Centos7.3 OpenStack pike版本单节点部署,只安装了glance、keystone、nova、neutron和horizon没有部署cinder swift等。过程主要是跟官方文档走,过程中有几个坑点,记录一下。
环境配置
首先准备好各种密码,基本上每个服务要准备两个密码,一个数据库的、一个openstack中用户的。
网络:由于单节点部署,控制节点两张网卡分别分配公网ip(59.67.x.x)和内网地址(192.168.31.200/官方例子中为10.0.0.11)。配置好hostname,在
/etc/hosts中配置好节点名称与地址的对应关系。NTP:单节点部署可以先不配置NTP服务,如果要配置则在控制节点配置并启用chrony作为服务器,其余节点与控制节点同步
安装chrony:
yum install chrony控制节点:
编辑
/etc/chrony.conf,配置好NTP服务器,然后允许内网中其余节点获取同步:allow 192.168.31.0/24其余节点:
编辑
/etc/chrony.conf,将NTP服务器设置为controller:server controller iburst启动服务并设置服务自启动
systemctl enable chronyd.servicesystemctl start chronyd.service验证配置
在控制节点外的其他节点运行:
chronyc sources, 在控制节点前MS栏看到*符号,证明同步成功。
配置openstack软件包仓库
yum install centos-release-openstack-pike
yum upgrade
yum install python-openstackclient openstack-selinux安装配置数据库(控制节点)
yum install mariadb mariadb-server python2-PyMySQL创建文件
/etc/my.cnf.d/openstack.cnf写入内容:
12345678[mysqld]bind-address = 192.168.31.200default-storage-engine = innodbinnodb_file_per_table = onmax_connections = 4096collation-server = utf8_general_cicharacter-set-server = utf8这里有个坑!!!
启动服务,配置用户密码:
123systemctl enable mariadb.servicesystemctl start mariadb.servicemysql_secure_installation
上一步中配置max_connections设置为4096是因为默认的214连接数不够openstack使用,会导致不能连接数据库。在dashboard中偶尔弹出错误,nova list等命令报503等情况都可能是最大连接数过小的原因。
而Centos7中虽然按照上面配置了mariadb,但如果使用
show variables like "max_connections";查看会发现最大连接数仍然是214。Solution:
这是由于mariadb的最大连接数还受制于系统,需要在服务启动时修改其的最大文件描述符限制。编辑
/usr/lib/systemd/system/mariadb.service,在[Service]中增加两行:12LimitNOFILE=10000LimitNPROC=10000然后刷新系统服务:systemctl --system daemon-reload
配置消息队列服务(控制节点)
安装并启动rabbitmq-server:
123yum install rabbitmq-serversystemctl enable rabbitmq-server.servicesystemctl start rabbitmq-server.service添加openstack用户并配置其权限(注意替换RABBIT_PASS):
12rabbitmqctl add_user openstack RABBIT_PASSrabbitmqctl set_permissions openstack ".*" ".*" ".*"
配置memcached(控制节点)
安装memcached及python库:
yum install memcached python-memcached编辑
/etc/sysconfig/memcached修改OPTIONS为OPTIONS="-l 127.0.0.1,::1,controller"启动服务并添加自启动:
12systemctl enable memcached.servicesystemctl start memcached.service
##Keystone(身份认证服务)
创建数据库和数据库用户(注意替换KEYSTONE_DBPASS)
12345MariaDB [(none)]> CREATE DATABASE keystone;MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \IDENTIFIED BY 'KEYSTONE_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \IDENTIFIED BY 'KEYSTONE_DBPASS';安装keystone和apache
yum install openstack-keystone httpd mod_wsgi配置keystone:
- 编辑
/etc/keystone/keystone.conf:- 在
[database]段添加connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone - 在
[token]段添加provider = fernet
- 在
- 编辑
同步keystone数据库:
su -s /bin/sh -c "keystone-manage db_sync" keystone初始化fernet key仓库
12keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone引导身份认证服务,创建了一个管理员帐户admin并设置了密码,设置了几个api地址,创建了区域1
12345keystone-manage bootstrap --bootstrap-password ADMIN_PASS \--bootstrap-admin-url http://controller:35357/v3/ \--bootstrap-internal-url http://controller:5000/v3/ \--bootstrap-public-url http://controller:5000/v3/ \--bootstrap-region-id RegionOne配置apache
编辑文件
/etc/httpd/conf/httpd.conf更改ServerName controller将keystone安装后自带的wsgi配置文件连接到httpd运行配置中
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动apache
12systemctl enable httpd.servicesystemctl start httpd.service创建管理员的OpenStack客户环境脚本
创建一个文件如
admin-openrc填入内容(注意替换ADMIN_PASS):12345678export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2使用
. admin-openrc引入admin用户的环境变量
创建服务项目
openstack project create --domain default --description "Service Project" service创建测试项目和测试用户
