Opensatck入门简单搭建（O版搭建）

时间：2019-09-14 00:24:48 阅读：119 评论：0 收藏：0 [点我收藏+]

环境

去官网的路上主机配置	IP分配	系统
10.0.0.11 controller （控制节点）	CentOS Linux release 7.4.1708 (Core)
10.0.0.12 compute1 （计算节点）	CentOS Linux release 7.4.1708 (Core)

1、基础配置

mount /dev/cdrom /mnt? ? #两节点都执行
rz 上传openstack_rpm.tar.gz到/opt，并解压
[root@compute01 opt]# ll -h openstack_rpm.tar.gz?
-rw-r--r-- 1 root root 237M Jul 19? 2017 openstack_rpm.tar.gz
[root@compute01 opt]# tar xf openstack_rpm.tar.gz?
生成repo配置文件
vim /etc/yum.repos.d/local.repo
[local]
name=local
baseurl=file:///mnt
gpgcheck=0

[openstack]
name=openstack
baseurl=file:///opt/repo
gpgcheck=0

2、网络时间协议ntp

服务端配置controlle

[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf
allow 10.0.0.0/8? ? #26取消注释?
[root@controller ~]# systemctl restart chronyd.service?
[root@controller ~]# systemctl enable chronyd.service?

客户端compute1

[root@compute1 ~]# vim /etc/chrony.conf?
server 10.0.0.11 iburst? 注释4-6行即可。

时间对比看误差如下：

? ? [root@controller ~]# date
? ? Fri Sep? 6 17:30:42 CST 2019
? ? [root@compute1 ~]# date
? ? Fri Sep? 6 17:30:42 CST 2019

http://vault.centos.org/? #所有版本的源都在

3、openstack的包

安装 OpenStack 客户端：

yum install python-openstackclient? #两节点都要装

2.RHEL 和 CentOS 默认启用了 SELinux . 安装 openstack-selinux 软件包以便自动管理 OpenStack 服务的安全策略:
```
yum install openstack-selinux? ? ? ?#两节点都要装
```
4、安装数据库

安装软件包：

[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y

创建并编辑?/etc/my.cnf.d/openstack.cnf，然后完成如下动作：

[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl start mariadb.service?
[root@controller ~]# systemctl enable mariadb.service?
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.

安装初始化

为了保证数据库服务的安全性，运行mysql_secure_installation脚本。特别需要说明的是，为数据库的root用户设置一个适当的密码。

[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
? ? ? SERVERS IN PRODUCTION USE!? PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we‘ll need the current
password for the root user.? If you‘ve just installed MariaDB, and
you haven‘t set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):?
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] n
?... skipping.

By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.? This is intended only for testing, and to make the installation
go a bit smoother.? You should remove them before moving into a
production environment.

Remove anonymous users? [Y/n] y
?... Success!

Normally, root should only be allowed to connect from ‘localhost‘.? This
ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n] y
?... Success!

By default, MariaDB comes with a database named ‘test‘ that anyone can
access.? This is also intended only for testing, and should be removed
before moving into a production environment.

Remove test database and access to it? [Y/n] y
?- Dropping test database...
?... Success!
?- Removing privileges on test database...
?... Success!

Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.

Reload privilege tables now? [Y/n] y
?... Success!

Cleaning up...

All done!? If you‘ve completed all of the above steps, your MariaDB
installation should now be secure.

Thanks for using MariaDB!

回车-------》n--->y----》y--------》y--------》y

5、安装消息队列

安装包：

[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl start rabbitmq-server.service?
[root@controller ~]# systemctl enable rabbitmq-server.service?
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.

添加?openstack?用户：

[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
用合适的密码替换?RABBIT_DBPASS。

给openstack用户配置写和读权限：

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...

6、安装memcached

安装服务

[root@controller ~]# yum install memcached python-memcached

修改配置

[root@controller ~]# cat /etc/sysconfig/memcached?
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 10.0.0.11,::1"

启动Memcached服务，并且配置它随机启动。
```
# systemctl enable memcached.service
# systemctl start memcached.service
```
一、keystone服务

一、keystone服务简介和配置

为认证管理，授权管理和服务目录服务管理提供单点整合。其它OpenStack服务将身份认证服务当做通用统一API来使用

keystone的认证服务，由于openstack节点有许多，想要访问的路径位置不一样，所以这样很难让人记住，此时keystone服务就是实现只登录认证服务，然后都保存有其他的服务地址。

openstack的安装顺序

1、登入数据库创库授权
2、在keystone创建用户并授权，串联角色。
3、在keyston创建API(例如glance服务注册)
4、YUM安装服务的软件包
5、修改服务的配置文件
6、同步数据库
7、启动服务
以上keyston必须的流程。

在你配置 OpenStack 身份认证服务前，你必须创建一个数据库和管理员令牌。

完成下面的步骤以创建数据库：

用数据库连接客户端以?root?用户连接到数据库服务器：

$ mysql -u root -p

创建?keystone?数据库：

MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)

对keystone数据库授予恰当的权限：


MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ ? ? ->? ?IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ \
? ? ->? ?IDENTIFIED BY ‘KEYSTONE_DBPASS‘;
Query OK, 0 rows affected (0.00 sec)

* 用合适的密码替换?KEYSTONE_DBPASS?。
* 退出数据库客户端。
### 安装软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

mod_wsgi 的意思和fastcgi意思相近
![图片](https://uploader.shimo.im/f/Vc2sx63mXS4Zlk9g.png!thumbnail)
### 编辑文件?/etc/keystone/keystone.conf?并完成如下动作：
* 安装修改文件工具

[root@controller ~]# yum install openstack-utils.noarch -y? #有利于修改
\cp /etc/keystone/keystone.conf{,.bak}
grep -Ev ‘^$|#‘ /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token? ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connection? pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider? fernet

* 最终文件校验码如下

![图片](https://uploader.shimo.im/f/58re4OTtfeYmigdv.png!thumbnail)
* 初始化身份认证服务的数据库：同步数据库

