【OpenStack-Dashboard组件部署】
因为在CT控制节点已安装httpd服务,而Dashboard控制台也需要httpd支持,所以此处可以在C1节点进行安装httpd
[root@c1 ~]# yum -y install openstack-dashboard httpd
● 修改local_setting本地控制台的配置文件
[root@c1 ~]# cd /etc/openstack-dashboard/
[root@c1 openstack-dashboard]# ls
cinder_policy.json keystone_policy.json neutron_policy.json nova_policy.json
glance_policy.json local_settings nova_policy.d
[root@c1 openstack-dashboard]# vim local_settings
#修改的内容如下:
#修改local_setting本地控制台的配置文件
import os #使用Python导入一个模块
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False #不开启调式
ALLOWED_HOSTS = ['*'] #只允许通过列表中指定的域名访问dashboard;允许通过指定的IP地址及域名访问dahsboard;['*']表示允许所有域名
LOCAL_PATH = '/tmp'
SECRET_KEY='11766a5224aa84e734c7'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' #指定session引擎
CACHES = { #95-100行取消"#"注释
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'ct:11211', #指定memcache地址及端口
}
}
#以下配置session信息存放到memcache中;session信息不仅可以存放到memcache中,也可以存放到其他地方
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' #108行修改
OPENSTACK_HOST = "ct" #118-127行修改
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True #让dashboard支持域
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
#配置openstack的API版本
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = { #132行到152行修改
'enable_auto_allocated_network': False,
'enable_distributed_router': False,
'enable_fip_topology_check': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_ipv6': True,
'enable_quotas': True,
'enable_rbac_policy': True,
'enable_router': True,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
#定义使用的网络类型,[*]表示
TIME_ZONE = "Asia/Shanghai" #156行修改
● 重启服务
重新生成openstack-dashboard.conf并重启Apache服务
(由于dashborad会重新复制代码文件,重启apache会比较慢)
[root@c1 ~]# cd /usr/share/openstack-dashboard
[root@c1 openstack-dashboard]# python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
[root@c1 ~]# systemctl enable httpd.service
[root@c1 ~]# systemctl restart httpd.service
● 重启 ct 节点的 memcache 服务
[root@ct ~]# systemctl restart memcached.service
● 验证操作
打开浏览器,在地址栏中输入“http://192.168.200.151”,进入Dashboard登录页面。
在登录页面依次填写:“域:default、用户名:admin、密码:ADMIN_PASS”(在~.bashrc中已定义)
完成后,进行登陆
【OpenStack-cinder 组件部署】
一、创建数据库实例和角色
[root@controller ~]# mysql -uroot -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
二、创建用户、修改配置文件
① 创建cinder用户,密码设置为CINDER_PASS
[root@ct ~]# openstack user create --domain default --password CINDER_PASS cinder
② 把cinder用户添加到service服务中,并授予admin权限
[root@ct ~]# openstack role add --project service --user cinder admin
③ cinder有v2和v3两个并存版本的API,所以需要创建两个版本的service实例
[root@ct ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
[root@ct ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
● 给v2和v3版本的api创建endpoint
openstack endpoint create --region RegionOne volumev2 public http://ct:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://ct:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://ct:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 public http://ct:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://ct:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://ct:8776/v3/%\(project_id\)s
● yum 安装cinder 服务
[root@ct ~]# yum -y install openstack-cinder
● 修改cinder 配置文件(ct节点)
#修改配置文件
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev '#|^$' /etc/cinder/cinder.conf.bak>/etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.11 #修改为 ct_IP地址
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
#查看配置文件
[root@ct ~]# cat /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@ct #配置rabbitmq连接
auth_strategy = keystone #认证方式
my_ip = 192.168.100.11 #内网IP
[backend]
[backend_defaults]
[barbican]
[brcd_fabric_example]
[cisco_fabric_example]
[coordination]
[cors]
[database] #对接数据库
connection = mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder
[fc-zone-manager]
[healthcheck]
[key_manager]
[keystone_authtoken] #配置keystone认证信息
www_authenticate_uri = http://ct:5000 #keystone地址
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder #指定通过cinder账号到keystone做认证(用户名、密码)
password = CINDER_PASS
[nova]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp #配置锁路径
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[privsep]
[profiler]
[sample_castellan_source]
[sample_remote_file_source]
[service_user]
[ssl]
[vault]
● 同步cinder数据库(填充块存储数据库)
su -s /bin/sh -c "cinder-manage db sync" cinder
● 修改 Nova 配置文件,并重启服务。
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
systemctl restart openstack-nova-api.service
● 配置Cinder服务
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
● 配置控制节点验证
cinder service-list
● 在计算节点c2配置Cinder(存储节点)
yum -y install openstack-cinder targetcli python-keystone
yum -y install lvm2 device-mapper-persistent-data
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
● 创建lvm物理卷和卷组
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
● 修改lvm配置文件(指定使用sdb磁盘)
● 141行,取消注释,修改filter规则,如下:
[root@c2 ~]# cd /etc/lvm/
[root@c2 lvm]# vim lvm.conf
filter = [ "a/sdc/","r/.*/" ]
# a表示允许,r表示拒绝
# 只允许lvm服务访问sdc中的数据,不允许lvm服务访问其他磁盘,这也间接实现了openstack创建的虚拟机只能访问sdb中的数据,不能访问其他磁盘
# 设置只允许实例访问sdc逻辑卷中的数据;如果不配置的话,本机的其他服务也有可能会访问sdc逻辑卷中的数据
● 重启lvm服务
systemctl restart lvm2-lvmetad.service
● 配置cinder模块
【修改cinder.conf配置】
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev '#|^$' /etc/cinder/cinder.conf.bak>/etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@ct
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 192.168.100.13 #c2地内网IP
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://ct:9292
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://ct:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://ct:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers ct:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm target_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm target_helper lioadm
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
【修改如下】
[root@c2 ~]# cat /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@ct
auth_strategy = keystone
my_ip = 192.168.100.13
enabled_backends = lvm
glance_api_servers = http://ct:9292
[backend]
[backend_defaults]
[barbican]
[brcd_fabric_example]
[cisco_fabric_example]
[coordination]
[cors]
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@ct/cinder
[fc-zone-manager]
[healthcheck]
[key_manager]
[keystone_authtoken]
www_authenticate_uri = http://ct:5000
auth_url = http://ct:5000
memcached_servers = ct:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[nova]
[oslo_concurrency] #配置锁路径
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[privsep]
[profiler]
[sample_castellan_source]
[sample_remote_file_source]
[service_user]
[ssl]
[vault]
[lvm] #为LVM后端配置LVM驱动程序
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver #指定LVM驱动程序;即通过指定的驱动创建LVM
volume_group = cinder-volumes #指定卷组(vg)
target_protocol = iscsi #pv使用的是iscsi协议,可以提供块存储服务
target_helper = lioadm #iscsi管理工具
#volume_backend_name=Openstack-lvm #选择:当后端有多个不同类型的存储时,可以在openstack中调用指定的存储;
给当前存储指定个名称,用于后期区分多个不同的存储
● 开启cinder卷服务
[root@c2 ~]# systemctl enable openstack-cinder-volume.service target.service
[root@c2 ~]# systemctl start openstack-cinder-volume.service target.service
● 查看卷列表(注意在ct节点上查看)
[root@ct ~]# openstack volume service list
+------------------+--------+------+---------+-------+----------------------------+
| Binary | Host | Zone | Status | State | Updated At |
+------------------+--------+------+---------+-------+----------------------------+
| cinder-scheduler | ct | nova | enabled | up | 2021-03-22T07:00:13.000000 |
| cinder-volume | c2@lvm | nova | enabled | up | 2021-03-22T07:00:00.000000 |
+------------------+--------+------+---------+-------+----------------------------+
小结:
Cinder配置思路:
创建管理、对接的用户、密码、服务和endpoint
修改配置文件:
主要内容为 向keystone对接认证授权、组件之间通讯模块、配置所在的域等
配置计算节点中虚拟机所用的卷