OpenStack Deployment Raiders: Easily Build a Powerful Cloud Architecture

CentOS Stream 8 installs open source OpenStack (V version) through Packstack

need to know

• Virtualization platform versionVMware Workstation 16.2.3
• operating system versionCentOS Linux Stream 8
• You can visit Ali Permanent Mirror Station / Huawei Permanent Mirror Station or other mirror stations to download the installation source
• The environment uses 2 virtual machines, single network card, and configures static IP and DNS for them
• Starting from Ussuriversion, you need to use CentOS 8or RHEL 8, as of press time, Stream 8the highest version supported by version is xena
• to buildopenstackThe most troublesome thing is the yum source problem. It is recommended to strictly follow this blog to configure the yum source
• Nanny level, follow the steps, absolutely one-time installation success.

environmental planning

The control node and computing node must start the virtualization engine Intel VT-xor AMD-V. Control nodes will be reused as computing nodes and network nodes in the future. The configuration of the virtual machine can be adjusted according to the actual situation.

CPU name	IP	Gateway/DNS	CPU/Memory	disk	Role	Remark
controller	192.168.129.185	192.168.129.2	4c8g	100g	Control/Network/Compute Node	The virtualization engine must be enabled
computer	192.168.129.186	192.168.129.2	4c8g	100g	calculate node	The virtualization engine must be enabled

System environment configuration

Network Configuration

The network card types of the control node and computing node in the current environment areNAT

Network card configuration, close firewall, Selinux, NetworkManager

• control node

### 网卡配置

[root@tmp ~]# hostnamectl set-hostname controller
[root@tmp ~]# hostname
controller

[root@tmp ~]# cd /etc/sysconfig/network-scripts/
[root@tmp network-scripts]# ls
ifcfg-ens160
[root@tmp network-scripts]# vi ifcfg-ens160 
[root@tmp network-scripts]# cat ifcfg-ens160 
TYPE=Ethernet
BOOTPROTO=none
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.129.185
NETMASK=255.255.255.0
GATEWAY=192.168.129.2
DNS1=192.168.129.2

### 可以再配置完ip之后关机拍摄快照

### 关闭防火墙
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

### 关闭SELINUX
[root@controller ~]# setenforce 0
[root@controller ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

### 关闭NetworkManager
[root@controller ~]# systemctl stop NetworkManager
[root@controller ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.

• calculate node

### 网卡配置

[root@tmp ~]# hostnamectl set-hostname computer
[root@tmp ~]# hostname
computer

[root@tmp ~]# cd /etc/sysconfig/network-scripts/
[root@tmp network-scripts]# ls
ifcfg-ens160
[root@tmp network-scripts]# vi ifcfg-ens160 
[root@tmp network-scripts]# cat ifcfg-ens160 
TYPE=Ethernet
BOOTPROTO=none
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.129.186
NETMASK=255.255.255.0
GATEWAY=192.168.129.2
DNS1=192.168.129.2
[root@tmp network-scripts]# 

### 可以再配置完ip之后关机拍摄快照

According to the actual situation to the processor

### 关闭防火墙
[root@computer ~]# systemctl stop firewalld
[root@computer ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

### 关闭SELINUX
[root@computer ~]# setenforce 0
[root@computer ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config

### 关闭NetworkManager
[root@computer ~]# systemctl stop NetworkManager
[root@computer ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.

Configure ip and hostname to install the basic package

• control node

### 配置ip及主机名
[root@controller ~]# vi /etc/hosts
[root@controller ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.129.185 controller
192.168.129.186 computer

[root@controller ~]# ping computer

### 安装基础包
[root@controller ~]# yum install -y vim net-tools bash-completion chrony.x86_64 centos-release-openstack-victoria.noarch

• calculate node

### 配置ip及主机名
[root@computer ~]# vi /etc/hosts
[root@computer ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.129.185 controller
192.168.129.186 computer
[root@computer ~]# ping controller

### 安装基础包
[root@computer ~]# yum install -y vim net-tools bash-completion chrony.x86_64 centos-release-openstack-victoria.noarch

If there is an error in installing the basic package and there is no ip after restarting, you can restart NetworkManager, and then shut it down

NTP time synchronization configuration

The Linux 8 version no longer supports ntpdatethe tool by default, use instead chronydfor synchronization

• control node

[root@controller ~]#  vi /etc/chrony.conf

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
sever  pool ntp.aliyun.com iburst     ### 配置了阿里云ntp

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
..............

### 启动服务
[root@controller ~]# systemctl start chronyd.service
Job for chronyd.service failed because the control process exited with error code.
See "systemctl status chronyd.service" and "journalctl -xe" for details.
[root@controller ~]# systemctl enable chronyd.service

• calculate node

[root@computer ~]# vi /etc/chrony.conf

# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#pool 2.centos.pool.ntp.org iburst
sever  pool ntp.aliyun.com iburst     ### 配置了阿里云ntp

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
..............

### 启动服务
[root@computer ~]# systemctl start chronyd.service
Job for chronyd.service failed because the control process exited with error code.
See "systemctl status chronyd.service" and "journalctl -xe" for details.
[root@computer ~]# systemctl enable chronyd.service

Configure YUM source

• control node

[root@controller ~]# mkdir /etc/yum.repos.d/bak
[root@controller ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/

[root@controller ~]# cat <<EOF > /etc/yum.repos.d/cloudcs.repo

[highavailability]
name=CentOS Stream 8 - HighAvailability
baseurl=https://mirrors.aliyun.com/centos/8-stream/HighAvailability/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[nfv]
name=CentOS Stream 8 - NFV
baseurl=https://mirrors.aliyun.com/centos/8-stream/NFV/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[rt]
name=CentOS Stream 8 - RT
baseurl=https://mirrors.aliyun.com/centos/8-stream/RT/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[resilientstorage]
name=CentOS Stream 8 - ResilientStorage
baseurl=https://mirrors.aliyun.com/centos/8-stream/ResilientStorage/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[extras-common]
name=CentOS Stream 8 - Extras packages
baseurl=https://mirrors.aliyun.com/centos/8-stream/extras/x86_64/extras-common/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[extras]
name=CentOS Stream $releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/$contentdir/$stream/extras/$basearch/os/
baseurl=https://mirrors.aliyun.com/centos/8-stream/extras/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

[centos-ceph-pacific]
name=CentOS - Ceph Pacific
baseurl=https://mirrors.aliyun.com/centos/8-stream/storage/x86_64/ceph-pacific/
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage

[centos-rabbitmq-38]
name=CentOS-8 - RabbitMQ 38
baseurl=https://mirrors.aliyun.com/centos/8-stream/messaging/x86_64/rabbitmq-38/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Messaging

[centos-nfv-openvswitch]
name=CentOS Stream 8 - NFV OpenvSwitch
baseurl=https://mirrors.aliyun.com/centos/8-stream/nfv/x86_64/openvswitch-2/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV
module_hotfixes=1

[baseos]
name=CentOS Stream 8 - BaseOS
baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[appstream]
name=CentOS Stream 8 - AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1

[centos-openstack-victoria]
name=CentOS 8 - OpenStack victoria
baseurl=https://mirrors.aliyun.com/centos/8-stream/cloud/x86_64/openstack-victoria/
#baseurl=https://repo.huaweicloud.com/centos/8-stream/cloud/x86_64/openstack-yoga/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
module_hotfixes=1

[powertools]
name=CentOS Stream 8 - PowerTools
#mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra
baseurl=https://mirrors.aliyun.com/centos/8-stream/PowerTools/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
EOF

[root@controller ~]# ls /etc/yum.repos.d/
bak  cloudcs.repo
[root@controller ~]# yum clean all
27 files removed
[root@controller ~]# yum repolist all
repo id                           repo name                                   status
appstream                         CentOS Stream 8 - AppStream                 enabled
baseos                            CentOS Stream 8 - BaseOS                    enabled
centos-ceph-pacific               CentOS - Ceph Pacific                       enabled
centos-nfv-openvswitch            CentOS Stream 8 - NFV OpenvSwitch           enabled
centos-openstack-victoria         CentOS 8 - OpenStack victoria               enabled
centos-rabbitmq-38                CentOS-8 - RabbitMQ 38                      enabled
extras                            CentOS Stream  - Extras                     enabled
extras-common                     CentOS Stream 8 - Extras packages           enabled
highavailability                  CentOS Stream 8 - HighAvailability          enabled
nfv                               CentOS Stream 8 - NFV                       enabled
powertools                        CentOS Stream 8 - PowerTools                enabled
resilientstorage                  CentOS Stream 8 - ResilientStorage          enabled
rt                                CentOS Stream 8 - RT                        enabled
[root@controller ~]# 

• calculate node

[root@computer ~]# mkdir /etc/yum.repos.d/bak
[root@computer ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/

### 通过远程拷贝方式将 控制节点 yum 文件，拉取到计算节点
[root@compute ~]# scp controller:/etc/yum.repos.d/cloudcs.repo /etc/yum.repos.d/
The authenticity of host 'controller (192.168.100.128)' can't be established.
ECDSA key fingerprint is SHA256:0wisA68htG476jVggvEX5wWHxAK9nmDDWXzLAmwP8as.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'controller,192.168.100.128' (ECDSA) to the list of known hosts.
root@controller's password: 
cloudcs.repo    

[root@computer ~]# 
[root@computer ~]# ls /etc/yum.repos.d/
bak  cloudcs.repo
[root@computer ~]# yum clean all
27 files removed
[root@computer ~]# yum repolist  all
repo id                           repo name                                   status
appstream                         CentOS Stream 8 - AppStream                 enabled
baseos                            CentOS Stream 8 - BaseOS                    enabled
centos-ceph-pacific               CentOS - Ceph Pacific                       enabled
centos-nfv-openvswitch            CentOS Stream 8 - NFV OpenvSwitch           enabled
centos-openstack-victoria         CentOS 8 - OpenStack victoria               enabled
centos-rabbitmq-38                CentOS-8 - RabbitMQ 38                      enabled
extras                            CentOS Stream  - Extras                     enabled
extras-common                     CentOS Stream 8 - Extras packages           enabled
highavailability                  CentOS Stream 8 - HighAvailability          enabled
nfv                               CentOS Stream 8 - NFV                       enabled
powertools                        CentOS Stream 8 - PowerTools                enabled
resilientstorage                  CentOS Stream 8 - ResilientStorage          enabled
rt                                CentOS Stream 8 - RT                        enabled
[root@computer ~]# 

installation configuration

Control node to install PackStack tools

[root@controller ~]# yum install -y openstack-packstack

..............
  rubygems-2.7.6.3-110.module_el8.6.0+1187+541216eb.noarch                      
  yaml-cpp-0.6.3-1.el8.x86_64                                                   
Complete!

generate answer file

[root@controller ~]# packstack --help | grep ans
  --gen-answer-file=GEN_ANSWER_FILE
                        Generate a template of an answer file.
  --validate-answer-file=VALIDATE_ANSWER_FILE
                        Check if answerfile contains unexpected options.
  --answer-file=ANSWER_FILE
                        answerfile will also be generated and should be used
  -o, --options         Print details on options available in answer file(rst
                        Packstack a second time with the same answer file and
                        attribute where "y" means an account is disabled.
    --manila-netapp-transport-type=MANILA_NETAPP_TRANSPORT_TYPE
                        The transport protocol used when communicating with


[root@controller ~]# packstack --gen-answer-file=memeda.txt   ## 指定文件路径名称
Packstack changed given value  to required value /root/.ssh/id_rsa.pub
Additional information:
 * Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks

Edit answer file

Pay attention to setting parameters CONFIG_NEUTRON_OVN_BRIDGE_IFACES, OVN will automatically create a br-ex virtual switch and bridge ens160 to the br-ex virtual switch. In the future, the cloud host can connect to the external network through br-ex.

[root@controller ~]# cat /etc/redhat-release 
CentOS Stream release 8

[root@controller ~]# vi memeda.txt

92 # Server on which to install OpenStack services specific to the
93 # controller role (for example, API servers or dashboard).
94 CONFIG_CONTROLLER_HOST=192.168.129.185
95 
### 要安装计算服务的服务器。我们在计算和控制节点都安装，复用
96 # List the servers on which to install the Compute service.
97 CONFIG_COMPUTE_HOSTS=192.168.129.185,192.168.129.186

### 身份验证密码
322 # Password to use for the Identity service 'admin' user.
323 CONFIG_KEYSTONE_ADMIN_PW=redhat

### 创建测试用例，关闭
1168 # Specify 'y' to provision for demo usage and testing. ['y', 'n']
1169 CONFIG_PROVISION_DEMO=n

### 编排组件
59 # Specify 'y' to install OpenStack Orchestration (heat). ['y', 'n        ']
60 CONFIG_HEAT_INSTALL=y

### 桥接，映射射到自己控制节点的网卡
907 # ovn-bridge-mappings=ext-net:br-ex --os-neutron-ovn-bridge-
908 # interfaces=br-ex:eth0
909 CONFIG_NEUTRON_OVN_BRIDGE_IFACES=br-ex:ens160   -------注意自己网卡

Execute the answer file to install

### 大概需要等待30分钟
[root@controller ~]# packstack --answer-file=memeda.txt
Welcome to the Packstack setup utility

The installation log file is available at: /var/tmp/packstack/20230806-151155-lamn_upk/openstack-setup.log

Installing:
Clean Up                                             [ DONE ]
Discovering ip protocol version                      [ DONE ]
[email protected]'s password:          ### 输入两台节点密码
[email protected]'s password:          ### 输入两台节点密码
Setting up ssh keys                                  [ DONE ]
Preparing servers                                    [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries                        [ DONE ]
Setting up CACERT                                    [ DONE ]
Preparing AMQP entries                               [ DONE ]
Preparing MariaDB entries                            [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries                           [ DONE ]
Preparing Glance entries                             [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Preparing Cinder entries                             [ DONE ]
Preparing Nova API entries                           [ DONE ]
Creating ssh keys for Nova migration                 [ DONE ]
Gathering ssh host keys for Nova migration           [ DONE ]
Preparing Nova Compute entries                       [ DONE ]
Preparing Nova Scheduler entries                     [ DONE ]
Preparing Nova VNC Proxy entries                     [ DONE ]
Preparing OpenStack Network-related Nova entries     [ DONE ]
Preparing Nova Common entries                        [ DONE ]
Preparing Neutron API entries                        [ DONE ]
Preparing Neutron L3 entries                         [ DONE ]
Preparing Neutron L2 Agent entries                   [ DONE ]
Preparing Neutron DHCP Agent entries                 [ DONE ]
Preparing Neutron Metering Agent entries             [ DONE ]
Checking if NetworkManager is enabled and running    [ DONE ]
Preparing OpenStack Client entries                   [ DONE ]
Preparing Horizon entries                            [ DONE ]
Preparing Swift builder entries                      [ DONE ]
Preparing Swift proxy entries                        [ DONE ]
Preparing Swift storage entries                      [ DONE ]
Preparing Heat entries                               [ DONE ]
Preparing Heat CloudFormation API entries            [ DONE ]
Preparing Gnocchi entries                            [ DONE ]
Preparing Redis entries                              [ DONE ]
Preparing Ceilometer entries                         [ DONE ]
Preparing Aodh entries                               [ DONE ]
Preparing Puppet manifests                           [ DONE ]
Copying Puppet modules and manifests                 [ DONE ]
Applying 192.168.129.185_controller.pp
192.168.129.185_controller.pp:                       [ DONE ]            
Applying 192.168.129.185_network.pp
192.168.129.185_network.pp:                          [ DONE ]         
Applying 192.168.129.186_compute.pp
Applying 192.168.129.185_compute.pp
192.168.129.185_compute.pp:                          [ DONE ]         
192.168.129.186_compute.pp:                          [ DONE ]         
Applying Puppet manifests                            [ DONE ]
Finalizing                                           [ DONE ]

 **** Installation completed successfully ******

Additional information:
 * Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks
 * Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
 * File /root/keystonerc_admin has been created on OpenStack client host 192.168.129.185. To use the command line tools you need to source the file.
 * To access the OpenStack Dashboard browse to http://192.168.129.185/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
 * The installation log file is available at: /var/tmp/packstack/20230806-151155-lamn_upk/openstack-setup.log
 * The generated manifests are available at: /var/tmp/packstack/20230806-151155-lamn_upk/manifests

finish installation

test login

Open a browser, visithttp://192.168.129.185/dashboard

Account: admin

Password: redhat

open network

• control node

Because shutting down the NetworkManager service will cause the network to not be automatically enabled after the node is restarted, and will also cause abnormalities in the openstack components, so enable the network to replace the NetworkManager service.

[root@controller ~]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@controller ~]# systemctl start  network

• calculate node

[root@computer ~]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@computer ~]# systemctl start  network

• Replenish

• When using the Packstack tool to build OpenStack, you need to close NetworkManager and open and use the network, mainly because the requirements and configuration of the network in the OpenStack environment are not suitable for the working method of NetworkManager. NetworkManager is a network management for graphics and command line environments. A tool designed to provide convenient network configuration for desktop users. It is able to handle various network types, including wired, wireless, bluetooth, etc., and dynamically manages according to the network environment. However, in an OpenStack environment, networking requirements are often more complex, requiring more control and customization.
• OpenStack is an open source platform for building cloud infrastructure, which involves the configuration and management of multiple virtual machines, networks, storage and other components. In an OpenStack environment, the network usually needs to be highly customized and fine-grained to meet the needs of different tenants and application scenarios. This does not fit well with the automated and dynamic network management approach provided by NetworkManager.
• With traditional network services, you can more precisely configure and manage parameters such as network interfaces, IP addresses, and routes to meet complex network requirements in the OpenStack environment. This is very important for OpenStack functions such as creating virtual networks, isolating tenants, and realizing network interoperability.
• Therefore, in order to ensure that the network configuration of the OpenStack environment can accurately meet its needs, it is usually recommended to close the NetworkManager when building OpenStack, and use the traditional network service for network configuration. This allows better control and tuning of network parameters to ensure stability and performance of the OpenStack network

• End