作者:php.net | 来源:互联网 | 2017-06-18 02:27
实验环境俩台CENTOS6.5最小化安装,1核1Gb内存,iptables关闭,selinux关闭Controllerip192.168.11.182Compute1ip192.168.11.1831安装时间同步,俩台机子上都要安装yuminstallntpservicentpdstartchkconfigntpdon2配置网络资源
实验环境
俩台CENTOS6.5 最小化安装,1核1Gb内存,iptables 关闭,selinux 关闭
Controller ip 192.168.11.182
Compute1 ip 192.168.11.183
1 安装时间同步,俩台机子上都要安装
yum install ntp
service ntpd startchkconfig ntpd on2 配置网络资源
yum install yum-plugin-priorities –yyum install –yhttp://repos.fedorapeople.org/re ... ehouse-3.noarch.rpm
yum install –yhttp://dl.fedoraproject.org/pub/ ... ease-6-8.noarch.rpm
yum install –y openstack-utils openstack-selinuxyum upgradereboot2 配置网络2.1 controller node 1 配置管理接口 DEVICE=eth0
TYPE=Ethernet
OnBOOT=yes
NM_COnTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.11.182
NETMASK=255.255.255.0
GATEWAY=192.168.11.2
DNS1=192.168.11.2
2 配置hosts记录 192.168.11.182 controlle
192.168.11.183 compute1
2.2 compute1 node 1 配置管理接口 DEVICE=eth0
TYPE=Ethernet
OnBOOT=yes
NM_COnTROLLED=yes
BOOTPROTO=static
IPADDR=192.168.11.183
NETMASK=255.255.255.0
GATEWAY=192.168.11.2
DNS1=192.168.11.2
2 配置外部接口
DEVICE=eth1
TYPE=Ethernet
OnBOOT="yes"
BOOTPROTO="none"
3 配置hosts记录
192.168.11.182 controlle
192.168.11.183 compute1
重启网卡
service network restart
测试
ping -c 4 www.openstack.org
ping -c 4 controlle
ping -c 4 compute1
3 controlle node1 mysql 安装yum install mysql mysql-server MySQL-python -y1.1 mysql配置Vi /etc/my.cnf[mysqld]...bind-address = 192.168.11.182default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-cOnnect= 'SET NAMES utf8'character-set-server = utf81.2启动mysqlservice mysqld startchkconfig mysqld on1.3 设置mysql的root密码
mysql_install_db
mysql_secure_installation
2消息中间件Qpid服务安装与配置
yum install qpid-cpp-server2.1 关闭身份认证
vi /etc/qpidd.conf
auth=no
2.2重启qpidd服务
service qpidd start
chkconfig qpidd on
3.认证服务Keystone安装与配置
3.1安装
yum install openstack-keystonepython-keystoneclient -y
3.2 配置数据库
openstack-config --set/etc/keystone/keystone.conf
database connection mysql://keystone:keystone@controller/keystone
3.3 创建数据库并授权
mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'localhost'
IDENTIFIED BY 'keystone';
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO 'keystone'@'%'
IDENTIFIED BY 'keystone';
mysql> exit
3.4 导入数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone3.5生成字符串秘钥并添加到配置文件
ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.confDEFAULT
admin_token $ADMIN_TOKEN
3.6默认keystone使用PKI令牌,创建签名秘钥和证书
keystone-manage pki_setup --keystone-userkeystone --keystone-group keystone
chown -R keystone:keystone/etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
3.7 启动服务
service openstack-keystone start
chkconfig openstack-keystone on
3.8定期清理过期的令牌,提高性能
(crontab -l -u keystone 2>&1 | grep-q token_flush) ||
echo '@hourly /usr/bin/keystone-managetoken_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >>/var/spool/cron/keystone
3.9设置令牌及服务位置环境变量
exportOS_SERVICE_TOKEN=ADMIN_TOKEN(这里官网有点问题应该是)
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
3.10创建admin用户、角色和租户
keystone user-create --name=admin --pass= ADMIN_PASS(更改成admin的密码,自己设定,这里我设置的是admin)--email=ADMIN_EMAIL(自己设定邮箱)创建管理员用户keystone role-create --name=admin 创建管理员角色#为管理员创建租户
keystone tenant-create --name=admin--description="AdminTenant"
#将角色添加到用户
keystone user-role-add --user=admin--tenant=admin --role=admin
keystone user-role-add --user=admin--role=_member_ --tenant=admin
3.11创建service租户
keystone tenant-create --name=service--description="ServiceTenant"
3.12创建keystone标识服务
keystone service-create --name=keystone --type=identity
--description="OpenStackIdentity"
3.13创建服务端点,指定API的URL
keystone endpoint-create
--service-id=$(keystone service-list | awk'/ identity / {print$2}')
--publicurl=http://controller:5000/v2.0
--internalurl=http://controller:5000/v2.0
--adminurl=http://controller:35357/v2.0
3.14取消变量
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
3.15测试身份认证
keystone --os-username=admin--os-password=admin
--os-auth-url=http://controller:35357/v2.0token-get
keystone --os-username=admin --os-password=admin
--os-tenant-name=admin--os-auth-url=http://controller:35357/v2.0 token-get
3.16设置环境变量,也可以写在.bash_profile
vi /root/admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
exportOS_AUTH_URL=http://controller:35357/v2.0
source admin-openrc.sh
3.17验证是否授权成功
keystone token-get
keystone user-list
keystone user-role-list --user admin--tenant admin
keystone --os-password admin service-list
3.18安装client通过http访问各组件客户端
yum install -y python-keystoneclient python-glanceclient python-novaclient python-swiftclientpython-neutronclient python-cinderclient python-troveclient python-heatclient python-ceilometerclient
4.镜像服务Glance安装与配置
4.1安装
yum install -y openstack-glance python-glanceclient现在启动glance-api,要不然会可能后面启动不起来。
service openstack-glance-api start
4.2配置数据库
openstack-config --set/etc/glance/glance-api.conf database
connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database
connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-api.confDEFAULT rpc_backend qpid
openstack-config --set /etc/glance/glance-api.confDEFAULT qpid_hostname controller
4.3 创建数据库
mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.*TO 'glance'@'localhost'
IDENTIFIED BY 'glance';
mysql> GRANT ALL PRIVILEGES ON glance.*TO 'glance'@'%'
IDENTIFIED BY 'glance';
4.4 导入数据库
su -s /bin/sh -c "glance-managedb_sync" glance
报错提示(不知道什么意思)
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attackvulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attackvulnerability.", PowmInsecureWarning)
Google搜到的 地址
https://ask.openstack.org/en/question/28335/you-should-rebuild-using-libgmp-5-to-avoid-timing-attack-vulnerability-_warnnot-using-mpz_powm_sec-you-should-rebuild-using-libgmp-5-to-avoid-timing/
Currently rhel has GMP version 4.something
PyCrypto needs GMP >= 5
Because rhel is slightly behind we have to re-make The GNU Multiple PrecisionArithmetic Library stuff.
For this we have to download the sources from https://gmplib.org/#DOWNLOAD
According to the instructions from the package:
tar -xvjpf gmp-6.0.0a.tar.bz2
./configure
make
make check <= VERY IMPORTANT!!
make install
With the right libraries we rebuild PyCrypto
pip install --ignore-installed PyCrypto
As a side note, whenever building and re-building do a
yum -y groupinstall "Development tools"
yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-developenssl-devel zlib-devel bzip2-devel ncurses-devel
It will take care of many problems you might encounter due to missing compilersand header files.
4.5创建glance用户并加入角色admin
keystone user-create --name=glance--pass=glance--email=glance@example.com
keystone user-role-add --user=glance--tenant=service --role=admin
4.6配置认证信息
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_hostcontroller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port35357
var cpro_id = "u6885494";