yum install -y bash-completion lrzsz wget unzip ntpdate screen iotop lsof ntpdate time1.aliyun.com yum install -y yum-plugin-ugin-priorities setenforce 0 echo 'Controller220/node221' > /etc/hostname [root@220 ~]# systemctl restart NetworkManager [root@220 ~]# hostname Controller220/node221 Controller220/node221 [root@220 ~]# bash yum install chrony -y vim /etc/chrony.conf ————>allow 192.168.3.0/24 systemctl enable chronyd && systemctl restart chronyd systemctl stop firewalld && systemctl disable firewalld.service setenforce 0 [root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF [openstack] name=openstack mirrors.aliyun.com baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/ enabled=1 gpgcheck=0 EOF yum install epel-release -y yum clean all yum clean metadata yum install -y centos-release-openstack-queens yum upgrade -y Controller220 节点 yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbs yum localinstall -y /root/openstack/* yum install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack -nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-server cat> / etc /my.cnf.d/openstack.cnf << EOF [mysqld] bind-address = 192.168.3.220 default-storage-engine = innodb #default storage engine innodb_file_per_table = on #each table independent table space file max_connections = 4096 #max Number of connections collation-server = utf8_general_ci #Default character set character-set-server = utf8 EOF systemctl enable mariadb memcached && systemctl restart mariadb memcached 初始化数据库 mysql_secure_installation yum install rabbitmq-server erlang -y erl -v systemctl enable rabbitmq-server && systemctl restart rabbitmq-server rabbitmqctl add_user openstack openstack rabbitmqctl set_permissions openstack ".*" ".*" ".*" sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g' /etc/sysconfig/memcached systemctl enable memcached && systemctl restart memcached rabbitmq-plugins enable rabbitmq_management (启动web界面) [root@Controller220 ~]# rabbitmq-plugins list |grep management [E] rabbitmq_management 3.3.5 [root@Controller220 ~]# lsof -i:15672 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME beam.smp 31539 rabbitmq 17u IPv4 51731 0t0 TCP *:15672 (LISTEN) ip:15672 u:guest p:guest ---------------------------------------------------------------------------------------------------------------- keystone:用户认证,服务目录 ---------------------------------------------------------------------------------------------------------------- yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi mysql -uroot -p123qwe -e "\ create database if not exists keystone; \ create database if not exists glance;\ create database if not exists nova;\ create database if not exists nova_api;\ create database if not exists neutron; \ create database if not exists cinder;\ create database if not exists placement;\ grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\ grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; \ grant all on glance.* to 'glance'@'localhost' identified by 'glance';\ grant all on glance.* to 'glance'@'%' identified by 'glance'; \ grant all on nova.* to 'nova'@'localhost' identified by 'nova'; \ grant all on nova.* to 'nova'@'%' identified by 'nova'; \ grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';\ grant all on nova_api.* to 'nova'@'%' identified by 'nova'; \ grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; grant all on neutron.* to 'neutron'@'%' identified by 'neutron';\ grant all on cinder.* to 'cinder'@'localhost' identified by 'cinder';\ grant all on cinder.* to 'cinder'@'%' identified by 'cinder'; grant all on placement.* to 'placement'@'localhost' identified by 'placement';\ grant all on placement.* to 'placement'@'%' identified by 'placement';\ flush privileges;\ show databases;\ select user,host from mysql.user;" (改如下) cat > /etc/keystone/keystone.conf <<EOF [database] connection = mysql+pymysql://keystone:[email protected]/keystone [memcache] servers = 192.168.3.220:11211 initialize the database EOF to driver = memcache [token] provider = fernet su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;" 初始化Fernet keys: keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 建立admin用户 keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://192.168.3.220:35357/v3/ \ --bootstrap-internal-url http://192.168.3.220:35357/v3/ --bootstrap-public-url http://192.168.3.220:5000/v3/ \ --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;" vim /etc/httpd/conf/httpd.conf ——————> ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf) [root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> systemctl enable httpd && systemctl restart httpd [root@Controller220 ~]# netstat -lntp Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 30547/mysqld tcp 0 0 192.168.3.220:11211 0.0.0.0:* LISTEN 48071/memcached tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 30975/epmd tcp6 0 0 :::35357 :::* LISTEN 51483/httpd tcp6 0 0 :::5000 :::* LISTEN 51483/httpd tcp6 0 0 :::5672 :::* LISTEN 31539/beam.smp tcp6 0 0 :::80 :::* LISTEN 51483/httpd tcp6 0 0 :::4369 :::* LISTEN 30975/epmd cat > ~/admin-openstack << EOF export OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=default export OS_PROJECT_DOMAIN_NAME=default export OS_AUTH_URL=http://192.168.3.220:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IIMAGE_API_VERSION=2 EOF cat > ~/demo-openstack << EOF export OS_USERNAME=demo export OS_PASSWORD = demo users (the default is already admin, openstack user list has a total of 6) export OS_PROJECT_NAME=demo export OS_USER_DOMAIN_NAME=default export OS_PROJECT_DOMAIN_NAME = default export OS_AUTH_URL = http: //192.168.3.220: 5000 / v3 export OS_IDENTITY_API_VERSION = 3 export OS_IIMAGE_API_VERSION = 2 EOF source admin-openstack openstack user list (admin is created by database initialization) openstack token issue (view token) project (openstack project list plus default 3) openstack project create --domain default --description "Service Project" service 1> & 2 & openstack project create --domain default --description "Demo Project" demo 1> & 2 & role, default There is admin (the role stipulates the permissions, the default openstack role list defaults to a total of 4 menber / readers) openstack role create user 1> & 2 & openstack user create --domain default --password-prompt demo openstack user create --domain default --password-prompt glance openstack user create --domain default --password-prompt nova openstack user create --domain default --password-prompt neutron openstack user create --domain default --password-prompt cinder openstack user create --domain default --password-prompt placement 给予角色权限属性 openstack role add --project demo --user demo user 1>&2 & openstack role add --project service --user glance admin 1>&2 & openstack role add --project service --user nova admin 1>&2 & openstack role add --project service --user neutron admin 1>&2 & openstack role add --project service --user cinder admin 1>&2 & openstack role add --project service --user placement admin 1>&2 & 创建服务 openstack service create --name glance --description "OpenStack Image" image 1>&2 & openstack service create --name nova --description "Openstack Compute " compute 1>&2 & openstack service create --name placement --description "Placement API" placement 1>&2 & 创建端点endpoint(public/internal/admin) openstack endpoint create --region RegionOne image public http://192.168.3.220:9292 1>&2 & openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292 1>&2 & openstack endpoint create --region RegionOne image admin http://192.168.3.220:9292 1>&2 & openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 1>&2 & openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 & openstack endpoint create --region RegionOne placement admin http://192.168.3.220:8778 1>&2 & openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 & openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 & openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 & openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1 1>&2 & openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 & openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1 1>&2 & then verify If the service is wrong, delete the endpoint first and then delete the service. Delete the method first and then openstack service / project delete [ID] unset OS_AUTH_URL OS_PASSWORD admin user openstack --os-auth-url http://192.168.3.220:35357/v3 --os- project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue demo user openstack --os-auth-url http://192.168.3.220 : 5000 / v3 --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue Demo source demo- can be deleted after successful test openstack / admin-openstack openstack token issue [root @ Controller220 ~] # openstack token issue (wrong password error message) The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48) ----------------------------------------------------------------------------------------------------------------------- glance ----------------------------------------------------------------------------------------------------------------------- yum install -y openstack-glance [root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [keystone_authtoken] auth_uri = http://192.168.3.220:5000 auth_url = http://192.168.3.220:35357 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [paste_deploy] flavor = keystone EOF [root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF [database] connection = mysql+pymysql://glance:[email protected]/glance [keystone_authtoken] auth_uri = http://192.168.3.220:5000 auth_url = http://192.168.3.220:35357 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = glance [paste_deploy] flavor = keystone EOF --disk-format qcow2 --container-format bare --public 初始化数据库 su -s / bin / sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance; show tables;' systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance -api openstack-glance-registry openstack image list (blank is normal, because there is no mirror, there will be data after upload) glance image-list (list mirror) wget http://download.cirros-cloud.net/0.3.4 /cirros-0.3.4-x86_64-disk.img (Official small image) Upload image source admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \ ===== ================================================== ================================================== ======== placement ================================================================================================================= yum install openstack-placement-api -y cat > /etc/placement/placement.conf <<EOF [api] auth_strategy = keystone [cors] [keystone_authtoken] auth_url = http://192.168.3.220:5000/v3 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = placement [placement_database] connection = mysql + pymysql: // placement: [email protected]/placement EOF su -s / bin / sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement; show tables;' placement-status upgrade check ------------ -------------------------------------------------- -------------------------------------------------- -------- NOVA API is responsible for receiving and responding to external requests, supporting openstackAPI, EC2 API Cert: responsible for identity authentication EC2 Scheduler: for cloud host scheduling Conductor: middleware for computing nodes to access data Consoleauth: for console Authorization verification of Novncproxy: vnc proxy ------------------------------------------- -------------------------------------------------- --------------------------- yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler [root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF [DEFAULT] use_neutron=True firewall_driver=nova.virt.firewall.NoopFirewallDriver enabled_apis=osapi_compute,metadata rpc_backend = rabbit [oslo_messaging_rabbit] rabbit_host=192.168.3.220 rabbit_userid = openstack rabbit_password = openstack [api] auth_strategy=keystone [api_database] connection = mysql+pymysql://nova:[email protected]/nova_api [database] connection = mysql+pymysql://nova:[email protected]/nova [glance] api_servers=http://192.168.3.220:9292 [keystone_authtoken] auth_uri = http://192.168.3.220:5000 auth_url = http://192.168.3.220:35357 memcached_servers = 192.168.3.220:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova [oslo_concurrency] lock_path=/var/lib/nova/tmp [vnc] vncserver_listen= 0.0.0.0 vncserver_proxyclient_address=192.168.3.220 [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://192.168.3.220:35357/v3 username = placement password = placement EOF [root@Controller220 ~]# cat > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> EOF systemctl restart httpd 同步nova-api数据库 su -s /bin/sh -c "nova-manage api_db sync" nova 注册cell0数据库 su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova 创建cell1的cell su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova 同步nova数据库 su -s /bin/sh -c "nova-manage db sync" nova 验证cell0和cell1的注册是否正确 nova-manage cell_v2 list_cells mysql -unova -pnova -e "use nova;show tables;use nova_api;show tables;" systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-console && systemctl restart openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-api openstack-nova-console openstack-nova-scheduler yum install libibverbs -y 已做 Nova服务注册 openstack service create --name nova --description "Openstack Compute " compute openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1 openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 openstack endpoint create --region RegionOne placement admin http://192.168.3.220:8778 nova service-list && nova endpoints @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
yum install -y bash-completion lrzsz wget unzip ntpdate screen iotop lsofntpdate time1.aliyun.com
yum install -y yum-plugin-ugin-priorities
setenforce 0
echo 'Controller220/node221' > /etc/hostname[root@220 ~]# systemctl restart NetworkManager [root@220 ~]# hostname Controller220/node221Controller220/node221[root@220 ~]# bash
yum install chrony -yvim /etc/chrony.conf ————>allow 192.168.3.0/24systemctl enable chronyd && systemctl restart chronydsystemctl stop firewalld && systemctl disable firewalld.servicesetenforce 0
[root@Controller220 ~]# cat > /etc/yum.repos.d/openstack.repo << EOF[openstack]name=openstack mirrors.aliyun.combaseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/enabled=1gpgcheck=0EOFyum install epel-release -yyum clean allyum clean metadatayum install -y centos-release-openstack-queensyum upgrade -yController220 节点
yum --downloadonly --downloaddir=./openstack install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api libibverbsyum localinstall -y /root/openstack/*yum install -y mariadb mariadb-server MySQL-python erlang rabbitmq-server python-openstackclient centos-release-openstack-train openstack-keystone memcached python-memcached httpd mod_wsgi openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-glance mongodb-server mongodb openstack-placement-api
