OpenStack 环境搭建
OpenStack 版本:Pike
环境准备
节点 | 系统 | ip | 描述 |
---|---|---|---|
controller | CentOS 7 | 192.168.8.212 | 控制节点 |
compute | CnetOS 7 | 192.168.8.213 | 计算节点 |
配置 ip
修改主机名
controller 节点:
[root@localhost ~]# vim /etc/hostname
controller
# 重启主机
[root@localhost ~]# reboot
compute 节点:
[root@localhost ~]# vim /etc/hostname
compute
# 重启主机
[root@localhost ~]# reboot
修改 host 文件
compute 和 controller 节点做相同的配置,方便节点之间互相登录
[root@controller ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.8.212 controller
192.168.8.213 compute
关闭防火墙 + 关闭 selinux
controller 节点:
[root@controller ~]# systemctl stop firewalld.service
[root@controller ~]# systemctl disable firewalld.service
[root@controller ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
compute 节点:
[root@compute ~]# systemctl stop firewalld.service
[root@compute ~]# systemctl disable firewalld.service
[root@compute ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
同步主机时间(NTP)
controller 节点
安装软件包
[root@controller ~]# yum install chrony -y
修改配置文件
/etc/chrony.conf
[root@controller ~]# vim /etc/chrony.conf
server NTP_SERVER iburst
NTP_SERVER : 合适的时间服务器
allow 102.168.0.0/16
重启服务
[root@controller ~]# systemctl enable chronyd.service
[root@controller ~]# systemctl start chronyd.service
compute 节点
安装软件包
[root@compute ~]# yum install chrony -y
修改配置文件
/etc/chrony.conf
[root@compute ~]# vim /etc/chrony.conf
server controller iburst
启动服务
[root@compute ~]# systemctl enable chronyd.service
[root@compute ~]# systemctl start chronyd.service
验证
controller 节点
[root@controller ~]# chronyc sources
210 Number of sources = 4
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^+ ntp6.flashdance.cx 2 6 367 60 -23ms[ -16ms] +/- 213ms
^* tock.ntp.infomaniak.ch 1 6 277 57 -703us[+6042us] +/- 93ms
^+ ntp1.flashdance.cx 2 6 377 58 +1557us[+8299us] +/- 204ms
^+ stratum2-1.ntp.led01.ru.> 2 6 261 58 +12ms[ +18ms] +/- 94ms
cpmoute 节点
[root@compute ~]# chronyc sources
210 Number of sources = 5
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? ntp.wdc1.us.leaseweb.net 2 6 11 52 -19ms[ -19ms] +/- 243ms
^+ stratum2-1.ntp.led01.ru.> 2 6 17 58 +9474us[ +11ms] +/- 97ms
^? ntp5.flashdance.cx 0 6 0 - +0ns[ +0ns] +/- 0ns
^+ ntp1.flashdance.cx 2 6 17 58 +1383us[+2534us] +/- 218ms
^* controller 2 6 17 58 -11ms[-9668us] +/- 104ms
安装 openstack 软件包
配置合适的 yum 源
tee /etc/yum.repos.d/pike-75.repo << EOF [pike-75] name=pike-75 baseurl=http://192.168.8.200/pike/rpms7.5 enabled=1 gpgcheck=0 EOF
controller 节点
[root@controller ~]# yum install -y openstack-utils openstack-selinux python-openstackclient
[root@controller ~]# yum upgrade -y
compute 节点
[root@compute ~]# yum install -y openstack-utils openstack-selinux python-openstackclient
[root@compute ~]# yum upgrade -y
注: 此处使用的是制作的本地 yum 源,安装命令有所区别,详情参见官方文档
安装 SQL 数据服务
controller 节点
安装软件包
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
修改配置文件
/etc/my.cnf.d/openstack.cnf
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.8.212 # 控制节点的管理 ip
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动 SQL 服务
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
[root@controller ~]# mysql_secure_installation
以 root 启动mysql数据库,注意看提示设置数据库密码,其他选项皆为 yes;密码为:root
安装 message queue 服务
controller 节点
安装 rpm 包
[root@controller ~]# yum install rabbitmq-server -y
启动 mq 服务
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
创建 openstack 用户
[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
RABBIT_PASS : openstack 用户密码 : openstack
配置访问权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
安装 Memcached 服务
服务的身份验证机制使用Memcached来缓存令牌,memcached服务通常在控制器节点上运行,对于生产部署,我们建议启用防火墙,身份验证和加密的组合以保护其安全
controller 节点
安装 rpm 包
[root@controller ~]# yum install memcached python-memcached -y
修改配置文件
/etc/sysconfig/memcached
[root@controller ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"
启动服务
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
安装 Etcd 服务
controller 节点
安装 rpm 包
[root@controller ~]# yum install etcd -y
修改配置文件
/etc/etcd/etcd.conf
ETCD_INITIAL_CLUSTER
, ETCD_INITIAL_ADVERTISE_PEER_URLS
, ETCD_ADVERTISE_CLIENT_URLS
, ETCD_LISTEN_CLIENT_URLS
[root@controller ~]# vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.8.212:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.8.212:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.8.212:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.8.212:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.8.212:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
启动服务
[root@controller ~]# systemctl enable etcd
[root@controller ~]# systemctl start etcd
安装 openstack 服务
Keystone 服务(controller node)
建立数据库
[root@controller ~]# mysql -u root -p
密码: mysql 数据库密码,
root
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
-> IDENTIFIED BY 'KEYSTONE_DBPASS';
KEYSTONE_DBPASS:keystone 数据库密码:
keystone
安装配置 keystone 服务
安装 rpm 包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
修改配置文件
/etc/keystone/keystone.conf
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
KEYSTONE_DBPASS : keystone 数据库密码:keystone
执行脚本生成数据表
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化密钥库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动 keystone 服务
[root@controller ~]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:35357/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
ADMIN_PASS: keystone 服务密码 : keystone
安装配置 apache 服务
修改配置文件
/etc/httpd/conf/httpd.conf
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
创建软链接
/usr/share/keystone/wsgi-keystone.conf
/etc/httpd/conf.d/
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
完成安装
启动 http server
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
配置 admin 账户
[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=ADMIN_PASS
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
ADMIN_PASS : admin 用户密码 : keystone
创建 domain, projects, users, roles
Create the service
project:
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24194e8a86864711bbf8bbd32b1047a5 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
Create the demo
project:
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | b6671b7ce38a44cb901d1f0b12e4ca42 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
Create the demo
user:
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 70a67421d62a4cb085a08deafb54b418 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
User Password: keystone
Create the user
role:
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | d2efda8be55349fab9ba5f50c1de6778 |
| name | user |
+-----------+----------------------------------+
Add the user
role to the demo
project and user:
[root@controller ~]# openstack role add --project demo --user demo user
验证 keystone 服务
取消 OS_AUTH_URL 和 OS_PASSWORD 环境变量
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
admin 用户获取 token
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-08-14T07:23:03+0000 |
| id | gAAAAABfNi3HVs9cf-bWxrI7xkIPg08cCxj_VLj8bhr4JcrYkq1MCiEMzsQh91hW8kl8nDTDGj72Eb9K6-hpUWRreLlzSB4Pe-MsLz5q5kOvRACUeQPucnxDh5J_3WCGwKgnnXimhRM5GG1vvrtqG7fHcJA8qyVaQ7FFxy_UzthzKBkcXL6euXw |
| project_id | a10a48cffde949d9bd00f95955cd0c65 |
| user_id | c84cdffc89c74cd6819d3c02f1e44f36 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Password : admin 用户密码 keystone
demo 用户获取 token
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-08-14T07:24:38+0000 |
| id | gAAAAABfNi4mw1Ic22jRGqvvWKTfhJjFwwdvwAnT42eKza4P4lbHswMlWfGJ7DVk7HW03qYts4edsD0jEHyy3zG53EF1wsYxt5ykpnbjhtdQCSh3opf-O8gG51epBz2AAK0GpyvZxSCEyq92yralv9S-Pk0ZNqiTgdJHK8Rz5YWTSzHvCSKk890 |
| project_id | b6671b7ce38a44cb901d1f0b12e4ca42 |
| user_id | 70a67421d62a4cb085a08deafb54b418 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
Password : demo 用户密码 : keystone
创建 openstack 客户端脚本
创建编辑脚本
admin-openrc.sh
[root@controller ~]# vim admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
ADMIN_PASS : admin 用户密码 : keystone
demo-openrc.sh
[root@controller ~]# vim demo-openrc.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
DEMO_PASS : demo 用户密码:keystone
使用脚本
source 脚本文件
. admin-openrc
获取 token
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-08-14T07:33:12+0000 |
| id | gAAAAABfNjAoME8Bfd9JjVIqgN8YtSkXKr3C5fIHLru2mb5fOqa5xAvV6a1gRcGEtkgnvYOdlgxo0f0eyhFSFDhHhGym8g5e-v66sjR4o7Sr8dN3zkSrR2pB9H0n0-VxvD4IQHmV-fEVxAyHOLqikw7rp7BdvGBFPSuuQMyAMVa_BDvvi7iFqcs |
| project_id | a10a48cffde949d9bd00f95955cd0c65 |
| user_id | c84cdffc89c74cd6819d3c02f1e44f36 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
安装 glance 服务(controller node)
建立数据库
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
GLANCE_DBPASS : glance 数据库密码 : glance
source 环境变量
. admin-openrc
创建 glance 用户
Create the glance
user:
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9f4a69a718554924b1a58d4131a12222 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
User Password: glance 用户密码 : glance
Add the admin
role to the glance
user and service
project:
[root@controller ~]# openstack role add --project service --user glance admin
Create the glance
service entity:
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 2f05d178f0f9420ba67583de4d1900de |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建 API endpoint
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9f792c74583f4a9caac33a74c811ae2e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2f05d178f0f9420ba67583de4d1900de |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 74296a124d3242ed9495e95911d435b2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2f05d178f0f9420ba67583de4d1900de |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2fff0737474441538016036fe5c9730c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2f05d178f0f9420ba67583de4d1900de |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
安装配置 keystone
安装 rpm 包
[root@controller ~]# yum install openstack-glance -y
修改配置文件
/etc/glance/glance-api.conf
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
GLANCE_DBPASS : glance 数据库密码:glance
GLANCE_PASS: glance 用户密码 : glance
/etc/glance/glance-registry.conf
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
GLANCE_DBPASS : glance 数据库密码: glance
GLANCE_PASS : glance 用户密码 : glance
生成数据表
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
启动 glance 服务
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# ps -ef | grep glance
glance 23907 1 7 15:07 ? 00:00:02 /usr/bin/python2 /usr/bin/glance-api
glance 23908 1 5 15:07 ? 00:00:01 /usr/bin/python2 /usr/bin/glance-registry
glance 23925 23908 0 15:07 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-registry
glance 23926 23908 0 15:07 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-registry
glance 23927 23907 0 15:07 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-api
glance 23928 23907 0 15:07 ? 00:00:00 /usr/bin/python2 /usr/bin/glance-api
root 23938 15638 0 15:07 pts/0 00:00:00 grep --color=auto glance
安装 nova 服务(controller node)
建立数据库
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
-> IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
-> IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
-> IDENTIFIED BY 'NOVA_DBPASS';
NOVA_DBPASS : nova 数据库密码 : nova
source 环境变量
[root@controller ~]# source admin-openrc.sh
创建 nova 用户
Create the nova
user
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | dea0585c1de643c999cfee5fd5636d82 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
User Password: nova 用户密码 : nova
Add the admin
role to the nova
user
[root@controller ~]# openstack role add --project service --user nova admin
Create the nova
service entity
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 4f8255382b63424d892ac222d6a8cad6 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建 nova API endpoint
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5c91943fdccd4ee4855af0a11d9f7bb4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f8255382b63424d892ac222d6a8cad6 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6d6c511c362e45659c69a5c9a5338a33 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f8255382b63424d892ac222d6a8cad6 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bd62d2d58310453f8a30ef5083d42791 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f8255382b63424d892ac222d6a8cad6 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
配置 placement
Create a Placement service user
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5d6fc9aa3c984ee9b97750ad7766902c |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
User Password: placement 用户密码 : placement
Add the Placement user to the service project with the admin role
[root@controller ~]# openstack role add --project service --user placement admin
Create the Placement API entry in the service catalog
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 00da19c485ae41618da43fb66a261022 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
Create the Placement API service endpoints
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c08af54f33b542a4acee001409f4267b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 00da19c485ae41618da43fb66a261022 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f08ccc694dbf48cf9b27e0b5654569f1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 00da19c485ae41618da43fb66a261022 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b59884456dea41bd82d897a8e44ae223 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 00da19c485ae41618da43fb66a261022 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
安装配置 nova 服务
安装 rpm 包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
修改配置文件
/etc/nova/nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS @controller
my_ip = 192.168.8.212
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS @controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS @controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
NOVA_DBPASS : nova 数据库密码 : nova
RABBIT_PASS : mq 密码 : openstack
NOVA_PASS : nova 用户密码 : nova
PLACEMENT_PASS : placement 用户密码 : placement
/etc/httpd/conf.d/00-nova-placement-api.conf
[root@controller ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启 httpd 服务
[root@controller ~]# systemctl restart httpd
创建数据表
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
c27dc68b-c21f-4f8f-b179-2d5ec0a7ca74
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 | c27dc68b-c21f-4f8f-b179-2d5ec0a7ca74 | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
启动 nova 服务
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
安装 nova 服务(compute node)
安装 rpm 包
[root@compute ~]# yum install openstack-nova-compute -y
修改配置文件
/etc/nova/nova.conf
[root@compute ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
RABBIT_PASS : mq 密码 : openstack
NOVA_PASS : nova 用户密码 : nova
MANAGEMENT_INTERFACE_IP_ADDRESS : 计算节点管理ip
PLACEMENT_PASS : placement 用户密码 : placement
检验compute node
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
4
返回值大于等于1,说明主机支持硬件加速,如果返回值等于 0,修改配置文件:
[root@compute ~]# vim /etc/nova/nova.conf [libvirt] virt_type = qemu
启动 nova 服务
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service
添加 compute node to cell database
在 controller 节点执行下列命令
confirm there are compute hosts in the database
[root@controller ~]# source admin-openrc.sh
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 7 | nova-compute | compute | nova | enabled | up | 2020-08-14T08:21:22.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
Discover compute hosts
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': c27dc68b-c21f-4f8f-b179-2d5ec0a7ca74
Checking host mapping for compute host 'compute': afb1f08e-c8a6-4531-aa34-e8383917aa18
Creating host mapping for compute host 'compute': afb1f08e-c8a6-4531-aa34-e8383917aa18
Found 1 unmapped computes in cell: c27dc68b-c21f-4f8f-b179-2d5ec0a7ca74
添加新的计算节点时,必须在控制器节点上运行
nova-manage cell_v2 discover_hosts
才能注册这些新的计算节点。另外,可以在/etc/nova/nova.conf
中设置适当的间隔:[scheduler] discover_hosts_in_cells_interval = 300
安装 neutron 服务(controller node)
建立数据库
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
-> IDENTIFIED BY 'NEUTRON_DBPASS';
NEUTRON_DBPASS : neutron 数据库密码 : neutron
source 环境变量
[root@controller ~]# source admin-openrc.sh
创建 neutron 用户
Create the neutron
user
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 80b6813af19f4dce9e1ab7eabe1ddf4f |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
User Password: neutron 用户密码:neutron
Add the admin
role to the neutron
user
[root@controller ~]# openstack role add --project service --user neutron admin
Create the neutron
service entity
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 68831af9c30041968efbfe790695f7f7 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
创建 neutron API endpoint
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ec4d80c7a60d4dd3bf641011a0984ae7 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 68831af9c30041968efbfe790695f7f7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9ff2016f038a4b3390b0fc4dda0a43da |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 68831af9c30041968efbfe790695f7f7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 87f127eb06554622ad1fad24bcc0d644 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 68831af9c30041968efbfe790695f7f7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
配置网络选项
两种方式选一种
安装 rpm 包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables -y
直接使用 ovs agent,不适用 linux bridge agent
启动 ovs 服务:
[root@controller ~]# systemctl enable openvswitch [root@controller ~]# systemctl start openvswitch [root@controller ~]# systemctl status openvswitch ● openvswitch.service - Open vSwitch Loaded: loaded (/usr/lib/systemd/system/openvswitch.service; enabled; vendor preset: disabled) Active: active (exited) since Sat 2020-08-15 10:28:58 CST; 12s ago Process: 19089 ExecStart=/bin/true (code=exited, status=0/SUCCESS) Main PID: 19089 (code=exited, status=0/SUCCESS) Aug 15 10:28:58 controller systemd[1]: Starting Open vSwitch... Aug 15 10:28:58 controller systemd[1]: Started Open vSwitch. [root@controller ~]# ovs-vsctl show 1f74c335-2a35-4b8b-a08b-e06c698fb0a3 ovs_version: "2.9.0"
修改配置文件
/etc/neutron/neutron.conf
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
NEUTRON_DBPASS : neutron 数据库密码:neutron
RABBIT_PASS : mq 密码 : openstack
NEUTRON_PASS : neutron 用户密码 :neutron
NOVA_PASS : nova 用户密码:nova
/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan,vlan,flat
# mechanism_drivers = linuxbridge,l2population
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
# flat_networks = provider
[ml2_type_vlan]
network_vlan_ranges = external:2259:2260,service:2246:2258,management
[ml2_type_vxlan]
vni_ranges = 10001:65535
[securitygroup]
enable_ipset = true
创建 ovs 网桥
[root@controller ~]# ovs-vsctl add-br br-ex # external 网络,走 br-ex 网桥
[root@controller ~]# ovs-vsctl add-br br-service # service 网络,走 br-service 网桥
[root@controller ~]# ovs-vsctl add-br br-mgnt # management 网络,走 br-mgnt 网桥
ovs-vsctl add-port br-eth2 eth2 # 可以使用这个命令为port添加port
/etc/neutron/plugins/ml2/openvswitch_agent.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[ovs]
bridge_mappings = external:br-ex,service:br-service,management:br-mgnt
local_ip = 192.168.8.212
ovsdb_interface = native
[agent]
tunnel_types = vxlan
l2_population = True
tunnel_csum = True
[securitygroup]
enable_security_group = True
/etc/neutron/l3_agent.ini
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
/etc/neutron/dhcp_agent.ini
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
/etc/neutron/metadata_agent.ini
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = metadata
METADATA_SECRET : metadata 密码 : metadata
修改 nova 配置文件
/etc/nova/nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
NEUTRON_PASS : neutron 密码 : neutron
METADATA_SECRET : metadata 密码 : metadata
创建软链接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
创建数据表
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启 nova-api
[root@controller ~]# systemctl restart openstack-nova-api.service
启动 neutron 相关服务
[root@controller ~]# systemctl enable neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-l3-agent.service
安装 neutron 服务(compute node)
安装 rpm 包
[root@compute ~]# yum install openstack-neutron-openvswitch ebtables ipset -y
修改配置文件
/etc/neutron/neutron.conf
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
NEUTRON_PASS : neutron 密码:neutron
RABBIT_PASS : mq 密码 : openstack
配置网络选项
创建 ovs 网桥
[root@controller ~]# ovs-vsctl add-br br-ex # external 网络,走 br-ex 网桥
[root@controller ~]# ovs-vsctl add-br br-service # service 网络,走 br-service 网桥
[root@controller ~]# ovs-vsctl add-br br-mgnt # management 网络,走 br-mgnt 网桥
ovs-vsctl add-port br-eth2 eth2 # 可以使用这个命令为port添加port
/etc/neutron/plugins/ml2/openvswitch_agent.ini
[root@compute ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[ovs]
bridge_mappings = external:br-ex,service:br-service,management:br-mgnt
local_ip = 192.168.8.213
[agent]
tunnel_types = vxlan
l2_population = True
tunnel_csum = True
[securitygroup]
enable_security_group = True
修改 nova 配置文件
/etc/nova/nova.conf
[root@compute ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
NEUTRON_PASS : neutron 密码 : neutron
重启 nova-compute 服务
[root@compute ~]# systemctl restart openstack-nova-compute.service
启动 ovs-agent
[root@compute ~]# systemctl enable neutron-openvswitch-agent.service
[root@compute ~]# systemctl start neutron-openvswitch-agent.service