该实验根据官方文档,选择Pike版本进行部署。
环境:VMware workstaiton
两台虚拟机 CentOS 7(controller和computer1)
双网卡
虽然目前openstack的网上自动化部署教程非常多,比如devstack,fuel,kolla-ansible等等,但是如果想要了解Openstackd的架构以及组件还是必须要从手动部署入门。即使你不愿意学习手动部署,你在用以上方案部署完成后依然只是对Openstack有个界面性的认识,远远达不到灵活运用和追踪问题的阶段。
网络拓扑图:
这里配置两台机器;每台机器两块网卡;
centos配置如图,均选择minimal安装(时间选择为上海,否则后面还需手动修改)
安装完成后强烈建议打个快照!
每块网卡有两个功能,分别为:
网卡1:①联网下载软件包 ②云主机通过此网卡访问网络(这里的云主机是指openstack上的虚拟机)
网卡2:①内部网络互通 ②实现Vxnet
网卡1 为桥接模式,网卡2为仅主机模式,两台均要配置好双网卡。
并且在适配器设置处设置为网卡共享给VMnet1
虚拟机网卡配置参考 虚拟机三种网卡
这里遇到一些问题,网上都能搜到…耐心慢慢配吧。
以下网卡配置仅供参考,具体需要自己按照环境自行配制
另外强烈不建议使用校园网!会缺少一些镜像
#进入网卡目录
[root@controller ~]# cd /etc/sysconfig/network-scripts
#查看目录下文件 这个时候可以看到两块网卡 ifcfg-ens33和 ifcfg-ens34
[root@controller network-scripts]# ls
ifcfg-ens33 ifdown-ippp ifdown-sit ifup-bnep ifup-plusb ifup-TeamPort
ifcfg-ens34 ifdown-ipv6 ifdown-Team ifup-eth ifup-post ifup-tunnel
ifcfg-lo ifdown-isdn ifdown-TeamPort ifup-ippp ifup-ppp ifup-wireless
ifdown ifdown-post ifdown-tunnel ifup-ipv6 ifup-routes init.ipv6-global
ifdown-bnep ifdown-ppp ifup ifup-isdn ifup-sit network-functions
ifdown-eth ifdown-routes ifup-aliases ifup-plip ifup-Team network-functions-ipv6
#修改第一块网卡
[root@controller network-scripts]# vi ifcfg-ens33
#修改完成后输入 :wq 保存退出(新手注意冒号:)w表示保存,q表示退出
#同样修改第二块网卡
[root@controller network-scripts]# vi ifcfg-ens34
具体Ip根据自己的网卡而定,因为我这里是校园网,网卡一看着有点奇怪…
两台主机都要配置,过程是一样的。
配好后网上下载个xshell (这个很有用,具体怎么用大家搜一下就行蛮简单的)
然后ssh登录连接上。
接下来就是开始环境配置过程了;
打开官方文档openstack
首先需要!关闭一些服务,根据以下文档#networkmanager 可以不关
物理机部署时遇到问题,网速过慢
原因是因为源在国外,需要进行修改
参考以下文档解决
[bjtu@controller etc]$ vim /etc/yum.repos.d/CentOS-OpenStack-pike.repo
#修改内容如下
baseurl=http://mirrors.163.com/centos/7.6.1810/cloud/x86_64/openstack-pike/
##这个不做也可以##
关闭NetworkManager后需要手动配置一些服务。如下参考文档
首先直接从NTP时间同步开始
官网是英文的,不习惯的同学可以用360极速浏览器,可以自动翻译。
#首先需要修改主机名 分别在两台主机下各自执行
hostnamectl set-hostname controller
hostnamectl set-hostname computer1
#执行后需要重启,然后就能看到主机名修改后了
#执行时间同步服务 首先是comtroller 节点
[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf
#修改后如下
###后面报错,因此改成server ntp1.aliyun.com iburst
#但这里图片就不进行更改了
#重启服务
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl start chronyd.service
#computer1时间同步服务
[root@computer1 ~]# yum install chrony
[root@computer1 ~]# vim /etc/chrony.conf
#修改后图片如下
#修改后执行
[root@computer1 ~]# systemctl enable chronyd.service
[root@computer1 ~]# systemctl start chronyd.service
#验证同步 出现以下内容即为成功
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 120.25.115.20 2 6 17 3 -2085us[-4245us] +/- 40ms
注意为^* ^?为未连接
[root@computer1 ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 10.0.0.11 3 6 17 9 -25us[ -94us] +/- 7253ms
#安装前在两个节点域名解析
[root@controller ~]# vim /etc/hosts
#增加以下内容,computer1相同操作 修改后可以 ping controller 和 ping computer1 检测
#以下安装按照centos 两个节点均执行
[root@controller ~]# yum install centos-release-openstack-pike -y
[root@controller ~]# yum upgrade -y
##!!!!安装了内核,需要重启激活一下,
#这个过程中我遇到一个问题 3:mariadb-libs-10.1.20-2.el7.x86_64: [Errno 256] No more mirrors to try.#解决方案在下面的链接
#安装OpenStack客户端:
[root@controller ~]# yum install python-openstackclient -y
#RHEL和CentOS 默认启用SELinux。安装 openstack-selinux软件包以自动管理OpenStack服务的安全策略:
[root@controller ~]# yum install openstack-selinux -y
解决方法
接下来就是数据库SQL的安装,用来存储信息,通常在控制器节点安装
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
#其中报错了,一个是缺少镜像,解决方法同上。另一个问题了话就是下面那个。
Transaction check error: file /etc/my.cnf from install of mysql-libs
#创建和编辑/etc/my.cnf.d/openstack.cnf
[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf
##文件内容如下
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
保存退出
启动数据库服务并将其配置为在系统引导时启动:
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
可以查看一下状态
通过运行mysql_secure_installation 脚本来保护数据库服务。特别是,为数据库root帐户选择合适的密码 :
[root@controller ~]# mysql_secure_installation
#接下来需要直接回车以重新设置密码
#密码设置为123456
#接下来输入
Remove anonymous users? [Y/n] n
... skipping.
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] n
... skipping.
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
至此,myslq安装完成
接下来安装RPC消息队列
消息队列在控制器节点上运行。
安装和配置组件
安装包:
# yum install rabbitmq-server -y
启动消息队列服务并将其配置为在系统引导时启动:
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
添加openstack用户:
# rabbitmqctl add_user openstack 123456
替换RABBIT_PASS为合适的密码。
允许用户进行配置,写入和读取访问 openstack:
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装令牌缓存,可以理解为对令牌性能的优化
安装和配置组件
安装包:
# yum install memcached python-memcached -y
编辑 /etc/sysconfig/memcached 文件并完成以下操作:
# vim /etc/sysconfig/memcached
配置服务以使用控制器节点的管理IP地址。这是为了通过管理网络启用其他节点的访问:
修改部分内容如下
OPTIONS="-l 127.0.0.1,::1,controller"
完成安装
启动Memcached服务并将其配置为在系统引导时启动:
# systemctl enable memcached.service
# systemctl start memcached.service
至此,环境部署完成
##ps 在第二天早上来到实验室后发现虚拟机Ping不通外网…十分自闭。然后一直调也没发现问题在哪,这里只能猜测是校园网的玄学,然后换成NAT模式DHCP好了, 于是决定将网络换成了NAT,除了ip的网段之外,应该没什么其他问题了。#
###貌似网不通的原因了,只需重新共享一下Vnet1。都是再分析网卡时,需要耐心寻找错误,而不是盲目重复
创建keystone业务,十分重要
本节介绍如何在控制器节点上安装和配置代号为keystone的OpenStack Identity服务。出于可伸缩性的目的,此配置部署了Fernet令牌和Apache HTTP服务器来处理请求。
【先决条件】
在安装和配置Identity服务之前,必须创建数据库。
1.使用数据库访问客户端以root用户身份连接到数据库服务器:
$ mysql -u root -p
2.创建keystone数据库:#以下为数据库的操作
MariaDB [(none)]> CREATE DATABASE keystone;
3.授予对keystone数据库的适当访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123456';
4.quit或者exit退出
【安装和配置组件】
1.安装软件包
# yum install openstack-keystone httpd mod_wsgi -y
2.编辑/etc/keystone/keystone.conf文件并完成以下操作:
由于conf本身文件过多,首先做一步操作
#mv /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
#vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
provider = fernet
#替换KEYSTONE_DBPASS为您为数据库选择的密码。
3.填充Identity服务数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone
4.初始化Fernet密钥存储库:
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5.引导身份服务:\表示换行
# keystone-manage bootstrap --bootstrap-password 123456\
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
替换ADMIN_PASS为管理用户的合适密码。
【配置Apache HTTP服务器】
1.编辑/etc/httpd/conf/httpd.conf文件并配置ServerName引用控制器节点的 选项:
#vi /etc/httpd/conf/httpd.conf
找到以下内容并修改
ServerName controller
2.创建/usr/share/keystone/wsgi-keystone.conf文件的链接:
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
【完成安装】
1.启动Apache HTTP服务并将其配置为在系统引导时启动:
# systemctl enable httpd.service
# systemctl start httpd.service
2.配置管理帐户
$ export OS_USERNAME=admin
$ export OS_PASSWORD=123456 //注意密码更换
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3
【创建域,项目,用户和角色】
Identity服务为每个OpenStack服务提供身份验证服务。身份验证服务使用域,项目,用户和角色的组合。
1.本指南使用的服务项目包含您添加到环境中的每项服务的唯一用户。创建service 项目:
$ openstack project create --domain default --description "Service Project" service、
2.常规(非管理员)任务应该使用非特权项目和用户。例如,本指南创建demo项目和用户。
创建demo项目:
$ openstack project create --domain default --description "Demo Project" demo
在为此项目创建其他用户时,请勿重复此步骤。
创建demo用户:
$ openstack user create --domain default --password-prompt demo
创建user角色:
$ openstack role create user
将user角色添加到demo项目和用户:
$ openstack role add --project demo --user demo user
【验证操作】
在安装其他服务之前验证Identity服务的操作。
在控制器节点上执行这些命令。
1.取消设置临时 变量OS_AUTH_URL和OS_PASSWORD环境变量:
$ unset OS_AUTH_URL OS_PASSWORD
2.作为admin用户,请求身份验证令牌:
$ openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
3.作为demo用户,请求身份验证令牌:
$ openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
【创建登录脚本(在root的~ 目录下)】
1.创建 admin-openrc
vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.创建 demo-openrc
vi demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3.验证 admin
登录:
# . admin-openrc
验证:
openstack token issue
至此keystone业务安装完成!
##ps 在创建keystone业务的时候报错
日志查看方式
#cd /var/log/keystone
#cat keystone.log
再次尝试将所有的密码换成123456 之后仍然失败,一直找不到原因,看了几篇别人的部署日志,发现了问题,别人的授权多了一个给controller,然后尝试后成功
本次报错解决花费了将近四五天。不过在这个过程也发现了许多原本忽视的问题;现总结如下
1.配置网卡要耐心多查看,而不是盲目重启,找到为什么重启会出问题,像其中一个网卡一个网卡的重启就是好的例子
2.mirror not found 找到问题在校园网,这种教训需要牢记,同时rpm安装的时候抱着能混则混的态度,果不其然在maridb的时候失败
3.注意一起基础配置,比如关闭防火墙和一些乱七八槽的服务,注意重启以更新内核
4.多阅读,多思考,少盲目尝试,学会拍快照节省时间
5.遇到错误毫无头绪时不要耗在实验室,除了玩手机问题也没有解决,不如心态放松后再来重新尝试,不要依赖期待他人,自己的错误只有自己最清楚,学会分析日志,解决问题。
GLANCE服务安装(仅controller节点)
【数据库】
1.登录
mysql -uroot -p123456
2.创建数据库glance
CREATE DATABASE glance;
3.登录操作权限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
4.退出 exit
【创建 glance】
1.登录
. admin-openrc
2.创建glance user:
openstack user create --domain default --password-prompt glance
3.关联
openstack role add --project service --user glance admin
4.创建glance service:
openstack service create --name glance --description "OpenStack Image" image
5.创建API
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
【下载和配置】
1.下载
yum install openstack-glance -y
2.配置
mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
vi /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.配置
mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
vi /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
4.填充数据库
su -s /bin/sh -c "glance-manage db_sync" glance
此时可进入数据库查看一下Glance是否同步成功,失败了话需要多重新尝试几次
过程如下
5.启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
【验证】
1.登录:
. admin-openrc
2.下载:
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
3.上传:
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
4.查看列表
openstack image list
接下来安装nova
nova是openstack中最核心的部分,也是负责管理虚机的部分
【数据库】(controller节点)
1登录:
mysql -uroot -p123456
2创建数据库:
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
3权限
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';
4退出exit
【创建 nova】
1登录
. admin-openrc
2创建nova user:
openstack user create --domain default --password-prompt nova
3关联
openstack role add --project service --user nova admin
4创建 nova service
openstack service create --name nova --description "OpenStack Compute" compute
5创建 API
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
【创建 placement】
1登录
. admin-openrc
2创建 placement user
openstack user create --domain default --password-prompt placement
3关联
openstack role add --project service --user placement admin
4创建API
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
【下载和配置】
1下载:
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
2配置
mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
vi /etc/nova/nova.conf
#
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:123456@controller/nova_api
[database]
connection = mysql+pymysql://nova:123456@controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456
#
3.配置
vi /etc/httpd/conf.d/00-nova-placement-api.conf
#在最后添加
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
4.重启 httpd
systemctl restart httpd
5.填充数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
6.验证 cell0 cell1
nova-manage cell_v2 list_cells
7.启动
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
计算服务!(compute节点)
【下载和配置】
1.下载
yum install openstack-nova-compute
2.配置
mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
vi /etc/nova/nova.conf
#
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.31
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = 123456
#
3.启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
继续 计算服务(controller节点)
【添加compute节点到 cell数据库】
1.登陆:
. admin-openrc
2.查看:
openstack compute service list --service nova-compute
3.手动注册 compute 节点到 cell数据库 (每次添加新compute节点都需要这个操作)
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
4.自动注册 compute 节点到 cell数据库(只需要操作一次)
vi /etc/nova/nova.conf
#最后添加
[scheduler]
discover_hosts_in_cells_interval = 300
【验证】
1.登陆:
. admin-openrc
2.查看计算服务列表:
openstack compute service list
3.查看 api:
openstack catalog list
4.查看镜像列表:
openstack image list
5.检查 cells 和placement API 是否正常工作
nova-status upgrade check
nova服务十分顺利
要注意这里computer节点操作了
接下来安装Neutron组件
网络组件为最负责的组件,涉及的网络知识非常多,需要慢慢补充。
【controller节点】
【数据库】
1.登陆:
mysql -uroot -p123456
2.创建neutron
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
3.登出:exit
【创建 neutron 用户】
1.登陆:
. admin-openrc
2.创建 neutron 用户:
openstack user create --domain default --password-prompt neutron
3.关联:
openstack role add --project service --user neutron admin
4.创建 neutron service:
openstack service create --name neutron --description "OpenStack Networking" network
5.创建 API:
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
【安装和配置(基于Self-service networks)】
1.安装:
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
2.配置:
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
vi /etc/neutron/neutron.conf
######
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
######
3.配置
mv /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
vi /etc/neutron/plugins/ml2/ml2_conf.ini
######
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
#######
4.配置
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#######
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 10.0.0.11
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
######
5.配置
mv /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
vi /etc/neutron/dhcp_agent.ini
######
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#######
【配置和启动】
1.配置
mv /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
vi /etc/neutron/metadata_agent.ini
######
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 123456
####
2.配置
vi /etc/nova/nova.conf
#####添加
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456
#######
3.link
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
4.填充数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
5.重启 API service
systemctl restart openstack-nova-api.service
6.启动
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
网络服务【computer节点】
【安装和配置】
1.下载
yum install openstack-neutron-linuxbridge ebtables ipset
2.配置
mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
vi /etc/neutron/neutron.conf
######
[DEFAULT]
transport_url = rabbit://openstack:[email protected]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://10.0.0.11:5000
auth_url = http://10.0.0.11:35357
memcached_servers = 10.0.0.11:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#######
【配置】
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#####
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 10.0.0.31
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
####
【配置和启动】
1.配置
vi /etc/nova/nova.conf
####添加
[neutron]
url = http://10.0.0.11:9696
auth_url = http://10.0.0.11:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
####
2.启动
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
【验证(Controller 节点)】!!!
