OpenStack-Mitaka版本部署

1.环境准备

centos7.2相关文件

镜像:https://mirrors.aliyun.com/centos-vault/7.2.1511/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso?spm=a2c6h.25603864.0.0.5c565932JYniuU

openstack-mitaka rpm包:https://mirrors.aliyun.com/centos-vault/7.2.1511/cloud/x86_64/openstack-mitaka/?spm=a2c6h.25603864.0.0.c8773514w0jHOm

OpenStack-Mitaka版本部署_第1张图片

1.虚机安装

OpenStack-Mitaka版本部署_第2张图片

2.网络设置

OpenStack-Mitaka版本部署_第3张图片

3.虚机配置

3.1网卡名称设置

  • 修改网卡名为eth0eth1,输入完成后按回车即可
net.ifnames=0 biosdevname=0

OpenStack-Mitaka版本部署_第4张图片

3.2基础设置

3.3网卡IP设置

OpenStack-Mitaka版本部署_第5张图片

3.4配置静态ip

vi /etc/sysconfig/network-scripts/ifcfg-eth0
  • eth0不需要上外网,所以不需要加网关和dns,否则会导致两张网卡冲突
BOOTPROTO=static
ONBOOT=yes
vi /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.200.10
GATEWAY=192.168.200.2
NETMASK=255.255.255.0
DNS1=114.114.114.114
ping www.baidu.com
64 bytes from 39.156.66.18: icmp_seq=l ttl=128 tim=251 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=128 tim=205 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=128 tim=42.8 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=128 tim=42.9 ms

4.基于上述虚机克隆两台,一台作为计算节点compute,另一台作为存储节点block(只有一块网卡eth0,需要有两块磁盘)

4.1修改compute虚机的IP

eth0:192.168.100.20
eth1:192.68.200.20  # 可上外网

4.2修改block虚机的IP(不需要上外网)

eth0:192.168.100.30
NETMASK=255.255.255.0
  • 删除/etc/sysconfig/network-scripts/ifcfg-eth1

4.3修改三台虚机的主机名

hostnamectl set-hostname controller
hostnamectl set-hostname compute
hostnamectl set-hostname block

4.4虚机设置

  1. 关闭NetworkManager服务(三台虚机都需要配置)
systemctl stop NetworkManager
systemctl disable NetworkManager
  1. 主机名绑定/etc/hosts(三台虚机都需要配置)
192.168.100.10 controller
192.168.100.20 compute
192.168.100.30 block
  • 验证三台虚机可以互相ping通,ping controllerping computeping block
  • controllercompute可以ping通外网
  1. 关闭防火墙(三台虚机都需要配置)
systemctl stop firewalld
systemctl disable firewalld
  1. 关闭selinux
setenforce 0
vi /etc/selinux/config

SELINUX=disabled
  1. 修改yum
vi /etc/yum.repos.d/openstack-mitaka.repo

[openstack]
name=openstack
baseurl=https://mirrors.aliyun.com/centos-vault/7.2.1511/cloud/x86_64/openstack-mitaka/
enabled=1
gpgcheck=0
  1. 重新生成缓存
yum clean all
yum makecache

5.openstack-mitaka安装

5.1控制节点安装chrony时间同步服务

  • 1.安装(三台服务器都需要)
yum install -y chrony
  • 2.配置vi /etc/chrony.conf(控制节点)
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp6.aliyun.com iburst  # 增加

allow 192.168.100.0/24  # 增加
  • 3.计算和存储节点
server controller iburst  # 增加
  • 4.执行同步命令
chronyc sources
  • 5.重启chrony服务(三台服务器都需要)
systemctl restart chronyd

5.2所有节点安装 OpenStack 客户端和selinux

yum install python-openstackclient openstack-selinux openstack-utils -y
  • openstack-utils提供辅助修改配置文件功能
    openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
    

5.3计算节点安装虚拟化相关包

yum install qemu-kvm libvirt bridge-utils -y
ln -sv /usr/libexec/qemu-kvm /user/bin

2.安装支撑性服务

1.安装mariadb数据库(仅控制节点)

  • 1.安装
yum install mariadb mariadb-server python2-PyMySQL -y
  • 2.配置:vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.10  # 管理网络

default-storage-engine = innodb
innodb_file_per_table = on  # 由共享表空间变为独享表空间
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
  • 2.启动mariadb数据库服务,并设置开机自启
systemctl start mariadb
systemctl enable mariadb
  • 3.初始化(设置root账户密码,移除匿名用户和test表)
mysql_secure_installation
回车  # 输入root用户密码
Y  # 设置密码(openstack)
Y  # 移除匿名用户
Y  # 禁止root用户远程登录
Y  # 移除test数据库
Y  # 刷新权限
  • 4.测试登录
mysql -popenstack
MariaDB [(none)]> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host      | password                                  |
+------+-----------+-------------------------------------------+
| root | localhost | *3A4A03AC22526F6B591010973A741D59A71D728E |
| root | 127.0.0.1 | *3A4A03AC22526F6B591010973A741D59A71D728E |
| root | ::1       | *3A4A03AC22526F6B591010973A741D59A71D728E |
+------+-----------+-------------------------------------------+
3 rows in set (0.01 sec)

2.如果需要使用计费服务,则需要安装mongodb非关系型数据库

3.安装rabbitmq消息队列(仅控制节点)

  • 1.安装
yum install rabbitmq-server -y
  • 2.启动并设置开机自启
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
  • 3.添加一个openstack用户,密码设置为openstack,官方默认RABBIT_PASS
rabbitmqctl add_user openstack openstack
  • 4.将openstack用户设置为管理员角色
rabbitmqctl set_user_tags openstack administrator
  • 5.授予openstack用户对所有资源的权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
  • 6.查看用户列表
[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack	[administrator]
guest	[administrator]
  • 7.查看插件列表
rabbitmq-plugins list

说明:
	E代表开启插件
	e被依赖开启插件
	*代表运行中插件
  • 8.开启管理界面插件
rabbitmq-plugins enable rabbitmq_management
  • 9.通过web界面访问
http://192.168.200.10:15672/

4.安装memcache缓存(用作令牌缓存)(仅控制节点)

  • 1.安装
yum install memcached python-memcached -y
  • 2.修改配置文件vi /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"  # 修改此处
  • 3.启动并设置开机自启
systemctl enable memcached.service
systemctl start memcached.service

3.安装openstack核心服务

3.1Openstack核心服务安装通用步骤

  • 1.为服务创建数据库,并且授权(设置密码)
  • 2.为服务在keystone创建用户,并且关联角色
  • 3.在keystone上创建服务,注册api
  • 4.安装服务相关的软件包
  • 5.修改配置文件
    • 数据库连接信息
    • keystone认证授权信息
    • 消息队列连接信息
    • 服务自身需要的一些配置信息
  • 6.同步服务数据库,创建数据表
  • 7.启动服务

3.2Keystone服务(仅控制节点)

3.2.1作用

  • 1.认证管理
    • 账户密码
  • 2.授权管理
    • 为服务间调用提供临时授权
  • 3.服务目录
    • 存储各个服务的api接口信息,每个服务只需要记住keystone的api,即可获取到其他所有服务的api

3.2.2组件

  • identity service

3.2.3安装

3.2.3.1创建数据库,并授权

  • 1.创建数据库
mysql -u root -popenstack
CREATE DATABASE keystone;
MariaDB [mysql]> show databases;
+--------------------+
| Database           |
+--------------------+
| information_schema |
| keystone           |
| mysql              |
| performance_schema |
+--------------------+
  • 2.授权:密码:KEYSTONE_DBPASS
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [mysql]> select Host,User,Password,default_role from user;
+-----------+----------+-------------------------------------------+--------------+
| Host      | User     | Password                                  | default_role |
+-----------+----------+-------------------------------------------+--------------+
| localhost | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |              |
| 127.0.0.1 | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |              |
| ::1       | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |              |
| %         | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |              |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |              |
+-----------+----------+-------------------------------------------+--------------+
5 rows in set (0.00 sec)

3.2.3.2安装keystone服务

  • 1.安装keystone服务
yum install openstack-keystone httpd mod_wsgi -y

3.2.3.3修改keystone服务配置

  • 1.备份原配置文件
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
  • 2.过滤掉注释内容
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
- 3.修改配置内容如下
[DEFAULT]
admin_token = ADMIN_TOKEN  # 初始管理令牌

[database]
# 数据库访问连接
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]
# 配置Fernet UUID令牌的提供者
# token生成方案:uuid、pki、fernet
provider = fernet
  • 4.也可以使用openstack-utils提供的修改配置文件功能进行修改(和第3步一样,二选一即可),重复执行也没有问题
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf DEFAULT provider fernet

3.2.3.4数据库迁移

  • 1.同步数据库
# su: switch user
# -s: 指定shell
# -c: 需要执行的命令
# keystone: 用户
su -s /bin/sh -c "keystone-manage db_sync" keystone
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone     |
+------------------------+
| access_token           |
| assignment             |
| config_register        |
| consumer               |
| credential             |
| domain                 |
| endpoint               |
| endpoint_group         |
| federated_user         |
| federation_protocol    |
| group                  |
| id_mapping             |
| identity_provider      |
| idp_remote_ids         |
| implied_role           |
| local_user             |
| mapping                |
| migrate_version        |
| password               |
| policy                 |
| policy_association     |
| project                |
| project_endpoint       |
| project_endpoint_group |
| region                 |
| request_token          |
| revocation_event       |
| role                   |
| sensitive_config       |
| service                |
| service_provider       |
| token                  |
| trust                  |
| trust_role             |
| user                   |
| user_group_membership  |
| whitelisted_config     |
+------------------------+
37 rows in set (0.00 sec)
  • 2.初始化Fernet keys(会在/etc/keystone目录下生成一个fernet-keys的目录)
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller fernet-keys]# ls
0  1
[root@controller fernet-keys]# cat 0
hqTkqZvkU640iHZRj2vAgQlCb7IvDvNvvg1PRS0xvc4= 
[root@controller fernet-keys]# cat 1
e3i4Ixfe_C-A-3Fu-O8Pzx0aAm2fN6ZY-NtYTC1u0MQ=

3.2.3.5使用httpd代理keystone服务

  • 1.配置httpd(apache服务)
# 使得apache能够快速启动
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
  • 2.启动httpd服务,并设置开机自启
systemctl enable httpd.service
systemctl start httpd.service

3.2.3.6在keystone上创建认证服务,并且注册API端点

  • 1.创建identity认证服务和注册api
# 1.设置环境变量(keystone配置)
export OS_TOKEN=ADMIN_TOKEN  # 认证令牌
export OS_URL=http://controller:35357/v3  # 端点URL
export OS_IDENTITY_API_VERSION=3  # 认证 API 版本

'''查看是否设置成功
[root@controller fernet-keys]# env | grep OS
OS_IDENTITY_API_VERSION=3
OS_TOKEN=ADMIN_TOKEN
OS_URL=http://controller:35357/v3
'''
# 2.创建keystone服务实体和身份认证服务
openstack service create \
  --name keystone --description "OpenStack Identity" identity

'''
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id                               | type     | enabled | extra                                                     |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 7f814ccd297d436f86a72553e5bc20b2 | identity |       1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
'''
# 3.创建认证服务的 API 端点:
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3

'''
MariaDB [keystone]> select * from region;
+-----------+-------------+------------------+-------+
| id        | description | parent_region_id | extra |
+-----------+-------------+------------------+-------+
| RegionOne |             | NULL             | {}    |
+-----------+-------------+------------------+-------+

MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| id                               | legacy_endpoint_id | interface | service_id                       | url                        | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| 417480a6fb834748b2dd6f54b3bd0093 | NULL               | public    | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3  | {}    |       1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL               | admin     | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {}    |       1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL               | internal  | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3  | {}    |       1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
'''

OpenStack使用三个API端点变种代表每种服务:admin,internal和public。默认情况下,管理API端点允许修改用户和租户而公共和内部APIs不允许这些操作。在生产环境中,处于安全原因,变种为了服务不同类型的用户可能驻留在单独的网络上。对实例而言,公共API网络为了让顾客管理他们自己的云在互联网上是可见的。管理API网络在管理云基础设施的组织中操作也是有所限制的。内部API网络可能会被限制在包含OpenStack服务的主机上。此外,OpenStack支持可伸缩性的多区域。为了简单起见,本指南为所有端点变种和默认RegionOne区域都使用管理网络。

3.2.3.7在keystone上创建用户、项目、角色,以及关联关系

  • 1.创建域 default
openstack domain create --description "Default Domain" default
'''
MariaDB [keystone]> select * from project;
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| id                               | name                     | extra | description    | enabled | domain_id                        | parent_id                        | is_domain |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| 6a6ccc15061642d4bffd16f057f33696 | default                  | {}    | Default Domain |       1 | <>         | NULL                             |         1 |
| <>         | <> | {}    |                |       0 | <>         | NULL                             |         1 |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
2 rows in set (0.00 sec)
'''
  • 2.创建 admin 项目
openstack project create --domain default --description "Admin Project" admin
'''
MariaDB [keystone]> select * from project;
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| id                               | name                     | extra | description    | enabled | domain_id                        | parent_id                        | is_domain |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| 6a6ccc15061642d4bffd16f057f33696 | default                  | {}    | Default Domain |       1 | <>         | NULL                             |         1 |
| 82c90a149be1415bba089443f95b4f96 | admin                    | {}    | Admin Project  |       1 | 6a6ccc15061642d4bffd16f057f33696 | 6a6ccc15061642d4bffd16f057f33696 |         0 |
| <>         | <> | {}    |                |       0 | <>         | NULL                             |         1 |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
3 rows in set (0.00 sec)
'''
  • 3.创建 admin 用户:密码:ADMIN_PASS
openstack user create --domain default --password ADMIN_PASS admin
'''
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+-------+
| id | user_id                          | domain_id                        | name  |
+----+----------------------------------+----------------------------------+-------+
|  1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin |
+----+----------------------------------+----------------------------------+-------+
'''
  • 4.创建 admin 角色
openstack role create admin
'''
MariaDB [keystone]> select * from role;
+----------------------------------+-------+-------+-----------+
| id                               | name  | extra | domain_id |
+----------------------------------+-------+-------+-----------+
| 559df9ece1194c5c88483faf255977c0 | admin | {}    | <>  |
+----------------------------------+-------+-------+-----------+
1 row in set (0.00 sec)
'''
  • 5.添加 admin 角色到 admin 项目和用户上
openstack role add --project admin --user admin admin
'''
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
1 row in set (0.00 sec)
'''

# 6. 创建 service 项目
openstack project create --domain default --description "Service Project" service
'''
MariaDB [keystone]> select * from project;
+----------------------------------+--------------------------+-------+-----------------+---------+----------------------------------+----------------------------------+-----------+
| id                               | name                     | extra | description     | enabled | domain_id                        | parent_id                        | is_domain |
+----------------------------------+--------------------------+-------+-----------------+---------+----------------------------------+----------------------------------+-----------+
| 6a6ccc15061642d4bffd16f057f33696 | default                  | {}    | Default Domain  |       1 | <>         | NULL                             |         1 |
| 82c90a149be1415bba089443f95b4f96 | admin                    | {}    | Admin Project   |       1 | 6a6ccc15061642d4bffd16f057f33696 | 6a6ccc15061642d4bffd16f057f33696 |         0 |
| <>         | <> | {}    |                 |       0 | <>         | NULL                             |         1 |
| d8e5dab9e41240c5a2334272373138ff | service                  | {}    | Service Project |       1 | 6a6ccc15061642d4bffd16f057f33696 | 6a6ccc15061642d4bffd16f057f33696 |         0 |
+----------------------------------+--------------------------+-------+-----------------+---------+----------------------------------+----------------------------------+-----------+
'''

因为环境变量中有一个超级管理员的token,所以可以使用openstack user list命令去查询当前用户列表

[root@controller ~]# env | grep OS_
OS_TOKEN=ADMIN_TOKEN

[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
+----------------------------------+-------+

删除环境变量中的ADMIN_TOKEN,后则无法再次使用openstack user list命令获取用户列表

[root@controller ~]# unset OS_TOKEN
[root@controller ~]# openstack user list
Missing parameter(s): 
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name

