软件安装过程中,考虑到现在是一个实验环境,且也考虑到规模不大,还有,网络压力不会大,出于简单考虑,将各个节点的拓扑结构改了一下,主要体现在网络节点和控制节点并在了一起。在一个服务器上安装! 到目前位置,我的这个平台,只有keystone,glance,neutron,dashboard以及nova几个服务。省出的那个服务器,打算也作为计算节点。所以,最新规划topo如下了:
绿色节点表示目前已经安装了openstack的模块软件,灰色部分,表示下一步即将安装的部分。
下面简要说下安装的过程,重点记录一下我在Centos7下的安装中遇到的问题和解决办法。我若没有说在那个节点上安装,就表示是在控制节点node0上。
1. 安装NTP,官网安装用的是chrony,我折腾了半天,没有配置好,最终选择Linux系统自带的NTPD.相关的配置,参考我的博文NTP配置。
2. 安装yum repo以及openstack的CLI安装包程序以及selinux相关的openstack插件。
yum install centos-release-openstack-liberty
上一步安装完毕后,记得要执行下面一步,并且一定,最好,将操作系统重启,我在这一步没有做重启,直接继续,遇到了不少的问题,安装得我都要抓狂。。。
yum upgrade
客户端命令行插件,selinux的openstack插件
yum install python-openstackclient
yum install openstack-selinux
3. SQL database安装。
yum install mariadb mariadb-server MySQL-python
相关的配置/etc/my.cnf.d/mariadb_openstack.cnf:
[mysqld]
datadir=/var/lib/maria
socket=/var/lib/maria/maria.sock
# Disabling symbolic-links is recommended to prevent assorted security risks
symbolic-links=0
# Settings user and group are ignored when systemd is used.
# If you need to run mysqld under a different user or group,
# customize your systemd unit file for mariadb according to the
# instructions in http://fedoraproject.org/wiki/Systemd bind-address = localhost
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8 [mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
启动mariadb,由于mariadb和mysql是完全兼容的,可以说如何使用mysql的习惯,在mariadb上完全可以用上。启动后登录,执行mysql_secure_installation进行root密码的配置。
systemctl enable mariadb.service
systemctl start mariadb.service
4。 MongoDB的安装与配置 (version: 2.9.11)
yum install mongodb-server mongodb
配置/etc/mongod.conf:
##
### Basic Defaults
## # Comma separated list of ip addresses to listen on (all local ips by default)
bind_ip = 127.0.0.1 # Specify port number (27017 by default)
#port = 27017 # Fork server process (false by default)
#fork = true # Full path to pidfile (if not set, no pidfile is created)
pidfilepath = /var/run/mongodb/mongod.pid # Log file to send write to instead of stdout - has to be a file, not directory
logpath = /var/log/mongodb/mongod.log # Alternative directory for UNIX domain sockets (defaults to /tmp)
unixSocketPrefix = /var/run/mongodb # Directory for datafiles (defaults to /data/db/)
dbpath = /var/lib/mongodb # Enable/Disable journaling (journaling is on by default for 64 bit)
#journal = true
nojournal = true ##
### General options
## # Be more verbose (include multiple times for more verbosity e.g. -vvvvv) (v by default)
#verbose = v # Max number of simultaneous connections (1000000 by default)
#maxConns = 1000000 # Log to system's syslog facility instead of file or stdout (false by default)
#syslog = true # Syslog facility used for monogdb syslog message (user by defautl)
#syslogFacility = user # Append to logpath instead of over-writing (false by default)
#logappend = true # Desired format for timestamps in log messages (One of ctime, iso8601-utc or iso8601-local) (iso8601-local by default)
#timeStampFormat = arg # Private key for cluster authentication
#keyFile = arg # Set a configurable parameter
#setParameter = arg # Enable http interface (false by default)
#httpinterface = true # Authentication mode used for cluster authentication. Alternatives are (keyFile|sendKeyFile|sendX509|x509) (keyFile by default)
#clusterAuthMode = arg # Disable listening on unix sockets (false by default)
#nounixsocket = true # Run with/without security (without by default)
#auth = true
#noauth = true # Enable IPv6 support (disabled by default)
#ipv6 = true # Allow JSONP access via http (has security implications) (false by default)
#jsonp = true # Turn on simple rest api (false by default)
#rest = true # Value of slow for profile and console log (100 by default)
#slowms = 100 # 0=off 1=slow, 2=all (0 by default)
#profile = 0 # Periodically show cpu and iowait utilization (false by default)
#cpu = true # Print some diagnostic system information (false by default)
#sysinfo = true # Each database will be stored in a separate directory (false by default)
#directoryperdb = true # Don't retry any index builds that were interrupted by shutdown (false by default)
#noIndexBuildRetry = true # Disable data file preallocation - will often hurt performance (false by default)
#noprealloc = true # .ns file size (in MB) for new databases (16 MB by default)
#nssize = 16 # Limits each database to a certain number of files (8 default)
#quota # Number of files allowed per db, implies --quota (8 by default)
#quotaFiles = 8 # Use a smaller default file size (false by default)
#smallfiles = true # Seconds between disk syncs (0=never, but not recommended) (60 by default)
#syncdelay = 60 # Upgrade db if needed (false by default)
#upgrade = true # Run repair on all dbs (false by default)
#repair = true # Root directory for repair files (defaults to dbpath)
#repairpath = arg # Disable scripting engine (false by default)
#noscripting = true # Do not allow table scans (false by default)
#notablescan = true # Journal diagnostic options (0 by default)
#journalOptions = 0 # How often to group/batch commit (ms) (100 or 30 by default)
#journalCommitInterval = 100 ##
### Replication options
## # Size to use (in MB) for replication op log (default 5% of disk space - i.e. large is good)
#oplogSize = arg ##
### Master/slave options (old; use replica sets instead)
## # Master mode
#master = true # Slave mode
#slave = true # When slave: specify master as <server:port>
#source = arg # When slave: specify a single database to replicate
#only = arg # Specify delay (in seconds) to be used when applying master ops to slave
#slavedelay = arg # Automatically resync if slave data is stale
#autoresync = true ##
### Replica set options
## # Arg is <setname>[/<optionalseedhostlist>]
#replSet = arg # Specify index prefetching behavior (if secondary) [none|_id_only|all] (all by default)
#replIndexPrefetch = all ##
### Sharding options
## # Declare this is a config db of a cluster (default port 27019; default dir /data/configdb) (false by default)
#configsvr = true # Declare this is a shard db of a cluster (default port 27018) (false by default)
#shardsvr = true ##
### SSL options
## # Use ssl on configured ports
#sslOnNormalPorts = true # Set the SSL operation mode (disabled|allowSSL|preferSSL|requireSSL)
# sslMode = arg # PEM file for ssl
#sslPEMKeyFile = arg # PEM file password
#sslPEMKeyPassword = arg # Key file for internal SSL authentication
#sslClusterFile = arg # Internal authentication key file password
#sslClusterPassword = arg # Certificate Authority file for SSL
#sslCAFile = arg # Certificate Revocation List file for SSL
#sslCRLFile = arg # Allow client to connect without presenting a certificate
#sslWeakCertificateValidation = true # Allow server certificates to provide non-matching hostnames
#sslAllowInvalidHostnames = true # Allow connections to servers with invalid certificates
#sslAllowInvalidCertificates = true # Activate FIPS 140-2 mode at startup
#sslFIPSMode = true
启动
systemctl enable mongod.service
systemctl start mongod.service
5. RabbitMQ安装
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
创建用户openstack并修改其在vhost下的配置,读写权限
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
我为了操作方便简单,易于记忆,将所有的和密码相关的信息,设置了同一个密码,都是openstack。
以上是一些基本的环境的准备,接下来,就是要安装具体的openstack的组成部件了。第一个是keystone的安装。
k1。 创建keystone数据库,设置访问权限(密码也是openstack,偷懒)
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
k2. 安装keystone,httpd,缓存以及wsgi并启动
yum install openstack-keystone httpd mod_wsgi memcached python-memcached systemctl enable memcached.service
systemctl start memcached.service
配置/etc/keystone/keystone.conf:
[DEFAULT]
admin_token = 613ae457d94da5033c92
verbose = true [database]
connection = mysql://keystone:openstack@192.168.1.100/keystone [memcache]
servers = localhost:11211 [revoke]
driver = sql [token]
provider = uuid
driver = memcache
接下来就是数据库keystone的同步操作,对于第一次操作这个命令,可能会遇到问题,就是No handlers could be found for logger "oslo_config.cfg"
su -s /bin/sh -c "keystone-manage db_sync" keystone
在我的部署过程中,这个无关大局。就让它在那吧。。
配置httpd /etc/httpd/conf/httpd.conf ,其他的都默认不改。就修改一下下面这行。
ServerName 192.168.1.100
配置wsgi /etc/httpd/conf.d/wsgi-keystone.conf:
Listen 5000
