网络规划：

192.168.25.34   openstack

第一部分 openstack搭建

官方文档 http://docs.openstack.org/

操作系统：centos 7 minal x86_64

1.主机名设置
hostnamectl set-hostname openstack
#验证
hostname

2.域名解析和防火墙设置
vim /etc/hosts
192.168.25.34 openstack

systemctl stop firewalld
systemctl disable firewalld

#关闭 selinux
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
setenforce 0

3.安装openstack
#添加软件源
yum install -y epel-release
yum install -y https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-liberty/centos-release-openstack-liberty-1-3.el7.noarch.rpm
yum install -y python-openstackclient

#安装mysql数据库
yum install -y mariadb mariadb-server MySQL-python

#安装RabbitMQ
yum install -y rabbitmq-server

##Keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached

##Glance
yum install -y openstack-glance python-glance python-glanceclient

##Nova
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

##Neutron
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset

##Dashboard
yum install -y openstack-dashboard

##Cinder
yum install -y openstack-cinder python-cinderclient

补全作为计算节点的包
##Nova linux-node2.openstack
yum install -y openstack-nova-compute sysfsutils

##Cinder
yum install -y openstack-cinder python-cinderclient targetcli python-oslo-policy

4.设置时间同步
yum install -y chrony

vim /etc/chrony.conf
allow 192.168.25.0/24 #允许那些服务器和自己同步时间

systemctl enable chronyd.service    #开机启动
systemctl start chronyd.service
timedatectl set-timezone Asia/Shanghai     #设置时区
timedatectl status

5.安装配置mysql
vim /etc/my.cnf
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
max_connections = 1000

vim /etc/my.cnf.d/client.cnf
[client]
default-character-set=utf8

vim /etc/my.cnf.d/mysql-clients.cnf
[mysql]
default-character-set=utf8

vim /usr/lib/systemd/system/mariadb.service
在[Service]下面加入以下内容

LimitNOFILE=10000
LimitNPROC=10000

systemctl daemon-reload

systemctl restart mariadb.service

mysql_secure_installation
密码12345678

mysql -uroot -p
show variables like 'max_connections';
show variables like "%character%";

#创建数据库
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
flush privileges;
show databases;

6.配置mq
#开机启动
systemctl enable rabbitmq-server.service                                 
#查看支持的插件
rabbitmq-plugins list
#启用web管理插件
rabbitmq-plugins enable rabbitmq_management

systemctl restart rabbitmq-server.service
#检查
lsof -i:15672

#添加用户密码
rabbitmqctl add_user openstack openstack
#允许配置、写、读访问 openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*" 

#访问地址
http://192.168.25.34:15672
默认用户名密码都是guest，浏览器添加openstack用户到组并登陆测试

7.openstack组件安装配置
# 配置 Keystone 验证服务 所有的服务，都需要在 keystone 上注册
端口 5000 和 35357

#取一个随机数
openssl rand -hex 10
9ce7abe6c86c488469d1
vim /etc/keystone/keystone.conf
admin_token = 9ce7abe6c86c488469d1
connection = mysql://keystone:keystone@192.168.25.34/keystone

#创建数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
 #之所以上面 su 切换是因为这个日志文件属主
ls -lh /var/log/keystone/keystone.log

#检查数据库表

mysql -h 192.168.25.34 -u keystone -p
show databases;
use keystone;
show tables;

8.启动memcached apache
systemctl enable memcached && systemctl start memcached

#配置httpd
vim /etc/httpd/conf/httpd.conf
ServerName 192.168.25.34:80

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
vim /etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
        ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        <IfVersion >= 2.4>
            Require all granted
        </IfVersion>
        <IfVersion < 2.4>
            Order allow,deny
            Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    <IfVersion >= 2.4>
    ErrorLogFormat "%{cu}t %M"
    </IfVersion>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <Directory /usr/bin>
        <IfVersion >= 2.4>
        Require all granted
        </IfVersion>
        <IfVersion < 2.4>
        Order allow,deny
        Allow from all
        </IfVersion>
    </Directory>
</VirtualHost>
————————————————
版权声明：本文为CSDN博主「DemonHunter211」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/kwame211/article/details/77978713

#启动httpd
systemctl enable httpd && systemctl start httpd
#检查
netstat -lntup|grep httpd

9. 创建 keystone 用户
临时设置 admin_token 用户的环境变量，用来创建用户
export OS_TOKEN=9ce7abe6c86c488469d1                           #上面产生的随机数值
export OS_URL=http://192.168.25.34:35357/v3
export OS_IDENTITY_API_VERSION=3

创建 admin 项目---创建 admin 用户（密码 admin，生产不要这么玩） 
---创建 admin 角色---把 admin 用户加入到 admin 项目赋予 admin 的角色（三个 admin 的位置：项目，用户，角色）
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
创建一个普通用户 demo
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password=demo demo
openstack role create user
openstack role add --project demo --user demo user

创建 service 项目，用来管理其他服务用
openstack project create --domain default --description "Service Project" service

以上的名字都是固定的，不能改

#查看创建的用户
openstack user list

#查看创建的项目
openstack project list

10.注册 keystone 服务，以下三种类型分别为公共的、内部的、管理的

openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://192.168.25.34:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://192.168.25.34:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://192.168.25.34:35357/v2.0

#检查
openstack endpoint list
#openstack endpoint delete ID                                    #使用这个命令删除

#验证，获取 token，只有获取到才能说明 keystone 配置成功
unset OS_TOKEN
unset OS_URL
openstack --os-auth-url http://192.168.25.34:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue

使用环境变量来获取 token，环境变量在后面创建虚拟机时也需要用。
创建两个环境变量文件，使用时直接 source！！！（注意，下面两个sh文件所在的路径，在查看命令前都要source下，不然会报错！！）

cat admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.25.34:35357/v3
export OS_IDENTITY_API_VERSION=3

cat demo-openrc.sh
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.25.34:5000/v3
export OS_IDENTITY_API_VERSION=3

#使用
source admin-openrc.sh

openstack token issue

11.配置 glance 镜像服务

端口：
api            9191
registry    9292

#修改/etc/glance/glance-api.conf 和/etc/glance/glance-registry.conf
/etc/glance/glance-api.conf
notification_driver = noop                                           #galnce 不需要消息队列
connection=mysql://glance:glance@192.168.25.34/glance

auth_uri = http://192.168.25.34:5000
auth_url = http://192.168.25.34:35357

default_store=file
filesystem_store_datadir=/var/lib/glance/images/

admin_user=galnce
admin_password=galnce
admin_tenant_name=service

flavor=keystone

#/etc/glance/glance-registry.conf
verbose=True
notification_driver = noop
connection=mysql://glance:glance@192.168.25.34/glance
auth_uri = http://192.168.25.34:5000
auth_url = http://192.168.25.34:35357

admin_user=galnce
admin_password=galnce
admin_tenant_name=service
flavor=keystone

##创建数据库
su -s /bin/sh -c "glance-manage db_sync" glance
#检查
mysql -h 192.168.25.34 -uglance -p

创建关于 glance 的 keystone 用户
source admin-openrc.sh

openstack user create --domain default --password=glance glance

openstack role add --project service --user glance admin

启动 glance

systemctl enable openstack-glance-api

systemctl enable openstack-glance-registry

systemctl start openstack-glance-api

systemctl start openstack-glance-registry

netstat -lnutp |grep 9191 #registry
netstat -lnutp |grep 9292 #api

在 keystone 上注册
source admin-openrc.sh
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://192.168.25.34:9292
openstack endpoint create --region RegionOne image internal http://192.168.25.34:9292
openstack endpoint create --region RegionOne image admin http://192.168.25.34:9292

添加 glance 环境变量并测试

echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
glance image-list

#下载镜像上传到glance
wget -q http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress

glance image-list

qcow2格式：

wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2

glance image-create --name "CentOS-7-x86_64" --file CentOS-7-x86_64-GenericCloud.qcow2 \
--disk-format qcow2 --container-format bare --visibility public --progress

glance image-list

ls -lh /var/lib/glance/images/
--------------------------------------------------------------------------
12.配置 nova 计算服务

修改/etc/nova/nova.conf
my_ip=192.168.25.34
enabled_apis=osapi_compute,metadata
auth_strategy=keystone
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
security_group_api=neutron
firewall_driver = nova.virt.firewall.NoopFirewallDriver
debug=true
verbose=true
rpc_backend=rabbit
allow_resize_to_same_host=True
scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
connection=mysql://nova:nova@192.168.25.34/nova

auth_uri = http://192.168.25.34:5000
auth_url = http://192.168.25.34:35357
admin_user = nova
admin_password = nova
admin_tenant_name = service

virt_type=kvm
[neutron]
url = http://192.168.25.34:9696
auth_url = http://192.168.25.34:35357

[DEFAULT]
my_ip=192.168.25.34
enabled_apis=osapi_compute,metadata
auth_strategy=keystone
allow_resize_to_same_host=True
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
security_group_api=neutron
scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
firewall_driver = nova.virt.firewall.NoopFirewallDriver
verbose=true
rpc_backend=rabbit
[api_database]
connection=mysql://nova:nova@192.168.25.34/nova
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
[ephemeral_storage_encryption]
[glance]
[guestfs]
debug=true
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://192.168.25.34:5000
region_name = RegionOne
admin_user=nova
admin_password=nova
admin_tenant_name=service
[libvirt]
virt_type=kvm
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
service_metadata_proxy = true
metadata_proxy_shared_secret = neutron
url = http://192.168.25.34:9696
auth_url = http://192.168.25.34:35357
auth_plugin = password
password = neutron
project_domain_id = default
project_name = service
user_domain_id = default
username = neutron
[osapi_v21]
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host=192.168.25.34
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
novncproxy_base_url=http://192.168.25.34:6080/vnc_auto.html 
vncserver_listen= $my_ip
vncserver_proxyclient_address= $my_ip
keymap=en-us
[workarounds]
[xenserver]
[zookeeper]

##同步数据库
su -s /bin/sh -c "nova-manage db sync" nova

#检查数据库表
mysql -h 192.168.25.34 -unova -pnova
show databases;
use nova;
show tables;

13.创建 nova 的 keystone 用户
openstack user create --domain default --password=nova nova
openstack role add --project service --user nova admin

##启动 nova 相关服务
systemctl enable openstack-nova-api.service openstack-nova-cert.service \
 openstack-nova-consoleauth.service openstack-nova-scheduler.service \
 openstack-nova-conductor.service openstack-nova-novncproxy.service
 
 
systemctl start openstack-nova-api.service openstack-nova-cert.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

##在 keystone 上注册
source admin-openrc.sh
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://192.168.25.34:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://192.168.25.34:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://192.168.25.34:8774/v2/%\(tenant_id\)s

#检查
openstack host list

#启动服务
systemctl enable libvirtd openstack-nova-compute
systemctl start libvirtd openstack-nova-compute

#测试
openstack host list

nova image-list                  #测试 glance 是否正常
报错信息：
ERROR (ClientException): Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.
<class 'glanceclient.exc.HTTPInternalServerError'> (HTTP 500) (Request-ID: req-9f4d8a7b-be9d-4a3c-8b47-1d1f7e267e39)

###解决方法：
https://blog.csdn.net/weixin_34290352/article/details/85800705

nova endpoints                     #测试 keystone