版块推荐

Openstack VLAN模式通过Openvswitch ..

Openstack 中ceph存储节点修复pgs ..
发贴 回复
打印 复制链接
加为好友
admin
不忘初心,方得始终
级别: 管理员
只看楼主 | | | 0楼 发表于:2017-09-26 09:13

CentOS7.0系统部署双节点OpenStack Pike版本云计算平台

  OpenStack Pike版本云计算平台:
  1.部署环境:采取VMware WorkStation 12部署2个虚拟机,虚拟机配置打开CPU VT支持。分成Controller 节点(网络节点)和Computer01计算节点。
  虚拟机采取双网卡,网卡ens33采取桥接方式,可以连接外网。网卡ens34采取NAT方式,作为内部管理网卡。
  控制节点和计算节点配置为2CPU,4G内存。
  控制节点网卡ens33的IP地址为192.168.18.120,计算节点网卡ens33的IP地址为192.168.18.121,掩码24位,网关为192.168.18.1.
  控制节点网卡ens34的IP地址为172.16.5.128,计算节点网卡ens33的IP地址为172.16.5.130.

  2.禁用selinux和开启firewalld的防火墙。
  #cp -p /etc/sysconfig/selinux{,.bak}
  #vi /etc/sysconfig/selinux 设置SELINUX=disabled
  #setenforce 0
  执行#getenforce 进行验证,显示Disabled则为正常。
   #systemctl enable firewalld
   #systemctl start firewalld

 3.修改主机名和网络连接:
   cp -p /etc/hosts{,.bak}
  vim /etc/hosts添加:
  192.168.18.120 controller
  192.168.18.121 computer01
  172.16.5.128 controller
  172.16.5.130 computer01
  网络连接修改方法为:
  cp -p /etc/sysconfig/network-scripts/ifcfg-ens33{,.bak}:
  vim /etc/sysconfig/network-scripts/ifcfg-ens33
  TYPE=Ethernet
  #BOOTPROTO=dhcp
  BOOTPROTO=none
  DEFROUTE=yes
  PEERDNS=yes
  PEERROUTES=yes
  IPV4_FAILURE_FATAL=no
  IPV6INIT=yes
  IPV6_AUTOCONF=yes
  IPV6_DEFROUTE=yes
  IPV6_PEERDNS=yes
  IPV6_PEERROUTES=yes
  IPV6_FAILURE_FATAL=no
  IPV6_ADDR_GEN_MODE=stable-privacy
  NAME=ens33
  UUID=339639da-335c-446f-9100-99d3f2351ab1
  DEVICE=ens33
  #ONBOOT=no
  ONBOOT=yes
  IPADDR=192.168.18.120
  NETMASK=255.255.255.0
  GATEWAY=192.168.18.1
  DNS1=114.114.114.114
  DNS2=202.106.46.151
  注意:控制节点的管理网卡ens34网关不用设置,IP设置为172.16.5.128。计算节点管理网卡ens34的IP设置为172.16.5.130。
  控制节点验证方法:ping -c 4 openstack.org
                                  ping -c 4 computer01
  计算节点验证方法:ping -c 4 openstack.org
                                  ping -c 4 controller

   4.时钟同步配置:
   控制节点: yum install chrony -y
   cp -p /etc/chrony.conf{,.bak}
   vi  /etc/chrony.conf添加:
   server cn.pool.ntp.org iburst
   server 127.127.1.1 iburst
   allow 192.168.0.0/16
   local stratum 10
   然后执行#systemctl enable chronyd
   #systemctl start chronyd
   #firewall-cmd --add-service=ntp --permanent
   或者:
   #firewall-cmd --zone=public --add-port=123/udp --permanent
   #firewall-cmd --reload
   #systemctl restart firewalld

   计算节点:yum install chrony -y
   cp -p /etc/chrony.conf{,.bak}
   vi  /etc/chrony.conf添加:
   server controller iburst
   然后执行#systemctl enable chronyd
   #systemctl start chronyd
   #firewall-cmd --add-service=ntp --permanent
   或者:
   #firewall-cmd --zone=public --add-port=123/udp --permanent
   #firewall-cmd --reload
   #systemctl restart firewalld
   验证:
   #chronyc sources

  5. 控制节点和计算节点安装OpenStack Pike的版本支持包:
   控制节点和计算节点都要依次执行:
  #yum install centos-release-openstack-pike -y
  #yum upgrade -y
  #yum install python-openstackclient -y
  #yum install openstack-selinux -y

