前言
Open Stack的官方安装手册参考以下网址,如在安装过程中如有与本手册有不一致的地方以官方手册为准。
OpenStack Installation Guide — Installation Guide documentation
1、搭建基础环境
首先准备一台CentOS7的环境,yum仓库使用CentOS自带的仓库,在不影响宿主机的情况下虚拟机cpu与内存尽可能开的够大,磁盘10G以上即可,虚拟机可以访问互联网即可。
2、准备工作
2.1、禁用SELinux
[root@controller ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
2.2、关闭防火墙
[root@controller ~]# systemctl status firewalld
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)
Active: inactive (dead)
Docs: man:firewalld(1)
2.3、配置网卡
[root@controller network-scripts]# cat ifcfg-eth0
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=406ef76f-d50d-4205-9f87-4046d0da9161
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.2.11
PREFIX=24
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes2.4、配置主机名
[root@controller network-scripts]# cat /etc/hostname
controller
[root@controller network-scripts]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.2.11 controller
2.5、设置时区
[root@controller ~]# timedatectl
Local time: Mon 2023-08-14 08:57:59 CST
Universal time: Mon 2023-08-14 00:57:59 UTC
RTC time: Mon 2023-08-14 00:59:08
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a
[root@controller ~]#3、安装软件
3.1、安装NTP
用于同步各个节点的时间。需要安装Chrony,通常情况下安装在控制器节点,其他节点则同步控制节点的时间,来达到各个节点时间一致的效果。
#安装chrony
[root@controller /]# yum install chrony -y
#配置(可选)
[root@controller /]# vim /etc/chrony.conf
server 0.centos.pool.ntp.org iburst
#启动软件、设置开机启动
[root@controller /]# systemctl start chronyd.service
[root@controller /]# systemctl enable chronyd.service
3.2、添加OpenStack软件源
#查看当前系统可以安装哪些OpenStack的仓库,安装任意一个即可,当前使用的CentOS默认的yum仓库
[root@controller yum.repos.d]# yum list all | grep -i openstack
centos-release-openstack-queens.noarch 1-2.el7.centos extras
centos-release-openstack-rocky.noarch 1-1.el7.centos extras
centos-release-openstack-stein.noarch 1-1.el7.centos extras
centos-release-openstack-train.noarch 1-1.el7.centos extras
#为本机添加一个centos-release-openstack-rocky仓库
[root@controller yum.repos.d]# yum install centos-release-openstack-rocky -y
#安装OpenStack Client
[root@controller yum.repos.d]# yum install python-openstackclient -y
注:如果在安装相关的软件提示有依赖的问题直接网上搜索继续添加新的仓库即可
3.3、安装SQL数据库
通常情况下,数据库安装在控制节点上,用于存储OpenStack的数据。
#安装SQL
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
#配置SQL
[root@controller /]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
#修改为本机的网卡IP
bind-address = 192.168.2.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
#设置开机自启、启动SQL
[root@controller /]# systemctl enable mariadb.service
[root@controller /]# systemctl start mariadb.service
#设置SQL数据库的root账号、密码
[root@controller /]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@controller ~]#
3.4、安装消息队列
消息队列服务通常安装在控制器节点上。用于协调服务之间的操作和状态信息。
#安装MQ
[root@controller /]# yum install rabbitmq-server -y
#设置开机自启、启动MQ
[root@controller /]# systemctl enable rabbitmq-server.service
[root@controller /]# systemctl start rabbitmq-server.service
#添加MQ用户,设置密码
[root@controller /]# rabbitmqctl add_user openstack RABBIT_PASS
#允许openstack用户进行配置、写入和读取访问
[root@controller /]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
3.5、安装Memcached
Memcached 服务通常安装在控制器节点上。服务的身份服务认证机制使用 Memcached 来缓存token令牌。
#安装
[root@controller /]# yum install memcached python-memcached
#配置
[root@controller /]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#新增controller域名,其他节点可以通过该域名直接访问
OPTIONS="-l 127.0.0.1,::1,controller"
#设置开机自启、启动软件
[root@controller /]# systemctl enable memcached.service
[root@controller /]# systemctl start memcached.service
3.6、安装ETCD数据库
用于分布式密钥锁定、存储配置、跟踪服务实时性和其他场景
#安装etcd
[root@controller /]# yum install etcd
#配置etcd:
#ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS, ETCD_ADVERTISE_CLIENT_URLS,ETCD_LISTEN_CLIENT_URLS设置为控制节点的IP(即:本机的网卡IP)
[root@controller /]# vim /etc/etcd/etcd.conf
[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.2.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://localhost:2379,http://192.168.2.11:2379"
ETCD_NAME="controller"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.2.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.2.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.2.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
#设置开机自启、启动软件
[root@controller /]# systemctl enable etcd
[root@controller /]# systemctl start etcd
4、安装OpenStack
注意:本次安装的是Rocky版本
4.1、默认密码
本次安装OpenStack所有的组件,均使用默认密码。
| Password name | Description |
| Database password (no variable used) | Root password for the database |
| ADMIN_PASS | Password of user admin |
| CINDER_DBPASS | Database password for the Block Storage service |
| CINDER_PASS | Password of Block Storage service user cinder |
| DASH_DBPASS | Database password for the Dashboard |
| DEMO_PASS | Password of user demo |
| GLANCE_DBPASS | Database password for Image service |
| GLANCE_PASS | Password of Image service user glance |
| KEYSTONE_DBPASS | Database password of Identity service |
| METADATA_SECRET | Secret for the metadata proxy |
| NEUTRON_DBPASS | Database password for the Networking service |
| NEUTRON_PASS | Password of Networking service user neutron |
| NOVA_DBPASS | Database password for Compute service |
| NOVA_PASS | Password of Compute service user nova |
| PLACEMENT_PASS | Password of the Placement service user placement |
| RABBIT_PASS | Password of RabbitMQ user openstack |
4.2、安装Keystone
4.2.1、安装Keystone步骤
-
作用:用于管理身份验证、授权和服务目录。通过身份验证后,最终用户可以使用他们的身份访问其他 OpenStack 服务。
-
创建数据库
#登录数据库
[root@controller /]# mysql -u root -p
#创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;
#用户登录授权
#本地登录
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
#远程登录
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
- 安装、配置keystone
#安装软件
[root@controller /]# yum install openstack-keystone httpd mod_wsgi
#配置keystone.conf
[root@controller /]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
#填充keystone数据库
[root@controller /]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化Fernet密钥库
[root@controller /]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#引导身份服务
[root@controller /]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
- 配置Apache HTTP服务
#配置httpd.conf
[root@controller /]# vim /etc/httpd/conf/httpd.conf
ServerName controller
#创建软链接
[root@controller /]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# ll /etc/httpd/conf.d/
total 16
-rw-r--r-- 1 root root 2926 May 30 22:01 autoindex.conf
-rw-r--r-- 1 root root 366 May 30 22:01 README
-rw-r--r-- 1 root root 1252 May 30 21:49 userdir.conf
-rw-r--r-- 1 root root 824 May 30 21:55 welcome.conf
lrwxrwxrwx 1 root root 38 Aug 14 09:48 wsgi-keystone.conf -> /usr/share/keystone/wsgi-keystone.conf
- 配置系统环境
[root@controller /]# systemctl enable httpd.service
[root@controller /]# systemctl start httpd.service
#配置管理账户
[root@controller /]# export OS_USERNAME=admin \
export OS_PASSWORD=ADMIN_PASS \
export OS_PROJECT_NAME=admin \
export OS_USER_DOMAIN_NAME=Default \
export OS_PROJECT_DOMAIN_NAME=Default \
export OS_AUTH_URL=http://controller:5000/v3 \
export OS_IDENTITY_API_VERSION=3
- 创建域、项目、用户、角色信息
此处创建一个示例域:example
#创建域
[root@controller /]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | d68bb67e452245d4afea5ba54749e9ec |
| name | example |
| tags | [] |
+-------------+----------------------------------+
#创建项目
[root@controller /]# openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 7a829547d6c64c8196c6acd9dd6f76ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
创建一个demo项目
#创建demo项目
[root@controller /]# openstack project create --domain default \
--description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 9dcaab5bc3db4def8f5d86389e7a7868 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#创建demo项目的用户
[root@controller /]# openstack user create --domain default \
--password-prompt demo
#填入默认密码:DEMO_PASS
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 745d6617fce546a5a4f21bd08edc577b |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#创建角色
[root@controller /]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 2cb30b5015a5489ca279cb8c48794e25 |
| name | user |
+-----------+----------------------------------+
#为demo项目的用户:demoe,赋予角色:user
[root@controller /]# openstack role add --project demo --user demo user
4.2.2、验证是否成功安装
#取消设置临时OS_AUTH_URL和OS_PASSWORD 环境变量
[root@controller /]# unset OS_AUTH_URL OS_PASSWORD
用刚创建的demo用户,请求一个认证token
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issue
#此处填入的密码为用户demo的密码,默认为DEMO_PASS
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-08-14T03:15:03+0000 |
| id | gAAAAABk2Y4n8jPzpvObvS3WBhqLL8cwi9iOUr3mHul1rT3727dfzmVXwYHQHCO-8_RAS1VfVjX0nU2MqHdHp7EOFhM3RbBZ5PPRfLtyZYlU4-6i3iSKnCjSwB-IFCr0nw00OxsF2LugcXK-NVhNq48j17oSkrIvDZNO0gHiavP1vcGacJqMfXI |
| project_id | 9dcaab5bc3db4def8f5d86389e7a7868 |
| user_id | 745d6617fce546a5a4f21bd08edc577b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
#查看admin用户的认证token
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
#此处填入的密码为用户admin的密码,默认为ADMIN_PASS
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-08-14T03:19:58+0000 |
| id | gAAAAABk2Y9OZFlEFBVXdu5rdcvXJTH-DqjRV4icCWWuMg7rZ1PJyeiwTf1LQcYoBL2xcy9tzMMdLlmyqJwc4SSjGAsIIJywURQmHoyAeZDhOahes1X1VtsBuxYYIbxLJtrw1cmBGXLqhqulAtgA2ZZcf2eDkjqrB9JQd4YdW7M2uzbJfD9VPxI |
| project_id | 2ebe9bdceada499285a08cc957b25f28 |
| user_id | 5635b3872c724321b5247d77b30cb54d |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
4.2.3、创建OpenStack客户端脚本
- 为什么需要使用脚本?
由于之前,配置系统环境时,使用的是export命令,该命令用于临时配置环境变量,当系统重启或者执行export明令的终端关闭后,该环境变量就无法使用了,导致openstack命令无法被执行。
- 需要创建的脚本如下:
为管理(admin)和演示(demo)项目以及用户创建客户端环境脚本。即:获取相应权限的CLI命令(Command Line Interface),通过命令的方式进行交互。这两个脚本可以存放在同一个目录中。
admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
- 使用脚本的方式
[root@controller ~]# source admin-openrc
#请求身份验证令牌
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-08-14T03:25:27+0000 |
| id | gAAAAABk2ZCXuJMqyD8SulQVy1BmKK6QwEx6A25qwgkO-sn52VeezrYgVJO2N3VlMSBbHgd10RGrYgTbdYpW8_hYAD2Cruc98TkyWL9zxqhpsZlAMHbm-Bw_DBNDXUpKC41nHOJlb5WCz2MbiLEpqSV9mLkgN6FRoOz8Jgi0416YdcUuCj9ecUg |
| project_id | 2ebe9bdceada499285a08cc957b25f28 |
| user_id | 5635b3872c724321b5247d77b30cb54d |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# source demo-openrc
#请求身份验证令牌
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2023-08-14T03:25:36+0000 |
| id | gAAAAABk2ZCgNahSv07eWHjPG6R81WZmY_gxQyTZOrieD1r8BSHx0KLKsC7Tekms5PZR53gQ8xVl75IJ4-0kdXuxgDgpcDq-oKT-VN7zHCt1dtUVIRjKh9c04MFusZDBglYMJmpZYK6Zm451tVSzahUn-nrU0C-gn92lacGcR1I4uhgsLJuyW18 |
| project_id | 9dcaab5bc3db4def8f5d86389e7a7868 |
| user_id | 745d6617fce546a5a4f21bd08edc577b |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
4.3、安装Glance
4.3.1、安装Glance步骤
-
作用:提供发现、注册和检索虚拟机镜像的功能。
-
创建数据库
#登录数据库
[root@controller /]# mysql -u root -p
#创建glance数据库
MariaDB [(none)]> CREATE DATABASE glance;
#授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
- 获取管理员的CLI命令
[root@controller /]# source admin-openrc
- 创建服务凭证:用户、角色信息,镜像服务端点
#创建glance用户
[root@controller /]# openstack user create --domain default --password-prompt glance
#此处使用默认密码:GLANCE_PASS
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | abfa47ef2323437398a664ba7ff31062 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#为glance用户添加角色信息
[root@controller /]# openstack role add --project service --user glance admin
#创建glance服务实例
[root@controller /]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | e3695eefdd5e4f3a9201814433c55276 |
| name | glance |
| type | image |
+-------------+----------------------------------+
- 创建镜像服务的API端点:一共需要创建3种
#public类型
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 20bd88884afb4c659501cd601a5421d8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e3695eefdd5e4f3a9201814433c55276 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
#admin类型
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340b56d8d45d4820ba47327bc6736b2f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e3695eefdd5e4f3a9201814433c55276 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
#internal类型
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a9b5fda2f73d4875b5b35d0aa11fce6b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | e3695eefdd5e4f3a9201814433c55276 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]#
- 安装、配置glance
#安装glance
[root@controller /]# yum install openstack-glance
#配置glance-api.conf
[root@controller /]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#配置glance-registry.conf
[root@controller /]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
#填充lance数据库
[root@controller /]# su -s /bin/sh -c "glance-manage db_sync" glance
- 配置环境
开机自启动、启动glance
[root@controller /]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
[root@controller /]# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
4.3.2、验证是否成功安装
使用CirrOS验证 Image 服务是否可用:使用OpenStack 部署一个小型 Linux 映像(eg:cirros-cloud)
[root@controller ~]# source admin-openrc
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
[root@controller ~]# openstack image create "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
[root@controller ~]# openstack image create "cirros" \
> --file cirros-0.4.0-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2023-08-14T02:48:50Z |
| disk_format | qcow2 |
| file | /v2/images/61f9f0ce-f8e5-4210-ab7d-45ce39633386/file |
| id | 61f9f0ce-f8e5-4210-ab7d-45ce39633386 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 2ebe9bdceada499285a08cc957b25f28 |
| properties | os_hash_algo='sha512', os_hash_value='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', os_hidden='False' |
| protected | False |
| schema | /v2/schemas/image |
| size | 12716032 |
| status | active |
| tags | |
| updated_at | 2023-08-14T02:48:50Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 61f9f0ce-f8e5-4210-ab7d-45ce39633386 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]#
4.4、安装Nova
4.4.1、安装、配置控制节点
-
创建Nova数据库
#进入数据库
[root@controller /]# mysql -u root -p
#创建数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
#数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
- 获取管理员的CLI命令
[root@controller ~]# source admin-openrc
- 创建计算服务凭证
#创建nova用户
[root@controller ~]# openstack user create --domain default --password-prompt nova
#使用默认密码:NOVA_PASS
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 57e2ca14027b47439b95a5de1f504fdb |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#为nova用户添加角色
[root@controller ~]# openstack role add --project service --user nova admin
#创建nova服务实例
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 3a70da8422a54351a91c1de15a36601b |
| name | nova |
| type | compute |
+-------------+----------------------------------+
#创建计算API端点:3种
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5b21e23c171249b7b8ba5514dfac3298 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a70da8422a54351a91c1de15a36601b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9a86934f06c4404aaae6013762c239e8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a70da8422a54351a91c1de15a36601b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 366519860af642b7bb114d25112aa717 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a70da8422a54351a91c1de15a36601b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 29b4e4edc494413b9b012ff48f36927a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 3a70da8422a54351a91c1de15a36601b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]#
#创建放置服务用户(placement)
[root@controller ~]# openstack user create --domain default --password-prompt placement
#使用默认密码:PLACEMENT_PASS
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 30839994322542dc816b060398acd70e |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#为placement用户添加角色信息
[root@controller ~]# openstack role add --project service --user placement admin
#在服务目录中创建Placement API条目
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 9da13cb0cd9b4ca3b75f7a94cf9f0b71 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
#创建Placement API服务端点:3种
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8780
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e79981f4aefc42fb9d9910cc30dfd84c |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9da13cb0cd9b4ca3b75f7a94cf9f0b71 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8780 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8780
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9d39f1f15cf04cf681a33fbd785f329a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9da13cb0cd9b4ca3b75f7a94cf9f0b71 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8780 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8780
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 15637ff260334dd28a352f2aa5a1908e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9da13cb0cd9b4ca3b75f7a94cf9f0b71 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8780 |
+--------------+----------------------------------+
[root@controller ~]#
-
安装、配置Glance服务
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
#配置nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 192.168.2.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/run/nova
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
#填充Nova-api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
#注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#创建cell1单元:此处会生成一个UUID
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
0244d235-815f-49c7-9580-79b87e0b47b8
#填充nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
#验证novecell0、cell1是否正确注册
[root@controller ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 0244d235-815f-49c7-9580-79b87e0b47b8 | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
[root@controller ~]#
[root@controller ~]# systemctl enable openstack-nova-api.service \
> openstack-nova-consoleauth openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service \
> openstack-nova-consoleauth openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]#
4.4.2、安装、配置计算节点
- 安装、配置Nova-compute
#安装软件
[root@controller ~]# yum install openstack-nova-compute
#配置nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 192.168.2.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/run/nova
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
- 配置环境
#判断VMWware的虚拟机是否开启虚拟加速
[root@controller ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
0
#若上述命令的输出结果 = 0,则需要执行此步骤(说明未开启虚拟加速,需要配置nova.conf的virt_type )
[root@controller ~]# vim /etc/nova/nova.conf
[libvirt]
# 默认是KVM
virt_type = qemu
#设置开机自启动、启动nova-compute服务
[root@controller ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@controller ~]# systemctl start libvirtd.service openstack-nova-compute.service
- 获取管理员的CLI命令
[root@controller ~]# source admin-openrc
- 将计算节点添加至cell数据库种
#确认数据库中存在host主机
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+------------+------+---------+-------+----------------------------+
| 15 | nova-compute | controller | nova | enabled | up | 2023-08-14T06:54:52.000000 |
+----+--------------+------------+------+---------+-------+----------------------------+
#发现计算主机
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 0244d235-815f-49c7-9580-79b87e0b47b8
Checking host mapping for compute host 'controller': a030c0e1-d986-41f1-bfc0-b174f4c3e93f
Creating host mapping for compute host 'controller': a030c0e1-d986-41f1-bfc0-b174f4c3e93f
Found 1 unmapped computes in cell: 0244d235-815f-49c7-9580-79b87e0b47b8
[root@controller ~]#
4.5、安装Neutron
4.5.1、安装、配置控制节点
-
创建数据库
#进入数据库
[root@controller /]# mysql -u root -p
#创建数据库
MariaDB [(none)] CREATE DATABASE neutron;
#授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
- 获取管理员的CLI命令
[root@controller ~]# source admin-openrc
- 创建服务凭证
#创建Neutron用户
[root@controller /]# openstack user create --domain default --password-prompt neutron
#此处使用默认密码:NEUTRON_PASS
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 92ddd70556b44d3398c8ec79b7f9ab3d |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#添加Neutron用户的juese
[root@controller /]# openstack role add --project service --user neutron admin
#创建Neutron服务实例
[root@controller /]# openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 0b98754078634fd5afac0bfc21e08c8b |
| name | neutron |
| type | network |
+-------------+----------------------------------+
- 创建网络服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 37ae03d5275f4430be96fc2ea00a7d52 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b98754078634fd5afac0bfc21e08c8b |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cb43dc5c5b32448ba88325d09044bb1c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b98754078634fd5afac0bfc21e08c8b |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e4febc7464ef4ac6a636971b1a30a1b3 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b98754078634fd5afac0bfc21e08c8b |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
- 配置网络
此处有两种网络可选:provider networks、self-service networks。本次使用self-service networks。
安装组件
[root@controller /]# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置neutron.conf
[root@controller /]# vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置ml2_conf.ini
配置模块化第 2 层 (ML2) 插件
[root@controller /]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
配置linuxbridge_agent.ini
配置 Linux 网桥代理
#配置文件
[root@controller /]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
#PROVIDER_INTERFACE_NAME:替换为本机网卡名,eg:ens33
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = true
#OVERLAY_INTERFACE_IP_ADDRESS:替换为本机网卡IP
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#验证linux系统内核是否支持网桥筛选器,下面的参数输出值均为1,说明支持。
[root@controller /]# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 1
[root@controller /]# sysctl net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 1
#(可选)若上述的参数不为1,则需要手动配置/etc/sysctl.conf
[root@controller /]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
配置第三层代理
为自助服务虚拟网络提供路由和 NAT 服务。
[root@controller /]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
配置DHCP代理
为虚拟网络提供 DHCP 服务
[root@controller /]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
- 配置元数据代理
[root@controller /]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
- 配置Compute服务使用Networking服务
即:配置Nova服务使用Neutron服务
[root@controller /]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
- 配置环境
#网络服务初始化脚本需要一个符号链接/etc/neutron/plugin.ini,
#指向ML2插件配置文件/etc/neutron/plugins/ML2/ml2conf.ini
[root@controller /]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#填充数据库
[root@controller /]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#重启Nova-API服务
[root@controller /]# systemctl restart openstack-nova-api.service
#配置网络服务开机自启、启动网络服务
[root@controller /]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller /]# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
#配置第三层服务开机自启、启动服务
[root@controller /]# systemctl enable neutron-l3-agent.service
[root@controller /]# systemctl start neutron-l3-agent.service
4.5.2、安装、配置计算节点
-
安装组件
[root@controller /]# yum install openstack-neutron-linuxbridge ebtables ipset
- (该步骤可省略)配置通用组件
该步骤可省略,因为all in one安装方式,计算节点和控制节点在同一台主机中,4.5.1中已经配置了neutron.conf文件。因此该步骤可省略。
[root@controller /]# vim /etc/neutron/neutron.conf
#(注意:使用all in one的安装方式,此处的数据库不可以注释,使用所有节点均在同一台主机中,注释掉会导致网络组件无法使用)
#注释[database]的connection,此处不需要使用数据库
[database]
#connection=mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
- (该步骤可省略)配置网络
该步骤可省略,因为all in one安装方式,计算节点和控制节点在同一台主机中,4.5.1中已经配置了linuxbridge_agent.ini文件。因此该步骤可省略。
#配置文件
[root@controller /]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
#PROVIDER_INTERFACE_NAME:替换为本机网卡名,eg:ens33
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
[vxlan]
enable_vxlan = true
#OVERLAY_INTERFACE_IP_ADDRESS:替换为本机网卡IP
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#验证linux系统内核是否支持网桥筛选器,下面的参数输出值均为1,说明支持。
[root@controller /]# sysctl net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-iptables = 1
[root@controller /]# sysctl net.bridge.bridge-nf-call-ip6tables
net.bridge.bridge-nf-call-ip6tables = 1
#(可选)若上述的参数不为1,则需要手动配置/etc/sysctl.conf
[root@controller /]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
- 验证网络是否配置好
[root@controller /]# . admin-openrc
#列出加载的扩展以验证neutron-server进程是否成功启动
[root@controller /]# openstack extension list --network
+---------------------------+---------------------------+----------------------------+
| Name | Alias | Description |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark |
| | | and use a subnetpool as |
| | | the default |
| Availability Zone | availability_zone | The availability zone |
......
......
- (该步骤可省略)配置Compute服务使用Networking服务
即:配置Nova服务使用Neutron服务
该步骤可省略,因为all in one安装方式,计算节点和控制节点在同一台主机中,4.5.1中已经配置了nova.conf 文件。因此该步骤可省略。
[root@controller /]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
- 配置环境
重启、开机自启动
[root@controller /]# systemctl restart openstack-nova-compute.service
[root@controller /]# systemctl enable neutron-linuxbridge-agent.service
[root@controller /]# systemctl start neutron-linuxbridge-agent.service
4.6、安装Horizon
4.6.1、安装Horizon步骤
该组件选用手动安装的方式,不使用source的方式安装
-
安装dashboard软件
[root@controller /]# yum install openstack-dashboard
- 配置local_settings
[root@controller /]# vim /etc/openstack-dashboard/local_settings
#配置主机名
OPENSTACK_HOST = "controller"
#'*' 允许所有主机访问
ALLOWED_HOSTS = ['*', 'two.example.com']
#新增SESSION_ENGINE
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
#修改原有的CACHES,为下面的部分
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
#修改原有的OPENSTACK_API_VERSIONS为:
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#(不需要设置)只有在选择网络为provider networks时才需要设置该步骤
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
#(可选)设置时区
TIME_ZONE = "Asia/Shanghai"
- 配置openstack-dashboard.conf
[root@controller /]# vim /etc/httpd/conf.d/openstack-dashboard.conf
#新增
WSGIApplicationGroup %{GLOBAL}
- 重启服务
#重启httpd、memcached服务
[root@controller /]# systemctl restart httpd.service memcached.service
4.6.2、验证是否成功安装
-
在浏览器,登录下面的地址
#方式1: http://controller/dashboard #方式2: http://本机网卡IP/dashboard -
登录选项
-
domain:default
-
username:admin
-
password:ADMIN_PASS
-
注意:访问的时候如果遇到以下类似报错参考下面的处理方法
- 报错一
[root@controller httpd]# cat error_log
[Mon Aug 14 15:44:01.067857 2023] [:error] [pid 18209] [remote 192.168.2.254:180] IOError: [Errno 13] Permission denied: '/usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store'处理方法
[root@controller httpd]# sudo chmod 0600 /usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store
[root@controller httpd]# sudo chown apache:apache /usr/share/openstack-dashboard/openstack_dashboard/local/.secret_key_store- 报错二
网页404
[root@controller httpd]# cat error_log
192.168.2.254 - - [14/Aug/2023:15:54:15 +0800] "GET /favicon.ico HTTP/1.1" 404 209 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"
处理方法
[root@controller httpd]# cd /usr/share/openstack-dashboard
[root@controller openstack-dashboard]# python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
[root@controller openstack-dashboard]# cat /etc/httpd/conf.d/openstack-dashboard.conf
<VirtualHost *:80>
ServerAdmin webmaster@openstack.org
ServerName openstack_dashboard
DocumentRoot /usr/share/openstack-dashboard/
LogLevel warn
ErrorLog /var/log/httpd/openstack_dashboard-error.log
CustomLog /var/log/httpd/openstack_dashboard-access.log combined
WSGIScriptReloading On
WSGIDaemonProcess openstack_dashboard_website processes=9
WSGIProcessGroup openstack_dashboard_website
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py
<Location "/">
Require all granted
</Location>
Alias /static /usr/share/openstack-dashboard/static
<Location "/static">
SetHandler None
</Location>
</Virtualhost>
直接访问controller即可
4.7、安装Cinder
4.7.1、安装、配置存储节点
-
安装LVM
[root@controller /]# yum install lvm2 device-mapper-persistent-data
#设置开机自启动
[root@controller /]# systemctl enable lvm2-lvmetad.service
[root@controller /]# systemctl start lvm2-lvmetad.service
创建LVM物理卷
注意:此处的vdb,表示的是第二块硬盘。(同理,da表示第一块硬盘)
[root@controller ~]# pvcreate /dev/vdb
Physical volume "/dev/vdb" successfully created.
创建 LVM 卷组cinder-volumes:
[root@controller ~]# vgcreate cinder-volumes /dev/vdb
Volume group "cinder-volumes" successfully created
配置lvm.conf
[root@controller /]# vim /etc/lvm/lvm.conf
#设置过滤器,a:接受。 r:拒绝
#下面的filter,只需要选择一个进行配置即可。
#存储节点使用LVM (本教程使用这个)
filter = [ "a/vda/", "a/vdb/", "r/.*/"]
#计算节点使用LVM
filter = [ "a/vda/", "r/.*/"]
- 安装cinder组件
[root@controller /]# yum install openstack-cinder targetcli python-keystone
配置cinder.conf
[root@controller /]# vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = CINDER_PASS
[DEFAULT]
#配置为本机的网卡IP
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[DEFAULT]
enabled_backends = lvm
glance_api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
配置环境
[root@controller /]# systemctl enable openstack-cinder-volume.service target.service
[root@controller /]# systemctl start openstack-cinder-volume.service target.service
4.7.2、安装、配置控制节点
在控制器节点上安装和配置块存储服务.
-
创建数据库
#进入数据库
[root@controller /]# mysql -u root -p
#创建cinder数据库
MariaDB [(none)]> CREATE DATABASE cinder;
#数据库授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY 'CINDER_DBPASS';
- 创建服务凭证
#获取管理员的CLI命令
[root@controller ~]# source admin-openrc
#创建cinde用户
[root@controller /]#openstack user create --domain default --password-prompt cinder
#此处使用默认密码:CINDER_PASS
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0e8627aa076042ceb9ef45827863c553 |
| name | cinder |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#为cinder用户添角色信息
[root@controller ~]# openstack role add --project service --user cinder admin
#创建cinder服务实例
#cinderv2
[root@controller /]# openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 38ae8b072f994711aeaabfb6dc5d0802 |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
#cinderv3
[root@controller /]# openstack service create --name cinderv3 \
--description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 555a020ef8204b2ea1eeb85d8f63e768 |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+- 创建块存储服务API端点
创建v2版本的端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 public http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 4cf31dcc1d84472fb7cdc86460bdbb55 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 38ae8b072f994711aeaabfb6dc5d0802 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 internal http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 2e276183d4394a28a662f20d10c80874 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 38ae8b072f994711aeaabfb6dc5d0802 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 admin http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 8a4d8bc92fc24f2087d6ce3c5b821543 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 38ae8b072f994711aeaabfb6dc5d0802 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]#
创建v3版本的端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 public http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | cede44dd07fd4af28e6c74fa78f66643 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 555a020ef8204b2ea1eeb85d8f63e768 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 internal http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | d53f88ce1c6a49fa96d644121d75af19 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 555a020ef8204b2ea1eeb85d8f63e768 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 admin http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 0ae7ef49edb4440ba694f5445ebff6f9 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 555a020ef8204b2ea1eeb85d8f63e768 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]#
- 安装cinder组件
[root@controller /]# yum install openstack-cinder
配置cinder.conf
[root@controller /]# vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.2.11
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = CINDER_PASS
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
填充数据库
[root@controller /]# su -s /bin/sh -c "cinder-manage db sync" cinder
- 配置Nova使用块存储
[root@controller /]# vim /etc/nova/nova.conf
4.7.3、(可选)安装、配置备份服务
本教程没有安装swift组件,因此可省略此步骤
-
安装cinder
[root@controller /]# yum install openstack-cinder
配置cinder.conf
[root@controller /]# /etc/cinder/cinder.conf
[DEFAULT]
backup_driver = cinder.backup.drivers.swift
#替换SWIFT_URL为;为对象存储服务的 URL
#可通过命令查看具体的替换数值:openstack catalog show object-store
backup_swift_url = SWIFT_URL
- 配置环境
[root@controller /]# systemctl enable openstack-cinder-backup.service
[root@controller /]# systemctl start openstack-cinder-backup.service
4.7.4、验证是否成功安装
[root@controller /]# source admin-openrc
[root@controller /]# openstack volume service list
#此处未安装swift组件,因此只有存储节点、控制节点
+------------------+------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated_at |
+------------------+------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up | 2016-09-30T02:27:41.000000 |
| cinder-volume | block@lvm | nova | enabled | up | 2016-09-30T02:27:46.000000 |
+------------------+------------+------+---------+-------+----------------------------+
Unable to establish connection to http://controller:8776/v2/2ebe9bdceada499285a08cc957b25f28/os-services: HTTPConnectionPool(host='controller', port=8776): Max retries exceeded with url: /v2/2ebe9bdceada499285a08cc957b25f28/os-services (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x3baff90>: Failed to establish a new connection: [Errno 111] Connection refused',))
扫一扫
3003
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
