openstack-pike一步一步配置
Posted 祥云驿站之IT拾趣
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了openstack-pike一步一步配置相关的知识,希望对你有一定的参考价值。
记得初次接触openstack,还是在IceHouse版本,但现在却已经发行到pike版本了。
网上基于pike的安装比较少,刚好这几天在看ironic,所以就抽时间整理了一下pike的安装(centos7.2下)
就不all-in-one一条命令安装了哈(那样太没挑战了,哈哈),这里选择一个组件一个组件的安装,为大家以后查阅时提供方便
也就是说接下来会整理openstack如下几类服务的安装:
Identity service:身份认证服务,对应pike的keystone
Image service:镜像管理服务,对应pike的glance
Compute service:计算服务,对应pike的nova
Networking service:网络服务,对应pike的neutron
Dashboard:web管理界面服务,对应pike的horizon
Block Storage service:存储服务,对应pike的 cinder
ok,我们一个一个来,由于篇幅限制,可能会分几章来说
1、环境介绍
iaas01:192.168.18.11
相关安装包太多了,我直接yum源的方式安装了,如果您不方便上内网,可以在公网主机上做一遍,并将给yum源配上cache,这样所有安装的rpm包,就会缓存到本地,对吧,你懂得。
centos将基于openstack的yum仓库(centos-release-openstack-pike)的rpm安装文件,存放在centos的extra资料库下,我们需要先配置centos的extra吧
注意用到了proxy,是配置代理的,如果您上网不用设置代理,就不用加了
[root@iaas01 yum.repos.d]# cat CentOS-openstack.repo
[centos-base]
name=CentOS-base
baseurl=https://mirrors.aliyun.com/centos/7/os/x86_64/
gpgcheck=0
enabled=1
proxy=http://10.1.57.56:8080
[centos-extras]
name=CentOS-extras
baseurl=https://mirrors.aliyun.com/centos/7/extras/x86_64/
gpgcheck=0
enabled=1
proxy=http://10.1.57.56:8080
[root@iaas01 yum.repos.d]# yum list centos-release-openstack-pike
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
Available Packages
centos-release-openstack-pike.x86_64 1-1.el7 centos-extras
[root@iaas01 yum.repos.d]# yum install -y centos-release-openstack-pike
Loaded plugins: fastestmirror, langpacks
centos-base | 3.6 kB 00:00:00
centos-extras | 3.4 kB 00:00:00
Loading mirror speeds from cached hostfile
Resolving Dependencies
...
Complete!
[root@iaas01 yum.repos.d]# ls
CentOS-Ceph-Jewel.repo CentOS-Media.repo CentOS-OpenStack-pike.repo CentOS-openstack.repo CentOS-QEMU-EV.repo
需要先update一下,升级本地操作系统上已安装的软件
[root@iaas01 yum.repos.d]# yum update
...
安装python-openstackclient
[root@iaas01 yum.repos.d]# yum install python-openstackclient
...
Complete!
2、系统初始化
A、安装mysql及初始化
后边几乎所有组建都要到mysql数据库,这里用mariadb
[root@iaas01 ~]# yum install mariadb mariadb-server python2-PyMySQL
Complete!
[root@iaas01 ~]# touch /etc/my.cnf.d/openstack.cnf
[root@iaas01 ~]# cat /etc/my.cnf.d/openstack.cnf
数据库只配置了几个简单的参数(凑活先用起来再说)
[mysqld]
#bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@iaas01 ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@iaas01 ~]# systemctl start mariadb.service
初始化mysql数据库,使用自带的工具:mysql_secure_installation
root密码我整成123456了
[root@iaas01 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
B、rabbitmq安装及初始化
rabbitmq也是一个通用组件,作用大家都知道消息推送的,详细的不说了,直接看安装吧
[root@iaas01 ~]# yum install rabbitmq-server
Complete!
[root@iaas01 ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@iaas01 ~]# systemctl start rabbitmq-server.service
新建一个openstack的用户,密码为123456
[root@iaas01 ~]# rabbitmqctl add_user openstack 123456
Creating user "openstack" ...