yum install -y python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL mongodb-server mongodb erlang rabbitmq-servercat> /etc/my.cnf.d/openstack.cnf << EOF [mysqld] bind-address = 192.168. 3.220 default-storage-engine = innodb #default storage engine innodb_file_per_table = on #each table independent table space file max_connections = 4096 #maximum number of connections collation-server = utf8_general_ci #default character set character-set-server = utf8EOFsystemctl enable mariadb memcached && systemctl restart mariadb memcached initializes the database mysql_secure_installation
yum install rabbitmq-server erlang -yerl -vsystemctl enable rabbitmq-server && systemctl restart rabbitmq-serverrabbitmqctl add_user openstack openstackrabbitmqctl set_permissions openstack ".*" ".*" ".*"sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 192.168.3.220"#g' /etc/sysconfig/memcachedsystemctl enable memcached && systemctl restart memcached
rabbitmq-plugins enable rabbitmq_management (启动web界面)[root@Controller220 ~]# rabbitmq-plugins list |grep management [E] rabbitmq_management 3.3.5
[root@Controller220 ~]# lsof -i:15672COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAMEbeam.smp 31539 rabbitmq 17u IPv4 51731 0t0 TCP *:15672 (LISTEN)ip:15672 u:guest p:guest
-------------------------------------------------- -------------------------------------------------- ------------
keystone: user authentication, service catalog
------------------------------- -------------------------------------------------- ------------------------------- yum install -y openstack-keystone memcached python-memcached httpd mod_wsgi
mysql -uroot -p123qwe -e "\create database if not exists keystone; \create database if not exists glance;\create database if not exists nova;\create database if not exists nova_api;\create database if not exists neutron; \create database if not exists cinder;\create database if not exists placement;\grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';\grant all on keystone.* to 'keystone'@'%' identified by 'keystone'; \grant all on glance.* to 'glance'@'localhost' identified by 'glance';\grant all on glance.* to 'glance'@'%' identified by 'glance'; \grant all on nova.* to 'nova'@'localhost' identified by 'nova'; \grant all on nova.* to 'nova'@'%' identified by 'nova'; \grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';\grant all on nova_api.* to 'nova'@'%' identified by 'nova'; \grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron'; grant all on neutron.* to 'neutron'@'%' identified by 'neutron';\grant all on cinder.* to 'cinder'@'localhost' identified by 'cinder';\grant all on cinder.* to 'cinder'@'%' identified by 'cinder';grant all on placement.* to 'placement'@'localhost' identified by 'placement';\grant all on placement.* to 'placement'@'%' identified by 'placement';\flush privileges;\show databases;\select user,host from mysql.user;"(改如下)cat > /etc/keystone/keystone.conf <<EOF [database]connection = mysql+pymysql://keystone:[email protected]/keystone[memcache]servers = 192.168.3.220:11211[token]provider = fernetdriver = memcacheEOF初始化数据库su -s /bin/sh -c "keystone-manage db_sync" keystone && mysql -ukeystone -pkeystone -e "use keystone;show tables;"
初始化Fernet keys:keystone-manage fernet_setup --keystone-user keystone --keystone-group keystonekeystone-manage credential_setup --keystone-user keystone --keystone-group keystone 建立admin用户keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://192.168.3.220:35357/v3/ \ --bootstrap-internal-url http://192.168.3.220:35357/v3/ --bootstrap-public-url http://192.168.3.220:5000/v3/ \ --bootstrap-region-id RegionOne && mysql -ukeystone -pkeystone -e "select * from keystone.user;"
vim /etc/httpd/conf/httpd.conf ——————> ServerName 192.168.3.220:80 (sed -i 's/ServerAdmin root@localhost/ServerName 192.168.3.220:80/g' /etc/httpd/conf/httpd.conf)
[root@Controller220 ~]# cat /etc/httpd/conf.d/wsgi.conf Listen 5000Listen 35357<VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin> Require all granted </Directory></VirtualHost>
<VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin> Require all granted </Directory></VirtualHost>
systemctl enable httpd && systemctl restart httpd
[root@Controller220 ~]# netstat -lntpActive Internet connections (only servers)Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 30547/mysqld tcp 0 0 192.168.3.220:11211 0.0.0.0:* LISTEN 48071/memcached tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 30975/epmd tcp6 0 0 :::35357 :::* LISTEN 51483/httpd tcp6 0 0 :::5000 :::* LISTEN 51483/httpd tcp6 0 0 :::5672 :::* LISTEN 31539/beam.smp tcp6 0 0 :::80 :::* LISTEN 51483/httpd tcp6 0 0 :::4369 :::* LISTEN 30975/epmd
cat > ~/admin-openstack << EOFexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFcat > ~/demo-openstack << EOFexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_PROJECT_NAME=demoexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_AUTH_URL=http://192.168.3.220:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IIMAGE_API_VERSION=2EOFsource admin-openstack
openstack user list (admin是数据库初始化建立的)openstack token issue (查看token)
Project (openstack project list plus default 3) openstack project create --domain default --description "Service Project" service 1> & 2 & openstack project create --domain default --description "Demo Project" demo 1> & 2 & role, default There is admin (the role stipulates the authority, the default openstack role list defaults to a total of 4 menber / reader) openstack role create user 1> & 2 & users (the default is already admin, openstack user list a total of 6) openstack user create --domain default- -password-prompt demoopenstack user create --domain default --password-prompt glanceopenstack user create --domain default --password-prompt novaopenstack user create --domain default --password-prompt neutronopenstack user create --domain default --password -prompt cinderopenstack user create --domain default --password-prompt placement give role permission attribute openstack role add --project demo --user demo user 1> & 2 &openstack role add --project service --user glance admin 1>&2 &openstack role add --project service --user nova admin 1>&2 &openstack role add --project service --user neutron admin 1>&2 &openstack role add --project service --user cinder admin 1>&2 &openstack role add --project service --user placement admin 1>&2 &创建服务openstack service create --name glance --description "OpenStack Image" image 1>&2 &openstack service create --name nova --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user nova admin 1>&2 &openstack role add --project service --user neutron admin 1>&2 &openstack role add --project service --user cinder admin 1>&2 &openstack role add --project service --user placement admin 1>&2 &创建服务openstack service create --name glance --description "OpenStack Image" image 1>&2 &openstack service create --name nova --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user nova admin 1>&2 &openstack role add --project service --user neutron admin 1>&2 &openstack role add --project service --user cinder admin 1>&2 &openstack role add --project service --user placement admin 1>&2 &创建服务openstack service create --name glance --description "OpenStack Image" image 1>&2 &openstack service create --name nova --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user placement admin 1>&2 &创建服务openstack service create --name glance --description "OpenStack Image" image 1>&2 &openstack service create --name nova --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &openstack role add --project service --user placement admin 1>&2 &创建服务openstack service create --name glance --description "OpenStack Image" image 1>&2 &openstack service create --name nova --description "Openstack Compute " compute 1>&2 &openstack service create --name placement --description "Placement API" placement 1>&2 &
Create an endpoint (public / internal / admin)
openstack endpoint create --region RegionOne image public http://192.168.3.220:9292 1>&2 &openstack endpoint create --region RegionOne image internal http://192.168.3.220:9292 1>&2 &openstack endpoint create --region RegionOne image admin http://192.168.3.220:9292 1>&2 &
openstack endpoint create --region RegionOne placement public http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778 1>&2 &openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1/%\(tenant_id\)s 1>&2 &openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1 1>&2 &openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1 1>&2 &
If the service is wrong, delete the endpoint first, then delete the service. Delete the method first, then list openstack service / project delete [ID]
Next, verify the unset OS_AUTH_URL OS_PASSWORDadmin user openstack --os-auth-url http://192.168.3.220:35357/v3- os-project-domain-name default --os-user-domain-name default \-os-project-name admin --os-username admin token issuedemo user openstack --os-auth-url http: //192.168. 3.220: 5000 / v3 --os-project-domain-name default --os-user-domain-name default \-os-project-name demo --os-username demo token issue demosource demo- openstack / admin-openstack openstack token issue
[root @ Controller220 ~] # openstack token issue (The error information of the wrong password) The request you have made requires authentication. (HTTP 401) (Request-ID: req-bfc4d8dd-e404-4383-8b17-c9bc113a8d48) --- -------------------------------------------------- -------------------------------------------------- ---------------- glance
