centos7.3安装openstack-mitaka

来源：互联网发布：中国旅游数据统计编辑：程序博客网时间：2024/06/06 04:50

https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/

按照官网安装文档，step by step

准备：配置ip和host、安装chrony的NTP

1 yum install centos-release-openstack-mitaka

说明：这步用纯净环境安装没问题，但是之前装过newton就该先yum remove newton

2 yum upgrade

说明：

（2.1）Error: Package: ceph-deploy-1.5.37-0.noarch (@ceph-noarch)

解决办法：

rm -rf /etc/yum.repos.d/ceph*

yum upgrade

yum remove ceph-deploy

yum upgrade

3 yum install python-openstackclient

4 yum install openstack-selinux

5 yum install mariadb mariadb-server python2-PyMySQL

说明：

（5.1）Error: Package: 2:postfix-2.10.1-6.el7.x86_64 (@anaconda)

解决办法：

需要解决冲突，最后达到用rpm -qa| grep mariadb-*是下面的结果

mariadb-10.1.20-1.el7.x86_64
mariadb-libs-10.1.20-1.el7.x86_64
mariadb-common-10.1.20-1.el7.x86_64
mariadb-server-10.1.20-1.el7.x86_64
mariadb-errmsg-10.1.20-1.el7.x86_64
mariadb-config-10.1.20-1.el7.x86_64

rpm -qa | grep mysql-*是什么都没有的结果
具体操作可以手动删除rpm -e mysql-* --nodeps

6 创建并编辑vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 20.1.92.42
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

7 启动数据库

systemctl enable mariadb.service

systemctl start mariadb.service

（7.1）失败时，请确保/var/lib/mysql这个目录是空，可以用rm -rf /var/lib/mysql/*来保证

8 mysql_secure_installation

说明：提示Enter current password for root (enter for none):直接回车，然后设置root密码，这里设置为root

9 yum install mongodb-server mongodb //不用Telemetry的话可以不做

10 systemctl enable mongod //不用Telemetry的话可以不做

11 systemctl start mongod //不用Telemetry的话可以不做

12 yum install rabbitmq-server -y

13 systemctl enable rabbitmq-server.service

14 systemctl start rabbitmq-server.service

15 rabbitmqctl add_user openstack root

16 rabbitmqctl set_permissions openstack ".*" ".*" ".*"

17 yum install memcached python-memcached -y

18 systemctl enable memcached.service

19 systemctl start memcached.service

// 认证服务安装开始

20 mysql -u root p

输入密码root

21 create database keystone;

22 grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'root';

23 grant all privileges on keystone.* to 'keystone'@'%' identified by 'root';

24 openssl rand -hex 10

ba98e1b457341b8e07e8

25 yum install openstack-keystone httpd mod_wsgi

26 vim /etc/keystone/keystone.conf

[DEFAULT]

admin_token = ba98e1b457341b8e07e8

[database]

connection = mysql+pymysql://keystone:root@controller/keystone

[token]

provider = fernet

27 su -s /bin/sh -c "keystone-manage db_sync" keystone

28 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

29 vim /etc/httpd/conf/httpd.conf

ServerName controller

30 vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000Listen 35357<VirtualHost *:5000>    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-public    WSGIScriptAlias / /usr/bin/keystone-wsgi-public    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    ErrorLogFormat "%{cu}t %M"    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined    <Directory /usr/bin>        Require all granted    </Directory></VirtualHost><VirtualHost *:35357>    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-admin    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    ErrorLogFormat "%{cu}t %M"    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined    <Directory /usr/bin>        Require all granted    </Directory></VirtualHost>

31 export OS_TOKEN=ba98e1b457341b8e07e8

32 export OS_URL=http://controller:35357/v3

33 export OS_IDENTITY_API_VERSION=3

openstack service create \  --name keystone --description "OpenStack Identity" identity

openstack endpoint create --region RegionOne \  identity public http://controller:5000/v3

openstack endpoint create --region RegionOne \  identity internal http://controller:5000/v3

openstack endpoint create --region RegionOne \  identity admin http://controller:35357/v3

openstack domain create --description "Default Domain" default

openstack project create --domain default \  --description "Admin Project" admin

openstack user create --domain default \  --password-prompt admin

输入密码：admin

openstack role create admin

openstack role add --project admin --user admin admin

openstack project create --domain default \  --description "Service Project" service

openstack project create --domain default \  --description "Demo Project" demo

openstack user create --domain default \  --password-prompt demo

密码：demo

openstack role create user

openstack role add --project demo --user demo user

vim /etc/keystone/keystone-paste.ini 文件，从``[pipeline:public_api]``，[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth

unset OS_TOKEN OS_URL

openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue

说明：这一步，若是有错，重新执行一遍前面的，看是不是哪一步没做

openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue

52创建admin-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

53创建 demo-openrc

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

54请求令牌

//. admin-openrc

//openstack token issue

//结束认证服务安装

//开始镜像服务安装glance

mysql -u root -p

密码：root

create database glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'root';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'root';

