openstack-环境-keystone-->glance--->placement--->nova

其他 2020-04-13 01:34:12 阅读次数: 0 
yum install -y bash-completion lrzsz wget unzip ntpdate  screen iotop lsof
ntpdate time1.aliyun.com

yum install -y yum-plugin-ugin-priorities


setenforce 0



echo 'Controller220/node221' > /etc/hostname
[root@220 ~]# systemctl restart NetworkManager 
[root@220 ~]# hostname Controller220/node221
Controller220/node221
[root@220 ~]# bash

yum install chrony -y
vim /etc/chrony.conf   ————>allow 192.168.3.0/24
systemctl enable chronyd && systemctl restart chronyd
systemctl stop firewalld && systemctl disable firewalld.service
setenforce 0

[root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF
[openstack]
name=openstack mirrors.aliyun.com
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/
enabled=1
gpgcheck=0
EOF
yum install epel-release -y
yum clean all
yum clean metadata
yum install -y centos-release-openstack-queens
yum upgrade -y
Controller220 节点

yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient  openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbs
yum localinstall  -y /root/openstack/*
yum install  -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api



yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-server
cat > /etc/my.cnf.d/openstack.cnf << EOF
[mysqld]
bind-address = 192.168.3.220
default-storage-engine = innodb     #默认存储引擎
innodb_file_per_table = on          #每张表独立表空间文件
max_connections = 4096              #最大连接数
collation-server = utf8_general_ci   #默认字符集
character-set-server = utf8
EOF
systemctl enable mariadb memcached && systemctl restart mariadb memcached
初始化数据库
mysql_secure_installation

yum install rabbitmq-server erlang -y
erl -v
systemctl enable rabbitmq-server && systemctl restart rabbitmq-server
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g'  /etc/sysconfig/memcached
systemctl enable memcached && systemctl restart memcached

rabbitmq-plugins  enable rabbitmq_management  (启动web界面)
[root@Controller220 ~]# rabbitmq-plugins list |grep  management      
[E] rabbitmq_management               3.3.5

[root@Controller220 ~]# lsof -i:15672
COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
beam.smp 31539 rabbitmq   17u  IPv4  51731      0t0  TCP *:15672 (LISTEN)
ip:15672  u:guest p:guest


----------------------------------------------------------------------------------------------------------------

                    keystone:用户认证,服务目录


----------------------------------------------------------------------------------------------------------------
yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi

mysql -uroot -p123qwe -e "\
create database if not exists keystone; \
create database if not exists glance;\
create database if not exists nova;\
create database if not exists nova_api;\
create database if not exists neutron; \
create database if not exists cinder;\
create database if not exists placement;\
grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\
grant all on keystone.* to 'keystone'@'%'           identified by 'keystone'; \
grant all on glance.*   to 'glance'@'localhost'   identified by 'glance';\
grant all on glance.*   to 'glance'@'%'           identified by 'glance'; \
grant all on nova.*     to 'nova'@'localhost'       identified by 'nova'; \
grant all on nova.*     to 'nova'@'%'               identified by 'nova'; \
grant all on nova_api.* to 'nova'@'localhost'     identified by 'nova';\
grant all on nova_api.* to 'nova'@'%'               identified by 'nova'; \
grant all on neutron.*  to 'neutron'@'localhost'  identified by 'neutron'; 
grant all on neutron.*  to 'neutron'@'%'           identified by 'neutron';\
grant all on cinder.*   to 'cinder'@'localhost'   identified by 'cinder';\
grant all on cinder.*   to 'cinder'@'%'           identified by 'cinder';
grant all on placement.*   to 'placement'@'localhost'   identified by 'placement';\
grant all on placement.*   to 'placement'@'%'           identified by 'placement';\
flush privileges;\
show databases;\
select user,host from mysql.user;"
(改如下)
cat > /etc/keystone/keystone.conf <<EOF 
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
[memcache]
servers = 192.168.3.220:11211
[token]
provider = fernet
driver = memcache
EOF
初始化数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;" 

初始化Fernet keys:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 
建立admin用户
keystone-manage bootstrap   --bootstrap-password admin       --bootstrap-admin-url http://192.168.3.220:35357/v3/ \
    --bootstrap-internal-url http://192.168.3.220:35357/v3/  --bootstrap-public-url http://192.168.3.220:5000/v3/ \
    --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"

vim /etc/httpd/conf/httpd.conf   ——————>  ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf)

[root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf 
Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

systemctl enable httpd && systemctl restart httpd

[root@Controller220 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      30547/mysqld        
tcp        0      0 192.168.3.220:11211     0.0.0.0:*               LISTEN      48071/memcached     
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      30975/epmd          
tcp6       0      0 :::35357                :::*                    LISTEN      51483/httpd         
tcp6       0      0 :::5000                 :::*                    LISTEN      51483/httpd         
tcp6       0      0 :::5672                 :::*                    LISTEN      31539/beam.smp      
tcp6       0      0 :::80                   :::*                    LISTEN      51483/httpd         
tcp6       0      0 :::4369                 :::*                    LISTEN      30975/epmd          

cat > ~/admin-openstack << EOF
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.3.220:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IIMAGE_API_VERSION=2
EOF
cat > ~/demo-openstack << EOF
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.3.220:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IIMAGE_API_VERSION=2
EOF
source admin-openstack

openstack user list  (admin是数据库初始化建立的)
openstack token issue (查看token)

项目 (openstack project list加默认3个)
openstack project create --domain default --description "Service Project" service 1>&2 &
openstack project create --domain default --description "Demo Project"    demo    1>&2 &
角色,默认有admin (角色规定权限,默认openstack role list 中默认menber/reader共4个)
openstack role create user  1>&2 &
用户 (默认已有admin,openstack user list共6个)
openstack user create --domain default --password-prompt demo
openstack user create --domain default --password-prompt glance
openstack user create --domain default --password-prompt nova
openstack user create --domain default --password-prompt neutron
openstack user create --domain default --password-prompt cinder
openstack user create --domain default --password-prompt placement
给予角色权限属性
openstack role add --project demo         --user demo      user     1>&2 &
openstack role add --project service     --user glance      admin    1>&2 &
openstack role add --project service     --user nova      admin    1>&2 &
openstack role add --project service     --user neutron   admin    1>&2 &
openstack role add --project service     --user cinder    admin    1>&2 &
openstack role add --project service     --user placement admin    1>&2 &
创建服务
openstack service create --name glance --description "OpenStack Image"    image   1>&2 &
openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &
openstack service create --name placement --description "Placement API" placement 1>&2 &

创建端点endpoint(public/internal/admin)

openstack endpoint create --region RegionOne image public   http://192.168.3.220:9292  1>&2 &
openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292  1>&2 &
openstack endpoint create --region RegionOne image admin    http://192.168.3.220:9292  1>&2 &

openstack endpoint create --region RegionOne placement public     http://192.168.3.220:8778 1>&2 &
openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 &
openstack endpoint create --region RegionOne placement admin    http://192.168.3.220:8778 1>&2 &
    openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &
    openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &
    openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &
openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1 1>&2 &
openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 &
openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1 1>&2 &


如果service错误先删endpoint再删service 删除方法先list 再openstack service/project delete [ID]

接下来验证
unset OS_AUTH_URL OS_PASSWORD
admin用户
openstack --os-auth-url http://192.168.3.220:35357/v3 --os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
demo用户
openstack --os-auth-url http://192.168.3.220:5000/v3 --os-project-domain-name default --os-user-domain-name default \
--os-project-name demo --os-username demo token issue
测试成功后可以删除demo
source demo-openstack /admin-openstack 
openstack token issue

[root@Controller220 ~]# openstack token issue         (密码有误的报错信息)
The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48)
-----------------------------------------------------------------------------------------------------------------------
    
                                                glance

-----------------------------------------------------------------------------------------------------------------------
yum install -y openstack-glance
[root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
auth_uri = http://192.168.3.220:5000
auth_url = http://192.168.3.220:35357
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
EOF
[root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://192.168.3.220:5000
auth_url = http://192.168.3.220:35357
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
EOF
初始化数据库

su -s /bin/sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance;show tables;' 

systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance-api openstack-glance-registry

openstack image list (空白是正常,因为没有镜像,上传后就有数据)
glance image-list (列出镜像)
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img (官方小镜像)
上传镜像
source  admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \
  --disk-format qcow2 --container-format bare --public
=================================================================================================================
                                     placement
=================================================================================================================
yum install openstack-placement-api -y
cat > /etc/placement/placement.conf <<EOF
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://192.168.3.220:5000/v3
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement
[placement_database]
connection = mysql+pymysql://placement:[email protected]/placement
EOF
su -s /bin/sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement;show tables;'
placement-status upgrade check 

