首页 > 代码库 > openstack部署
openstack部署
环境准备
1、openstack部署 - 硬件要求
实验环境:至少两台机器。
Controller Node: 1 processor, 2 GB memory, and 5 GB storage
Compute Node: 1 processor, 2 GB memory, and 10 GB storage
2、openstack部署 - 前期准备
关闭selinux
setenforce 0
关闭iptables
systemctl dissystemctl stop firewalld
able firewalld
关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
3、两台机器,设置hostname
hostnamectl set-hostname controller
hostnamectl set-hostname compute
4、编辑/etc/hosts:
192.168.100.20 controller
192.168.100.21 compute
5、同步时间:
controller上:
yum install -y chrony
vim /etc/chrony.confl
增加或更改:allow 192.168.16.0/24
systemctl enablechronyd.service
systemctl start chronyd.service
compute上:lyum install -y chrony
vim /etc/chrony.conf
增加或更改: server controller iburst
systemctl enablechronyd.service
systemctl start chronyd.service
部署阶段
1、安装openstack的yum源(两个机器上都操作)
yum install -y centos-release-openstack-liberty
2、升级所有的包(两个机器上都操作)
yum upgrade ####结束后重启系统reboot
安装openstack 客户端和openstack-selinux
yum install -y python-openstackclient openstack-selinux
controller部署
1、sql服务安装
yum install -y mariadb mariadb-server MySQL-python
编辑配置文件
vi /etc/my.cnf.d/mariadb_openstack.cnf //加入下面内容
[mysqld]
bind-address = 192.168.100.20
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = ‘SET NAMES utf8‘
character-set-server = utf8
启动mariadb:systemctl enable mariadb.service
systemctl start mariadb.service
安全配置,设置root密码
命令行执行:mysql_secure_installation
设置root密码为:root
2、安装nosql
nosql数据库被Telemetry service用到
在这里我们安装的是mongodb
yum install -y mongodb-server mongodb
编辑配置文件 vi /etc/mongod.conf //更改如下配置
bind_ip = 192.168.100.20
smallfiles = true
启动服务
systemctl enable mongod.service
systemctl start mongod.service
3、安装消息队列
rabbitmq消息队列服务在openstack中起到非常关键的作用,它好比是一个交通枢纽,各个组件之间的通信由它来完成。
yum install -y rabbitmq-server
启动rabbitmq-server服务
systemctl enable rabbitmq-server
systemctl start rabbitmq-server
添加openstack用户
rabbitmqctl add_user openstack openstackpasswd
// 密码 openstackpasswd用户名为openstack
为openstack用户授权
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
允许openstack用户可以配置,可以写,可以读
4、增加identity - keystone
登陆mysql,创建数据库
mysql -uroot -proot
>create database keystone;
>GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘keystone‘;
>GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘keystone‘;
说明,创建一个keystone库,并且授权给keystone用户所有权限,密码为keystone
安装相关的包
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
启动memcached服务
systemctl enable memcached.service
systemctl start memcached.service
编辑keystone配置文件
vi /etc/keystone/keystone.conf //修改或增加配置如下
[DEFAULT]
admin_token = 123456
verbose = true
[database]
connection = mysql://keystone:keystone@controller/keystone
[memcache]
servers = localhost:11211
[token]
provider = uuid
driver = memcache
[revoke]
driver = sql
导入keystone相关的数据
su -s /bin/sh -c "keystone-managedb_sync" keystone
这里会有个提示 No handlers could be found for logger"oslo_config.cfg" 忽略它,不影响
检查有没有正常导入数据:
[root@controller ~]# mysql -ukeystone -pkeystone -hcontroller -t keystone -e "show tables"
看是否有列出表来,如果是空,说明没有成功导入数据
配置apache
先编辑配置文件/etc/httpd/conf/httpd.conf
增加或更改
ServerName controller
配置apache
先编辑配置文件 /etc/httpd/conf/httpd.conf
增加或更改
ServerName controller
编辑配置文件 vi /etc/httpd/conf.d/wsgi-keystone.conf 内容如下
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
启动apache
systemctl enable httpd.service
systemctl start httpd.service
设置环境变量:
export OS_TOKEN=3qiVpzU2x
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
然后创建服务实例
openstackservice create --name keystone--description "OpenStack Identity" identity
创建端点
