openstack 2019/4/28

官网参考地址：
https://docs.openstack.org/keystone/queens/install/index-rdo.html 　　(但愿能看懂)

环境：
这个部分解释如何按示例架构配置控制节点和一个计算节点
尽管大多数环境中包含认证，镜像，计算，至少一个网络服务，还有仪表盘，但是对象存储服务也可以单独操作。
如果你的使用情况与涉及到对象存储也可以在配置完适当的节点后跳到：ref:swift。
然而仪表盘要求至少要有镜像服务，计算服务和网络服务。
你必须用有管理员权限的帐号来配置每个节点。可以用 root 用户或 sudo 工具来执行这些命令。

以下最小需求支持概念验证环境，使用核心服务和几个:term:`CirrOS`实例:
控制节点: 1 处理器, 8 GB 内存, 及5 GB 存储
计算节点: 1 处理器, 4 GB 内存, 及10 GB 存储

注：如无特殊声明，所有命令都在node1上执行

外网IP 　　　　 内网IP 　　 主机名 　　 网卡
192.168.1.160   172.16.0.5    controller    NIC*2　　 #控制节点
192.168.1.161   172.16.0.6    compute     NIC*2 　　#计算节点

#修改IP
cd /etc/sysconfig/network-scripts/
cp ifcfg-ens33 ifcfg-ens3*
vim ifcfg-ens3*
TYPE="Ethernet"
BROWSER_ONLY="no"
BOOTPROTO=static
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="ens37"
DEVICE="ens37"
ONBOOT="yes"
IPADDR=172.16.0.5
NETMASK=255.255.0.0

#测试联通性
ping 172.16.0.6

#修改免登陆
ssh-keygen -t rsa #手动同样在其他节点也执行该条命令
#自动生成秘钥
#ssh-keygen -t dsa -f ~/.ssh/id_rsa -P ""
cat .ssh/id_rsa.pub >>~/.ssh/authorized_keys
scp ~/.ssh/authorized_keys root@192.168.1.161:~/.ssh

#简单安装包
yum -y install wget lrzsz
#修改hosts
vim /etc/hosts
192.168.1.160 controller
192.168.1.161 compute
192.168.1.160 node1 　　 #便于管理
192.168.1.161 node2 　　 #便于管理

scp /etc/hosts root@192.168.1.161:/etc/

#做跳板
echo "alias a='for a in {1..2};do'" >>/etc/profile
echo "alias b='for b in 2;do'" >>/etc/profile
source /etc/profile

#关闭防火墙
a ssh node$a 'setenforce 0';done
a ssh node$a 'systemctl stop firewalld.service';done
a ssh node$a 'systemctl disable firewalld.service';done

#配置yum源
a ssh node$a 'mkdir /mnt/usb{1..3}';done
a ssh node$a 'cd /etc/yum.repos.d/ && for i in `ls`;do mv $i{,.bak};done';done
a ssh node$a 'mv /etc/yum.repos.d/CentOS-Media.repo.bak /etc/yum.repos.d/CentOS-Media.repo';done
a ssh node$a 'mv /etc/yum.repos.d/CentOS-Base.repo.bak /etc/yum.repos.d/CentOS-Base.repo';done
vim CentOS-Media.repo
.....
baseurl=file:///mnt/usb1/
# file:///media/cdrom/
# file:///media/cdrecorder/
gpgcheck=0
enabled=1
.....

scp /etc/yum.repos.d/CentOS-Media.repo root@node2:/etc/yum.repos.d/

a ssh node$a 'mount /dev/sr0 /mnt/usb1';done

a ssh node$a 'wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo';done

控制节点服务器：
#网络时间协议
a ssh node$a 'yum -y install chrony';done
sed -i "s/#allow 192.168.0.0\/16/allow 172.16.0.0\/16/" /etc/chrony.conf

b ssh node$b 'sed -i "s/server 0/# server 0/" /etc/chrony.conf';done
b ssh node$b 'sed -i "s/server 1/# server 1/" /etc/chrony.conf';done
b ssh node$b 'sed -i "s/server 2/# server 2/" /etc/chrony.conf';done
b ssh node$b 'sed -i "s/server 3/# server 3/" /etc/chrony.conf';done
b ssh node$b 'sed -i "/# server 3/a\server 192.168.1.160 iburst" /etc/chrony.conf';done

#启动chrond
a ssh node$a 'systemctl restart chronyd.service';done {start | stop}
a ssh node$a 'systemctl enable chronyd.service';done
a ssh node$a 'timedatectl set-timezone Asia/Shanghai';done #设置时区
a ssh node$a 'chronyc sources';done

#安装OpenStack
#官方源：a ssh node$a 'yum -y install centos-release-openstack-rocky';done
阿里源：
a ssh node$a 'cat << EOF >> /etc/yum.repos.d/openstack.repo
[openstack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
EOF';done

#升级所有节点上的包：
#a ssh node$a 'yum -y upgrade';done
#a ssh node$a 'yum clean packages && yum clean headers && yum clean all';done
#a ssh node$a 'reboot';done #该步可能需要手动执行root，或者使用其他方法

#安装OpenStack客户端和安全策略：
a ssh node$a 'yum -y install python-openstackclient openstack-selinux';done

#安装数据库(只在控制节点上安装)
yum -y install mariadb mariadb-server python2-PyMySQL

#新创建和编辑/etc/my.cnf.d/openstack.cnf文件
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 127.0.0.1
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

systemctl start mariadb.service
systemctl enable mariadb.service

#设置密码及初始化
mysql_secure_installation #这里密码定为123456
Enter current password for root (enter for none): #这里直接按空格
Set root password? [Y/n] 　　 #输入Y
Remove anonymous users? [Y/n] 　　 #输入y
Disallow root login remotely? [Y/n] 　　 #输入n
Remove test database and access to it? [Y/n] 　　 #输入y
Reload privilege tables now? [Y/n] 　　 #输入y

#安装消息队列(只在控制节点上安装)
yum -y install rabbitmq-server
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service

添加openstack用户：
#rabbitmqctl add_user openstack <RABBIT_PASSWORD>
rabbitmqctl add_user openstack 123456
　　Creating user "openstack"
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
　　Setting permissions for user "openstack" in vhost "/" 　　　　#允许配置、写、读访问openstack
#注：rabbitmq默认端口是15672
查看支持的插件：rabbitmq-plugins list
启动插件：rabbitmq-plugins enable rabbitmq_management 　　　　 #rabbitmq_management表示实现WEB管理
重启rabbitmq服务： systemctl restart rabbitmq-server.service
测试访问http：//192.168.1.160:15672 登陆的用户密码皆是guest。(设置的密码表示元数据的密码)

#安装Memcached(只在控制节点上安装)
yum -y install memcached python-memcached
#编辑/etc/sysconfig/memcached
vim /etc/sysconfig/memcached
　　OPTIONS="-l 127.0.0.1,::1,controller"

systemctl start memcached.service
systemctl enable memcached.service

#安装ETCD(只在控制节点上安装)
yum -y install etcd
vim /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.16.0.5:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.16.0.5:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.16.0.5:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.16.0.5:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.16.0.5:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

systemctl start etcd
systemctl enable etcd
注：此时查看集群会看到有报错,但不影响，这些我先跳过
[root@node1 ~]# etcdctl cluster-health
　　cluster may be unhealthy: failed to list members
　　Error: client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:2379: connect: connection refused
　　; error #1: dial tcp 127.0.0.1:4001: connect: connection refused
　　error #0: dial tcp 127.0.0.1:2379: connect: connection refused
　　error #1: dial tcp 127.0.0.1:4001: connect: connection refused

#安装OpenStack服务
创建数据库
mysql -uroot -p
Enter password: #密码为刚才初始化时定义的123456密码
MariaDB [(none)]> CREATE DATABASE keystone; #身份认证
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> show databases;
MariaDB [(none)]> exit

#安装和配置组件
yum -y install openstack-keystone httpd mod_wsgi
#编辑以下文件
vim /etc/keystone/keystone.conf
[database] #在该区域内
#connection = <None> 改为 connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
#provider = fernet 改为 provider = fernet

#填充Identity服务数据库：
su -s /bin/sh -c "keystone-manage db_sync" keystone           #这里容易出错

######################################################################################
#初始化Fernet密钥存储库(初始化fernet key库)：
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

#引导身份认证
keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

#编辑httpd配置文件
vim /etc/httpd/conf/httpd.conf
ServerName controlle

#创建文件链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

#启动httpd服务
systemctl start httpd
systemctl enable httpd

#配置管理帐户：
# export OS_USERNAME=admin 　　　　 　　　　　　 　 # 定义账户为admin
# export OS_PASSWORD=123456 　　　　　　　　　　　 # admin的密码为123456
# export OS_PROJECT_NAME=admin 　 　　　　　　　　 # 项目名也是admin
# export OS_USER_DOMAIN_NAME=Default 　　　　　　 # 账户域名为默认
# export OS_PROJECT_DOMAIN_NAME=Default 　　 　　# 账户项目域名为默认
# export OS_AUTH_URL=http://ControllerNode:5000/v3 　 # 验证地址为Controller节点地址加端口
# export OS_IDENTITY_API_VERSION=3

export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3　
export OS_IDENTITY_API_VERSION=3

#创建service项目
openstack project create --domain default --description "Service Project-1" service

glance安装
mysql -uroot -p123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';

#编写环境变量脚本admin-openrc
vim ~/admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

source admin-openrc 　　　　 #该步必须执行，才会生效

创建用户、服务等
openstack user create --domain default --password-prompt glance
User Password: 　　　　 #提示输入密码,自定义即可，这里我定义的
Repeat User Password:

openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://controller:9292

openstack endpoint create --region RegionOne image internal http://controller:9292

openstack endpoint create --region RegionOne image admin http://controller:9292

#安装软件包
yum -y install openstack-glance

编辑配置文件/etc/glance/glance-api.conf

vim /etc/glance/glance-api.conf

[database]

connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]

....

www_authenticate_uri = http://controller:5000
....
auth_uri = http://controller:5000
....
memcached_servers = controller:11211
....
auth_type = password

[paste_deploy]
....
flavor = keystone

[glance_store]
....
stores = file,http
....
default_store = file
....
filesystem_store_datadirs = /var/lib/glance/images/

编辑配置文件/etc/glance/glance-registry.conf
vim /etc/glance/glance-registry.conf
....
[database]
....
connection = mysql+pymysql://glance:123456@controller/glance
....
[keystone_authtoken]
....
www_authenticate_uri = http://controller:5000
....
auth_uri = http://controller:5000
....
memcached_servers = controller:1211
....
auth_type = password

[paste_deploy]
....
flavor = keystone

#同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
注：日志文件在tail -f /var/log/glance/api.log

#启动服务
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service