centos7部署openstack（queens）

[mysqld]

bind-address = 172.24.19.10

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

1.6.3 启动数据库服务

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

1.6.4 设置数据库密码

运行mysql_secure_installation命令，创建数据库root密码

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user. If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

Set root password? [Y/n] y

New password: ## 此处为root用户密码，这里设为000000

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them. This is intended only for testing, and to make the installation

go a bit smoother. You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n] y

... Success!

Normally, root should only be allowed to connect from 'localhost'. This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] n

... skipping.

By default, MariaDB comes with a database named 'test' that anyone can

access. This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n] y

- Dropping test database...

... Success!

- Removing privileges on test database...

... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n] y

... Success!

Cleaning up...

All done! If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

1.7 安装消息队列服务

1.7.1 在controller节点安装rabbitmq-server

[root@controller ~]# yum install -y rabbitmq-server -y

1.7.2 启动消息队列服务

[root@controller ~]# systemctl start rabbitmq-server.service

[root@controller ~]# systemctl enable rabbitmq-server.service

Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.

1.7.3 添加openstack用户

[root@controller ~]# rabbitmqctl add_user openstack 000000

Creating user "openstack" ...

1.7.4 设置openstack用户最高权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setting permissions for user "openstack" in vhost "/" ...

1.8 安装memcached 服务

1.8.1 在controller节点上安装memcached

[root@controller ~]# yum install -y memcached

1.8.2 修改memcached配置文件

编辑/etc/sysconfig/memcached，修改以下内容

修改OPTIONS="-l 127.0.0.1,::1"为

OPTIONS="-l 127.0.0.1,::1,controller"

1.8.3 启动memcached服务

[root@controller ~]# systemctl start memcached.service

[root@controller ~]# systemctl enable memcached.service

1.9 安装etcd服务

1.9.1 在controller节点上安装etcd服务

[root@controller ~]# yum install etcd -y

1.9.2 修改etcd配置文件，使其他节点能够访问

编辑/etc/etcd/etcd.conf，在各自的位置修改以下内容

#[Member]

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="http://172.24.19.10:2380"

ETCD_LISTEN_CLIENT_URLS="http://172.24.19.10:2379"

ETCD_NAME="controller"

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.24.19.10:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://172.24.19.10:2379"

ETCD_INITIAL_CLUSTER="controller=http://172.24.19.10:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

1.9.3 启动etcd服务

[root@controller ~]# systemctl start etcd

[root@controller ~]# systemctl enable etcd

WARNING：（在我想查看集群状态的时候，报错了，但是不影响后面的操作）

[root@controller ~]# etcdctl cluster-health

cluster may be unhealthy: failed to list members

Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

; error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

2 安装Keystone认证服务

此服务只安装在controller节点上

2.1 创建keystone数据库

[root@controller ~]# mysql -uroot -p000000（此处为之前设置的数据库密码）

Welcome to the MariaDB monitor. Commands end with ; or g.

Your MariaDB connection id is 9

Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or 'h' for help. Type 'c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

2.2 安装keystone服务软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

2.3 修改配置文件

2.3.1修改/etc/keystone/keystone.conf配置文件

[database]

connection = mysql+pymysql://keystone:000000@controller/keystone

[token]

provider = fernet

2.4同步数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

2.5 初始化秘钥库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

2.6 引导身份服务

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

2.7 配置Apache服务

编辑/etc/httpd/conf/httpd.conf，添加以下内容

ServerName controller

2.8 创建wsgi-keystone.conf文件连接

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

2.9 启动服务

[root@controller ~]# systemctl enable httpd.service

版权声明：本文来源CSDN，感谢博主原创文章，遵循 CC 4.0 by-sa 版权协议，转载请附上原文出处链接和本声明。
原文链接：https://blog.csdn.net/qq_38773184/article/details/81476997
站方申明：本站部分内容来自社区用户分享，若涉及侵权，请联系站方删除。

发表于 2020-03-02 04:43:44
阅读 ( 828 )
分类：Linux

centos7部署openstack（queens）

1 基础环境配置

1.1 配置网络、主机名

1.2 配置域名解析

1.3配置防火墙和Selinux

1.3.1 在controller和compute节点上编辑selinux文件

1.3.2 controller和compute节点关闭防火墙

1.4 安装chrony服务

1.4.1 controller和compute节点安装chrony

1.4.2 配置controller 节点

1.4.3 配置compute节点

1.4.4 验证

1.5 安装openstack存储库包

1.5.1 在controller和compute节点安装

1.5.2 controller和compute节点升级软件包

1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务

1.5.4 重启系统

1.6 安装数据库服务

1.6.1 在controller节点安装数据库

1.6.2修改数据库配置文件

1.6.3 启动数据库服务

1.6.4 设置数据库密码

1.7 安装消息队列服务

1.7.1 在controller节点安装rabbitmq-server

1.7.2 启动消息队列服务

1.7.3 添加openstack用户

1.7.4 设置openstack用户最高权限

1.8 安装memcached 服务

1.8.1 在controller节点上安装memcached

1.8.2 修改memcached配置文件

1.8.3 启动memcached服务

1.9 安装etcd服务

1.9.1 在controller节点上安装etcd服务

1.9.2 修改etcd配置文件，使其他节点能够访问

1.9.3 启动etcd服务

2 安装Keystone认证服务

此服务只安装在controller节点上

2.1 创建keystone数据库

2.2 安装keystone服务软件包

2.3 修改配置文件

2.3.1修改/etc/keystone/keystone.conf配置文件

2.4同步数据库

2.5 初始化秘钥库

2.6 引导身份服务

2.7 配置Apache服务

2.8 创建wsgi-keystone.conf文件连接

2.9 启动服务

你可能感兴趣的文章

精选的优质文章

0 条评论

官方社群

GO教程

推荐文章

猜你喜欢

随便看看