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | fc4f17f8b9604286903bd324b40b8016 | | name | keystone | | type | identity | +-------------+----------------------------------+ [root@controller ~]# [root@controller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2347aed007ca49fe845e4ee7940689b4 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | fc4f17f8b9604286903bd324b40b8016 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v2.0 | +--------------+----------------------------------+ [root@controller ~]# [root@controller ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | e049b49ff24646ee95bfcbe8addcfbff | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | fc4f17f8b9604286903bd324b40b8016 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v2.0 | +--------------+----------------------------------+ [root@controller ~]# [root@controller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ef867ab9497d4aeab1c0c0b088fbf901 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | fc4f17f8b9604286903bd324b40b8016 | | service_name | keystone | | service_type | identity | | url | http://controller:35357/v2.0 | +--------------+----------------------------------+ [root@controller ~]#
创建租户(tenants)、用户以及角色
创建admin 租户
openstack project create --domain default --description "Admin Project" admin
[root@controller ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | default | | enabled | True | | id | ed1396bac8b14d969693e7f019dd5230 | | is_domain | False | | name | admin | | parent_id | None | +-------------+----------------------------------+ [root@controller ~]#
创建admin用户 (密码为admin)
openstack user create --domain default --password-prompt admin
[root@controller ~]# openstack user create --domain default --password-prompt admin User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 28d7c214bffb4e37ad10d734d156d067 | | name | admin | +-----------+----------------------------------+ [root@controller ~]#
创建admin角色
openstack rolecreate admin
[root@controller ~]# openstack role create admin +-------+----------------------------------+ | Field | Value | +-------+----------------------------------+ | id | d1297a61aba6462e9a6feea1542fcef3 | | name | admin | +-------+----------------------------------+ [root@controller ~]#
添加admin角色到admin租户和用户
openstack role add --project admin --user admin admin
下面我们再来创建一个service 租户
openstack project create --domain default --description "Service Project" service
[root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | e01123d140d248bfbbc21aa844453079 | | is_domain | False | | name | service | | parent_id | None | +-------------+----------------------------------+ [root@controller ~]#
创建demo租户
openstackproject create --domain default --description "Demo Project" demo
[root@controller~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description |Demo Project | | domain_id | default | | enabled | True | | id | 178c99209e43429b90fb4b638e29450d | | is_domain | False | | name | demo | | parent_id | None | +-------------+----------------------------------+ [root@controller ~]#
创建demo用户 (密码demo)
openstack user create --domain default --password-prompt demo
[root@controller ~]# openstack user create --domain default --password-prompt demo User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | c29d410611ba4e918d71a4edb64688b6 | | name | demo | +-----------+----------------------------------+ [root@controller ~]#
创建角色user
openstack role create user
[root@controller~]# openstack role create user +-------+----------------------------------+ | Field |Value | +-------+----------------------------------+ | id | 2f304e27f0fb401a9425cf4644179fb5 | | name | user | +-------+----------------------------------+ [root@controller~]#
添加user角色到demo租户和demo用户
openstack role add --project demo --user demo user
[root@controller~]# openstack role add --project demo --user demo user
验证admin用户和demo用户是否能正常登陆
首先做一个安全设置:
vi /usr/share/keystone/keystone-dist-paste.ini
搜索admin_token_auth, 从[pipeline:public_api], [pipeline:admin_api]和[pipeline:api_v3]中,把admin_token_auth去掉,例如把
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
改为
pipeline = sizelimit url_normalize request_id build_auth_context token_auth json_body ec2_extension user_crud_extension public_service
取消环境变量OS_TOKEN和OS_URL
unset OS_TOKEN OS_URL
然后再登陆admin和demo用户
