前言
本文基于centos7.6搭建安装openstackTrain版本.将官方文档以及自己踩过的坑进行整理.
说明:cinder节点未部署,在部署中翻阅参考了👇这个博客
https://blog.51cto.com/11694088/2459754
相关命令
openstack user set nova --password nova #修改openstack用户密码
相关问题
问题处理:
1、计算节点neutron服务日志报错:TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'
原因:查看是否由于networkmanager服务未开启造成的,必须开启NetworkManager服务
2、虚机启动速度慢
原因:因部署节点为裸金属机器,故查看虚机所在计算节点的/etc/nova/nova.conf文件,virt_type是否为kvm,qemu会造成虚机启动慢。
目录
- 基础环境 部署
- keystone部署
- glance 搭建
- placement 部署
- Nova 部署
- neutron 部署
- dashboard 部署
1.基础环境搭建
| 系统版本 | 环境 | IP地址 | 角色 |
|---|---|---|---|
| CentOS7.6 | Mini | 172.16.169.131 | 控制节点 controller |
| CentOS7.6 | Mini | 172.16.169.132 | 计算节点 computer |
| CentOS7.6 | Mini | 172.16.169.133 | 计算节点 computer |
在开始下列搭建前,请确认所以节点完成以下操作关
防火墙关闭
systemctl stop firewalld && systemctl disable firewalld
关闭selinux
sed -i 's/^SELINUX=.*/SELINUX=disabled/` /etc/selinux/config
setenforce 0
时钟同步配置chronyd 时钟源节点。
cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
server 127.127.1.1
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
#allow 192.168/16
allow 127.0.0.0/8
allow 172.16.169.0/24
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
#local stratum 10
local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
时钟同步配置chronyd
cat /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.rhel.pool.ntp.org iburst
server 192.168.10.1 iburst
# Ignore stratum in source selection.
stratumweight 0
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Enable kernel RTC synchronization.
rtcsync
# In first three updates step the system clock instead of slew
# if the adjustment is larger than 10 seconds.
makestep 10 3
# Allow NTP client access from local network.
#allow 192.168/16
# Listen for commands only on localhost.
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
# Serve time even if not synchronized to any NTP server.
#local stratum 10
keyfile /etc/chrony.keys
# Specify the key used as password for chronyc.
commandkey 1
# Generate command key if missing.
generatecommandkey
# Disable logging of client accesses.
noclientlog
# Send a message to syslog if a clock adjustment is larger than 0.5 seconds.
logchange 0.5
logdir /var/log/chrony
#log measurements statistics tracking
hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.169.131 openstack01
172.16.169.132 openstack02
172.16.169.133 openstack03
免密互信 只需在控制节点进行操作
$ ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:oP0QSfGRok8VjKNLJ4hu6+dWHOZj+D6EQN7xw5YWens root@rmq3
The key's randomart image is:
+---[RSA 2048]----+
| o+oo |
| . . o+o+. |
|o...=o*+. |
|.o.o=&oo |
|. ..@** S |
| o o.O.E |
|. . = o . |
| . o o |
|..+.... |
+----[SHA256]-----+
$ ssh-copy-id openstack01
$ ssh-copy-id openstack02
$ ssh-copy-id openstack03
基础源安装
yum install python-openstackclient openstack-selinux
1.1配置mariadb,安装在控制节点
yum install mariadb mariadb-server python2-PyMySQL
vi /etc/my.cnf.d/openstack.cnf #该文件不存在,需要创建
[mysqld]
bind-address = 172.16.169.131 #控制节点ip
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation #数据库初始化,默认root密码为空
Set root password? [Y/n] n
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] n
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y
1.2 配置rabbitmq,安装在控制节点
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack openstack #添加openstack用户,密码也是openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*" #允许openstack用户的访问、读写权限
rabbitmq-plugins enable rabbitmq_management #开启图形化,访问地址:http://172.16.169.131:15672 用户名密码都是guest 注意openstack用户无法登入
1.3 配置memcached,安装在控制节点
yum install memcached python-memcached
vi /etc/sysconfig/memcached #添加控制节点的管理IP
OPTIONS="-l 127.0.0.1,::1,172.16.169.131"
systemctl enable memcached.service
systemctl start memcached.service
1.4 配置etcd,安装在控制节点
yum install etcd
cp -a /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak
vi /etc/etcd/etcd.conf #编辑文件,修改IP为控制节点管理IP
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.16.169.131:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.16.169.131:2379"
ETCD_NAME="openstack01"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.16.169.131:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.16.169.131:2379"
ETCD_INITIAL_CLUSTER="openstack01=http://172.16.169.131:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
systemctl enable etcd.service
systemctl start etcd.service
二、keystone部署,安装在控制节点
mysql -u root -p -e "CREATE DATABASE keystone;" #创建keystone的数据库
mysql -u root -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
yum install openstack-keystone httpd mod_wsgi
vi /etc/keystone/keystone.conf
#找到[database]、[token],并修改成以下内容,IP是控制节点管理IP
[database]
connection = mysql+pymysql://keystone:keystone@172.16.169.131/keystone
[token]
provider = fernet
$su -s /bin/sh -c "keystone-manage db_sync" keystone
$keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
$keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
$keystone-manage bootstrap --bootstrap-password admin \ #admin 为自行设定密码
--bootstrap-admin-url http://172.16.169.131:5000/v3/ \
--bootstrap-internal-url http://172.16.169.131:5000/v3/ \
--bootstrap-public-url http://172.16.169.131:5000/v3/ \
--bootstrap-region-id RegionOne
vi /etc/httpd/conf/httpd.conf #修改以下内容
ServerName 172.16.169.131
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
$ vim /root/admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD= admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL= =http://172.16.169.131:5000/v3
export OS_IDENTITY_API_VERSION=3
$ source /root/admin-openrc
$ openstack domain create --description "An Example Domain" example
$ openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 0632d28b4150467d9c919bc1eb914f76 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
$ openstack project create --domain default --description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 3bb6572b2c3c446c9f950f1c01e07c7e |
| is_domain | False |
| name | myproject |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
$ openstack user create --domain default --password-prompt myuser #myuser用户的密码是user
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2cc5824486254ec19cfacae4326da447 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ openstack role create myrole
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | a00001362e79494ab737ecc00c9e66b1 |
| name | myrole |
| options | {} |
+-------------+----------------------------------+
$ openstack role add --project myproject --user myuser myrole
$ unset OS_AUTH_URL OS_PASSWORD #删除这两个环境变量
$ openstack --os-auth-url http://172.16.169.131:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue #我的admin用户的密码是admin
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-04T07:59:12+0000 |
| id | gAAAAABeX1HASywhsR6EJ-QIsxkWFUk6jCFFYUUUmIihUCy1whh7WLPHxN-ifW9GSTrX7MRhaCNSrdcG8cU6W5pnFAgIcxzgEDqIfy3zEWxqQ5eR49fcxTHmpPATTm7swF9At9zYI5aJwAlY23AgyKF06MTNH4g4rcOUlt60v12pcQvBnGy4hSE |
| project_id | b9d83ac3320d420b949aa9d390f3216a |
| user_id | 9e650fbea45d40ba920d3d43699f60c5 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
openstack --os-auth-url http://172.16.169.131:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue #我的myuser用户的密码是user
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-04T08:01:17+0000 |
| id | gAAAAABeX1I9O2mj2hqMlq2ltIw34EjKQEStepvUOD69g3pxT-KlSjWeCGOb1tWYWmloBqFw0FIB1lg00N0mzMAFE8LFHHBqYd-9tD6VrapkUpDc92rDI7b2-k1OkyQWlsDtOMRr8kp9MhY6x0zp6h9kYfddM-x2utcst8cm969jV-b5g_vTiNE |
| project_id | 3bb6572b2c3c446c9f950f1c01e07c7e |
| user_id | 2cc5824486254ec19cfacae4326da447 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
vi root/demo-openrc #所有节点配置
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=user
export OS_AUTH_URL=http://172.16.169.131:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
$ . admin-openrc #在计算节点上执行
$ openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-04T08:30:28+0000 |
| id | gAAAAABeX1kU32kh7-tqt-tTTTZDVPSlUSrRbgfuzP-5Ygtk3IKr_C8ZWjyDNqD8stZ7laMbYpeKvkToSFN-kdRKxPwB5aXcrfczDKFL2X7rRS6P8Rl7v9C-sNzGsCNm9Zx7OFyuHO92Xlp8PRZddV38H2y0USE5TL6L3lQ6-Uw94t6789KnA6o |
| project_id | b9d83ac3320d420b949aa9d390f3216a |
| user_id | 9e650fbea45d40ba920d3d43699f60c5 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
三、glance部署,安装在控制节点
mysql -u root -p -e "CREATE DATABASE glance;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
. admin-openrc
openstack user create --domain default --password-prompt glance #创建glance用户,密码是glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | eecc5fe8b91c44a1911492a9c7730f03 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将admin角色添加glance用户和service项目 并创建glance服务
$ openstack role add --project service --user glance admin
$ openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 7cfe29fc978540f188d6054391cc738f |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建镜像服务API
$ openstack endpoint create --region RegionOne image public http://172.16.169.131:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 87023a831b4d41d7a5ee14130ddf5f13 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7cfe29fc978540f188d6054391cc738f |
| service_name | glance |
| service_type | image |
| url | http://172.16.169.131:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne image internal http://172.16.169.131:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 161397cb910148c7ad55a6c37156de0b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7cfe29fc978540f188d6054391cc738f |
| service_name | glance |
| service_type | image |
| url | http://172.16.169.131:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne image admin http://172.16.169.131:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f0cda168c63e41fcae7f45dd9024f2cf |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne grep -v '^$' |
| service_id | 7cfe29fc978540f188d6054391cc738f |
| service_name | glance |
| service_type | image |
| url | http://172.16.169.131:9292 |
+--------------+----------------------------------+
安装openstack-glance包
yum install openstack-glance
vi /etc/glance/glance-api.conf #修改以下内容,文件中应该是都注释的
[database]
connection = mysql+pymysql://glance:glance@172.16.169.131/glance
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000
auth_url = http://172.16.169.131:5000
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
四、placement部署,安装在控制节点上
mysql -u root -p -e "CREATE DATABASE placement;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"
. admin-openrc
openstack user create --domain default --password-prompt placement #placement用户的密码是placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5332ee38a4e1496daed284955eeb931f |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
$ openstack role add --project service --user placement admin
$ openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 6fc7d42b727c414d80b8139928df345a |
| name | placement |
| type | placement |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne placement public http://172.16.169.131:8778
+--------------+----------------------------------+
| Field | Value grep -v '^$' |
+--------------+----------------------------------+
| enabled | True |
| id | 2f57087f604145be8a859de4d07974c2 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6fc7d42b727c414d80b8139928df345a |
| service_name | placement |
| service_type | placement |
| url | http://172.16.169.131:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement internal http://172.16.169.131:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d6f10b0373af46ef871d1a9b490fb0bd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6fc7d42b727c414d80b8139928df345a |
| service_name | placement |
| service_type | placement |
| url | http://172.16.169.131:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement admin http://172.16.169.131:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b6ee4700e8ce4f90bb5d8de8ac3060b0 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 6fc7d42b727c414d80b8139928df345a |
| service_name | placement |
| service_type | placement |
| url | http://172.16.169.131:8778 |
+--------------+----------------------------------+
yum install openstack-placement-api
vi /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:placement@172.16.169.131/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://172.16.169.131:5000/v3
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placemen
su -s /bin/sh -c "placement-manage db sync" placement
vim /etc/httpd/conf.d/00-placement-api.conf #在#SSLCertificateKeyFile条目下添加以下内容
#SSLCertificateKeyFile …
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
systemctl restart httpd
五、Nova部署
5.1 控制节点部署
mysql -u root -p -e "CREATE DATABASE nova_api;"
mysql -u root -p -e "CREATE DATABASE nova;"
mysql -u root -p -e "CREATE DATABASE nova_cell0;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
. admin-openrc
openstack user create --domain default --password-prompt nova #nova用户的密码是nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 20f3d24280c44cac89fd16599d6e4974 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 73ac2c2ab0e5499583d95117bf9769cc |
| name | nova |
| type | compute |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne compute public http://172.16.169.131:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6fbb43ebd51d40a2bfc1cc81885d2fa6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73ac2c2ab0e5499583d95117bf9769cc |
| service_name | nova |
| service_type | compute |
| url | http://172.16.169.131:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute internal http://172.16.169.131:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 14b9d52ccff14a4d8a06fc9d20bac03e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73ac2c2ab0e5499583d95117bf9769cc |
| service_name | nova |
| service_type | compute |
| url | http://172.16.169.131:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute admin http://172.16.169.131:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f45956e2137a4712b4e571c34df56896 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73ac2c2ab0e5499583d95117bf9769cc |
| service_name | nova |
| service_type | compute |
| url | http://172.16.169.131:8774/v2.1 |
+--------------+----------------------------------+
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
vi /etc/nova/nova.conf #修改以下内容,my_ip的地址是控制节点管理IP
[DEFAULT]
my_ip = 172.16.169.131
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@172.16.169.131:5672/
[api_database]
connection = mysql+pymysql://nova:nova@172.16.169.131/nova_api
[database]
connection = mysql+pymysql://nova:nova@172.16.169.131/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000/
auth_url = http://172.16.169.131:5000/
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://172.16.169.131:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.16.169.131:5000/v3
username = placement
password = placement
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova #有warring抛出,但不影响
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------------------------+-----------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+----------------------------------------------+-----------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@172.16.169.131/nova_cell0 | False |
| cell1 | 1958b0e1-11c3-400a-8ac0-efdc1542de64 | rabbit://openstack:****@172.16.169.131:5672/ | mysql+pymysql://nova:****@172.16.169.131/nova | False |
+-------+--------------------------------------+----------------------------------------------+-----------------------------------------------------+----------+
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
5.2 计算节点部署
yum install openstack-nova-compute
vi /etc/nova/nova.conf #修改以下内容,my_ip的地址是本机的管理IP
[DEFAULT]
my_ip = 172.16.169.132
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@172.16.169.131
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000/
auth_url = http://172.16.169.131:5000/
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://172.16.169.131:6080/vnc_auto.html
[glance]
api_servers = http://172.16.169.131:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.16.169.131:5000/v3
username = placement
password = placement
egrep -c '(vmx|svm)' /proc/cpuinfo #如果返回的结果是0,则需要做以下修改,如果返回的结果是1或者更大的数字,则证明CPU支持虚拟化,virt_type = kvm
vi /etc/nova/nova.conf
[libvirt]
virt_type = kvm
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
5.3 添加计算节点的数据,在控制节点操作
. admin-openrc
openstack compute service list --service nova-compute
+----+--------------+------------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+------------------+------+---------+-------+----------------------------+
| 9 | nova-compute | openstack-node2 | nova | enabled | up | 2020-03-05T01:24:26.000000 |
| 10 | nova-compute | oipenstack-node3 | nova | enabled | up | 2020-03-05T01:24:32.000000 |
+----+--------------+------------------+------+---------+-------+----------------------------+
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
vi /etc/nova/nova.conf #添加nova自动扫描计算节点的时间间隔
[scheduler]
discover_hosts_in_cells_interval = 300
六、neutron部署
6.1 控制节点部署
mysql -u root -p -e "CREATE DATABASE neutron;"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
mysql -u root -p -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
. admin-openrc
openstack user create --domain default --password-prompt neutron #neutron用户密码是neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d75c2af5f6e2443cb2c84ee604839f69 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 793273d30d7a46fba0262bb7aec92408 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne network public http://172.16.169.131:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8b9023a47f134457a1b6cb19722eb40f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 793273d30d7a46fba0262bb7aec92408 |
| service_name | neutron |
| service_type | network |
| url | http://172.16.169.131:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://172.16.169.131:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3622f8a739084127b30d540227194090 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 793273d30d7a46fba0262bb7aec92408 |
| service_name | neutron |
| service_type | network |
| url | http://172.16.169.131:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://172.16.169.131:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e715e4513b2e425ba8327e1438f91f45 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 793273d30d7a46fba0262bb7aec92408 |
| service_name | neutron |
| service_type | network |
| url | http://172.16.169.131:9696 |
+--------------+----------------------------------+
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
vi /etc/neutron/neutron.conf #修改以下内容
[database]
connection = mysql+pymysql://neutron:neutron@172.16.169.131/neutron
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack@172.16.169.131
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000
auth_url = http://172.16.169.131:5000
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://172.16.169.131:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vi /etc/neutron/plugins/ml2/ml2_conf.ini #修改或增加以下内容
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #修改或增加以下内容,physical_interface_mappings需要修改本机的网络接口名称。
[linux_bridge]
physical_interface_mappings = provider:ens32
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
modprobe br_netfilter #加载br_netfilter模块,所有机器都要执行
echo "modprobe br_netfilter" >> /etc/profile
vi /etc/sysctl.conf #所有机器添加以下内容
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
sysctl -p #重新加载内核参数
vi /etc/neutron/dhcp_agent.ini #修改以下内容
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
vi /etc/neutron/metadata_agent.ini #修改以下内容,nova_metadata_host是控制节点的IP,metadata_proxy_shared_secret是openstack
[DEFAULT]
nova_metadata_host = 172.16.16.131
metadata_proxy_shared_secret = openstack
vi /etc/nova/nova.conf #添加以下内容,metadata_proxy_shared_secret需要和/etc/neutron/metadata_agent.ini文件里一致,都是openstack
[neutron]
auth_url = http://172.16.16.131:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = openstack
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
6.2 计算节点部署
yum install openstack-neutron-linuxbridge ebtables ipset
vi /etc/neutron/neutron.conf #修改以下内容
[DEFAULT]
transport_url = rabbit://openstack:openstack@172.16.169.131
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://172.16.169.131:5000
auth_url = http://172.16.169.131:5000
memcached_servers = 172.16.169.131:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
vi /etc/nova/nova.conf #修改以下内容
[neutron]
auth_url = http://172.16.169.131:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini #修改以下内容,physical_interface_mappings要修改本机的网络接口名。
[linux_bridge]
physical_interface_mappings = provider:ens32
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
systemctl restart openstack-nova-compute.service neutron-linuxbridge-agent.service
6.3 创建网络,在控制节点上操作
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
openstack subnet create --network provider --allocation-pool start=172.16.169.200,end=172.16.169.240 --gateway 172.16.169.254 --subnet-range 172.16.169.0/24 provider
七、dashboard部署,安装在控制节点上
yum install openstack-dashboard
vi /etc/openstack-dashboard/local_settings #修改以下内容
OPENSTACK_HOST = "172.16.169.131"
ALLOWED_HOSTS = ['*']
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '172.16.169.131:11211',
},
}
vi /etc/httpd/conf.d/openstack-dashboard.conf #在WSGISocketPrefix run/wsgi行下添加以下内容
WSGIApplicationGroup %{GLOBAL}
编辑以下文件,找到WEBROOT = '/' 修改为WEBROOT = '/dashboard' (官方未提及坑点之一)
vi /usr/share/openstack-dashboard/openstack_dashboard/defaults.py
vi /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py
查找/usr/share/openstack-dashboard/static/dashboard/js/目录下的所有js文件里含有WEBROOT的
找到WEBROOT = '/' 修改为WEBROOT = '/dashboard'
ls /usr/share/openstack-dashboard/static/dashboard/js/
2386ed69f0d7.js 64d85423c263.js b5e88d434bd1.js
systemctl restart httpd.service memcached.service
访问地址:http://172.16.169.131 默认域:default 用户名/密码:admin/admin
