这是一份 OpenStack 搭建教程,面向零基础用户详细介绍从开始到成功部署的完整步骤,教程将帮助新手逐步掌握 OpenStack 搭建的 ,涵盖搭建过程中可能涉及的各个环节,如环境准备、相关软件安装、配置参数设置等,通过按教程操作,即便毫无经验的用户也能逐步完成 OpenStack 搭建工作,为后续使用 OpenStack 进行云计算管理和服务提供基础,开启在云计算领域的探索之旅。
OpenStack 作为一个开源的云计算管理平台,为用户提供了一套完整的云计算解决方案,包括计算、 、存储等服务,在当今数字化时代,越来越多的企业和开发者希望通过 OpenStack 来构建自己的私有云环境,本文将详细介绍 OpenStack 的搭建过程,帮助读者从零基础开始成功部署 OpenStack 环境。
准备工作
1 硬件要求
- 服务器:建议使用至少 2 台服务器,一台作为控制节点,另一台作为计算节点,服务器的配置要求根据实际需求而定,控制节点需要至少 4GB 内存、1 个 CPU 核心、50GB 磁盘空间;计算节点需要至少 8GB 内存、2 个 CPU 核心、100GB 磁盘空间。
- :服务器之间需要通过高速 连接,建议使用千兆以太网,需要为服务器分配静态 IP 地址。
2 软件要求
- 操作系统:选择合适的 Linux 发行版,如 CentOS 7 或 Ubuntu 18.04,本文以 CentOS 7 为例进行介绍。
- 软件包:安装必要的软件包,如 OpenStack 相关组件、MySQL、RabbitMQ 等。
3 安装前的配置
- 关闭防火墙和 SELinux
systemctl stop firewalld systemctl disable firewalld sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config setenforce 0
- 配置主机名和 hosts 文件
hostnamectl set-hostname controller echo "192.168.1.100 controller" >> /etc/hosts
192.168.1.100 是控制节点的 IP 地址。
安装 OpenStack 仓库
1 添加 OpenStack 仓库
yum install -y centos-release-openstack-stein
这里选择 Stein 版本,你可以根据自己的需求选择其他版本。
2 更新系统
yum update -y
安装和配置数据库(MySQL)
1 安装 MySQL
yum install -y mariadb mariadb-server python2-PyMySQL
2 配置 MySQL
编辑 /etc/my.cnf.d/openstack.cnf 文件,添加以下内容:
[mysqld] bind-address = 0.0.0.0 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
3 启动 MySQL 服务并设置开机自启
systemctl start mariadb systemctl enable mariadb
4 安全初始化 MySQL
mysql_secure_installation
按照提示设置 root 密码等信息。
安装和配置消息队列(RabbitMQ)
1 安装 RabbitMQ
yum install -y rabbitmq-server
2 启动 RabbitMQ 服务并设置开机自启
systemctl start rabbitmq-server systemctl enable rabbitmq-server
3 创建 OpenStack 用户并设置权限
rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack ".*" ".*" ".*"
RABBIT_PASS 是你为 OpenStack 用户设置的密码。
安装和配置 Keystone(身份认证服务)
1 创建 Keystone 数据库
mysql -u root -p CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS'; EXIT;
KEYSTONE_DBPASS 是你为 Keystone 数据库用户设置的密码。
2 安装 Keystone 组件
yum install -y openstack-keystone httpd mod_wsgi
3 配置 Keystone
编辑 /etc/keystone/keystone.conf 文件,进行如下配置:
[database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet
4 同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
5 初始化 Fernet 密钥
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6 引导 Keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
ADMIN_PASS 是你为管理员用户设置的密码。
7 配置 Apache HTTP 服务器
编辑 /etc/httpd/conf/httpd.conf 文件,添加以下内容:
ServerName controller
创建 /etc/httpd/conf.d/wsgi-keystone.conf 文件,添加以下内容:
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
8 启动 Apache HTTP 服务器并设置开机自启
systemctl start httpd systemctl enable httpd
9 验证 Keystone 安装
export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 openstack token issue
如果能正常获取到令牌,则说明 Keystone 安装成功。
安装和配置 Glance(镜像服务)
1 创建 Glance 数据库
mysql -u root -p CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; EXIT;
GLANCE_DBPASS 是你为 Glance 数据库用户设置的密码。
2 创建 Glance 用户和服务
openstack user create --domain default --password GLANCE_PASS glance openstack role add --project service --user glance admin openstack service create --name glance --description "OpenStack Image service" image openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292
GLANCE_PASS 是你为 Glance 用户设置的密码。
3 安装 Glance 组件
yum install -y openstack-glance
4 配置 Glance
编辑 /etc/glance/glance-api.conf 文件,进行如下配置:
[database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3 auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
编辑 /etc/glance/glance-registry.conf 文件,进行如下配置:
[database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3 auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone
5 同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
6 启动 Glance 服务并设置开机自启
systemctl start openstack-glance-api openstack-glance-registry systemctl enable openstack-glance-api openstack-glance-registry
7 验证 Glance 安装
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img openstack image create "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public openstack image list
如果能看到刚上传的镜像,则说明 Glance 安装成功。
安装和配置 Nova(计算服务)
1 创建 Nova 数据库
mysql -u root -p CREATE DATABASE nova_api; CREATE DATABASE nova; CREATE DATABASE nova_cell0; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; EXIT;
NOVA_DBPASS 是你为 Nova 数据库用户设置的密码。
2 创建 Nova 用户和服务
openstack user create --domain default --password NOVA_PASS nova openstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
NOVA_PASS 是你为 Nova 用户设置的密码。
3 安装 Nova 组件
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
4 配置 Nova
编辑 /etc/nova/nova.conf 文件,进行如下配置:
[DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller my_ip = 192.168.1.100 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3 auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp
5 同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova
6 启动 Nova 服务并设置开机自启
systemctl start openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler systemctl enable openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
安装和配置 Neutron( 服务)
1 创建 Neutron 数据库
mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; EXIT;
NEUTRON_DBPASS 是你为 Neutron 数据库用户设置的密码。
2 创建 Neutron 用户和服务
openstack user create --domain default --password NEUTRON_PASS neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description "OpenStack Networking" network openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696
NEUTRON_PASS 是你为 Neutron 用户设置的密码。
3 安装 Neutron 组件
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
4 配置 Neutron
编辑 /etc/neutron/neutron.conf 文件,进行如下配置:
[DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [keystone_authtoken] www_authenticate_uri = http://controller:5000/v3 auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = NE
