OpenStack Stein 手工安装详解|万字长文


640?wx_fmt=jpeg


0. Prepare

添加hosts(本处为单节点)

# echo "114.118.28.118 controller" >>/etc/hosts
# hostnamectl set-hostname --static controller

ntp时间同步

# ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
# yum install -y chrony
# systemctl start chronyd
# systemctl enable chronyd

安装openstack对应版本的yum源

# yum install -y yum-utils centos-release-openstack-stein
# sed -i "s/mirror.centos.org/mirrors.163.com/g" /etc/yum.repos.d/*.repo
# yum makecache fast
# yum install -y openstack-utils python2-openstackclient

系统优化

# systemctl stop firewalld && systemctl disable firewalld
# systemctl start iptables && systemctl enable iptables
# systemctl disable NetworkManager && systemctl stop NetworkManager
# iptables -F && service iptables save
# 关闭selinux
# sed -i "s/^SELINUX=enforcing$/SELINUX=disabled/g" /etc/selinux/config
# 设置文件句柄
# sed -i "s/^#DefaultLimitNPROC=$/DefaultLimitNPROC=102400/g" /etc/systemd/system.conf
# sed -i "s/^#DefaultLimitNOFILE=$/DefaultLimitNOFILE=102400/g" /etc/systemd/system.conf
# sed -i "s/4096/102400/g" /etc/security/limits.d/20-nproc.conf
# echo "* soft nofile 102400">>/etc/security/limits.conf
# echo "* hard nofile 102400" >>/etc/security/limits.conf
# echo "* soft nproc 102400" >>/etc/security/limits.conf
# echo "* hard nproc 102400" >>/etc/security/limits.conf

640?wx_fmt=png


1. MariaDB

安装软件包

# yum install -y mariadb mariadb-server python2-PyMySQL

修改配置文件 /etc/my.cnf

[mysqld]
bind-address = 114.118.28.117

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 40960
collation-server = utf8_general_ci
character-set-server = utf8

启动服务

# systemctl enable mariadb
# systemctl start mariadb

初始化数据库

# mysql_secure_installation


2. Memcached

安装软件包

# yum install -y memcached python-memcached

修改配置文件/etc/sysconfig/memcached

OPTIONS="-l 127.0.0.1,::1,controller"

启动服务

# systemctl enable memcached
# systemctl start memcached


3. RabbitMQ

640?wx_fmt=png

安装软件包

# yum install -y rabbitmq-server

启动服务

# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service

创建用户与配置权限

# rabbitmqctl add_user openstack openstack
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

启用rannbitmq的webgui界面管理功能

# rabbitmq-plugins enable rabbitmq_management
# rabbitmqctl set_user_tags openstack administrator
# rabbitmqctl delete_user guest


4. Keystone认证

创建数据库

# mysql -uroot -popenstack
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> flush privileges;

安装软件包

# yum install -y openstack-keystone httpd mod_wsgi

修改配置文件/etc/keystone/keystone.conf

[database]
# ...
connection = mysql+pymysql://keystone:openstack@controller/keystone

[token]
# ...
provider = fernet

[cache]
# ...
backend = oslo_cache.memcache_pool
enabled = True
memcache_servers = controller:11211

数据库同步

# su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化 Fernet key

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

配置认证信息

# keystone-manage bootstrap --bootstrap-password openstack \
 --bootstrap-admin-url http://controller:5000/v3/ \
 --bootstrap-internal-url http://controller:5000/v3/ \
 --bootstrap-public-url http://controller:5000/v3/ \
 --bootstrap-region-id RegionOne

配置http启动服务

# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动服务

# systemctl enable httpd
# systemctl start httpd

配置认证信息keystonerc_admin

unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='openstack'
export OS_AUTH_URL=http://controller:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '

export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3

创建openstack服务project

# . keystonerc_admin
# openstack project create --domain default \
 --description "Service Project" service


5. Glance镜像

创建数据库

# mysql -uroot
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'openstack';

加载admin认证keystonerc_admin

# . /root/keystonerc_admin

创建用户,授权,service以及endpoint

# openstack user create --domain default --password openstack glance
# openstack role add --project service --user glance admin

# openstack service create --name glance \
 --description "OpenStack Image" image
 
# openstack endpoint create --region RegionOne \
image public http://controller:9292
# openstack endpoint create --region RegionOne \
image internal http://controller:9292
# openstack endpoint create --region RegionOne \
image admin http://controller:9292

安装软件包

# yum install -y openstack-glance

修改配置文件/etc/glance/glance-api.conf

[database]
# ...
connection = mysql+pymysql://glance:openstack@controller/glance
[keystone_authtoken]
# ...
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = openstack

[paste_deploy]
# ...
flavor = keystone

[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

修改配置文件/etc/glance/glance-registry.conf

[database]
# ...
connection = mysql+pymysql://glance:openstack@controller/glance

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = openstack

[paste_deploy]
# ...
flavor = keystone

同步数据库

# su -s /bin/sh -c "glance-manage db_sync" glance

服务启动

# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service


6.1 Cinder块存储-控制节点

640?wx_fmt=png

创建数据库

# mysql -u root
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY 'openstack';

加载admin认证keystonerc_admin

# . /root/keystonerc_admin

创建用户,授权,service以及endpoint

# openstack user create --domain default --password openstack cinder
# openstack role add --project service --user cinder admin

# openstack service create --name cinderv2 \
 --description "OpenStack Block Storage" volumev2
# openstack service create --name cinderv3 \
 --description "OpenStack Block Storage" volumev3
#
# openstack endpoint create --region RegionOne \
volumev2 public http://controller:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev2 internal http://controller:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev2 admin http://controller:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev3 public http://controller:8776/v3/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev3 internal http://controller:8776/v3/%\(project_id\)s
# openstack endpoint create --region RegionOne \
volumev3 admin http://controller:8776/v3/%\(project_id\)s

安装软件包

# yum install -y openstack-cinder

编辑配置文件/etc/cinder/cinder.conf

[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
my_ip = controller

[database]
# ...
connection = mysql+pymysql://cinder:openstack@controller/cinder

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = openstack

[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp

同步数据库

# su -s /bin/sh -c "cinder-manage db sync" cinder

服务启动

# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service


6.2 Cinder块存储-存储节点

安装软件包

# yum install -y lvm2 device-mapper-persistent-data
# yum install -y openstack-cinder targetcli python-keystone

启动lvm服务

# systemctl enable lvm2-lvmetad.service
# systemctl start lvm2-lvmetad.service

创建LVM-VG

# pvcreate /dev/sda
# vgcreate cinder-volumes /dev/sda

编辑 /etc/lvm/lvm.conf

devices {
...
filter = [ "a/sda/", "r/.*/"]

编辑配置文件/etc/cinder/cinder.conf

[DEFAULT]
# ...
transport_url = rabbit://openstack:openstack@controller
auth_strategy = keystone
my_ip = controller
enabled_backends = lvm
glance_api_servers = http://controller:9292

[database]
# ...
connection = mysql+pymysql://cinder:openstack@controller/cinder

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = openstack

[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp

[lvm]
volume_backend_name=lvm
volume_driver=cinder.volume.drivers.lvm.LVMVolumeDriver
target_ip_address=114.118.28.117
target_helper=lioadm
volume_group=cinder-volumes
volumes_dir=/var/lib/cinder/volumes

启动服务

# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service


7.1 Neutron网络-控制节点

640?wx_fmt=png

创建数据库

# mysql -u root
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'openstack';

加载admin认证keystonerc_admin

#. /root/keystonerc_admin

创建用户,授权,service以及endpoint

# openstack user create --domain default --password openstack neutron
# openstack role add --project service --user neutron admin

# openstack service create --name neutron \
 --description "OpenStack Networking" network
 
# openstack endpoint create --region RegionOne \
network public http://controller:9696
# openstack endpoint create --region RegionOne \
network internal http://controller:9696
# openstack endpoint create --region RegionOne \
network admin http://controller:9696

安装软件包

# yum install -y openstack-neutron-ml2 openstack-neutron

编辑配置文件/etc/neutron/neutron.conf

[DEFAULT]
# ...
debug=False
log_dir=/var/log/neutron
transport_url = rabbit://openstack:openstack@controller
control_exchange=neutron
auth_strategy=keystone
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
allow_overlapping_ips=True
service_plugins=qos,trunk,router
router_scheduler_driver=neutron.scheduler.l3_agent_scheduler.ChanceScheduler
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = openstack

[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = openstack

[database]
# ...
connection = mysql+pymysql://neutron:openstack@controller/neutron

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini

本处使用两种类型网络,分别是vlannet以及extnet,两种网络对应的分别是租户网络以及provider网络。

[DEFAULT]

[ml2]
type_drivers=flat,vlan
tenant_network_types=vlan
mechanism_drivers=openvswitch
path_mtu=0
extension_drivers=port_security,qos

[securitygroup]
enable_security_group=True
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

[ml2_type_flat]
flat_networks=*

[ml2_type_vlan]
network_vlan_ranges=vlannet:2000:2200,extnet:200:300

生成ml2的plugin.ini软链接

# ln -sf /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
 --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动服务

# systemctl enable neutron-server.service
# systemctl start neutron-server.service


7.2 Neutron网络-网络节点

安装软件包

# yum install -y openstack-neutron-common openstack-neutron \
openstack-neutron-openvswitch ebtables

编辑配置文件/etc/sysctl.conf

net.ipv4.tcp_keepalive_intvl=1
net.ipv4.tcp_keepalive_probes=5
net.ipv4.tcp_keepalive_time=5
net.bridge.bridge-nf-call-ip6tables=1
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-arptables=1
net.ipv4.ip_forward=1

运行如下命令

# sysctl -p

编辑配置文件/etc/neutron/neutron.conf

[DEFAULT]
# ...
debug=False
log_dir=/var/log/neutron
transport_url = rabbit://openstack:openstack@controller
control_exchange=neutron
auth_strategy=keystone
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
allow_overlapping_ips=True
service_plugins=qos,trunk,router
router_scheduler_driver=neutron.scheduler.l3_agent_scheduler.ChanceScheduler
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = openstack

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

编辑配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini

[DEFAULT]
[ovs]
bridge_mappings=extnet:br-ex,vlannet:br-vlan
integration_bridge=br-int
[agent]
l2_population=False
drop_flows_on_start=False
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

编辑配置文件/etc/neutron/metadata_agent.ini

[DEFAULT]
debug=False
nova_metadata_host=controller
metadata_proxy_shared_secret=openstack

编辑配置文件/etc/neutron/l3_agent.ini

[DEFAULT]
debug=False
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
agent_mode=legacy

编辑配置文件/etc/neutron/dhcp_agent.ini

[DEFAULT]
debug=False
enable_isolated_metadata=True
enable_metadata_network=True
state_path=/var/lib/neutron
resync_interval=30
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf

启动ovs

# systemctl enable openvswitch
# systemctl start openvswitch

创建ovs bridge

# ovs-vsctl add-br br-ex
# ovs-vsctl add-br br-vlan

启动服务

# systemctl enable neutron-dhcp-agent.service neutron-l3-agent.service neutron-metadata-agent.service neutron-openvswitch-agent.service  neutron-destroy-patch-ports.service
# systemctl start neutron-dhcp-agent.service neutron-l3-agent.service neutron-metadata-agent.service neutron-openvswitch-agent.service neutron-destroy-patch-ports.service


7.3 Neutron网络-计算节点

安装软件包

# yum install -y openstack-neutron-common openstack-neutron \
openstack-neutron-openvswitch ebtables

编辑配置文件/etcneutron/neutron.conf

[DEFAULT]
# ...
debug=False
log_dir=/var/log/neutron
transport_url = rabbit://openstack:openstack@controller
control_exchange=neutron
auth_strategy=keystone
core_plugin=neutron.plugins.ml2.plugin.Ml2Plugin
allow_overlapping_ips=True
service_plugins=qos,trunk,router
router_scheduler_driver=neutron.scheduler.l3_agent_scheduler.ChanceScheduler
notify_nova_on_port_status_changes=True
notify_nova_on_port_data_changes=True
[agent]
root_helper=sudo neutron-rootwrap /etc/neutron/rootwrap.conf

编辑配置文件/etc/neutron/plugins/ml2/openvswitch_agent.ini

[DEFAULT]
[ovs]
bridge_mappings=vlannet:br-vlan
integration_bridge=br-int
[agent]
l2_population=False
drop_flows_on_start=False
[securitygroup]
firewall_driver=neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver

启动ovs

# systemctl enable openvswitch
# systemctl start openvswitch

创建ovs bridge

# ovs-vsctl add-br br-vlan

启动服务

# systemctl enable openvswitch neutron-openvswitch-agent.service
# systemctl start openvswitch neutron-openvswitch-agent.service


8.1. Nova计算-控制节点

640?wx_fmt=png

创建数据库

# mysql -u root
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'openstack';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'openstack';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'openstack';

加载admin认证keystonerc_admin

# . /root/keystonerc_admin

创建用户,授权,service以及endpoint

# openstack user create --domain default --password openstack nova
# openstack role add --project service --user nova admin

# openstack service create --name nova \
 --description "OpenStack Compute" compute
 
# openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
# openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1

安装软件包

# yum install -y openstack-nova-api openstack-nova-conductor \
openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-console

编辑配置文件/etc/nova/nova.conf

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@controller
my_ip = 114.118.28.117
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
# ...
connection = mysql+pymysql://nova:openstack@controller/nova_api

[database]
# ...
connection = mysql+pymysql://nova:openstack@controller/nova

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = openstack

[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
# ...
api_servers = http://controller:9292

[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = openstack
service_metadata_proxy=True
metadata_proxy_shared_secret=openstack

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = openstack

同步nova-api数据库

# su -s /bin/sh -c "nova-manage api_db sync" nova

注册cell0数据库

# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

创建cell1

# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

同步nova数据库

# su -s /bin/sh -c "nova-manage db sync" nova

验证nova cell

# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

服务启动

# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service


8.2. Nova计算-计算节点

640?wx_fmt=png

软件安装

# yum install -y openstack-nova-compute openstack-nova-common

编辑配置文件/etc/nova/nova.conf

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@controller
my_ip = 114.118.28.117
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = openstack

[vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://114.118.28.117:6080/vnc_auto.html

[glance]
# ...
api_servers = http://controller:9292

[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = openstack

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = openstack

[libvirt]
# ...
virt_type = qemu

服务启动

# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service

Nova CellV2 主机发现与添加

# openstack compute service list --service nova-compute
# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
# su -s /bin/sh -c "nova-manage cell_v2 list_hosts" nova


9. Placement放置组

创建数据库

# mysql -u root
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'openstack';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'openstack';

加载admin认证keystonerc_admin

. /root/keystonerc_admin

创建用户,授权,service以及endpoint

# openstack user create --domain default --password openstack placement
# openstack role add --project service --user placement admin

# openstack service create --name placement \
 --description "Placement API" placement
 
# openstack endpoint create --region RegionOne \
placement public http://controller:8778
# openstack endpoint create --region RegionOne \
placement internal http://controller:8778
# openstack endpoint create --region RegionOne \
placement admin http://controller:8778

安装软件包

# yum install -y openstack-placement-api

修改配置文件/etc/placement/placement.conf

[placement_database]
# ...
connection = mysql+pymysql://placement:openstack@controller/placement

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = openstack

同步数据库

# su -s /bin/sh -c "placement-manage db sync" placement

添加配置/etc/httpd/conf.d/00-placement-api.conf (如果有则跳过)

<Directory /usr/bin>
  <IfVersion >= 2.4>
      Require all granted
  </IfVersion>
  <IfVersion < 2.4>
      Order allow,deny
      Allow from all
  </IfVersion>
</Directory>

服务启动

# systemctl restart httpd


10. Dashboard图形化展示

640?wx_fmt=png

安装软件包

# yum install -y openstack-dashboard

编辑配置文件/etc/openstack-dashboard/local_settings

ALLOWED_HOSTS = ["*",]

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
   'default': {
        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
        'LOCATION': 'controller:11211',
  }
}
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_API_VERSIONS = {
   "identity": 3,
   "image": 2,
   "volume": 3,
}


11. 云环境初始化

镜像初始化

# yum install -y wget
# wget https://download.cirros-cloud.net/0.3.6/cirros-0.3.6-x86_64-disk.img
# . /root/keystonerc_admin
# openstack image create --disk-format qcow2 --container-format bare --public --file cirros-0.3.6-x86_64-disk.img cirros-0.3.6

网络初始化

# openstack network create Public --provider-network-type vlan --provider-physical-network extnet  --provider-segment 10 --external
# openstack subnet create Subnet-Public --no-dhcp --network Public --subnet-range 172.24.4.0/24

# openstack network create vlannet1 --provider-network-type vlan --provider-physical-network vlannet
# openstack subnet create subnet-vlannet1 --network vlannet1 --subnet-range 10.1.1.0/24

# openstack router create AdminRouter

# openstack router set --external-gateway Public AdminRouter
# openstack router add subnet AdminRouter subnet-vlannet1

Flavor初始化

# openstack flavor create --id 0 --vcpus 1  --ram 256 --disk 1 --public m1.1c.256m.1G

默认安全组规则调整

# openstack security group rule create --protocol any  --ingress --ethertype IPv4  681f291a-507f-49bc-8673-4c1239c3b7fb

Nova创建云主机

# openstack server create --image cirros-0.3.6 --flavor 0  --network vlannet1 VM1

浮动IP绑定

# openstack floating ip create Public --floating-ip-address 172.24.4.217 \
 --fixed-ip-address 10.1.1.217 --port 70567ad4-c49c-44c7-9ee7-63dad9e17e6b


书。



 640?wx_fmt=gif



上海技术活动

爱库存+爱乐奇+齐家网

案例+原理+实践

大神讲透混合云安全

640?wx_fmt=png


了解新钛云服


新钛云服出品的部分精品技术干货

发布了50 篇原创文章 · 获赞 0 · 访问量 1809
展开阅读全文

没有更多推荐了,返回首页

©️2019 CSDN 皮肤主题: 大白 设计师: CSDN官方博客

分享到微信朋友圈

×

扫一扫,手机浏览