安装Keystone(认证服务)、Glance(镜像服务)、Placement
- 安装Keystone(认证服务)
- 安装Glance(镜像服务)
- 安装Placement
安装Keystone(认证服务)
- 数据库创建、创建用户并授权
# mysql
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
- 安装和配置
# yum install openstack-keystone httpd mod_wsgi -y
配置,修改配置文件/etc/keystone/keystone.conf,在对应分组【[组名]】下添加配置:
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
初始化数据库:
# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化密钥库:
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导认证服务:
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置,修改配置文件/etc/httpd/conf/httpd.conf,在配置ServerAdmin root@localhost下一行添加ServerName controller:
创建软链:
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
设置开机启动并启动服务:
# systemctl enable httpd.service
# systemctl start httpd.service
验证
# systemctl status httpd.service
# lsof -i:5000
- 创建OpenStack客户端环境脚本
# mkdir -p /root/.openstack
# cat >> /root/.openstack/admin-openrc << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
加入环境变量,生效:
# cat >> /root/.bashrc << EOF
source /root/.openstack/admin-openrc
EOF
# source /root/.bashrc
- 验证
可正常查询:
# openstack token issue
验证auth_url返回报文:
# curl controller:5000/v3
- 创建域、项目、用户、角色
# openstack domain create --description "An Example Domain" example
# openstack project create --domain default --description "Service Project" service
# openstack project create --domain default --description "Demo Project" myproject
# openstack user create --domain default --password-prompt myuser
输入用户密码、确认密码:MYUSER_PASS
创建角色、将用户加入角色:
# openstack role create myrole
# openstack role add --project myproject --user myuser myrole
- 说明
- 详细说明参考官网:
https://docs.openstack.org/keystone/train/install/keystone-install-rdo.html - 安装mysql时做了安装初始化,将密码设置为无,如有设置密码,连接时请加账号密码。
- OpenStack部署完成后使用,dashboard中使用角色管理时提示【错误:在keystone中无法找到默认角色user】。解决方法一:创建user角色:
openstack role create user
。解决方法二:安装Horizon配置‘OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”’将user改为其他已存在的角色。
安装Glance(镜像服务)
- 数据库创建、创建用户并授权
# mysql
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
- 创建服务凭证
# openstack user create --domain default --password-prompt glance
输入密码:GLANCE_PASS
确认密码:GLANCE_PASS
# openstack role add --project service --user glance admin
# openstack service create --name glance --description "OpenStack Image" image
- 创建服务API接入点
# openstack endpoint create --region RegionOne image public http://controller:9292
# openstack endpoint create --region RegionOne image internal http://controller:9292
# openstack endpoint create --region RegionOne image admin http://controller:9292
- 安装和配置
# yum install openstack-glance -y
配置,修改配置文件/etc/glance/glance-api.conf,在对应分组【[组名]】下添加配置:
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
初始化数据库:
# su -s /bin/sh -c "glance-manage db_sync" glance
设置开机启动并启动服务:
# systemctl enable openstack-glance-api.service
# systemctl start openstack-glance-api.service
- 验证
公网下载镜像(下载失败可直接使用浏览器下载):
# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
上传镜像到glance服务:
# glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public
查看镜像列表:
# glance image-list
或者
# openstack image list
验证镜像服务的接入点:
#curl controller:9292
- 说明
- 详细说明参考官网:
https://docs.openstack.org/glance/train/install/install-rdo.html - 安装mysql时做了安装初始化,将密码设置为无,如有设置密码,连接时请加账号密码。
安装Placement
- 数据库创建、创建用户并授权
# mysql
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
- 创建服务凭证
# openstack user create --domain default --password-prompt placement
输入密码:PLACEMENT_PASS
确认密码:PLACEMENT_PASS
# openstack role add --project service --user placement admin
# openstack service create --name placement --description "Placement API" placement
- 创建服务API接入点
# openstack endpoint create --region RegionOne placement public http://controller:8778
# openstack endpoint create --region RegionOne placement internal http://controller:8778
# openstack endpoint create --region RegionOne placement admin http://controller:8778
- 安装和配置
# yum install openstack-placement-api -y
配置,修改配置文件/etc/placement/placement.conf,在对应分组【[组名]】下添加配置:
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
配置,修改配置文件/etc/httpd/conf.d/00-placement-api.conf,添加配置:
<Directory /usr/bin>
= 2.4>
Require all granted
<IfVersion < 2.4>
Order allow,deny
Allow from all
初始化数据库:
# su -s /bin/sh -c "placement-manage db sync" placement
设置开机启动并启动服务:
# systemctl restart httpd
- 验证
状态是否正常:
# placement-status upgrade check
验证接入点:
# curl controller:8778
- 说明
- 详细说明参考官网:
https://docs.openstack.org/placement/train/install/install-rdo.html - 安装mysql时做了安装初始化,将密码设置为无,如有设置密码,连接时请加账号密码。