openstack安装newton版本keyston部署(一)
2024-06-06 12:03:59
openstack安装newton版本keyston部署(一)
一、部署环境:
两台centos7, 内存2G
控制计算节点:
Hostname1: ip:172.22.0.218
计算节点及存储节点
Hostname2: ip:172.22.0.209
二、管理节点环境准备
1、安装时间同步并配置
[root@linux-node1 ~]#yum install -y chrony [root@linux-node1 ~]# vi /etc/chrony.conf # Allow NTP client access from local network. #allow 192.168.0.0/16 allow 172.22.0.0/24
View Code
2、启动时间同步
[root@linux-node1 ~]# systemctl enable chronyd.service [root@linux-node1 ~]# systemctl start chronyd.service [root@linux-node1 ~]# timedatectl set-timezone Asia/Shanghai
View Code
3、安装openstack-newton版本
[root@linux-node1 ~]#•yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm -y [root@linux-node1 ~]# yum install centos-release-openstack-newton -y [root@linux-node1 ~]# yum install python-openstackclient -y
View Code
4、安装mysql
[root@linux-node1 ~]# yum install mariadb mariadb-server MySQL-python -y [root@linux-node1 /]# cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf [root@linux-node1 /]# vim /etc/my.cnf [mysqld] default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 [root@linux-node1 /]# systemctl enable mariadb.service #设置开机自动启动 [root@linux-node1 /]# systemctl start mariadb.service #启动mysql [root@linux-node1 /]# mysql_secure_installation #设置密码 [root@linux-node1 /]# mysql -u root -p #登录数据库
View Code
5、创建各个组件的数据库:
CREATE DATABASE keystone; #服务注册中心 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance'; CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova'; CREATE DATABASE nova_api; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY ' nova '; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY ' nova'; CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
View Code
6、Rabbitmq消息队列安装
[root@linux-node1 /]# yum install rabbitmq-server -y [root@linux-node1 /]# systemctl enable rabbitmq-server.service #开机启动rabbitmq [root@linux-node1 /]# systemctl start rabbitmq-server.service #启动rabbitmq 监听端口:5672 netstat -nplt [root@linux-node1 /]# rabbitmqctl add_user openstack openstack #创建用户openstack密码是openstack [root@linux-node1 /]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" #授权
View Code
7、查看支持插件启动web管理插件端口是25672和15672
[root@localhost ~]# rabbitmq-plugins list #查看支持插件Configured: E = explicitly enabled; e = implicitly enabled| Status: * = running on rabbit@localhost|/ [e*] amqp_client 3.6.5 [ ] cowboy 1.0.3 [ ] cowlib 1.0.1 [e*] mochiweb 2.13.1 [ ] rabbitmq_amqp1_0 3.6.5 [ ] rabbitmq_auth_backend_ldap 3.6.5 [ ] rabbitmq_auth_mechanism_ssl 3.6.5 [ ] rabbitmq_consistent_hash_exchange 3.6.5 [ ] rabbitmq_event_exchange 3.6.5 [ ] rabbitmq_federation 3.6.5 [ ] rabbitmq_federation_management 3.6.5 [ ] rabbitmq_jms_topic_exchange 3.6.5 [E*] rabbitmq_management 3.6.5 [e*] rabbitmq_management_agent 3.6.5 [ ] rabbitmq_management_visualiser 3.6.5 [ ] rabbitmq_mqtt 3.6.5 [ ] rabbitmq_recent_history_exchange 1.2.1 [ ] rabbitmq_sharding 0.1.0 [ ] rabbitmq_shovel 3.6.5 [ ] rabbitmq_shovel_management 3.6.5 [ ] rabbitmq_stomp 3.6.5 [ ] rabbitmq_top 3.6.5 [ ] rabbitmq_tracing 3.6.5 [ ] rabbitmq_trust_store 3.6.5 [e*] rabbitmq_web_dispatch 3.6.5 [ ] rabbitmq_web_stomp 3.6.5 [ ] rabbitmq_web_stomp_examples 3.6.5 [ ] sockjs 0.3.4 [e*] webmachine 1.10.3 [root@localhost ~]# rabbitmq-plugins enable rabbitmq_management #启动web管理插件端口是25672和15672
View Code
[root@localhost ~]# systemctl restart rabbitmq-server.service #启动rabbitmq
登录验证rabbitmq:
登录web界面使用自带的用户guest密码guest
授权OpenStack可以登录在Admin组件上配置
点击OpenStack将Tagsp配置为administrator
完成后状态:
现在可用openstack用户登录rabbitmq了:
三、Keystone部署(用户验证与服务目录,包含所有服务项与相关Api的端点):
keystone包含:user(用户);tenant(租户、项目);token(令牌);role(角色);service(服务);endpoint(端点)
1、安装OpenStack
[root@linux-node1 ~]# yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
备注: memcache为存储keystone用户认证信息,python-memcached为连接memcache
[root@linux-node1 opt]# openssl rand -hex 10 #生产随机码用户admin_token
e603318ad06187e6239c
2、编辑keystone配置文件:
root@localhost ~]# vi /etc/keystone/keystone.conf [default] verbose = true #开启debug admin_token = e603318ad06187e6239c [database] connection = mysql://keystone:keystone@172.22.0.218/keystone #用作链接数据库,三个keysthone分别为keystone组件,keystone用户名,mysql中的keysthone库名 [memcache] servers = 172.22.0.218:11211 [token] provider = uuid driver = memcache [revoke] driver = sql [root@localhost keystone]# grep '^[a-z]' /etc/keystone/keystone.conf admin_token = e603318ad06187e6239c connection = mysql://keystone:keystone@172.22.0.218/keystone servers = 172.22.0.218:11211 driver = sql provider = uuid driver = memcache
View Code
3、同步数据库及检查数据库:
[root@localhost ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone #同步数据库
[root@localhost ~]#mysql -uroot -pP@ssw0rd #登录到数据库检查数据
MariaDB [keystone]> show tables #查看表是否建立token-> ; +------------------------+ | Tables_in_keystone | +------------------------+ | access_token | | assignment | | config_register | | consumer | | credential | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | local_user | | mapping | | migrate_version | | nonlocal_user | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | region | | request_token | | revocation_event | | role | | sensitive_config | | service | | service_provider | | token | | trust | | trust_role | | user | | user_group_membership | | whitelisted_config | +------------------------+ 37 rows in set (0.01 sec)
View Code
[root@localhost ~]# systemctl start memcached.service #启动memcache
4、添加一个apache的wsgi-keystone配置文件,其中5000端口是提供该服务的,35357是为admin提供管理用的
[root@localhost ~]# vi /etc/httpd/conf.d/wsgi-keystone.conf Listen 5000
Listen 35357
<VirtualHost *:5000>WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-publicWSGIScriptAlias / /usr/bin/keystone-wsgi-publicWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization On<IfVersion >= 2.4>ErrorLogFormat "%{cu}t %M"</IfVersion>ErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin><IfVersion >= 2.4>Require all granted</IfVersion><IfVersion < 2.4>Order allow,denyAllow from all</IfVersion></Directory>
</VirtualHost>
<VirtualHost *:35357>WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}WSGIProcessGroup keystone-adminWSGIScriptAlias / /usr/bin/keystone-wsgi-adminWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization On<IfVersion >= 2.4>ErrorLogFormat "%{cu}t %M"</IfVersion>ErrorLog /var/log/httpd/keystone-error.logCustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin><IfVersion >= 2.4>Require all granted</IfVersion><IfVersion < 2.4>Order allow,denyAllow from all</IfVersion></Directory>
</VirtualHost>View Code
5、修改Apache配置
ServerName 172.22.0.218:80
View Code
6、启动Apache及检查服务:
[root@localhost ~]# systemctl start httpd.service [root@localhost ~]# systemctl enable httpd.service [root@localhost ~]# netstat -ntlp | grep httpd #检查 tcp6 0 0 :::80 :::* LISTEN 6381/httpd tcp6 0 0 :::35357 :::* LISTEN 6381/httpd tcp6 0 0 :::5000 :::* LISTEN 6381/httpd
View Code
7、设置环境变量及创建项目(project):
创建用户并连接keystone,在这里可以使用两种方式,通过keystone –help后家参数的方式,或者使用环境变量env的方式,下面就将使用环境变量的方式,分别设置了token,API及控制版本(SOA种很适用)
[root@linux-node1~]# export OS_TOKEN=e603318ad06187e6239c
[root@llinux-node1 ~]# export OS_URL=http://172.22.0.218:35357/v3
[root@linux-node1 ~]# export OS_IDENTITY_API_VERSION=3
创建admin项目(project)
[root@linux-node1 ~]# openstack domain create --description "Default Domain" default +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Default Domain | | enabled | True | | id | 75d20be284604d22aa6339f4a92092ad | | name | default | +-------------+----------------------------------+ [root@linux-node1 ~]# openstack project create --domain default --description "Admin Project" admin +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Admin Project | | domain_id | 75d20be284604d22aa6339f4a92092ad | | enabled | True | | id | 7c0763e1b8a84e628eca4603e8170e31 | | is_domain | False | | name | admin | | parent_id | 75d20be284604d22aa6339f4a92092ad | +-------------+----------------------------------+
View Code
创建admin用户(user)并设置密码(生产环境一定设置一个复杂的)
[root@linux-node1 ~]# openstack user create --domain default --password-prompt admin User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | 75d20be284604d22aa6339f4a92092ad | | enabled | True | | id | b157751bed2a49fba654b8aca651d6e2 | | name | admin | | password_expires_at | None | +---------------------+----------------------------------+
View Code
创建admin的角色(role)
[root@linux-node1 ~]# openstack role create admin +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | f9d64dd56e924013a5625079afb90bd1 | | name | admin | +-----------+----------------------------------+
View Code
把admin用户加到admin项目,赋予admin角色,把角色,项目,用户关联起来
[root@localhost ~]# openstack role add --project admin --user admin admin
创建一个普通用户demo,demo项目,角色为普通用户(uesr),并把它们关联起来
[root@linux-node1 ~]# openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | 75d20be284604d22aa6339f4a92092ad | | enabled | True | | id | 0eb713b710f74dddae9c05da5b851813 | | is_domain | False | | name | demo | | parent_id | 75d20be284604d22aa6339f4a92092ad | +-------------+----------------------------------+ [root@linux-node1 keystone]# openstack user create --domain default --password=demo demo +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | 75d20be284604d22aa6339f4a92092ad | | enabled | True | | id | 2c317424791d40409b9563a6be84eb87 | | name | demo | | password_expires_at | None | +---------------------+----------------------------------+ [root@linux-node1 ~]# openstack role create user [root@linux-node1 ~]# openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 81a9712d39cf43c083b1dac1d791220b | | name | user | +-----------+----------------------------------+ [root@localhost ~]# openstack role add --project demo --user demo user #加入user角色
View Code
创建一个service的项目,此服务用来管理nova,neuturn,glance等组件的服务
[root@linux-node1 keystone]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | 75d20be284604d22aa6339f4a92092ad | | enabled | True | | id | af2f8ddb65f54334aec867f364c3ceb4 | | is_domain | False | | name | service | | parent_id | 75d20be284604d22aa6339f4a92092ad | +-------------+----------------------------------+ 查看创建的用户,角色,项目: [root@linux-node1 ~]# openstack user list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 2c317424791d40409b9563a6be84eb87 | demo | | b157751bed2a49fba654b8aca651d6e2 | admin | +----------------------------------+-------+ [root@linux-node1 ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 0eb713b710f74dddae9c05da5b851813 | demo | | 7c0763e1b8a84e628eca4603e8170e31 | admin | | af2f8ddb65f54334aec867f364c3ceb4 | service | +----------------------------------+---------+ [root@linux-node1 ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 81a9712d39cf43c083b1dac1d791220b | user | | f9d64dd56e924013a5625079afb90bd1 | admin | +----------------------------------+-------+
View Code
注册keystone服务,虽然keystone本身是搞注册的,但是自己也需要注册服务
创建keystone认证