------------------------------------------------------------------------------------------------------------------------

                                        NOVA                
API负责接收和响应外部请求,支持openstackAPI,EC2 API
Cert:负责身份认证EC2
Scheduler:用于云主机调度
Conductor:计算节点访问数据的中间件
Consoleauth:用于控制台的授权验证
Novncproxy:vnc代理
------------------------------------------------------------------------------------------------------------------------

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
[root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF
[DEFAULT]
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host=192.168.3.220
rabbit_userid = openstack
rabbit_password = openstack
[api]
auth_strategy=keystone
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
connection = mysql+pymysql://nova:[email protected]/nova
[glance]
api_servers=http://192.168.3.220:9292
[keystone_authtoken]
auth_uri = http://192.168.3.220:5000
auth_url = http://192.168.3.220:35357
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
[vnc]
vncserver_listen= 0.0.0.0
vncserver_proxyclient_address=192.168.3.220
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.3.220:35357/v3
username = placement
password = placement
EOF
[root@Controller220 ~]# cat  > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
EOF
systemctl restart httpd
同步nova-api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
创建cell1的cell
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
同步nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
验证cell0和cell1的注册是否正确
nova-manage cell_v2 list_cells
mysql -unova -pnova -e "use nova;show tables;use nova_api;show tables;"
systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor  openstack-nova-novncproxy openstack-nova-console && systemctl restart  openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-api openstack-nova-console openstack-nova-scheduler
yum install libibverbs -y
已做 Nova服务注册
openstack service create --name nova   --description "Openstack Compute " compute 
openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1
openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1

openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public     http://192.168.3.220:8778
openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778
openstack endpoint create --region RegionOne placement admin    http://192.168.3.220:8778

nova service-list &&  nova endpoints


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

yum install -y bash-completion lrzsz wget unzip ntpdate  screen iotop lsofntpdate time1.aliyun.com
yum install -y yum-plugin-ugin-priorities

setenforce 0


echo 'Controller220/node221' > /etc/hostname[root@220 ~]# systemctl restart NetworkManager [root@220 ~]# hostname Controller220/node221Controller220/node221[root@220 ~]# bash
yum install chrony -yvim /etc/chrony.conf   ————>allow 192.168.3.0/24systemctl enable chronyd && systemctl restart chronydsystemctl stop firewalld && systemctl disable firewalld.servicesetenforce 0
[root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF[openstack]name=openstack mirrors.aliyun.combaseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/enabled=1gpgcheck=0EOFyum install epel-release -yyum clean allyum clean metadatayum install -y centos-release-openstack-queensyum upgrade -yController220 节点
yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient  openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbsyum localinstall  -y /root/openstack/*yum install  -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api


yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-servercat > /etc/my.cnf.d/openstack.cnf << EOF[mysqld]bind-address = 192.168.3.220default-storage-engine = innodb     #默认存储引擎innodb_file_per_table = on          #每张表独立表空间文件max_connections = 4096              #最大连接数collation-server = utf8_general_ci   #默认字符集character-set-server = utf8EOFsystemctl enable mariadb memcached && systemctl restart mariadb memcached初始化数据库mysql_secure_installation
yum install rabbitmq-server erlang -yerl -vsystemctl enable rabbitmq-server && systemctl restart rabbitmq-serverrabbitmqctl add_user openstack openstackrabbitmqctl set_permissions openstack ".*" ".*" ".*"sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g'  /etc/sysconfig/memcachedsystemctl enable memcached && systemctl restart memcached
rabbitmq-plugins  enable rabbitmq_management  (启动web界面)[root@Controller220 ~]# rabbitmq-plugins list |grep  management      [E] rabbitmq_management               3.3.5
[root@Controller220 ~]# lsof -i:15672COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAMEbeam.smp 31539 rabbitmq   17u  IPv4  51731      0t0  TCP *:15672 (LISTEN)ip:15672  u:guest p:guest

----------------------------------------------------------------------------------------------------------------
keystone:用户认证,服务目录