不使用环境变量的情况下,查询用户列表

openstack --os-auth-url http://controller:35357/v3 \
  --os-project-domain-name default \
  --os-user-domain-name default \
  --os-project-name admin --os-username admin \
  --os-password ADMIN_PASS \
  --os-identity-api-version 3 \
  user list

推荐方式:使用脚本方式

# 1.创建 admin-openrc 文件,内容如下,如果直接使用环境变量,那么在退出终端后,环境变量就消失了,所以使用脚本保存
# vi /user/bin/admin-openrc  # /user/bin默认添加到了系统环境变量中,所以将脚本放在此处,方便source
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS  # 此处需要使用admin用户的真实密码
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc  # 1.加载环境变量
[root@controller ~]# env | grep OS_  # 2.检查是否加载成功
OS_USER_DOMAIN_NAME=default
OS_IMAGE_API_VERSION=2
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=ADMIN_PASS
OS_AUTH_URL=http://controller:35357/v3
OS_USERNAME=admin
OS_URL=http://controller:35357/v3
OS_PROJECT_DOMAIN_NAME=default
[root@controller ~]# openstack user list  # 获取用户列表
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
+----------------------------------+-------+
# 使用脚本每次登录终端都需要source一次,感觉比较麻烦,为为了简便,直接将`source admin-openrc`这条命令添加到`.bashrc`下
echo source admin-openrc >>  .bashrc
# 这样配置后,每次连接到终端后就可以直接执行openstack相关命令
openstack token issue
openstack user list
...

3.3Glance服务(仅控制节点)

3.3.1作用

  • 1.上传
  • 2.下载
  • 3.获取列表和详情

3.3.2组件

  • glance-api
    • 提供镜像上传、下载、列表等功能
  • glance-registry
    • 修改镜像元数据(属性)

3.3.3安装

3.3.3.1创建数据库

  • 1.创建 glance 数据库
mysql -u root -popenstack
CREATE DATABASE glance;
  • 2.对glance数据库授权:密码:GLANCE_DBPASS
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';

3.3.3.2在keystone上创建用户、关联角色

  • 1.加载环境变量:source admin-openrc,如果配置了.bashrc,则可跳过
  • 2.创建 glance 用户:密码:GLANCE_PASS
openstack user create --domain default --password GLANCE_PASS glance
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+--------+
| id | user_id                          | domain_id                        | name   |
+----+----------------------------------+----------------------------------+--------+
|  1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin  |
|  2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance |
+----+----------------------------------+----------------------------------+--------+
2 rows in set (0.00 sec)

MariaDB [keystone]> select * from password;
+----+---------------+-------------------------------------------------------------------------------------------------------------------------+
| id | local_user_id | password                                                                                                                |
+----+---------------+-------------------------------------------------------------------------------------------------------------------------+
|  1 |             1 | $6$rounds=10000$qACI/bcbbnjhdglU$1lEK5ViDIaIgt8OJX/ZNuII73DesBxZ7Z9yKIFfcqvcH7bq05ZEjGdoMkv2lEBzF0A0U6.feN6NEJaKMmZqjI/ |
|  2 |             2 | $6$rounds=10000$T0k2HwwFdsFwFNXv$oMfhYOZVgbVJxhXZVE8rozCaxmGeYWArZx7OrPHsLBlb5Hq2IlUVwG5QEXMAz8vtWNqU7noLDPY8gaezEv0YU1 |
+----+---------------+-------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
  • 3.添加 admin 角色到 glance 用户和 service 项目上
openstack role add --project service --user glance admin
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
2 rows in set (0.00 sec)
[root@controller fernet-keys]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role                             | User                             | Group | Project                          | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea |       | 82c90a149be1415bba089443f95b4f96 |        | False     |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+

3.3.3.3在keystone上创建镜像服务,并注册 API 端点

  • 1.创建glance服务实体
openstack service create --name glance --description "OpenStack Image" image
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id                               | type     | enabled | extra                                                     |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image    |       1 | {"description": "OpenStack Image", "name": "glance"}      |
| 7f814ccd297d436f86a72553e5bc20b2 | identity |       1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
2 rows in set (0.00 sec)
  • 2.public公共服务端点
openstack endpoint create --region RegionOne image public http://controller:9292
  • 3.internal内部服务端点
openstack endpoint create --region RegionOne image internal http://controller:9292
  • 4.admin管理员服务端点
openstack endpoint create --region RegionOne image admin http://controller:9292
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| id                               | legacy_endpoint_id | interface | service_id                       | url                        | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| 417480a6fb834748b2dd6f54b3bd0093 | NULL               | public    | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3  | {}    |       1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL               | admin     | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {}    |       1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL               | public    | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292     | {}    |       1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL               | internal  | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3  | {}    |       1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL               | admin     | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292     | {}    |       1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL               | internal  | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292     | {}    |       1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
6 rows in set (0.00 sec)

MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id                               | type     | enabled | extra                                                     |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image    |       1 | {"description": "OpenStack Image", "name": "glance"}      |
| 7f814ccd297d436f86a72553e5bc20b2 | identity |       1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
2 rows in set (0.00 sec)

3.3.3.4安装glance服务相关软件包

yum install openstack-glance -y

3.3.3.5修改配置文件

  • 1.备份 /etc/glance/glance-api.conf 文件,并去掉注释
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf

2.使用openstack-config命令修改相关配置

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
  • 3.备份 /etc/glance/glance-registry.conf 文件,并去掉注释
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf

4.使用openstack-config命令修改相关配置

openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS

openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

3.3.3.6迁移生成数据表

su -s /bin/sh -c "glance-manage db_sync" glance
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance                 |
+----------------------------------+
| artifact_blob_locations          |
| artifact_blobs                   |
| artifact_dependencies            |
| artifact_properties              |
| artifact_tags                    |
| artifacts                        |
| image_locations                  |
| image_members                    |
| image_properties                 |
| image_tags                       |
| images                           |
| metadef_namespace_resource_types |
| metadef_namespaces               |
| metadef_objects                  |
| metadef_properties               |
| metadef_resource_types           |
| metadef_tags                     |
| migrate_version                  |
| task_info                        |
| tasks                            |
+----------------------------------+
20 rows in set (0.00 sec)

3.3.3.7启动镜像服务、并且配置开机自启

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# netstat -lntup
...
tcp        0      0 0.0.0.0:9292            0.0.0.0:*               LISTEN      8267/python2 
...

3.3.3.8测试镜像上传

  • 1.下载测试镜像到contorller节点
# 下载失败的机率很大,建议浏览器或其他下载方式下载好之后,再上传上来
curl http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o cirros-0.3.4-x86_64-disk.img --progress
  • 2.使用openstack image create命令上传镜像
# --container-format bare 表示镜像是一个普通镜像,而不是docker镜像
# --public 表示是一个公共镜像
# --disk-format qcow2 镜像格式是qcow2
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \
  --disk-format qcow2 --container-format bare --public
  • 此处镜像异常,只有273 bytes,后面基于这个镜像创建的虚机会有问题,找不到系统盘
  • 上传镜像时使用qemu-img info 镜像名看一下镜像信息和上传的结果是否一致(此处是我下载镜像出了问题)
MariaDB [glance]> select * from images \G;
*************************** 1. row ***************************
              id: 83078a0f-f56b-4d21-9b31-c44e597475bb
            name: cirros
            size: 273
          status: active
       is_public: 1
      created_at: 2022-12-29 10:29:07
      updated_at: 2022-12-29 10:29:08
      deleted_at: NULL
         deleted: 0
     disk_format: qcow2
container_format: bare
        checksum: 760d7a136a601f87a126bc516f7a0b39
           owner: 82c90a149be1415bba089443f95b4f96
        min_disk: 0
         min_ram: 0
       protected: 0
    virtual_size: NULL
1 row in set (0.01 sec)
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 83078a0f-f56b-4d21-9b31-c44e597475bb | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# ls /var/lib/glance/images/
83078a0f-f56b-4d21-9b31-c44e597475bb

3.4Nova服务

3.4.1组件

  • 只有nova-compute在计算节点上
  • 其他服务都在控制节点上

3.4.1.1:nova-api 服务

  • 接收并响应所有的计算服务请求,管理虚拟机生命周期

3.4.1.2:nova-compute 服务(可以有多个)

  • 真正管理虚拟机(调用libvirt来管理虚机)

3.4.1.3:nova-scheduler 服务

  • nova调度器(挑选出最适合的nova-compute来创建虚机)

3.4.1.4:nova-conductor 服务

  • 代理nova-compute连接数据库(避免了所有nova-compute都配置数据库连接信息,不安全)
  • 帮助nova-compute代理修改数据库中虚拟机的状态

3.4.1.5:nova-network 服务

  • 早期openstack版本管理虚拟机的网络(已弃用,使用neutron服务组件替换)

3.4.1.6:nova-consoleauth 和 nova-novncproxy 服务

  • web版的vnc来直接操做云主机

3.4.1.7:novncproxy 服务

  • web版 vnc客户端

3.4.1.8:nova-api-metadata 服务

  • 接收来自虚机发送的元数据请求
  • 配合neutron-metadata-agent,来实现虚拟机的定制化操做

3.4.2安装(控制节点)

3.4.2.1创建数据库

  • 1.创建novanova-api数据库
mysql -u root -popenstack
CREATE DATABASE nova_api;
CREATE DATABASE nova;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| nova               |
| nova_api           |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
  • 2.数据库授权(密码:NOVA_DBPASS
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [mysql]> select Host,User,Password from user;
+-----------+----------+-------------------------------------------+
| Host      | User     | Password                                  |
+-----------+----------+-------------------------------------------+
| localhost | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| 127.0.0.1 | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| ::1       | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| %         | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | glance   | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| %         | glance   | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| localhost | nova     | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| %         | nova     | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
+-----------+----------+-------------------------------------------+
9 rows in set (0.00 sec)

3.4.2.2在keystone上创建用户、关联角色

  • 1.创建nova用户(密码:NOVA_PASS
openstack user create --domain default --password NOVA_PASS nova
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+--------+
| id | user_id                          | domain_id                        | name   |
+----+----------------------------------+----------------------------------+--------+
|  1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin  |
|  2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance |
|  3 | e3999193a86748efb091c546379fa536 | 6a6ccc15061642d4bffd16f057f33696 | nova   |
+----+----------------------------------+----------------------------------+--------+
3 rows in set (0.00 sec)
[root@controller ~]# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 2049b7a000664a7c9dab8471e1b74fea | admin  |
| 738ab0f6b4c848c98a7e61d38c030057 | glance |
| e3999193a86748efb091c546379fa536 | nova   |
+----------------------------------+--------+
  • 2.给 nova 用户添加 admin 角色
# 将nova用户添加到service项目下,并且授予admin角色
openstack role add --project service --user nova admin
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | e3999193a86748efb091c546379fa536 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
3 rows in set (0.00 sec)
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role                             | User                             | Group | Project                          | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea |       | 82c90a149be1415bba089443f95b4f96 |        | False     |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
| 559df9ece1194c5c88483faf255977c0 | e3999193a86748efb091c546379fa536 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+

3.4.2.3在keystone上创计算服务,并注册API端点

  • 1.创建 nova 服务
openstack service create --name nova --description "OpenStack Compute" compute
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id                               | type     | enabled | extra                                                     |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image    |       1 | {"description": "OpenStack Image", "name": "glance"}      |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | compute  |       1 | {"description": "OpenStack Compute", "name": "nova"}      |
| 7f814ccd297d436f86a72553e5bc20b2 | identity |       1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
3 rows in set (0.00 sec)
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 1e87d9b66e2e4d80b978d257852cc612 | glance   | image    |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | nova     | compute  |
| 7f814ccd297d436f86a72553e5bc20b2 | keystone | identity |
+----------------------------------+----------+----------+
  • 2.创建 Compute 服务 API 端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| id                               | legacy_endpoint_id | interface | service_id                       | url                                       | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | NULL               | internal  | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
| 2e16e05169714d83929c9e678fbe81b8 | NULL               | admin     | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
| 417480a6fb834748b2dd6f54b3bd0093 | NULL               | public    | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3                 | {}    |       1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL               | admin     | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3                | {}    |       1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL               | public    | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL               | internal  | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3                 | {}    |       1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL               | admin     | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL               | internal  | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| f1e24e0962864454a9eb718fb975fb68 | NULL               | public    | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
9 rows in set (0.00 sec)
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | RegionOne | nova         | compute      | True    | internal  | http://controller:8774/v2.1/%(tenant_id)s |
| 2e16e05169714d83929c9e678fbe81b8 | RegionOne | nova         | compute      | True    | admin     | http://controller:8774/v2.1/%(tenant_id)s |
| 417480a6fb834748b2dd6f54b3bd0093 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3                 |
| 5ca472ac93c54acc92cda6ee2ed27227 | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v3                |
| 90f1cec9c53045478e14c382b05a1a74 | RegionOne | glance       | image        | True    | public    | http://controller:9292                    |
| c4ee743fc8c640888d80cec0df24d420 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3                 |
| e18816adb3474548a2b0c126c602887d | RegionOne | glance       | image        | True    | admin     | http://controller:9292                    |
| e7cae365b69f47948eeec2bf39b21181 | RegionOne | glance       | image        | True    | internal  | http://controller:9292                    |
| f1e24e0962864454a9eb718fb975fb68 | RegionOne | nova         | compute      | True    | public    | http://controller:8774/v2.1/%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+

3.4.2.4安装nova服务相关软件包

  • 注意:控制节点此处没有nova-compute服务
yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler -y

3.4.2.5修改nova服务配置

  • 1.备份 /etc/nova/nova.conf 文件,并去掉注释
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf

2.使用openstack-config命令修改相关配置

openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata

openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.10

openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
# 由于计算服务中包含了compute-network组件,该组件提供了一个防火墙功能,但是使用neutron组件后,neutron组件也提供了防火墙功能,所以此处表示禁用compute-network组件提供的防火墙功能
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver

openstack-config --set /etc/nova/nova.conf vnc vncserver_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'

openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292

# 防止shell脚本重复执行
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

3.4.2.6数据库同步

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova

3.4.2.7启动nova服务,并设置开机自启

systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

3.4.2.8检查是否启动成功

  • State:up表示启动成功
[root@controller ~]# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-consoleauth | controller | internal | enabled | up    | 2022-12-29T16:30:50.000000 | -               |
| 2  | nova-conductor   | controller | internal | enabled | up    | 2022-12-29T16:30:52.000000 | -               |
| 3  | nova-scheduler   | controller | internal | enabled | up    | 2022-12-29T16:30:52.000000 | -               |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
  • 停止nova-api服务后就无法使用nova service-list来获取服务信息
systemctl stop openstack-nova-api.service

3.4.3安装(计算节点)

3.4.3.1安装说明

  • 计算节点只需要安装nova-compute这一个组件
  • nova-compute通过调用libvirt来创建虚拟机

3.4.3.2安装

yum install openstack-nova-compute -y
yum install openstack-utils.noarch -y

3.4.3.3修改配置文件

  • 1.备份 /etc/nova/nova.conf 文件,并去掉注释
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf

2.使用openstack-config命令修改相关配置

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS

# 计算节点的管理网络IP
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.20

openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver

openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
# 控制节点的外部网络IP
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.200.10:6080/vnc_auto.html

openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292

openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

3.4.3.4确定您的计算节点是否支持虚拟机的硬件加速。

egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
4
  • 务必注意:如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu

3.4.3.5启动nova-compute服务,并设置开机自启

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

3.4.3.6验证是否启动成功

  • 如果启动成功会看到nova-compute服务
[root@controller ~]# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated_at                 | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1  | nova-consoleauth | controller | internal | enabled | up    | 2022-12-29T19:34:55.000000 | -               |
| 2  | nova-conductor   | controller | internal | enabled | up    | 2022-12-29T19:34:56.000000 | -               |
| 3  | nova-scheduler   | controller | internal | enabled | up    | 2022-12-29T19:34:58.000000 | -               |
| 7  | nova-compute     | compute    | nova     | enabled | up    | 2022-12-29T19:34:57.000000 | -               |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+

3.5Neutron服务

3.5.1组件

3.5.1.1.neutron-server端口(9696)

  • 接收和响应外部的网络管理请求

3.5.1.2.neutron-linuxbridge-agent

  • 负责创建桥接网卡

3.5.1.3.neutron-dhcp-agent

  • 负责分配IP

3.5.1.4.neutron-metadata-agent

  • 配合nova-metadata-api实现虚拟机的定制化操做

3.5.1.5.L3-agent

  • 实现三层网络vxlan(网络层)

3.5.2安装(控制节点)

3.5.2.1创建数据库

  • 1.创建数据库
mysql -u root -popenstack
CREATE DATABASE neutron;
MariaDB [mysql]> show databases;
+--------------------+
| Database           |
+--------------------+
| glance             |
| information_schema |
| keystone           |
| mysql              |
| neutron            |
| nova               |
| nova_api           |
| performance_schema |
+--------------------+
8 rows in set (0.01 sec)
  • 2.对数据库进行授权,密码:NEUTRON_DBPASS
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [mysql]> select Host,User,Password from user;
+-----------+----------+-------------------------------------------+
| Host      | User     | Password                                  |
+-----------+----------+-------------------------------------------+
| localhost | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| 127.0.0.1 | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| ::1       | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| %         | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | glance   | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| %         | glance   | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| localhost | nova     | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| %         | nova     | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| localhost | neutron  | *4DF421833991170108648F1103CD74FCB66BBE9E |
| %         | neutron  | *4DF421833991170108648F1103CD74FCB66BBE9E |
+-----------+----------+-------------------------------------------+
11 rows in set (0.00 sec)

3.5.2.2在keystone上创建用户、关联角色

  • 1.创建neutron用户,密码:NEUTRON_PASS
openstack user create --domain default --password NEUTRON_PASS neutron
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+---------+
| id | user_id                          | domain_id                        | name    |
+----+----------------------------------+----------------------------------+---------+
|  1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin   |
|  2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance  |
|  3 | e3999193a86748efb091c546379fa536 | 6a6ccc15061642d4bffd16f057f33696 | nova    |
|  4 | 2d635fc885744434a44d1f1b627c5148 | 6a6ccc15061642d4bffd16f057f33696 | neutron |
+----+----------------------------------+----------------------------------+---------+
4 rows in set (0.00 sec)
[root@controller ~]# openstack user list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 2049b7a000664a7c9dab8471e1b74fea | admin   |
| 2d635fc885744434a44d1f1b627c5148 | neutron |
| 738ab0f6b4c848c98a7e61d38c030057 | glance  |
| e3999193a86748efb091c546379fa536 | nova    |
+----------------------------------+---------+
  • 2.添加admin 角色到neutron 用户
openstack role add --project service --user neutron admin
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | 2d635fc885744434a44d1f1b627c5148 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | e3999193a86748efb091c546379fa536 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role                             | User                             | Group | Project                          | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea |       | 82c90a149be1415bba089443f95b4f96 |        | False     |
| 559df9ece1194c5c88483faf255977c0 | 2d635fc885744434a44d1f1b627c5148 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
| 559df9ece1194c5c88483faf255977c0 | e3999193a86748efb091c546379fa536 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+

3.5.2.3在keystone上创网络建服务,并注册API端点

  • 1.创建neutron服务
openstack service create --name neutron \
  --description "OpenStack Networking" network
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+------------------------------------------------------------+
| id                               | type     | enabled | extra                                                      |
+----------------------------------+----------+---------+------------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image    |       1 | {"description": "OpenStack Image", "name": "glance"}       |
| 2fc0089b48a04158a27b78f11d9dfd55 | network  |       1 | {"description": "OpenStack Networking", "name": "neutron"} |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | compute  |       1 | {"description": "OpenStack Compute", "name": "nova"}       |
| 7f814ccd297d436f86a72553e5bc20b2 | identity |       1 | {"description": "OpenStack Identity", "name": "keystone"}  |
+----------------------------------+----------+---------+------------------------------------------------------------+
4 rows in set (0.00 sec)
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 1e87d9b66e2e4d80b978d257852cc612 | glance   | image    |
| 2fc0089b48a04158a27b78f11d9dfd55 | neutron  | network  |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | nova     | compute  |
| 7f814ccd297d436f86a72553e5bc20b2 | keystone | identity |
+----------------------------------+----------+----------+
  • 2.创建网络服务API端点
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| id                               | legacy_endpoint_id | interface | service_id                       | url                                       | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | NULL               | internal  | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
| 1ac03179518b42a2bcb1e9c96306bd11 | NULL               | admin     | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696                    | {}    |       1 | RegionOne |
| 2e16e05169714d83929c9e678fbe81b8 | NULL               | admin     | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
| 417480a6fb834748b2dd6f54b3bd0093 | NULL               | public    | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3                 | {}    |       1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL               | admin     | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3                | {}    |       1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL               | public    | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| 99474e048b484af29aef3f66fda62921 | NULL               | internal  | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696                    | {}    |       1 | RegionOne |
| bf23b4fe01e0423589ea72cb70f1fd31 | NULL               | public    | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696                    | {}    |       1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL               | internal  | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3                 | {}    |       1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL               | admin     | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL               | internal  | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| f1e24e0962864454a9eb718fb975fb68 | NULL               | public    | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
12 rows in set (0.00 sec)
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | RegionOne | nova         | compute      | True    | internal  | http://controller:8774/v2.1/%(tenant_id)s |
| 1ac03179518b42a2bcb1e9c96306bd11 | RegionOne | neutron      | network      | True    | admin     | http://controller:9696                    |
| 2e16e05169714d83929c9e678fbe81b8 | RegionOne | nova         | compute      | True    | admin     | http://controller:8774/v2.1/%(tenant_id)s |
| 417480a6fb834748b2dd6f54b3bd0093 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3                 |
| 5ca472ac93c54acc92cda6ee2ed27227 | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v3                |
| 90f1cec9c53045478e14c382b05a1a74 | RegionOne | glance       | image        | True    | public    | http://controller:9292                    |
| 99474e048b484af29aef3f66fda62921 | RegionOne | neutron      | network      | True    | internal  | http://controller:9696                    |
| bf23b4fe01e0423589ea72cb70f1fd31 | RegionOne | neutron      | network      | True    | public    | http://controller:9696                    |
| c4ee743fc8c640888d80cec0df24d420 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3                 |
| e18816adb3474548a2b0c126c602887d | RegionOne | glance       | image        | True    | admin     | http://controller:9292                    |
| e7cae365b69f47948eeec2bf39b21181 | RegionOne | glance       | image        | True    | internal  | http://controller:9292                    |
| f1e24e0962864454a9eb718fb975fb68 | RegionOne | nova         | compute      | True    | public    | http://controller:8774/v2.1/%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+

3.5.2.4安装neutron相关服务

3.5.2.4.1网络选项(二选一即可)
  • 1.公共网络(二层网络)
    • 虚机和宿主机在同一网段
  • 2.私有网络(三层网络)
    • 虚机和宿主机不再同一网段
3.5.2.4.2安装(公共网络和私有网络安装模块一样)
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

3.5.2.5修改neutron服务配置

3.5.2.4.1公共网络配置
  • 1.备份 /etc/neutron/neutron.conf 文件,并去掉注释
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
  • 2.使用openstack-config命令修改相关配置
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins 

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True

openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
  • 3.备份 /etc/neutron/plugins/ml2/ml2_conf.ini 文件,并去掉注释
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
  • 4.使用openstack-config命令修改相关配置
# 支持网络模型
# 扁平网络(Flat):大局域网,不支持vlan及其他网络隔离机制
# 本地网络(Local):所有VM位于本地compute节点,且与external网络隔离
# 局域网络(VLAN):通过使用VLAN的IDs创建多个providers或tentant网络
# 隧道网络(VXLAN和GRE)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan

# 禁用私有网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types 

# 启用Linuxbridge机制
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
  • 5.备份 /etc/neutron/plugins/ml2/linuxbridge_agent.ini 文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
  • 6.使用openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:上外网的网卡
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  • 7.备份 /etc/neutron/dhcp_agent.ini 文件,并去掉注释
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
  • 8.使用openstack-config命令修改相关配置
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
3.5.2.4.2私有网络配置
  • 1.备份 /etc/neutron/neutron.conf 文件,并去掉注释
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
  • 2.使用openstack-config命令修改相关配置
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True

openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
  • 3.备份 /etc/neutron/plugins/ml2/ml2_conf.ini 文件,并去掉注释
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
  • 4.使用openstack-config命令修改相关配置
# 支持网络模型
# 扁平网络(Flat):大局域网,不支持vlan及其他网络隔离机制
# 本地网络(Local):所有VM位于本地compute节点,且与external网络隔离
# 局域网络(VLAN):通过使用VLAN的IDs创建多个providers或tentant网络
# 隧道网络(VXLAN和GRE)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan

# 启用Linuxbridge机制
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
  • 5.备份 /etc/neutron/plugins/ml2/linuxbridge_agent.ini 文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
  • 6.使用openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:上外网网卡 eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
# 控制节点的管理IP
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.10
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  • 7.备份 /etc/neutron/l3_agent.ini 文件,并去掉注释
cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
  • 8.使用openstack-config命令修改相关配置
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver  neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge 
  • 9.备份 /etc/neutron/dhcp_agent.ini 文件,并去掉注释
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
  • 10.使用openstack-config命令修改相关配置
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
3.5.2.4.3配置元数据代理
  • 1.备份 /etc/neutron/metadata_agent.ini 文件,并去掉注释
cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
  • 2.使用openstack-config命令修改相关配置,密码:METADATA_SECRET
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
3.5.2.4.4为控制节点的nova服务配置网络信息
  • 1.使用openstack-config命令修改相关配置,密码:METADATA_SECRET
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET

3.5.2.6数据库同步(创表)

  • 1.网络服务初始化脚本需要一个超链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  • 2.同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  • 3.重启计算API 服务(因为修改了nova服务的配置文件)
systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl status openstack-nova-api.service
● openstack-nova-api.service - OpenStack Nova API Server
   Loaded: loaded (/usr/lib/systemd/system/openstack-nova-api.service; enabled; vendor preset: disabled)
   Active: active (running) since Fri 2022-12-30 07:23:12 CST; 8s ago
 Main PID: 32681 (nova-api)
   CGroup: /system.slice/openstack-nova-api.service
           ├─32681 /usr/bin/python2 /usr/bin/nova-api
           ├─32690 /usr/bin/python2 /usr/bin/nova-api
           ├─32691 /usr/bin/python2 /usr/bin/nova-api
           ├─32692 /usr/bin/python2 /usr/bin/nova-api
           ├─32693 /usr/bin/python2 /usr/bin/nova-api
           ├─32706 /usr/bin/python2 /usr/bin/nova-api
           ├─32707 /usr/bin/python2 /usr/bin/nova-api
           ├─32708 /usr/bin/python2 /usr/bin/nova-api
           └─32709 /usr/bin/python2 /usr/bin/nova-api

Dec 30 07:23:01 controller systemd[1]: Starting OpenStack Nova API Server...
Dec 30 07:23:09 controller sudo[32694]:     nova : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c
Dec 30 07:23:12 controller sudo[32703]:     nova : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/nova-rootwrap /etc/nova/rootwrap.conf iptables-restore -c
Dec 30 07:23:12 controller systemd[1]: Started OpenStack Nova API Server.

3.5.2.7启动neutron服务,并设置开机自启

systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
  • 注意:如果选择使用私有网络,则启用layer-3服务并设置其随系统自启动
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

3.5.2.8验证是否启动成功

  • 启动比较慢,多等待一会,如果一直没有,则需要去看服务状态,状态异常的话,许哟啊根据日志去排查问题
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 01c79ff7-a257-4572-8d36-e53a41c54b4c | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
| 7288d214-2d6e-40d1-a52b-4810ac843454 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| c94f5235-7ef6-4043-bed1-ad4c041525f4 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

3.5.3安装(计算节点)

3.5.3.1安装

# openstack-neutron-linuxbridge帮助虚机创建桥接网卡
yum install openstack-neutron-linuxbridge ebtables ipset -y

3.5.3.2配置通用组件

  • 1.备份 /etc/neutron/neutron.conf 文件,并去掉注释
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
  • 2.使用openstack-config命令修改相关配置
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid  openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password  openstack

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken  password NEUTRON_PASS

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

3.5.3.2配置网络服务

3.5.3.2.1说明
  • 公共网络和私有网络二选一进行配置
3.5.3.2.2公共网络配置
  • 1.备份 /etc/neutron/plugins/ml2/linuxbridge_agent.ini 文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
  • 2.使用openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:为外网网卡eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.5.3.2.3私有网络配置
  • 1.备份 /etc/neutron/plugins/ml2/linuxbridge_agent.ini 文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
  • 2.使用openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:上外网网卡eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
# 计算节点的管理网络IP
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.20
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

3.5.3.3配置计算节点nova服务的网络信息

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS

3.5.3.4重启计算节点nova-compute服务

systemctl restart openstack-nova-compute.service

3.5.3.4启动计算节点网络服务,并且设置开机自启

systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

3.5.3.5验证是否启动成功

[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 01c79ff7-a257-4572-8d36-e53a41c54b4c | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
| 7288d214-2d6e-40d1-a52b-4810ac843454 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| c94f5235-7ef6-4043-bed1-ad4c041525f4 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| f40e89c2-9bef-4c6c-a063-03f9f32c9c20 | Linux bridge agent | compute    |                   | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

3.6Dashbord服务

3.6.1安装(控制节点)

yum install openstack-dashboard

3.6.2配置

  • 1.备份原有配置文件
cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak
  • 2.编辑文件 /etc/openstack-dashboard/local_settings 修改内容如下
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]

# 需要手动增加
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
# 支持多域
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
# 通过仪表盘创建用户时的默认域配置为 default
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
# 通过仪表盘创建的用户默认角色配置为 user 
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_': False,
    'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"

3.6.3修改/etc/httpd/conf.d/openstack-dashboard.conf文件

  • 增加以下内容
WSGIApplicationGroup %{GLOBAL}

3.6.4启动服务

systemctl restart httpd.service memcached.service

3.6.5访问服务(外网IP)

http://192.168.200.10/dashboard

3.6.6错误排查

OpenStack-Mitaka版本部署_第6张图片

3.6.6.1日志错误1

tail -f /var/log/httpd/keystone-access.log
192.168.100.10 - - [30/Dec/2022:12:18:20 +0800] "POST /v3.0/auth/tokens HTTP/1.1" 404 93 "-" "keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5"
  • 请检查/etc/openstack-dashboard/local_settings文件
# 错误写法 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

3.6.6.2日志错误2

tail -f /var/log/httpd/keystone-access.log
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.100.10. Set the 'ServerName' directive globally to suppress this message
  • 请检查/etc/httpd/conf/httpd.conf文件,如果没有包含"ServerName controller",清在文件末尾追加这一信息

3.7Cinder服务

3.7.1工作原理

  • cinder是openstack的块存储服务,为云主机分配硬盘。使用LVM划分LV,然后使用iSCSI共享给计算节点的KVM

3.7.2组件

3.7.2.1.cinder-api

  • 接受API请求,并将其路由到cinder-volume执行。
  • 运行在控制节点

3.7.2.2.cinder-volume(可以有多个)

  • 与块存储服务和例如cinder-scheduler的进程进行直接交互。它也可以与这些进程通过一个消息队列进行交互。cinder-volume服务响应送到块存储服务的读写请求来维持状态。它也可以和多种存储提供者在驱动架构下进行交互。
  • 调用LVMnfsgfsceph然后支持多种存储技术

3.7.2.3.cinder-scheduler守护进程

  • 选择最优存储提供节点来创建卷。其与nova-scheduler组件类似。
  • 运行在控制节点

3.7.2.4.cinder-backup守护进程

  • 提供任何种类备份卷到一个备份存储提供者。就像cinder-volume服务,它与多种存储提供者在驱动架构下进行交互。

3.7.2.5.消息队列

  • 在块存储的进程之间路由信息。

3.7.3安装(控制节点)

3.7.3.1创建数据库

  • 1.创建数据库
mysql -u root -popenstack
CREATE DATABASE cinder;
MariaDB [(none)]> show databases;
+--------------------+
| Database           |
+--------------------+
| cinder             |  # cinder库
| glance             |
| information_schema |
| keystone           |
| mysql              |
| neutron            |
| nova               |
| nova_api           |
| performance_schema |
+--------------------+
9 rows in set (0.03 sec)
  • 2.对数据库进行授权,密码:CINDER_DBPASS
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
  IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
  IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> select Host,User,Password from mysql.user;
+-----------+----------+-------------------------------------------+
| Host      | User     | Password                                  |
+-----------+----------+-------------------------------------------+
| localhost | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| 127.0.0.1 | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| ::1       | root     | *3A4A03AC22526F6B591010973A741D59A71D728E |
| %         | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | glance   | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| %         | glance   | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| localhost | nova     | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| %         | nova     | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| localhost | neutron  | *4DF421833991170108648F1103CD74FCB66BBE9E |
| %         | neutron  | *4DF421833991170108648F1103CD74FCB66BBE9E |
| localhost | cinder   | *399A40479802D2F8FDC27DAC6CD30C8FE28431E5 |
| %         | cinder   | *399A40479802D2F8FDC27DAC6CD30C8FE28431E5 |
+-----------+----------+-------------------------------------------+
13 rows in set (0.00 sec)

3.7.3.2在keystone上创建用户并关联角色

  • 1.创建一个 cinder 用户:密码:CINDER_PASS
openstack user create --domain default --password CINDER_PASS cinder
MariaDB [(none)]> select * from keystone.local_user;
+----+----------------------------------+----------------------------------+---------+
| id | user_id                          | domain_id                        | name    |
+----+----------------------------------+----------------------------------+---------+
|  1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin   |
|  2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance  |
|  3 | e3999193a86748efb091c546379fa536 | 6a6ccc15061642d4bffd16f057f33696 | nova    |
|  4 | 2d635fc885744434a44d1f1b627c5148 | 6a6ccc15061642d4bffd16f057f33696 | neutron |
|  5 | fe1c5a8e8f4346f1a8c4409ceb45684c | 6a6ccc15061642d4bffd16f057f33696 | cinder  |  # 新增的cinder用户
+----+----------------------------------+----------------------------------+---------+
5 rows in set (0.00 sec)
[root@controller ~]# openstack user list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 2049b7a000664a7c9dab8471e1b74fea | admin   |
| 2d635fc885744434a44d1f1b627c5148 | neutron |
| 738ab0f6b4c848c98a7e61d38c030057 | glance  |
| e3999193a86748efb091c546379fa536 | nova    |
| fe1c5a8e8f4346f1a8c4409ceb45684c | cinder  |  # 新增的cinder用户
+----------------------------------+---------+
  • 2.添加 admin 角色到 cinder 用户上
openstack role add --project service --user cinder admin
MariaDB [(none)]> select * from keystone.assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | 2d635fc885744434a44d1f1b627c5148 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | e3999193a86748efb091c546379fa536 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
| UserProject | fe1c5a8e8f4346f1a8c4409ceb45684c | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
5 rows in set (0.00 sec)
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role                             | User                             | Group | Project                          | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea |       | 82c90a149be1415bba089443f95b4f96 |        | False     |
| 559df9ece1194c5c88483faf255977c0 | 2d635fc885744434a44d1f1b627c5148 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
| 559df9ece1194c5c88483faf255977c0 | e3999193a86748efb091c546379fa536 |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
| 559df9ece1194c5c88483faf255977c0 | fe1c5a8e8f4346f1a8c4409ceb45684c |       | d8e5dab9e41240c5a2334272373138ff |        | False     |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+

3.7.3.3在keystone上创建存储服务,并注册API端点

  • 1.创建 cinder 和 cinderv2 服务实体
openstack service create --name cinder --description "OpenStack Block Storage" volume

openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
MariaDB [(none)]> select * from keystone.service;
+----------------------------------+----------+---------+----------------------------------------------------------------+
| id                               | type     | enabled | extra                                                          |
+----------------------------------+----------+---------+----------------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image    |       1 | {"description": "OpenStack Image", "name": "glance"}           |
| 2fc0089b48a04158a27b78f11d9dfd55 | network  |       1 | {"description": "OpenStack Networking", "name": "neutron"}     |
| 33b2d0581d484a32977b084284255377 | volume   |       1 | {"description": "OpenStack Block Storage", "name": "cinder"}   |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | compute  |       1 | {"description": "OpenStack Compute", "name": "nova"}           |
| 7f814ccd297d436f86a72553e5bc20b2 | identity |       1 | {"description": "OpenStack Identity", "name": "keystone"}      |
| ba5c631e77114ad9ab5fcdfa4074415c | volumev2 |       1 | {"description": "OpenStack Block Storage", "name": "cinderv2"} |
+----------------------------------+----------+---------+----------------------------------------------------------------+
6 rows in set (0.00 sec)
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 1e87d9b66e2e4d80b978d257852cc612 | glance   | image    |
| 2fc0089b48a04158a27b78f11d9dfd55 | neutron  | network  |
| 33b2d0581d484a32977b084284255377 | cinder   | volume   |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | nova     | compute  |
| 7f814ccd297d436f86a72553e5bc20b2 | keystone | identity |
| ba5c631e77114ad9ab5fcdfa4074415c | cinderv2 | volumev2 |
+----------------------------------+----------+----------+
  • 2.创建存储服务API端点
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s

openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
MariaDB [(none)]> select * from keystone.endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| id                               | legacy_endpoint_id | interface | service_id                       | url                                       | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | NULL               | internal  | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
| 1ac03179518b42a2bcb1e9c96306bd11 | NULL               | admin     | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696                    | {}    |       1 | RegionOne |
| 290a6263670b4a87846bf0a01a7f8e25 | NULL               | admin     | 33b2d0581d484a32977b084284255377 | http://controller:8776/v1/%(tenant_id)s   | {}    |       1 | RegionOne |
| 2e16e05169714d83929c9e678fbe81b8 | NULL               | admin     | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
| 39d1b0c5cbf9462cb471370856b6a1af | NULL               | public    | 33b2d0581d484a32977b084284255377 | http://controller:8776/v1/%(tenant_id)s   | {}    |       1 | RegionOne |
| 417480a6fb834748b2dd6f54b3bd0093 | NULL               | public    | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3                 | {}    |       1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL               | admin     | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3                | {}    |       1 | RegionOne |
| 8fd615bb71f44d0fb39c4164edcf73f5 | NULL               | internal  | 33b2d0581d484a32977b084284255377 | http://controller:8776/v1/%(tenant_id)s   | {}    |       1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL               | public    | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| 99474e048b484af29aef3f66fda62921 | NULL               | internal  | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696                    | {}    |       1 | RegionOne |
| 9f390ab102854eda8e7cfea2161b46ec | NULL               | internal  | ba5c631e77114ad9ab5fcdfa4074415c | http://controller:8776/v2/%(tenant_id)s   | {}    |       1 | RegionOne |
| b46e995063654bb5a8e94df636649278 | NULL               | admin     | ba5c631e77114ad9ab5fcdfa4074415c | http://controller:8776/v2/%(tenant_id)s   | {}    |       1 | RegionOne |
| bee3203745c94f92899872678caceae1 | NULL               | public    | ba5c631e77114ad9ab5fcdfa4074415c | http://controller:8776/v2/%(tenant_id)s   | {}    |       1 | RegionOne |
| bf23b4fe01e0423589ea72cb70f1fd31 | NULL               | public    | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696                    | {}    |       1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL               | internal  | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3                 | {}    |       1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL               | admin     | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL               | internal  | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292                    | {}    |       1 | RegionOne |
| f1e24e0962864454a9eb718fb975fb68 | NULL               | public    | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {}    |       1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
18 rows in set (0.00 sec)
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                                       |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | RegionOne | nova         | compute      | True    | internal  | http://controller:8774/v2.1/%(tenant_id)s |
| 1ac03179518b42a2bcb1e9c96306bd11 | RegionOne | neutron      | network      | True    | admin     | http://controller:9696                    |
| 290a6263670b4a87846bf0a01a7f8e25 | RegionOne | cinder       | volume       | True    | admin     | http://controller:8776/v1/%(tenant_id)s   |
| 2e16e05169714d83929c9e678fbe81b8 | RegionOne | nova         | compute      | True    | admin     | http://controller:8774/v2.1/%(tenant_id)s |
| 39d1b0c5cbf9462cb471370856b6a1af | RegionOne | cinder       | volume       | True    | public    | http://controller:8776/v1/%(tenant_id)s   |
| 417480a6fb834748b2dd6f54b3bd0093 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3                 |
| 5ca472ac93c54acc92cda6ee2ed27227 | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v3                |
| 8fd615bb71f44d0fb39c4164edcf73f5 | RegionOne | cinder       | volume       | True    | internal  | http://controller:8776/v1/%(tenant_id)s   |
| 90f1cec9c53045478e14c382b05a1a74 | RegionOne | glance       | image        | True    | public    | http://controller:9292                    |
| 99474e048b484af29aef3f66fda62921 | RegionOne | neutron      | network      | True    | internal  | http://controller:9696                    |
| 9f390ab102854eda8e7cfea2161b46ec | RegionOne | cinderv2     | volumev2     | True    | internal  | http://controller:8776/v2/%(tenant_id)s   |
| b46e995063654bb5a8e94df636649278 | RegionOne | cinderv2     | volumev2     | True    | admin     | http://controller:8776/v2/%(tenant_id)s   |
| bee3203745c94f92899872678caceae1 | RegionOne | cinderv2     | volumev2     | True    | public    | http://controller:8776/v2/%(tenant_id)s   |
| bf23b4fe01e0423589ea72cb70f1fd31 | RegionOne | neutron      | network      | True    | public    | http://controller:9696                    |
| c4ee743fc8c640888d80cec0df24d420 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3                 |
| e18816adb3474548a2b0c126c602887d | RegionOne | glance       | image        | True    | admin     | http://controller:9292                    |
| e7cae365b69f47948eeec2bf39b21181 | RegionOne | glance       | image        | True    | internal  | http://controller:9292                    |
| f1e24e0962864454a9eb718fb975fb68 | RegionOne | nova         | compute      | True    | public    | http://controller:8774/v2.1/%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+

3.7.3.4安装cinder服务

yum install openstack-cinder -y

3.7.3.5修改cinder服务配置

  • 1.备份 /etc/cinder/cinder.conf 文件,并去掉注释
cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
  • 2.使用openstack-config命令修改相关配置
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken  user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS

# 控制节点的管理ip(不能上外网)
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.10

# 如果glance-api服务安装在控制节点,也可以省略这条配置,但是如果安装在其他节点,例如计算或存储节点,则需要根据实际填写
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292

openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
  • 3.修改控制节点的计算服务nova配置
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne

3.7.3.6数据库迁移

su -s /bin/sh -c "cinder-manage db sync" cinder

3.7.3.7重启控制节点计算服务API

systemctl restart openstack-nova-api.service

3.7.3.8启动存储服务,并设置开机自启

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

3.7.3.9验证

[root@controller ~]# cinder service-list
+------------------+------------+------+---------+-------+------------+-----------------+
|      Binary      |    Host    | Zone |  Status | State | Updated_at | Disabled Reason |
+------------------+------------+------+---------+-------+------------+-----------------+
| cinder-scheduler | controller | nova | enabled |   up  |     -      |        -        |
+------------------+------------+------+---------+-------+------------+-----------------+

3.7.4安装(存储节点)

  • 说明:如果只有两台服务器,则可以将以下服务安装在计算或控制节点

3.7.4.1安装chrony时间同步服务

  • 1.安装(三台服务器都需要)
yum install -y chrony
  • 2.配置vi /etc/chrony.conf(控制节点)
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server controller iburst  # 增加
  • 3.执行同步命令
chronyc sources
  • 5.重启chrony服务(三台服务器都需要)
systemctl restart chronyd

3.7.4.1存储节点临时上网

3.7.4.1.1VMnet1网卡配置

OpenStack-Mitaka版本部署_第7张图片
OpenStack-Mitaka版本部署_第8张图片

OpenStack-Mitaka版本部署_第9张图片

3.7.4.1.2添加临时网关
  • 1.添加临时网关
ip route add default via 192.168.100.1
  • 2.验证
[root@block ~]# ping www.baidu.com
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14: icmp_seq=1 ttl=128 time=100 ms
64 bytes from 39.156.66.14: icmp_seq=2 ttl=128 time=54.7 ms
64 bytes from 39.156.66.14: icmp_seq=3 ttl=128 time=143 ms
  • 3.删除临时网关
ip route del default via 192.168.100.1
  • 4.验证
[root@block ~]# ping www.baidu.com
connect: Network is unreachable

3.7.4.2拷贝控制节点openstack-mitaka.repoyum源

scp root@controller:/etc/yum.repos.d/openstack-mitaka.repo /etc/yum.repos.d/

3.7.4.3安装lvm2

yum install lvm2 -y

3.7.4.5启动LVM的metadata服务并且设置该服务随系统启动:

systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
  • systemctl enable lvm2-lvmetad.service如果有如下报错
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
   .wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
   a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
   D-Bus, udev, scripted systemctl call, ...).
  • 1.给/usr/lib/systemd/system/lvm2-lvmetad.service增加写权限
chmod 644 /usr/lib/systemd/system/lvm2-lvmetad.service
  • 2.给/usr/lib/systemd/system/lvm2-lvmetad.service增加以下内容
[Install]
WantedBy=multi-user.target
  • 3.再次执行开机自启命令
[root@block system]# systemctl enable lvm2-lvmetad.service
Created symlink from /etc/systemd/system/multi-user.target.wants/lvm2-lvmetad.service to /usr/lib/systemd/system/lvm2-lvmetad.service.

3.7.4.6创建LVM

3.7.4.6.1划分物理卷 /dev/sdb
  • fdisk -l 确认存储节点上另一块盘名称是/dev/sdb,否则根据实际名称操做
pvcreate /dev/sdb
# Physical volume "/dev/sdb" successfully created
[root@block ~]# pvs
  PV         VG     Fmt  Attr PSize   PFree 
  /dev/sdb          lvm2 ---   50.00g 50.00g
3.7.4.6.2使用 /dev/sdb 物理卷创建卷组
  • 此处创建的卷组cinder-volumes在后续的配置文件中会使用到,根据自己需要命名
  • 卷组的创建也可以使用多个物理卷来组成一个超大的卷组
vgcreate cinder-volumes /dev/sdb
# Volume group "cinder-volumes" successfully created
[root@block ~]# vgs
  VG             #PV #LV #SN Attr   VSize   VFree  
  cinder-volumes   1   0   0 wz--n- <50.00g <50.00g

3.7.4.7配置卷组的访问控制权限

vi /etc/lvm/lvm.conf
# 因为存储节点这台虚拟机操作系统磁盘也使用了LVM,所以需要将系统盘也添加进来
# 一定不要忘记结尾的/
filter = [ "a/sda/", "a/sdb/", "r/.*/"]
  • a:access(允许)
  • r:reject(拒绝)

在这里插入图片描述

3.7.4.8安装cinder相关组件

3.7.4.8.1安装
yum install openstack-cinder targetcli python-keystone -y
3.7.4.8.2配置
  • 1.备份 /etc/cinder/cinder.conf 文件,并去掉注释
cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
  • 2.使用openstack-config命令修改相关配置
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken  user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS

# 存储节点管理网络(规划就一个ip)
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.30

openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
# cinder-volumes:是前面创建的卷组名
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm

openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm

openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292

openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
  • 如果有多块物理卷可以使用以下方式做区分(此处没有,略过)
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends ssd,sata

openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
volume_backend_name = sata

openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
volume_backend_name = ssd

3.7.4.9启动cinder相关服务,并设置开机自启

systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service

你可能感兴趣的:(OpenStack,openstack,网络,运维)