![CentOS6搭建Openstack[Icehouse]控制节点](https://www.slll.info/wp-content/uploads/2017/03/logo.png "CentOS6搭建Openstack[Icehouse]控制节点"){kind=logo}
![CentOS6搭建Openstack[Icehouse]控制节点 - 1](https://www.slll.info/wp-content/plugins/wp-images-lazy-loading/images/grey.gif "CentOS6搭建Openstack[Icehouse]控制节点 - 1")
OpenStack是IaaS(基礎設施即服務)軟件,讓任何人都可以自行建立和提供雲端運算服務。此外,OpenStack也用作建立防火牆內的「私有雲」(Private Cloud),提供機構或企業內各部門共享資源。
-Wiki
好久没有更新博客了,最近事情太多了,最近按照官方文档搭建了一下openstack环境,搭成功了。
我配置的openstack所有节点都是单网卡,但生产环境中应该把管理网络和外网分开来,我这里只做个安装过程的示范。
基本环境配置
1.配置hosts文件使多节点间能相互通讯
/etc/hosts #控制节点(负责keystone验证、glance镜像存储等服务) 192.168.1.100 CloudController #计算节点 192.168.1.101 CloudNova #网络节点 192.168.1.102 CloudNeutron
2.配置yum源
yum install https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/rdo-release-icehouse-4.noarch.rpm yum install http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm #安装好openstack的源后要修改源文件里面的baseurl vim /etc/yum.repo.d/rdorelease.repo https://repos.fedorapeople.org/repos/openstack/EOL/openstack-icehouse/epel-6/
3.安装gmp6.1
后面配置keystone的时候会提示gmp版本过低,所以编译安装新版本呢的GMP
#安装编译所需的软件 yum -y groupinstall "Development tools" yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-developenssl-devel zlib-devel bzip2-devel ncurses-devel #下载GMP wget --no-check-certificate https://gmplib.org/download/gmp/gmp-6.1.0.tar.xz xz -d gmp-6.1.0.tar.xz tar xvf gmp-6.1.0.tar.xz cd gmp-6.1.0 ./configure make make check make install
4.安装配置openstack
安装openstack基本配置工具和openstackselinux管理工具,更新系统并重启
yum install openstack-utils yum install openstack-selinux yum update reboot
5.安装ntp服务器和mysql服务器
yum install ntp service ntpd start chkconfig ntpd on yum install mysql mysql-server MySQL-python vim /etc/my.cnf #在[mysqld]下添加下列语句,绑定IP和修改字符集 bind-address = 192.168.1.100 default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 service mysqld start chkconfig mysqld on mysql_install_db mysql_secure_installation
6.安装消息服务器
yum install qpid-cpp-server vim /etc/qpidd.conf #设置auth为no auth=no service qpidd start chkconfig qpidd on
Keystone认证组件基本配置(你可以使用openstack-config来配置也可以直接编辑配置文件)
1.
yum install openstack-keystone python-keystoneclient openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:123@CloudController/keystone #建立keystone数据库并建立keystone用户 mysql -u root -p create database keystone; grant all privileges on keystone.* to 'keystone'@'localhost' identified by '123'; grant all privileges on keystone.* to 'keystone'@'%' identified by '123'; exit #初始化数据库 su -s /bin/sh -c "keystone-manage db_sync" keystone #利用openssl生成token值赋值到变量 $ADMIN_TOKEN=$(openstack rand -hex 10) #输出变量查看token值(后面要用到,最好复制下) echo $ADMIN_TOKEN #将token应用到keystone openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token $ADMIN_TOKEN keystone-manage pki_setup --keystone-user keystone --keystone-group keystone chown -R keystone:keystone /etc/keystone/ssl chmod -R o-rwx /etc/keystone/ssl service openstack-keystone start chkconfig openstack-keystone onw #定期清除过期token (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
2.keystone创建管理员等基本账户
export OS_SERVICE_TOKEN=[生成的token值] export OS_SERVICE_ENDPOINT=http://CloudController:35357/v2.0 #建立管理员用户/角色/租户并关联起来 keystone user-create --name=admin --pass=123 [email protected] keystone role-create --name=admin keystone tenant-create --name=admin --description="Admin Tenant" keystone user-role-add --user=admin --tenant=admin --role=admin keystone user-role-add --user=admin --role=_member_ --tenant=admin #建立演示账户并关联 keystone user-create --name=demo --pass=123 [email protected] keystone tenant-create --name=demo --description="Demo Tenant" keystone user-role-add --user=demo --role=_member_ --tenant=demo #建立service租户用并建立keystone服务且注册keystone节点 keystone tenant-create --name=service --description="Service Tenant" keystone service-create --name=keystone --type=identity --description="OpenStack Identity" keystone endpoint-create --service-id=$(keystone service-list | awk '/ identity / {print $2}') --publicurl=http://CloudController:5000/v2.0 --internalurl=http://CloudController:5000/v2.0 --adminurl=http://CloudController:35357/v2.0CloudController #建立一个admin-openrc.sh,执行keystone语句如果出现token问题只需执行这个文件加载一下变量就行了 vim /root/admin-openrc.sh export OS_USERNAME=admin export OS_PASSWORD=123 export OS_TENANT_NAME=admin export OS_AUTH_URL=http://CloudController:35357/v2.0 source ~/admin-openrc.sh #验证keystone是否配置成功 keystone token-get
Glance镜像存储组件安装与基本配置
yum install openstack-glance python-glanceclient #将glance与数据库进行连接 openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:glance@CloudController/glance openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:glance@CloudController/glance #建立glance数据库和用户 mysql -u root -p create database glance; grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance'; grant all privileges on glance.* to 'glance'@'%' identified by 'glance'; exit #初始化数据库 su -s /bin/sh -c "glance-manage db_sync" glance #通过keystone验证glance服务 keystone user-create --name=glance --pass=glance [email protected] keystone user-role-add --user=glance --tenant=service --role=admin openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://CloudController:5000 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_host CloudController openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_protocol http openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_tenant_name service openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_user glance openstack-config --set /etc/glance/glance-api.conf keystone_authtoken admin_password 123 openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://CloudController:5000 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_host CloudController openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_protocol http openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_tenant_name service openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_user glance openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken admin_password 123 openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone #建立glance服务并注册节点 keystone service-create --name=glance --type=image --description="OpenStack Image Service" keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://CloudController:9292 --internalurl=http://CloudController:9292 --adminurl=http://CloudController:9292 service openstack-glance-api start service openstack-glance-registry start chkconfig openstack-glance-api on chkconfig openstack-glance-registry on #测试glance服务是否配置成功(出现token问题记得执行下source admin-openrc.sh) wget http://download.cirros-cloud.net/0.3.2/cirros-0.3.2-x86_64-disk.img glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.2-x86_64-disk.img glance image-list
Nova服务组件安装配置
yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient #配置nova与数据库连接 openstack-config --set /etc/nova/nova.conf database connection mysql://nova:123@CloudController/nova #配置nova使用qpid消息服务器 openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend qpid #配置VNC服务器(填写控制节点IP地址) openstack-config --set /etc/nova/nova.conf DEFAULT qpid_hostname CloudController openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.1.100 openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 192.168.1.100 openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.1.100 #建立nova数据库与用户 mysql -u root -p create database nova; grant all privileages on nova.* to 'nova'@'localhost' identified by '123'; grant all privileages on nova.* to 'nova'@'%' identified by '123'; exit; #初始化nova数据库 su -s /bin/sh -c "nova-manage db sync" nova #将nova通过keystone进行认证 keystone user-create --name=nova --pass=nova [email protected] keystone user-role-add --user=nova --tenant=service --role=admin openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://CloudController:5000 openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_host CloudController openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_protocol http openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password 123 #建立nova服务并注册节点 keystone service-create --name=nova --type=compute --description="OpenStack Compute" keystone endpoint-create --service-id=$(keystone service-list | awk '/ compute / {print $2}') --publicurl=http://controller:8774/v2/%\(tenant_id\)s --internalurl=http://CloudController:8774/v2/%\(tenant_id\)s --adminurl=http://controller:8774/v2/%\(tenant_id\)s service openstack-nova-api start service openstack-nova-cert start service openstack-nova-consoleauth start service openstack-nova-scheduler start service openstack-nova-conductor start service openstack-nova-novncproxy start chkconfig openstack-nova-api on chkconfig openstack-nova-cert on chkconfig openstack-nova-conductor on chkconfig openstack-nova-scheduler on chkconfig openstack-nova-consoleauth on chkconfig openstack-nova-novncproxy on #测试nova服务 nova image-list
Neutron组件安装配置
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient #建立neutron用户并注册节点 keystone user-create --name neutron --pass 123 --email [email protected] keystone user-role-add --user neutron --tenant service --role admin keystone service-create --name=neutron --type=network --description="OpenStack Networking" keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://CloudController:9696 --adminurl http://CloudController:9696 --internalurl http://CloudController:9696 #将neutron与数据库进行连接 openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:123@CloudController/neutron #建立neutron数据库 mysql -u root -p create database neutron; grant all privileages on neutron.* to 'neutron'@'localhost' identified by '123'; grant all privileages on neutron.* to 'neutron'@'%' identified by '123'; exit; #将neutron与keyston验证 openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://CloudController:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_host CloudController openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_protocol http openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_port 35357 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password 123 #配置neutron使用qpid消息服务 openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend neutron.openstack.common.rpc.impl_qpid openstack-config --set /etc/neutron/neutron.conf DEFAULT qpid_hostname CloudController #配置网络拓扑变化通知 openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://CloudController:8774/v2 openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/ service / { print $2 }') openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password 123 openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://CloudController:35357/v2.0 #配置neutron关联ML2插件(ML2利用ovs来构建虚拟网络框架,但控制节点不需要ovs,因为目前的搭建结构控制节点不处理虚拟机网络通信,具体怎么样博主也在学习,所以可能这句话是错的) openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router #配置ML2插件使用GRE模式(是不是觉得openstack模式很复杂?这里的GRE模式是类似交换机VLAN的东西) openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers gre openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000 openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True #配置nova节点keystone认证 openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API openstack-config --set /etc/nova/nova.conf DEFAULT neutron_url http://CloudController:9696 openstack-config --set /etc/nova/nova.conf DEFAULT neutron_auth_strategy keystone openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_tenant_name service openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_username neutron openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_password 123 openstack-config --set /etc/nova/nova.conf DEFAULT neutron_admin_auth_url http://CloudController:35357/v2.0 openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron security_group_api neutron #建立ML2软连接 ln -s plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini service openstack-nova-api start service openstack-nova-scheduler start service openstack-nova-conductor start service neutron-server start chkconfig neutron-server on
2016-8更新openstack控制面板安装
#安装dashboard组件
yum install memcached python-memcached mod_wsgi openstack-dashboard
#修改/etc/openstack-dashboard/local_setting文件
#修改Allowed_hosts允许任何主机访问控制面板
ALLOWED_HOSTS = ['*']
#修改缓存会话服务的location为127.0.0.1:11211
CACHES = {
'default': {
'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION' : '127.0.0.1:11211',
}
}
#重启服务并添加到开机启动
service httpd restart
chkconfig httpd on
service memcached restart
chkconfig memcached on
到此一游,立贴为证!
确实不错,这个要实话实说!