-----------------------------------------------------------------------------------------------------------------------yum install -y openstack-glance[root@Controller220 ~]# cat > /etc/glance/glance-api.conf << EOF[glance_store]stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF[root@Controller220 ~]# cat > /etc/glance/glance-registry.conf <<EOF[database]connection = mysql+pymysql://glance:[email protected]/glance[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = glance[paste_deploy]flavor = keystoneEOF初始化数据库
su -s /bin/sh -c 'glance-manage db_sync' glance && mysql -uglance -pglance -e 'use glance;show tables;'
systemctl enable openstack-glance-api openstack-glance-registry && systemctl restart openstack-glance-api openstack-glance-registry
openstack image list (blank is normal, because there is no mirror, there will be data after upload) glance image-list (list mirror) wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4- x86_64-disk.img (Official small image) Upload image source admin-openstack && openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare --public =============================================== ================================================== ================ placement ================================= ================================================== ============================== yum install openstack-placement-api -ycat> /etc/placement/placement.conf << EOF [api] auth_strategy = keystone [cors] [keystone_authtoken] auth_url = http://192.168.3.220:5000/v3memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = Defaultuser_domain_name = Defaultproject_name = serviceusername = placementpassword = placement[placement_database]connection = mysql+pymysql://placement:[email protected]/placementEOFsu -s /bin/sh -c "placement-manage db sync" placement && mysql -uplacement -pplacement -e 'use placement;show tables;'placement-status upgrade check
-------------------------------------------------- -------------------------------------------------- --------------------
NOVAAPI is responsible for receiving and responding to external requests, supporting openstackAPI, EC2 APICert: responsible for identity authentication EC2Scheduler: for cloud host scheduling Conductor: computing node access data Middleware Consoleauth: Used for console authorization verification Novncproxy: vnc proxy -------------------------------------------------- ------------------------------------
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler[root@Controller220 ~]#cat > /etc/nova/nova.conf << EOF[DEFAULT]use_neutron=Truefirewall_driver=nova.virt.firewall.NoopFirewallDriverenabled_apis=osapi_compute,metadatarpc_backend = rabbit[oslo_messaging_rabbit]rabbit_host=192.168.3.220rabbit_userid = openstackrabbit_password = openstack[api]auth_strategy=keystone[api_database]connection = mysql+pymysql://nova:[email protected]/nova_api[database]connection = mysql+pymysql://nova:[email protected]/nova[glance]api_servers=http://192.168.3.220:9292[keystone_authtoken]auth_uri = http://192.168.3.220:5000auth_url = http://192.168.3.220:35357memcached_servers = 192.168.3.220:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = nova[oslo_concurrency]lock_path=/var/lib/nova/tmp[vnc]vncserver_listen= 0.0.0.0vncserver_proxyclient_address=192.168.3.220[placement]os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultauth_url = http://192.168.3.220:35357/v3username = placementpassword = placementEOF[root@Controller220 ~]# cat > /etc/httpd/conf.d/00-nova-placement-api.conf <<EOF<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion></Directory>EOFsystemctl restart httpd同步nova-api数据库su -s /bin/sh -c "nova-manage api_db sync"nova registered cell0 database su -s / bin / sh -c "nova-manage cell_v2 list_cells" nova creates cell1's cellsu -s / bin / sh -c "nova-manage cell_v2 create_cell --name = cell1 --verbose" nova sync nova database su -s / bin / sh -c "nova-manage db sync" nova verifies that the registration of cell0 and cell1 is correct nova-manage cell_v2 list_cellsmysql -unova -pnova -e "use nova; show tables; use nova_api; show tables ; "systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova-console && systemctl restart openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy openstack-nova -api openstack-nova-console openstack-nova-scheduleryum install libibverbs -y Nova service registration has been done openstack service create --name nova --description "Openstack Compute"compute openstack endpoint create --region RegionOne compute public http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute internal http://192.168.3.220:8774/v2.1openstack endpoint create --region RegionOne compute admin http://192.168.3.220:8774/v2.1
openstack service create --name placement --description "Placement API" placementopenstack endpoint create --region RegionOne placement public http://192.168.3.220:8778openstack endpoint create --region RegionOne placement internal http://192.168.3.220:8778openstack endpoint create --region RegionOne placement adminhttp://192.168.3.220:8778
nova service-list && nova endpoints
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@