CentOS6.5安装openstack

实验环境
俩台CENTOS6.5 最小化安装，1核1Gb内存，iptables 关闭，selinux 关闭
Controller ip 192.168.11.182
Compute1 ip 192.168.11.183
1 安装时间同步，俩台机子上都要安装
service ntpd startchkconfig ntpd on2 配置网络资源
yum install yum-plugin-priorities –yyum install –yhttp://repos.fedorapeople.org/re ... ehouse-3.noarch.rpmyum install –yhttp://dl.fedoraproject.org/pub/ ... ease-6-8.noarch.rpmyum install –y openstack-utils openstack-selinuxyum upgradereboot2 配置网络2.1 controller node  1 配置管理接口  DEVICE=eth0
  2 配置hosts记录  192.168.11.182 controlle
2.2 compute1 node  1 配置管理接口   DEVICE=eth0
2 配置外部接口 3 配置hosts记录 3 controlle node1 mysql 安装yum install mysql mysql-server MySQL-python  -y1.1 mysql配置Vi /etc/my.cnf[mysqld]...bind-address = 192.168.11.182default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-cOnnect= &＃39;SET NAMES utf8&＃39;character-set-server = utf81.2启动mysqlservice mysqld startchkconfig mysqld on1.3 设置mysql的root密码 2消息中间件Qpid服务安装与配置
yum install qpid-cpp-server2.1 关闭身份认证
2.2重启qpidd服务
3.认证服务Keystone安装与配置
3.1安装
yum install openstack-keystonepython-keystoneclient -y
3.2 配置数据库
openstack-config --set/etc/keystone/keystone.conf 
  database connection mysql://keystone:keystone@controller/keystone
3.3 创建数据库并授权
mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO &＃39;keystone&＃39;@&＃39;localhost&＃39; 
IDENTIFIED BY &＃39;keystone&＃39;;
mysql> GRANT ALL PRIVILEGES ONkeystone.* TO &＃39;keystone&＃39;@&＃39;%&＃39; 
IDENTIFIED BY &＃39;keystone&＃39;;
mysql> exit

3.4 导入数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone3.5生成字符串秘钥并添加到配置文件
ADMIN_TOKEN=$(openssl rand -hex 10)
# echo $ADMIN_TOKEN
# openstack-config --set /etc/keystone/keystone.confDEFAULT 
  admin_token $ADMIN_TOKEN
3.6默认keystone使用PKI令牌，创建签名秘钥和证书
keystone-manage pki_setup --keystone-userkeystone --keystone-group keystone
chown -R keystone:keystone/etc/keystone/ssl
chmod -R o-rwx /etc/keystone/ssl
3.7 启动服务
service openstack-keystone start
chkconfig openstack-keystone on
3.8定期清理过期的令牌，提高性能
(crontab -l -u keystone 2>&1 | grep-q token_flush) || 
echo &＃39;@hourly /usr/bin/keystone-managetoken_flush >/var/log/keystone/keystone-tokenflush.log 2>&1&＃39; >>/var/spool/cron/keystone
3.9设置令牌及服务位置环境变量
exportOS_SERVICE_TOKEN=ADMIN_TOKEN（这里官网有点问题应该是）
export OS_SERVICE_TOKEN=$ADMIN_TOKEN
exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0
3.10创建admin用户、角色和租户
keystone user-create --name=admin --pass= ADMIN_PASS(更改成admin的密码，自己设定，这里我设置的是admin)--email=ADMIN_EMAIL(自己设定邮箱)创建管理员用户keystone role-create --name=admin 创建管理员角色#为管理员创建租户
keystone tenant-create --name=admin--description="AdminTenant"
#将角色添加到用户
keystone user-role-add --user=admin--tenant=admin --role=admin
keystone user-role-add --user=admin--role=_member_ --tenant=admin
3.11创建service租户
keystone tenant-create --name=service--description="ServiceTenant"

