文章目录
前言:
OpenStack-Rocky多节点一键安装部署
首先给大家演示如何自动化快速搭建一套openstack云平台,然后开始对openstack每一个组件进行详细的讲解,
后面开始讲解一个完整的云主机创建流程包括网络配置、镜像上传、实例类型创建、安全组创建、
云主机动态调整、云主机动态迁移。
实验 | 生产环境 |
---|---|
控制节点1个 | 控制节点2个以上 |
计算节点2个 | 计算节点大于1个 |
网络节点0个 | 网络节点大于1个 |
多节点openstack的关机顺序:计算-网络-控制
多节点openstack的关机顺序:控制-网络-计算
安装时要注意的点:
1.采用无线网可能会丢包
2.晚上过12点做这个实验的时候,运营商会优化网络,把网络关掉,可能会影响我们的网络,影响安装
一:实验环境:
1.控制节点 (ct)
CPU:双核双线程-CPU虚拟化开启
内存:6G 硬盘:300G+1024G(充当CEPH块存储)
网卡:vm1-192.168.254.10 nat-192.168.247.200
操作系统:Centos 7.5 (1804)-最小化安装
2.计算节点1 (comp1)
CPU:双核双线程-CPU虚拟化开启
内存:8G 硬盘:300G+1024G(充当CEPH块存储)
网卡:vm1-192.168.254.11
操作系统:Centos 7.5 (1804)-最小化安装
3.计算节点2 (comp2)
CPU:双核双线程-CPU虚拟化开启
内存:8G 硬盘:300G+1024G(充当CEPH块存储)
网卡:vm1-192.168.254.12
操作系统:Centos 7.5 (1804)-最小化安装
4.YUM本地源 (openstack+centos7)
(为了节省资源,yum源设置在各个节点的本地,不再单独配置一台服务器)
CPU:双核双线程-CPU虚拟化开启
内存:4G 硬盘:300G
网卡:vm1-192.168.25415 nat-192.168.247.201
操作系统:Centos 7.5 (1804)-最小化安装
- 上述配置描述
【控制节点】
最小内存6G,低于6G否则会出问题
1024G(充当ceph块存储)
【计算节点、网络】
最小内存6G,低于6G否则会出问题
1024G(充当ceph块存储)
有2个网卡:1.VM1(内部网卡) 2.NAT(可以上网)
会做热迁移演示
二:实验思路:
1.系统安装
2.系统环境配置
配置IP地址、主机名、hosts
配置本地yum仓库
关闭防火墙
关闭核心防护
关闭网络管理
配置免交互
配置时间同步
- 环境配置完毕后要记得快照
3.部署openstack
部署openstack安装工具
配置应答文件
一键部署
登陆后台测试
- openstack部署完毕记得快照
三:实验操作:
3.1 系统安装
3.1.1 ct控制节点,最小化安装
上移到install centos 7,然后按tab键,在quiet后面空格,输入net,ifname=0 biosdevname=0
代表把ens 变成eth模式
备注:每个节点安装系统前都要这么操作
3.1.2 comp计算节点
3.2 系统环境配置
3.2.1 网卡IP地址配置,修改主机名
ct网卡配置
[root@localhost ~]# hostnamectl set-hostname ct
[root@localhost ~]# su
[root@ct ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ae:bd:a7 brd ff:ff:ff:ff:ff:ff
inet 192.168.254.10/24 brd 192.168.254.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::20c:29ff:feae:bda7/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:ae:bd:b1 brd ff:ff:ff:ff:ff:ff
inet 192.168.247.200 brd 192.168.247.255 scope global noprefixroute eth1
valid_lft forever preferred_lft forever
inet6 fe80::1d4a:f010:a85e:2bcf/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@ct ~]#
[root@ct ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=3522bf09-0bdb-4258-9e1e-a6041186a28b
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.254.10
NETMASK=255.255.255.0
#vm1的网关先不配置,等openstack部署完毕在把网关开启
[root@ct ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth1
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth1
UUID=f1233b1c-bfa8-468e-9378-52b188ac9fa8
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.247.200
NETMASK=255.255.255.0
GATEWAY=192.168.247.2
DNS1=8.8.8.8
DNS2=114.114.114.114
comp1网卡配置
[root@localhost ~]# hostnamectl set-hostname comp1
[root@localhost ~]# su
[root@comp1 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:5c:58:b8 brd ff:ff:ff:ff:ff:ff
inet 192.168.254.11/24 brd 192.168.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::618b:3730:4569:2bc5/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@comp1 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=ed1250c0-0890-487d-8610-bcd4dd7b53ee
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.254.11
NETMASK=255.255.255.0
comp2网卡配置
[root@localhost ~]# hostnamectl set-hostname comp2
[root@localhost ~]# su
[root@comp2 ~]# ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:de:8a:a0 brd ff:ff:ff:ff:ff:ff
inet 192.168.254.12/24 brd 192.168.254.255 scope global noprefixroute eth0
valid_lft forever preferred_lft forever
inet6 fe80::c840:57b5:193b:3010/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@comp2 ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=c30ca6d8-4c59-4bf5-b97f-65b5dbd4347c
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.254.12
NETMASK=255.255.255.0
网卡配置好,三台主机互ping验证,控制节点ping外网,比如www.baidu.com和8.8.8.8
3.2.2 修改/etc/hosts文件
[root@ct packages]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.254.10 ct
192.168.254.11 comp1
192.168.254.12 comp2
[root@ct packages]# scp /etc/hosts root@192.168.254.11:/etc
root@192.168.254.11's password:
hosts 100% 218 70.1KB/s 00:00
[root@ct packages]# scp /etc/hosts root@192.168.254.12:/etc
root@192.168.254.12's password:
hosts 100% 218 81.9KB/s 00:00
3.2.3 本地yum源部署
将openstack包放到/opt下,然后部署本地yum仓库,三个节点都做
[root@ct ~]# cd /opt
[root@ct opt]# ls
openstack_rocky.tar.gz
[root@ct opt]# tar zxvf openstack_rocky.tar.gz -C /opt
[root@ct opt]# cd /etc/yum.repos.d/
[root@ct yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo
[root@ct yum.repos.d]# mkdir bak
[root@ct yum.repos.d]# mv C* bak/
[root@ct yum.repos.d]# vi openstack-rocky.repo
[openstack]
name=rocky
baseurl=file:///opt/openstack_rocky
enabled=1
gpgcheck=0
[root@ct yum.repos.d]# yum clean all
[root@ct yum.repos.d]# yum makecache
3.2.4 关闭防火墙,核心防护,网络管理
三个节点都关
[root@ct packages]# systemctl stop firewalld
[root@ct packages]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@ct packages]# setenforce 0
[root@ct packages]# vi /etc/selinux/config
7 SELINUX=disabled
[root@ct packages]# systemctl stop NetworkManager
[root@ct packages]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
3.2.5 ntp时间同步(三个都装)
[root@ct packages]# vi /etc/yum.conf
cachedir=/var/cache/yum/$basearch/$releasever //此处为缓存软件包所在位置
keepcache=1 //改为1,开启缓存软件包功能
[root@ct ~]# yum install -y ntpdate
控制节点去同步阿里云时间
计算节点去同步控制节点
[root@ct packages]# ntpdate ntp.aliyun.com
26 Feb 23:43:58 ntpdate[76398]: adjust time server 203.107.6.88 offset -0.000285 sec
[root@ct packages]# ntpdate ntp.aliyun.com >> /var/log/ntpdate.log
[root@ct packages]# crontab -e
*/30 * * * * /usr/sbin/ntpdate ntp.aliyun.com >> /var/log/ntpdate.log
[root@ct packages]# systemctl restart crond
[root@ct packages]# systemctl enable crond
控制节点做ntpd服务端
[root@ct packages]# yum install ntp -y
[root@ct packages]# vi /etc/ntp.conf
8 restrict default nomodify
17 restrict 192.168.254.0 mask 255.255.255.0 nomodify notrap
21 server 0.centos.pool.ntp.org iburst //21-24删除
22 server 1.centos.pool.ntp.org iburst
23 server 2.centos.pool.ntp.org iburst
24 server 3.centos.pool.ntp.org iburst
//删除的位置插入下面内容
fudeg 127.127.1.0 stratum 10
server 127.127.1.0
[root@ct packages]# systemctl disable chronyd.service //关闭系统时钟服务
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@ct yum]# systemctl stop chronyd.service
[root@ct packages]# systemctl restart ntpd
[root@ct packages]# systemctl enable ntpd
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpd.service to /usr/lib/systemd/system/ntpd.service.
comp1和comp2相同配置
[root@comp1 ~]# ntpdate ct
26 Feb 23:58:58 ntpdate[44196]: adjust time server 192.168.254.10 offset 0.010589 sec
[root@comp1 ~]# crontab -e
*/30 * * * * /usr/sbin/ntpdate ct >> /var/log/ntpdate.log
[root@comp1 ~]# systemctl restart crond
[root@comp1 ~]# systemctl enable crond
[root@comp1 ~]# systemctl disable chronyd.service
Removed symlink /etc/systemd/system/multi-user.target.wants/chronyd.service.
[root@comp2 yum.repos.d]# systemctl enable ntpdate
Created symlink from /etc/systemd/system/multi-user.target.wants/ntpdate.service to /usr/lib/systemd/system/ntpdate.service.
3.2.6 免交互
三个节点都配置
[root@ct packages]# ssh-keygen -t rsa
[root@ct packages]# ssh-copy-id ct
[root@ct packages]# ssh-copy-id comp1
[root@ct packages]# ssh-copy-id comp2
- 环境配置完毕后要记得快照
3.3 部署openstack
接下来就可以在控制节点安装openstack-packstack包,进行部署
3.3.1修改应答文件
[root@ct ~]# cat /etc/redhat-release
CentOS Linux release 7.5.1804 (Core)
[root@ct ~]# yum -y install openstack-packstack //安装openstack-packstack包
[root@ct ~]# packstack --gen-answer-file=openstack.txt //获得应答文件,去修改安装的参数
[root@ct ~]# ls
anaconda-ks.cfg openstack.txt
[root@ct ~]# vi openstack.txt
19 CONFIG_MARIADB_INSTALL=y //mariadb数据库默认安装,是
22 CONFIG_GLANCE_INSTALL=y //glance镜像组件,开启
25 CONFIG_CINDER_INSTALL=y //cinder块存储,开启
29 CONFIG_MANILA_INSTALL=n //manila组件是openstack的扩展系统,默认是N,不需要更改
32 CONFIG_NOVA_INSTALL=y //nova计算组件,开启
35 CONFIG_NEUTRON_INSTALL=y //neutron网络组件,开启
38 CONFIG_HORIZON_INSTALL=y //horizon控制台组件,开启
41 CONFIG_SWIFT_INSTALL=n //swift对象存储,默认是Y,但是在生产环境中一般不装,选n
46 CONFIG_CEILOMETER_INSTALL=y //ceilometer计费服务,开启
50 CONFIG_AODH_INSTALL=n //aodh组件,改为n
53 CONFIG_PANKO_INSTALL=n //panko组件,n
60 CONFIG_HEAT_INSTALL=n //heat编排工具组件,默认是n,不该=改
94 CONFIG_CONTROLLER_HOST=192.168.254.10 //指定控制节点IP地址
97 CONFIG_COMPUTE_HOST=192.168.254.11,192.168.254.12 //指定计算节点
101 CONFIG_NETWORK_HOSTS=192.168.254.10 //指定网络节点
557 CONFIG_CINDER_VOLUMES_SIZE=5G //系统在创建cinder组件时会创建一个20G卷,虚拟机空间有限,放小一点
778 CONFIG_NEUTRON_METADATA_PW=123123 //修改网络metadata的密码
782 CONFIG_LBAAS_INSTALL=y //lbaas负载均衡组件,必须要装
790 CONFIG_NEUTRON_FWAAS=y //网络防火墙组件,必须要装
794 CONFIG_NEUTRON_VPNAAS=y //网络VPN组件,必须要装
817 CONFIG_NEUTRON_ML2_FLAT_NETWORKS=physnet1 //flat网络这边要设置物理网卡名字
862 CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=physnet1:br-ex //ovs_bridge_mappings这边要设置物理网卡的名字
873 CONFIG_NEUTRON_OVS_BRIDGE_IFACES=br-ex:eth1 //ovs_bridge_ifaces这边br-ex:eth1是网络节点的nat网卡
1185 CONFIG_PROVISION_DEMO=n //关闭在线下载一个demo测试的镜像,这里把它关掉
配置完成之后,在控制节点配置一个gateway网关,192.168.254.1
[root@ct ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth1
UUID=f1233b1c-bfa8-468e-9378-52b188ac9fa8
DEVICE=eth1
ONBOOT=yes
IPADDR=192.168.254.10
NETMASK=255.255.255.0
GATEWAY=192.168.254.1
[root@ct ~]# systemctl restart network
完成上述配置之后,再统一将原本存在的(控制节点nat)IP地址改为控制节点的IP
[root@control ~]# sed -i -r 's/(.+_PW)=.+/\1=Abc123/' openstack.txt
[root@control ~]# sed -i -r 's/20.0.0.10/192.168.254.10/g' openstack.txt
[root@control ~]# grep -vE "^#|^$" openstack.txt > openstackbak.txt
用下载工具把openstackbak.txt下载后实验的时候做比对用
3.3.2 自动安装部署
[root@ct ~]# packstack --answer-file=openstack.txt
出现错误
requires:libpcap.so.1()()64bit
排障思路:挂载镜像源,增加基础包源,三个节点都做
再次尝试
[root@ct mnt]# mount /dev/sr0 /mnt
mount: /dev/sr0 is write-protected, mounting read-only
[root@ct ~]# cd /etc/yum.repos.d/
[root@ct yum.repos.d]# ls
bak openstack-rocky.repo
[root@ct yum.repos.d]# vi openstack-rocky.repo
[openstack]
name=rocky
baseurl=file:///opt/openstack_rocky
enabled=1
gpgcheck=0
[centos]
name=centos
baseurl=file:///mnt
enabled=1
gpgcheck=0
[root@ct yum.repos.d]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: centos openstack
Cleaning up everything
Maybe you want: rm -rf /var/cache/yum, to also free up space taken by orphaned data from disabled or removed repos
Cleaning up list of fastest mirrors
[root@ct yum.repos.d]#
[root@ct ~]# yum makecache
再次部署,目前还是成功的,上面的报错没有出现
可以将镜像源写入/etc/fstab实现自动挂载
[root@ct ~]# vi /etc/fstab
/dev/sr0 /mnt iso9660 defaults 0 0
动态查看日志写入
[root@ct ~]# tail -f /var/log/messages
安装成功
**** Installation completed successfully ******
Additional information:
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
* File /root/keystonerc_admin has been created on OpenStack client host 192.168.254.10. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://192.168.254.10/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* The installation log file is available at: /var/tmp/packstack/20200227-113853-n_jN5h/openstack-setup.log
* The generated manifests are available at: /var/tmp/packstack/20200227-113853-n_jN5h/manifests
查看密码
[root@ct ~]# ls
anaconda-ks.cfg keystonerc_admin openstack.txt
[root@ct ~]# vi keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin //用户
export OS_PASSWORD='8012c759dd1540c1' //密码
export OS_AUTH_URL=http://192.168.254.10:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
3.3.3 就像之前一键部署那样,登录dashboard
http://192.168.254.10/dashboard
页面登录测试成功
查看OpenStack是哪个版本如何查?
1、通过openstack --version命令后会得到一个版本信息
[root@control ~]# openstack --version
openstack 3.16.3
2、访问官网版本发布信息的网址:https://releases.openstack.org/