openstack
- 1.openstack简介
- 2. 环境
- 2.1 安全
- 2.2 主机网络
- 2.2.1 配置网络接口
- 2.2.2 配置域名解析
- 2.3 网络时间协议(NTP)
- 2.4 OpenStack包
- 2.5 SQL数据库
- 2.6 消息队列
- 2.7 Memcached
- 3. 认证服务
- 3.1 先决条件
- 3.2 安全并配置组件
- 3.3 配置 Apache HTTP 服务器
- 3.4 创建服务实体和API端点
- 3.5 创建域、项目、用户和角色
- 3.6 验证操作
- 4. 创建 OpenStack 客户端环境脚本
- 4.1 创建脚本
- 4.2 使用脚本
- 5. 镜像服务
- 5.1 先决条件
- 5.2 安全并配置组件
- 5.3 验证操作
- 6. 计算服务
- 6.1 安装并配置控制节点
- 6.2 创建服务证书
- 6.3 创建 Compute 服务 API 端点
- 6.4 安全并配置组件
- 6.5 在启动一台作为计算节点
- 6.6 host-passthrough的问题(嵌套)
- 7. 网络服务
- 8. 配置一个实例,拉起来云主机
- 9. dashboard
- 10. 配置私有网络
- 11. 自己创建镜像+云主机
- 11.1 封装主机
- 11.2 配置grub文件
- 11.3 配置网卡信息
- 11.4 关机进行封装
- 11.5 创建镜像
- 11.6 创建云主机
- 11.7 添加浮动ip
- 12. 快设备
1.openstack简介
- OpenStack是一个云操作系统,它控制整个数据中心的计算、存储和网络资源的大型池,所有这些都通过具有通用身份验证机制的api进行管理和配置。还提供了一个仪表板,允许管理员控制,同时允许用户通过web界面提供资源。
- 除了标准的基础设施即服务功能外,其他组件还提供编排、故障管理和服务管理等服务,以确保用户应用程序的高可用性。
- 整个OpenStack是由控制节点,计算节点,网络节点,存储节点四大部分组成。
openstack重要集成组件:
Nova - 计算服务
Neutron-网络服务
Swift - 对象存储服务
Cinder-块存储服务
Glance - 镜像服务
Keystone - 认证服务
Horizon - UI服务
Ceilometer-监控服务
Heat-集群服务
2. 环境
2.1 安全
2.2 主机网络
2.2.1 配置网络接口
[root@westos Desktop]# cd /boot/
[root@westos boot]# ls
config-4.18.0-193.el8.x86_64
efi
extlinux
grub2
initramfs-0-rescue-fdab85af04c04962873b8d34852a2152.img
initramfs-4.18.0-193.el8.x86_64.img
initramfs-4.18.0-193.el8.x86_64kdump.img
loader
System.map-4.18.0-193.el8.x86_64
vmlinuz-0-rescue-fdab85af04c04962873b8d34852a2152
vmlinuz-4.18.0-193.el8.x86_64
[root@westos boot]# cd grub2/
[root@westos grub2]# vim grubenv
#nouveau.modeset=0 net.ifnames=0 ##如果主机名不一致可以修改一下。比如网卡是eth0,另一个是eth1就是正确的,是ens这种别的就需要添加下面的参数。
[root@westos grub2]# cat grubenv
# GRUB Environment Block
saved_entry=fdab85af04c04962873b8d34852a2152-4.18.0-193.el8.x86_64
kernelopts=root=/dev/mapper/rhel-root ro crashkernel=auto resume=/dev/mapper/rhel-swap rd.lvm.lv=rhel/root rd.lvm.lv=rhel/swap rhgb quiet
boot_success=0
boot_indeterminate=0
#nouveau.modeset=0 net.ifnames=0 ##需要加到kernelopts这一行
[root@server1 ~]# cd /etc/sysconfig/network-scripts/
[root@server1 network-scripts]# cp ifcfg-eth0 ifcfg-eth1
[root@server1 network-scripts]# vim ifcfg-eth1
[root@server1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@server1 network-scripts]# ifup eth1
[root@server1 network-scripts]# ip addr
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:a3:b3:d3 brd ff:ff:ff:ff:ff:ff
inet 172.25.13.1/24 brd 172.25.13.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fea3:b3d3/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:43:33:f3 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fe43:33f3/64 scope link
valid_lft forever preferred_lft forever
2.2.2 配置域名解析
[root@server1 network-scripts]# hostnamectl set-hostname controller
[root@server1 network-scripts]# vim /etc/hosts
[root@server1 network-scripts]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.13.1 controller
172.25.13.2 compute1
172.25.13.3 block1
172.25.13.4 server4
172.25.13.5 server5
172.25.13.6 server6
172.25.13.7 server7
172.25.13.250 westos.westos.org
2.3 网络时间协议(NTP)
##真机配置chronyd(真机开了防火墙一定要添加ntp服务)
[root@westos ~]# vim /etc/chrony.conf ##真机
pool ntp1.aliyun.com iburst
# Allow NTP client access from local network.
allow 172.25/24
[root@westos ~]# systemctl restart chronyd.service
##虚拟机必须同步时间,不然会出错
[root@controller ~]# yum install chrony
[root@controller ~]# vim /etc/chrony.conf
server 172.25.13.250 iburst
[root@controller ~]# timedatectl set-timezone Asia/Shanghai
[root@controller ~]# systemctl restart chronyd.service ##重启服务
[root@controller ~]# chronyc sources -v ##查看是否连接成功
2.4 OpenStack包
##1. 配置真机文件
[root@westos ~]# cd /var/www/html/
[root@westos html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/openstack/
lftp 172.25.254.250:/pub/openstack> mirror mitaka/
Total: 1 directory, 286 files, 0 symlinks
New: 286 files, 0 symlinks
144203995 bytes transferred in 2 seconds (55.85 MiB/s)
lftp 172.25.254.250:/pub/openstack>
lftp 172.25.254.250:/pub/openstack> exit
[root@westos html]# ls
ansible docker-ce index.html mitaka rhel7.6 rhel8.2 software
##2. controller主机仓库
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# vim openstack.repo
[root@controller yum.repos.d]# cat openstack.repo
[openstack]
name=openstack
baseurl=http://172.25.13.250/mitaka
gpgcheck=0
[root@controller yum.repos.d]# yum repolist list
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
openstack | 2.9 kB 00:00
openstack/primary_db | 141 kB 00:00
repolist: 0
[root@controller yum.repos.d]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
repo id repo name status
openstack openstack 279
rhel7.6 rhel7.6 5,152
repolist: 5,431
[root@controller ~]# yum upgrade ##在主机上升级包
[root@controller ~]# yum install python-openstackclient -y ##安装 OpenStack 客户端
2.5 SQL数据库
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL ##安装软件包
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.25.13.1
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb.service
[root@controller ~]# mysql_secure_installation ##安全初始化,设个root密码,其他全是Y
2.6 消息队列
[root@controller ~]# yum install rabbitmq-server -y ##
[root@controller ~]# systemctl enable --now rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack openstack ##添加 openstack 用户
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" ##给``openstack``用户配置写和读权限
[root@controller ~]# rabbitmq-plugins list
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management ##启动
2.7 Memcached
[root@controller ~]# yum install memcached python-memcached -y #安装软件包
[root@controller ~]# systemctl enable --now memcached.service ##启动
[root@controller ~]# netstat -antlp | grep :11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 16081/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 16081/memcached
[root@controller ~]# vim /etc/sysconfig/memcached
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
#OPTIONS="-l 127.0.0.1,::1" ##注释之后默认访问所有网段
[root@controller ~]# systemctl restart memcached.service
3. 认证服务
3.1 先决条件
#完成下面的步骤以创建数据库
[root@controller ~]# mysql -p #用数据库连接客户端以 root 用户连接到数据库服务器
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 12
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone; #创建 keystone 数据库
Query OK, 1 row affected (0.00 sec)
##对``keystone``数据库授予恰当的权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ -> IDENTIFIED BY 'keystone';
[root@controller ~]# mysql -u keystone -p ##登陆测试
MariaDB [(none)]>
3.2 安全并配置组件
[root@controller ~]# openssl rand -hex 10 #生成一个随机值在初始的配置中作为管理员的令牌。
2c824d60aa530b959bdc
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# vim /etc/keystone/keystone.conf ##
[DEFAULT] ##在``[DEFAULT]``部分,定义初始管理令牌的值
admin_token =2c824d60aa530b959bdc
[database] ##在 [database] 部分,配置数据库访问
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token] ###在``[token]``部分,配置Fernet UUID令牌的提供者。
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone ##初始化身份认证服务的数据库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone ##初始化Fernet keys
[root@controller ~]# cd /etc/keystone/
[root@controller keystone]# ls
default_catalog.templates keystone-paste.ini sso_callback_template.html
fernet-keys logging.conf
keystone.conf policy.json
3.3 配置 Apache HTTP 服务器
[root@controller ~]# vim /etc/httpd/conf/httpd.conf ##编辑``/etc/httpd/conf/httpd.conf`` 文件,配置``ServerName`` 选项为控制节点
ServerName controller
[root@controller conf.d]# vim /etc/httpd/conf.d/wsgi-keystone.conf
[root@controller conf.d]# cat /etc/httpd/conf.d/wsgi-keystone.conf ##用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf。
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[root@controller conf.d]# systemctl enable --now httpd.service ##一定要自启动,不然整个服务是起不来的
3.4 创建服务实体和API端点
[root@controller ~]# export OS_TOKEN=2c824d60aa530b959bdc ##配置认证令牌
[root@controller ~]# export OS_URL=http://controller:35357/v3 ##配置端点URL
[root@controller ~]# export OS_IDENTITY_API_VERSION=3 ##配置认证 API 版本
##1. 在你的Openstack环境中,认证服务管理服务目录。服务使用这个目录来决定您的环境中可用的服务。
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity ##创建服务实体和身份认证服务
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
##2.身份认证服务管理了一个与您环境相关的 API 端点的目录。服务使用这个目录来决定如何与您环境中的其他服务进行通信
##创建认证服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1f6d00909eef4078a8fa5691c185a896 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d5702854772b4774a37c0bf839187eb0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b960b6acb0f34a55a85fcd251b5201c7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8fca5715645f43b5bd5d84d1a1eb4ec5 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
3.5 创建域、项目、用户和角色
##1.身份认证服务为每个OpenStack服务提供认证服务。认证服务使用 T domains, projects (tenants), :term:`users<user>`和 :term:`roles<role>`的组合。
##1.创建域``default``:
[root@controller ~]# openstack domain create --description "Default Domain" default
##2.在你的环境中,为进行管理操作,创建管理的项目、用户和角色:
##2.1创建 admin 项目:
[root@controller ~]# openstack project create --domain default \
> --description "Admin Project" admin
##2.2 创建 admin 用户
[root@controller ~]# openstack user create --domain default --password admin admin
##2.2创建 admin 角色
[root@controller ~]# openstack role create admin
##2.3 添加``admin`` 角色到 admin 项目和用户上
[root@controller ~]# openstack role add --project admin --user admin admin
##3. 本指南使用一个你添加到你的环境中每个服务包含独有用户的service 项目。创建``service``项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
##4.常规(非管理)任务应该使用无特权的项目和用户。作为例子,本指南创建 demo 项目和用户
##4.1创建``demo`` 项目
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
##4.2 创建demo用户
[root@controller ~]# openstack user create --domain default --password demo demo
##4.3 创建 user 角色
[root@controller ~]# openstack role create user
## 4.4 添加 user``角色到 ``demo 项目和用户
[root@controller ~]# openstack role add --project demo --user demo user
3.6 验证操作
##1。重置``OS_TOKEN``和``OS_URL`` 环境变量
[root@controller ~]# unset OS_TOKEN OS_URL
##2。作为 admin 用户,请求认证令牌
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue ##密码是admin
##3. 作为``demo`` 用户,请求认证令牌
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
4. 创建 OpenStack 客户端环境脚本
4.1 创建脚本
#1.创建脚本,创建 admin 和 ``demo``项目和用户创建客户端环境变量脚本。本指南的接下来的部分会引用这些脚本,为客户端操作加载合适的的凭证。
##1.1 编辑文件 admin-openrc 并添加如下内容:
[root@controller ~]# vim admin-openrc
[root@controller ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
##1.2 编辑文件 demo -openrc 并添加如下内容:
[root@controller ~]# vim demo-openrc
[root@controller ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
4.2 使用脚本
[root@controller ~]# source admin-openrc ##每次使用都需要source,后面的文件会指定用户。admin是系统用户,其他用户权限不够
[root@controller ~]# openstack token issue ##请求认证令牌
[root@controller ~]# openstack user list ##查看用户信息
[root@controller ~]# openstack project list ##查看项目信息
[root@controller ~]# openstack endpoint list ##查看api接口
5. 镜像服务
5.1 先决条件
#1.
