OpenStack是一个免费开放源代码的云计算平台,用户可以将其部署成为一个基础设施即服务(Iaas)的解决方案。OpenStack不是一个单一的项目,而是由许多相关的项目组成,包括Nova、Swift、Keystone、Horizon等。这些项目分别实现了不同的功能,例如弹性计算服务、对象存储服务、虚拟机磁盘镜像服务、安全统一认证服务以及管理平台
OpenStack最早开始于2010年,作为美国国家航空航天局和Rackspace合作研发的云端运算软件项目,目前OpenStack由OpenStack基金会管理,该基金会是一个非营利性组织,创立于2012年。现在有超过200家公司参与了该项目,包括Arista Networks、AT&T、AMD、Cisco、Dell、EMC、HP、IBM、Intel、NEC、NetApp、Red Hat等大型公司
OpenStack发展非常迅速,已经发布了11个版本,每个版本都有代号,分别为Austin、Bexar、Cactus、Diablo、Essex、Folsom、Grizzly、Havana、Icahouse、Juno以及最新的Kilo
除了OpenStack之外,还有一些其他的云计算平台,例如Eucalyptus、AbiCloud、OpenNebula等,这些云计算平台都有自己的特点
PackStack主要是由RedHat推出的用于概念验证(PoCket)环境快速部署的工具,PackStack是一个命令行工具,它使用了Python封装了Puppet模块,通过SSH在服务器上部署OpenStack
PackStack支持三种运行模式:
快速运行
交互式运行
非交互式运行
PackStack支持两种部署架构:
All-in-One(单节点):即所有的服务部署在一台服务器上
Multi-Node(多节点):即控制节点和计算机分离
在packstack命令后,使用--allinone参数在本机上部署所有服务
packstack --allinone
使用--install-hosts参数来运行packstack,该参数值是由一个逗号隔开的IP地址列表,首个为控制节点,其余全为计算节点
packstack --install-hosts=CONTROLLER_ADDRESS,NODE_ADDRESSES
STEP1:如果希望以交互式的方式进行集群部署,可以在命令行下直接输入:
packstack
STEP2:packstack会提示你输入一个用于保存公共密钥的路径,直接按回车(输入Enter),则会默认存储至~/.ssh/id_rsa.pub
Enter the path to your ssh Public key to install on servers:
STEP3:packstack提示输入一个默认密码,该密码讲作为admin user密码,不输入则随机生成
Enter a default password to be used. Leave blank for a randomly generated one. :
STEP4:输入每个wsgi服务的进程数,默认等于CPU的核数
Enter the amount of service workers/threads to use for each service. Leave blank to use the default. [%{::processorcount}] :
STEP5:确认是否需要安装MariaDB数据库,默认为y
Should Packstack install MariaDB [y|n] [y] :
STEP6:确认是否安装OpenStack组件,可以根据需要定制服务,无默认值
Should Packstack install OpenStack Image Service (Glance) [y|n] [y] :
↑镜像管理模块
Should Packstack install OpenStack Block Storage (Cinder) [y|n] [y] :
↑块存储模块
Should Packstack install OpenStack Shared File System (Manila) [y|n] [n] :
↑共享存储模块
Should Packstack install OpenStack Compute (Nova) [y|n] [y] :
↑计算模块
Should Packstack install OpenStack Networking (Neutron) [y|n] [y] :
↑虚拟网络模块
Should Packstack install OpenStack Dashboard (Horizon) [y|n] [y] :
↑控制台模块
Should Packstack install OpenStack Object Storage (Swift) [y|n] [y] :
↑对象存储模块
Should Packstack install OpenStack Metering (Ceilometer) [y|n] [y] :
↑计量计费模块
Should Packstack install OpenStack Telemetry Alarming (Aodh) [y|n] [y] :
↑告警模块
Should Packstack install OpenStack Events Service (Panko) [y|n] [n] :
↑元数据索引,事件存储模块
Should Packstack install OpenStack Clustering (Sahara). If yes it'll also install Heat. [y|n] [n] :
↑集群模块
Should Packstack install OpenStack Orchestration (Heat) [y|n] [n] :
↑编排模块
Should Packstack install OpenStack Container Infrastructure Management Service (Magnum) [y|n] [n] :
↑集群基础设施管理模块
Should Packstack install OpenStack Database (Trove) [y|n] [n] :
↑数据库模块
Should Packstack install OpenStack Bare Metal (Ironic) [y|n] [n] :
↑云基础设施部署模块
Should Packstack install OpenStack client tools [y|n] [y] :
↑OpenStack客户端工具
STEP7:PackStack为所有服务配置NTP服务来校准系统时间,NTP设置只对多节点有意义
Enter a comma separated list of NTP server(s). Leave plain if Packstack should not install ntpd on instances.:
STEP8:是否安装Nagios监控服务
Should Packstack install Nagios to monitor OpenStack hosts [y|n] [y] :
STEP9:哪些服务器在本次安装被排除在外
Enter a comma separated list of server(s) to be excluded. Leave plain if you don't need to exclude any server.:
STEP10:是否启用调试模式
Do you want to run OpenStack services in debug mode [y|n] [n] :
STEP11:指定控制器的地址
Enter the controller host [192.168.1.101] :
STEP12:指定计算节点的地址
Enter list of compute hosts [192.168.1.101] :
STEP13:指定网络节点的地址
Enter list of network hosts [192.168.1.101] :
STEP14:是否使用VMware vCenter作为hypervisor和datastore的后端
Do you want to use VMware vCenter as hypervisor and datastore [y|n] [n] :
STEP15:指定是否使用不指定的参数,推荐使用默认设置:
Enable this on your own risk. Do you want to use unsupported parameters [y|n] [n] :
STEP16:网卡名称是否被自动识别为子网+CIDR的格式
Should interface names be automatically recognized based on subnet CIDR [y|n] [n] :
STEP17:是否为每个服务器订阅Extra Packstacks for Enterprise Linux(EPEL),建议使用默认设置
To subscribe each server to EPEL enter "y" [y|n] [n] :
STEP18:是否启用自定义的软件包仓库
Enter a comma separated list of URLs to any additional yum repositories to install:
STEP19:是否启用RDO test
To enable rdo testing enter "y" [y|n] [n] :
STEP20:是否启用Red Hat订阅,跳过即可
To subscribe each server to Red Hat enter a username :
To subscribe each server with RHN Satellite enter RHN Satellite server URL:
STEP21:SSL证书相关操作
Specify a Satellite 6 Server to register to. If not specified, Packstack will register the system to the Red Hat server. When this option is specified, you also need to set the Satellite 6 organization and an activation key.:
Enter the filename of the SSL CAcertificate, if the CONFIG_SSL_CACERT_SELFSIGN is set to y the path will be CONFIG_SSL_CERT_DIR/certs/selfcert.crt [/etc/pki/tls/certs/selfcert.crt] :
Enter the filename of the SSL CAcertificate Key file, if the CONFIG_SSL_CACERT_SELFSIGN is set to y the path will be CONFIG_SSL_CERT_DIR/keys/selfkey.key [/etc/pki/tls/private/selfkey.key] :
Enter the path to use to store generated SSL certificates in [~/packstackca/] :
Should packstack use selfsigned CAcert. [y|n] [y] :
Enter the ssl certificates subject country. [--] :
Enter the ssl certificates subject state. [State] :
Enter the ssl certificate subject location. [City] :
Enter the ssl certificate subject organization. [openstack] :
Enter the ssl certificate subject organizational unit. [packstack] :
Enter the ssl certificaate subject common name. [controller] :
Enter the ssl certificate subject admin email. [admin@controller] :
STEP22:配置AMQP服务,默认会使用RabbitMQ作为backend,不启用身份验证和SSL
Set the AMQP service backend [rabbitmq] [rabbitmq] :
Enter the host for the AMQP service [192.168.1.101] :
Enable SSL for the AMQP service? [y|n] [n] :
Enable Authentication for the AMQP service? [y|n] [n] :
STEP23:配置MariaDB服务
Enter the IP address of the MariaDB server [192.168.1.101] :
Enter the password for the MariaDB admin user :
Confirm password :
STEP24:配置Identify服务,包括设置数据库连接的密码,创建默认的admin,demo与用户等基本操作
Enter the password for the Keystone DB access :
Confirm password :
Enter y if cron job to rotate Fernet tokens should be created [y|n] [y] :
Confirm password [y|n] [y] :
Region name [RegionOne] :
Enter the email address for the Keystone admin user [root@localhost] :
Enter the username for the Keystone admin user [admin] :
Enter the password for the Keystone admin user :
Confirm password :
Enter the password for the Keystone demo user :
Confirm password :
Enter the Keystone token format. [FERNET] [FERNET] :
Enter the Keystone identity backend type. [sql|ldap] [sql] :
STEP25:配置Image服务,包括设置数据库连接密码,glance用户密码,后端存储
Enter the password for the Glance DB access :
Confirm password :
Enter the password for the Glance Keystone access :
Confirm password :
Glance storage backend [file|swift] [file] :
STEP26:配置块存储服务,包括设置数据库连接密码,cinder用户和密码
Enter the password for the Cinder DB access :
Confirm password :
Enter y if cron job for removing soft deleted DB rows should be created [y|n] [y] :
Confirm password [y|n] [y] :
Enter the password for the Cinder Keystone access :
Confirm password :
Enter the Cinder backend to be configured [lvm|gluster|nfs|vmdk|netapp|solidfire] [lvm] :
Should Cinder's volumes group be created (for proof-of-concept installation)? [y|n] [y] :
Enter a name for the Cinder volume [cinder-volumes] :
Enter Cinder's volumes group usable size [20G] :
Enter y if cron job for removing soft deleted DB rows should be created [y|n] [y] :
Confirm password [y|n] [y] :
Enter the password for the Nova DB access :
Confirm password :
Enter the password for the Nova Keystone access :
Confirm password :
STEP27:配置计算服务,包括flavor,资源虚拟比,迁移,虚拟化软件等参数的设置
Should Packstack manage default Nova flavors [y|n] [y] :
Enter the CPU overcommitment ratio. Set to 1.0 to disable CPU overcommitment [16.0] :
Enter the RAM overcommitment ratio. Set to 1.0 to disable RAM overcommitment [1.5] :
Enter protocol which will be used for instance migration [tcp|ssh] [ssh] :
Enter the path to a PEM encoded certificate to be used on the https server, leave blank if one should be generated, this certificate should not require a passphrase:
Enter the SSL keyfile corresponding to the certificate if one was entered:
Enter the PCI passthrough array of hash in JSON style for controller eg. [{'vendor_id':'1234', 'product_id':'5678', 'name':'default'}, {...}] :
Enter the PCI passthrough whitelist as array of hash in JSON style for controller eg. [{'vendor_id':'1234', 'product_id':'5678', 'name':'default'}, {...}]:
The nova hypervisor that should be used. Either qemu or kvm. [qemu|kvm] [%{::default_hypervisor}] :
Confirm password [qemu|kvm] [%{::default_hypervisor}] :
STEP28:配置网络服务,包括从组件,接口,网络驱动等细节的设置
Enter the password for Neutron Keystone access :
Confirm password :
Enter the password for Neutron DB access :
Confirm password :
Enter the ovs bridge the Neutron L3 agent will use for external traffic, or 'provider' if using provider networks. [br-ex] :
Enter Neutron metadata agent password :
Confirm password :
Should Packstack install Neutron LBaaS [y|n] [n] :
Should Packstack install Neutron L3 Metering agent [y|n] [y] :
Would you like to configure neutron FWaaS? [y|n] [n] :
Would you like to configure neutron VPNaaS? [y|n] [n] :
Enter a comma separated list of network type driver entrypoints [local|flat|vlan|gre|vxlan] [vxlan] :
Enter a comma separated ordered list of network_types to allocate as tenant networks [local|vlan|gre|vxlan] [vxlan] :
Enter a comma separated ordered list of networking mechanism driver entrypoints [logger|test|linuxbridge|openvswitch|hyperv|ncs|arista|cisco_nexus|mlnx|l2population|sriovnicswitch] [openvswitch] :
Enter a comma separated list of physical_network names with which flat networks can be created [*] :
Enter a comma separated list of physical_network names usable for VLAN:
Enter a comma separated list of : tuples enumerating ranges of GRE tunnel IDs that are available for tenant network allocation:
Enter a multicast group for VXLAN:
Enter a comma separated list of : tuples enumerating ranges of VXLAN VNI IDs that are available for tenant network allocation [10:100] :
Enter the name of the L2 agent to be used with Neutron [linuxbridge|openvswitch] [openvswitch] :
Enter a comma separated list of supported PCI vendor devices, defined by vendor_id:product_id according to the PCI ID Repository. [['15b3:1004', '8086:10ca']] :
Set to y if the sriov agent is required [y|n] [n] :
Enter a comma separated list of interface mappings for the Neutron ML2 sriov agent:
Enter a comma separated list of bridge mappings for the Neutron openvswitch plugin:
Enter a comma separated list of OVS bridge:interface pairs for the Neutron openvswitch plugin:
Enter a comma separated list of bridges for the Neutron OVS plugin in compute nodes. They must be included in os-neutron-ovs-bridge-mappings and os-neutron-ovs-bridge-interfaces.:
Enter interface with IP to override the default tunnel local_ip:
Enter comma separated list of subnets used for tunneling to make them allowed by IP filtering.:
Enter VXLAN UDP port number [4789] :
STEP29:设置Dashboard服务,是否开启HTTPS服务
Would you like to set up Horizon communication over https [y|n] [n] :
STEP30:皮质对象存储服务,包括逻辑设备,zone,replicas,文件系统和块设备大小的配置:
Enter the Swift Storage devices e.g. /path/to/dev:
Enter the number of swift storage zones, MUST be no bigger than the number of storage devices configured [1] :
Enter the number of swift storage replicas, MUST be no bigger than the number of storage zones configured [1] :
Enter FileSystem type for storage nodes [xfs|ext4] [ext4] :
Enter the size of the storage device (eg. 2G, 2000M, 2000000K) [2G] :
STEP31:是否启用Tempest服务
Would you like to provision for demo usage and testing [y|n] [y] :
Would you like to configure Tempest (OpenStack test suite). Note that provisioning is only supported for all-in-one installations. [y|n] [n] :
STEP32:设置Floating IP网段
Enter the network address for the floating IP subnet [172.24.4.224/28] :
STEP33:设置测试镜像的名称,源地址,格式等配置
Enter the name to be assigned to the demo image [cirros] :
Enter the location of an image to be loaded into Glance [http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img] :
Enter the format of the demo image [qcow2] :
Enter the name of a user to use when connecting to the demo image via ssh [cirros] :
Enter the name to be assigned to the uec image used for tempest [cirros-uec] :
Enter the location of a uec kernel to be loaded into Glance [http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-kernel] :
Enter the location of a uec ramdisk to be loaded into Glance [http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-initramfs] :
Enter the location of a uec disk image to be loaded into Glance [http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img] :
Would you like to configure the external ovs bridge [y|n] [y] :
STEP34:设置Ceilometer,Aodh,Gnocchi服务
Enter the password for Gnocchi DB access :
Confirm password :
Enter the password for the Gnocchi Keystone access :
Confirm password :
Enter the password for the Ceilometer Keystone access :
Confirm password :
Enter the Ceilometer service name. [ceilometer|httpd] [httpd] :
Enter the host for the MongoDB server [10.211.55.8] :
Enter the host for the Redis server [10.211.55.8] :
Enter the port of the redis server(s) [6379] :
Enter the password for the Aodh Keystone access :
Confirm password :
STEP35:设置nagios用户的密码
Enter the password for the nagiosadmin user :
STEP36:最后一步,确认生成的配置是否符合期望,输入yes,并按回车键开始执行操作
Packstack will be installed using the following configuration:
==============================================================
ssh-public-key: /root/.ssh/id_rsa.pub
default-password:
service-workers: %{::processorcount}
mariadb-install: y
......
aodh-ks-passwd: ********
nagios-passwd: ********
Proceed with the configuration listed above? (yes|no):
STEP1:使用该命令生成一个answer file
packstack --gen-answer-file=my_file
STEP2:使用vim打开文件,每个配置项都含有详细的说明
[general]
# Path to a public key to install on servers. If a usable key has not
# been installed on the remote servers, the user is prompted for a
# password and this key is installed so the password will not be
# required again.
CONFIG_SSH_KEY=/root/.ssh/id_rsa.pub
# Default password to be used everywhere (overridden by passwords set
# for individual services or users).
CONFIG_DEFAULT_PASSWORD=
# The amount of service workers/threads to use for each service.
# Useful to tweak when you have memory constraints. Defaults to the
# amount of cores on the system.
CONFIG_SERVICE_WORKERS=%{::processorcount}
# Specify 'y' to install MariaDB. ['y', 'n']
CONFIG_MARIADB_INSTALL=y
# Specify 'y' to install OpenStack Image Service (glance). ['y', 'n']
CONFIG_GLANCE_INSTALL=y
# Specify 'y' to install OpenStack Block Storage (cinder). ['y', 'n'] CONFIG_CINDER_INSTALL=y
# Specify 'y' to install OpenStack Shared File System (manila). ['y','n']
STEP3:假如,你不许忘配置MariaDB,只需要将CONFIG_MARIADB_INSTALL,设置为n:
CONFIG_MARIADB_INSTALL=n
STEP4:保存并退出my_file,在终端下运行以下命令指定相应的配置文件
packstack --answer-file=my_file
执行下述命令可以看到详细指南
packstack --help
查看packstack版本号
packstack --version
生成一个应答文件GEN_ANSWER_FILE为自定义文件名
packstack --gen-answer-file=GEN_ANSWER_FILE
检查该应答文件内是否存在意外的选项(错误项)
packstack --validate-answer-file=VALIDATE_ANSWER_FILE
运行在非交互模式下,从该配置文件中提取所有配置,使用此选项将排除所有其他选项
packstack --answer-file=ANSWER_FILE
多节点安装,使用逗号分隔主机,第一个主机为控制节点,其余为计算节点,如果只提供一个主机,则等于allinone
packstack --install-hosts=INSTALL_HOSTS
将所以节点,模块安装在一台服务器,这样可以快速的部署一台单节点OpenStack
packstack --allinone
输入SSH公钥,如果未输入,则会提示用户输入远端密码,反之则不需要输入密码
packstack --ssh-public-key=SSH_PUBLIC_KEY
输入默认密码,默认密码将被用于任何地方
packstack --default-password=DEFAULT_PASSWORD
每个服务使用的线程数量,默认为CPU的核数
packstack --service-workers=SERVICE_WORKERS
是否安装MariaDB数据库
packstack --mariadb-install=MARIADB_INSTALL
是否安装GLANCE镜像管理模块
packstack --os-glance-install=OS_GLANCE_INSTALL
是否安装Cinder块存储模块
packstack --os-cinder-install=OS_CINDER_INSTALL
是否安装Manila共享存储模块
packstack --os-manila-install=OS_MANILA_INSTALL
是否安装Nova计算模块
packstack --os-nova-install=OS_NOVA_INSTALL
是否安装Meutron虚拟网络模块
packstack --os-neutron-install=OS_NEUTRON_INSTALL
是否安装Horizon控制台模块
packstack --os-horizon-install=OS_HORIZON_INSTALL
STEP1:部署前的准备,OpenStack对软硬件环境都有一定要求,用户可以选择其他基于RHEL的发行版,例如CentOS6.5及之后的版本,Scientific Linux6.5或者Fedora20以上,虚拟机硬件规格要求如下:
名称 | 要求 |
处理器 | 推荐2核以上 |
内存 | 推荐4G以上 |
磁盘 | 推荐20G以上 |
网卡 | 至少一块1G网卡 |
操作系统 | CentOS7 |
STEP2:获取,阿里云,网易,中科大的CentOS7的yum源,生成缓存并安装rdo-release.rpm包(包含了一些YUM源)
cd /etc/yum.repos.d/
wget -O wangyi.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
wget -O aly.repo http://mirrors.aliyun.com/repo/Centos-7.repo
wget -O zkdy.repo https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/centos?codeblock=3
yum makecache
yum install -y https://www.rdoproject.org/repos/rdo-release.rpm
STEP3:升级系统中的软件并安装Packstack(通过PackStack部署OpenStack)
yum upgrade -y && yum install -y openstack-packstack
STEP4:停止NetworkManager服务与关闭开机自启动,停止防火墙并取消开机自启动,关闭SELinux
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl stop firewalld
systemctl diable firewalld
setenforce 0
STEP5:使用packstack --allinone命令安装OpenStack单节点
[root@server2 ~]# packstack --allinone
Welcome to the Packstack setup utility
The installation log file is available at:
/var/tmp/packstack/20191031-031828-x2bFRo/openstack-setup.log
Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries [ DONE ]
Setting up CACERT [ DONE ]
Preparing AMQP entries [ DONE ]
Preparing MariaDB entries [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries [ DONE ]
Preparing Glance entries [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Preparing Cinder entries [ DONE ]
Preparing Nova API entries [ DONE ]
Creating ssh keys for Nova migration [ DONE ]
Gathering ssh host keys for Nova migration [ DONE ]
Preparing Nova Compute entries [ DONE ]
Preparing Nova Scheduler entries [ DONE ]
Preparing Nova VNC Proxy entries [ DONE ]
Preparing OpenStack Network-related Nova entries [ DONE ]
Preparing Nova Common entries [ DONE ]
Preparing Neutron LBaaS Agent entries [ DONE ]
Preparing Neutron API entries [ DONE ]
Preparing Neutron L3 entries [ DONE ]
Preparing Neutron L2 Agent entries [ DONE ]
Preparing Neutron DHCP Agent entries [ DONE ]
Preparing Neutron Metering Agent entries [ DONE ]
Checking if NetworkManager is enabled and running [ DONE ]
Preparing OpenStack Client entries [ DONE ]
Preparing Horizon entries [ DONE ]
Preparing Swift builder entries [ DONE ]
Preparing Swift proxy entries [ DONE ]
Preparing Swift storage entries [ DONE ]
Preparing Gnocchi entries [ DONE ]
Preparing Redis entries [ DONE ]
Preparing Ceilometer entries [ DONE ]
Preparing Aodh entries [ DONE ]
Preparing Puppet manifests [ DONE ]
Copying Puppet modules and manifests [ DONE ]
Applying 192.168.1.11_controller.pp
192.168.1.11_controller.pp: [ DONE ]
Applying 192.168.1.11_network.pp
192.168.1.11_network.pp: [ DONE ]
Applying 192.168.1.11_compute.pp
192.168.1.11_compute.pp: [ DONE ]
Applying Puppet manifests [ DONE ]
Finalizing [ DONE ]
**** Installation completed successfully ******
STEP6:OpenStack默认登录密码在/root/keystonerc_admin
cat /root/keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='13bf16e3aabb4fd9'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.1.11:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
STEP7:登录OpenStack测试安装
本实验最终目的为实现OpenStack-Queens版本的全手动安装,系统版本为Centos7.7
配置顺序:
服务器网络
网络时间协议(NTP)
OpenStack软件包(centos-release-openstack-queens)
SQL数据库(mariadb)
高级消息队列协议(memcached)
分布式高速缓存系统(RabbitMQ)
分布式键值存储系统(Etcd)
身份认证服务(Identity)
镜像存储服务(Image)
计算节点服务(Nova)
网络节点服务(Neutron)
图形管理模块(Dashboard)[可选]
块存储服务(Block Storage)[可选]
STEP1:将controller节点的网络连接到互联网
ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.100.11 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::250:56ff:fe20:2f03 prefixlen 64 scopeid 0x20
ether 00:50:56:20:2f:03 txqueuelen 1000 (Ethernet)
RX packets 102 bytes 12659 (12.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 95 bytes 13609 (13.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
STEP2:将compute节点的网络连接到互联网
ifconfig
ens33: flags=4163 mtu 1500
inet 192.168.100.12 netmask 255.255.255.0 broadcast 192.168.100.255
inet6 fe80::20c:29ff:fe32:5d62 prefixlen 64 scopeid 0x20
ether 00:0c:29:32:5d:62 txqueuelen 1000 (Ethernet)
RX packets 81 bytes 10661 (10.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 83 bytes 11653 (11.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
设置主机名和hosts文件
STEP1:修改服务器的hostname
[root@controller ~]# vim /etc/hostname
controller
[root@compute ~]# vim /etc/hostname
compute
STEP2:修改两台服务器的/etc/hosts文件
vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.11 controller
192.168.100.12 compute
STEP3:获取网易,中科大的Centos7YUM源
cd /etc/yum.repos.d/
wget -O wangyi.repo http://mirrors.163.com/.help/CentOS7-Base-163.repo
wget -O zkdy.repo https://lug.ustc.edu.cn/wiki/_export/code/mirrors/help/centos?codeblock=3
STEP4:升级软件包(控制节点和计算节点)
yum upgrade -y
时间同步
STEP1:安装chrony软件(两台都安装)
yum install chrony -y
STEP2:重启并设置chrony开机自启动
systemctl restart chronyd
systemctl enable chronyd
STEP3:使用chrony命令验证时间同步
chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ntp1.flashdance.cx 0 6 0 - +0ns[ +0ns] +/- 0ns
^? ntp1.ams1.nl.leaseweb.net 0 7 0 - +0ns[ +0ns] +/- 0ns
^* 162.159.200.1 3 6 37 47 -3360us[ +18ms] +/- 90ms
^- electabuzz.felixc.at 3 6 37 54 -22ms[ -22ms] +/- 169ms
STEP1:在/etc/yum.repos.d/目录下,创建yum文件,并输入下述内容
[openstack]
name=openstack
baseurl=https://mirrors.aliyun.com/centos/7.7.1908/extras/$basearch
gpgcheck=0
enabled=1
gpgkey=http://vault.centos.org/RPM-GPG-KEY-CentOS-7
STEP2:安装OpenStack-Queens版本包
yum install -y centos-release-openstack-queens
STEP3:安装OpenStack客户端python-openstackclient,安装openstack-selinux以自动管理OpenStack服务的安全策略
yum install python-openstackclient openstack-selinux -y
大多数OpenStack服务都是用SQL数据库来存储信息,数据库通常在控制器节点上运行,本文根据发行版使用MariaDB或MySQL,当然Openstack还支持其他数据库,例如PostgreSQL等
STEP1:安装软件包
yum install -y mariadb mariadb-server python2-PyMySQL
STEP2:创建并编辑/etc/my.cnf.d/openstack.cnf,输入下述内容
[mysqld]
bind-address = 192.168.100.11
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
STEP3:启动数据库服务并设置开机自启动
systemctl restart mariadb
systemctl enable mariadb
STEP4:运行mysql_secure_installation脚本来保护数据库服务
mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n]
Remove anonymous users? [Y/n]
不允许root用户远程登陆“是/否”,输入n
Disallow root login remotely? [Y/n]
是否现在重新加载特权表,输入y
Reload privilege tables now? [Y/n]
OpenStack使用消息队列来协调服务之间的操作和状态信息,消息队列服务通常在控制器节点上运行。OpenStack支持多种消息队列服务,包括RabbitMQ,Qpid,ZeroMQ,但是打包OpenStack的大多出发行版都支持特定的消息队列服务,此处使用了RabbitMQ消息队列服务,因为大多数发行版都支持该消息队列
STEP1:安装RabbitMQ软件包
yum install -y rabbitmq-server
STEP2:启动消息队列服务并设置开机自启动
systemctl start rabbitmq-server
systemctl enable rabbitmq-server
STEP3:添加OpenStack用户(RABBIT_PASSWORD意为自定义密码)
rabbitmqctl add_user openstack RABBIT_PASSWOR
STEP4:允许用户配置,写入和读取访问权限openstack:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
服务的身份验证机制使用Memcached来缓存令牌,memcached服务通常在控制器节点上运行,对于生产部署,建议启用防火墙,身份验证和加密的组合来保护其安全
STEP1:安装memcached软件包
yum install -y memcached python-memcached
STEP2:编辑/etc/sysconfig/memcached文件并做一下修改
OPTIONS="-l 127.0.0.1,::1,controller"
STEP3:启动memcached服务并设置开机自启动
systemctl start memcached
systemctl enable memcached
STEP1:安装etcd软件
yum install -y etcd
STEP2:编辑/etc/etcd/etcd.conf文件并完成以下编辑任务
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="192.168.100.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
STEP3:开启etcd服务并设置为开机自启动
systemctl enable etcd
systemctl start etcd
数据库配置
STEP1:使用root用户登录到mysql
mysql -u root -p
STEP2:常见keystone数据库
CREATE DATABASE keystone;
STEP3:对keystone数据库赋予相应的权限,KEYSTONE_DBPASS自行替换为密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
安装&配置
STEP1:输入下述命令以安装软件包
yum install -y openstack-keystone httpd mod_wsgi
STEP2:编辑/etc/keystone/keystone.conf文件,完成以下配置任务:
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
STEP3:初始化身份认证服务的数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
STEP4:初始化Fernet密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
STEP5:引导身份验证服务,第一行末尾的ADMIN_PASS需要自行修改,不要漏了
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
配置Apache HTTP服务
STEP1:配置Apache HTTP服务器,编辑/etc/httpd/conf/httpd.conf文件,将其中的“ServerName”参数设置为控制节点名
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
STEP2:将/usr/share/keystone/wsgi-keystone.conf复制到/etc/httpd/conf.d目录下
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
STEP3:启动Apache服务并设置开机自启动
systemctl enable httpd
systemctl start httpd
配置环境变量
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
创建项目、用户和角色
openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | ca8a4ec0552846c0901573b586cdf347 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 4bace4eb28cc4370a16dbce60083b8f6 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1efaa2c49a83415e8480c9263becfb37 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 366de1c6af5d4b4eb85dbd2271ac8f42 |
| name | user |
+-----------+----------------------------------+
openstack role add --project demo --user demo user
验证操作
STEP1:重置OS_TOKEN和OS_URL环境变量:
unset OS_TOKEN OS_URL
STEP2:使用admin用户,请求认证令牌
openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-11-07T10:40:47+0000 |
| id | gAAAAABdw-af16rq3qIRou6oqvrth9JmGaOMqkU-U0pq2A4NC90CVCeMt9ytL2rmkeyF5WWxvtpBXFhQk-pZcPUGVsDkWpMFTdyBddfcFDPSlrlUSgL1zxa9sdPGekC1EVvv_E4mvGQzblnb6F_5gfhYPNtqtAvzT_BrCG54z9Irz-KZO0Qx9hY |
| project_id | 05999debbd42472295901d6054454897 |
| user_id | 9eb68db25a9741fc86770d7369d5c485 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
STEP3:使用demo用户,请求认证令牌
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-11-07T10:41:20+0000 |
| id | gAAAAABdw-bArL7ms6u4qzm-1L60h5d8-U8PKAPzwxVzN6CHHxmi5Qcrd8_3IqK9nN8v5Vj5E7tLoOmqMUnJvReWKr3iBZrfZy_cBT5pS9PCq9mIcUyojFZbNxuAGZYJE-QtO6KgEeuqIiKOPRLK7KXNparU3RFMrFTrpQKLZbxVTwnFWhEFG6A |
| project_id | 4bace4eb28cc4370a16dbce60083b8f6 |
| user_id | 1efaa2c49a83415e8480c9263becfb37 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建 OpenStack 客户端环境脚本
STEP1:创建并编辑admin-openrc,输入如下内容,请自行将ADMIN_PASS替换为admin用户的密码
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
STEP2:创建并编辑demo-openrc,输入如下内容,请自行将DEMO_PADD替换为demo用户的密码
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
STEP3:加载admin-openrc
source admin-openrc
STEP4:请求认证令牌
openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2019-11-07T10:43:24+0000 |
| id | gAAAAABdw-c8dukueCs80aZsf5QlQeauNsIOQzPhjw3h_qSYtbY5Eyn1AGEnJdLXVUjdQfU256jNrXzBpr8d-5b2Q5pMtpsXeBezZFwjUAUn6Wel7yz1c-lbTzNNjHpa7N8Aeo2hJIB9mHrE6TrtZ8gVzkEZwDw9gArNmyqxS28VEEYbcdu-8q4 |
| project_id | 05999debbd42472295901d6054454897 |
| user_id | 9eb68db25a9741fc86770d7369d5c485 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
STEP1:镜像服务在控制节点完成配置,完成以下步骤来创建数据库
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'abc.123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'abc.123';
STEP2:使用admin凭证来获取只有管理员能执行命令的访问权限
source admin-openrc
STEP3:完成以下步骤,以创建服务证书
openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0b22a7f201604b478e780f5b432932ad |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 24ac2e96b2594949b5f28147fac3caa8 |
| name | glance |
| type | image |
+-------------+----------------------------------+
STEP4:创建镜像服务的API端点
openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85cd65bea3074b258893a2ef8dbf1a8f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24ac2e96b2594949b5f28147fac3caa8 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b01c486955f44d079f7b65ae92a9f692 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24ac2e96b2594949b5f28147fac3caa8 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 754aae60763e4d39b0a807fffc5dd674 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 24ac2e96b2594949b5f28147fac3caa8 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
安全并配置组件
STEP1:安装软件包
yum install -y openstack-glance
STEP2:编辑/etc/glance/glance-api.conf文件并完成以下配置任务
[database]
connection = mysql+pymysql://glance:abc.123@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
STEP4:初始化镜像服务数据库
su -s /bin/sh -c "glance-manage db_sync" glance
STEP5:重启服务并设置为开机自启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
验证配置
STEP1:加载admin-openrc,执行admin权限命令
source admin-openrc
STEP2:下载源镜像,可以使用CirrOS是一个小型的Linux镜像可以用来帮助进行镜像服务的验证
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
STEP4:使用QCOW2磁盘格式,bare容器格式上传镜像到镜像服务并设置公共可见,这样所有项目都可以访问
openstack image create "cirros" \
> --file cirros-0.3.4-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-11-07T10:53:12Z |
| disk_format | qcow2 |
| file | /v2/images/89519959-9fa1-4b22-a5d7-a8c77d88c0d7/file |
| id | 89519959-9fa1-4b22-a5d7-a8c77d88c0d7 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 663dfeb1846c4a9a831aa02e6f2e931a |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-11-07T10:53:12Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
STEP5:确认镜像上传成功并验证属性
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 89519959-9fa1-4b22-a5d7-a8c77d88c0d7 | cirros | active |
+--------------------------------------+--------+--------+
STEP1:计算服务在控制节点与计算节点都要配置,先来配置控制节点,完成以下步骤以创建数据库
mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
STEP2:活的admin凭证来获取只有管理员能执行命令的访问权限
source admin-openrc
STEP3:完成以下步骤,以创建服务证书
openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4ac9bf3d106e45ac95f01641dc1f1c2c |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user nova admin
openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 02d6efad57644a25a4d882cd60c3f062 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
STEP4:创建计算服务API端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d5e864c8a46f4b1e9b1ab628535633a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 02d6efad57644a25a4d882cd60c3f062 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e3856e1e1efb4982932019528d2e8bbc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 02d6efad57644a25a4d882cd60c3f062 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 62509801d6bb4963ada925a5b6365bae |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 02d6efad57644a25a4d882cd60c3f062 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
STEP5:创建Placement服务用户
openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3565fee4c34d43dbb3530c8e50b566f7 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
STEP6:将Placement用户加入到service项目中
openstack role add --project service --user placement admin
STEP7:在服务目录中创建Placement API实体
openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 385a0957d5d9420e960f82558d6e8011 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
STEP8:创建Placement API服务端点
openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2a7cd10147bf4512bb3135019e4004e6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 385a0957d5d9420e960f82558d6e8011 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0885d63ffa5043b08800e033a04ef13f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 385a0957d5d9420e960f82558d6e8011 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3a90631354034f988d4e2981d49c3320 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 385a0957d5d9420e960f82558d6e8011 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
安装与配置
STEP1:使用yum命令安装下述软件
yum install -y openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
STEP2:编辑/etc/nova/nova.conf文件并完成以下配置任务
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPAS@controller/nova
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[DEFAULT]
my_ip = 192.168.100.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
= 2.4>
Require all granted
Order allow,deny
Allow from all
systemctl restart httpd
STEP3:初始化nova-api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
STEP4:注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
STEP5:创建cell1单元
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
STEP6:初始化nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
STEP7:验证cell1与cell0是否正确注册
nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 | 073a8d2f-1978-4aae-a517-d8988feebbfa | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
STEP8:启动服务并设置开机自启动
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
STEP1:安装下述软件包
yum install -y openstack-nova-compute
STEP2::编辑/etc/nova/nova.conf并完成以下配置任务
[DEFAULT]
my_ip = 192.168.100.12
enabled_apis = osapi_compute,metadata
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:RABBIT_PASS@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
完成安装
STEP1:输入下述命令以检测计算节点是否支持虚拟机的硬件加速,如果返回的数字非0,则表明支持硬件加速
egrep -c '(vmx|svm)' /proc/cpuinfo
4
STEP2:启动服务并设置开机自启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
将计算节点添加至单元数据库(控制节点)
STEP1:加载admin-openrc环境
source admin-openrc
STEP2:确认计算节点存在于数据库中
openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 6 | nova-compute | compute | nova | enabled | up | 2019-11-07T13:19:22.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
STEP3:发现计算节点
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
验证配置正确性
STEP1:加载admin-openrc环境
source admin-openrc
STEP2:列出服务组件以验证每个流程已成功启动和注册
openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2019-11-07T13:36:55.000000 |
| 2 | nova-consoleauth | controller | internal | enabled | up | 2019-11-07T13:36:55.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2019-11-07T13:36:56.000000 |
| 6 | nova-compute | compute | nova | enabled | up | 2019-11-07T13:36:52.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
STEP3:列出身份验证中的API端点,以验证与身份验证服务的连接性
openstack catalog list
+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| nova | compute | RegionOne |
| | | admin: http://controller:8774/v2.1 |
| | | RegionOne |
| | | public: http://controller:8774/v2.1 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | internal: http://controller:8778 |
| | | RegionOne |
| | | public: http://controller:8778 |
| | | RegionOne |
| | | admin: http://controller:8778 |
| | | |
| keystone | identity | RegionOne |
| | | admin: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | |
| glance | image | RegionOne |
| | | internal: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | RegionOne |
| | | admin: http://controller:9292 |
| | | |
+-----------+-----------+-----------------------------------------+
STEP4:列出镜像存储服务中的镜像,已验证与镜像存储服务的连接性
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 89519959-9fa1-4b22-a5d7-a8c77d88c0d7 | cirros | active |
+--------------------------------------+--------+--------+
STEP5:确认cell(单元)与Placement API运行正常
[root@controller ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: API Service Version |
| Result: Success |
| Details: None |
+--------------------------------+
数据库配置
STEP1:使用root用户登录数据库
mysql -u root -p
STEP2:创建neutron数据库
CREATE DATABASE neutron;
STEP3:对neutron数据库赋予恰当的权限,NEUTRON_DBPASS自行替换为密码
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
创建服务证书
STEP1:加载admin-openrc环境
source admin-openrc
STEP2:创建neutron用户
openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 90dc4d0485e647c2bba304b8c0bcb517 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
STEP3:将neutron用户添加到管理员角色
openstack role add --project service --user neutron admin
STEP4:创建neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 7b54efac9e984bc8b8dea21bd276a1c5 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
创建网络服务API端点
openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d2ebda6b7d32414cb3c8ba7bcd55e457 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7b54efac9e984bc8b8dea21bd276a1c5 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ee3a4dd346f3404485c22ae78cf22be9 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7b54efac9e984bc8b8dea21bd276a1c5 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 45d2698f0e9144cfa8b7b13d873e997b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7b54efac9e984bc8b8dea21bd276a1c5 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
STEP1:使用yum命令安装以下软件包
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
STEP2:编辑/etc/neutron/neutron.conf并完成以下配置任务
在[database]部分下,添加如下内容
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
在[keystone_authtoken]部分下,添加如下内容
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
在[nova]部分下,添加如下内容
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
在[oslo_concurrency]部分下,添加如下内容
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
在[DEFAULT]部分下,添加如下内容
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
STEP3:编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下配置任务
在[ml2]部分下,添加如下内容
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
在[ml2_type_flat]部分下,添加如下内容
[ml2_type_flat]
flat_networks = provider
在[ml2_type_vxlan]部分下,添加如下内容
[ml2_type_vxlan]
vni_ranges = 1:1000
在[securitygroup]部分下,添加如下内容
[securitygroup]
enable_ipset = true
STEP4:编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下配置任务
在[linux_bridge]部分,部分下,添加如下内容
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
在[vxlan]部分下,添加如下内容
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
在[securitygroup]部分下,添加如下内容
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
STEP4:编辑/etc/neutron/l3_agent.ini文件,并完成以下配置任务
在 [DEFAULT]
部分下,添加如下内容
[DEFAULT]
interface_driver = linuxbridge
STEP5:编辑/etc/neutron/dhcp_agent.ini文件并完成以下配置任务
在[DEFAULT]部分下,添加以下内容
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
STEP6:编辑/etc/neutrol/metadata_agent.ini文件并完成如下配置
在[DEFAULT]部分下,添加以下内容
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
STEP1:使用yum命令安装软件包
yum install -y openstack-neutron-linuxbridge ebtables ipset
STEP2:编辑/etc/neutron/neutron.conf文件并完成以下配置
在[DEFAULT]部分下,添加以下内容
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
在[keystone_authtoken]部分下,添加以下内容
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
在[oslo_concurrency] 部分下,添加以下内容
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
STEP3:编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成如下配置任务
在 [linux_bridge]
部分下,添加以下内容
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
在[vxlan]部分下,添加以下内容
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
在[securitygroup]部分下,添加以下内容
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
STEP3:编辑/etc/nova/nova.conf文件,并完成如下配置任务
在[neutron]部分下,添加以下内容
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
STEP1:创建软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
STEP2:初始化数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
STEP3:重启计算API服务
systemctl restart openstack-nova-api.service
STEP4:启动服务并设置开机自启动
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
STEP5:启动l3服务并设置开机自启动
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
STEP1:重启计算服务
systemctl restart openstack-nova-compute.service
STEP2:启动Linux bridge服务并设置开机自启动
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 3a811d4b-cde0-42b3-809b-4be66734356d | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent |
| 95d72db1-80b7-4bc9-911d-bf54e4ab944a | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| a5c9aca6-5850-464e-9cc8-8f536a4c7b72 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| aab062e6-8fee-479c-9b2e-f0613bb23521 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| ccc9eb37-ff60-4ee5-a117-41a046efc767 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
STEP1:使用yum命令安装软件包
yum install -y openstack-dashboard
STEP2:编辑/etc/openstack-dashboard/local_settings文件并完成以下配置任务
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
WSGIApplicationGroup %{GLOBAL}
systemctl restart httpd.service memcached.service
在URL中输入192.168.100.11/dashboard即可
配置LVM存储
STEP1:我这里是将存储节点与计算节点集成了,安装LVM包
yum install -y lvm2 device-mapper-persistent-data
STEP2:启动LVM服务
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
STEP3:创建LVM物理卷/dev/sdb
pvcreate /dev/sdb
STEP4:创建LVM名为cinder-volumes的Vg组
vgcreate cinder-volumes /dev/sdb
STEP5:编辑/etc/lvm/lvm.conf文件并完成以下配置任务
filter = [ "a/sdb/", "r/.*/"]
配置创建数据库(控制节点)
STEP1:
mysql -u root -p
STEP2:创建cinder数据库
CREATE DATABASE cinder;
STEP3:对cinder数据库赋予权限
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
STEP4:加载admin环境
source admin-openrc
STEP5:创建cinder用户
openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d208f54690b84ad7a16f9efe68b4b0fa |
| name | cinder |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
STEP6:添加admin角色到cinder用户
openstack role add --project service --user cinder admin
STEP7:创建cinderV2和cinderV3服务实体
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 0d92a15dc3da4abaa1d63eb25c70d325 |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | c6ea0db40df94bfea0402fb6e67d27c5 |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+
STEP8:创建块存储服务的API端点
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | c64c617d198142f9b3bf95e8af096476 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0d92a15dc3da4abaa1d63eb25c70d325 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 83de694e89fe415abbaac448b7c71071 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0d92a15dc3da4abaa1d63eb25c70d325 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | baceffec26a94465899be4e7950cb1f8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0d92a15dc3da4abaa1d63eb25c70d325 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 3f13c5b73d234b91b2d5a518fd77eb93 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c6ea0db40df94bfea0402fb6e67d27c5 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 01a6e8fd5d2b49dca6439fcb8fece2b1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c6ea0db40df94bfea0402fb6e67d27c5 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | bf1bd3571e0045e5b3c504666d011f9e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c6ea0db40df94bfea0402fb6e67d27c5 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
配置Cinder服务(控制节点)
STEP1:安装软件包
yum install -y openstack-cinder
STEP2:编辑/etc/cinder/cinder.conf文件并完成如下配置任务
[database]
部分下,添加如下配置[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.100.11
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = CINDER_PASS
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
STEP3:编辑/etc/nova/nova.conf文件并完成以下配置任务
[cinder]
os_region_name = RegionOne
STEP4:完成配置,重启API服务,启动cinder服务并设置开机自启动
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
安装配置Cinder服务(存储节点)
STEP1:安装Cinder软件包
yum install -y openstack-cinder targetcli python-keystone
STEP2:编辑/etc/cinder/cinder.conf文件并完成以下配置任务
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[DEFAULT]
enabled_backends = lvm
my_ip = 192.168.100.12
auth_strategy = keystone
transport_url = rabbit://openstack:RABBIT_PASS@controller
glance_api_servers = http://controller:9292
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
验证配置
STEP1:加载admin环境
source admin-openrc
STEP2:执行命令列出每个服务组件是否成功加载
openstack volume service list
+------------------+------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up | 2019-11-07T16:24:37.000000 |
+------------------+------------+------+---------+-------+----------------------------+
☆附注1:如果出现以下报错:
[Puppet Users] Net::ReadTimeout errors
△非常有可能是这个问题,我将两台服务器的/etc/hosts和/etc/hostname,修改如下
[root@controller ~]# cat /etc/hostname
controller
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.101 controller
192.168.1.102 compute
[root@compute ~]# cat /etc/hostname
compute
[root@compute ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.1.101 controller
192.168.1.102 compute
☆附注2:修改admin用户默认密码
STEP1:OpenStack的admin默认密码为~/keystonerc_admin中OS_PASSWORD='5b3522c473dd4615'字段
[root@controller ~]# cat keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='5b3522c473dd4615'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
STEP2:使用source keystonerc_admin使能admin环境变量,使用openstack user password set命令修改admin密码
[root@controller ~]# source keystonerc_admin
[root@controller ~(keystone_admin)]# openstack user password set
Current Password:5b3522c473dd4615 ##输入原始密码
New Password:abc.123 ##输入新密码
Repeat New Password:abc.123 ##再次输入新密码
STEP3:密码修改完成后,将~/keystonerc_admin中的原密码替换为新密码
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='abc.123'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
△如果不做这步,那么当你再次修改密码时,则会出现如下报错
[root@controller ~(keystone_admin)]# cat keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='5b3522c473dd4615'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
[root@controller ~(keystone_admin)]# openstack user password set
The request you have made requires authentication. (HTTP 401) (Request-ID: req-ccad7793-dfa8-4d83-988c-bc59d25a4df9)
STEP4:也可以使用一条命令直接进行修改
[root@controller ~(keystone_admin)]# openstack user password set --original-password=abc.123 --password=abc.1234
STEP5:使用新密码登录dashboard即可
[root@controller conf.d]# systemctl restart httpd
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@controller conf.d]# journalctl -xe
-- The result is failed.
Nov 03 10:04:38 controller systemd[1]: Unit httpd.service entered failed state.
Nov 03 10:04:38 controller systemd[1]: httpd.service failed.