[root@controller keystone]# su -s /bin/sh -c "keystone-manage db_sync" keystone

* 检查是否同步成功

* 初始化Fernet keys

[root@controller keystone]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

![图片](https://uploader.shimo.im/f/A4YgEZnGAU0RXjA6.png!thumbnail)
## 配置 Apache HTTP 服务器[?](file:///E:/%E8%AF%BE%E5%90%8E%E9%97%AE%E6%96%87%E4%BB%B6%E5%85%B1%E4%BA%AB/50%E6%9C%9F%E4%BA%91%E8%AE%A1%E7%AE%97%E9%A2%84%E4%B9%A0%E8%A7%86%E9%A2%91/openstack%E8%B5%84%E6%96%99%E5%8C%85/html/keystone-install.html#configure-the-apache-http-server)
* 编辑``/etc/httpd/conf/httpd.conf`` 文件，配置``ServerName`` 选项为控制节点：

方法一：

[root@controller keystone]#?vim /etc/httpd/conf/httpd.conf
ServerName controller

* 方法二：

[root@controller keystone]# echo "ServerName controller" >>/etc/httpd/conf/httpd.conf

* 用下面的内容创建文件?/etc/httpd/conf.d/wsgi-keystone.conf。

vim ?/etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
    Require all granted
</Directory>

</VirtualHost>

<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined

<Directory /usr/bin>
    Require all granted
</Directory>

</VirtualHost>

* 校验：

![图片](https://uploader.shimo.im/f/kH1eoYuR2h8HxDEW.png!thumbnail)
* 启动 Apache HTTP 服务并配置其随系统启动：

[root@controller keystone]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@controller keystone]# systemctl start httpd.service

![图片](https://uploader.shimo.im/f/imxXtEoK6AAiGUsA.png!thumbnail)
## 二、创建服务实体和API端点

[root@controller keystone]# export OS_TOKEN=ADMIN_TOKEN #配置认证令牌：
[root@controller keystone]# export OS_URL=http://controller:35357/v3 #配置端点URL：
[root@controller keystone]# export OS_IDENTITY_API_VERSION=3 #配置认证 API 版本：
[root@controller keystone]# env |grep OS
HOSTNAME=controller
OS_IDENTITY_API_VERSION=3
OS_TOKEN=ADMIN_TOKEN
OS_URL=http://controller:35357/v3

* 在你的Openstack环境中，认证服务管理服务目录。服务使用这个目录来决定您的环境中可用的服务。
* 创建服务实体和身份认证服务：

[root@controller keystone]# openstack service create \

? ?--name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field? ? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+
| description | OpenStack Identity? ? ? ? ? ? ? ?|
| enabled? ? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? | 779367e67e2241f69f94a9b5c9df4aa9 |
| name? ? ? ? | keystone? ? ? ? ? ? ? ? ? ? ? ? ?|
| type? ? ? ? | identity? ? ? ? ? ? ? ? ? ? ? ? ?|
+-------------+----------------------------------+
* 创建认证服务的 API 端点：
[root@controller keystone]# openstack endpoint create --region RegionOne \
? ?identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+--------------+----------------------------------+
| enabled? ? ? | True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? ?| f94857ae91044e88b8fe3ab0b5624d34 |
| interface? ? | public? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| region? ? ? ?| RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| region_id? ? | RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| service_id? ?| 779367e67e2241f69f94a9b5c9df4aa9 |
| service_name | keystone? ? ? ? ? ? ? ? ? ? ? ? ?|
| service_type | identity? ? ? ? ? ? ? ? ? ? ? ? ?|
| url? ? ? ? ? | http://controller:5000/v3? ? ? ? |
+--------------+----------------------------------+

[root@controller keystone]# openstack endpoint create --region RegionOne >? ?identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+--------------+----------------------------------+
| enabled? ? ? | True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? ?| 1e61fb08ea1d4ea4833f373c2803ed60 |
| interface? ? | internal? ? ? ? ? ? ? ? ? ? ? ? ?|
| region? ? ? ?| RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| region_id? ? | RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| service_id? ?| 779367e67e2241f69f94a9b5c9df4aa9 |
| service_name | keystone? ? ? ? ? ? ? ? ? ? ? ? ?|
| service_type | identity? ? ? ? ? ? ? ? ? ? ? ? ?|
| url? ? ? ? ? | http://controller:5000/v3? ? ? ? |
+--------------+----------------------------------+

[root@controller keystone]# openstack endpoint create --region RegionOne >? ?identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+--------------+----------------------------------+
| enabled? ? ? | True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? ?| e4cb24f931474bd78c1cde0bb9b5ec70 |
| interface? ? | admin? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| region? ? ? ?| RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| region_id? ? | RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| service_id? ?| 779367e67e2241f69f94a9b5c9df4aa9 |
| service_name | keystone? ? ? ? ? ? ? ? ? ? ? ? ?|
| service_type | identity? ? ? ? ? ? ? ? ? ? ? ? ?|
| url? ? ? ? ? | http://controller:35357/v3? ? ? ?|
+--------------+----------------------------------+

以上操作比较麻烦啰嗦，直接命令行执行以下操作
openstack service create \
? --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne \
? identity public http://controller:5000/v3
openstack endpoint create --region RegionOne \
? identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne \
? identity admin http://controller:35357/v3

校验

[root@controller keystone]# openstack endpoint list
+---------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID? ? ? ? ? ? ? ? ? ? ? ? | Region? ? | Service Name | Service Type | Enabled | Interface | URL? ? ? ? ? ? ? ? ? ? ? ?|
+---------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 1e61fb08ea1d4ea4833f373c2 | RegionOne | keystone? ? ?| identity? ? ?| True? ? | internal? | http://controller:5000/v3 |
| 803ed60? ? ? ? ? ? ? ? ? ?|? ? ? ? ? ?|? ? ? ? ? ? ? |? ? ? ? ? ? ? |? ? ? ? ?|? ? ? ? ? ?|? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| e4cb24f931474bd78c1cde0bb | RegionOne | keystone? ? ?| identity? ? ?| True? ? | admin? ? ?| http://controller:35357/v |
| 9b5ec70? ? ? ? ? ? ? ? ? ?|? ? ? ? ? ?|? ? ? ? ? ? ? |? ? ? ? ? ? ? |? ? ? ? ?|? ? ? ? ? ?| 3? ? ? ? ? ? ? ? ? ? ? ? ?|
| f94857ae91044e88b8fe3ab0b | RegionOne | keystone? ? ?| identity? ? ?| True? ? | public? ? | http://controller:5000/v3 |
| 5624d34? ? ? ? ? ? ? ? ? ?|? ? ? ? ? ?|? ? ? ? ? ? ? |? ? ? ? ? ? ? |? ? ? ? ?|? ? ? ? ? ?|? ? ? ? ? ? ? ? ? ? ? ? ? ?|
+---------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+

[root@controller keystone]# openstack service list
+----------------------------------+----------+----------+
| ID? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?| Name? ? ?| Type? ? ?|
+----------------------------------+----------+----------+
| 779367e67e2241f69f94a9b5c9df4aa9 | keystone | identity |
+----------------------------------+----------+----------+

报错集结

三、创建域、项目、用户和角色

创建域、项目、用户、角色

[root@controller keystone]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field? ? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+
| description | Default Domain? ? ? ? ? ? ? ? ? ?|
| enabled? ? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? | dc39c5e1af2c4b7b875b1564ec03b144 |
| name? ? ? ? | default? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+

[root@controller keystone]# openstack project create --domain default >? ?--description "Admin Project" admin
+-------------+----------------------------------+
| Field? ? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+
| description | Admin Project? ? ? ? ? ? ? ? ? ? |
| domain_id? ?| dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled? ? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? | 00e5f59a1b434ad8b3e82000d345ca83 |
| is_domain? ?| False? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| name? ? ? ? | admin? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| parent_id? ?| dc39c5e1af2c4b7b875b1564ec03b144 |
+-------------+----------------------------------+

[root@controller keystone]# openstack user create --domain default >? ?--password 123456 admin
+-----------+----------------------------------+
| Field? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-----------+----------------------------------+
| domain_id | dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? | 919d9a3071994ef4a881c23596c964a1 |
| name? ? ? | admin? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-----------+----------------------------------+

[root@controller keystone]# openstack role create admin

+-----------+----------------------------------+
| Field? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-----------+----------------------------------+
| domain_id | None? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? | 31cea6a8a47a4d89bf65b1f61286bacd |
| name? ? ? | admin? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-----------+----------------------------------+

关联项目，用户，角色

[root@controller keystone]# openstack role add --project admin --user admin admin

[root@controller keystone]# openstack project create --domain default >? ?--description "Service Project" service
+-------------+----------------------------------+
| Field? ? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+
| description | Service Project? ? ? ? ? ? ? ? ? |
| domain_id? ?| dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled? ? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? | 36231b61eacf45d4aa8bc7660f3418ab |
| is_domain? ?| False? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| name? ? ? ? | service? ? ? ? ? ? ? ? ? ? ? ? ? |
| parent_id? ?| dc39c5e1af2c4b7b875b1564ec03b144 |
+-------------+----------------------------------+

简单执行
创建域、项目、用户、角色
openstack domain create --description "Default Domain" default
openstack project create --domain default \
? --description "Admin Project" admin
openstack user create --domain default \
? --password 123456 admin
openstack role create admin
#关联项目，用户，角色
openstack role add --project admin --user admin admin
openstack project create --domain default \
? --description "Service Project" service

校验

 openstack domain list
 openstack project list
 openstack user list
 openstack role list

四、验证操作

重置OS_TOKEN和OS_URL 环境变量：

[root@controller keystone]# env |grep OS
HOSTNAME=controller
OS_IDENTITY_API_VERSION=3
OS_TOKEN=ADMIN_TOKEN
OS_URL=http://controller:35357/v3
[root@controller keystone]# unset OS_TOKEN OS_URL
[root@controller keystone]# env |grep OS
HOSTNAME=controller
OS_IDENTITY_API_VERSION=3

作为?admin?用户，请求认证令牌：

[root@controller keystone]# openstack --os-auth-url http://controller:35357/v3 >? ?--os-project-domain-name default --os-user-domain-name default >? ?--os-project-name admin --os-username admin token issue
Password:?  123456
+------------+----------------------------------------------------------------------------------------------------------+
| Field? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+------------+----------------------------------------------------------------------------------------------------------+
| expires? ? | 2019-09-07T08:52:38.000000Z? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| id? ? ? ? ?| gAAAAABdc2HGn9ySSctxdzPfiIHHcf7YkEgs-F2_hyCc8dEuQVRT7qbdXQF6vhpINFFlcYn-7Iyc4uH4OUM5mW53lZNE0QDU5WX4ikYC |
|? ? ? ? ? ? | rOfGMAG_NlMbpVPAdEqfQyUYsA2zbNH3kLL_TMG1Tnv715dWPnpO_rvOlppbE1lFp68cw_1SXvW7OhM? ? ? ? ? ? ? ? ? ? ? ? ? |
| project_id | 00e5f59a1b434ad8b3e82000d345ca83? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| user_id? ? | 919d9a3071994ef4a881c23596c964a1? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
+------------+----------------------------------------------------------------------------------------------------------+

查看过期时间

[root@controller keystone]# timedatectl?
? ? ? Local time: Sat 2019-09-07 15:52:54 CST
? Universal time: Sat 2019-09-07 07:52:54 UTC
? ? ? ? RTC time: Sat 2019-09-07 07:52:55
? ? ? ?Time zone: Asia/Shanghai (CST, +0800)
? ? ?NTP enabled: yes
NTP synchronized: yes
?RTC in local TZ: no
? ? ? DST active: n/a

五、创建 OpenStack 客户端环境脚本

切换路劲到root目录吓
```
[root@controller ~]# pwd?
/root
```

编辑环境变量

[root@controller ~]# cat admin-openrc?
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

校验（环境变量可以使查询语句比较简短）

语句整理
openstack user list
openstack --os-auth-url http://controller:35357/v3? ?--os-project-domain-name default --os-user-domain-name default? ?--os-project-name admin --os-username admin user list

二、镜像服务glance

1、创建数据库授权
用数据库连接客户端以?root?用户连接到数据库服务器：
$ mysql -u root -p
创建?glance?数据库：
CREATE DATABASE glance;
对glance数据库授予恰当的权限：
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘ IDENTIFIED BY ‘GLANCE_DBPASS‘;

GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘   IDENTIFIED BY ‘GLANCE_DBPASS‘;

在keystone创建glance用户关联角色

[root@controller ~]# openstack user create --domain default --password GLANCE_PASS glance
+-----------+----------------------------------+
| Field? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-----------+----------------------------------+
| domain_id | dc39c5e1af2c4b7b875b1564ec03b144 |
| enabled? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? | e948ddc58d3a4e10aab7ee2ea2e24ba1 |
| name? ? ? | glance? ? ? ? ? ? ? ? ? ? ? ? ? ?|
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin

语句整理

[root@controller ~]# openstack user create --domain default --password GLANCE_PASS glance
[root@controller ~]# openstack role add --project service --user glance admin

2、创建glance服务实体和API

创建glance服务实体：

[root@controller ~]# openstack service create --name glance >? ?--description "OpenStack Image" image
+-------------+----------------------------------+
| Field? ? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+
| description | OpenStack Image? ? ? ? ? ? ? ? ? |
| enabled? ? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? | 39329ccc82b3496c94824f1eca5d4281 |
| name? ? ? ? | glance? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| type? ? ? ? | image? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+

创建API

[root@controller ~]# openstack service create --name glance >? ?--description "OpenStack Image" image
+-------------+----------------------------------+
| Field? ? ? ?| Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+
| description | OpenStack Image? ? ? ? ? ? ? ? ? |
| enabled? ? ?| True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? | 39329ccc82b3496c94824f1eca5d4281 |
| name? ? ? ? | glance? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| type? ? ? ? | image? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+-------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne >? ?image public http://controller:9292
+--------------+----------------------------------+
| Field? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+--------------+----------------------------------+
| enabled? ? ? | True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? ?| c024ee94f3cb4999b68880f096d9bcf8 |
| interface? ? | public? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| region? ? ? ?| RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| region_id? ? | RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| service_id? ?| 39329ccc82b3496c94824f1eca5d4281 |
| service_name | glance? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| service_type | image? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| url? ? ? ? ? | http://controller:9292? ? ? ? ? ?|
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne >? ?image internal http://controller:9292
+--------------+----------------------------------+
| Field? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+--------------+----------------------------------+
| enabled? ? ? | True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? ?| 161be9f745b1487c8c3d6f57bc4a87b7 |
| interface? ? | internal? ? ? ? ? ? ? ? ? ? ? ? ?|
| region? ? ? ?| RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| region_id? ? | RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| service_id? ?| 39329ccc82b3496c94824f1eca5d4281 |
| service_name | glance? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| service_type | image? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| url? ? ? ? ? | http://controller:9292? ? ? ? ? ?|
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne >? ?image admin http://controller:9292
+--------------+----------------------------------+
| Field? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+--------------+----------------------------------+
| enabled? ? ? | True? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| id? ? ? ? ? ?| bd71f23310654c30b52da51652f0d324 |
| interface? ? | admin? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| region? ? ? ?| RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| region_id? ? | RegionOne? ? ? ? ? ? ? ? ? ? ? ? |
| service_id? ?| 39329ccc82b3496c94824f1eca5d4281 |
| service_name | glance? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| service_type | image? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| url? ? ? ? ? | http://controller:9292? ? ? ? ? ?|
+--------------+----------------------------------+

在keystone上创建服务和注册api
openstack service create --name glance \
? --description "OpenStack Image" image
openstack endpoint create --region RegionOne \
? image public http://controller:9292
openstack endpoint create --region RegionOne \
? image internal http://controller:9292
openstack endpoint create --region RegionOne \
? image admin http://controller:9292

3、安全并配置组件

[root@controller ~]# yum install openstack-glance -y

编辑文件?/etc/glance/glance-api.conf?并完成如下动作

[root@controller ~]# cp /etc/glance/glance-api.conf{,.bak}
[root@controller ~]# grep ‘^[a-Z\[]‘ /etc/glance/glance-api.conf.bak &gt;/etc/glance/glance-api.conf
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? database? connection? mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? glance_store stores? file,http
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? glance_store default_store? file
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? glance_store filesystem_store_datadir? /var/lib/glance/images/
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken auth_uri? http://controller:5000
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken auth_url? http://controller:35357
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken memcached_servers? controller:11211
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken auth_type? password
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken project_domain_name? default
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken user_domain_name? default
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken project_name? service
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken username? glance
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken password? GLANCE_PASS
[root@controller ~]# openstack-config --set /etc/glance/glance-api.conf? paste_deploy flavor? keystone

一下一次性执行即可和上面效果一样

cp /etc/glance/glance-api.conf{,.bak}
grep ‘^[a-Z\[]‘ /etc/glance/glance-api.conf.bak &gt;/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf? database? connection? mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf? glance_store stores? file,http
openstack-config --set /etc/glance/glance-api.conf? glance_store default_store? file
openstack-config --set /etc/glance/glance-api.conf? glance_store filesystem_store_datadir? /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken auth_uri? http://controller:5000
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken auth_url? http://controller:35357
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken memcached_servers? controller:11211
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken auth_type? password
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken project_domain_name? default
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken user_domain_name? default
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken project_name? service
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken username? glance
openstack-config --set /etc/glance/glance-api.conf? keystone_authtoken password? GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf? paste_deploy flavor? keystone

校验

[root@controller ~]# md5sum /etc/glance/glance-api.conf
3e1a4234c133eda11b413788e001cba3? /etc/glance/glance-api.con

编辑文件?``/etc/glance/glance-registry.conf``并完成如下动作：

[root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak}
[root@controller ~]# grep ‘^[a-Z\[]‘ /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? database? connection? mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
/glance/glance-registry.conf? keystone_authtoken username? glance
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken password? GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf? paste_deploy flavor? keystone[root@controller ~]# openstack-confler:5000 /etc/glance/glance-registry.conf? keystone_authtoken auth_uri? http://control?
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken auth_url? http://controller:35357
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken memcached_servers? controller:11211
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken auth_type? password
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken project_domain_name? default
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken user_domain_name? default
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken project_name? service
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken username? glance
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken password? GLANCE_PASS
[root@controller ~]# openstack-config --set /etc/glance/glance-registry.conf? paste_deploy flavor? keystone

命令汇总可一次性执行

cp /etc/glance/glance-registry.conf{,.bak}
grep ‘^[a-Z\[]‘ /etc/glance/glance-registry.conf.bak &gt; /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf? database? connection? mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken auth_uri? http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken auth_url? http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken memcached_servers? controller:11211
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken auth_type? password
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken project_domain_name? default
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken user_domain_name? default
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken project_name? service
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken username? glance
openstack-config --set /etc/glance/glance-registry.conf? keystone_authtoken password? GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf? paste_deploy flavor? keystone

校验

4、写入镜像服务数据库

同步数据库

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal.? Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1056: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
? expire_on_commit=expire_on_commit, _conf=conf)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u‘Duplicate index `ix_image_properties_image_id_name`. This is deprecated and will be disallowed in a future release.‘)
? result = self._query(query)

?注解

忽略以上输出中任何不推荐使用的信息

校验

[root@controller ~]# mysql glance -e "show tables;"
+----------------------------------+
| Tables_in_glance? ? ? ? ? ? ? ? ?|
+----------------------------------+
| artifact_blob_locations? ? ? ? ? |
| artifact_blobs? ? ? ? ? ? ? ? ? ?|
| artifact_dependencies? ? ? ? ? ? |
| artifact_properties? ? ? ? ? ? ? |
| artifact_tags? ? ? ? ? ? ? ? ? ? |
| artifacts? ? ? ? ? ? ? ? ? ? ? ? |
| image_locations? ? ? ? ? ? ? ? ? |
| image_members? ? ? ? ? ? ? ? ? ? |
| image_properties? ? ? ? ? ? ? ? ?|
| image_tags? ? ? ? ? ? ? ? ? ? ? ?|
| images? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| metadef_namespace_resource_types |
| metadef_namespaces? ? ? ? ? ? ? ?|
| metadef_objects? ? ? ? ? ? ? ? ? |
| metadef_properties? ? ? ? ? ? ? ?|
| metadef_resource_types? ? ? ? ? ?|
| metadef_tags? ? ? ? ? ? ? ? ? ? ?|
| migrate_version? ? ? ? ? ? ? ? ? |
| task_info? ? ? ? ? ? ? ? ? ? ? ? |
| tasks? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+----------------------------------+

启动镜像服务、配置他们随机启动：

# systemctl enable openstack-glance-api.service openstack-glance-registry.service
# systemctl start openstack-glance-api.service openstack-glance-registry.service

校验是否能用glance镜像

keystone校验是获取一个token

[root@controller ~]# openstack token issue
+------------+----------------------------------------------------------------------------------------------------------+
| Field? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+------------+----------------------------------------------------------------------------------------------------------+
| expires? ? | 2019-09-07T10:17:12.000000Z? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| id? ? ? ? ?| gAAAAABdc3WYVhvBRhpK0HosaT43ch_I1tsGh3EGPkNg_vH43CGXJsA1sZiUyfLEHxM3Wo1fT8JMPvRAzcrhrnyvgKMEzVBODMBixYfA |
|? ? ? ? ? ? | VHeGf8_K9teOCAL1SIOlIX2I-NJNeuz_Xq4tAxoogdF4RQLSQH3mCFZlWaY8aNW8r4jph2hvVFEvIS8? ? ? ? ? ? ? ? ? ? ? ? ? |
| project_id | 00e5f59a1b434ad8b3e82000d345ca83? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| user_id? ? | 919d9a3071994ef4a881c23596c964a1? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
+------------+----------------------------------------------------------------------------------------------------------+

glance是上传一个镜像

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

本地验证是否成功

[root@controller ~]# openstack image create "cirros" >? ?--file cirros-0.3.4-x86_64-disk.img >? ?--disk-format qcow2 --container-format bare >? ?--public                              #公有的
+------------------+------------------------------------------------------+
| Field? ? ? ? ? ? | Value? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
+------------------+------------------------------------------------------+
| checksum? ? ? ? ?| ee1eca47dc88f4879d8a229cc70a07c6? ? ? ? ? ? ? ? ? ? ?|
| container_format | bare? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| created_at? ? ? ?| 2019-09-07T09:21:28Z? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| disk_format? ? ? | qcow2? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| file? ? ? ? ? ? ?| /v2/images/4785840a-2a8d-441c-8fd9-7227052bc580/file |
| id? ? ? ? ? ? ? ?| 4785840a-2a8d-441c-8fd9-7227052bc580? ? ? ? ? ? ? ? ?|
| min_disk? ? ? ? ?| 0? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| min_ram? ? ? ? ? | 0? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| name? ? ? ? ? ? ?| cirros? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| owner? ? ? ? ? ? | 00e5f59a1b434ad8b3e82000d345ca83? ? ? ? ? ? ? ? ? ? ?|
| protected? ? ? ? | False? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| schema? ? ? ? ? ?| /v2/schemas/image? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| size? ? ? ? ? ? ?| 13287936? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| status? ? ? ? ? ?| active? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| tags? ? ? ? ? ? ?|? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? |
| updated_at? ? ? ?| 2019-09-07T09:21:31Z? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| virtual_size? ? ?| None? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
| visibility? ? ? ?| public? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?|
+------------------+------------------------------------------------------+

上面命令如下

openstack image create "cirros" ? --file cirros-0.3.4-x86_64-disk.img ? --disk-format qcow2 --container-format bare ? --public

查看glance上传镜像存储路径

[root@controller ~]# ll -h? ?/var/lib/glance/images/4785840a-2a8d-441c-8fd9-7227052bc580?
-rw-r----- 1 glance glance 13M Sep? 7 17:21 /var/lib/glance/images/4785840a-2a8d-441c-8fd9-7227052bc580

查看镜像

[root@controller ~]# openstack image list

三、计算服务节点Nova

nova-api:接受并响应所有的计算服务请求，管理虚拟机(云主机)生命周期
nova-compute（多个）：真正管理虚拟机
nova-scheduler：? ? ? nova调度器（挑选出最合适的nova-compute来创建虚机）
nova-conductor：? ? ? 帮助nova-compute代理修改数据库中虚拟机的状态
nova-network? ? ? ? ? 早期openstack版本管理虚拟机的网络（已弃用，neutron）
nova-consoleauth和nova-novncproxy：web版的vnc来直接操作云主机
novncproxy：web版 vnc客户端
nova-api-metadata：接受来自虚拟机发送的元数据请求

1、创库授权

[root@controller ~]# mysql -uroot -p

创建?nova_api?和?nova?数据库：

CREATE DATABASE nova_api;
CREATE DATABASE nova;

对数据库进行正确的授权：

GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘NOVA_DBPASS‘;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘NOVA_DBPASS‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘NOVA_DBPASS‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘NOVA_DBPASS‘;
用合适的密码代替?NOVA_DBPASS。

2、在keystone创建系统用户nova关联角色

以下还是controller节点的操作

在keystone创建系统用户(glance,nova,neutron)关联角色

openstack user create --domain default ? --password NOVA_PASS nova
openstack role add --project service --user nova admin? 关联角色

