1.基础环境准备
1.1安装环境
[root@localhost ~]# cat /etc/redhat-release
CentOS Linux release 7.2.1511 (Core)
1.2多网卡绑定
参考:https://blog.51cto.com/u_14814545/5151661
1.3勾选虚拟化功能
1.4重命名网卡名为eth0
关闭防火墙/NetworkManager/selinux
常用软件安装
参考:https://blog.51cto.com/u_14814545/5151467
1.5更改主机名
[root@localhost ~]# hostnamectl set-hostname control1
[root@localhost ~]# hostnamectl set-hostname control2
[root@localhost ~]# hostnamectl set-hostname haproxy
[root@localhost ~]# hostnamectl set-hostname node1
[root@localhost ~]# hostnamectl set-hostname node2
[root@localhost ~]# hostnamectl set-hostname mariadb
[root@localhost ~]# hostnamectl set-hostname mariadb2
1.6参数优化
参考:https://blog.51cto.com/u_14814545/5150772
1.7时间同步
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
echo "* * * * * * /usr/sbin/ntpdate ntp2.aliyun.com && /usr/sbin/hwclock -w " > /var/spool/cron/root
2.安装部署
ip地址 | |
control1 | 192.168.47.23 |
control2 | 192.168.47.24 |
haproxy/keepalived | 192.168.47.25|vip:192.168.47.30 |
node1 | 192.168.47.26 |
node2 | 192.168.47.27 |
mariadb | 192.168.47.28 |
mariadb2 | 192.168.47.29 |
memcached | 192.168.47.28 |
rabbitmq | 192.168.47.28 |
rabbitmq | 192.168.47.29 |
参考文档:https://docs.openstack.org/install-guide/index.html
2.1基础安装
#1.yum源安装
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#yum源
http://mirror.centos.org/centos/7/cloud/x86_64/
#其他版本yum源
yum install https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-liberty/centos-release-openstack-liberty-1-3.el7.noarch.rpm
yum instal l https://repos.fedorapeople.org/repos/openstack/EOL/openstack-liberty/rdo-release-liberty-5.noarch.rpm
在CentOS中,extras仓库提供用于启用OpenStack仓库的RPM包。CentOS默认启用extras仓库,因此你可以直接安装
用于启用OpenStack仓库的包。
#2.列出openstack版本
yum list centos-release-openstack*
控制节点和计算节点安装
#1.
[root@control1 ~]# yum install centos-release-openstack-queens.noarch -y
#2.下载和安装RDO仓库RPM来启用OpenStack仓库
yum install -y https://rdoproject.org/repos/rdo-release.rpm
如果打不开,就把包下载下来安装
yum install -y rdo-release-train-1.noarch.rpm
#3.openstack客户端
yum install -y python-openstackclient openstack-selinux
#说明:如果没有启用selinux,可以不安装openstack-selinux包
#4.安装依赖包
yum install python2-qpid-proton -y
2.2数据库安装
#1.mysql与控制端不是同一服务器,需要安装python2-PyMySQL包
[root@control1 ~]# yum install -y python2-PyMySQL mariadb
#2.
[root@mariadb ~]# yum install mariadb mariadb-server -y
#3.配置文件
[root@mariadb ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
#4.
[root@mariadb ~]# grep -Ev "^($|#)" /etc/my.cnf
[mysqld]
user=mysql
datadir=/data/mysql
innodb_file_per_table=1
relay-log=/data/mysql
server-id=10
log-error=/data/mysql-log/mysql_error.txt
log-bin=/data/mysql-binlog/master-log
long_query_time=5
slow_query_log=1
slow_query_log_file=/data/mysql-log/slow_mysql.txt
max_connections=1000
bind-address=0.0.0.0
socket=/var/lib/mysql/mysql.sock
symbolic-links=0
[client]
port=3306
socket=/var/lib/mysql/mysql.sock
[mysqld_safe]
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
!includedir /etc/my.cnf.d
#5.
[root@mariadb ~]# mkdir -pv /data/{mysql,mysql-log,mysql-binlog}
[root@mariadb ~]# chown mysql.mysql /data/ -R
#6.
[root@mariadb ~]# systemctl start mariadb && systemctl enable mariadb
#7.安全策略(非必须)
mysql_secure_installation
2.3memcached
#1.memcached 与控制端不是同一服务器,需要安装python-memcached包
[root@control1 ~]# yum install -y python-memcached
#2.
[root@mariadb ~]# yum install memcached -y
#3.
[root@mariadb ~]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="4096"
CACHESIZE="1024"
OPTIONS="-l 0.0.0.0,::1"
#4.
[root@mariadb ~]# systemctl start memcached && systemctl enable memcached
[root@mariadb ~]# systemctl status memcached
2.4rabbitmq
参考:https://blog.51cto.com/u_14814545/5151837
2.5keepalived/haproxy
[root@haproxy ~]# yum install keepalived haproxy -y
[root@haproxy network-scripts]# vim /etc/keepalived/keepalived.conf
------------------------------------------------------------
virtual_ipaddress {
192.168.47.30/24 dev eth0 label:eth0:1
}
[root@haproxy network-scripts]# vim /etc/haproxy/haproxy.cfg
-------------------------------------------------------------------------
timeout connect 300000ms
timeout client 300000ms
timeout server 300000ms
listen openstack_mysql_port
bind 192.168.47.30:3306
mode tcp
log global
server 192.168.47.28 192.168.47.28:3306 check inter 3000 fall 2 rise 5
listen openstack_rabbitmq_port
bind 192.168.47.30:5672
mode tcp
log global
server 192.168.47.28 192.168.47.28:5672 check inter 3000 fall 2 rise 5
listen openstack_memcached_port
bind 192.168.47.30:11211
mode tcp
log global
server 192.168.47.28 192.168.47.28:11211 check inter 3000 fall 2 rise 5
listen status_page
bind 0.0.0.0:8888
stats enable
stats uri /haproxy-status
stats auth admin:taowenwu
stats realm "Welcome to the haproxy load balancer status page of taowenwu"
访问状态页:http://192.168.47.30:8888/haproxy-status
测试
telnet 192.168.47.30 5672
telnet 192.168.47.30 11211
2.6keystone
官网参考:https://docs.openstack.org/keystone/pike/install/
2.6.1数据库创建
[root@mariadb ~]# mysql -uroot -p123456
MariaDB [(none)]> create database keystone;
MariaDB [(none)]> grant all on keystone.* to 'keystone'@'%' identified by 'keystone123';
#测试
[root@control1 ~]# mysql -ukeystone -h192.168.47.28 -pkeystone123
2.6.2包安装
[root@control1 ~]# yum install -y openstack-keystone httpd mod_wsgi mariadb
openstack-keystone: #keystone服务
httpd : #web服务
mod_wsgi: #python的通用网关
2.6.3配置文件修改
[root@control1 ~]# cat /etc/hosts
192.168.47.30 openstack-linux47-vip.taowenwu.net #192.168.47.30为keepalived的vip
[root@control1 ~]# mysql -ukeystone -h openstack-linux47-vip.taowenwu.net -pkeystone123
#临时生成token
[root@control1 ~]# openssl rand -hex 10
e1998377394b0ba2c07b
[root@control1 ~]# grep -Ev "^($|#)" /etc/keystone/keystone.conf |grep -v -B 1 "^\["
----------------------------------------------------------------------------------------------
[DEFAULT]
admin_token = e1998377394b0ba2c07b #让拥有管理员权限,解决没有admin账户密码
--
[database]
connection = mysql+pymysql://keystone:keystone123@openstack-linux47-vip.taowenwu.net/keystone
--
[token]
provider = fernet
----------------------------------------------------------------------------------------------
2.6.4初始化
#初始化及验证数据库,会在数据库创建默认表等操作;会验证keystone的配置文件
[root@control1 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#日志
ll /var/log/keystone/keystone.log
#初始化证书并验证
[root@control1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@control1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@control1 ~]# ll /etc/keystone/fernet-keys/
total 8
-rw------- 1 keystone keystone 44 Mar 29 22:26 0
-rw------- 1 keystone keystone 44 Mar 29 22:26 1
2.6.5/usr/share/keystone/wsgi-keystone.conf替换
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
Alias /identity /usr/bin/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
Alias /identity_admin /usr/bin/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
通过apache代理python
[root@control1 ~]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.47.23:80
[root@control1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@control1 ~]# systemctl enable httpd && systemctl start httpd
2.6.6创建域、用户、项目、角色
#通过admin的token设置环境变量进行操作;直接声明token,绕过admin的验证
[root@control1 ~]# export OS_TOKEN=e1998377394b0ba2c07b
[root@control1 ~]# export OS_URL=http://192.168.47.23:35357/v3 #192.168.47.23为当前控制端主机Ip地址
[root@control1 ~]# export OS_IDENTITY_API_VERSION=3
[root@control1 ~]# export OS_AUTH_URL=http://192.168.47.23:35357/v3
#不知道为啥不行,之前做过好像是可以的?? 以上设置还是需要输入密码
根据官方网站执行如下命令
keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://192.168.47.23:35357/v3/ \
--bootstrap-internal-url http://192.168.47.23:5000/v3/ \
--bootstrap-public-url http://192.168.47.23:5000/v3/ \
--bootstrap-region-id RegionOne
官网参考:https://docs.openstack.org/keystone/queens/install/keystone-install-rdo.html
执行source admin.sh,因为执行了这个admin.sh,所以下面的admin项目可以不用执行了
#admin.sh
---------------------------------
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://192.168.47.23:35357/v3
export OS_IDENTITY_API_VERSION=3
#创建域
openstack domain create --description "Default Domain" default
#创建admin项目
openstack project create --domain default --description "Admin Project" admin #创建项目
openstack user create --domain default --password-prompt admin #创建用户
openstack role create admin #创建角色,角色只能创建在/etc/keystone/policy.json文件中
openstack role add --project admin --user admin admin #账户和角色的关联
#创建demon项目
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
#创建service项目
openstack project create --domain default --description "Service Project" service
2.6.7服务注册
#将keystone 服务地址注册到openstack
#创建一个service
openstack service create --name keystone --description "OpenStack Identity" identity
测试
openstack domain list
openstack project list
openstack user list
openstack role list
openstack service list
2.6.8创建endpoint
#公共端点公共端点
openstack endpoint create --region RegionOne identity public http://openstack-linux47-vip.taowenwu.net:5000/v3
#私有端点
openstack endpoint create --region RegionOne identity internal http://openstack-linux47-vip.taowenwu.net:5000/v3
#管理端点
openstack endpoint create --region RegionOne identity admin http://openstack-linux47-vip.taowenwu.net:35357/v3
openstack endpoint list
2.6.9haproxy
listen keystone-public-url
bind 192.168.47.30:5000
mode tcp
log global
balance source
server 192.168.47.23 192.168.47.23:5000 check inter 5000 rise 3 fall 3 #重要事情:该地址一定是控制端的ip地址
server 192.168.47.24 192.168.47.24:5000 check inter 5000 rise 3 fall 3 backup
listen keystone-admin-url
bind 192.168.47.30:35357
mode tcp
log global
balance source
server 192.168.47.23 192.168.47.23:35357 check inter 5000 rise 3 fall 3
server 192.168.47.24 192.168.47.24:35357 check inter 5000 rise 3 fall 3 backup
测试
[root@control1 ~]# telnet 192.168.47.23 5000
[root@control1 ~]# telnet 192.168.47.23 35357
2.6.10测试keystone是否可以做用户验证
[root@control1 ~]# cat admin.sh
------------------------------------------------------------------------------------
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://openstack-linux47-vip.taowenwu.net:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@control1 ~]# cat demo.sh
------------------------------------------------------------------------------------
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-linux47-vip.taowenwu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
openstack --os-auth-url http://openstack-linux47-vip.taowenwu.net:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://192.168.47.23:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
2.6.11高可用
#1.执行[2.1基础安装]的命令
#2.
[root@control2 ~]# mkdir /etc/keystone/
[root@control2 ~]# mkdir /usr/share/keystone/
[root@control1 ~]# cd /etc/keystone/
[root@control1 keystone]# tar czvf keystone-conller1.tar.gz ./*
[root@control1 keystone]# scp keystone-conller1.tar.gz 192.168.47.24:/etc/keystone
[root@control2 keystone]# yum install -y openstack-keystone httpd mod_wsgi mariadb
[root@control1 keystone]# scp /usr/share/keystone/wsgi-keystone.conf 192.168.47.24:/usr/share/keystone/wsgi-keystone.conf
[root@control2 keystone]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@control1 keystone]# scp /etc/hosts 192.168.47.24:/etc/hosts
[root@control1 keystone]# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.47.24:80
[root@control2 keystone]# systemctl restart httpd
2.7镜像服务:glance
官网参考:https://docs.openstack.org/glance/queens/install/
2.7.1数据库操作
[root@mariadb ~]# mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
2.7.2控制端创建
2.7.2.1管理员权限创建账户
[root@control1 keystone]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 7bd3eb33d852413583cf4c532e9ce8d9 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@control1 keystone]# openstack role add --project service --user glance admin
[root@control1 keystone]# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 05652a1120474a879a346d548992d0e2 | admin |
| 5a523998edcb4c558a4dd13b351c4dc4 | demo |
| 7bd3eb33d852413583cf4c532e9ce8d9 | glance |
+----------------------------------+--------+
[root@control1 keystone]# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 4ef6901562614fa08d42804c9f85e59f | member |
| b842fd1089f9468a9fe784007f844ab6 | reader |
| e5a45f33efd34bc89823b56b45d4fada | user |
| f71347fa0cbc49e7a0701ccc49cc66a3 | admin |
+----------------------------------+--------+
2.7.2.2创建实体
[root@control1 keystone]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 802cf7dad97a42f28320528611c7e54f |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@control1 keystone]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 61ac057ec7064661beb5e228cbadd308 | keystone | identity |
| 802cf7dad97a42f28320528611c7e54f | glance | image |
2.7.2.3创建镜像服务的API端点(多个控制端时,一个控制端注册即可)
openstack endpoint create --region RegionOne image public http://openstack-linux47-vip.taowenwu.net:9292
openstack endpoint create --region RegionOne image internal http://openstack-linux47-vip.taowenwu.net:9292
openstack endpoint create --region RegionOne image admin http://openstack-linux47-vip.taowenwu.net:9292
[root@control1 keystone]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------------+
| 07ec9e74c95443bc9b02e3a5a6b8b836 | RegionOne | glance | image | True | admin | http://openstack-linux47-vip.taowenwu.net:9292 |
| 1668776783414e2fb1bb39a6e7a88277 | RegionOne | keystone | identity | True | admin | http://openstack-linux47-vip.taowenwu.net:35357/v3 |
| 206bcdf3411e40ec9eb8e7654a45a2f1 | RegionOne | glance | image | True | internal | http://openstack-linux47-vip.taowenwu.net:9292 |
| 92e3b4a5c45f4fdb995ebbae1beb3d45 | RegionOne | glance | image | True | public | http://openstack-linux47-vip.taowenwu.net:9292 |
| 979f9d5b76a44c6d905f84c033326d56 | RegionOne | keystone | identity | True | internal | http://openstack-linux47-vip.taowenwu.net:5000/v3 |
| e1ddfb841f1343e6949ff6e7c1bde326 | RegionOne | keystone | identity | True | public | http://openstack-linux47-vip.taowenwu.net:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------------------------------+
2.7.3配置文件的修改
控制端安装服务(每个控制端都需安装)
yum install openstack-glance -y/etc/glance/glance-api.conf
[root@control1 keystone]# grep -Ev "^(#|$)" /etc/glance/glance-api.conf |grep -v -B 1 "^\["
[database]
connection = mysql+pymysql://glance:glance123@openstack-linux47-vip.taowenwu.net/glance
[file]
filesystem_store_datadir = /var/lib/glance/images
--
[glance_store]
stores = file,http
default_store = file
--
[keystone_authtoken]
www_authenticate_uri = http://openstack-linux47-vip.taowenwu.net:5000
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
memcached_servers = openstack-linux47-vip.taowenwu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
--
[paste_deploy]
flavor = keystone
/etc/glance/glance-registry.conf
[root@control1 keystone]# grep -Ev "^(#|$)" /etc/glance/glance-registry.conf |grep -v -B 1 "^\["
[database]
connection = mysql+pymysql://glance:glance123@openstack-linux47-vip.taowenwu.net/glance
[keystone_authtoken]
www_authenticate_uri = http://openstack-linux47-vip.taowenwu.net:5000
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
memcached_servers = openstack-linux47-vip.taowenwu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
--
[paste_deploy]
flavor = keystone
2.7.4启动
#写入镜像服务数据库:
su -s /bin/sh -c "glance-manage db_sync" glance #不需要服务是启动的
#启动服务
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
[root@control1 keystone]# ll /var/lib/glance/
total 0
drwxr-x--- 2 glance glance 6 Mar 30 22:42 images
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance |
+----------------------------------+
| alembic_version |
| image_locations |
| image_members |
| image_properties |
| image_tags |
| images |
| metadef_namespace_resource_types |
| metadef_namespaces |
| metadef_objects |
| metadef_properties |
| metadef_resource_types |
| metadef_tags |
| migrate_version |
| task_info |
| tasks |
+----------------------------------+
2.7.5haproxy
listen openstack_glance_port
bind 192.168.47.30:9292
mode tcp
log global
balance source
server 192.168.47.23 192.168.47.23:9292 check inter 5000 rise 3 fall 3
server 192.168.47.24 192.168.47.24:9292 check inter 5000 rise 3 fall 3 backup
2.7.6验证glance服务是否可用
[root@control1 images]# openstack image list #没有结果正常
[root@control1 images]# glance image-list #结果为空正常
+----+------+
| ID | Name |
+----+------+
+----+------+
2.7.7挂载存储
[root@mariadb ~]# yum install nfs-utils -y
[root@mariadb ~]# mkdir /openstack/glance -p
[root@mariadb ~]# cat /etc/exports
/openstack/glance *(rw,no_root_squash)
[root@mariadb ~]# systemctl start nfs
[root@mariadb ~]# systemctl enable nfs
修改了nfs配置文件,在不启动nfs服务,让配置文件生效
exportfs -r/-ar
[root@control1 keystone]# yum install nfs-utils
[root@control1 keystone]# showmount -e 192.168.47.28
Export list for 192.168.47.28:
/openstack/glance *
[root@control1 keystone]# systemctl stop openstack-glance-api.service
[root@control1 keystone]# mount -t nfs 192.168.47.28:/openstack/glance /var/lib/glance/images