  6.控制节点安装mariadb数据库:
  #yum install mariadb mariadb-server python2-MySQL -y
  # vi /etc/my.cnf.d/openstack.cnf:
  [mysqld]
  bind-address=172.16.5.128
  default-storage-engine=innodb
  innodb_file_per_table=on
  max_connections=4096
  collation-server=utf8_general_ci
  character-set-server=utf8
  #systemctl enable mariadb
  #systemctl start mariadb
  初始化mariadb数据库:
  #mysql_secure_installation
   #firewall-cmd --zone=public --add-port=3306/tcp --permanent
   #firewall-cmd --reload
   #systemctl restart firewalld

  7.控制节点安装消息队列rabbitmq-server服务:
  #yum install rabbitmq-server -y
  #systemctl enable rabbitmq-server
  #systemctl start rabbitmq-server
  #rabbitmqctl add_user openstack openstack
  #rabbitmqctl set_permissions openstack ".*" ".*" ".*"
  #/usr/sbin/rabbitmq-plugins enable rabbitmq_management 或者touch /etc/rabbitmq/enabled_plugins文件,添加[rabbitmq_management].
  #rabbitmqctl set_user_tags openstack administrator
   #firewall-cmd --zone=public --add-port=5672/tcp --permanent
   #firewall-cmd --zone=public --add-port=15672/tcp --permanent
   #firewall-cmd --reload
   #systemctl restart firewalld
  验证:#lsof -n -i:5672
             #lsof -n -i:15672
             #netstat -ano|grep 5672
             #netstat -ano|grep 15672
             #通过web 浏览器访问IP:15672输入guest/guest或者openstack/openstack访问消息队列的管理页面。

  8.控制节点安装memcached缓存服务:
   #yum install memcached python-memcached -y
   #cp -p /etc/sysconfig/memcached{,.bak}
   #vim /etc/sysconfig/memcached,在OPTIONS选项后面添加内容:controller
   OPTIONS="-l 127.0.0.1,::1,controller"
   #systemctl enable memcached
   #systemctl start memcached
   #firewall-cmd --zone=public --add-port=11211/tcp --permanent
   #firewall-cmd --reload
   #systemctl restart firewalld
  验证:#lsof -n -i:11211
            #netstat -ano|grep 11211

  9.控制节点安装Keystone认证服务:
  #mysql -u root -p
  MariaDB [(none)]>create database keystone;
  MariaDB [(none)]>grant all privileges on keystone.* to 'keystone'@'127.0.0.1' identified by 'keystone';
  MariaDB [(none)]>grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';
  MariaDB [(none)]>grant all privileges on keystone.* to 'keystone'@'172.16.5.128' identified by 'keystone';
  MariaDB [(none)]>grant all privileges on keystone.* to 'keystone'@'192.168.18.120' identified by 'keystone';
  MariaDB [(none)]>grant all privileges on keystone.* to 'keystone'@'controller' identified by 'keystone';
  MariaDB [(none)]>grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone';
  MariaDB [(none)]>flush privileges;
  MariaDB [(none)]>\q
  #yum install openstack-keystone httpd mod_wsgi -y
  #cp -p /etc/keystone/keystone.conf{,.bak}
  #vim /etc/keystone/keystone.conf:
  [database]的区域里面修改:
  connection = mysql+pymysql://keystone:keystone@controller/keystone
  [token]的区域里面修改:
  provider=fernet
  #su -s /bin/sh -c "keystone-manage db_sync" keystone
  #keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
  #keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
  #keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:35357/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne
  #cp -p /etc/httpd/conf/httpd.conf{,.bak}
  #vim /etc/httpd/conf/httpd.conf:
  修改ServerName controller或者ServerName 192.168.18.120
  #ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
  #systemctl enable httpd.service
  #systemctl start httpd.service
  #export OS_USERNAME=admin
  #export OS_PASSWORD=admin
  #export OS_PROJECT_NAME=admin
  #export OS_USER_DOMAIN_NAME=default
  #export OS_PROJECT_DOMAIN_NAME=default
  #export OS_AUTH_URL=http://controller:35357/v3
  #export OS_IDENTITY_API_VERSION=3
  #openstack project create --domain default \
  --description "Service Project" service
  # openstack project create --domain default \
  --description "Demo Project" demo
  #openstack user create --domain default \
  --password-prompt demo
  #openstack role create user
  # openstack role add --project demo --user demo user
  验证:
  cp -p /etc/keystone/keystone-paste.ini{,.bak}
  从 [pipeline:public_api], [pipeline:admin_api]和[pipeline:api_v3]区域删除里面的admin_token_auth
  #unset OS_AUTH_URL OS_PASSWORD
  #openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue
  #openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name demo --os-username demo token issue
  
   编写认证脚本:
   admin-openrc:
  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=admin
  export OS_AUTH_URL=http://controller:35357/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2
  
  demo-openrc:
  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=demo
  export OS_USERNAME=demo
  export OS_PASSWORD=demo
  export OS_AUTH_URL=http://controller:5000/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2

