OPENSTACK R 版本
目录
1.准备环境
主机名、hosts解析、防火墙、ipv6、网卡名eth0、阿里源(无必须)
主机名
hostnamectl set-hostname controller
hostnamectl set-hostname compute1
hosts
cat >> /etc/hosts << EOF
172.16.30.4 controller
172.16.30.5 compute1
EOF
防火墙
systemctl status firewalld
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
永久关闭SELinux(重启后生效)
编辑/etc/selinux/config 文件,将SELinux的默认值enforcing 改为 disabled,下次开机就不会再启动
注意:此时也不可以用setenforce 1 命令临时打开
ipv6
echo "net.ipv6.conf.all.disable_ipv6 1" >>/etc/sysctl.conf
sysctl -p
网卡名
1.编辑网卡信息
[root@linux-node2~]# cd /etc/sysconfig/network-scripts/ #进入网卡目录
[root@linux-node2network-scripts]# mv ifcfg-eno16777728 ifcfg-eth0 #重命名网卡名称
[root@linux-node2 network-scripts]# cat ifcfg-eth0 #编辑网卡信息
TYPE=Ethernet
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
NAME=eth0 #name修改为eth0
ONBOOT=yes
IPADDR=192.168.56.12
NETMASK=255.255.255.0
GATEWAY=192.168.56.2
DNS1=192.168.56.2
2.修改grub
[root@linux-node2 ~]# cat /etc/sysconfig/grub
GRUB_TIMEOUT=5
GRUB_DEFAULT=saved
GRUB_DISABLE_SUBMENU=true
GRUB_TERMINAL_OUTPUT=”console”
GRUB_CMDLINE_LINUX=”crashkernel=auto rhgb net.ifnames=0 biosdevname=0 quiet”
GRUB_DISABLE_RECOVERY=”true”
[root@linux-node2 ~]# grub2-mkconfig -o /boot/grub2/grub.cfg #生成启动菜单
Generating
grub configuration file …
Found
linux image: /boot/vmlinuz-3.10.0-229.el7.x86_64
Found
initrd image: /boot/initramfs-3.10.0-229.el7.x86_64.img
Found
linux image: /boot/vmlinuz-0-rescue-1100f7e6c97d4afaad2e396403ba7f61
Found
initrd image: /boot/initramfs-0-rescue-1100f7e6c97d4afaad2e396403ba7f61.img
Done
3.验证是否修改成功
[root@linux-node2 ~]# reboot #必须重启系统生效
[root@linux-node2 ~]# yum install net-tools #默认centos7不支持ifconfig 需要看装net-tools包
[root@linux-node2 ~]# ifconfig eth0 #在次查看网卡信息
eth0:
flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.56.12 netmask 255.255.255.0 broadcast 192.168.56.255
inet6 fe80::20c:29ff:fe5c:7bb1 prefixlen 64
scopeid 0x20<link>
ether 00:0c:29:5c:7b:b1 txqueuelen 1000 (Ethernet)
RX packets 152 bytes 14503 (14.1 KiB)
RX errors 0 dropped 0
overruns 0 frame 0
TX packets 98 bytes 14402 (14.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0
collisions 0
2.安装网络时间协议(NTP)
yum install chrony -y
主节点配置
vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 172.16.30.0/24
从节点
vim /etc/chrony.conf
server controller iburst
重启
systemctl restart chronyd.service
systemctl enable chronyd.service
3.openstack软件包
yum update -y
yum install centos-release-openstack-rocky python-openstackclient openstack-selinux openstack-utils -y
4.安装数据库【controller节点】
yum install mariadb mariadb-server python2-PyMySQL -y
创建和编辑/etc/my.cnf.d/openstack.cnf文件(/etc/my.cnf.d/如果需要,请备份现有配置文件)并完成以下操作
创建一个[mysqld]部分,并将bind-address
cat > /etc/my.cnf.d/openstack.cnf << EOF
[mysqld]
bind-address = controller
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
启动
systemctl enable mariadb.service
systemctl start mariadb.service
通过运行mysql_secure_installation 脚本来保护数据库服务。特别是,为数据库root帐户选择合适的密码 :
# mysql_secure_installation
回车-n(无密码)-一路y
5.安装消息队列服务【controller节点】
yum install rabbitmq-server -y
启动消息队列服务,并将其配置为在系统引导时启动
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmq-plugins enable rabbitmq_management
添加openstack用户:
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装好之后,使用netstat -tnlup 查看,如果有下图所示的25672和5672端口,则表示安装成功。
6.安装memcache【controller节点】
yum install memcached python-memcached -y
编辑/etc/sysconfig/memcached
sed -i '/OPTIONS/c\OPTIONS "-l 0.0.0.0"' /etc/sysconfig/memcached
启动Memcached服务
systemctl enable memcached.service
systemctl start memcached.service
安装和启动好之后,同样使用netstat -tnlup查看端口情况,看到11211端口有程序在侦听则表示memcache安装成功
7.安装etcd【controller节点】
yum install etcd -y
编辑/etc/etcd/etcd.conf
cp -a /etc/etcd/etcd.conf{,.bak}
cat > /etc/etcd/etcd.conf <<EOF
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.16.70.13:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.16.70.13:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.16.70.13:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.16.70.13:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.16.70.13:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF
启动
systemctl enable etcd
systemctl start etcd
安装和启动好之后,同样使用netstat -tnlup查看端口情况,看到2379和2380端口有程序在侦听则表示etcd安装成功
8.安装keystone
使用数据库访问客户端以root用户身份连接到数据库服务器:
$ mysql -u root -p
创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;
授予对keystone数据库的适当访问权限:(可替换KEYSTONE_DBPASS为合适的密码)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
安装软件包
yum install openstack-keystone httpd mod_wsgi -y
编辑/etc/keystone/keystone.conf
cp -a /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet
填充身份服务数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet密钥存储库
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导身份服务
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
9.配置apache
编辑/etc/httpd/conf/httpd.conf
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
创建/usr/share/keystone/wsgi-keystone.conf文件链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动Apache HTTP服务
systemctl enable httpd.service
systemctl start httpd.service
配置管理帐户
cat > admin-openrc.sh << EOF
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
创建用户绑定项目赋予权限
openstack domain create --description "Domain" example
# 创建服务所使用的项目
openstack project create --domain default --description "Service Project" service
# 创建项目
openstack project create --domain default --description "Demo Project" demo
# 创建用户
openstack user create --domain default --password DEMO_PASS demo
# 创建user角色
openstack role create user
# 将角色和项目用户绑定
openstack role add --project demo --user demo user
openstack user create --domain default --password kaikai136 kaikai
openstack role add --project admin --user kaikai admin
10.安装glance
配置数据库
使用数据库访问客户端以root用户身份连接到数据库服务器:
$ mysql -u root -p
创建glance数据库:
MariaDB [(none)]> CREATE DATABASE glance;
授予对glance数据库的适当访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
创建glance用户:
openstack user create --domain default --password-prompt glance
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
安装软件包:
yum install openstack-glance -y
编辑/etc/glance/glance-api.conf
cp -a /etc/glance/glance-api.conf{,.bak}
cp -a /etc/glance/glance-registry.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
编辑/etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
填充图像服务数据库
su -s /bin/sh -c "glance-manage db_sync" glance
启动映像服务
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
验证glance
glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public
glance image-list
导出
glance image-download --file /root/cirros.img 319c7fb7-4237-41e5-bad5-241e5025931a
命令解释:/root/cirros.img为导出后的镜像存放路径及名称,789eb102-031b-4559-a00e-eeeb3272c37c为需要导出镜像的ID
11.nova安装 控制节点
数据库配置
使用数据库访问客户端以root用户身份连接到数据库服务器:
$ mysql -u root -p
创建nova_api,nova,nova_cell0,和placement数据库:
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> CREATE DATABASE placement;
授予对数据库的适当访问权限
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
exit;
创建nova用户:
openstack user create --domain default --password NOVA_PASS nova
admin向nova用户添加角色
openstack role add --project service --user nova admin
创建nova服务实体
openstack service create --name nova --description "OpenStack Compute" compute
创建Compute API服务
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
使用您选择的来创建展示位置服务用户
openstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
创建Placement API服务
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
安装软件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
编辑/etc/nova/nova.conf
cp -a /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.16.70.13
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
通过将以下配置添加到来启用对Placement API的访问
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重新启动httpd服务
systemctl restart httpd
填充nova-api和placement数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
验证
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| 名称 | UUID | Transport URL | 数据库连接 | Disabled |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 646b8425-7d9b-4781-acd7-0a379e8e894d | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
启动
systemctl enable openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
12.nova 计算节点
安装软件包
yum install openstack-nova-compute -y
编辑/etc/nova/nova.conf
cp -a /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.16.70.12
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address ' $my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password PLACEMENT_PASS
确定计算节点是否支持虚拟机硬件加速
egrep -c '(vmx|svm)' /proc/cpuinfo
如果此命令返回值不是0,则计算节点支持硬件加速,不需要加入下面的配置。
如果此命令返回值是0,则计算节点不支持硬件加速,并且必须配置libvirt为使用QEMU而不是KVM,需要编辑/etc/nova/nova.conf 文件中的[libvirt]部分
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
启动Compute服务及其相关服务,并设置开机自启
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
controller节点测试
openstack compute service list --service nova-compute
+----+--------------+----------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+----------+------+---------+-------+----------------------------+
| 11 | nova-compute | compute1 | nova | enabled | up | 2021-01-20T08:55:21.000000 |
+----+--------------+----------+------+---------+-------+----------------------------+
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 70ad8af0-77de-4f55-8c04-6cc3cc1ee7f1
Checking host mapping for compute host 'compute1': 59ee0013-487a-49d6-ab27-d7f2100eaf61
Creating host mapping for compute host 'compute1': 59ee0013-487a-49d6-ab27-d7f2100eaf61
Found 1 unmapped computes in cell: 70ad8af0-77de-4f55-8c04-6cc3cc1ee7f1
设置适当的发现时间间隔(可选)
vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
systemctl restart openstack-nova-api.service
openstack compute service list --service nova-compute
openstack compute service list
openstack catalog list
nova-status upgrade check
---------------------
默认OpenStack的CPU超配比例是1:16,内存超配比例是1:1.5
13.安装neutron网络服务 (控制节点)
使用数据库访问客户端以root用户身份连接到数据库服务器
mysql
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
exit;
创建服务凭证
openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
创建网络服务API
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
配置 /etc/neutron/neutron.conf
cp -a /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
*******
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
配置/etc/neutron/plugins/ml2/ml2_conf.ini
cp -a /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini
cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改内核参数
echo 'net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
modprobe br_netfilter
sysctl -p
dhcp agent配置文件dhcp_agent.ini
cp -a /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
配置元数据代理,以便和nova通讯
cp -a /etc/neutron/metadata_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
修改nova的配置文件,为了和neutron交互
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
建立ml2的软连接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
填充neutron数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
启动neutron服务
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service
14.安装neutron网络服务 (计算节点)
yum install openstack-neutron-linuxbridge ebtables ipset -y
修改配置文件
修改neutron主配置文件
cp -a /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
配置Linux网桥代理
cp -a /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
修改内核参数
echo 'net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
net.ipv6.conf.all.disable_ipv6 = 1' >> /etc/sysctl.conf
modprobe br_netfilter
sysctl -p
修改nova
配置文件
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
重启服务
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl restart neutron-linuxbridge-agent.service
验证(控制节点)
openstack compute service list
openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 9f24a0b7-5878-4386-abde-cb2de7e558ab | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| bf6a201c-093c-4d5f-b45e-f7625948de26 | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| c3ffe06a-b3ef-4dad-9b17-c1f4196701dd | Linux bridge agent | compute1 | None | :-) | UP | neutron-linuxbridge-agent |
| c8ffbcf6-3ded-478e-92f8-f16e70a39381 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
15.网络配置
增加一个网卡 (控制节点)
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider,net_1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,net_1:eth1
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
systemctl restart neutron-server.service neutron-linuxbridge-agent.service
计算节点
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0,net_1:eth1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
systemctl restart neutron-linuxbridge-agent.service
openstack network create --share --external --provider-physical-network net_1 --provider-network-type flat net_1
openstack subnet create --network net_1 --allocation-pool start=172.16.30.68,end=172.16.30.70 --dns-nameserver 114.114.114.114 --gateway 172.16.30.254 --subnet-range 172.16.30.0/24 net_1
16.安装horizon服务
yum install openstack-dashboard -y
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
systemctl restart httpd.service memcached.service
17.vxlan
(控制节点)
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:10000
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 172.16.0.4
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl restart neutron-l3-agent.service
(计算节点)
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 172.16.71.12
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
systemctl restart openstack-nova-compute.service
systemctl restart neutron-linuxbridge-agent.service
vim /etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': True,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
systemctl restart httpd.service memcached.service
18.启动实例(控制节点)
1、检查各个节点间的网络通讯ping
2、删除NetworkManager软件包 在控制节点和计算节点都执行
yum remove NetworkManager -y
yum install conntrack-tools -y
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
openstack flavor list
openstack image list
openstack network list
openstack security group list
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
openstack subnet create --network provider --allocation-pool start=172.16.30.10,end=172.16.30.15 --dns-nameserver 114.114.114.114 --gateway 172.16.30.254 --subnet-range 172.16.30.0/24 provider
openstack subnet create --network provider --allocation-pool start=172.16.70.50,end=172.16.70.100 --dns-nameserver 114.114.114.114 --gateway 172.16.70.254 --subnet-range 172.16.70.0/24 provider
创建网络:
openstack network create selfservice
openstack subnet create --network selfservice --dns-nameserver 114.114.114.114 --gateway 172.16.71.254 --subnet-range 172.16.71.0/24 selfservice
创建路由器:
openstack router create router
openstack router add subnet router selfservice
openstack router set router --external-gateway provider
19.openstack调整实例大小
修改controller和各个computer节点的nova.cnf文件
openstack-config --set /etc/nova/nova.conf DEFAULT allow_resize_to_same_host True
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_filters RetryFilter,AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
然后重启服务
控制节点:
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
计算节点
systemctl restart libvirtd.service openstack-nova-compute.service
passwd
vim /etc/openstack-dashboard/local_settings
# The OPENSTACK_HYPERVISOR_FEATURES settings can be used to enable optional
# services provided by hypervisors.
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': True,
}
注意:新版openstack中dashboard界面已经修改,无法看到上述设置虚拟机密码栏目,需要切换到老版界面,同样编辑上述配置文件,修改如下配置参数:
LAUNCH_INSTANCE_LEGACY_ENABLED = True
LAUNCH_INSTANCE_NG_ENABLED = True
systemctl restart httpd.service
在计算节点上:
openstack-config --set /etc/nova/nova.conf libvirt inject_password True
systemctl restart libvirtd.service openstack-nova-compute.service
启动实例配置
centos
#!/bin/sh
mv /root/.ssh/authorized_keys /root/.ssh/authorized_keys.old
cp /home/centos/.ssh/authorized_keys /root/.ssh/
sed -i 's/#PermitRootLogin yes/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
systemctl restart sshd
passwd root<<EOF
kaikai136
kaikai136
EOF
service ssh restart
ubuntu
#!/bin/sh
sed -i '/^$/d' /etc/ssh/sshd_config
sed -i 's/#PermitRootLogin prohibit-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
cp -f /home/ubuntu/.ssh/authorized_keys /root/.ssh/
passwd root<<EOF
kaikai136
kaikai136
EOF
service ssh restart
opernstack 虚拟机宽带限速
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins neutron.services.qos.qos_plugin.QoSPlugin
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers qos
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent extensions qos
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
在计算节点上:
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent extensions qos
systemctl start neutron-linuxbridge-agent.service
neutron qos-bandwidth-limit-rule-create bw-limiter --max-kbps 3000 --max-burst-kbps 300
neutron qos-bandwidth-limit-rule-update bw-limiter --max-kbps 3000 --max-burst-kbps 300
20.安装块存储服务cinder
(控制节点)
mysql
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
exit;
openstack user create --domain default --password CINDER_PASS cinder
openstack role add --project service --user cinder admin
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
yum install openstack-cinder -y
安装和配置的部件
cp -a /etc/cinder/cinder.conf{,.bak}
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 172.16.70.13
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
su -s /bin/sh -c "cinder-manage db sync" cinder
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl stop openstack-cinder-api.service openstack-cinder-scheduler.service
(存储节点)
yum install centos-release-openstack-rocky python-openstackclient openstack-selinux openstack-utils -y
yum install openstack-utils -y
yum install lvm2 device-mapper-persistent-data -y
systemctl enable lvm2-lvmetad.service
systemctl restart lvm2-lvmetad.service
echo '- - -' >/sys/class/scsi_host/host0/scan
pvcreate /dev/sdb
pvcreate /dev/sdc
vgcreate cinder-ssd /dev/sdb
vgcreate cinder-sata /dev/sdc
vim /etc/lvm/lvm.conf
130行
filter = [ "a/sda4/", "a/sdc/", "r/.*/"]
filter = [ "a/sda4/", "r/.*/"]
yum install openstack-cinder targetcli python-keystone openstack-utils -y
cp -a /etc/cinder/cinder.conf{,.bak}
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 172.16.70.11
21.自定义存储卡
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends ssd,sata
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf ssd volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf ssd volume_group cinder-ssd
openstack-config --set /etc/cinder/cinder.conf ssd iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf ssd iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf ssd volume_backend_name ssd
openstack-config --set /etc/cinder/cinder.conf sata volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf sata volume_group cinder-sata
openstack-config --set /etc/cinder/cinder.conf sata iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf sata iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf sata volume_backend_name sata
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service
验证
openstack volume service list
22.add nfs
yum install nfs-utils -y
vim /etc/export
/data 172.16.30.0/24(rw,async,no_root_squash,no_all_squash)
mkdir /data
systemctl enable rpcbind
systemctl enable nfs
systemctl restart rpcbind
systemctl restart nfs
23.其他测试
yum install nfs-utils -y
showmount -e 172.16.30.5
Export list for 172.16.30.5:
/data 172.16.30.0/24
(存储节点)
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends ssd,sata,nfs
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends sata,nfs
openstack-config --set /etc/cinder/cinder.conf nfs volume_driver cinder.volume.drivers.nfs.NfsDriver
openstack-config --set /etc/cinder/cinder.conf nfs nfs_shares_config /etc/cinder/nfs_shares
openstack-config --set /etc/cinder/cinder.conf nfs volume_backend_name nfs
配置 /etc/cinder/nfs_shares
vim /etc/cinder/nfs_shares
172.16.30.5:/data
systemctl restart openstack-cinder-volume.service
openstack volume service list
showmount -e 172.16.30.5
24.界面创建卷类型
卷类型 >> 名称(ssd, sata, nfs) >> 卷类型扩展规格(键,值)
volume_backend_name ssd
volume_backend_name sata
volume_backend_name nfs
nfs使用(虚拟机内部)
mkfs.ext4 /dev/vdb
mount /dev/vdb /mnt
nfs服务器
mount -o loop /data/volume-2a4b2afc-5aa5-424f-948c-2ba62d301c24 /srv
********************************************openstack mv restart******************************************************
控制节点
# cinder
systemctl restart openstack-cinder-volume.service target.service
---------compute
# compute neutron
systemctl restart neutron-linuxbridge-agent.service
systemctl restart openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
systemctl enable rpcbind
systemctl enable nfs
systemctl restart rpcbind
systemctl restart nfs
----------controller
# nova
systemctl restart openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
# neutron
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# glance
systemctl restart openstack-glance-api.service openstack-glance-registry.service
systemctl restart rabbitmq-server.service
systemctl restart httpd.service
systemctl restart memcached.service
systemctl restart mariadb.service
systemctl restart chronyd.service
systemctl restart neutron-l3-agent.service
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
openstack volume service list
openstack compute service list
openstack compute service list --service nova-compute
openstack compute service list
openstack catalog list
nova-status upgrade check
nova service-list
neutron agent-list
glance image-list
cinder service-list
cinder-manage service list
控制节点
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.16.30.1
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 172.16.30.1
计算节点
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.16.30.2
(存储节点)
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 172.16.30.3
cat >> /etc/hosts << EOF
172.16.30.1 controller
172.16.30.2 compute1
EOF
+++++++++++++++++++++++++++++++++tacker+++++++++++++++++++++++++++++++++++++++++++++++++++++++++
mysql
CREATE DATABASE tacker;
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'localhost' IDENTIFIED BY 'TACKER_DBPASS';
GRANT ALL PRIVILEGES ON tacker.* TO 'tacker'@'%' IDENTIFIED BY 'TACKER_DBPASS';
exit;
openstack user create --domain default --password TACKER_PASS tacker
openstack role add --project service --user tacker admin
openstack service create --name tacker --description "Tacker Project" nfv-orchestration
openstack endpoint create --region RegionOne nfv-orchestration public http://<TACKER_NODE_IP>:9890/
openstack endpoint create --region RegionOne nfv-orchestration internal http://<TACKER_NODE_IP>:9890/
openstack endpoint create --region RegionOne nfv-orchestration admin http://<TACKER_NODE_IP>:9890/
openstack endpoint create --region RegionOne--publicurl 'http://<TACKER_NODE_IP>:9890/' --adminurl 'http://<TACKER_NODE_IP>:9890/' --internalurl 'http://<TACKER_NODE_IP>:9890/' <SERVICE-ID>
git clone https://github.com/openstack/tacker -b <branch_name>
cd tacker
sudo pip install -r requirements.txt
sudo python setup.py install
sudo mkdir /var/log/tacker
**********************************mistral***************************************************************
mysql
CREATE DATABASE manila;
GRANT ALL PRIVILEGES ON manila.* TO 'manila'@'localhost' IDENTIFIED BY 'MANILA_DBPASS';
GRANT ALL PRIVILEGES ON manila.* TO 'manila'@'%' IDENTIFIED BY 'MANILA_DBPASS';
exit;
openstack user create --domain default --password MANILA_PASS manila
openstack role add --project service --user manila admin
openstack service create --name manila --description "OpenStack Shared File Systems" share
openstack service create --name manilav2 --description "OpenStack Shared File Systems V2" sharev2
openstack endpoint create --region RegionOne share public http://controller:8786/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne share internal http://controller:8786/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne share admin http://controller:8786/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne sharev2 public http://controller:8786/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne sharev2 internal http://controller:8786/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne sharev2 admin http://controller:8786/v2/%\(tenant_id\)s
yum install openstack-manila python-manilaclient -y
cp -a /etc/manila/manila.conf{,.bak}
grep -Ev '^$|#' /etc/manila/manila.conf.bak > /etc/manila/manila.conf
openstack-config --set /etc/manila/manila.conf database connection mysql+pymysql://manila:MANILA_DBPASS@controller/manila
openstack-config --set /etc/manila/manila.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/manila/manila.conf DEFAULT default_share_type default_share_type
openstack-config --set /etc/manila/manila.conf DEFAULT share_name_template share-%s
openstack-config --set /etc/manila/manila.conf DEFAULT rootwrap_config /etc/manila/rootwrap.conf
openstack-config --set /etc/manila/manila.conf DEFAULT api_paste_config /etc/manila/api-paste.ini
openstack-config --set /etc/manila/manila.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/manila/manila.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/manila/manila.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/manila/manila.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/manila/manila.conf keystone_authtoken auth_type password
openstack-config --set /etc/manila/manila.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/manila/manila.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/manila/manila.conf keystone_authtoken project_name service
openstack-config --set /etc/manila/manila.conf keystone_authtoken username manila
openstack-config --set /etc/manila/manila.conf keystone_authtoken password MANILA_PASS
openstack-config --set /etc/manila/manila.conf DEFAULT my_ip 172.16.30.1
openstack-config --set /etc/manila/manila.conf oslo_concurrency lock_path /var/lock/manila
su -s /bin/sh -c "manila-manage db sync" manila
mkdir -p /var/lock/manila/tmp
chown manila:manila /var/lock/manila/tmp
systemctl enable openstack-manila-api.service openstack-manila-scheduler.service
systemctl start openstack-manila-api.service openstack-manila-scheduler.service
***manila node
yum install openstack-neutron openstack-neutron-linuxbridge ebtables -y
cp -a /etc/manila/manila.conf{,.bak}
grep -Ev '^$|#' /etc/manila/manila.conf.bak > /etc/manila/manila.conf
openstack-config --set /etc/manila/manila.conf database connection mysql+pymysql://manila:MANILA_DBPASS@controller/manila
openstack-config --set /etc/manila/manila.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/manila/manila.conf DEFAULT default_share_type default_share_type
openstack-config --set /etc/manila/manila.conf DEFAULT rootwrap_config /etc/manila/rootwrap.conf
openstack-config --set /etc/manila/manila.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/manila/manila.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/manila/manila.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/manila/manila.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/manila/manila.conf keystone_authtoken auth_type password
openstack-config --set /etc/manila/manila.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/manila/manila.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/manila/manila.conf keystone_authtoken project_name service
openstack-config --set /etc/manila/manila.conf keystone_authtoken username manila
openstack-config --set /etc/manila/manila.conf keystone_authtoken password MANILA_PASS
openstack-config --set /etc/manila/manila.conf DEFAULT my_ip 172.16.30.3
openstack-config --set /etc/manila/manila.conf oslo_concurrency lock_path /var/lib/manila/tmp
openstack-config --set /etc/manila/manila.conf DEFAULT enabled_share_backends generic
openstack-config --set /etc/manila/manila.conf DEFAULT enabled_share_protocols NFS
openstack-config --set /etc/manila/manila.conf neutron url http://controller:9696
openstack-config --set /etc/manila/manila.conf neutron www_authenticate_uri http://controller:5000
openstack-config --set /etc/manila/manila.conf neutron auth_url http://controller:5000
openstack-config --set /etc/manila/manila.conf neutron memcached_servers controller:11211
openstack-config --set /etc/manila/manila.conf neutron auth_type password
openstack-config --set /etc/manila/manila.conf neutron project_domain_name Default
openstack-config --set /etc/manila/manila.conf neutron user_domain_name Default
openstack-config --set /etc/manila/manila.conf neutron region_name RegionOne
openstack-config --set /etc/manila/manila.conf neutron project_name service
openstack-config --set /etc/manila/manila.conf neutron username neutron
openstack-config --set /etc/manila/manila.conf neutron password NEUTRON_PASS
openstack-config --set /etc/manila/manila.conf nova www_authenticate_uri http://controller:5000
openstack-config --set /etc/manila/manila.conf nova auth_url http://controller:5000
openstack-config --set /etc/manila/manila.conf nova memcached_servers controller:11211
openstack-config --set /etc/manila/manila.conf nova auth_type password
openstack-config --set /etc/manila/manila.conf nova project_domain_name Default
openstack-config --set /etc/manila/manila.conf nova user_domain_name Default
openstack-config --set /etc/manila/manila.conf nova region_name RegionOne
openstack-config --set /etc/manila/manila.conf nova project_name service
openstack-config --set /etc/manila/manila.conf nova username nova
openstack-config --set /etc/manila/manila.conf nova password NOVA_PASS
openstack-config --set /etc/manila/manila.conf cinder www_authenticate_uri http://controller:5000
openstack-config --set /etc/manila/manila.conf cinder auth_url http://controller:5000
openstack-config --set /etc/manila/manila.conf cinder memcached_servers controller:11211
openstack-config --set /etc/manila/manila.conf cinder auth_type password
openstack-config --set /etc/manila/manila.conf cinder project_domain_name Default
openstack-config --set /etc/manila/manila.conf cinder user_domain_name Default
openstack-config --set /etc/manila/manila.conf cinder region_name RegionOne
openstack-config --set /etc/manila/manila.conf cinder project_name service
openstack-config --set /etc/manila/manila.conf cinder username cinder
openstack-config --set /etc/manila/manila.conf cinder password CINDER_PASS
openstack-config --set /etc/manila/manila.conf generic share_backend_name GENERIC
openstack-config --set /etc/manila/manila.conf generic share_driver manila.share.drivers.generic.GenericShareDriver
openstack-config --set /etc/manila/manila.conf generic driver_handles_share_servers True
openstack-config --set /etc/manila/manila.conf generic service_instance_flavor_id 100
openstack-config --set /etc/manila/manila.conf generic service_image_name manila-service-image
openstack-config --set /etc/manila/manila.conf generic service_instance_user manila
openstack-config --set /etc/manila/manila.conf generic service_instance_password manila
openstack-config --set /etc/manila/manila.conf generic interface_driver manila.network.linux.interface.BridgeInterfaceDriver
systemctl enable openstack-manila-share.service
systemctl restart openstack-manila-share.service
manila type-create default_share_type True
+----------------------+--------------------------------------+
| Property | Value |
+----------------------+--------------------------------------+
| required_extra_specs | driver_handles_share_servers : True |
| Name | default_share_type |
| Visibility | public |
| is_default | YES |
| ID | 92bdd1fd-1e8f-4c64-9d33-28f1ffe0c9a1 |
| optional_extra_specs | |
| Description | None |
+----------------------+--------------------------------------+
curl https://tarballs.openstack.org/manila-image-elements/images/manila-service-image-master.qcow2 | \
glance image-create \
--name "manila-service-image" \
--disk-format qcow2 \
--container-format bare \
--visibility public --progress
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 172.16.70.11
# 自定义存储卡
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends sata
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
# 自定义存储卡
openstack-config --set /etc/cinder/cinder.conf ssd volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf ssd volume_group cinder-ssd
openstack-config --set /etc/cinder/cinder.conf ssd iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf ssd iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf ssd volume_backend_name ssd
openstack-config --set /etc/cinder/cinder.conf sata volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf sata volume_group cinder-sata
openstack-config --set /etc/cinder/cinder.conf sata iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf sata iscsi_helper lioadm
openstack-config --set /etc/cinder/cinder.conf sata volume_backend_name sata
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service