CentOS6.5+OpenStack+kvm云平台部署
一.主机分配:
主机名 IP(Static) 系
统 配置 角色 openstack 192.168.1.2 CentOS-6.5-x86_64-minimal 4CPU,16G RAM,300G DISK,2网卡 管理节点/计算节点
node 192.168.1.3 CentOS-6.5-x86_64-minimal 4CPU,16G RAM,300G DISK,2网卡 计算节点
二、管理节点安装(OpenStack)
1.基础配置
操作系统使用CentOS-6.5-x86_64-minimal.iso,安装过程省略,本文采用yum源安装。 (1).导入第三方安装源
[root@openstack ~]# rpm -Uvh
http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm [root@openstack ~]# rpm -Uvh
http://pkgs.repoforge.org/rpmforge-release/rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm [root@openstack ~]# yum install
http://repos.fedorapeople.org/repos/openstack/openstack-havana/rdo-release-havana-7.noarch.rpm
(2).配置/etc/hosts文件
[root@openstack ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.1.2 openstack 192.168.1.3 node
(3).配置网络
[root@openstack ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 DEVICE=\
BOOTPROTO=\
HWADDR=\ ONBOOT=\
IPADDR=192.168.1.2
NETMASK=255.255.255.0 GATEWAY=192.168.1.1 TYPE=\
[root@openstack ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1 DEVICE=\
BOOTPROTO=\
HWADDR=\ ONBOOT=\ TYPE=\
(4).关闭selinux:
[root@openstack ~]# more /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing. # disabled - SELinux is fully disabled. SELINUX=disabled
# SELINUXTYPE= type of policy in use. Possible values are: # targeted - Only targeted network daemons are protected. # strict - Full SELinux protection. SELINUXTYPE=targeted
[root@openstack ~]# setenforce 0 (5).修改/etc/sysctl.conf参数:
[root@openstack ~]# vi /etc/sysctl.conf ……………………
net.ipv4.ip_forward = 1 ……………………
[root@openstack ~]#sysctl -p #使sysctl.conf配置生效
2.安装配置NTP服务
(1).安装NTP服务:
[root@openstack ~]# yum -y install ntp
(2).配置NTP服务:
[root@openstack ~]# vi /etc/ntp.conf driftfile /var/lib/ntp/drift restrict default ignore restrict 127.0.0.1
restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap server ntp.api.bz
server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 keys /etc/ntp/keys
(3).启动NTP服务,设置开机自启动: [root@openstack ~]# service ntpd start [root@openstack ~]# chkconfig ntpd on
3.配置安装MySQL:
(1).安装MySQL服务:
[root@openstack ~]# yum -y install mysql mysql-server MySQL-python (2).修改MySQL配置文件: # vi /etc/my.cnf [mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock user=mysql
# Disabling symbolic-links is recommended to prevent assorted security risks symbolic-links=0
bind-address = 0.0.0.0 #设置监听IP地址0.0.0.0
[mysqld_safe]
log-error=/var/log/mysqld.log
pid-file=/var/run/mysqld/mysqld.pid
(3).启动MqSQL服务,设置开机自启动: [root@openstack ~]# service mysqld start [root@openstack ~]# chkconfig mysqld on
(4).修改MySQL密码为passwd:
[root@openstack ~]# mysqladmin -uroot password 'passwd'; history -c
4.安装配置qpid服务
(1).安装qpid服务:
[root@openstack ~]# yum -y install qpid-cpp-server memcached
(2).修改/etc/qpidd.conf配置文件,将auth设置为no: [root@openstack ~]# vi/etc/qpidd.conf …………………… auth=no
(3).启动qpid服务,设置开机启动: [root@openstack ~]# service qpidd start [root@openstack ~]# chkconfig qpidd on (4).安装OpenStack工具包:
[root@openstack ~]# yuminstall -y openstack-utils
5.安装配置KeyStone
5.1.初始化KeyStone: (1).安装KeyStone服务:
[root@openstack ~]# yum -y install openstack-keystone
(2).创建keystone数据库,修改配置文件中的数据库链接: [root@openstack ~]# openstack-db --init --service keystone
(3).修改配置文件中的数据库链接:
[root@openstack ~]# openstack-config --set /etc/keystone/keystone.conf sql connection mysql://keystone:keystone@localhost/keystone
(4).使用openssl随即生成一个令牌,将其存储在配置文件中:
[root@openstack ~]# export SERVICE_TOKEN=$(openssl rand -hex 10)
//随机生成SERVICE_TOKEN值,请牢记
[root@openstack ~]# export SERVICE_ENDPOINT=http://127.0.0.1:35357/v2.0 [root@openstack ~]# mkdir /root/config
[root@openstack ~]# echo $SERVICE_TOKEN > /root/config/admin.txt [root@openstack ~]# cat /root/config/admin.txt 9860f4302f7e344ca901
[root@openstack ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $SERVICE_TOKEN
*注:将生成的SERVICE_TOKEN值写入文件中保存,以备后续使用,后面涉及到的SERVICE_TOKEN值都是在admin.txt文件中获取的。所以一旦写入文件,不要再次运行命令生成SERVICE_TOKEN,否则前后不一致会为调试带来麻烦。
(5).默认情况下keysonte使用PKI令牌。创建签名密钥和证书:
[root@openstack ~]# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone