3.1 CentOS7的時(shí)間同步服務(wù)器chrony

下載chrony

1[root@linux-node1 ~]# yum install -ychrony

修改其配置文件

1[root@linux-node1 ~]# vim/etc/chrony.conf

2allow 192.168/16

chrony開機(jī)自啟動(dòng)，并且啟動(dòng)

1[root@linux-node1 ~]#systemctl enablechronyd.service

2[root@linux-node1 ~]#systemctlstartchronyd.service

設(shè)置Centos7的時(shí)區(qū)

1[root@linux-node1 ~]# timedatectlset-timezoneb Asia/Shanghai

查看時(shí)區(qū)和時(shí)間

1[root@linux-node1 ~]# timedatectl status

2Local time: Tue 2015-12-15 12:19:55 CST

3Universal time: Tue 2015-12-15 04:19:55 UTC

4RTC time: Sun 2015-12-13 15:35:33

5Timezone: Asia/Shanghai (CST, +0800)

6NTP enabled: yes

7NTP synchronized: no

8RTC in local TZ: no

9DST active: n/a

10[root@linux-node1 ~]# date

11Tue Dec 15 12:19:57 CST 2015

3.2入手mysql

Openstack的所有組件除了Horizon，都要用到數(shù)據(jù)庫，本文使用的是mysql，在CentOS7中，默認(rèn)叫做MariaDB。

拷貝配置文件

1[root[@linux-node1 ~]#cp/usr/share/mysql/my-medium.cnf /etc/my.cnf

修改mysql配置并啟動(dòng)

1[root@linux-node1 ~]# vim /etc/my.cnf（在mysqld模塊下添加如下內(nèi)容）

2[mysqld]

3default-storage-engine = innodb默認(rèn)的存儲(chǔ)引擎

4innodb_file_per_table使用獨(dú)享的表空間

5collation-server = utf8_general_ci設(shè)置校對標(biāo)準(zhǔn)

6init-connect = 'SET NAMES utf8'設(shè)置連接的字符集

7character-set-server = utf8設(shè)置創(chuàng)建數(shù)據(jù)庫時(shí)默認(rèn)的字符集

開機(jī)自啟和啟動(dòng)mysql

1[root@linux-node1 ~]# systemctl enablemariadb.service

2ln -s'/usr/lib/systemd/system/mariadb.service''/etc/systemd/system/multi-user.target.wants/mariadb.service'

3[root@linux-node1 ~]# systemctl startmariadb.service

設(shè)置mysql的密碼

1[root@linux-node1 ~]#mysql_secure_installation

創(chuàng)建所有組件的庫并授權(quán)

1[root@linux-node1 ~]# mysql -uroot-p123456

執(zhí)行sql

1CREATE DATABASE keystone;

2GRANT ALL PRIVILEGES ON keystone.* TO'keystone'@'localhost' IDENTIFIED BY 'keystone';

3GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY 'keystone';

4CREATE DATABASE glance;

5GRANT ALL PRIVILEGES ON glance.* TO'glance'@'localhost' IDENTIFIED BY 'glance';

6GRANT ALL PRIVILEGES ON glance.* TO'glance'@'%' IDENTIFIED BY 'glance';

7CREATE DATABASE nova;

8GRANT ALL PRIVILEGES ON nova.* TO'nova'@'localhost' IDENTIFIED BY 'nova';

9GRANT ALL PRIVILEGES ON nova.* TO'nova'@'%' IDENTIFIED BY 'nova';

10CREATE DATABASE neutron;

11GRANT ALL PRIVILEGES ON neutron.* TO'neutron'@'localhost' IDENTIFIED BY 'neutron';

12GRANT ALL PRIVILEGES ON neutron.* TO'neutron'@'%' IDENTIFIED BY 'neutron';

13CREATE DATABASE cinder;

14GRANT ALL PRIVILEGES ON cinder.* TO'cinder'@'localhost' IDENTIFIED BY 'cinder';

