环境
controller
compute
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.200.145 controller
192.168.200.146 compute
关闭防火墙,两个节点都要执行
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
[root@controller ~]# sed -i 's/=enforcing/=permissive/g' /etc/selinux/config
[root@controller ~]# setenforce 0
[root@controller ~]# getenforce
Permissive
配置阿里源,两个节点
[root@controller ~]# yum install -y wget
[root@controller ~]# wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
[root@controller ~]# cat /etc/yum.repos.d/openstack.repo
[openstack] //openstack Q版源
name=openstack
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/
gpgcheck=0
enabled=1
[root@controller ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras openstack updates
Cleaning up everything
Cleaning up list of fastest mirrors
[root@controller ~]# yum makecache
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
openstack | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/13): base/7/x86_64/group_gz | 165 kB 00:00:00
(2/13): base/7/x86_64/filelists_db | 7.3 MB 00:00:10
(3/13): extras/7/x86_64/filelists_db | 207 kB 00:00:01
(4/13): extras/7/x86_64/primary_db | 153 kB 00:00:01
(5/13): extras/7/x86_64/other_db | 100 kB 00:00:00
(6/13): openstack/primary_db | 1.3 MB 00:00:04
(7/13): base/7/x86_64/other_db | 2.6 MB 00:00:05
(8/13): openstack/other_db | 532 kB 00:00:01
(9/13): base/7/x86_64/primary_db | 6.0 MB 00:00:18
(10/13): updates/7/x86_64/filelists_db | 3.3 MB 00:00:07
(11/13): updates/7/x86_64/other_db | 368 kB 00:00:00
(12/13): openstack/filelists_db | 4.8 MB 00:00:15
(13/13): updates/7/x86_64/primary_db | 5.9 MB 00:00:12
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Metadata Cache Created
安装openstack包,两节点
yum install python-openstackclient openstack-selinux -y
安装配置mysql数据库,controller节点
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# cat /etc/my.cnf.d/openstack.cnf
[mysqld]
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl start mariadb.service
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# mysql_secure_installation
安装rabbitmq,并添加openstack用户,controller节点
[root@controller ~]# yum install rabbitmq-server
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# rabbitmqctl add_user openstack 000000
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
安装memcached,controller节点
yum install memcached python-memcached -y
[root@controller ~]# cat /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
安装etcd controller节点
[root@controller ~]# yum install etcd -y
cat /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.200.145:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.200.145:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.200.145:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.200.145:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.200.145:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller ~]# systemctl start etcd
[root@controller ~]# systemctl enable etcd
Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service.
安装openstack服务
keystone安装,controller节点执行
创建keystone数据库并授权
[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
[root@controller ~]#
安装Apache,keystone包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
配置/etc/keystone/keystone.conf,代码如下
[root@controller ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection=mysql+pymysql://keystone:000000@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider=fernet
[tokenless_auth]
[trust]
[unified_limit]
数据库同步
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
引导身份服务,admin用户密码我设置为000000
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 \
> --bootstrap-admin-url http://controller:5000/v3/ \
> --bootstrap-internal-url http://controller:5000/v3/ \
> --bootstrap-public-url http://controller:5000/v3/ \
> --bootstrap-region-id RegionOne
设置Apache http服务
编辑/etc/httpd/conf/httpd.conf 设置ServerName=controller
创建一个链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动服务
[root@controller ~]# systemctl start httpd.service
[root@controller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
配置管理账户
[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=000000
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# export OS_AUTH_URL=http://controller:5000/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
创建域,项目,用户,角色
[root@controller ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 8c0615060cbf4850963856cf243af18a |
| name | example |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 17fc31ee50574be4a01de5f31c0432d1 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | d0de1ec9d08947369042ce13cb07bf6a |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack user create --domain default \
> --password-prompt demo
> User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2bde58cd32ba47239b2fabf154d3f72a |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 01b167db5e47474b8d0644f012bffe21 |
| name | user |
+-----------+----------------------------------+
[root@controller ~]# openstack role add --project demo --user demo user
验证
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-01-11T03:32:36+0000 |
| id | gAAAAABeGTPELTmouTWf4DJLdVtc9RB_6BzU8lnrcA_D7XOXo-6mcn4AXSFMs4AYStki78Fsicq0wLLRn1rpSH6cm-GBukwwRakl4ShTM8Ql6JKr2hbjd7PJidMOUYz-oKf_jZlD2pKinHWFhBeQMcSD-t01T73zwAwWJ5fsjfSObJfdtJ_GP78 |
| project_id | b9ab2f9920da486088ab21edad8076c3 |
| user_id | 6a6189e7ffcb4315995e13caa80974f4 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-01-11T03:33:01+0000 |
| id | gAAAAABeGTPdrWLFDfHFkTa5WA0sBBCb5XoEBIW1Az0rPrqWQ3ohkUog_LN-XOkPa163HdJPIsEj-gL4g7o1BC-QdU3PtcOmq74YA9qi8SU-KWbk_wJJg0HPX2fWnmoO4lhnI3wT9lt9MYUUeVXEvY5xqs4hJbwg0zIBiIxtJsokQwS_F5YrqcY |
| project_id | d0de1ec9d08947369042ce13cb07bf6a |
| user_id | 2bde58cd32ba47239b2fabf154d3f72a |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
创建openstack用户环境变量脚本
[root@controller ~]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller ~]# cat demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
使用脚本
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-01-11T03:35:48+0000 |
| id | gAAAAABeGTSEFBYoCqBnRYbE2ocFbuUM_q9MST2HQbbMOgO2lpotODuDX0udBAZbddAfgX1GEFrbhg33mqNkQd0kv4Tp1VjFPFoHKINu8JoRML7sOyjyW-g-hxnsAQm7oKGe226zhVBHqzqR5ADIc4b85lD5C5fdx7Olhe6nDv_2aKBE7ibXZGQ |
| project_id | b9ab2f9920da486088ab21edad8076c3 |
| user_id | 6a6189e7ffcb4315995e13caa80974f4 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
glance服务 controller节点
创建glance数据库
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 18
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
创建glance用户,服务,端口
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 68317d3036ce4522804870cec57d733a |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8af3dcd10251483f9bc28108a7c98dbf |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bd1e2fdafb904b4eb78b18cfe79a23a5 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8af3dcd10251483f9bc28108a7c98dbf |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6d7b948f6f534acaad45a320c90df6da |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8af3dcd10251483f9bc28108a7c98dbf |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8156a28cd6b84761814e51ba90c43144 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8af3dcd10251483f9bc28108a7c98dbf |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
安装并配置glance(密码跟我不一样的需要改,将密码改了)
[root@controller ~]# yum install openstack-glance -y
[root@controller ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[glance_store]
stores=file,http
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 000000
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
[root@controller ~]# cat /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 000000
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
同步数据库并启动glance
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_expand01, current revision(s): queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
[root@controller ~]# systemctl enable openstack-glance-api.service \
> openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller ~]# systemctl start openstack-glance-api.service \
> openstack-glance-registry.service
验证是否成功,上传镜像测试。
[root@controller ~]# glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
nova服务
安装controller节点nova
创建nova所需要的数据库
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 22
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
创建nova用户,服务,端口
[root@controller ~]# openstack user create --domain default --password 000000 nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8ebb1944d9de44ea990757acb9dcee22 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
> --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 676625f8aa6941c8979f9f40d45720e8 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f080d98eadc949dd94466c52775e367d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 676625f8aa6941c8979f9f40d45720e8 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cf470ab01538441b80843bf759a19e84 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 676625f8aa6941c8979f9f40d45720e8 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 90b7a6e0613f4c77a0926f3db844dccd |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 676625f8aa6941c8979f9f40d45720e8 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4e4cb03735c64792983561d83aa04b30 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 8bf39be24e354703b2b494409fd3ae2a |
| name | placement |
| type | placement |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4f0d00b200264c3d9dc6e97a07afc121 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8bf39be24e354703b2b494409fd3ae2a |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 97c7fa7cec9043ee95471a880ae623dc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8bf39be24e354703b2b494409fd3ae2a |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4d86432c4bd24bc59b3251af70d5ab69 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8bf39be24e354703b2b494409fd3ae2a |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
配置nova(my_ip为controller节点的ip)
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-console openstack-nova-novncproxy \
> openstack-nova-scheduler openstack-nova-placement-api -y
[root@controller ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip=192.168.200.145
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:000000@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[crypto]
[database]
connection = mysql+pymysql://nova:000000@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 000000
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
[root@controller ~]# cat /etc/httpd/conf.d/00-nova-placement-api.conf
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
WSGIScriptAlias / /usr/bin/nova-placement-api
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/nova/nova-placement-api.log
#SSLEngine On
#SSLCertificateFile ...
#SSLCertificateKeyFile ...
</VirtualHost>
Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
[root@controller ~]# systemctl restart httpd
同步数据库并启动nova服务
[root@controller ~]# [root@controller ~]# systemctl restart httpd^C
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
0bbc2e8d-9107-4263-bbfd-7b31819ed2d8
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
[root@controller ~]# systemctl enable openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@controller ~]# systemctl start openstack-nova-api.service \
> openstack-nova-consoleauth.service openstack-nova-scheduler.service \
> openstack-nova-conductor.service openstack-nova-novncproxy.service
安装compute节点nova服务
安装nova包
提示错误
[root@compute ~]# yum install openstack-nova-compute -y
......
Error: Package: 1:openstack-nova-compute-17.0.13-1.el7.noarch (openstack)
Requires: qemu-kvm-rhev >= 2.10.0
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest
在/etc/yum.repos.d/openstack.repo中加入一段kvm源,然后重新安装
[root@compute ~]# cat /etc/yum.repos.d/openstack.repo
[openstack]
name=openstack
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-queens/
gpgcheck=0
enabled=1
[qemu]
name=qemu
baseurl=https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
gpgcheck=0
enabled=1
[root@compute ~]# yum clean all
Loaded plugins: fastestmirror
Cleaning repos: base extras openstack qemu updates
Cleaning up everything
Cleaning up list of fastest mirrors
[root@compute ~]# yum makecache
Loaded plugins: fastestmirror
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
openstack | 2.9 kB 00:00:00
qemu | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/16): base/7/x86_64/group_gz | 165 kB 00:00:00
(2/16): base/7/x86_64/primary_db | 6.0 MB 00:00:09
(3/16): extras/7/x86_64/filelists_db | 207 kB 00:00:01
(4/16): extras/7/x86_64/other_db | 100 kB 00:00:00
(5/16): extras/7/x86_64/primary_db | 153 kB 00:00:01
(6/16): openstack/primary_db | 1.3 MB 00:00:02
(7/16): openstack/other_db | 532 kB 00:00:01
(8/16): qemu/filelists_db | 23 kB 00:00:01
(9/16): qemu/primary_db | 73 kB 00:00:00
(10/16): qemu/other_db | 61 kB 00:00:01
(11/16): base/7/x86_64/other_db | 2.6 MB 00:00:08
(12/16): updates/7/x86_64/filelists_db | 3.3 MB 00:00:06
(13/16): updates/7/x86_64/other_db | 368 kB 00:00:00
(14/16): base/7/x86_64/filelists_db | 7.3 MB 00:00:24
(15/16): updates/7/x86_64/primary_db | 5.9 MB 00:00:11
(16/16): openstack/filelists_db | 4.8 MB 00:00:17
Determining fastest mirrors
* base: mirrors.aliyun.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Metadata Cache Created
[root@compute ~]# yum install openstack-nova-compute -y
编辑nova配置文件(密码跟我一样的只需要把ip改一下,改成compute的ip)
[root@compute ~]# grep -v '^$' /etc/nova/nova.conf |grep -v "^#"
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip = 192.168.200.146
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[crypto]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[libvirt]
virt_type=qemu //如果支持虚拟化就把此行注释,大多服务器都支持,我是虚拟机所以用qemu
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 000000
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.200.145:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
启动nova-compute
[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
验证是否成功,在controller节点执行
[root@controller ~]# . admin-openrc
[root@controller ~]# nova service-list
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
| ad99a49a-fa9b-4cf3-a8c4-d5bad962bfda | nova-conductor | controller | internal | enabled | up | 2020-01-11T03:30:50.000000 | - | False |
| cddd322c-742c-4ea3-bb30-4360dbea9c01 | nova-consoleauth | controller | internal | enabled | up | 2020-01-11T03:30:50.000000 | - | False |
| 9e5341dc-8000-489b-816c-fd1604c4be5b | nova-scheduler | controller | internal | enabled | up | 2020-01-11T03:30:50.000000 | - | False |
| 904c0c45-d10a-402e-9fab-8ab8e76d85fd | nova-compute | compute | nova | enabled | up | 2020-01-11T03:30:48.000000 | - | False |
+--------------------------------------+------------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
neutron服务(配置gre类型网络,openvswitch,l2population机制驱动)
controller节点
创建neutron数据库
[root@controller ~]# mysql -u root -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 59
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
创建neutron用户,服务,端口
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1d706708bfea4cae9e13453272aada0f |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron \
> --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 1ce99bf3e8b24de2a90a7aeab7025e1a |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 33f48e52c13a481f99eef76674f59b05 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1ce99bf3e8b24de2a90a7aeab7025e1a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 256cc71a8aa3471b89b08e5796f7e02d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1ce99bf3e8b24de2a90a7aeab7025e1a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@controller ~]#
[root@controller ~]# openstack endpoint create --region RegionOne \
> network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2f4e56fa544f407ea3c14e79cefe145a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1ce99bf3e8b24de2a90a7aeab7025e1a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
安装软件包
[root@controller ~]# yum install openstack-neutron-linuxbridge ebtables ipset \
openstack-neutron openstack-neutron-ml2 \
openstack-neutron-openvswitch libibverbs
修改neutron配置文件,结果如下(如果用户密码跟我不一样需要改,一样的不需要改)
[root@controller ~]#cat /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[agent]
[cors]
[database]
connection=mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[matchmaker_redis]
[nova]
auth_url = http://controller:5000/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]
修改ml2配置文件,结果如下
[root@controller ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[l2pop]
[ml2]
type_drivers = flat,vlan,gre,vxlan,local
tenant_network_types = gre
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
[ml2_type_geneve]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vlan]
[ml2_type_vxlan]
[securitygroup]
enable_ipset = True
enable_security_group = true
firewall_driver = iptables_hybrid
修改openvswitch配置文件,结果如下(把ip改为自己controller节点的ip))
[root@controller ~]# cat /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[agent]
tunnel_types = gre
l2_population = True
prevent_arp_spoofing = True
[network_log]
[ovs]
bridge_mappings = physnet1:br-ex
local_ip = 192.168.200.145
enable_tunneling = True
bridge_mappings = external:br-ex
integration_bridge = br-int
[securitygroup]
firewall_driver = iptables_hybrid
[xenapi]
在nova配置文件加neutron的用户认证,和一些优化后结果如下(将ip改为controller的ip)
[root@controller ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip=192.168.200.145
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
auto_assign_floating_ip = True
metadata_listen = 0.0.0.0
metadata_listen_port = 8775
scheduler_default_filters = 'AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter'
compute_driver = libvirt.LibvirtDriver
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:000000@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[crypto]
[database]
connection = mysql+pymysql://nova:000000@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
url = http://controller:9696
auth_url = http://controller:5000/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 000000
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
编辑/etc/neutron/l3_agent.ini
[root@controller ~]# cat /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge = br-ex
[agent]
[ovs]
编辑文件/etc/neutron/dhcp_agent.ini
[root@controller ~]# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[agent]
[ovs]
编辑文件 /etc/neutron/metadata_agent.ini(ip为controller节点的ip)
[root@controller ~]#cat /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = 192.168.200.145
metadata_proxy_shared_secret = 000000
nova_metadata_port = 8775
[agent]
[cache]
、
编辑文件/etc/sysctl.conf
[root@controller ~]# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@controller ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
启动服务进而创建网桥
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# systemctl restart openvswitch
[root@controller ~]# systemctl enable openvswitch
[root@controller ~]# ovs-vsctl add-br br-int
[root@controller ~]# ovs-vsctl add-br br-ex
[root@controller ~]# ovs-vsctl list-br
br-ex
br-int
[root@controller ~]# ovs-vsctl add-port br-ex eno33554960 //eno33554960 是我的第二张网卡,这里填你的没用的网卡、
[root@controller ~]# cat > /etc/sysconfig/network-scripts/ifcfg-eno33554960 <<EOF
DEVICE=eno33554960
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
EOF
[root@controller ~]# systemctl restart network
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl restart neutron-server.service
[root@controller ~]# systemctl restart neutron-openvswitch-agent \
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
[root@controller ~]# systemctl enable neutron-openvswitch-agent neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service neutron-server.service
验证服务,状态为笑脸就为正常
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 57dfba5a-8c8e-42a8-a93c-022e3877a99c | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 635072b0-8930-412e-87fe-4c44e2f4a07e | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| af4f4057-1980-46c5-96c4-836b3bbb537f | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| dbeaaaa7-bec3-40e6-b2ae-414378f9ef31 | Open vSwitch agent | controller | None | :-) | UP | neutron-openvswitch-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
compute节点安装neutron
安装软件包
yum install openstack-neutron-linuxbridge ebtables ipset openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
编辑/etc/neutron/neutron.conf
[root@compute ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql://neutron:000000@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 000000
[matchmaker_redis]
[nova]
auth_url = http://controller:5000/v3
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_policy]
[quotas]
[ssl]
编辑/etc/neutron/plugins/ml2/ml2_conf.ini
[root@compute ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[l2pop]
[ml2]
type_drivers = flat,vlan,gre,vxlan,local
tenant_network_types = gre
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
[ml2_type_geneve]
[ml2_type_gre]
tunnel_id_ranges = 1:1000
[ml2_type_vlan]
[ml2_type_vxlan]
[securitygroup]
enable_ipset = True
enable_security_group = true
firewall_driver = iptables_hybrid
编辑 /etc/neutron/plugins/ml2/openvswitch_agent.ini
[root@compute ~]# cat /etc/neutron/plugins/ml2/openvswitch_agent.ini
[DEFAULT]
[agent]
tunnel_types = gre
l2_population = True
prevent_arp_spoofing = True
[network_log]
[ovs]
bridge_mappings = physnet1:br-ex
local_ip = 192.168.200.146
enable_tunneling = True
bridge_mappings = external:br-ex
integration_bridge = br-int
[securitygroup]
firewall_driver = iptables_hybrid
[xenapi]
在/etc/nova/nova.conf配置文件[neutron]段落中添加
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:5000/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
编辑/etc/sysctl.conf
[root@compute ~]# cat /etc/sysctl.conf
# System default settings live in /usr/lib/sysctl.d/00-system.conf.
# To override those settings, enter new settings here, or in an /etc/sysctl.d/<name>.conf file
#
net.ipv4.ip_forward=1
net.ipv4.conf.default.rp_filter=0
net.ipv4.conf.all.rp_filter=0
# For more information, see sysctl.conf(5) and sysctl.d(5).
[root@compute ~]# sysctl -p
net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.ipv4.conf.all.rp_filter = 0
启动网络服务
[root@compute ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@compute ~]# systemctl restart openvswitch
[root@compute ~]# systemctl enable openvswitch
Created symlink from /etc/systemd/system/multi-user.target.wants/openvswitch.service to /usr/lib/systemd/system/openvswitch.service.
[root@compute ~]# ovs-vsctl add-br br-int
[root@compute ~]# ovs-vsctl add-br br-ex
[root@compute ~]# ovs-vsctl add-port br-ex eno33554960 //此网卡为我的第二张网卡
[root@compute ~]# cat > /etc/sysconfig/network-scripts/ifcfg-eno33554960 <<EOF
DEVICE=eno33554960
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
EOF
[root@compute ~]# systemctl restart openstack-nova-compute neutron-metadata-agent neutron-openvswitch-agent
[root@compute ~]# systemctl enable neutron-openvswitch-agent neutron-metadata-agent
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-openvswitch-agent.service to /usr/lib/systemd/system/neutron-openvswitch-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
验证,在controller节点执行
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 20532c56-3ec8-466d-9b42-c91bd09c9efb | Open vSwitch agent | compute | None | :-) | UP | neutron-openvswitch-agent |
| 23a59120-c33b-46e4-b5bd-39b60f4b09c3 | Metadata agent | compute | None | :-) | UP | neutron-metadata-agent |
| 57dfba5a-8c8e-42a8-a93c-022e3877a99c | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| 635072b0-8930-412e-87fe-4c44e2f4a07e | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| af4f4057-1980-46c5-96c4-836b3bbb537f | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
| dbeaaaa7-bec3-40e6-b2ae-414378f9ef31 | Open vSwitch agent | controller | None | :-) | UP | neutron-openvswitch-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
dashboard(controller节点执行)
安装软件包
[root@controller ~]# yum install openstack-dashboard -y
编辑/etc/openstack-dashboard/local_settings 复制粘贴就行
[root@controller ~]# cat /etc/openstack-dashboard/local_settings
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
WEBROOT = '/dashboard/'
ALLOWED_HOSTS = ['*', 'localhost']
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
LOCAL_PATH = '/tmp'
SECRET_KEY='eb291baeb730b30d52f8'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
}
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': False,
'requires_keypair': False,
'enable_quotas': True
}
OPENSTACK_CINDER_FEATURES = {
'enable_backup': False,
}
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_fip_topology_check': True,
'supported_vnic_types': ['*'],
'physical_networks': [],
}
OPENSTACK_HEAT_STACK = {
'enable_user_pass': True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
"architecture": _("Architecture"),
"kernel_id": _("Kernel ID"),
"ramdisk_id": _("Ramdisk ID"),
"image_state": _("Euca2ools state"),
"project_id": _("Project ID"),
"image_type": _("Image Type"),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
INSTANCE_LOG_LENGTH = 35
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = "UTC"
POLICY_FILES_PATH = '/etc/openstack-dashboard'
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
'console': {
'format': '%(levelname)s %(name)s %(message)s'
},
'operation': {
'format': '%(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'console',
},
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
},
'loggers': {
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
'level': 'INFO',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneauth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'oslo_policy': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'urllib3': {
'handlers': ['null'],
'propagate': False,
},
'chardet.charsetprober': {
'handlers': ['null'],
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
'LAUNCH_INSTANCE_DEFAULTS',
'OPENSTACK_IMAGE_FORMATS',
'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
'CREATE_IMAGE_DEFAULTS',
'ENFORCE_PASSWORD_CHECK']
ALLOWED_PRIVATE_SUBNET_CIDR = {'ipv4': [], 'ipv6': []}
在etc/httpd/conf.d/openstack-dashboard.conf添加一行WSGIApplicationGroup %{GLOBAL}
[root@controller ~]# cat /etc/httpd/conf.d/openstack-dashboard.conf
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL} #这里
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>
重启http,memcached
[root@controller ~]# systemctl restart httpd memcached
访问http://192.168.200.145/dashboard。这里的ip是我的ip。域为default,用户名admin,密码我是000000
登录成功后
cinder服务
compute节点做存储节点,需要有一块空闲磁盘,我这里是sdb
[root@compute ~]# lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
sda 8:0 0 100G 0 disk
├─sda1 8:1 0 500M 0 part /boot
└─sda2 8:2 0 53.9G 0 part
├─centos-root 253:0 0 50G 0 lvm /
└─centos-swap 253:1 0 3.9G 0 lvm [SWAP]
sdb 8:16 0 50G 0 disk
sr0 11:0 1 4G 0 rom
创建物一个物理物理卷cinder-volumes,将sdb添加进去
[root@compute ~]# pvcreate /dev/sdb
[root@compute ~]# vgcreate cinder-volumes /dev/sdb
安装软件包
[root@compute ~]# yum install lvm2 device-mapper-persistent-data -y
开启lvm元数据
[root@compute ~]# systemctl start lvm2-lvmetad.service
[root@compute ~]# systemctl enable lvm2-lvmetad.service
安装软件包
[root@compute ~]# yum install openstack-cinder targetcli python-keystone -y
编辑/etc/cinder/cinder.conf
[root@compute ~]#cat /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
my_ip=192.168.200.146
enabled_backends = lvm
glance_api_servers = http://controller:9292
[backend]
[backend_defaults]
[barbican]
[brcd_fabric_example]
[cisco_fabric_example]
[coordination]
[cors]
[database]
connection=mysql+pymysql://cinder:000000@controller/cinder
[fc-zone-manager]
[healthcheck]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = 000000
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[profiler]
[service_user]
[ssl]
[vault]
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm
启动cinder服务
[root@compute ~]# systemctl start openstack-cinder-volume.service target.service
[root@compute ~]# systemctl enable openstack-cinder-volume.service target.service
controller节点安装cinder
创建cinder数据库
[root@controller ~]# mysql -uroot -p000000
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 240
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database cinder;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
-> IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.08 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
创建cinder用户,服务,端口
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack user create --domain default --password 000000 cinder
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9fd7d8245b5a4efd963d91beef506478 |
| name | cinder |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user cinder admin
[root@controller ~]# openstack service create --name cinderv2 \
> --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 4a5b662afe3f40d988eab8e3a214c147 |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@controller ~]# openstack service create --name cinderv3 \
> --description "OpenStack Block Storage" volumev3
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | fd90e9e02ced485282033fe4989e43f0 |
| name | cinderv3 |
| type | volumev3 |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 public http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | a2f4e6fc6dcb418f9870fbd91c17fd71 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4a5b662afe3f40d988eab8e3a214c147 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 internal http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 89c0a2e4f547435280540e1524acacc6 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4a5b662afe3f40d988eab8e3a214c147 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev2 admin http://controller:8776/v2/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | e6e60712aabc47a1900ce300f2fb2368 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4a5b662afe3f40d988eab8e3a214c147 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 public http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 6f054b67eadf43ea8db16cb207e5433e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fd90e9e02ced485282033fe4989e43f0 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 internal http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 225e5bddf237414da95c92ebca022905 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fd90e9e02ced485282033fe4989e43f0 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
> volumev3 admin http://controller:8776/v3/%\(project_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 78632d6610fa4e4d8b9b3fce5557f49a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fd90e9e02ced485282033fe4989e43f0 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
安装软件包
[root@controller ~]# yum install openstack-cinder
编辑/etc/cinder/cinder.conf
[root@controller ~]# cat /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
my_ip = 192.168.200.145
[backend]
[backend_defaults]
[barbican]
[brcd_fabric_example]
[cisco_fabric_example]
[coordination]
[cors]
[database]
connection = mysql+pymysql://cinder:000000@controller/cinder
[fc-zone-manager]
[healthcheck]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = 000000
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[profiler]
[service_user]
[ssl]
[vault]
同步数据库
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT".
编辑/etc/nova/nova.conf,在cinder段落添加
[cinder]
os_region_name = RegionOne
[root@controller ~]# systemctl enable openstack-cinder-api.service
开启服务
[root@controller ~]# systemctl restart openstack-nova-api.service
[root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service to /usr/lib/systemd/system/openstack-cinder-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service to /usr/lib/systemd/system/openstack-cinder-scheduler.service.
[root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
验证服务
[root@controller ~]# cinder service-list
+------------------+-------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+-------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | controller | nova | enabled | up | 2020-01-11T08:30:23.000000 | - |
| cinder-volume | compute@lvm | nova | enabled | up | 2020-01-11T08:30:24.000000 | - |
+------------------+-------------+------+---------+-------+----------------------------+-----------------+
[root@controller ~]# cinder create --name test 5
+--------------------------------+--------------------------------------+
| Property | Value |
+--------------------------------+--------------------------------------+
| attachments | [] |
| availability_zone | nova |
| bootable | false |
| consistencygroup_id | None |
| created_at | 2020-01-11T08:30:42.000000 |
| description | None |
| encrypted | False |
| id | f72c46ce-4fc5-4409-af3e-b27fe2599bad |
| metadata | {} |
| migration_status | None |
| multiattach | False |
| name | test |
| os-vol-host-attr:host | None |
| os-vol-mig-status-attr:migstat | None |
| os-vol-mig-status-attr:name_id | None |
| os-vol-tenant-attr:tenant_id | b9ab2f9920da486088ab21edad8076c3 |
| replication_status | None |
| size | 5 |
| snapshot_id | None |
| source_volid | None |
| status | creating |
| updated_at | None |
| user_id | 6a6189e7ffcb4315995e13caa80974f4 |
| volume_type | None |
+--------------------------------+--------------------------------------+
[root@controller ~]# cinder list
+--------------------------------------+-----------+------+------+-------------+----------+-------------+
| ID | Status | Name | Size | Volume Type | Bootable | Attached to |
+--------------------------------------+-----------+------+------+-------------+----------+-------------+
| f72c46ce-4fc5-4409-af3e-b27fe2599bad | available | test | 5 | - | false | |
+--------------------------------------+-----------+------+------+-------------+----------+-------------+