在Centos7,安装openstack、openstack环境搭建(Stein版本)

  • Post author:
  • Post category:其他


所需环境:两台虚拟机,分别为controller节点(4G内存,40存储)、compute(2G内存,40存储)

操作系统:Centos7

1,修改主机名,分别改为controller和compute节点

[root@controller ~]# cat /etc/hostname 
controller
[root@localhost ~]# cat /etc/hostname 
compute

2,关闭/禁用firewalld(两个节点同时执行)

[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@compute ~]# systemctl stop firewalld
[root@compute~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

3,关闭/禁用NetworkManager(两个节点同时执行)

[root@controller ~]# systemctl stop NetworkManager
[root@controller ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@controller ~]# 
[root@compute~]# systemctl stop NetworkManager
[root@compute~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.

4,禁用SELINUX(两个节点同时执行)

[root@controller ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 
[root@compute~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
#     targeted - Targeted processes are protected,
#     minimum - Modification of targeted policy. Only selected processes are protected. 
#     mls - Multi Level Security protection.
SELINUXTYPE=targeted 

5,修改hosts(两个节点同时执行)

[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 00:0c:29:f6:d5:a1 brd ff:ff:ff:ff:ff:ff
    inet 192.168.200.110/24 brd 192.168.200.255 scope global ens33
       valid_lft forever preferred_lft forever
    inet6 fe80::20c:29ff:fef6:d5a1/64 scope link 
       valid_lft forever preferred_lft forever
[root@controller ~]# cat /etc/hosts
192.168.200.110 controller
192.168.200.120 compute
[root@compute~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.200.120  netmask 255.255.255.0  broadcast 192.168.200.255
        inet6 fe80::20c:29ff:fe38:e71b  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:38:e7:1b  txqueuelen 1000  (Ethernet)
        RX packets 8483  bytes 9486983 (9.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2201  bytes 187438 (183.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
[root@compute ~]# cat /etc/hosts
192.168.200.110 controller
192.168.200.120 compute

7,确认与Internet以及节点之间的网络连接(两个节点同时执行)

[root@compute ~]# ping -c 4 docs.openstack.org
PING files02.openstack.org (23.253.125.17) 56(84) bytes of data.
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=1 ttl=128 time=182 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=2 ttl=128 time=186 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=3 ttl=128 time=182 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=4 ttl=128 time=183 ms
[root@controller ~]# ping -c 4 docs.openstack.org
PING files02.openstack.org (23.253.125.17) 56(84) bytes of data.
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=1 ttl=128 time=182 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=2 ttl=128 time=181 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=3 ttl=128 time=183 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=4 ttl=128 time=182 ms

8,安装和配置的部件(两个节点同时执行)

[root@controller ~]# yum install chrony
[root@compute ~]#  yum install chrony

编辑/etc/chrony.conf文件:

[root@controller ~]# cat /etc/chrony.conf 
server NTP_SERVER iburst
allow 192.168.200.0/24
[root@compute ~]# cat /etc/chrony.conf 
server NTP_SERVER iburst
allow 192.168.200.0/24

重新启动NTP服务:

[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl start chronyd.service
[root@compute ~]# systemctl enable chronyd.service
[root@compute ~]# systemctl start chronyd.service

9,验证NTP同步(两个节点同时执行)

[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^+ ntp8.flashdance.cx            2   6   377    25  -4011us[  -12ms] +/-  158ms
^- ntp6.flashdance.cx            2   7     7    85  -1850us[-9076us] +/-  192ms
^+ electabuzz.felixc.at          3   6   337    25    -22ms[  -22ms] +/-  137ms
^* stratum2-1.ntp.led01.ru.>     2   6   375    29    +12ms[+3864us] +/-   97ms
[root@compute ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 120.25.115.20                 2   6    37   100    +66us[+9824ns] +/-   11ms
^- ntp1.flashdance.cx            2   6    77    36    -15ms[  -15ms] +/-  174ms
^- 119.28.206.193                2   6    77    39  -4962us[-4962us] +/-   48ms
^- 111.230.189.174               2   6    77    40  +3203us[+3203us] +/-   34ms

10,安装OpenStack软件包(两个节点同时执行)

安装Rocky版本:

[root@controller ~]# yum install -y centos-release-openstack-rocky
[root@compute ~]# yum install centos-release-openstack-rocky

升级软件包:

[root@controller ~]# yum upgrade
[root@compute ~]# yum upgrade

安装OpenStack客户端:

[root@controller~]# yum install -y python-openstackclient
[root@compute ~]# yum install -y python-openstackclient

安装 openstack-selinux软件包以自动管理OpenStack服务的安全策略:

[root@controller~]# yum install -y openstack-selinux
[root@compute ~]# yum install -y openstack-selinux

11,安装mariadb软件包(在控制节点)

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

创建和编辑/etc/my.cnf.d/openstack.cnf文件:

[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.200.110

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启动数据库服务:

[root@controller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller ~]# systemctl start mariadb.service

为数据库root帐户选择合适的密码(设置密码为000000) :

[root@controller ~]# mysql_secure_installation

在配置 OpenStack 身份认证服务前,必须创建一个数据库及权限授权:

[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> show databases; 
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
| mysql              |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)

MariaDB [(none)]> select User,Password,Host from mysql.user where User  like "keystone"; 
+----------+-------------------------------------------+-----------+
| User     | Password                                  | Host      |
+----------+-------------------------------------------+-----------+
| keystone | *032197AE5731D4664921A6CCAC7CFCE6A0698693 | localhost |
| keystone | *032197AE5731D4664921A6CCAC7CFCE6A0698693 | %         |
+----------+-------------------------------------------+-----------+
2 rows in set (0.01 sec)

MariaDB [(none)]> 

在这里插入图片描述

12,安装消息队列软件包(在控制器节点)

[root@controller ~]# yum install -y rabbitmq-server

启动消息队列服务:

[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller ~]# systemctl start rabbitmq-server.service

添加openstack用户:

[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack"

允许用户配置,写入和读取访问权限 openstack:

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"

查看消息队列的端口:

[root@controller ~]# netstat -tnlp|grep beam
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      55010/beam.smp      
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      55010/beam.smp      
tcp6       0      0 :::5672                 :::*                    LISTEN      55010/beam.smp      

通过浏览器访问15672端口(账号和密码默认为guest):

账号和密码默认为guest

在这里插入图片描述

点击openstack更改设置

密码为000000,点击update user更改设置

13,安装memcached软件包(在控制器节点)

[root@controller ~]# yum install -y memcached python-memcached

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi  -y

编辑/etc/sysconfig/memcached文件:

[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"

启动Memcached服务:

[root@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]# systemctl start memcached.service

查看Memcached的端口:

[root@controller ~]# netstat -tnlp|grep memcached
tcp        0      0 192.168.200.110:11211   0.0.0.0:*               LISTEN      55779/memcached     
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      55779/memcached     
tcp6       0      0 ::1:11211               :::*                    LISTEN      55779/memcached  

创建管理员令牌:

[root@controller ~]# openssl rand -hex 10

编辑/etc/keystone/keystone.conf文件:

[root@controller keystone]# grep "^[a-z]" -B  1  /etc/keystone/keystone.conf 
[DEFAULT]
admin_token = 6f11c8798dc6231a6c5c
[database]
connection = mysql://keystone:000000@controller/keystone
[memcache]
servers = localhost:11211
[revoke]
driver = sql
[token]
provider = uuid
driver = memcache

初始化身份认证服务的数据库:

[root@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone

查看日志是否有错误:

[root@controller keystone]# tail /var/log/keystone/keystone.log
2019-10-18 14:53:19.967 59234 INFO migrate.versioning.api [-] 47 -> 48... 
2019-10-18 14:53:19.975 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:19.975 59234 INFO migrate.versioning.api [-] 48 -> 49... 
2019-10-18 14:53:19.982 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:19.983 59234 INFO migrate.versioning.api [-] 49 -> 50... 
2019-10-18 14:53:19.992 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:19.992 59234 INFO migrate.versioning.api [-] 50 -> 51... 
2019-10-18 14:53:20.001 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:20.001 59234 INFO migrate.versioning.api [-] 51 -> 52... 
2019-10-18 14:53:20.009 59234 INFO migrate.versioning.api [-] done

14,安装etcd软件包(在控制器节点)

[root@controller ~]# yum install -y etcd

编辑/etc/etcd/etcd.conf文件并设置ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS,ETCD_ADVERTISE_CLIENT_URLS, ETCD_LISTEN_CLIENT_URLS:

[root@controller ~]# cat /etc/etcd/etcd.conf
#[Member]
#ETCD_CORS=""
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
ETCD_LISTEN_PEER_URLS="http://192.168.200.110:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.200.110:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME="controller"
#ETCD_SNAPSHOT_COUNT="100000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.200.110:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.200.110:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
ETCD_INITIAL_CLUSTER="controller=http://192.168.200.110:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
#ETCD_ENABLE_V2="true"
#

在这里插入图片描述

启用并启动etcd服务:

[root@controller ~]# systemctl enable etcd
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
[root@controller ~]# systemctl start etcd



版权声明:本文为qq_43699928原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。