所需环境:两台虚拟机,分别为controller节点(4G内存,40存储)、compute(2G内存,40存储)
操作系统:Centos7
1,修改主机名,分别改为controller和compute节点
[root@controller ~]# cat /etc/hostname
controller
[root@localhost ~]# cat /etc/hostname
compute
2,关闭/禁用firewalld(两个节点同时执行)
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@compute ~]# systemctl stop firewalld
[root@compute~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
3,关闭/禁用NetworkManager(两个节点同时执行)
[root@controller ~]# systemctl stop NetworkManager
[root@controller ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
[root@controller ~]#
[root@compute~]# systemctl stop NetworkManager
[root@compute~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed symlink /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
4,禁用SELINUX(两个节点同时执行)
[root@controller ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
[root@compute~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
5,修改hosts(两个节点同时执行)
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f6:d5:a1 brd ff:ff:ff:ff:ff:ff
inet 192.168.200.110/24 brd 192.168.200.255 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef6:d5a1/64 scope link
valid_lft forever preferred_lft forever
[root@controller ~]# cat /etc/hosts
192.168.200.110 controller
192.168.200.120 compute
[root@compute~]# ifconfig
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.200.120 netmask 255.255.255.0 broadcast 192.168.200.255
inet6 fe80::20c:29ff:fe38:e71b prefixlen 64 scopeid 0x20<link>
ether 00:0c:29:38:e7:1b txqueuelen 1000 (Ethernet)
RX packets 8483 bytes 9486983 (9.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2201 bytes 187438 (183.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
[root@compute ~]# cat /etc/hosts
192.168.200.110 controller
192.168.200.120 compute
7,确认与Internet以及节点之间的网络连接(两个节点同时执行)
[root@compute ~]# ping -c 4 docs.openstack.org
PING files02.openstack.org (23.253.125.17) 56(84) bytes of data.
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=1 ttl=128 time=182 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=2 ttl=128 time=186 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=3 ttl=128 time=182 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=4 ttl=128 time=183 ms
[root@controller ~]# ping -c 4 docs.openstack.org
PING files02.openstack.org (23.253.125.17) 56(84) bytes of data.
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=1 ttl=128 time=182 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=2 ttl=128 time=181 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=3 ttl=128 time=183 ms
64 bytes from files02.openstack.org (23.253.125.17): icmp_seq=4 ttl=128 time=182 ms
8,安装和配置的部件(两个节点同时执行)
[root@controller ~]# yum install chrony
[root@compute ~]# yum install chrony
编辑/etc/chrony.conf文件:
[root@controller ~]# cat /etc/chrony.conf
server NTP_SERVER iburst
allow 192.168.200.0/24
[root@compute ~]# cat /etc/chrony.conf
server NTP_SERVER iburst
allow 192.168.200.0/24
重新启动NTP服务:
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl start chronyd.service
[root@compute ~]# systemctl enable chronyd.service
[root@compute ~]# systemctl start chronyd.service
9,验证NTP同步(两个节点同时执行)
[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp8.flashdance.cx 2 6 377 25 -4011us[ -12ms] +/- 158ms
^- ntp6.flashdance.cx 2 7 7 85 -1850us[-9076us] +/- 192ms
^+ electabuzz.felixc.at 3 6 337 25 -22ms[ -22ms] +/- 137ms
^* stratum2-1.ntp.led01.ru.> 2 6 375 29 +12ms[+3864us] +/- 97ms
[root@compute ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 120.25.115.20 2 6 37 100 +66us[+9824ns] +/- 11ms
^- ntp1.flashdance.cx 2 6 77 36 -15ms[ -15ms] +/- 174ms
^- 119.28.206.193 2 6 77 39 -4962us[-4962us] +/- 48ms
^- 111.230.189.174 2 6 77 40 +3203us[+3203us] +/- 34ms
10,安装OpenStack软件包(两个节点同时执行)
安装Rocky版本:
[root@controller ~]# yum install -y centos-release-openstack-rocky
[root@compute ~]# yum install centos-release-openstack-rocky
升级软件包:
[root@controller ~]# yum upgrade
[root@compute ~]# yum upgrade
安装OpenStack客户端:
[root@controller~]# yum install -y python-openstackclient
[root@compute ~]# yum install -y python-openstackclient
安装 openstack-selinux软件包以自动管理OpenStack服务的安全策略:
[root@controller~]# yum install -y openstack-selinux
[root@compute ~]# yum install -y openstack-selinux
11,安装mariadb软件包(在控制节点)
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
创建和编辑/etc/my.cnf.d/openstack.cnf文件:
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.200.110
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动数据库服务:
[root@controller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller ~]# systemctl start mariadb.service
