概述
目前已经有几个成熟的自动化安装 OpenStack 的工具,例如 PackStack、Kolla 等,安装比较方便,但是手动安装能够理解到 OpenStack 中的更多原理,当然安装过程中也会遇到很多坑,一一解决后,能够更加深入的理解 OpenStack。
本文是是根据 OpenStack 官网的文档,以及 PackStack 自动安装的环境,然后经过多次测试手动安装后整理的。
由于 OpenStack 安装复杂,并且安装过程中的产生的配置文件较多,文档将会分成多个部分编写。
大致包括以下几块内容
- 基础环境准备、KeyStone、Glance、Nova 安装(本篇文档内容)
- Neutron 安装
- 环境初始化与测试
- Ceph 的部署以及对接 OpenStack
本次部署的 OpenStack 版本是 ussuri,各节点使用的系统为 CentOS8.2
环境准备
介绍
需要准备一台物理机,CentOS、Ubuntu 或其他发行版均可,我这里使用的是 CentOS 7.8
需要安装了OpenvSwitch,以及 kvm,然后创建 3 台 CentOS8.2 的虚机,分别作为控制节点、计算节点、网络节点。
拓扑图
![image-20201117221716051](https://tva1.sinaimg.cn/large/0081Kckwly1gksj4zi9h7j31b40u0n0p.jpg)
KVM 与 OpenvSwitch 安装
yum -y install qemu-kvm libvirt virt-install bridge-utils
systemctl start libvirtd && systemctl enable libvirtd
# 可以先安装 openstack 的源
yum install -y centos-release-openstack-train
# 直接 yum 安装 openvswitch
yum install -y openvswitch
KVM 网络配置
-
编辑配置文件
我这里多创建了几个网口,留做备用
vim ovsbr0.xml <network> <name>ovsbr0</name> <forward mode='bridge'/> <bridge name='ovsbr0'/> <virtualport type='openvswitch'/> <portgroup name='VLAN10'> <vlan> <tag id='10'/> </vlan> </portgroup> <portgroup name='VLAN11'> <vlan> <tag id='11'/> </vlan> </portgroup> <portgroup name='VLAN12'> <vlan> <tag id='12'/> </vlan> </portgroup> <portgroup name='VLAN13'> <vlan> <tag id='13'/> </vlan> </portgroup> <portgroup name='VLAN14'> <vlan> <tag id='14'/> </vlan> </portgroup> <portgroup name='TRUNK'> <vlan trunk='yes'> <tag id='10'/> <tag id='11'/> <tag id='12'/> <tag id='13'/> <tag id='14'/> </vlan> </portgroup> </network>
-
创建 kvm 的网络
# 先创建 openvswitch 的桥 ovs-vsctl add-br ovsbr0 # 创建网络 virsh net-define ovsbr0.xml virsh net-start ovsbr0 && virsh net-autostart ovsbr0
虚机安装
# 下载镜像
wget http://mirrors.163.com/centos/8.2.2004/isos/x86_64/CentOS-8.2.2004-x86_64-minimal.iso
# 创建硬盘
qemu-img create -f qcow2 os21.qcow2 200G
qemu-img create -f qcow2 os22.qcow2 200G
qemu-img create -f qcow2 os23.qcow2 200G
# 创建虚机
# 这里仅列出一台虚机的 virt-install 命令供参考
virt-install \
--virt-type kvm \
--cpu host-passthrough \
--name test \
--ram 16384 \
--vcpus 8 \
--cdrom=/root/CentOS-8.2.2004-x86_64-minimal.iso \
--disk path=/root/os21.qcow2 \
--network=network=ovsbr0,portgroup=VLAN10,model=virtio \
--network=network=ovsbr0,portgroup=VLAN11,model=virtio \
--network=network=ovsbr0,portgroup=TRUNK,model=virtio \
--graphics vnc,listen=0.0.0.0 \
--noautoconsole
OpenStack 安装部署
环境准备
开始前,请先确保已经准备好了 3 台 CentOS 8.2 的虚机
系统基本配置
-
主机名与 Hosts 配置
# 分别在三台主机执行 hostnamectl set-hostname os21 --static hostnamectl set-hostname os22 --static hostnamectl set-hostname os23 --static # 分别在三台主机配置 Hosts echo -e "172.19.10.21 os21\n172.19.10.22 os22\n172.19.10.23 os23" >> /etc/hosts
-
关闭 firewalld
# 分别在三台主机执行 systemctl stop firewalld && systemctl disable firewalld
-
SELinux 关闭
sed -i 's/^SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
NTP 配置
我们将控制节点设置为从公网 NTP 服务器同步时间,其他节点从控制节点同步时间
# 先安装 chronyd
yum install chrony -y
# 修改控制节点的 NTP
vim /etc/chrony.conf
pool ntp.aliyun.com iburst
------------
systemctl restart chronyd && systemctl enable chronyd
# 在计算节点和网络节点执行如下命令
sed -i 's/^pool.*/pool os21 iburst/g' /etc/chrony.conf
systemctl restart chronyd && systemctl enable chronyd
# 在三台节点执行如下命令设置时区
timedatectl set-timezone Asia/Shanghai
验证
# 查看同步的源是否正确,以及时间是否和真实的时间一致
chronyc sources
date
安装 OpenStack Package
分别在三个节点执行如下命令
yum install -y centos-release-openstack-ussuri
yum config-manager --set-enabled PowerTools
yum upgrade -y
# 安装 client
yum install -y python3-openstackclient
安装数据库
仅在控制节点执行如下命令
yum install -y mariadb mariadb-server python2-PyMySQL
cat << EOF > /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 172.19.10.21
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
---------
systemctl start mariadb && systemctl enable mariadb
# 执行 mariadb 初始化
mysql_secure_installation
消息队列
仅在控制节点执行
yum install rabbitmq-server -y
systemctl start rabbitmq-server && systemctl enable rabbitmq-server
rabbitmqctl add_user openstack demo123
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Memcached 安装
仅在控制节点执行
yum install memcached python3-memcached -y
sed -i 's/127.0.0.1/172.19.10.21/g' /etc/sysconfig/memcached
systemctl start memcached && systemctl enable memcached
etcd
仅在控制节点执行
yum install etcd -y
# 对配置文件做如下更改
vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.19.10.21:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.19.10.21:2379"
ETCD_NAME=os21"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.19.10.21:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.19.10.21:2379"
ETCD_INITIAL_CLUSTER="os21=http://172.19.10.21:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
----------------
systemctl start etcd && systemctl enable etcd
重启服务器
reboot
KeyStone 部署
KeyStone 的部署都在控制节点上
-
数据库创建
[root@os21 ~]# mysql -uroot -p Enter password: MariaDB [(none)]> create database keystone; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone_db_demo123'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone_db_demo123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> quit Bye
-
安装和配置组件
yum install openstack-keystone httpd python3-mod_wsgi -y ------------- vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:keystone_db_demo123@os21/keystone [token] provider = fernet ------------- su -s /bin/sh -c "keystone-manage db_sync" keystone # 验证是否生成正常表 mysql -u root -p show tables from keystone; # 初始化 fernet key keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone # 引导身份服务 keystone-manage bootstrap --bootstrap-password demo123 \ --bootstrap-admin-url http://os21:5000/v3/ \ --bootstrap-internal-url http://os21:5000/v3/ \ --bootstrap-public-url http://os21:5000/v3/ \ --bootstrap-region-id RegionOne
-
配置 Apache
vim /etc/httpd/conf/httpd.conf ServerName os21 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
-
完成安装
systemctl enable httpd.service && systemctl start httpd.service # 编辑 openstack rc vim keystone_admin unset OS_SERVICE_TOKEN export OS_USERNAME=admin export OS_PASSWORD='demo123' export OS_REGION_NAME=RegionOne export OS_AUTH_URL=http://172.19.10.21:5000/v3 export PS1='[\u@\h \W(keystone_admin)]\$ ' export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_IDENTITY_API_VERSION=3 ---------------
-
创建服务
# 加载环境变量 source keystone_admin # 创建服务,给 OpenStack 的各个组件使用 openstack project create --domain default --description "Service Project" service
Glance 部署
Glance 的配置都在控制节点
-
数据库创建
[root@os21 ~(keystone_admin)]# mysql -u root -p Enter password: MariaDB [(none)]> create database glance; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance_db_demo1123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'%' identified by 'glance_db_demo123'; Query OK, 0 rows affected (0.001 sec)
-
用户、服务、endpoint 创建
# 输入密码 glance_svc_demo123 openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin openstack service create --name glance --description "OpenStack Image" image openstack endpoint create --region RegionOne image public http://os21:9292 openstack endpoint create --region RegionOne image internal http://os21:9292 openstack endpoint create --region RegionOne image admin http://os21:9292
-
安装组件
yum install openstack-glance -y vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:glance_db_demo123@os21/glance [keystone_authtoken] www_authenticate_uri = http://os21:5000 auth_url = http://os21:5000 memcached_servers = os21:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance_svc_demo123 [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ ------------- # 同步数据库 su -s /bin/sh -c "glance-manage db_sync" glance
-
完成安装
systemctl start openstack-glance-api && systemctl enable openstack-glance-api
-
确认是否正常
# 下载 cirros,这个镜像 10M 左右,做 OpenStack 的测试很好用 wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img # 生成镜像 glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility=public # 查看镜像列表 openstack image list
Placement
Placement 的部署都在控制节点
-
数据库创建
[root@os21 ~(keystone_admin)]# mysql -u root -p Enter password: MariaDB [(none)]> create database placement; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> grant all privileges on placement.* to 'placement'@'localhost' identified by 'placement_db_demo123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> grant all privileges on placement.* to 'placement'@'%' identified by 'placement_db_demo123'; Query OK, 0 rows affected (0.001 sec)
-
用户、服务、endpoint 创建
openstack user create --domain default --password-prompt placement User Password: Repeat User Password: openstack role add --project service --user placement admin openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://os21:8778 openstack endpoint create --region RegionOne placement internal http://os21:8778 openstack endpoint create --region RegionOne placement admin http://os21:8778
-
安装组件
yum install openstack-placement-api -y vim /etc/placement/placement.conf [placement_database] connection = mysql+pymysql://placement:placement_db_demo123@os21/placement [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://os21:5000/v3 memcached_servers = os21:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = placement_svc_demo123 ----------------------- vim /etc/httpd/conf.d/00-placement-api.conf <VirtualHost *:8778> # 加入以下内容 <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> ----------------------- # 同步数据库 su -s /bin/sh -c "placement-manage db sync" placement
-
重启服务
systemctl restart httpd
-
验证
placement-status upgrade check
Nova
控制节点
-
数据库配置
[root@os21 ~(keystone_admin)]# mysql -u root -p Enter password: MariaDB [(none)]> create database nova_api; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> create database nova; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> create database nova_cell0; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'nova_db_demo123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'%' identified by 'nova_db_demo123'; Query OK, 0 rows affected (0.009 sec) MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by 'nova_db_demo123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by 'nova_db_demo123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by 'nova_db_demo123'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'%' identified by 'nova_db_demo123'; Query OK, 0 rows affected (0.000 sec)
-
用户、服务、endpoint 配置
openstack user create --domain default --password-prompt nova openstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://os21:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://os21:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://os21:8774/v2.1
-
安装组件并配置
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y vim /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:demo123@os21:5672/ my_ip = 172.19.10.21 [api_database] connection = mysql+pymysql://nova:nova_db_demo123@os21/nova_api [database] connection = mysql+pymysql://nova:nova_db_demo123@os21/nova [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://os21:5000/ auth_url = http://os21:5000/ memcached_servers = os21:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = nova_svc_demo123 [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers = http://os21:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://os21:5000/v3 username = placement password = placement_svc_demo123 ------------------- su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova # 我这里创建 cell1 时有报错 su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova # 报错信息如下, [root@os21 ~(keystone_admin)]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova --transport-url not provided in the command line, using the value [DEFAULT]/transport_url from the configuration file --database_connection not provided in the command line, using the value [database]/connection from the configuration file a33d95af-415a-4db8-b3d4-f68750d9455f su -s /bin/sh -c "nova-manage db sync" nova su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
-
完成安装
systemctl start openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
计算节点
-
安装组件
yum install openstack-nova-compute -y
-
配置文件
vim /etc/nova/nova.conf [DEFAULT] enable_apis = osapi_compute,metadata transport_url = rabbit://openstack:demo123@os21 my_ip = 172.19.10.22 [api] auth_strategy = keystone [glance] api_servers = http://os21:9292 [keystone_authtoken] www_authenticate_uri = http://os21:5000/ auth_url = http://os21:5000/ memcached_servers = os21:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = nova_svc_demo123 [libvirt] virt_type = qemu [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://os21:5000/v3 username = placement password = placement_svc_demo123 [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://os21:6080/vnc_auto.html
-
启动服务
systemctl start libvirtd openstack-nova-compute && systemctl enable libvirtd openstack-nova-compute
-
添加计算节点到数据库
openstack compute service list --service nova-compute su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova # 调整发现计算节点的时间间隔 vim /etc/nova/nova.conf [scheduler] discover_hosts_in_cells_interval = 300
-
验证
openstack compute service list openstack catalog list