7.1 openstack基础架构
7.1:准备环境
注意:主机之间相互host解析
7.1.1时间同步
#服务端,controller节点vim /etc/chrony.conf allow 10.0.0.0/24
systemctl restart chronyd
#客户端,compute1节点vim /etc/chrony.conf
server 10.0.0.11 iburst systemctl restart chronyd
验证:同时执行date
7.1.2:配置yum源,并安装客户端
#所有节点
#配置过程:
cd /opt/ rz -E
tar xf openstack_ocata_rpm.tar.gz cd /etc/yum.repos.d/
mv *.repo /tmp
mv /tmp/CentOS-Base.repo . vi openstack.repo [openstack]
name=openstack baseurl=file:///opt/repo enable=1
gpgcheck=0
#验证:
yum clean all
yum install python-openstackclient -y
7.1.3:安装数据库
#控制节点
yum install mariadb mariadb-server python2-PyMySQL -y
##openstack所有组件使用python开发,openstack在连接数据库需要用到python2-PyMySQL模块 #修改mariadb配置文件
vi /etc/my.cnf.d/openstack.cnf [mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8 #启动数据库
systemctl start mariadb
systemctl enable mariadb #数据库安全初始化mysql_secure_installation 回车
n
一路y
7.1.3安装消息队列rabbitmq
#控制节点
#安装消息队列
yum install rabbitmq-server #启动rabbitmq
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service #在rabbitmq创建用户
rabbitmqctl add_user openstack 123456 #为刚创建的openstack授权
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
7.1.4安装memcache缓存
#控制节点
#安装memcache
yum install memcached python-memcached -y ##python-memcached是python连接memcache的模块插件 #配置
vim /etc/sysconfig/memcached ##修改最后一行
OPTIONS="-l 0.0.0.0"
#启动服务
systemctl start memcached systemctl enable memcached
7.2安装keystone服务
#创库授权
##登录mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
#安装keystone服务
yum install openstack-keystone httpd mod_wsgi -y ##httpd配合mod_wsgi插件调用python项目
#修改keystone配置文件
cp /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf #完整配置文件如下:
[root@controller ~]# vi /etc/keystone/keystone.conf [DEFAULT]
[assignment] [auth] [cache] [catalog] [cors]
[cors.subdomain] [credential] [database]
connection = mysql+pymysql://keystone:123456@controller/keystone [domain_config]
[endpoint_filter] [endpoint_policy] [eventlet_server] [federation] [fernet_tokens] [healthcheck] [identity] [identity_mapping] [kvs]
[ldap] [matchmaker_redis] [memcache] [oauth1]
[oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy]
[paste_deploy] [policy] [profiler] [resource] [revoke] [role]
[saml] [security_compliance] [shadow_users] [signing]
[token]
provider = fernet [tokenless_auth] [trust]
#校验md5
md5sum /etc/keystone/keystone.conf
85d8b59cce0e4bd307be15ffa4c0cbd6 /etc/keystone/keystone.conf #同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone ##切到普通用户下,使用指定的shell执行某一条命令
##检查数据是否同步成功
mysql keystone -e 'show tables;'|wc -l #初始化令牌凭据
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone #初始化keystone身份认证服务
keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne #配置httpd
#小优化
echo "ServerName controller" >>/etc/httpd/conf/httpd.conf #在httpd下添加keystone站点配置文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ #启动httpd等效于keystone
systemctl start httpd
systemctl enable httpd #声明环境变量
export OS_USERNAME=admin export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3
#验证keystone是否正常openstack user list #创建service的项目
openstack project create --domain default \
--description "Service Project" service #修改/root/.bashrc文件
vi /root/.bashrc export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3
7.3安装glance服务
功能:管理镜像模板机
1:创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY '123456';
2:keystone上创建用户,关联角色
openstack user create --domain default --password 123456 glance openstack role add --project service --user glance admin
3:keystone上创建服务,注册api地址
openstack service create --name glance \
--description "OpenStack Image" image openstack endpoint create --region RegionOne \
image public http://controller:9292 openstack endpoint create --region RegionOne \
image internal http://controller:9292 openstack endpoint create --region RegionOne \
image admin http://controller:9292
4:安装服务软件包
yum install openstack-glance -y
5:修改配置文件(连接数据库,keystone授权) ##glance-api 上传下载删除
##glance-registry 修改镜像的属性 x86 根分区大小
#修改glance-api配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf vim /etc/glance/glance-api.conf
[DEFAULT]
[cors] [cors.subdomain] [database]
connection = mysql+pymysql://glance:123456@controller/glance [glance_store]
stores = file,http default_store = file
filesystem_store_datadir = /var/lib/glance/images/ [image_format]
[keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service
username = glance password = 123456 [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_kafka]
[oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy]
[paste_deploy] flavor = keystone [profiler]
[store_type_location_strategy] [task]
[taskflow_executor] ##校验
md5sum /etc/glance/glance-api.conf a42551f0c7e91e80e0702ff3cd3fc955 /etc/glance/glance-api.conf
##修改glance-registry.conf配置文件
cp /etc/glance/glance-registry.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf
vim /etc/glance/glance-registry.conf [DEFAULT]
[database]
connection = mysql+pymysql://glance:123456@controller/glance [keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service
username = glance password = 123456 [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_kafka]
[oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_policy]
[paste_deploy] flavor = keystone
[profiler] ##校验
md5sum /etc/glance/glance-registry.conf 5b28716e936cc7a0ab2a841c914cd080 /etc/glance/glance-registry.conf
6:同步数据库(创表)
su -s /bin/sh -c "glance-manage db_sync" glance
mysql glance -e 'show tables;'|wc -l 7:启动服务
systemctl enable openstack-glance-api.service \ openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service #验证端口
netstat -lntup|grep -E '9191|9292' 8:命令行上传镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public
##验证
ll /var/lib/glance/images/ #或
openstack image list
7.4安装nova服务
7.4.1控制节点安装nova服务
1:创库授权
CREATE DATABASE nova_api; CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY '123456';
2:keystone上创建用户,关联角色
openstack user create --domain default --password 123456 nova openstack role add --project service --user nova admin #placement 追踪云主机的资源使用具体情况
openstack user create --domain default --password 123456 placement openstack role add --project service --user placement admin
3:keystone上创建服务,http访问地址(api地址)
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778
4:安装服务软件包
yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler openstack-nova-placement-api -y
5:修改配置文件(连接数据库,keystone授权)
#修改nova配置文件
vim /etc/nova/nova.conf
[DEFAULT]
##启动nova服务api和metadata的api enabled_apis = osapi_compute,metadata
##连接消息队列rabbitmq
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.11
#启动neutron网络服务,禁用nova内置防火墙use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver [api]
auth_strategy = keystone [api_database]
connection = mysql+pymysql://nova:123456@controller/nova_api [barbican]
[cache] [cells] [cinder] [cloudpipe] [conductor] [console] [consoleauth] [cors]
[cors.subdomain] [crypto] [database]
connection = mysql+pymysql://nova:123456@controller/nova [ephemeral_storage_encryption]
[filter_scheduler] [glance]
api_servers = http://controller:9292 [guestfs]
[healthcheck] [hyperv] [image_file_url] [ironic] [key_manager] [keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service
username = nova password = 123456 [libvirt] [matchmaker_redis] [metrics]
[mks] [neutron]
[notifications] [osapi_v21] [oslo_concurrency]
lock_path = /var/lib/nova/tmp [oslo_messaging_amqp]
[oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy]
[pci]
#追踪虚拟机使用资源情况[placement] os_region_name = RegionOne
project_domain_name = Default project_name = service auth_type = password user_domain_name = Default
auth_url = http://controller:35357/v3 username = placement
password = 123456 [quota]
[rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice]
[ssl] [trusted_computing] [upgrade_levels]
[vendordata_dynamic_auth]
[vmware] #vnc的连接信息[vnc]
enabled = true vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip [workarounds]
[wsgi] [xenserver]
[xvp]
#修改httpd配置文件
vi /etc/httpd/conf.d/00-nova-placement-api.conf
在16行</VirtualHost>这一行上面增加以下内容
<Directory /usr/bin>
<IfVersion >= 2.4> Require all granted
</IfVersion>
<IfVersion < 2.4> Order allow,deny Allow from all
</IfVersion>
</Directory> #重启httpd
systemctl restart httpd
6:同步数据库(创表)
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova
#检查
nova-manage cell_v2 list_cells
7:启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
#检查
openstack compute service list
7.4.2计算节点安装nova服务
1:安装
yum install openstack-nova-compute -y
2:配置
#修改配置文件/etc/nova/nova.conf vim /etc/nova/nova.conf [DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller my_ip = 10.0.0.31
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver [api]
auth_strategy = keystone [api_database] [barbican]
[cache] [cells] [cinder] [cloudpipe] [conductor] [console] [consoleauth] [cors]
[cors.subdomain] [crypto] [database]
[ephemeral_storage_encryption] [filter_scheduler]
[glance]
api_servers = http://controller:9292 [guestfs]
[healthcheck] [hyperv] [image_file_url] [ironic] [key_manager] [keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service
username = nova password = 123456 [libvirt] [matchmaker_redis] [metrics]
[mks] [neutron]
[notifications] [osapi_v21] [oslo_concurrency]
lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware] [oslo_policy]
[pci] [placement]
os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default
auth_url = http://controller:35357/v3 username = placement
password = 123456 [quota]
[rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice]
[ssl] [trusted_computing] [upgrade_levels]
[vendordata_dynamic_auth] [vmware]
[vnc]
