实验环境
俩台CENTOS6.5 最小化安装,1核1Gb内存,iptables 关闭,selinux 关闭
Controller ip 192.168.11.182
Compute1 ip 192.168.11.183
1 安装时间同步,俩台机子上都要安装
yum install ntp
service ntpd start
chkconfig ntpd on
2 配置网络资源
yum install yum-plugin-priorities –y
yum install –y https://repos.fedorapeople.org/repos/openstack/openstack-icehouse/rdo-release-icehouse-3.noarch.rpm
yum install –y http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
yum install –y openstack-utils openstack-selinux
yum upgrade
reboot
2 配置网络
2.1 controller node 1 配置管理接口
DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.11.182
NETMASK=255.255.255.0
GATEWAY=192.168.11.2
DNS1=192.168.11.2
2 配置hosts记录 192.168.11.182 controlle
192.168.11.183 compute1
2.2 compute1 node 1 配置管理接口 DEVICE=eth0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.11.183
NETMASK=255.255.255.0
GATEWAY=192.168.11.2
DNS1=192.168.11.2
2 配置外部接口
DEVICE=eth1
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
3 配置hosts记录
192.168.11.182 controlle
192.168.11.183 compute1
重启网卡
service network restart
测试
ping -c 4 www.openstack.org
ping -c 4 controlle
ping -c 4 compute1
3 controlle node1
mysql 安装
yum install mysql mysql-server MySQL-python -y
1.1 mysql配置
Vi /etc/my.cnf
[mysqld]...bind-address = 192.168.11.182
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
1.2 启动mysql
service mysqld start
chkconfig mysqld on
1.3 设置mysql的root密码
mysql_install_db
mysql_secure_installation
2消息中间件Qpid服务安装与配置
yum install qpid-cpp-server2.1 关闭身份认证
vi /etc/qpidd.conf
auth=no
2.2重启qpidd服务
service qpidd start
chkconfig qpidd on
3.认证服务Keystone安装与配置
3.1安装
yum install openstack-keystonepython-keystoneclient -y
3.2 配置数据库
openstack-config --set/etc/keystone/keystone.conf
database connection mysql://keystone:keystone@controller/keystone
3.3 创建数据库并授权
mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost'
IDENTIFIED BY 'keystone';
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'%'
IDENTIFIED BY 'keystone';
mysql> exit
3.4 导入数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone3.5生成字符串秘钥并添加到配置文件
ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.confDEFAULT
admin_token $ADMIN_TOKEN
3.6默认keystone使用PKI令牌,创建签名秘钥和证书
keystone-manage pki_setup --keystone-userkeystone --keystone-group keystone
chown -R keystone:keystone/etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
3.7 启动服务
service openstack-keystone start
chkconfig openstack-keystone on
3.8定期清理过期的令牌,提高性能
(crontab -l -u keystone 2>&1 | grep-q token_flush) ||
echo '@hourly /usr/bin/keystone-managetoken_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >>/var/spool/cron/keystone
3.9设置令牌及服务位置环境变量
exportOS_SERVICE_TOKEN=ADMIN_TOKEN(这里官网有点问题应该是)
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
3.10创建admin用户、角色和租户
keystone user-create --name=admin --pass= ADMIN_PASS(更改成admin的密码,自己设定,这里我设置的是admin)--email=ADMIN_EMAIL(自己设定邮箱)创建管理员用户keystone role-create --name=admin 创建管理员角色#为管理员创建租户
keystone tenant-create --name=admin--description="AdminTenant"
#将角色添加到用户
keystone user-role-add --user=admin--tenant=admin --role=admin
keystone user-role-add --user=admin--role=_member_ --tenant=admin
3.11创建service租户
keystone tenant-create --name=service--description="ServiceTenant"
3.12创建keystone标识服务
keystone service-create --name=keystone --type=identity
--description="OpenStackIdentity"
3.13创建服务端点,指定API的URL
keystone endpoint-create
--service-id=$(keystone service-list | awk'/ identity / {print$2}')
--publicurl=http://controller:5000/v2.0
--internalurl=http://controller:5000/v2.0
--adminurl=http://controller:35357/v2.0
3.14取消变量
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
3.15测试身份认证
keystone --os-username=admin--os-password=admin
--os-auth-url=http://controller:35357/v2.0token-get
keystone --os-username=admin --os-password=admin
--os-tenant-name=admin--os-auth-url=http://controller:35357/v2.0 token-get
3.16设置环境变量,也可以写在.bash_profile
vi /root/admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
exportOS_AUTH_URL=http://controller:35357/v2.0
source admin-openrc.sh
3.17验证是否授权成功
keystone token-get
keystone user-list
keystone user-role-list --user admin--tenant admin
keystone --os-password admin service-list
3.18安装client通过http访问各组件客户端
yum install -y python-keystoneclient python-glanceclient python-novaclient python-swiftclientpython-neutronclient python-cinderclient python-troveclient python-heatclient python-ceilometerclient
4.镜像服务Glance安装与配置
4.1安装
yum install -y openstack-glance python-glanceclient现在启动glance-api,要不然会可能后面启动不起来。
service openstack-glance-api start
4.2配置数据库
openstack-config --set/etc/glance/glance-api.conf database
connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database
connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-api.confDEFAULT rpc_backend qpid
openstack-config --set /etc/glance/glance-api.confDEFAULT qpid_hostname controller
4.3 创建数据库
mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.*TO 'glance'@'localhost'
IDENTIFIED BY 'glance';
mysql> GRANT ALL PRIVILEGES ON glance.*TO 'glance'@'%'
IDENTIFIED BY 'glance';
4.4 导入数据库
su -s /bin/sh -c "glance-managedb_sync" glance
报错提示(不知道什么意思)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attackvulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attackvulnerability.", PowmInsecureWarning)
Google搜到的 地址
https://ask.openstack.org/en/question/28335/you-should-rebuild-using-libgmp-5-to-avoid-timing-attack-vulnerability-_warnnot-using-mpz_powm_sec-you-should-rebuild-using-libgmp-5-to-avoid-timing/
Currently rhel has GMP version 4.something
PyCrypto needs GMP >= 5
Because rhel is slightly behind we have to re-make The GNU Multiple PrecisionArithmetic Library stuff.
For this we have to download the sources from https://gmplib.org/#DOWNLOAD
According to the instructions from the package:
tar -xvjpf gmp-6.0.0a.tar.bz2
./configure
make
make check <= VERY IMPORTANT!!
make install
With the right libraries we rebuild PyCrypto
pip install --ignore-installed PyCrypto
As a side note, whenever building and re-building do a
yum -y groupinstall "Development tools"
yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-developenssl-devel zlib-devel bzip2-devel ncurses-devel
It will take care of many problems you might encounter due to missing compilersand header files.
4.5创建glance用户并加入角色admin
keystone user-create --name=glance--pass=glance--email=glance@example.com
keystone user-role-add --user=glance--tenant=service --role=admin
4.6配置认证信息
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_hostcontroller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http
openstack-config --set /etc/glance/glance-api.conf keystone_authtokenadmin_tenant_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_userglance
openstack-config --set /etc/glance/glance-api.conf keystone_authtokenadmin_password glance
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set/etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtokenauth_host controller
openstack-config --set /etc/glance/glance-registry.conf keystone_authtokenauth_port 35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtokenauth_protocol http
openstack-config --set /etc/glance/glance-registry.conf keystone_authtokenadmin_tenant_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtokenadmin_password glance
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavorkeystone
4.7创建glance标识服务
keystone service-create --name=glance--type=p_w_picpath--description="OpenStackImage Service"
4.8创建Glance API接口URL
keystone endpoint-create
--service-id=$(keystone service-list | awk '/ p_w_picpath / {print$2}')
--publicurl=http://controller:9292
--internalurl=http://controller:9292
--adminurl=http://controller:9292
4.9启动glance服务
service openstack-glance-api restart
service openstack-glance-registry start
chkconfig openstack-glance-api on
chkconfig openstack-glance-registry on
4.10上传测试镜像
mkdir /tmp/p_w_picpaths
cd /tmp/p_w_picpaths/
wget http://cdn.download.cirros-cloud ... 3.2-x86_64-disk.imgglance p_w_picpath-create --name"cirros-0.3.2-x86_64" --disk-format qcow2
--container-format bare --is-public True--progress <cirros-0.3.2-x86_64-disk.img
4.11查看上传镜像状态
glance p_w_picpath-list
5.计算服务Nova API安装与配置
5.1安装
yum install openstack-nova-apiopenstack-nova-cert openstack-nova-conductor
openstack-nova-console openstack-nova-novncproxyopenstack-nova-scheduler
python-novaclient
5.2配置数据库
openstack-config --set /etc/nova/nova.conf database
connection mysql://nova:nova@controller/nova
5.3配置Qpid及VNC
openstack-config --set /etc/nova/nova.confDEFAULT rpc_backend qpid
openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname controller
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.1.11
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen192.168.1.11
openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address
192.168.1.11
5.4创建数据库
mysql -uroot -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO'nova'@'localhost'
IDENTIFIEDBY 'nova';
mysql> GRANT ALL PRIVILEGES ON nova.* TO'nova'@'%'
IDENTIFIEDBY 'nova';
mysql> exit
5.5导入数据库
su -s /bin/sh -c "nova-manage dbsync" nova
5.6创建nova用户并加入角色admin
keystone user-create --name=nova --pass=nova--email=nova@example.com
keystone user-role-add --user=nova--tenant=service --role=admin
5.7配置认证信息
openstack-config --set /etc/nova/nova.confDEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken
auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host controller
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocolhttp
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_nameservice
openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password nova
原文链接:https://blog.csdn.net/weixin_34321977/article/details/91569035
站方申明:本站部分内容来自社区用户分享,若涉及侵权,请联系站方删除。
- 发表于 2020-02-25 00:04:48
- 阅读 ( 1402 )
- 分类:Linux