[root@control1 keystone]# systemctl restart openstack-glance-api.service openstack-glance-registry.service
[root@control1 keystone]# vim /etc/hosts
192.168.47.28 www.taowenwu.com
[root@control1 keystone]# vim /etc/fstab
www.taowenwu.com:/openstack/glance /var/lib/glance/images nfs defaults,_netdev 0 0 #_netdev表示网络设备,如果开机挂不上,会跳过
[root@control1 keystone]# mount -a
2.7.8验证测试
[root@mariadb glance]# cd /openstack/glance
[root@mariadb glance]# wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
[root@mariadb glance]# ls
cirros-0.3.5-x86_64-disk.img
[root@control1 keystone]# id glance
uid=161(glance) gid=161(glance) groups=161(glance)
[root@mariadb glance]# chown 161.161 -R /openstack/glance
[root@control1 keystone]# systemctl restart openstack-glance-api.service openstack-glance-registry.service
[root@control1 keystone]# systemctl status openstack-glance-api.service openstack-glance-registry.service httpd
#使用QCOW2磁盘格式,bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它:
[root@control1 images]# cd /var/lib/glance/images/
openstack image create "cirros-0.3.5" \
--file /var/lib/glance/images/cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare --public
[root@control1 glance]# openstack image list
+--------------------------------------+--------------+--------+
| ID | Name | Status |
+--------------------------------------+--------------+--------+
| db81df16-8e07-49a6-9169-a3ff1a70145c | cirros-0.3.5 | active |
+--------------------------------------+--------------+--------+
2.7.9高可用
[root@control1 images]# cd /etc/glance
[root@control1 glance]# tar czvf glance-conller1.tar.gz ./*
[root@control1 glance]# scp glance-conller1.tar.gz 192.168.47.24:/etc/glance/
[root@control1 glance]# scp /etc/fstab 192.168.47.24:/etc/fstab
[root@control1 glance]# scp /etc/hosts 192.168.47.24:/etc/hosts
[root@control2 ~]# mkidr /etc/glance/
[root@control2 ~]# cd /etc/glance/
[root@control2 glance]# tar xf glance-conller1.tar.gz .
[root@control2 glance]# mkdir /var/lib/glance/images
[root@control2 glance]# chown glance.glance -R /var/lib/glance/images
[root@control2 glance]# yum install nfs-utils -y
[root@control2 glance]# mount -a
[root@control2 glance]# systemctl start openstack-glance-api.service openstack-glance-registry.service httpd
[root@control2 glance]# systemctl status openstack-glance-api.service openstack-glance-registry.service httpd
[root@control1 glance]# cat /etc/fstab
www.taowenwu.com:/openstack/glance /var/lib/glance/images nfs defaults,_netdev 0 0
[root@control1 glance]# cat /etc/hosts
192.168.47.30 openstack-linux47-vip.taowenwu.net
192.168.47.28 www.taowenwu.com
#手动挂载
mount -t nfs 192.168.47.28:/openstack/glance /var/lib/glance/image
mount -o remount /var/lib/glance/images #重新挂载
测试:停止control1
[root@control1 glance]# systemctl stop openstack-glance-api.service openstack-glance-registry.service
[root@control1 glance]# openstack image list
+--------------------------------------+--------------+--------+
| ID | Name | Status |
+--------------------------------------+--------------+--------+
| db81df16-8e07-49a6-9169-a3ff1a70145c | cirros-0.3.5 | active |
+--------------------------------------+--------------+--------+
数据同步
[root@mariadb ~]# yum install rsync -y
[root@mariadb ~]# mkdir /data/tao
[root@mariadb ~]# rsync -avlopg /openstack/glance/ /data/tao/
------------------------------------------------------------------------
sending incremental file list
./
cirros-0.3.5-x86_64-disk.img
db81df16-8e07-49a6-9169-a3ff1a70145c
sent 26,542,628 bytes received 57 bytes 53,085,370.00 bytes/sec
total size is 26,535,936 speedup is 1.00
------------------------------------------------------------------------
[root@mariadb ~]# ll /data/tao/
total 25920
-rw-r--r-- 1 161 161 13267968 Dec 7 15:53 cirros-0.3.5-x86_64-disk.img
-rw-r----- 1 161 161 13267968 Mar 31 13:49 db81df16-8e07-49a6-9169-a3ff1a70145c
2.8计算服务:nova控制端服务
官网参考文档:https://docs.openstack.org/nova/queens/install/
2.8.1数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
#测试
[root@control1 ~]# mysql -unova -h openstack-linux47-vip.taowenwu.net -pnova123
2.8.2控制端操作
[root@control1 ~]# openstack user create --domain default --password-prompt nova
[root@control1 ~]# openstack role add --project service --user nova admin
[root@control1 ~]# openstack service create --name nova --description "OpenStack Compute" compute
[root@control1 ~]# openstack endpoint create --region RegionOne compute public http://openstack-linux47-vip.taowenwu.net:8774/v2.1
[root@control1 ~]# openstack endpoint create --region RegionOne compute internal http://openstack-linux47-vip.taowenwu.net:8774/v2.1
[root@control1 ~]# openstack endpoint create --region RegionOne compute admin http://openstack-linux47-vip.taowenwu.net:8774/v2.1
--------------------------------------------------------------------------------------------------------------------
[root@control1 ~]# openstack user create --domain default --password-prompt placement
[root@control1 ~]# openstack role add --project service --user placement admin
[root@control1 ~]# openstack service create --name placement --description "Placement API" placement
[root@control1 ~]# openstack endpoint create --region RegionOne placement public http://openstack-linux47-vip.taowenwu.net:8778
[root@control1 ~]# openstack endpoint create --region RegionOne placement internal http://openstack-linux47-vip.taowenwu.net:8778
[root@control1 ~]# openstack endpoint create --region RegionOne placement admin http://openstack-linux47-vip.taowenwu.net:8778
openstack user list
openstack role list
openstack service list
2.8.2haproxy
listen openstack_nova_port_8774
bind 192.168.47.30:8774
mode tcp
log global
server 192.168.47.23 192.168.47.23:8774 check inter 3000 fall 2 rise 5
server 192.168.47.24 192.168.47.24:8774 check inter 3000 fall 2 rise 5 backup
listen openstack_nova_port_8778
bind 192.168.47.30:8778
mode tcp
log global
server 192.168.47.23 192.168.47.23:8778 check inter 3000 fall 2 rise 5
server 192.168.47.24 192.168.47.24:8778 check inter 3000 fall 2 rise 5 backup
listen openstack_nova_port_6080
bind 192.168.47.30:6080
mode tcp
log global
server 192.168.47.23 192.168.47.23:6080 check inter 3000 fall 2 rise 5
server 192.168.47.24 192.168.47.24:6080 check inter 3000 fall 2 rise 5 backup
2.8.3安装包
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
这儿反反复复搞都是缺包,找到相应的包安装了(我安装的openstack-nova-common-17.0.13-1.el7.noarch.rpm和python-nova-17.0.13-1.el7.noarch.rpm),还是提缺,懵逼......
包下载地址参考:
http://mirror.centos.org/centos/7/cloud/x86_64/openstack-queens/Packages/o/
http://mirror.centos.org/centos/7/cloud/x86_64/openstack-queens/Packages/p/
最后调整了yum源结果又安装上了,更一脸的懵逼.......
调整yum源如下图
2.8.4配置文件修改
/etc/nova/nova.conf
[root@control1 ~]# grep -Ev "^(#|$)" /etc/nova/nova.conf |grep -v -B 1 "^\["
[DEFAULT]
enabled_apis = osapi_compute,metadata
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver #firewall是python的一个脚本
transport_url = rabbit://openstack:openstack123@openstack-linux47-vip.taowenwu.net
[api]
auth_strategy=keystone
[api_database]
connection = mysql+pymysql://nova:nova123@openstack-linux47-vip.taowenwu.net/nova_api
--
[database]
connection = mysql+pymysql://nova:nova123@openstack-linux47-vip.taowenwu.net/nova
--
[glance]
api_servers = http://openstack-linux47-vip.taowenwu.net:9292
--
[keystone_authtoken]
auth_uri = http://openstack-linux47-vip.taowenwu.net:5000
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
memcached_servers = openstack-linux47-vip.taowenwu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
--
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
--
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-linux47-vip.taowenwu.net:35357/v3
username = placement
password = placement
--
[vnc]
enabled=true
server_listen=192.168.47.23 #本机ip或0.0.0.0
server_proxyclient_address=192.168.47.23
/usr/lib/python2.7/site-packages/nova/virt/firewall.py
2.8.5修复bug
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
2.8.6启动
systemctl restart httpd
#初始化数据库
[root@control1 ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@control1 ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@control1 ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
9b1149fb-7c8b-4643-8a8f-48f74648a1ac
[root@control1 ~]# su -s /bin/sh -c "nova-manage db sync" nova
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
#日志:
tail -f /var/log/nova/*
2.8.7高可用
#1.
[root@control1 nova]# cd /etc/nova/
[root@control1 nova]# ll
total 384
-rw-r----- 1 root nova 2923 Oct 30 2019 api-paste.ini
-rw-r----- 1 root nova 373295 Mar 31 22:08 nova.conf
-rw-r----- 1 root nova 4 Oct 31 2019 policy.json
-rw-r--r-- 1 root root 64 Oct 31 2019 release
-rw-r----- 1 root nova 966 Oct 30 2019 rootwrap.conf
[root@control1 nova]# tar czvf nova.tar.gz ./*
./api-paste.ini
./nova.conf
./policy.json
./release
./rootwrap.conf
#2.
[root@control2 ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
#3.
[root@control1 nova]# scp nova.tar.gz 192.168.47.24:/etc/nova
#4.
[root@control2 ~]# cd /etc/nova/
[root@control2 nova]# ll
total 476
-rw-r----- 1 root nova 2923 Oct 30 2019 api-paste.ini
-rw-r----- 1 root nova 372317 Oct 31 2019 nova.conf
-rw-r--r-- 1 root root 96466 Mar 31 22:50 nova.tar.gz
-rw-r----- 1 root nova 4 Oct 31 2019 policy.json
-rw-r--r-- 1 root root 64 Oct 31 2019 release
-rw-r----- 1 root nova 966 Oct 30 2019 rootwrap.conf
[root@control2 nova]# tar xf nova.tar.gz .
[root@control2 nova]# grep 192.* ./*
./nova.conf:# 1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
./nova.conf:server_listen=192.168.47.23
./nova.conf:server_proxyclient_address=192.168.47.23
#5.
[root@control2 nova]# vim nova.conf
server_proxyclient_address=192.168.47.24
server_listen=192.168.47.24
#6.
vim /etc/httpd/conf.d/00-nova-placement-api.conf
#7.
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@control2 nova]# systemctl restart httpd
验证
[root@control1 nova]# nova service-list
+--------------------------------------+------------------+----------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
+--------------------------------------+------------------+----------+----------+---------+-------+----------------------------+-----------------+-------------+
| cacab410-7ee1-4784-b08d-bb88107dd6ba | nova-consoleauth | control1 | internal | enabled | up | 2022-03-31T15:01:34.000000 | - | False |
| be43a3f0-0cac-428d-ae81-5c6ba31e1d9e | nova-scheduler | control1 | internal | enabled | up | 2022-03-31T15:01:34.000000 | - | False |
| f7153afa-2a9e-4356-b753-3040ded894ae | nova-conductor | control1 | internal | enabled | up | 2022-03-31T15:01:34.000000 | - | False |
| fff83c78-6aae-4928-be04-3d56a0f53c50 | nova-consoleauth | control2 | internal | enabled | up | 2022-03-31T15:01:38.000000 | - | False |
| 35309b83-e9cb-41a7-a7d0-9507068b61bf | nova-scheduler | control2 | internal | enabled | up | 2022-03-31T15:01:38.000000 | - | False |
| dac2431d-70ae-4121-b6ec-393deaae2cc2 | nova-conductor | control2 | internal | enabled | up | 2022-03-31T15:01:34.000000 | - | False |
+--------------------------------------+------------------+----------+----------+---------+-------+----------------------------+-----------------+-------------+
[root@control1 nova]# nova-manage cell_v2 list_cells
+-------+--------------------------------------+------------------------------------------------------------+-------------------------------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------------------------------+-------------------------------------------------------------------------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-linux47-vip.taowenwu.net/nova_cell0 |
| cell1 | 9b1149fb-7c8b-4643-8a8f-48f74648a1ac | rabbit://openstack:****@openstack-linux47-vip.taowenwu.net | mysql+pymysql://nova:****@openstack-linux47-vip.taowenwu.net/nova |
+-------+--------------------------------------+------------------------------------------------------------+-------------------------------------------------------------------------+
[root@control1 nova]# openstack compute service list
+----+------------------+----------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+----------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | control1 | internal | enabled | up | 2022-03-31T15:02:34.000000 |
| 2 | nova-scheduler | control1 | internal | enabled | up | 2022-03-31T15:02:24.000000 |
| 3 | nova-conductor | control1 | internal | enabled | up | 2022-03-31T15:02:24.000000 |
| 7 | nova-consoleauth | control2 | internal | enabled | up | 2022-03-31T15:02:28.000000 |
| 8 | nova-scheduler | control2 | internal | enabled | up | 2022-03-31T15:02:28.000000 |
| 9 | nova-conductor | control2 | internal | enabled | up | 2022-03-31T15:02:34.000000 |
+----+------------------+----------+----------+---------+-------+----------------------------+
2.9计算服务:nova计算节点
2.9.1yum源及包安装
[root@node1 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@node1 ~]# yum install centos-release-openstack-queens.noarch -y
[root@node1 ~]# yum install -y python-openstackclient openstack-selinux
[root@node1 ~]# yum install -y openstack-nova-compute
2.9.2配置文件修改
/etc/nova/nova.conf
[root@node1 ~]# grep -Ev "^(#|$)" /etc/nova/nova.conf |grep -v -B 1 "^\["
[DEFAULT]
transport_url = rabbit://openstack:openstack123@openstack-linux47-vip.taowenwu.net
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
[api]
auth_strategy=keystone
--
[glance]
api_servers = http://openstack-linux47-vip.taowenwu.net:9292
--
[keystone_authtoken]
auth_uri = http://openstack-linux47-vip.taowenwu.net:5000
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
memcached_servers = openstack-linux47-vip.taowenwu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
--
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
--
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-linux47-vip.taowenwu.net:35357/v3
username = placement
password = placement
--
[vnc]
enabled=true
server_listen=192.168.47.26
server_proxyclient_address=192.168.47.26
novncproxy_base_url = http://openstack-linux47-vip.taowenwu.net:6080/vnc_auto.html
2.9.3确定计算节点是否支持虚拟机的硬件加速
[root@node1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo #只要不是0就表示支持,如果不支持就需要如下设置
4
vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu
2.9.4修改host文件
[root@node1 ~]# vim /etc/hosts
192.168.47.30 openstack-linux47-vip.taowenwu.net
2.9.5启动
#启动计算服务及其依赖,并将其配置为随系统自动启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
2.9.6控制端修改
#控制端扫描计算节点
/etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
2.9.7控制端验证
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova #手动方式发现计算节点
[root@control1 nova]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 9b1149fb-7c8b-4643-8a8f-48f74648a1ac
Checking host mapping for compute host 'node1': 94553020-3285-4737-b4de-36afba88a8fc
Creating host mapping for compute host 'node1': 94553020-3285-4737-b4de-36afba88a8fc
Found 1 unmapped computes in cell: 9b1149fb-7c8b-4643-8a8f-48f74648a1ac
[root@control1 nova]# openstack hypervisor list
+----+---------------------+-----------------+---------------+-------+
| ID | Hypervisor Hostname | Hypervisor Type | Host IP | State |
+----+---------------------+-----------------+---------------+-------+
| 1 | node1 | QEMU | 192.168.47.26 | up |
+----+---------------------+-----------------+---------------+-------+
2.9.8控制端查看
openstack service list
nova service-list
openstack compute service list #计算服务
openstack catalog list
nova-status upgrade check
openstack image list
glance image-list
2.9.9高可用
#1.
[root@node2 ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
[root@node2 ~]# yum install centos-release-openstack-queens.noarch -y
[root@node2 ~]# yum install -y python-openstackclient openstack-selinux
[root@node2 ~]# yum install -y openstack-nova-compute
#2.
[root@node1 ~]# cd /etc/nova/
[root@node1 nova]# ll
total 384
-rw-r----- 1 root nova 2923 Oct 30 2019 api-paste.ini
-rw-r----- 1 root nova 373173 Mar 31 23:30 nova.conf
-rw-r----- 1 root nova 4 Oct 31 2019 policy.json
-rw-r--r-- 1 root root 64 Oct 31 2019 release
-rw-r----- 1 root nova 966 Oct 30 2019 rootwrap.conf
[root@node1 nova]# tar czvf nova.tar.gz ./*
./api-paste.ini
./nova.conf
./policy.json
./release
./rootwrap.conf
[root@node1 nova]# scp nova.tar.gz 192.168.47.27:/etc/nova/
[root@node1 nova]# scp /etc/hosts 192.168.47.27:/etc/hosts
#3.
[root@node2 ~]# cd /etc/nova/
[root@node2 nova]# tar xf nova.tar.gz .
[root@node2 nova]# grep 192.* *
nova.conf:# 1024x768, 1280x1024, 1600x1200, 1920x1200, 2560x1600, 3840x2160
nova.conf:server_listen=192.168.47.26
nova.conf:server_proxyclient_address=192.168.47.26
[root@node2 nova]# vim nova.conf
nova.conf:server_listen=192.168.47.27
nova.conf:server_proxyclient_address=192.168.47.27
#4.
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
控制端查看
[root@control1 ~]# nova service-list
+--------------------------------------+------------------+----------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
+--------------------------------------+------------------+----------+----------+---------+-------+----------------------------+-----------------+-------------+
| cacab410-7ee1-4784-b08d-bb88107dd6ba | nova-consoleauth | control1 | internal | enabled | up | 2022-03-31T23:55:21.000000 | - | False |
| be43a3f0-0cac-428d-ae81-5c6ba31e1d9e | nova-scheduler | control1 | internal | enabled | up | 2022-03-31T23:55:18.000000 | - | False |
| f7153afa-2a9e-4356-b753-3040ded894ae | nova-conductor | control1 | internal | enabled | up | 2022-03-31T23:55:24.000000 | - | False |
| fff83c78-6aae-4928-be04-3d56a0f53c50 | nova-consoleauth | control2 | internal | enabled | up | 2022-03-31T23:55:21.000000 | - | False |
| 35309b83-e9cb-41a7-a7d0-9507068b61bf | nova-scheduler | control2 | internal | enabled | up | 2022-03-31T23:55:18.000000 | - | False |
| dac2431d-70ae-4121-b6ec-393deaae2cc2 | nova-conductor | control2 | internal | enabled | up | 2022-03-31T23:55:24.000000 | - | False |
| d7b122fa-c7cf-4073-bdda-e0fb0d60f4b0 | nova-compute | node1 | nova | enabled | up | 2022-03-31T23:55:26.000000 | - | False |
| 85eb9b8c-e7fc-4602-b3c4-b7ca5d1d59d1 | nova-compute | node2 | nova | enabled | up | - | - | False |
+--------------------------------------+------------------+----------+----------+---------+-------+----------------------------+-----------------+-------------+
2.10网络服务:neutron
官方文档参考:https://docs.openstack.org/neutron/queens/install/
2.10.1neutron控制端
2.10.1.1数据库
[root@mariadb ~]# mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
#测试
[root@control1 ~]# mysql -uneutron -h openstack-linux47-vip.taowenwu.net -pneutron123
2.10.1.2控制端创建
#创建服务证书
[root@control1 ~]# openstack user create --domain default --password-prompt neutron
[root@control1 ~]# openstack role add --project service --user neutron admin
#创建neutron服务实体
[root@control1 ~]# openstack service create --name neutron --description "OpenStack Networking" network
#创建网络服务API端点
[root@control1 ~]# openstack endpoint create --region RegionOne network public http://openstack-linux47-vip.taowenwu.net:9696
[root@control1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-linux47-vip.taowenwu.net:9696
[root@control1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-linux47-vip.taowenwu.net:9696
openstack user list
openstack service list
openstack endpoint list
2.10.1.3网络
Networking Option 1: Provider networks(提供者网络)
Networking Option 2: Self-service networks(自服务网络)
提供者网络:采用尽可能简单的架构进行部署,只支持实例连接到公有网络(外部网络)。没有私有网络(个人网络),
路由器以及浮动IP地址。只有``admin``或者其他特权用户才可以管理公有网络
自服务网络:在选项1的基础上多了layer-3服务,支持实例连接到私有网络。demo或者其他没有特权的用户可以管
理自己的私有网络,包含连接公网和私网的路由器。另外,浮动IP地址可以让实例使用私有网络连接到外部网络,
例如互联网
典型的私有网络一般使用覆盖网络。覆盖网络,例如VXLAN包含了额外的数据头,这些数据头增加了开销,减少了有
效内容和用户数据的可用空间。在不了解虚拟网络架构的情况下,实例尝试用以太网 最大传输单元 (MTU) 1500字
节发送数据包。网络服务会自动给实例提供正确的MTU的值通过DHCP的方式。但是,一些云镜像并没有使用DHCP或者
忽视了DHCP MTU选项,要求使用元数据或者脚本来进行配置
#提供者网络(桥接);#自服务(自己创建网段)
本实验安装提供者网络
文档参考:https://docs.openstack.org/neutron/queens/install/controller-install-option1-rdo.html
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置文件修改
Networking 服务器组件的配置包括数据库、认证机制、消息队列、拓扑变化通知和插件
/etc/neutron/neutron.conf---配置服务组件
[root@control1 ~]# grep -Ev "^(#|$)" /etc/neutron/neutron.conf |grep -v -B 1 "^\["
[DEFAULT]
auth_strategy = keystone
core_plugin = ml2
service_plugins =
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:openstack123@openstack-linux47-vip.taowenwu.net
--
[database]
connection = mysql+pymysql://neutron:neutron123@openstack-linux47-vip.taowenwu.net/neutron
[keystone_authtoken]
auth_uri = http://openstack-linux47-vip.taowenwu.net:5000
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
memcached_servers = openstack-linux47-vip.taowenwu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
--
[nova]
auth_url = http://openstack-linux47-vip.taowenwu.netr:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = $state_path/lock
/etc/neutron/plugins/ml2/ml2_conf.ini---配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施
[root@control1 ~]# grep -Ev "^(#|$)" /etc/neutron/plugins/ml2/ml2_conf.ini |grep -v -B 1 "^\["
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = linux36
--
[securitygroup]
enable_ipset = true
/etc/neutron/plugins/ml2/linuxbridge_agent.ini---配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则
[root@control1 ~]# grep -Ev "^(#|$)" /etc/neutron/plugins/ml2/linuxbridge_agent.ini |grep -v -B 1 "^\["
[linux_bridge]
physical_interface_mappings = linux36:br0
--
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
/etc/neutron/dhcp_agent.ini---配置DHCP代理
[root@control1 ~]# grep -Ev "^(#|$)" /etc/neutron/dhcp_agent.ini |grep -v -B 1 "^\["
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
/etc/neutron/metadata_agent.ini--配置元数据代理
[root@control1 ~]# grep -Ev "^(#|$)" /etc/neutron/metadata_agent.ini |grep -v -B 1 "^\["
[DEFAULT]
nova_metadata_ip = openstack-linux47-vip.taowenwu.net
metadata_proxy_shared_secret = 20211012 #密码自己定义
/etc/nova/nova.conf--配置计算服务来使用网络服务
[root@control1 ~]# grep -Ev "^(#|$)" /etc/nova/nova.conf |grep -v -B 1 "^\["
[neutron]
url = http://openstack-linux47-vip.taowenwu.net:9696
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = 20211012
2.10.1.4haproxy 配置文件修改
listen openstack_neutron_port_9696
bind 192.168.47.30:9696
mode tcp
log global
server 192.168.47.23 192.168.47.23:9696 check inter 3000 fall 2 rise 5
server 192.168.47.24 192.168.47.24:9696 check inter 3000 fall 2 rise 5 backup
2.10.1.5启动服务
网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini 指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它:
[root@control1 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@control1 ~]# ll /etc/neutron/plugin.ini
lrwxrwxrwx 1 root root 37 Apr 1 09:18 /etc/neutron/plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini
#初始化:
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#重启计算API 服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
#对于自服务网络,同样启用layer-3服务并设置其随系统自启动
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
启动提示提示以下问题--暂时不管继续往后做...
[root@control1 ~]# tail -f /var/log/neutron/*.log
2022-04-01 19:14:59.712 3347 ERROR neutron.agent.l3.agent [-] An interface driver must be specified
2.10.2neutron计算服务
官方参考文档:https://docs.openstack.org/neutron/queens/install/compute-install-rdo.html
yum install openstack-neutron-linuxbridge ebtables ipset
2.10.2.1配置文件修改
/etc/neutron/neutron.conf--配置通用组件
[root@node1 ~]# grep -Ev "^(#|$)" /etc/neutron/neutron.conf |grep -v -B 1 "^\["
[DEFAULT]
transport_url = rabbit://openstack:openstack123@openstack-linux47-vip.taowenwu.net
auth_strategy = keystone
--
[keystone_authtoken]
auth_uri = http://openstack-linux47-vip.taowenwu.net:5000
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
memcached_servers = openstack-linux47-vip.taowenwu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
--
[oslo_concurrency]
lock_path = $state_path/lock
/etc/neutron/plugins/ml2/linuxbridge_agent.ini--配置Linuxbridge代理
[root@node1 ~]# grep -Ev "^(#|$)" /etc/neutron/plugins/ml2/linuxbridge_agent.ini |grep -v -B 1 "^\["
[linux_bridge]
physical_interface_mappings = linux36:br0
--
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
/etc/nova/nova.conf---配置计算服务来使用网络服务
grep -Ev "^(#|$)" /etc/nova/nova.conf |grep -v -B 1 "^\["
[neutron]
url = http://openstack-linux47-vip.taowenwu.net:9696
auth_url = http://openstack-linux47-vip.taowenwu.net:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
2.10.2.2启动
#重启计算服务
systemctl restart openstack-nova-compute.service
#启动Linuxbridge代理并配置它开机自启动
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
systemctl restart neutron-linuxbridge-agent.service openstack-nova-compute.service
2.11仪表盘安装
官方参考文档:https://docs.openstack.org/horizon/queens/install/install-rdo.html
控制节点上安装仪表盘
yum install openstack-dashboard -y配置文件修改
/etc/openstack-dashboard/local_settings
#1.在 `controller` 节点上配置仪表盘以使用 OpenStack 服务
OPENSTACK_HOST = "controller" #本机ip地址
#2.
ALLOWED_HOSTS = ['*',] #允许所有主机
#注解:
ALLOWED_HOSTS can also be ['*'] to accept all hosts. This may be useful for development
work, but is potentially insecure and should not be used in production. See
https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for further information.
#3.配置 memcached 会话存储服务:
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'openstack-linux47-vip.taowenwu.net:11211',
}
}
将其他的会话存储服务配置注释。
#4.启用第3版认证API:
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#5.启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
#6.配置API版本:
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
#7.Configure Default as the default domain for users that you create via the dashboard
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
#8.通过仪表盘创建的用户默认角色配置为 user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#9.如果您选择提供者网络,禁用支持3层网络服务:
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
#10.可以选择性地配置时区
TIME_ZONE = "Asia/Shanghai"
重启服务
#重启web服务器以及会话存储服务
[root@control1 ~]# systemctl restart httpd.service
[root@mariadb ~]# systemctl restart memcached.service
访问:http://192.168.47.23/dashboard/auth/login/?next=/dashboard/
磕磕绊绊终于看到这个界面了.......,为啥我感觉不到一丝丝的快乐呢...
登录
Domain:default 用户名:admin 密码:123456
用户名和密码是之前admin.sh中设置的
2.12重启服务及日志的查看汇总整理
#1.环境服务:
systemctl status memcached mariadb rabbitmq-server
systemctl status haproxy
systemctl restart memcached mariadb rabbitmq-server
systemctl restart haproxy
#2.镜像
systemctl status openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
#3.控制端
#nova
systemctl status openstack-nova-api.service \
openstack-nova-consoleauth.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service \
openstack-nova-consoleauth.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
#neutron
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
#4.计算节点:
#nova
systemctl status libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
systemctl restart openstack-nova-compute.service
#neutron
systemctl restart neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service
#5.httpd
systemctl restart httpd.service
#6.日志查看
tail -f /var/log/httpd/*.log
tail -f /var/log/keystone/keystone.log
tail -f /var/log/glance/*.log
tail -f /var/log/nova/*.log
tail -f /var/log/neutron/*.log
#检查openstack的各个组件是否正常工作
#查看nova组件
nova service-list
#查看neutron组件是否正常工作
neutron agent-list
