uos server 1070e部署OpenStack基础篇-上篇

哈哈，今天开始部署服务器应用中最麻烦的一个开源软件OpenStack，尤其在国产化OS上面部署OpenStack的材料太少了，我写两篇记文章记录下在UOS的服务器1070e版本上完整的部署起OpenStack来，运行一个基础环境的OpenStack最小需要两个节点，而且计算节点不推荐虚拟化嵌套环境，建议使用物理测试。

因为是OpenStack的基础环境搭建，我这里使用两个节点，每个节点两块网卡的搭建。

1. 环境准备

配置域名解析：

在controller和compute节点上修改/etc/hosts添加一下内容(记得修改主机名)

#vim /etc/hosts

10.20.21.XXX controller

10.12.21.XXX compute

配置防火墙和Selinux：

在controller和compute节点上编辑selinux配置文件

#vim /etc/selinux/config

修改为SELINUX=disabled

controller和compute节点关闭防火墙

#systemctl disable firewalld.service --now

配置YUM仓库：

需开启everything、OpenStack-v仓库

配置时间同步：

controller和compute安装chrony服务

#yum install chrony -y

编辑/etc/chrony.conf文件，例如：

#vim /etc/chrony.conf

servertime.xxxxx.comiburst(根据自己本地时间服务器配置)

配置完时间源后重启服务

#systemctl start chronyd

#systemctl enable chonyd

双节点验证

#chronyc sources -v

2. 部署OpenStack-上篇

2.1 安装客户端：

两节点安装客户端

#yum install -y python3-openstackclient openstack-selinux

2.2 安装mariadb数据库：

controller节点执行

#yum install -y mariadb mariadb-server python3-PyMySQL

修改配置文件:

#vim /etc/my.cnf.d/mariadb-server.cnf

[server]

bind-address=xxx.xxx.xxx.xxxx(controller节点1的网卡1的ip）

default-storage-engine=innodb

innodb_file_per_table=on

max_connections=4096

collation-server=utf8_general_ci

character-set-server=utf8

启动数据库服务：

#systemctl enable mariadb.service

#systemctl start mariadb.service

#systemctl status mariadb.service

配置数据库密码：

# mysql_secure_installation

Enter current password for root (enter for none):回车

Set root password? [Y/n] y

New password: 000000

Re-enter new password: 000000

Remove anonymous users? [Y/n] y

Disallow root login remotely? [Y/n] n

Remove test database and access to it? [Y/n] y

Reload privilege tables now? [Y/n] y

测试数据库是否可正常登录（很重要的步骤）

#mysql -uroot -p000000

2.3 安装消息队列服务：

两节点安装客户端，安装rabbitmq消息队列

在controller节点执行

#yum install rabbitmq-server -y

#systemctl start rabbitmq-server.service

#systemctl enable rabbitmq-server.service

#systemctl status rabbitmq-server.service

添加用户并赋予权限

#rabbitmqctl add_user rabbitmq 000000

#rabbitmqctl set_permissions rabbitmq ".*" ".*" ".*"

修改rabbitmq参数

#echo "ulimit -n 65536" >> /etc/profile

#source /etc/profile

#mkdir /etc/systemd/system/rabbitmq-server.service.d

#cat > /etc/systemd/system/rabbitmq-server.service.d/limits.conf << EOF

[Service]

LimitNOFILE=65536

EOF

#systemctl daemon-reload

2.4 安装memcache：

controller节点执行

#yum install memcached -y

编辑/etc/sysconfig/memcached，修改以下内容

#vim /etc/sysconfig/memcached

OPTIONS="-l 127.0.0.1,::1,controller"

启动服务

#systemctl start memcached.service

#systemctl enable memcached.service

#systemctl status memcached.service

2.5 安装认证服务：

创建Keystone数据库，controller节点执行

#mysql -uroot -p000000

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';

flush privileges;

安装Keystone软件包

#yum install openstack-keystone httpd python3-mod_wsgi -y

配置Keystone

修改/etc/keystone/keystone.conf，在各自域修改以下内容：

#vim /etc/keystone/keystone.conf

[database]

connection=mysql+pymysql://keystone:000000@controller/keystone

[token]

provider=fernet

同步数据库

#su -s /bin/sh -c "keystone-manage db_sync" keystone

查看数据库（有输出即为成功）

#mysql -hcontroller -ukeystone -p000000 -e "use keystone;show tables;"

