码迷,mamicode.com
首页 > 其他好文 > 详细

openstack(liberty):部署实验平台(二,简单版本软件安装 part1)

时间:2016-02-05 19:23:50      阅读:240      评论:0      收藏:0      [点我收藏+]

标签:

软件安装过程中,考虑到现在是一个实验环境,且也考虑到规模不大,还有,网络压力不会大,出于简单考虑,将各个节点的拓扑结构改了一下,主要体现在网络节点和控制节点并在了一起。在一个服务器上安装! 到目前位置,我的这个平台,只有keystone,glance,neutron,dashboard以及nova几个服务。省出的那个服务器,打算也作为计算节点。所以,最新规划topo如下了:

技术分享

绿色节点表示目前已经安装了openstack的模块软件,灰色部分,表示下一步即将安装的部分。

 

下面简要说下安装的过程,重点记录一下我在Centos7下的安装中遇到的问题和解决办法。我若没有说在那个节点上安装,就表示是在控制节点node0上

1. 安装NTP,官网安装用的是chrony,我折腾了半天,没有配置好,最终选择Linux系统自带的NTPD.相关的配置,参考我的博文NTP配置

 

2. 安装yum repo以及openstack的CLI安装包程序以及selinux相关的openstack插件。

1 yum install centos-release-openstack-liberty

上一步安装完毕后,记得要执行下面一步,并且一定,最好,将操作系统重启,我在这一步没有做重启,直接继续,遇到了不少的问题,安装得我都要抓狂。。。

1 yum upgrade

客户端命令行插件,selinux的openstack插件

1 yum install python-openstackclient
2 yum install openstack-selinux

 

3. SQL database安装。

1 yum install mariadb mariadb-server MySQL-python

相关的配置/etc/my.cnf.d/mariadb_openstack.cnf:

技术分享
 1 [mysqld]
 2 datadir=/var/lib/maria
 3 socket=/var/lib/maria/maria.sock
 4 # Disabling symbolic-links is recommended to prevent assorted security risks
 5 symbolic-links=0
 6 # Settings user and group are ignored when systemd is used.
 7 # If you need to run mysqld under a different user or group,
 8 # customize your systemd unit file for mariadb according to the
 9 # instructions in http://fedoraproject.org/wiki/Systemd
10 
11 bind-address = localhost
12 default-storage-engine = innodb
13 innodb_file_per_table
14 collation-server = utf8_general_ci
15 init-connect = ‘SET NAMES utf8‘
16 character-set-server = utf8
17 
18 [mysqld_safe]
19 log-error=/var/log/mariadb/mariadb.log
20 pid-file=/var/run/mariadb/mariadb.pid
View Code

启动mariadb,由于mariadb和mysql是完全兼容的,可以说如何使用mysql的习惯,在mariadb上完全可以用上。启动后登录,执行mysql_secure_installation进行root密码的配置。

1 systemctl enable mariadb.service
2 systemctl start mariadb.service

 

4。 MongoDB的安装与配置 (version: 2.9.11)

1 yum install mongodb-server mongodb

配置/etc/mongod.conf:

技术分享
  1 ##
  2 ### Basic Defaults
  3 ##
  4 
  5 # Comma separated list of ip addresses to listen on (all local ips by default)
  6 bind_ip = 127.0.0.1
  7 
  8 # Specify port number (27017 by default)
  9 #port = 27017
 10 
 11 # Fork server process (false by default)
 12 #fork = true
 13 
 14 # Full path to pidfile (if not set, no pidfile is created)
 15 pidfilepath = /var/run/mongodb/mongod.pid
 16 
 17 # Log file to send write to instead of stdout - has to be a file, not directory
 18 logpath = /var/log/mongodb/mongod.log
 19 
 20 # Alternative directory for UNIX domain sockets (defaults to /tmp)
 21 unixSocketPrefix = /var/run/mongodb
 22 
 23 # Directory for datafiles (defaults to /data/db/)
 24 dbpath = /var/lib/mongodb
 25 
 26 # Enable/Disable journaling (journaling is on by default for 64 bit)
 27 #journal = true
 28 nojournal = true
 29 
 30 ##
 31 ### General options
 32 ##
 33 
 34 # Be more verbose (include multiple times for more verbosity e.g. -vvvvv) (v by default)
 35 #verbose = v
 36 
 37 # Max number of simultaneous connections (1000000 by default)
 38 #maxConns = 1000000              
 39 
 40 # Log to system‘s syslog facility instead of file or stdout (false by default)
 41 #syslog = true
 42 
 43 # Syslog facility used for monogdb syslog message (user by defautl)
 44 #syslogFacility = user
 45 
 46 # Append to logpath instead of over-writing (false by default)
 47 #logappend = true
 48 
 49 # Desired format for timestamps in log messages (One of ctime, iso8601-utc or iso8601-local) (iso8601-local by default)
 50 #timeStampFormat = arg  
 51 
 52 # Private key for cluster authentication
 53 #keyFile = arg
 54 
 55 # Set a configurable parameter
 56 #setParameter = arg
 57 
 58 # Enable http interface (false by default)
 59 #httpinterface = true
 60 
 61 # Authentication mode used for cluster authentication. Alternatives are (keyFile|sendKeyFile|sendX509|x509) (keyFile by default)
 62 #clusterAuthMode = arg
 63 
 64 # Disable listening on unix sockets (false by default)
 65 #nounixsocket = true
 66 
 67 # Run with/without security (without by default)
 68 #auth = true
 69 #noauth = true
 70 
 71 # Enable IPv6 support (disabled by default)
 72 #ipv6 = true
 73 
 74 # Allow JSONP access via http (has security implications) (false by default)
 75 #jsonp = true
 76 
 77 # Turn on simple rest api (false by default)
 78 #rest = true
 79 
 80 # Value of slow for profile and console log (100 by default)
 81 #slowms = 100
 82 
 83 # 0=off 1=slow, 2=all (0 by default)
 84 #profile = 0
 85 
 86 # Periodically show cpu and iowait utilization (false by default)
 87 #cpu = true
 88 
 89 # Print some diagnostic system information (false by default)
 90 #sysinfo = true
 91 
 92 # Each database will be stored in a separate directory (false by default)
 93 #directoryperdb = true
 94 
 95 # Don‘t retry any index builds that were interrupted by shutdown (false by default)
 96 #noIndexBuildRetry = true
 97 
 98 # Disable data file preallocation - will often hurt performance (false by default)
 99 #noprealloc = true
100 
101 # .ns file size (in MB) for new databases (16 MB by default)
102 #nssize = 16
103 
104 # Limits each database to a certain number of files (8 default)
105 #quota
106 
107 # Number of files allowed per db, implies --quota (8 by default)
108 #quotaFiles = 8
109 
110 # Use a smaller default file size (false by default)
111 #smallfiles = true
112 
113 # Seconds between disk syncs (0=never, but not recommended) (60 by default)
114 #syncdelay = 60
115 
116 # Upgrade db if needed (false by default)
117 #upgrade = true
118 
119 # Run repair on all dbs (false by default)
120 #repair = true
121 
122 # Root directory for repair files (defaults to dbpath)
123 #repairpath = arg
124 
125 # Disable scripting engine (false by default)
126 #noscripting = true
127 
128 # Do not allow table scans (false by default)
129 #notablescan = true
130 
131 # Journal diagnostic options (0 by default)
132 #journalOptions = 0
133 
134 # How often to group/batch commit (ms) (100 or 30 by default)
135 #journalCommitInterval = 100 
136 
137 
138 
139 ##
140 ### Replication options
141 ##
142 
143 # Size to use (in MB) for replication op log (default 5% of disk space - i.e. large is good)
144 #oplogSize = arg
145 
146 
147 
148 ##
149 ### Master/slave options (old; use replica sets instead)
150 ##
151 
152 # Master mode
153 #master = true
154 
155 # Slave mode
156 #slave = true
157 
158 # When slave: specify master as <server:port>
159 #source = arg
160 
161 # When slave: specify a single database to replicate
162 #only = arg
163 
164 # Specify delay (in seconds) to be used when applying master ops to slave
165 #slavedelay = arg
166 
167 # Automatically resync if slave data is stale
168 #autoresync = true
169 
170 
171 
172 ##
173 ### Replica set options
174 ##
175 
176 # Arg is <setname>[/<optionalseedhostlist>]
177 #replSet = arg
178 
179 # Specify index prefetching behavior (if secondary) [none|_id_only|all] (all by default)
180 #replIndexPrefetch = all
181 
182 
183 
184 ##
185 ### Sharding options
186 ##
187 
188 # Declare this is a config db of a cluster (default port 27019; default dir /data/configdb) (false by default)
189 #configsvr = true
190 
191 # Declare this is a shard db of a cluster (default port 27018)  (false by default)
192 #shardsvr = true
193 
194 
195 
196 ##
197 ### SSL options
198 ##
199 
200 # Use ssl on configured ports
201 #sslOnNormalPorts = true
202 
203 # Set the SSL operation mode (disabled|allowSSL|preferSSL|requireSSL)
204 # sslMode = arg
205 
206 # PEM file for ssl
207 #sslPEMKeyFile = arg
208 
209 # PEM file password
210 #sslPEMKeyPassword = arg
211 
212 # Key file for internal SSL authentication
213 #sslClusterFile = arg
214 
215 # Internal authentication key file password
216 #sslClusterPassword = arg
217 
218 # Certificate Authority file for SSL
219 #sslCAFile = arg
220 
221 # Certificate Revocation List file for SSL
222 #sslCRLFile = arg
223 
224 # Allow client to connect without presenting a certificate
225 #sslWeakCertificateValidation = true
226 
227 # Allow server certificates to provide non-matching hostnames
228 #sslAllowInvalidHostnames = true
229 
230 # Allow connections to servers with invalid certificates
231 #sslAllowInvalidCertificates = true
232 
233 # Activate FIPS 140-2 mode at startup
234 #sslFIPSMode = true
View Code

启动

1 systemctl enable mongod.service
2 systemctl start mongod.service

 

5. RabbitMQ安装

1 yum install rabbitmq-server
1 systemctl enable rabbitmq-server.service
2 systemctl start rabbitmq-server.service

创建用户openstack并修改其在vhost下的配置,读写权限

1 rabbitmqctl add_user openstack RABBIT_PASS  
1 rabbitmqctl set_permissions openstack ".*" ".*" ".*"

我为了操作方便简单,易于记忆,将所有的和密码相关的信息,设置了同一个密码,都是openstack。

 

以上是一些基本的环境的准备,接下来,就是要安装具体的openstack的组成部件了。第一个是keystone的安装。

k1。 创建keystone数据库,设置访问权限(密码也是openstack,偷懒)

1 mysql -u root -p
2 CREATE DATABASE keystone;
3 GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘   IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
4 GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘   IDENTIFIED BY ‘KEYSTONE_DBPASS‘;

k2. 安装keystone,httpd,缓存以及wsgi并启动

1 yum install openstack-keystone httpd mod_wsgi  memcached python-memcached
2 
3 systemctl enable memcached.service
4 systemctl start memcached.service

配置/etc/keystone/keystone.conf:

技术分享
 1 [DEFAULT]
 2 admin_token = 613ae457d94da5033c92
 3 verbose = true
 4 
 5 [database]
 6 connection = mysql://keystone:openstack@192.168.1.100/keystone
 7 
 8 [memcache]
 9 servers = localhost:11211
10 
11 [revoke]
12 driver = sql
13 
14 [token]
15 provider = uuid
16 driver = memcache
View Code

接下来就是数据库keystone的同步操作,对于第一次操作这个命令,可能会遇到问题,就是No handlers could be found for logger "oslo_config.cfg"

1 su -s /bin/sh -c "keystone-manage db_sync" keystone

在我的部署过程中,这个无关大局。就让它在那吧。。

配置httpd /etc/httpd/conf/httpd.conf ,其他的都默认不改。就修改一下下面这行。

1 ServerName 192.168.1.100

配置wsgi /etc/httpd/conf.d/wsgi-keystone.conf:

技术分享
 1 Listen 5000
 2 Listen 35357
 3 
 4 <VirtualHost *:5000>
 5     WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
 6     WSGIProcessGroup keystone-public
 7     WSGIScriptAlias / /usr/bin/keystone-wsgi-public
 8     WSGIApplicationGroup %{GLOBAL}
 9     WSGIPassAuthorization On
10     <IfVersion >= 2.4>
11       ErrorLogFormat "%{cu}t %M"
12     </IfVersion>
13     ErrorLog /var/log/httpd/keystone-error.log
14     CustomLog /var/log/httpd/keystone-access.log combined
15 
16     <Directory /usr/bin>
17         <IfVersion >= 2.4>
18             Require all granted
19         </IfVersion>
20         <IfVersion < 2.4>
21             Order allow,deny
22             Allow from all
23         </IfVersion>
24     </Directory>
25 </VirtualHost>
26 
27 <VirtualHost *:35357>
28     WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
29     WSGIProcessGroup keystone-admin
30     WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
31     WSGIApplicationGroup %{GLOBAL}
32     WSGIPassAuthorization On
33     <IfVersion >= 2.4>
34       ErrorLogFormat "%{cu}t %M"
35     </IfVersion>
36     ErrorLog /var/log/httpd/keystone-error.log
37     CustomLog /var/log/httpd/keystone-access.log combined
38 
39     <Directory /usr/bin>
40         <IfVersion >= 2.4>
41             Require all granted
42         </IfVersion>
43         <IfVersion < 2.4>
44             Order allow,deny
45             Allow from all
46         </IfVersion>
47     </Directory>
48 </VirtualHost>
View Code

最后启动httpd,这个是支持后端rest api调用的服务器。

1 systemctl enable httpd.service
2 systemctl start httpd.service

 

k3. 创建keystone的service.首先配置环境变量,这里,我将这个简单版本的安装过程中涉及到的所有环境变量,都列在这里:

 1 export MARIA_DB_ROOT_PW=openstack
 2 export RABBIT_MQ_PASS=openstack
 3 export KEYSTONE_DBPASS=openstack
 4 export keystone_user_pw=openstack
 5 
 6 export ADMIN_TOKEN=613ae457d94da5033c92
 7 export OS_TOKEN=$ADMIN_TOKEN
 8 export OS_URL=http://192.168.1.100:35357/v3
 9 export OS_IDENTITY_API_VERSION=3
10 
11 export GLANCE_DBPASS=openstack
12 export glance_user_pw=openstack
13 
14 export NOVA_DBPASS=openstack
15 export nova_user_pw=openstack
16 
17 export NEUTRON_DBPASS=openstack
18 export neutron_user_pw=openstack
19 
20 export METADATA_SECRET=openstack

接下来,创建服务,以及对应的endpoint。

1 openstack service create  --name keystone --description "OpenStack Identity" identity
2 openstack endpoint create --region RegionOne identity public http://node0:5000/v2.0
3 openstack endpoint create --region RegionOne identity internal http://node0:5000/v2.0
4 openstack endpoint create --region RegionOne identity admin http://node0:5000/v2.0

上面的第一步,创建keystone这个服务时,就遇到错误:

1 [root@node0 opt]# openstack service create --name keystone --description "OpenStack Identity" identity
2 Internal Server Error (HTTP 500)

其实,这个通过查看keystone的日志,注意,在httpd目录下哟,会发现访问数据库出错了。这个错误,是因为keystone-manage db_sync keystone没有做成功。我通过多次重新安装keystone组件,最终成功了。汗。。。

 

k4. 创建project admin以及用户以及角色

1 openstack project create --domain default --description "Admin Project" admin 
2 openstack user create --domain default  --password-prompt admin
3 openstack role create admin
4 openstack role add --project admin --user admin admin

 

k5. 创建project service

1 openstack project create --domain default --description "Service Project" service

 

k6. 创建project demo以及用户和角色

1 openstack project create --domain default  --description "Demo Project" demo
2 openstack user create --domain default  --password-prompt demo
3 openstack role create user
4 openstack role add --project demo --user demo user

 

k7. 验证keystone的安装正确性。

首先要修改/usr/share/keystone/keystone-dist-paste.ini,关闭临时token的auth机制。将下面红色的部分去掉。其实,在我的配置中,没有做这个操作,最终也可以达到创建instance,且可以操作新建的instance。【我将集群机器的防火墙都关闭了。。。】

 1 [pipeline:public_api]
 2 # The last item in this pipeline must be public_service or an equivalent
 3 # application. It cannot be a filter.
 4 pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
 5 
 6 [pipeline:admin_api]
 7 # The last item in this pipeline must be admin_service or an equivalent
 8 # application. It cannot be a filter.
 9 pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension s3_extension crud_extension admin_service
10 
11 [pipeline:api_v3]
12 # The last item in this pipeline must be service_v3 or an equivalent
13 # application. It cannot be a filter.
14 pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension simple_cert_extension revoke_extension federation_extension oauth1_extension endpoint_filter_extension service_v3

验证一下吧:

1 openstack --os-auth-url http://node0:35357/v3 --os-project-domain-id default --os-user-domain-id default  --os-project-name admin --os-username admin --os-auth-type password   token issue

是正确的,有数据显示,没有报错!通过demo这个用户操作,也是没有问题的。

 

k8. 为了操作时方便,将需要的参数source为环境变量吧。admin-openrc.sh/demo-openrc.sh,我这里,两个的文件内容一样。

 1 #!/bin/bash
 2 
 3 export OS_PROJECT_DOMAIN_ID=default
 4 export OS_USER_DOMAIN_ID=default
 5 export OS_PROJECT_NAME=admin
 6 export OS_TENANT_NAME=admin
 7 export OS_USERNAME=admin
 8 export OS_PASSWORD=openstack
 9 export OS_AUTH_TYPE=password
10 export OS_AUTH_URL=http://node0:35357/v3
11 export OS_IDENTITY_API_VERSION=3
12 
13 #for glance
14 export OS_IMAGE_API_VERSION=2

这里,要注意了,将上面的第9行去掉,执行下面的命令,你会遇到一个奇怪的错误。

1 openstack token issue

错误如下:

1 [root@node0 opt]# openstack token issue
2 ‘NoneType‘ object has no attribute ‘service_catalog‘

呵呵,这个问题,我也google才找到原因的,就是官网的guide中少了那个OS_AUTH_TYPE。

到此,所有的keystone的基本配置都完成了。

 

开始安装image模块glance吧。很简单,这步!

g1. 创建数据库glance并建用户glance(密码还是openstack)

1 mysql -u root -p
2 CREATE DATABASE glance;
3 GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘  IDENTIFIED BY ‘GLANCE_DBPASS‘;
4 GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘  IDENTIFIED BY ‘GLANCE_DBPASS‘;

接下来创建用户glance

1 openstack user create --domain default --password-prompt glance
2 openstack role add --project service --user glance admin

 

g2. 创建glance服务和endpoint

1 openstack service create --name glance --description "OpenStack Image service" image
2 openstack endpoint create --region RegionOne image public http://node0:9292
3 openstack endpoint create --region RegionOne image internal http://node0:9292
4 openstack endpoint create --region RegionOne image admin http://node0:9292

 

g3. 安装组件。

1 yum install openstack-glance python-glance python-glanceclient

 

g4. 配置/etc/glance/glance-api.conf以及/etc/glance/glance-registry.conf,两个的配置一样,其他的都采用默认值。

技术分享
 1 [DEFAULT]
 2 notification_driver = noop
 3 verbose = True
 4 
 5 [database]
 6 connection = mysql://glance:openstack@node0/glance
 7 
 8 [keystone_authtoken]
 9 auth_uri = http://node0:5000
10 auth_url = http://node0:35357
11 auth_plugin = password
12 project_domain_id = default
13 user_domain_id = default
14 project_name = service
15 username = glance
16 password = openstack
17 
18 [paste_deploy]
19 flavor = keystone
20 
21 [glance_store]
22 default_store = file
23 filesystem_store_datadir = /var/lib/glance/images/
View Code

 

g5. 数据库同步以及启动服务

1 su -s /bin/sh -c "glance-manage db_sync" glance
2 
3 systemctl enable openstack-glance-api.service openstack-glance-registry.service
4 systemctl start openstack-glance-api.service openstack-glance-registry.service

 

g6. 验证。给glance上传一个cirros的镜像

1 wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
2 
3 glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare  --visibility public --progress

同样,没有问题,很正常,glance image-list命令可以检测。

 

好了,今天就到这里吧,不早了,要回去收拾一下,要过年了。。。后面的部分,年后,我再将其补上。

 

openstack(liberty):部署实验平台(二,简单版本软件安装 part1)

标签:

原文地址:http://www.cnblogs.com/shihuc/p/5183406.html

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!