[root@linux-node1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | 9b0442ce735142b5a895c4e9d5cac0b5 | | name | keystone | | type | identity | +-------------+----------------------------------+
View Code
分别创建三种类型的endpoint,分别为public:对外可见,internal内部使用,admin管理使用
[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity public http://172.22.0.218:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 93feb7dd80b3405893c409f914e39a4e | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 9b0442ce735142b5a895c4e9d5cac0b5 | | service_name | keystone | | service_type | identity | | url | http://172.22.0.218:5000/v2.0 | +--------------+----------------------------------+ [root@linux-node1 ~]# openstack endpoint create --region RegionOne identity internal http://172.22.0.218:5000/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 444f17d243354ec79bc40cff08123133 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 9b0442ce735142b5a895c4e9d5cac0b5 | | service_name | keystone | | service_type | identity | | url | http://172.22.0.218:5000/v2.0 | +--------------+----------------------------------+ [[root@linux-node1 ~]# openstack endpoint create --region RegionOne identity admin http://172.22.0.218:35357/v2.0 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | db9aaaa9a0cb4b11ae8d0ee610765fea | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 9b0442ce735142b5a895c4e9d5cac0b5 | | service_name | keystone | | service_type | identity | | url | http://172.22.0.218:35357/v2.0 | +--------------+----------------------------------+
View Code
查看创建的endpoint:
[root@linux-node1 ~]# openstack endpoint list +---------------------+-----------+--------------+--------------+---------+-----------+----------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +---------------------+-----------+--------------+--------------+---------+-----------+----------------------+ | 444f17d243354ec79bc | RegionOne | keystone | identity | True | internal | http://172.22.0.218: | | 40cff08123133 | | | | | | 5000/v2.0 | | 93feb7dd80b3405893c | RegionOne | keystone | identity | True | public | http://172.22.0.218: | | 409f914e39a4e | | | | | | 5000/v2.0 | | db9aaaa9a0cb4b11ae8 | RegionOne | keystone | identity | True | admin | http://172.22.0.218: | | d0ee610765fea | | | | | | 35357/v2.0 | +---------------------+-----------+--------------+--------------+---------+-----------+----------------------+
View Code
删除endpoint:
[root@localhost ~]# openstack endpoint delete xxxxxxxxxxxxxxxx(ID号)
四、链接到keystone,请求token,在这里由于已经添加了用户名和密码,就不在使用token,所有就一定要取消环境变量了
[root@localhost ~]# unset OS_TOKEN
[root@localhost ~]# unset OS_URL
配置keystone环境变量,方便执行命令:
[[root@linux-node1 ~]# vi admin-openrc.sh export OS_PROJECT_DOMAIN_ID=149851931b7746bdbe239b17a17f2845 export OS_USER_DOMAIN_ID=149851931b7746bdbe239b17a17f2845 export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://172.22.0.218:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2[root@localhost ~]# vi demo-openrc.sh export OS_PROJECT_DOMAIN_ID=149851931b7746bdbe239b17a17f2845 export OS_USER_DOMAIN_ID=149851931b7746bdbe239b17a17f2845 export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://172.22.0.218:5000/v3 export OS_IDENTITY_API_VERSION=3
View Code
[root@localhost ~]# chmod +x admin-openrc.sh demo-openrc.sh
[root@localhost ~]# source admin-openrc.sh
[root@localhost ~]# openstack token issue
[root@linux-node1 ~]# openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2018-03-05 10:23:52+00:00 | | id | 7267bebbcc1342f68be476ab51671366 | | project_id | 503b0eab0420454e909a46e476bf1ede | | user_id | faa372fc9c4a45e9870b98a0ab4952ef | +------------+----------------------------------+
View Code
获取token表示部署成功!
