OpenStack newton部署
一、 环境
共需要2台主机
192.168.100.181 controller为控制节点和计算节点 192.168.100.182 compute1为计算节点
安装centos7.2
关闭防火墙(控制节点和计算节点都做)
关闭selinux
/etc/sysconfig/selinux SELINUX=disabled setenforce 0 关闭iptables
systemctl start firewalld.service systemctl stop firewalld.service systemctl disable firewalld.service
下面的表格给出了需要密码的服务列表以及它们的关系:
密码名称 描述 密码名称 ADMIN_PASS CEILOMETER_DBPASS CEILOMETER_PASS CINDER_DBPASS CINDER_PASS DASH_DBPASS DEMO_PASS GLANCE_DBPASS GLANCE_PASS HEAT_DBPASS HEAT_DOMAIN_PASS HEAT_PASS KEYSTONE_DBPASS NEUTRON_DBPASS NEUTRON_PASS NOVA_DBPASS NOVA_PASS RABBIT_PASS SWIFT_PASS admin 用户密码 描述 数据库密码(不能使用变量) 数据库的root密码 Telemetry 服务的数据库密码 Telemetry 服务的 ceilometer 用户密码 块设备存储服务的数据库密码 块设备存储服务的 cinder 密码 Database password for the dashboard demo 用户的密码 镜像服务的数据库密码 镜像服务的 glance 用户密码 Orchestration服务的数据库密码 Orchestration 域的密码 Orchestration 服务中``heat``用户的密码 认证服务的数据库密码 网络服务的数据库密码 网络服务的 neutron 用户密码 计算服务的数据库密码 计算服务中``nova``用户的密码 RabbitMQ的guest用户密码 对象存储服务用户``swift``的密码 1. 控制节点服务器
控制节点共配置2块网卡 eth1:192.168.100.181
eth2:不设置ip为trunk模式 添加/etc/hosts
设置NTP服务
# yum install chrony 编辑/etc/chrony.conf allow192.168.100.0/24
允许192.168.100.0网段访问 启动NTP服务
# systemctl enable chronyd.service # systemctl start chronyd.service
# timedatectl set-timezone Asia/Shanghai 设置时区 # timedatectl status 查看时区
安装openstack源及软件包
yum install centos-release-openstack-newton yum upgrade
yum install python-openstackclient yum install openstack-selinux
yum install mariadbmariadb-server python2-PyMySQL yum install rabbitmq-server
yum install memcached python-memcached yum install openstack-keystone httpdmod_wsgi yum install openstack-glance
yum install openstack-nova-apiopenstack-nova-conductor openstack-nova-console
openstack-nova-novncproxyopenstack-nova-scheduler yum install openstack-nova-compute yum install openstack-neutron openstack-neutron-ml2
openstack-neutron-linuxbridgeebtablesipset yum install openstack-dashboard 开启nova用户的登录权限. usermod -s /bin/bash nova
生成秘钥(各个计算节点执行) 控制节点也需要互信 su– nova
/usr/bin/ssh-keygen -t rsa /usr/bin/ssh-keygen -t dsa 所有计算节点均配置
cat<< EOF > ~/.ssh/config Host *
StrictHostKeyChecking no UserKnownHostsFile=/dev/null EOF
分发ssh到各个计算节点 computer1
scp id_dsa.pub 192.168.100.181:/var/lib/nova/.ssh/id_dsa.pub3 scp id_rsa.pub 192.168.100.181:/var/lib/nova/.ssh/id_rsa.pub3 controller(192.168.100.181):
cat id_dsa.pub id_dsa.pub2 id_rsa.pub id_rsa.pub2 id_rsa.pub3 id_dsa.pub3 >authorized_keys chmod 644 authorized_keys
scpauthorized_keys computer1:/var/lib/nova/.ssh
修改权限
chownnova:nova /var/lib/nova/.ssh/id_rsa/var/lib/nova/.ssh/authorized_keys
数据库配置
创建/etc/my.cnf.d/openstack.cnf文件
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.181 default-storage-engine = innodb innodb_file_per_table max_connections = 4096
collation-server = utf8_general_ci character-set-server = utf8 启动mariadb
# systemctl enable mariadb.service
# systemctl start mariadb.servic
为了保证数据库服务的安全性,运行``mysql_secure_installation``脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。 # mysql_secure_installation Password:123456
完成下面的步骤以创建数据库:
1.用数据库连接客户端以 root 用户连接到数据库服务器: #mysql -u root -p
创建 keystone 数据库:
mysql>CREATE DATABASE keystone; 对keystone数据库授予恰当的权限:
mysql>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY
'KEYSTONE_DBPASS';
mysql>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY
'KEYSTONE_DBPASS';
用合适的密码替换 KEYSTONE_DBPASS 。(这边我们用keystone) 创建 glance 数据库
mysql> CREATE DATABASE glance; 对glance数据库授予恰当的权限
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \\ IDENTIFIED BY 'GLANCE_DBPASS';
mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \\ IDENTIFIED BY 'GLANCE_DBPASS';
用一个合适的密码替换 GLANCE_DBPASS。(这边我们用glance) 创建 nova_api 和 nova 数据库: mysql> CREATE DATABASE nova_api; mysql> CREATE DATABASE nova; 对数据库进行正确的授权
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \\
IDENTIFIED BY 'NOVA_DBPASS';
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \\ IDENTIFIED BY 'NOVA_DBPASS';
mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \\ IDENTIFIED BY 'NOVA_DBPASS';
用合适的密码代替 NOVA_DBPASS(这里我们用nova) 创建neutron数据库
mysql> CREATE DATABASE neutron;
对neutron数据库授予合适的访问权限,使用合适的密码替换NEUTRON_DBPASS mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \\ IDENTIFIED BY 'NEUTRON_DBPASS';
mysql> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'NEUTRON_DBPASS'; (这里我们用密码:neutron)
rabbitmq配置 启动rabbitmq
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
添加openstack用户
# rabbitmqctladd_useropenstack RABBIT_PASS 用合适的密码替换 RABBIT_PASS 给``openstack``用户配置写和读权限
#rabbitmqctlset_permissionsopenstack \
# rabbitmq-plugins list #查看支持的插件
# rabbitmq-plugins enable rabbitmq_management #启动插件 #systemctl restart rabbitmq-server.service #lsof -i:15672
访问RabbitMQ,访问地址是http://192.168.100.181:15672
默认用户名密码都是guest,浏览器添加openstack用户到组并登陆测试,连不上情况一般是防火墙没有关闭所致!