15GRANT ALL PRIVILEGES ON cinder.* TO'cinder'@'%' IDENTIFIED BY 'cinder';

3.3 Rabbit消息隊(duì)列

SOA架構(gòu)：面向服務(wù)的體系結(jié)構(gòu)是一個(gè)組件模型，它將應(yīng)用程序的不同功能單元（稱為服務(wù)）通過這些服務(wù)之間定義良好的接口和契約聯(lián)系起來。接口是采用中立的方式進(jìn)行定義的，它應(yīng)該獨(dú)立于實(shí)現(xiàn)服務(wù)的硬件平臺(tái)、操作系統(tǒng)和編程語言。這使得構(gòu)建在各種各樣的系統(tǒng)中的服務(wù)可以使用一種統(tǒng)一和通用的方式進(jìn)行交互。

在這里Openstack采用了SOA架構(gòu)方案，結(jié)合了SOA架構(gòu)的松耦合特點(diǎn)，單獨(dú)組件單獨(dú)部署，每個(gè)組件之間可能互為消費(fèi)者和提供者，通過消息隊(duì)列（openstack支持Rabbitmq，Zeromq，Qpid）進(jìn)行通信，保證了當(dāng)某個(gè)服務(wù)當(dāng)?shù)舻那闆r，不至于其他都當(dāng)?shù)簟?/p>

1啟動(dòng)Rabbitmq

2[root@linux-node1 ~]# systemctl enablerabbitmq-server.service

3ln -s'/usr/lib/systemd/system/rabbitmq-server.service''/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service'

4[root@linux-node1 ~]# systemctl startrabbitmq-server.service

新建Rabbitmq用戶并授權(quán)

1[root@linux-node1 ~]# rabbitmqctladd_user openstack openstack

2[root@linux-node1 ~]# rabbitmqctlset_permissions openstack ".*" ".*" ".*"

啟用Rabbitmq的web管理插件

1[root@linux-node1 ~]rabbitmq-pluginsenable rabbitmq_management

重啟Rabbitmq

1[root@linux-node1 ~]# systemctlrestart rabbitmq-server.service

查看Rabbit的端口，其中5672是服務(wù)端口，15672是web管理端口，25672是做集群的端口

1[root@linux-node1 ~]# netstat -lntup|grep 5672

2tcp00 0.0.0.0:256720.0.0.0:*LISTEN52448/beam

3tcp00 0.0.0.0:156720.0.0.0:*LISTEN52448/beam

4tcp600 :::5672:::*LISTEN52448/beam

在web界面添加openstack用戶，設(shè)置權(quán)限，首次登陸必須使用賬號(hào)和密碼必須都是guest

src="http://cdn.oldboyedu.com/wp-content/uploads/2016/02/wpid-631325ba70ea05d245906c576f3ef421_H_7BY11JG_5DL_5DE_WM7YE_5BH_P_60Q.png"

alt="" title="">
role設(shè)置為administrator，并設(shè)置openstack的密碼

alt="" title="">
若想要監(jiān)控Rabbit，即可使用下圖中的API

src="http://cdn.oldboyedu.com/wp-content/uploads/2016/02/wpid-631325ba70ea05d245906c576f3ef421_ZVFZ9BJSNT_5DZBN_24_7D67_7BQJWV.png"

alt="" title="">

3.4 Keystone組件

修改keystone的配置文件

1[root@linux-node1 opt]# vim/etc/keystone/keystone.conf

2admin_token = 863d35676a5632e846d9

3用作無用戶時(shí)，創(chuàng)建用戶來鏈接，此內(nèi)容使用openssl隨機(jī)產(chǎn)生

4connection =mysql://keystone:keystone@192.168.56.11/keystone

5用作鏈接數(shù)據(jù)庫，三個(gè)keysthone分別為keystone組件，keystone用戶名，mysql中的keysthone庫名

切換到keystone用戶，導(dǎo)入keystoe數(shù)據(jù)庫

1[root@linux-node1 opt]# su -s /bin/sh-c "keystone-manage db_sync" keystone

2[root@linux-node1 keystone]# cd /var/log/keystone/

3[root@linux-node1 keystone]# ll

4total 8

5-rw-r--r-- 1 keystone keystone 7064

Dec 15 14:43 keystone.log（通過切換到keystone用戶下導(dǎo)入數(shù)據(jù)庫，當(dāng)啟動(dòng)的時(shí)候回把日志寫入到該日志中，如果使用root執(zhí)行倒庫操作，則無法通過keysthone啟動(dòng)keystone程序）

631:verbose = true開啟debug模式

71229:servers = 192.168.57.11:11211更改servers標(biāo)簽，填寫memcache地址

81634:driver = sql開啟默認(rèn)sql驅(qū)動(dòng)

91827:provider = uuid開啟并使用唯一識(shí)別碼

101832:driver = memcache(使用用戶密碼生成token時(shí)，存儲(chǔ)到memcache中，高性能提供服務(wù))

查看更改結(jié)果

1[root@linux-node1 keystone]#grep -n"^[a-Z]" /etc/keystone/keystone.conf

212:admin_token = 863d35676a5632e846d9

331:verbose = true

4419:connection =mysql://keystone:keystone@192.168.56.11/keystone

51229:servers = 192.168.57.11:11211

61634:driver = sql

71827:provider = uuid

81832:driver = memcache

檢查數(shù)據(jù)庫導(dǎo)入結(jié)果

1MariaDB [keystone]> show tables;

2+------------------------+

3| Tables_in_keystone|

4+------------------------+

5| access_token|

6| assignment|

7| config_register|

8| consumer|

9| credential|

10| domain|

11| endpoint|

12| endpoint_group|

13| federation_protocol|

14| group|

15| id_mapping|

16| identity_provider|

17| idp_remote_ids|

18| mapping|

19| migrate_version|

20| policy|

21| policy_association|

22| project|

23| project_endpoint|

24| project_endpoint_group |

25| region|

26| request_token|

27| revocation_event|

28| role|

29| sensitive_config|

30| service|

31| service_provider|

32| token|

33| trust|

34| trust_role|

35| user|

36| user_group_membership|

37| whitelisted_config|

38+------------------------+

3933 rows in set (0.00 sec)

添加一個(gè)apache的wsgi-keystone配置文件，其中5000端口是提供該服務(wù)的，35357是為admin提供管理用的

1[root@linux-node1 keystone]# cat/etc/httpd/conf.d/wsgi-keystone.conf

2Listen 5000

3Listen 35357

4

5

6WSGIDaemonProcess keystone-publicprocesses=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

7WSGIProcessGroup keystone-public

8WSGIScriptAlias //usr/bin/keystone-wsgi-public

9WSGIApplicationGroup %{GLOBAL}

10WSGIPassAuthorization On

11= 2.4>

12ErrorLogFormat "%{cu}t %M"

13

14ErrorLog /var/log/httpd/keystone-error.log

15CustomLog/var/log/httpd/keystone-access.log combined

16

17

18= 2.4>

19Require all granted

20

21

22Order allow,deny

23Allow from all

24

25

26

27

28

29WSGIDaemonProcess keystone-adminprocesses=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

30WSGIProcessGroup keystone-admin

31WSGIScriptAlias //usr/bin/keystone-wsgi-admin

32WSGIApplicationGroup %{GLOBAL}

33WSGIPassAuthorization On

34= 2.4>

35ErrorLogFormat "%{cu}t %M"

36

37ErrorLog /var/log/httpd/keystone-error.log

38CustomLog/var/log/httpd/keystone-access.log combined

39

40

41= 2.4>

42Require all granted

43

44

45Order allow,deny

46Allow from all

47

48

49

配置apache的servername,如果不配置servername，會(huì)影響keystone服務(wù)

1[root@linux-node1 httpd]# vimconf/httpd.conf

2ServerName 192.168.56.11:80

啟動(dòng)memcached，httpd，keystone

1[root@linux-node1 httpd]# systemctlenable memcached httpd

2ln -s'/usr/lib/systemd/system/memcached.service''/etc/systemd/system/multi-user.target.wants/memcached.service'

3ln -s'/usr/lib/systemd/system/httpd.service''/etc/systemd/system/multi-user.target.wants/httpd.service'

4[root@linux-node1 httpd]# systemctl startmemcached httpd

查看httpd占用端口情況

1[root@linux-node1 httpd]# netstat-lntup|grep httpd

2tcp600 :::5000:::*LISTEN70482/httpd

3tcp600 :::80:::*LISTEN70482/httpd

4tcp600 :::35357:::*LISTEN70482/httpd

創(chuàng)建用戶并連接keystone，在這里可以使用兩種方式，通過keystone–help后家參數(shù)的方式，或者使用環(huán)境變量env的方式，下面就將使用環(huán)境變量的方式,分別設(shè)置了token，API及控制版本（SOA種很適用）

1[root@linux-node1 ~]# exportOS_TOKEN=863d35676a5632e846d9

2[root@linux-node1 ~]# exportOS_URL=http://192.168.56.11:35357/v3

3[root@linux-node1 ~]# exportOS_IDENTITY_API_VERSION=3

創(chuàng)建admin項(xiàng)目（project）

1[root@linux-node1 httpd]# openstackproject create --domain default--description"Admin Project" admin

2+-------------+----------------------------------+

3| Field| Value|

4+-------------+----------------------------------+

5| description | Admin Project|

6| domain_id| default|

7| enabled| True|

8| id| 45ec9f72892c404897d0f7d6668d7a53 |

9| is_domain| False|

10| name| admin|

11| parent_id| None|

12+-------------+----------------------------------+

創(chuàng)建admin用戶（user）并設(shè)置密碼（生產(chǎn)環(huán)境一定設(shè)置一個(gè)復(fù)雜的）

1[root@linux-node1 httpd]# openstackuser create --domain default --password-prompt admin

2User Password:

3Repeat User Password:

4+-----------+----------------------------------+

5| Field| Value|

6+-----------+----------------------------------+

7| domain_id | default|

8| enabled| True|

9| id| bb6d73c0b07246fb8f26025bb72c06a1 |

10| name| admin|

11+-----------+----------------------------------+

創(chuàng)建admin的角色（role）

1[root@linux-node1 httpd]# openstackrole create admin

2+-------+----------------------------------+

3| Field | Value|

4+-------+----------------------------------+

5| id| b0bd00e6164243ceaa794db3250f267e |

6| name| admin|

7+-------+----------------------------------+

把a(bǔ)dmin用戶加到admin項(xiàng)目，賦予admin角色，把角色，項(xiàng)目，用戶關(guān)聯(lián)起來

1[root@linux-node1 httpd]# openstackrole add --project admin --user admin admin

創(chuàng)建一個(gè)普通用戶demo,demo項(xiàng)目，角色為普通用戶（uesr），并把它們關(guān)聯(lián)起來

1[root@linux-node1 httpd]# openstackproject create --domain default --description "Demo Project" demo

2+-------------+----------------------------------+

3| Field| Value|

4+-------------+----------------------------------+

5| description | Demo Project|

6| domain_id| default|

7| enabled| True|

8| id| 4a213e53e4814685859679ff1dcb559f |

9| is_domain| False|

10| name| demo|

11| parent_id| None|

12+-------------+----------------------------------+

13[root@linux-node1 httpd]# openstackuser create --domain default --password=demo demo