3.12创建keystone标识服务
keystone service-create --name=keystone --type=identity 
--description="OpenStackIdentity"

3.13创建服务端点，指定API的URL
keystone endpoint-create 
--service-id=$(keystone service-list | awk&＃39;/ identity / {print$2}&＃39;) 
--publicurl=http://controller:5000/v2.0 
--internalurl=http://controller:5000/v2.0
--adminurl=http://controller:35357/v2.0
3.14取消变量
unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT

3.15测试身份认证
keystone --os-username=admin--os-password=admin 
--os-auth-url=http://controller:35357/v2.0token-get
keystone --os-username=admin --os-password=admin 
--os-tenant-name=admin--os-auth-url=http://controller:35357/v2.0 token-get
3.16设置环境变量，也可以写在.bash_profile
vi /root/admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_TENANT_NAME=admin
exportOS_AUTH_URL=http://controller:35357/v2.0
source admin-openrc.sh
3.17验证是否授权成功
keystone token-get
keystone user-list
keystone user-role-list --user admin--tenant admin
keystone --os-password admin service-list
3.18安装client通过http访问各组件客户端
yum install -y python-keystoneclient python-glanceclient python-novaclient python-swiftclientpython-neutronclient python-cinderclient python-troveclient python-heatclient python-ceilometerclient
4.镜像服务Glance安装与配置

4.1安装
yum install -y openstack-glance python-glanceclient现在启动glance-api，要不然会可能后面启动不起来。
service openstack-glance-api start
4.2配置数据库
openstack-config --set/etc/glance/glance-api.conf database 
connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-registry.conf database 
connection mysql://glance:glance@controller/glance
openstack-config --set /etc/glance/glance-api.confDEFAULT rpc_backend qpid
openstack-config --set /etc/glance/glance-api.confDEFAULT qpid_hostname controller
4.3 创建数据库
mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.*TO &＃39;glance&＃39;@&＃39;localhost&＃39; 
IDENTIFIED BY &＃39;glance&＃39;;
mysql> GRANT ALL PRIVILEGES ON glance.*TO &＃39;glance&＃39;@&＃39;%&＃39; 
IDENTIFIED BY &＃39;glance&＃39;;
4.4 导入数据库
su -s /bin/sh -c "glance-managedb_sync" glance
报错提示（不知道什么意思）
/usr/lib64/python2.6/site-packages/Crypto/Util/number.py:57:PowmInsecureWarning: Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attackvulnerability.
_warn("Not using mpz_powm_sec. You should rebuild using libgmp >= 5 to avoid timing attackvulnerability.", PowmInsecureWarning)
Google搜到的 地址
https://ask.openstack.org/en/question/28335/you-should-rebuild-using-libgmp-5-to-avoid-timing-attack-vulnerability-_warnnot-using-mpz_powm_sec-you-should-rebuild-using-libgmp-5-to-avoid-timing/
Currently rhel has GMP version 4.something
PyCrypto needs GMP >= 5

Because rhel is slightly behind we have to re-make The GNU Multiple PrecisionArithmetic Library stuff.
For this we have to download the sources from https://gmplib.org/#DOWNLOAD

According to the instructions from the package:
tar -xvjpf gmp-6.0.0a.tar.bz2
./configure 
make 
make check <= VERY IMPORTANT!! 
make install 

With the right libraries we rebuild PyCrypto
pip install --ignore-installed PyCrypto 


As a side note, whenever building and re-building do a
yum -y groupinstall "Development tools" 
yum -y install gcc libgcc glibc libffi-devel libxml2-devel libxslt-developenssl-devel zlib-devel bzip2-devel ncurses-devel
It will take care of many problems you might encounter due to missing compilersand header files.
4.5创建glance用户并加入角色admin
keystone user-create --name=glance--pass=glance--email=glance@example.com
keystone user-role-add --user=glance--tenant=service --role=admin

4.6配置认证信息
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_hostcontroller
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_port35357
var cpro_id = "u6885494";