Openstack
2018-03-20
什么是OpenStack?
OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码的云计算管理平台项目
OpenStack的基本组成
OpenStack的核心项目
- Nova ——管理云主机
- Neutron ——管理云主机的网络(SDN,Software Defined Network)
- Cinder ——管理块存储(云硬盘)
- Swift ——对象存储
- Glance ——管理镜像与快照
- Keystone ——用户认证与租户管理、服务目录
2018-03-21
实验环境搭建
1.按照思维导图所示,部署相应虚拟机并配置
虚拟机部署流程
2.在Controller&Compute节点安装OpenStack发行版
yum upgrade
yum -y install centos-release-openstack-pike
yum -y install python-openstackclient
yum -y install openstack-selinux
3.Controller节点安装并配置MariaDB
yum -y install mariadb-server
yum -y install mariadb
yum -y install python2-PyMySQL
配置MariaDB
vim /etc/my.cnf.d/openstack.cnf
写入以下配置
[mysqld]
bind-address = 127.0.0.1 #controller节点
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动MariaDB服务并设置为开机自启
systemctl start mariadb
mysql_secure_installation #安全相关配置
systemctl enable mariadb
4.Controller节点安装并配置消息队列
yum -y install rabbitmq-server
启动消息队列服务并将其配置为开机自启
systemctl enable rabbitmq-server
systemctl start rabbitmq-server
添加openstack用户、设置密码,并赋予相关权限
rabbitmqctl add_user openstack PASSWORD
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
5.Controller节点安装并配置缓存服务
yum -y install memcached
yum -y install python-memcached
修改memcached配置文件
vi /etc/sysconfig/memcached
修改最后一行为
OPTIONS="-l 127.0.0.1,::1,controller40" #根据实际情况配置,controller40为我的主机名
启动缓存服务并设置为开机自启
systemctl start memcached
systemctl enable memcached
6.Controller节点安装并配置键值存储服务
yum -y install etcd
修改etcd配置文件
vi /etc/etcd/etcd.conf
清空并写入以下内容
ETCD_LISTEN_PEER_URLS="http://192.168.147.140:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.147.140:2379"
ETCD_NAME="controller40"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.147.140:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.147.140:2379"
ETCD_INITIAL_CLUSTER="controller40=http://192.168.147.140:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-40"
启动键值存储服务并将其配置为开机自启
systemctl enable etcd
systemctl start etcd
安装keystone认证服务
1.创建keystone数据库
MariaDB [(none)]> create database keystone;
2.对keystone数据库授权
MariaDB [keystone]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'your passwd';
MariaDB [keystone]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'your passwd';
3.安装keystone
yum -y install openstack-keystone
yum -y install httpd
yum -y install mod_wsgi
4.配置数据库
vi /etc/keystone/keystone.conf
connection = mysql+pymysql://keystone:yourpassword@yourhostname/keystone
provider = fernet
5.初始化身份认证数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#初始化完成后进入数据库查看keystone内是否生成数据表
6.初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
7.创建第一个管理员账户
keystone-manage bootstrap --bootstrap-password fcc21042 --bootstrap-admin-url http://controller40:35357/v3/ --bootstrap-internal-url http://controller40:5000/v3 --bootstrap-public-url http://controller40:5000/v3/ --bootstrap-region-id regionone
8.配置Apache选项
vi /etc/httpd/conf/httpd.conf
ServerName controller40
9.将WSGI配置文件链接到Apache,以保证wsgi能被Apache正常启动
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
10.开启Apache服务并设置为开机自启
systemctl enable httpd
systemctl start httpd
2018-03-22
创建service租户
1.新建脚本bashrc并执行,将相关用户信息创建环境变量
export OS_USERNAME=admin
export OS_PASSWORD=fcc21042
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controller40:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.创建租户
openstack project create --domain default --description "Server Project" service
执行后出现报错Missing value auth-url required for auth plugin password
解决方案:手动执行以下命令
export OS_PROJECT_DOMAIN_NAME=Default && export OS_USER_DOMAIN_NAME=Default && export OS_PROJECT_NAME=admin && export OS_USERNAME=admin && export OS_PASSWORD=fcc21042 && export OS_AUTH_URL=http://controller40:35357/v3/ && export OS_IDENTITY_API_VERSION=3 && export OS_IMAGE_API_VERSION=2
3.创建demo project
openstack project create --domain default --description "Demo Project" demo
4.创建角色user
openstack role create user
5.创建用户demo
openstack user create --domain default --password-prompt demo
6.将用户demo加入到demo租户中,角色是user
openstack role add --project demo --user demo user
7.新建脚本demorc并执行
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
8.向keystone申请一个令牌
openstack token issue
9.查看demo用户的租户
openstack project list
10.查看所有租户列表
source adminrc
openstack project list
source adminrc或source demorc本质上为修改系统环境变量,可以理解为是一个切换身份(admin/demo)的过程
Glance镜像服务
1.创建glance数据库,并赋予相关权限
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'IDENTIFIED BY 'GLANCE_DBPASS';
2.切换系统环境变量为admin
source adminrc
3.创建glance用户并添加进project
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
4.创建镜像实例
openstack service create --name glance --description "OpenStack Image" image
5.创建镜像服务API端口
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
6.安装Glance镜像服务
yum install openstack-glance
7.修改/etc/glance/glance-api.conf
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
8.修改/etc/glance/glance-registry.conf
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
9.填充镜像服务数据库
su -s /bin/sh -c "glance-manage db_sync" glance
10.启动镜像服务并设置为开机自启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
验证镜像服务是否正常启动
1.切换身份为admin
source adminrc
2.下载测试镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
3.上传镜像
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
然后,就开始报HTTPERROR 500的错误了,这玩意折腾了我好几天一直没有办法解决,如果你也遇到这个问题并且解决的话,麻烦在评论区分享一下你的解决方案,万分感谢
NOVA的架构与部署(控制节点)
NOVA的架构
NOVA
橙色框中的组件是运行在计算节点Compute上的
NOVA的部署
1.创建数据库及用户
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
2.数据库给予相关授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
3.在keystone中注册用户、服务、端点
source adminrc
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
4.安装NOVA相关软件包
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
5.修改/etc/nova/nova.conf配置文件
修改配置文件请参考官方文档
6.初始化数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
7.设置服务开机启动、运行服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
NOVA的架构与部署(计算节点)
1.安装NOVA相关软件包
yum install openstack-nova-compute
2.修改/etc/nova/nova.conf配置文件
修改配置文件请参考官方文档
3.确认硬件虚拟化支持,修改virt_type
[libvirt]
# ...
virt_type = qemu
4.设置服务开机启动、运行服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
5.将计算节点加到cell中
source adminrc
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
至此,本文将不再更新部署OpenStack的相关命令,建议直接参照官方文档操作