用CentOS7搭建一个简单的openstack_centos7部署openstack

在CentOS 7上搭建OpenStack是一个复杂且耗时的过程，涉及到多个组件和服务的配置。下面是一个详细且复杂的步骤指南，涵盖了安装和配置OpenStack的基本组件（例如Keystone、Glance、Nova、Neutron、Cinder、Horizon等）。假设你已经有一台干净的CentOS 7服务器作为控制节点，并准备了一些计算节点。

2022级计算机网络技术1班吕智毅

1. 前期准备

1.1 更新系统

sudo yum update -y
sudo reboot
1
2

1.2 设置主机名

sudo hostnamectl set-hostname controller
1

1.3 修改 /etc/hosts 文件

sudo nano /etc/hosts
1

添加以下内容：

127.0.0.1   localhost
192.168.0.10 controller
192.168.0.11 compute1
192.168.0.12 compute2
1
2
3
4

1.4 关闭防火墙和SELinux

sudo systemctl disable firewalld
sudo systemctl stop firewalld
sudo setenforce 0
sudo sed -i 's/^SELINUX=enforcing/SELINUX=disabled/' /etc/selinux/config
1
2
3
4

1.5 安装NTP服务

sudo yum install chrony -y
sudo systemctl enable chronyd
sudo systemctl start chronyd
1
2
3

2. 安装和配置MariaDB数据库

2.1 安装MariaDB

sudo yum install mariadb mariadb-server python2-PyMySQL -y
1

2.2 配置MariaDB

sudo systemctl enable mariadb
sudo systemctl start mariadb

sudo mysql_secure_installation
1
2
3
4

按照提示完成安全安装，设置数据库root用户密码。

2.3 编辑MariaDB配置文件

sudo nano /etc/my.cnf.d/openstack.cnf
1

添加以下内容：

[mysqld]
bind-address = 0.0.0.0

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
1
2
3
4
5
6
7
8

2.4 重启MariaDB

sudo systemctl restart mariadb
1

3. 安装和配置RabbitMQ

3.1 安装RabbitMQ

sudo yum install rabbitmq-server -y
sudo systemctl enable rabbitmq-server
sudo systemctl start rabbitmq-server
1
2
3

3.2 添加用户

sudo rabbitmqctl add_user openstack RABBIT_PASS
sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"
1
2

4. 安装和配置Keystone

4.1 安装Keystone

sudo yum install openstack-keystone httpd mod_wsgi -y
1

4.2 创建数据库

mysql -u root -p
1

在MariaDB提示符下执行：

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
FLUSH PRIVILEGES;
EXIT;
1
2
3
4
5

4.3 编辑Keystone配置文件

sudo cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
sudo nano /etc/keystone/keystone.conf
1
2

配置 [database] 部分：

[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
1
2

4.4 同步数据库

sudo su -s /bin/sh -c "keystone-manage db_sync" keystone
1

4.5 初始化Fernet密钥存储库

sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
1
2

4.6 配置Bootstrap

sudo keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne
1
2
3
4
5

4.7 配置Apache HTTP服务器

sudo cp /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
sudo systemctl enable httpd
sudo systemctl start httpd
1
2
3

4.8 配置管理员账户环境变量

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
1
2
3
4
5
6
7

5. 配置Glance

5.1 安装Glance

sudo yum install openstack-glance -y
1

5.2 创建数据库

mysql -u root -p
1

在MariaDB提示符下执行：

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
FLUSH PRIVILEGES;
EXIT;
1
2
3
4
5

5.3 创建Glance用户

openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
1
2

5.4 创建Glance服务实体和API端点

openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
1
2
3
4
5

5.5 编辑Glance配置文件

sudo cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
sudo nano /etc/glance/glance-api.conf
1
2

配置 [database] 部分：

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
1
2

配置 [keystone_authtoken] 部分：

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
1
2
3
4
5
6
7
8
9
10

配置 [paste_deploy] 部分：

[paste_deploy]
flavor = keystone
1
2

配置 [glance_store] 部分：

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
1
2
3
4

5.6 同步数据库

sudo su -s /bin/sh -c "glance-manage db_sync" glance
1

5.7 启动并启用Glance服务

sudo systemctl enable openstack-glance-api
sudo systemctl start openstack-glance-api
1
2

6. 安装和配置Nova

6.1 安装Nova

sudo yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler -y
1

6.2 创建数据库

mysql -u root -p
1

在MariaDB提示符下执行：

CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
FLUSH PRIVILEGES;
EXIT;
1
2
3
4
5
6
7
8

6.3 创建Nova用户

openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova admin
1
2

6.4 创建Nova服务实体和API端点

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
1
2
3
4
5

6.5 编辑Nova配置文件

sudo cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
sudo nano /etc/nova/nova.conf
1
2

配置 [database] 部分：

[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
1
2

配置 [api_database] 部分：

[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
1
2

配置 [DEFAULT] 部分：

[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.0.10
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
1
2
3
4
5
6

配置 [keystone_authtoken] 部分：

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
1
2
3
4
5
6
7
8
9
10

配置 [vnc] 部分：

[vnc]
enabled = True
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
1
2
3
4
5

配置 [glance] 部分：

[glance]
api_servers = http://controller:9292
1
2

6.6 同步数据库

sudo su -s /bin/sh -c "nova-manage api_db sync" nova
sudo su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
sudo su -s /bin/sh -c "nova-manage cell_v2 create_cell --name cell1" nova
sudo su -s /bin/sh -c "nova-manage db sync" nova
1
2
3
4

6.7 启动并启用Nova服务

sudo systemctl enable openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
sudo systemctl start openstack-nova-api openstack-nova-consoleauth openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
1
2

7. 安装和配置Neutron

7.1 安装Neutron

sudo yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
1

7.2 创建数据库

mysql -u root -p
1

在MariaDB提示符下执行：

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
FLUSH PRIVILEGES;
EXIT;
1
2
3
4
5

7.3 创建Neutron用户

openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
1
2

7.4 创建Neutron服务实体和API端点

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
1
2
3
4
5

7.5 编辑Neutron配置文件

sudo cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
sudo nano /etc/neutron/neutron.conf
1
2

配置 [database] 部分：

[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
1
2

配置 [DEFAULT] 部分：

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
1
2
3
4
5

配置 [keystone_authtoken] 部分：

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS
1
2
3
4
5
6
7
8
9
10

7.6 编辑ML2插件配置文件

sudo cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
sudo nano /etc/neutron/plugins/ml2/ml2_conf.ini
1
2

配置 [ml2] 部分：

[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
1
2
3
4
5

配置 [ml2_type_flat] 部分：

[ml2_type_flat]
flat_networks = external
1
2

配置 [ml2_type_vxlan] 部分：

[ml2_type_vxlan]
vni_ranges = 1:1000
1
2

配置 [securitygroup] 部分：

[securitygroup]
enable_ipset = true
firewall_driver = iptables_hybrid
1
2
3

7.7 编辑Open vSwitch配置文件

sudo cp /etc/neutron/plugins/ml2/openvswitch_agent.ini /etc/neutron/plugins/ml2/openvswitch_agent.ini.bak
sudo nano /etc/neutron/plugins/ml2/openvswitch_agent.ini
1
2

配置 [ovs] 部分：

[ovs]
local_ip = 192.168.0.10
bridge_mappings = external:br-ex
1
2
3

配置 [securitygroup] 部分：

[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
1
2
3

7.8 创建并配置br-ex网桥

sudo ovs-vsctl add-br br-ex
sudo ovs-vsctl add-port br-ex <NIC_NAME>
1
2

7.9 编辑L3代理配置文件

sudo cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
sudo nano /etc/neutron/l3_agent.ini
1
2

配置 [DEFAULT] 部分：

[DEFAULT]
interface_driver = openvswitch
1
2

7.10 编辑DHCP代理配置文件

sudo cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
sudo nano /etc/neutron/dhcp_agent.ini
1
2

配置 [DEFAULT] 部分：

[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
1
2
3
4

7.11 编辑Metadata代理配置文件

sudo cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
sudo nano /etc/neutron/metadata_agent.ini
1
2

配置 [DEFAULT] 部分：

[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
1
2
3

7.12 编辑Nova配置文件

sudo nano /etc/nova/nova.conf
1

在 [neutron] 部分中添加以下内容：

[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
1
2
3
4
5
6
7
8
9
10
11
12

7.13 同步数据库

sudo su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
1

7.14 启动并启用Neutron服务

sudo systemctl enable neutron-server neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
sudo systemctl start neutron-server neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent neutron-l3-agent
1
2

8. 安装和配置Horizon

8.1 安装Horizon

sudo yum install openstack-dashboard -y
1

8.2 编辑Horizon配置文件

sudo cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak
sudo nano /etc/openstack-dashboard/local_settings
1
2

