OpenStack-stein版安装
官方文档:https://docs.openstack.org/install-guide/environment-packages-rdo.html\
列出OpenStack版本并安装s版本
# yum list centos-release-openstack*
# yum install centos-release-openstack-stein.noarch -y
安装组件
# yum install python-openstackclient
# yum install openstack-selinux
设置Identity service
mysql端:
安装mysql
# yum install mariadb mariadb-server python2-PyMySQL
添加OpenStack配置文件
#vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl start mariadb
# systemctl enable mariadb
安全初始化并登录测试
# mysql_secure_installation
设置消息队列
官方文档:https://docs.openstack.org/install-guide/environment-messaging-rdo.html
安装软件并设置开机启动
# yum install rabbitmq-server
# rabbitmqctl start_app #启动模块
# rabbitmq-plugins enable rabbitmq_management
# rabbitmqctl stop
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
创建用户和权限
# rabbitmqctl add_user openstack openstack123
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装memcached
# yum install memcached python-memcached
配置
# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE=1024"
OPTIONS="-l 0.0.0.0,::1"
启动服务
# systemctl enable memcached.service
# systemctl start memcached.service
登录数据库并创建数据库并创建授权用户
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
Query OK, 0 rows affected (0.002 sec)
客户端测试
101端:
# yum install openstack-keystone httpd mod_wsgi
配置keystone
# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone123@openstack-vip.magedu.net/keystone
[token]
provider = fernet
使用hosts文件解析域名
初始化Fernet密钥存储库
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置httpd
# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.7.101:80
配置软链接,为了启动wsgi
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动服务
systemctl start httpd
systemctl enable httpd
初始数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone
验证:到mysql数据库端查看keystone库是否生成默认表
配置token口令
生成口令复制到token中
# openssl rand -hex 10
# vim /etc/keystone/keystone.conf
admin_token = 270a1dc2bf80499abc90
# su -s /bin/sh -c "keystone-manage db_sync" keystone #从新初始化数据库
创建域、用户、项目和角色
声明环境变量(新建一个选项窗口进行,所有命令需在声明变量下进行)
export OS_TOKEN=270a1dc2bf80499abc90 #koten口令
export OS_URL=http://192.168.7.101:5000/v3
export OS_IDENTITY_API_VERSION=3
创建域
[root@controller1 ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 90940c9d92d3491baab937c57e2d437b |
| name | default |
| tags | [] |
+-------------+----------------------------------+
创建admin项目
[root@controller1 ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | df9d5122c2ea48a98a24e07c5580cd56 |
| is_domain | False |
| name | admin |
| parent_id | 90940c9d92d3491baab937c57e2d437b |
| tags | [] |
+-------------+----------------------------------+
创建admin项目密码
[root@controller1 ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | 5f87e3432cfa4ac19458072421176272 |
| name | admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建admin角色并查看角色
[root@controller1 ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | a7aa14e542a54fa59ea26d21b0380590 |
| name | admin |
+-----------+----------------------------------+
[root@controller1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| a7aa14e542a54fa59ea26d21b0380590 | admin |
+----------------------------------+-------+
授权admin
# openstack role add --project admin --user admin admin
创建demo项目并设置密码
[root@controller1 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | f07be594e62b411ba6847fe45111f371 |
| is_domain | False |
| name | demo |
| parent_id | 90940c9d92d3491baab937c57e2d437b |
| tags | [] |
+-------------+----------------------------------+
[root@controller1 ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | 686251271a91415d896d1fd835e16972 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
创建角色user
[root@controller1 ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 4e7a2691e97d4dc4a582d7b4bbbc21f9 |
| name | user |
+-----------+----------------------------------+
将demo用户加入到demo项目中
赋予user权限
# openstack role add --project demo --user demo user
创建用于测试service项目
[root@controller1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | f441060f5280442784a6bbfdc9cc0ea6 |
| is_domain | False |
| name | service |
| parent_id | 90940c9d92d3491baab937c57e2d437b |
| tags | [] |
+-------------+----------------------------------+
服务注册
将keystone注册到OpenStack
创建用于访问OpenStack
[root@controller1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | b2b8bf611df743c0b40dea4714ab3871 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
You have new mail in /var/spool/mail/root
[root@controller1 ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| b2b8bf611df743c0b40dea4714ab3871 | keystone | identity |
+----------------------------------+----------+----------+
注册公共端、私人端、
# openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3
# openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3
# openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3
# openstack endpoint list
具体如下:
[root@controller1 ~]# openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 136eea1f0023475ebf4d5aa1e909dc95 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b2b8bf611df743c0b40dea4714ab3871 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-vip.magedu.net:5000/v3 |
+--------------+-----------------------------------------+
You have new mail in /var/spool/mail/root
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 9f72039555c74f7190350f7773f0f4af |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b2b8bf611df743c0b40dea4714ab3871 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-vip.magedu.net:35357/v3 |
+--------------+------------------------------------------+
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | a1be963cf0a74c5ebaac092b0587e6ca |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b2b8bf611df743c0b40dea4714ab3871 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-vip.magedu.net:5000/v3 |
+--------------+-----------------------------------------+
[root@controller1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| 136eea1f0023475ebf4d5aa1e909dc95 | RegionOne | keystone | identity | True | public | http://openstack-vip.magedu.net:5000/v3 |
| 9f72039555c74f7190350f7773f0f4af | RegionOne | keystone | identity | True | admin | http://openstack-vip.magedu.net:35357/v3 |
| a1be963cf0a74c5ebaac092b0587e6ca | RegionOne | keystone | identity | True | internal | http://openstack-vip.magedu.net:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
删除认证
# openstack endpoiont delete 136eea1f0023475ebf4d5aa1e909dc95
# openstack endpoiont delete 9f72039555c74f7190350f7773f0f4af
# openstack endpoiont delete a1be963cf0a74c5ebaac092b0587e6ca
新开窗口测试用户认证
# export OS_IDENTITY_API_VERSION=3
第一种方法测试:
# openstack --os-auth-url http://openstack-vip.magedu.net:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
第二种方式测试:
# admin脚本
# vim admin-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#demo脚本
# vim demo-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
新开窗口测试验证用户
[root@controller1 ~]# source scripts/admin-stein.sh
[root@controller1 ~]# echo $OS_AUTH_URL
http://openstack-vip.magedu.net:5000/v3
[root@controller1 ~]# openstack token issue
出结果即为keystone完成
设置Image service
官方文档:https://docs.openstack.org/glance/stein/install/
105端:
创建数据库和创建授权用户
MariaDB [keystone]> create database glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
Query OK, 0 rows affected (0.000 sec)
101端
安装软件
# yum install openstack-glance
创建glance角色并设置密码
[root@controller1 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | fd996aaccc8941d39e3febe5fcfe9725 |
| enabled | True |
| id | ad62639928ac420c8ee4acf4262e3ea3 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
授权admin角色权限给glance
# openstack role add --project service --user glance admin
创建glance服务实体并查询
[root@controller1 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 4f4d877fa9e14e12b5423279ffbf267f |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller1 ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 4f4d877fa9e14e12b5423279ffbf267f | glance | image |
| d5faa46d421f46c4b2d37607ee546d5d | keystone | identity |
+----------------------------------+----------+----------+
注册API信息
# openstack endpoint create --region RegionOne \
image public http://openstack-vip.magedu.net:9292
# openstack endpoint create --region RegionOne \
image internal http://openstack-vip.magedu.net:9292
# openstack endpoint create --region RegionOne \
image admin http://openstack-vip.magedu.net:9292
# openstack endpoint list #列出表注册信息
[root@controller1 ~]# openstack endpoint create --region RegionOne \
> image public http://openstack-vip.magedu.net:9292
image admin http://openstack-vip.magedu.net:9292+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 19d347745ac94396b6baa6348e80ddc5 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f4d877fa9e14e12b5423279ffbf267f |
| service_name | glance |
| service_type | image |
| url | http://openstack-vip.magedu.net:9292 |
+--------------+--------------------------------------+
You have new mail in /var/spool/mail/root
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne \
> image internal http://openstack-vip.magedu.net:9292
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 199dbcce917849baa7e4d2b93f934da0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f4d877fa9e14e12b5423279ffbf267f |
| service_name | glance |
| service_type | image |
| url | http://openstack-vip.magedu.net:9292 |
+--------------+--------------------------------------+
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne \
> image admin http://openstack-vip.magedu.net:9292
