OpenStack-rocky 安装部署(one-controller + one-compute)
系统版本为Centos7.5
内存均分配:4G
存储:40G
CUP:1核(根据电脑实际情况分配)
准备两台电脑或虚拟机(配置两张网卡)
192.168.2.188
192.168.2.190
准备
###查看时区
date
###修改时区
timedatectl set-timezone Asia/Shanghai
结果是:
Mon Jul 8 17:25:28 CST 2019
###修改语言环境
查看语言
locale
查看系统拥有的语言包
locale -a
yum install kde-l10n-Chinese
vi /etc/locale.conf
##加下面内容到第一行,设置中文
LANG=zh_CN.UTF8
方法(二)(该命令会修改上面配置的值)
localectl set-locale LANG=en_US.UTF-8
###查看网卡UUID
(修改第二块网卡的配置/etc/sysconfig/network-script/ifcfg-enp0s8)
在/etc/sysconfig/network-script/目录下复制ifcfg-enp0s3为ifcfg-enp0s8,并修改相关的配置
nmcli con show
###安装文件上传工具
yum install -y lrzsz
###关闭防火墙
###我的建议是先关闭防火墙,等配置好了,再去设置防火墙。
systemctl restart network
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/=enforcing/=disabled/' /etc/selinux/config
###更新软件包
yum upgrade -y
###重启
reboot
###设置主机名
hostnamectl set-hostname controller
hostnamectl set-hostname compute
###添加主机映射
cat << EOF >> /etc/hosts 192.168.2.188 controller 192.168.2.190 compute
EOF
设置阿里云镜像源
1.备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2. 下载阿里云的CentOS-Base.repo 到/etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3. 清理缓存
sudo yum clean all
4. 生成新的缓存
sudo yum makecache
添加Openstack yum源:
cat << EOF >> /etc/yum.repos.d/openstack.repo
[openstack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
EOF
###配置时间同步
controller节点
yum install -y chrony
编辑/etc/chrony.conf文件,修改配置为如下:
server controller iburst
allow 192.168.0.0/16
启动服务
systemctl start chronyd
systemctl enable chronyd
-----------------------------------------------------------
compute节点
yum install -y chrony
###编辑/etc/chrony.conf文件,修改配置为如下:
server controller iburst
###启动服务
systemctl start chronyd
systemctl enable chronyd
###安装OpenStack客户端和selinux服务
yum install -y python-openstackclient openstack-selinux
###安装数据库服务
在controller节点安装数据库
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
修改数据库配置文件
vim /etc/my.cnf.d/openstack.cnf
新建数据库配置文件/etc/my.cnf.d/openstack.cnf,添加以下内容:
[mysqld] bind-address = 192.168.2.188 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
###启动数据库服务
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
###设置数据库密码
运行mysql_secure_installation命令,创建数据库root密码
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: ## 此处为root用户密码,这里设为123456 Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n ... skipping. By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y Dropping test database... ... Success! Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
###安装消息队列服务
在controller节点安装rabbitmq-server
[root@controller ~]# yum install -y rabbitmq-server -y
###启动消息队列服务
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
###添加openstack用户
[root@controller ~]# rabbitmqctl add_user openstack 123456
Creating user "openstack" ...
###设置openstack用户最高权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
###安装memcached 服务
在controller节点上安装memcached
[root@controller ~]# yum install -y memcached
修改memcached配置文件
编辑/etc/sysconfig/memcached,修改以下内容 修改OPTIONS="-l 127.0.0.1,::1"为 OPTIONS="-l 127.0.0.1,::1,controller"
###启动memcached服务
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# systemctl enable memcached.service
###安装etcd服务
在controller节点上安装etcd服务
[root@controller ~]# yum install etcd -y
修改etcd配置文件,使其他节点能够访问
[root@controller ~]# vim /etc/etcd/etcd.conf
编辑/etc/etcd/etcd.conf,在各自的位置修改以下内容
#[Member] ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://192.168.2.188:2380" ETCD_LISTEN_CLIENT_URLS="http://192.168.2.188:2379" ETCD_NAME="controller" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.2.188:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.2.188:2379" ETCD_INITIAL_CLUSTER="controller=http://192.168.2.188:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new"
###启动etcd服务
[root@controller ~]# systemctl start etcd [root@controller ~]# systemctl enable etcd
安装keystone服务
创建数据库
[root@controller ~]# mysql -uroot -p123456
过程如下:
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 9 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec)
###安装软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
编辑配置文件/etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
[database] connection = mysql+pymysql://keystone:123456@controller/keystone [token] provider = fernet
###同步数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
###初始化fernet key库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
###引导身份认证
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123456 \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
###编辑httpd配置文件
vim /etc/httpd/conf/httpd.conf
ServerName controller
###创建文件链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
###启动httpd服务
[root@controller ~]# systemctl start httpd [root@controller ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
编写环境变量脚本admin-openrc.sh
export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
###创建service项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 617e64ff415b45ef975b8faf3d5207dd | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+
###验证
[root@controller ~]# openstack user list
+----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 5238d646322346be9e3f9750422bcf4d | admin | +----------------------------------+-------+
###查看
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2018-09-03T14:30:02+0000 | | id | gAAAAABbjTdauHEUmA_PQ1deLrPsMXiITgOyGu325OkqBYxhwYK5pS5A217gFJcnt_T50T6vfVXDTPR1HJ-HM7_Dlmm5GbPBAe_4KuWygSebGPAU7_NQoZT5gH0gjtyW5aF0mw-dyqvVykcXQWeeZ_q15HOjUZ2ujn_O2GYfjFhUmhaagrUvYys | | project_id | 1a74d2a87e734feea8577477955e0b06 | | user_id | 5238d646322346be9e3f9750422bcf4d | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
###glance安装
创建数据库
[root@controller ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; Query OK, 0 rows affected (0.00 sec)
###创建用户、服务等
[root@controller ~]# source admin-openrc [root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:123456
Repeat User Password:123456
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 73e040b3ca46485dad6ce8c49bfbd8e2 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin [root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | e61eb0929ae842e48c2b1f029e67578b | | name | glance | | type | image | +-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ee8719ec7a5547fbaa1ca685fca1d8e0 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | e61eb0929ae842e48c2b1f029e67578b | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 27379aa551644711b2f3568a5387e003 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | e61eb0929ae842e48c2b1f029e67578b | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | b9f6c2bfee5f46bf8d654336094c4360 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | e61eb0929ae842e48c2b1f029e67578b | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+
###安装软件包
[root@controller ~]# yum install -y openstack-glance
编辑配置文件/etc/glance/glance-api.conf
vim /etc/glance/glance-api.conf
[database] connection = mysql+pymysql://glance:123456@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = 123456 [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
编辑配置文件/etc/glance/glance-registry.conf
vim /etc/glance/glance-registry.conf
[database] connection = mysql+pymysql://glance:123456@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = 123456 [paste_deploy] flavor = keystone
###同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
###启动服务
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
###验证
[root@controller ~]#. admin-openrc [root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img [root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2018-09-03T13:49:12Z | | disk_format | qcow2 | | file | /v2/images/8faa9dc9-7f29-4570-ae87-9bab0d01aa63/file | | id | 8faa9dc9-7f29-4570-ae87-9bab0d01aa63 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 1a74d2a87e734feea8577477955e0b06 | | properties | os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2018-09-03T13:49:13Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 8faa9dc9-7f29-4570-ae87-9bab0d01aa63 | cirros | active | +--------------------------------------+--------+--------+
安装nova服务
controller节点
创建数据库
[root@controller ~]# mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> CREATE DATABASE placement; Grant proper access to the databases: MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123456';
###创建相关用户、服务
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | ea181b4b1de3430e8646795f133ad8fe |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin [root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 52a1c2cd42fb45df9ab5ac0782faae4e | | name | nova | | type | compute | +-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 4f009d7ff354428ab5dafadf0ed0095d | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 52a1c2cd42fb45df9ab5ac0782faae4e | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 5191feea83ba4a17b79a4a7d83f85651 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 52a1c2cd42fb45df9ab5ac0782faae4e | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2fa5622c3f134f0ba8215baab1bad899 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 52a1c2cd42fb45df9ab5ac0782faae4e | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | ab7f16a5e08c4140b396f27f8fc75f69 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin [root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Placement API | | enabled | True | | id | be7f6d35fbd448c79b04d816df68e2d1 | | name | placement | | type | placement | +-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 443ad9ccf38c4930be407e6c755c37fd | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | be7f6d35fbd448c79b04d816df68e2d1 | | service_name | placement | | service_type | placement | | url | http://controller:8778 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8827a5950f1a49fbb77267812daae462 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | be7f6d35fbd448c79b04d816df68e2d1 | | service_name | placement | | service_type | placement | | url | http://controller:8778 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 2e5bb38b860643f1b2bf7c2cd6ff6447 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | be7f6d35fbd448c79b04d816df68e2d1 | | service_name | placement | | service_type | placement | | url | http://controller:8778 | +--------------+----------------------------------+
###安装软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler openstack-nova-placement-api -y
编辑配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT] enabled_apis = osapi_compute,metadata [api_database] connection = mysql+pymysql://nova:123456@controller/nova_api [database] connection = mysql+pymysql://nova:123456@controller/nova [placement_database] connection = mysql+pymysql://placement:123456@controller/placement [DEFAULT] transport_url = rabbit://openstack:123456@controller [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 123456 [DEFAULT] my_ip = 192.168.2.188 [DEFAULT] use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 123456
编辑/etc/httpd/conf.d/00-nova-placement-api.conf
vim /etc/httpd/conf.d/00-nova-placement-api.conf
添加以下内容
<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory>
###重启httpd服务
[root@controller ~]# systemctl restart httpd
###同步nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
###注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
###创建cell1单元
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
54e6c270-7390-4390-8702-02b72874c5a7
###同步nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.') result = self._query(query) /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.') result = self._query(query)
###验证cell0和cell1注册成功
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+ | Name | UUID | Transport URL | Database Connection | Disabled | +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+ | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False | | cell1 | 54e6c270-7390-4390-8702-02b72874c5a7 | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova | False | +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
###启动服务
[root@controller ~]# systemctl start openstack-nova-api.service \ openstack-nova-scheduler.service openstack-nova-conductor.service \ openstack-nova-novncproxy.service openstack-nova-conductor
[root@controller ~]# systemctl enable openstack-nova-api.service \ openstack-nova-scheduler.service openstack-nova-conductor.service \ openstack-nova-novncproxy.service openstack-nova-conductor Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
PS:官网没有启动nova-conductor服务,这个服务是交互数据库的,如果不启动这个服务,虚拟机创建不成功
compute节点
###安装软件包
[root@compute ~]# yum install openstack-nova-compute -y
编辑配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT] enabled_apis = osapi_compute,metadata [DEFAULT] transport_url = rabbit://openstack:123456@controller [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 123456 [DEFAULT] my_ip = 192.168.2.190 [DEFAULT] use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http:// 192.168.2.188:6080/vnc_auto.html [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 123456
###检查是否支持虚拟化
# egrep -c '(vmx|svm)' /proc/cpuinfo
如果等于0,则要在/etc/nova/nova.conf的[libvirt]下添加以下参数
[libvirt] virt_type = qemu
###启动服务
[root@compute ~] # systemctl start libvirtd.service openstack-nova-compute.service
[root@compute ~] # systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
controller节点
确认数据库中有计算节点
# . admin-openrc
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+--------------+---------+------+---------+-------+----------------------------+ | 6 | nova-compute | compute | nova | enabled | up | 2018-09-03T14:16:10.000000 | +----+--------------+---------+------+---------+-------+----------------------------+
###发现计算节点
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 54e6c270-7390-4390-8702-02b72874c5a7
Checking host mapping for compute host 'compute': 39d80423-6001-4036-a546-5287c1e93ec5
Creating host mapping for compute host 'compute': 39d80423-6001-4036-a546-5287c1e93ec5
Found 1 unmapped computes in cell: 54e6c270-7390-4390-8702-02b72874c5a7
如果想要自动发现新compute节点,可以在/etc/nova/nova.conf的[scheduler]下添加以下参数
[scheduler] discover_hosts_in_cells_interval = 300
安装neutron服务
controller节点
创建数据库
[root@controller ~]# mysql -uroot -p123456
MariaDB [(none)] CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
###创建用户、服务
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d5b2036ead024ac0b09d3cf4c1b00e7c |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin [root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | bfad907188c74a6f99120124b36b5113 | | name | neutron | | type | network | +-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | bcd2134aab2d4202aa8ca0ca0de32d5a | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | bfad907188c74a6f99120124b36b5113 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 3ca0c46da89749cfba9b0f117e3ac201 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | bfad907188c74a6f99120124b36b5113 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | cf69a76a963b41e0a0dd327072c3b5e4 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | bfad907188c74a6f99120124b36b5113 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
配置provider network网络
安装软件包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
编辑/etc/neutron/neutron.conf配置文件
[database] connection = mysql+pymysql://neutron:123456@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = [DEFAULT] transport_url = rabbit://openstack:123456@controller [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 [DEFAULT] notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2] type_drivers = flat,vlan [ml2] tenant_network_types = [ml2] mechanism_drivers = linuxbridge [ml2] extension_drivers = port_security [ml2_type_flat] flat_networks = provider [securitygroup] enable_ipset = true
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
[linux_bridge] physical_interface_mappings = provider:eth1
[vxlan] enable_vxlan = false
[securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑配置文件/etc/neutron/dhcp_agent.ini
[DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
配置Self-service网络
安装软件包
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
配置/etc/neutron/neutron.conf文件
[database] connection = mysql+pymysql://neutron:123456@controller/neutron [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true [DEFAULT] transport_url = rabbit://openstack:123456@controller [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 [DEFAULT] notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
[ml2] type_drivers = flat,vlan,vxlan [ml2] tenant_network_types = vxlan [ml2] mechanism_drivers = linuxbridge,l2population [ml2] extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge] physical_interface_mappings = provider:eth1 [vxlan] enable_vxlan = true local_ip = 192.168.200.10 l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑/etc/neutron/l3_agent.ini文件
[DEFAULT] interface_driver = linuxbridge
编辑/etc/neutron/dhcp_agent.ini文件
[DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
编辑/etc/neutron/metadata_agent.ini文件
[DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
编辑/etc/nova/nova.conf文件
[neutron] url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123456 service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
###创建链接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
###同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file
###启动服务
[root@controller ~]# systemctl restart openstack-nova-api
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
如果选择了Self-service网络,还需要启动这个服务
[root@controller ~]# systemctl start neutron-l3-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
compute节点
安装软件包
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
编辑配置/etc/neutron/neutron.conf文件
[DEFAULT] transport_url = rabbit://openstack:123456@controller [DEFAULT] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
配置provider网络
编辑配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge] physical_interface_mappings = provider:eth1
[vxlan] enable_vxlan = false
[securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置Self-service网络
编辑配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge] physical_interface_mappings = provider:eth1
[vxlan] enable_vxlan = true local_ip = 192.168.2.190 l2_population = true
[securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置nova配置/etc/nova/nova.conf文件
[neutron] url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123456
启动服务
[root@compute ~]# systemctl restart openstack-nova-compute
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
验证
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | 06323fbc-0b13-4c14-a05d-d414678177bf | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent | | 4bd1d3eb-d178-4ff5-8d3f-7307a4415209 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent | | 74ba6229-1449-40c7-a0de-53688fbb560a | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent | | d43e223f-c23d-4e60-88b6-ffe12243853f | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent | | da0e8763-8082-4a5e-8188-7161d7ad8a05 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
安装dashboard
controller节点
安装软件包
[root@controller ~]# yum install -y openstack-dashboard
编辑配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', 'localhost']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
编辑/etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
启动服务
[root@controller ~]# systemctl restart httpd.service memcached.service
验证
浏览器打开192.168.2.188/dashboard
到这里就可以进行界面化的操作,配置资源,创建网络,创建镜像,创建实例等。