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
密码:admin
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue Password: +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2016-09-20T20:04:51.066434Z | | id | d433ed7af41c45ba96ab29daa28eb773 | | project_id | ed1396bac8b14d969693e7f019dd5230 | | user_id | 28d7c214bffb4e37ad10d734d156d067 | +------------+----------------------------------+ [root@controller ~]#
openstack --os-auth-urlhttp://controller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo--os-auth-type password token issue
密码:demo
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name demo --os-username demo --os-auth-type password token issue Password: +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2016-09-20T20:06:35.853825Z | | id | 6ce859278e6f4a86a4b4e45043d7d323 | | project_id | 178c99209e43429b90fb4b638e29450d | | user_id | c29d410611ba4e918d71a4edb64688b6 | +------------+----------------------------------+ [root@controller ~]#
验证操作
创建openstack客户端脚本1
viadmin-openrc.sh //内容
exportOS_PROJECT_DOMAIN_ID=default
exportOS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
exportOS_TENANT_NAME=admin
exportOS_USERNAME=admin
exportOS_PASSWORD=admin
exportOS_AUTH_URL=http://controller:35357/v3
exportOS_IDENTITY_API_VERSION=3
执行脚本
source admin-openrc.sh
申请认证令牌
openstack tokenissue
[root@controller profile.d]# source admin-openrc.sh [root@controller profile.d]# openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2016-09-21T06:26:49.883621Z | | id | 9574b64752574c1982a11b40c87c0429 | | project_id | ed1396bac8b14d969693e7f019dd5230 | | user_id | 28d7c214bffb4e37ad10d734d156d067 | +------------+----------------------------------+ [root@controller profile.d]#
创建openstack客户端脚本2
vi demo-openrc.sh //内容
exportOS_PROJECT_DOMAIN_ID=default
exportOS_USER_DOMAIN_ID=default
exportOS_PROJECT_NAME=demo
exportOS_TENANT_NAME=demo
exportOS_USERNAME=demo
exportOS_PASSWORD=demo
exportOS_AUTH_URL=http://controller:5000/v3
exportOS_IDENTITY_API_VERSION=3
执行脚本
sourcedemo-openrc.sh
申请认证令牌
openstack tokenissue
[root@controllerprofile.d]# source demo-openrc.sh [root@controllerprofile.d]# openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2016-09-21T06:27:17.381145Z | | id | a121e15a99f64ff4870870b29b706521 | | project_id |178c99209e43429b90fb4b638e29450d | | user_id | c29d410611ba4e918d71a4edb64688b6 | +------------+----------------------------------+ [root@controllerprofile.d]#
增加image - 前期准备
image又叫做glance,是用来管理镜像的一个组件,我们用镜像来安装操作系统。glance支持让用户自己管理自定义镜像。
创建glance库和用户
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘ IDENTIFIED BY ‘glance‘; Query OK, 0 rows affected (0.04 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘ IDENTIFIED BY ‘glance‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
执行 admin-openrc.sh 脚本 source admin-openrc.sh
创建glance用户(密码为glancepasswd)
[root@controller profile.d]# source admin-openrc.sh [root@controller profile.d]# openstack user create --domain default --password-prompt glance User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 2d467742f7f7445087db6f7194cdcccc | | name | glance | +-----------+----------------------------------+ [root@controller profile.d]#
把admin角色添加到glance用户和service租户
openstack role add --project service --user glance admin
创建glance服务实体
openstack service create --name glance --description "OpenStack Image service" image
[root@controller profile.d]# openstack role add --project service --user glance admin [root@controller profile.d]# openstack service create --name glance --description "OpenStack Image service" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image service | | enabled | True | | id | efaa9c047adf4eb58ef2f1576e432a12 | | name | glance | | type | image | +-------------+----------------------------------+ [root@controller profile.d]#
创建image服务api 端点
openstack endpoint create --region RegionOne image public http://controller:9292
