openstack部署

于 2023-12-05 14:18:47 发布
阅读量73 收藏
点赞数
文章标签: openstack
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/lv12341/article/details/134806204
版权


stein  centos7.4 1708

1 系统调整

1.1 修改sysctl

fs.file-max = 65536  

net.ipv4.ip_forward = 1  

net.ipv4.conf.all.rp_filter = 0  

net.ipv4.conf.default.rp_filter = 0

1.2 网卡配置

em1 (management)

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

DEFROUTE=yes

NAME=em1

UUID=947ec8e4-f341-4c32-a932-4c70fdfe8d58

DEVICE=em1

ONBOOT=yes

IPADDR=10.0.0.11

NETMASK=255.255.255.0

GATEWAY=10.0.0.1

DNS1=223.5.5.5

em2 (overlay)

TYPE=Ethernet

PROXY_METHOD=none

BROWSER_ONLY=no

BOOTPROTO=static

NAME=em2

UUID=8da98a51-15d0-4522-beb2-1f78b1f160f9

DEVICE=em2

ONBOOT=yes

IPADDR=10.0.1.11

NETMASK=255.255.255.0

em3 (field)

TYPE=Ethernet

BOOTPROTO=none

DEVICE=em3

ONBOOT=yes

em4 (plc)

TYPE=Ethernet

BOOTPROTO=none

DEVICE=em4

ONBOOT=yes

1.3 添加hosts

10.0.0.10 web

10.0.0.11 controller

10.0.0.12 compute1

10.0.0.13 compute2

1.4 时间同步ntp

controller:

yum -y install ntp  ntpdate

vi /etc/ntp.conf (修改地址)

systemctl start ntpd && systemctl enable ntpd

other:

yum -y install ntpdate

# crontab -e 添加定时任务

*/5 * * * * /usr/sbin/ntpdate controller &>/tmp/ntp.log

#...

restrict compute1

server ntp.aliyun.com iburst

server 127.127.1.0 fudge

127.127.1.0 startum 8

1.5 修改ulimit

```

# End of file

* soft nofile 655350  #任何用户可以打开的最大的文件描述符数量,默认1024,这里的数值会限制tcp连接

* hard nofile 655350

* soft nproc  655350  #任何用户可以打开的最大进程数

* hard nproc  650000

2 pre

2.1 OpenStack packages for CentOS  (all node)

在线源

yum install -y centos-release-openstack-stein

# 更新,If the upgrade process includes a new kernel, reboot your host to activate it.

# yum upgrade

yum install python-openstackclient -y

yum install openstack-selinux -y

2.2 SQL database (contronller)

yum install mariadb mariadb-server python2-PyMySQL

Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed) and complete the following actions:

[mysqld]

bind-address = controller

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

重启

mkdir -p /usr/lib/systemd/system/mariadb.service.d/

echo -e "[Service]\nLimitNOFILE=10000" |tee /usr/lib/systemd/system/mariadb.service.d/limits.conf

systemctl daemon-reload

systemctl enable mariadb.service

systemctl start mariadb.service

初始化

mysql_secure_installation

检查

# 默认最大连接数512,检查是否更换为4096

mysql -u root -p

MariaDB [(none)]> show variables like '%max_connections%';

+-----------------------+-------+

| Variable_name         | Value |

+-----------------------+-------+

| extra_max_connections | 1     |

| max_connections       | 4096  |

+-----------------------+-------+

2 rows in set (0.002 sec)

2.3 Message queue (contronller)

yum install -y rabbitmq-server

systemctl enable rabbitmq-server.service

systemctl start rabbitmq-server.service

rabbitmqctl add_user openstack RABBIT_PASS

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

2.4 memcache (contronller)

 yum install memcached python-memcached -y

 /etc/sysconfig/memcached

#配置 OPTIONS="-l 127.0.0.1,controller"

systemctl enable memcached.service

systemctl start memcached.service

配置防火墙,限制访问

iptables -A INPUT  -s ${CONTROLLER_IP}/32  -p tcp -m tcp --dport 11211 -j ACCEPT

iptables -A INPUT  -s ${COMPUTE_IP}/32  -p tcp -m tcp --dport 11211 -j ACCEPT

iptables -A INPUT -p tcp -m tcp --dport 11211 -j DROP

# 可以将命令写入/etc/rc.d/rc.local ,开机自动加载规则

# chmod +x /etc/rc.d/rc.local

2.5 etcd (contronller)

yum install etcd -y

# 修改配置

vi /etc/etcd/etcd.conf

#启动

systemctl enable etcd

systemctl start etcd

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="http://CONTROLLER_IP:2380"

ETCD_LISTEN_CLIENT_URLS="http://CONTROLLER_IP:2379"

ETCD_NAME="controller"

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://CONTROLLER_IP:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://CONTROLLER_IP:2379"

ETCD_INITIAL_CLUSTER="controller=http://CONTROLLER_IP:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

3 openstack部署

3.1 keystone

https://docs.openstack.org/keystone/stein/install/keystone-install-rdo.html#prerequisites

# 创建数据库

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE keystone;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

IDENTIFIED BY 'KEYSTONE_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

IDENTIFIED BY 'KEYSTONE_DBPASS';

# 安装

yum install

openstack-keystone httpd mod_wsgi -y

# 配置文件

vi /etc/keystone/keystone.conf

# 数据导入

su -s /bin/sh -c "keystone-manage db_sync" keystone

# Initialize Fernet key repositories

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# 创建admin用户

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \

  --bootstrap-admin-url http://controller:5000/v3/ \

  --bootstrap-internal-url http://controller:5000/v3/ \

  --bootstrap-public-url http://controller:5000/v3/ \

  --bootstrap-region-id RegionOne

  

# 配置访问

sed -i '95a ServerName controller' /etc/httpd/conf/httpd.conf

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

# 启动

systemctl enable httpd.service &&  systemctl start httpd.service

Configure the administrative account

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project:

source admin-openrc

openstack project create --domain default \

  --description "Service Project" service

配置文件模板

[database]

# ...

connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

[token]

# ...

provider = fernet

3.2 glance

OpenStack Docs: Install and configure (Red Hat)

# 创建数据库

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE glance;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

  IDENTIFIED BY 'GLANCE_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

  IDENTIFIED BY 'GLANCE_DBPASS';

source admin-openrc

# 创建keystone用户 ,输入GLANCE_PASS

openstack user create --domain default --password-prompt glance

# 用户权限

openstack role add --project service --user glance admin

# 注册服务

openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://controller:9292

openstack endpoint create --region RegionOne image internal http://controller:9292

openstack endpoint create --region RegionOne image admin http://controller:9292

# 安装

yum install openstack-glance -y

# 配置文件

vi /etc/glance/glance-api.conf

vi /etc/glance/glance-registry.conf

# 数据导入

su -s /bin/sh -c "glance-manage db_sync" glance

# 启动

systemctl enable openstack-glance-api.service \

  openstack-glance-registry.service

systemctl start openstack-glance-api.service \

  openstack-glance-registry.service

配置文件模板

[database]

# ...

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]

# ...

www_authenticate_uri  = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = GLANCE_PASS

[paste_deploy]

# ...

flavor = keystone

[glance_store]

# ...

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

[database]

# ...

connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = GLANCE_PASS

[paste_deploy]

# ...

flavor = keystone

3.3 Placement

OpenStack Docs: Placement Service

# 创建数据库

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE placement;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \

  IDENTIFIED BY 'PLACEMENT_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \

  IDENTIFIED BY 'PLACEMENT_DBPASS';

source admin-openrc

# 创建keystone用户 ,输入 PLACEMENT_PASS

openstack user create --domain default --password-prompt placement

# 用户权限

openstack role add --project service --user placement admin

# 注册服务

openstack service create --name placement --description "Placement API" placement

openstack endpoint create --region RegionOne placement public http://controller:8778

openstack endpoint create --region RegionOne placement internal http://controller:8778

openstack endpoint create --region RegionOne placement admin http://controller:8778

# 安装

 yum install openstack-placement-api -y

# 配置文件

vi /etc/placement/placement.conf

# 数据导入

su -s /bin/sh -c "placement-manage db sync" placement

# 启动

systemctl restart httpd

# 校验安装

placement-status upgrade check

配置文件模板

[placement_database]

# ...

connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = placement

password = PLACEMENT_PASS

3.4 nova

3.4.1 controller

OpenStack Docs: Install and configure controller node for Red Hat Enterprise Linux and CentOS

# 创建数据库

mysql -u root -p

MariaDB [(none)]> CREATE DATABASE nova_api;

MariaDB [(none)]> CREATE DATABASE nova;

MariaDB [(none)]> CREATE DATABASE nova_cell0;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \

  IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \

  IDENTIFIED BY 'NOVA_DBPASS';

  

source admin-openrc

# 创建keystone用户 ,输入 NOVA_PASS

openstack user create --domain default --password-prompt nova

# 用户权限

openstack role add --project service --user nova admin

# 注册服务

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

# 安装  

yum install --disablerepo="epel" openstack-nova-api openstack-nova-conductor \

  openstack-nova-novncproxy openstack-nova-scheduler

# 配置文件

vi /etc/nova/nova.conf

# 数据导入

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

su -s /bin/sh -c "nova-manage db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

# 启动

systemctl enable openstack-nova-api.service \

  openstack-nova-scheduler.service \

  openstack-nova-conductor.service \

  openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service \

  openstack-nova-scheduler.service \

  openstack-nova-conductor.service \

  openstack-nova-novncproxy.service

配置文件模板

[DEFAULT]

# ...

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:RABBIT_PASS@controller

my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = NOVA_PASS

[vnc]

enabled = true

# ...

server_listen = $my_ip

server_proxyclient_address = $my_ip

[glance]

# ...

api_servers = http://controller:9292

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

[placement]

# ...

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = PLACEMENT_PASS

3.4.2 compute

OpenStack Docs: Install and configure a compute node for Red Hat Enterprise Linux and CentOS

# 安装  

yum install --disablerepo="epel" openstack-nova-compute -y

# 配置文件

vi /etc/nova/nova.conf

# 启动

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start  libvirtd.service openstack-nova-compute.service

配置文件模板

[DEFAULT]

# ...

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:RABBIT_PASS@controller

my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = NOVA_PASS

[vnc]

# ...

enabled = true

server_listen = 0.0.0.0

server_proxyclient_address = $my_ip

novncproxy_base_url = http://CONTROLLER_IP:6080/vnc_auto.html

[glance]

# ...

api_servers = http://controller:9292

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

[placement]

# ...

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = PLACEMENT_PASS

3.4.3 compute节点注册

# controller 操作

openstack compute service list --service nova-compute

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

# 配置自动发现

vi /etc/nova/nova.conf

# 重启服务

systemctl restart openstack-nova-api.service \

  openstack-nova-scheduler.service

# ...

[scheduler]

discover_hosts_in_cells_interval = 300

3.4.4 验证安装

# controller 操作

# 配置

vi /etc/httpd/conf.d/00-placement-api.conf

systemctl restart httpd

# 验证

nova-status upgrade check

<VirtualHost *:8778>

# ...

  <Directory /usr/bin>

     <IfVersion >= 2.4>

        Require all granted

     </IfVersion>

     <IfVersion < 2.4>

        Order allow,deny

        Allow from all

     </IfVersion>

  </Directory>

</VirtualHost>

3.4.5 controller nova调度规则优化 (非必要)

# ...

# 修改调度策略

[filter_scheduler]

weight_classes = nova.scheduler.weights.io_ops.IoOpsWeigher

io_ops_weight_multiplier = -1.0

systemctl restart openstack-nova-scheduler.service

3.4.6 controller nova其他优化 (非必要)

[DEFAULT]

# ...

service_down_time = 120

cpu_allocation_ratio = 3.0

ram_allocation_ratio = 1.5

reserved_host_disk_mb = 2048

reserved_host_memory_mb = 2048

allow_resize_to_same_host = True

remove_unused_base_images = False

# remove_unused_original_minimum_age_seconds = 864000

image_cache_manager_interval = 0

resume_guests_state_on_host_boot = True

systemctl restart openstack-nova-api.service

*_allocation_ratio 参数配置方式:

a、AggregateCoreFilter的cpu_allocation_ratio metadata key

     使用:nova aggregate-set-metadata 1 *_allocation_ratio=2.0

b、compute node的配置文件nova.conf支持*_allocation_ratio参数设置

c、原本的controller node nova.conf的*_allocation_ratio参数设置

优先级:a > b > c

3.5 dashboard

OpenStack Docs: Install and configure for Red Hat Enterprise Linux and CentOS

#安装

yum install openstack-dashboard -y

#配置文件

vi /etc/openstack-dashboard/local_settings

sed -i '3a WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf

# 重启

systemctl restart httpd.service memcached.service

# ...

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['one.example.com', 'two.example.com']

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': 'controller:11211',

    }

}

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "image": 2,

    "volume": 3,

}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

OPENSTACK_NEUTRON_NETWORK = {

    ...

    'enable_ipv6': False,

}

TIME_ZONE = "Asia/Shanghai"

3.6 network

OpenStack Docs: Open vSwitch mechanism driver

3.6.1 controller 创建数据库

# 创建数据库

mysql -u root -p

MariaDB [(none)] CREATE DATABASE neutron;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \

  IDENTIFIED BY 'NEUTRON_DBPASS';

source admin-openrc

# 创建keystone用户 ,输入 NEUTRON_PASS

openstack user create --domain default --password-prompt neutron

# 用户权限

openstack role add --project service --user neutron admin

# 注册服务

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

3.6.2 network node

  • network服务可以和controller服务部署在同一节点

# 安装

yum install openstack-neutron openstack-neutron-ml2 \

  openstack-neutron-openvswitch ebtables

  

# 更改配置文件

vi /etc/neutron/neutron.conf

vi /etc/neutron/plugins/ml2/ml2_conf.ini

# 配置ovs bridge

yum install -y libibverbs