  防火墙添加keystone服务的端口:
  #firewall-cmd --zone=public --add-port=80/tcp --permanent
  #firewall-cmd --zone=public --add-port=5000/tcp --permanent  
  #firewall-cmd --zone=public --add-port=35357/tcp --permanent  
  #firewall-cmd --reload
  #systemctl restart firewalld

  10.控制节点安装Glance镜像服务:
   #mysql -u root -p
  MariaDB [(none)]>create database glance;
  MariaDB [(none)]>grant all privileges on glance.* to 'glance'@'127.0.0.1' identified by 'glance';
  MariaDB [(none)]>grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance';
  MariaDB [(none)]>grant all privileges on glance.* to 'glance'@'172.16.5.128' identified by 'glance';
  MariaDB [(none)]>grant all privileges on glance.* to 'glance'@'192.168.18.120' identified by 'glance';
  MariaDB [(none)]>grant all privileges on glance.* to 'glance'@'controller' identified by 'glance';
  MariaDB [(none)]>grant all privileges on glance.* to 'glance'@'%' identified by 'glance';
  MariaDB [(none)]>flush privileges;
  MariaDB [(none)]>\q
  
  #. admin-openrc
  #openstack user create --domain default --password-prompt glance
  #openstack role add --project service --user glance admin
  #openstack service create --name glance \
  --description "OpenStack Image" image
  
  创建服务端点:
  openstack endpoint create --region RegionOne \
  image public http://controller:9292
  openstack endpoint create --region RegionOne \
  image internal http://controller:9292
  openstack endpoint create --region RegionOne \
  image admin http://controller:9292
  
  #yum install openstack-glance -y
  cp -p /etc/glance/glance-api.conf{,.bak}
  vim /etc/glance/glance-api.conf:
  在[database]部分配置数据库访问:
  [database]
  connection = mysql+pymysql://glance:glance@controller/glance
  在[keystone_authtoken] 和 [paste_deploy]部分,配置身份认证服务访问:
  [keystone_authtoken]
  auth_uri = http://controller:5000
  auth_url = http://controller:35357
  memcached_servers = controller:11211
  auth_type = password
  project_domain_name=default
  user_domain_name=default
  project_name=service
  username=glance
  password=glance
  [paste_deploy]
  flavor = keystone
  在[glance_store]节中,配置本地文件系统存储和映像文件的位置:
  [glance_store]
  stores = file,http
  default_store = file
  filesystem_store_datadir = /var/lib/glance/images/
  
  cp -p /etc/glance/glance-registry.conf{,.bak}
  vim /etc/glance/glance-registry.conf,修改内容:
  在[database]部分配置数据库访问:
  [database]
  connection = mysql+pymysql://glance:glance@controller/glance
  在[keystone_authtoken] 和 [paste_deploy]部分,配置身份认证服务访问:
  [keystone_authtoken]
  auth_uri = http://controller:5000
  auth_url = http://controller:35357
  memcached_servers = controller:11211
  auth_type = password
  project_domain_name=default
  user_domain_name=default
  project_name=service
  username=glance
  password=glance
  [paste_deploy]
  flavor = keystone
  同步glance数据库:
  su -s /bin/sh -c "glance-manage db_sync" glance
  初始化镜像服务:
  #systemctl enable openstack-glance-api.service openstack-glance-registry.service
  #systemctl start openstack-glance-api.service openstack-glance-registry.service
  防火墙添加glance服务的端口:
  #firewall-cmd --zone=public --add-port=9292/tcp --permanent (glance api端口)
  #firewall-cmd --zone=public --add-port=9191/tcp --permanent   (glance registry端口)
  #firewall-cmd --reload
  #systemctl restart firewalld
  
  上传镜像验证:
  wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
  openstack image create "cirros" \
>  --file cirros-0.3.4-x86_64-disk.img \
>  --disk-format qcow2  --container-format bare \
> --public
  执行命令验证上传的镜像:
  #ll /var/lib/glance/images/
  #openstack image list
  
  11.控制节点安装Nova计算服务:
   #mysql -u root -p
  MariaDB [(none)]>create database nova_api;
  MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'127.0.0.1' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'172.16.5.128' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'192.168.18.120' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'controller' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'%' identified by 'nova';
  MariaDB [(none)]>flush privileges;
  MariaDB [(none)]>\q

  #mysql -u root -p
  MariaDB [(none)]>create database nova;
  MariaDB [(none)]>grant all privileges on nova.* to 'nova'@'127.0.0.1' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova.* to 'nova'@'localhost' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova.* to 'nova'@'172.16.5.128' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova.* to 'nova'@'192.168.18.120' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova.* to 'nova'@'controller' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova.* to 'nova'@'%' identified by 'nova';
  MariaDB [(none)]>flush privileges;
  MariaDB [(none)]>\q