[root@controller profile.d]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d12aa53e769442bcb4bfd75ca75bbad0 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | efaa9c047adf4eb58ef2f1576e432a12 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller profile.d]#
openstack endpoint create --region RegionOne image internal http://controller:9292
[root@controller profile.d]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d3add6d0b0614e88a4adde93653b8b29 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | efaa9c047adf4eb58ef2f1576e432a12 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller profile.d]#
openstack endpoint create --region RegionOne image admin http://controller:9292
[root@controller profile.d]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 95a77b2444c74cc0bb135fde881ac453 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | efaa9c047adf4eb58ef2f1576e432a12 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller profile.d]#
增加image - 安装和配置(controller)
安装包
yum install -yopenstack-glance python-glance python-glanceclient
编辑配置文件
vi/etc/glance/glance-api.conf //更改或增加
[database]
connection =mysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri =http://controller:5000
auth_url =http://controller:35357
auth_plugin =password
project_domain_id= default
user_domain_id =default
project_name =service
username =glance
password =glancepasswd
[paste_deploy]
flavor =keystone
[glance_store]
default_store =file
filesystem_store_datadir= /var/lib/glance/images/
[DEFAULT]
notificaction_driver= noop
verbose=True
vi/etc/glance/glance-registry.conf //更改或增加
[DEFAULT]
notificaction_driver= noop
verbose=True
[database]
connection =mysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri =http://controller:5000
auth_url =http://controller:35357
auth_plugin =password
project_domain_id= default
user_domain_id =default
project_name =service
username =glance
password =glance
[paste_deploy]
flavor =keystone
同步glance数据库数据
su -s /bin/sh -c"glance-manage db_sync" glance
[root@controller profile.d]# su -s /bin/sh -c "glance-manage db_sync" glance No handlers could be found for logger "oslo_config.cfg" ---报错可以忽略
查看同步数据
[root@controller images]# mysql -uglance -pglance MariaDB [glance]> show tables; +----------------------------------+ | Tables_in_glance | +----------------------------------+ | artifact_blob_locations | | artifact_blobs | | artifact_dependencies | | artifact_properties | | artifact_tags | | artifacts | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ 20 rows in set (0.00 sec) MariaDB [glance]>
有数据列表为正常
启动服务
systemctl enableopenstack-glance-api.service openstack-glance-registry.service
systemctl startopenstack-glance-api.service openstack-glance-registry.service
增加image - 验证操作(controller)
(1) 添加环境变量
echo"export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
(2) 执行admin-openrc.sh
sourceadmin-openrc.sh
(3) 下载镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img --2016-09-21 14:51:01-- http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img Resolving download.cirros-cloud.net (download.cirros-cloud.net)... 64.90.42.85 Connecting to download.cirros-cloud.net (download.cirros-cloud.net)|64.90.42.85|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13287936 (13M) [text/plain] Saving to: ‘cirros-0.3.4-x86_64-disk.img’ 100%[==========================================================================================================>] 13,287,936 65.6KB/s in 2m 36s 2016-09-21 14:53:48 (83.0 KB/s) - ‘cirros-0.3.4-x86_64-disk.img’ saved [13287936/13287936]
(4) 把刚刚下载的镜像上传到镜像服务中心
glanceimage-create --name "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public --progress
然后我们可以在 /var/lib/glance/images/目录下看到一个文件,这个就是刚刚上传的镜像,你会发现这个文件的名字和id是一致的。
使用命令 glance image-list 可以查看镜像列表
