Centos7安装OpenStack-Kilo
毛宏达
老板最近直接上vmware的 openstack的研究暂停一段时间
1. Centos7系统安装
参考
2. OpenStack-Kio安装
参考官方文档
2.1 配置Yum
- 启用 EPEL 源
sudo yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm- (centos不需要)RHEL需要通过子脚本管理器启用 extras repository
subscription-manager repos --enable=rhel-7-server-extras-rpms- 安装rdo-release-kilo包来开启RDO源:
yum install http://rdo.fedorapeople.org/openstack-kilo/rdo-release-kilo.rpm- 更新系统
yum upgrade- 安装openstack-selinux自动管理selinux(我直接把selinux关掉了)
yum install openstack-selinux2.2 安装Network Time Protocol (NTP)
Openstack需要安装NTP来同步节点之间的各种服务, 通过在控制节点简历NTP服务可以使得同步更加精确.
2.2.1 控制节点(Node1)
2.2.1.1 安装ntp服务
yum install ntp2.2.1.2 编辑配置文件 /etc/ntp.conf
#vim /etc/ntp.conf
#server NTP_SERVER iburst //使用Centos默认服务器即可
restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify2.2.1.3 重启服务
systemctl enable ntpd.service
systemctl start ntpd.service2.2.1 其他节点(Node2,3,4)
2.2.1.1 安装ntp服务
yum install ntp
2.2.1.2 编辑配置文件 /etc/ntp.conf
#vim /etc/ntp.conf
server controller iburst2.2.1.3 重启服务
systemctl enable ntpd.service
systemctl start ntpd.service2.3 配置Mysql数据库
2.3.1 安装
yum install mariadb mariadb-server MySQL-python2.3.2 创建配置文件
# vim /etc/my.cnf.d/mariadb_openstack.cnf
[mysqld]
bind-address = node1
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf82.3.3 重启服务
systemctl enable mariadb.service
systemctl start mariadb.service2.3.4 数据库初始化
配置root密码,和一系列初始化操作,默认全部选Y
mysql_secure_installation2.4 安装消息队列
Message queue用于OpenStack各个组件的通信和协作,同时OpenStack支持RabbitMQ, Qpid, and ZeroMQ等消息队列组件,我们使用RabbitMQ.
2.4.1 安装
yum install rabbitmq-server2.4.2 启动服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service2.4.3 添加openstack用户
我设置密码为ada
rabbitmqctl add_user openstack ada2.4.4 配置openstack用户权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"2.5 认证服务keystone
基本概念:
keystone为不同的用户分配不同权限,同时为各种服务提供API接口.
1. 用户:
用户就是不同的人,公司,组织的标示.不同用户可以通过令牌来登陆,同时具有不同的访问权限.
2. 认证(Credentials)
用于验证用户权限,可以用<用户名,密码/API/服务令牌>等
3. 租户(Tenant)
租户一般为一组用户,包括用户和他们可以访问的权限,比如公司是一个租户,公司里每个员工就是用户.通过这种方式OpenStack可以为不同的企业提供服务.
4. 服务(Service)
用于提供OpenStack服务,比如navo等
5. 接口(Endpoint)
我们可以通过接口来访问不同的服务. 接口通常是一个url地址
2.5.1 添加数据库信息
- 连入mysql数据库
mysql -u root -p- 创建keystone数据库
CREATE DATABASE keystone;配置keystone的访问权限
以下为官网方案(实验失败),我发现mysql的加密方式有问题,用keystone死活登不进去.
我们通过密码ada来访问数据库,可以替换为其他密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'ada';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'ada';我的方案:
使用phpMyAdmin建立用户keystone密码ada
//使用以下命令确认用户keystone能用密码登陆
# mysql -u keystone -p
//登陆数据库后执行一下命令来授权
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%';- 退出数据库
exit- 生成一个随机令牌
#openssl rand -hex 10
45cf127b9518d3ee2633把生成的随机数记录下来,后边要用
2.5.2 安装配置keystone认证服务
- 安装软件包
yum install openstack-keystone httpd mod_wsgi python-openstackclient memcached python-memcached- 启用memcached服务
systemctl enable memcached.service
systemctl start memcached.service- 编辑配置文件/etc/keystone/keystone.conf
//官方方案为/etc/keystone/keystone.conf结果发现该配置文件不生效
//替换为 /usr/share/keystone/keystone-dist.conf
#vim /usr/share/keystone/keystone-dist.conf
[DEFAULT]
admin_token = 45cf127b9518d3ee2633//就是上次那个随机数
verbose = True
[database]
connection = mysql://keystone:ada@node1/keystone
[memcache]
servers = node1:11211
[token]
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.memcache.Token
[revoke]
driver = keystone.contrib.revoke.backends.sql.Revoke- 创建认证并对文件授权
keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
chown -R keystone:keystone /var/log/keystone
chown -R keystone:keystone /etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl- 同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone - 配置Apache http服务
所有linux命令以#开头,vim命令下面的内容,为需要添加的配置文件.
#vim /etc/httpd/conf/httpd.conf
ServerName node1
#vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
# mkdir -p /var/www/cgi-bin/keystone
# curl http://git.openstack.org/cgit/openstack/keystone/plain/httpd/keystone.py?h=stable/kilo | tee /var/www/cgi-bin/keystone/main /var/www/cgi-bin/keystone/admin
# chown -R keystone:keystone /var/www/cgi-bin/keystone
# chmod 755 /var/www/cgi-bin/keystone/*
# restorecon /var/www/cgi-bin
# usermod -a -G keystone apache
# systemctl enable httpd.service
# systemctl start httpd.service
类似资料: