OpenStackPike版本部署手册

1、OpenStackPike版本部署册Openstack安装部署档（Pike）、 环境准备本的安装部署都是在CentOS 7.4上完成,本中的控制节点、存储节点是双卡设置，络节点和计算节点是三卡设置。注意：yum源可以修改成国内的源。本有些命令，参数之间 缺少空格，参照时候，请注意。1.虚拟机节点拓扑部署和主机命名eth0: 管理络eth1: 数据络/隧道控制节点:eth0: 5/24，eth1: 192.168. 56.101/24络节点:eth0: /24，eth1: 192.168. 56.102/24， eth2 具体IP计算节点:eth0: /24，eth1: 192.168. 56.

2、103/24， eth2 具体IP存储节点:eth0: /24，eth1: 192.168. 56.104/24$ vim /etc/hosts# controller01# computecontrollercomputenetwork03#network02#block storage04 block2.虚拟机卡配置使传统卡命名式（可跳过）编辑/etc/default/grub并加“net.ifnames=0$ sudo grub2-mkconfig -o /boot/grub2/grub.cfgNOTE 具体参考如下连接：3.关闭各个节点的防墙和NetworkManager服务#serv

3、ice NetworkManager stop#chkconfig NetworkManager off# systemctl stop firewalld.service# systemctl disable firewalld.service# /usr/sbin/setenforce 0#set SELINUX disabled#vim /etc/sysconfig/selinuxSELINUX=disabled4.安装NTP服务1)在所有结点上安装chrony$ yum install chrony2)配置/etc/chrony.conf（控制节点）修改相应的部分：$ vim/etc/

4、chrony.confallow /8重启server的chrony服务# systemctl enable chronyd.service# systemctl start chronyd.service3)配置NTP client（络，计算，存储节点）修改相应的部分：$ vim /etc/chrony.confserver controller iburst启动ntp服务：# systemctl enable chronyd.service# systemctl start chronyd.service4)所有节点上进验证$ chronyc sources5.安装Openstack 所有

5、节点)# yum install centos-release-openstack-pike# yum upgrade# yum install python-openstackclient# yum install openstack-selinux6.安装MariaDB 数据库1)Controller节点：安装mariadb-server# yum install mariadb mariadb-server python2-PyMySQL修改mariadb_f配置# vi /etc/f.d/fmysqldbind-address = 01default-storage-engine =

6、innodbinnodb_file_per_table = onmax_connections = 4096collation-server = utf8_general_cicharacter-set-server = utf8重启mysqld服务，并设置开机启动# systemctl enable mariadb.service# systemctl start mariadb.service# mysql_secure_installation设置密码 1235456,其他都是Yes7.安装Message Queue（rabbitMQ , Controller node）#yum ins

7、tall rabbitmq-server重启rabbitmq服务# systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service添加rabbitmq户,并配置权限# rabbitmqctl add_user openstack openstack123# rabbitmqctl set_permissions openstack .* .* .*8.安装（控制节点）安装包。yum install memcached python-memcached配置/etc/sysconfig/memcac

8、hedOPTIONS=-l ,:1修正为OPTIONS=-l ,:1,controller启动服务。systemctl enable memcached.servicesystemctl startmemcached.service、 安装KeyStone注 keystone只需要安装在Controller Node上1)在mariadb sql节点创建keystone的数据库$ mysql-u root -pmysql CREATE DATABASE keystone;mysql GRANT ALL PRIVILEGES ON keystone.* TOkeystonelocalhost I

9、DENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON keystone.* TOkeystone% IDENTIFIED BY 123456;mysql exit2)yum安装rpm包# yum installopenstack-keystone httpd mod_wsgi3)配置/etc/keystone/keystone.confDEFAULTverbose=Trueadmin_token=15fe8a5fd6f8a6c0cb74log_dir=/var/log/keystonedatabaseconnection = mysql+pymys

10、ql:/keystone:123456controller/keystonetokenprovider = fernet4)# su -s /bin/sh -c keystone-manage db_sync keystone5) 创建证书和密钥加载Keystone数据库的schema# keystone-manage fernet_setup -keystone-user keystone -keystone-group keystone# keystone-manage credential_setup -keystone-userkeystone -keystone-group keys

11、tone6)启动 keystone服务ADMIN_PASS 替换成具体的密码。# keystone-manage bootstrap -bootstrap-password ADMIN_PASS -bootstrap-region-id RegionOne7)配置Apache http服务#配置/etc/httpd/conf/httpd.conf的ServernameServerName controller#创建/usr/share/keystone/wsgi-keystone.conf的软连接。# ln -s /usr/share/keystone/wsgi-keystone.conf/e

12、tc/httpd/conf.d/#启动 http服务# systemctl enable httpd.service# systemctl start httpd.service8)创建service entity和 APIendpoint# 设置认证环境变量# export OS_USERNAME=admin#export OS_PASSWORD=ADMIN_PASS#export OS_PROJECT_NAME=admin#export OS_USER_DOMAIN_NAME=Default#export OS_PROJECT_DOMAIN_NAME=Default#export OS_I

13、DENTITY_API_VERSION=3#创建DEMO户等信息。#openstack project create -domain default -description Service Projectservice#openstack project create -domain default -description Demo Project demo#openstack user create -domain default -password-prompt demo#openstack role create user openstack role add -projectdem

14、o -user demo user9)验证安装是否成功unset OS_AUTH_URL OS_PASSWORD-os-project-domain-name Default -os-user-domain-name Default -os-project-name demo -os-username demo token issue10) 使环境变量注：ADMIN_PASS替换成具体的密码。#创建admin-openrc.shvim admin-openrc.shexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=D

15、efaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2rootcontroller #rootcontroller # cat demo-openrcexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_NAME=demoexport

16、 OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2# 执 admin-openrc.shsource admin-openrc.sh# 验证# openstack token issue#openstack service list三、 安装Glance1)在MariaDB SQL节点配置Glance数据库$ mysql-u root -p123456mysql CREATE DATABASE glance;mysql GRANT ALL PR

17、IVILEGES ON glance.* TOglancelocalhost IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON glance.* TO glance% IDENTIFIED BY 123456;mysql exit2)创建glance户,并添加管理员# openstack user create -domain default -password-promptglance# openstack role add -project service -user glanceadmin3)在keystone创建glance服务和en

18、dpoint# oopenstack service create -name glance -description OpenStack Imageimage4)yum安装rpm包# yum install openstack-glance5)修改Glance配置件/etc/glance/glance-api.confdatabaseconnection = mysql+pymysql:/glance: 123456controller/glancekeystone_authtoken# .memcached_servers = controller:11211auth_type = pas

19、swordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = 123456paste_deploy# .flavor = keystoneglance_store# .stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/6)修改glance-registry.confdatabaseconnection = mysq

20、l+pymysql:/glance:123456controller/glancekeystone_authtoken# .memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = 123456paste_deploy# .flavor = keystone7)# su -s /bin/sh -c glance-manage db_s

21、ync glance8) 启动glance服务# systemctl enable openstack-glance-api.service openstack-glance-registry.service成数据库# systemctl start openstack-glance-api.service openstack-glance-registry.service9) 验证glance安装是否成功# . admin-openrc# mkdir /tmp/images# glance image-create -namecirros-0.3.3-x86_64 -file /tmp/im

22、ages/cirros-0.3.3-x86_64-disk.img-disk-format qcow2 -container-format bare -progress# glance image-list# rm -r /tmp/images四、 安装Nova1.安装节点1)设置MySQL数据库，添加nova数据库mysql-u root -p123456mysql CREATE DATABASE nova_api;mysql CREATE DATABASE nova;mysql CREATE DATABASE nova_cell0;mysql GRANT ALL PRIVILEGES ON

23、 nova_api;.* TOnovalocalhost IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON nova_api;.* TOnova% IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON nova.* TOnovalocalhost IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON nova.* TO nova% IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON nova_cel

24、l0.* TO novalocalhost IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON nova_cell0.* TOnova% IDENTIFIED BY 123456;mysql exit2)# . admin-openrc# openstack usercreate -domain default -password-prompt设置Keystone，创建nova的服务和endpoint# openstack role add -project service -#openstack serviceusernova admincr

25、eate -name nova -description OpenStack Computecompute# openstackendpoint create -region RegionOne3)yum安装rpm包# yum installopenstack-nova-api openstack-nova-conductor openstack-nova-consoleopenstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api4)修改nova.conf，openstack:RABBIT_PAS

26、S替换成rabbitMQ的户/密码NOVA_PASS替换成nova的密码,其他密码也相应的替换。DEFAULTtransport_url = rabbit:/openstack:RABBIT_PASScontrollerenabled_apis = osapi_compute,metadatamy_ip = 192.168. 56.103use_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriverapi_database# .connection = mysql+pymysql:/nova:NOVA_DBPA

27、SScontroller/nova_apidatabase# .connection =mysql+pymysql:/nova:NOVA_DBPASScontroller/novaapi# .auth_strategy = keystonekeystone_authtoken# .memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword =

28、NOVA_PASSvncenabled = true# .vncserver_listen = $my_ipvncserver_proxyclient_address = $my_ipglance# .oslo_concurrency# .lock_path = /var/lib/nova/tmpplacement# .os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type = passworduser_domain_name = Defaultusername = place

29、mentpassword = PLACEMENT_PASS5)配置/etc/httpd/conf.d/00-nova-placement-api.conf= 2.4Require allgrantedIfVersionOrderallow,denyAllow fromall6)重启http服务。# systemctl restart httpd7)创建数据库# su -s /bin/sh -c nova-manage api_db syncnova# su -s /bin/sh -c nova-manage cell_v2map_cell0 nova# su -s /bin/sh -c nov

30、a-manage cell_v2 create_cell-name=cell1 -verbose nova# su -s /bin/sh -c nova-manage db sync nova8)验证cell0 cell1正确性。# nova-manage cell_v2 list_cells9)重启nova服务并设置开机启动# systemctl enable openstack-nova-api.service openstack-nova-cert.serviceopenstack-nova-consoleauth.service openstack-nova-scheduler.ser

31、viceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service# systemctl start openstack-nova-api.serviceopenstack-nova-cert.service openstack-nova-consoleauth.serviceopenstack-nova-scheduler.service openstack-nova-conductor.serviceopenstack-nova-novncproxy.service10) 下操作，每次追加了计算节点后执。# opens

32、tack compute service list -service nova-compute# su -s /bin/sh -c nova-manage cell_v2 discover_hosts-verbose nova# openstack compute service list -service nova-compute2.安装计算节点1)yum安装rpm包# yum installopenstack-nova-compute2)修改配置件nova.confDEFAULTmy_ip = MANAGEMENT_INTERFACE_IP_ADDRESSenabled_apis = os

33、api_compute,metadatatransport_url = rabbit:/openstack:RABBIT_PASScontrolleruse_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriverapi# .auth_strategy = keystonekeystone_authtoken# .memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name

34、 = defaultproject_name = serviceusername = novapassword = NOVA_PASSvnc# .enabled = Truevncserver_listen = vncserver_proxyclient_address = $my_ipglance# .oslo_concurrency# .lock_path = /var/lib/nova/tmpplacement# .os_region_name = RegionOneproject_domain_name = Defaultproject_name = serviceauth_type

35、= passworduser_domain_name = Defaultusername = placementpassword = PLACEMENT_PASS3)检查Compute节点CPU对虚拟化的持情况$ egrep -c (vmx|svm) /proc/cpuinfo#如果没有返回值，或者返回值为0.修改配置件libvirtvirt_type=qemu4)重启nova-compute相关服务并配置开机启动# systemctl enable libvirtd.serviceopenstack-nova-compute.service# systemctl start libvirtd

36、.serviceopenstack-nova-compute.service五、 安装Dashboard安装在控制节点1)# yuminstall openstack-dashboard2) 修改Dashboard的配置件yum安装rpm包/etc/openstack-dashboard/local_settingsOPENSTACK_HOST = controllerALLOWED_HOSTS = , localhost,01SESSION_ENGINE = django.contrib.sessions.backends.cacheCACHES = default: BACKEND:dja