Listen 35357 <VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost> <VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
最后启动httpd,这个是支持后端rest api调用的服务器。
systemctl enable httpd.service
systemctl start httpd.service
k3. 创建keystone的service.首先配置环境变量,这里,我将这个简单版本的安装过程中涉及到的所有环境变量,都列在这里:
export MARIA_DB_ROOT_PW=openstack
export RABBIT_MQ_PASS=openstack
export KEYSTONE_DBPASS=openstack
export keystone_user_pw=openstack export ADMIN_TOKEN=613ae457d94da5033c92
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://192.168.1.100:35357/v3
export OS_IDENTITY_API_VERSION=3 export GLANCE_DBPASS=openstack
export glance_user_pw=openstack export NOVA_DBPASS=openstack
export nova_user_pw=openstack export NEUTRON_DBPASS=openstack
export neutron_user_pw=openstack export METADATA_SECRET=openstack
接下来,创建服务,以及对应的endpoint。
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://node0:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://node0:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://node0:5000/v2.0
上面的第一步,创建keystone这个服务时,就遇到错误:
[root@node0 opt]# openstack service create --name keystone --description "OpenStack Identity" identity
Internal Server Error (HTTP 500)
其实,这个通过查看keystone的日志,注意,在httpd目录下哟,会发现访问数据库出错了。这个错误,是因为keystone-manage db_sync keystone没有做成功。我通过多次重新安装keystone组件,最终成功了。汗。。。
k4. 创建project admin以及用户以及角色
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
k5. 创建project service
openstack project create --domain default --description "Service Project" service
k6. 创建project demo以及用户和角色
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
k7. 验证keystone的安装正确性。
首先要修改/usr/share/keystone/keystone-dist-paste.ini,关闭临时token的auth机制。将下面红色的部分去掉。其实,在我的配置中,没有做这个操作,最终也可以达到创建instance,且可以操作新建的instance。【我将集群机器的防火墙都关闭了。。。】
[pipeline:public_api]
# The last item in this pipeline must be public_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service [pipeline:admin_api]
# The last item in this pipeline must be admin_service or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service [pipeline:api_v3]
# The last item in this pipeline must be service_v3 or an equivalent
# application. It cannot be a filter.
pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension service_v3
验证一下吧:
openstack --os-auth-url http://node0:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
是正确的,有数据显示,没有报错!通过demo这个用户操作,也是没有问题的。
k8. 为了操作时方便,将需要的参数source为环境变量吧。admin-openrc.sh/demo-openrc.sh,我这里,两个的文件内容一样。
#!/bin/bash export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_TYPE=password
export OS_AUTH_URL=http://node0:35357/v3
export OS_IDENTITY_API_VERSION=3 #for glance
export OS_IMAGE_API_VERSION=2
这里,要注意了,将上面的第9行去掉,执行下面的命令,你会遇到一个奇怪的错误。
openstack token issue
错误如下:
[root@node0 opt]# openstack token issue
'NoneType' object has no attribute 'service_catalog'
呵呵,这个问题,我也google才找到原因的,就是官网的guide中少了那个OS_AUTH_TYPE。
到此,所有的keystone的基本配置都完成了。
开始安装image模块glance吧。很简单,这步!
g1. 创建数据库glance并建用户glance(密码还是openstack)
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
接下来创建用户glance
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
g2. 创建glance服务和endpoint
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://node0:9292
openstack endpoint create --region RegionOne image internal http://node0:9292
openstack endpoint create --region RegionOne image admin http://node0:9292
g3. 安装组件。
yum install openstack-glance python-glance python-glanceclient
g4. 配置/etc/glance/glance-api.conf以及/etc/glance/glance-registry.conf,两个的配置一样,其他的都采用默认值。
[DEFAULT]
notification_driver = noop
verbose = True [database]
connection = mysql://glance:openstack@node0/glance [keystone_authtoken]
auth_uri = http://node0:5000
auth_url = http://node0:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = openstack [paste_deploy]
flavor = keystone [glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
g5. 数据库同步以及启动服务
su -s /bin/sh -c "glance-manage db_sync" glance systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
g6. 验证。给glance上传一个cirros的镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
同样,没有问题,很正常,glance image-list命令可以检测。
好了,今天就到这里吧,不早了,要回去收拾一下,要过年了。。。后面的部分,年后,我再将其补上。