溫馨提示×

溫馨提示×

您好,登錄后才能下訂單哦!

密碼登錄×
登錄注冊×
其他方式登錄
點擊 登錄注冊 即表示同意《億速云用戶服務(wù)條款》

OpenStack Queens版本部署

發(fā)布時間:2020-08-08 04:51:08 來源:網(wǎng)絡(luò) 閱讀:347 作者:mb5ce7848ebdda2 欄目:系統(tǒng)運維

社區(qū)OpenStack Queens版本部署安裝詳解(附加節(jié)點安裝所有組件)

一、 部署軟件環(huán)境

操作系統(tǒng):
Centos7
內(nèi)核版本:
[root@controller ~]# uname -m
x86_64
[root@controller ~]# uname -r
3.10.0-693.21.1.el7.x86_64
節(jié)點間以及網(wǎng)卡配置
controller節(jié)點
[root@controller ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
compute節(jié)點
[root@compute ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1

存儲Cinder節(jié)點
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
說明:此次部署搭建采用三臺物理節(jié)點手搭建社區(qū)openstack Queens環(huán)境
二.OpenStack概述
OpenStack項目是一個開源云計算平臺,支持所有類型的云環(huán)境。該項目旨在實現(xiàn)簡單,大規(guī)模的可擴展性和豐富的功能。
OpenStack通過各種補充服務(wù)提供基礎(chǔ)架構(gòu)即服務(wù)(IaaS)解決方案。每項服務(wù)都提供了一個應(yīng)用程序編程接口(API),以促進這種集成。
本文涵蓋了使用適用于具有足夠Linux經(jīng)驗的OpenStack新用戶的功能性示例體系結(jié)構(gòu),逐步部署主要OpenStack服務(wù)。只用于學習OpenStack最小化環(huán)境。
三、OpenStack架構(gòu)總覽
1.概念性架構(gòu)
下圖顯示了OpenStack服務(wù)之間的關(guān)系:

2.邏輯體系結(jié)構(gòu)
下圖顯示了OpenStack云中最常見但不是唯一可能的體系結(jié)構(gòu):

對于設(shè)計,部署和配置OpenStack,學習者必須了解邏輯體系結(jié)構(gòu)。
如概念架構(gòu)所示,OpenStack由幾個獨立的部分組成,稱為OpenStack服務(wù)。所有服務(wù)都通過keystone服務(wù)進行身份驗證。
各個服務(wù)通過公共API相互交互,除非需要特權(quán)管理員命令。
在內(nèi)部,OpenStack服務(wù)由多個進程組成。所有服務(wù)都至少有一個API進程,它監(jiān)聽API請求,預(yù)處理它們并將它們傳遞給服務(wù)的其他部分。除身份服務(wù)外,實際工作由不同的流程完成。
對于一個服務(wù)的進程之間的通信,使用AMQP消息代理。該服務(wù)的狀態(tài)存儲在數(shù)據(jù)庫中。部署和配置OpenStack云時,您可以選擇多種消息代理和數(shù)據(jù)庫解決方案,例如RabbitMQ,MySQL,MariaDB和SQLite。
用戶可以通過Horizon Dashboard實現(xiàn)的基于Web的用戶界面,通過命令行客戶端以及通過瀏覽器插件或curl等工具發(fā)布API請求來訪問OpenStack。對于應(yīng)用程序,有幾個SDK可用。最終,所有這些訪問方法都會對各種OpenStack服務(wù)發(fā)出REST API調(diào)用。
四.OpenStack組件服務(wù)部署
部署前置條件(以下命令在所有節(jié)點執(zhí)行)
1.配置節(jié)點網(wǎng)卡IP(略)
2.設(shè)置主機名
hostnamectl set-hostname 主機名
bash ##使設(shè)置立即生效
3.配置域名解析,編輯編輯/etc/hosts文件,加入如下配置
10.71.11.12 controller
10.71.11.13 compute
10.71.11.14 cinder
4.驗證網(wǎng)絡(luò)連通性
在控制節(jié)點執(zhí)行
root@controller ~]# ping -c 4 openstack.org
PING openstack.org (162.242.140.107) 56(84) bytes of data.
在計算節(jié)點執(zhí)行
[root@compute ~]# ping -c 4 openstack.org
PING openstack.org (162.242.140.107) 56(84) bytes of data.
5.配置阿里yum源
備份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
下載
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
或者
curl -o /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
6.安裝NTP時鐘服務(wù)(所有節(jié)點)
##controller節(jié)點##
安裝軟件包
yum install chrony -y
編輯/etc/chrony.conf文件,配置時鐘源同步服務(wù)端
server controlelr iburst ##所有節(jié)點向controller節(jié)點同步時間
allow 10.71.11.0/24 ##設(shè)置時間同步網(wǎng)段
設(shè)置NTP服務(wù)開機啟動
systemctl enable chronyd.service
systemctl start chronyd.service
其他節(jié)點
安裝軟件包
yum install chrony -y
配置所有節(jié)點指向controller同步時間
vi /etc/chrony.conf
server controlelr iburst
重啟NTP服(略)
驗證時鐘同步服務(wù)
在controller節(jié)點執(zhí)行
[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* time4.aliyun.com 2 10 377 1015 +115us[ +142us] +/- 14ms

MS列中的內(nèi)容應(yīng)該指明* NTP服務(wù)當前同步的服務(wù)器。
在其他節(jié)點執(zhí)行
[root@compute ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample

^* leontp.ccgs.wa.edu.au 1 10 377 752

[root@cinder ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample

^+ 61-216-153-104.HINET-IP.> 3 10 377 748 -3373us[-
注意:日常運維中經(jīng)常遇見時鐘飄逸問題,導致集群服務(wù)腦裂
openstack服務(wù)安裝、配置
說明:無特殊說明,以下操作在所有節(jié)點上執(zhí)行
1.下載安裝openstack軟件倉庫(queens版本)
yum install centos-release-openstack-queens -y
2.更新所有節(jié)點軟件包
yum upgrade
3.兩個節(jié)點安裝openstack client端
yum install python-openstackclient -y
4.安裝openstack-selinux
yum install openstack-selinux -y
安裝數(shù)據(jù)庫(controller節(jié)點執(zhí)行)
大多數(shù)OpenStack服務(wù)使用SQL數(shù)據(jù)庫來存儲信息,數(shù)據(jù)庫通常在控制器節(jié)點上運行。 本文主要使用MariaDB或MySQL。
安裝軟件包
yum install mariadb mariadb-server python2-PyMySQL -y
編輯/etc/my.cnf.d/mariadb-server.cnf并完成以下操作
[root@controller ~]# vim /etc/my.cnf.d/mariadb-server.cnf

#

These groups are read by MariaDB server.

[server]

this is only for the mysqld standalone daemon

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid

bind-address = 192.168.10.102
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
說明:bind-address使用controller節(jié)點的管理IP
設(shè)置服務(wù)開機啟動
systemctl enable mariadb.service
systemctl start mariadb.service
通過運行mysql_secure_installation腳本來保護數(shù)據(jù)庫服務(wù)。密碼123456
[root@controller ~]# mysql_secure_installation

Thanks for using MariaDB!
在controller節(jié)點安裝、配置RabbitMQ
1.安裝配置消息隊列組件
yum install rabbitmq-server -y
2.設(shè)置服務(wù)開機啟動
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
3.添加openstack 用戶
rabbitmqctl add_user openstack openstack
4.openstack用戶的權(quán)限配置

rabbitmqctl set_permissions openstack "." "." ".*"
8.RabbitMQ 消息隊列安裝及配置 (控制節(jié)點)

yum install rabbitmq-server -y

/usr/lib/rabbitmq/bin/rabbitmq-plugins list //查看插件安裝情況

/usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management

//啟用rabbitmq_management服務(wù)

systemctl restart rabbitmq-server.service

systemctl enable rabbitmq-server

rabbitmqctl add_user openstack openstack

//添加 openstack 用戶 , openstack 為密碼

rabbitmqctl set_permissions openstack "." "." ".*"

//給openstack用戶配置寫和讀權(quán)限
訪問 httpd://192.168.0.17:15672 可以看到web管理頁面
若無法訪問,的賦予權(quán)限

rabbitmqctl set_user_tags openstack administrator

rabbitmqctl list_users ##查看權(quán)限

安裝緩存數(shù)據(jù)庫Memcached(controller節(jié)點)
說明:服務(wù)的身份認證服務(wù)使用Memcached緩存令牌。 memcached服務(wù)通常在控制器節(jié)點上運行。 對于生產(chǎn)部署,我們建議啟用防火墻,身份驗證和加密的組合來保護它。
1.安裝配置組件
yum install memcached python-memcached -y
2.編輯/etc/sysconfig/memcached
vim /etc/sysconfig/memcached

OPTIONS="-l 10.71.11.12,::1,controller"
3.設(shè)置服務(wù)開機啟動
systemctl enable memcached.service
systemctl start memcached.service
Etcd服務(wù)安裝(controller)
1.安裝服務(wù)
yum install etcd -y
2.編輯/etc/etcd/etcd.conf文件
vim /etc/etcd/etcd.conf

ETCD_INITIAL_CLUSTER
ETCD_INITIAL_ADVERTISE_PEER_URLS
ETCD_ADVERTISE_CLIENT_URLS
ETCD_LISTEN_CLIENT_URLS
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.71.11.12:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.71.11.12:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.71.11.12:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.71.11.12:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.71.11.12:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
3.設(shè)置服務(wù)開機啟動
systemctl enable etcd
systemctl start etcd
安裝keystone組件(controller)
1.創(chuàng)建keystone數(shù)據(jù)庫并授權(quán)
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'%' IDENTIFIED BY '123456';
2.安裝、配置組件
yum install openstack-keystone httpd mod_wsgi -y
3.編輯 vim /etc/keystone/keystone.conf
[database] 737

connection = mysql+pymysql://keystone:123456@controller/keystone

[token] 2878

provider = fernet
4.同步keystone數(shù)據(jù)庫
su -s /bin/sh -c "keystone-manage db_sync" keystone
5.數(shù)據(jù)庫初始化
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6.引導身份認證服務(wù)
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
配置apache http服務(wù)
1.編輯 vim /etc/httpd/conf/httpd.conf,配置ServerName參數(shù)
ServerName controller
2.創(chuàng)建 /usr/share/keystone/wsgi-keystone.conf鏈接文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3.設(shè)置服務(wù)開機啟動
systemctl enable httpd.service
systemctl restart httpd.service
啟動服務(wù)報錯
[root@controller ~]# systemctl start httpd.service
經(jīng)過判斷,是SELinux引發(fā)的問題
解決辦法:關(guān)閉防火墻
[root@controller ~]# vi /etc/selinux/config

SELINUX=disabled

SELINUXTYPE= can take one of three two values:

SELINUXTYPE=targeted
再次重啟服務(wù)報錯解決
[root@controller ~]# systemctl enable httpd.service;systemctl start httpd.service
4.配置administrative賬號
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
創(chuàng)建 domain, projects, users, roles
1.創(chuàng)建域
openstack domain create --description "Domain" example

[root@controller ~]# openstack domain create --description "Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Domain |
| enabled | True |
| id | 199658b1d0234c3cb8785c944aa05780 |
| name | example |
| tags | [] |
+-------------+----------------------------------+

  1. 創(chuàng)建服務(wù)項目
    openstack project create --domain default --description "Service Project" service
  2. [root@controller ~]# openstack project create --domain default --description "Service Project" service
  3. +-------------+----------------------------------+
  4. | Field | Value |
  5. +-------------+----------------------------------+
  6. | description | Service Project |
  7. | domain_id | default |
  8. | enabled | True |
  9. | id | 03e700ff43e44b29b97365bac6c7d723 |
  10. | is_domain | False |
  11. | name | service |
  12. | parent_id | default |
  13. | tags | [] |
    +-------------+----------------------------------+
    3.創(chuàng)建平臺demo項目
    openstack project create --domain default --description "Demo Project" demo
    [root@controller ~]# openstack project create --domain default --description "Demo Project" demo
    +-------------+----------------------------------+
    | Field | Value |
    +-------------+----------------------------------+
    | description | Demo Project |
    | domain_id | default |
    | enabled | True |
    | id | 61f8c9005ca84477b5bdbf485be1a546 |
    | is_domain | False |
    | name | demo |
    | parent_id | default |
    | tags | [] |
    +-------------+----------------------------------+
    4.創(chuàng)建demo用戶 密碼demo
    openstack user create --domain default --password-prompt demo
    [root@controller ~]# openstack user create --domain default --password-prompt demo
    User Password:
    Repeat User Password:
    +---------------------+----------------------------------+
    | Field | Value |
    +---------------------+----------------------------------+
    | domain_id | default |
    | enabled | True |
    | id | fa794c034a53472c827a94e6a6ad12c1 |
    | name | demo |
    | options | {} |
    | password_expires_at | None |
    +---------------------+----------------------------------+
    5.創(chuàng)建用戶角色
    openstack role create user
    [root@controller ~]# openstack role create user
    +-----------+----------------------------------+
    | Field | Value |
    +-----------+----------------------------------+
    | domain_id | None |
    | id | 15ea413279a74770b79630b75932a596 |
    | name | user |
    +-----------+----------------------------------+
    6.添加用戶角色到demo項目和用戶
    openstack role add --project demo --user demo user
    說明:此條命令執(zhí)行成功后不返回參數(shù)
    驗證操作
    1.取消環(huán)境變量
    unset OS_AUTH_URL OS_PASSWORD
    2.admin用戶返回的認證token 密碼123456
    [root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
    [root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \

--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
3.demo用戶返回的認證token 密碼deno
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
創(chuàng)建openstack 客戶端環(huán)境腳本
1.創(chuàng)建 vim admin-openrc腳本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.創(chuàng)建 vim demo-openrc腳本
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3.使用腳本,返回認證token 賦予腳本權(quán)限,執(zhí)行腳本
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-04-01T08:17:29+0000 |
| id | gAAAAABawIeJ0z-3R2ltY6ublCGqZX80AIi4tQUxqEpw0xvPsFP9BLV8ALNsB2B7bsVivGB14KvhUncdoRl_G2ng5BtzVKAfzHyB-OxwiXeqAttkpQsuLCDKRHd3l-K6wRdaDqfNm-D1QjhtFoxHOTotOcjtujBHF12uP49TjJtl1Rrd6uVDk0g |
| project_id | 4205b649750d4ea68ff5bea73de0faae |
| user_id | 475b31138acc4cc5bb42ca64af418963 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
安裝Glance服務(wù)(controller)
1.創(chuàng)建glance數(shù)據(jù)庫,并授權(quán)
mysql -u root -p

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
2.獲取admin用戶的環(huán)境變量,并創(chuàng)建服務(wù)認證
. admin-openrc
創(chuàng)建glance用戶 密碼123456

[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | dd2363d365624c998dfd788b13e1282b |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
把admin用戶添加到glance用戶和項目中
openstack role add --project service --user glance admin
說明:此條命令執(zhí)行不返回不返回
創(chuàng)建glance服務(wù)
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 5927e22c745449869ff75b193ed7d7c6 |
| name | glance |
| type | image |
+-------------+----------------------------------+
3.創(chuàng)建鏡像服務(wù)API端點
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0822449bf80f4f6897be5e3240b6bfcc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5927e22c745449869ff75b193ed7d7c6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f18ae583441b4d118526571cdc204d8a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5927e22c745449869ff75b193ed7d7c6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 79eadf7829274b1b9beb2bfb6be91992 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5927e22c745449869ff75b193ed7d7c6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
安裝和配置組件
1.安裝軟件包
yum install openstack-glance -y
2.編輯 vim /etc/glance/glance-api.conf文件

[database] 1924

connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken] 3472

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456

[paste_deploy]

flavor = keystone

[glance_store] 2039

stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.編輯 vim /etc/glance/glance-registry.conf

[database] 1170

connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken] 1285

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456

[paste_deploy] 2272

flavor = keystone
4.同步鏡像服務(wù)數(shù)據(jù)庫
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
驗證操作
使用CirrOS驗證Image服務(wù)的操作,這是一個小型Linux映像,可幫助您測試OpenStack部署。
有關(guān)如何下載和構(gòu)建映像的更多信息,請參閱OpenStack虛擬機映像指南https://docs.openstack.org/image-guide/
有關(guān)如何管理映像的信息,請參閱OpenStack最終用戶指南https://docs.openstack.org/queens/user/
1.獲取admin用戶的環(huán)境變量,且下載鏡像
. admin-openrc

wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
2.上傳鏡像
使用QCOW2磁盤格式,裸容器格式和公開可見性將圖像上傳到Image服務(wù),以便所有項目都可以訪問它:
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
 Field Value

3.查看上傳的鏡像

[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 916faa2b-e292-46e0-bfe4-0f535069a1a0 | cirros | active |
+--------------------------------------+--------+--------+
說明:glance具體配置選項:https://docs.openstack.org/glance/queens/configuration/index.html
controller節(jié)點安裝和配置compute服務(wù)
1.創(chuàng)建nova_api, nova, nova_cell0數(shù)據(jù)庫
mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
數(shù)據(jù)庫登錄授權(quán)
GRANT ALL PRIVILEGES ON nova_api. TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api. TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova. TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova. TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0. TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0. TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'controller' IDENTIFIED BY 'nova';
建nova用戶 密碼123456
[root@controller ~]# . admin-openrc

[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8e72103f5cc645669870a630ffb25065 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3.添加admin用戶為nova用戶
openstack role add --project service --user nova admin
4.創(chuàng)建nova服務(wù)端點
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 9f8f8d8cb8e542b09694bee6016cc67c |
| name | nova |
| type | compute |
+-------------+----------------------------------+
5.創(chuàng)建compute API 服務(wù)端點
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cf260d5a56344c728840e2696f44f9bc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f8f8d8cb8e542b09694bee6016cc67c |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f308f29a78e04b888c7418e78c3d6a6d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f8f8d8cb8e542b09694bee6016cc67c |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 022d96fa78de4b73b6212c09f13d05be |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f8f8d8cb8e542b09694bee6016cc67c |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
創(chuàng)建一個placement服務(wù)用戶 密碼123456
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fa239565fef14492ba18a649deaa6f3c |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
6.添加placement用戶為項目服務(wù)admin角色
openstack role add --project service --user placement admin
7.創(chuàng)建在服務(wù)目錄創(chuàng)建Placement API服務(wù)
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 32bb1968c08747ccb14f6e4a20cd509e |
| name | placement |
| type | placement |
+-------------+----------------------------------+
8.創(chuàng)建Placement API服務(wù)端點
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b856962188484f4ba6fad500b26b00ee |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 32bb1968c08747ccb14f6e4a20cd509e |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 62e5a3d82a994f048a8bb8ddd1adc959 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 32bb1968c08747ccb14f6e4a20cd509e |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f12f81ff7b72416aa5d035b8b8cc2605 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 32bb1968c08747ccb14f6e4a20cd509e |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
安裝和配置組件
1.安裝軟件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
2.編輯 vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@controller
my_ip = 10.71.11.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]

connection = mysql+pymysql://nova:nova@controller/nova_api

[database]

connection = mysql+pymysql://nova:nova@controller/nova

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456

[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456
3.由于軟件包的一個bug,需要在/etc/httpd/conf.d/00-nova-placement-api.conf文件中添加如下配置
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
4.重新http服務(wù)
systemctl restart httpd
5.同步nova-api數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage api_db sync" nova
同步數(shù)據(jù)庫報錯

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
Traceback (most recent call last):
File "/usr/bin/nova-manage", line 10, in <module>
sys.exit(main())
File "/usr/lib/python2.7/site-packages/nova/cmd/manage.py", line 1597, in main
config.parse_args(sys.argv)
File "/usr/lib/python2.7/site-packages/nova/config.py", line 52, in parse_args
default_config_files=default_config_files)
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2502, in call
else sys.argv[1:])
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 3166, in _parse_cli_opts
return self._parse_config_files()
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 3183, in _parse_config_files
ConfigParser._parse_file(config_file, namespace)
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 1950, in _parse_file
raise ConfigFileParseError(pe.filename, str(pe))
oslo_config.cfg.ConfigFileParseError: Failed to parse /etc/nova/nova.conf: at /etc/nova/nova.conf:8, No ':' or '=' found in assignment: '/etc/nova/nova.conf'
根據(jù)報錯,把/etc/nova/nova.conf中第八行注釋掉,解決報錯
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
6.注冊cell0數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
7.創(chuàng)建cell1 cell
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
6c689e8c-3e13-4e6d-974c-c2e4e22e510b
8.同步nova數(shù)據(jù)庫
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
/usr/lib/python2.7/site-packages/pymysql/cursors.py:165: Warning: (1831, u'Duplicate index block_device_mapping_instance_uuid_virtual_name_device_name_idx. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:165: Warning: (1831, u'Duplicate index uniq_instances0uuid. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
9.驗證 nova、 cell0、 cell1數(shù)據(jù)庫是否注冊正確

[root@controller ~]# nova-manage cell_v2 list_cells
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:@controller/nova_cell0 |
| cell1 | 6c689e8c-3e13-4e6d-974c-c2e4e22e510b | rabbit://openstack:@controller | mysql+pymysql://nova:****@controller/nova |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
10.設(shè)置服務(wù)為開機啟動
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
計算節(jié)點安裝和配置compute節(jié)點服務(wù)
1.安裝軟件包
yum install openstack-nova-compute -y
2.編輯 vim /etc/nova/nova.conf
[DEFAULT]

enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 10.71.11.13
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456
3.設(shè)置服務(wù)開機啟動
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
說明:如果nova-compute服務(wù)無法啟動,請檢查/var/log/nova/nova-compute.log,會出現(xiàn)如下報錯信息

2018-04-01 12:03:43.362 18612 INFO os_vif [-] Loaded VIF plugins: ovs, linux_bridge
2018-04-01 12:03:43.431 18612 WARNING oslo_config.cfg [-]
控制器:5672上的錯誤消息AMQP服務(wù)器無法訪問可能表示控制器節(jié)點上的防火墻阻止了對端口5672的訪問。配置防火墻以在控制器節(jié)點上打開端口5672,并在計算節(jié)點上重新啟動nova-compute服務(wù)。
清除controller的防火墻
[root@controller ~]# iptables -F
[root@controller ~]# iptables -X
[root@controller ~]# iptables -Z
重啟計算服務(wù)成功
4.添加compute節(jié)點到cell數(shù)據(jù)庫(controller)
驗證有幾個計算節(jié)點在數(shù)據(jù)庫中
[root@controller ~]. admin-openrc

[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 8 | nova-compute | compute | nova | enabled | up | 2018-04-01T22:24:14.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
5.發(fā)現(xiàn)計算節(jié)點

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': 6c689e8c-3e13-4e6d-974c-c2e4e22e510b
Found 1 unmapped computes in cell: 6c689e8c-3e13-4e6d-974c-c2e4e22e510b
Checking host mapping for compute host 'compute': 32861a0d-894e-4af9-a57c-27662d27e6bd
Creating host mapping for compute host 'compute': 32861a0d-894e-4af9-a57c-27662d27e6b
在controller節(jié)點驗證計算服務(wù)操作
1.列出服務(wù)組件
[root@controller ~]#. admin-openrc

[root@controller ~]# openstack compute service list
+----+------------------+----------------+----------+---------+-------+----------------------------+
 ID Binary Host Zone Status State Updated At
+----+------------------+----------------+----------+---------+-------+----------------------------+
 1 nova-consoleauth controller internal enabled up 2018-04-01T22:25:29.000000
2 nova-conductor controller internal enabled up 2018-04-01T22:25:33.000000
3 nova-scheduler controller internal enabled up 2018-04-01T22:25:30.000000
6 nova-conductor ansible-server internal enabled up 2018-04-01T22:25:55.000000
7 nova-scheduler ansible-server internal enabled up 2018-04-01T22:25:59.000000
8 nova-compute compute nova enabled up 2018-04-01T22:25:34.000000
9 nova-consoleauth ansible-server internal enabled up 2018-04-01T22:25:57.000000
+----+------------------+----------------+----------+---------+-------+----------------------------+
2.列出身份服務(wù)中的API端點以驗證與身份服務(wù)的連接:
[root@controller ~]# openstack catalog list
+-----------+-----------+-----------------------------------------+
 Name Type Endpoints
+-----------+-----------+-----------------------------------------+
 placement placement RegionOne
internal: http://controller:8778
RegionOne
public: http://controller:8778
RegionOne
admin: http://controller:8778
keystone identity RegionOne
public: http://controller:5000/v3/
RegionOne
admin: http://controller:35357/v3/
RegionOne
internal: http://controller:5000/v3/
glance image RegionOne
public: http://controller:9292
RegionOne
admin: http://controller:9292
RegionOne
internal: http://controller:9292
nova compute RegionOne
admin: http://controller:8774/v2.1
RegionOne
public: http://controller:8774/v2.1
RegionOne
internal: http://controller:8774/v2.1

+-----------+-----------+-----------------------------------------+
3.列出鏡像
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 916faa2b-e292-46e0-bfe4-0f535069a1a0 | cirros | active |
+--------------------------------------+--------+--------+
4.檢查cells和placement API是否正常
[root@controller ~]# nova-status upgrade check
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
Option "os_region_name" from group "placement" is deprecated. Use option "region-name" from group "placement".
+---------------------------+
| Upgrade Check Results |
+---------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+---------------------------+
nova知識點https://docs.openstack.org/nova/queens/admin/index.html
安裝和配置controller節(jié)點neutron網(wǎng)絡(luò)配置
1.創(chuàng)建nuetron數(shù)據(jù)庫和授權(quán)
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron. TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron. TO 'neutron'@'%' IDENTIFIED BY '123456';
2.創(chuàng)建服務(wù)
. admin-openrc 密碼123456
openstack user create --domain default --password-prompt neutron
添加admin角色為neutron用戶
openstack role add --project service --user neutron admin
創(chuàng)建neutron服務(wù)
openstack service create --name neutron --description "OpenStack Networking" network
3.創(chuàng)建網(wǎng)絡(luò)服務(wù)端點
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
配置網(wǎng)絡(luò)部分(controller節(jié)點)
1.安裝組件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
2.配置服務(wù)組件,編輯 vim /etc/neutron/neutron.conf
[database]

connect

[DEFAULT]

auth_strategy = keystone
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack@controller
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[keystone_authtoken]

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[nova]

auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp
配置網(wǎng)絡(luò)二層插件
編輯 vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]

type_drivers = flat,vlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge , l2population
extension_drivers = port_security

[ml2_type_flat]

flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]

enable_ipset = true
配置Linux網(wǎng)橋
編輯 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens37

[vxlan]
enable_vxlan = false 等于true時,寫下面兩行

l2_population = true
local_ip = 192.168.10.18

[securitygroup]

enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

[root@controller ~]# vim /etc/neutron/l3_agent.ini
interface_driver = linuxbridge

配置DHCP服務(wù)

編輯 vim /etc/neutron/dhcp_agent.ini
[DEFAULT]

interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置metadata
編輯 vim /etc/neutron/metadata_agent.ini
DEFAULT]

nova_metadata_host = controller
metadata_proxy_shared_secret = 123456
配置計算服務(wù)使用網(wǎng)絡(luò)服務(wù)
編輯/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456
完成安裝
1.創(chuàng)建服務(wù)軟連接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2.同步數(shù)據(jù)庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
3.重啟compute API服務(wù)
systemctl restart openstack-nova-api.service
4.配置網(wǎng)絡(luò)服務(wù)開機啟動
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
配置compute節(jié)點網(wǎng)絡(luò)服務(wù)
1.安裝組件
yum -y install openstack-neutron-linuxbridge ebtables ipset
2.配置公共組件
編輯/etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
transport_url = rabbit://openstack:123456@controller

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置網(wǎng)絡(luò)
1.配置Linux網(wǎng)橋,編輯 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]

physical_interface_mappings = provider:ens6f0

[vxlan]
enable_vxlan = false

[securitygroup]

enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置計算節(jié)點網(wǎng)絡(luò)服務(wù)
編輯/etc/nova/nova.conf
[neutron]

url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
完成安裝
1.重啟compute服務(wù)
systemctl restart openstack-nova-compute.service
2.設(shè)置網(wǎng)橋服務(wù)開機啟動
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.servic

驗證
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack extension list --network
[root@controller ~]# openstack network agent list
在controller節(jié)點安裝Horizon服務(wù)
1.安裝軟件包
yum install openstack-dashboard -y

編輯 vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*']
配置memcache會話存儲

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
開啟身份認證API 版本v3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HO
開啟domains版本支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

OPENSTACK_NEUTRON_NETWORK = {

'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_***': False,
'enable_fip_topology_check': False,

}
為了防止服務(wù)器報500錯,添加以下內(nèi)容
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIProcessGroup %{Global}
2.完成安裝,重啟web服務(wù)和會話存儲
systemctl restart httpd.service memcached.service
在瀏覽器輸入http://10.71.11.12/dashboard.,訪問openstack的web頁面
default
admin
123456

控制節(jié)點安裝配置cinder
mysql -u root -p123456
354 source admin-openrc
357 openstack user create --domain default --password-prompt cinder
358 openstack role add --project service --user cinder admin
359 openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
360 openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
361 openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
362 openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
363 openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
364 openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v2/%\(project_id\)s
365 openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v2/%\(project_id\)s
366 openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v2/%\(project_id\)s
367 yum install openstack-cinder python-keystone -y
368 vim /etc/cinder/cinder.conf
369 clear
370 su -s /bin/sh -c "cinder-manage db sync" cinder
371 mysql -uroot -p123456 -e "use cinder;show tables;"
372 clear
373 vim /etc/nova/nova.conf
374 systemctl restart openstack-nova-api.service
375 systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
376 systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
377 history

安裝和配置Cinder節(jié)點

本節(jié)介紹如何為Block Storage服務(wù)安裝和配置存儲節(jié)點。 為簡單起見,此配置使用空的本地塊存儲設(shè)備引用一個存儲節(jié)點。
該服務(wù)使用LVM驅(qū)動程序在該設(shè)備上配置邏輯卷,并通過iSCSI傳輸將其提供給實例。 您可以按照這些說明進行小的修改,以便使用其他存儲節(jié)點水平擴展您的環(huán)境。
1.安裝支持的軟件包
安裝LVM
yum install lvm2 device-mapper-persistent-data
設(shè)置LVM服務(wù)開機啟動
systemctl enable lvm2-lvmetad.service
systemctl restart lvm2-lvmetad.service
2.創(chuàng)建LVM物理邏輯卷/dev/sdb
[root@cinder ~]# pvcreate /dev/sdb1
Device /dev/sdb not found (or ignored by filtering).
解決方案:
編輯 vim /etc/lvm/lvm.conf,找到global_filter一行,配置如下
global_filter = [ "a|.*/|","a|sdb1|"]
之后再執(zhí)行pvcreate命令,問題解決。
[root@cinder ~]# pvcreate /dev/sdb1
Physical volume "/dev/sdb1" successfully created.
3.創(chuàng)建cinder-volumes邏輯卷組
[root@cinder ~]# vgcreate cinder-volumes /dev/sdb1
Volume group "cinder-volumes" successfully created
4.安裝和配置組件
安裝軟件包
yum install openstack-cinder targetcli python-keystone -y
編輯 vim /etc/cinder/cinder.conf

[DEFAULT]

transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 10.71.11.14
enabled_backends = lvm
glance_api_servers = http://controller:9292

[database]

connection = mysql+pymysql://cinder:123456@controller/cinder

[keystone_authtoken]

auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = 123456

在[lvm]部分中,使用LVM驅(qū)動程序,cinder-volumes卷組,iSCSI協(xié)議和相應(yīng)的iSCSI服務(wù)配置LVM后端。 如果[lvm]部分不存在,請創(chuàng)建它:

[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp
設(shè)置存儲服務(wù)開機啟動
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service

控制節(jié)點驗證
source admin-openrc
openstack volume service list

五、登錄Dashboard界面
社區(qū)Queens Web界面顯示三個角色
? 項目
? 管理員
? 身份管理

六、命令行上傳鏡像

  1. 把原生iso鏡像上傳到controller節(jié)點

2.轉(zhuǎn)換原生ISO鏡像格式為qcow2
[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare --public --file /root/CentOS-7-x86_64-Minimal-1708.iso CentOS-7-x86_64

3.查看制作的鏡像信息

七、創(chuàng)建虛擬機流程

  1. 創(chuàng)建網(wǎng)絡(luò)
    . admin-openrc
    openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider

參數(shù)
--share 允許所有項目使用虛擬網(wǎng)絡(luò)
--external 定義外接虛擬網(wǎng)絡(luò) 如果需要創(chuàng)建外網(wǎng)使用 --internal
--provider-physical-network provider && --provider-network-type flat 連接flat 虛擬網(wǎng)絡(luò)
2.創(chuàng)建子網(wǎng)
openstack subnet create --network provider --allocation-pool start=10.71.11.50,end=10.71.11.60 --dns-nameserver 114.114.114.114 --gateway 10.71.11.254 --subnet-range 10.71.11.0/24 provider

3.創(chuàng)建flavor
openstack flavor create --id 1 --vcpus 4 --ram 128 --disk 1 m2.nano

4.控制節(jié)點生成秘鑰對,在啟動實例之前,需要將公鑰添加到Compute服務(wù)
. demo-openrc
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub liukey

5.添加安全組,允許ICMP(ping)和安全shell(SSH)
openstack security group rule create --proto icmp default

6.允許安全shell(SSH)訪問
openstack security group rule create --proto tcp --dst-port 22 default

7.列出flavor
openstack flavor list

8.列出可用鏡像

9.列出網(wǎng)絡(luò)

10.列出安全組

11.創(chuàng)建虛擬機

12.查看實列狀態(tài)

控制節(jié)點安裝的組件:
78 yum install centos-release-openstack-queens -y
79 yum install python-openstackclient -y
80 yum install openstack-selinux -y
81 yum install mariadb mariadb-server python2-PyMySQL -y
82 yum install rabbitmq-server -y
83 yum install memcached python-memcached -y
84 yum install etcd -y
85 yum install openstack-keystone httpd mod_wsgi -y
86 yum install openstack-glance -y
87 yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
88 yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
89 yum install openstack-dashboard -y
90 yum install openstack-cinder -y
計算節(jié)點安裝的組件:
75 yum install centos-release-openstack-queens -y
76 yum install python-openstackclient -y
77 yum install openstack-selinux -y
78 yum install openstack-nova-compute
81 yum install openstack-neutron-linuxbridge ebtables ipset
89 yum -y istall libvirt* ##安裝此項才能安裝,不然報錯
91 yum install -y openstack-nova-compute
存儲節(jié)點安裝的組件
53 yum install centos-release-openstack-queens -y
54 yum -y install lvm2 openstack-cinder targetcli python-keystone

客戶端使用VNC連接
[root@192 ~]# yum -y install vnc
[root@192 ~]# yum -y install vncview
[root@192 ~]# vncviewer 192.168.0.19:5901

向AI問一下細節(jié)

免責聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進行舉報,并提供相關(guān)證據(jù),一經(jīng)查實,將立刻刪除涉嫌侵權(quán)內(nèi)容。

AI