openstack实验环境搭建

2019/7/21 14:18:07 人评论 次浏览 分类:学习教程

Openstack实验文档

一、base节点

1.1配置网络

vim /etc/sysconfig/network-scripts/ifcfg-eth0

1.2关闭防火墙和selinux

systemctl stop firewalld

systemctl disabled firewalld

vim /etc/sysconfig/selinux ---------------------------将enforcing改为disabled

1.3搭建时间同步服务器

vim /etc/chrony.conf

server ip地址 ##服务器地址

local stratum 10 ##取消注释

allow 网段地址 ##允许的网段

systemctl restart chronyd ##重启服务

systemctl enable chronyd ##自启服务

1.4搭建DNS服务

yum -y install bind ##安装软件

vim /etc/named.conf ##修改配置文件

options {

listen-on port 53 { any; };

directory "/var/named";

allow-query { any; };

};

zone "." IN {

type hint;

file "named.ca";

};

zone "xiaoai.edu" IN {

type master;

file "xiaoai.db";

};

zone "16.172.in-addr.arpa" IN {

type master;

file "db.xiaoai";

vim /var/named/xiaoai.db ##编辑正解配置文件

$TTL 3H

@ IN SOA dns1.xiaoai.edu. root.blue.edu. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS dns1.xiaoai.edu.

dns1 IN A 172.16.4.100

base IN A 172.16.4.100

ctrl IN A 172.16.4.101

com1 IN A 172.16.4.102

com2 IN A 172.16.4.103

cin1 IN A 172.16.4.104

cin2 IN A 172.16.4.105

swift1 IN A 172.16.4.106

swift2 IN A 172.16.4.107

vim /var/named/db.xiaoai ##编辑反解配置文件

$TTL 3H

@ IN SOA dns1.xiaoai.edu. root.xiaoai.edu. (

0 ; serial

1D ; refresh

1H ; retry

1W ; expire

3H ) ; minimum

@ IN NS dns1.xiaoai.edu.

100.4 IN PTR dns1.xiaoai.edu.

100.4 IN PTR base.xiaoai.edu.

101.4 IN PTR ctrl.xiaoai.edu.

102.4 IN PTR com1.xiaoai.edu.

103.4 IN PTR com2.xiaoai.edu.

104.4 IN PTR cin1.xiaoai.edu.

105.4 IN PTR cin2.xiaoai.edu.

106.4 IN PTR swift1.xiaoai.edu.

107.4 IN PTR swift2.xiaoai.edu.

systemctl enable named ##自启服务

systemctl restart named ##重启服务

nslookuo base.xiaoai.edu ##解析下

1.5数据库

yum -y install mariadb mariadb-server python2-PyMySQL

systemctl restart mariadb.service

systemctl enable mariadb.service

mysql_secure_installation ##初始化数据库

mysql -uroot -p123 ##登陆数据库

select user,host from mysql.user;

vim /etc/my.cnf.d/openstack.cnf ##修改环境

[mysqld]

bind-address = 172.16.3.10

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

1.6rabbitmq搭建

yum install rabbitmq-server -y

systemctl start rabbitmq-server

systemctl enable rabbitmq-server

netstat -lantu |grep 5672

rabbitmqctl change_password guest guest ##修改密码

rabbitmq-plugins enable rabbitmq_management ##自启服务

systemctl restart rabbitmq-server ##重启服务

netstat -lantu |grep 15672

登陆 ip:15672 验证(guest guest)

1.7memcached搭建

yum install memcached python-memcached -y

vim /etc/sysconfig/memcached

OPTIONS="-l 127.0.0.1,::1,controller" ##修改内容

systemctl enable memcached.service

systemctl start memcached.service

keystone数据库创建

mysql -uroot -p123

CREATE DATABASE keystone; ##创建Keystone数据库

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

##创建keystone用户,密码为KEYSTONE_DBPASS,并授权访问keystone数据库

Glance数据库创建

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';

Nova数据库创建

CREATE DATABASE nova_api;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

CREATE DATABASE nova_cell0;

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

SELECT DISTINCT CONCAT('User: ''',user,'''@''',host,''';') AS query FROM mysql.user;

Cinder数据库创建

CREATE DATABASE cinder;

GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';

GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';

SHOW DATABASES;

