一、openstack 九大组件
Horizon: 图形界面
nova: nova compute 计算
glance : 镜像服务
swift: 对象存储
neutron: openstack networking
cinder : 块存储
heat: 云编排
ceilometer: 计量服务
keystone: 认证服务
openstack CloudOS Kernel
HCS CloudOS
linux kernel
redhat linux
二、OpenStack部署工具
1. packstack
2. devstack
3. ansible
4. 开源方式部署openstack
5. TripleO OpenStack On OpenStack
搭建精简版openstack all-in-one heat 自动化编排工具-参数填写完成
HCS deploy – HCS 20台服务器 裸机
三、搭建开源U版openstack
1. 实验环境要求:
最佳部署:3台(一台Controller + 2台Compute节点)CentOS 8 Stream,最少两台(一台Controller + 一台Compute节点),Controller节点内存最好8G,最少4G,Compute节点4G内存或者8G
硬盘100G
CPU 至少2core,最佳4cores 。并且开启VT-X
每台主机两块网卡,其中第一块网卡需要能访问Internet,用来做管理网络和安装软件包
2. controller节点: nova-api glance-api cinder-api等组件部署在该节点上,所有访问服务的入口
ntp
database
message queue
keystone
neutron
cinder
heat
ceilometer
Zookeeper 必须单数,防止脑裂 controller节点至少三个节点
768G 内存 HCS
最少6台机器
3台controller + 2个网络节点 + 1~N个计算节点
TYPE1: 网络功能是由neutron提供,VLAN ROUTER DHCP等,网络节点
TYPE2: 硬件SDN控制器
TYPE3: Provider networks 网络功能是由底层硬件来实现的,比如VLAN Router
HCS 8.1.1 只能使用type1, ELB AS
L3 Layer 3 router
2. 网络规划
controller 192.168.0.20
compute01 192.168.0.21
compute02 192.168.0.22
(1)设置计算机名
[root@controller ~]# hostnamectl set-hostname controller
(2)设置IP地址
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE=Ethernet
#BOOTPROTO=dhcp
NAME=ens33
DEVICE=ens33
ONBOOT=yes
IPADDR=192.168.0.20
NETMASK=255.255.255.0
GATEWAY=192.168.0.1
DNS1=114.114.114.114
[root@controller ~]# nmcli connection reload
[root@controller ~]# nmcli connection up ens33
[root@controller ~]# ping www.baidu.com
PING www.a.shifen.com (14.119.104.254) 56(84) bytes of data.
64 bytes from 14.119.104.254 (14.119.104.254): icmp_seq=1 ttl=54 time=23.8 ms
64 bytes from 14.119.104.254 (14.119.104.254): icmp_seq=2 ttl=54 time=23.1 ms
64 bytes from 14.119.104.254 (14.119.104.254): icmp_seq=3 ttl=54 time=23.5 ms
使用同样的方法设置其他两台主机
3. 在hosts文件中添加这些记录
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.0.20 controller
192.168.0.21 compute01
192.168.0.22 compute02
[root@controller ~]# scp /etc/hosts root@compute01:/etc
[root@controller ~]# scp /etc/hosts root@compute02:/etc
4. 关闭所有节点防火墙和SELinux,确保下次开机这些服务也是关闭的
[root@controller ~]# systemctl disable firewalld.service –now
[root@compute01 ~]# systemctl disable firewalld.service –now
[root@compute02 ~]# systemctl disable firewalld.service –now
[root@controller ~]# cat /etc/selinux/config
SELINUX=disabled
[root@controller ~]# setenforce 0
[root@compute01 ~]# cat /etc/selinux/config
SELINUX=disabled
[root@compute01 ~]# setenforce 0
[root@compute02 ~]# cat /etc/selinux/config
SELINUX=disabled
[root@compute02 ~]# setenforce 0
5. 在controller生成ssh key,将公钥复制给其他节点
[root@controller ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:3T9p9ifxMa9HyghVsjeBAOtjgWO/9DZdFv3q/XJKTxw root@controller
The key's randomart image is:
[root@controller ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub compute01
[root@controller ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub compute02
[root@controller ~]# ssh-copy-id -i /root/.ssh/id_rsa.pub controller
测试
[root@controller ~]# ssh compute01
6. 配置时间服务器NTP
#yum -y install chrony
controller节点:
[root@controller ~]# systemctl enable chronyd --now
[root@controller ~]# cat /etc/chrony.conf
#pool 2.centos.pool.ntp.org iburst
allow 192.168.0.0/24
local stratum 10
[root@controller ~]# systemctl restart chronyd.service
compute01:
[root@compute01 ~]# cat /etc/chrony.conf
pool controller iburst
[root@compute01 ~]# systemctl restart chronyd.service
compute02:
[root@compute02 ~]# cat /etc/chrony.conf
pool controller iburst
[root@compute02 ~]# systemctl restart chronyd.service
7. 开启openstack 安装源(在所有节点上执行)
# yum -y install centos-release-openstack-ussuri
# yum config-manager --set-enabled powertools
#yum -y upgrade #升级内核
#reboot
#yum -y install python3-openstackclient
# yum -y install openstack-selinux
8. 安装和配置数据库(controller节点执行)
[root@controller ~]# yum -y install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = controller
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动数据库
[root@controller ~]# systemctl enable mariadb.service –now
[root@controller ~]# mysql_secure_installation
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
[root@controller ~]# systemctl restart mariadb.service
9. 安装消息队列
ZeroMQ RabbitMQ
[root@controller ~]# yum -y install rabbitmq-server
[root@controller ~]# systemctl enable rabbitmq-server.service –now
[root@controller ~]# rabbitmqctl add_user openstack redhat
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@controller ~]# rabbitmqctl list_permissions
10. 安装Memcached
[root@controller ~]# yum -y install memcached python3-memcached
添加memcached监听
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller ~]# systemctl enable memcached.service --now
11. 安装etcd键值对数据库
[root@controller ~]# yum -y install etcd
[root@controller ~]#vim /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.0.20:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.0.20:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.0.20:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.0.20:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.0.20:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller ~]# systemctl enable etcd --now
===========将所有主机关机,创建快照=====================
四、安装和配置keystone
[root@controller ~]# mysql -u root -p #登录数据库
MariaDB [(none)]> CREATE DATABASE keystone; #创建keystone的数据库
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> show databases; #显示当前所有的数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'redhat';
#redhat是你的密码,这条命令是在keystone数据库中创建一个keystone的用户去操作数据库,localhost表示本地,下面那条命令表示其他远程用户也可以操作。
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants; #显示当前授权
MariaDB [(none)]>exit
[root@controller ~]# yum -y install openstack-keystone httpd python3-mod_wsgi
# 安装keystone组件
[root@controller ~]# cat /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:redhat@controller/keystone
#关联数据库
[token]
provider = fernet #token的方式,这种的uuid的方式
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#向数据库中导入keystone的表,此命令生成keystone的表。用keystone这个用户
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#以上两条命令是创建openstack中的keystone用户
数据库用户: keystone ####keystone组件连接keystone数据库用
操作系统用户:keystone #####管理keystone服务 安装keystone时创建的
openstack用户: keystone ####在openstack中管理组件用 上面两条里面创建
[root@controller ~]# keystone-manage bootstrap --bootstrap-password redhat --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
#包含了三个元素 第一个keystone中admin的密码 第二个是keystone的endpoint地址 第三个是region的名字
什么是endpoints : 终点
每个openstack服务的访问api地址,当nova要去调用glance组件时,其实就是访问glance-api地址,glance-api地址就是endpoint地址,为了区分每个组件,分别使用了不同的端口来表示
nova 计算 创建一个云主机,调用glance的镜像,那nova怎么知道glance在哪里呢?
这时候去访问glance-api地址就可以了,我不知道这个地址在哪里?
keystone知道啊
为什么keystone知道呢?
所以所有的组件之间要互访,都不需要直接知道地址在哪里 只需要知道keystone在哪里就可以了,就可以问keystone要到其他组件的地址
external_OM 内部各个组件访问
external_base controller节点和计算节点,网络节点内部通讯用
external_api 对外提供服务
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller:80 #是用apche来监听的,要修改文件来监听。
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ #做一个快捷方式指向服务来监听。
[root@controller ~]# systemctl enable httpd.service --now #重启一下服务
[root@controller ~]# cat admin-openrc #配置openstack环境变量
export OS_USERNAME=admin
export OS_PASSWORD=redhat
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
#source admin-openrc.sh
#openstack project create --domain default --description "Service Project" service
#openstack project create --domain default --description "Demo Project" myproject
[root@controller ~]# openstack user create --domain default --password-prompt myuser
[root@controller ~]# openstack role create myrole
[root@controller ~]# openstack role add --project myproject --user myuser myrole
五、安装和配置glance组件
1. 创建数据库和授权
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 14
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> exit
[root@controller ~]# source admin-openrc #临时启用openstack环境变量。
[root@controller ~]# openstack user create --domain default --password-prompt glance #在openstack中创建glance用户。
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user glance admin
#创建一个叫glance的角色属于admin
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image #创建一个叫glance的镜像服务
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 #在regionone区域中创建一个镜像public的endpoint
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
安装glance组件
[root@controller ~]# yum -y install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database] #关联数据库
connection = mysql+pymysql://glance:redhat@controller/glance
[keystone_authtoken] #配置关联keystone
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = redhat
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance #写表
[root@controller ~]#systemctl enable openstack-glance-api.service
[root@controller ~]# systemctl start openstack-glance-api.service
[root@controller ~]# source admin-openrc
[root@controller ~]# glance image-create --name "cirros" \ #创建镜像
> --file cirros-0.4.0-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --visibility=public
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 07bbc7cd-48f3-4bc1-b65c-e4cbd51441c8 | cirros | active |
关机,给所有的主机创建快照
六、安装和部署placement
在S版之前,集成在nova-api中,当用户申请创建云主机时,会向nova-api发送请求,nova-api会统计所有的nova-compute资源的使用情况和剩余情况,来决定将请求丢给哪个nova-compute来执行,为了减轻nova-api的压力,单独将统计资源的功能剥离出来,plancement组件
1. 创建数据库和赋权
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 25
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE placement; #创建placement数据库
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
-> IDENTIFIED BY 'redhat'; #赋权
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> exit
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt placement #openstack中创建placement用户
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user placement admin
#添加角色placement角色属于admin
[root@controller ~]# openstack service create --name placement \
> --description "Placement API" placement #创建placement 服务
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement public http://controller:8778
#在regionone区域中创建一个placement的public的endpoint
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement internal http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement admin http://controller:8778
[root@controller ~]# yum -y install openstack-placement-api #安装服务
[root@controller ~]# vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:redhat@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = redhat
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement
#导入表
[root@controller ~]#vim /etc/httpd/conf.d/00-placement-api.conf #授权不然下发主机会失败
<VirtualHost *:8778>
#在该节点增加以下部分,对目录授权
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
[root@controller ~]# systemctl restart httpd
[root@controller ~]# source admin-openrc
[root@controller ~]# placement-status upgrade check #检查是否更新
[root@controller ~]# pip3 install osc-placement #装pythen库用的
[root@controller ~]# openstack --os-placement-api-version 1.2 resource class list --sort-column name #查询表
[root@controller ~]# openstack --os-placement-api-version 1.6 trait list --sort-column name
#####将所有主机关机,拍快照===========
七、安装nova
控制节点(controller上执行)
1. 创建数据库并授权
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 8
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
-> IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> exit
[root@controller ~]# admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt nova
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]#openstack service create --name nova \
--description "OpenStack Compute" compute
[root@controller ~]#openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
[root@controller ~]#openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
[root@controller ~]#openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:redhat@controller:5672/
my_ip = 192.168.0.20
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:redhat@controller/nova_api
[database]
connection = mysql+pymysql://nova:redhat@controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = redhat
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = redhat
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
# systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
# systemctl start \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
2. 在所有的计算节点上执行(如果有两个,两个都需要执行)
[root@compute01 ~]# yum -y install openstack-nova-compute
[root@compute02 ~]# yum -y install openstack-nova-compute
[root@compute01 ~]#vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:redhat@controller
my_ip = 192.168.0.21
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = redhat
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = redhat
[root@compute01 ~]# systemctl enable libvirtd.service openstack-nova-compute.service --now
将compute01的nova.conf复制到compute02
[root@compute01 ~]# scp /etc/nova/nova.conf root@compute02:/etc/nova
[root@computer2 nova]# chmod 777 nova.conf
#从其他节点复制过来,root只有读写权限,要赋权才行。不然启动报错
[root@compute02 ~]# vim /etc/nova/nova.conf
my_ip = 192.168.0.22
[root@compute02 ~]# systemctl enable libvirtd.service openstack-nova-compute.service --now
在控制节点上运行
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack compute service list
[root@controller ~]#su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
[root@controller ~]#vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300 #每300秒检测一次计算节点。
[root@controller ~]#systemctl restart openstack-nova-api.service
[root@controller ~]#openstack compute service list
八、安装neutron
1. 创建数据库和授权
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 65
Server version: 10.3.28-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'redhat';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> exit
Bye
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
--description "OpenStack Networking" network
[root@controller ~]# openstack endpoint create --region RegionOne \
network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
network admin http://controller:9696
[root@controller ~]#yum -y install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
[root@controller ~]#vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:redhat@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:redhat@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = redhat
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = redhat
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
修改ML2plug-in配置文件
[root@controller ~]#vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
修改ML2\linux_bridge_agent.ini
[root@controller ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.20
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@controller ~]# yum -y install bridge-utils
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
[root@controller ~]# sysctl -a |grep bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
修改L3agent的
配置文件
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT] 在DEFAULT下添加如下内容
interface_driver = linuxbridge
配置DHCP agent
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT] 在DEFAULT下添加如下内容
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = redhat
配置nova config
[root@controller ~]# vim /etc/nova/nova.conf
添加如下内容
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = redhat
service_metadata_proxy = true
metadata_proxy_shared_secret = redhat
网络服务初始化脚本需要一个软链接指向/etc/neutron/plugins/ml2/ml2_conf.ini文件,创建软链接
[root@controller ~]#ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]#su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]#systemctl restart openstack-nova-api
[root@controller ~]#systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller ~]#systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller ~]#systemctl enable neutron-l3-agent.service --now
在两个计算节点上执行
[root@compute01 ~]#yum install openstack-neutron-linuxbridge ebtables ipset
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:redhat@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = redhat
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置linux bridge agent
[root@compute01 ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33 ####管理网络的网卡名称
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.21 ###compute01管理IP
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute01 ~]# yum -y install bridge-utils
[root@compute01 ~]# modprobe br_netfilter
[root@compute01 ~]# echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
[root@compute01 ~]#vim /etc/nova/nova.conf
添加如下内容
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = redhat
配置元数据代理
[root@compute01 ~]#vim /etc/neutron/metadata_agent.ini文件
手动修改以下文件内容
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = redhat
memcache_servers = controller:11211 #暂时未填写
重启nova服务
[root@compute01 ~]#systemctl restart openstack-nova-compute.service
启动linux bridge 服务并开机自启
[root@compute01 ~]#systemctl enable neutron-linuxbridge-agent.service --now
[root@compute02 ~]#yum install openstack-neutron-linuxbridge ebtables ipset
[root@compute02 ~]#vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:redhat@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = redhat
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置linux bridge agent
[root@compute02 ~]#vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33 ####管理网络的网卡名称
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.22 ###compute02管理IP
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute02 ~]# yum -y install bridge-utils
[root@compute02 ~]# modprobe br_netfilter
[root@compute02 ~]# echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
[root@compute02 ~]#vim /etc/nova/nova.conf
添加如下内容
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = redhat
配置元数据代理
[root@compute02 ~]#vim /etc/neutron/metadata_agent.ini文件
手动修改以下文件内容
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = redhat
memcache_servers = controller:11211
重启nova服务
[root@compute02 ~]#systemctl restart openstack-nova-compute.service
启动linux bridge 服务并开机自启
[root@compute02 ~]#systemctl enable neutron-linuxbridge-agent.service --now
在控制节点上执行脚本
[root@controller ~]#source admin-openrc
[root@controller ~]#openstack network agent list
###########将所有的主机关机,创建快照############
九、安装horizon提供web界面
安装dashboard
[root@controller ~]#yum -y install openstack-dashboard
[root@controller ~]#vim /etc/openstack-dashboard/local_settings 配置文件
118 OPENSTACK_HOST = "127.0.0.1" 改为
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
} #要顶格,不然启动http报错。
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "Asia/Shanghai "
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
[root@controller ~]#vim /etc/httpd/conf.d/openstack-dashboard.conf配置文件
添加
WSGIApplicationGroup %{GLOBAL}
编辑以下文件,找到WEBROOT = ‘/’ 修改为WEBROOT = ‘/dashboard’
[root@controller ~]#vim /usr/share/openstack-dashboard/openstack_dashboard/defaults.py
[root@controller ~]#vim /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py
重启memecache和httpd服务
[root@controller ~]#systemctl restart httpd.service memcached.service
[root@controller ~]#firefox http://192.168.0.20/dashboard
=================关闭所有主机,创建快照=================