前言:本次部署採用系統的是Centos 8-Stream版,儲存庫為OpenStack-Victoria版,除基礎配置,五大服務中的時間同步服務,七大元件中的nova服務,neutron服務,cinder服務需要在雙節點配置外,其他服務配置均在控制節點,neutron配置從公有網路和私有網路中選擇一種即可,大多數情況還是選公有網路的配置,此次部署所有密碼均為111111,可按自身需要自行配置
安裝環境:
- 採用虛擬化軟體:VMware Workstation 16 Pro
- 作業系統:Centos 8-Stream
- 控制節點配置:記憶體4G,CPU4核,磁碟100G,啟用虛擬化引擎
- 計算節點配置:記憶體4G,CPU4核,磁碟100G,啟用虛擬化引擎
基礎配置(雙節點)
Yum源倉庫配置
阿里雲映象倉庫地址:https://mirrors.aliyun.com,有需要可自行配置,但是這裡用不到
(1) 配置Centos 8的源只需改yum倉庫.repo檔案引數即可如下
#更改CentOS-Stream-AppStream.repo檔案,將baseurl引數中的地址改為https://mirrors.aliyun.com
[root@localhost ~]# cd /etc/yum.repos.d/
[root@localhost yum.repos.d]# vi CentOS-Stream-AppStream.repo
[appstream]
name=CentOS Stream $releasever - AppStream
#mirrorlist=http://mirrorlist.centos.org/? release=$stream&arch=$basearch&repo=AppStream&infra=$infra
baseurl=https://mirrors.aliyun.com/$contentdir/$stream/AppStream/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
#更改CentOS-Stream-BaseOS.repo 檔案,將baseurl引數中的地址改為https://mirrors.aliyun.com
[root@localhost yum.repos.d]# vi CentOS-Stream-BaseOS.repo
[baseos]
name=CentOS Stream $releasever - BaseOS
#mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=BaseOS&infra=$infra
baseurl=https://mirrors.aliyun.com/$contentdir/$stream/BaseOS/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
#更改CentOS-Stream-Extras.repo 檔案,將baseurl引數中的地址改為https://mirrors.aliyun.com
[root@localhost yum.repos.d]# vi CentOS-Stream-Extras.repo
[extras]
name=CentOS Stream $releasever - Extras
#mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra
baseurl=https://mirrors.aliyun.com/$contentdir/$stream/extras/$basearch/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
(2)配置openstack源
#在yum倉庫資料夾下面建立openstack-victoria.repo檔案
[root@localhost ~]# vi /etc/yum.repos.d/openstack-victoria.repo
#寫入以下內容
[virctoria]
name=virctoria
baseurl=https://mirrors.aliyun.com/centos/8-stream/cloud/x86_64/openstack-victoria/
gpgcheck=0
enabled=1
(3)清除快取,重建快取
[root@controller ~]# yum clean all
[root@controller ~]# yum makecache
網路配置
- 控制節點雙網路卡-------> 僅主機IP:10.10.10.10 Net外網IP:10.10.20.10
- 計算節點雙網路卡-------> 僅主機IP:10.10.10.20 Net外網IP:10.10.20.20
(1)安裝network網路服務
#安裝network,由於8系統自帶的服務為NetworkManager,它會與neutron服務有衝突,所以安裝network,關閉NetworkManager,並設定disable狀態
[root@localhost ~]# dnf -y install network-scripts
[root@localhost ~]# systemctl disable --now NetManager
#啟動network服務,設為開機自啟動
[root@localhost ~]# systemctl enable --now network
(2) 配置靜態IP
#ens33,以控制節點為例
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static #修改
ONBOOT=yes #修改
IPADDR=10.10.10.10 #新增
NETMASK=255.255.255.0 #新增
#ens34,以控制節點為例
[root@localhost ~]# vi /etc/sysconfig/network-scripts/ifcfg-ens34
BOOTPROTO=static #修改
ONBOOT=yes #修改
IPADDR=10.10.20.10 #新增
NETMASK=255.255.255.0 #新增
GATEWAY=10.10.20.2 #新增
DNS1=8.8.8.8 #新增
DNS2=114.114.114.114 #新增
(3)重啟網路,測試外網連通性
[root@localhost ~]# systemctl restart network
[root@localhost ~]# ping -c 3 www.baidu.com
主機配置
(1)修改主機名
#控制節點
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# bash
[root@controller ~]#
#計算節點
[root@localhost ~]# hostnamectl set-hostname compute
[root@localhost ~]# bash
[root@compute ~]#
(2)關閉防火牆
#關防火牆並設定disable開機禁啟動
[root@controller ~]# systemctl disable --now firewalld
(3)關閉selinux安全子系統
#設定selinux並設定disable開機禁啟動
[root@controller ~]# vi /etc/selinux/config
SELINUX=disabled
#可透過getenforce命令檢視selinux狀態
[root@controller ~]# getenforce
Disabled
(4)配置host主機對映
#控制節點
[root@controller ~]# cat >>etc/hosts<<EOF
> 10.10.10.10 controller
> 10.10.10.20 computer
> EOF
#計算節點
[root@compute ~]# cat >>etc/hosts<<EOF
> 10.10.10.10 controller
> 10.10.10.20 compute
> EOF
openstack儲存庫
#安裝openstack-victoria版儲存庫
[root@controller ~]# dnf -y install centos-release-openstack-victoria
#升級節點上所有的安裝包
[root@controller ~]# dnf -y upgrade
#安裝openstack客戶端和openstack-selinux
[root@controller ~]# dnf -y install python3-openstackclient openstack-selinux
五大服務
Chrony時間同步(雙節點)
(1)檢視系統是否安裝chrony
[root@controller ~]# rpm -qa |grep chrony
#沒有的話就安裝
[root@controller ~]# dnf -y install chrony
(2)編輯chrony配置檔案
#控制節點
[root@controller ~]# vim /etc/chrony.conf
server ntp6.aliyun.com iburst #新增與阿里雲時間同步
allow 10.10.10.0/24 #新增
#計算節點
[root@controller ~]# vim /etc/chrony.conf
server controller iburst #新增與控制節點時間同步
(3)重啟時間同步服務,設定開機自啟
[root@controller ~]# systemctl restart chronyd && systemctl enable chronyd
Mariadb資料庫
(1)安裝mariadb資料庫
[root@controller ~]# dnf -y install mariadb mariadb-server python3-PyMySQL
#啟動mariadb資料庫
[root@controller ~]# systemctl start mariadb
(2)建立openstack.cnf檔案,編輯它
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.10.10.10 #繫結IP,如果後面換IP,這行可以刪掉
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
(3)初始化資料庫
[root@controller ~]# mysql_secure_installation
Enter current password for root (enter for none): #輸入當前使用者root密碼,若為空直接回車
OK, successfully used password, moving on...
Set root password? [Y/n] y # 是否設定root密碼
New password: # 輸入新密碼
Re-enter new password: # 再次輸入新密碼
Remove anonymous users? [Y/n] y # 是否刪除匿名使用者
Disallow root login remotely? [Y/n] n # 是否禁用遠端登入
Remove test database and access to it? [Y/n] y # 是否刪除資料庫並訪問它
Reload privilege tables now? [Y/n] y # 是否重新載入許可權表
(4)重啟資料庫服務並設定開機自啟
[root@controller ~]# systemctl restart mariadb && systemctl enable mariadb
RabbitMQ訊息佇列
注意:安裝rabbitmq-server時,可能會報錯,這是安裝源裡面沒有libSDL,下載所需包,再安裝rabbitmq-server就行了
下載命令:wget http://rpmfind.net/linux/centos/8-stream/PowerTools/x86_64/os/Packages/SDL2-2.0.10-2.el8.x86_64.rpm
安裝命令:dnf -y install SDL2-2.0.10-2.el8.x86_64.rpm
(1)安裝rabbitmq軟體包
[root@controller ~]# dnf -y install rabbitmq-server
(2)啟動訊息佇列服務並設定開機自啟動
[root@controller ~]# systemctl start rabbitmq-server && systemctl enable rabbitmq-server
(3) 新增openstack使用者並設定密碼
[root@controller ~]# rabbitmqctl add_user openstack 111111
(4) 配置openstack使用者許可權
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
(5)啟用訊息佇列Web介面管理外掛
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
#這一步啟動後,ss -antlu命令檢視埠會有一個15672的埠開啟,可透過web介面登入RabbitMQ檢視,網站地址:http://10.10.10.10:15672,使用者和密碼預設都是guest
Memcached快取
(1)安裝memcache軟體包
[root@controller ~]# dnf -y install memcached python3-memcached
(2)編輯memcache配置檔案
[root@controller ~]# vim /etc/sysconfig/memcached
..........
OPTIONS="-l 127.0.0.1,::1,controller" #修改這一行
(3)重啟快取服務並設定開機自啟
[root@controller ~]# systemctl start memcached && systemctl enable memcached
Etcd叢集
(1)安裝etcd軟體包
[root@controller ~]# dnf -y install etcd
(2)編輯etcd配置檔案
[root@controller ~]# vim /etc/etcd/etcd.conf
#修改如下
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.10.10.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.10.10.10:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.10.10.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.10.10.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.10.10.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
(3)啟動etcd服務並設定開機自啟動
[root@controller ~]# systemctl start etcd && systemctl enable etcd
七大元件
Keystone認證
(1)資料庫創庫授權
#進入資料庫
[root@controller ~]# mysql -u root -p111111
#建立keystone資料庫
MariaDB [(none)]> CREATE DATABASE keystone;
#授權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '111111';
(2)安裝keystone軟體包
[root@controller ~]# dnf -y install openstack-keystone httpd python3-mod_wsgi
(3)編輯配置檔案
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
#編輯
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:111111@controller/keystone
[token]
provider = fernet
(4)資料庫初始化
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
(5)檢視keystone資料庫表資訊
[root@controller ~]# mysql -uroot -p111111
MariaDB [(none)]> use keystone;
MariaDB [keystone]> show tables;
MariaDB [keystone]> quit
(6)初始化Fernet
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
(7)引導身份認證
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 111111 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
(8)配置Apache HTTP服務
#編輯httpd.conf檔案
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller #新增這一行
<Directory />
AllowOverride none
Require all granted #這一行改成這樣
</Directory>
#建立wsgi-keystone.conf檔案連結
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
(9)重啟httpd服務並設定開機自啟動
[root@controller ~]# systemctl restart httpd && systemctl enable httpd
(10)建立admin環境變數指令碼
[root@controller ~]# vim /admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=111111
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#可透過source /admin-openrc.sh命令來匯入環境變數,或./admin-openrc.sh命令,如果不想每次手動匯入,可以修改.bashrc配置檔案實現開機啟動匯入
[root@controller ~]# vim .bashrc
source /admin-openrc.sh #新增這一行
(11)建立域,專案,使用者和角色
#建立域,已有預設域default,自己可隨便創一個
[root@controller ~]# openstack domain create --description "An Example Domain" example
#建立service專案
[root@controller ~]# openstack project create --domain default --description "Service Project" service
#建立測試專案
[root@controller ~]# openstack project create --domain default --description "Demo Project" myproject
#建立使用者,此命令執行會要求輸入密碼,輸兩次即可
[root@controller ~]# openstack user create --domain default --password-prompt myuser
#建立角色
[root@controller ~]# openstack role create myrole
#新增角色與專案,使用者繫結
[root@controller ~]# openstack role add --project myproject --user myuser myrole
(12)驗證token令牌
[root@controller ~]# openstack token issue
Glance映象
(1) 資料庫創庫授權
#進入資料庫
[root@controller ~]# mysql -u root -p111111
#建立glance資料庫
MariaDB [(none)]> CREATE DATABASE glance;
#授權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '111111';
(2) 安裝glance軟體包
注:安裝報錯,修改CentOS-Stream-PowerTools.repo源為enable=1,重新安裝
[root@controller ~]# dnf install -y openstack-glance
(3) 編輯配置檔案
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
#編輯
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:111111@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 111111
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
(4) 資料庫初始化
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
(5) 檢視glance資料庫表資訊
[root@controller ~]# mysql -uroot -p111111
MariaDB [(none)]> use glance;
MariaDB [keystone]> show tables;
MariaDB [keystone]> quit
(6) 建立glance使用者和服務,關聯admin角色
#建立glance使用者
[root@controller ~]# openstack user create --domain default --password 111111 glance
#關聯admin角色
[root@controller ~]# openstack role add --project service --user glance admin
#建立glance服務
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
(7) 註冊API介面
#public
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
#internal
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
#admin
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
(8) 檢視服務端點
[root@controller ~]# openstack endpoint list
(9) 啟動glance服務並設定開機自啟
[root@controller ~]# systemctl start openstack-glance-api && systemctl enable openstack-glance-api
(10) 測試映象功能
#此次採用的映象為cirros-0.5.1-x86_64-disk.img,建立命令如下
[root@controller ~]# openstack image create "cirros" --file cirros-0.5.1-x86_64-disk.img --disk-format qcow2 --container-format bare --public
#建立成功後可透過openstack命令檢視
[root@controller ~]# openstack image list
#進入glance資料庫檢視,存放在images表中
[root@controller ~]# mysql -uroot -p111111
MariaDB [(none)]> use glance;
MariaDB [glance]> select * from images\G;
#在/var/lib/glance/images/目錄下可以看到映象檔案,如果要刪除此映象需要刪除資料庫資訊,再刪除映象檔案
[root@controller ~]# ls /var/lib/glance/images/
Placement放置
(1) 資料庫創庫授權
#進入資料庫
[root@controller ~]# mysql -u root -p111111
#建立placement資料庫
MariaDB [(none)]> CREATE DATABASE placement;
#授權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '111111';
(2) 安裝placement軟體包
[root@controller ~]# dnf install -y openstack-placement-api
(3) 編輯配置檔案
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/placement/placement.conf /etc/placement/placement.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/placement/placement.conf.bak >/etc/placement/placement.conf
#編輯
[root@controller ~]# vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:111111@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 111111
(4) 資料庫初始化
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement
(5) 檢視placement資料庫表資訊
[root@controller ~]# mysql -uroot -p111111
MariaDB [(none)]> use placement;
MariaDB [keystone]> show tables;
MariaDB [keystone]> quit
(6) 建立placement使用者和服務,關聯admin角色
#建立placement使用者
[root@controller ~]# openstack user create --domain default --password 111111 placement
#關聯admin角色
[root@controller ~]# openstack role add --project service --user placement admin
#建立placement服務
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
(7) 註冊API介面
#public
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
#internal
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
#admin
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
(8) 檢視服務端點
[root@controller ~]# openstack endpoint list
(9) 重啟httpd服務
[root@controller ~]# systemctl restart httpd
檢測placement服務狀態
[root@controller ~]# placement-status upgrade check
Nova計算
1,控制節點(1)
(1) 資料庫創庫授權
#進入資料庫
[root@controller ~]# mysql -u root -p111111
#建立nova_api,nova和nova_cell0資料庫
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
#授權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '111111';
(2) 安裝nova軟體包
[root@controller ~]# dnf install -y openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
(3) 編輯配置檔案
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
#編輯
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:111111@controller:5672/
my_ip = 10.10.10.10 #本機IP,如果將來換IP,這地方一定要改
[api_database]
connection = mysql+pymysql://nova:111111@controller/nova_api
[database]
connection = mysql+pymysql://nova:111111@controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 111111
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 111111
(4) 資料庫初始化
# 同步nova_api資料庫
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
# 同步nova_cell0資料庫
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# 建立cell1
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
# 同步nova資料庫
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
(5) 建立nova使用者和服務,關聯admin角色
#建立nova使用者
[root@controller ~]# openstack user create --domain default --password 111111 nova
#關聯admin角色
[root@controller ~]# openstack role add --project service --user nova admin
#建立nova服務
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
(6) 註冊API介面
#public
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
#internal
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
#admin
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
(7) 檢視服務端點
[root@controller ~]# openstack endpoint list
(8) 驗證nova_cell0和cell1是否新增成功
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
(9) 啟動nova所有服務並設為開機自啟
[root@controller ~]# systemctl enable --now openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
(10) 檢視nova服務是否啟動
[root@controller ~]# nova service-list
#一般只會顯示兩個服務:nova-scheduler和nova-conductor,這是因為上面這條命令是由nova-api接收,而它控制著nova-scheduler和nova-conductor服務,如果nova-api未開啟,那這兩個服務也會down掉,nova-novncproxy服務則是透過檢視埠號的形式,示例如下:
[root@controller ~]# netstat -lntup | grep 6080
tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 1456/python3
[root@controller ~]# ps -ef | grep 1456
nova 1456 1 0 18:29 ? 00:00:05 /usr/bin/python3 /usr/bin/nova-novncproxy --web /usr/share/novnc/
root 27724 26054 0 20:51 pts/0 00:00:00 grep --color=auto 1456
(11) 如何透過web介面檢視
#如果不配置域名解析,就直接用ip
http://10.10.10.10:6080
#如果要配置域名解析,在電腦C:\Windows\System32\drivers\etc目錄下里面的hosts檔案裡新增
10.10.10.10 controller
10.10.10.20 compute
#再訪問
http://controller:6080
2,計算節點
(1) 安裝nova軟體包
[root@compute ~]# dnf install -y openstack-nova-compute
(2) 編輯配置檔案
#複製備份配置檔案並去掉註釋
[root@compute ~]# cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@compute ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
#編輯
[root@compute ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:111111@controller
my_ip = 10.10.10.20 #本機IP,如果將來換IP,這地方一定要改
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 111111
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 111111
(3) 確定計算節點是否支援虛擬機器的硬體加速
#如果此命令返回值是別的數字,計算節點支援硬體加速;如果此命令返回值是0,計算節點不支援硬體加速,需要配置[libvirt]
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
#配置[libvirt]
[root@compute ~]# vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu
(4) 啟動計算節點nova服務並設定開機自啟動
[root@compute ~]# systemctl enable --now libvirtd.service openstack-nova-compute.service
控制節點(2)
(5) 將計算節點新增到單後設資料庫
#確認資料庫中存在計算主機
[root@controller ~]# openstack compute service list --service nova-compute
#控制節點發現計算節點
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
(6) 設定發現間隔
[root@controller ~]# vim /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
Neutron網路
(1) 資料庫創庫授權
#進入資料庫
[root@controller ~]# mysql -u root -p111111
#建立neutron資料庫
MariaDB [(none)] CREATE DATABASE neutron;
#授權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '111111';
(2) 建立neutron使用者和服務,關聯admin角色
#建立neutron使用者
[root@controller ~]# openstack user create --domain default --password 111111 neutron
#關聯admin角色
[root@controller ~]# openstack role add --project service --user neutron admin
#建立neutron服務
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
(3) 註冊API介面
#public
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
#internal
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
#admin
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
(4) 檢視服務端點
[root@controller ~]# openstack endpoint list
控制節點公有網路
(1) 安裝neutron軟體包
[root@controller ~]# dnf -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
(2) 編輯neutron配置檔案
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
#編輯
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:111111@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:111111@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 111111
[nova] #如果配置檔案沒有這個引數,就直接加
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 111111
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
(3) 編輯ml2外掛
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak >/etc/neutron/plugins/ml2/ml2_conf.ini
#編輯
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
(4) 配置Linux網橋代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #這裡選擇提供給例項的net網路卡
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(5) 配置DHCP代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak >/etc/neutron/dhcp_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
(6) 設定網橋過濾器
#修改系統引數配置檔案
[root@controller ~]# echo 'net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
#載入br_netfilter模組
[root@controller ~]# modprobe br_netfilter
#檢查
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1 #出現這個則配置成功
net.bridge.bridge-nf-call-ip6tables = 1 #出現這個則配置成功
(7) 配置後設資料代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak >/etc/neutron/metadata_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
#'METADATA_SECRET'為密碼,可自行定義。但要與後面配置nova中的後設資料引數一致
(8) 配置計算服務以使用網路服務
#在[neutron]部分,配置訪問引數,啟用後設資料代理
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 111111
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET #密碼要一致
(9) 建立網路服務初始化指令碼連結
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
(10) 資料庫初始化
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
(11) 重啟nova的API服務
[root@controller ~]# systemctl restart openstack-nova-api.service
(12) 啟動neutron服務並設定開機自啟
[root@controller ~]# systemctl enable --now neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
計算節點公有網路
(1) 安裝neutron軟體包
[root@compute ~]# dnf install -y openstack-neutron-linuxbridge ebtables ipset
(2) 編輯neutron配置檔案
#複製備份配置檔案並去掉註釋
[root@compute ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
#編輯
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:111111@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 111111
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
(3) 配置Linux網橋代理
#複製備份配置檔案並去掉註釋
[root@compute ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #這裡選擇提供給例項的net網路卡
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(4) 設定網橋過濾器
#修改系統引數配置檔案
[root@compute ~]# echo 'net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
#載入br_netfilter模組
[root@compute ~]# modprobe br_netfilter
#檢查
[root@compute ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1 #出現這個則配置成功
net.bridge.bridge-nf-call-ip6tables = 1 #出現這個則配置成功
(5) 配置計算服務以使用網路服務
#在[neutron]部分,配置訪問引數,啟用後設資料代理
[root@compute ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 111111
(6) 重啟nova的API服務
[root@compute ~]# systemctl restart openstack-nova-api.service
(7) 啟動Linux網橋服務並設定開機自啟
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
公有網路服務是否正常執行
(8) 控制節點檢視網路代理服務列表
#控制節點檢視網路代理服務列表
[root@controller ~]# openstack network agent list
#一般成功後會出現Metadata agent,DHCP agent,兩個Linux bridge agent一共四個代理,一個Linux bridge agent屬於controlller,另一個屬於compute
控制節點私有網路
(1) 安裝neutron軟體包
[root@controller ~]# dnf -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
(2) 編輯neutron配置檔案
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
#編輯
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:111111@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:111111@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 111111
[nova] #如果配置檔案沒有這個引數,就直接加
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 111111
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
(3) 編輯ml2外掛
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak >/etc/neutron/plugins/ml2/ml2_conf.ini
#編輯
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
(4) 配置Linux網橋代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #這裡選擇提供給例項的net網路卡
[vxlan]
enable_vxlan = true
local_ip = 10.10.10.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(5) 設定網橋過濾器
#修改系統引數配置檔案
[root@controller ~]# echo 'net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
#載入br_netfilter模組
[root@controller ~]# modprobe br_netfilter
#檢查
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1 #出現這個則配置成功
net.bridge.bridge-nf-call-ip6tables = 1 #出現這個則配置成功
(6) 配置DHCP代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak >/etc/neutron/dhcp_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
(7) 配置第三層代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
(8) 配置後設資料代理
#複製備份配置檔案並去掉註釋
[root@controller ~]# cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
[root@controller ~]# grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak >/etc/neutron/metadata_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
#'METADATA_SECRET'為密碼,可自行定義。但要與後面配置nova中的後設資料引數一致
(9) 配置計算服務以使用網路服務
#在[neutron]部分,配置訪問引數,啟用後設資料代理
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 111111
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET #密碼要一致
(10) 建立網路服務初始化指令碼連結
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
(11) 資料庫初始化
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
(12) 重啟nova的API服務
[root@controller ~]# systemctl restart openstack-nova-api.service
(13) 啟動neutron服務並設定開機自啟
[root@controller ~]# systemctl enable --now neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service
計算節點私有網路
(1) 安裝neutron軟體包
[root@compute ~]# dnf install -y openstack-neutron-linuxbridge ebtables ipset
(2) 編輯neutron配置檔案
#複製備份配置檔案並去掉註釋
[root@compute ~]# cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
#編輯
[root@compute ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:111111@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 111111
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
(3) 配置Linux網橋代理
#複製備份配置檔案並去掉註釋
[root@compute ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
[root@compute ~]# grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#編輯
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #這裡選擇提供給例項的net網路卡
[vxlan]
enable_vxlan = true
local_ip = 10.10.10.20
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(4) 設定網橋過濾器
#修改系統引數配置檔案
[root@compute ~]# echo 'net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
#載入br_netfilter模組
[root@compute ~]# modprobe br_netfilter
#檢查
[root@compute ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1 #出現這個則配置成功
net.bridge.bridge-nf-call-ip6tables = 1 #出現這個則配置成功
(5) 配置計算服務以使用網路服務
#在[neutron]部分,配置訪問引數,啟用後設資料代理
[root@compute ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 111111
(6) 重啟nova的API服務
[root@compute ~]# systemctl restart openstack-nova-api.service
(7) 啟動Linux網橋服務並設定開機自啟
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
私有網路服務是否正常執行
(8) 控制節點檢視網路代理服務列表
#控制節點檢視網路代理服務列表
[root@controller ~]# openstack network agent list
#一般成功後會出現Metadata agent,DHCP agent,L3 agent,兩個Linux bridge agent一共五個代理,一個Linux bridge agent屬於controlller,另一個屬於compute
Dashboard儀表盤
(1) 安裝dashboard軟體包
[root@controller ~]# dnf install -y openstack-dashboard
(2) 編輯dashboard配置檔案
#此檔案內所有選項與引數用命令模式搜尋,有就修改,沒有就新增
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
#不配域名解析就要把IP寫進去
ALLOWED_HOSTS = ['controller','compute','10.10.10.10','10.10.10.20']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
(3) 配置http服務
[root@controller ~]# vi /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL} #新增這行
#編輯dashboard配置檔案
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
WEBROOT = '/dashboard/' #新增這行
(4) 重啟http和快取服務
[root@controller ~]# systemctl restart httpd.service memcached.service
(5) 登入web介面
#如果不配置域名解析,就直接用ip
http://10.10.10.10/dashboard
#如果要配置域名解析,在電腦C:\Windows\System32\drivers\etc目錄下里面的hosts檔案裡新增
10.10.10.10 controller
10.10.10.20 compute
#再訪問
http://controller/dashboard
Cinder儲存
控制節點
(1) 資料庫創庫授權
#進入資料庫
[root@controller ~]# mysql -u root -p111111
#建立cinder資料庫
MariaDB [(none)] CREATE DATABASE cinder;
#授權
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '111111';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '111111';
(2) 編輯配置檔案
#複製一份去掉註釋
[root@controller ~]# cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
[root@controller ~]# grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
#編輯
[root@controller ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:111111@controller
auth_strategy = keystone
my_ip = 10.10.10.10
[database]
connection = mysql+pymysql://cinder:111111@controller/cinder
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = 111111
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
(3) 資料庫初始化
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
(4) 檢視cinder資料庫表資訊
[root@controller ~]# mysql -uroot -p111111
MariaDB [(none)]> use cinder;
MariaDB [cinder]> show tables;
MariaDB [cinder]> quit
(5) 建立cinder使用者和服務,關聯admin角色
#建立cinder使用者
[root@controller ~]# openstack user create --domain default --password 111111 placement
#關聯admin角色
[root@controller ~]# openstack role add --project service --user cinder admin
#建立cinderv2,cinderv3服務
[root@controller ~]# openstack service create --name cinderv2 \> --description "OpenStack Block Storage" volumev2
[root@controller ~]# openstack service create --name cinderv3 \> --description "OpenStack Block Storage" volumev3
(6) 註冊API介面
cinderv2的服務端點
#public
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 public http://controller:8776/v2/%\(project_id\)s
#internal
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 internal http://controller:8776/v2/%\(project_id\)s
#admin
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 admin http://controller:8776/v2/%\(project_id\)s
cinderv3的服務端點
#public
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 public http://controller:8776/v3/%\(project_id\)s
#internal
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 internal http://controller:8776/v3/%\(project_id\)s
#admin
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 admin http://controller:8776/v3/%\(project_id\)s
(7) 檢視服務端點
[root@controller ~]# openstack endpoint list
(8) 配置計算服務使用塊儲存
#編輯nova配置檔案
[root@controller cinder]# vi /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
#重啟nova
[root@controller ~]# systemctl restart openstack-nova-api.service
(9) 啟動cinder服務並設定開機自啟
[root@controller ~]# systemctl enable --now openstack-cinder-api.service openstack-cinder-scheduler.service
計算節點(關閉虛擬機器新增一塊50G硬碟)
(1) 檢視磁碟
[root@compute ~]# fdisk --list
(2) 安裝 LVM 包
[root@compute ~]# dnf -y install lvm2 device-mapper-persistent-data
(3) 建立 LVM 物理卷/dev/sdb
[root@compute ~]# pvcreate /dev/sdb
(4) 建立 LVM 卷組cinder-volumes
[root@compute ~]# vgcreate cinder-volumes /dev/sdb
(5) 修改LVM配置
#複製一份去掉註釋
[root@compute ~]# cp /etc/lvm/lvm.conf /etc/lvm/lvm.conf.bak
[root@compute ~]# grep -Ev '^$|#' /etc/lvm/lvm.conf.bak > /etc/lvm/lvm.conf
#編輯
[root@compute ~]# vi /etc/lvm/lvm.conf
devices {
filter = [ "a/sda/",a/sdb/", "r/.*/"]
}
(6) 安裝cinder相關軟體包
[root@compute ~]# dnf install -y openstack-cinder targetcli python3-keystone
(7) 編輯cinder配置檔案
#複製一份去掉註釋
[root@compute ~]# cp /etc/cinder/cinder.conf /etc/cinder/cinder.conf.bak
[root@compute ~]# grep -Ev '^$|#' /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
#編輯
[root@compute ~]# vim /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:111111@controller
auth_strategy = keystone
my_ip = 10.10.10.20
enabled_backends = lvm
glance_api_servers = http://controller:9292
[database]
connection = mysql+pymysql://cinder:111111@controller/cinder
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = 111111
[lvm] #沒有就新增
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes #要與建立的卷組名對應
target_protocol = iscsi
target_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
(8) 啟動cinder服務並設定開機自啟
[root@compute ~]# systemctl enable --now openstack-cinder-volume.service target.service
(9) 返回控制節點,檢視服務列表
[root@controller ~]# openstack volume service list
#顯示這樣就行
+------------------+-------------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+-------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up | 2023-05-11T08:12:03.000000 |
| cinder-volume | compute@lvm | nova | enabled | up | 2023-05-11T08:12:02.000000 |
+------------------+-------------+------+---------+-------+----------------------------+
至此,openstack雲平臺搭建V版已全部完成