enabled = True vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html [workarounds]
[wsgi] [xenserver] [xvp]
3:启动
systemctl start libvirtd openstack-nova-compute.service systemctl enable libvirtd openstack-nova- compute.service
4:控制节点上验证
openstack compute service list
5:在控制节点上发现计算节点:
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
7.5安装neutron服务
7.5.1在控制节点上安装neutron服务
1:创库授权
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
2:keystone上创建用户,关联角色
openstack user create --domain default --password NEUTRON_PASS neutron openstack role add --project service --user neutron admin
3:keystone上创建服务,http访问地址(api地址)
openstack service create --name neutron \
--description "OpenStack Networking" network openstack endpoint create --region RegionOne \
network public http://controller:9696 openstack endpoint create --region RegionOne \
network internal http://controller:9696 openstack endpoint create --region RegionOne \
network admin http://controller:9696
4:安装服务软件包#选择网络选项1
yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables -y
5:修改配置文件(连接数据库,keystone授权)
#修改neutron.conf
vim /etc/neutron/neutron.conf [DEFAULT]
core_plugin = ml2 service_plugins =
transport_url = rabbit://openstack:123456@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true
[agent] [cors]
[cors.subdomain] [database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service
username = neutron password = NEUTRON_PASS [matchmaker_redis] [nova]
auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service
username = nova password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware]
[oslo_policy] [qos] [quotas]
[ssl]
##修改ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini [DEFAULT]
[ml2]
type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat]
flat_networks = provider [ml2_type_geneve] [ml2_type_gre] [ml2_type_vlan] [ml2_type_vxlan] [securitygroup]
enable_ipset = true
##编辑linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [DEFAULT]
[agent] [linux_bridge]
physical_interface_mappings = provider:eth0 [securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver [vxlan]
enable_vxlan = false ##编辑dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini [DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
[agent]
[ovs] ##编辑
vim /etc/neutron/metadata_agent.ini [DEFAULT]
nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET [agent]
[cache]
####编辑控制节点。nova配置文件vim /etc/nova/nova.conf [neutron]
url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service
username = neutron password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET #再次验证控制节点nova配置文件
md5sum /etc/nova/nova.conf 2c5e119c2b8a2f810bf5e0e48c099047 /etc/nova/nova.conf
6:同步数据库(创表)
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7:启动服务
systemctl restart openstack-nova-api.service systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
#验证方法
openstack network agent list
7.5.2在计算节点上安装neutron服务
1:安装
yum install openstack-neutron-linuxbridge ebtables ipset
2:配置
#修改neutron.conf
vim /etc/neutron/neutron.conf [DEFAULT]
transport_url = rabbit://openstack:123456@controller auth_strategy = keystone
[agent]
[cors] [cors.subdomain] [database] [keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service
username = neutron password = NEUTRON_PASS [matchmaker_redis] [nova] [oslo_concurrency]
lock_path = /var/lib/neutron/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_messaging_zmq] [oslo_middleware]
[oslo_policy] [qos] [quotas]
[ssl]
##linux_agent配置文件
scp -rp 10.0.0.11:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
/etc/neutron/plugins/ml2/linuxbridge_agent.ini ##在计算节点上,再次修改nova.conf
vim /etc/nova/nova.conf [neutron]
url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service
username = neutron
password = NEUTRON_PASS #校验
md5sum /etc/nova/nova.conf 91cc8aa0f7e33d7b824301cc894e90f1 /etc/nova/nova.conf
3:启动
systemctl restart openstack-nova-compute.service systemctl enable neutron-linuxbridge-agent.service systemctl start neutron-linuxbridge-agent.service
7.6安装dashboard服务
#计算节点安装dashboard
1:安装
yum install openstack-dashboard -y
2:配置
rz local_settings
cat local_settings >/etc/openstack-dashboard/local_settings 3:启动
systemctl start httpd 4: 访问dashboard
访问:http://10.0.0.31/dashboard
7.7启动一台云主机
#创建网络
neutron net-create --shared --provider:physical_network provider -- provider:network_type flat WAN
neutron subnet-create --name subnet-wan --allocation-pool \ start=10.0.0.100,end=10.0.0.200 --dns-nameserver 223.5.5.5 \
--gateway 10.0.0.254 WAN 10.0.0.0/24
#创建硬件配置方案
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano #上传秘钥对
ssh-keygen -q -N "" -f ~/.ssh/id_rsa
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey #安全组开放ping和ssh
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
7.8安装块存储cinder服务