openstack-quuens安装
环境配置
时间同步
-
控制节点
yum install chrony -y
修改配置文件**/etc/chrony.conf**
server ntp6.aliyun.com iburst allow 10.0.0.0/24
-
计算节点
yum install chrony -y
修改配置文件**/etc/chrony.conf**
server 控制节点主机名 iburst
systemctl enable chronyd.service systemctl restart chronyd.service 注意:需要关闭防火墙才能实现计算节点去同步控制节点
安装openstack库
- 控制节点
yum search openstack -y
yum install XXX-openstack -y
yum upgrade
# 安装openstack客户端
yum install python-openstackclient openstack-selinux -y
sql数据库安装
-
控制节点
- 安装组件
yum install mariadb mariadb-server python2-PyMySQL -y
- 修改配置文件**/etc/my.cnf.d/openstack.cnf**
[mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
- 完成安装
# systemctl enable mariadb.service # systemctl start mariadb.service
安装消息队列rabbitmq
-
控制节点
- 安装包
yum install rabbitmq-server -y systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装Memcached
-
控制节点
-
安装包
yum install memcached python-memcached -y
-
修改参数**/etc/sysconfig/memcached**
OPTIONS="-l 127.0.0.1,::1,controller"
- 重启服务
systemctl enable memcached.service systemctl start memcached.service
-
认证服务
安装配置(控制节点)
- 配置数据库
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
- 安装组件
yum install openstack-keystone httpd mod_wsgi -y
-
修改配置文件**/etc/keystone/keystone.conf**
[DEFAULT] admin_token = ADMIN_TOKEN [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [token] provider = fernet
-
初始化认证服务
su -s /bin/sh -c "keystone-manage db_sync" keystone
-
初始化Fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
-
Bootstrap
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
-
验证是否数据同步成功
mysql -uroot -p数据库密码 keystone -e "show tables;"
-
配置文件**/etc/httpd/conf/httpd.conf**
ServerName controller
-
配置文件**/etc/httpd/conf.d/wsgi-keystone.conf**
Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost>
-
重启服务
systemctl enable httpd.service systemctl start httpd.service
-
创建环境变量脚本
vim ~/admin-openrc
export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
创建服务实体和API端点
-
创建服务实体和身份认证服务
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | c9c5ee4c962d495589388e348a9d553c | | name | keystone | | type | identity | +-------------+----------------------------------+
-
创建认证服务的 API 端点
[root@controller ~]# openstack endpoint create --region RegionOne \ > identity public http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d52e48cc8d2d48678f7037b8cb6bcc0a | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | c9c5ee4c962d495589388e348a9d553c | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ > identity internal http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1d64fd5375bc4010a775e45b98c476cb | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c9c5ee4c962d495589388e348a9d553c | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ > identity admin http://controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 77b68eb0c0ab46a68e3553aa9595b97c | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | c9c5ee4c962d495589388e348a9d553c | | service_name | keystone | | service_type | identity | | url | http://controller:35357/v3 | +--------------+----------------------------------+
创建域、项目、用户和角色
-
创建域
openstack domain create --description "Default Domain" default
-
创建admin项目
openstack project create --domain default \ --description "Admin Project" admin
-
创建admin用户
openstack user create --domain default \ --password ADMIN_PASS admin
-
创建admin角色
openstack role create admin
-
添加admin角色到admin项目和用户上:
openstack role add --project admin --user admin admin
-
创建server项目
openstack project create --domain default \ --description "Service Project" service
验证本步骤是否成功
-
重置环境变量
env | grep OS # 重置OS_TOKEN和OS_URL unset OS_TOKEN OS_URL
-
使用admin用户,获取认证令牌
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2020-09-25T04:40:18+0000 | | id | gAAAAABfbWaiIiSi2p_oGNknYB8KwFGKz-Jw_TpvoZXJlxFeBJ6Far7v20Msp-fFU6Ayn8DSHmQ4E0XisaQVrovDpIiylbNEmpqHrI0AMy1S8cZZ7jkYIwMe1xxH6XP_PiL59UsDZcsHG_UYnT-RmDf5mVbBolEHDLpAVau2hicvRdgpHcdYHCA | | project_id | 3f3e3be353df4e8c8b9eb97db87e8daa | | user_id | 047e22c3bf0d4f8ba8dbb43f1780ef0e | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
镜像服务(控制节点)
先决条件
-
配置数据库
mysql -u root -p CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'GLANCE_DBPASS';
-
创建服务证书
openstack user create --domain default --password GLANCE_PASS glance
-
添加 admin角色到
glance
用户和service
项目openstack role add --project service --user glance admin
-
创建
glance
服务实体openstack service create --name glance \ --description "OpenStack Image" image
-
创建镜像服务的 API 端点
openstack endpoint create --region RegionOne \ image public http://controller:9292 openstack endpoint create --region RegionOne \ image internal http://controller:9292 openstack endpoint create --region RegionOne \ image admin http://controller:9292
配置组件
-
安装软件包
yum install openstack-glance -y
-
编辑配置文件**/etc/glance/glance-api.conf**