二、ctrl节点

2.1必要的软件安装

yum -y install python-openstackclient ##python软件包安装

yum -y install openstack-selinux ##python模块安装

yum -y install openstack-keystone httpd mod_wsgi

2.2和数据库做关联

vim /etc/keystone/keystone.conf ##通过密码访问base节点keystone的数据库,做keystone组件与数据库的连接,token采用的加密方式 fernet

[database]

Connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@base.blue.edu/keystone

[token]

provider = fernet

su -s /bin/sh -c "keystone-manage db_sync" keystone ##同步数据

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

##keystone用户以及所在的组进行加密

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

##keystone用户配置凭证

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \

--bootstrap-admin-url http://ctrl.blue.edu:35357/v3/ \

--bootstrap-internal-url http://ctrl.blue.edu:5000/v3/ \

--bootstrap-public-url http://ctrl.blue.edu:5000/v3/ \

--bootstrap-region-id RegionOne

##keystone声明访问点设置通道,密码为ADMIN_PASS

2.3keystone 提供http服务

vim /etc/httpd/conf/httpd.conf

serverName ctrl.xiaoai.edu

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

##软连接建立,当每个组件做认证注册时,默认的token+URL以HTTP服务形式访问

2.4声明环境变量

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://ctrl.blue.edu:35357/v3

export OS_IDENTITY_API_VERSION=3

2.5openstack环境的设置

openstack project create --domain default --description "Service Project" service

openstack project create --domain default --description "Demo Project" demo

openstack user create --domain default --password DEMO_PASS demo

openstack role create user

openstack role add --project demo --user demo user

##创建用户密码,创建角色,给demo项目下的用户赋予user角色;在default域下创建service项目非管理员任务应用非特权项目和用户。在defalut域下创建Demo项目创建demo用户密码DEMO_PASS;创建user角色将User角色添加到demo项目和demo用户

2.6编辑openstack配置文件

cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.ds.bak

vim /etc/keystone/keystone-paste.ini

[pipeline:public_api]

# The last item in this pipeline must be public_service or an equivalent

# application. It cannot be a filter.

pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service

[pipeline:admin_api]

# The last item in this pipeline must be admin_service or an equivalent

# application. It cannot be a filter.

pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service

[pipeline:api_v3]

# The last item in this pipeline must be service_v3 or an equivalent

# application. It cannot be a filter.

pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

##删除多的功能模块admin_token_auth

2.7取消密码方式的登陆的环境变量

unset OS_AUTH_URL OS_PASSWORD

##改为token的方式

2.8获取admin的token

openstack --os-auth-url http://ctrl.blue.edu:35357/v3 \

--os-project-domain-name default \

--os-user-domain-name default \

--os-project-name admin \

--os-username admin token issue

ADMIN_PASS

2.9获取demo的token

openstack --os-auth-url http://ctrl.blue.edu:5000/v3 \

--os-project-domain-name default \

--os-user-domain-name default \

--os-project-name demo \

--os-username demo token issue

DEMO_PASS

2.10生成管理员获取token脚本

vim ~/admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_AUTH_URL=http://ctrl.blue.edu:35357/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

2.11普通用户获取token脚本

Vim ~/demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=DEMO_PASS

export OS_AUTH_URL=http://ctrl.blue.edu:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

2.12执行脚本获取token

.admin-openrc

openstack token issue

.demo-openrc

openstack token issue

crtl节点glance配置

3.1执行脚本

.admin-openrc

3.2创建

openstack user create --domain default --password GLANCE_PASS glance

openstackc rloe add --project service --user glance admin

openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://ctrl.blue.edu:9292

openstack endpoint create --region RegionOne image internal http://ctrl.blue.edu:9292

openstack endpoint create --region RegionOne image admin http://ctrl.blue.edu:9292

##创建一个GLANCE用户密码GLANCE_PASS;授予glance admin权限;创建glance服务;基于服务注册endpoint的3种通道

3.3安装glance服务

yum -y install openstack-glance

3.4配置文件编辑

vim /etc/glance/glance-api.conf

[database]

connection = mysql+pymysql://glance:GLANCE_DBPASS@base.xiaoai.edu/glance

[keystone_authtoken]

auth_uri = http://ctrl.xiaoai.edu:5000

auth_url = http://ctrl.xiaoai.edu:35357

memcached_servers = base.xiaoai.edu:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = GLANCE_PASS