systemctl enable neutron-openvswitch-agent.service

systemctl start neutron-openvswitch-agent.service

ovs-vsctl add-br br-provider

ovs-vsctl add-port br-provider PROVIDER_INTERFACE

# 更改配置文件

vi /etc/neutron/plugins/ml2/openvswitch_agent.ini

vi /etc/neutron/l3_agent.ini

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

# 导入数据

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \

  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

# 启动

systemctl enable neutron-server.service neutron-l3-agent.service

systemctl start neutron-server.service neutron-l3-agent.service

systemctl restart neutron-openvswitch-agent.service

nova启用neutron

vi /etc/nova/nova.conf

[neutron]

# ...

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = NEUTRON_PASS

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

systemctl restart openstack-nova-api.service

配置文件模板

[database]

connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

transport_url = rabbit://openstack:RABBIT_PASS@controller

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

dhcp_agents_per_network = 2

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = NEUTRON_PASS

[nova]

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = NOVA_PASS

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

[ml2]

# ...

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = openvswitch,l2population

extension_drivers = port_security

[ml2_type_flat]

# ...

flat_networks = provider

[ml2_type_vxlan]

# ...

vni_ranges = 1:1000

[securitygroup]

# ...

enable_ipset = true

[ovs]

bridge_mappings = provider:br-provider

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

[agent]

tunnel_types = vxlan

l2_population = True

[securitygroup]

firewall_driver = iptables_hybrid

[DEFAULT]

interface_driver = openvswitch

3.6.3 compute

# 安装

yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables

# 修改配置文件

vi /etc/neutron/neutron.conf

vi /etc/neutron/plugins/ml2/openvswitch_agent.ini

vi /etc/neutron/dhcp_agent.ini

vi /etc/neutron/metadata_agent.ini

# 配置ovs bridge

yum install -y libibverbs

systemctl enable neutron-openvswitch-agent.service

systemctl start neutron-openvswitch-agent.service

ovs-vsctl add-br br-provider

ovs-vsctl add-port br-provider PROVIDER_INTERFACE

# 启动

systemctl enable neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl start neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl restart neutron-openvswitch-agent.service

nova启用neutron


vi /etc/nova/nova.conf

[neutron]

# ...

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = NEUTRON_PASS

systemctl restart openstack-nova-compute.service

配置文件模板

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@controller

core_plugin = ml2

auth_strategy = keystone

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = NEUTRON_PASS

[oslo_concurrency]

# ...

lock_path = /var/lib/neutron/tmp

[ovs]

bridge_mappings = provider:br-provider

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

[securitygroup]

firewall_driver = iptables_hybrid

[agent]

tunnel_types = vxlan

l2_population = True

[DEFAULT]

interface_driver = openvswitch

enable_isolated_metadata = True

force_metadata = True

[DEFAULT]

nova_metadata_host = controller

metadata_proxy_shared_secret = METADATA_SECRET

3.6.4 验证安装

openstack network agent list

Agent Type

Host

State

Metadata agent

compute

UP

DHCP agent

compute

UP

Open vSwitch agent

compute

UP

L3 agent

controller

UP

Open vSwitch agent

controller

UP

3.7 cinder

controller

OpenStack Docs: Install and configure controller node

systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service

systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

compute

LVM

OpenStack Docs: Install and configure a storage node

CEPH

https://access.redhat.com/documentation/zh-cn/red_hat_ceph_storage/4/pdf/block_device_to_openstack_guide/red_hat_ceph_storage-4-block_device_to_openstack_guide-zh-cn.pdf

NOTE: ceph 文档是基于red hat openstack 写的,实际部署时,要以公版stein openstack为准

cinder配置参考: https://docs.openstack.org/cinder/stein/drivers.html#cephbackupdriver

# storage

systemctl start  openstack-cinder-volume.service target.service

# backup

systemctl start openstack-cinder-backup.service

4 安装Taas

OpenStack 云平台流量监控插件tap-as-a-service(Taas)安装步骤(OpenStack queens版本,非devstack)-CSDN博客

4.1 network node

cd /srv

git clone -b stable/stein https://github.com/openstack/tap-as-a-service.git

cd tap-as-a-service

PBR_VERSION=5.8.0 python setup.py install

修改配置文件

vi /etc/neutron/neutron.conf

[DEFAULT]

...

service_plugins = router,taas

[service_providers]

service_provider = TAAS:TAAS:neutron_taas.services.taas.service_drivers.taas_rpc.TaasRpcDriver:default

同步数据库并重启服务

neutron-db-manage --subproject tap-as-a-service upgrade head

systemctl restart neutron-server

# 验证安装

neutron tap-service-list

4.2 compute node

安装taas

cd /srv

git clone -b stable/stein https://github.com/openstack/tap-as-a-service

cd tap-as-a-service

PBR_VERSION=5.8.0 python setup.py install

修改配置文件

/etc/neutron/plugins/ml2/openvswitch_agent.ini

[agent]

extensions = taas

重启服务

systemctl restart neutron-openvswitch-agent.service

4.3 controller node (此节内容已舍弃,仅为存档)

添加taas dashboard

git clone https://opendev.org/x/tap-as-a-service-dashboard.git

cd tap-as-a-service-dashboard

python setup.py build

python setup.py install

找到dashboard安装的位置,拷贝里面的内容到dashboard目录

cp /usr/lib/python2.7/site-packages/neutron_taas_dashboard/enabled/_90_project_tapservices_panel.py /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

# 重启httpd

systemctl restart httpd memcached

5 安装zun

控制节点

# 安装kuryr

https://docs.openstack.org/kuryr-libnetwork/stein/install/controller-install.html

# 安装zun

https://docs.openstack.org/zun/stein/install/controller-install.html

#因python2不在维护,zun requirements会有依赖问题,pip install 之后需要手动调整包版本

pip install --upgrade docker==4.4.4

pip install --upgrade websocket-client==0.59.0

pip install --upgrade PyYAML==5.4.1

systemctl enable zun-api.service zun-wsproxy.service

systemctl start  zun-api.service zun-wsproxy.service

计算节点

# 安装docker

curl http://download.bolean.com/common/docker/docker-centos7.sh|bash

# 安装kuryr

https://docs.openstack.org/kuryr-libnetwork/stein/install/compute-install-ubuntu.html

# note: stable/stein已经停止维护

git clone https://git.openstack.org/openstack/kuryr-libnetwork.git

cd kuryr-libnetwork

git checkout stein-em

#因python2不在维护,requirements会有依赖问题,pip install 之后需要手动调整包版本

pip install --upgrade pip==20.3.4

pip install --upgrade kuryr-lib==2.0.1

pip install --upgrade ipaddress==1.0.18

# note:  centos命令路径/usr/libexec   ubuntu命令路径 /usr/local/libexec

# note:  /etc/kuryr/kuryr.conf

auth_url = http://controller:5000

# 安装zun

https://docs.openstack.org/zun/stein/install/compute-install.html

#因python2不在维护,requirements会有依赖问题,pip install 之后需要手动调整包版本

pip install --upgrade docker==4.4.4

pip install --upgrade websocket-client==0.59.0

pip install --upgrade PyYAML==5.4.1

https://docs.openstack.org/kuryr-libnetwork/stein/install/compute-install-ubuntu.html

zun-compute.service  \

kuryr-libnetwork.service   

note

下发容器查看详细信息错误如下: openstack appcontainer show contain

Docker internal error: 500 Server Error for http+docker://localhost/v1.26/containers/cb2ec03013c1add6156f5273a44559f16e4f414fa519d7b9ee1a5be408a37610/start: Internal Server Error ("failed to create endpoint zun-c6508841-5f49-4f4e-83dc-8a14a0d02e1a on network 3da7e9b0-3335-4b19-936b-a498d864a3b2: NetworkDriver.CreateEndpoint: vif_type(ovs) is not supported. A binding script for this type can't be found")

 解决

chmod 777 /var/run/openvswitch/db.sock

systemctl restart kuryr-libnetwork

chmod 777 /var/run/docker.sock

systemctl daemon-reload

systemctl restart docker

systemctl restart zun-compute

systemctl restart neutron-openvswitch-agent

zun-ui (控制节点)

git clone https://github.com/openstack/zun-ui

 

cd zun-ui/

git checkout stein-em

pip install .

cp zun_ui/enabled/* /usr/share/openstack-dashboard/openstack_dashboard/local/enabled/

python /usr/share/openstack-dashboard/manage.py collectstatic

python /usr/share/openstack-dashboard/manage.py compress

systemctl restart httpd

「已注销」
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
openstack project create 报错 Internal Server Error (HTTP 500)
weixin_44416266的博客
07-05 1294
使用openstack命令 openstack project create 时报错 Internal Server Error (HTTP 500)
手动部署openstack如何避免各种坑
最新发布
pyhuangxiang的博客
04-12 499