1234openstack project create --domain default --description "Demo Project" demoopenstack user create --domain default --password-prompt demoopenstack role create useropenstack role add --project demo --user demo user创建测试用户
demo的环境脚本(替换DEMO_PASS):12345678export OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=DEMO_PASSexport OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2验证:
- 12. admin-openrc # 设置环境变量openstack token issue # 请求token
结果应类似下方:
12345678910+------------+-----------------------------------------------------------------+| Field | Value |+------------+-----------------------------------------------------------------+| expires | 2016-02-12T20:44:35.659723Z || id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl || | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e || | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E || project_id | 343d245e850143a096806dfaefa9afdc || user_id | ac3377633149401296f6c0d92d79dc16 |+------------+-----------------------------------------------------------------+ 同理测试
demo用户
Glance(镜像服务)
创建数据库和数据库用户(注意替换GLANCE_DBPASS):
12345MariaDB [(none)]> CREATE DATABASE glance;MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \IDENTIFIED BY 'GLANCE_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \IDENTIFIED BY 'GLANCE_DBPASS';引入管理员环境变量
. admin-openrc创建
glance用户并设置密码:openstack user create --domain default --password-prompt glance为
service项目的glance用户添加admin角色openstack role add --project service --user glance admin创建
glance服务实体openstack service create --name glance --description "OpenStack Image" image创建API:
123openstack endpoint create --region RegionOne image public http://controller:9292openstack endpoint create --region RegionOne image internal http://controller:9292openstack endpoint create --region RegionOne image admin http://controller:9292安装glance软件包
yum install openstack-glance配置glance
编辑
/etc/glance/glance-api.conf:12345678910111213141516171819202122232425[database]# ...connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance[keystone_authtoken]# ...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = GLANCE_PASS[paste_deploy]# ...flavor = keystone[glance_store]# ...stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/编辑
/etc/glance/glance-registry.conf:12345678910111213141516171819[database]# ...connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance[keystone_authtoken]# ...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = GLANCE_PASS[paste_deploy]# ...flavor = keystone
同步数据库:
su -s /bin/sh -c "glance-manage db_sync" glance启动服务
12systemctl enable openstack-glance-api.service openstack-glance-registry.servicesystemctl start openstack-glance-api.service openstack-glance-registry.service
Nova(计算服务)
控制节点
创建数据库和数据库用户(注意替换NOVA_DBPASS):
123456789MariaDB [(none)]> CREATE DATABASE nova_api;MariaDB [(none)]> CREATE DATABASE nova;MariaDB [(none)]> CREATE DATABASE nova_cell0;MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';引入管理员环境变量
. admin-openrc创建
nova用户并设置密码:openstack user create --domain default --password-prompt nova为
service项目的nova用户添加admin角色创建
nova服务实体openstack service create --name nova --description "OpenStack Compute" compute创建API
123openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1创建
placement用户并添加角色12openstack user create --domain default --password-prompt placementopenstack role add --project service --user placement admin创建API
1234openstack service create --name placement --description "Placement API" placementopenstack endpoint create --region RegionOne placement public http://controller:8778openstack endpoint create --region RegionOne placement internal http://controller:8778openstack endpoint create --region RegionOne placement admin http://controller:8778安装软件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api编辑
/etc/nova/nova.conf[DEFAULT]段中,开启计算与元数据API、RabbitMQ消息队列地址、控制节点内网ip地址以及启动网络服务支持1234567[DEFAULT]# ...enabled_apis = osapi_compute,metadatatransport_url = rabbit://openstack:RABBIT_PASS@controllermy_ip = 192.168.31.200use_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver在
[api_database]与[database]段中配置数据库连接(注意替换密码)123456[api_database]# ...connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api[database]# ...connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova在
[api]和[keystone_authtoken]段中,配置身份认证信息1234567891011121314[api]# ...auth_strategy = keystone[keystone_authtoken]# ...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = NOVA_PASS[vnc]段启用vnc并配置地址12345[vnc]enabled = true# ...vncserver_listen = 0.0.0.0vncserver_proxyclient_address = $my_ip[glance]段配置镜像服务api地址123[glance]# ...api_servers = http://controller:9292[oslo_concurrency]123[oslo_concurrency]# ...lock_path = /var/lib/nova/tmp[placement]段,配置placement api12345678910[placement]# ...os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://controller:35357/v3username = placementpassword = PLACEMENT_PASS
Populate
nova-api数据库,注册cell0,创建cell1,Populate 数据库1234su -s /bin/sh -c "nova-manage api_db sync" novasu -s /bin/sh -c "nova-manage cell_v2 map_cell0" novasu -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" novasu -s /bin/sh -c "nova-manage db sync" nova启动服务并设置自启动
12systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.servicesystemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
计算节点
- 如果控制节点也运行计算服务,需要补上多出来的操作
安装计算服务
yum install openstakc-nova-compute配置
/etc/nova/nova.conf部分配置与控制节点相同,ip为计算节点内网ip地址[DEFAULT]1234567[DEFAULT]# ...enabled_apis = osapi_compute,metadatatransport_url = rabbit://openstack:RABBIT_PASS@controllermy_ip = MANAGEMENT_INTERFACE_IP_ADDRESSuse_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver[api]和[keystone_authtoken]1234567891011121314[api]# ...auth_strategy = keystone[keystone_authtoken]# ...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = NOVA_PASS[vnc]段,官方中123456[vnc]# ...enabled = Truevncserver_listen = 0.0.0.0vncserver_proxyclient_address = $my_ipnovncproxy_base_url = http://controller:6080/vnc_auto.html这里有个注意点!!!!
官方文档中配置
novncproxy_base_url = http://controller:6080/vnc_auto.html,这样会让dashboard中控制台启动vnc时连接内网地址,如果想要让外网可以访问控制台,应该将其设置为novncproxy_base_url = http://公网ip地址:6080/vnc_auto.html[glance]、[oslo_concurrency]、[placement]同上面控制节点
启动服务并添加启动项
12systemctl enable libvirtd.service openstack-nova-compute.servicesystemctl start libvirtd.service openstack-nova-compute.service将计算节点加入数据库,控制节点上导入管理员环境变量后
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Neutron(网络服务)
创建数据库和数据库用户
123MariaDB [(none)] CREATE DATABASE neutron;MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';导入
admin环境变量. admin-openrc创建
neutron用户,添加角色12openstack user create --domain default --password-prompt neutronopenstack role add --project service --user neutron admin创建服务实体及API地址
1234openstack service create --name neutron --description "OpenStack Networking" networkopenstack endpoint create --region RegionOne network public http://controller:9696openstack endpoint create --region RegionOne network internal http://controller:9696openstack endpoint create --region RegionOne network admin http://controller:9696