. admin-openrc

openstack user create --domain default --password-prompt glance

密码：root

openstack role add --project service --user glance admin

openstack service create --name glance \
--description "OpenStack Image" image

openstack endpoint create --region RegionOne \
image public http://controller:9292

openstack endpoint create --region RegionOne \
image internal http://controller:9292

openstack endpoint create --region RegionOne \
image admin http://controller:9292

yum install openstack-glance

编辑文件 /etc/glance/glance-api.conf

[database]
connection = mysql+pymysql://glance:root@controller/glance

在 [keystone_authtoken] 和 [paste_deploy] 部分，配置认证服务访问：

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = root
[paste_deploy]
flavor = keystone

vim /etc/glance/glance-registry.conf

[database]
connection = mysql+pymysql://glance:root@controller/glance

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service \
openstack-glance-registry.service

systemctl start openstack-glance-api.service \
openstack-glance-registry.service

. admin-openrc

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

使用 QCOW2 磁盘格式， bare 容器格式上传镜像到镜像服务并设置公共可见，这样所有的项目都可以访问它

openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public

openstack image list

//镜像服务安装结束

//计算服务安装开始

mysql -u root -p

CREATE DATABASE nova_api;
CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'root';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'root';

. admin-openrc

openstack user create --domain default \
--password-prompt nova

密码：root

openstack role add --project service --user nova admin

openstack service create --name nova \
--description "OpenStack Compute" compute

openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%$tenant_id$s

openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%$tenant_id$s

openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%$tenant_id$s

yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler

vim /etc/nova/nova.conf

[DEFAULT]
enabled_apis = osapi_compute,metadata

[api_database]
connection = mysql+pymysql://nova:root@controller/nova_api
[database]
connection = mysql+pymysql://nova:root@controller/nova

[DEFAULT]
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[DEFAULT]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = root

[DEFAULT]
my_ip = 20.1.92.42

[DEFAULT]
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage db sync" nova

systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

//完成计算服务在控制节点的安装

yum install openstack-nova-compute

vim /etc/nova/nova.conf

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = root

[DEFAULT]
my_ip = 20.1.92.45

use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

egrep -c '(vmx|svm)' /proc/cpuinfo

89这一步可以省略，因为我们在88步返回的是8>=1

/etc/nova/nova.conf

[libvirt]
virt_type = qemu

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

说明：

遇到口令错误登录不上的问题

rabbitmqctl add_user openstack root

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

. admin-openrc

openstack compute service list

//结束计算节点安装

//开始安装网络服务

在控制节点上

mysql -u root -p

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'root';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'root';

exit

. admin-openrc

openstack user create --domain default --password-prompt neutron

密码：root

openstack role add --project service --user neutron admin

openstack service create --name neutron \
--description "OpenStack Networking" network

openstack endpoint create --region RegionOne \
network public http://controller:9696

openstack endpoint create --region RegionOne \
network internal http://controller:9696

openstack endpoint create --region RegionOne \
network admin http://controller:9696

选择私有网络

yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables

vim /etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:root@controller/neutron

[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = root

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True

100

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:bond-manage

enable_vxlan = True
local_ip = 20.1.92.42
l2_population = True

101

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

102

vim /etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =

103

[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

104

vim /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = root

105

vim /etc/nova/nova.conf

[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = root
service_metadata_proxy = True
metadata_proxy_shared_secret = root

106

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

107

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

108

systemctl restart openstack-nova-api.service

109

systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service

systemctl start neutron-l3-agent.service

//完成安装配置neutron的控制节点

//开始安装配置neutron的计算节点

110

yum install openstack-neutron-linuxbridge ebtables ipset

111

vim /etc/neutron/neutron.conf

[DEFAULT]
backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = root

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

112

//选择私有网络

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:bond-manage

[vxlan]
enable_vxlan = True
local_ip = 20.1.92.45
l2_population = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

113

vim /etc/nova/nova.conf

114

systemctl restart openstack-nova-compute.service

115

systemctl enable neutron-linuxbridge-agent.service

systemctl start neutron-linuxbridge-agent.service

116

//在控制节点上

. admin-openrc

neutron ext-list

117

//选择私有网络，在控制节点上

neutron agent-list

118

//安装dashboard

yum install openstack-dashboard

119

vim /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*', ]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}

TIME_ZONE = "TIME_ZONE"

120

systemctl restart httpd.service memcached.service

121

//验证

http://controller/dashboard

domain: default

user:admin

password:admin

122

//启动一个实例（这里用私有网络，所以一个公共网络，一个私有网络）

//创建provider网络

. admin-openrc

123
. admin-openrc
neutron net-create --shared --provider:physical_network provider \
--provider:network_type flat provider

124

neutron subnet-create --name provider \
--dns-nameserver 220.189.127.106 --gateway 172.17.92.1 \
provider 172.17.92.0/24 --enable_dhcp=False

125//创建自服务网络

. demo-openrc

neutron net-create selfservice

126//创建子网

neutron subnet-create --name selfservice \
--dns-nameserver 220.189.127.106 --gateway 10.2.1.1\
selfservice 10.2.1.0/24

127

neutron net-update provider --router:external

. demo-openrc

neutron router-create router

neutron router-interface-add router selfservice

//用neutron router-port-list router得到subnet_id然后执行下面命令，设置静态ip

neutron router-gateway-set router provider --fixed-ip subnet_id=ea81edf5-0d7b-4bbc-8fd3-84b905a75bb6,ip_address=172.16.92.4

128

. admin-openrc

ip netns //因为禁用了provider的dhcp，所以现在只有两个

neutron router-port-list router

ping 172.16.92.4 -c 4

阅读全文

0 0