环境: 宿主机:192.168.10.253 为本环境提供本地yum源和NTP服务 (KVM)contollercompute1compute2在controller和所有compute节点准备yum源gpgcheck=0enable=1[Base]name=Basegpgcheck=0enable=1EOFgpgcheck=0enable=1EOF[Extras]gpgcheck=0enable=1。
OpenStack踩坑之路(2)
wanger5354的博客
12-08 1512
但你凝视深渊的时候,深渊也在凝视你——尼采OpenStack认证服务搭建keystone服务概述OpenStack身份识别服务为管理身份验证,授权和服务目录提供了单点集成。身份服务通常是用户与之交互的第一个服务。一旦通过身份验证,最终用户就可以使用他们的身份访问其他OpenStack服务。同样,其他OpenStack服务利用身份服务来确保用户是他们所说的人,并发现部署中其他服务的位置。身份识别服务还可以与一些外部用户管理系统(如LDAP)集成。用户和服务可以通过使用由身份服务管理的服务目录来定位其他服务。顾
解决搭建官方openstack时遇到的服务器报错Internal Server Error 返回状态500The server encountered an internal error
热门推荐
抛物线的博客
05-16 4万+
这是登录dashboard时出现的报错 Internal Server Error The server encountered an internal error or misconfiguration and was unable to complete your request. Please contact the server administrator at root@localho...
devstack 使用openstack命令报错 The request you have made requires authentication. (HTTP 401) Missing valu...
05-17 1129
关联错误: The request you have made requires authentication. (HTTP 401) (Request-ID: req-88ad2cba-0f2d-499f-a179-f4abc3e120c3) Missing value auth-url required for auth plugin password cd /opt/stack/d...
网易OpenStack部署运维实战
03-03
OpenStack是一个开源的IaaS实现,目前在企业得到越来越多的应用,本文分享了网易公司利用OpenStack开发的一套云计算管理平台的实战经验,网易私有云平台团队希望通过本文和广大的OpenStack使用者进行一个交流。...
Openstack部署指南
06-18
OpenStack 部署指南 OpenStack 是一个社区,也是一个项目和一个开源软件,提供开放源码软件,建立公共和私有云,它提供了一个部署云的操作平台或工具集,其宗旨在于帮助组织运行为虚拟计算或存储服务的云,为公有云...
openstack 部署方法
03-08
openstack 部署方法 方案 openstack 部署方法 方案 openstack 部署方法 方案
openstack 部署手册
09-07
openstack 详细部署手册。
尝试基于centos7搭建openstack的keystone+swift服务
weixin_44417500的博客
01-15 3312
重新搭建swift+keystone服务 系统: CentOS7 linux内核: 3.10.0-693.el7.x86_64 controller节点ip: 192.168.3.241 object3节点ip: 192.168.3.202 object4节点ip: 192.168.3.203 搭建服务所需的环境 https://docs.openstack.org/install-guide/ 配置域名解析 控制节点 #vi /etc/hosts 添加如下: 192.168.3.2
全网最详细的openstack安装教程
m0_54476097的博客
08-12 3万+
全网最详细的openstack安装教程 文件目录 全网最详细的openstack安装教程 文件目录 openstack 官方文档介绍 环境准备: 环境部署 1)安装centos8并修改ip地址(三台都做) 2)同步时间NTP服务(三台都做) 3)安装openstack的库(三台都做) 4)安装sql数据库(control节点) ...
Openstack的cpu和内存超算比例配置
linux丶晨星
05-29 6882
文章:如何设置OpenStack节点Swap分区 内存和磁盘超配虽然能提供更多数量的虚拟机,当该宿主机上大量虚拟机的负载都很高时,轻着影响虚拟机性能,重则引起 qemu-kvm 相关进程被杀,即虚拟机被关机。因此对于线上稳定性要求高的业务,建议不要超配 RAM 和 DISK,但可适当超配 CPU。建议这几个参数设置为: CPU: CONF.cpu_allocation_ratio = 4 RAM: CONF.ram_allocation_ratio = 1.0 DISK: CONF.disk_allocat
openstack云平台
weixin_44717560的博客
04-12 5250
openstack云平台一、openstack简介二、基本搭建1、控制节点配置1.主机网络 一、openstack简介 OpenStack是一个由NASA(美国国家航空航天局)和Rackspace合作研发并发起的,以Apache许可证授权的自由软件和开放源代码项目。 OpenStack是一个开源的云计算管理平台项目,由几个主要的组件组合起来完成具体工作。OpenStack支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack通过各种互补的服务提供了
openstack理论知识【Openstack证书考试 2022】
qq_47848696的博客
04-22 1458
一、什么是 OpenStack Openstack是一个云平台管理的项目。 OpenStack是一个开源的云平台,它属于云计算中的IaaS, 简单来讲:他是来管理我们的硬件设施的。将服务器、交换机、路由器和存储等都由OpenStack 平台管理。 我们在设备上部署Linux操作系统,然后在操作系统上部署OpenStack,由OpenStack决定哪些虚拟机应该启动在哪些物理的计算节点上。 二、OpenStack的组件介绍 OpenStack是由很多个核心组件组合而成,每个组件都负责自己的一小块功能,如:负责
企业自建私有云-openstack-Nova计算服务(计算节点)
qq_39122260的博客
04-26 369
安装基础服务 yum -y remove epel-release.noarch yum install -y openstack-nova-compute openstack-utils python-openstackclient python2-PyMySQL python-memcached #服务运行在3个计算节点,使用ceph的话进行安装 yum install -y ceph-common 编辑nova.conf配置文件 #判断计算节点是否支持虚拟机的硬件加速 egrep ..
OpenStack U版双机部署-keystone服务
qq_43152344的博客
11-11 1073
keystone服务 OpenStack系统由几个单独安装的关键服务组成。这些服务根据云需求一起工作,包括计算,身份,网络,图像,块存储,对象存储,和数据库服务。 其中最终重要的就是keystone服务,他负责认证工作,用户登录你得找keystone要你的token什么令牌,有了他之后你才能执行操作,创建网络、安全组、启动实例等操作,而且在启动实例的时候,怎么知道去找glance要镜像、找neutron申请网络也是通过keystone,你发出请求glance和neutron就会搭理你吗?你也是需要将keys
openstack安装之认证服务安装配置笔记
m0_56539278的博客
05-11 871
1、Mariadb设置 1.1、数据库服务 启动数据库服务 systemctl enable mariadb.service systemctl start mariadb.service 1.2、登陆数据库 使用mysql登陆数据库,数据库密码:zhitu2017 mysql -u root -p 在mariadb中创建库实例 ,名为keystone的数据库 CREATE DATABASE keystone; 1.4、创建用户 建用户keystone,密码zhitu2017,然后退出
企业自建私有云-openstack-Nova计算服务(控制节点)
qq_39122260的博客
04-25 484
数据库创库授权 #创建nova数据库: CREATE DATABASE nova_api; CREATE DATABASE nova; create database nova_cell0; #授予恰当的权限 grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'NOVA_CXK_DBPASS'; grant all privileges on nova_api.* to 'nova'@'%' ..
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值