posted on 2018-03-12 16:23 Steward_Xu 阅读(...) 评论(...) 编辑 收藏
转载于:https://www.cnblogs.com/Steward-Xu/p/8549953.html
openstack安装newton版本keyston部署(一)相关推荐
- openstack 功能_2016年OpenStack的新功能:看一下Newton版本
openstack 功能 OpenStack的发布周期为六个月,每个发行版都有一个代号,名称以字母的连续字母开头. 10月7日,OpenStack Newton发布了. 让我们看一下OpenStack ...
- newton版本linux,centos7.4下安装部署openstack newton版本 互联网技术圈 互联网技术圈...
好消息OpenStack的爱好者,最新版本的OpenStack" Newton"已经发布了2016年10月6日,这是OpenStack的第14版本(开源云软件).以下是此版本中已注 ...
- OpenStack推出最新版本Newton,显著提升单一云平台 对虚拟化、裸机和容器的管理...
2016年10月10日-北京- OpenStack社区日前发布其命名为"Newton"的第14个版本.OpenStack是用于构建云的部署最广泛的开源软件.此次推出的新功能包括:I ...
- Linux下基于Openstack安装部署私有云
Openstack的帮助文档:https://docs.openstack.org/stein/ 一个购买私有云的网站:https://console.qingcloud.com/ 一.云计算 基本概 ...
- Openstack安装与部署三:本地源配置
Openstack安装与部署三:本地源配置 重启系统后,那么首先重新挂载光盘镜像 #mkdir -p /data/centos #mount /dev/cdrom /media/cdrom #cd / ...
- Openstack 安装部署指南翻译系列 之 概况
上面左边是我的个人微信,如需进一步沟通,请加微信. 右边是我的公众号"Openstack私有云",如有兴趣,请关注. 概况 Openstack项目是支持所有类型的云环境的一个 ...
- Hive环境的安装部署(完美安装)(集群内或集群外都适用)(含卸载自带mysql安装指定版本)...
Hive环境的安装部署(完美安装)(集群内或集群外都适用)(含卸载自带mysql安装指定版本) Hive 安装依赖 Hadoop 的集群,它是运行在 Hadoop 的基础上. 所以在安装 Hive 之 ...
- 基于openstack安装部署私有云详细图文教程
本文主要分享的是云计算.openstack的使用.私有云平台建设.云服务器云硬盘的构建和使用.从基本概念入手到私有云建设,信息量非常大.对于openstack的安装部署都是从官方文档中一步步的介绍,内 ...
- OpenStack安装Placement组件部署(四)
OpenStack安装Placement组件部署 一.Placement组件介绍 二.OpenStack-Placement组件部署(ct(192.168.28.11)) 1.创建数据库实例和数据库用 ...
最新文章
- php获取会员数据代码,php将会员数据导入到ucenter的代码
- FPGA设计心得(3)Aurora IP core 的理论学习记录
- 如何将不同类型数据导入Elaticsearch中?
- python爬虫网络出错怎么办_Python爬虫常见问题
- python3.5和3.7可以共存吗_centos7下Python和python3共存
- Windows Phone 7开发,进度条ProgressBar使用详解
- html间隔怎么打_iPhone手机便签内容怎么设为重要事项?
- css两列显示,div+css如何控制信息分两列显示?
- 浮动特性-脱标(HTML、CSS)
- 1分钟获取上千ID,暴力破解、端口扫描、拖库攻击如何防范
- comsol积分函数_空间与时间的积分方法概述
- 机器学习之实现一元线性回归模型
- pwnable.kr第二遍---mistake
- 查看android端BKS类型的证书库
- 2022-04-14每日刷题打卡
- 机器人教育对孩子们的作用
- Facebook 如何存储150亿张、1.5PB的照片
- 举例说明关系模式和关系的区别
- 大数据-------元数据管理
- 火车硬座车厢座位分布表