Руководство по установке и запуску OpenStack в ALT Linux p8
Инструкция по мотивам установки на Redhat: https://docs.openstack.org/newton/install-guide-rdo/
Инструкция в разработке.
Минимальные требования к оборудованию
- Процессорных ядер - одно;
- Оперативная память от 4Gb;
- Диск 20 Гб.
* На машине с 2Gb RAM - сталкивался с нехваткой памяти и падением процессов.
Пример установки с сетевым модулем на управляющем узле (controller)
- Сетевые интерфейсы *** !!!! переделать с другой структурой сети
- ens19 -
- ens20 -
Установка управляющего узла
Добавляем на узле в /etc/hosts (не удаляйте хост 127.0.0.1)
# Управляющий узел 10.0.0.11 controller # Вычислительный узел 10.0.0.31 compute1
Подготовка к установке
# apt-get update -y # apt-get dist-upgrade -y
- Удаление firewalld
apt-get remove firewalld
Установка ПО
# apt-get install openstack-nova chrony python-module-memcached python3-module-memcached python-module-pymemcache python3-module-pymemcache mariadb-server python-module-MySQLdb python-module-openstackclient openstack-glance python-module-glance python-module-glance_store python-module-glanceclient python-module-glanceclient python-module-glance_store python-module-glance openstack-glance openstack-nova-api openstack-nova-cells openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-scheduler rabbitmq-server openstack-keystone apache2-mod_wsgi memcached
настройка времени
в /etc/chrony.conf добавляем
allow 10.0.0.0/24
Если имеется настроенный свой NTP, заменяем "pool.ntp.org" на свой.
pool pool.ntp.org iburst
#systemctl enable chronyd.service Synchronizing state of chronyd.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable chronyd #systemctl start chronyd.service
настройка sql сервера =
Комментируем строку "skip-networking" в /etc/my.cnf.d/server.cnf
# cat > /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
# systemctl enable mariadb # systemctl start mariadb
задаем пароль администратора sql сервера root и удаляем тестовые таблички
- пароль по умолчанию пустой "" (после ввода нового пароля, на все вопросы отвечать утвердительно)
# mysql_secure_installation
настройка сервера сообщений rabbitmq
# systemctl enable rabbitmq.service # systemctl start rabbitmq
Добавляем пользователя:
#rabbitmqctl add_user openstack RABBIT_PASS #rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Настройка memcached
в файле /etc/sysconfig/memcached заменяем строчку LISTEN="127.0.0.1" на
LISTEN="10.0.0.11"
# systemctl enable memcached # systemctl start memcached
Настройка Keystone
Создаём базу данных и пользователя с паролем.
# mysql -u root -p > CREATE DATABASE keystone; > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
Сохраняем оригинальный конфигурационный файл.
# mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.orig
# cat > /etc/keystone/keystone.conf [DEFAULT] [assignment] [auth] [cache] [catalog] [cors] [cors.subdomain] [credential] [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [domain_config] [endpoint_filter] [endpoint_policy] [eventlet_server] [eventlet_server_ssl] [federation] [fernet_tokens] [identity] [identity_mapping] [kvs] [ldap] [matchmaker_redis] [memcache] [oauth1] [os_inherit] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [paste_deploy] [policy] [resource] [revoke] [role] [saml] [shadow_users] [signing] [ssl] [token] provider = fernet [tokenless_auth] [trust]
Заполняем базу данных keystone
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
Пароль пользователя admin - ADMIN_PASS
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:35357/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id
настраиваем apache2 для keystone
у нас apache2 собран без mod_version, поэтому убираем в файле /etc/httpd2/conf/sites-available/openstack-keystone.conf всё строчки
<IfVersion >= 2.4> </IfVersion>
добавляем в активную конфигурацию keystone
# a2ensite openstack-keystone
Добавляем servername в конфигурацию.
echo ServerName controller >/etc/httpd2/conf/sites-enabled/servername.conf
systemctl enable httpd2.service systemctl start httpd2.service
Создание доменов, пользователей и ролей
Для дальнеших работ рекомендуется создать пользователя.
# adduser admin # su - admin
cat >auth export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3
Создаём пользователя demo
# su - admin . auth openstack project create --domain default \ --description "Service Project"
Укажите пароль для пользователя demo
openstack project create --domain default \ --description "Demo Project" demo openstack user create --domain default \ --password-prompt demo openstack role create user openstack role add --project demo --user demo user
Проверка настроек узла управления
# su - admin $ . auth unset OS_AUTH_URL OS_PASSWORD
пароль "ADMIN_PASS"
openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
должно вывести что-то вроде:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-16T15:08:43.854293Z | | id | gAAAAABZGwfr4_2NvksY-XnVTayUxh0zZEi4vp7Ff4JmdPqbQQy-W3NG2rs6EzImkevuVbvx4RkCtIWwhaxpbsEUoIFhfwaBwRpqE3fmx7d6OruRucHvFEjmtCKpBPHe9htK0s9hm40n7WmaADaYgi9LgnMto6YRNEBG5mzBJhX0b4NoHgeRA0 | | project_id | d22531fa71e849078c44bb1f00117d87 | | user_id | 7be0608abb9641c5bd8d9f7a3bf519cb | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
проверка пользователя demo:
openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue
+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-16T15:10:40.979623Z | | id | gAAAAABZGwhhpQ5BvHvPmM9w6zuXstXZ6JMJDwkbV0zXUBsKLJuJ69CJKux0VoHzxaCKkEuaiOMtIWn2G0u__54HCMQQTvj7f8ddLezXgnlek9KLOPk9FEuoORIg9cahtgqttHgKyLuMKysHzuy331wxrcY-TtsOWWn_yhBJt7NWHtaTN7GEqNg | | project_id | 19493a015aaf4e5f9983b58b460b3794 | | user_id | 9173af4437f34acd86f5a3d4516c53b6 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Настройка окружения
su - admin rm auth
cat > admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
cat > demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
проверка окружения
su - admin . admin-openrc openstack token issue
Должно выдать что-то вроде такого:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-16T15:48:13.101936Z | | id | gAAAAABZGxEtWlJ0eEGve9Y1VvIRk-wQtZN128A92YPFb5iuTJuo2O7G6Gd9IYdnyPZP6xAXDmT2VzIVbuhvOKQi9bItygi2fWRTw7byAZZdKIvR3mAHpsZyLPpS61hM2ydQLsf6g57xhMKy5y1Fw4Z3uXPabK27dZi1aTslIQZB4RA4Q9WZYWM | | project_id | d22531fa71e849078c44bb1f00117d87 | | user_id | 7be0608abb9641c5bd8d9f7a3bf519cb | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Настройка сервиса glance
mysql -u root -p CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS'; su - admin . admin-openrc
Задаем пароль сервису glance
openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description "OpenStack Image" image openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292
настраиваем конфиг:
cd /etc/glance/ mv glance-api.conf glance-api.conf_orig cat >glance-api.conf [DEFAULT] use_syslog = true [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig cat > /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [glance_store] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler]