文章目錄
準備環境
選擇虛拟機類型
主7.6 節點7.2 安裝者請自行配置設定ip到控制端,節點和資料庫。
最小化安裝,直接啟用自帶的yum源,
更改主機名
[[email protected] ~]# cat /etc/hostname
linux-host1.exmaple.com
修改hosts檔案
[[email protected] ~]# cat /etc/hosts
192.168.10.201 linux-host1.exmaple.com linux-host1
關閉防火牆和selinux
[[email protected] ~]# systemctl disable firewalld.
[[email protected] ~]# systemctl disable NetworkManager
[[email protected] ~]# vim /etc/selinux/config
SELINUX=disabled
同步時間
[[email protected] ~]#rm -rf /etc/localtime #删除錯誤的時間
[[email protected] ~]#ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #建立連接配接到上海時間
[[email protected] ~]#ntpdate time1.aliyun.com
[[email protected] ~]#hwclock -w
[[email protected] ~]#crontab -e
*/5 * * * * /sbin/ntpdate time1.aliyun.com && hwclock -w
安裝認證服務–keystone
1.不同主機的操作
1.檢視所有openstack版本,我們選擇的是stein版本
[[email protected] ~]# yum list centos-release-openstack*
centos-release-openstack-ocata.noarch 1-2.el7 extras
centos-release-openstack-pike.x86_64 1-1.el7 extras
centos-release-openstack-queens.noarch 1-2.el7.centos extras
centos-release-openstack-rocky.noarch 1-1.el7.centos extras
centos-release-openstack-stein.noarch 1-1.el7.centos extras
2.控制機器和節點機都要安裝,這是openstack源
[[email protected] ~]# yum install centos-release-openstack-stein.noarch
[[email protected] ~]# yum install centos-release-openstack-stein.noarch
[[email protected] ~]# yum install centos-release-openstack-stein.noarch -y
3.安裝元件,controller和node安裝
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y
4.安裝資料庫
因為我們是拆分的是以要分開裝,node裝mariadb
# yum install mariadb mariadb-server python2-PyMySQL
[[email protected] ~]# yum install mariadb mariadb-server -y
[[email protected] ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# systemctl enable mariadb.service
[[email protected] ~]# mysql_secure_installation #初始化資料庫,密碼是123456 其餘全是y
5.安裝消息隊列 message queue
[[email protected] ~]# yum install rabbitmq-server
[[email protected] ~]# systemctl enable rabbitmq-server.service
[[email protected] ~]# systemctl start rabbitmq-server.service
[[email protected] ~]# rabbitmqctl add_user openstack openstack123 #設定openstack123 為密碼
[[email protected] ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #設定權限
#可以啟動[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management
http://192.168.41.111:15672/#/ guest guest
6.安裝memcached
[[email protected] ~]# yum install memcached python-memcached python2-PyMySQL #pymysql是因為控制和node分開是以單獨裝
[[email protected] ~]# yum install memcached #資料庫端安裝
[[email protected] ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached" #賬号
MAXCONN="1024" #最大連接配接數
CACHESIZE="1024" #最大大小
OPTIONS="-l 0.0.0.0,::1"
[[email protected] ~]#systemctl restart memcached
[[email protected] ~]#systemctl enable memcached
7.安裝服務
#資料庫服務
[[email protected] ~]# mysql -uroot -p123456 -h127.0.0.1
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
[[email protected] ~]#yum install mysql -y #建立資料庫測試連接配接
[[email protected] ~]# mysql -ukeystone -pkeystone123 -h 192.168.41.115
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
+--------------------+
#http服務
[[email protected] ~]# yum install openstack-keystone httpd mod_wsgi -y
[[email protected] ~]# vim /etc/keystone/keystone.conf
[database] #可以通過\[database] 精确找到
connection = mysql+pymysql://keystone:[email protected]/keystone #此處把位址換成域名了。
[token]
provider = fernet
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.41.111:80
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化資料庫,此時可以到115去檢視生成的表的資料。
[[email protected] ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = d2f60b7ec753e9bfc799 #這串代碼是openssl rand -hex 10 生成
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #重新初始化
8.建立域,使用者,項目,角色
[[email protected] ~]# export OS_TOKEN=d2f60b7ec753e9bfc799 #重新打開一個視窗2,代碼是上面生成的
[[email protected] ~]# export OS_URL=http://192.168.41.111:5000/v3
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# systemctl start httpd && systemctl enable httpd
[[email protected] ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | edf2085ad5c7434e84beb3c3d6dec573 |
| name | default |
| tags | [] |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default --description "Admin Project" Admin #要在剛才的啟動環境變量的視窗2進行
[[email protected] ~]# openstack project list
[[email protected] ~]# openstack project --help #可以進行項目的操作。
[[email protected] ~]# openstack user create --domain default --password-prompt admin #建立角色賬号密碼為admin
[[email protected] ~]# openstack role create admin #建立角色
[[email protected] ~]# openstack role list #檢視建立的角色
[[email protected] ~]# openstack role add --project Admin --user admin admin #加入到項目裡面
[[email protected] ~]# openstack project create --domain default --description "Demo Project" demo #建立demo的示範項目
[[email protected] ~]# openstack user create --domain default --password-prompt demo #密碼設定為demo
[[email protected] ~]# openstack role create user #建立user角色,權限較小。
[[email protected] ~]# openstack role add --project demo --user demo user #demo使用者添加到demo項目。
[[email protected] ~]# openstack project create --domain default --description "Service Project" service #建立service項目
[[email protected] ~]# openstack service create --name keystone --description "OpenStack Identity" identity #建立類型為identity的檔案。
[[email protected] ~]# openstack service list #檢視建立的service
[[email protected] ~]#openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3 #公共點
[[email protected] ~]#openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3 #管理點
[[email protected] ~]#openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3 #私有點
[[email protected] ~]# openstack endpoint list #确認下是否制作成功,保證端口号是5000
#[[email protected] ~]#openstack endpoint delete id号碼 #如果錯誤了進行删除,防止出錯最好全删除了。
#測試keystone是否可以做驗證
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3 #新打開一個視窗,聲明 環境變量僅對本視窗有效
#運作完下面指令後産生一個user_id 相當于openstack user list 的id同理project也一樣
[[email protected] ~]# openstack --os-auth-url http://openstack-vip.magedu.net:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
[[email protected] ~]# mkdir /root/scripts #建立兩個腳本的檔案夾
[[email protected] ~]# vim scripts/admin-stein.sh #建立admin的腳本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# vim scripts/demo-stein.sh #建立demo的腳本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#新打開一個視窗檢測生效性
[[email protected] ~]# source scripts/admin-stein.sh
[[email protected] ~]# cat scripts/admin-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# echo $OS_AUTH_URL
http://openstack-vip.magedu.net:5000/v3
[[email protected] ~]# openstack token issue
#如果報錯設定監聽,安裝haproxy
[[email protected] ~]# vim /etc/haproxy/haproxy.conf
listen mysql
bind 192.168.41.111:3306 #本地
mode tcp
log global
server mysql 192.168.41.115:3306 check #資料庫
listen memcached
bind 192.168.41.111:11211
mode tcp
log global
server mysql 192.168.41.115:11211 check