为数据库root帐户选择合适的密码(设置密码为000000) :
[root@controller ~]# mysql_secure_installation
在配置 OpenStack 身份认证服务前,必须创建一个数据库及权限授权:
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 15
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]> select User,Password,Host from mysql.user where User like "keystone";
+----------+-------------------------------------------+-----------+
| User | Password | Host |
+----------+-------------------------------------------+-----------+
| keystone | *032197AE5731D4664921A6CCAC7CFCE6A0698693 | localhost |
| keystone | *032197AE5731D4664921A6CCAC7CFCE6A0698693 | % |
+----------+-------------------------------------------+-----------+
2 rows in set (0.01 sec)
MariaDB [(none)]>
12,安装消息队列软件包(在控制器节点)
[root@controller ~]# yum install -y rabbitmq-server
启动消息队列服务:
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller ~]# systemctl start rabbitmq-server.service
添加openstack用户:
[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack"
允许用户配置,写入和读取访问权限 openstack:
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
查看消息队列的端口:
[root@controller ~]# netstat -tnlp|grep beam
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 55010/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 55010/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 55010/beam.smp
通过浏览器访问15672端口(账号和密码默认为guest):
13,安装memcached软件包(在控制器节点)
[root@controller ~]# yum install -y memcached python-memcached
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
编辑/etc/sysconfig/memcached文件:
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"
启动Memcached服务:
[root@controller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@controller ~]# systemctl start memcached.service
查看Memcached的端口:
[root@controller ~]# netstat -tnlp|grep memcached
tcp 0 0 192.168.200.110:11211 0.0.0.0:* LISTEN 55779/memcached
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 55779/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 55779/memcached
创建管理员令牌:
[root@controller ~]# openssl rand -hex 10
编辑/etc/keystone/keystone.conf文件:
[root@controller keystone]# grep "^[a-z]" -B 1 /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 6f11c8798dc6231a6c5c
[database]
connection = mysql://keystone:000000@controller/keystone
[memcache]
servers = localhost:11211
[revoke]
driver = sql
[token]
provider = uuid
driver = memcache
初始化身份认证服务的数据库:
[root@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone
查看日志是否有错误:
[root@controller keystone]# tail /var/log/keystone/keystone.log
2019-10-18 14:53:19.967 59234 INFO migrate.versioning.api [-] 47 -> 48...
2019-10-18 14:53:19.975 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:19.975 59234 INFO migrate.versioning.api [-] 48 -> 49...
2019-10-18 14:53:19.982 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:19.983 59234 INFO migrate.versioning.api [-] 49 -> 50...
2019-10-18 14:53:19.992 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:19.992 59234 INFO migrate.versioning.api [-] 50 -> 51...
2019-10-18 14:53:20.001 59234 INFO migrate.versioning.api [-] done
2019-10-18 14:53:20.001 59234 INFO migrate.versioning.api [-] 51 -> 52...
2019-10-18 14:53:20.009 59234 INFO migrate.versioning.api [-] done
14,安装etcd软件包(在控制器节点)
[root@controller ~]# yum install -y etcd
编辑/etc/etcd/etcd.conf文件并设置ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS,ETCD_ADVERTISE_CLIENT_URLS, ETCD_LISTEN_CLIENT_URLS:
[root@controller ~]# cat /etc/etcd/etcd.conf
#[Member]
#ETCD_CORS=""
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
#ETCD_WAL_DIR=""
ETCD_LISTEN_PEER_URLS="http://192.168.200.110:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.200.110:2379"
#ETCD_MAX_SNAPSHOTS="5"
#ETCD_MAX_WALS="5"
ETCD_NAME="controller"
#ETCD_SNAPSHOT_COUNT="100000"
#ETCD_HEARTBEAT_INTERVAL="100"
#ETCD_ELECTION_TIMEOUT="1000"
#ETCD_QUOTA_BACKEND_BYTES="0"
#ETCD_MAX_REQUEST_BYTES="1572864"
#ETCD_GRPC_KEEPALIVE_MIN_TIME="5s"
#ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s"
#ETCD_GRPC_KEEPALIVE_TIMEOUT="20s"
#
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.200.110:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.200.110:2379"
#ETCD_DISCOVERY=""
#ETCD_DISCOVERY_FALLBACK="proxy"
#ETCD_DISCOVERY_PROXY=""
#ETCD_DISCOVERY_SRV=""
ETCD_INITIAL_CLUSTER="controller=http://192.168.200.110:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
#ETCD_STRICT_RECONFIG_CHECK="true"
#ETCD_ENABLE_V2="true"
#
启用并启动etcd服务:
[root@controller ~]# systemctl enable etcd
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
[root@controller ~]# systemctl start etcd