openstack-pike-HA环境部署-keystone+glance
索吕恭
2023-12-01
安装keystone服务
1、安装软件包
yum install openstack-keystone httpd mod_wsgi mod_ssl -y
2、修改http配置文件(三台主机执行)
cp -a /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf_bak
sed -i "s/#ServerName www.example.com:80/ServerName ${HOSTNAME}/" /etc/httpd/conf/httpd.conf
sed -i "s/Listen\ 80/Listen\ 192.168.148.91:80/g" /etc/httpd/conf/httpd.conf
3、创建keystone数据库(任意节点执行)
mysql -u root -p123456
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'*' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
4、修改keystone配置文件(将配置文件copy到其他节点)
[cache]
memcache_servers = controller1:11211,controller2:11211,controller3:11211
[database]
connection = mysql+pymysql://keystone:123456@192.168.148.200/keystone
[token]
provider = fernet
driver = memcache
5、同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
验证:在每个节点上进入数据库,查看数据库中是否有相应的表,
6、初始化秘钥(在第一节点执行)
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
7、copy秘钥到其他点
cd /etc/keystone/
scp -r credential-keys/ fernet-keys/ node2:$PWD
scp -r credential-keys/ fernet-keys/ node3:$PWD
8、赋予权限(在第二、第三节点执行)
chown keystone:keystone /etc/keystone/credential-keys/ -R
chown keystone:keystone /etc/keystone/fernet-keys/ -R
9、初始化(任意节点)
keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://192.168.148.200:35357/v3/ \
--bootstrap-internal-url http://192.168.148.200:5000/v3/ \
--bootstrap-public-url http://192.168.148.200:5000/v3/ \
--bootstrap-region-id RegionOne
10、创建文件/etc/httpd/conf.d/wsgi-keystone.conf(每个节点)
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
注意更改主机IP监听IP
Listen 192.168.148.83:5000
Listen 192.168.148.83:35357
<VirtualHost 192.168.148.83:5000>
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost 192.168.148.83:35357>
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /identity /usr/bin/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin /usr/bin/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
11、启动服务并设置开机启动(每个节点执行)
systemctl enable httpd.service
systemctl restart httpd.service
12、顺序执行
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.148.200:35357/v3
export OS_IDENTITY_API_VERSION=3
12、创建service项目
openstack project create --domain default --description "Service Project" service
13、创建demo项目以及demo用户,并为用户创建密码
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
14、创建user角色。并将demo用户赋予user角色
openstack role create user
openstack role add --project demo --user demo user
15、验证
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://192.168.148.200:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://192.168.148.200:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
16、创建环境使用脚本
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://192.168.148.200:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://192.168.148.200:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
17、验证
source admin-openrc
openstack token issue
####################################################################################
glance镜像服务
1、创建glance数据库,并且赋予权限
mysql -u root -p123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'×' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
2、创建glance用户、赋予glance用户admin权限、创建glance服务
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
3、创建public的endpoint、创建internal的endpoint、创建admin的endpoint
openstack endpoint create --region RegionOne image public http://192.168.148.200:9292
openstack endpoint create --region RegionOne image internal http://192.168.148.200:9292
openstack endpoint create --region RegionOne image admin http://192.168.148.200:9292
4、安装glance软件包
yum install openstack-glance -y
5、修改配置文件vim /etc/glance/glance-api.conf 将配置文件copy到其他节点注意修改bind IP
[DEFAULT]
bind_host = 192.168.148.83
notification_driver = noop
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[database]
connection = mysql+pymysql://glance:123456@192.168.148.200/glance
[keystone_authtoken]
auth_uri = http://192.168.148.200:5000
auth_url = http://192.168.148.200:35357
memcached_servers = controller1:11211,controller2:11211,controller3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
修改配置文件/etc/glance/glance-registry.conf 将配置文件copy到其他节点注意修改bind ip
[DEFAULT]
bind_host = 192.168.148.83
notification_driver = noop
[database]
connection = mysql+pymysql://glance:123456@192.168.148.200/glance
[keystone_authtoken]
auth_uri = http://192.168.148.200:5000
auth_url = http://192.168.148.200:35357
memcached_servers = 192.168.148.200:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
6、同步数据库
su -s /bin/bash glance -c "glance-manage db_sync"
7、开启服务并且设置开机自启动
systemctl start openstack-glance-api openstack-glance-registry
systemctl enable openstack-glance-api openstack-glance-registry
8、验证
下载镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
9、上传镜像
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
10、在每个节点查看镜像
openstack image list