简单配置一下权限
[root@iaas01 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
C、http server安装及初始化
同样httpd,也是公共组件
[root@iaas01 ~]# yum install httpd
Complete!
修改httpd的配置文件,这里只简单改了ServerName
[root@iaas01 ~]# vi /etc/httpd/conf/httpd.conf
....
#ServerName www.example.com:80
ServerName 192.168.18.11
....
[root@iaas01 ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@iaas01 ~]# systemctl start httpd.service
D、memcached安装及初始化
[root@iaas01 ~]# yum install memcached python-memcached
Complete!
[root@iaas01 ~]# grep OPTIONS= /etc/sysconfig/memcached
#OPTIONS="-l 127.0.0.1,::1"
OPTIONS="-l 127.0.0.1,::1,192.168.18.11"
[root@iaas01 ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@iaas01 ~]# systemctl start memcached.service
3、keystone
初始化mysql数据库keystone和用户keystone
[root@iaas01 ~]# mysql -u root -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
安装keystone
[root@iaas01 ~]# yum install openstack-keystone mod_wsgi
Complete!
修改keystone的配置文件,这里注意分组,我用中括弧括起来了,也就是说下边修改的是该组下变量的值,千万不能改错了
如下文connection是database组内的值,修改时先找到database组,然后再查找connection就不会错了
[root@iaas01 ~]# vi /etc/keystone/keystone.conf
...
[database]
...
#connection = <None>
#mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
connection = mysql+pymysql://keystone:123456@192.168.18.11/keystone
...
[revoke]
...
# fernet_rotate` command). (string value)
#provider = fernet
provider = fernet
...
用户数据初始化
[root@iaas01 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet
[root@iaas01 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@iaas01 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
初始化Bootstrap
[root@iaas01 ~]# keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://192.168.18.11:35357/v3/ \
> --bootstrap-internal-url http://192.168.18.11:5000/v3/ --bootstrap-public-url http://192.168.18.11:5000/v3/ \
> --bootstrap-region-id RegionOne
加入http纳管
[root@iaas01 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
配置用户环境变量
[root@iaas01 ~]# vi ~/.bash_profile
...
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.18.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
...
[root@iaas01 ~]# source ~/.bash_profile
其实当时这里我还reboot了一次主机才好使的,不知道什么原因
重启httpd服务,或者reload也可以的
[root@iaas01 ~]# systemctl restart httpd
ok,keystone就装好了,我们看看keystone怎么用(创建域、项目、用户、角色等)
先看创建service project
[root@iaas01 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 1b65ea5318f6457f9e530832c118255b |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
创建demo project
[root@iaas01 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | d26b70631fd747d495209bc064425fe2 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
创建用户
[root@iaas01 ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 89edfb0b61bd4c85beb2cde208bedf47 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建角色
[root@iaas01 ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | bdb9838396b049ceaa8174673baf036a |
| name | user |
+-----------+----------------------------------+
角色和项目关联
[root@iaas01 ~]# openstack role add --project demo --user demo user
4、glance
创建glance数据库用户及权限配置,密码是123456
[root@iaas01 ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 60
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.06 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.17 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
使用openstack创建glance服务
先创建用户
[root@iaas01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | f4cb924f577a45cf94504515eb7f789f |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
添加到admin组里
[root@iaas01 ~]# openstack role add --project service --user glance admin
创建glance服务
[root@iaas01 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ad4f7b2ef583449a952b2ffbfd2e66e3 |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建镜像服务的API endpoints
[root@iaas01 ~]# openstack endpoint create --region RegionOne image public http://192.168.18.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9cd981a1cc7c4e5389def5a37c7b8142 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad4f7b2ef583449a952b2ffbfd2e66e3 |
| service_name | glance |
| service_type | image |
| url | http://192.168.18.11:9292 |
+--------------+----------------------------------+
[root@iaas01 ~]# openstack endpoint create --region RegionOne image internal http://192.168.18.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | feab6d04b20f49139af02c4509fc8c99 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad4f7b2ef583449a952b2ffbfd2e66e3 |
| service_name | glance |
| service_type | image |
| url | http://192.168.18.11:9292 |
+--------------+----------------------------------+
[root@iaas01 ~]# openstack endpoint create --region RegionOne image admin http://192.168.18.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2eb0609d30344cc4985d528ba60ee3e5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ad4f7b2ef583449a952b2ffbfd2e66e3 |
| service_name | glance |
| service_type | image |
| url | http://192.168.18.11:9292 |
+--------------+----------------------------------+
安装glance
[root@iaas01 ~]# yum install openstack-glance
...
