实验环境准备
网络规划及基础环境准备
初始化基础环境
配置网络
所有节点】:配置管理网卡IP(例如:eth0)
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
-----------------------------------------
TYPE=Ethernet
BOOTPROTO=static
NAME=eth0
DEVICE=eth0
ONBOOT=yes
IPADDR=10.10.36.x
NETMASK=255.255.255.0
GATEWAY=10.10.36.254
-----------------------------------------
注意:修改成每台节点自己具体的IP
【控制/网络节点】:配置外部网卡IP(例如:eth1)
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
-----------------------------------------
TYPE=Ethernet
BOOTPROTO=none
NAME=eth1
DEVICE=eth1
ONBOOT=yes
-----------------------------------------注意:此配置适用于外部网络模式为VLAN
【控制/网络节点、计算节点】:配置VM业务网卡IP(例如:eth2)
如果VM租住网络采用VLAN模式,则配置如下:
# vi /etc/sysconfig/network-scripts/ifcfg-eth2
-----------------------------------------
TYPE=Ethernet
BOOTPROTO=none
NAME=eth2
DEVICE=eth2
ONBOOT=yes
-----------------------------------------
如果VM租住网络采用VxLAN模式,则需要配置隧道网络,配置如下:
# vi /etc/sysconfig/network-scripts/ifcfg-eth2
-----------------------------------------
TYPE=Ethernet
BOOTPROTO=static
NAME=eth2
DEVICE=eth2
ONBOOT=yes
IPADDR=10.10.38.x
NETMASK=255.255.255.0
-----------------------------------------
【所有节点】:配置存储公共网卡IP(例如:eth3)
# vi /etc/sysconfig/network-scripts/ifcfg-eth3
-----------------------------------------
TYPE=Ethernet
BOOTPROTO=static
NAME=eth3
DEVICE=eth3
ONBOOT=yes
IPADDR=20.20.36.x
NETMASK=255.255.255.0
-----------------------------------------
【所有节点】:修改DNS解析,如果能上网或者存在内部DNS的前提下:
# vi /etc/resolv.conf
-----------------------------------------
# Generated by NetworkManager
nameserver 114.114.114.114
-----------------------------------------
【所有节点】:重启网络服务
#systemctl restart network
修改【所有节点】的主机名
根据第一节的基础环境规划,配置各个节点的主机名,命令如下(控制节点上):
# hostnamectl set-hostname swanstack-ctl
修改【所有节点】主机的/etc/hosts文件,追加以下解析
10.10.36.81 swanstack-ctl
10.10.36.82 swanstack-nc01
10.10.36.83 swanstack-nc02
20.20.36.84 swanstack-blk01
关闭禁用【所有节点】SELINUX,编辑配置文件
# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
或者:
# vi /etc/selinux/config
修改:SELINUX=disabled
执行临时关闭命令或者重启机器。
# setenforce 0
关闭停止【所有节点】相关服务
# systemctl stop firewalld && systemctl disable firewalld
# systemctl stop NetworkManager && systemctl disable NetworkManager
更新【所有节点】源文件,包括
更新centos基础repo配置:
# mkdir /etc/yum.repos.d/bak
# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak
# 此处采用阿里云的镜像源
# wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo 或者 # curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
# sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
更新centos基础epel配置:
# 此处采用阿里云的镜像源
# wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
在【控制、计算节点】上编辑centos-openstack-stein.repo源
# vi /etc/yum.repos.d/centos-openstack-stein.repo
[centos-7-openstack-stein-x86_64]
name=centos-7-x86_64-openstack-stein
enabled=1
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-stein
gpgcheck=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
# yum clean all && yum makecache
【所有节点】:安装常用工具
# yum install -y net-tools bash-completion vim yum-utils wget
【所有节点】:ssh互信认证
# 提前做好互信文件的KEY包,例如Tic.tar
# tar xvf /opt/openstack-rocky/Tic.tar -C /root/
# chown root:root -R /root/.ssh
# sed -i "s/# StrictHostKeyChecking ask/StrictHostKeyChecking no/g" /etc/ssh/ssh_config
# systemctl restart sshd.service
【所有节点】:优化系统参数
# vi /etc/systemd/system.conf #在末尾增加以下内容:
# echo "DefaultLimitNOFILE=1024000" >> /etc/systemd/system.conf
# echo "DefaultLimitNPROC=1024000" >> /etc/systemd/system.conf
----------------
DefaultLimitNOFILE=1024000 #这里需要修改
DefaultLimitNPROC=1024000 #这里也需要修改
----------------
【所有节点】:重启服务器
# init 6
# ulimit -a #完成后可以使用此命令检查
环境部署
初始openstack安装环境
【控制/网络、计算节点】:安装openstack工具包
在openstack节点安装以下包(非ceph节点)
openstack节点安装
# yum install -y libselinux-python python-openstackclient openstack-selinux MySQL-python
说明:如果节点又做compute节点,又做ceph节点,则在最后完成部署后安装以下工具包
# yum install -y openstack-utils
【所有节点】:安装chronyd 服务
# yum install -y chrony
修改配置文件vim /etc/chrony.conf 中的时钟同步服务器
# vim /etc/chrony.conf
server ntp2.aliyun.com iburst
# systemctl restart chronyd.service
# systemctl enable chronyd.service
# chronyc sources
【控制节点】:安装mariadb数据库服务
# yum install -y mariadb mariadb-server python2-PyMySQL
# vim /etc/my.cnf.d/openstack.cnf
-----------------------------------------
[mysqld]
bind-address = 10.10.36.81
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
-----------------------------------------
完成安装,重启服务
# systemctl enable mariadb.service
# systemctl start mariadb.service
# mysql_secure_installation
移除匿名等,允许连接等。
验证查看最大连接数是否生效:
1、查看最大连接数
show variables like '%max_connections%';
2、修改最大连接数
set GLOBAL max_connections = 4096;
【控制节点】:安装rabbitmq消息队列
# yum install -y rabbitmq-server
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
# rabbitmqctl add_user openstack openstack
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
【控制节点】:安装memcached缓存服务
# yum install -y memcached python-memcached
配置/etc/sysconfig/memcached文件
# vim /etc/sysconfig/memcached
修改:OPTIONS="-l 127.0.0.1,::1,swanstack-ctl"
# systemctl enable memcached.service
# systemctl start memcached.service
【控制节点】:安装etcd服务
# yum install -y etcd
编辑/etc/etcd/etcd.conf 文件,配置
# vim /etc/etcd/etcd.conf
-----------------------------------------
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://swanstack-ctl:2380"
ETCD_LISTEN_CLIENT_URLS="http://swanstack-ctl:2379"
ETCD_NAME="swanstack-ctl"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://swanstack-ctl:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://swanstack-ctl:2379"
ETCD_INITIAL_CLUSTER="swanstack-ctl=http://swanstack-ctl:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-swanstack-cluster01"
ETCD_INITIAL_CLUSTER_STATE="new"
-----------------------------------------
# systemctl enable etcd
# systemctl start etcd
三、安装openstack服务
【控制节点】:安装keystone 身份认证服务
# mysql -u root -pDDDDDD
创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
# yum install openstack-keystone httpd mod_wsgi -y
修改编辑配置文件
# vim /etc/keystone/keystone.conf
-----------------------------------------
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@swanstack-ctl/keystone
[token]
# ...
provider = fernet
-----------------------------------------
执行命令:
# su -s /bin/sh -c "keystone-manage db_sync" keystone
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# keystone-manage bootstrap --bootstrap-password xxxxxx --bootstrap-admin-url http://swanstack-ctl:5000/v3/ --bootstrap-internal-url http://swanstack-ctl:5000/v3/ --bootstrap-public-url http://swanstack-ctl:5000/v3/ --bootstrap-region-id RegionOne
同上的命令:
keystone-manage bootstrap --bootstrap-password openstack \
--bootstrap-admin-url http://swanstack-ctl:5000/v3/ \
--bootstrap-internal-url http://swansta-ckctl:5000/v3/ \
--bootstrap-public-url http://swanstack-ctl:5000/v3/ \
--bootstrap-region-id RegionOne
编辑# vim /etc/httpd/conf/httpd.conf文件:
修改:ServerName swanstack-ctl
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
# systemctl enable httpd.service
# systemctl start httpd.service
Configure the administrative account
$ export OS_USERNAME=admin
$ export OS_PASSWORD=xxxxxx
$ export OS_PROJECT_NAME=admin
$ export OS_USER_DOMAIN_NAME=Default
$ export OS_PROJECT_DOMAIN_NAME=Default
$ export OS_AUTH_URL=http://swanstack-ctl:5000/v3
$ export OS_IDENTITY_API_VERSION=3
创建域
重要提示: default 域已经创建了,不用创建举例子的示例 域了
PS:已经创建了
创建服务项目
# openstack project create --domain default --description "Service Project" service
-------------以下仅为演示作用,可以不执行-----------
创建演示project
# openstack project create --domain default --description "Demo Project" demo
创建演示用户
# openstack user create --domain default --password-prompt demo
创建角色
# openstack role create user
将myrole角色添加到myproject项目和myuser用户
# openstack role add --project demo --user demo user
------------不要执行 # openstack role add --project myproject --user myuser myrole------------
验证测试:
# unset OS_AUTH_URL OS_PASSWORD
# openstack --os-auth-url http://swanstack-ctl:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
# openstack --os-auth-url http://swanstack-ctl:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
------------------演示创建结束 -------------------
创建 admin-openrc 文件
# vim /root/admin-openrc
-----------------------------------------
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=openstack
export OS_AUTH_URL=http://swanstack-ctl:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
-----------------------------------------
验证:
# cd /root/ && . admin-openrc
# openstack token issue
【控制节点】:安装glance镜像服务
# mysql -u root -pDDDDDD
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
#cd /root/;. admin-openrc
创建glance用户:
# openstack user create --domain default --password GLANCE_PASS glance
将admin角色添加到glance和serviec project
# openstack role add --project service --user glance admin
创建glance service
# openstack service create --name glance --description "OpenStack Image" image
创建image service的 API endpoint
# openstack endpoint create --region RegionOne image public http://swanstack-ctl:9292
# openstack endpoint create --region RegionOne image internal http://swanstack-ctl:9292
# openstack endpoint create --region RegionOne image admin http://swanstack-ctl:9292
安装服务和配置:
# yum install openstack-glance -y
编辑配置文件:
# vim /etc/glance/glance-api.conf
-----------------------------------------
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@swanstack-ctl/glance
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[keystone_authtoken]
# ...
www_authenticate_uri = http://swanstack-ctl:5000
auth_url = http://swanstack-ctl:5000
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
---------------------------
编辑配置/etc/glance/glance-registry.conf文件
# vim /etc/glance/glance-registry.conf
---------------------------
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@swanstack-ctl/glance
[keystone_authtoken]
# ...
www_authenticate_uri = http://swanstack-ctl:5000
auth_url = http://swanstack-ctl:5000
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
# ...
flavor = keystone
-----------------------------------------
同步数据库
# su -s /bin/sh -c "glance-manage db_sync" glance
完成配置并启动服务:
# systemctl enable openstack-glance-api.service openstack-glance-registry.service
# systemctl start openstack-glance-api.service openstack-glance-registry.service
#验证
#. admin-openrc
# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
# openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
# openstack image list
-----------------------------------------
【控制节点】:安装部署 Placement 组件
-----------------------------------------
# mysql -u root -pDDDDDD
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
#. admin-openrc
$ openstack user create --domain default --password PLACEMENT_PASS placement
$ openstack role add --project service --user placement admin
$ openstack service create --name placement --description "Placement API" placement
$ openstack endpoint create --region RegionOne placement public http://swanstack-ctl:8778
$ openstack endpoint create --region RegionOne placement internal http://swanstack-ctl:8778
$ openstack endpoint create --region RegionOne placement admin http://swanstack-ctl:8778
# yum install openstack-placement-api
#vim /etc/placement/placement.conf
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@swanstack-ctl/placement
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://swanstack-ctl:5000/v3
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
# su -s /bin/sh -c "placement-manage db sync" placement
# systemctl restart httpd
安装nova服务
【控制节点】:安装和配置控制节点
# mysql -u root -pDDDDDD
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
# cd /root/;. admin-openrc
创建nova用户
# openstack user create --domain default --password NOVA_PASS nova
将admin角色添加到nova用户
# openstack role add --project service --user nova admin
创建novad SERVICE
# openstack service create --name nova --description "OpenStack Compute" compute
创建novad API endpoint
# openstack endpoint create --region RegionOne compute public http://swanstack-ctl:8774/v2.1
# openstack endpoint create --region RegionOne compute internal http://swanstack-ctl:8774/v2.1
# openstack endpoint create --region RegionOne compute admin http://swanstack-ctl:8774/v2.1
#
安装和配置nova服务
# yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
编辑配置:/etc/nova/nova.conf文件
# vim /etc/nova/nova.conf
-----------------------------------------
[DEFAULT]