##1.1用数据库连接客户端以 root 用户连接到数据库服务器:
[root@controller ~]# mysql -p
Enter password: ##westos密码
Query OK, 0 rows affected (0.00 sec)
##1.2.创建 glance 数据库:
MariaDB [(none)]> CREATE DATABASE glance;
##1.3.对``glance``数据库授予恰当的权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
##1.4.退出数据库客户端。
#2.获得 admin 凭证来获取只有管理员能执行的命令的访问权限:
[root@controller ~]# source admin-openrc
#3. 创建服务证书
##3.1 创建 glance 用户:
[root@controller ~]# openstack user create --domain default --password glance glance
## 3.2 添加 admin 角色到 glance 用户和 service 项目上。
[root@controller ~]# openstack role add --project service --user glance admin
## 3.3 创建``glance``服务实体:
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
#4. 创建镜像服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
5.2 安全并配置组件
##1. 安装软件包
[root@controller ~]# yum install openstack-glance
##2. 编辑文件 /etc/glance/glance-api.conf 并完成如下动作
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]# vim /etc/glance/glance-api.conf
##3.编辑文件 ``/etc/glance/glance-registry.conf``并完成如下动作
[root@controller ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
## 4.写入镜像服务数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
##忽略输出中任何不推荐使用的信息。
## 5. 完成并启动
[root@controller ~]# systemctl enable --now openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# netstat -antlp | grep :9292
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 18223/python2
## 6。查看日志部分
[root@controller ~]# cd /var/log/
[root@controller log]# ls
anaconda btmp dmesg.old lastlog qemu-ga tuned
audit chrony glance maillog rabbitmq wtmp
boot.log cron httpd mariadb rhsm yum.log
boot.log-20210324 dmesg keystone messages secure
[root@controller log]# cd glance/
[root@controller glance]# ls
api.log registry.log
5.3 验证操作
#2. 下载镜像源
#wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img 测试镜像
[root@controller ~]# ls
admin-openrc cirros-0.4.0-x86_64-disk.img demo-openrc
#3。使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@controller ~]# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
#4。确认镜像的上传并验证属性
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 2785a258-64e0-442a-b691-e7a54823d9d8 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller ~]# ll /var/lib/glance/images/
total 12420
-rw-r----- 1 glance glance 12716032 Mar 24 14:40 2785a258-64e0-442a-b691-e7a54823d9d8
[root@controller images]# du -h 2785a258-64e0-442a-b691-e7a54823d9d8
13M 2785a258-64e0-442a-b691-e7a54823d9d8
6. 计算服务
6.1 安装并配置控制节点
#创建数据库
[root@controller ~]# mysql -p
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
Query OK, 0 rows affected (0.00 sec)
6.2 创建服务证书
##1.创建 nova 用户
[root@controller ~]# openstack user create --domain default \
> --password nova nova
#2.给 nova 用户添加 admin 角色:
[root@controller ~]# openstack role add --project service --user nova admin
## 3. 创建 nova 服务实体
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
6.3 创建 Compute 服务 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1/%\(tenant_id\)s
6.4 安全并配置组件
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler
##2.配置
参考https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/nova-controller-install.html
##3.同步Compute 数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
##启动compute
[root@controller ~]# systemctl enable --now openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# netstat -antlp | grep :8774
tcp 0 0 0.0.0.0:8774 0.0.0.0:* LISTEN 19227/python2
[root@controller ~]# openstack compute service list
+----+-------------+------------+----------+---------+-------+--------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+-------------+------------+----------+---------+-------+--------------+
