openstack R版部署流程
前言: centos7.9 最小化安装 带开发工具包 软件环境:openstack R版
1.基本环境配置
试验环境
[思维导图笔记地址自取](https://pan.baidu.com/share/init?
surl=wFZMQaYA56045M4WSr_hKA&pwd=zwwi)
网络部署设置
vi /etc/sysconfig/network-scripts/ifcfg-ens192/32
| controller | computer |
|---|
| ifcfg-ens192 | ifcfg-ens32 | ifcfg-ens192 | ifcfg-ens32 |
|---|---|---|---|
| 192.168.1.74/24 | 192.168.3.74/24 | 192.168.1.75/24 | 192.168.3.75/24 |
| 192.168.1.4 | 192.168.1.4 | ||
| 8.8.8.8 | 8.8.8.8 | ||
| 114.114.114.114 | 114.114.114.114 |
关闭防火墙和iptables
systemctl stop firewalld && systemctl disable firewalld
vi /etc/selinux/config
...
SELINUX=disabled
不关闭防火墙开放端口(包括不限于,如需开放其他端口,按所需开放端口即可)
firewall-cmd --zone=public --permanent --add-port=4369/tcp
firewall-cmd --zone=public --permanent --add-port=25672/tcp
firewall-cmd --zone=public --permanent --add-port=5671-5672/tcp
firewall-cmd --zone=public --permanent --add-port=15672/tcp
firewall-cmd --zone=public --permanent --add-port=61613-61614/tcp
firewall-cmd --zone=public --permanent --add-port=1883/tcp
firewall-cmd --zone=public --permanent --add-port=8883/tcp
firewall-cmd --reload #重新加载,使如上配置生效
主机名和hosts映射文件
更改主机名
hostnamectl set-hostname controller
hostnamectl set-hostname compute
vi /etc/hosts
...
192.168.1.74 controller
192.168.1.75 computer
配置国内yum 源
备份本地源
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# mkdir bak
[root@controller yum.repos.d]# mv * bak/
mv: cannot move ‘bak’ to a subdirectory of itself, ‘bak/bak’
下载阿里国内源
CentOS 7
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
更新清理yum 缓存,
yum clean all && yum makecache && yum update -y
开启时间同步
yum install chrony -y
修改 配置文件
controller
[root@controller ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst #注释掉
#server 1.centos.pool.ntp.org iburst #注释掉
#server 2.centos.pool.ntp.org iburst #注释掉
#server 3.centos.pool.ntp.org iburst #注释掉
#添加如下两行
allow 192.168.1.0/24
server controller iburst
compute
[root@compute ~]# vim /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst #注释掉
#server 1.centos.pool.ntp.org iburst #注释掉
#server 2.centos.pool.ntp.org iburst #注释掉
#server 3.centos.pool.ntp.org iburst #注释掉
#添加
server controller iburst
开启开机自启动服务和重启使配置生效
systemctl enable chronyd && systemctl restart chronyd
检查是否生效
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 0 6 0 - +0ns[ +0ns] +/- 0ns
安装 OpenStack Rocky 程序包(所有节点)
yum -y install centos-release-openstack-rocky
安装完成/etc/yum.repos.d会添加几个文件
备份其他yum 文件,只保留CentOS-Base.repo 和CentOS-OpenStack-rocky.repo
#修改CentOS-OpenStack-rocky.repo
[root@controller yum.repos.d]# ls
bak CentOS-Base.repo CentOS-OpenStack-rocky.repo
[root@controller yum.repos.d]# cat CentOS-OpenStack-rocky.repo #替换为国内镜像站地址
[centotack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
更新yum源和缓存
yum update -y && yum makecache
#查看yum源列表
yum repolist
yum -y install python-openstackclient openstack-selinux
2.openstack服务部署
安装 所需SQL相关软件
control
安装软件
yum install mariadb mariadb-server python2-PyMySQL -y
备份配置文件
[root@controller my.cnf.d]# mkdir bak
[root@controller my.cnf.d]# cp -rf * bak/
编写openstack.cnf
[root@controller my.cnf.d]# vim openstack.cnf
[mysqld]
bind-address = 192.168.1.74
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动数据库服务,并开启开机自启动
systemctl enable mariadb.service && systemctl start mariadb.service
初始化数据库
[root@controller my.cnf.d]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y #设置root密码
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y #移除匿名用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n # 是否禁止root用户远程登录
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y #是否删除测试数据库
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y #重载数据库权限表
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
数据库开启远程访问
[root@controller my.cnf.d]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 10
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> grant all privileges on *.* to 'root'@'%' identified by '123456' with grant option;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
sql优化
vim /etc/my.cnf
#添加三行
max_connections=1000 #连接数
wait_timeout=50 #等待间隔
interactive_timeout = 600 #清理连接数间隔
重启生效
systemctl restart mariadb.service
安装消息队列服务
下载安装软件
yum install rabbitmq-server -y
开启开机自启动,并开启服务
systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service
创建RABBIT用户openstack,并授权
rabbitmqctl add_user openstack 123456 #创建rabbit用户opensatck,rabbit_pass密码123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允许openstack用户进行配置、写入和读取访问
[root@controller ~]# rabbitmqctl add_user openstack 123456
Creating user "openstack"
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
安装缓存服务
安装软件
yum install memcached python-memcached -y
修改配置文件
[root@controller ~]# vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1"
改为
OPTIONS="-l 127.0.0.1,::1,controller"
开启开机自启动,并开启服务
systemctl enable memcached.service && systemctl start memcached.service && systemctl status memcached.service
安装etcd服务(键值存储系统)
安装相关组件
yum install etcd -y
修改配置文件
vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.1.74:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.1.74:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.1.74:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.1.74:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.1.74:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
开机自启动和启动服务
systemctl enable etcd && systemctl start etcd && systemctl status etcd
部署keystone 相关服务
安装keystone 程序包
[root@controller ~]# yum -y install openstack-keystone httpd mod_wsgi
编辑配置文件
[root@controller ~]# cp -rfv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone #与实际情况结合修改
[token]
provider = fernet #找到取消注释即可
创建数据库
[root@controller ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
同步keystone数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
验证
[root@controller ~]# mysql -ukeystone -p123456 -e "use keystone;show tables;"
+-----------------------------+
| Tables_in_keystone |
+-----------------------------+
| access_token |
| application_credential |
| application_credential_role |
| assignment |
| config_register |
| consumer |
| credential |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| limit |
| local_user |
| mapping |
| migrate_version |
| nonlocal_user |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| project_tag |
| region |
| registered_limit |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| system_assignment |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| user_option |
| whitelisted_config |
+-----------------------------+
初始化Fernet Keys
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
设置初始管理员账户和租户,并配置相关URL
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
修改http配置文件
vi /etc/httpd/conf/httpd.conf
ServerName controller
编辑wsgi-keystone.conf文件,(没有就创建一个)
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# more /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /identity /usr/bin/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
开机自启动和重启服务
[root@controller ~]# systemctl enable httpd.service && systemctl start httpd.service && systemctl status httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2024-08-27 17:27:37 CST; 64ms ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 1366 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─1366 /usr/sbin/httpd -DFOREGROUND
├─1367 (wsgi:keystone- -DFOREGROUND
├─1368 (wsgi:keystone- -DFOREGROUND
├─1369 (wsgi:keystone- -DFOREGROUND
├─1370 (wsgi:keystone- -DFOREGROUND
├─1371 (wsgi:keystone- -DFOREGROUND
├─1372 /usr/sbin/httpd -DFOREGROUND
├─1373 /usr/sbin/httpd -DFOREGROUND
├─1374 /usr/sbin/httpd -DFOREGROUND
├─1375 /usr/sbin/httpd -DFOREGROUND
└─1376 /usr/sbin/httpd -DFOREGROUND
Aug 27 17:27:36 controller systemd[1]: Starting The Apache HTTP Server...