  #mysql -u root -p
  MariaDB [(none)]>create database nova_cell0;
  MariaDB [(none)]>grant all privileges on nova_cell0.* to 'nova'@'127.0.0.1' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_cell0.* to 'nova'@'172.16.5.128' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_cell0.* to 'nova'@'192.168.18.120' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_cell0.* to 'nova'@'controller' identified by 'nova';
  MariaDB [(none)]>grant all privileges on nova_cell0.* to 'nova'@'%' identified by 'nova';
  MariaDB [(none)]>flush privileges;
  MariaDB [(none)]>\q
  
  #. admin-openrc
  # openstack user create --domain default --password-prompt nova 输入密码:nova
  # openstack role add --project service --user nova admin
  # openstack service create --name nova \
  --description "OpenStack Compute" compute
  #openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1
  #openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1
  ##openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1
  #openstack user create --domain default --password-prompt placement 输入密码:placement
  #openstack role add --project service --user placement admin
  #openstack service create --name placement --description "Placement API" placement
  #openstack endpoint create --region RegionOne placement public http://controller:8778
  #openstack endpoint create --region RegionOne placement internal http://controller:8778
  #openstack endpoint create --region RegionOne placement admin http://controller:8778

  #yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api -y

  #cp -p /etc/nova/nova.conf{,.bak}
  #vim /etc/nova/nova.conf:

  在[DEFAULT]区域,启用计算和元数据的API:
  [DEFAULT]
  enabled_apis = osapi_compute,metadata

  在[api_database] 和 [database]区域,配置数据库访问:
  [api_database]
  connection = mysql+pymysql://nova:nova@controller/nova_api
  [database]
  connection = mysql+pymysql://nova:nova@controller/nova

  在 [DEFAULT] 区域, 配置RabbitMQ 消息队列访问:
  transport_url = rabbit://openstack:openstack@controller

  在[api] 和 [keystone_authtoken]区域,配置认证服务访问:
  [api]
  auth_strategy = keystone

  [keystone_authtoken]
  auth_uri = http://controller:5000
  auth_url = http://controller:35357
  memcached_servers = controller:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = nova
  password = nova

在[DEFAULT]区域中,配置my_ip选项,来使用控制节点的管理节点IP地址。
  [DEFAULT]
  my_ip=192.168.18.120
  
  在[DEFAULT]区域中,开启网络服务支持:
  [DEFAULT]
  use_neutron = True
  firewall_driver = nova.virt.firewall.NoopFirewallDriver

   在[vnc]区域中,配置VNC 代理来使用控制节点的管理IP地址。
   [vnc]
  enabled = true
  vncserver_listen = $my_ip
  vncserver_proxyclient_address = $my_ip

  在[glance]区域中,配置镜像服务API的位置。
  [glance]
  api_servers = http://controller:9292
  
  在 [oslo_concurrency] 区域中,配置锁文件的路径:
  [oslo_concurrency]
  lock_path = /var/lib/nova/tmp

  在 [placement] 区域中,配置 Placement API:
  [placement]
os_region_name = RegionOne
  project_domain_name = Default
  project_name = service
  auth_type = password
  user_domain_name = Default
  auth_url = http://controller:35357/v3
  username = placement
  password = placement

  cp -p /etc/httpd/conf.d/00-nova-placement-api.conf{,.bak}
  vim /etc/httpd/conf.d/00-nova-placement-api.conf,文件末尾添加上:
  <Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
  </Directory>
  #systemctl restart httpd

  同步nova_api数据库:
  #su -s /bin/sh -c "nova-manage api_db sync" nova
  
  注册cell0数据库:
  #su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

  创建cell1:
  #su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

  同步nova数据库:
  #su -s /bin/sh -c "nova-manage db sync" nova

  验证cell0和cell1是否正确注册:
  #nova-manage cell_v2 list_cells

  设置nova相关服务开机自启动:
  #systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

  启动nova相关服务:
  #systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service




  12.计算节点安装libvirtd及nova-compute计算服务。
  
  13.控制节点安装Neutron网络服务:

  14.计算节点配置Neutron网络服务:
  
  15.Dashboard安装:
  cp -p /etc/httpd/conf.d/openstack-dashboard.conf{,.bak}
  vim /etc/httpd/conf.d/openstack-dashboard.conf:
  在文件开头添加上:
  WSGIApplicationGroup %{GLOBAL}

  15.创建云主机前的准备工作:
  #firewall-cmd --zone=public --add-service=vnc-server --permanent
  #firewall-cmd --reload
  #systemctl restart firewalld

  
回复 引用 顶端
发贴 回复
  霸气龙 » 云计算 » OpenStack » CentOS7.0系统部署双节点OpenStack Pike版本云计算平台