# ...
my_ip = 10.10.36.81
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@swanstack-ctl
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@swanstack-ctl/nova_api
[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@swanstack-ctl/nova
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@swanstack-ctl/placement
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://swanstack-ctl:5000/v3
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[glance]
# ...
api_servers = http://swanstack-ctl:9292
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://swanstack-ctl:5000/v3
username = placement
password = PLACEMENT_PASS
[neutron]
# ...
url = http://swanstack-ctl:9696
auth_url = http://swanstack-ctl:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[scheduler]
discover_hosts_in_cells_interval = 300
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
-----------------------------------------
#################### 十分重要(官方文档没有) ####################
#################### 十分重要(官方文档没有) ####################
#################### 十分重要(官方文档没有) ####################
编辑/etc/httpd/conf.d/00-placement-api.conf文件
# vim /etc/httpd/conf.d/00-placement-api.conf,在后面添加以下内容
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
-----------------------------------------
重启httpd服务
# systemctl restart httpd
同步数据库
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
# su -s /bin/sh -c "nova-manage db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
完成安装并重启服务:
# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
-----------------------------------------
【计算节点】:安装配置计算节点
安装服务
# yum install openstack-nova-compute -y
编辑配置/etc/nova/nova.conf文件
# vim /etc/nova/nova.conf
-----------------------------------------
[DEFAULT]
# ...
my_ip = x.x.x.x
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@swanstack-ctl
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://swanstack-ctl:5000/v3
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[glance]
# ...
api_servers = http://swanstack-ctl:9292
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://swanstack-ctl:5000/v3
username = placement
password = PLACEMENT_PASS
[neutron]
# ...
url = http://swanstack-ctl:9696
auth_url = http://swanstack-ctl:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://swanstack-ctl:6080/vnc_auto.html
[libvirt]
# ...
virt_type = qemu
#主机检查是否开启虚拟机硬件加速功能# egrep -c '(vmx|svm)' /proc/cpuinfo
-----------------------------------------
启动Compute服务及其依赖项,并将它们配置为在系统引导时自动启动:
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
【控制节点】:控制节点执行发现计算节点并注册
# . admin-openrc
# openstack compute service list --service nova-compute
# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
**********************************************************************************************************************
**********************************************************************************************************************
安装neutron服务(此处请参阅相关的配置方式)
【网络节点】:安装和配置网络节点
# mysql -u root -pDDDDDD
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
# . admin-openrc
# openstack user create --domain default --password NEUTRON_PASS neutron
# openstack role add --project service --user neutron admin
# openstack service create --name neutron --description "OpenStack Networking" network
# openstack endpoint create --region RegionOne network public http://swanstack-ctl:9696
# openstack endpoint create --region RegionOne network internal http://swanstack-ctl:9696
# openstack endpoint create --region RegionOne network admin http://swanstack-ctl:9696
#
(由于不同的网络设计环境,此处请参阅相关的配置方式)
**********************************************************************************************************************
**********************************************************************************************************************
【控制节点】:安装Horizon dashboard 界面
安装包:
# yum install -y openstack-dashboard
编辑 /etc/openstack-dashboard/local_settings
# vim /etc/openstack-dashboard/local_settings
-----------------------------------------
OPENSTACK_HOST = "swanstack-ctl"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'swanstack-ctl:11211',
}
}
#注释掉其他的缓存会话
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#创建user 角色
#如果选择网络选项1,供应商网络,请禁用对3层网络服务的支持:
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': True,
'enable_quotas': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
-----------------------------------------
编辑配置/etc/httpd/conf.d/openstack-dashboard.conf 文件
# vim /etc/httpd/conf.d/openstack-dashboard.conf
添加行 : WSGIApplicationGroup %{GLOBAL}
-----------------------------------------
完成安装
重新启动Web服务器和会话存储服务:
# systemctl restart httpd.service memcached.service
安装后端存储cinder服务
【控制节点】:安装和配置控制器节点
# mysql -u root -pDDDDDD
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
# . admin-openrc
# openstack user create --domain default --password CINDER_PASS cinder
# openstack role add --project service --user cinder admin
# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
# openstack endpoint create --region RegionOne volumev2 public http://swanstack-ctl:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne volumev2 internal http://swanstack-ctl:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne volumev2 admin http://swanstack-ctl:8776/v2/%\(project_id\)s
# openstack endpoint create --region RegionOne volumev3 public http://swanstack-ctl:8776/v3/%\(project_id\)s
# openstack endpoint create --region RegionOne volumev3 internal http://swanstack-ctl:8776/v3/%\(project_id\)s
# openstack endpoint create --region RegionOne volumev3 admin http://swanstack-ctl:8776/v3/%\(project_id\)s
安装和配置组件
# yum install openstack-cinder -y
编辑/etc/cinder/cinder.conf文件并完成以下操作:
# vim /etc/cinder/cinder.conf
-----------------------------------------
[DEFAULT]
