboard -y
  • 2:配置
    vim /etc/openstack-dashboard/local_settings

    这里由于修改比较繁琐,自己编写了一个没有错的直接替换

    [root@compute1 ~]# rz 
    [root@compute1 ~]# cat local_settings &gt;/etc/openstack-dashboard/local_settings  

    需要此请+:1602031534

  • 3:启动
    systemctl start httpd

    4、浏览器验证

    验证仪表盘的操作。
    在浏览器中输入 ``http://controller/dashboard``访问仪表盘。
    验证使用 admin 或者``demo``用户凭证和``default``域凭证。

    5、报错解决

    [root@controller1 ~]# cat /var/log/httpd/error_log

    以下几条日志与尝试打开页面失败相关:

    [Thu Nov 16 17:09:27.362380 2017] [core:error] [pid 22918] [client 10.11.113.61:62148] Script timed out before returning headers: django.wsgi
    [Thu Nov 16 17:09:29.649566 2017] [core:error] [pid 22979] [client 10.11.113.39:55327] Script timed out before returning headers: django.wsgi
    [Thu Nov 16 17:09:30.450777 2017] [core:error] [pid 22980] [client 10.11.113.61:62149] Script timed out before returning headers: django.wsgi

    猜测这个事情应该和django.wsgi有关系,百度到有人给出解决方法。

    编辑:/etc/httpd/conf.d/openstack-dashboard.conf
    在WSGISocketPrefix run/wsgi下面加一行代码:
    WSGIApplicationGroup %{GLOBAL}      加入此句话#

    保存,重启httpd服务。
    浏览器访问
    图片

图片+-