初始化密钥库

#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

#keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

配置引导服务

此处000000为登录OpenStack时用到的密码。

#keystone-manage bootstrap --bootstrap-password 000000 \

--bootstrap-admin-url http://controller:35357/v3/ \

--bootstrap-internal-url http://controller:5000/v3/ \

--bootstrap-public-url http://controller:5000/v3/ \

--bootstrap-region-id RegionOne

配置Apache服务

编辑/etc/httpd/conf/httpd.conf，修改为以下内容：

#vim /etc/httpd/conf/httpd.conf

ServerName controller

创建文件连接并修改

#ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

用以下内容替换/etc/httpd/conf.d/wsgi-keystone.conf文件内容：

#vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000

Listen 35357

<VirtualHost *:5000>

WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-public

WSGIScriptAlias / /usr/bin/keystone-wsgi-public

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>

Require all granted

</Directory>

</VirtualHost>

<VirtualHost *:35357>

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-admin

WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

WSGIApplicationGroup %{GLOBAL}

WSGIPassAuthorization On

ErrorLogFormat "%{cu}t %M"

ErrorLog /var/log/httpd/keystone-error.log

CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>

Require all granted

</Directory>

</VirtualHost>

启动服务

#systemctl enable httpd.service

#systemctl start httpd.service

设置环境变量

# export OS_USERNAME=admin

# export OS_PASSWORD=000000

# export OS_PROJECT_NAME=admin

# export OS_USER_DOMAIN_NAME=Default

# export OS_PROJECT_DOMAIN_NAME=Default

# export OS_AUTH_URL=http://controller:35357/v3

# export OS_IDENTITY_API_VERSION=3

创建项目

创建service项目

#openstack project create --domain default --description "Service Project" service

创建demo项目

#openstack project create --domain default --description "Demo Project" demo

创建demo用户

#openstack user create --domain default --password-prompt demo

设置密码建议先使用000000

创建user角色#openstack role create user

添加user角色到demo项目和用户

#openstack role add --project demo --user demo user

创建环境变量脚本

#vim ~/admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

#vim ~/demo-openrc (我基本不会用到demo这个项目)

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

验证环境变量脚本

#source ~/admin-openrc

#openstack token issue

2.6 安装镜像服务：

创建Glance数据库

#mysql -uroot -p000000

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';

flush privileges;

创建用户

#openstack user create --domain default --password-prompt glance

密码推荐000000

添加admin角色到glance用户和service项目中

#openstack role add --project service --user glance admin

创建服务

#openstack service create --name glance --description "OpenStack Image" image

创建glance服务端点

#openstack endpoint create --region RegionOne image public \

http://controller:9292

#openstack endpoint create --region RegionOne image internal \

http://controller:9292

#openstack endpoint create --region RegionOne image admin \

http://controller:9292安装Glance软件包

#yum install openstack-glance -y

配置Glance

在对应的域修改glance配置文件/etc/glance/glance-api.conf

#vim /etc/glance/glance-api.conf

[database]

connection=mysql+pymysql://glance:000000@controller/glance

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = 000000

[paste_deploy]

flavor=keystone

[glance_store]

stores=file,http

default_store=file

filesystem_store_datadir=/var/lib/glance/images/

同步数据库

#su -s /bin/sh -c "glance-manage db_sync" glance

启动服务

#systemctl enable openstack-glance-api.service

#systemctl start openstack-glance-api.service

上传镜像测试（如果能连上公网建议是下载官网的推荐的cirros镜像因为它真的小）

#wget http://download.cirros-cloud.net/0.5.0/cirros-0.5.0-x86_64-disk.img

#glance image-create --name cirros-0.5.0 --disk-format qcow2 --container-format bare --progress < cirros-0.5.0-x86_64-disk.img

#openstack image list

2.7 安装placement：

创建placement数据库

#mysql -uroot -p000000

CREATE DATABASE placement;

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '000000';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '000000';

flush privileges;

创建用户

#openstack user create --domain default --password-prompt placement

密码推荐000000

添加admin角色到placement用户

#openstack role add --project service --user placement admin

创建服务

创建placement服务实体

#openstack service create --name placement --description "Placement API" placement

创建placement服务端点

#openstack endpoint create --region RegionOne placement public http://controller:8778

#openstack endpoint create --region RegionOne placement internal http://controller:8778

#openstack endpoint create --region RegionOne placement admin http://controller:8778

安装软件包

#yum install -y openstack-placement-api

配置placement

#vim /etc/placement/placement.conf

[placement_database]

connection = mysql+pymysql://placement:000000@controller/placement

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = placement

password = 000000

编辑/etc/httpd/conf.d/00-placement-api.conf添加以下内容

（在#SSLCertificateKeyFile ...下面添加）

#vim /etc/httpd/conf.d/00-placement-api.conf

<Directory /usr/bin>

<IfVersion >= 2.4>

Require all granted

</IfVersion>

<IfVersion < 2.4>

Order allow,deny

Allow from all

</IfVersion>

</Directory>

重启服务

#systemctl restart httpd.service

同步数据库

#su -s /bin/sh -c "placement-manage db sync" placement

今天就先部署到了这里，真正比较难部署和配置还是在后面，配置Neutron和ovs。