多條告白如次劇本只需引入一次

OpenStack安置安置

一、普通籌備處事

安置情況：CentOS764

1、封閉當地iptables風火墻并樹立開機不自啟用

#systemctlstopfirewalld.service#systemctldisablefirewalld.service2、封閉當地selinux風火墻

#vim/etc/sysconfig/selinuxSELINUX=disabled#setenforce03、樹立長機計劃機稱呼

#hostnamectlset-hostnamecontroller4、當地長機稱呼和ip的領會

#vim/etc/hosts192.168.0.104controller5、安置ntp功夫校準東西

#yum-yinstallntp#ntpdateasia.pool.ntp.org6、安置第三方yum源

#yum-yinstallyum-plugin-priorities#yum-yinstallhttp://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm#yum-yinstallhttp://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm7、晉級體例軟硬件包并從新體例

#yumupgrade#reboot二、安置擺設mariadb數據庫

1、安置mariadb數據庫

#yum-yinstallmariadbmariadb-serverMySQL-python2、擺設mariadb數據庫

#cp/etc/my.cnf/etc/my.cnf.bak#rpm-qlmariadb#vim/etc/my.cnf.d/server.cnf[mysqld]bind-address=0.0.0.0default-storage-engine=innodbinnodb_file_per_tablecollation-server=utf8_general_ciinit-connect='SETNAMESutf8'character-set-server=utf83、啟用mariadb數據庫

#systemctlenablemariadb.service#systemctlstartmariadb.service三、安置動靜部隊效勞

1、安置rabbit所需軟硬件包

#yum-yinstallrabbitmq-server2、啟用rabbit效勞

#systemctlenablerabbitmq-server.service#systemctlstartrabbitmq-server.service3、樹立rabbit效勞暗號

#rabbitmqctlchange_passwordguestrabbit四、安置keyston用戶認證組件

1、創造keystone數據庫和受權用戶

mysql-uroot-pCREATEDATABASEkeystone;GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'keystone';GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'keystone';2、安置keystone組件包

#yum-yinstallopenstack-utilsopenstack-keystonepython-keystoneclient3、擺設keystone文獻

#cp/etc/keystone/keystone.conf/etc/keystone/keystone.conf.bak#vim/etc/keystone/keystone.conf[DEFAULT]verbose=True[database]connection=mysql://keystone:keystone@controller/keystone[token]provider=keystone.token.providers.uuid.Providerdriver=keystone.token.persistence.backends.sql.Token4、創造文憑和秘鑰文獻

#keystone-managepki_setup--keystone-userkeystone--keystone-groupkeystone#chown-Rkeystone:keystone/var/log/keystone#chown-Rkeystone:keystone/etc/keystone/ssl#chmod-Ro-rwx/etc/keystone/ssl5、同步keystone到mariadb數據庫

#su-s/bin/sh-c"keystone-managedb_sync"keystone6、啟用keystone效勞并開機自啟用

#systemctlenableopenstack-keystone.service#systemctlstartopenstack-keystone.service7、廢除過時的令牌

默許情景下，身份效勞保存在數據庫中過時的令牌無窮。到時令牌的積聚大大減少數據庫的巨細，大概會貶低效勞的本能，更加是在資源有限的情況中。咱們倡導您運用cron擺設一個周期性工作，廢除過時的令牌時

#(crontab-l-ukeystone2>&1|grep-qtoken_flush)||echo'@hourly/usr/bin/keystone-managetoken_flush>/var/log/keystone/keystone-tokenflush.log2>&1'>>/var/spool/cron/keystone—————————-Createtenants,user,androles———————————

1、擺設admin的token

#exportOS_SERVICE_TOKEN=$(opensslrand-hex10)#exportOS_SERVICE_ENDPOINT=http://controller:35357/v2.0#echo$OS_SERVICE_TOKEN>~/ks_admin_token#openstack-config--set/etc/keystone/keystone.confDEFAULTadmin_token$OS_SERVICE_TOKEN#serviceopenstack-keystonerestart2、創造tenant、userandrole

a.Createtheadmintenant、user、role#keystonetenant-create--nameadmin--description"AdminTenant"#keystoneuser-create--nameadmin--passadmin--emailadmin@zhengyansheng.com#keystonerole-create--nameadminb.Addtheadmintenantandusertotheadminrole:#keystoneuser-role-add--tenantadmin--useradmin--roleadminc.Bydefault,thedashboardlimitsaccesstouserswiththe_member_role.#keystonerole-create--name_member_d.Addtheadmintenantandusertothe_member_role:#keystoneuser-role-add--tenantadmin--useradmin--role_member_3、創造一個普遍demo名目和用戶

a.Createthedemotenant:#keystonetenant-create--namedemo--description"DemoTenant"b.Createthedemouser:#keystoneuser-create--namedemo--passdemo--emaildemo@zhengyansheng.comc.Addthedemotenantandusertothe_member_role:#keystoneuser-role-add--tenantdemo--userdemo--role_member_4、創造一個service名目

#keystonetenant-create--nameservice--description"ServiceTenant"————————CreatetheserviceentityandAPIendpoint————————

1、CreatetheserviceentityandAPIendpoint|CreatetheserviceentityfortheIdentityservice:

#keystoneservice-create--namekeystone--typeidentity--description"OpenStackIdentity"2、CreatetheAPIendpointfortheIdentityservice:

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/identity/{print$2}')--publicurlhttp://controller:5000/v2.0--internalurlhttp://controller:5000/v2.0--adminurlhttp://controller:35357/v2.0--regionregionOne3、察看keystone認證消息

[root@controller~]#keystoneuser-list+----------------------------------+-------+---------+-------------------------+|id|name|enabled|email|+----------------------------------+-------+---------+-------------------------+|7053cfacc4b047dcabe82f6be0e5dc77|admin|True|admin@zhengyansheng.com||eea569106329465996e9e09a666838bd|demo|True|demo@zhengyansheng.com|+----------------------------------+-------+---------+-------------------------+[root@controller~]#keystonetenant-list+----------------------------------+---------+---------+|id|name|enabled|+----------------------------------+---------+---------+|307fd76766eb4b02a28779f4e88717ce|admin|True||f054bd56851b4a318a19233a13e13d31|demo|True||d865c3b49f6f4bf7b2a0b93e0110e546|service|True|+----------------------------------+---------+---------+[root@controller~]#keystoneservice-list+----------------------------------+----------+----------+--------------------+|id|name|type|description|+----------------------------------+----------+----------+--------------------+|9754f7bdf78c4000875f1aa5f3291b19|keystone|identity|OpenStackIdentity|+----------------------------------+----------+----------+--------------------+[root@controller~]#keystoneendpoint-list+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+|id|region|publicurl|internalurl|adminurl|service_id|+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+|6831d6708fe4469fa653b9b5adf801d9|regionOne|http://controller:5000/v2.0|http://controller:5000/v2.0|http://controller:35357/v2.0|9754f7bdf78c4000875f1aa5f3291b19|+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+4、廢除偶爾樹立的情況變量

#unsetOS_SERVICE_TOKEN#unsetOS_SERVICE_ENDPOINT5、運用keystone舉行用戶認證

#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0token-get#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0tenant-list#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0user-list#keystone--os-tenant-nameadmin--os-usernameadmin--os-passwordadmin--os-auth-urlhttp://controller:35357/v2.0role-list6、運用普遍用戶demo認證嘗試

#keystone--os-tenant-namedemo--os-usernamedemo--os-passworddemo--os-auth-urlhttp://controller:35357/v2.0token-get#keystone--os-tenant-namedemo--os-usernamedemo--os-passworddemo--os-auth-urlhttp://controller:35357/v2.0user-listYouarenotauthorizedtoperformtherequestedaction:admin_required(HTTP403)7、存戶端cli吩咐行劇本

#vim~/admin-openrc.shexportOS_TENANT_NAME=adminexportOS_USERNAME=adminexportOS_PASSWORD=adminexportOS_AUTH_URL=http://controller:35357/v2.0#vim~/demo-openrc.shexportOS_TENANT_NAME=demoexportOS_USERNAME=demoexportOS_PASSWORD=demoexportOS_AUTH_URL=http://controller:5000/v2.0#sourceadmin-openrc.sh8、嘗試即使廢除情況變量，經過keystone仍舊不妨認證經過證明keystone是擺設勝利的

四、安置glance組件

1、創造keystone數據庫和受權用戶

mysql-uroot-pCREATEDATABASEglance;GRANTALLPRIVILEGESONglance.*TO'glance'@'localhost'IDENTIFIEDBY'glance';GRANTALLPRIVILEGESONglance.*TO'glance'@'%'IDENTIFIEDBY'glance';2、創造glance用戶并介入到admin組中

#keystoneuser-create--nameglance--passglance#keystoneuser-role-add--userglance--tenantservice--roleadmin3、創造glance效勞

#keystoneservice-create--nameglance--typeimage--description"OpenStackImageService"4、創造Identity的效勞考察rul

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/image/{print$2}')--publicurlhttp://controller:9292--internalurlhttp://controller:9292--adminurlhttp://controller:9292--regionregionOne5、安置擺設glance包

#yum-yinstallopenstack-glancepython-glanceclient6、竄改glance擺設文獻

#cp/etc/glance/glance-api.conf/etc/glance/glance-api.conf.bak#vim/etc/glance/glance-api.conf[DEFAULT]verbose=True[database]connection=mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=glanceadmin_password=glance[paste_deploy]flavor=keystone[glance_store]default_store=filefilesystem_store_datadir=/var/lib/glance/images/#cp/etc/glance/glance-registry.conf/etc/glance/glance-registry.conf.bak#vim/etc/glance/glance-registry.conf[DEFAULT]verbose=True[database]connection=mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=glanceadmin_password=glance[paste_deploy]flavor=keystone7、同步glance到mariadb數據庫

#su-s/bin/sh-c"glance-managedb_sync"glance8、啟用和開機自啟用

#systemctlenableopenstack-glance-api.serviceopenstack-glance-registry.service#systemctlstartopenstack-glance-api.serviceopenstack-glance-registry.service9、載入上傳image鏡像

#mkdir/tmp/images#cd/tmp/images#wgethttp://cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img#glanceimage-create--name"cirros-0.3.3-x86_64"--filecirros-0.3.3-x86_64-disk.img--disk-formatqcow2--container-formatbare--is-publicTrue--progress#glanceimage-list#mv/tmp/images/opt五、增添一個計劃節點

1、創造nova數據庫和受權用戶

mysql-uroot-pCREATEDATABASEnova;GRANTALLPRIVILEGESONnova.*TO'nova'@'localhost'IDENTIFIEDBY'nova';GRANTALLPRIVILEGESONnova.*TO'nova'@'%'IDENTIFIEDBY'nova';2、創造Nova的用戶，介入到admin組、service效勞

#keystoneuser-create--namenova--passnova#keystoneuser-role-add--usernova--tenantservice--roleadmin#keystoneservice-create--namenova--typecompute--description"OpenStackCompute"3、創造計劃節點的考察url

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/compute/{print$2}')--publicurlhttp://controller:8774/v2/%(tenant_id)s--internalurlhttp://controller:8774/v2/%(tenant_id)s--adminurlhttp://controller:8774/v2/%(tenant_id)s--regionregionOne4、安置Nova包

#yum-yinstallopenstack-nova-apiopenstack-nova-certopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-schedulerpython-novaclient#yum-yinstallopenstack-nova-computesysfsutils5、竄改nova擺設文獻

#cp/etc/nova/nova.conf/etc/nova/nova.conf.bak#vim/etc/nova/nova.conf[DEFAULT]my_ip=controllervncserver_listen=controllervncserver_proxyclient_address=controllerverbose=Truerpc_backend=rabbitrabbit_host=controllerrabbit_password=rabbitauth_strategy=keystonevnc_enabled=Truevncserver_listen=0.0.0.0vncserver_proxyclient_address=controllernovncproxy_base_url=http://controller:6080/vnc_auto.html[database]connection=mysql://nova:nova@controller/nova[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=novaadmin_password=nova[glance]host=controller[libvirt]virt_type=qemu6、同步nova到moriadb數據庫

#su-s/bin/sh-c"nova-managedbsync"nova7、啟用稠密效勞開機自啟用

#systemctlenableopenstack-nova-api.serviceopenstack-nova-cert.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service#systemctlstartopenstack-nova-api.serviceopenstack-nova-cert.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service#systemctlenablelibvirtd.serviceopenstack-nova-compute.service#systemctlstartlibvirtd.service#systemctlstartopenstack-nova-compute.service#novaservice-list#novaimage-list六、增添一個搜集節點

1、創造neutron數據庫和受權用戶

mysql-uroot-pCREATEDATABASEneutron;GRANTALLPRIVILEGESONneutron.*TO'neutron'@'localhost'IDENTIFIEDBY'neutron';GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'IDENTIFIEDBY'neutron';2、創造neutron用戶，介入到admin組中，并創造neutron效勞

#keystoneuser-create--nameneutron--passneutron#keystoneuser-role-add--userneutron--tenantservice--roleadmin#keystoneservice-create--nameneutron--typenetwork--description"OpenStackNetworking"3、創造neutron的endponit考察url

#keystoneendpoint-create--service-id$(keystoneservice-list|awk'/image/{print$2}')--publicurlhttp://controller:5672--internalurlhttp://controller:5672--adminurlhttp://controller:5672--regionregionOne4、安置neutron包

#yum-yinstallopenstack-neutronopenstack-neutron-ml2python-neutronclientwhich5、竄改neutron擺設文獻

#cp/etc/neutron/neutron.conf/etc/neutron/neutron.conf.bak#vim/etc/neutron/neutron.conf[DEFAULT]rpc_backend=rabbitrabbit_host=controllerrabbit_password=rabbitauth_strategy=keystonecore_plugin=ml2service_plugins=routerallow_overlapping_ips=Truenotify_nova_on_port_status_changes=Truenotify_nova_on_port_data_changes=Truenova_url=http://controller:8774/v2nova_admin_auth_url=http://controller:35357/v2.0nova_region_name=regionOnenova_admin_username=novanova_admin_tenant_id=SERVICE_TENANT_IDnova_admin_password=novaverbose=True[database]connection=mysql://neutron:neutron@controller/neutron[keystone_authtoken]auth_uri=http://controller:5000/v2.0identity_uri=http://controller:35357admin_tenant_name=serviceadmin_user=neutronadmin_password=neutron6、嘗試

#keystonetenant-getservice#cp/etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugins/ml2/ml2_conf.ini.bak#vim/etc/neutron/plugins/ml2/ml2_conf.ini[ml2]type_drivers=flat,gretenant_network_types=gremechani***_drivers=openvswitch[ml2_type_gre]tunnel_id_ranges=1:1000[securitygroup]enable_security_group=Trueenable_ipset=Truefirewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver#vim/etc/nova/nova.conf[DEFAULT]network_api_class=nova.network.neutronv2.api.APIsecurity_group_api=neutronlinuxnet_interface_driver=nova.network.linux_net.LinuxOVSInterfaceDriverfirewall_driver=nova.virt.firewall.NoopFirewallDriver[neutron]url=http://controller:9696auth_strategy=keystoneadmin_auth_url=http://controller:35357/v2.0admin_tenant_name=serviceadmin_username=neutronadmin_password=neutron#ln-s/etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini7、同步neutron到mariadb數據庫

#su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf--config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradejuno"neutron8、從新啟用compute效勞

#systemctlrestartopenstack-nova-api.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.service9、開機自啟用效勞

#systemctlenableneutron-server.service#systemctlstartneutron-server.service10、察看neutron-server過程

#neutronext-list11、察看關系消息

#tail-f/var/log/neutron/server.log12、擺設內核搜集參數

#cp/etc/sysctl.conf/etc/sysctl.conf.bak#vim/etc/sysctl.confnet.ipv4.ip_forward=1net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0#sysctl-p13、安置搜集組件包

#yum-yinstallopenstack-neutronopenstack-neutron-ml2openstack-neutron-openvswitch14、擺設常用的搜集組件

#vim/etc/neutron/plugins/ml2/ml2_conf.ini[ml2_type_flat]flat_networks=external[ovs]local_ip=INSTANCE_TUNNELS_INTERFACE_IP_ADDRESSenable_tunneling=Truebridge_mappings=external:br-ex[agent]tunnel_types=gre#cp/etc/neutron/l3_agent.ini/etc/neutron/l3_agent.ini.bak#vim/etc/neutron/l3_agent.ini[DEFAULT]interface_driver=neutron.agent.linux.interface.OVSInterfaceDriveruse_namespaces=Trueexternal_network_bridge=br-exverbose=True#cp/etc/neutron/dhcp_agent.ini/etc/neutron/dhcp_agent.ini.bak#vim/etc/neutron/dhcp_agent.ini[DEFAULT]interface_driver=neutron.agent.linux.interface.OVSInterfaceDriverdhcp_driver=neutron.agent.linux.dhcp.Dn***asquse_namespaces=Trueverbose=Truedn***asq_config_file=/etc/neutron/dn***asq-neutron.conf#cp/etc/neutron/metadata_agent.ini/etc/neutron/metadata_agent.ini.bak#vim/etc/neutron/metadata_agent.ini[DEFAULT]auth_url=http://controller:5000/v2.0auth_region=regionOneadmin_tenant_name=serviceadmin_user=neutronadmin_password=neutronnova_metadata_ip=controllermetadata_proxy_shared_secret=METADATA_SECRETverbose=True#vim/etc/nova/nova.conf[neutron]service_metadata_proxy=Truemetadata_proxy_shared_secret=METADATA_SECRET15、在遏制節點上從新啟用API效勞

#systemctlrestartopenstack-nova-api.service七、安置擺設dashboard

1、安置dashboard和所需的和依附包

#yuminstallopenstack-dashboardhttpdmod_wsgimemcachedpython-memcached2、竄改dashboard擺設文獻

#cp/etc/openstack-dashboard/local_settings/etc/openstack-dashboard/local_settings.bak#vim/etc/openstack-dashboard/local_settingsOPENSTACK_HOST="controller"ALLOWED_HOSTS=['*']CACHES={'default':{'BACKEND':'django.core.cache.backends.memcached.MemcachedCache','LOCATION':'127.0.0.1:11211',}}TIME_ZONE="TIME_ZONE"3、運轉web效勞貫穿OpenStack效勞

#setsebool-Phttpd_can_network_connecton4、因為包裝缺點，風度板不許精確加載CSS。運轉以次吩咐來處置這個題目：

#chown-Rapache:apache/usr/share/openstack-dashboard/static5、啟用Web效勞器和對話保存效勞和擺設啟用體例啟用時：

#systemctlenablehttpd.servicememcached.service#systemctlstarthttpd.servicememcached.service八、考察嘗試

1、鑒于HTTP舉行考察嘗試：

好了，即日就先到這邊吧！