一、环境配置
安装好Ubuntu系统后进入终端,可以su进入超级用户,也可以不用,用apt下载一些需要的组件,
apt install vim
#下载vim编辑器,比vi好用
apt install net-tools
#下载网络工具,例如ifconfig等命令就是这个包里的
apt install ifupdown
#下载这个包是需要用到ifup和ifdown命令开启或禁用网卡(重启网络作用)1、开始配置网络
vim /etc/network/interfaces新版本的Ubuntu可能打开该文件是一个新文件,没有关系,进去写就对了
# 回环网络接口
auto lo
iface lo inet loopback
# 网络接口的名称
auto ens33
# 将dhcp修改为static
iface ens33 inet static
# 静态IP地址,除默认网关以外的有效IP地址 注意,此为虚拟机IP 需要根据自己的虚拟机修改文章中的IP 地址 192.168.10需要替换
address 192.168.10.100
# 子网掩码
netmask 255.255.255.0
# 广播地址 注意192.168.10的替换
broadcast 192.168.10.255
# 网关 注意192.168.10的替换
gateway 192.168.10.2
# DNS 不要修改
dns-nameservers 8.8.8.8
dns-nameservers 223.5.5.5192.168.10.100这些IP地址是我的,你们看着vm网络编辑器上的实际网段自行更改。更改完后:wq退出文档编辑状态,重置网口
# 禁用网络接口
$ ifdown ens33
# 启用网络接口
$ ifup ens33
# 查看网络接口的信息
$ ifconfig ens33
#如果找不到ens33
ifconfig ens33 up2、主机名修改
vim /etc/hostname打开文件后应该看见里面第一行写着Ubuntu(你自己之前设置的主机名),把这行删了,写上controller
3、配置主机名解析
vim /etc/hosts进入文件后第一行127.0.0.1这行不管,是回环网络的解析,其他行全屏蔽掉,然后输入自己的,有多少个节点就输入多少行,格式参照第一行,先是IP地址,然后是主机名
4、安装和配置组件
1、安装软件包:
apt install chrony2、编辑文件并添加、更改或删除以下项 根据您的环境需要。
vim /etc/chrony/chrony.conf在第一行输入
server NTP_SERVER iburst
#NTP_SERVER替换为主机名或 IP 地址 
3、重新启动 NTP 服务:
service chrony restart4、安装适用于 Ubuntu 的 OpenStack 软件包
我选择的是Ubuntu22.04,也就是open stack-zed版本
存档支持
add-apt-repository cloud-archive:zed示例安装
apt install nova-compute客户端安装
apt install python3-openstackclient5、适用于 Ubuntu 的 SQL 数据库
1、安装软件包:
apt install mariadb-server python3-pymysql2、创建和编辑文件
vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
[mysqld]
bind-address = 192.168.10.131#此处改为你的IP地址
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8重新启动数据库服务:
service mysql restart3、设置密码
(以后还需要设置很多密码,建议全部设置为一样的)
#通过运行脚本来保护数据库服务。具体而言,为数据库帐户选择合适的密码:
mysql_secure_installation6、消息队列
1、安装软件包:
apt install rabbitmq-server2、添加用户:openstack
rabbitmqctl add_user openstack 1234 #1234改为你的密码
3、允许用户进行配置、写入和读取访问:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"7、Memcached 缓存令牌
apt install memcached python3-memcache编辑文件并配置 service 使用控制器节点的管理 IP 地址
vim /etc/memcached.conf
找到这一行,将-l 127.0.0.1改为controller节点的IP地址
重启系统
service memcached restart8、Etcd安装
apt install etcd编辑文件并将 、 、 设置为 控制器节点,允许其他节点通过管理进行访问 网络:
vim /etc/default/etcdETCD_INITIAL_CLUSTERETCD_INITIAL_ADVERTISE_PEER_URLSETCD_ADVERTISE_CLIENT_URLSETCD_LISTEN_CLIENT_URLSETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://192.168.10.131:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.10.131:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.10.131:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.10.131:2379"
启用并重新启动 etcd 服务:
systemctl enable etcd
systemctl restart etcd#、如果下载速度慢或者是下载失败
类似于下图的样子
#添加软件源,备份初始源
cp /etc/apt/sources.list /etc/apt/sources.list.bk
#把原来的文件删除:
rm /etc/apt/sources.list
#添加新的源
vim /etc/apt/sources.list
#把下面内容复制进去
#阿里源
#复制代码
deb http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-security main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-updates main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-proposed main restricted universe multiverse
deb http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
deb-src http://mirrors.aliyun.com/ubuntu/ jammy-backports main restricted universe multiverse
#清华源
# 默认注释了源码镜像以提高 apt update 速度,如有需要可自行取消注释
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-updates main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-backports main restricted universe multiverse
deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-security main restricted universe multiverse
# 预发布软件源,不建议启用
# deb https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
# deb-src https://mirrors.tuna.tsinghua.edu.cn/ubuntu/ jammy-proposed main restricted universe multiverse
二、keystone
1、keystone安装
1、创建数据库
mysql#使用数据库访问客户端连接到数据库 服务器作为用户:root
#创建数据库:keystone
MariaDB [(none)]> CREATE DATABASE keystone;
#授予对数据库的适当访问权限:keystone
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY '1234';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY '1234';
2、安装软件包
apt install keystone3、配置文件
vim /etc/keystone/keystone.conf[database]
# ...
connection = mysql+pymysql://keystone:1234@controller/keystone
[token]
# ...
provider = fernet
#配置 Fernet 令牌提供程序:[token]4、填充 Identity Service 数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone5、初始化 Fernet 密钥存储库:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystonekeystone-manage bootstrap --bootstrap-password 1234 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne2、配置 Apache HTTP 服务器
1、配置引用控制器节点的选项
vim /etc/apache2/apache2.confServerNameServerName controller
#如果该条目尚不存在,则需要添加该条目。SSL证书
安全部署应将 Web 服务器配置为使用 SSL 或运行 在 SSL 终止符后面。
2、重新启动 Apache 服务:
service apache2 restart3、过设置适当的环境变量来配置管理帐户
创建文件adminopenrc输入一下内容
$ export OS_USERNAME=admin
$ export OS_PASSWORD=1234 #替换为 keystone-install-configure-ubuntu 中命令中使用的密码
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://controller:5000/v3
$ export OS_IDENTITY_API_VERSION=33、创建域、项目、用户和角色
身份服务为每个 OpenStack 提供身份验证服务 服务。身份验证服务使用域的组合, 项目、用户和角色。
1、创建新域
openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+2、每个唯一的用户 添加到环境中的服务。创建项目:service
$ openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+3、创建项目和用户(非管理员)
$ openstack project create --domain default \
--description "Demo Project" myproject
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+创建用户:myuser
$ openstack user create --domain default \
--password-prompt myuser
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+创建角色:myrole
$ openstack role create myrole
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | myrole |
+-----------+----------------------------------+将角色添加到项目和用户
openstack role add --project myproject --user myuser myrole # 此命令不提供任何输出。4、验证操作
1、取消设置临时变量和环境变量
unset OS_AUTH_URL OS_PASSWORD2、以用户身份请求身份验证令牌,admin
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+3、作为在上一个中创建的用户,请求身份验证令牌:myuser
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
Password:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
三、Glance
1、数据库
在安装和配置影像服务之前,必须 创建数据库、服务凭证和 API 端点。
mysql创建数据库:glance
MariaDB [(none)]> CREATE DATABASE glance;授予对数据库的适当访问权限:glance
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '1234';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '1234';
#1234为替换为您自定义的密码退出数据库
获取要访问的凭据 仅限管理员的 CLI 命令:admin
. admin-openrc2、创建服务凭据
创建用户:glance
openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+将角色添加到用户和项目:Add the role to the user and project:adminglanceservice
openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
3、创建影像服务 API 端点:
$ openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340be3625e9b4239a6415d034e98aace |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c37ed58103f4300a84ff125a539032d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+4、安装和配置组件
1、安装软件包:
apt install glance2、编辑文件配置
vim /etc/glance/glance-api.conf[database]
# ...
connection = mysql+pymysql://glance:1234@controller/glance
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 1234
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[oslo_limit]
auth_url = http://controller:5000
auth_type = password
user_domain_id = default
username = MY_SERVICE
system_scope = all
password = MY_PASSWORD
endpoint_id = ENDPOINT_ID
region_name = RegionOne3、填充glance服务数据库:
su -s /bin/sh -c "glance-manage db_sync" glance重新启动影像服务:
service glance-api restart四、Placement
1、创建数据库
mysql
#创建数据库:placement
MariaDB [(none)]> CREATE DATABASE placement;
#授予对数据库的适当访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY '1234';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY '1234';#1234替换为合适的密码
exit #退出数据库2、配置用户
获取凭据以访问仅限管理员的 CLI 命令
. admin-openrc使用您选择的 Placement 服务用户创建
openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fa742015a6494a949f67629884fc7ec8 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+将 Placement 用户添加到具有管理员角色的服务项目:
openstack role add --project service --user placement admin在服务目录中创建 Placement API 条目:
openstack service create --name placement \
--description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 2d1a27022e6e4185b86adac4444c495f |
| name | placement |
| type | placement |
+-------------+----------------------------------+创建放置 API 服务端点:
openstack endpoint create --region RegionOne \
placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2b1b2637908b4137a9c2e0470487cbc0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 02bcda9a150a4bd7993ff4879df971ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
$ openstack endpoint create --region RegionOne \
placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d71177b9e0f406f98cbff198d74b182 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+3、安装和配置组件
安装软件包:
apt install placement-api编辑文件并完成以下操作
vim /etc/placement/placement.conf#在该部分中,配置数据库访问:
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
#在和部分中,配置 Identity 服务接入
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