----------------------------------------------------------------------------------------------------------------yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi
mysql -uroot -p123qwe -e "\create database if not exists keystone; \create database if not exists glance;\create database if not exists nova;\create database if not exists nova_api;\create database if not exists neutron; \create database if not exists cinder;\create database if not exists placement;\grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\grant all on keystone.* to 'keystone'@'%'   identified by 'keystone'; \grant all on glance.*   to 'glance'@'localhost'   identified by 'glance';\grant all on glance.*   to 'glance'@'%'           identified by 'glance'; \grant all on nova.*     to 'nova'@'localhost'   identified by 'nova'; \grant all on nova.*     to 'nova'@'%'   identified by 'nova'; \grant all on nova_api.* to 'nova'@'localhost'     identified by 'nova';\grant all on nova_api.* to 'nova'@'%'       identified by 'nova'; \grant all on neutron.*  to 'neutron'@'localhost'  identified by 'neutron'; grant all on neutron.*  to 'neutron'@'%'   identified by 'neutron';\grant all on cinder.*   to 'cinder'@'localhost'   identified by 'cinder';\grant all on cinder.*   to 'cinder'@'%'           identified by 'cinder';grant all on placement.*   to 'placement'@'localhost'   identified by 'placement';\grant all on placement.*   to 'placement'@'%'           identified by 'placement';\flush privileges;\show databases;\select user,host from mysql.user;"(改如下)cat > /etc/keystone/keystone.conf <<EOF [database]connection = mysql+pymysql://keystone:[email protected]/keystone[memcache]servers = 192.168.3.220:11211[token]provider = fernetdriver = memcacheEOF初始化数据库su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;" 
初始化Fernet keys:keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone 建立admin用户keystone-manage bootstrap   --bootstrap-password admin       --bootstrap-admin-url http://192.168.3.220:35357/v3/ \    --bootstrap-internal-url http://192.168.3.220:35357/v3/  --bootstrap-public-url http://192.168.3.220:5000/v3/ \    --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"
vim /etc/httpd/conf/httpd.conf   ——————>  ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf)
[root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf Listen 5000Listen 35357<VirtualHost *:5000>    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-public    WSGIScriptAlias / /usr/bin/keystone-wsgi-public    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    ErrorLogFormat "%{cu}t %M"    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>        Require all granted    </Directory></VirtualHost>
<VirtualHost *:35357>    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-admin    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    ErrorLogFormat "%{cu}t %M"    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>        Require all granted    </Directory></VirtualHost>
systemctl enable httpd && systemctl restart httpd
[root@Controller220 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      30547/mysqld        tcp        0      0 192.168.3.220:11211     0.0.0.0:*               LISTEN      48071/memcached     tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      30975/epmd          tcp6       0      0 :::35357                :::*                    LISTEN      51483/httpd         tcp6       0      0 :::5000                 :::*                    LISTEN      51483/httpd         tcp6       0      0 :::5672                 :::*                    LISTEN      31539/beam.smp      tcp6       0      0 :::80                   :::*                    LISTEN      51483/httpd         tcp6       0      0 :::4369                 :::*                    LISTEN      30975/epmd          
cat > ~/admin-openstack << EOFexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFcat > ~/demo-openstack << EOFexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_PROJECT_NAME=demoexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFsource admin-openstack
openstack user list  (admin是数据库初始化建立的)openstack token issue (查看token)
项目 (openstack project list加默认3个)openstack project create --domain default --description "Service Project" service 1>&2 &openstack project create --domain default --description "Demo Project"    demo    1>&2 &角色,默认有admin (角色规定权限,默认openstack role list 中默认menber/reader共4个)openstack role create user  1>&2 &用户 (默认已有admin,openstack user list共6个)openstack user create --domain default --password-prompt demoopenstack user create --domain default --password-prompt glanceopenstack user create --domain default --password-prompt novaopenstack user create --domain default --password-prompt neutronopenstack user create --domain default --password-prompt cinderopenstack user create --domain default --password-prompt placement给予角色权限属性openstack role add --project demo --user demo user     1>&2 &openstack role add --project service --user glance admin    1>&2 &openstack role add --project service --user nova      admin    1>&2 &openstack role add --project service --user neutron   admin    1>&2 &openstack role add --project service --user cinder    admin    1>&2 &openstack role add --project service --user placement admin    1>&2 &创建服务openstack service create --name glance --description "OpenStack Image"    image   1>&2 &openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &
创建端点endpoint(public/internal/admin)
openstack endpoint create --region RegionOne image public   http://192.168.3.220:9292  1>&2 &openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292  1>&2 &openstack endpoint create --region RegionOne image admin    http://192.168.3.220:9292  1>&2 &
openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1 1>&2 &

如果service错误先删endpoint再删service 删除方法先list 再openstack service/project delete [ID]
接下来验证unset OS_AUTH_URL OS_PASSWORDadmin用户openstack --os-auth-url http://192.168.3.220:35357/v3 --os-project-domain-name default --os-user-domain-name default \--os-project-name admin --os-username admin token issuedemo用户openstack --os-auth-url http://192.168.3.220:5000/v3 --os-project-domain-name default --os-user-domain-name default \--os-project-name demo --os-username demo token issue测试成功后可以删除demosource demo-openstack /admin-openstack openstack token issue
[root@Controller220 ~]# openstack token issue         (密码有误的报错信息)The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48)-----------------------------------------------------------------------------------------------------------------------glance
-----------------------------------------------------------------------------------------------------------------------yum install -y openstack-glance[root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF[root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF[database]connection = mysql+pymysql://glance:[email protected]/glance[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF初始化数据库
su -s /bin/sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance;show tables;' 
systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance-api openstack-glance-registry
openstack image list (空白是正常,因为没有镜像,上传后就有数据)glance image-list (列出镜像)wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img (官方小镜像)上传镜像source  admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \  --disk-format qcow2 --container-format bare --public=================================================================================================================                                     placement=================================================================================================================yum install openstack-placement-api -ycat > /etc/placement/placement.conf <<EOF[api]auth_strategy = keystone[cors][keystone_authtoken]auth_url = http://192.168.3.220:5000/v3memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = placementpassword = placement[placement_database]connection = mysql+pymysql://placement:[email protected]/placementEOFsu -s /bin/sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement;show tables;'placement-status upgrade check 
------------------------------------------------------------------------------------------------------------------------
NOVAAPI负责接收和响应外部请求,支持openstackAPI,EC2 APICert:负责身份认证EC2Scheduler:用于云主机调度Conductor:计算节点访问数据的中间件Consoleauth:用于控制台的授权验证Novncproxy:vnc代理------------------------------------------------------------------------------------------------------------------------
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler[root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF[DEFAULT]use_neutron=Truefirewall_driver=nova.virt.firewall.NoopFirewallDriverenabled_apis=osapi_compute,metadatarpc_backend = rabbit[oslo_messaging_rabbit]rabbit_host=192.168.3.220rabbit_userid = openstackrabbit_password = openstack[api]auth_strategy=keystone[api_database]connection = mysql+pymysql://nova:[email protected]/nova_api[database]connection = mysql+pymysql://nova:[email protected]/nova[glance]api_servers=http://192.168.3.220:9292[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = nova[oslo_concurrency]lock_path=/var/lib/nova/tmp[vnc]vncserver_listen= 0.0.0.0vncserver_proxyclient_address=192.168.3.220[placement]os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://192.168.3.220:35357/v3username = placementpassword = placementEOF[root@Controller220 ~]# cat  > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF<Directory /usr/bin>   <IfVersion >= 2.4>      Require all granted   </IfVersion>   <IfVersion < 2.4>      Order allow,deny      Allow from all   </IfVersion></Directory>EOFsystemctl restart httpd同步nova-api数据库su -s /bin/sh -c "nova-manage api_db sync" nova注册cell0数据库su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova创建cell1的cellsu -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova同步nova数据库su -s /bin/sh -c "nova-manage db sync" nova验证cell0和cell1的注册是否正确nova-manage cell_v2 list_cellsmysql -unova -pnova -e "use nova;show tables;use nova_api;show tables;"systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor  openstack-nova-novncproxy openstack-nova-console && systemctl restart  openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-api openstack-nova-console openstack-nova-scheduleryum install libibverbs -y已做 Nova服务注册openstack service create --name nova   --description "Openstack Compute " compute openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1
openstack service create --name placement --description "Placement API" placementopenstack endpoint create --region RegionOne placement public http://192.168.3.220:8778openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778
nova service-list &&  nova endpoints

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

猜你喜欢

转载自www.cnblogs.com/Leaders543/p/12688946.html
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
周排行
让自己的头脑极度开放
CentOS 6.5(x64) 和Redhat6.5操作系误删libc
高可用注册中心
【日记】12.28/【题解】AtCoder AGC041
XML(5)_XML 约束_DTD
Java集合Map(四)
树梅派安装桌面环境教程
pipenv 的 使用和安装
小程序白屏问题和内存研究
C语言简单选择排序
每日归档
更多
2024-05-02(0)
2024-05-01(4)
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022