14+-----------+----------------------------------+

15| Field| Value|

16+-----------+----------------------------------+

17| domain_id | default|

18| enabled| True|

19| id| eb29c091e0ec490cbfa5d11dc2388766 |

20| name| demo|

21+-----------+----------------------------------+

22[root@linux-node1 httpd]# openstackrole create user

23+-------+----------------------------------+

24| Field | Value|

25+-------+----------------------------------+

26| id| 4b36460ef1bd42daaf67feb19a8a55cf |

27| name| user|

28+-------+----------------------------------+

29[root@linux-node1 httpd]# openstackrole add --project demo --user demo user

創(chuàng)建一個(gè)service的項(xiàng)目，此服務(wù)用來管理nova，neuturn，glance等組件的服務(wù)

1[root@linux-node1 httpd]# openstackproject create --domain default --description "Service Project"service

2+-------------+----------------------------------+

3| Field| Value|

4+-------------+----------------------------------+

5| description | Service Project|

6| domain_id| default|

7| enabled| True|

8| id| 0399778f38934986a923c96d8dc92073 |

9| is_domain| False|

10| name| service|

11| parent_id|None|

12+-------------+----------------------------------+

查看創(chuàng)建的用戶,角色，項(xiàng)目

1[root@linux-node1 httpd]# openstackuser list

2+----------------------------------+-------+

3| ID| Name|

4+----------------------------------+-------+

5| bb6d73c0b07246fb8f26025bb72c06a1 |admin |

6| eb29c091e0ec490cbfa5d11dc2388766 |demo|

7+----------------------------------+-------+

8[root@linux-node1 httpd]# openstackproject list

9+----------------------------------+---------+

10| ID| Name|

11+----------------------------------+---------+

12| 0399778f38934986a923c96d8dc92073 |service |

13| 45ec9f72892c404897d0f7d6668d7a53 |admin|

14| 4a213e53e4814685859679ff1dcb559f |demo|

15+----------------------------------+---------+

16[root@linux-node1 httpd]# openstackrole list

17+----------------------------------+-------+

18| ID| Name|

19+----------------------------------+-------+

20| 4b36460ef1bd42daaf67feb19a8a55cf |user|

21| b0bd00e6164243ceaa794db3250f267e |admin |

22+----------------------------------+-------+

注冊keystone服務(wù)，雖然keystone本身是搞注冊的，但是自己也需要注冊服務(wù)

創(chuàng)建keystone認(rèn)證

1[root@linux-node1 httpd]# openstackservice create --name keystone --description "OpenStack Identity"identity

2+-------------+----------------------------------+

3| Field| Value|

4+-------------+----------------------------------+

5| description | OpenStackIdentity|

6| enabled| True|

7| id| 46228b6dae2246008990040bbde371c3 |

8| name| keystone|

9| type| identity|

10+-------------+----------------------------------+

分別創(chuàng)建三種類型的endpoint,分別為public:對外可見，internal內(nèi)部使用，admin管理使用

1[root@linux-node1 httpd]# openstackendpoint create --region RegionOne identity publichttp://192.168.56.11:5000/v2.0

2+--------------+----------------------------------+

3| Field| Value|

4+--------------+----------------------------------+

5| enabled| True|

6| id| 1143dcd58b6848a1890c3f2b9bf101d5 |

7| interface| public|

8| region| RegionOne|

9| region_id| RegionOne|

10| service_id| 46228b6dae2246008990040bbde371c3 |

11| service_name | keystone|

12| service_type | identity|

13| url| http://192.168.56.11:5000/v2.0|

14+--------------+----------------------------------+

15[root@linux-node1 httpd]# openstackendpoint create --region RegionOne identity internalhttp://192.168.56.11:5000/v2.0

16+--------------+----------------------------------+

17| Field| Value|

18+--------------+----------------------------------+

19| enabled| True|

20| id| 496f648007a04e5fbe99b62ed8a76acd |

21| interface| internal|

22| region| RegionOne|

23| region_id| RegionOne|

24| service_id| 46228b6dae2246008990040bbde371c3 |

25| service_name | keystone|

26| service_type | identity|

27| url| http://192.168.56.11:5000/v2.0|

28+--------------+----------------------------------+

29[root@linux-node1 httpd]# openstackendpoint create --region RegionOne identity adminhttp://192.168.56.11:35357/v2.0

