openstack搭建
基础环境准备
一下操作2个节点都要做,单独的会标识的
1、修改主机名
[root@controller ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.10 controller
192.168.100.20 compute
2、防火墙和seliux的修改
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled #修改为disabled,重启生效
3、ntp服务器搭建
#控制节点的操作
[root@controller ~]# yum -y install chrony
[root@controller ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst #将之前进行注释,修改为阿里云的时间服务器
allow 192.168.100.0/24 #允许100网段来访问
[root@controller ~]# systemctl restart chronyd
[root@controller ~]# systemctl enable chronyd
#检查是否成功
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 8 +235us[+1649us] +/- 26ms
#计算节点的操作
[root@compute ~]# yum -y install chrony
[root@compute ~]# vim /etc/chrony.conf
server controller iburst #将控制节点作为服务器
systemctl restart chronyd
systemctl enable chronyd
#检查同步是否成功
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 6 77 20 +7574ns[ +299us] +/- 29ms #*表示成功
4、安装openstack软件包
#2个节点都需要完成
[root@controller ~]# yum -y install centos-release-openstack-train
#有一个仓库可以使用,包含了一些软件包的安装
[root@controller yum.repos.d]# cat train.repo
[openstack-train]
name=CentOS-7 - OpenStack train
baseurl=http://vault.centos.org/centos/7.9.2009/cloud/$basearch/openstack-train/
gpgcheck=0
enabled=1
gpgkey=http://vault.centos.org/centos/7.9.2009/os/$basearch/RPM-GPG-KEY-CentOS-7
#python管理openstack的api的工具
[root@controller yum.repos.d]# yum -y install python2-openstackclient
#selinux的管理
[root@controller yum.repos.d]# yum -y install openstack-selinux
### 5、mariadb安装
`下面的只用在控制节点上面进行完成即可`
[root@controller yum.repos.d]# yum install mariadb mariadb-server python2-PyMySQL
5、安装mariadb
yum install mariadb mariadb-server python2-PyMySQL
[root@controller /]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller my.cnf.d]# systemctl enable mariadb --now
#设置数据库密码
[root@controller my.cnf.d]# mysql_secure_installation
6、安装rabbitmq
[root@controller /]# yum install rabbitmq-server
[root@controller /]# systemctl enable rabbitmq-server.service --now
#设置用户,密码
[root@controller /]# rabbitmqctl add_user openstack 123
Creating user "openstack"
#权限的设置
[root@controller /]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
[root@controller /]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack"
/ .* .* .*
7、安装memcached
[root@controller /]# yum install memcached python-memcached
[root@controller /]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller" #修改为controller
[root@controller /]# systemctl enable memcached.service --now
8、安装etcd
[root@controller /]# yum -y install etcd
[root@controller etcd]# vim /etc/etcd/etcd.conf
[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.10:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller etcd]# systemctl enable etcd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
安装必要的组件
1、安装keystone
1、数据库操作
[root@controller /]# mysql -uroot -p123
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants for "keystone";
2、安装软件包和修改配置文件
[root@controller /]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller /]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
#初始化数据库,填充表
[root@controller /]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#密钥
[root@controller /]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#设置用户名和密码,就是登录时,会进行验证,这些数据都在数据库里面,默认用户是admin,密码是123
[root@controller /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller /]# keystone-manage bootstrap --bootstrap-password 123 \
> --bootstrap-admin-url http://controller:5000/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
#修改httpd服务器
[root@controller /]# vim /etc/httpd/conf/httpd.conf
ServerName controller
#建立软链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3、配置环境变量来管理账户
[root@controller ~]# cat admin-login
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
#导入这些,然后会在数据库中进行验证,成功就能进行管理了
4、测试
[root@controller ~]# source admin-login
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 9e7039aebe1c432ca150bb7344fe8ccf |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#出现结果反馈即keystone搭建成功
2、安装glance服务
1、数据库操作
[root@controller ~]# mysql -u root -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants for "glance";
+-------------------------------------------------------------------------------------------------------+
| Grants for glance@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'glance'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
| GRANT ALL PRIVILEGES ON `glance`.* TO 'glance'@'%' |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
2、创建用户和服务
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | bae81a570f814cecb498e80e10bbdd56 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
#创建服务 image
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
#创建三个端点
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
3、安装软件包和修改配置文件
[root@controller ~]# yum -y install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#填充数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
4、启动glance服务
[root@controller ~]# systemctl enable openstack-glance-api --now
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
5、测试
[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.1-x86_64-disk.img --public cirros
#有这个就代表这个glance服务成功
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| d19e1062-a398-4e2a-bd1d-af28f84b8fae | cirros | active |
+--------------------------------------+--------+--------+
3、安装placement服务
1、数据库操作
[root@controller ~]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 31
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123';;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants for 'placement';
+----------------------------------------------------------------------------------------------------------+
| Grants for placement@% |
+----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'placement'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
| GRANT ALL PRIVILEGES ON `placement`.* TO 'placement'@'%' |
+----------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
2、用户和服务的创建
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 040ce718a5664ec9b1cc740b6c63bb7c |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement \
> --description "Placement API" placement
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement public http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement internal http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement admin http://controller:8778
3、安装和软件包
[root@controller ~]# yum install openstack-placement-api
[root@controller ~]# vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:123@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 123
#填充数据库
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement
#还有一个点就是
[root@controller ~]# vim /etc/httpd/conf.d/00-placement-api.conf
<Directory "/usr/bin">
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
#重启httpd服务
[root@controller conf.d]# systemctl restart httpd
4、检测
[root@controller conf.d]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
#表示成功
4、nova搭建
1、安装控制节点
1、数据库创建
[root@controller ~]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
2、创建nova账户和服务
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5204cfe87fc74cd8a007999385e5ed9c |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | dd27d458abe741c19dcfd16270fc7f9b |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4da19fa400b64487ac33f9dd7b46e77e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dd27d458abe741c19dcfd16270fc7f9b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b4c1e6ea4ac74c8b9020007148eff59e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dd27d458abe741c19dcfd16270fc7f9b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7b675842b4724040a3e6f9f5715d5b66 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dd27d458abe741c19dcfd16270fc7f9b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
3、修改配置文件
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123@controller:5672/
my_ip = 192.168.100.10
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:123@controller/nova_api
[database]
connection = mysql+pymysql://nova:123@controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123
#注册数据库
[root@controller nova]# su -s /bin/sh -c "nova-manage api_db sync" nova
#创建单元格
[root@controller nova]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
[root@controller nova]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#填充数据库
[root@controller nova]# su -s /bin/sh -c "nova-manage db sync" nova
WARNING: cell0 mapping not found - not syncing cell0.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
#查看单元格是否注册
[root@controller nova]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 9c7901af-2413-4e31-9ce8-40ba352363a9 | rabbit://openstack:****@controller:5672/ | mysql+pymysql://nova:****@controller/nova | False |
[root@controller nova]# systemctl enable \
> openstack-nova-api.service \
> openstack-nova-scheduler.service \
> openstack-nova-conductor.service \
> openstack-nova-novncproxy.service --now
2、安装计算节点
1、修改配置文件
yum install openstack-nova-compute
[root@compute nova]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata#
transport_url = rabbit://openstack:123@controller
my_ip = 192.168.100.20
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123
[libvirt]
virt_type = qemu
#查看是否支持硬件加速虚拟机
egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute nova]# systemctl enable libvirtd.service openstack-nova-compute.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
2、将计算节点添加到单元数据库中
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 6 | nova-compute | compute | nova | enabled | up | 2024-07-14T07:51:58.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
#发现计算主机
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
#修改nova配置文件
[scheduler]
discover_hosts_in_cells_interval = 300 #时间为300秒
#重启服务
3、检查
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 3 | nova-conductor | controller | internal | enabled | up | 2024-07-14T07:53:49.000000 |
| 4 | nova-scheduler | controller | internal | enabled | up | 2024-07-14T07:53:50.000000 |
| 6 | nova-compute | compute | nova | enabled | up | 2024-07-14T07:53:48.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Cinder API |
| Result: Success |
| Details: None |
+--------------------------------+
#出现以上就没有问题了
5、neutron搭建
1、控制节点单键
1、数据库操作
[root@controller ~]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 47
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
2、创建用户和服务
[root@controller ~]# openstack user create --domain default --password-prompt neutron
[root@controller ~]# openstack role add --project service --user neutron admin
#创建网络服务
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
#创建网络服务的实体api
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
3、配置和修改文件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
#修改neutron.conf文件
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:123@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#修改ml2
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
#修改网桥代理文件
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#修改内核参数
[root@controller ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#加载
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#修改三层代理
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
#修改dhcp
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#配置元数据代理
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
#配置nova使用neutron服务
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
#创建链接文件
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#填充数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#重启nova的api服务
[root@controller ~]# systemctl restart openstack-nova-api
#启动neutron服务
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service --now
[root@controller ~]# systemctl enable neutron-l3-agent.service --now
2、计算节点搭建
1、配置和修改文件
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset
#修改neutron文件
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#配置网桥代理
[root@compute ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.20
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@compute ~]# modprobe br_netfilter
[root@compute ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#配置nova服务
vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
#重启服务
[root@compute ~]# systemctl restart openstack-nova-compute.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service --now
3、验证操作
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 5f7c093b-f44e-425e-9e42-ec173c880ebd | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 76d64aa3-1f44-4bc9-bbff-43b30120c539 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent |
| 8d1fbc83-81b9-495b-9261-f597604ebbef | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| e7b59113-e609-48e6-9695-d259459243c4 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| f504f14f-0e62-47b3-bbf9-5902d0877b95 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
6、安装dashboard
控制节点上面完成
[root@controller ~]# yum install openstack-dashboard
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_auto_allocated_network': False,
'enable_distributed_router': False,
'enable_fip_topology_check': False,
'enable_ha_router': False,
'enable_ipv6': True,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_quotas': False,
'enable_rbac_policy': False,
'enable_router': False,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
TIME_ZONE = "Asia/Shanghai"
WEBROOT='/dashboard'
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
#重启网络服务
[root@controller ~]# systemctl restart httpd.service memcached.service