[root@controller ~]# glance image-create --name "cirros" > --file cirros-0.3.4-x86_64-disk.img > --disk-format qcow2 --container-format bare > --visibility public --progress [=============================>] 100% +------------------+--------------------------------------+ | Property | Value | +------------------+--------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2016-09-21T06:54:14Z | | disk_format | qcow2 | | id | 6b44feb1-141c-4177-ba54-22bb927db70f | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | ed1396bac8b14d969693e7f019dd5230 | | protected | False | | size | 13287936 | | status | active | | tags | [] | | updated_at | 2016-09-21T06:54:15Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------+ [root@controller ~]# ls /var/lib/glance/images/ 6b44feb1-141c-4177-ba54-22bb927db70f [root@controller ~]#
然后我们可以在 /var/lib/glance/images/目录下看到一个文件,这个就是刚刚上传的镜像,你会发现这个文件的名字和id是一致的。
使用命令
glance image-list 可以查看镜像列表
[root@controller ~]# glance image-list +--------------------------------------+--------+ | ID | Name | +--------------------------------------+--------+ | 6b44feb1-141c-4177-ba54-22bb927db70f | cirros | +--------------------------------------+--------+ [root@controller ~]#
增加compute - 前期准备(controller
compute又叫nova,是OpenStack中的计算组织控制器。OpenStack中实例(instances)生命周期的所有活动都由Nova处理。这样使得Nova成为一个负责管理计算资源、网络、认证、所需可扩展性的平台。但是,Nova自身并没有提供任何虚拟化能力,相反它使用libvirt API来与被支持的Hypervisors(kvm、xen、vmware等)交互。
创建nova库,并创建nova用户
mysql -uroot -proot
MariaDB [(none)]> create database nova; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘nova‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘nova‘; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
初始化环境变量 source admin-openrc.sh
创建nova用户 密码为( novapasswd)
openstack user create --domain default --password-prompt nova
[root@controller profile.d]# source admin-openrc.sh [root@controller profile.d]# openstack user create --domain default --password-prompt nova User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 6bbf4cec693d4a85802712a6b83cea38 | | name | nova | +-----------+----------------------------------+ [root@controller profile.d]#
添加admin角色到nova用户 openstack role add --project service --user nova admin
[root@controller profile.d]# openstack role add --project service --user nova admin
[root@controller profile.d]#
创建nova服务实例 openstack service create --name nova --description "OpenStack Compute" compute
[root@controller profile.d]# openstack service create --name nova --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | f0415bd0e594444cad00eaee81d842a2 | | name | nova | | type | compute | +-------------+----------------------------------+ [root@controller profile.d]#
创建api端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)s
[root@controller profile.d]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | c3cc5002d6cb41e7aa0ef49a6a44ed74 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f0415bd0e594444cad00eaee81d842a2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller profile.d]#
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)s
[root@controller profile.d]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 26797406951f43a68340dcfbf098926f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | f0415bd0e594444cad00eaee81d842a2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller profile.d]#
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s
[root@controller profile.d]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 4a23043c9e90426490537ba587df3935 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | f0415bd0e594444cad00eaee81d842a2 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller profile.d]#
增加compute - 安装包并配置
[root@controller profile.d]# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -y
编辑配置文件
vi /etc/nova/nova.conf //更改或增加配置
[database]
connection = mysql://nova:nova@controller/nova
[DEFAULT]
rpc_backend=rabbit
my_ip=192.168.100.20
auth_strategy=keystone
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
verbose=true
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = novapasswd
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
