openstack搭建
基礎(chǔ)環(huán)境準(zhǔn)備
一下操作2個節(jié)點都要做,單獨的會標(biāo)識的
1、修改主機名
[root@controller ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.10 controller
192.168.100.20 compute
2、防火墻和seliux的修改
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
vim /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled #修改為disabled,重啟生效
3、ntp服務(wù)器搭建
#控制節(jié)點的操作
[root@controller ~]# yum -y install chrony
[root@controller ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst #將之前進行注釋,修改為阿里云的時間服務(wù)器
allow 192.168.100.0/24 #允許100網(wǎng)段來訪問
[root@controller ~]# systemctl restart chronyd
[root@controller ~]# systemctl enable chronyd
#檢查是否成功
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 8 +235us[+1649us] +/- 26ms
#計算節(jié)點的操作
[root@compute ~]# yum -y install chrony
[root@compute ~]# vim /etc/chrony.conf
server controller iburst #將控制節(jié)點作為服務(wù)器
systemctl restart chronyd
systemctl enable chronyd
#檢查同步是否成功
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 6 77 20 +7574ns[ +299us] +/- 29ms #*表示成功
4、安裝openstack軟件包
#2個節(jié)點都需要完成
[root@controller ~]# yum -y install centos-release-openstack-train
#有一個倉庫可以使用,包含了一些軟件包的安裝
[root@controller yum.repos.d]# cat train.repo
[openstack-train]
name=CentOS-7 - OpenStack train
baseurl=http://vault.centos.org/centos/7.9.2009/cloud/$basearch/openstack-train/
gpgcheck=0
enabled=1
gpgkey=http://vault.centos.org/centos/7.9.2009/os/$basearch/RPM-GPG-KEY-CentOS-7
#python管理openstack的api的工具
[root@controller yum.repos.d]# yum -y install python2-openstackclient
#selinux的管理
[root@controller yum.repos.d]# yum -y install openstack-selinux
### 5、mariadb安裝
`下面的只用在控制節(jié)點上面進行完成即可`
[root@controller yum.repos.d]# yum install mariadb mariadb-server python2-PyMySQL
5、安裝mariadb
yum install mariadb mariadb-server python2-PyMySQL
[root@controller /]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.10
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller my.cnf.d]# systemctl enable mariadb --now
#設(shè)置數(shù)據(jù)庫密碼
[root@controller my.cnf.d]# mysql_secure_installation
6、安裝rabbitmq
[root@controller /]# yum install rabbitmq-server
[root@controller /]# systemctl enable rabbitmq-server.service --now
#設(shè)置用戶,密碼
[root@controller /]# rabbitmqctl add_user openstack 123
Creating user "openstack"
#權(quán)限的設(shè)置
[root@controller /]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
[root@controller /]# rabbitmqctl list_user_permissions openstack
Listing permissions for user "openstack"
/ .* .* .*
7、安裝memcached
[root@controller /]# yum install memcached python-memcached
[root@controller /]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller" #修改為controller
[root@controller /]# systemctl enable memcached.service --now
8、安裝etcd
[root@controller /]# yum -y install etcd
[root@controller etcd]# vim /etc/etcd/etcd.conf
[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.10:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller etcd]# systemctl enable etcd --now
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
安裝必要的組件
1、安裝keystone
1、數(shù)據(jù)庫操作
[root@controller /]# mysql -uroot -p123
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants for "keystone";
2、安裝軟件包和修改配置文件
[root@controller /]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller /]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
#初始化數(shù)據(jù)庫,填充表
[root@controller /]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#密鑰
[root@controller /]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#設(shè)置用戶名和密碼,就是登錄時,會進行驗證,這些數(shù)據(jù)都在數(shù)據(jù)庫里面,默認(rèn)用戶是admin,密碼是123
[root@controller /]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller /]# keystone-manage bootstrap --bootstrap-password 123 \
> --bootstrap-admin-url http://controller:5000/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
#修改httpd服務(wù)器
[root@controller /]# vim /etc/httpd/conf/httpd.conf
ServerName controller
#建立軟鏈接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3、配置環(huán)境變量來管理賬戶
[root@controller ~]# cat admin-login
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
#導(dǎo)入這些,然后會在數(shù)據(jù)庫中進行驗證,成功就能進行管理了
4、測試
[root@controller ~]# source admin-login
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 9e7039aebe1c432ca150bb7344fe8ccf |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#出現(xiàn)結(jié)果反饋即keystone搭建成功
2、安裝glance服務(wù)
1、數(shù)據(jù)庫操作
[root@controller ~]# mysql -u root -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 24
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants for "glance";
+-------------------------------------------------------------------------------------------------------+
| Grants for glance@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'glance'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
| GRANT ALL PRIVILEGES ON `glance`.* TO 'glance'@'%' |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
2、創(chuàng)建用戶和服務(wù)
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | bae81a570f814cecb498e80e10bbdd56 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
#創(chuàng)建服務(wù) image
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
#創(chuàng)建三個端點
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
3、安裝軟件包和修改配置文件
[root@controller ~]# yum -y install openstack-glance
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
#填充數(shù)據(jù)庫
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
4、啟動glance服務(wù)
[root@controller ~]# systemctl enable openstack-glance-api --now
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
5、測試
[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.1-x86_64-disk.img --public cirros
#有這個就代表這個glance服務(wù)成功
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| d19e1062-a398-4e2a-bd1d-af28f84b8fae | cirros | active |
+--------------------------------------+--------+--------+
3、安裝placement服務(wù)
1、數(shù)據(jù)庫操作
[root@controller ~]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 31
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123';;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> show grants for 'placement';
+----------------------------------------------------------------------------------------------------------+
| Grants for placement@% |
+----------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'placement'@'%' IDENTIFIED BY PASSWORD '*23AE809DDACAF96AF0FD78ED04B6A265E05AA257' |
| GRANT ALL PRIVILEGES ON `placement`.* TO 'placement'@'%' |
+----------------------------------------------------------------------------------------------------------+
2 rows in set (0.000 sec)
2、用戶和服務(wù)的創(chuàng)建
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 040ce718a5664ec9b1cc740b6c63bb7c |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement \
> --description "Placement API" placement
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement public http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement internal http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
> placement admin http://controller:8778
3、安裝和軟件包
[root@controller ~]# yum install openstack-placement-api
[root@controller ~]# vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:123@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 123
#填充數(shù)據(jù)庫
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement
#還有一個點就是
[root@controller ~]# vim /etc/httpd/conf.d/00-placement-api.conf
<Directory "/usr/bin">
<IfVersion >= 2.4>
Require all granted
</IfVersion>
</Directory>
#重啟httpd服務(wù)
[root@controller conf.d]# systemctl restart httpd
4、檢測
[root@controller conf.d]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
#表示成功
4、nova搭建
1、安裝控制節(jié)點
1、數(shù)據(jù)庫創(chuàng)建
[root@controller ~]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
2、創(chuàng)建nova賬戶和服務(wù)
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5204cfe87fc74cd8a007999385e5ed9c |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | dd27d458abe741c19dcfd16270fc7f9b |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4da19fa400b64487ac33f9dd7b46e77e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dd27d458abe741c19dcfd16270fc7f9b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b4c1e6ea4ac74c8b9020007148eff59e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dd27d458abe741c19dcfd16270fc7f9b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7b675842b4724040a3e6f9f5715d5b66 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | dd27d458abe741c19dcfd16270fc7f9b |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
3、修改配置文件
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123@controller:5672/
my_ip = 192.168.100.10
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:123@controller/nova_api
[database]
connection = mysql+pymysql://nova:123@controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123
#注冊數(shù)據(jù)庫
[root@controller nova]# su -s /bin/sh -c "nova-manage api_db sync" nova
#創(chuàng)建單元格
[root@controller nova]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
[root@controller nova]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#填充數(shù)據(jù)庫
[root@controller nova]# su -s /bin/sh -c "nova-manage db sync" nova
WARNING: cell0 mapping not found - not syncing cell0.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
#查看單元格是否注冊
[root@controller nova]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | 9c7901af-2413-4e31-9ce8-40ba352363a9 | rabbit://openstack:****@controller:5672/ | mysql+pymysql://nova:****@controller/nova | False |
[root@controller nova]# systemctl enable \
> openstack-nova-api.service \
> openstack-nova-scheduler.service \
> openstack-nova-conductor.service \
> openstack-nova-novncproxy.service --now
2、安裝計算節(jié)點
1、修改配置文件
yum install openstack-nova-compute
[root@compute nova]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata#
transport_url = rabbit://openstack:123@controller
my_ip = 192.168.100.20
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123
[libvirt]
virt_type = qemu
#查看是否支持硬件加速虛擬機
egrep -c '(vmx|svm)' /proc/cpuinfo
[root@compute nova]# systemctl enable libvirtd.service openstack-nova-compute.service --now
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
2、將計算節(jié)點添加到單元數(shù)據(jù)庫中
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 6 | nova-compute | compute | nova | enabled | up | 2024-07-14T07:51:58.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
#發(fā)現(xiàn)計算主機
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
#修改nova配置文件
[scheduler]
discover_hosts_in_cells_interval = 300 #時間為300秒
#重啟服務(wù)
3、檢查
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 3 | nova-conductor | controller | internal | enabled | up | 2024-07-14T07:53:49.000000 |
| 4 | nova-scheduler | controller | internal | enabled | up | 2024-07-14T07:53:50.000000 |
| 6 | nova-compute | compute | nova | enabled | up | 2024-07-14T07:53:48.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Cinder API |
| Result: Success |
| Details: None |
+--------------------------------+
#出現(xiàn)以上就沒有問題了
5、neutron搭建
1、控制節(jié)點單鍵
1、數(shù)據(jù)庫操作
[root@controller ~]# mysql -uroot -p123
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 47
Server version: 10.3.20-MariaDB MariaDB Server
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
-> IDENTIFIED BY '123';
Query OK, 0 rows affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.000 sec)
2、創(chuàng)建用戶和服務(wù)
[root@controller ~]# openstack user create --domain default --password-prompt neutron
[root@controller ~]# openstack role add --project service --user neutron admin
#創(chuàng)建網(wǎng)絡(luò)服務(wù)
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
#創(chuàng)建網(wǎng)絡(luò)服務(wù)的實體api
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
3、配置和修改文件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
#修改neutron.conf文件
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:123@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#修改ml2
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
#修改網(wǎng)橋代理文件
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#修改內(nèi)核參數(shù)
[root@controller ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#加載
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#修改三層代理
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
#修改dhcp
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#配置元數(shù)據(jù)代理
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
#配置nova使用neutron服務(wù)
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
#創(chuàng)建鏈接文件
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#填充數(shù)據(jù)庫
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#重啟nova的api服務(wù)
[root@controller ~]# systemctl restart openstack-nova-api
#啟動neutron服務(wù)
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service --now
[root@controller ~]# systemctl enable neutron-l3-agent.service --now
2、計算節(jié)點搭建
1、配置和修改文件
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset
#修改neutron文件
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#配置網(wǎng)橋代理
[root@compute ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.20
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[root@compute ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
[root@compute ~]# modprobe br_netfilter
[root@compute ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#配置nova服務(wù)
vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
#重啟服務(wù)
[root@compute ~]# systemctl restart openstack-nova-compute.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service --now
3、驗證操作
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 5f7c093b-f44e-425e-9e42-ec173c880ebd | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 76d64aa3-1f44-4bc9-bbff-43b30120c539 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent |
| 8d1fbc83-81b9-495b-9261-f597604ebbef | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| e7b59113-e609-48e6-9695-d259459243c4 | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| f504f14f-0e62-47b3-bbf9-5902d0877b95 | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
6、安裝dashboard
控制節(jié)點上面完成
[root@controller ~]# yum install openstack-dashboard
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_auto_allocated_network': False,
'enable_distributed_router': False,
'enable_fip_topology_check': False,
'enable_ha_router': False,
'enable_ipv6': True,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_quotas': False,
'enable_rbac_policy': False,
'enable_router': False,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
TIME_ZONE = "Asia/Shanghai"
WEBROOT='/dashboard'
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
#重啟網(wǎng)絡(luò)服務(wù)
[root@controller ~]# systemctl restart httpd.service memcached.service
浙公網(wǎng)安備 33010602011771號