openstack-环境-keystone-->glance--->placement--->nova

Others 2020-04-13 01:38:24 views: null 
yum install -y bash-completion lrzsz wget unzip ntpdate  screen iotop lsof
ntpdate time1.aliyun.com

yum install -y yum-plugin-ugin-priorities


setenforce 0



echo 'Controller220/node221' > /etc/hostname
[root@220 ~]# systemctl restart NetworkManager 
[root@220 ~]# hostname Controller220/node221
Controller220/node221
[root@220 ~]# bash

yum install chrony -y
vim /etc/chrony.conf   ————>allow 192.168.3.0/24
systemctl enable chronyd && systemctl restart chronyd
systemctl stop firewalld && systemctl disable firewalld.service
setenforce 0

[root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF
[openstack]
name=openstack mirrors.aliyun.com
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/
enabled=1
gpgcheck=0
EOF
yum install epel-release -y
yum clean all
yum clean metadata
yum install -y centos-release-openstack-queens
yum upgrade -y
Controller220 节点

yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient  openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbs
yum localinstall  -y /root/openstack/*
yum install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack -nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api 



yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-server 
cat> / etc /my.cnf.d/openstack.cnf << EOF 
[mysqld] 
bind-address = 192.168.3.220 
default-storage-engine = innodb #default storage engine 
innodb_file_per_table = on #each table independent table space file  
max_connections = 4096 #max Number of connections
collation-server = utf8_general_ci #Default character set
character-set-server = utf8
EOF
systemctl enable mariadb memcached && systemctl restart mariadb memcached
初始化数据库
mysql_secure_installation

yum install rabbitmq-server erlang -y
erl -v
systemctl enable rabbitmq-server && systemctl restart rabbitmq-server
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g'  /etc/sysconfig/memcached
systemctl enable memcached && systemctl restart memcached

rabbitmq-plugins  enable rabbitmq_management  (启动web界面)
[root@Controller220 ~]# rabbitmq-plugins list |grep  management      
[E] rabbitmq_management               3.3.5

[root@Controller220 ~]# lsof -i:15672
COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
beam.smp 31539 rabbitmq   17u  IPv4  51731      0t0  TCP *:15672 (LISTEN)
ip:15672  u:guest p:guest


----------------------------------------------------------------------------------------------------------------

                    keystone:用户认证,服务目录


----------------------------------------------------------------------------------------------------------------
yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi

mysql -uroot -p123qwe -e "\
create database if not exists keystone; \
create database if not exists glance;\
create database if not exists nova;\
create database if not exists nova_api;\
create database if not exists neutron; \
create database if not exists cinder;\
create database if not exists placement;\
grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\
grant all on keystone.* to 'keystone'@'%'           identified by 'keystone'; \
grant all on glance.*   to 'glance'@'localhost'   identified by 'glance';\
grant all on glance.*   to 'glance'@'%'           identified by 'glance'; \
grant all on nova.*     to 'nova'@'localhost'       identified by 'nova'; \
grant all on nova.*     to 'nova'@'%'               identified by 'nova'; \
grant all on nova_api.* to 'nova'@'localhost'     identified by 'nova';\
grant all on nova_api.* to 'nova'@'%'               identified by 'nova'; \
grant all on neutron.*  to 'neutron'@'localhost'  identified by 'neutron'; 
grant all on neutron.*  to 'neutron'@'%'           identified by 'neutron';\
grant all on cinder.*   to 'cinder'@'localhost'   identified by 'cinder';\
grant all on cinder.*   to 'cinder'@'%'           identified by 'cinder';
grant all on placement.*   to 'placement'@'localhost'   identified by 'placement';\
grant all on placement.*   to 'placement'@'%'           identified by 'placement';\
flush privileges;\
show databases;\
select user,host from mysql.user;"
(改如下)
cat > /etc/keystone/keystone.conf <<EOF 
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
[memcache]
servers = 192.168.3.220:11211 
initialize the database
EOF to
driver = memcache
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;" 