# ...
my_ip = 10.10.36.81
transport_url = rabbit://openstack:RABBIT_PASS@swanstack-ctl
auth_strategy = keystone
[database]
# ...
connection = mysql+pymysql://cinder:CINDER_DBPASS@swanstack-ctl/cinder
[keystone_authtoken]
# ...
auth_uri = http://swanstack-ctl:5000
auth_url = http://swanstack-ctl:5000
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = CINDER_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp
-----------------------------------------
填充块存储数据库
# su -s /bin/sh -c "cinder-manage db sync" cinder
配置计算以使用cinder服务
编辑/etc/nova/nova.conf文件并将以下内容添加到其中:
# vim /etc/nova/nova.conf
-----------------------------------------
[cinder]
os_region_name = RegionOne
-----------------------------------------
完成安装
# systemctl restart openstack-nova-api.service
# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
【块存储节点】:安装和配置存储节点
# 安装LVM包
# yum install -y lvm2 device-mapper-persistent-data
启动LVM元数据服务并将其配置为在系统引导时启动:
# systemctl enable lvm2-lvmetad.service
# systemctl start lvm2-lvmetad.service
volume类型1: 创建SSD类型 LVM的物理卷:
# pvcreate /dev/sdb
创建LVM卷组cinder-ssd-volumes
# vgcreate cinder-ssd-volumes /dev/sdb
volume类型2: 创建SAS类型 LVM的物理卷:
# pvcreate /dev/sdc
创建LVM卷组cinder-sas-volumes
# vgcreate cinder-sas-volumes /dev/sdc
重要:编辑 vim /etc/lvm/lvm.conf文件并完成以下操作:
在该devices部分中,添加接受/dev/sdb、/dev/sdc设备的过滤 器并拒绝所有其他设备:
-----------------------------------------
devices {
...
filter = [ "a/sdb/","a/sdc/", "r/.*/"]
##如果操作系统的分区也是LVM管理的,则需要添加上系统盘,例如:
####filter = [ "a/sda/","a/sdb/","a/sdc/", "r/.*/"]
-----------------------------------------
安装和配置组件:
# yum install -y openstack-cinder targetcli python-keystone
编辑/etc/cinder/cinder.conf文件并完成以下操作:
# vim /etc/cinder/cinder.conf
-----------------------------------------
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@swanstack-ctl
auth_strategy = keystone
my_ip = 10.10.36.84
enabled_backends = SSD,SAS
glance_api_servers = http://swanstack-ctl:9292
[database]
# ...
connection = mysql+pymysql://cinder:CINDER_DBPASS@swanstack-ctl/cinder
[keystone_authtoken]
# ...
www_authenticate_uri = http://swanstack-ctl:5000
auth_url = http://swanstack-ctl:5000
memcached_servers = swanstack-ctl:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = CINDER_PASS
#配置不同的后端存储类型
[SSD]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-ssd-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
volume_backend_name=SSD
[SAS]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-sas-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
volume_backend_name=SAS
[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp
-----------------------------------------
# cinder type-create SSD
# cinder type-key SSD set volume_backend_name=SSD
# cinder type-create SAS
# cinder type-key SAS set volume_backend_name=SAS
完成安装
启动Block Storage卷服务(包括其依赖项)并将其配置为在系统引导时启动:
# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service
完成安装,测试登录
-----------------------------------------