配置 ALLOWED_HOSTS 和 OpenStack主机信息：

ALLOWED_HOSTS = ['*']
OPENSTACK_HOST = "controller"
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

8.3 重启Apache服务

sudo systemctl restart httpd
1

9. 安装和配置Cinder

9.1 安装Cinder

sudo yum install openstack-cinder openstack-cinder-api openstack-cinder-scheduler -y
1

9.2 创建数据库

mysql -u root -p
1

在MariaDB提示符下执行：

CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
FLUSH PRIVILEGES;
EXIT;
1
2
3
4
5

9.3 创建Cinder用户

openstack user create --domain default --password CINDER_PASS cinder
openstack role add --project service --user cinder admin
1
2

9.4 创建Cinder服务实体和API端点

openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3

openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%(tenant_id)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%(tenant_id)s

openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%(tenant_id)s
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%(tenant_id)s
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%(tenant_id)s
1
2
3
4
5
6
7
8
9
10

9.5 编辑Cinder配置文件

sudo cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
sudo nano /etc/cinder/cinder.conf
1
2

配置 [database] 部分：

[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
1
2

配置 [DEFAULT] 部分：

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.0.10
enabled_backends = lvm
glance_api_servers = http://controller:9292
1
2
3
4
5
6

配置 [keystone_authtoken] 部分：

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = CINDER_PASS
1
2
3
4
5
6
7
8
9
10

配置 [lvm] 部分：

[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
1
2
3
4
5

配置 [oslo_concurrency] 部分：

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
1
2

9.6 同步数据库

sudo su -s /bin/sh -c "cinder-manage db sync" cinder
1

9.7 启动并启用Cinder服务

sudo systemctl enable openstack-cinder-api openstack-cinder-scheduler
sudo systemctl start openstack-cinder-api openstack-cinder-scheduler
1
2

10. 配置Compute节点

10.1 安装Compute服务

sudo yum install openstack-nova-compute -y
1

10.2 编辑Nova配置文件

sudo nano /etc/nova/nova.conf
1

配置 [DEFAULT] 部分：

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.0.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
1
2
3
4
5

配置 [keystone_authtoken] 部分：

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
1
2
3
4
5
6
7
8
9
10

配置 [vnc] 部分：

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
1
2
3
4
5

配置 [glance] 部分：

[glance]
api_servers = http://controller:9292
1
2

10.3 启动并启用Nova Compute服务

sudo systemctl enable openstack-nova-compute
sudo systemctl start openstack-nova-compute
1
2

11. 配置Neutron代理

11.1 安装Open vSwitch

sudo yum install openstack-neutron-openvswitch -y
1

11.2 编辑Open vSwitch配置文件

sudo nano /etc/neutron/plugins/ml2/openvswitch_agent.ini
1

配置 [ovs] 部分：

[ovs]
local_ip = 192.168.0.11
1
2

配置 [securitygroup] 部分：

[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
1
2
3

11.3 启动并启用Neutron Open vSwitch代理

sudo systemctl enable neutron-openvswitch-agent
sudo systemctl start neutron-openvswitch-agent
1
2

12. 验证安装

12.1 验证服务状态

openstack compute service list
openstack network agent list
1
2

12.2 上传测试镜像

openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
1

12.3 创建测试网络

openstack network create private
openstack subnet create --network private --subnet-range 192.168.1.0/24 private-subnet
openstack network create public --external --provider-network-type flat --provider-physical-network external
openstack subnet create --network public --subnet-range 203.0.113.0/24 --allocation-pool start=203.0.113.101,end=203.0.113.200 --dns-nameserver 8.8.8.8 public-subnet
1
2
3
4

12.4 创建测试实例

openstack flavor create --id 0 --ram 512 --disk 1 --vcpus 1 m1.nano
openstack security group create test
openstack security group rule create --proto icmp test
openstack security group rule create --proto tcp --dst-port 22 test
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack server create --flavor m1.nano --image cirros --nic net-id=$(openstack network list | awk '/ private / {print $2}') --security-group test --key-name mykey test-instance
1
2
3
4
5
6

13. 清理和后续步骤

• 确认所有服务正常运行并执行故障排除。
• 根据需要添加更多计算节点和存储节点。
• 配置高级功能，如负载均衡、对象存储等。
• 配置备份和监控解决方案，确保系统的稳定性和可靠性。

至此，已经完成了在CentOS 7上安装和配置OpenStack的详细步骤。这些步骤涵盖了基础设施的各个方面，包括网络、计算、存储和管理组件。根据实际需求，你可以进一步优化和调整配置。