37、ngo.core.cache.backends.memcached.MemcachedCache,LOCATION: controller:11211,OPENSTACK_KEYSTONE_URL = http:/%s:5000/v3 %OPENSTACK_HOSTOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = TrueOPENSTACK_API_VERSIONS = identity: 3,image: 2,volume: 2,OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = DefaultOPENSTACK_KEYSTONE_DEFA

38、ULT_ROLE = userOPENSTACK_NEUTRON_NETWORK = .enable_router: False,enable_quotas: False,enable_distributed_router: False,enable_ha_router: False,enable_lb:False,enable_firewall: False,enable_vpn:False,enable_fip_topology_check: False,TIME_ZONE = TIME_ZONE3)# systemctl restart httpd.service memcached.s

39、ervice4) 验证Dashboard是否可以登录启动Dashboard服务六、 安装Neutron安装配置控制节点1)在MySQL节点配置neutron数据库$ mysql-u root -p123456mysql CREATE DATABASE neutron;mysql GRANT ALL PRIVILEGES ON neutron.* TOneutronlocalhost IDENTIFIED BY 123456;mysql GRANT ALL PRIVILEGES ON neutron.* TOneutron% IDENTIFIED BY 123456;mysql exit2)在K

40、eystone配置neutron的户和# openstack user create -domain default-password-prompt neutron# openstack role add -project service -user neutronadmin# openstack service create -name neutron -descriptionOpenStack Networking network3)安装Neutron包，使ml2作为层core_plugin$ yum install openstack-neutron openstack-neutron-

41、ml2 openstack-neutron-linuxbridge ebtables4)修改neuron配置件/etc/neutron/neutron.confdatabaseconnection = mysql+pymysql:/neutron:123456controller/neutronDEFAULTcore_plugin = ml2service_plugins = routerallow_overlapping_ips = truetransport_url = rabbit:/openstack:openstack123controllerauth_strategy = keys

42、tonenotify_nova_on_port_status_changes = truenotify_nova_on_port_data_changes = truekeystone_authtokenmemcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = NEUTRON_PASSnovaauth_type = password

43、project_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = 123456oslo_concurrencylock_path = /var/lib/neutron/tmp5)配置ML2修改/etc/neutron/plugins/ml2/ml2_conf.iniml2type_drivers = flat,vlan,vxlantenant_network_types = vxlanmechanism_dri

44、vers = linuxbridge,l2populationextension_drivers = port_securityml2_type_flatflat_networks = providerml2_type_vxlanvni_ranges =1:1000securitygroupenable_ipset = True6)配置NOVA使Neutron提供络服务修改/etc/nova/nova.confneutronauth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name

45、 = RegionOneproject_name = serviceusername = neutronpassword = 123456service_metadata_proxy = truemetadata_proxy_shared_secret = 1234567)建ml2_conf.ini到plugin.ini的软连接# ln -s/etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini8)成数据库# su -s /bin/sh -c neutron-db-manage -config-file/etc/neutron

46、/neutron.conf -config-file/etc/neutron/plugins/ml2/ml2_conf.ini upgrade head neutron9)重启compute和neutron服务并设置开机启动#systemctl restart openstack-nova-api.service# systemctl enable neutron-server.service# systemctl start neutron-server.service配置络节点1)准备作修改/etc/sysctl.confnet.ipv4.ip_forward=1net.ipv4.conf

47、.all.rp_filter=0net.ipv4.conf.default.rp_filter=0重新加载系统配置# sysctl -p2)安装Openstack的络服务#yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables3) 配置/etc/neutron/neutron.confDEFAULTcore_plugin = ml2service_plugins = routerallow_overlapping_ips = truetransport_url = ra

48、bbit:/openstack:RABBIT_PASScontrollerauth_strategy = keystonekeystone_authtokenmemcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123456oslo_concurrencylock_path = /var/lib/neutron/tmp4)配置N