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | a19f9a3712624d038fcaf6afe69d76e3 |
| interface | admin |mkd
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f4d877fa9e14e12b5423279ffbf267f |
| service_name | glance |
| service_type | image |
| url | http://openstack-vip.magedu.net:9292 |
+--------------+--------------------------------------+
配置共享文件
105端:
yum install nfs-utils -y
# mkdir /data/openstack/image -p
# cat /etc/exports
/data/openstack/image *(rw,no_root_squash)
设置开机启动并启动服务
systemctl start nfs
systemctl enable nfs
101端
mkdir /var/lib/glance/images/
mount -t nfs 192.168.7.105:/data/openstack/images/ /var/lib/glance/images/
# vim /etc/fstab
192.168.7.105:/data/openstack/image/ /var/lib/glance/images/ nfs defaults,_netdev 0 0
配置hapoxy
listen mysql
bind 192.168.7.101:3306
mode tcp
server mysql1 192.168.7.105:3306 check inter 3s fall 3 rise 5
listen memcached
bind 192.168.7.101:11211
mode tcp
server mysql2 192.168.7.105:11211 check inter 3s fall 3 rise 5
listen rabbitmq
bind 192.168.7.101:5672
mode tcp
server mysql2 192.168.7.105:5672 check inter 3s fall 3 rise 5
#验证
# ss ntl
配置文件
#两个配置文件进行同样配置
# vim /etc/glance/glance-api.conf
# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance123@openstack-vip.magedu.net/glance
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.magedu.net:5000
auth_url = http://openstack-vip.magedu.net:5000
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
# vim /etc/glance/glance-api.conf 额外添加
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
初始化数据库
# su -s /bin/sh -c "glance-manage db_sync" glance
显示输出如下即为成功
Database is synced successfully.
开启服务
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
挂载nfs
# yum install nfs-utils -y
# systemctl stop openstack-glance-api.service openstack-glance-registry.service
# mount -t nfs 192.168.7.105:/data/openstack/image/ /var/lib/glance/images/
# systemctl start openstack-glance-api.service openstack-glance-registry.service
# vim /etc/fstab
192.168.7.105:/data/openstack/image/ /var/lib/glance/images/ nfs defaults,_netdev 0 0
修改权限
101端
# chown -R glance.glance /var/lib/glance/images/
[root@controller1 ~]# id glance
uid=161(glance) gid=161(glance) groups=161(glance)
105端
[root@mysql ~]# ll -d /data/openstack/image/
drwxr-xr-x. 2 161 161 6 Aug 22 19:58 /data/openstack/image/
两端id相同既不用修改
验证:
官方文档:https://docs.openstack.org/glance/stein/install/verify.html
下载官方镜像
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
新开窗口验证
# # source script/admin-stein.sh
# openstack image create "cirros" \
--file /root/cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
成功后查看
# glance image-list
# openstack image list
配置Placement service
官方文档:https://docs.openstack.org/placement/stein/install/install-rdo.html
105端
创建数据库和创建授权用户
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';
Query OK, 0 rows affected (0.054 sec)
101端
创建admin项目用户并授权
# openstack user create --domain default --password-prompt placement
# openstack role add --project service --user placement admin
创建实体
openstack service create --name placement --description "Placement API" placement
注册API
# openstack endpoint create --region RegionOne placement public http://openstack-vip.magedu.net:8778
# openstack endpoint create --region RegionOne placement internal http://openstack-vip.magedu.net:8778
# openstack endpoint create --region RegionOne placement admin http://openstack-vip.magedu.net:8778
# openstack endpoint list
[root@controller1 ~]# openstack endpoint create --region RegionOne placement public http://openstack-vip.magedu.net:8778
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 014e2bf9cd3b4c46bc17e7308eeff054 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 219405a9cd07447ca83f93f2a92fdf84 |
| service_name | placement |
| service_type | placement |
| url | http://openstack-vip.magedu.net:8778 |
+--------------+--------------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne placement internal http://openstack-vip.magedu.net:8778
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 83a8258a58eb4b17a297a1a0f303325a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 219405a9cd07447ca83f93f2a92fdf84 |
| service_name | placement |
| service_type | placement |
| url | http://openstack-vip.magedu.net:8778 |
+--------------+--------------------------------------+
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne placement admin http://openstack-vip.magedu.net:8778
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 6130511da6ea4c2a87070a26606e9640 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 219405a9cd07447ca83f93f2a92fdf84 |
| service_name | placement |
| service_type | placement |
| url | http://openstack-vip.magedu.net:8778 |
+--------------+--------------------------------------+
配置placement
安装软件
