# 操作系统地址
# mitaka 安装文档。
# mitaka 安装文件汇总。
# 优先安装ISO文件里的rpm包。
mkdir /opt/C ; mount /opt/CentOS-7-x86_64-DVD-1511.iso /opt/C ;
[base]
name=CentOS-7-x86_64-DVD-1503-01.iso
baseurl=file:///opt/C
enabled=1
gpgcheck=0
# 确认时区设置正确。
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime ;
# 设置时间同步。
20 * * * * ( /usr/sbin/ntpdate 10.77.131.19 > /dev/null 2>&1 )
yum -y groupinstall "Virtualization Host"
yum -y groupinstall "Development Tools"
yum -y install gcc
yum -y install PyYAML
yum -y install python-devel
yum -y install docker* # 没关系。以后再安装。
# 要执行这两个,去删除,默认的网桥。
virsh net-destroy default && virsh net-undefine default
echo "NOZEROCONF=yes" >> /etc/sysconfig/network
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
cat >> /etc/profile <
ulimit -S -c 0 > /dev/null 2>&1
ulimit -n 10240
ulimit -u 77823
EOF
cat >> /etc/ssh/sshd_config <
UseDNS no
EOF
sed -i 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config && service sshd restart;
cat >> /etc/sysctl.conf <
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
EOF
yum clean all && yum makecache
# 关闭所有不需要的服务。
systemctl list-unit-files|grep enable |awk '{ print $1 }'|egrep -v "multi-user.target|ssh|libvirtd|@tty|cron|getty@.service|default" |xargs -i systemctl disable {}
# mitaka 安装文档。
# 开始安装openstack mitiaka
yum -y install
yum -y install
# 先安装数据库。装的是DVD里自带的。
yum install mariadb-devel mariadb-server
systemctl restart mariadb.service
# 安装keystone
yum install openstack-keystone httpd mod_wsgi
# 提示要安装python-zope,但是yum没自己找到。
yum install
yum install python-zope-interface-4.0.5-4.el7.x86_64.rpm
yum install python-jinja2-2.7.2-2.el7.noarch.rpm
# 设置keystone
# 设置keystone的数据库。
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
# 修改keystone.conf配置文件。
openssl rand -hex 10 # 生成一个token
admin_token = 0094ede64d3242987d7e
connection = mysql+pymysql://keystone:keystone@10.77.141.36/keystone
provider = fernet
chown keystone:keystone /etc/keystone/ -R # 确保一下配置文件的属性。
chown keystone:keystone /var/log/keystone/ -R # 确保一下文件的属性。
# db_sync
/bin/sh -c "keystone-manage db_sync" keystone
# 开始设置keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# 增加这个文件。
/etc/httpd/conf.d/wsgi-keystone.conf
# 设置内容。
Listen 5000
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
#
export OS_TOKEN=0094ede64d3242987d7e
export OS_URL=
export OS_IDENTITY_API_VERSION=3
[root@MI45 ~]# rpm -qf /usr/bin/openstack
python-openstackclient-2.2.0-1.el7.noarch
# 要安装这个包,才有openstack这个命令。
yum install python-openstackclient
# Create the service entity and API endpoints
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public
openstack endpoint create --region RegionOne identity internal
openstack endpoint create --region RegionOne identity admin
# Create a domain, projects, users, and roles
openstack domain create --description "Default Domain" default
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
#User Password:
#Repeat User Password:
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
#User Password:
#Repeat User Password:
openstack role create user
openstack role add --project demo --user demo user
# Verify operation
unset OS_TOKEN OS_URL
openstack --os-auth-url --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
openstack --os-auth-url --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
# Create OpenStack client environment scripts
vim /opt/admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstack1
export OS_AUTH_URL=
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source /opt/admin-openrc
openstack token issue
### 安装rabbitmq
yum install rabbitmq-server ; systemctl enable rabbitmq-server.service ; systemctl restart rabbitmq-server.service; rabbitmqctl change_password guest openstack1;
### 安装glance
yum install openstack-glance
chown glance:glance /etc/glance/ -R
create database glance; grant all on *.* to'glance'@'%' identified by "glance"; grant all on *.* to'glance'@'10.77.141.36' identified by "glance";
openstack-glance-api.service openstack-glance-registry.service openstack-glance-scrubber.service openstack-glance-glare.service
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public
openstack endpoint create --region RegionOne image internal
openstack endpoint create --region RegionOne image admin
mv glance-api.conf glance-api.conf.20160511 ; cat glance-api.conf.20160511 |grep -v ^$|grep -v ^# > glance-api.conf
# vim glance-api.conf
[keystone_authtoken]
auth_uri =
auth_url =
memcached_servers = 10.77.141.36:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[oslo_messaging_rabbit]
amqp_durable_queues = False
rabbit_host = 10.77.141.36
rabbit_port = 5672
rabbit_hosts = 10.77.141.36:5672
rabbit_use_ssl = False
rabbit_userid = guest
rabbit_password = openstack1
rabbit_virtual_host = /
rabbit_ha_queues = False
heartbeat_timeout_threshold = 0
heartbeat_rate = 2
rabbit_notification_exchange=glance
rabbit_notification_topic=notifications
/bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service ; systemctl restart openstack-glance-api.service openstack-glance-registry.service
glance image-list
glance image-create --name "Centos-6.5-x86_64-20G_resize.20141210.developer" --disk-format qcow2 --container-format ovf --progress < Centos-6.5-x86_64-20G_resize.20141210.developer.qcow2
glance image-create --name "cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408" --disk-format qcow2 --container-format ovf --progress < cn_windows_7_ultimate_with_sp1_x64_dvd_u_677408.qcow2
### 安装nova
CREATE DATABASE nova_api; CREATE DATABASE nova;
grant all on *.* to'nova'@'%' identified by "nova"; grant all on *.* to'nova'@'10.77.141.36' identified by "nova";
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler # 控制节点要安装的。
yum install openstack-nova-compute # 计算节点要安装的
yum install python-libguestfs-1.28.1-1.55.el7.centos.x86_64.rpm
mv nova.conf nova.conf.20160511; cat nova.conf.20160511 |grep -v ^$ |grep -v ^# > nova.conf
# nova.conf 要增加的配置比较多。
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.77.141.36
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = False
vif_plugging_timeout=10
osapi_compute_listen_port=8774
[api_database]
connection = mysql+pymysql://nova:nova@10.77.141.45/nova_api
[barbican]
[cache]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://nova:nova@10.77.141.36/nova
[ephemeral_storage_encryption]
[glance]
api_servers =
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri =
auth_url =
memcached_servers = 10.77.141.36:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type = qemu
[matchmaker_redis]
[metrics]
[neutron]
url =
auth_url =
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_rabbit]
amqp_durable_queues = False
rabbit_host = 10.77.141.36
rabbit_port = 5672
rabbit_hosts = 10.77.141.36:5672
rabbit_use_ssl = False
rabbit_userid = guest
rabbit_password = openstack1
rabbit_virtual_host = /
rabbit_ha_queues = False
heartbeat_timeout_threshold = 0
heartbeat_rate = 2
rabbit_notification_exchange=glance
rabbit_notification_topic=notifications
[oslo_middleware]
[oslo_policy]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url =
[workarounds]
[xenserver]
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public %\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal %\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin %\(tenant_id\)s
openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
libvirtd.service openstack-nova-compute.service
### 安装neutron
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables # 这个是doc上建议的。我觉得不需要装linuxbridge
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch openvswitch python-openvswitch python-neutronclient
yum install libxslt-python-1.1.28-5.el7.x86_64.rpm
yum install python-webtest-1.3.4-6.el7.noarch.rpm
yum install dnsmasq-utils-2.66-14.el7_1.x86_64.rpm
mv neutron.conf neutron.conf.20160511 ; cat neutron.conf.20160511 |grep -v ^$ |grep -v ^# > neutron.conf
chown neutron:neutron /etc/neutron/ -R
create database neutron; grant all on *.* to'neutron'@'%' identified by "neutron"; grant all on *.* to'neutron'@'10.77.141.36' identified by "neutron";
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public
openstack endpoint create --region RegionOne network internal
openstack endpoint create --region RegionOne network admin
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
/bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
mv openvswitch_agent.ini openvswitch_agent.ini.20160511; cat openvswitch_agent.ini.20160511 |grep -v ^$ |grep -v ^# > openvswitch_agent.ini
mv ml2_conf.ini ml2_conf.ini.20160511 ; cat ml2_conf.ini.20160511 |grep -v ^$ |grep -v ^# > ml2_conf.ini
chown neutron:neutron /etc/neutron/ -R
openvswitch.service neutron-server.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service neutron-openvswitch-agent.service
# 查看一下是不是有多余的服务。
systemctl list-unit-files|grep enable |awk '{ print $1 }'|egrep -v "multi-user.target|ssh|libvirtd|@tty|cron|getty@.service|default|open|mariadb|http|memcach|neutron|rabbit"
阅读(1525) | 评论(0) | 转发(0) |
