OpenStack 介绍

openstack目前已经更新到P版,与以往不同的是之前每6个月发布一个新的版本,从P版本开始,每年会发布一个新的版本。

官方安装文档:https://docs.openstack.org/install-guide/

测试环境说明

控制节点(Controller): openstack-node1 <192.168.10.11>
计算节点(Computer): openstack-node2 <192.168.10.12> , openstack-node3 <192.168.10.13>
网络环境: 单一网络,桥接模式
存储模式: 本地存储

环境初始化准备

1、 安装ntp服务,同步时间。

2、安装openstack 包

# yum install  -y centos-release-openstack-pike

3、在node1安装数据库(https://docs.openstack.org/install-guide/environment-sql-database-rdo.html)

# yum install mariadb mariadb-server python2-PyMySQL -y

4、配置数据库并启动

vim /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 192.168.10.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启动数据库并初始化:

# systemctl enable mariadb.service
# systemctl start mariadb.service
# mysql_secure_installation

5、创建数据库

MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> create database cinder;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| cinder             |
| glance             |
| information_schema |
| keystone           |
| mysql              |
| neutron            |
| nova               |
| nova_api           |
| nova_cell0       |
| performance_schema |
+--------------------+
9 rows in set (0.00 sec)

授权:


MariaDB [(none)]> grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on keystone.* to 'keystone'@'%' identified by 'keystone';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on nova.* to 'nova'@'localhost' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on nova.* to 'nova'@'%' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on nova_api.* to 'nova'@'%' identified by 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on glance.* to 'glance'@'localhost' identified by 'glance';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on glance.* to 'glance'@'%' identified by 'glance';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on neutron.* to 'neutron'@'%' identified by 'neutron';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on cinder.* to 'cinder'@'localhost' identified by 'cinder';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all on cinder.* to 'cinder'@'%' identified by 'cinder';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%'    IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)

测试用户和授权:

[root@node1 ~]# mysql -ukeystone -pkeystone;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
+--------------------+
2 rows in set (0.00 sec)

[root@node1 ~]# mysql -unova -pnova;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| nova               |
| nova_api           |
+--------------------+
3 rows in set (0.00 sec)

[root@node1 ~]# mysql -uglance -pglance;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
+--------------------+
2 rows in set (0.01 sec)

[root@node1 ~]# mysql -uneutron -pneutron;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| neutron            |
+--------------------+
2 rows in set (0.00 sec)

[root@node1 ~]# mysql -ucinder -pcinder;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| cinder             |
| information_schema |
+--------------------+
2 rows in set (0.00 sec)

6、安装配置rabbitMQ

[root@node1 ~]# yum install rabbitmq-server -y
[root@node1 ~]# systemctl enable rabbitmq-server.service
[root@node1 ~]# systemctl start rabbitmq-server.service
[root@node1 ~]# rabbitmqctl add_user openstack openstack
[root@node1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

检查:
(1). 如果要通过web界面登录,查看rabbitMQ的状态,需要开启web登录的插件:

  rabbitmq-plugins enable rabbitmq_management

开启后会rabbitMQ会开启一个监听15672的端口,使用此端口登录web界面,使用账号guest/guest可查看当前状态。
(2). rabbitMQ会监听25672和2572端口。

7、安装配置memecache:

[root@node1 ~]#  yum install memcached python-memcached -y

修改配置文件,修改为本地IP地址和添加contoller节点的IP标识:

vim /etc/sysconfig/memcached

OPTIONS="-l 192.168.10.11,::1"

启动服务:

# systemctl enable memcached.service
# systemctl start memcached.service

8、控制节点安装如下软件包:
安装keystone

# yum install -y openstack-keystone httpd mod_wsgi 

安装Glance

# yum install -y openstack-glance

安装nova

# yum install -y openstack-nova-api openstack-nova-placement-api \
  openstack-nova-conductor openstack-nova-console \
  openstack-nova-novncproxy openstack-nova-scheduler

安装neutron

# yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables

安装OpenStack命令

yum install -y python-openstackclient openstack-selinux

9、计算节点安装 nova-computer 和neutron的相关组件:

# yum install -y openstack-nova-compute sysfsutils
# yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables 

安装Keystone服务

openstack 的Keystone 组件提供统一的用户注册和验证服务。keystone服务默认使用的端口为5000.
1、 修改配置文件/etc/keystone/keystone.conf,我们的控制节点为 192.168.10.11

[database]
# ...
connection = mysql+pymysql://keystone:[email protected]/keystone

[token]
# ...
provider = fernet

2、同步数据库:

# su -s /bin/sh -c "keystone-manage db_sync" keystone

检查同步是否成功:

# mysql -ukeystone -pkeystone -e "use keystone;show tables;"

3、初始化:

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

4、启动服务,指定密码为admin:

 keystone-manage bootstrap --bootstrap-password admin \
  --bootstrap-admin-url http://192.168.10.11:35357/v3/ \
  --bootstrap-internal-url http://192.168.10.11:5000/v3/ \
  --bootstrap-public-url http://192.168.10.11:5000/v3/ \
  --bootstrap-region-id RegionOne

5、配置Apache httpd,修改配置文件/etc/httpd/conf/httpd.conf: 修改为控制节点的IP

ServerName 192.168.10.11

6、创建软连接,将keystone的配置链接到apache:

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

7、启动服务,并设置自启动

# systemctl enable httpd.service
# systemctl start httpd.service

查看5000端口(public endpoint)和35357(admin endpoint)端口是否启动。
8、设置环境变量:

 export OS_USERNAME=admin
 export OS_PASSWORD=admin
 export OS_PROJECT_NAME=admin
 export OS_USER_DOMAIN_NAME=Default
 export OS_PROJECT_DOMAIN_NAME=Default
 export OS_AUTH_URL=http://192.168.10.11:35357/v3
 export OS_IDENTITY_API_VERSION=3

9、创建域,项目,用户和角色

  • 创建一个service 项目:
# openstack project create --domain default  --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 1b1aef4a9bda49d59ffa17cbae4d3247 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+
  • 创建一个demo的项目:
# openstack project create --domain default  --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | default                          |
| enabled     | True                             |
| id          | d63f87c94e634aefbdf3fa48d4f43b18 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | default                          |
+-------------+----------------------------------+
  • 创建一个demo的用户,并设置密码为 demo:
# openstack user create --domain default --password demo demo
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 8c10323be99e4597a099db1ba3b79627 |
| name                | demo                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
  • 创建一个用户角色:
# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | b3fb6198ad97428898db24d04a384e5d |
| name      | user                             |
+-----------+----------------------------------+
  • 将user角色添加到demo项目中,并给demo用户授予 user角色的权限:
openstack role add --project demo --user demo user

检查用户,角色,项目:

# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 8c10323be99e4597a099db1ba3b79627 | demo  |
| b6656538b5334a1cae296fee65ca122b | admin |
+----------------------------------+-------+

# openstack role list
+----------------------------------+----------+
| ID                               | Name     |
+----------------------------------+----------+
| 36e337bdc9c94785b4fce4e5e7cc5710 | admin    |
| 9fe2ff9ee4384b1894a90878d3e92bab | _member_ |
| b3fb6198ad97428898db24d04a384e5d | user     |
+----------------------------------+----------+

# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 0daaf987a867495fa0937a16b359c729 | admin   |
| 1b1aef4a9bda49d59ffa17cbae4d3247 | service |
| d63f87c94e634aefbdf3fa48d4f43b18 | demo    |
+----------------------------------+---------+

10 . Unset 掉临时的 OS_AUTH_URLOS_PASSWORD 环境变量,对admin用户和demo用户进行验证:

#  unset OS_AUTH_URL OS_PASSWORD

11 . 使用admin 用户,获取一个授权的token,使用 --os-password 指定用户密码:

#  openstack --os-auth-url http://192.168.10.11:35357/v3   --os-project-domain-name Default --os-user-domain-name Default   --os-project-name admin --os-username admin --os-password admin token issue 
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-01-09T10:49:13+0000                                                                                                                                                                |
| id         | gAAAAABaVJAZylB0puTtnl0DoU1rUSkNP4wOM_2CgL7j_rVRy7nowuQRX9LueUVbfR6jjeB4wtAWAfl39oeECgdEaJUrUBvLnpDAIHBP1lf1AVXFDyAYUEisUZFEC4TpULgxvRK7c98PjABWUQO27jY74zi7kdEtEH6J783TKARCpxr42dPFfbM |
| project_id | 0daaf987a867495fa0937a16b359c729                                                                                                                                                        |
| user_id    | b6656538b5334a1cae296fee65ca122b                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

12 . 尝试使用demo用户获取一个token:

#  openstack --os-auth-url http://192.168.10.11:5000/v3   --os-project-domain-name Default --os-user-domain-name Default   --os-project-name demo --os-username demo --os-password demo token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-01-09T10:54:39+0000                                                                                                                                                                |
| id         | gAAAAABaVJFfrjuHz6b6VIKFo59Z_pFF6bzdxmU7y81OhzznZ0QQIwsbiTgPrnCkC4DRBQAQ6uSj-M-kBQURHAwxHRhCvGxikhcNtsgLTH5d4xy_QIWLmAGapB90Gvykbqjz4EGjYTGWYT2vYg8K1fGiglNJZS8C-fqP6YDmDAQFLkaNVrqcs6Y |
| project_id | d63f87c94e634aefbdf3fa48d4f43b18                                                                                                                                                        |
| user_id    | 8c10323be99e4597a099db1ba3b79627                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

13 . 验证成功后,可以将admin和demo用户指定的参数使用环境变量的方式写到文件中,在使用不同用户进行操作时,就先执行此环境变量:

# cat admin-openstack.sh 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://192.168.10.11:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
# cat demo-openstack.sh 
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.10.11:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

通过执行 source admin-openstack.shsource demo-openstack.sh 来获取token ,确保获取成功。

# source admin-openstack.sh 
# openstack token issue
...
# source demo-openstack.sh 
# openstack token issue
...

查看服务:

[root@openstack-node1 ~]# source  admin-openstack.sh 
[root@openstack-node1 ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 5f6ad425ca88486083910af1cf7d2684 | keystone | identity |
+----------------------------------+----------+----------+

配置镜像服务Glance

1、创建一个glance的用户,设置密码为glance:

# openstack user create --domain default --password glance glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | d42073f41d3240db9db27ab493be3495 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

2、 将 glance用户添加到 Service 项目,并授予 admin的角色权限:

 #  openstack role add --project service --user glance admin

3、 创建一个glance的服务:

 # openstack service create --name glance  --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 9627ac8da083454cb644916a5a30525e |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

4、创建镜像服务的api ,endpoint。这里的endpoint实际上就是一个URL链接,分别为public、internal、admin。

 # openstack endpoint create --region RegionOne image public http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4d62369819b8441bbc73b5093b397093 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9627ac8da083454cb644916a5a30525e |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne   image internal http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 08f7962c2f544591af7ebd7e8c01a50a |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9627ac8da083454cb644916a5a30525e |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne   image admin http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 62d31d33d7b949ddb37960d5dfb04133 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 9627ac8da083454cb644916a5a30525e |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

5、修改glance配置,在 /etc/glance/glance-api.conf 中配置如下选项:

# egrep -v "^#|^$" /etc/glance/glance-api.conf

[database]
connection = mysql+pymysql://glance:[email protected]/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images

[keystone_authtoken]
auth_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:35357
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

6、修改 /etc/glance/glance-registry.conf 文件配置:

# egrep -v "^#|^$" /etc/glance/glance-registry.conf 

[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:35357
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone

6、 同步数据库:

# su -s /bin/sh -c "glance-manage db_sync" glance

7、启动服务:

# systemctl enable openstack-glance-api.service  openstack-glance-registry.service
# systemctl start openstack-glance-api.service  openstack-glance-registry.service

glance-api监听 9292端口, glance-registry 监听9191端口,可以通过如下命令查看:

ps aux|grep PID

8、对服务进行验证。下载示例的小镜像:

# source admin-openstack.sh 
# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

9、 添加此镜像到镜像服务,使用QCOW2的格式,容器格式为bare,指定权限为public:

#  openstack image create "cirros"   --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | f8ab98ff5e73ebab884d80c9dc9c7290                     |
| container_format | bare                                                 |
| created_at       | 2018-01-09T11:27:25Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/dc655534-2821-47c1-b9c4-8687b52dfdbc/file |
| id               | dc655534-2821-47c1-b9c4-8687b52dfdbc                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | 0daaf987a867495fa0937a16b359c729                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13267968                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2018-01-09T11:27:26Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+

10、 查看镜像:

# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| dc655534-2821-47c1-b9c4-8687b52dfdbc | cirros | active |
+--------------------------------------+--------+--------+

控制节点配置 nova 服务

1、创建nova 用户,设置密码为nova:

# source admin-openstack.sh 
#  openstack user create --domain default --password nova nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 6efaf22f5f17465fa72f83bb94da7418 |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

2、将nova用户添加到sevice项目,并授予admin权限:

# openstack role add --project service --user nova admin

3、创建一个nova的service:

#  openstack service create --name nova  --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 98402effc56a46c8b8f1f089faa38388 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

4、 创建计算服务的 API endpoint, 分别对应public ,internal, admin:

# openstack endpoint create --region RegionOne  compute public http://192.168.10.11:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e4217f184aa942d592c8882165c7179b |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 98402effc56a46c8b8f1f089faa38388 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://192.168.10.11:8774/v2.1   |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne   compute internal http://192.168.10.11:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 63daae9015cd4b4ca87f5258c347eb97 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 98402effc56a46c8b8f1f089faa38388 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://192.168.10.11:8774/v2.1   |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne compute admin http://192.168.10.11:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ec346833eba94099be33e7390579f712 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 98402effc56a46c8b8f1f089faa38388 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://192.168.10.11:8774/v2.1   |
+--------------+----------------------------------+

5、 创建一个placement的用户,并设置密码为placement:

# openstack user create --domain default --password placement placement
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | b1324b8660e741b2956f63be2b3a5d69 |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

6、添加placement 用户到 servi项目,并授予 admin权限:

# openstack role add --project service --user placement admin

7、创建placement的服务:

# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | df983a5c65d0458a8ddc93ffebf49f92 |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+

8、创建placement api endpoint,指定 public ,internal,admin:

# openstack endpoint create --region RegionOne placement public http://192.168.10.11:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 77e40ae383774440a1d26c749205a019 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | df983a5c65d0458a8ddc93ffebf49f92 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.10.11:8778        |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne placement internal http://192.168.10.11:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 78a4e9b6032a4174a2d4854a93305a1e |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | df983a5c65d0458a8ddc93ffebf49f92 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.10.11:8778        |
+--------------+----------------------------------+

# openstack endpoint create --region RegionOne placement admin http://192.168.10.11:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 7d975e3e5d8c4952a6a96903e5e6a36b |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | df983a5c65d0458a8ddc93ffebf49f92 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.10.11:8778        |
+--------------+----------------------------------+

9、修改 nova 配置文件 /etc/nova/nova.conf :

# egrep  -v "^$|^#" /etc/nova/nova.conf

[DEFAULT]
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
transport_url=rabbit://openstack:[email protected]
[api]
auth_strategy=keystone
[api_database]
connection=mysql+pymysql://nova:[email protected]/nova_api

[database]
connection=mysql+pymysql://nova:[email protected]/nova

[glance]
api_servers=http://192.168.10.11:9292

[keystone_authtoken]
auth_uri = http://192.168.10.11:5000
auth_url = http://192.168.10.11:35357
memcached_servers = 192.168.10.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path=/var/lib/nova/tmp

[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://192.168.10.11:35357/v3
username = placement
password = placement

[vnc]
enabled=true
vncserver_listen=192.168.10.11
vncserver_proxyclient_address=192.168.10.11

10、对软件包的 bug修复,需要添加如下内容到 /etc/httpd/conf.d/00-nova-placement-api.conf文件中(添加到虚拟主机中):