# yum install openstack-placement-api
配置配置文件:
# vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:placement123@openstack-vip.magedu.net/placement
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
:
初始化数据库
# su -s /bin/sh -c "placement-manage db sync" placement
重启httpd
因为placement在http有个配置文件
[root@controller1 ~]# rpm -ql openstack-placement-api
/etc/httpd/conf.d/00-placement-api.conf
# systemctl restart httpd
查看端口8878即为成功
验证
[root@controller1 ~]# source script/admin-stein.sh
[root@controller1 ~]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
配置Compute service
官方文档:https://docs.openstack.org/nova/rocky/install/controller-install-rdo.html
105端
创建数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
授权并创建访问nova用户
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
101管理端
创建角色并加入admin角色权限
# openstack user create --domain default --password-prompt nova
# openstack role add --project service --user nova admin
创建nova实体
# openstack service create --name nova --description "OpenStack Compute" compute
注册API
# openstack endpoint create --region RegionOne compute public http://openstack-vip.magedu.net:8774/v2.1
# openstack endpoint create --region RegionOne compute internal http://openstack-vip.magedu.net:8774/v2.1
# openstack endpoint create --region RegionOne compute admin http://openstack-vip.magedu.net:8774/v2.1
[root@controller1 ~]# openstack endpoint create --region RegionOne compute public http://openstack-vip.magedu.net:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | dd4c8b762acb41cca7000f38304b7e5d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f892543734740d9b4a9a10ec544e643 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-vip.magedu.net:8774/v2.1 |
+--------------+-------------------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne compute internal http://openstack-vip.magedu.net:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | f69e4b3081ad4f64b6a25f3e8dbfbe19 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f892543734740d9b4a9a10ec544e643 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-vip.magedu.net:8774/v2.1 |
+--------------+-------------------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne compute admin http://openstack-vip.magedu.net:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e1552d52bc1e44f2b9fecd2ea8abe250 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f892543734740d9b4a9a10ec544e643 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-vip.magedu.net:8774/v2.1 |
+--------------+-------------------------------------------+
安装软件
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler #openstack-nova-scheduler这个软件s版中没有,但是需要添加
配置文件
# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
my_ip = 192.168.7.101
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy=keystone
[api_database]
connection = mysql+pymysql://nova:nova123@openstack-vip.magedu.net/nova_api
[database]
connection = mysql+pymysql://nova:nova123@openstack-vip.magedu.net/nova
[glance]
api_servers = http://openstack-vip.magedu.net:9292
[keystone_authtoken]
auth_url = http://openstack-vip.magedu.net:5000/v3
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-vip.magedu.net:5000/v3
username = placement
password = placement
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
初始化数据库
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650 #随机生成一窜数据串
# su -s /bin/sh -c "nova-manage db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+
| Name | UUID |
+-------+--------------------------------------+
| cell1 | 109e1d4b-536a-40d0-83c6-5f121b82b650 |
| cell0 | 00000000-0000-0000-0000-000000000000 |
+-------+--------------------------------------+
启动服务
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
验证
[root@controller1 ~]# source script/admin-stein.sh
[root@controller1 ~]# openstack host list
+------------------------+-------------+----------+
| Host Name | Service | Zone |
+------------------------+-------------+----------+
| controller1.magedu.net | consoleauth | internal |
| controller1.magedu.net | conductor | internal |
| controller1.magedu.net | scheduler | internal |
+------------------------+-------------+----------+
103端:
安装软件
# yum install openstack-nova-compute
添加hosts文件
vim /etc/hosts
192.168.7.101 openstack-vip.magedu.net
配置文件
[root@node3 ~]# grep -v "^#" /etc/nova/nova.conf | grep -v "^$"
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[glance]
api_servers = http://openstack-vip.magedu.net:9292
[keystone_authtoken]
auth_url = http://openstack-vip.magedu.net:5000/v3
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-vip.magedu.net:5000/v3
username = placement
password = placement
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.7.103
novncproxy_base_url = http://openstack-vip.magedu.net:6080/vnc_auto.html
启动服务
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
加装httpd补丁
# vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
# systemctl restart httpd
验证nova服务
# source script/admin-stein.sh 声明环境变量
# openstack compute service list 列出compute列表
# openstack catalog list
# openstack image list
# nova-status upgrade check
都有列表即为nova安装成功
# [root@controller1 ~]# openstack compute service list
+----+------------------+------------------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller1.magedu.net | internal | enabled | up | 2019-08-25T02:20:30.000000 |
| 2 | nova-conductor | controller1.magedu.net | internal | enabled | up | 2019-08-25T02:20:30.000000 |
| 3 | nova-scheduler | controller1.magedu.net | internal | enabled | up | 2019-08-25T02:20:31.000000 |
| 8 | nova-compute | node3 | nova | enabled | up | 2019-08-25T02:20:34.000000 |
+----+------------------+------------------------+----------+---------+-------+----------------------------+
[root@controller1 ~]# openstack catalog list
+-----------+-----------+-------------------------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-------------------------------------------------------+
| placement | placement | RegionOne |
| | | public: http://openstack-vip.magedu.net:8778 |
| | | RegionOne |
[root@controller1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| e981dafb-03b2-4ed7-a786-22830f2621b1 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller1 ~]# nova-status upgrade check
+------------------------------------------------------------------+
| Upgrade Check Results |
+------------------------------------------------------------------+
| Check: Cells v2 |
| Result: Failure |
| Details: No host mappings found but there are compute nodes. Run |
| command 'nova-manage cell_v2 simple_cell_setup' and then |
| retry. |
+------------------------------------------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
登录rebbitmq的web界面也看查看下
配置Networking service
105端
创建数据库和创建授权访问用户
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
Query OK, 0 rows affected (0.001 sec)
101端
创建用户和加入admin角色权限
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
创建实体
openstack service create --name neutron \
--description "OpenStack Networking" network
注册API
openstack endpoint create --region RegionOne network public http://openstack-vip.magedu.net:9696
openstack endpoint create --region RegionOne network internal http://openstack-vip.magedu.net:9696
openstack endpoint create --region RegionOne network admin http://openstack-vip.magedu.net:9696
配置
网络配置中有两种网络选择;我们选择桥接网络配置
安装软件:
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
配置配置文件
配置/etc/neutron/neutron.conf
# /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:neutron123@openstack-vip.magedu.net/neutron
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.magedu.net:5000
auth_url = http://openstack-vip.magedu.net:5000
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[nova] #如果没有这个参数,就在后面添加即可
auth_url = http://openstack-vip.magedu.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
配置/etc/neutron/plugins/ml2/ml2_conf.ini
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
配置 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = external:eth0 宿主机网卡
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
You have new mail in /var/spool/mail/root
在返回network主页配置neutron配置
# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = openstack-vip.magedu.net
metadata_proxy_shared_secret = 20190823
配置nova
# vim /etc/nova/nova.conf
[neutron]
url = http://openstack-vip.magedu.net:9696
auth_url = http://openstack-vip.magedu.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
建立软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
初始化数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启nova服务
systemctl restart openstack-nova-api.service
重启主网络服务
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.servi
重启从服务
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
每一步启动服务都需要查看日志,看是否有报错信息,没有才是成功
tail -f /var/log/neutron/*.log
计算节点103端
官方配置文档:https://docs.openstack.org/neutron/stein/install/compute-install-rdo.html
安装软件
yum install openstack-neutron-linuxbridge ebtables ipset
配置桥接网络服务配置文件
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = external:eth0 #宿主机物理网卡和类型
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
在内核配置文件增加
# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables 服务没启动,会报错,启动服务在启动即可
[root@node3 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
配置配置文件
# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.magedu.net:5000
auth_url = http://openstack-vip.magedu.net:5000
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
# vim /etc/nova/nova.conf
[neutron]
url = http://openstack-vip.magedu.net:9696
auth_url = http://openstack-vip.magedu.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
重启服务
# systemctl restart openstack-nova-compute.service
重启网络服务
# systemctl enable neutron-linuxbridge-agent.service
# systemctl restart neutron-linuxbridge-agent.service
验证
# openstack extension list --network
# openstack network agent list
[root@controller1 ~]# openstack network agent list #四个服务起来即可
+--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
| 4017d2c0-273e-4742-89da-95166a267df6 | DHCP agent | controller1.magedu.net | nova | :-) | UP | neutron-dhcp-agent |
| 721a2248-c4bb-480d-ae21-de7e6d86f49b | Metadata agent | controller1.magedu.net | None | :-) | UP | neutron-metadata-agent |
| 73be4bb7-6912-4aa2-bf54-38a538b77739 | Linux bridge agent | node3 | None | :-) | UP | neutron-linuxbridge-agent |
| ab2a2efc-354e-4e61-925c-7b95599f1223 | Linux bridge agent | controller1.magedu.net | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
成功后
命令行创建实例
创建网络
openstack network create --share --external \
--provider-physical-network external \
--provider-network-type flat external-net
#--share选项允许所有项目使用虚拟网络
#--external选项将虚拟网络定义为外部。如果您希望创建内部网络,则可以使用--internal。默认值是internal。
物理上的网络使用从以下文件的信息在主机上的接口:--provider-physical-network provider--provider-network-type flateth1
在网络上创建子网
openstack subnet create --network external-net \
--allocation-pool start=192.168.6.201,end=192.168.6.254 \
--dns-nameserver 172.16.0.1 --gateway 192.168.7.2 \
--subnet-range 192.168.0.0/21 sub1
创建实例
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
$ openstack flavor list
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
$ openstack keypair list
添加安全规则
openstack security group rule create --proto icmp default #ping访问
openstack security group rule create --proto tcp --dst-port 22 default #ssh访问
启动一个实例
$ openstack image list
$ openstack network list
$ openstack security group list
[root@controller1 ~]# openstack server create --flavor 2C-2G-20G --image cirros \
> --nic net-id=c1080890-b677-4b22-b4b7-a4ac1af313ee --security-group default \
> --key-name mykey centos3-vm1
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | n3e8KP59gWLw |
| config_drive | |
| created | 2019-08-26T13:15:40Z |
| flavor | 2C-2G-20G (1) |
| hostId | |
| id | 034834c5-cb21-4642-9e06-740e985dff60 |
| image | cirros (97037bf7-40af-4712-9568-37fa0072c74c) |
| key_name | mykey |
| name | centos3-vm1 |
| progress | 0 |
| project_id | 52a52cc7f015405fa0d546d38769f62a |
| properties | |
| security_groups | name='4f502635-a31e-4813-87b0-55572e251e16' |
| status | BUILD |
| updated | 2019-08-26T13:15:40Z |
| user_id | 574cbbfecff641f5bddf26c17d333993 |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+
查看创建的实例服务器:
openstack server list
临时vnc远程
[root@controller1 ~]# openstack console url show centos3-vm1
+-------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------------------------------+
| type | novnc |
| url | http://openstack-vip.magedu.net:6080/vnc_auto.html?path=%3Ftoken%3Df13a3041-ca05-414d-9be2-4b05dc6b9b9e |
+-------+---------------------------------------------------------------------------------------------------------+
配置web界面访问OpenStack服
部署dashboard服务开启web界面
安装软件
# yum install openstack-dashboard
配置文件
vim /etc/openstack-dashboard/local_settings
配置web界面以在`192.168.7.101节点上使用OpenStack服务
OPENSTACK_HOST = "192.168.7.101"
允许主机访问信息中心:
ALLOWED_HOSTS = ['*',]
配置memcached会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
启用Identity API的v3版本
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
启用域
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
配置Default为通过仪表板创建的用户的默认域
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
配置user为通过仪表板创建的用户的默认角色:
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
如果选择网络选项1,请禁用对第3层网络服务的支持:
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
配置时区
TIME_ZONE = "Asia/Shanghai"
vim /etc/httpd/conf.d/openstack-dashboard.conf
添加如下
WSGIApplicationGroup %{GLOBAL}
重启服务
# systemctl restart httpd.service memcached.service #因为我的memchached在105端,所以mem在105端重启
登录
管理员无法在首页查看实例,具体如下可以查看
使用demo创建实例服务去
1、创建实例
填写详情、分配源、实例类型、网络
查看实例
实例详情
操作1:硬重启-断电
软重启-正常关闭,表示使用命令重启,即保存数据后启动
查看缓存中的session数据
telnet 192.168.7.101 11211 访问
stats items #列出所有keys
stats cachedump id 0 #获得key的值,0表示全部列出
get KEY_NAME #get命令获取指定key的值
实例
[root@controller1 ~]# telnet 192.168.7.101 11211
Trying 192.168.7.101...
Connected to 192.168.7.101.
Escape character is '^]'.
stats items #列出所有keys
STAT items:18:number 2
STAT items:18:number_hot 0
stats cachedump 18 0 #列出具体信息
ITEM tokens/aa819ac8911bb336867a0bffbc6bd96428478ffbad69564db88f2c9333bf06be [3768 b; 1566886978 s]
ITEM tokens/cfa8264731b0ebeb6ffee78c1280853a3d224c97ef7bccb86173291ccc49446a [3770 b; 1566886909 s]
get ITEM tokens/cfa8264731b0ebeb6ffee78c1280853a3d224c97ef7bccb86173291ccc49446 #获取key值
