部署openstack基础环境

这里只用一台虚拟机
内存至少2G，添加两块网卡，添加至少30G的硬盘

域名解析
vim /etc/hosts
192.168.1.16 chen4

配置源
配置dns全局解释器：
vim /etc/resolv.conf

nameserver 192.168.254.251            #连接learn.yunwei.edu的内网
nameserver 223.5.5.5

wget http://download2.yunwei.edu/shell/yum-repo.sh
sh yum-repo.sh

之后下载openstack客户端

yum -y install python-openstackclient
如果失败
yum clean all
sh yum-repo.sh
yum makecache即可

之后安装openstack-selinux工具

yum -y install openstack-selinux

安装数据库;

yum -y install mariadb mariadb-server python2-PyMySQL

编辑配置文件
cd /etc/my.cnf.d/
touch openstack.cnf
vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.1.16        #这里可以填主机名或者ip

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
~

重启mariadb
systemctl start mariadb.service
并检查端口看是否存在
ss -ntl | grep 3306 或者 netstat -ntpl | grep 3306

设置mariadb密码
mysql_secure_installation

安装rabbitmq消息队列

yum -y install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

在rabbitmq中添加用户
rabbitmqctl add_user openstack admin
设置权限
rabbitmqctl set_permissions openstack “." ".” “.*”

安装memcached

yum -y install memcached python-memcached
编辑配置文件
vim /etc/sysconfig/memcached
PORT=“11211”
USER=“memcached”
MAXCONN=“1024”
CACHESIZE=“64”
OPTIONS="-l 127.0.0.1,::1,chen4"

systemctl start memcached.service
systemctl enable memcached.service

Identity service安装

mysql -uroot -p123
CREATE DATABASE keystone;

建立keystone用户与权限
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’
IDENTIFIED BY ‘123’;
设置远程登录
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’
IDENTIFIED BY ‘123’;

下载keystone
yum -y install openstack-keystone httpd mod_wsgi

先备份配置文件
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak

编辑配置文件，在database模块中添加

[database]
connection = mysql+pymysql://keystone:123@chen4/keystone

以及添加

[token]
provider = fernet

导入数据库
su -s /bin/sh -c “keystone-manage db_sync” keystone

mysql -ukeystone -p123
use keystone;
show tables;

+------------------------+
| access_token           |
| assignment             |
| config_register        |
| consumer               |
| credential             |
| endpoint               |
| endpoint_group         |
| federated_user         |
| federation_protocol    |
| group                  |
| id_mapping             |
| identity_provider      |
| idp_remote_ids         |
| implied_role           |
| local_user             |
| mapping                |
| migrate_version        |
| nonlocal_user          |
| password               |
| policy                 |
| policy_association     |
| project                |
| project_endpoint       |
| project_endpoint_group |
| region                 |
| request_token          |
| revocation_event       |
| role                   |
| sensitive_config       |
| service                |
| service_provider       |
| token                  |
| trust                  |
| trust_role             |
| user                   |
| user_group_membership  |
| user_option            |
| whitelisted_config     |
+------------------------+
38 rows in set (0.00 sec)

建立管理员的用户
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

设置keystone服务端点

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://chen4:35357/v3/ \
  --bootstrap-internal-url http://chen4:5000/v3/ \
  --bootstrap-public-url http:///chen4:5000/v3/ \
  --bootstrap-region-id RegionOne

链接keystone的配置文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ #软链接

开启httpd服务
systemctl enable httpd.service
systemctl start httpd.service

httpd中写入服务器的地址
vim /etc//httpd/conf/httpd.conf #在ServerName模块下写入

ServerName chen4

systemctl restart httpd

宣告环境变量
vim openrc

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://chen4:35357/v3
export OS_IDENTITY_API_VERSION=3

source openrc
显示如下则为成功
[root@chen4 ~]# openstack user list

+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 290af60996dc42c4aff3c1c4a5433c16 | admin |
+----------------------------------+-------+
[root@chen4 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                    |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| 3f37d80fc61e41ef8f610a9571f145fd | RegionOne | keystone     | identity     | True    | internal  | http://chen4:5000/v3/  |
| cc6fc08b71fe4450b76cdab76a41c0cf | RegionOne | keystone     | identity     | True    | public    | http:///chen4:5000/v3/ |
| e1dc1d5dfb3a459d805e5137726b756c | RegionOne | keystone     | identity     | True    | admin     | http://chen4:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+

创建名为service的项目
openstack project create --domain default
–description “Service Project” service

[root@chen1 ~]# openstack project create --domain default \
>   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 15ad305f9125492bbd297d41d7649869 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+

创建demo项目
openstack project create --domain default
–description “Demo Project” demo

[root@chen1 ~]# openstack project create --domain default \
>   --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 10a80feb059a4bd9a88413b003d14376 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+

创建demo项目的用户，并设置为管理员
openstack user create --domain default
–password=demo demo

[root@chen1 ~]# openstack user create --domain default   --password=demo demo
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 18a2ad59a7a44791bc09cad8640eb1e6 |
| name                | demo                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

创建用户user的角色
openstack role create user

[root@chen1 ~]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 44e19538591641b795498cebad352b4d |
| name      | user                             |
+-----------+----------------------------------+

在项目demo中添加角色，并设为普通
openstack role add --project demo --user demo user