在keystone上创建服务和注册api

openstack service create --name nova ? --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne ? compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne ? compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne ? compute admin http://controller:8774/v2.1/%\(tenant_id\)s

安装服务相应软件包

yum install openstack-nova-api openstack-nova-conductor ? openstack-nova-console openstack-nova-novncproxy ? openstack-nova-scheduler -y

修改相应服务的配置文件

cp /etc/nova/nova.conf{,.bak}
grep ‘^[a-Z\[]‘ /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf? DEFAULT enabled_apis? osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf? DEFAULT rpc_backend? rabbit
openstack-config --set /etc/nova/nova.conf? DEFAULT auth_strategy? keystone
openstack-config --set /etc/nova/nova.conf? DEFAULT my_ip? 10.0.0.11
openstack-config --set /etc/nova/nova.conf? DEFAULT use_neutron? True
openstack-config --set /etc/nova/nova.conf? DEFAULT firewall_driver? nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf? api_database connection? mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf? database? connection? mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf? glance api_servers? http://controller:9292
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? auth_uri? http://controller:5000
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? auth_url? http://controller:35357
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? memcached_servers? controller:11211
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? auth_type? password
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? project_domain_name? default
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? user_domain_name? default
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? project_name? service
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? username? nova
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? password? NOVA_PASS
openstack-config --set /etc/nova/nova.conf? oslo_concurrency lock_path? /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf? oslo_messaging_rabbit? ?rabbit_host? controller
openstack-config --set /etc/nova/nova.conf? oslo_messaging_rabbit? ?rabbit_userid? openstack
openstack-config --set /etc/nova/nova.conf? oslo_messaging_rabbit? ?rabbit_password? RABBIT_PASS
openstack-config --set /etc/nova/nova.conf? vnc vncserver_listen? ‘$my_ip‘
openstack-config --set /etc/nova/nova.conf? vnc vncserver_proxyclient_address? ‘$my_ip‘

#校验

md5sum /etc/nova/nova.conf
47ded61fdd1a79ab91bdb37ce59ef192? /etc/nova/nova.conf

同步数据库

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova

命令行操作

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u‘Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.‘)
? result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u‘Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.‘)
? result = self._query(query)
忽略输出中任何不推荐使用的信息。

校验是否同步数据成功，查看如下两个库

[root@controller ~]# mysql nova_api -e ‘show tables;‘
[root@controller ~]# mysql nova -e ‘show tables;‘

nova库由于表太多，所以。。。。。。。

启动服务

systemctl enable openstack-nova-api.service ? openstack-nova-consoleauth.service openstack-nova-scheduler.service ? openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl status openstack-nova-api.service ? openstack-nova-consoleauth.service openstack-nova-scheduler.service ? openstack-nova-conductor.service openstack-nova-novncproxy.service

查看是否启动成功

[root@controller ~]# systemctl status openstack-nova-api.service? ?openstack-nova-consoleauth.service openstack-nova-scheduler.service? ?openstack-nova-conductor.service openstack-nova-novncproxy.service

[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary? ? ? ? ? ?| Host? ? ? ?| Zone? ? ?| Status? | State | Updated At? ? ? ? ? ? ? ? ?|
+----+------------------+------------+----------+---------+-------+----------------------------+
|? 1 | nova-conductor? ?| controller | internal | enabled | up? ? | 2019-09-09T08:53:04.000000 |
|? 2 | nova-consoleauth | controller | internal | enabled | up? ? | 2019-09-09T08:53:04.000000 |
|? 3 | nova-scheduler? ?| controller | internal | enabled | up? ? | 2019-09-09T08:53:04.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

以上控制节点操作全部结束

四、以下配置computer计算节点

nova-compute调用libvirtd来创建虚拟机

安装

yum install openstack-nova-compute -y
yum install openstack-utils.noarch -y

配置

cp /etc/nova/nova.conf{,.bak}
grep ‘^[a-Z\[]‘ /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf? DEFAULT rpc_backend? rabbit
openstack-config --set /etc/nova/nova.conf? DEFAULT auth_strategy? keystone
openstack-config --set /etc/nova/nova.conf? DEFAULT my_ip? 10.0.0.12
openstack-config --set /etc/nova/nova.conf? DEFAULT use_neutron? True
openstack-config --set /etc/nova/nova.conf? DEFAULT firewall_driver? nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf? glance api_servers? http://controller:9292
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? auth_uri? http://controller:5000
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? auth_url? http://controller:35357
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? memcached_servers? controller:11211
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? auth_type? password
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? project_domain_name? default
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? user_domain_name? default
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? project_name? service
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? username? nova
openstack-config --set /etc/nova/nova.conf? keystone_authtoken? password? NOVA_PASS
openstack-config --set /etc/nova/nova.conf? oslo_concurrency lock_path? /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf? oslo_messaging_rabbit? ?rabbit_host? controller
openstack-config --set /etc/nova/nova.conf? oslo_messaging_rabbit? ?rabbit_userid? openstack
openstack-config --set /etc/nova/nova.conf? oslo_messaging_rabbit? ?rabbit_password? RABBIT_PASS
openstack-config --set /etc/nova/nova.conf? vnc enabled? True
openstack-config --set /etc/nova/nova.conf? vnc vncserver_listen? 0.0.0.0
openstack-config --set /etc/nova/nova.conf? vnc vncserver_proxyclient_address? ‘$my_ip‘
openstack-config --set /etc/nova/nova.conf? vnc novncproxy_base_url? http://controller:6080/vnc_auto.html

校验

[root@compute1 nova]# md5sum /etc/nova/nova.conf
de2878e91f8386669cb38818b782bf5b? /etc/nova/nova.conf

启动服务

[root@compute1 nova]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@compute1 nova]# systemctl start libvirtd.service openstack-nova-compute.service

