前言
本文基于centos7.6搭建安裝openstackTrain版本.將官方文檔以及自己踩過(guò)的坑進(jìn)行整理.
說(shuō)明:cinder節(jié)點(diǎn)未部署窖贤,在部署中翻閱參考了??這個(gè)博客
https://blog.51cto.com/11694088/2459754
相關(guān)命令
openstack user set nova --password nova #修改openstack用戶密碼
相關(guān)問(wèn)題
問(wèn)題處理:
1套才、計(jì)算節(jié)點(diǎn)neutron服務(wù)日志報(bào)錯(cuò):TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'
原因:查看是否由于networkmanager服務(wù)未開(kāi)啟造成的晨炕,必須開(kāi)啟NetworkManager服務(wù)
2、虛機(jī)啟動(dòng)速度慢
原因:因部署節(jié)點(diǎn)為裸金屬機(jī)器寇僧,故查看虛機(jī)所在計(jì)算節(jié)點(diǎn)的/etc/nova/nova.conf文件助析,virt_type是否為kvm仍劈,qemu會(huì)造成虛機(jī)啟動(dòng)慢。
目錄
- 基礎(chǔ)環(huán)境 部署
- keystone部署
- glance 搭建
- placement 部署
- Nova 部署
- neutron 部署
- dashboard 部署
1.基礎(chǔ)環(huán)境搭建
| 系統(tǒng)版本 | 環(huán)境 | IP地址 | 角色 |
|---|---|---|---|
| CentOS7.6 | Mini | 172.16.169.131 | 控制節(jié)點(diǎn) controller |
| CentOS7.6 | Mini | 172.16.169.132 | 計(jì)算節(jié)點(diǎn) computer |
| CentOS7.6 | Mini | 172.16.169.133 | 計(jì)算節(jié)點(diǎn) computer |
在開(kāi)始下列搭建前,請(qǐng)確認(rèn)所以節(jié)點(diǎn)完成以下操作關(guān)
防火墻關(guān)閉
systemctl stop firewalld && systemctl disable firewalld
關(guān)閉selinux
sed -i 's/^SELINUX=.*/SELINUX=disabled/` /etc/selinux/config
setenforce 0
時(shí)鐘同步配置chronyd 時(shí)鐘源節(jié)點(diǎn)昏鹃。
cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
server 127.127.1.1
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
#allow 192.168/16
allow 127.0.0.0/8
allow 172.16.169.0/24
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
#local stratum 10
local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
時(shí)鐘同步配置chronyd
cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
server 192.168.10.1 iburst
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
#allow 192.168/16
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
#local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.169.131 openstack01
172.16.169.132 openstack02
172.16.169.133 openstack03
免密互信 只需在控制節(jié)點(diǎn)進(jìn)行操作
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oP0QSfGRok8VjKNLJ4hu6+dWHOZj+D6EQN7xw5YWens root@rmq3
The key's randomart image is:
+---[RSA 2048]----+
| o+oo |
| . . o+o+. |
|o...=o*+. |
|.o.o=&oo |
|. ..@** S |
| o o.O.E |
|. . = o . |
| . o o |
|..+.... |
+----[SHA256]-----+
$ ssh-copy-id openstack01
$ ssh-copy-id openstack02
$ ssh-copy-id openstack03
基礎(chǔ)源安裝
yum install python-openstackclient openstack-selinux
1.1配置mariadb尚氛,安裝在控制節(jié)點(diǎn)
yum install mariadb mariadb-server python2-PyMySQL
vi /etc/my.cnf.d/openstack.cnf #該文件不存在,需要?jiǎng)?chuàng)建
[mysqld]
bind-address = 172.16.169.131 #控制節(jié)點(diǎn)ip
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation #數(shù)據(jù)庫(kù)初始化洞渤,默認(rèn)root密碼為空
Set root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
1.2 配置rabbitmq阅嘶,安裝在控制節(jié)點(diǎn)
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack openstack #添加openstack用戶,密碼也是openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允許openstack用戶的訪問(wèn)载迄、讀寫權(quán)限
rabbitmq-plugins enable rabbitmq_management #開(kāi)啟圖形化讯柔,訪問(wèn)地址:http://172.16.169.131:15672 用戶名密碼都是guest 注意openstack用戶無(wú)法登入
1.3 配置memcached,安裝在控制節(jié)點(diǎn)
yum install memcached python-memcached
vi /etc/sysconfig/memcached #添加控制節(jié)點(diǎn)的管理IP
OPTIONS="-l 127.0.0.1,::1,172.16.169.131"
systemctl enable memcached.service
systemctl start memcached.service
1.4 配置etcd护昧,安裝在控制節(jié)點(diǎn)
yum install etcd
cp -a /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak
vi /etc/etcd/etcd.conf #編輯文件魂迄,修改IP為控制節(jié)點(diǎn)管理IP
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.16.169.131:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.16.169.131:2379"
ETCD_NAME="openstack01"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.16.169.131:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.16.169.131:2379"
ETCD_INITIAL_CLUSTER="openstack01=http://172.16.169.131:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
systemctl enable etcd.service
systemctl start etcd.service
二、keystone部署惋耙,安裝在控制節(jié)點(diǎn)
mysql -u root -p -e "CREATE DATABASE keystone;" #創(chuàng)建keystone的數(shù)據(jù)庫(kù)
mysql -u root -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
yum install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
#找到[database]捣炬、[token],并修改成以下內(nèi)容怠晴,IP是控制節(jié)點(diǎn)管理IP
[database]
connection = mysql+pymysql://keystone:keystone@172.16.169.131/keystone
[token]
provider = fernet
$su -s /bin/sh -c "keystone-manage db_sync" keystone
$keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
$keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
$keystone-manage bootstrap --bootstrap-password admin \ #admin 為自行設(shè)定密碼
--bootstrap-admin-url http://172.16.169.131:5000/v3/ \
--bootstrap-internal-url http://172.16.169.131:5000/v3/ \
--bootstrap-public-url http://172.16.169.131:5000/v3/ \
--bootstrap-region-id RegionOne
vi /etc/httpd/conf/httpd.conf #修改以下內(nèi)容
ServerName 172.16.169.131
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
$ vim /root/admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD= admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL= =http://172.16.169.131:5000/v3
export OS_IDENTITY_API_VERSION=3
$ source /root/admin-openrc
$ openstack domain create --description "An Example Domain" example
$ openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 0632d28b4150467d9c919bc1eb914f76 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
$ openstack project create --domain default --description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 3bb6572b2c3c446c9f950f1c01e07c7e |
| is_domain | False |
| name | myproject |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
$ openstack user create --domain default --password-prompt myuser #myuser用戶的密碼是user
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2cc5824486254ec19cfacae4326da447 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | a00001362e79494ab737ecc00c9e66b1 |
| name | myrole |
| options | {} |
+-------------+----------------------------------+
$ openstack role add --project myproject --user myuser myrole
$ unset OS_AUTH_URL OS_PASSWORD #刪除這兩個(gè)環(huán)境變量
$ openstack --os-auth-url http://172.16.169.131:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue #我的admin用戶的密碼是admin
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-04T07:59:12+0000 |
| id | gAAAAABeX1HASywhsR6EJ-QIsxkWFUk6jCFFYUUUmIihUCy1whh7WLPHxN-ifW9GSTrX7MRhaCNSrdcG8cU6W5pnFAgIcxzgEDqIfy3zEWxqQ5eR49fcxTHmpPATTm7swF9At9zYI5aJwAlY23AgyKF06MTNH4g4rcOUlt60v12pcQvBnGy4hSE |
| project_id | b9d83ac3320d420b949aa9d390f3216a |
| user_id | 9e650fbea45d40ba920d3d43699f60c5 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack --os-auth-url http://172.16.169.131:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue #我的myuser用戶的密碼是user
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-04T08:01:17+0000 |
| id | gAAAAABeX1I9O2mj2hqMlq2ltIw34EjKQEStepvUOD69g3pxT-KlSjWeCGOb1tWYWmloBqFw0FIB1lg00N0mzMAFE8LFHHBqYd-9tD6VrapkUpDc92rDI7b2-k1OkyQWlsDtOMRr8kp9MhY6x0zp6h9kYfddM-x2utcst8cm969jV-b5g_vTiNE |
| project_id | 3bb6572b2c3c446c9f950f1c01e07c7e |
| user_id | 2cc5824486254ec19cfacae4326da447 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
vi root/demo-openrc #所有節(jié)點(diǎn)配置
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=user
export OS_AUTH_URL=http://172.16.169.131:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
$ . admin-openrc #在計(jì)算節(jié)點(diǎn)上執(zhí)行
$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-04T08:30:28+0000 |
| id | gAAAAABeX1kU32kh7-tqt-tTTTZDVPSlUSrRbgfuzP-5Ygtk3IKr_C8ZWjyDNqD8stZ7laMbYpeKvkToSFN-kdRKxPwB5aXcrfczDKFL2X7rRS6P8Rl7v9C-sNzGsCNm9Zx7OFyuHO92Xlp8PRZddV38H2y0USE5TL6L3lQ6-Uw94t6789KnA6o |
| project_id | b9d83ac3320d420b949aa9d390f3216a |
| user_id | 9e650fbea45d40ba920d3d43699f60c5 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
三、glance部署浴捆,安裝在控制節(jié)點(diǎn)
mysql -u root -p -e "CREATE DATABASE glance;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
. admin-openrc
openstack user create --domain default --password-prompt glance #創(chuàng)建glance用戶蒜田,密碼是glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | eecc5fe8b91c44a1911492a9c7730f03 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
將admin角色添加glance用戶和service項(xiàng)目 并創(chuàng)建glance服務(wù)
$ openstack role add --project service --user glance admin
$ openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 7cfe29fc978540f188d6054391cc738f |
| name | glance |
| type | image |
+-------------+----------------------------------+
創(chuàng)建鏡像服務(wù)API
$ openstack endpoint create --region RegionOne image public http://172.16.169.131:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 87023a831b4d41d7a5ee14130ddf5f13 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7cfe29fc978540f188d6054391cc738f |
| service_name | glance |
| service_type | image |
| url | http://172.16.169.131:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne image internal http://172.16.169.131:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 161397cb910148c7ad55a6c37156de0b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7cfe29fc978540f188d6054391cc738f |
| service_name | glance |
| service_type | image |
| url | http://172.16.169.131:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne image admin http://172.16.169.131:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f0cda168c63e41fcae7f45dd9024f2cf |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne grep -v '^$' |
| service_id | 7cfe29fc978540f188d6054391cc738f |
| service_name | glance |
| service_type | image |
| url | http://172.16.169.131:9292 |
+--------------+----------------------------------+
安裝openstack-glance包
yum install openstack-glance
vi /etc/glance/glance-api.conf #修改以下內(nèi)容,文件中應(yīng)該是都注釋的
[database]
connection = mysql+pymysql://glance:glance@172.16.169.131/glance
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000
auth_url = http://172.16.169.131:5000
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
四选泻、placement部署冲粤,安裝在控制節(jié)點(diǎn)上
mysql -u root -p -e "CREATE DATABASE placement;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"
. admin-openrc
openstack user create --domain default --password-prompt placement #placement用戶的密碼是placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5332ee38a4e1496daed284955eeb931f |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ openstack role add --project service --user placement admin
$ openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 6fc7d42b727c414d80b8139928df345a |
| name | placement |
| type | placement |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne placement public http://172.16.169.131:8778
+--------------+----------------------------------+
| Field | Value grep -v '^$' |
+--------------+----------------------------------+
| enabled | True |
| id | 2f57087f604145be8a859de4d07974c2 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6fc7d42b727c414d80b8139928df345a |
| service_name | placement |
| service_type | placement |
| url | http://172.16.169.131:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement internal http://172.16.169.131:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d6f10b0373af46ef871d1a9b490fb0bd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6fc7d42b727c414d80b8139928df345a |
| service_name | placement |
| service_type | placement |
| url | http://172.16.169.131:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement admin http://172.16.169.131:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b6ee4700e8ce4f90bb5d8de8ac3060b0 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6fc7d42b727c414d80b8139928df345a |
| service_name | placement |
| service_type | placement |
| url | http://172.16.169.131:8778 |
+--------------+----------------------------------+
yum install openstack-placement-api
vi /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:placement@172.16.169.131/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://172.16.169.131:5000/v3
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placemen
su -s /bin/sh -c "placement-manage db sync" placement
vim /etc/httpd/conf.d/00-placement-api.conf #在#SSLCertificateKeyFile條目下添加以下內(nèi)容
#SSLCertificateKeyFile …
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
systemctl restart httpd
五、Nova部署
5.1 控制節(jié)點(diǎn)部署
mysql -u root -p -e "CREATE DATABASE nova_api;"
mysql -u root -p -e "CREATE DATABASE nova;"
mysql -u root -p -e "CREATE DATABASE nova_cell0;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
. admin-openrc
openstack user create --domain default --password-prompt nova #nova用戶的密碼是nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 20f3d24280c44cac89fd16599d6e4974 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 73ac2c2ab0e5499583d95117bf9769cc |
| name | nova |
| type | compute |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne compute public http://172.16.169.131:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6fbb43ebd51d40a2bfc1cc81885d2fa6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73ac2c2ab0e5499583d95117bf9769cc |
| service_name | nova |
| service_type | compute |
| url | http://172.16.169.131:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute internal http://172.16.169.131:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 14b9d52ccff14a4d8a06fc9d20bac03e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73ac2c2ab0e5499583d95117bf9769cc |
| service_name | nova |
| service_type | compute |
| url | http://172.16.169.131:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute admin http://172.16.169.131:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f45956e2137a4712b4e571c34df56896 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73ac2c2ab0e5499583d95117bf9769cc |
| service_name | nova |
| service_type | compute |
| url | http://172.16.169.131:8774/v2.1 |
+--------------+----------------------------------+
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
vi /etc/nova/nova.conf #修改以下內(nèi)容页眯,my_ip的地址是控制節(jié)點(diǎn)管理IP
[DEFAULT]
my_ip = 172.16.169.131
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@172.16.169.131:5672/
[api_database]
connection = mysql+pymysql://nova:nova@172.16.169.131/nova_api
[database]
connection = mysql+pymysql://nova:nova@172.16.169.131/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000/
auth_url = http://172.16.169.131:5000/
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://172.16.169.131:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.16.169.131:5000/v3
username = placement
password = placement
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova #有warring拋出梯捕,但不影響
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------------------------+-----------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+----------------------------------------------+-----------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@172.16.169.131/nova_cell0 | False |
| cell1 | 1958b0e1-11c3-400a-8ac0-efdc1542de64 | rabbit://openstack:****@172.16.169.131:5672/ | mysql+pymysql://nova:****@172.16.169.131/nova | False |
+-------+--------------------------------------+----------------------------------------------+-----------------------------------------------------+----------+
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
5.2 計(jì)算節(jié)點(diǎn)部署
yum install openstack-nova-compute
vi /etc/nova/nova.conf #修改以下內(nèi)容,my_ip的地址是本機(jī)的管理IP
[DEFAULT]
my_ip = 172.16.169.132
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@172.16.169.131
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000/
auth_url = http://172.16.169.131:5000/
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://172.16.169.131:6080/vnc_auto.html
[glance]
api_servers = http://172.16.169.131:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.16.169.131:5000/v3
username = placement
password = placement
egrep -c '(vmx|svm)' /proc/cpuinfo #如果返回的結(jié)果是0窝撵,則需要做以下修改傀顾,如果返回的結(jié)果是1或者更大的數(shù)字,則證明CPU支持虛擬化碌奉,virt_type = kvm
vi /etc/nova/nova.conf
[libvirt]
virt_type = kvm
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
5.3 添加計(jì)算節(jié)點(diǎn)的數(shù)據(jù)短曾,在控制節(jié)點(diǎn)操作
. admin-openrc
openstack compute service list --service nova-compute
+----+--------------+------------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+------------------+------+---------+-------+----------------------------+
| 9 | nova-compute | openstack-node2 | nova | enabled | up | 2020-03-05T01:24:26.000000 |
| 10 | nova-compute | oipenstack-node3 | nova | enabled | up | 2020-03-05T01:24:32.000000 |
+----+--------------+------------------+------+---------+-------+----------------------------+
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
vi /etc/nova/nova.conf #添加nova自動(dòng)掃描計(jì)算節(jié)點(diǎn)的時(shí)間間隔
[scheduler]
discover_hosts_in_cells_interval = 300
六、neutron部署
6.1 控制節(jié)點(diǎn)部署
mysql -u root -p -e "CREATE DATABASE neutron;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
. admin-openrc
openstack user create --domain default --password-prompt neutron #neutron用戶密碼是neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d75c2af5f6e2443cb2c84ee604839f69 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 793273d30d7a46fba0262bb7aec92408 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne network public http://172.16.169.131:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8b9023a47f134457a1b6cb19722eb40f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 793273d30d7a46fba0262bb7aec92408 |
| service_name | neutron |
| service_type | network |
| url | http://172.16.169.131:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://172.16.169.131:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3622f8a739084127b30d540227194090 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 793273d30d7a46fba0262bb7aec92408 |
| service_name | neutron |
| service_type | network |
| url | http://172.16.169.131:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://172.16.169.131:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e715e4513b2e425ba8327e1438f91f45 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 793273d30d7a46fba0262bb7aec92408 |
| service_name | neutron |
| service_type | network |
| url | http://172.16.169.131:9696 |
+--------------+----------------------------------+
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
vi /etc/neutron/neutron.conf #修改以下內(nèi)容
[database]
connection = mysql+pymysql://neutron:neutron@172.16.169.131/neutron
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack@172.16.169.131
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000
auth_url = http://172.16.169.131:5000
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://172.16.169.131:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/ml2_conf.ini #修改或增加以下內(nèi)容
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #修改或增加以下內(nèi)容赐劣,physical_interface_mappings需要修改本機(jī)的網(wǎng)絡(luò)接口名稱嫉拐。
[linux_bridge]
physical_interface_mappings = provider:ens32
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
modprobe br_netfilter #加載br_netfilter模塊,所有機(jī)器都要執(zhí)行
echo "modprobe br_netfilter" >> /etc/profile
vi /etc/sysctl.conf #所有機(jī)器添加以下內(nèi)容
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
sysctl -p #重新加載內(nèi)核參數(shù)
vi /etc/neutron/dhcp_agent.ini #修改以下內(nèi)容
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
vi /etc/neutron/metadata_agent.ini #修改以下內(nèi)容魁兼,nova_metadata_host是控制節(jié)點(diǎn)的IP婉徘,metadata_proxy_shared_secret是openstack
[DEFAULT]
nova_metadata_host = 172.16.16.131
metadata_proxy_shared_secret = openstack
vi /etc/nova/nova.conf #添加以下內(nèi)容,metadata_proxy_shared_secret需要和/etc/neutron/metadata_agent.ini文件里一致,都是openstack
[neutron]
auth_url = http://172.16.16.131:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
6.2 計(jì)算節(jié)點(diǎn)部署
yum install openstack-neutron-linuxbridge ebtables ipset
vi /etc/neutron/neutron.conf #修改以下內(nèi)容
[DEFAULT]
transport_url = rabbit://openstack:openstack@172.16.169.131
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000
auth_url = http://172.16.169.131:5000
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vi /etc/nova/nova.conf #修改以下內(nèi)容
[neutron]
auth_url = http://172.16.169.131:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #修改以下內(nèi)容盖呼,physical_interface_mappings要修改本機(jī)的網(wǎng)絡(luò)接口名儒鹿。
[linux_bridge]
physical_interface_mappings = provider:ens32
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
systemctl restart openstack-nova-compute.service neutron-linuxbridge-agent.service
6.3 創(chuàng)建網(wǎng)絡(luò),在控制節(jié)點(diǎn)上操作
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
openstack subnet create --network provider --allocation-pool start=172.16.169.200,end=172.16.169.240 --gateway 172.16.169.254 --subnet-range 172.16.169.0/24 provider
七塌计、dashboard部署挺身,安裝在控制節(jié)點(diǎn)上
yum install openstack-dashboard
vi /etc/openstack-dashboard/local_settings #修改以下內(nèi)容
OPENSTACK_HOST = "172.16.169.131"
ALLOWED_HOSTS = ['*']
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '172.16.169.131:11211',
},
}
vi /etc/httpd/conf.d/openstack-dashboard.conf #在WSGISocketPrefix run/wsgi行下添加以下內(nèi)容
WSGIApplicationGroup %{GLOBAL}
編輯以下文件,找到WEBROOT = '/' 修改為WEBROOT = '/dashboard' (官方未提及坑點(diǎn)之一)
vi /usr/share/openstack-dashboard/openstack_dashboard/defaults.py
vi /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py
查找/usr/share/openstack-dashboard/static/dashboard/js/目錄下的所有js文件里含有WEBROOT的
找到WEBROOT = '/' 修改為WEBROOT = '/dashboard'
ls /usr/share/openstack-dashboard/static/dashboard/js/
2386ed69f0d7.js 64d85423c263.js b5e88d434bd1.js
systemctl restart httpd.service memcached.service
訪問(wèn)地址:http://172.16.169.131 默認(rèn)域:default 用戶名/密碼:admin/admin