   = 2.4>
      Require all granted
   
   
      Order allow,deny
      Allow from all
   

11、 重启 httpd的服务:

# systemctl restart httpd

12、 同步nova-api数据:

su -s /bin/sh -c "nova-manage api_db sync" nova

13、注册cell0:

# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

14 、创建 cell1:

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
eab4a5f9-04fb-40fa-bf78-c6cd75ab93b1

15、 同步nova 数据库:

# su -s /bin/sh -c "nova-manage db sync" nova

16、 查看cell和cell是否注册成功。

# nova-manage cell_v2 list_cells
+-------+--------------------------------------+
| Name  | UUID                                 |
+-------+--------------------------------------+
| cell1 |ddc4df46-fd96-4778-b312-95e8ad37e3d3 |
| cell0 | 00000000-0000-0000-0000-000000000000 |
+-------+--------------------------------------+

17、启动服务:

# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

验证控制节点服务

查看各个服务状态:

[root@openstack-node1 ~]# openstack service list
+----------------------------------+-----------+-----------+
| ID                               | Name      | Type      |
+----------------------------------+-----------+-----------+
| 5f6ad425ca88486083910af1cf7d2684 | keystone  | identity  |
| 9627ac8da083454cb644916a5a30525e | glance    | image     |
| 98402effc56a46c8b8f1f089faa38388 | nova      | compute   |
| df983a5c65d0458a8ddc93ffebf49f92 | placement | placement |
+----------------------------------+-----------+-----------+

[root@openstack-node1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                            |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+
| 08f7962c2f544591af7ebd7e8c01a50a | RegionOne | glance       | image        | True    | internal  | http://192.168.10.11:9292      |
| 25168e5be3504fd7a1ec442e518e0af2 | RegionOne | keystone     | identity     | True    | public    | http://192.168.10.11:5000/v3/  |
| 314e7ec43fb7410e94cdf41b6e72f207 | RegionOne | keystone     | identity     | True    | admin     | http://192.168.10.11:35357/v3/ |
| 4d62369819b8441bbc73b5093b397093 | RegionOne | glance       | image        | True    | public    | http://192.168.10.11:9292      |
| 62d31d33d7b949ddb37960d5dfb04133 | RegionOne | glance       | image        | True    | admin     | http://192.168.10.11:9292      |
| 63daae9015cd4b4ca87f5258c347eb97 | RegionOne | nova         | compute      | True    | internal  | http://192.168.10.11:8774/v2.1 |
| 77e40ae383774440a1d26c749205a019 | RegionOne | placement    | placement    | True    | public    | http://192.168.10.11:8778      |
| 78a4e9b6032a4174a2d4854a93305a1e | RegionOne | placement    | placement    | True    | internal  | http://192.168.10.11:8778      |
| 7d975e3e5d8c4952a6a96903e5e6a36b | RegionOne | placement    | placement    | True    | admin     | http://192.168.10.11:8778      |
| 9bd7115ba69a43a8bfed68edbd1ad992 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.10.11:5000/v3/  |
| e4217f184aa942d592c8882165c7179b | RegionOne | nova         | compute      | True    | public    | http://192.168.10.11:8774/v2.1 |
| ec346833eba94099be33e7390579f712 | RegionOne | nova         | compute      | True    | admin     | http://192.168.10.11:8774/v2.1 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------+

[root@openstack-node1 ~]# openstack compute service list
+----+------------------+-----------------+----------+---------+-------+----------------------------+
| ID | Binary           | Host            | Zone     | Status  | State | Updated At                 |
+----+------------------+-----------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | openstack-node1 | internal | enabled | up    | 2018-01-10T09:33:17.000000 |
|  2 | nova-scheduler   | openstack-node1 | internal | enabled | up    | 2018-01-10T09:33:18.000000 |
|  3 | nova-conductor   | openstack-node1 | internal | enabled | up    | 2018-01-10T09:33:18.000000 |
+----+------------------+-----------------+----------+---------+-------+----------------------------+

下一节将介绍其它组件的配置。