安装openstack节双点计算节点、控制节所需安装的模块
温馨提示
#1:建议每做完一个模块或者模块的某个节点进行拍摄快照,以便出错后有悔过的机会
#2:创建密码时尽量全部模块使用一个密码,免得给后续部署添麻烦
控制节点 | 计算节点 |
---|---|
第一块网卡:192.168.119.128 | 第一块网卡:192.168.119.129 |
第二块网卡:192.168.119.133 | 第二块网卡:192.168.119.132 |
-
需要创建两张网卡
-
controller节点
#网卡一
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="01f3637b-de95-4ad8-b316-2c5303fddf50"
DEVICE="ens33"
ONBOOT="yes"
#网卡2
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens36
DEVICE=ens36
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO=static
IPADDR=192.168.119.133
NATEMASK=255.255.255.0
GATEWAY=192.168.119.2
DNS1=192.168.119.2
[root@controller ~]#
- compute节点
#网卡一
[root@compute ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="ens33"
UUID="01f3637b-de95-4ad8-b316-2c5303fddf50"
DEVICE="ens33"
ONBOOT="yes"
[root@compute ~]#
#网卡2
[root@compute ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens36
DEVICE=ens36
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO=static
IPADDR=192.168.119.132
NATEMASK=255.255.255.0
GATEWAY=192.168.119.2
DNS1=192.168.119.2
[root@compute ~]#
#然后重启网卡,compute和controller节点都要执行
systemctl restart network
- 重启网络服务
systemctl restart network
控制节点(Controller Node):
控制节点负责管理 OpenStack 云的操作,包括身份认证、API 请求处理、服务编排等。以下是一些通常在控制节点上运行的关键服务:
- Keystone: OpenStack 的身份服务,提供认证和授权。
- Glance: 镜像服务,用于存储和检索虚拟机镜像。
- Nova API: 计算服务的 API 端点,处理计算资源的 API 请求。
- Neutron Server: 网络服务的 API,管理网络和IP地址分配。
- Heat: 编排服务,用于云资源的自动化部署(如果使用)。
- Dashboard: OpenStack 的 web 管理界面。
计算节点(Compute Node):
计算节点负责运行虚拟机实例。以下是一些通常在计算节点上运行的服务:
- Nova Compute: 负责管理虚拟机的生命周期,包括启动、停止和维护虚拟机。
- Neutron Agent: 网络节点,处理网络连接和IP地址分配。
- Swift Proxy: 如果对象存储服务分布在多个节点上,可能需要在计算节点上运行代理服务(如果使用)。
配置train库
#由于openstack社区提供的库是坏的,所以说下面的命令不可使用
yum install centos-release-openstack-train
#centos官方已经把库移植,下面是正确的库,一共有四个,可以任选一个使用
[centos-openstack-train-x86_64]
name=OpenStack x86_64
#centos.org
#baseurl=https://vault.centos.org/7.9.2009/cloud/x86_64/openstack-train/
#mirror.nsc.liu
#baseurl=http://mirror.nsc.liu.se/centos-store/7.9.2009/cloud/x86_64/openstack-train/
#linuxsoft.cern.org
baseurl=https://linuxsoft.cern.ch/centos-vault/7.9.2009/cloud/x86_64/openstack-train/
#archive.kernel.org
#baseurl=https://archive.kernel.org/centos-vault/7.9.2009/cloud/x86_64/openstack-train/
gpgcheck=1
enable=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
[centos-openstack-train-source]
name=openstack source
#centos.org
#baseurl=https://vault.centos.org/7.9.2009/cloud/Source/openstack-train/
#mirror.nsc.liu
#baseurl=http://mirror.nsc.liu.se/centos-store/7.9.2009/cloud/Source/openstack-train/
#linuxsoft.cern.org
baseurl=https://linuxsoft.cern.ch/centos-vault/7.9.2009/cloud/Source/openstack-train/
#archive.kernel.org
#baseurl=https://archive.kernel.org/centos-vault/7.9.2009/cloud/Source/openstack-train/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
#四个不同的库,可以选一个使用
[Virt]
name=CentOS-$releasever - Base
baseurl=http://mirrors.aliyun.com/centos/7.9.2009/virt/x86_64/kvm-common/
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
完成后建立缓存并更新资源包
[root@controller ~]# yum clean all
[root@controller ~]# yum makecache
[root@controller ~]# yum update -y
添加主机名
[root@controller ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.119.129 compute
192.168.119.128 controller
[root@compute ~]# vim /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.119.128 controller
192.168.119.129 compute
#两台主机都要添加,否则后期会遇到很多不必要但又折磨人的问题
安装openstack客户端
[root@controller]# yum install -y python-openstackclient
[root@compute and controller]# yum install -y openstack-selinux
安装mariadb数据库
[root@controller]# yum install mariadb mariadb-server python2-PyMySQL -y
#在mariadb的子置文件夹创建openstack.cnf文件
cat > /etc/my.cnf.d/openstack.cnf << 'EOF'
[mysqld]
bind-address = 192.168.119.128
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
- 启动数据库
[root@controller]# systemctl start mariadb
[root@controller]# systemctl enable mariadb
- 安装rabbitmq
[root@controller]# yum install -y rabbitmq-server
[root@controller]# systemctl start rabbitmq-server
[root@controller]# systemctl enable rabbitmq-server
- 建立并授权
openstack
用户
[root@controller]# rabbitmqctl add_user openstack 000000
[root@controller]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
- 安装并修改
memcached
和etcd
服务的配置文件
[root@controller]# yum install -y memcached python-memcached etcd
[root@controller]# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="128"
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller]# cat >> /etc/etcd/etcd.conf << "EOF"
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.119.133:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.119.133:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.119.133:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.119.133:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.119.133:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF
- 启动
mamcached
和etcd
服务
[root@controller]# systemctl start memcached etcd
[root@controller]# systemctl enable memcached etcd
keystone(认证服务)安装(controller)
安装数据库并创建keystone数据库
[root@controller ~]# yum install -y openstack-utils
MariaDB [(none)]> create database keystone;
#赋予一定权限给数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
#将KEYSTONE_DBPASS替换为合适的密码
安装和配置组件
[root@controller]# yum install openstack-keystone httpd mod_wsgi -y
- 然后编辑
/etc/keystone/keystone.conf
#找到[database]字段
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
#将KEYSTONE_DBPASS替换成数据库密码
#然后找到[token]字段
[token]
provider = fernet
#配置token令牌提供程序
- 导入keystone数据库
[root@controller]# su -s /bin/sh -c "keystone-manage db_sync" keystone
- 初始化fernet密钥存储库
[root@controller]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
- 引导identity服务
[root@controller]# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
#将ADMIN_PASS后面替换为适合管理用户的密码
配置apache(httpd)服务器
#在/etc/httpd/conf/httpd.conf文件
#找到ServerName字段,注意大小写,将ServerName 后面的字符串改成controller
ServerName controller
-
创建指向该文件的链接
[root@controller]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
完成安装
- 启动apache httpd服务器并将其开机自启
[root@controller]# setenforce 0
[root@controller]# systemctl start httpd
[root@controller]# systemctl enable httpd
#如果启动失败或者其它原因导致失败,那就把selinux改为宽容模式
- 通过设置适当的环境变量来配置管理账户admin-openrc
#在/root目录下创建文件admin-openrc
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
注意!