49、etwork节点的ML2修改/etc/neutron/plugins/ml2/ml2_conf.iniml2type_drivers = flat,vlan,vxlantenant_network_types = vxlanmechanism_drivers = linuxbridge,l2populationextension_drivers = port_securityml2_type_flatflat_networks = providerml2_type_vxlanvni_ranges =1:1000securitygroupenable_ipset = True5)配置Linux

50、bridge agent修改/etc/neutron/plugins/ml2/linuxbridge_agent.inilinux_bridgephysical_interface_mappings = provide: OVIDER_INTERFACE_NAMEenable_vxlan = truelocal_ip =OVERLAY_INTERFACE_IP_ADDRESSl2_population = truesecuritygroupenable_security_group = truefirewall_driver =neutron.agent.linux.iptables_fire

51、wall.IptablesFirewallDriver注:PROVIDER_INTERFACE_NAME和OVERLAY_INTERFACE_IP_ADDRESS替换成实际的卡名和IP。6)配置l3_agent.iniDEFAULTinterface_driver = linuxbridge7)配置DHCP Agent,修改dhcp_agent.iniDEFAULTinterface_driver = linuxbridgedhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = true8)配置metad

52、ata agent，修改metadata_agent.iniDEFAULTnova_metadata_ip = controllermetadata_proxy_shared_secret = 1234569)创建软连接# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini10) 启动服务。# systemctl enable neutron-linuxbridge-agent.serviceneutron-dhcp-agent.service neutron-metadata-agent.service# s

53、ystemctl start neutron-linuxbridge-agent.serviceneutron-dhcp-agent.service neutron-metadata-agent.service#systemctl enable neutron-l3-agent.service# systemctl start neutron-l3-agent.service11) 建并重启neutron-openvswitch-agent服务# systemctl enableneutron-openvswitch-agent.service neutron-l3-agent.service

54、 neutron-dhcp-agent.serviceneutron-metadata-agent.service neutron-ovs-cleanup.service# systemctl startneutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.serviceneutron-metadata-agent.service配置计算节点1)准备作#修改sysctl配置，/etc/sysctl.confnet.ipv4.conf.all.rp_filter=0net.ipv4.conf.d

55、efault.rp_filter=0#reload 配置sysctl -p2)安装neutron的层Agent# yum install openstack-neutron-linuxbridge ebtablesipset3)配置计算节点的络设置，/etc/neutron/neutron.confDEFAULTtransport_url = rabbit:/openstack:openstack123controllerauth_strategy = keystoneoslo_messaging_rabbitrabbit_host=controllerrabbit_userid = open

56、stackrabbit_password = 123456keystone_authtokenmemcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123456oslo_concurrencylock_path = /var/lib/neutron/tmp4)配置Linux bridge agent#修改 /etc/neutro

57、n/plugins/ml2/linuxbridge_agent.inilinux_bridgephysical_interface_mappings =provider:PROVIDER_INTERFACE_NAMEvxlanenable_vxlan = truelocal_ip = OVERLAY_INTERFACE_IP_ADDRESSl2_population = truesecuritygroupenable_security_group = truefirewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirew

58、allDriver注：PROVIDER_INTERFACE_NAME和OVERLAY_INTERFACE_IP_ADDRESS改成本机的卡名和IP.5)修改计算节点/etc/nova/nova.conf，配置使neutron提供络服务DEFAULTauth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 1234566)启动服务，并设置开机启动# syste

59、mctl restart openstack-nova-compute.service# systemctl enable neutron-linuxbridge-agent.service# systemctl start neutron-linuxbridge-agent.service 1)#yum install openstack-neutron-fwaas2) 修改Controller，Network节点的/etc/neutron/neutron.conf安装fwaas (控制、络节点)# service_plugins添加fwaasservice_plugins=router,f

60、irewallservice_providersservice_provider =FIREWALL:Iptables:neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver:default3)络节点修改fwaas_driver.ini配置件 /etc/neutron/fwaas_driver.ini,fwaasdriver =neutron_fwaas.services.firewall.drivers.linux.iptables_fwaas.IptablesFwaasDriverenabled = Tru