初始化Fernet keys:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 
建立admin用户
keystone-manage bootstrap   --bootstrap-password admin       --bootstrap-admin-url http://192.168.3.220:35357/v3/ \
    --bootstrap-internal-url http://192.168.3.220:35357/v3/  --bootstrap-public-url http://192.168.3.220:5000/v3/ \
    --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"

vim /etc/httpd/conf/httpd.conf   ——————>  ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf)

[root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf 
Listen 5000
Listen 35357
<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

systemctl enable httpd && systemctl restart httpd

[root@Controller220 ~]# netstat -lntp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      30547/mysqld        
tcp        0      0 192.168.3.220:11211     0.0.0.0:*               LISTEN      48071/memcached     
tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      30975/epmd          
tcp6       0      0 :::35357                :::*                    LISTEN      51483/httpd         
tcp6       0      0 :::5000                 :::*                    LISTEN      51483/httpd         
tcp6       0      0 :::5672                 :::*                    LISTEN      31539/beam.smp      
tcp6       0      0 :::80                   :::*                    LISTEN      51483/httpd         
tcp6       0      0 :::4369                 :::*                    LISTEN      30975/epmd          

cat > ~/admin-openstack << EOF
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://192.168.3.220:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IIMAGE_API_VERSION=2
EOF
cat > ~/demo-openstack << EOF
export OS_USERNAME=demo
export OS_PASSWORD = demo 
users (the default is already admin, openstack user list has a total of 6)
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME = default 
export OS_AUTH_URL = http: //192.168.3.220: 5000 / v3 
export OS_IDENTITY_API_VERSION = 3 
export OS_IIMAGE_API_VERSION = 2 
EOF 
source admin-openstack 

openstack user list (admin is created by database initialization) 
openstack token issue (view token) 

project (openstack project list plus default 3) 
openstack project create --domain default --description "Service Project" service 1> & 2 & 
openstack project create --domain default --description "Demo Project" demo 1> & 2 & 
role, default There is admin (the role stipulates the permissions, the default openstack role list defaults to a total of 4 menber / readers) 
openstack role create user 1> & 2 & 
openstack user create --domain default --password-prompt demo
openstack user create --domain default --password-prompt glance
openstack user create --domain default --password-prompt nova
openstack user create --domain default --password-prompt neutron
openstack user create --domain default --password-prompt cinder
openstack user create --domain default --password-prompt placement
给予角色权限属性
openstack role add --project demo         --user demo      user     1>&2 &
openstack role add --project service     --user glance      admin    1>&2 &
openstack role add --project service     --user nova      admin    1>&2 &
openstack role add --project service     --user neutron   admin    1>&2 &
openstack role add --project service     --user cinder    admin    1>&2 &
openstack role add --project service     --user placement admin    1>&2 &
创建服务
openstack service create --name glance --description "OpenStack Image"    image   1>&2 &
openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &
openstack service create --name placement --description "Placement API" placement 1>&2 &

创建端点endpoint(public/internal/admin)

openstack endpoint create --region RegionOne image public   http://192.168.3.220:9292  1>&2 &
openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292  1>&2 &
openstack endpoint create --region RegionOne image admin    http://192.168.3.220:9292  1>&2 &

openstack endpoint create --region RegionOne placement public     http://192.168.3.220:8778 1>&2 &
openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 &
openstack endpoint create --region RegionOne placement admin    http://192.168.3.220:8778 1>&2 &
    openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &
    openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &
    openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &
openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1 1>&2 &
openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 &
openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1 1>&2 &
then verify


If the service is wrong, delete the endpoint first and then delete the service. Delete the method first and then openstack service / project delete [ID] 

unset OS_AUTH_URL OS_PASSWORD 
admin user 
openstack --os-auth-url http://192.168.3.220:35357/v3 --os- project-domain-name default --os-user-domain-name default \ 
--os-project-name admin --os-username admin token issue 
demo user 
openstack --os-auth-url http://192.168.3.220 : 5000 / v3 --os-project-domain-name default --os-user-domain-name default \ 
--os-project-name demo --os-username demo token issue 
Demo 
source demo- can be deleted after successful test openstack / admin-openstack 
openstack token issue 

[root @ Controller220 ~] # openstack token issue (wrong password error message)
The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48)
-----------------------------------------------------------------------------------------------------------------------
    