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

服务端口检查

服务检查
1. 检查keystone

[root@controller ~]# openstack token issue? ##检查keystone

2.glance镜像检查
[root@controller ~]# openstack image list

3.Nova节点检查
[root@controller ~]# openstack compute service list

4、时间同步（分布式架构时间同步很重要）

五、neutron 网络服务

OpenStack Networking（neutron），允许创建、插入接口设备，这些设备由其他的OpenStack服务管理。插件式的实现可以容纳不同的网络设备和软件，为OpenStack架构与部署提供了灵活性。
它包含下列组件：
neutron-server
接收和路由API请求到合适的OpenStack网络插件，以达到预想的目的。
OpenStack网络插件和代理
插拔端口，创建网络和子网，以及提供IP地址，这些插件和代理依赖于供应商和技术而不同，OpenStack网络基于插件和代理为Cisco 虚拟和物理交换机、NEC OpenFlow产品，Open vSwitch,Linux bridging以及VMware NSX 产品穿线搭桥。
常见的代理L3(3层)，DHCP(动态主机IP地址)，以及插件代理。
消息队列
大多数的OpenStack Networking安装都会用到，用于在neutron-server和各种各样的代理进程间路由信息。也为某些特定的插件扮演数据库的角色，以存储网络状态

neutron-server? 端口(9696)? api：接受和响应外部的网络管理请求
neutron-linuxbridge-agent:? ? ? ?负责创建桥接网卡
neutron-dhcp-agent：? ? ? ? ? ? ?负责分配IP
neutron-metadata-agent：? ? ? ? ?配合nova-metadata-api实现虚拟机的定制化操作
L3-agent? ? ? ? ? ? ? ? ? ? ? ? ?实现三层网络(网络层)

1、安装配置在控制节点上：controller

1：数据库创库授权

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ ? IDENTIFIED BY ‘NEUTRON_DBPASS‘;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ ? IDENTIFIED BY ‘NEUTRON_DBPASS‘;

2：在keystone创建系统用户(glance,nova,neutron)关联角色

openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin   #关联角色

3：在keystone上创建服务和注册api

openstack service create --name neutron ? --description "OpenStack Networking" network
openstack endpoint create --region RegionOne ? network public http://controller:9696
openstack endpoint create --region RegionOne ? network internal http://controller:9696
openstack endpoint create --region RegionOne ? network admin http://controller:9696

4：安装服务相应软件包

yum install openstack-neutron openstack-neutron-ml2 ? openstack-neutron-linuxbridge ebtables -y

??5：修改相应服务的配置文件

a:/etc/neutron/neutron.conf

cp /etc/neutron/neutron.conf{,.bak}
grep ‘^[a-Z\[]‘ /etc/neutron/neutron.conf.bak &gt;/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf? DEFAULT core_plugin? ml2
openstack-config --set /etc/neutron/neutron.conf? DEFAULT service_plugins
openstack-config --set /etc/neutron/neutron.conf? DEFAULT rpc_backend? rabbit
openstack-config --set /etc/neutron/neutron.conf? DEFAULT auth_strategy? keystone
openstack-config --set /etc/neutron/neutron.conf? DEFAULT notify_nova_on_port_status_changes? True
openstack-config --set /etc/neutron/neutron.conf? DEFAULT notify_nova_on_port_data_changes? True
openstack-config --set /etc/neutron/neutron.conf? database connection? mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken auth_uri? http://controller:5000
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken auth_url? http://controller:35357
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken memcached_servers? controller:11211
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken auth_type? password
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken project_domain_name? default
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken user_domain_name? default
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken project_name? service
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken username? neutron
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken password? NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf? nova auth_url? http://controller:35357
openstack-config --set /etc/neutron/neutron.conf? nova auth_type? password?
openstack-config --set /etc/neutron/neutron.conf? nova project_domain_name? default
openstack-config --set /etc/neutron/neutron.conf? nova user_domain_name? default
openstack-config --set /etc/neutron/neutron.conf? nova region_name? RegionOne
openstack-config --set /etc/neutron/neutron.conf? nova project_name? service
openstack-config --set /etc/neutron/neutron.conf? nova username? nova
openstack-config --set /etc/neutron/neutron.conf? nova password? NOVA_PASS
openstack-config --set /etc/neutron/neutron.conf? oslo_concurrency lock_path? /var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.conf? oslo_messaging_rabbit rabbit_host? controller
openstack-config --set /etc/neutron/neutron.conf? oslo_messaging_rabbit rabbit_userid? openstack
openstack-config --set /etc/neutron/neutron.conf? oslo_messaging_rabbit rabbit_password? RABBIT_PASS
[root@controller ~]# md5sum /etc/neutron/neutron.conf
e399b7958cd22f47becc6d8fd6d3521a? /etc/neutron/neutron.conf

b:/etc/neutron/plugins/ml2/ml2_conf.ini

cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep ‘^[a-Z\[]‘ /etc/neutron/plugins/ml2/ml2_conf.ini.bak &gt;/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini? ml2 type_drivers? flat,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini? ml2 tenant_network_types?
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini? ml2 mechanism_drivers? linuxbridge
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini? ml2 extension_drivers? port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini? ml2_type_flat flat_networks? provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini? securitygroup enable_ipset? True
[root@controller ~]# md5sum /etc/neutron/plugins/ml2/ml2_conf.ini
2640b5de519fafcd675b30e1bcd3c7d5? /etc/neutron/plugins/ml2/ml2_conf.ini

c:/etc/neutron/plugins/ml2/linuxbridge_agent.ini

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep ‘^[a-Z\[]‘ /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak &gt;/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini? linux_bridge physical_interface_mappings? provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini? securitygroup enable_security_group? True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini? securitygroup firewall_driver? neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini? vxlan enable_vxlan? False
[root@controller ~]# md5sum /etc/neutron/plugins/ml2/linuxbridge_agent.ini
3f474907a7f438b34563e4d3f3c29538? /etc/neutron/plugins/ml2/linuxbridge_agent.ini

d:/etc/neutron/dhcp_agent.ini

vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[root@controller ~]# md5sum /etc/neutron/dhcp_agent.ini
cac841bdf855fe98617cd5907f2f5d5f? /etc/neutron/dhcp_agent.ini

e:/etc/neutron/metadata_agent.ini

vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[root@controller ~]# md5sum /etc/neutron/metadata_agent.ini?
6d69d28e7e1c9a12b262355047185f8c? /etc/neutron/metadata_agent.ini

f:再次修改/etc/nova/nova.conf

openstack-config --set /etc/nova/nova.conf? neutron url? http://controller:9696
openstack-config --set /etc/nova/nova.conf? neutron auth_url? http://controller:35357
openstack-config --set /etc/nova/nova.conf? neutron auth_type? password
openstack-config --set /etc/nova/nova.conf? neutron project_domain_name? default
openstack-config --set /etc/nova/nova.conf? neutron user_domain_name? default
openstack-config --set /etc/nova/nova.conf? neutron region_name? RegionOne
openstack-config --set /etc/nova/nova.conf? neutron project_name? service
openstack-config --set /etc/nova/nova.conf? neutron username? neutron
openstack-config --set /etc/nova/nova.conf? neutron password? NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf? neutron service_metadata_proxy? True
openstack-config --set /etc/nova/nova.conf? neutron metadata_proxy_shared_secret? METADATA_SECRET
[root@controller ~]# md5sum /etc/nova/nova.conf
6334f359655efdbcf083b812ab94efc1? /etc/nova/nova.conf

6、数据库同步

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf ? --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7：启动服务

systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service ? neutron-linuxbridge-agent.service neutron-dhcp-agent.service ? neutron-metadata-agent.service
systemctl start neutron-server.service ? neutron-linuxbridge-agent.service neutron-dhcp-agent.service ? neutron-metadata-agent.service

2、安装和配置计算节点compute1

1、安装

[root@compute1 ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y

2、配置

配置

cp /etc/neutron/neutron.conf{,.bak}

grep ‘^[a-Z\[]‘ /etc/neutron/neutron.conf.bak &gt;/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf? DEFAULT rpc_backend? rabbit
openstack-config --set /etc/neutron/neutron.conf? DEFAULT auth_strategy? keystone
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken auth_uri? http://controller:5000
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken auth_url? http://controller:35357
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken memcached_servers? controller:11211
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken auth_type? password
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken project_domain_name? default
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken user_domain_name? default
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken project_name? service
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken username? neutron
openstack-config --set /etc/neutron/neutron.conf? keystone_authtoken password? NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf? oslo_concurrency lock_path? /var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.conf? oslo_messaging_rabbit rabbit_host? controller
openstack-config --set /etc/neutron/neutron.conf? oslo_messaging_rabbit rabbit_userid? openstack
openstack-config --set /etc/neutron/neutron.conf? oslo_messaging_rabbit rabbit_password? RABBIT_PASS
[root@compute1 nova]# md5sum /etc/neutron/neutron.conf
77ffab503797be5063c06e8b956d6ed0? /etc/neutron/neutron.conf

cp -r /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:eth0
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = False
[root@compute1 nova]# md5sum /etc/neutron/plugins/ml2/linuxbridge_agent.ini
3f474907a7f438b34563e4d3f3c29538? /etc/neutron/plugins/ml2/linuxbridge_agent.ini

修改novja节点配置文件，最终配置文件

openstack-config --set /etc/nova/nova.conf? neutron url? http://controller:9696
openstack-config --set /etc/nova/nova.conf? neutron auth_url? http://controller:35357
openstack-config --set /etc/nova/nova.conf? neutron auth_type? password
openstack-config --set /etc/nova/nova.conf? neutron project_domain_name? default
openstack-config --set /etc/nova/nova.conf? neutron user_domain_name? default
openstack-config --set /etc/nova/nova.conf? neutron region_name? RegionOne
openstack-config --set /etc/nova/nova.conf? neutron project_name? service
openstack-config --set /etc/nova/nova.conf? neutron username? neutron
openstack-config --set /etc/nova/nova.conf? neutron password? NEUTRON_PASS
[root@compute1 nova]# md5sum /etc/nova/nova.conf
2be5a71f4813fd994a8ba2bcf2a4adfb? /etc/nova/nova.conf

3、启动

systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

4、校验

查看neutron
```
[root@controller ~]# neutron agent-list
```
六、安装horizon web界面

个人建议安装在计算节点

1、安装

[root@compute1 ~]# yum install openstack-dashboard -y

2：配置

vim /etc/openstack-dashboard/local_settings

这里由于修改比较繁琐，自己编写了一个没有错的直接替换

[root@compute1 ~]# rz?
[root@compute1 ~]# cat local_settings &gt;/etc/openstack-dashboard/local_settings?

需要此请+：1602031534

3：启动

systemctl start httpd

4、浏览器验证

验证仪表盘的操作。
在浏览器中输入?``http://controller/dashboard``访问仪表盘。
验证使用?admin?或者``demo``用户凭证和``default``域凭证。

5、报错解决

[root@controller1 ~]# cat /var/log/httpd/error_log

以下几条日志与尝试打开页面失败相关：

[Thu Nov 16 17:09:27.362380 2017] [core:error] [pid 22918] [client 10.11.113.61:62148] Script timed out before returning headers: django.wsgi
[Thu Nov 16 17:09:29.649566 2017] [core:error] [pid 22979] [client 10.11.113.39:55327] Script timed out before returning headers: django.wsgi
[Thu Nov 16 17:09:30.450777 2017] [core:error] [pid 22980] [client 10.11.113.61:62149] Script timed out before returning headers: django.wsgi

猜测这个事情应该和django.wsgi有关系，百度到有人给出解决方法。

编辑：/etc/httpd/conf.d/openstack-dashboard.conf
在WSGISocketPrefix run/wsgi下面加一行代码：
WSGIApplicationGroup %{GLOBAL}      加入此句话#

保存，重启httpd服务。
浏览器访问

Opensatck入门简单搭建（O版搭建）

原文：https://blog.51cto.com/13859027/2437873

踩

(0)

评论一句话评论（0）

分享档案

更多>

2021年09月23日 (328)
2021年09月24日 (313)
2021年09月17日 (191)
2021年09月15日 (369)
2021年09月16日 (411)
2021年09月13日 (439)
2021年09月11日 (398)
2021年09月12日 (393)
2021年09月10日 (160)
2021年09月08日 (222)

Opensatck入门简单搭建（O版搭建）

1、基础配置

2、网络时间协议ntp

3、openstack的包

4、安装数据库

5、安装消息队列

6、安装memcached

一、keystone服务

一、keystone服务简介和配置

三、创建域、项目、用户和角色

四、验证操作

五、创建 OpenStack 客户端环境脚本

二、镜像服务glance

1、创建数据库授权

2、创建glance服务实体和API

3、安全并配置组件

4、写入镜像服务数据库

三、计算服务节点Nova

1、创库授权

2、在keystone创建系统用户nova关联角色

四、以下配置computer计算节点

五、neutron 网络服务

1、安装配置在控制节点上：controller

2、安装和配置计算节点compute1

六、安装horizon web界面