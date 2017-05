Материал из ALT Linux Wiki

Версия 06:22, 17 мая 2017

Инструкция по мотивам установки на Redhat: https://docs.openstack.org/newton/install-guide-rdo/

Инструкция в разработке.

Минимальные требования к оборудованию

Процессорных ядер - одно;

Оперативная память от 4Gb;

Диск 20 Гб.

* На машине с 2Gb RAM - сталкивался с нехваткой памяти и падением процессов.

Пример установки с сетевым модулем на управляющем узле (controller)

Сетевые интерфейсы *** !!!! переделать с другой структурой сети

ens19 -

ens20 -





Установка управляющего узла

Добавляем на узле в /etc/hosts (не удаляйте хост 127.0.0.1)

# Управляющий узел 10.0.0.11 controller # Вычислительный узел 10.0.0.31 compute1

Подготовка к установке

# apt-get update -y # apt-get dist-upgrade -y

Удаление firewalld

apt-get remove firewalld

Установка ПО

# apt-get install openstack-nova chrony python-module-memcached python3-module-memcached python-module-pymemcache python3-module-pymemcache mariadb-server python-module-MySQLdb python-module-openstackclient openstack-glance python-module-glance python-module-glance_store python-module-glanceclient python-module-glanceclient python-module-glance_store python-module-glance openstack-glance openstack-nova-api openstack-nova-cells openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-scheduler rabbitmq-server openstack-keystone apache2-mod_wsgi memcached





настройка времени

в /etc/chrony.conf добавляем

allow 10.0.0.0/24

Если имеется настроенный свой NTP, заменяем "pool.ntp.org" на свой.

pool pool.ntp.org iburst

#systemctl enable chronyd.service Synchronizing state of chronyd.service with SysV service script with /lib/systemd/systemd-sysv-install. Executing: /lib/systemd/systemd-sysv-install enable chronyd #systemctl start chronyd.service





настройка sql сервера =

Комментируем строку "skip-networking" в /etc/my.cnf.d/server.cnf

# cat > /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8

# systemctl enable mariadb # systemctl start mariadb

задаем пароль администратора sql сервера root и удаляем тестовые таблички

пароль по умолчанию пустой "" (после ввода нового пароля, на все вопросы отвечать утвердительно)

# mysql_secure_installation

настройка сервера сообщений rabbitmq

# systemctl enable rabbitmq.service # systemctl start rabbitmq

Добавляем пользователя:

#rabbitmqctl add_user openstack RABBIT_PASS #rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Настройка memcached

в файле /etc/sysconfig/memcached заменяем строчку LISTEN="127.0.0.1" на

LISTEN="10.0.0.11"





# systemctl enable memcached # systemctl start memcached

Настройка Keystone

Создаём базу данных и пользователя с паролем.

# mysql -u root -p > CREATE DATABASE keystone; > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; > GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

Сохраняем оригинальный конфигурационный файл.

# mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.orig





# cat > /etc/keystone/keystone.conf [DEFAULT] [assignment] [auth] [cache] [catalog] [cors] [cors.subdomain] [credential] [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [domain_config] [endpoint_filter] [endpoint_policy] [eventlet_server] [eventlet_server_ssl] [federation] [fernet_tokens] [identity] [identity_mapping] [kvs] [ldap] [matchmaker_redis] [memcache] [oauth1] [os_inherit] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [paste_deploy] [policy] [resource] [revoke] [role] [saml] [shadow_users] [signing] [ssl] [token] provider = fernet [tokenless_auth] [trust]



Заполняем базу данных keystone

# su -s /bin/sh -c "keystone-manage db_sync" keystone

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone



Пароль пользователя admin - ADMIN_PASS

настраиваем apache2 для keystone

у нас apache2 собран без mod_version, поэтому убираем в файле /etc/httpd2/conf/sites-available/openstack-keystone.conf всё строчки

<IfVersion >= 2.4> </IfVersion>

добавляем в активную конфигурацию keystone

# a2ensite openstack-keystone

Добавляем servername в конфигурацию.

echo ServerName controller >/etc/httpd2/conf/sites-enabled/servername.conf

systemctl enable httpd2.service systemctl start httpd2.service





Создание доменов, пользователей и ролей

Для дальнеших работ рекомендуется создать пользователя.

# adduser admin # su - admin

cat >auth export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3

Создаём пользователя demo

# su - admin . auth openstack project create --domain default \ --description "Service Project"

Укажите пароль для пользователя demo

openstack project create --domain default \ --description "Demo Project" demo openstack user create --domain default \ --password-prompt demo openstack role create user openstack role add --project demo --user demo user





Проверка настроек узла управления

# su - admin $ . auth unset OS_AUTH_URL OS_PASSWORD

пароль "ADMIN_PASS"

openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue

должно вывести что-то вроде:

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-16T15:08:43.854293Z | | id | gAAAAABZGwfr4_2NvksY-XnVTayUxh0zZEi4vp7Ff4JmdPqbQQy-W3NG2rs6EzImkevuVbvx4RkCtIWwhaxpbsEUoIFhfwaBwRpqE3fmx7d6OruRucHvFEjmtCKpBPHe9htK0s9hm40n7WmaADaYgi9LgnMto6YRNEBG5mzBJhX0b4NoHgeRA0 | | project_id | d22531fa71e849078c44bb1f00117d87 | | user_id | 7be0608abb9641c5bd8d9f7a3bf519cb | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

проверка пользователя demo:

openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name demo --os-username demo token issue

+------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-16T15:10:40.979623Z | | id | gAAAAABZGwhhpQ5BvHvPmM9w6zuXstXZ6JMJDwkbV0zXUBsKLJuJ69CJKux0VoHzxaCKkEuaiOMtIWn2G0u__54HCMQQTvj7f8ddLezXgnlek9KLOPk9FEuoORIg9cahtgqttHgKyLuMKysHzuy331wxrcY-TtsOWWn_yhBJt7NWHtaTN7GEqNg | | project_id | 19493a015aaf4e5f9983b58b460b3794 | | user_id | 9173af4437f34acd86f5a3d4516c53b6 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

Настройка окружения

su - admin rm auth

cat > admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2

cat > demo-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=DEMO_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2

проверка окружения

su - admin . admin-openrc openstack token issue

Должно выдать что-то вроде такого:

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2017-05-16T15:48:13.101936Z | | id | gAAAAABZGxEtWlJ0eEGve9Y1VvIRk-wQtZN128A92YPFb5iuTJuo2O7G6Gd9IYdnyPZP6xAXDmT2VzIVbuhvOKQi9bItygi2fWRTw7byAZZdKIvR3mAHpsZyLPpS61hM2ydQLsf6g57xhMKy5y1Fw4Z3uXPabK27dZi1aTslIQZB4RA4Q9WZYWM | | project_id | d22531fa71e849078c44bb1f00117d87 | | user_id | 7be0608abb9641c5bd8d9f7a3bf519cb | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+





Настройка сервиса glance

mysql -u root -p CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS'; su - admin . admin-openrc

Задаем пароль сервису glance

openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description "OpenStack Image" image openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292

настраиваем конфиг:

cd /etc/glance/ mv glance-api.conf glance-api.conf_orig cat >glance-api.conf [DEFAULT] use_syslog = true [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]





mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.orig cat > /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [glance_store] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler]