1, Deployment sequence of openstack components
1. Keystone (apache) global security authentication
2. Grace provides image service
3. nova provides computing services
4. neutron provides network services
When deploying openstack components, you need to first install keystone, which is run by Apache. After installation, you can create and manage accounts, and then install glance, nova and neutron
Among them, computing service and network service are divided into management end and client end. Therefore, it is necessary to install the management end of computing service and network service on the management end of openstack, install the client end of computing service and network service on the node node creating virtual machine, and finally install dashboard service. The API s of various components of openstack are run through apache;
The management side of openstack is responsible for creating and managing the scheduling of virtual machine process
The relevant data of creating virtual machines through openstack management end will be recorded in mysql (mariadb) eventually; The node node has no permission to write data to the database, only the control end has permission, and the communication between the node node and the control end is indirect communication through rabbitmq. The node node will listen to rabbitmq, and the control end will also listen to rabbitmq. The control end sends the instruction to create the virtual machine to rabbitmq, and the node node that listens to the queue specified by rabbitmq will receive the message and create the virtual machine;
II. Component deployment
Creating databases and authorizing users
create database keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'yy2234'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'yy2234'; flush privileges; exit
Configuring httpd apache mod_wsgi
mod_wsgi enables apache to proxy components of python programs
yum -y install openstack-keystone httpd mod_wsgi
cp -a /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_2234797257@ct/keystone accesses mysql through the pymysql module and specifies the user name, password, domain name and database name of the database
openstack-config --set /etc/keystone/keystone.conf token provider fernet appoint token The provider of the; The provider is keystone Oneself Fernet: A secure messaging format
Initialize database
su -s /bin/sh -c "keystone-manage db_sync" keystone
Initialize the fernet key database
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone use keystone User adoption fernet Encryption mode
Configure bootstrap authentication service
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://ct:5000/v3/ \ --bootstrap-internal-url http://ct:5000/v3/ \ --bootstrap-public-url http://ct:5000/v3/ \ --bootstrap-region-id RegionOne
When openstack is initialized, the information of the admin user of openstack will be written into the user table of mysql, and other information such as url will be written into the relevant tables of mysql;
#Admin URL is a management network (such as the openstack management network in the public cloud), which is used to manage the expansion or deletion of virtual machines; If the shared network and the management network are the same network, when the traffic is large, it will make it impossible to expand the virtual machine through the control end of openstack, so a management network is required;
#Internal URL is an internal network for data transmission, such as virtual machine access, storage and database, zookeeper and other middleware. This network can not be accessed by the external network, but can only be used for internal access of the enterprise
#Public URL is a shared network that can be accessed by users (such as public cloud) # but if there are no such networks in this environment, they share the same network
#Port 5000 is the port that keystone provides authentication
The following sections refer to the openstack multi node configuration
#You need to add a listen on the haproxy server
#The url of various networks needs to specify the domain name of the controller node, which is generally the domain name of the vip of haproxy (high availability mode)
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf to configure http The server
create profile
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ Create a soft connection to apache Under the directory systemctl enable httpd Start from systemctl start httpd Open service
Configure administrator's environment variables
The environment variable is used to create roles and projects, but the creation of roles and projects requires authentication information. Therefore, the user name, password and other authentication information are declared through the environment variable to deceive openstack that it has logged in and passed the authentication, so that projects and roles can be created; That is to pass the authentication information of admin user to openstack for authentication by declaring environment variables, so as to realize the non interactive operation for openstack
cat >> ~/.bashrc << EOF export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://ct:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF source ~/.bashrc By configuring environment variables, you can use openstack Command to perform some operations openstack user list Checklist
Create openstack domain project user
openstack project create --domain default --description "Service Project" service
Create user
openstack role create user Create user openstack role list view list openstack token issue Check whether the list item was created successfully
report errors
View list display http500
Cause: database pointing error. The hosts file is mapped to a NET network card. The intranet network card should be mapped. First check the network configuration, and then check the environment configuration. Check whether the pointing is wrong