#如果在以后的命令中遇到这个错误:Missing value auth-url required for auth plugin password就是你的环境变量没用加载,需要使用source命令加载一下
- 创建service项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 9dbe2fd1a74d42609b5892df3cb431ed |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#列出项目列表
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 7de85557b6674577b9a47966563c20a8 | admin |
| 9dbe2fd1a74d42609b5892df3cb431ed | service |
+----------------------------------+---------+
glance(镜像服务)安装(controller)
安装数据库并创建glance数据库
#创建glance数据库
MariaDB [(none)]> create database glance;
#给予对glance数据库适当的访问权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
#将GLANCE_DBPASS替换为合适的密码
- 创建用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 966df81a14b741da94230bf89fae63f4 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#这里要是出现任何报错,那肯定是keystone中的某个步骤没有弄好导致报错,需要将之前的步骤重新做一遍
- 将角色添加到用户和项目:
Add the role to the user and project
:admin glance service
openstack role add --project service --user glance admin
- 创建服务实体:glance
[root@controller ~]# openstack service create --name glance \
--description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ff382df1d15041d6b731aaf83dd7a17c |
| name | glance |
| type | image |
+-------------+----------------------------------+
- 创建影像服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne \
image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1aa81f6b268748cca6301f4af3b5a742 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ff382df1d15041d6b731aaf83dd7a17c |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | dca8bf04b5aa432ebbff7b87832be484 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ff382df1d15041d6b731aaf83dd7a17c |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 863b0cd8672c4279be3c501b36c65c98 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ff382df1d15041d6b731aaf83dd7a17c |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
- 安装软件包
[root@controller]# yum install openstack-glance -y
- 编辑/etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
#GLANCE_DBPASS要换成合适的密码
- 然后在
[keystone_authtoken]
和[paste_deploy]
部分中配置身份服务访问
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
#将GLANCE_PASS更换为在identity附中为用户选择的密码
[paste_deploy]
flavor = keystone
- 然后配置本地文件系统和映像文件的位置
[glance_store]
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
- 导入数据库
su -s /bin/sh -c "glance-manage db_sync" glance
完成安装
- 启动镜像模块并开机自启
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
nova(计算服务)安装
nova(计算服务)安装(controller)
#安装这个服务时还包括placement和neutron组件的安装
- 创建数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
- 赋予数据库权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
#将NOVA_DBPASS替换为合适的密码
创建计算服务凭据
- 创建nova用户
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 10947975936846379ea234264e415545 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 将角色添加到用户:adminnova
[root@controller ~]# openstack role add --project service --user nova admin
- 创建服务实体
[root@controller ~]# openstack service create --name nova \
--description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | b06e728f92e345ff94393f3bda2b31c7 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
- 创建计算API服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 501c8edcf8d24522a225bc009758890f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b06e728f92e345ff94393f3bda2b31c7 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 84ae99945fce477092d27b25d6341864 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b06e728f92e345ff94393f3bda2b31c7 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1df03f6d6b0c4bd5bf6dac0eec9423bb |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b06e728f92e345ff94393f3bda2b31c7 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
安装Placement(放置服务)并配置用户和终结点
- 创建数据库
MariaDB [(none)]> create database placement;
- 赋予数据库权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
#将PLACEMENT_DBPASS替换为合适的密码
- 使用你选择的placement服务创建
PLACEMENT_PASS
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4301a822b35549c1bf01e63d73a627db |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 将placement用户添加到具有管理员角色的服务项目
[root@controller ~]# openstack role add --project service --user placement admin
- 在服务目录中创建
placement API
条目
[root@controller ~]# openstack service create --name placement \
--description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 63bf87308a3d4a68b14ae33f1a9f1a20 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
- 创建放置API服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \
placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bc577a66ec6f483aa41646d4c09fa95b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 63bf87308a3d4a68b14ae33f1a9f1a20 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 121c3ef7eed34f6eadd54950866c6fa0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 63bf87308a3d4a68b14ae33f1a9f1a20 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 19f117a82ed5437095b5f7fb9e3ad715 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 63bf87308a3d4a68b14ae33f1a9f1a20 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
- 安装
placement
服务
[root@controller ~]# yum install openstack-placement-api
- 编辑
/etc/placement/placement.conf
下的文件
#配置数据库访问,在[placement_database]字段下添加
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
#将PLACEMENT_PASS替换为你想替换的密码
- 配置
identity
服务接入
#在[api]字段下添加
auth_strategy = keystone
#在[keystone_authtoken]字段下添加
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
#将PLACEMENT_PASS/DBPASS替换为在identity中为用户选择的密码
- 导入数据库
placement
#注意:这个命令输出的任何结果除了error字符,其它皆忽略
su -s /bin/sh -c "placement-manage db sync" placement
完成安装:placement
- 重启httpd
[root@controller ~]# systemctl restart httpd
#如果遇到报错就把前面的步骤重新做一遍
安装和配置组件:nova
- 安装软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-novncproxy openstack-nova-scheduler
- 编辑
/etc/nova/nova.conf
#在[default]字段下添加
#启用计算和元数据API
[DEFAULT]
enabled_apis = osapi_compute,metadata
#将RABBIT_RAPASS替换为账户选择的密码
- 在
[api_database]
和[database]
部分中配置数据库访问
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
#要把NOVA_DBPASS替换为为计算选择的密码
- 配置消息队列访问
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
- 在
[api]
和[identity]
部分部分中配置identity
服务接入
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
#将NOVA_PASS替换为为用户选择的密码
- 在
[default]
部分中配置以使用控制节点的管理接口ip
[DEFAULT]
my_ip = 192.168.119.128
#ip地址要跟随本机的ip变化而变化
- 启用对网络服务的支持
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
#需要禁用防火墙
- 编辑/etc/nova/nova.conf
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
- 在该部分中,配置影像服务的位置,应用程序接口
[glance]
api_servers = http://controller:9292
- 配置锁定路径
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
- 配置对放置服务的访问权限
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
#将PLACEMENT_PASS替换为在安装placement时的密码
- 导入数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
- 注册数据库cell0
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
- 创建单元格,cell1
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
- 导入nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
- 验证nova cell0和cell1是否正确注册
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| 名称 | UUID | Transport URL | 数据库连接 | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:@controller/nova_cell0 | False |
| cell1 | 78959fc7-eec9-434d-a706-6f677ec9216b | rabbit://openstack:@controller:5672/ | mysql+pymysql://nova:@controller/nova | False |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
完成安装
[root@controller ~]# systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
[root@controller ~]# systemctl start \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
下面是compute节点的nova
- 安装openstack-nova-compute
[root@ompute ~]# yum install -y openstack-nova-compute
#安装时如果报错Requires: qemu-kvm-rhev >= 2.10.0那就是缺少这个库或者版本不够
[Virt]
name=CentOS-$releasever - Base
baseurl=http://mirrors.aliyun.com/centos/7.9.2009/virt/x86_64/kvm-common/#这一行的centos版本需要根据你使用的centos版本填
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
#保存建立缓存后安装
[root@controller]# yum install -y qemu-kvm-rhev
#然后返回上一步安装openstack-nova-compute
- 编辑/etc/nova/nova.conf
[DEFAULT]
#仅启用计算和元数据API
enabled_apis = osapi_compute,metadata
#配置消息队列访问
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
#将RABBIT_PASS替换为为账户选择的密码
- 配置identity访问
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
#将NOVA_PASS替换为为用户选择的密码,身份服务
- 配置网络接口
[default]
my_ip = 192.168.119.129
#参数后面跟本机ip
- 启用对网络服务的支持
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
- 启用和配置远程控制台
- 编辑文件/etc/nova/nova.conf
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.119.128#my_ip换成控制节点ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
- 配置影响服务的位置
[glance]
api_servers = http://controller:9292
- 配置锁定路径
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
- 配置placement API
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
#将PLACEMENT_PASS替换为在identity中为用户选择的密码
完成安装
- 确认节点是否支持硬件加速
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
#如果为一或更大则支持硬件加速
#如果为零则不支持硬件加速,必须配置才能使用 QEMU 而不是 KVM。zerolibvirt
- 编辑文件中的内容/etc/nova/nova.conf
[libvirt]
virt_type = qemu
- 启动计算服务(包括依赖项)并将他们配置为开机自启
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service
- 下面在控制节点(controller)节点执行
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 5 | nova-compute | compute | nova | enabled | up | 2024-07-24T09:16:19.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
[root@controller ~]#
- 发现主机
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 8a451f62-8df4-4972-add9-fb2d2de98031
Checking host mapping for compute host 'compute': db083fe9-d661-4c28-aed7-4ecd34ca576f
Creating host mapping for compute host 'compute': db083fe9-d661-4c28-aed7-4ecd34ca576f
Found 1 unmapped computes in cell: 8a451f62-8df4-4972-add9-fb2d2de98031
[root@controller ~]#
- 验证
[root@controller ~]# nova-status upgrade check
错误:
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 398, in main
ret = fn(*fn_args, **fn_kwargs)
File "/usr/lib/python2.7/site-packages/oslo_upgradecheck/upgradecheck.py", line 102, in chec
result = func(self)
File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 164, in _check_placement
versions = self._placement_get("/")
File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 154, in _placement_get
return client.get(path, raise_exc=True).json()
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 386, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/adapter.py", line 248, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 961, in request
raise exceptions.from_response(resp, method, url)
Forbidden: Forbidden (HTTP 403)
#如果报错就将以下代码添加进去在/etc/httpd/conf.d/00-placement-api.conf文件中
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
- 重启httpd服务后再次执行验证命令
[root@controller ~]# systemctl restart httpd
[root@controller ~]# nova-status upgrade check
+--------------------------------+
| Upgrade Check Results |
+--------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success |
| Details: None |
+--------------------------------+
| Check: Cinder API |
| Result: Success |
| Details: None |
+--------------------------------+
- 在添加新的计算节点时,必须在控制节点注册这些计算机,或者可以在配置文件里设置适当的时间间隔
[scheduler]
discover_hosts_in_cells_interval = 300
网络服务安装
controller(控制节点)安装
- 创建数据库
MariaDB [(none)]> CREATE DATABASE neutron;
- 赋予数据库权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
- 创建服务凭据:neutron
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 43c289ac290e4dfcb752243519b4b8d1 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]#
- 向用户添加角色admin
[root@controller ~]# openstack role add --project service --user neutron admin
- 创建服务实体 neutron
[root@controller ~]# openstack service create --name neutron \
--description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 576f9084ee614c898572ccb3761e67bc |
| name | neutron |
| type | network |
+-------------+----------------------------------+
- 创建网络服务API端点
[root@controller ~]# openstack endpoint create --region RegionOne \
network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c7cc9e8c2634e91a21053281a005720 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 576f9084ee614c898572ccb3761e67bc |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 242d7eb4164542b2983098cba271fe20 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 576f9084ee614c898572ccb3761e67bc |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 72ab8286db1b46d0b209ca97e02dcead |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 576f9084ee614c898572ccb3761e67bc |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
配置网络选项
-
自主网络
-
安装组件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
- 配置服务器组件
- 编辑/etc/neutron/neutron.conf
#配置数据库访问
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
#将NEUTRON_DBPASS替换为为数据库选择的密码
- 启用模块化第2层(ML2)插件并禁用其他插件
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
- 配置rabbitmq
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
#将RABBIT_PASS替换为正在rabbitmq中为账户选择的密码
- 配置身份访问
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
#将NEUTRON_PASS替换为在identity中为用户选择的密码
- 将networking配置为通知计算网络拓扑更改
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
#将NOVA_PASS替换为在identity中为用户选择的密码
- 配置锁定路径
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
- 配置模块化第二层插件
- 编辑/etc/neutron/plugins/ml2/ml2_conf.ini
#如果配置文件里没有对应字段就添加对应字段
#启用平面网络和vlan网络
[ml2]
type_drivers = flat,vlan,vxlan
#启用自助服务网络
tenant_network_types = vxlan
#启用linux桥接机制
[ml2]
mechanism_drivers = linuxbridge,l2population
#启用端口安全扩展驱动程序
[ml2]
extension_drivers = port_security
- 配置提供商虚拟网络作为扁平网络
[ml2_type_flat]
flat_networks = provider
- 配置 VXLAN 网络标识符 自助服务网络范围
[ml2_type_vxlan]
vni_ranges = 1:1000
- 启用ipset以增加安全组规则的效率
[securitygroup]
enable_ipset = true
-
配置linux网桥代理
-
将提供程序虚拟网络映射到 提供商物理网桥并配置 IP 地址 处理覆盖网络的物理网络接口
-
编辑文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
-
将提供程序虚拟网络映射到提供商物理网络接口
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
#将这个PROVIDER_INTERFACE_NAME替换为你的第二网卡
- 处理覆盖网络的物理接口的IP地址
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
#OVERLAY填控制节点ip
- 启用 安全组配置和ovs本机或混合iptables防火墙驱动程序
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 编辑/etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#添加进去
- 永久加载模块
[root@controller ~]# cat > /etc/modules-load.d/neutron.conf <<EOF
br_netfilter
EOF
#设置开机启动
[root@controller ~]# systemctl restart systemd-modules-load
[root@controller ~]# systemctl enable systemd-modules-load
-
配置三层代理
-
编辑/etc/neutron/l3_agent.ini
-
配置linux桥接接口驱动程序
[DEFAULT]
interface_driver = linuxbridge
-
配置dhcp代理
-
在/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
- 配置元数据代理
- /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
#将 METADATA_SECRET替换为元数据的合适的密钥
- 编辑/etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
#将NEUTRON_PASS替换为在identity中选择的密码
#将METADATA_SECRET替换为在元数据代理中选择的密码
完成安装
- 创建软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- 导入数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 重启api服务
systemctl restart openstack-nova-api.service
- 启用网络服务并设置为开机自启
[root@controller ~]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
- 启用三层网络
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
compute(计算节点)安装
- 安装组件
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset
- 编辑/etc/neutron/neutron.conf
- 配置消息访问队列
- 在[database]部分中,注释掉任何连接选项,因为计算节点不直接访问数据库
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
#将RABBIT_PASS替换为在rabbitmq中为账户选择的密码
- 配置身份访问
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
#将NEUTRON_PASS替换为在identity中为用户选择的密码
- 配置锁定路径
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置网络选项
- 提供商网络
- 配置open vSwitch代理
- 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
- 配置网桥和IP地址
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
#PROVIDER_INTERFACE_NAME将这个替换为你的第二网卡
- 配置处理覆盖网络的物理网络接口的IP地址
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
- 启用安全组和配置ovs本机或混合iptables防火墙驱动程序
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 修改内核参数
- 在/etc/sysctl.conf下
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
- 加载模块
[root@compute ~]# cat > /etc/modules-load.d/neutron.conf <<EOF
br_netfilter
EOF
#设置开机启动
[root@compute ~]# systemctl restart systemd-modules-load
[root@compute ~]# systemctl enable systemd-modules-load
-
配置计算服务以使用网络服务
-
/etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
#将NEUTRON_PASS替换为在identity中为用户选择的密码
- 重启计算服务
[root@compute ~]# systemctl restart openstack-nova-compute.service
- 启用桥接代理并设置开机启动
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
编排服务可以选择性安装
heat(编排服务)安装
-
在controller节点下
-
创建并配置heat数据库
MariaDB [(none)]> create database heat;
- 赋予heat权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' \
IDENTIFIED BY 'HEAT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' \
IDENTIFIED BY 'HEAT_DBPASS';
#将HEAT_DBPASS替换为合适的密码
创建服务凭据
- 创建角色
[root@controller ~]# openstack user create --domain default --password-prompt heat
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 62180804e2a144a9a33a3d80ec21255e |
| name | heat |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 添加角色heat
[root@controller ~]# openstack role add --project service --user heat admin
- 创建服务实体
[root@controller ~]# openstack service create --name heat \
--description "Orchestration" orchestration
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 0d9d8aa3d7d34c52945ce5d5ef5519cb |
| name | heat |
| type | orchestration |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name heat-cfn \
--description "Orchestration" cloudformation
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Orchestration |
| enabled | True |
| id | 40f77a233d3749599c92ed830e81e8c4 |
| name | heat-cfn |
| type | cloudformation |
+-------------+----------------------------------+
- 创建业务流程api端点
[root@controller ~]# openstack endpoint create --region RegionOne \
orchestration public http://controller:8004/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | e9383b09d4d34b7a8bb8af5b701dd04b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0d9d8aa3d7d34c52945ce5d5ef5519cb |
| service_name | heat |
| service_type | orchestration |
| url | http://controller:8004/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
orchestration internal http://controller:8004/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | fccc45cb2124495db61358b4210d7953 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0d9d8aa3d7d34c52945ce5d5ef5519cb |
| service_name | heat |
| service_type | orchestration |
| url | http://controller:8004/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
orchestration admin http://controller:8004/v1/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | e7700d561f0f455c847a1f5f0e676b96 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0d9d8aa3d7d34c52945ce5d5ef5519cb |
| service_name | heat |
| service_type | orchestration |
| url | http://controller:8004/v1/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
cloudformation public http://controller:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3cf56ecdbdd14d328538b5f8963b21f6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 40f77a233d3749599c92ed830e81e8c4 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://controller:8000/v1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
cloudformation internal http://controller:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d20d5d10b7474dd98120e41592f17b82 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 40f77a233d3749599c92ed830e81e8c4 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://controller:8000/v1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