                                                glance

-----------------------------------------------------------------------------------------------------------------------
yum install -y openstack-glance
[root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
auth_uri = http://192.168.3.220:5000
auth_url = http://192.168.3.220:35357
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
EOF
[root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://192.168.3.220:5000
auth_url = http://192.168.3.220:35357
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance 
password = glance 
[paste_deploy] 
flavor = keystone 
EOF 
  --disk-format qcow2 --container-format bare --public
初始化数据库

su -s / bin / sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance; show tables;' 

systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance -api openstack-glance-registry 

openstack image list (blank is normal, because there is no mirror, there will be data after upload) 
glance image-list (list mirror) 
wget http://download.cirros-cloud.net/0.3.4 /cirros-0.3.4-x86_64-disk.img (Official small image) 
Upload image 
source admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \ 
===== ================================================== ================================================== ======== 
                                     placement
=================================================================================================================
yum install openstack-placement-api -y
cat > /etc/placement/placement.conf <<EOF
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://192.168.3.220:5000/v3
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement
[placement_database]
connection = mysql + pymysql: // placement: [email protected]/placement
EOF
su -s / bin / sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement; show tables;' 
placement-status upgrade check 

------------ -------------------------------------------------- -------------------------------------------------- -------- 

                                        NOVA                 
API is responsible for receiving and responding to external requests, supporting openstackAPI, EC2 API 
Cert: responsible for identity authentication EC2 
Scheduler: for cloud host scheduling 
Conductor: middleware 
for computing nodes to access data Consoleauth: for console Authorization verification of 
Novncproxy: vnc proxy 
------------------------------------------- -------------------------------------------------- ---------------------------

yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
[root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF
[DEFAULT]
use_neutron=True
firewall_driver=nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
rpc_backend = rabbit
[oslo_messaging_rabbit]
rabbit_host=192.168.3.220
rabbit_userid = openstack
rabbit_password = openstack
[api]
auth_strategy=keystone
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
connection = mysql+pymysql://nova:[email protected]/nova
[glance]
api_servers=http://192.168.3.220:9292
[keystone_authtoken]
auth_uri = http://192.168.3.220:5000
auth_url = http://192.168.3.220:35357
memcached_servers = 192.168.3.220:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
[vnc]
vncserver_listen= 0.0.0.0
vncserver_proxyclient_address=192.168.3.220
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.3.220:35357/v3
username = placement
password = placement
EOF
[root@Controller220 ~]# cat  > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
EOF
systemctl restart httpd
同步nova-api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
创建cell1的cell
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
同步nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
验证cell0和cell1的注册是否正确
nova-manage cell_v2 list_cells
mysql -unova -pnova -e "use nova;show tables;use nova_api;show tables;"
systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor  openstack-nova-novncproxy openstack-nova-console && systemctl restart  openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-api openstack-nova-console openstack-nova-scheduler
yum install libibverbs -y
已做 Nova服务注册
openstack service create --name nova   --description "Openstack Compute " compute 
openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1
openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1

openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public     http://192.168.3.220:8778
openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778
openstack endpoint create --region RegionOne placement admin    http://192.168.3.220:8778

nova service-list &&  nova endpoints


@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

 

yum install -y bash-completion lrzsz wget unzip ntpdate  screen iotop lsofntpdate time1.aliyun.com
yum install -y yum-plugin-ugin-priorities

setenforce 0


echo 'Controller220/node221' > /etc/hostname[root@220 ~]# systemctl restart NetworkManager [root@220 ~]# hostname Controller220/node221Controller220/node221[root@220 ~]# bash
yum install chrony -yvim /etc/chrony.conf   ————>allow 192.168.3.0/24systemctl enable chronyd && systemctl restart chronydsystemctl stop firewalld && systemctl disable firewalld.servicesetenforce 0
[root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF[openstack]name=openstack mirrors.aliyun.combaseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/enabled=1gpgcheck=0EOFyum install epel-release -yyum clean allyum clean metadatayum install -y centos-release-openstack-queensyum upgrade -yController220 节点
yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient  openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbsyum localinstall  -y /root/openstack/*yum install  -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api


yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-servercat> /etc/my.cnf.d/openstack.cnf << EOF [mysqld] bind-address = 192.168. 3.220 default-storage-engine = innodb #default storage engine innodb_file_per_table = on #each table independent table space file max_connections = 4096 #maximum number of connections collation-server = utf8_general_ci #default character set character-set-server = utf8EOFsystemctl enable mariadb memcached && systemctl restart mariadb memcached initializes the database mysql_secure_installation
yum install rabbitmq-server erlang -yerl -vsystemctl enable rabbitmq-server && systemctl restart rabbitmq-serverrabbitmqctl add_user openstack openstackrabbitmqctl set_permissions openstack ".*" ".*" ".*"sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g'  /etc/sysconfig/memcachedsystemctl enable memcached && systemctl restart memcached
rabbitmq-plugins  enable rabbitmq_management  (启动web界面)[root@Controller220 ~]# rabbitmq-plugins list |grep  management      [E] rabbitmq_management               3.3.5
[root@Controller220 ~]# lsof -i:15672COMMAND    PID     USER   FD   TYPE DEVICE SIZE/OFF NODE NAMEbeam.smp 31539 rabbitmq   17u  IPv4  51731      0t0  TCP *:15672 (LISTEN)ip:15672  u:guest p:guest

-------------------------------------------------- -------------------------------------------------- ------------
keystone: user authentication, service catalog

------------------------------- -------------------------------------------------- ------------------------------- yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi
mysql -uroot -p123qwe -e "\create database if not exists keystone; \create database if not exists glance;\create database if not exists nova;\create database if not exists nova_api;\create database if not exists neutron; \create database if not exists cinder;\create database if not exists placement;\grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\grant all on keystone.* to 'keystone'@'%'   identified by 'keystone'; \grant all on glance.*   to 'glance'@'localhost'   identified by 'glance';\grant all on glance.*   to 'glance'@'%'           identified by 'glance'; \grant all on nova.*     to 'nova'@'localhost'   identified by 'nova'; \grant all on nova.*     to 'nova'@'%'   identified by 'nova'; \grant all on nova_api.* to 'nova'@'localhost'     identified by 'nova';\grant all on nova_api.* to 'nova'@'%'       identified by 'nova'; \grant all on neutron.*  to 'neutron'@'localhost'  identified by 'neutron'; grant all on neutron.*  to 'neutron'@'%'   identified by 'neutron';\grant all on cinder.*   to 'cinder'@'localhost'   identified by 'cinder';\grant all on cinder.*   to 'cinder'@'%'           identified by 'cinder';grant all on placement.*   to 'placement'@'localhost'   identified by 'placement';\grant all on placement.*   to 'placement'@'%'           identified by 'placement';\flush privileges;\show databases;\select user,host from mysql.user;"(改如下)cat > /etc/keystone/keystone.conf <<EOF [database]connection = mysql+pymysql://keystone:[email protected]/keystone[memcache]servers = 192.168.3.220:11211[token]provider = fernetdriver = memcacheEOF初始化数据库su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;" 
初始化Fernet keys:keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone 建立admin用户keystone-manage bootstrap   --bootstrap-password admin       --bootstrap-admin-url http://192.168.3.220:35357/v3/ \    --bootstrap-internal-url http://192.168.3.220:35357/v3/  --bootstrap-public-url http://192.168.3.220:5000/v3/ \    --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"
vim /etc/httpd/conf/httpd.conf   ——————>  ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf)
[root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf Listen 5000Listen 35357<VirtualHost *:5000>    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-public    WSGIScriptAlias / /usr/bin/keystone-wsgi-public    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    ErrorLogFormat "%{cu}t %M"    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>        Require all granted    </Directory></VirtualHost>
<VirtualHost *:35357>    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-admin    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    ErrorLogFormat "%{cu}t %M"    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>        Require all granted    </Directory></VirtualHost>
systemctl enable httpd && systemctl restart httpd
[root@Controller220 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name    tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN      30547/mysqld        tcp        0      0 192.168.3.220:11211     0.0.0.0:*               LISTEN      48071/memcached     tcp        0      0 0.0.0.0:4369            0.0.0.0:*               LISTEN      30975/epmd          tcp6       0      0 :::35357                :::*                    LISTEN      51483/httpd         tcp6       0      0 :::5000                 :::*                    LISTEN      51483/httpd         tcp6       0      0 :::5672                 :::*                    LISTEN      31539/beam.smp      tcp6       0      0 :::80                   :::*                    LISTEN      51483/httpd         tcp6       0      0 :::4369                 :::*                    LISTEN      30975/epmd          
cat > ~/admin-openstack << EOFexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFcat > ~/demo-openstack << EOFexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_PROJECT_NAME=demoexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFsource admin-openstack
openstack user list  (admin是数据库初始化建立的)openstack token issue (查看token)
Project (openstack project list plus default 3) openstack project create --domain default --description "Service Project" service 1> & 2 & openstack project create --domain default --description "Demo Project" demo 1> & 2 & role, default There is admin (the role stipulates the authority, the default openstack role list defaults to a total of 4 menber / reader) openstack role create user 1> & 2 & users (the default is already admin, openstack user list a total of 6) openstack user create --domain default- -password-prompt demoopenstack user create --domain default --password-prompt glanceopenstack user create --domain default --password-prompt novaopenstack user create --domain default --password-prompt neutronopenstack user create --domain default --password -prompt cinderopenstack user create --domain default --password-prompt placement give role permission attribute openstack role add --project demo --user demo user 1> & 2 &openstack role add --project service --user glance admin    1>&2 &openstack role add --project service --user nova      admin    1>&2 &openstack role add --project service --user neutron   admin    1>&2 &openstack role add --project service --user cinder    admin    1>&2 &openstack role add --project service --user placement admin    1>&2 &创建服务openstack service create --name glance --description "OpenStack Image"    image   1>&2 &openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user nova      admin    1>&2 &openstack role add --project service --user neutron   admin    1>&2 &openstack role add --project service --user cinder    admin    1>&2 &openstack role add --project service --user placement admin    1>&2 &创建服务openstack service create --name glance --description "OpenStack Image"    image   1>&2 &openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user nova      admin    1>&2 &openstack role add --project service --user neutron   admin    1>&2 &openstack role add --project service --user cinder    admin    1>&2 &openstack role add --project service --user placement admin    1>&2 &创建服务openstack service create --name glance --description "OpenStack Image"    image   1>&2 &openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user placement admin    1>&2 &创建服务openstack service create --name glance --description "OpenStack Image"    image   1>&2 &openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user placement admin    1>&2 &创建服务openstack service create --name glance --description "OpenStack Image"    image   1>&2 &openstack service create --name nova   --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &
Create an endpoint (public / internal / admin)
openstack endpoint create --region RegionOne image public   http://192.168.3.220:9292  1>&2 &openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292  1>&2 &openstack endpoint create --region RegionOne image admin    http://192.168.3.220:9292  1>&2 &
openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1 1>&2 &

If the service is wrong, delete the endpoint first, then delete the service. Delete the method first, then list openstack service / project delete [ID]
Next, verify the unset OS_AUTH_URL OS_PASSWORDadmin user openstack --os-auth-url http://192.168.3.220:35357/v3- os-project-domain-name default --os-user-domain-name default \-os-project-name admin --os-username admin token issuedemo user openstack --os-auth-url http: //192.168. 3.220: 5000 / v3 --os-project-domain-name default --os-user-domain-name default \-os-project-name demo --os-username demo token issue demosource demo- openstack / admin-openstack openstack token issue
[root @ Controller220 ~] # openstack token issue (The error information of the wrong password) The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48) --- -------------------------------------------------- -------------------------------------------------- ---------------- glance
-----------------------------------------------------------------------------------------------------------------------yum install -y openstack-glance[root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF[root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF[database]connection = mysql+pymysql://glance:[email protected]/glance[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF初始化数据库
su -s /bin/sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance;show tables;' 
systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance-api openstack-glance-registry
openstack image list (blank is normal, because there is no mirror, there will be data after upload) glance image-list (list mirror) wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4- x86_64-disk.img (Official small image) Upload image source admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --public =============================================== ================================================== ================ placement ================================= ================================================== ============================== yum install openstack-placement-api -ycat> /etc/placement/placement.conf << EOF [api] auth_strategy = keystone [cors] [keystone_authtoken] auth_url = http://192.168.3.220:5000/v3memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = placementpassword = placement[placement_database]connection = mysql+pymysql://placement:[email protected]/placementEOFsu -s /bin/sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement;show tables;'placement-status upgrade check 
-------------------------------------------------- -------------------------------------------------- --------------------
NOVAAPI is responsible for receiving and responding to external requests, supporting openstackAPI, EC2 APICert: responsible for identity authentication EC2Scheduler: for cloud host scheduling Conductor: computing node access data Middleware Consoleauth: Used for console authorization verification Novncproxy: vnc proxy -------------------------------------------------- ------------------------------------
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler[root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF[DEFAULT]use_neutron=Truefirewall_driver=nova.virt.firewall.NoopFirewallDriverenabled_apis=osapi_compute,metadatarpc_backend = rabbit[oslo_messaging_rabbit]rabbit_host=192.168.3.220rabbit_userid = openstackrabbit_password = openstack[api]auth_strategy=keystone[api_database]connection = mysql+pymysql://nova:[email protected]/nova_api[database]connection = mysql+pymysql://nova:[email protected]/nova[glance]api_servers=http://192.168.3.220:9292[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = nova[oslo_concurrency]lock_path=/var/lib/nova/tmp[vnc]vncserver_listen= 0.0.0.0vncserver_proxyclient_address=192.168.3.220[placement]os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://192.168.3.220:35357/v3username = placementpassword = placementEOF[root@Controller220 ~]# cat  > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF<Directory /usr/bin>   <IfVersion >= 2.4>      Require all granted   </IfVersion>   <IfVersion < 2.4>      Order allow,deny      Allow from all   </IfVersion></Directory>EOFsystemctl restart httpd同步nova-api数据库su -s /bin/sh -c "nova-manage api_db sync"nova registered cell0 database su -s / bin / sh -c "nova-manage cell_v2 list_cells" nova creates cell1's cellsu -s / bin / sh -c "nova-manage cell_v2 create_cell --name = cell1 --verbose" nova sync nova database su -s / bin / sh -c "nova-manage db sync" nova verifies that the registration of cell0 and cell1 is correct nova-manage cell_v2 list_cellsmysql -unova -pnova -e "use nova; show tables; use nova_api; show tables ; "systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-console && systemctl restart openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova -api openstack-nova-console openstack-nova-scheduleryum install libibverbs -y Nova service registration has been done openstack service create --name nova --description "Openstack Compute"compute openstack endpoint create --region RegionOne compute public   http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute admin    http://192.168.3.220:8774/v2.1
openstack service create --name placement --description "Placement API" placementopenstack endpoint create --region RegionOne placement public http://192.168.3.220:8778openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778
nova service-list &&  nova endpoints

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@

Guess you like

Origin www.cnblogs.com/Leaders543/p/12688946.html
Recommended
Linus is the most active in "eating dog food"!
Ranking
Share good programmer web front-end array and sorting, de-duplication and random roll call
Compilation error caused by cv_bridge and python version problems error: return-statement with no value, in function returning'void*' [-fpe
魔众帮助中心系统 v3.1.0 首页切换器,界面优化
Die beim Millimeterwellenradar-Integrationstest aufgetretene Grube (Multiprozessbindung an einen UDP-Port verursacht Probleme)
How to suppress the "requires transitive directive for an automatic module" warning properly?
LeetCode-1743. Restore the Array From Adjacent Pairs-Analysis and Code (Java)
Summer 2019 Summer soft essay 7 workers
Python中Assert断言的使用语法和例子
LeetCode one question per day (2021-2-3 sliding window median)
Fairchild, the ancestor of semiconductors, the legend of the first trillion-dollar start-up
Daily
More
2024-05-20(5)
2024-05-19(0)
2024-05-18(31)
2024-05-17(6)
2024-05-16(23)
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)

Code World

© 2018 codetd.com