1.登录:
. admin-openrc
2.查看列表:
openstack network agent list
第一次验证时仅有controller节点的服务,缺少compute节点的,通过查看日志发现问题,进行搜索后发现为时间同步问题,因此安装简书教程对控制节点进行更改。
【dashboard的安装(在controller节点)】
1.下载
yum install openstack-dashboard
2.配置
vim /etc/openstack-dashboard/local_settings
###安装以下顺序一个一个找
ALLOWED_HOSTS = ['*']
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#添加
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
!
systemctl restart httpd.service memcached.service
同时修改httpd的文件
vi /etc/httpd/conf.d/openstack-dashboard.conf
#添加
WSGIApplicationGroup %{GLOBAL}
重启
systemctl restart httpd.service memcached.service
测试
http://10.0.0.11/dashboard
登录界面
域:defaul
用户名:admin
密码:123456
接下来安装cinder服务
【首先安装controller节点】
1.创建数据库
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY '123456';
2.来源admin凭据来访问仅管理员CLI命令:
. admin-openrc
3.创建服务凭据
openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
【安装和配置组件】
yum install openstack-cinder
vi /etc/cinder/cinder.conf
####
[database]
connection = mysql+pymysql://cinder:123456@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 10.0.0.11
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = 123456
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
####
su -s /bin/sh -c "cinder-manage db sync" cinder
vi /etc/nova/nova.conf
添加
[cinder]
os_region_name = RegionOne
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
【compute节点】
先决条件
1.安装支持实用程序包:
yum install lvm2 device-mapper-persistent-data
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
2.创建LVM物理卷/dev/sdb 【需要提前在虚机中添加一块硬盘】
pvcreate /dev/sdb
3.创建LVM卷组cinder-volumes
vgcreate cinder-volumes /dev/sdb
4.配置过滤器
vi /etc/lvm/lvm.conf
#修改
filter = [ “a / sda /”, “a / sdb /”,“r /.*/” ]
安装和配置组件
yum install openstack-cinder targetcli python-keystone
vi /etc/cinder/cinder.conf
###
[database]
connection = mysql+pymysql://cinder:123456@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
my_ip = 10.0.0.31
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = 123456
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
####
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
【验证Cinder操作】
. admin-openrc
openstack volume service list
这里遇到一个问题cinder-volume的state的为down
通过上网查询大概猜测原因为时间未完成同步,问题在于虽然chrony同步完成
但未强制使其初始时间相同
执行 chronyc -a makestep 后同步成功,volume up!
节点克隆:compute和cinder*2
关闭computer1
克隆:选择完整克隆
然后光启动克隆
修改配置
hostnamectl set-hostname computer2
修改网卡
两张网卡仅需修改ip
第二块为 10.0.0.32
vi /etc/hosts
增加 10.0.0.32 computer2
同时controller节点也做域名解析如上修改
然后所有机器重启
【computer2节点】
修改配置文件
储存
vi /etc/cinder/cinder.conf
修改my ip =10.0.0.32
systemctl restart openstack-cinder-volume.service target.service
网络
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
修改local_ip = 10.0.0.32
计算
vi /etc/nova/nova.conf
修改my_ip = 10.0.0.32
【controller】
计算
vi /etc/nova/nova.conf
添加
[scheduler]
discover_hosts_in_cells_interval = 300
做完之后全部重启
通过查看timedatectl发现时间不同步
于是卸载掉chrony,重新安装一遍同步服务
重启后好了,同时要注意重启linux bridge