[paste_deploy]

flavor = keystone

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

##api:配置与数据库的连接;与keystone认证,设置IP路径 admin管理员用户 uri 组件用户url

采用密码认证;验证GLance用户名密码;配置用户名和密码;pate_deploy;flavor:实例类型为keystone;glance_store:设置存储方式,存储路径

vim /etc/glance/glance-registry.conf

[database]

connection = mysql+pymysql://glance:GLANCE_DBPASS@base.xiaoai.edu/glance

[keystone_authtoken]

auth_uri = http://ctrl.xiaoai.edu:5000

auth_url = http://ctrl.xiaoai.edu:35357

memcached_servers = base.xiaoai.edu:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = glance

password = GLANCE_PASS

[paste-deploy]

flavor= keystone

##配置与数据库的连接;keystone认证,设置IP路径 admin管理员用户 uri 组用户url

采用密码认证;验证GLance用户名密码;配置用户名和密码;设置实例类型

3.5数据库同步

su -s /bin/sh -c "glance-manage db_sync" glance

3.6启动服务

systemctl restart openstack-glance-api.service

systemctl enalbe openstack-glance-api.service

systemctl restart openstack-glance-registry.server

systemctl enalbe openstack-glance-registry.server

3.6启动环境

. admin-openrc

3.7下载镜像

wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86-disk.img

3.8上传镜像

openstack image create "cirros" \

--file cirros-0.3.5-x86_64-disk.img \

--disk-format qcow2 --container-format bare \

--public

3.9查看镜像

openstack image list

Ctrl节点 Nova节点搭建

4.1环境变量

. admin-openrc

4.2设置

openstack user create --domain default --password NOVA_PASS nova

openstack role add --project service --user nova admin

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://ctrl.blue.edu:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://ctrl.blue.edu:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://ctrl.blue.edu:8774/v2.1

openstack user create --domain default --password PLACEMENT_PASS placement

openstack role add --project service --user placement admin

openstack service create --name placement --description "Placement API" placement

openstack endpoint create --region RegionOne placement public http://ctrl.blue.edu:8778

openstack endpoint create --region RegionOne placement internal http://ctrl.blue.edu:8778

openstack endpoint create --region RegionOne placement admin http://ctrl.blue.edu:8778

4.3安装软件

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api

4.4编辑配置文件

vim /etc/nova/nova.conf

[DEFAULT]

enabled_apis = osapi_compute,metadata

[api_database]

connection = mysql+pymysql://nova:NOVA_DBPASS@base.xiaoai.edu/nova_api

[database]

connection = mysql+pymysql://nova:NOVA_DBPASS@base.xiaoai.edu/nova

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@base.xiaoai.edu

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://ctrl.xiaoai.edu:5000

auth_url = http://ctrl.xiaoai.edu:35357

memcached_servers = base.xiaoai.edu:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = NOVA_PASS

[DEFAULT]

my_ip = 172.16.4.102

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

enabled = true

vncserver_listen = $my_ip

vncserver_proxyclient_address = $my_ip

[glance]

api_servers = http://ctrl.xiaoai.edu:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://ctrl.xiaoai.edu:35357/v3

username = placement

password = PLACEMENT_PASS

4.5协调文件

vim /etc/httpd/conf.d/00-nova-placement-api.conf

= 2.4>

Require all granted

Order allow,deny

Allow from all

4.6生成数据库表格

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

su -s /bin/sh -c "nova-manage db sync" nova

4.7验证

nova-manage cell_v2 list_cells

4.8重启服务

systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

三、Compute节点 Nova-compute节点

5.1安装虚拟化软件

yum -y install qemu-kvm* virt-* libvirt*

5.2安装O版OpenStack

yum -y install centos-release-openstack-ocata

5.3安装o版本openstack

yum -y install openstack-nova-compute

5.4编辑nova配置文件

vim /etc/nova/nova.conf

[DEFAULT]

enabled_apis = osapi_compute,metadata

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@base.blue.edu

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://ctrl.xiaoai.edu:5000

auth_url = http://ctrl.xiaoai.edu:35357

memcached_servers = base.blue.edu:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = NOVA_PASS

