OpenStack部署(2023年版)
目录
- 1 基本信息
- 2 主机名管理与域名解析
- 3 防火墙管理
- 4 搭建本地软件仓库
- 5 安装Chrony时间控制服务
- 6 安装OpenStack云计算平台基础框架
- 7 安装MariaDB数据库
- 8 安装RabbitMQ消息队列服务
- 9 安装Memcached缓存服务
- 10 安装etcd分布式键值对存储系统
- 11 安装KeyStone
- 12 镜像服务Glance安装
- 13 放置服务Placement安装
- 14 计算服务Nova安装
- 15 Neutron服务
基本信息
controller 192.168.100.10 192.168.200.10
compute 192.168.100.20 192.168.200.20
检查连通性
控制节点:
ping计算节点的内外网IP地址:
ping 192.168.100.20 ping 192.168.200.20
计算节点:
ping 控制节点的内外网IP地址:
ping 192.168.100.10 ping 192.168.200.10
能ping通 打上勾。
主机名管理与域名解析
主机名管理
控制节点:
查看主机名:
hostname
更改主机名:
hostnamectl set-hostname controller
exit 重新登陆之后生效
计算节点:
查看主机名:
hostname
更改主机名:
hostnamectl set-hostname compute
exit 重新登陆之后生效
本地域名解析
控制节点:
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.100.10 controller 192.168.100.20 compute
计算节点:
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 192.168.100.10 controller 192.168.100.20 compute
防火墙管理
禁用SELinux
控制节点&计算节点
vi /etc/selinux/config
# This file controls the state of SELinux on the system. # SELINUX= can take one of these three values: # enforcing - SELinux security policy is enforced. # permissive - SELinux prints warnings instead of enforcing. # disabled - No SELinux policy is loaded. SELINUX=disabled # SELINUXTYPE= can take one of three two values: # targeted - Targeted processes are protected, # minimum - Modification of targeted policy. Only selected processes are protected. # mls - Multi Level Security protection. SELINUXTYPE=targeted
setenforce 0
getenforce
Permissive
当输出Permissive的时候 说明操作成功。
停用Firewall防火墙
控制节点&计算节点:
systemctl status firewalld
â— firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since Wed 2023-11-01 23:40:10 CST; 15h ago
Docs: man:firewalld(1)
Main PID: 709 (firewalld)
CGroup: /system.slice/firewalld.service
└─709 /usr/bin/python2 -Es /usr/sbin/firewalld --nofork --...
Nov 01 23:40:10 controller systemd[1]: Starting firewalld - dynamic ....
Nov 01 23:40:10 controller systemd[1]: Started firewalld - dynamic f....
Nov 01 23:40:11 controller firewalld[709]: WARNING: AllowZoneDrifting...
Hint: Some lines were ellipsized, use -l to show in full.
[root@controller ~]# systemctl disable firewalld
[root@controller ~]# systemctl stop firewalld
测试连通性
控制节点&计算节点
在控制节点执行:
ping controller
ping compute
在计算节点执行:
ping controller
ping compute
搭建本地软件仓库
控制节点中配置yum源
上传镜像文件 openStack-train.iso至/opt目录下
挂载镜像文件
cd /opt
[root@controller opt]# mkdir openstack
[root@controller opt]# mount openStack-train.iso /opt/openstack/
ls /opt/openstack
base extras train updates virt
如果显示以上 表示挂载成功。
备份原有配置文件:
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# ls
CentOS-Base.repo CentOS-OpenStack-train.repo CentOS-Ceph-Nautilus.repo CentOS-QEMU-EV.repo CentOS-CR.repo CentOS-Sources.repo CentOS-Debuginfo.repo CentOS-Storage-common.repo CentOS-fasttrack.repo CentOS-Vault.repo CentOS-Media.repo CentOS-x86_64-kernel.repo CentOS-NFS-Ganesha-28.repo
mkdir bak
mv *.repo bak
编辑YUM源:
vi OpenStack.repo:
[base] name=base baseurl=file:///opt/openstack/base/ enable=1 gpgcheck=0 [extras] name=extras baseurl=file:///opt/openstack/extras/ enable=1 gpgcheck=0 [updates] name=updates baseurl=file:///opt/openstack/updates/ enable=1 gpgcheck=0 [train] name=train baseurl=file:///opt/openstack/train/ enable=1 gpgcheck=0 [virt] name=virt baseurl=file:///opt/openstack/virt/ enable=1 gpgcheck=0
清除并重建缓存:
yum clean all
yum makecache
yum repolist
Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile repo id repo name status base base 10,039 extras base 500 train base 3,168 updates base 3,182 virt base 63 repolist: 16,952
在控制节点中配置FTP
yum -y install vsftpd
vi /etc/vsftpd/vsftpd.conf
anon_root=/opt
配置FTP时,把anon_root项 放在 anonymous_enable=YES 下面一行
[root@controller ~]# systemctl start vsftpd
[root@controller ~]# systemctl enable vsftpd
计算节点配置上配置YUM源
[root@compute ~]# cd /etc/yum.repos.d
[root@compute yum.repos.d]# mkdir bak
[root@compute yum.repos.d]# mv *.repo bak
[root@compute yum.repos.d]#vi OpenStack.repo
[base] name=base baseurl=ftp://controller/openstack/base/ enable=1 gpgcheck=0 [extras] name=extras baseurl=ftp://controller/openstack/extras/ enable=1 gpgcheck=0 [updates] name=updates baseurl=ftp://controller/openstack/updates/ enable=1 gpgcheck=0 [train] name=train baseurl=ftp://controller//openstack/train/ enable=1 gpgcheck=0 [virt] name=virt baseurl=ftp://controller//openstack/virt/ enable=1 gpgcheck=0
yum clean all
yum makecache
yum repolist
安装Chrony时间控制服务
控制节点安装Chrony
yum -y update
yum -y install chrony
配置文件:
vi /etc/chrony.conf
把原先server的4行都删除,
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst
增加:
server ntp.aliyun.com iburst local stratum 1 allow 192.168.100.0/24
重启服务:
systemctl restart chronyd
设置开机启动:
systemctl enable chronyd
查看当前客户端与NTP连接情况:
chronyc sources
210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 203.107.6.88 2 6 17 14 -688us[-2639us] +/- 25ms
计算节点安装Chrony
yum -y update
yum -y install chrony
配置文件:
vi /etc/chrony.conf
把原先server的4行都删除,
server 0.centos.pool.ntp.org iburst server 1.centos.pool.ntp.org iburst server 2.centos.pool.ntp.org iburst server 3.centos.pool.ntp.org iburst
增加:
server controller iburst
[root@compute yum.repos.d]# systemctl restart chronyd
[root@compute yum.repos.d]# chronyc sources
210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* controller 3 6 17 7 +64us[ +67us] +/- 24ms
安装OpenStack云计算平台基础框架
云计算平台基础架构的作用:OpenStack提供了一个云平台框架,它包含很多独立的组件。在组件安装前需要先将这个软件框架安装起来,以后组件才能像搭积木一样一个一个往里面放。
控制节点&计算节点
yum -y install centos-release-openstack-train
rm -rf /etc/yum.repos.d/C*.repo
ls /etc/yum.repos.d
yum -y upgrade
yum clean all
yum makecache
rm -rf /etc/yum.repos.d/C*.repo
框架安装完成以后还需要安装它的一个客户端用于管理OpenStack云平台。该客户端主要提供了“openstack”这个命令,它集成了几乎所有对OpenStack云平台的管理功能。如下安装该客户端:
yum -y install python-openstackclient
yum -y install openstack-selinux
openstack --version
openstack 4.0.2
安装MariaDB数据库
数据库服务在OpenStack中是非常重要的基础服务,OpenStack云计算平台的每个核心组件都会使用到它来存储相关数据并实现快速检索等功能 MariaDB是一个采用Maria存储引擎的MySQL数据库的分支版本。在OpenStack中MariaDB被用于存储用户、角色、网络等信息.
只在控制节点进行:
yum -y install mariadb-server python2-PyMySQL
配置数据库
[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf
[mysqld] bind-address = 192.168.100.10 default-storage-engine = innodb innodb_file_per_table = on max_connections =4096 collation-server = utf8_general_ci character-set-server = utf8
[root@controller ~]# systemctl enable mariadb
Created symlink from /etc/systemd/system/mysql.service to /usr/lib/systemd/system/mariadb.service. Created symlink from /etc/systemd/system/mysqld.service to /usr/lib/systemd/system/mariadb.service. Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@controller ~]# systemctl start mariadb
初始化数据库
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y^H
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
登陆数据库验证
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 16 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]>
输入quit回车退出。
安装RabbitMQ消息队列服务
OpenStack各个组件之间就是通过消息队列进行相互通信的。市面上存在多种消息队列应用,其中RabbitMQ是一个开源的、应用广泛的消息服务系统,通常使用它来为OpenStack提供消息队列服务。
只在控制节点上进行安装与设置:
yum -y install rabbitmq-server
[root@controller opt]# systemctl enable rabbitmq-server
[root@controller opt]# systemctl start rabbitmq-server
添加用户并设置用户权限:
rabbitmqctl add_user rabbitmq 000000
rabbitmqctl set_permissions rabbitmq ".*" ".*" ".*"
netstat -tnlup|grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 959/beam.smp tcp6 0 0 :::5672 :::* LISTEN 959/beam.smp
如果netstat命令使用不了,可以执行 yum -y install net-tools 进行安装
rabbitmqctl list_users
Listing users rabbitmq [] guest [administrator]
安装Memcached缓存服务
经常用到的数据先存放到内存缓存中,使用时可以直接从内存缓存中读取,由于内存缓存比硬盘的读取速度快很多,因此可以大大提高读取速度。
只在控制节点上进行安装与设置:
yum -y install memcached python-memcached
将配置文件内容“OPTIONS"参数的值改为以下内容:
vi /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller opt]# systemctl enable memcached
[root@controller opt]# systemctl start memcached
netstat -tnlup|grep 11211
tcp 0 0 192.168.100.10:11211 0.0.0.0:* LISTEN 956/memcached tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 956/memcached tcp6 0 0 ::1:11211 :::* LISTEN 956/memcached
[root@controller ~]# telnet 192.168.100.10 11211
Trying 192.168.100.10... Connected to 192.168.100.10. Escape character is '^]'. stats STAT pid 956 STAT uptime 30284 STAT time 1700176112 STAT version 1.5.6 STAT libevent 2.0.21-stable STAT pointer_size 64 STAT rusage_user 5.050548 STAT rusage_system 3.509942 STAT max_connections 1024
安装etcd分布式键值对存储系统
ETCD服务:为了快速实现服务发现,需要一个服务发现组件用于存储服务提供者的相关配置及注册信息,使用服务的消费者将从该服务发现组件中获得相关信息后再去服务提供者处使用服务。etcd是一个开源项目,它的目标是构建一个高可用的分布式键-值(Key-Value)数据库用于配置共享和服务发现
只在控制节点上进行安装与设置:
yum -y install etcd
vi /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://192.168.100.10:2380" ETCD_LISTEN_CLIENT_URLS="http://192.168.100.10:2379,http://127.0.0.1:2379" ETCD_NAME="controller" ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.10:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.10:2379" ETCD_INITIAL_CLUSTER="controller=http://192.168.100.10:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new"
grep -v '^#' /etc/etcd/etcd.conf检查
systemctl enable etcd
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
systemctl start etcd
netstat -tnlup|grep etcd
tcp 0 0 192.168.100.10:2379 0.0.0.0:* LISTEN 3275/etcd tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 3275/etcd tcp 0 0 192.168.100.10:2380 0.0.0.0:* LISTEN 3275/etcd
安装KeyStone
仅在控制节点上安装:
安装KeyStone软件包
yum -y install openstack-keystone httpd mod_wsgi
cat /etc/passwd|grep keystone
keystone:x:163:163:OpenStack Keystone Daemons:/var/lib/keystone:/sbin/nologin
cat /etc/group|grep keystone
keystone:x:163:
创建Keystone的数据库并授权
mysql -uroot -p000000
CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.001 sec)
输入quit退出。
修改keystone配置文件
vi /etc/keystone/keystone.conf
修改这两行代码,如果前面有注释,取消注释
connection = mysql+pymysql://keystone:000000@controller/keystone provider = fernet
初始化KeyStone数据库
同步数据库:
su keystone -s /bin/sh -c "keystone-manage db_sync"
mysql -uroot -p000000
MariaDB [(none)]> use keystone;
Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed
MariaDB [keystone]> show tables;
+------------------------------------+ | Tables_in_keystone | +------------------------------------+ | access_rule | | access_token | | application_credential | | application_credential_access_rule | | application_credential_role | | assignment
KeyStone组件初始化
输入exit; 退出mysql 初始化Fernet密钥库:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
初始化用户身份认证信息:
keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3 --bootstrap-internal-url http://controller:5000/v3 --bootstrap-public-url http://controller:5000/v3 --bootstrap-region-id RegionOne
配置Web服务之增加WSGI支持:
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
配置Web服务之配置启动Apache服务:
vi /etc/httpd/conf/httpd.conf
增加:
ServerName controller
systemctl enable httpd
systemctl start httpd
模拟登陆验证
cd
vi admin-login
export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
source admin-login
export -p
declare -x HISTCONTROL="ignoredups" declare -x HISTSIZE="1000" declare -x HOME="/root" declare -x HOSTNAME="controller" declare -x LANG="en_US.UTF-8" declare -x LESSOPEN="||/usr/bin/lesspipe.sh %s" declare -x LOGNAME="root" declare -x LS_COLORS="rs=0:di=01;34:ln=01;36:mh=00:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=40;31;01:mi=01;05;37;41:su=37;41:sg=30;43:ca=30;41:tw=30;42:ow=34;42:st=37;44:ex=01;32:*.tar=01;31:*.tgz=01;31:*.arc=01;31:*.arj=01;31:*.taz=01;31:*.lha=01;31:*.lz4=01;31:*.lzh=01;31:*.lzma=01;31:*.tlz=01;31:*.txz=01;31:*.tzo=01;31:*.t7z=01;31:*.zip=01;31:*.z=01;31:*.Z=01;31:*.dz=01;31:*.gz=01;31:*.lrz=01;31:*.lz=01;31:*.lzo=01;31:*.xz=01;31:*.bz2=01;31:*.bz=01;31:*.tbz=01;31:*.tbz2=01;31:*.tz=01;31:*.deb=01;31:*.rpm=01;31:*.jar=01;31:*.war=01;31:*.ear=01;31:*.sar=01;31:*.rar=01;31:*.alz=01;31:*.ace=01;31:*.zoo=01;31:*.cpio=01;31:*.7z=01;31:*.rz=01;31:*.cab=01;31:*.jpg=01;35:*.jpeg=01;35:*.gif=01;35:*.bmp=01;35:*.pbm=01;35:*.pgm=01;35:*.ppm=01;35:*.tga=01;35:*.xbm=01;35:*.xpm=01;35:*.tif=01;35:*.tiff=01;35:*.png=01;35:*.svg=01;35:*.svgz=01;35:*.mng=01;35:*.pcx=01;35:*.mov=01;35:*.mpg=01;35:*.mpeg=01;35:*.m2v=01;35:*.mkv=01;35:*.webm=01;35:*.ogm=01;35:*.mp4=01;35:*.m4v=01;35:*.mp4v=01;35:*.vob=01;35:*.qt=01;35:*.nuv=01;35:*.wmv=01;35:*.asf=01;35:*.rm=01;35:*.rmvb=01;35:*.flc=01;35:*.avi=01;35:*.fli=01;35:*.flv=01;35:*.gl=01;35:*.dl=01;35:*.xcf=01;35:*.xwd=01;35:*.yuv=01;35:*.cgm=01;35:*.emf=01;35:*.axv=01;35:*.anx=01;35:*.ogv=01;35:*.ogx=01;35:*.aac=01;36:*.au=01;36:*.flac=01;36:*.mid=01;36:*.midi=01;36:*.mka=01;36:*.mp3=01;36:*.mpc=01;36:*.ogg=01;36:*.ra=01;36:*.wav=01;36:*.axa=01;36:*.oga=01;36:*.spx=01;36:*.xspf=01;36:" declare -x MAIL="/var/spool/mail/root" declare -x OLDPWD="/etc/yum.repos.d" declare -x OS_AUTH_URL="http://controller:5000/v3" declare -x OS_IDENTITY_API_VERSION="3" declare -x OS_IMAGE_API_VERSION="2" declare -x OS_PASSWORD="000000" declare -x OS_PROJECT_DOMAIN_NAME="Default" declare -x OS_PROJECT_NAME="admin" declare -x OS_USERNAME="admin" declare -x OS_USER_DOMAIN_NAME="Default" declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin" declare -x PWD="/root" declare -x SHELL="/bin/bash" declare -x SHLVL="1" declare -x SSH_CLIENT="192.168.100.1 56815 22" declare -x SSH_CONNECTION="192.168.100.1 56815 192.168.100.10 22" declare -x SSH_TTY="/dev/pts/0" declare -x TERM="vt100" declare -x USER="root" declare -x XDG_RUNTIME_DIR="/run/user/0" declare -x XDG_SESSION_ID="33"
检测Keystone服务
openstack project create --domain default project
openstack project list
+----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 05ca48de33a24af2876a37119937e2ae | project | | b5ec614269974d9cb21d24b6bc85d176 | admin | +----------------------------------+---------+
[root@controller ~]# openstack role create user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 665dba479ae449b390eb3cef0fb1be61 |
| name | user |
| options | {} |
+-------------+----------------------------------+
[root@controller ~]# openstack role list
+----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 054ce618087941f7a56710b3a6dec0fb | admin | | 2aab7e55784f48cdbd1356d18932ebf3 | reader | | 665dba479ae449b390eb3cef0fb1be61 | user | | a4deed2ae0d4484eb3f5325c5b4a3b52 | member | +----------------------------------+--------+
[root@controller ~]# openstack domain list
+---------+---------+---------+--------------------+ | ID | Name | Enabled | Description | +---------+---------+---------+--------------------+ | default | Default | True | The default domain | +---------+---------+---------+--------------------+
[root@controller ~]# openstack user list
+----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 9fc2bbe8f2f1421bb2c91c9897ee279e | admin | +----------------------------------+-------+
镜像服务Glance安装
安装与配置Glance镜像服务
yum -y install openstack-glance
[root@controller ~]# cat /etc/passwd | grep glance
glance:x:161:161:OpenStack Glance Daemons:/var/lib/glance:/sbin/nologin
[root@controller ~]# cat /etc/group |grep glance
glance:x:161:
安装过程中如果遇到这种错误,可用yum downgrade 包名 对软件包进行降级: https://blog.csdn.net/weixin_43010385/article/details/112920656
Error: Package: device-mapper-mu1tipath-0.4.9-135.e17_9.x86_64 (updates) Requires: kpartx =0.4.9-135.e17_9 Insta1led: kpartx-0.4.9-136.e17_9.x86_64 (insta7led)kpartx ='0.4.9-136.e17_9 AvaiTable: kpartx-0.4.9-133.e17.x86_64 (base)kpartx ='0.4.9-133.e17 Avaiiab1e: kpartx-0.4.9-134.e17_9.x86_64 (updates)kpartx = 0.4.9-134.e17_9 Avaiiab1e: kpartx-0.4.9-i35.e17_9.x86_64 (updates) kpartx = 0.4.9-135.e17_9 Error: Package: "tkinter-2.7.5-90.ei7.x86_64 (updates) Requires: python = 2.7.5-90.e17 Insta1led: python-2.7.5-94.e17_9.x86_64 (insta11ed).python =2.7.5-94.e17_9 Avaiable: python-2.7.5-89.e17.x86_64 (base).python =2.7.5-89.e17 Avaiab1e: python-2.7.5-90.e17.x86_64 (updates) python =2.7.5-90.e77
创建Glance数据库并授权
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 10 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statem
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.001 sec)
修改Glance配置文件
cp /etc/glance/glance-api.conf /etc/glance/glance-api.bak
grep -Ev '^$|#' /etc/glance/glance-api.bak > /etc/glance/glance-api.conf
vi /etc/glance/glance-api.conf
[DEFAULT] [cinder] [cors] [database] connection = mysql+pymysql://glance:000000@controller/glance [file] [glance.store.http.store] [glance.store.rbd.store] [glance.store.sheepdog.store] [glance.store.swift.store] [glance.store.vmware_datastore.store] [glance_store] stores = file default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password username = glance password = 000000 project_name = project user_domain_name = Default project_domain_name = Default [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor]
解释:
- [database] 中connection 实现于数据库的连接
- [keystone_authotoken]和[paste_deploy]部分实现与keystone的交互
- 修改[glance_store]部分,指定后端存储系统。
初始化Glance数据库
同步数据库:
su glance -s /bin/sh -c "glance-manage db_sync"
检查数据库:
[root@controller ~]# mysql -uroot -p
Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 21 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> use glance;
Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed
MariaDB [glance]> show tables;
+----------------------------------+ | Tables_in_glance | +----------------------------------+ | alembic_version | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ 15 rows in set (0.000 sec)
Glance组件初始化
创建Glance用户并分配角色
cd
source admin-login
openstack user create --domain default --password 000000 glance
这里的用户名和密码 要和glance-api.conf文件中[keystone_authtoken]中的用户名和密码一致。
openstack role add --project project --user glance admin
创建Glance服务及服务端点
openstack service create --name glance image
+---------+----------------------------------+ | Field | Value | +---------+----------------------------------+ | enabled | True | | id | 0d4d607534dd437f9d3451850e2e7d11 | | name | glance | | type | image | +---------+----------------------------------+
创建镜像服务端点:对应公众用户、内部组件、管理用户:
openstack endpoint create --region RegionOne glance public http://controller:9292
openstack endpoint create --region RegionOne glance internal http://controller:9292
openstack endpoint create --region RegionOne glance admin http://controller:9292
启动Glance服务:
systemctl enable openstack-glance-api
systemctl start openstack-glance-api
验证Glance服务
查看端口占用服务:
[root@controller ~]# netstat -tnlup |grep 9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 21812/python2
[root@controller ~]# systemctl status openstack-glance-api
â— openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2023-12-01 12:08:58 CST; 1h 2min ago
Main PID: 21812 (glance-api)
CGroup: /system.slice/openstack-glance-api.service
├─21812 /usr/bin/python2 /usr/bin/glance-api
├─21828 /usr/bin/python2 /usr/bin/glance-api
└─21829 /usr/bin/python2 /usr/bin/glance-api
Dec 01 12:08:58 controller systemd[1]: Started OpenStack Image Service (code-named Glance) ...er.
Dec 01 12:08:59 controller glance-api[21812]: /usr
用Glance制作镜像
[root@controller opt]# pwd
/opt
[root@controller opt]# ls
cirros-0.5.2-x86_64-disk.img openstack openStack-train.iso
[root@controller opt]# openstack image create --file cirros-0.5.2-x86_64-disk.img --disk-format qcow2 --container-format bare --public cirros
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | checksum | b874c39491a2377b8490f5f1e89761a4 | | container_format | bare | | created_at | 2023-12-01T05:16:30Z | | disk_format | qcow2 | | file | /v2/images/fce9ce99-cf6a-4f38-a5a6-30b15c9949a6/file | | id | fce9ce99-cf6a-4f38-a5a6-30b15c9949a6 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | f1447cb733874266ae98ab6846da80a3 | | properties | os_hash_algo='sha512', os_hash_value='6b813aa46bb90b4da216a4d19376593fa3f4fc7e617f03a92b7fe11e9a3981cbe8f0959dbebe36225e5f53dc4492341a4863cac4ed1ee0909f3fc78ef9c3e869', os_hidden='False' | | protected | False | | schema | /v2/schemas/image | | size | 16300544 | | status | active | | tags | | | updated_at | 2023-12-01T05:16:30Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack image list
+--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | fce9ce99-cf6a-4f38-a5a6-30b15c9949a6 | cirros | active | +--------------------------------------+--------+--------+
ll /var/lib/glance/images/
total 15920 -rw-r----- 1 glance glance 16300544 Dec 1 13:16 fce9ce99-cf6a-4f38-a5a6-30b15c9949a6
放置服务Placement安装
在控制节点上执行
安装Placement
[root@controller ~]yum -y install openstack-placement-api
[root@controller ~]# cat /etc/passwd | grep placement
placement:x:991:988:OpenStack Placement:/:/bin/bash
[root@controller ~]# cat /etc/group | grep placement
placement:x:988:
创建数据库并授权
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 29 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.003 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.001 sec)
修改Placement配置文件
[root@controller ~]# cp /etc/placement/placement.conf /etc/placement/placement.bak
[root@controller ~]# grep -Ev '^$|#' /etc/placement/placement.bak > /etc/placement/placement.conf
[root@controller ~]# vi /etc/placement/placement.conf
[DEFAULT] [api] [cors] [keystone_authtoken] [oslo_policy] [placement] [placement_database] [profiler]
修改[placement_database]部分,实现与数据库的连接
[placement_database] connection = mysql+pymysql://placement:000000@controller/placeme
修改[api]与[keystone_authtoken]部分,实现与keystone的交互。
[api] auth_strategy = keystone [cors] [keystone_authtoken] auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password username = placement password = 000000 project_name = project user_domain_name = Default project_domain_name = Default [oslo_policy] [placement] [placement_database] connection = mysql+pymysql://placement:000000@controller/placement
vi /etc/httpd/conf.d/00-placement-api.conf
在VirtualHost节点中添加:
<Directory /usr/bin>
Require all granted
</Directory>
计算服务Nova安装
安装与配置控制节点上的Nova服务
在控制节点执行。
安装Nova软件包
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
[root@controller ~]# cat /etc/passwd|grep nova
nova:x:162:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
[root@controller ~]# cat /etc/group|grep nova
nobody:x:99:nova nova:x:162:nova
创建Nova数据库并授权
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE nova_api; Query OK, 1 row affected (0.002 sec) MariaDB [(none)]> CREATE DATABASE nova_cell0; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> CREATE DATABASE nova; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec)
修改Nova配置文件
将配置文件去掉注释和空行
cp /etc/nova/nova.conf /etc/nova/nova.bak
grep -Ev '^$|#' /etc/nova/nova.bak >/etc/nova/nova.conf
编辑新的配置文件
vi /etc/nova/nova.conf
[DEFAULT] [api] [api_database] [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] [libvirt] [metrics] [mks] [neutron] [notifications] [osapi_v21]
修改“[api_database]”和“[database]”部分,实现与数据库“nova_api”“nova”的连接。
[api_database] connection = mysql+pymysql://nova:000000@controller/nova_api [database] connection = mysql+pymysql://nova:000000@controller/nova
修改“[api]”与“[keystone_authtoken]”部分,实现与Keystone交互。
[api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = project username = nova password = 000000
修改“[placement]”部分,实现与Placement交互。
[placement] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default project_name = project username = placement password = 000000 region_name = RegionOne project_domain_name = Default user_domain_name = Default project_name = project username = nova password = 000000
修改“[glance]”部分,实现与Glance交互。
[glance] api_servers = http://controller:9292
修改“[oslo_concurrency]”,配置锁路径。
[oslo_concurrency] lock_path = /var/lib/nova/tmp
这里的“/var/lib/nova/tmp”是在安装软件包时由“nova”用户创建的,因此“nova”对它拥有所有权限。不要随意更改该路径
修改“[DEFAULT]”部分,配置使用消息队列及防火墙等信息。
[DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://rabbitmq:000000@controller:5672 my_ip = 192.168.100.10 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver
修改“[vnc]”部分,配置VNC连接模式。
[vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip
配置文件全部代码:
[DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://rabbitmq:000000@controller:5672 my_ip = 192.168.100.10 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [api] auth_strategy = keystone [api_database] connection = mysql+pymysql://nova:000000@controller/nova_api [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] connection = mysql+pymysql://nova:000000@controller/nova [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://controller:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = project username = nova password = 000000 [libvirt] [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [pci] [placement] auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default project_name = project username = placement password = 000000 region_name = RegionOne project_domain_name = Default user_domain_name = Default project_name = project username = nova password = 000000 [powervm] [privsep] [profiler] [quota] [rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [workarounds] [wsgi] [xenserver] [xvp] [zvm]
初始化Nova的数据库:
第1步,初始化“nova_api”数据库。 [root@controller ~]# su nova -s /bin/sh -c "nova-manage api_db sync" 第2步,创建“cell1”单元,该单元将使用“nova”数据库。 [root@controller ~]# su nova -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1" 第3步,映射“nova”到“cell0”数据库,使“cell0”的表结构和“nova”的保持一致。 [root@controller ~]# su nova -s /bin/sh -c "nova-manage cell_v2 map_cell0" 第4步,初始化“nova”数据库,由于映射的存在,在“cell0”中同时创建相同数据表。 [root@controller ~]# su nova -s /bin/sh -c "nova-manage db sync"
用下列语句获得已注册的单元列表。
[root@controller ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+----------------------------------------+-------------------------------------------------+----------+ | Name | UUID | Transport URL | Database Connection | Disabled | +-------+--------------------------------------+----------------------------------------+-------------------------------------------------+----------+ | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False | | cell1 | 2e58f79d-69d0-451d-a89d-0f2b8cd209c4 | rabbit://rabbitmq:****@controller:5672 | mysql+pymysql://nova:****@controller/nova | False | +-------+--------------------------------------+----------------------------------------+-------------------------------------------------+----------+
Nova组件初始化
创建用户:
[root@controller ~]# source admin-login
[root@controller ~]# openstack user create --domain default --password 000000 nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 879469ed82904d6395aeef09f05f89c0 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project project --user nova admin
创建服务和端点:
[root@controller ~]# openstack service create --name nova compute
+---------+----------------------------------+ | Field | Value | +---------+----------------------------------+ | enabled | True | | id | 33f9643a02b84416926c9432aa5adbd6 | | name | nova | | type | compute | +---------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne nova public http://controller:8774/v2.1
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 5f8cf02e360d4985ba04701a8dacea07 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 33f9643a02b84416926c9432aa5adbd6 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne nova internal http://controller:8774/v2.1
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 49c764e1ff784dc490b642a7c87054e5 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 33f9643a02b84416926c9432aa5adbd6 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 542d57e60d5d43e7b8110cb125868124 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 33f9643a02b84416926c9432aa5adbd6 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+
启动服务 和设置开机启动:
[root@controller ~]# systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@controller ~]# systemctl start openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
验证Nova是否安装成功:
[root@controller ~]# netstat -nutpl|grep 877
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 95823/python2
tcp 0 0 0.0.0.0:8775 0.0.0.0:* LISTEN 95823/python2
tcp6 0 0 :::8778 :::* LISTEN 21752/httpd
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+----------------+------------+----------+---------+-------+----------------------------+ | 5 | nova-conductor | controller | internal | enabled | up | 2023-12-09T05:43:48.000000 | | 6 | nova-scheduler | controller | internal | enabled | up | 2023-12-09T05:43:50.000000 | +----+----------------+------------+----------+---------+-------+----------------------------+
安装与配置计算节点上的Nova服务
在计算节点执行。
安装Nova软件包
yum clean all
yum makecache
yum repolist
yum -y install openstack-nova-compute
修改配置文件
[root@compute yum.repos.d]# cp /etc/nova/nova.conf /etc/nova/nova.bak
[root@compute yum.repos.d]# grep -Ev '^$|#' /etc/nova/nova.bak >/etc/nova/nova.conf
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = project username = nova password = 000000
[placement]
auth_url = http://controller:5000 auth_type = password project_domain_name = Default user_domain_name = Default project_name = project username = placement password = 000000 region_name = RegionOne
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[DEFAULT]
[DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://rabbitmq:000000@controller:5672 my_ip = 192.168.100.20 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver
[VNC]
[vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://192.168.100.10:6080/vnc_auto.html
[libvirt]
virt_type = qemu
启动Nova服务
[root@compute yum.repos.d]# systemctl enable libvirtd openstack-nova-compute
[root@compute yum.repos.d]# systemctl start libvirtd openstack-nova-compute
发现计算节点并检验服务
在控制节点执行。
发现计算节点
[root@controller ~]# source admin-login
手动发现:
[root@controller ~]# su nova -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose"
Found 2 cell mappings. Getting computes from cell 'cell1': 2e58f79d-69d0-451d-a89d-0f2b8cd209c4 Checking host mapping for compute host 'compute': b602c447-6434-47cb-b6c1-d8e74f86b62b Creating host mapping for compute host 'compute': b602c447-6434-47cb-b6c1-d8e74f86b62b Found 1 unmapped computes in cell: 2e58f79d-69d0-451d-a89d-0f2b8cd209c4 Skipping cell0 since it does not contain hosts.
自动发现
vi /etc/nova/nova.conf
[scheduler] discover_hosts_in_cells_interval = 60
systemctl restart openstack-nova-api
检验服务
查看计算服务列表
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+----------------+------------+----------+---------+-------+----------------------------+ | 5 | nova-conductor | controller | internal | enabled | up | 2023-12-15T03:59:30.000000 | | 6 | nova-scheduler | controller | internal | enabled | up | 2023-12-15T03:59:34.000000 | | 8 | nova-compute | compute | nova | enabled | up | 2023-12-15T03:59:30.000000 | +----+----------------+------------+----------+---------+-------+----------------------------+
查看所有OpenStack服务及端点列表
[root@controller ~]# openstack catalog list
+-----------+-----------+-----------------------------------------+ | Name | Type | Endpoints | +-----------+-----------+-----------------------------------------+ | glance | image | | | nova | compute | RegionOne | | | | internal: http://controller:8774/v2.1 | | | | RegionOne | | | | admin: http://controller:8774/v2.1 | | | | RegionOne | | | | public: http://controller:8774/v2.1 | | | | | | placement | placement | RegionOne | | | | admin: http://controller:8778 | | | | RegionOne | | | | internal: http://controller:8778 | | | | RegionOne | | | | public: http://controller:8778 | | | | | | keystone | identity | RegionOne | | | | public: http://controller:5000/v3 | | | | RegionOne | | | | internal: http://controller:5000/v3 | | | | RegionOne | | | | admin: http://controller:5000/v3 | | | | | | glance | image | RegionOne | | | | admin: http://controller:9292 | | | | RegionOne | | | | public: http://controller:9292 | | | | RegionOne | | | | internal: http://controller:9292 | | | | | +-----------+-----------+-----------------------------------------+
[root@controller ~]# nova-status upgrade check
+--------------------------------+ | Upgrade Check Results | +--------------------------------+ | Check: Cells v2 | | Result: Success | | Details: None | +--------------------------------+ | Check: Placement API | | Result: Success | | Details: None | +--------------------------------+ | Check: Ironic Flavor Migration | | Result: Success | | Details: None | +--------------------------------+ | Check: Cinder API | | Result: Success | | Details: None | +--------------------------------+
Neutron服务
网络初始环境准备
在控制节点 和计算节点上执行本节内容。
将网卡设置为混杂模式
ifconfig eno33554960 promisc
设置开机后混杂模式自动生效。
vi /etc/profile
末行增添 ifconfig eno33554960 promisc
验证:ip a
网卡2中出现promisc 字样 说明设置成功。
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno16777736: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f0:00:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.100.10/24 brd 192.168.100.255 scope global noprefixroute eno16777736
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef0:21/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: eno33554960: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:f0:00:2b brd ff:ff:ff:ff:ff:ff
inet 192.168.200.10/24 brd 192.168.200.255 scope global noprefixroute eno33554960
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:fef0:2b/64 scope link noprefixroute
valid_lft forever preferred_lft forever
加载桥接模式防火墙模块
vi /etc/sysctl.conf
最后一行添加:
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
安装与配置控制节点上的Neutron
安装Neutron软件包
安装与配置计算节点上的Neutron
安装Neutron软件包
[root@compute ~]# cat /etc/passwd |grep neutron
neutron:x:991:988:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
[root@compute ~]# cat /etc/group|grep neutron
neutron:x:988:
修改Neutron配置文件
[root@compute ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.bak
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/neutron.bak>/etc/neutron/neutron.conf
[root@compute ~]# vi /etc/neutron/neutron.conf
[DEFAULT] transport_url = rabbit://rabbitmq:000000@controller:5672 auth_strategy = keystone [cors] [database] [keystone_authtoken] auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = project username = neutron password = 000000 [oslo_concurrency] lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [privsep] [ssl]
修改网桥代理配置文件
[root@compute ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.bak
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT] [linux_bridge] physical_interface_mappings = provider:eno33554960 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改Nova配置文件
vi /etc/nova/nova.conf
[default]中增加这一部分:
vif_plugging_is_fatal = false vif_plugging_timeout = 0
[neutron]中增加这一部分:
auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = project username = neutron password = 000000
启动计算节点的Neutron服务
systemctl restart openstack-nova-compute
仪表盘Dashboard服务
在计算节点上安装和配置
安装与配置Dashboard服务
yum -y install openstack-dashboard
vi /etc/openstack-dashboard/local_settings
修改:
ALLOWED_HOSTS = ['*']
OPENSTACK_HOST = "controller"
TIME_ZONE = "Asia/Shanghai"
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
新增:
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
修改:
OPENSTACK_NEUTRON_NETWORK = {
'enable_auto_allocated_network': False,
'enable_distributed_router': False,
'enable_fip_topology_check': False,
'enable_ha_router': False,
'enable_ipv6': False,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_quotas': False,
'enable_rbac_policy': False,
'enable_router': False,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
发布Dashboard服务
重建配置文件:
[root@compute openstack-dashboard]# cd /usr/share/openstack-dashboard
[root@compute openstack-dashboard]# python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
建立策略文件软链接:
[root@compute openstack-dashboard]# ls /etc/openstack-dashboard
cinder_policy.json keystone_policy.json neutron_policy.json nova_policy.json glance_policy.json local_settings nova_policy.d
[root@compute openstack-dashboard]# ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
启动Apache服务器:
[root@compute openstack-dashboard]# systemctl enable httpd
[root@compute openstack-dashboard]# systemctl start httpd
检测DashBoard服务
在本地计算机浏览器的地址栏中输入计算节点的IP地址“http://192.168.10.20”(安装Dashboard的服务器地址),进入【登录】界面。 在【登录】界面中的【域】文本框中填入域名“Default”,在【用户名】文本框中填入“admin”,在【密码】文本框中填入“000000”。然后,单击【登入】按钮。
.至此 ,Dashboard安装完毕