host = controller
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
同步数据创建nova库 su -s /bin/sh -c "nova-manage db sync" nova
[root@controller profile.d]# su -s /bin/sh -c "nova-manage db sync" nova No handlers could be found for logger "oslo_config.cfg" [root@controller profile.d]#
查看数据库同步情况:
有表为正常
MariaDB [nova]> show tables; +--------------------------------------------+ | Tables_in_nova | +--------------------------------------------+ | agent_builds | | aggregate_hosts | | aggregate_metadata | | aggregates | | block_device_mapping 部分表数据
启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-cert.service openstack-nova-consoleauth.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service
增加compute - 安装包并配置(controller
yum installopenstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console \
openstack-nova-novncproxyopenstack-nova-scheduler python-novaclient -y
编辑配置文件
vi /etc/nova/nova.conf //更改或增加配置
[database]
connection =mysql://nova:RYgv0rg7p@controller/nova
[DEFAULT]
rpc_backend=rabbit
my_ip=192.168.16.111
auth_strategy=keystone
network_api_class= nova.network.neutronv2.api.API
security_group_api= neutron
linuxnet_interface_driver= nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver= nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
verbose=true
[keystone_authtoken]
auth_uri =http://controller:5000
auth_url =http://controller:35357
auth_plugin =password
project_domain_id= default
user_domain_id =default
project_name =service
username = nova
password =hsSNsqc43
[oslo_messaging_rabbit]
rabbit_host =controller
rabbit_userid =openstack
rabbit_password= o3NXovnz5
[vnc]
vncserver_listen= $my_ip
vncserver_proxyclient_address= $my_ip
[glance]
host =controller
[oslo_concurrency]
lock_path =/var/lib/nova/tmp
同步数据创建nova库 su -s /bin/sh -c "nova-manage dbsync" nova
启动服务
systemctl enableopenstack-nova-api.service \
openstack-nova-cert.serviceopenstack-nova-consoleauth.service \
openstack-nova-scheduler.serviceopenstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl startopenstack-nova-api.service \
openstack-nova-cert.serviceopenstack-nova-consoleauth.service \
openstack-nova-scheduler.serviceopenstack-nova-conductor.service \
openstack-nova-novncproxy.service
增加compute - 安装包并配置(compute)
安装nova-compute包
yum install -yopenstack-nova-compute sysfsutils
编辑配置文件
vi /etc/nova/nova.conf //更改或增加如下配置
[DEFAULT]
rpc_backend =rabbit
auth_strategy =keystone
my_ip =192.168.16.112
network_api_class= nova.network.neutronv2.api.API
security_group_api= neutron
linuxnet_interface_driver= nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver= nova.virt.firewall.NoopFirewallDriver
verbose=true
[oslo_messaging_rabbit]
rabbit_host =controller
rabbit_userid =openstack
rabbit_password= o3NXovnz5
[keystone_authtoken]
auth_uri =http://controller:5000
auth_url =http://controller:35357
auth_plugin =password
project_domain_id= default
user_domain_id =default
project_name =service
username = nova
password =hsSNsqc43
[vnc]
enabled = True
vncserver_listen= 0.0.0.0
vncserver_proxyclient_address= $my_ip
novncproxy_base_url= http://controller:6080/vnc_auto.html
[glance]
host =controller
[oslo_concurrency]
lock_path =/var/lib/nova/tmp
使用如下命令检查你的机器cpu是否支持虚拟化
egrep -c‘(vmx|svm)‘ /proc/cpuinfo
如果得到的数字大于0,说明是支持的,否则说明不支持,若为0,需要编辑配置文件,不等于0就不用编辑配置
vi /etc/nova/nova.conf //编辑
[libvirt]
virt_type = qemu
启动服务
systemctl enablelibvirtd.service openstack-nova-compute.service
systemctl startlibvirtd.service openstack-nova-compute.service
执行脚本
sourceadmin-openrc.sh
列出服务组件
novaservice-list
共有5个:nova-consoleauthnova-conductor nova-scheduler nova-cert nova-compute
列出api端点,一共有9组: nova三组,glance三组,keystone三组
nova endpoints
如果有提示
WARNING: novahas no endpoint in ! Available endpoints for this service:
可以忽略掉,也可以编辑 admin-openrc.sh 增肌一行 export OS_REGION_NAME=RegionOne
列出镜像
novaimage-list
本文出自 “时光依然轻擦” 博客,请务必保留此出处http://xulianglinux.blog.51cto.com/8001428/1855011
openstack部署