Aug 27 17:27:37 controller systemd[1]: Started The Apache HTTP Server.
检查5000端口服务是否存在
[root@controller ~]# netstat -an | grep 5000
tcp6 0 0 :::5000 :::* LISTEN
创建admin用户令牌文件
[root@controller ~]# vim admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
使用admin用户登录
[root@controller ~]# source admin-openrc.sh
验证可用
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 2fd38d02392e4dfbb5bf2f4b395f726e | admin |
+----------------------------------+-------+
创建openstack项目service(Nova、Cinder、 Neutron)
[root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 118fc9ae7ac54460993424055dc3c351 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建普通项目,用户和角色
创建项目demo
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 5779ce8247944034b48c91125ef1e081 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建用户demo
[root@controller ~]# openstack user create --domain default --password-prompt demo
User Password: #123456
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 61bc869bd682469583963de041944b31 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建角色demo
[root@controller ~]# openstack role create demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 659eced644f54c9ab53aefad480b6d9a |
| name | demo |
+-----------+----------------------------------+
授权角色到工程和用户
[root@controller ~]# openstack role add --project demo --user demo demo
验证设置
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2024-08-28T09:21:47+0000 |
| id | gAAAAABmzt4b2gtq12CmsczvJMNAcXTb1M7gRcGo4sfK90O_lQGJZtITrHlsJDGasRbOmvYz0yE4cO2j0j6Cj01tRdKAq3sNA6LHnYwKTn7hDxp45gEQ8tRxr2J62seY8wIm4FaREdUfdu84-khQxkmA-9KO7Mg1kk6Fq3-E_9zelDZ0Xt4NR4c |
| project_id | 50c60f82c253429490c9a81490b16a29 |
| user_id | 2fd38d02392e4dfbb5bf2f4b395f726e |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2024-08-28T09:24:01+0000 |
| id | gAAAAABmzt6hWv6oLiVI4zGXqNjwGM5ScuFZsa9WUrGZW1SLyEGkZWGSGO0Cpr4AMXp1cqaG-elKZSoJIgZ-hNxKA7jHnK8ScHzPU0bye7aDjPpeZsikAKkfKrEACvARJ05HHqhibYNH7D7fQiYdpobWA_Eq9e-nJRHnOf6WjAsaGoSlzJwK-OQ |
| project_id | 5779ce8247944034b48c91125ef1e081 |
| user_id | 61bc869bd682469583963de041944b31 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
安装镜像glance服务
下载安装相关程序
[root@controller ~]# yum install openstack-glance -y
编辑配置文件
[root@controller ~]# vim /etc/glance/glance-api.conf
[glance_store]
# 指定存储类型
stores = file,http
default_store = file
# 本地的镜像⽂件存放⽬录
filesystem_store_datadir = /var/lib/glance/images
#数据库连接
[database]
connection = mysql+pymysql://glance:123456@controller/glance
#openstack 连接访问
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
# www_authenticate_url = http://controller:5000
# auth_uri = http://controller:5000
# auth_url = http://controller:5000
memcached_servers = controller:11211
service_token_roles_required = true
auth_type = password
# 新增如下
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
#指定服务
[paste_deploy]
flavor = keystone
[root@controller ~]# vim /etc/glance/glance-registry.conf
#连接数据库
[database]
connection = mysql+pymysql://glance:123456@controller/glance
#openstack 连接访问
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
# www_authenticate_url = http://controller:5000
# auth_uri = http://controller:5000
# auth_url = http://controller:5000
memcached_servers = controller:11211
service_token_roles_required = true
auth_type = password
# 新增如下
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
#指定服务
[paste_deploy]
flavor = keystone
mysql创建glance数据库并授权
[root@controller ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 2
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.01 sec)
MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'%' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
openstack创建用户并授权
[root@controller ~]# openstack user create --domain Default --password 123456 glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2116b8efe19345cca9f0551932fad547 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建服务
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 80d396c5f7b24f5f962adcfdc8cdaae6 |
| name | glance |
| type | image |
+-------------+----------------------------------+
授权角色
[root@controller ~]# openstack role add --project service --user glance admin
添加API端点
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3c6ad6c531ed4513a3ab28ec150ad24b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 80d396c5f7b24f5f962adcfdc8cdaae6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0b9c667e9b0344d6b7100140eca41de2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 80d396c5f7b24f5f962adcfdc8cdaae6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 86b73d52b41e4830a613cadb712263de |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 80d396c5f7b24f5f962adcfdc8cdaae6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
检查url
[root@controller ~]# openstack catalog list
+----------+----------+----------------------------------------+
| Name | Type | Endpoints |
+----------+----------+----------------------------------------+
| keystone | identity | RegionOne |
| | | admin: http://controller:5000/v3/ |
| | | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | |
| glance | image | RegionOne |
| | | internal: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | RegionOne |
| | | admin: http://controller:9292 |
| | | |
+----------+----------+----------------------------------------+
同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
启动服务并设置开机自启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
验证使用
yum -y install wget
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
安装nova-controller
创建用户,服务,并授权
[root@controller ~]# openstack user create --domain Default --password 123456 nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e19f313197184a53a1c5f0bf57109cd8 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | fbac4b4fe4364b178e53115e600f61a8 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
创建API
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3701e5b615b04fb7ad241bb0299882d2 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fbac4b4fe4364b178e53115e600f61a8 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d4bead8e05a4eecb286e5237f1a1fda |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fbac4b4fe4364b178e53115e600f61a8 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9c802895746d4ae0b09a5d60a4096382 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fbac4b4fe4364b178e53115e600f61a8 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
安装placement
创建用户并授权服务
[root@controller ~]# openstack user create --domain default --password 123456 placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9250177a8ce24907b37155e12bd3e056 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 1510d9eba72a415da9798bf9862d1718 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin
创建API
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2dfdd11a9c894ef68229ff6cd189f804 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1510d9eba72a415da9798bf9862d1718 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 49d65c35b6a64500b5444aa5d2e6afe5 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1510d9eba72a415da9798bf9862d1718 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 317534b0923342028ab490aade6819b5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1510d9eba72a415da9798bf9862d1718 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
创建相关数据库
[root@controller ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 44
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database placement;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.02 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on placement.* to 'placement'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on placement.* to 'placement'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
安装相关软件
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
修改配置文件
vi /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.1.74
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:123456@controller/nova_api
[database]
connection = mysql+pymysql://nova:123456@controller/nova
[placement_database]
connection = mysql+pymysql://placement:123456@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
memcached_servers = controller:11211
auth_type = password
#新增如下几行
auth_url = http://controller:5000/v3
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
auth_type = password
auth_url = http://controller:5000/v3
project_name = service
project_domain_name = Default
username = placement
user_domain_name = Default
password = 123456
region_name = RegionOne
- [DEFAULT]` 部分是默认设置,包括以下内容:
my_ip: 指定Nova服务的IP地址。enabled_apis: 启用的API接口列表,这里启用了osapi_compute和metadata两个API。transport_url: RabbitMQ消息队列的连接URL,用于Nova与其它组件之间的通信。use_neutron: 是否使用Neutron网络服务,这里设置为true表示使用。firewall_driver: 防火墙驱动的配置,这里使用的是NoopFirewallDriver,表示不进行任何防火墙操作。
[api_database]部分是API数据库的配置信息:
connection: 数据库连接字符串,指定了使用的数据库类型(mysql+pymysql)、用户名、密码和数据库名。
[database]部分是Nova数据库的配置信息:
connection: 数据库连接字符串,同样指定了使用的数据库类型、用户名、密码和数据库名。
[placement_database]部分是Placement数据库的配置信息:
connection: 数据库连接字符串,指定了使用的数据库类型、用户名、密码和数据库名。
[api]部分是API相关的配置信息:
auth_strategy: 认证策略,这里使用的是keystone。[keystone_authtoken]
- Keystone认证令牌的配置信息。
memcached_servers: Memcached服务器的地址和端口。auth_type: 认证类型,这里使用的是密码认证。auth_url: Keystone服务的认证URL。project_domain_name: 项目域名称。user_domain_name: 用户域名称。project_name: 项目名称。username: 用户名。password: 密码。
[vnc]部分是VNC远程桌面的配置信息:
enabled: 是否启用VNC功能。server_listen: VNC服务器监听的IP地址。server_proxyclient_address: VNC代理客户端的IP地址。
[glance]部分是Glance镜像服务的配置信息:
api_servers: Glance API服务器的地址和端口。
[oslo_concurrency]部分是并发控制的配置信息:
lock_path: 锁文件的存储路径。
[placement]部分是Placement服务的配置信息:
auth_type: 认证类型,这里使用的是密码认证。auth_url: Placement服务的认证URL。project_name: 项目名称。project_domain_name: 项目域名称。username: 用户名。user_domain_name: 用户域名称。password: 密码。region_name: 区域名称。
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
同步nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nov
同步nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
#警告无影响表示,未找到cell0映射-未同步cell0
WARNING: cell0 mapping not found - not syncing cell0.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_v irtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprec ated and will be disallowed in a future release.')
result = self._query(query)
cell0映射到Nova数据库中
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建一个新的cell1并输出
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
d353c685-10a5-4572-911f-343883d7d29d
验证cell0和cell1
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | d353c685-10a5-4572-911f-343883d7d29d | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
注册 Placement Web Server 到 httpd ,并重启服务
[root@controller ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
#添加如下
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
[root@controller ~]# systemctl restart httpd && systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Thu 2024-09-05 16:48:38 CST; 105ms ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 1869 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 1885 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─1885 /usr/sbin/httpd -DFOREGROUND
├─1886 /usr/sbin/httpd -DFOREGROUND
├─1887 /usr/sbin/httpd -DFOREGROUND
├─1888 /usr/sbin/httpd -DFOREGROUND
├─1889 (wsgi:keystone- -DFOREGROUND
├─1890 (wsgi:keystone- -DFOREGROUND
├─1891 (wsgi:keystone- -DFOREGROUND
├─1892 (wsgi:keystone- -DFOREGROUND
├─1893 (wsgi:keystone- -DFOREGROUND
├─1894 /usr/sbin/httpd -DFOREGROUND
├─1895 /usr/sbin/httpd -DFOREGROUND
├─1896 /usr/sbin/httpd -DFOREGROUND
├─1897 /usr/sbin/httpd -DFOREGROUND
└─1898 /usr/sbin/httpd -DFOREGROUND
Sep 05 16:48:38 controller systemd[1]: Starting The Apache HTTP Server...
Sep 05 16:48:38 controller systemd[1]: Started The Apache HTTP Server.
启动nova相关服务,并设置开机自启动
systemctl enable openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl status openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
检查服务
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2024-09-05T08:55:26.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2024-09-05T08:55:26.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2024-09-05T08:55:26.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
nova-compute双节点部署
前提条件-检测嵌套虚拟化设置(物理机跳过这步)
命令查询,(结果为0表示不支持)
注释:查找该文件内包含vmx或svm的行数
[root@controller ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
安装相关软件
yum install openstack-nova-compute -y
修改配置文件
vim /etc/nova/nova.conf
controller
[DEFAULT]
...
compute_driver=libvirt.LibvirtDriver
instances_path=/var/lib/nova/instances
[vnc]
...
novncproxy_base_url=http://controller:6080/vnc_auto.html
[libvirt]
...
virt_type=qemu
compute
[DEFAULT]
...
my_ip=192.168.1.75
enabled_apis=osapi_compute,metadata
firewall_driver=nova.virt.firewall.NoopFirewallDriver
use_neutron=true
transport_url = rabbit://openstack:123456@controller
compute_driver=libvirt.LibvirtDriver
instances_path=/var/lib/nova/instances
[api_database]
...
connection=mysql+pymysql://nova:123456@controller/nova_api
[database]
...
connection=mysql+pymysql://nova:123456@controller/nova
[placement_database]
...
connection=mysql+pymysql://placement:123456@controller/placement
[api]
...
auth_strategy=keystone
[keystone_authtoken]
memcached_servers=controller:11211
auth_type=password
#添加如下几行
auth_url = http://controller:5000/v3
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[vnc]
...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url=http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
[placement]
...
auth_type = password
auth_url = http://controller:5000/v3
project_name = service
project_domain_name = Default
username = placement
user_domain_name = Default
password = 123456
region_name = RegionOne
[libvirt]
...
virt_type = qemu
设置开机自启动和开启服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
注册nova-compute到cell中
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': d353c685-10a5-4572-911f-343883d7d29d
Found 0 unmapped computes in cell: d353c685-10a5-4572-911f-343883d7d29d
[root@compute ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': d353c685-10a5-4572-911f-343883d7d29d
Checking host mapping for compute host 'controller': 82c0cb1b-7e63-47f3-afbb-3a48c5a893be
Creating host mapping for compute host 'controller': 82c0cb1b-7e63-47f3-afbb-3a48c5a893be
Checking host mapping for compute host 'compute': 38fd3318-6782-4166-83a8-4369f1309309
Creating host mapping for compute host 'compute': 38fd3318-6782-4166-83a8-4369f1309309
Found 2 unmapped computes in cell: d353c685-10a5-4572-911f-343883d7d29d
验证注册
[root@controller ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2024-09-09T14:48:29.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2024-09-09T14:48:32.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2024-09-09T14:48:32.000000 |
| 7 | nova-compute | controller | nova | enabled | up | 2024-09-09T14:48:24.000000 |
| 8 | nova-compute | compute | nova | enabled | up | 2024-09-09T14:48:24.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+=
检查cells和placement API是否正常运行
有问题报错,service找不到,重新同步数据库,忽略警告
su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: API Service Version |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Request Spec Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Console Auths |
| Result: Success |
| Details: None |
+--------------------------------+
安装neturn服务
下载安装相关软件包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
创建数据库并授权用户
[root@controller ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 1613
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
创建openstack 用户,服务并授权
openstack service create --name neutron --description "OpenStack Networking" network
openstack user create --domain default --password 123456 neutron
openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | dfcfe291b8f7486eaba9ff3c9f33accd |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default --password 123456 neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | dc578ba1f6394efeba3935d8d3ba5a39 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
创建API站点
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 46e3e64ac8354300a329f301cccb5337 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dfcfe291b8f7486eaba9ff3c9f33accd |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bf7e460c3b2c4a5f9912f90bc1fcfaab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dfcfe291b8f7486eaba9ff3c9f33accd |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8a108a1ad1c947f1a2ea6804e21a2571 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dfcfe291b8f7486eaba9ff3c9f33accd |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
编辑配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
...
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123456@controller
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
...
connection = mysql+pymysql://neutron:123456@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
memcached_servers = controller:11211
auth_type = password
#新增如下
auth_url = http://controller:5000
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[nova]
...
region_name = RegionOne
auth_url = http://controller:5000
auth_type = password
password = 123456
project_domain_name = default
project_name = service
user_domain_name = default
username = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
#type_drivers = flat,vlan,vxlan
type_drivers = local,flat,vlan,gre,vxlan,geneve
# 因为实验环境 IP 地址不多,所以启动 VxLAN 网络类型
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
[root@controller ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
# 物理网络隐射,OvS Bridge br-provider 需要手动创建
bridge_mappings = provider:br-provider
# 另一块网卡ip
local_ip = 192.168.3.74
[agent]
tunnel_types = vxlan
l2_population = True
[securitygroup]
firewall_driver = iptables_hybrid
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = openvswitch
#不设值
external_network_bridge =
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 123456
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456
auth_type = password
auth_url = http://controller:5000
project_name = service
project_domain_name = default
username = neutron
user_domain_name = default
password = 123456
region_name = RegionOne
配置软链接plugin.ini
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
启动服务并设置开机自启动
systemctl enable openvswitch && systemctl start openvswitch && systemctl status openvswitch
创建物理网络映射,OvS Bridge br-provider (执行完以后会断开外网,建议在设置的最后一步操作)
[root@controller ~]# ovs-vsctl add-br br-provider
[root@controller ~]# ovs-vsctl add-port br-provider ens224
[root@controller ~]# ovs-vsctl show
同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启compute api服务
systemctl restart openstack-nova-api.service
启动neutron服务并设置开机自启动
启动 OvS Agent 的时候会自动创建综合网桥 br-int、隧道网桥 br-tun。手动创建的 br-provider 用于 Flat、VLAN 隧道类型网络。
systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service && systemctl status neutron-l3-agent.service
[root@controller ~]# ovs-vsctl show
547ca616-04b4-40e5-838f-f27441e768fa
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-int
Controller "tcp:127.0.0.1:6633"
fail_mode: secure
Port br-int
Interface br-int
type: internal
ovs_version: "2.11.0"
compute-neutron服务
安装相关软件包
yum install openstack-neutron-openvswitch ipset -y
修改配置文件
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
memcached_servers = controller:11211
auth_type = password
#新增如下
auth_url = http://controller:5000
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@compute ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
local_ip = 192.168.1.75
[agent]
tunnel_types = vxlan
l2_population = True
[root@compute ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_type = password
auth_url = http://controller:5000
project_name = service
project_domain_name = default
username = neutron
user_domain_name = default
password = 123456
region_name = RegionOne
启动服务
systemctl restart openstack-nova-compute.service
systemctl enable openvswitch neutron-openvswitch-agent.service
systemctl start openvswitch neutron-openvswitch-agent.service
systemctl status openvswitch neutron-openvswitch-agent.service
检查命令
ovs-vsctl show
openstack network agent list
[root@compute ~]# ovs-vsctl show
03d4cb6d-f366-4c8f-b63a-bdbfc91aaed9
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-tun
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-tun
Interface br-tun
type: internal
Port patch-int
Interface patch-int
type: patch
options: {peer=patch-tun}
Bridge br-int
Controller "tcp:127.0.0.1:6633"
is_connected: true
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port patch-tun
Interface patch-tun
type: patch
options: {peer=patch-int}
ovs_version: "2.11.0"
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 2358450a-f78f-4380-a0a8-dbc610ad11dc | Open vSwitch agent | compute | None | :-) | UP | neutron-openvswitch-agent |
| 75d6162c-f55c-46c4-b5a9-6a193ba183fd | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| b8c54f1c-b29e-47fe-a33b-a7b1033b3be2 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| fc96d2d7-2e54-4ca0-ac69-31021f2f21c5 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
Horizon模块(dashboard服务)
安装相关软件
yum install openstack-dashboard -y
修改配置文件
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
#启用Identity API版本3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
...
# 允许所有主机访问
ALLOWED_HOSTS = ['*', ]
...
# 设置memcached会话存储服务
# memcached set CACHES to something like
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' #新增
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211', #新增
}
}
...
# 配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
...
# 启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
...
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
...
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_fip_topology_check': True,
'enable_lb': False, #新增
'enable_firewall': False, #新增
'enable_vpn': False, #新增
'supported_vnic_types': ['*'],
'physical_networks': [],
}
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL} #新增
启动服务
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service
访问网页http://192.168.1.74/dashboard (如果配置域名解析则使用主机名即可)
cinder服务
安装相关软件包
yum install lvm2 device-mapper-persistent-data openstack-cinder targetcli python-keystone -y
前提准备-新增一块大于40G硬盘
此处使用controller的第二块磁盘作为lvm卷,大于40G且未使用状态
vim /etc/lvm/lvm.conf
filter = [ "a/sdb/", "r/.*/"]
启动lvm服务
systemctl enable lvm2-lvmetad.service && systemctl start lvm2-lvmetad.service && systemctl status lvm2-lvmetad.service
初始化/dev/sdb
[root@controller ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created.
创建卷组
[root@controller ~]# vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created
创建数据库并授权
mysql -uroot -p123456
create database cinder;
grant all privileges on cinder.* to 'cinder'@'localhost' identified by '123456';
grant all privileges on cinder.* to 'cinder'@'%' identified by '123456';
mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 49
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database cinder;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on cinder.* to 'cinder'@'localhost' identified by '123456';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all privileges on cinder.* to 'cinder'@'%' identified by '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
openstack创建用户服务且授权
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
openstack user create --domain default --password 123456 cinder
openstack role add --project service --user cinder admin
[root@controller ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | dbe4b36905074b2b8efe34d2c2c16828 |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 1a6feae2845040c8a0b8dfd48150fffc |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default --password 123456 cinder
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aff4fc5e41a44f4aa0e3e44387f38ac1 |
| name | cinder |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user cinder admin
创建API站点
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 61179dd9174e4ae8a9058cb4744b68b8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dbe4b36905074b2b8efe34d2c2c16828 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint delete --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 7af1bfb3f41346d0a9b0f073b64ec06f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dbe4b36905074b2b8efe34d2c2c16828 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 18353b731b774b3f8a9b30e1eb41ee62 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dbe4b36905074b2b8efe34d2c2c16828 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 0c59926ede344c1f8fb8a463c9f0dd26 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1a6feae2845040c8a0b8dfd48150fffc |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | ee92708b27ac45d393915e6a99eb0714 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1a6feae2845040c8a0b8dfd48150fffc |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | ef6ab61c3d1347f4abc672d3c3713e86 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1a6feae2845040c8a0b8dfd48150fffc |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
编辑配置文件
controller
vi /etc/cinder/cinder.conf
[DEFAULT]
...
my_ip = 192.168.1.74
glance_api_servers = http://controller:9292
auth_strategy = keystone
enabled_backends = lvm
transport_url = rabbit://openstack:123456@controller
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
target_protocol = iscsi
target_helper = lioadm
[database]
...
connection = mysql+pymysql://cinder:123456@controller/cinder
[keystone_authtoken]
...
www_authenticate_uri = http://controller:5000
memcached_servers = controller:11211
auth_type = password
#新增如下
auth_url = http://controller:5000
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = 123456
[oslo_concurrency]
...
lock_path = /var/lib/cinder/tmp
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
compute
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
同步数据库
su -s /bin/sh -c "cinder-manage db sync" cinder
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
#报错属于正常范围,部分参数弃用
Deprecated: Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".
启动服务
compute
systemctl restart openstack-nova-compute
controller
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service openstack-cinder-volume.service target.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service openstack-cinder-volume.service target.service
systemctl status openstack-cinder-api.service openstack-cinder-scheduler.service openstack-cinder-volume.service target.service
检查服务
openstack volume service list
[root@controller ~]# openstack volume service list
+------------------+----------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+----------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up | 2024-09-12T15:44:54.000000 |
| cinder-volume | controller@lvm | nova | enabled | up | 2024-09-12T15:44:58.000000 |
+------------------+----------------+------+---------+-------+----------------------------+
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
