文章目录
准备环境
选择虚拟机类型
主7.6 节点7.2 安装者请自行分配ip到控制端,节点和数据库。
最小化安装,直接启用自带的yum源,
更改主机名
[[email protected] ~]# cat /etc/hostname
linux-host1.exmaple.com
修改hosts文件
[[email protected] ~]# cat /etc/hosts
192.168.10.201 linux-host1.exmaple.com linux-host1
关闭防火墙和selinux
[[email protected] ~]# systemctl disable firewalld.
[[email protected] ~]# systemctl disable NetworkManager
[[email protected] ~]# vim /etc/selinux/config
SELINUX=disabled
同步时间
[[email protected] ~]#rm -rf /etc/localtime #删除错误的时间
[[email protected] ~]#ln -sv /usr/share/zoneinfo/Asia/Shanghai /etc/localtime #创建连接到上海时间
[[email protected] ~]#ntpdate time1.aliyun.com
[[email protected] ~]#hwclock -w
[[email protected] ~]#crontab -e
*/5 * * * * /sbin/ntpdate time1.aliyun.com && hwclock -w
安装认证服务–keystone
1.不同主机的操作
1.查看所有openstack版本,我们选择的是stein版本
[[email protected] ~]# yum list centos-release-openstack*
centos-release-openstack-ocata.noarch 1-2.el7 extras
centos-release-openstack-pike.x86_64 1-1.el7 extras
centos-release-openstack-queens.noarch 1-2.el7.centos extras
centos-release-openstack-rocky.noarch 1-1.el7.centos extras
centos-release-openstack-stein.noarch 1-1.el7.centos extras
2.控制机器和节点机都要安装,这是openstack源
[[email protected] ~]# yum install centos-release-openstack-stein.noarch
[[email protected] ~]# yum install centos-release-openstack-stein.noarch
[[email protected] ~]# yum install centos-release-openstack-stein.noarch -y
3.安装组件,controller和node安装
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y
[[email protected] ~]# yum install python-openstackclient openstack-selinux -y
4.安装数据库
因为我们是拆分的所以要分开装,node装mariadb
# yum install mariadb mariadb-server python2-PyMySQL
[[email protected] ~]# yum install mariadb mariadb-server -y
[[email protected] ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[[email protected] ~]# systemctl start mariadb.service
[[email protected] ~]# systemctl enable mariadb.service
[[email protected] ~]# mysql_secure_installation #初始化数据库,密码是123456 其余全是y
5.安装消息队列 message queue
[[email protected] ~]# yum install rabbitmq-server
[[email protected] ~]# systemctl enable rabbitmq-server.service
[[email protected] ~]# systemctl start rabbitmq-server.service
[[email protected] ~]# rabbitmqctl add_user openstack openstack123 #设置openstack123 为密码
[[email protected] ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #设置权限
#可以启动[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management
http://192.168.41.111:15672/#/ guest guest
6.安装memcached
[[email protected] ~]# yum install memcached python-memcached python2-PyMySQL #pymysql是因为控制和node分开所以单独装
[[email protected] ~]# yum install memcached #数据库端安装
[[email protected] ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached" #账号
MAXCONN="1024" #最大连接数
CACHESIZE="1024" #最大大小
OPTIONS="-l 0.0.0.0,::1"
[[email protected] ~]#systemctl restart memcached
[[email protected] ~]#systemctl enable memcached
7.安装服务
#数据库服务
[[email protected] ~]# mysql -uroot -p123456 -h127.0.0.1
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
[[email protected] ~]#yum install mysql -y #创建数据库测试连接
[[email protected] ~]# mysql -ukeystone -pkeystone123 -h 192.168.41.115
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
+--------------------+
#http服务
[[email protected] ~]# yum install openstack-keystone httpd mod_wsgi -y
[[email protected] ~]# vim /etc/keystone/keystone.conf
[database] #可以通过\[database] 精确找到
connection = mysql+pymysql://keystone:[email protected]/keystone #此处把地址换成域名了。
[token]
provider = fernet
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.41.111:80
[[email protected] ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #初始化数据库,此时可以到115去查看生成的表的数据。
[[email protected] ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = d2f60b7ec753e9bfc799 #这串代码是openssl rand -hex 10 生成
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #重新初始化
8.创建域,用户,项目,角色
[[email protected] ~]# export OS_TOKEN=d2f60b7ec753e9bfc799 #重新打开一个窗口2,代码是上面生成的
[[email protected] ~]# export OS_URL=http://192.168.41.111:5000/v3
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# systemctl start httpd && systemctl enable httpd
[[email protected] ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | edf2085ad5c7434e84beb3c3d6dec573 |
| name | default |
| tags | [] |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default --description "Admin Project" Admin #要在刚才的启动环境变量的窗口2进行
[[email protected] ~]# openstack project list
[[email protected] ~]# openstack project --help #可以进行项目的操作。
[[email protected] ~]# openstack user create --domain default --password-prompt admin #创建角色账号密码为admin
[[email protected] ~]# openstack role create admin #创建角色
[[email protected] ~]# openstack role list #查看创建的角色
[[email protected] ~]# openstack role add --project Admin --user admin admin #加入到项目里面
[[email protected] ~]# openstack project create --domain default --description "Demo Project" demo #创建demo的演示项目
[[email protected] ~]# openstack user create --domain default --password-prompt demo #密码设置为demo
[[email protected] ~]# openstack role create user #创建user角色,权限较小。
[[email protected] ~]# openstack role add --project demo --user demo user #demo用户添加到demo项目。
[[email protected] ~]# openstack project create --domain default --description "Service Project" service #创建service项目
[[email protected] ~]# openstack service create --name keystone --description "OpenStack Identity" identity #创建类型为identity的文件。
[[email protected] ~]# openstack service list #查看创建的service
[[email protected] ~]#openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3 #公共点
[[email protected] ~]#openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3 #管理点
[[email protected] ~]#openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3 #私有点
[[email protected] ~]# openstack endpoint list #确认下是否制作成功,保证端口号是5000
#[[email protected] ~]#openstack endpoint delete id号码 #如果错误了进行删除,防止出错最好全删除了。
#测试keystone是否可以做验证
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3 #新打开一个窗口,声明 环境变量仅对本窗口有效
#运行完下面指令后产生一个user_id 相当于openstack user list 的id同理project也一样
[[email protected] ~]# openstack --os-auth-url http://openstack-vip.magedu.net:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
[[email protected] ~]# mkdir /root/scripts #创建两个脚本的文件夹
[[email protected] ~]# vim scripts/admin-stein.sh #创建admin的脚本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# vim scripts/demo-stein.sh #创建demo的脚本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#新打开一个窗口检测生效性
[[email protected] ~]# source scripts/admin-stein.sh
[[email protected] ~]# cat scripts/admin-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=Admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# echo $OS_AUTH_URL
http://openstack-vip.magedu.net:5000/v3
[[email protected] ~]# openstack token issue
#如果报错设置监听,安装haproxy
[[email protected] ~]# vim /etc/haproxy/haproxy.conf
listen mysql
bind 192.168.41.111:3306 #本地
mode tcp
log global
server mysql 192.168.41.115:3306 check #数据库
listen memcached
bind 192.168.41.111:11211
mode tcp
log global
server mysql 192.168.41.115:11211 check