cloudformation admin http://controller:8000/v1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 45f0a5bcfca6493898d1bffcfb436579 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 40f77a233d3749599c92ed830e81e8c4 |
| service_name | heat-cfn |
| service_type | cloudformation |
| url | http://controller:8000/v1 |
+--------------+----------------------------------+
-
编排identity堆栈
-
创建包含项目和用户的域
[root@controller ~]# openstack domain create --description "Stack projects and users" heat
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Stack projects and users |
| enabled | True |
| id | 1b8d125604ec4c44a35b561263e29ca9 |
| name | heat |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
- 创建用户以管理项目和用户:heat_domain_adminheat
[root@controller ~]# openstack user create --domain heat --password-prompt heat_domain_admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 1b8d125604ec4c44a35b561263e29ca9 |
| enabled | True |
| id | c615a8ceeb604f74b45c469902c09cd4 |
| name | heat_domain_admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 将角色添加到域中的用户以启用管理堆栈:adminheat_domain_adminheatheat_domain_admin
[root@controller ~]# openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
- 创建角色heat_stack_owner
[root@controller ~]# openstack role create heat_stack_owner
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | f989b812a1754cd79c19738cf5d776ce |
| name | heat_stack_owner |
| options | {} |
+-------------+----------------------------------+
- 创建用户和项目
openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 819db720b9fa44eca76b5f0c68a17d5b |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack project create --domain default demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | |
| domain_id | default |
| enabled | True |
| id | ee228cbb959b4efba50a979d7dec33fe |
| is_domain | False |
| name | demo |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
- 将角色添加到项目和用户 通过用户启用堆栈管理:heat_stack_owner
[root@controller ~]# openstack role add --project demo --user demo heat_stack_owner
#因为官网文档上面并没有写出创建demo用户和项目的命令就直接添加所以说这里会跟官方文档有出入
- 创建角色heat_stack_user
[root@controller ~]# openstack role create heat_stack_user
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | None |
| domain_id | None |
| id | 2325ea7e73634c2f8818b4338845c770 |
| name | heat_stack_user |
| options | {} |
+-------------+----------------------------------+
安装与配置组件
[root@controller ~]# yum install openstack-heat-api openstack-heat-api-cfn \
openstack-heat-engine
- 编辑/etc/heat/heat.conf
[database]
connection = mysql+pymysql://heat:HEAT_DBPASS@controller/heat
#将HEAT_DBPASS替换为编排数据库的密码
- 配置消息队列访问
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
#将RABBIT_PASS替换为在rabbitmq中的为账户选择的密码
- 配置身份服务访问
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = heat
password = HEAT_PASS
#如果查找不到keystone_authtoken字段的话,那就自己创建一个
[trustee]
auth_type = password
auth_url = http://controller:5000
username = heat
password = HEAT_PASS
user_domain_name = default
[clients_keystone]
auth_uri = http://controller:5000
#将HEAT_PASS替换为在identity中为用户选择的密码
- 配置元数据和等待条件url
[DEFAULT]
heat_metadata_server_url = http://controller:8000
heat_waitcondition_server_url = http://controller:8000/v1/waitcondition
- 配置堆栈和管理凭据
[DEFAULT]
stack_domain_admin = heat_domain_admin
stack_domain_admin_password = HEAT_DOMAIN_PASS
stack_user_domain_name = heat
#将HEAT_DOMAIN_PASS替换为在identity中为用户选择的密码
- 导入数据库
su -s /bin/sh -c "heat-manage db_sync" heat
完成安装
- 启动编排服务并设置开机自启
[root@controller ~]# systemctl start openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
[root@controller ~]# systemctl enable openstack-heat-api.service openstack-heat-api-cfn.service openstack-heat-engine.service
Dashboard(图形化安装)
- 安装软件包
[root@controller ~]# yum install openstack-dashboard -y
- 编辑/etc/openstack-dashboard/local_settings
- 配置仪表盘服务
OPENSTACK_HOST = "cotroller"
- 允许你的主机访问仪表盘
ALLOWED_HOSTS = ['*']
- 配置会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
- 启用identity API版本3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
- 启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
#如果文件里面查找不到就添加上
- 配置API版本和访问路径
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
#这个也是,下面的都一样,如果配置文件里面没有这个选项就加上
WEBROOT = '/dashboard'
- 配置你创建的用户的默认域
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
- 默认角色通过仪表盘创建:user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
- 如果你的网络配置是服务商网络那就将内容将内容改为
- 如果你是自主服务网络就不需要动
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_fip_topology_check': False,
}
- 配置/etc/httpd/conf.d/openstack-dashboard.conf
#将以下标签添加到这个配置文件
WSGIApplicationGroup %{GLOBAL}
#添加到最上面
- 最后重启httpd和memcached
systemctl restart memcached httpd