OpenStack-Dashboard 与 OpenStack-cinder 组件部署步骤

【OpenStack-Dashboard组件部署】

因为在CT控制节点已安装httpd服务，而Dashboard控制台也需要httpd支持，所以此处可以在C1节点进行安装httpd

[root@c1 ~]# yum -y install openstack-dashboard httpd

● 修改local_setting本地控制台的配置文件

[root@c1 ~]# cd /etc/openstack-dashboard/
[root@c1 openstack-dashboard]# ls
cinder_policy.json  keystone_policy.json  neutron_policy.json  nova_policy.json
glance_policy.json  local_settings        nova_policy.d

[root@c1 openstack-dashboard]# vim local_settings 
#修改的内容如下：
#修改local_setting本地控制台的配置文件
import os								#使用Python导入一个模块
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False							#不开启调式	
ALLOWED_HOSTS = ['*']					#只允许通过列表中指定的域名访问dashboard；允许通过指定的IP地址及域名访问dahsboard；['*']表示允许所有域名
LOCAL_PATH = '/tmp'
SECRET_KEY='11766a5224aa84e734c7'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'		#指定session引擎
CACHES = {							#95-100行取消"#"注释
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'ct:11211',	#指定memcache地址及端口
    }
}
#以下配置session信息存放到memcache中；session信息不仅可以存放到memcache中，也可以存放到其他地方
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'		#108行修改
OPENSTACK_HOST = "ct"						#118-127行修改
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST	
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True			#让dashboard支持域
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
#配置openstack的API版本
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"


OPENSTACK_NEUTRON_NETWORK = {					#132行到152行修改
    'enable_auto_allocated_network': False,
    'enable_distributed_router': False,
    'enable_fip_topology_check': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_ipv6': True,
    'enable_quotas': True,
    'enable_rbac_policy': True,
    'enable_router': True,
    'default_dns_nameservers': [],
    'supported_provider_types': ['*'],
    'segmentation_id_range': {},
    'extra_provider_types': {},
    'supported_vnic_types': ['*'],
    'physical_networks': [],
}
#定义使用的网络类型，[*]表示

TIME_ZONE = "Asia/Shanghai"					#156行修改

● 重启服务

重新生成openstack-dashboard.conf并重启Apache服务
（由于dashborad会重新复制代码文件，重启apache会比较慢）

[root@c1 ~]# cd /usr/share/openstack-dashboard
[root@c1 openstack-dashboard]# python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
[root@c1 ~]# systemctl enable httpd.service
[root@c1 ~]# systemctl restart httpd.service

● 重启 ct 节点的 memcache 服务

[root@ct ~]# systemctl restart memcached.service

● 验证操作

打开浏览器，在地址栏中输入“http://192.168.200.151”，进入Dashboard登录页面。
在登录页面依次填写：“域：default、用户名：admin、密码:ADMIN_PASS”（在~.bashrc中已定义）
完成后，进行登陆

【OpenStack-cinder 组件部署】

一、创建数据库实例和角色

[root@controller ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit

二、创建用户、修改配置文件

① 创建cinder用户,密码设置为CINDER_PASS

[root@ct ~]# openstack user create --domain default --password CINDER_PASS cinder

② 把cinder用户添加到service服务中，并授予admin权限

[root@ct ~]# openstack role add --project service --user cinder admin

③ cinder有v2和v3两个并存版本的API，所以需要创建两个版本的service实例

[root@ct ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
[root@ct ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3	

● 给v2和v3版本的api创建endpoint

 openstack endpoint create --region RegionOne volumev2 public http://ct:8776/v2/%\(project_id\)s
 openstack endpoint create --region RegionOne volumev2 internal http://ct:8776/v2/%\(project_id\)s
 openstack endpoint create --region RegionOne volumev2 admin http://ct:8776/v2/%\(project_id\)s
 openstack endpoint create --region RegionOne volumev3 public http://ct:8776/v3/%\(project_id\)s
 openstack endpoint create --region RegionOne volumev3 internal http://ct:8776/v3/%\(project_id\)s
 openstack endpoint create --region RegionOne volumev3 admin http://ct:8776/v3/%\(project_id\)s

● yum 安装cinder 服务

[root@ct ~]# yum -y install openstack-cinder

● 修改cinder 配置文件(ct节点)

#修改配置文件
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev '#|^$' /etc/cinder/cinder.conf.bak>/etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.11 			#修改为 ct_IP地址
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp


#查看配置文件
[root@ct ~]# cat /etc/cinder/cinder.conf

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@ct			#配置rabbitmq连接
auth_strategy = keystone						#认证方式
my_ip = 192.168.100.11						#内网IP

[backend]
[backend_defaults]
[barbican]
[brcd_fabric_example]
[cisco_fabric_example]
[coordination]
[cors]

[database]							#对接数据库
connection = mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder

[fc-zone-manager]
[healthcheck]
[key_manager]

[keystone_authtoken]						#配置keystone认证信息
www_authenticate_uri = http://ct:5000					#keystone地址
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder							#指定通过cinder账号到keystone做认证（用户名、密码）
password = CINDER_PASS

[nova]

[oslo_concurrency]
lock_path = /var/lib/cinder/tmp					#配置锁路径

[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[privsep]
[profiler]
[sample_castellan_source]
[sample_remote_file_source]
[service_user]
[ssl]
[vault]

● 同步cinder数据库(填充块存储数据库)

  su -s /bin/sh -c "cinder-manage db sync" cinder

● 修改 Nova 配置文件，并重启服务。

openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne

systemctl restart openstack-nova-api.service

● 配置Cinder服务

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

● 配置控制节点验证

cinder service-list

● 在计算节点c2配置Cinder（存储节点）

yum -y install openstack-cinder targetcli python-keystone
yum -y install lvm2 device-mapper-persistent-data

systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service

● 创建lvm物理卷和卷组

pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb

● 修改lvm配置文件(指定使用sdb磁盘）

● 141行，取消注释，修改filter规则，如下：

[root@c2 ~]# cd /etc/lvm/
[root@c2 lvm]# vim lvm.conf 
filter = [ "a/sdc/","r/.*/" ]
# a表示允许，r表示拒绝 
# 只允许lvm服务访问sdc中的数据，不允许lvm服务访问其他磁盘，这也间接实现了openstack创建的虚拟机只能访问sdb中的数据，不能访问其他磁盘 
# 设置只允许实例访问sdc逻辑卷中的数据；如果不配置的话，本机的其他服务也有可能会访问sdc逻辑卷中的数据

● 重启lvm服务

systemctl restart lvm2-lvmetad.service

● 配置cinder模块

【修改cinder.conf配置】
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev '#|^$' /etc/cinder/cinder.conf.bak>/etc/cinder/cinder.conf

openstack-config --set /etc/cinder/cinder.conf  database  connection mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder
openstack-config --set /etc/cinder/cinder.conf  DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
openstack-config --set /etc/cinder/cinder.conf  DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf  DEFAULT my_ip 192.168.100.13   #c2地内网IP
openstack-config --set /etc/cinder/cinder.conf  DEFAULT enabled_backends lvm
openstack-config --set /etc/cinder/cinder.conf  DEFAULT glance_api_servers http://ct:9292
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf  keystone_authtoken password CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf  lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf  lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf  lvm target_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf  lvm target_helper lioadm
openstack-config --set /etc/cinder/cinder.conf  oslo_concurrency lock_path /var/lib/cinder/tmp


【修改如下】
[root@c2 ~]# cat /etc/cinder/cinder.conf

[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@ct
auth_strategy = keystone
my_ip = 192.168.100.13
enabled_backends = lvm
glance_api_servers = http://ct:9292

[backend]
[backend_defaults]
[barbican]
[brcd_fabric_example]
[cisco_fabric_example]
[coordination]
[cors]

[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder

[fc-zone-manager]
[healthcheck]
[key_manager]

[keystone_authtoken]
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS

[nova]

[oslo_concurrency]						#配置锁路径
lock_path = /var/lib/cinder/tmp

[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[privsep]
[profiler]
[sample_castellan_source]
[sample_remote_file_source]
[service_user]
[ssl]
[vault]

[lvm]							 #为LVM后端配置LVM驱动程序
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver	#指定LVM驱动程序；即通过指定的驱动创建LVM
volume_group = cinder-volumes				#指定卷组(vg)
target_protocol = iscsi					#pv使用的是iscsi协议，可以提供块存储服务
target_helper = lioadm					#iscsi管理工具

#volume_backend_name=Openstack-lvm   			#选择：当后端有多个不同类型的存储时，可以在openstack中调用指定的存储；
给当前存储指定个名称，用于后期区分多个不同的存储

● 开启cinder卷服务

[root@c2 ~]# systemctl enable openstack-cinder-volume.service target.service
[root@c2 ~]# systemctl start openstack-cinder-volume.service target.service

● 查看卷列表（注意在ct节点上查看）

[root@ct ~]#  openstack volume service list
+------------------+--------+------+---------+-------+----------------------------+
| Binary           | Host   | Zone | Status  | State | Updated At                 |
+------------------+--------+------+---------+-------+----------------------------+
| cinder-scheduler | ct     | nova | enabled | up    | 2021-03-22T07:00:13.000000 |
| cinder-volume    | c2@lvm | nova | enabled | up    | 2021-03-22T07:00:00.000000 |
+------------------+--------+------+---------+-------+----------------------------+

小结：

Cinder配置思路：
创建管理、对接的用户、密码、服务和endpoint
修改配置文件：
主要内容为 向keystone对接认证授权、组件之间通讯模块、配置所在的域等
配置计算节点中虚拟机所用的卷