[database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = GLANCE_PASS [paste_deploy] flavor = keystone
-
初始化,并将镜像服务写入数据库
su -s /bin/sh -c "glance-manage db_sync" glance
-
重启服务
systemctl enable openstack-glance-api.service \ openstack-glance-registry.service systemctl restart openstack-glance-api.service \ openstack-glance-registry.service
验证glance是否安装成功
-
验证数据库是否同步
mysql -uroot -p密码 glance -e "show tables;"
-
安装镜像源及验证
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img openstack image create "cirros" \ --file cirros-0.3.5-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public [root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | c9e0402f-cd09-4303-99e4-06fba88976a6 | cirros | active | +--------------------------------------+--------+--------+
安装计算服务(Nova)
控制节点安装
先决条件
-
创建数据库
CREATE DATABASE nova_api; CREATE DATABASE nova; CREATE DATABASE nova_cell0;
-
数据库授权
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY 'NOVA_DBPASS'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY 'NOVA_DBPASS';
-
创建compute服务API端点
openstack user create --domain default --password NOVA_PASS nova openstack role add --project service --user nova admin openstack service create --name nova \ --description "OpenStack Compute" compute openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1 openstack user create --domain default --password PLACEMENT_PASS placement openstack role add --project service --user placement admin openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778
安装配置组件
-
安装软件包
yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler openstack-nova-placement-api -y
-
编辑**/etc/nova/nova.conf**
[DEFAULT] my_ip = 192.168.217.11 enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS
-
编辑文件**/etc/httpd/conf.d/00-nova-placement-api.conf**,添加如下信息
<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory>
-
重启httpd服务
systemctl restart httpd
-
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova nova-manage cell_v2 list_cells
完成安装
-
配置开机自启
systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
计算节点
安装组件
-
安装软件包
yum install openstack-nova-compute -y
-
配置**/etc/nova/nova.conf**文件
[DEFAULT] my_ip = 192.168.217.21 enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS [vnc] enabled = True server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS
完成安装
-
查看是否支持硬件加速
egrep -c '(vmx|svm)' /proc/cpuinfo
-
返回值若为0,则需要编辑**/etc/nova/nova.conf**
[libvirt] virt_type = qemu
-
-
重启服务
systemctl enable libvirtd.service openstack-nova-compute.service systemctl restart libvirtd.service openstack-nova-compute.service
校验
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+----------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+----------+------+---------+-------+----------------------------+
| 9 | nova-compute | computer | nova | enabled | up | 2020-09-28T01:39:05.000000 |
+----+--------------+----------+------+---------+-------+----------------------------+
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
# 编辑文件/etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
网络配置
控制节点
安装依赖
-
创建数据库
CREATE DATABASE neutron;
-
数据库授权
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'NEUTRON_DBPASS';
-
创建neutron用户和服务
openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron \ --description "OpenStack Networking" network openstack endpoint create --region RegionOne \ network public http://controller:9696 openstack endpoint create --region RegionOne \ network internal http://controller:9696 openstack endpoint create --region RegionOne \ network admin http://controller:9696
创建公有网络
配置服务组件
-
安装依赖
# 安装依赖 yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables -y
-
编辑文件 /etc/neutron/neutron.conf
[database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [DEFAULT] core_plugin = ml2 service_plugins = [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [nova] auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp
-
编辑文件**/etc/neutron/plugins/ml2/ml2_conf.ini**,配置Modular Layer 2 (ML2) 插件
[ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = provider [securitygroup] enable_ipset = true
-
配置bridge代理
[linux_bridge] physical_interface_mappings = provider:ens33 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
-
配置DHCP代理
[DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = True
配置metadata代理
-
配置文件**/etc/neutron/metadata_agent.ini**
[DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
-
配置文件**/etc/nova/nova.conf**
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
-
同步数据
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
-
重启服务
systemctl restart openstack-nova-api.service systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl enable neutron-l3-agent.service systemctl start neutron-l3-agent.service
计算节点
-
安装组件
yum install openstack-neutron-linuxbridge ebtables ipset -y
-
配置文件**/etc/neutron/neutron.conf**
[DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp
后续更新