[DEFAULT]

my_ip = 172.16.3.12

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[vnc]

enabled = True

vncserver_listen = 0.0.0.0

vncserver_proxyclient_address = $my_ip

novncproxy_base_url = http://ctrl.xiaoai.edu:6080/vnc_auto.html

[glance]

api_servers = http://ctrl.xiaoai.edu:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://ctrl.xiaoai.edu:35357/v3

username = placement

password = PLACEMENT_PASS

[libvirt]

virt_type = qemu

5.5查询CPU是否正常开启

grep -c '(vmx|svm)' /proc/cpuinfo

5.6重启服务

systemctl restart libvirtd

systemctl enable libvirtd

systemctl restart openstack-nova-compute.service

systemctl enable openstack-nova-compute.service

5.7返回ctrl节点验证

. admin-openrc

openstack hypervisor list

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

openstack compute service list

openstack catalog list

openstack image list

##运行环境;查看虚拟化层列表;同步到数据库发现的主机;查看计算服务列表;列出Identity(实体)服务中的API端点,以验证与Idientity(实体)服务的连接;查看镜像服务中的镜像,以验证与镜像服务的连接

Ctrl节点 Cinder搭建

6.1运行环境

. admin-openrc

6.2设置

openstack user create --domain default --password CINDER_PASS cinder

openstack role add --project service --user cinder admin

openstack service create --name cinder --description "OpenStack Black Storage" volume

openstack service create --name cinderv2 --description "OpenStack Black Storage" volumev2

openstack endpoint create--region RegionOne volume public http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s

openstack endpoint create--region RegionOne volume admin http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s

openstack endpoint create--region RegionOne volume internal http://ctrl.xiaoai.edu:8776/v1/%\(tenant_id\)s

openstack endpoint create --region RegionOne volumev2 internal http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s

openstack endpoint create --region RegionOne volumev2 public http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s

openstack endpoint create --region RegionOne volumev2 admin http://ctrl.xiaoai.edu:8776/v2/%\(tenant_id\)s

6.3安装软件

yum -y install openstack-cinder

6.4编辑配置文件

vim /etc/cinder/cinder.conf

[database]

connection = mysql+pymysql://cinder:CINDER_DBPASS@base.xiaoai.edu/cinder

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@base.xiaoai.edu

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://ctrl.xiaoai.edu:5000

auth_url = http://ctrl.xiaoai.edu:35357

memcached_servers = base.xiaoai.edu:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = cinder

password = CINDER_PASS

[DEFALUT]

my_ip = 172.16.4.101

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

6.5同步数据库

su -s /bin/sh -c "cinder-manage db sync" cinder

##共34张表格

6.6编辑配置文件

vim /etc/nova/nova.conf

[cinder]

os_region_name = RegionOne

##在nova指明cinder的位置

6.7重启nova

systemctl restart openstack-nova-api.service

6.8重启cinder

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service

systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service

6.9运行环境

. admin-openrc

6.10查看状态

cinder service list

openstack volume service list

四、cinder节点cinder搭建

7.1主机名

Cin1

7.2安装软件

yum -y install lvm2

7.3启动软件

systemctl restart lvm2-lvmetad.service

systemctl enable lvm2-lvmetad.service

7.4制作lvm格式磁盘

pvcreate /dev/vdb

vgcreate cinder-volumes /dev/vdb

7.5更改配置文件

vim /etc/lvm/lvm.conf ##50行

devices {

filter = [ "a/vda/", "a/vdb/", "r/.*/"]

7.6安装软件

yum -y install openstack-cinder targetcli python-keystone

7.7编辑配置文件

vim /etc/cinder/cinder.conf

[database]

connection = mysql+pymysql://cinder:CINDER_DBPASS@base.xiaoai.edu/cinder

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@base.xiaoai.edu

[DEFAULT]

auth_strategy = keystone

[keystone_authtoken]

auth_uri = http://ctrl.xiaoai.edu:5000

auth_url = http://ctrl.xiaoai.edu:35357

memcached_servers = base.xiaoai.edu:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = cinder

password = CINDER_PASS

[DEFALUT]

my_ip = 172.16.4.104

[lvm]

volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

volume_group = cinder-volumes

iscsi_protocol = iscsi

iscsi_helper = lioadm

[DEFAULT]

enabled_backends = lvm

[DEFAULT]

glance_api_servers = http://ctrl.xiaoai.edu:9292

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

7.8重启服务

systemctl enable openstack-cinder-volume.service target.service

systemctl restart openstack-cinder-volume.service target.service

相关资讯

    暂无相关的资讯...

共有访客发表了评论 网友评论

验证码: 看不清楚?
    -->