OpenStack-Mitaka版本部署
1.环境准备
centos7.2相关文件
镜像:https://mirrors.aliyun.com/centos-vault/7.2.1511/isos/x86_64/CentOS-7-x86_64-DVD-1511.iso?spm=a2c6h.25603864.0.0.5c565932JYniuU
openstack-mitaka rpm包:https://mirrors.aliyun.com/centos-vault/7.2.1511/cloud/x86_64/openstack-mitaka/?spm=a2c6h.25603864.0.0.c8773514w0jHOm
1.虚机安装
2.网络设置
3.虚机配置
3.1网卡名称设置
- 修改网卡名为
eth0和eth1,输入完成后按回车即可
net.ifnames=0 biosdevname=0
3.2基础设置
3.3网卡IP设置
3.4配置静态ip
vi /etc/sysconfig/network-scripts/ifcfg-eth0
eth0不需要上外网,所以不需要加网关和dns,否则会导致两张网卡冲突
BOOTPROTO=static
ONBOOT=yes
vi /etc/sysconfig/network-scripts/ifcfg-eth1
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.200.10
GATEWAY=192.168.200.2
NETMASK=255.255.255.0
DNS1=114.114.114.114
ping www.baidu.com
64 bytes from 39.156.66.18: icmp_seq=l ttl=128 tim=251 ms
64 bytes from 39.156.66.18: icmp_seq=2 ttl=128 tim=205 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=128 tim=42.8 ms
64 bytes from 39.156.66.18: icmp_seq=3 ttl=128 tim=42.9 ms
4.基于上述虚机克隆两台,一台作为计算节点compute,另一台作为存储节点block(只有一块网卡eth0,需要有两块磁盘)
4.1修改compute虚机的IP
eth0:192.168.100.20
eth1:192.68.200.20 # 可上外网
4.2修改block虚机的IP(不需要上外网)
eth0:192.168.100.30
NETMASK=255.255.255.0
- 删除
/etc/sysconfig/network-scripts/ifcfg-eth1
4.3修改三台虚机的主机名
hostnamectl set-hostname controller
hostnamectl set-hostname compute
hostnamectl set-hostname block
4.4虚机设置
- 关闭
NetworkManager服务(三台虚机都需要配置)
systemctl stop NetworkManager
systemctl disable NetworkManager
- 主机名绑定
/etc/hosts(三台虚机都需要配置)
192.168.100.10 controller
192.168.100.20 compute
192.168.100.30 block
- 验证三台虚机可以互相ping通,
ping controller、ping compute、ping block controller、compute可以ping通外网
- 关闭防火墙(三台虚机都需要配置)
systemctl stop firewalld
systemctl disable firewalld
- 关闭
selinux
setenforce 0
vi /etc/selinux/config
SELINUX=disabled
- 修改
yum源
vi /etc/yum.repos.d/openstack-mitaka.repo
[openstack]
name=openstack
baseurl=https://mirrors.aliyun.com/centos-vault/7.2.1511/cloud/x86_64/openstack-mitaka/
enabled=1
gpgcheck=0
- 重新生成缓存
yum clean all
yum makecache
5.openstack-mitaka安装
5.1控制节点安装chrony时间同步服务
- 1.安装(三台服务器都需要)
yum install -y chrony
- 2.配置
vi /etc/chrony.conf(控制节点)
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp6.aliyun.com iburst # 增加
allow 192.168.100.0/24 # 增加
- 3.计算和存储节点
server controller iburst # 增加
- 4.执行同步命令
chronyc sources
- 5.重启chrony服务(三台服务器都需要)
systemctl restart chronyd
5.2所有节点安装 OpenStack 客户端和selinux
yum install python-openstackclient openstack-selinux openstack-utils -y
openstack-utils提供辅助修改配置文件功能openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
5.3计算节点安装虚拟化相关包
yum install qemu-kvm libvirt bridge-utils -y
ln -sv /usr/libexec/qemu-kvm /user/bin
2.安装支撑性服务
1.安装mariadb数据库(仅控制节点)
- 1.安装
yum install mariadb mariadb-server python2-PyMySQL -y
- 2.配置:
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.10 # 管理网络
default-storage-engine = innodb
innodb_file_per_table = on # 由共享表空间变为独享表空间
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
- 2.启动mariadb数据库服务,并设置开机自启
systemctl start mariadb
systemctl enable mariadb
- 3.初始化(设置root账户密码,移除匿名用户和test表)
mysql_secure_installation
回车 # 输入root用户密码
Y # 设置密码(openstack)
Y # 移除匿名用户
Y # 禁止root用户远程登录
Y # 移除test数据库
Y # 刷新权限
- 4.测试登录
mysql -popenstack
MariaDB [(none)]> select user,host,password from mysql.user;
+------+-----------+-------------------------------------------+
| user | host | password |
+------+-----------+-------------------------------------------+
| root | localhost | *3A4A03AC22526F6B591010973A741D59A71D728E |
| root | 127.0.0.1 | *3A4A03AC22526F6B591010973A741D59A71D728E |
| root | ::1 | *3A4A03AC22526F6B591010973A741D59A71D728E |
+------+-----------+-------------------------------------------+
3 rows in set (0.01 sec)
2.如果需要使用计费服务,则需要安装mongodb非关系型数据库
3.安装rabbitmq消息队列(仅控制节点)
- 1.安装
yum install rabbitmq-server -y
- 2.启动并设置开机自启
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
- 3.添加一个
openstack用户,密码设置为openstack,官方默认RABBIT_PASS
rabbitmqctl add_user openstack openstack
- 4.将
openstack用户设置为管理员角色
rabbitmqctl set_user_tags openstack administrator
- 5.授予
openstack用户对所有资源的读和写权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
- 6.查看用户列表
[root@controller ~]# rabbitmqctl list_users
Listing users ...