Nov 03 10:04:38 controller polkitd[983]: Unregistered Authentication Agent for unix-process:23585:510606 (system bus name :1.42,
Nov 03 10:05:38 controller polkitd[983]: Registered Authentication Agent for unix-process:23640:516618 (system bus name :1.43 [/u
Nov 03 10:05:38 controller systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Nov 03 10:05:38 controller httpd[23646]: (20)Not a directory: AH02291: Cannot access directory '/var/log/apache2/' for error log
Nov 03 10:05:38 controller httpd[23646]: (20)Not a directory: AH02291: Cannot access directory '/var/log/apache2/' for error log
Nov 03 10:05:38 controller httpd[23646]: AH00014: Configuration check failed
Nov 03 10:05:38 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Nov 03 10:05:38 controller kill[23648]: kill: cannot find process ""
Nov 03 10:05:38 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Nov 03 10:05:38 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Nov 03 10:05:38 controller systemd[1]: Unit httpd.service entered failed state.
Nov 03 10:05:38 controller systemd[1]: httpd.service failed.
Nov 03 10:05:38 controller polkitd[983]: Unregistered Authentication Agent for unix-process:23640:516618 (system bus name :1.43,
主要是其中两行的有用信息,提示找不到/var/log/apache2目录:
Nov 03 10:05:38 controller httpd[23646]: (20)Not a directory: AH02291: Cannot access directory '/var/log/apache2/' for error log
Nov 03 10:05:38 controller httpd[23646]: (20)Not a directory: AH02291: Cannot access directory '/var/log/apache2/' for error log
△解决方案:创建/var/log/apache2目录,重启httpd服务
[root@controller conf.d]# mkdir /var/log/apache2
[root@controller conf.d]# systemctl restart httpd
☆附注4:当已经加载了admin-openrc.sh脚本后,请求认证令牌时候出现如下报错时:
[root@controller ~]# openstack token issue
'NoneType' object has no attribute 'service_catalog'
▲解决方案:重置OS_TOKEN和OS_URL环境变量:
unset OS_TOKEN OS_URL
☆附注5:当你在执行下列命令时:
glance image-create --name "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public --progress
如果出现如下报错:
ERROR glance.common.wsgi Traceback (most recent call last):
▲造成原因及解决方案:很有可能是在你启动了服务后,再次去修改了glance的两个配置文件,则会导致这个问题
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl restart openstack-glance-api.service openstack-glance-registry.service
☆附注6:如果在使用yum安装软件时,产生了如下报错
Header V3 DSA/SHA1 Signature, key ID 5072e1f5: NOKEY
▲解决方案,执行下述命令即可
rpm --import /etc/pki/rpm-gpg/RPM*
☆附注7:如果在计算节点启动NOVA时,重启失败,且日志中出现如下报错(下面这些是一行)
tail /var/log/nova/nova-compute.log
2019-11-06 06:31:42.657 5939 ERROR nova MessageDeliveryFailure:
Unable to connect to AMQP server on controller:5672 after None tries: (0, 0):
(403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
△解决方案:造成这个的主要原因是连接控制节点的Rabbit消息队列认证失败,所以这里重新修改密码:
rabbitmqctl change_password RABBIT_USER RABBIT_PASS
☆附注8:如果在使用yum安装软件包时,出现如下报错,造成这个报错的主要原因安装了旧版本的GPG keys造成的:
warning: /var/cache/yum/x86_64/7/centos-openstack-queens/packages/python-cmd2-0.6.8-8.el7.noarch.rpm:
Header V4 RSA/SHA1 Signature, key ID 764429e6: NOKEY
△解决方案1:导入GPG:
rpm --import /etc/pki/rpm-gpg/RPM*
△解决方案2:去依赖,强制安装,加上参数--force --nodeps
yum xxxxx --force --nodeps
☆附注9:当使用yum安装keystone模块时,如果出现一下报错
http://mirror.centos.org/centos/7/cloud/x86_64/openstack-queens/python2-alembic-0.9.7-1.el7.noarch.rpm:
[Errno 14] HTTP Error 302 - Found
△解决方案:
STEP1:将该链接复制到Chrome的URL中下载该软件包
STEP2:将软件包上传到controller
STEP3:如果直接使用rpm进行安装会产生依赖性问题
rpm -ivh python2-alembic-0.9.7-1.el7.noarch.rpm
error: Failed dependencies:
python-dateutil is needed by python2-alembic-0.9.7-1.el7.noarch
python-editor is needed by python2-alembic-0.9.7-1.el7.noarch
python-mako is needed by python2-alembic-0.9.7-1.el7.noarch
python-sqlalchemy >= 0.7.4 is needed by python2-alembic-0.9.7-1.el7.noarch
STEP4:所以先使用yum安装这四个软件包解决依赖性问题
yum install -y python-dateutil python-editor python-mako python-sqlalchemy
STEP5:再使用rpm -ivh安装包
rpm -ivh python2-alembic-0.9.7-1.el7.noarch.rpm
Preparing... ################################# [100%]
Updating / installing...
1:python2-alembic-0.9.7-1.el7 ################################# [100%]
STEP6:最后执行yum命令安装keystone等模块
yum install openstack-keystone httpd mod_wsgi -y
☆附注10:当你在重启etcd服务时,如果失败,则有可能是以下问题:
STEP1:这里的default可能忘记修改,这是一个很容易漏掉的点
ETCD_INITIAL_CLUSTER="default=http://192.168.100.1:2380"
STEP2:修改为控制节点的主机名即可(在这个过程中,必须保证主机名是可解析的)
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.1:2380"
☆附注11:当你在启动计算节点的openstack-nova-compute服务失败后,日志中如果出现下述报错:
ERROR nova MessageDeliveryFailure: Unable to connect to AMQP server on controller:
5672 after None tries: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN.
For details see the broker logfile.
造成原因:
控制节点密码设置错误
计算节点密码设置错误
控制节点没有在rabbitmq中设置openstack用户
△解决方案1,下框中将RABBIT_PASS替换为RabbitMQ密码即可:
transport_url = rabbit://openstack:RABBIT_PASS@controller
△解决方案2:控制节点修改openstack用户密码
rabbitmqctl change_password Username 'Newpassword'
△解决方案3:如果没有创建openstack用户,则使用下述命令创建,并赋予用户权限
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
☆附注12:当你执行下述命令以希望将计算节点添加至单元数据库中时,若出现如下报错
openstack compute service list --service nova-compute
The server is currently unavailable. Please try again at a later time.
(HTTP 503) (Request-ID: req-9ec15634-07d7-4eda-8f9c-92cc9c23befd)
△日志中呈现如下错误tail /var/log/nova/
△造成原因:大概率是你nova主配置文件/etc/nova/nova.conf配置错误,我是这个地方打错了
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service#username = nova
username = nova
password = abc.123
△解决方案:核对配置步骤,内容
☆附注13:当你搭建完毕后,如果要添加新的计算节点,则必须在控制节点上运行下述命令以注册这些新的计算节点
source admin-openrc
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
或者可以在/etc/nova/nova.conf主配置文件中的[scheduler]部分下添加适当的时间间隔
[scheduler]
discover_hosts_in_cells_interval = 300