30+--------------+----------------------------------+

31| Field| Value|

32+--------------+----------------------------------+

33| enabled| True|

34| id| 28283cbf90b5434ba7a8780fac9308df |

35| interface| admin|

36| region| RegionOne|

37| region_id| RegionOne|

38| service_id| 46228b6dae2246008990040bbde371c3 |

39| service_name | keystone|

40| service_type | identity|

41| url|http://192.168.56.11:35357/v2.0|

42+--------------+----------------------------------+

查看創(chuàng)建的endpoint

1[root@linux-node1 httpd]# openstackendpoint list

2+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+

3| ID| Region| Service Name | Service Type | Enabled |Interface | URL|

4+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+

5| 1143dcd58b6848a1890c3f2b9bf101d5 |RegionOne | keystone| identity| True| public| http://192.168.56.11:5000/v2.0|

6| 28283cbf90b5434ba7a8780fac9308df |RegionOne | keystone| identity| True| admin|http://192.168.56.11:35357/v2.0 |

7| 496f648007a04e5fbe99b62ed8a76acd |RegionOne | keystone| identity| True| internal| http://192.168.56.11:5000/v2.0|

8+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------+

鏈接到keystone，請求token，在這里由于已經(jīng)添加了用戶名和密碼，就不在使用token，所有就一定要取消環(huán)境變量了

1[root@linux-node1 httpd]# unsetOS_TOKEN

2[root@linux-node1 httpd]# unset OS_URL

3[root@linux-node1 httpd]#openstack--os-auth-url http://192.168.56.11:35357/v3

4--os-project-domain-id default--os-user-domain-id default --os-project-name admin --os-username admin--os-auth-type password token issue

5Password:

6+------------+----------------------------------+

7| Field| Value|

8+------------+----------------------------------+

9| expires| 2015-12-16T17:45:52.926050Z|

10| id| ba1d3c403bf34759b239176594001f8b |

11| project_id |45ec9f72892c404897d0f7d6668d7a53 |

12| user_id| bb6d73c0b07246fb8f26025bb72c06a1 |

13+------------+----------------------------------+

配置admin和demo用戶的環(huán)境變量，并添加執(zhí)行權(quán)限，以后執(zhí)行命令,直接source一下就行了

1[root@linux-node1 ~]# catadmin-openrc.sh

2export OS_PROJECT_DOMAIN_ID=default

3export OS_USER_DOMAIN_ID=default

4export OS_PROJECT_NAME=admin

5export OS_TENANT_NAME=admin

6export OS_USERNAME=admin

7export OS_PASSWORD=admin

8exportOS_AUTH_URL=http://192.168.56.11:35357/v3

9export OS_IDENTITY_API_VERSION=3

10[root@linux-node1 ~]# catdemo-openrc.sh

11export OS_PROJECT_DOMAIN_ID=default

12export OS_USER_DOMAIN_ID=default

13export OS_PROJECT_NAME=demo

14export OS_TENANT_NAME=demo

15export OS_USERNAME=demo

16export OS_PASSWORD=demo

17exportOS_AUTH_URL=http://192.168.56.11:5000/v3

18export OS_IDENTITY_API_VERSION=3

19[root@linux-node1 ~]# chmod +xdemo-openrc.sh

20[root@linux-node1 ~]# chmod +xadmin-openrc.sh

21[root@linux-node1 ~]# sourceadmin-openrc.sh

22[root@linux-node1 ~]# openstack tokenissue

23+------------+----------------------------------+

24| Field| Value|

25+------------+----------------------------------+

26| expires| 2015-12-16T17:54:06.632906Z|

27| id| ade4b0c451b94255af1e96736555db75 |

28| project_id |45ec9f72892c404897d0f7d6668d7a53 |

29| user_id| bb6d73c0b07246fb8f26025bb72c06a1 |

30+------------+----------------------------------+