Complete!
修改glance的配置文件,我修改了如下内容:
[root@iaas01 ~]# vi /etc/glance/glance-api.conf
...(大约在1805行)
[database]
...(大约在1824行)
#connection = <None>
connection = mysql+pymysql://glance:123456@192.168.18.11/glance
...(大约在1917行)
[glance_store]
...(大约在1944行)
stores = file,http
...(大约在1976行)
default_store = file
...(大约在2295行)
filesystem_store_datadir = /var/lib/glance/images
...(大约在3284行)
[keystone_authtoken]
uth_uri = http://192.168.18.11:5000
auth_url = http://192.168.18.11:35357
memcached_servers = 192.168.18.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
...(大约在3284行)
[paste_deploy]
...(大约在4235行)
#flavor = keystone
flavor = keystone
[root@iaas01 ~]# vi /etc/glance/glance-registry.conf
...(大约在1123行)
[database]
...(大约在1141行)
#connection = <None>
connection = mysql+pymysql://glance:123456@192.168.18.11/glance
...(大约在1235行)
[keystone_authtoken]
auth_uri = http://192.168.18.11:5000
auth_url = http://192.168.18.11:35357
memcached_servers = 192.168.18.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
...(大约在2135行)
[paste_deploy]
...(大约在2160行)
flavor = keystone
初始化mysql用户数据
[root@iaas01 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1328: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata01, add visibility to and remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata01 -> pike01, drop glare artifacts tables
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: pike01, current revision(s): pike01
启动glance
[root@iaas01 ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@iaas01 ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
ok,glance创建好了,我们看如何使用
从网上下载一个cirros镜像
[root@iaas01 ~]# wget -e "http_proxy=http://10.1.57.56:8080" http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
--2017-11-04 00:11:17-- http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
Connecting to 10.1.57.56:8080... connected.
Proxy request sent, awaiting response... 200 OK
Length: 13267968 (13M) [text/plain]
Saving to: ‘cirros-0.3.5-x86_64-disk.img’
100%[==================================================================================================================================>] 13,267,968 93.4KB/s in 2m 12s
2017-11-04 00:13:35 (98.3 KB/s) - ‘cirros-0.3.5-x86_64-disk.img’ saved [13267968/13267968]
将下载的镜像上传到glance库中,这里使用qcow2格式
[root@iaas01 ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | f8ab98ff5e73ebab884d80c9dc9c7290 |
| container_format | bare |
| created_at | 2017-11-03T17:14:55Z |
| disk_format | qcow2 |
| file | /v2/images/1abb42ea-d0cc-4bf5-85f4-9ec56b51ba8d/file |
| id | 1abb42ea-d0cc-4bf5-85f4-9ec56b51ba8d |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 6027870796484e16b9dd86cd92ddf7ab |
| protected | False |
| schema | /v2/schemas/image |
| size | 13267968 |
| status | active |
| tags | |
| updated_at | 2017-11-03T17:14:55Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
查看glance镜像
[root@iaas01 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 1abb42ea-d0cc-4bf5-85f4-9ec56b51ba8d | cirros | active |
+--------------------------------------+--------+--------+
ok,今天先到这里吧,篇幅(字数)到上限了
这里梳理了openstack pike基于redhat7.2的安装(yum源),讲了glance、keystone的安装及配置
还有nova、neutron、 horizon、cinder等几个组建(当然最主要的还有ironic),后续的章节中再梳理吧
以上是关于openstack-pike一步一步配置的主要内容,如果未能解决你的问题,请参考以下文章