openstack [administrator]
guest [administrator]
- 7.查看插件列表
rabbitmq-plugins list
说明:
E代表开启插件
e被依赖开启插件
*代表运行中插件
- 8.开启管理界面插件
rabbitmq-plugins enable rabbitmq_management
- 9.通过web界面访问
http://192.168.200.10:15672/
4.安装memcache缓存(用作令牌缓存)(仅控制节点)
- 1.安装
yum install memcached python-memcached -y
- 2.修改配置文件
vi /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller" # 修改此处
- 3.启动并设置开机自启
systemctl enable memcached.service
systemctl start memcached.service
3.安装openstack核心服务
3.1Openstack核心服务安装通用步骤
- 1.为服务创建数据库,并且授权(设置密码)
- 2.为服务在keystone创建用户,并且关联角色
- 3.在keystone上创建服务,注册api
- 4.安装服务相关的软件包
- 5.修改配置文件
- 数据库连接信息
- keystone认证授权信息
- 消息队列连接信息
- 服务自身需要的一些配置信息
- 6.同步服务数据库,创建数据表
- 7.启动服务
3.2Keystone服务(仅控制节点)
3.2.1作用
- 1.认证管理
- 账户密码
- 2.授权管理
- 为服务间调用提供临时授权
- 3.服务目录
- 存储各个服务的api接口信息,每个服务只需要记住keystone的api,即可获取到其他所有服务的api
3.2.2组件
identity service
3.2.3安装
3.2.3.1创建数据库,并授权
- 1.创建数据库
mysql -u root -popenstack
CREATE DATABASE keystone;
MariaDB [mysql]> show databases;
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
+--------------------+
- 2.授权:
密码:KEYSTONE_DBPASS
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [mysql]> select Host,User,Password,default_role from user;
+-----------+----------+-------------------------------------------+--------------+
| Host | User | Password | default_role |
+-----------+----------+-------------------------------------------+--------------+
| localhost | root | *3A4A03AC22526F6B591010973A741D59A71D728E | |
| 127.0.0.1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E | |
| ::1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E | |
| % | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 | |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 | |
+-----------+----------+-------------------------------------------+--------------+
5 rows in set (0.00 sec)
3.2.3.2安装keystone服务
- 1.安装keystone服务
yum install openstack-keystone httpd mod_wsgi -y
3.2.3.3修改keystone服务配置
- 1.备份原配置文件
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
- 2.过滤掉注释内容
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
- 3.修改配置内容如下
[DEFAULT]
admin_token = ADMIN_TOKEN # 初始管理令牌
[database]
# 数据库访问连接
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
# 配置Fernet UUID令牌的提供者
# token生成方案:uuid、pki、fernet
provider = fernet
- 4.也可以使用
openstack-utils提供的修改配置文件功能进行修改(和第3步一样,二选一即可),重复执行也没有问题
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf DEFAULT connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf DEFAULT provider fernet
3.2.3.4数据库迁移
- 1.同步数据库
# su: switch user
# -s: 指定shell
# -c: 需要执行的命令
# keystone: 用户
su -s /bin/sh -c "keystone-manage db_sync" keystone
MariaDB [keystone]> show tables;
+------------------------+
| Tables_in_keystone |
+------------------------+
| access_token |
| assignment |
| config_register |
| consumer |
| credential |
| domain |
| endpoint |
| endpoint_group |
| federated_user |
| federation_protocol |
| group |
| id_mapping |
| identity_provider |
| idp_remote_ids |
| implied_role |
| local_user |
| mapping |
| migrate_version |
| password |
| policy |
| policy_association |
| project |
| project_endpoint |
| project_endpoint_group |
| region |
| request_token |
| revocation_event |
| role |
| sensitive_config |
| service |
| service_provider |
| token |
| trust |
| trust_role |
| user |
| user_group_membership |
| whitelisted_config |
+------------------------+
37 rows in set (0.00 sec)
- 2.初始化Fernet keys(会在
/etc/keystone目录下生成一个fernet-keys的目录)
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller fernet-keys]# ls
0 1
[root@controller fernet-keys]# cat 0
hqTkqZvkU640iHZRj2vAgQlCb7IvDvNvvg1PRS0xvc4=
[root@controller fernet-keys]# cat 1
e3i4Ixfe_C-A-3Fu-O8Pzx0aAm2fN6ZY-NtYTC1u0MQ=
3.2.3.5使用httpd代理keystone服务
- 1.配置httpd(apache服务)
# 使得apache能够快速启动
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
vi /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
- 2.启动httpd服务,并设置开机自启
systemctl enable httpd.service
systemctl start httpd.service
3.2.3.6在keystone上创建认证服务,并且注册API端点
- 1.创建
identity认证服务和注册api
# 1.设置环境变量(keystone配置)
export OS_TOKEN=ADMIN_TOKEN # 认证令牌
export OS_URL=http://controller:35357/v3 # 端点URL
export OS_IDENTITY_API_VERSION=3 # 认证 API 版本
'''查看是否设置成功
[root@controller fernet-keys]# env | grep OS
OS_IDENTITY_API_VERSION=3
OS_TOKEN=ADMIN_TOKEN
OS_URL=http://controller:35357/v3
'''
# 2.创建keystone服务实体和身份认证服务
openstack service create \
--name keystone --description "OpenStack Identity" identity
'''
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id | type | enabled | extra |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 7f814ccd297d436f86a72553e5bc20b2 | identity | 1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
'''
# 3.创建认证服务的 API 端点:
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
'''
MariaDB [keystone]> select * from region;
+-----------+-------------+------------------+-------+
| id | description | parent_region_id | extra |
+-----------+-------------+------------------+-------+
| RegionOne | | NULL | {} |
+-----------+-------------+------------------+-------+
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| 417480a6fb834748b2dd6f54b3bd0093 | NULL | public | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL | admin | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {} | 1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL | internal | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
'''
OpenStack使用三个API端点变种代表每种服务:admin,internal和public。默认情况下,管理API端点允许修改用户和租户而公共和内部APIs不允许这些操作。在生产环境中,处于安全原因,变种为了服务不同类型的用户可能驻留在单独的网络上。对实例而言,公共API网络为了让顾客管理他们自己的云在互联网上是可见的。管理API网络在管理云基础设施的组织中操作也是有所限制的。内部API网络可能会被限制在包含OpenStack服务的主机上。此外,OpenStack支持可伸缩性的多区域。为了简单起见,本指南为所有端点变种和默认
RegionOne区域都使用管理网络。
3.2.3.7在keystone上创建用户、项目、角色,以及关联关系
- 1.创建域 default
openstack domain create --description "Default Domain" default
'''
MariaDB [keystone]> select * from project;
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| id | name | extra | description | enabled | domain_id | parent_id | is_domain |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| 6a6ccc15061642d4bffd16f057f33696 | default | {} | Default Domain | 1 | <> | NULL | 1 |
| <> | <> | {} | | 0 | <> | NULL | 1 |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
2 rows in set (0.00 sec)
'''
- 2.创建 admin 项目
openstack project create --domain default --description "Admin Project" admin
'''
MariaDB [keystone]> select * from project;
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| id | name | extra | description | enabled | domain_id | parent_id | is_domain |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
| 6a6ccc15061642d4bffd16f057f33696 | default | {} | Default Domain | 1 | <> | NULL | 1 |
| 82c90a149be1415bba089443f95b4f96 | admin | {} | Admin Project | 1 | 6a6ccc15061642d4bffd16f057f33696 | 6a6ccc15061642d4bffd16f057f33696 | 0 |
| <> | <> | {} | | 0 | <> | NULL | 1 |
+----------------------------------+--------------------------+-------+----------------+---------+----------------------------------+----------------------------------+-----------+
3 rows in set (0.00 sec)
'''
- 3.创建 admin 用户:
密码:ADMIN_PASS
openstack user create --domain default --password ADMIN_PASS admin
'''
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+-------+
| id | user_id | domain_id | name |
+----+----------------------------------+----------------------------------+-------+
| 1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin |
+----+----------------------------------+----------------------------------+-------+
'''
- 4.创建 admin 角色
openstack role create admin
'''
MariaDB [keystone]> select * from role;
+----------------------------------+-------+-------+-----------+
| id | name | extra | domain_id |
+----------------------------------+-------+-------+-----------+
| 559df9ece1194c5c88483faf255977c0 | admin | {} | <> |
+----------------------------------+-------+-------+-----------+
1 row in set (0.00 sec)
'''
- 5.添加 admin 角色到 admin 项目和用户上
openstack role add --project admin --user admin admin
'''
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type | actor_id | target_id | role_id | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 | 0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
1 row in set (0.00 sec)
'''
# 6. 创建 service 项目
openstack project create --domain default --description "Service Project" service
'''
MariaDB [keystone]> select * from project;
+----------------------------------+--------------------------+-------+-----------------+---------+----------------------------------+----------------------------------+-----------+
| id | name | extra | description | enabled | domain_id | parent_id | is_domain |
+----------------------------------+--------------------------+-------+-----------------+---------+----------------------------------+----------------------------------+-----------+
| 6a6ccc15061642d4bffd16f057f33696 | default | {} | Default Domain | 1 | <> | NULL | 1 |
| 82c90a149be1415bba089443f95b4f96 | admin | {} | Admin Project | 1 | 6a6ccc15061642d4bffd16f057f33696 | 6a6ccc15061642d4bffd16f057f33696 | 0 |
| <> | <> | {} | | 0 | <> | NULL | 1 |
| d8e5dab9e41240c5a2334272373138ff | service | {} | Service Project | 1 | 6a6ccc15061642d4bffd16f057f33696 | 6a6ccc15061642d4bffd16f057f33696 | 0 |
+----------------------------------+--------------------------+-------+-----------------+---------+----------------------------------+----------------------------------+-----------+
'''
因为
环境变量中有一个超级管理员的token,所以可以使用openstack user list命令去查询当前用户列表
[root@controller ~]# env | grep OS_
OS_TOKEN=ADMIN_TOKEN
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
+----------------------------------+-------+
删除环境变量中的ADMIN_TOKEN,后则无法再次使用
openstack user list命令获取用户列表
[root@controller ~]# unset OS_TOKEN
[root@controller ~]# openstack user list
Missing parameter(s):
Set a username with --os-username, OS_USERNAME, or auth.username
Set an authentication URL, with --os-auth-url, OS_AUTH_URL or auth.auth_url
Set a scope, such as a project or domain, set a project scope with --os-project-name, OS_PROJECT_NAME or auth.project_name, set a domain scope with --os-domain-name, OS_DOMAIN_NAME or auth.domain_name
不使用环境变量的情况下,查询用户列表
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default \
--os-user-domain-name default \
--os-project-name admin --os-username admin \
--os-password ADMIN_PASS \
--os-identity-api-version 3 \
user list
推荐方式:使用脚本方式
# 1.创建 admin-openrc 文件,内容如下,如果直接使用环境变量,那么在退出终端后,环境变量就消失了,所以使用脚本保存
# vi /user/bin/admin-openrc # /user/bin默认添加到了系统环境变量中,所以将脚本放在此处,方便source
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS # 此处需要使用admin用户的真实密码
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc # 1.加载环境变量
[root@controller ~]# env | grep OS_ # 2.检查是否加载成功
OS_USER_DOMAIN_NAME=default
OS_IMAGE_API_VERSION=2
OS_PROJECT_NAME=admin
OS_IDENTITY_API_VERSION=3
OS_PASSWORD=ADMIN_PASS
OS_AUTH_URL=http://controller:35357/v3
OS_USERNAME=admin
OS_URL=http://controller:35357/v3
OS_PROJECT_DOMAIN_NAME=default
[root@controller ~]# openstack user list # 获取用户列表
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
+----------------------------------+-------+
# 使用脚本每次登录终端都需要source一次,感觉比较麻烦,为为了简便,直接将`source admin-openrc`这条命令添加到`.bashrc`下
echo source admin-openrc >> .bashrc
# 这样配置后,每次连接到终端后就可以直接执行openstack相关命令
openstack token issue
openstack user list
...
3.3Glance服务(仅控制节点)
3.3.1作用
- 1.上传
- 2.下载
- 3.获取列表和详情
3.3.2组件
glance-api- 提供镜像上传、下载、列表等功能
glance-registry- 修改镜像元数据(属性)
3.3.3安装
3.3.3.1创建数据库
- 1.创建
glance数据库
mysql -u root -popenstack
CREATE DATABASE glance;
- 2.对
glance数据库授权:密码:GLANCE_DBPASS
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
3.3.3.2在keystone上创建用户、关联角色
- 1.加载环境变量:
source admin-openrc,如果配置了.bashrc,则可跳过 - 2.创建 glance 用户:
密码:GLANCE_PASS
openstack user create --domain default --password GLANCE_PASS glance
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+--------+
| id | user_id | domain_id | name |
+----+----------------------------------+----------------------------------+--------+
| 1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin |
| 2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance |
+----+----------------------------------+----------------------------------+--------+
2 rows in set (0.00 sec)
MariaDB [keystone]> select * from password;
+----+---------------+-------------------------------------------------------------------------------------------------------------------------+
| id | local_user_id | password |
+----+---------------+-------------------------------------------------------------------------------------------------------------------------+
| 1 | 1 | $6$rounds=10000$qACI/bcbbnjhdglU$1lEK5ViDIaIgt8OJX/ZNuII73DesBxZ7Z9yKIFfcqvcH7bq05ZEjGdoMkv2lEBzF0A0U6.feN6NEJaKMmZqjI/ |
| 2 | 2 | $6$rounds=10000$T0k2HwwFdsFwFNXv$oMfhYOZVgbVJxhXZVE8rozCaxmGeYWArZx7OrPHsLBlb5Hq2IlUVwG5QEXMAz8vtWNqU7noLDPY8gaezEv0YU1 |
+----+---------------+-------------------------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
- 3.添加 admin 角色到 glance 用户和 service 项目上
openstack role add --project service --user glance admin
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type | actor_id | target_id | role_id | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
2 rows in set (0.00 sec)
[root@controller fernet-keys]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea | | 82c90a149be1415bba089443f95b4f96 | | False |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 | | d8e5dab9e41240c5a2334272373138ff | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
3.3.3.3在keystone上创建镜像服务,并注册 API 端点
- 1.创建
glance服务实体
openstack service create --name glance --description "OpenStack Image" image
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id | type | enabled | extra |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image | 1 | {"description": "OpenStack Image", "name": "glance"} |
| 7f814ccd297d436f86a72553e5bc20b2 | identity | 1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
2 rows in set (0.00 sec)
- 2.
public公共服务端点
openstack endpoint create --region RegionOne image public http://controller:9292
- 3.
internal内部服务端点
openstack endpoint create --region RegionOne image internal http://controller:9292
- 4.
admin管理员服务端点
openstack endpoint create --region RegionOne image admin http://controller:9292
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
| 417480a6fb834748b2dd6f54b3bd0093 | NULL | public | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL | admin | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {} | 1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL | public | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL | internal | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL | admin | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL | internal | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+----------------------------+-------+---------+-----------+
6 rows in set (0.00 sec)
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id | type | enabled | extra |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image | 1 | {"description": "OpenStack Image", "name": "glance"} |
| 7f814ccd297d436f86a72553e5bc20b2 | identity | 1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
2 rows in set (0.00 sec)
3.3.3.4安装glance服务相关软件包
yum install openstack-glance -y
3.3.3.5修改配置文件
- 1.备份
/etc/glance/glance-api.conf文件,并去掉注释
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
2.使用openstack-config命令修改相关配置
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
- 3.备份
/etc/glance/glance-registry.conf文件,并去掉注释
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
4.使用openstack-config命令修改相关配置
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
3.3.3.6迁移生成数据表
su -s /bin/sh -c "glance-manage db_sync" glance
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| artifact_blob_locations |
| artifact_blobs |
| artifact_dependencies |
| artifact_properties |
| artifact_tags |
| artifacts |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
20 rows in set (0.00 sec)
3.3.3.7启动镜像服务、并且配置开机自启
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# netstat -lntup
...
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 8267/python2
...
3.3.3.8测试镜像上传
- 1.下载测试镜像到contorller节点
# 下载失败的机率很大,建议浏览器或其他下载方式下载好之后,再上传上来
curl http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img -o cirros-0.3.4-x86_64-disk.img --progress
- 2.使用
openstack image create命令上传镜像
# --container-format bare 表示镜像是一个普通镜像,而不是docker镜像
# --public 表示是一个公共镜像
# --disk-format qcow2 镜像格式是qcow2
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare --public
此处镜像异常,只有273 bytes,后面基于这个镜像创建的虚机会有问题,找不到系统盘- 上传镜像时使用
qemu-img info 镜像名看一下镜像信息和上传的结果是否一致(此处是我下载镜像出了问题)
MariaDB [glance]> select * from images \G;
*************************** 1. row ***************************
id: 83078a0f-f56b-4d21-9b31-c44e597475bb
name: cirros
size: 273
status: active
is_public: 1
created_at: 2022-12-29 10:29:07
updated_at: 2022-12-29 10:29:08
deleted_at: NULL
deleted: 0
disk_format: qcow2
container_format: bare
checksum: 760d7a136a601f87a126bc516f7a0b39
owner: 82c90a149be1415bba089443f95b4f96
min_disk: 0
min_ram: 0
protected: 0
virtual_size: NULL
1 row in set (0.01 sec)
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 83078a0f-f56b-4d21-9b31-c44e597475bb | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# ls /var/lib/glance/images/
83078a0f-f56b-4d21-9b31-c44e597475bb
3.4Nova服务
3.4.1组件
- 只有nova-compute在
计算节点上 - 其他服务都在
控制节点上
3.4.1.1:nova-api 服务
- 接收并响应所有的计算服务请求,管理虚拟机生命周期
3.4.1.2:nova-compute 服务(可以有多个)
- 真正管理虚拟机(调用libvirt来管理虚机)
3.4.1.3:nova-scheduler 服务
- nova调度器(挑选出最适合的nova-compute来创建虚机)
3.4.1.4:nova-conductor 服务
- 代理nova-compute连接数据库(避免了所有nova-compute都配置数据库连接信息,不安全)
- 帮助nova-compute代理修改数据库中虚拟机的状态
3.4.1.5:nova-network 服务
- 早期openstack版本管理虚拟机的网络(已弃用,使用neutron服务组件替换)
3.4.1.6:nova-consoleauth 和 nova-novncproxy 服务
- web版的vnc来直接操做云主机
3.4.1.7:novncproxy 服务
- web版 vnc客户端
3.4.1.8:nova-api-metadata 服务
- 接收来自虚机发送的元数据请求
- 配合neutron-metadata-agent,来实现虚拟机的定制化操做
3.4.2安装(控制节点)
3.4.2.1创建数据库
- 1.创建
nova和nova-api数据库
mysql -u root -popenstack
CREATE DATABASE nova_api;
CREATE DATABASE nova;
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| performance_schema |
+--------------------+
7 rows in set (0.00 sec)
- 2.数据库授权(
密码:NOVA_DBPASS)
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [mysql]> select Host,User,Password from user;
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| 127.0.0.1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| ::1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| % | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | glance | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| % | glance | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| localhost | nova | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| % | nova | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
+-----------+----------+-------------------------------------------+
9 rows in set (0.00 sec)
3.4.2.2在keystone上创建用户、关联角色
- 1.创建nova用户(
密码:NOVA_PASS)
openstack user create --domain default --password NOVA_PASS nova
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+--------+
| id | user_id | domain_id | name |
+----+----------------------------------+----------------------------------+--------+
| 1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin |
| 2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance |
| 3 | e3999193a86748efb091c546379fa536 | 6a6ccc15061642d4bffd16f057f33696 | nova |
+----+----------------------------------+----------------------------------+--------+
3 rows in set (0.00 sec)
[root@controller ~]# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
| 738ab0f6b4c848c98a7e61d38c030057 | glance |
| e3999193a86748efb091c546379fa536 | nova |
+----------------------------------+--------+
- 2.给 nova 用户添加 admin 角色
# 将nova用户添加到service项目下,并且授予admin角色
openstack role add --project service --user nova admin
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type | actor_id | target_id | role_id | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | e3999193a86748efb091c546379fa536 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
3 rows in set (0.00 sec)
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea | | 82c90a149be1415bba089443f95b4f96 | | False |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 | | d8e5dab9e41240c5a2334272373138ff | | False |
| 559df9ece1194c5c88483faf255977c0 | e3999193a86748efb091c546379fa536 | | d8e5dab9e41240c5a2334272373138ff | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
3.4.2.3在keystone上创计算服务,并注册API端点
- 1.创建 nova 服务
openstack service create --name nova --description "OpenStack Compute" compute
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+-----------------------------------------------------------+
| id | type | enabled | extra |
+----------------------------------+----------+---------+-----------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image | 1 | {"description": "OpenStack Image", "name": "glance"} |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | compute | 1 | {"description": "OpenStack Compute", "name": "nova"} |
| 7f814ccd297d436f86a72553e5bc20b2 | identity | 1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+-----------------------------------------------------------+
3 rows in set (0.00 sec)
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 1e87d9b66e2e4d80b978d257852cc612 | glance | image |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | nova | compute |
| 7f814ccd297d436f86a72553e5bc20b2 | keystone | identity |
+----------------------------------+----------+----------+
- 2.创建 Compute 服务 API 端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | NULL | internal | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
| 2e16e05169714d83929c9e678fbe81b8 | NULL | admin | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
| 417480a6fb834748b2dd6f54b3bd0093 | NULL | public | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL | admin | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {} | 1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL | public | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL | internal | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL | admin | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL | internal | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| f1e24e0962864454a9eb718fb975fb68 | NULL | public | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
9 rows in set (0.00 sec)
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1/%(tenant_id)s |
| 2e16e05169714d83929c9e678fbe81b8 | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1/%(tenant_id)s |
| 417480a6fb834748b2dd6f54b3bd0093 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| 5ca472ac93c54acc92cda6ee2ed27227 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
| 90f1cec9c53045478e14c382b05a1a74 | RegionOne | glance | image | True | public | http://controller:9292 |
| c4ee743fc8c640888d80cec0df24d420 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| e18816adb3474548a2b0c126c602887d | RegionOne | glance | image | True | admin | http://controller:9292 |
| e7cae365b69f47948eeec2bf39b21181 | RegionOne | glance | image | True | internal | http://controller:9292 |
| f1e24e0962864454a9eb718fb975fb68 | RegionOne | nova | compute | True | public | http://controller:8774/v2.1/%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
3.4.2.4安装nova服务相关软件包
- 注意:
控制节点此处没有nova-compute服务
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y
3.4.2.5修改nova服务配置
- 1.备份
/etc/nova/nova.conf文件,并去掉注释
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
2.使用openstack-config命令修改相关配置
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.10
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
# 由于计算服务中包含了compute-network组件,该组件提供了一个防火墙功能,但是使用neutron组件后,neutron组件也提供了防火墙功能,所以此处表示禁用compute-network组件提供的防火墙功能
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
# 防止shell脚本重复执行
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
3.4.2.6数据库同步
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
3.4.2.7启动nova服务,并设置开机自启
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
3.4.2.8检查是否启动成功
- State:
up表示启动成功
[root@controller ~]# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2022-12-29T16:30:50.000000 | - |
| 2 | nova-conductor | controller | internal | enabled | up | 2022-12-29T16:30:52.000000 | - |
| 3 | nova-scheduler | controller | internal | enabled | up | 2022-12-29T16:30:52.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
- 停止
nova-api服务后就无法使用nova service-list来获取服务信息
systemctl stop openstack-nova-api.service
3.4.3安装(计算节点)
3.4.3.1安装说明
- 计算节点只需要安装
nova-compute这一个组件 nova-compute通过调用libvirt来创建虚拟机
3.4.3.2安装
yum install openstack-nova-compute -y
yum install openstack-utils.noarch -y
3.4.3.3修改配置文件
- 1.备份
/etc/nova/nova.conf文件,并去掉注释
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
2.使用openstack-config命令修改相关配置
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
# 计算节点的管理网络IP
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.100.20
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
# 控制节点的外部网络IP
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.200.10:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
3.4.3.4确定您的计算节点是否支持虚拟机的硬件加速。
egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
4
务必注意:如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
3.4.3.5启动nova-compute服务,并设置开机自启
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
3.4.3.6验证是否启动成功
- 如果启动成功会看到
nova-compute服务
[root@controller ~]# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2022-12-29T19:34:55.000000 | - |
| 2 | nova-conductor | controller | internal | enabled | up | 2022-12-29T19:34:56.000000 | - |
| 3 | nova-scheduler | controller | internal | enabled | up | 2022-12-29T19:34:58.000000 | - |
| 7 | nova-compute | compute | nova | enabled | up | 2022-12-29T19:34:57.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
3.5Neutron服务
3.5.1组件
3.5.1.1.neutron-server端口(9696)
- 接收和响应外部的网络管理请求
3.5.1.2.neutron-linuxbridge-agent:
- 负责创建桥接网卡
3.5.1.3.neutron-dhcp-agent:
- 负责分配IP
3.5.1.4.neutron-metadata-agent:
- 配合nova-metadata-api实现虚拟机的定制化操做
3.5.1.5.L3-agent:
- 实现三层网络
vxlan(网络层)
3.5.2安装(控制节点)
3.5.2.1创建数据库
- 1.创建数据库
mysql -u root -popenstack
CREATE DATABASE neutron;
MariaDB [mysql]> show databases;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| performance_schema |
+--------------------+
8 rows in set (0.01 sec)
- 2.对数据库进行授权,
密码:NEUTRON_DBPASS
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [mysql]> select Host,User,Password from user;
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| 127.0.0.1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| ::1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| % | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | glance | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| % | glance | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| localhost | nova | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| % | nova | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| localhost | neutron | *4DF421833991170108648F1103CD74FCB66BBE9E |
| % | neutron | *4DF421833991170108648F1103CD74FCB66BBE9E |
+-----------+----------+-------------------------------------------+
11 rows in set (0.00 sec)
3.5.2.2在keystone上创建用户、关联角色
- 1.创建
neutron用户,密码:NEUTRON_PASS
openstack user create --domain default --password NEUTRON_PASS neutron
MariaDB [keystone]> select * from local_user;
+----+----------------------------------+----------------------------------+---------+
| id | user_id | domain_id | name |
+----+----------------------------------+----------------------------------+---------+
| 1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin |
| 2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance |
| 3 | e3999193a86748efb091c546379fa536 | 6a6ccc15061642d4bffd16f057f33696 | nova |
| 4 | 2d635fc885744434a44d1f1b627c5148 | 6a6ccc15061642d4bffd16f057f33696 | neutron |
+----+----------------------------------+----------------------------------+---------+
4 rows in set (0.00 sec)
[root@controller ~]# openstack user list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
| 2d635fc885744434a44d1f1b627c5148 | neutron |
| 738ab0f6b4c848c98a7e61d38c030057 | glance |
| e3999193a86748efb091c546379fa536 | nova |
+----------------------------------+---------+
- 2.添加
admin角色到neutron用户
openstack role add --project service --user neutron admin
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type | actor_id | target_id | role_id | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | 2d635fc885744434a44d1f1b627c5148 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | e3999193a86748efb091c546379fa536 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea | | 82c90a149be1415bba089443f95b4f96 | | False |
| 559df9ece1194c5c88483faf255977c0 | 2d635fc885744434a44d1f1b627c5148 | | d8e5dab9e41240c5a2334272373138ff | | False |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 | | d8e5dab9e41240c5a2334272373138ff | | False |
| 559df9ece1194c5c88483faf255977c0 | e3999193a86748efb091c546379fa536 | | d8e5dab9e41240c5a2334272373138ff | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
3.5.2.3在keystone上创网络建服务,并注册API端点
- 1.创建neutron服务
openstack service create --name neutron \
--description "OpenStack Networking" network
MariaDB [keystone]> select * from service;
+----------------------------------+----------+---------+------------------------------------------------------------+
| id | type | enabled | extra |
+----------------------------------+----------+---------+------------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image | 1 | {"description": "OpenStack Image", "name": "glance"} |
| 2fc0089b48a04158a27b78f11d9dfd55 | network | 1 | {"description": "OpenStack Networking", "name": "neutron"} |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | compute | 1 | {"description": "OpenStack Compute", "name": "nova"} |
| 7f814ccd297d436f86a72553e5bc20b2 | identity | 1 | {"description": "OpenStack Identity", "name": "keystone"} |
+----------------------------------+----------+---------+------------------------------------------------------------+
4 rows in set (0.00 sec)
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 1e87d9b66e2e4d80b978d257852cc612 | glance | image |
| 2fc0089b48a04158a27b78f11d9dfd55 | neutron | network |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | nova | compute |
| 7f814ccd297d436f86a72553e5bc20b2 | keystone | identity |
+----------------------------------+----------+----------+
- 2.创建网络服务API端点
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | NULL | internal | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
| 1ac03179518b42a2bcb1e9c96306bd11 | NULL | admin | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696 | {} | 1 | RegionOne |
| 2e16e05169714d83929c9e678fbe81b8 | NULL | admin | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
| 417480a6fb834748b2dd6f54b3bd0093 | NULL | public | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL | admin | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {} | 1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL | public | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| 99474e048b484af29aef3f66fda62921 | NULL | internal | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696 | {} | 1 | RegionOne |
| bf23b4fe01e0423589ea72cb70f1fd31 | NULL | public | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696 | {} | 1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL | internal | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL | admin | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL | internal | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| f1e24e0962864454a9eb718fb975fb68 | NULL | public | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
12 rows in set (0.00 sec)
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1/%(tenant_id)s |
| 1ac03179518b42a2bcb1e9c96306bd11 | RegionOne | neutron | network | True | admin | http://controller:9696 |
| 2e16e05169714d83929c9e678fbe81b8 | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1/%(tenant_id)s |
| 417480a6fb834748b2dd6f54b3bd0093 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| 5ca472ac93c54acc92cda6ee2ed27227 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
| 90f1cec9c53045478e14c382b05a1a74 | RegionOne | glance | image | True | public | http://controller:9292 |
| 99474e048b484af29aef3f66fda62921 | RegionOne | neutron | network | True | internal | http://controller:9696 |
| bf23b4fe01e0423589ea72cb70f1fd31 | RegionOne | neutron | network | True | public | http://controller:9696 |
| c4ee743fc8c640888d80cec0df24d420 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| e18816adb3474548a2b0c126c602887d | RegionOne | glance | image | True | admin | http://controller:9292 |
| e7cae365b69f47948eeec2bf39b21181 | RegionOne | glance | image | True | internal | http://controller:9292 |
| f1e24e0962864454a9eb718fb975fb68 | RegionOne | nova | compute | True | public | http://controller:8774/v2.1/%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
3.5.2.4安装neutron相关服务
3.5.2.4.1网络选项(二选一即可)
- 1.公共网络(二层网络)
- 虚机和宿主机在同一网段
- 2.私有网络(三层网络)
- 虚机和宿主机不再同一网段
3.5.2.4.2安装(公共网络和私有网络安装模块一样)
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
3.5.2.5修改neutron服务配置
3.5.2.4.1公共网络配置
- 1.备份
/etc/neutron/neutron.conf文件,并去掉注释
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
- 2.使用
openstack-config命令修改相关配置
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
- 3.备份
/etc/neutron/plugins/ml2/ml2_conf.ini文件,并去掉注释
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
- 4.使用
openstack-config命令修改相关配置
# 支持网络模型
# 扁平网络(Flat):大局域网,不支持vlan及其他网络隔离机制
# 本地网络(Local):所有VM位于本地compute节点,且与external网络隔离
# 局域网络(VLAN):通过使用VLAN的IDs创建多个providers或tentant网络
# 隧道网络(VXLAN和GRE)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
# 禁用私有网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
# 启用Linuxbridge机制
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
- 5.备份
/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- 6.使用
openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:上外网的网卡
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 7.备份
/etc/neutron/dhcp_agent.ini文件,并去掉注释
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
- 8.使用
openstack-config命令修改相关配置
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
3.5.2.4.2私有网络配置
- 1.备份
/etc/neutron/neutron.conf文件,并去掉注释
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
- 2.使用
openstack-config命令修改相关配置
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
- 3.备份
/etc/neutron/plugins/ml2/ml2_conf.ini文件,并去掉注释
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
- 4.使用
openstack-config命令修改相关配置
# 支持网络模型
# 扁平网络(Flat):大局域网,不支持vlan及其他网络隔离机制
# 本地网络(Local):所有VM位于本地compute节点,且与external网络隔离
# 局域网络(VLAN):通过使用VLAN的IDs创建多个providers或tentant网络
# 隧道网络(VXLAN和GRE)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
# 启用Linuxbridge机制
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
- 5.备份
/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- 6.使用
openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:上外网网卡 eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
# 控制节点的管理IP
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.10
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 7.备份
/etc/neutron/l3_agent.ini文件,并去掉注释
cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
- 8.使用
openstack-config命令修改相关配置
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
- 9.备份
/etc/neutron/dhcp_agent.ini文件,并去掉注释
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
- 10.使用
openstack-config命令修改相关配置
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
3.5.2.4.3配置元数据代理
- 1.备份
/etc/neutron/metadata_agent.ini文件,并去掉注释
cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
- 2.使用
openstack-config命令修改相关配置,密码:METADATA_SECRET
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
3.5.2.4.4为控制节点的nova服务配置网络信息
- 1.使用
openstack-config命令修改相关配置,密码:METADATA_SECRET
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
3.5.2.6数据库同步(创表)
- 1.网络服务初始化脚本需要一个超链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- 2.同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 3.重启计算API 服务(因为修改了nova服务的配置文件)
systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl status openstack-nova-api.service
● openstack-nova-api.service - OpenStack Nova API Server
Loaded: loaded (/usr/lib/systemd/system/openstack-nova-api.service; enabled; vendor preset: disabled)
Active: active (running) since Fri 2022-12-30 07:23:12 CST; 8s ago
Main PID: 32681 (nova-api)
CGroup: /system.slice/openstack-nova-api.service
├─32681 /usr/bin/python2 /usr/bin/nova-api
├─32690 /usr/bin/python2 /usr/bin/nova-api
├─32691 /usr/bin/python2 /usr/bin/nova-api
├─32692 /usr/bin/python2 /usr/bin/nova-api
├─32693 /usr/bin/python2 /usr/bin/nova-api
├─32706 /usr/bin/python2 /usr/bin/nova-api
├─32707 /usr/bin/python2 /usr/bin/nova-api
├─32708 /usr/bin/python2 /usr/bin/nova-api
└─32709 /usr/bin/python2 /usr/bin/nova-api
Dec 30 07:23:01 controller systemd[1]: Starting OpenStack Nova API Server...
Dec 30 07:23:09 controller sudo[32694]: nova : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c
Dec 30 07:23:12 controller sudo[32703]: nova : TTY=unknown ; PWD=/ ; USER=root ; COMMAND=/bin/nova-rootwrap /etc/nova/rootwrap.conf iptables-restore -c
Dec 30 07:23:12 controller systemd[1]: Started OpenStack Nova API Server.
3.5.2.7启动neutron服务,并设置开机自启
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
注意:如果选择使用私有网络,则启用layer-3服务并设置其随系统自启动
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
3.5.2.8验证是否启动成功
- 启动比较慢,多等待一会,如果一直没有,则需要去看服务状态,状态异常的话,许哟啊根据日志去排查问题
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 01c79ff7-a257-4572-8d36-e53a41c54b4c | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| 7288d214-2d6e-40d1-a52b-4810ac843454 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| c94f5235-7ef6-4043-bed1-ad4c041525f4 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
3.5.3安装(计算节点)
3.5.3.1安装
# openstack-neutron-linuxbridge帮助虚机创建桥接网卡
yum install openstack-neutron-linuxbridge ebtables ipset -y
3.5.3.2配置通用组件
- 1.备份
/etc/neutron/neutron.conf文件,并去掉注释
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
- 2.使用
openstack-config命令修改相关配置
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
3.5.3.2配置网络服务
3.5.3.2.1说明
- 公共网络和私有网络二选一进行配置
3.5.3.2.2公共网络配置
- 1.备份
/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- 2.使用
openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:为外网网卡eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.5.3.2.3私有网络配置
- 1.备份
/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件,并去掉注释
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- 2.使用
openstack-config命令修改相关配置
# PROVIDER_INTERFACE_NAME:上外网网卡eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
# 计算节点的管理网络IP
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.100.20
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
3.5.3.3配置计算节点nova服务的网络信息
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
3.5.3.4重启计算节点nova-compute服务
systemctl restart openstack-nova-compute.service
3.5.3.4启动计算节点网络服务,并且设置开机自启
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
3.5.3.5验证是否启动成功
[root@controller ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 01c79ff7-a257-4572-8d36-e53a41c54b4c | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| 7288d214-2d6e-40d1-a52b-4810ac843454 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| c94f5235-7ef6-4043-bed1-ad4c041525f4 | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| f40e89c2-9bef-4c6c-a063-03f9f32c9c20 | Linux bridge agent | compute | | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
3.6Dashbord服务
3.6.1安装(控制节点)
yum install openstack-dashboard
3.6.2配置
- 1.备份原有配置文件
cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak
- 2.编辑文件
/etc/openstack-dashboard/local_settings修改内容如下
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
# 需要手动增加
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
# 支持多域
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
# 通过仪表盘创建用户时的默认域配置为 default
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
# 通过仪表盘创建的用户默认角色配置为 user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
3.6.3修改/etc/httpd/conf.d/openstack-dashboard.conf文件
- 增加以下内容
WSGIApplicationGroup %{GLOBAL}
3.6.4启动服务
systemctl restart httpd.service memcached.service
3.6.5访问服务(外网IP)
http://192.168.200.10/dashboard
3.6.6错误排查
3.6.6.1日志错误1
tail -f /var/log/httpd/keystone-access.log
192.168.100.10 - - [30/Dec/2022:12:18:20 +0800] "POST /v3.0/auth/tokens HTTP/1.1" 404 93 "-" "keystoneauth1/2.4.1 python-requests/2.10.0 CPython/2.7.5"
- 请检查
/etc/openstack-dashboard/local_settings文件
# 错误写法 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
3.6.6.2日志错误2
tail -f /var/log/httpd/keystone-access.log
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 192.168.100.10. Set the 'ServerName' directive globally to suppress this message
- 请检查
/etc/httpd/conf/httpd.conf文件,如果没有包含"ServerName controller",清在文件末尾追加这一信息
3.7Cinder服务
3.7.1工作原理
- cinder是openstack的块存储服务,为云主机分配硬盘。使用LVM划分LV,然后使用iSCSI共享给计算节点的KVM
3.7.2组件
3.7.2.1.cinder-api
- 接受API请求,并将其路由到
cinder-volume执行。 运行在控制节点
3.7.2.2.cinder-volume(可以有多个)
- 与块存储服务和例如
cinder-scheduler的进程进行直接交互。它也可以与这些进程通过一个消息队列进行交互。cinder-volume服务响应送到块存储服务的读写请求来维持状态。它也可以和多种存储提供者在驱动架构下进行交互。 - 调用
LVM、nfs、gfs、ceph然后支持多种存储技术
3.7.2.3.cinder-scheduler守护进程
- 选择最优存储提供节点来创建卷。其与
nova-scheduler组件类似。 运行在控制节点
3.7.2.4.cinder-backup守护进程
- 提供任何种类备份卷到一个备份存储提供者。就像
cinder-volume服务,它与多种存储提供者在驱动架构下进行交互。
3.7.2.5.消息队列
- 在块存储的进程之间路由信息。
3.7.3安装(控制节点)
3.7.3.1创建数据库
- 1.创建数据库
mysql -u root -popenstack
CREATE DATABASE cinder;
MariaDB [(none)]> show databases;
+--------------------+
| Database |
+--------------------+
| cinder | # cinder库
| glance |
| information_schema |
| keystone |
| mysql |
| neutron |
| nova |
| nova_api |
| performance_schema |
+--------------------+
9 rows in set (0.03 sec)
- 2.对数据库进行授权,
密码:CINDER_DBPASS
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> select Host,User,Password from mysql.user;
+-----------+----------+-------------------------------------------+
| Host | User | Password |
+-----------+----------+-------------------------------------------+
| localhost | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| 127.0.0.1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| ::1 | root | *3A4A03AC22526F6B591010973A741D59A71D728E |
| % | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | keystone | *442DFE587A8B6BE1E9538855E8187C1EFB863A73 |
| localhost | glance | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| % | glance | *C0CE56F2C0C7234791F36D89700B02691C1CAB8E |
| localhost | nova | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| % | nova | *B79B482785488AB91D97EAFCAD7BA8839EF65AD3 |
| localhost | neutron | *4DF421833991170108648F1103CD74FCB66BBE9E |
| % | neutron | *4DF421833991170108648F1103CD74FCB66BBE9E |
| localhost | cinder | *399A40479802D2F8FDC27DAC6CD30C8FE28431E5 |
| % | cinder | *399A40479802D2F8FDC27DAC6CD30C8FE28431E5 |
+-----------+----------+-------------------------------------------+
13 rows in set (0.00 sec)
3.7.3.2在keystone上创建用户并关联角色
- 1.创建一个 cinder 用户:
密码:CINDER_PASS
openstack user create --domain default --password CINDER_PASS cinder
MariaDB [(none)]> select * from keystone.local_user;
+----+----------------------------------+----------------------------------+---------+
| id | user_id | domain_id | name |
+----+----------------------------------+----------------------------------+---------+
| 1 | 2049b7a000664a7c9dab8471e1b74fea | 6a6ccc15061642d4bffd16f057f33696 | admin |
| 2 | 738ab0f6b4c848c98a7e61d38c030057 | 6a6ccc15061642d4bffd16f057f33696 | glance |
| 3 | e3999193a86748efb091c546379fa536 | 6a6ccc15061642d4bffd16f057f33696 | nova |
| 4 | 2d635fc885744434a44d1f1b627c5148 | 6a6ccc15061642d4bffd16f057f33696 | neutron |
| 5 | fe1c5a8e8f4346f1a8c4409ceb45684c | 6a6ccc15061642d4bffd16f057f33696 | cinder | # 新增的cinder用户
+----+----------------------------------+----------------------------------+---------+
5 rows in set (0.00 sec)
[root@controller ~]# openstack user list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 2049b7a000664a7c9dab8471e1b74fea | admin |
| 2d635fc885744434a44d1f1b627c5148 | neutron |
| 738ab0f6b4c848c98a7e61d38c030057 | glance |
| e3999193a86748efb091c546379fa536 | nova |
| fe1c5a8e8f4346f1a8c4409ceb45684c | cinder | # 新增的cinder用户
+----------------------------------+---------+
- 2.添加 admin 角色到 cinder 用户上
openstack role add --project service --user cinder admin
MariaDB [(none)]> select * from keystone.assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type | actor_id | target_id | role_id | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 2049b7a000664a7c9dab8471e1b74fea | 82c90a149be1415bba089443f95b4f96 | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | 2d635fc885744434a44d1f1b627c5148 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | 738ab0f6b4c848c98a7e61d38c030057 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | e3999193a86748efb091c546379fa536 | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
| UserProject | fe1c5a8e8f4346f1a8c4409ceb45684c | d8e5dab9e41240c5a2334272373138ff | 559df9ece1194c5c88483faf255977c0 | 0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
5 rows in set (0.00 sec)
[root@controller ~]# openstack role assignment list
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| Role | User | Group | Project | Domain | Inherited |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
| 559df9ece1194c5c88483faf255977c0 | 2049b7a000664a7c9dab8471e1b74fea | | 82c90a149be1415bba089443f95b4f96 | | False |
| 559df9ece1194c5c88483faf255977c0 | 2d635fc885744434a44d1f1b627c5148 | | d8e5dab9e41240c5a2334272373138ff | | False |
| 559df9ece1194c5c88483faf255977c0 | 738ab0f6b4c848c98a7e61d38c030057 | | d8e5dab9e41240c5a2334272373138ff | | False |
| 559df9ece1194c5c88483faf255977c0 | e3999193a86748efb091c546379fa536 | | d8e5dab9e41240c5a2334272373138ff | | False |
| 559df9ece1194c5c88483faf255977c0 | fe1c5a8e8f4346f1a8c4409ceb45684c | | d8e5dab9e41240c5a2334272373138ff | | False |
+----------------------------------+----------------------------------+-------+----------------------------------+--------+-----------+
3.7.3.3在keystone上创建存储服务,并注册API端点
- 1.创建 cinder 和 cinderv2 服务实体
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
MariaDB [(none)]> select * from keystone.service;
+----------------------------------+----------+---------+----------------------------------------------------------------+
| id | type | enabled | extra |
+----------------------------------+----------+---------+----------------------------------------------------------------+
| 1e87d9b66e2e4d80b978d257852cc612 | image | 1 | {"description": "OpenStack Image", "name": "glance"} |
| 2fc0089b48a04158a27b78f11d9dfd55 | network | 1 | {"description": "OpenStack Networking", "name": "neutron"} |
| 33b2d0581d484a32977b084284255377 | volume | 1 | {"description": "OpenStack Block Storage", "name": "cinder"} |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | compute | 1 | {"description": "OpenStack Compute", "name": "nova"} |
| 7f814ccd297d436f86a72553e5bc20b2 | identity | 1 | {"description": "OpenStack Identity", "name": "keystone"} |
| ba5c631e77114ad9ab5fcdfa4074415c | volumev2 | 1 | {"description": "OpenStack Block Storage", "name": "cinderv2"} |
+----------------------------------+----------+---------+----------------------------------------------------------------+
6 rows in set (0.00 sec)
[root@controller ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 1e87d9b66e2e4d80b978d257852cc612 | glance | image |
| 2fc0089b48a04158a27b78f11d9dfd55 | neutron | network |
| 33b2d0581d484a32977b084284255377 | cinder | volume |
| 456f35b805e243c4b62d4e1cd9dbd7e1 | nova | compute |
| 7f814ccd297d436f86a72553e5bc20b2 | keystone | identity |
| ba5c631e77114ad9ab5fcdfa4074415c | cinderv2 | volumev2 |
+----------------------------------+----------+----------+
- 2.创建存储服务API端点
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
MariaDB [(none)]> select * from keystone.endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | NULL | internal | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
| 1ac03179518b42a2bcb1e9c96306bd11 | NULL | admin | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696 | {} | 1 | RegionOne |
| 290a6263670b4a87846bf0a01a7f8e25 | NULL | admin | 33b2d0581d484a32977b084284255377 | http://controller:8776/v1/%(tenant_id)s | {} | 1 | RegionOne |
| 2e16e05169714d83929c9e678fbe81b8 | NULL | admin | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
| 39d1b0c5cbf9462cb471370856b6a1af | NULL | public | 33b2d0581d484a32977b084284255377 | http://controller:8776/v1/%(tenant_id)s | {} | 1 | RegionOne |
| 417480a6fb834748b2dd6f54b3bd0093 | NULL | public | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| 5ca472ac93c54acc92cda6ee2ed27227 | NULL | admin | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:35357/v3 | {} | 1 | RegionOne |
| 8fd615bb71f44d0fb39c4164edcf73f5 | NULL | internal | 33b2d0581d484a32977b084284255377 | http://controller:8776/v1/%(tenant_id)s | {} | 1 | RegionOne |
| 90f1cec9c53045478e14c382b05a1a74 | NULL | public | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| 99474e048b484af29aef3f66fda62921 | NULL | internal | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696 | {} | 1 | RegionOne |
| 9f390ab102854eda8e7cfea2161b46ec | NULL | internal | ba5c631e77114ad9ab5fcdfa4074415c | http://controller:8776/v2/%(tenant_id)s | {} | 1 | RegionOne |
| b46e995063654bb5a8e94df636649278 | NULL | admin | ba5c631e77114ad9ab5fcdfa4074415c | http://controller:8776/v2/%(tenant_id)s | {} | 1 | RegionOne |
| bee3203745c94f92899872678caceae1 | NULL | public | ba5c631e77114ad9ab5fcdfa4074415c | http://controller:8776/v2/%(tenant_id)s | {} | 1 | RegionOne |
| bf23b4fe01e0423589ea72cb70f1fd31 | NULL | public | 2fc0089b48a04158a27b78f11d9dfd55 | http://controller:9696 | {} | 1 | RegionOne |
| c4ee743fc8c640888d80cec0df24d420 | NULL | internal | 7f814ccd297d436f86a72553e5bc20b2 | http://controller:5000/v3 | {} | 1 | RegionOne |
| e18816adb3474548a2b0c126c602887d | NULL | admin | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| e7cae365b69f47948eeec2bf39b21181 | NULL | internal | 1e87d9b66e2e4d80b978d257852cc612 | http://controller:9292 | {} | 1 | RegionOne |
| f1e24e0962864454a9eb718fb975fb68 | NULL | public | 456f35b805e243c4b62d4e1cd9dbd7e1 | http://controller:8774/v2.1/%(tenant_id)s | {} | 1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+-------------------------------------------+-------+---------+-----------+
18 rows in set (0.00 sec)
[root@controller ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
| 07cbcdf2be264c2cb2e0e59e9f176915 | RegionOne | nova | compute | True | internal | http://controller:8774/v2.1/%(tenant_id)s |
| 1ac03179518b42a2bcb1e9c96306bd11 | RegionOne | neutron | network | True | admin | http://controller:9696 |
| 290a6263670b4a87846bf0a01a7f8e25 | RegionOne | cinder | volume | True | admin | http://controller:8776/v1/%(tenant_id)s |
| 2e16e05169714d83929c9e678fbe81b8 | RegionOne | nova | compute | True | admin | http://controller:8774/v2.1/%(tenant_id)s |
| 39d1b0c5cbf9462cb471370856b6a1af | RegionOne | cinder | volume | True | public | http://controller:8776/v1/%(tenant_id)s |
| 417480a6fb834748b2dd6f54b3bd0093 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| 5ca472ac93c54acc92cda6ee2ed27227 | RegionOne | keystone | identity | True | admin | http://controller:35357/v3 |
| 8fd615bb71f44d0fb39c4164edcf73f5 | RegionOne | cinder | volume | True | internal | http://controller:8776/v1/%(tenant_id)s |
| 90f1cec9c53045478e14c382b05a1a74 | RegionOne | glance | image | True | public | http://controller:9292 |
| 99474e048b484af29aef3f66fda62921 | RegionOne | neutron | network | True | internal | http://controller:9696 |
| 9f390ab102854eda8e7cfea2161b46ec | RegionOne | cinderv2 | volumev2 | True | internal | http://controller:8776/v2/%(tenant_id)s |
| b46e995063654bb5a8e94df636649278 | RegionOne | cinderv2 | volumev2 | True | admin | http://controller:8776/v2/%(tenant_id)s |
| bee3203745c94f92899872678caceae1 | RegionOne | cinderv2 | volumev2 | True | public | http://controller:8776/v2/%(tenant_id)s |
| bf23b4fe01e0423589ea72cb70f1fd31 | RegionOne | neutron | network | True | public | http://controller:9696 |
| c4ee743fc8c640888d80cec0df24d420 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| e18816adb3474548a2b0c126c602887d | RegionOne | glance | image | True | admin | http://controller:9292 |
| e7cae365b69f47948eeec2bf39b21181 | RegionOne | glance | image | True | internal | http://controller:9292 |
| f1e24e0962864454a9eb718fb975fb68 | RegionOne | nova | compute | True | public | http://controller:8774/v2.1/%(tenant_id)s |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------------------+
3.7.3.4安装cinder服务
yum install openstack-cinder -y
3.7.3.5修改cinder服务配置
- 1.备份
/etc/cinder/cinder.conf文件,并去掉注释
cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
- 2.使用
openstack-config命令修改相关配置
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
# 控制节点的管理ip(不能上外网)
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.10
# 如果glance-api服务安装在控制节点,也可以省略这条配置,但是如果安装在其他节点,例如计算或存储节点,则需要根据实际填写
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
- 3.修改
控制节点的计算服务nova配置
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
3.7.3.6数据库迁移
su -s /bin/sh -c "cinder-manage db sync" cinder
3.7.3.7重启控制节点计算服务API
systemctl restart openstack-nova-api.service
3.7.3.8启动存储服务,并设置开机自启
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
3.7.3.9验证
[root@controller ~]# cinder service-list
+------------------+------------+------+---------+-------+------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+------------+------+---------+-------+------------+-----------------+
| cinder-scheduler | controller | nova | enabled | up | - | - |
+------------------+------------+------+---------+-------+------------+-----------------+
3.7.4安装(存储节点)
- 说明:如果只有两台服务器,则可以将以下服务安装在计算或控制节点
3.7.4.1安装chrony时间同步服务
- 1.安装(三台服务器都需要)
yum install -y chrony
- 2.配置
vi /etc/chrony.conf(控制节点)
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server controller iburst # 增加
- 3.执行同步命令
chronyc sources
- 5.重启chrony服务(三台服务器都需要)
systemctl restart chronyd
3.7.4.1存储节点临时上网
3.7.4.1.1VMnet1网卡配置
3.7.4.1.2添加临时网关
- 1.添加临时网关
ip route add default via 192.168.100.1
- 2.验证
[root@block ~]# ping www.baidu.com
PING www.a.shifen.com (39.156.66.14) 56(84) bytes of data.
64 bytes from 39.156.66.14: icmp_seq=1 ttl=128 time=100 ms
64 bytes from 39.156.66.14: icmp_seq=2 ttl=128 time=54.7 ms
64 bytes from 39.156.66.14: icmp_seq=3 ttl=128 time=143 ms
- 3.删除临时网关
ip route del default via 192.168.100.1
- 4.验证
[root@block ~]# ping www.baidu.com
connect: Network is unreachable
3.7.4.2拷贝控制节点openstack-mitaka.repoyum源
scp root@controller:/etc/yum.repos.d/openstack-mitaka.repo /etc/yum.repos.d/
3.7.4.3安装lvm2
yum install lvm2 -y
3.7.4.5启动LVM的metadata服务并且设置该服务随系统启动:
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
systemctl enable lvm2-lvmetad.service如果有如下报错
The unit files have no [Install] section. They are not meant to be enabled
using systemctl.
Possible reasons for having this kind of units are:
1) A unit may be statically enabled by being symlinked from another unit's
.wants/ or .requires/ directory.
2) A unit's purpose may be to act as a helper for some other unit which has
a requirement dependency on it.
3) A unit may be started when needed via activation (socket, path, timer,
D-Bus, udev, scripted systemctl call, ...).
- 1.给
/usr/lib/systemd/system/lvm2-lvmetad.service增加写权限
chmod 644 /usr/lib/systemd/system/lvm2-lvmetad.service
- 2.给
/usr/lib/systemd/system/lvm2-lvmetad.service增加以下内容
[Install]
WantedBy=multi-user.target
- 3.再次执行开机自启命令
[root@block system]# systemctl enable lvm2-lvmetad.service
Created symlink from /etc/systemd/system/multi-user.target.wants/lvm2-lvmetad.service to /usr/lib/systemd/system/lvm2-lvmetad.service.
3.7.4.6创建LVM
3.7.4.6.1划分物理卷 /dev/sdb
fdisk -l确认存储节点上另一块盘名称是/dev/sdb,否则根据实际名称操做
pvcreate /dev/sdb
# Physical volume "/dev/sdb" successfully created
[root@block ~]# pvs
PV VG Fmt Attr PSize PFree
/dev/sdb lvm2 --- 50.00g 50.00g
3.7.4.6.2使用 /dev/sdb 物理卷创建卷组
- 此处创建的卷组
cinder-volumes在后续的配置文件中会使用到,根据自己需要命名 - 卷组的创建也可以使用
多个物理卷来组成一个超大的卷组
vgcreate cinder-volumes /dev/sdb
# Volume group "cinder-volumes" successfully created
[root@block ~]# vgs
VG #PV #LV #SN Attr VSize VFree
cinder-volumes 1 0 0 wz--n- <50.00g <50.00g
3.7.4.7配置卷组的访问控制权限
vi /etc/lvm/lvm.conf
# 因为存储节点这台虚拟机操作系统磁盘也使用了LVM,所以需要将系统盘也添加进来
# 一定不要忘记结尾的/
filter = [ "a/sda/", "a/sdb/", "r/.*/"]
- a:access(允许)
- r:reject(拒绝)
3.7.4.8安装cinder相关组件
3.7.4.8.1安装
yum install openstack-cinder targetcli python-keystone -y
3.7.4.8.2配置
- 1.备份
/etc/cinder/cinder.conf文件,并去掉注释
cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
- 2.使用
openstack-config命令修改相关配置
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password openstack
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
# 存储节点管理网络(规划就一个ip)
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.30
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
# cinder-volumes:是前面创建的卷组名
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
如果有多块物理卷可以使用以下方式做区分(此处没有,略过)
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends ssd,sata
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
volume_backend_name = sata
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
volume_backend_name = ssd
3.7.4.9启动cinder相关服务,并设置开机自启
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service