| 1 | nova- | controller | internal | enabled | up | 2021-03-24T0 |
| | scheduler | | | | | 7:30:38.0000 |
| | | | | | | 00 |
| 2 | nova- | controller | internal | enabled | up | 2021-03-24T0 |
| | conductor | | | | | 7:30:38.0000 |
| | | | | | | 00 |
| 3 | nova- | controller | internal | enabled | up | 2021-03-24T0 |
| | consoleauth | | | | | 7:30:38.0000 |
| | | | | | | 00 |
+----+-------------+------------+----------+---------+-------+--------------+
6.5 在启动一台作为计算节点
[root@compute1 ~]# hostname
compute1
[root@compute1 network-scripts]# cat ifcfg-eth1
BOOTPROTO=none
DEVICE=eth1
ONBOOT=yes
[root@compute1 ~]# vim /etc/hosts ##解析
[root@compute1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.25.13.1 controller
172.25.13.2 compute1
172.25.13.3 block1
[root@compute1 ~]# yum install chrony -y
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
Package chrony-3.2-2.el7.x86_64 already installed and latest version
Nothing to do
[root@compute1 ~]# vim /etc/chrony.conf
[root@compute1 ~]# systemctl start chronyd
[root@compute1 ~]# systemctl enable --now chronyd
[root@compute1 ~]#
##1。安装软件
[root@compute1 ~]# ll /etc/yum.repos.d/openstack.repo
-rw-r--r-- 1 root root 74 Mar 24 03:42 /etc/yum.repos.d/openstack.repo
[root@compute1 ~]# yum install openstack-nova-compute
##2。 配置文件/etc/nova/nova.conf。参考https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/nova-compute-install.html
##3。完成安装
[root@compute1 ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
2
[root@compute1 ~]# systemctl enable --now libvirtd.service openstack-nova-compute.service
6.6 host-passthrough的问题(嵌套)
[root@westos Desktop]# cd /sys/module/
[root@westos module]# cd kvm_amd/
[root@westos kvm_amd]# ls
coresize initsize notes refcnt sections taint
holders initstate parameters rhelversion srcversion uevent
[root@westos kvm_amd]# cd parameters/
[root@westos parameters]# cat nested
0
[root@westos parameters]# cd /etc/modprobe.d/
[root@westos modprobe.d]# vim kvm.conf
[root@westos modprobe.d]# pwd
/etc/modprobe.d
7. 网络服务
- 配置先决条件,在配置公有网络,在配置之后的
8. 配置一个实例,拉起来云主机
9. dashboard
10. 配置私有网络
配置完成主机后,需要给一个浮动ip,使得可以访问内网的192.168网段主机。
11. 自己创建镜像+云主机
11.1 封装主机
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# ls
rhel7.6.repo
[root@localhost yum.repos.d]# cat rhel7.6.repo
[rhel7.6]
name=rhel7.6
baseurl=http://172.25.13.250/rhel7.6
gpgcheck=0
[root@localhost yum.repos.d]# yum install acpid
[root@localhost yum.repos.d]# systemctl enable acpid
[root@westos ~]# cd /var/www/html/
[root@westos html]# lftp 172.25.254.250
lftp 172.25.254.250:~> cd pub/cloud-init/
lftp 172.25.254.250:/pub/cloud-init> ls
drwxr-xr-x 3 0 0 4096 Mar 16 2018 rhel6
drwxr-xr-x 3 0 0 4096 Mar 16 2018 rhel7
lftp 172.25.254.250:/pub/cloud-init> mirror rhel7/
Total: 1 directory, 34 files, 0 symlinks
New: 34 files, 0 symlinks
7975152 bytes transferred
lftp 172.25.254.250:/pub/cloud-init> exit
[root@westos html]# ll rhel7
total 7732
-rw-r--r--. 1 root root 247892 Mar 17 2018 audit-2.7.6-3.el7.x86_64.rpm
-rw-r--r--. 1 root root 97960 Mar 17 2018 audit-libs-2.7.6-3.el7.x86_64.rpm
-rw-r--r--. 1 root root 75032 Mar 17 2018 audit-libs-python-2.7.6-3.el7.x86_64.rpm
-rw-r--r--. 1 root root 296980 Mar 17 2018 checkpolicy-2.5-4.el7.x86_64.rpm
-rw-r--r--. 1 root root 636684 Mar 17 2018 cloud-init-0.7.9-9.el7.centos.2.x86_64.rpm
-rw-r--r--. 1 root root 43960 Mar 17 2018 cloud-utils-0.27-10.el7.x86_64.rpm
-rw-r--r--. 1 root root 25280 Mar 17 2018 cloud-utils-growpart-0.27-10.el7.x86_64.rpm
-rw-r--r--. 1 root root 842584 Mar 17 2018 euca2ools-3.4.1-1.el7.noarch.rpm
-rw-r--r--. 1 root root 66536 Mar 17 2018 libcgroup-0.41-13.el7.x86_64.rpm
-rw-r--r--. 1 root root 148492 Mar 17 2018 libsemanage-2.5-8.el7.x86_64.rpm
-rw-r--r--. 1 root root 106604 Mar 17 2018 libsemanage-python-2.5-8.el7.x86_64.rpm
-rw-r--r--. 1 root root 312764 Mar 17 2018 net-tools-2.0-0.22.20131004git.el7.x86_64.rpm
-rw-r--r--. 1 root root 878956 Mar 17 2018 policycoreutils-2.5-17.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 456316 Mar 17 2018 policycoreutils-python-2.5-17.1.el7.x86_64.rpm
-rw-r--r--. 1 root root 127092 Mar 17 2018 pyserial-2.6-6.el7.noarch.rpm
-rw-r--r--. 1 root root 1426348 Mar 17 2018 python-babel-0.9.6-8.el7.noarch.rpm
-rw-r--r--. 1 root root 32880 Mar 17 2018 python-IPy-0.75-6.el7.noarch.rpm
-rw-r--r--. 1 root root 527832 Mar 17 2018 python-jinja2-2.7.2-2.el7.noarch.rpm
-rw-r--r--. 1 root root 14968 Mar 17 2018 python-jsonpatch-1.2-4.el7.noarch.rpm
-rw-r--r--. 1 root root 13164 Mar 17 2018 python-jsonpointer-1.9-2.el7.noarch.rpm
-rw-r--r--. 1 root root 25792 Mar 17 2018 python-markupsafe-0.11-10.el7.x86_64.rpm
-rw-r--r--. 1 root root 273488 Mar 17 2018 python-paramiko-2.1.1-0.2.el7.noarch.rpm
-rw-r--r--. 1 root root 38000 Mar 17 2018 python-prettytable-0.7.2-3.el7.noarch.rpm
-rw-r--r--. 1 root root 20868 Mar 17 2018 python-progressbar-2.3-4.el7.noarch.rpm
-rw-r--r--. 1 root root 81016 Mar 17 2018 python-requestbuilder-0.7.1-1.el7.noarch.rpm
-rw-r--r--. 1 root root 406404 Mar 17 2018 python-setuptools-0.9.8-7.el7.noarch.rpm
drwxr-xr-x. 2 root root 4096 Mar 16 2018 repodata
-rw-r--r--. 1 root root 626528 Mar 17 2018 setools-libs-3.3.8-1.1.el7.x86_64.rpm
[root@localhost yum.repos.d]# vi rhel7.6.repo
[root@localhost yum.repos.d]# cat rhel7.6.repo
[rhel7.6]
name=rhel7.6
baseurl=http://172.25.13.250/rhel7.6
gpgcheck=0
[cloud]
name=cloud
baseurl=http://172.25.13.250/rhel7
gpgcheck=0
[root@localhost yum.repos.d]# yum repolist
Loaded plugins: product-id, search-disabled-repos, subscription-manager
This system is not registered with an entitlement server. You can use subscription-manager to register.
cloud | 2.9 kB 00:00
rhel7.6 | 4.3 kB 00:00
cloud/primary_db | 27 kB 00:00
repo id repo name status
cloud cloud 27
rhel7.6 rhel7.6 5,152
repolist: 5,179
[root@localhost yum.repos.d]# yum install cloud-init -y cloud-utils-growpart ##安装云相关的软件
[root@localhost ~]# echo "NOZEROCONF=yes" >> /etc/sysconfig/network ##设置路由
11.2 配置grub文件
[root@localhost ~]# cd /boot/
[root@localhost boot]# cd grub2/
[root@localhost grub2]# ls
device.map fonts grub.cfg grubenv i386-pc locale
[root@localhost grub2]# vi grub.cfg
11.3 配置网卡信息
[root@localhost ~]# cd /etc/sysconfig/net
netconsole network network-scripts/
[root@localhost ~]# cd /etc/sysconfig/network-scripts/
[root@localhost network-scripts]# vim ifcfg-eth0
-bash: vim: command not found
[root@localhost network-scripts]# vi ifcfg-eth0
[root@localhost network-scripts]# cat ifcfg-eth0
BOOTPROTO=dhcp
DEVICE=eth0
ONBOOT=yes
11.4 关机进行封装
[root@localhost network-scripts]# poweroff ##关机
[root@westos ~]# cd /var/lib/libvirt/images/ ##真机
[root@westos images]# ll base.qcow2
-rw-------. 1 root root 10739318784 Mar 26 13:17 base.qcow2
[root@westos images]# du -h base.qcow2
11G base.qcow2
[root@westos images]# virt-sysprep -d base ##清理
[root@westos images]# virt-sparsify --compress base.qcow2 small.qcow2 #压缩
[root@westos images]# du -h small.qcow2
513M small.qcow2
[root@westos images]# mv small.qcow2 /var/www/html/ ##移动到apache默认发布目录
11.5 创建镜像
[root@westos html]# setenforce 0 ##真机一定要关掉selinux
11.6 创建云主机
11.7 添加浮动ip
12. 快设备
##必须有解析
##存储节点新加一个磁盘
## [root@block1 ~]# vim /etc/lvm/lvm.conf ##添加内容如下
filter = [ "a/vda/", "a/vdb/", "r/.*/"]
## yum install openstack-cinder targetcli python-keystone ##需要openstack的yum源
##结果如下