OpenStack-queens版搭建
版权声明:
本文为博主学习整理原创文章,如有不正之处请多多指教。
未经博主允许不得转载。 https://mp.csdn.net/postedit/82836081
参考:http://blog.51cto.com/liuleis/2094190
1、改主机名称(两个节点)
10.32.24.244 控制节点
10.32.24.251 计算节点
[root@controller ~]# hostnamectl set-hostname controller
[root@controller ~]# hostname
controller
2、配置网卡(两张eth0 和 eth1、两个节点)
配置第一张网卡
[root@controller ~]# cd /etc/sysconfig/network-scripts/
[root@controller network-scripts]# vi ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
IPADDR=10.32.24.115 //ip
NETMASK=255.255.254.0 //掩码
GATEWAY=10.32.24.1 //网关
配置第二张网卡
[root@controller network-scripts]# vi ifcfg-eth1
DEVICE="eth1"
BOOTPROTO="static"
ONBOOT="yes"
TYPE="Ethernet"
USERCTL="yes"
PEERDNS="yes"
IPV6INIT="no"
PERSISTENT_DHCLIENT="1"
IPADDR=10.32.30.94
NETMASK=255.255.255.0
//重启网络 没有报错说明没有问题
[root@controller ~]# systemctl restart network
3、添加映射(添加controller和 compute两个节点)
[root@controller ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6r
10.32.24.115 controller //控制节点ip和名字
10.32.24.94 compute //计算节点ip和名字
4、配置yum(两个节点)
[root@controller ~]# cd /etc/yum.repos.d/
[root@controller yum.repos.d]# mv * /home/
[root@controller yum.repos.d]# vi local.repo
[centos]
name=centos
baseurl=ftp://10.32.18.195/1804
gpgcheck=0 //关闭不去官网验证
enabled=1 //打开yum源可用 0为关闭
[iaas]
name=iaas
baseurl=ftp://10.32.18.195/queens/openstack-queens
gpgcheck=0 //关闭不去官网验证
enabled=1 //打开yum源可用 0为关闭
验证yum是否成功
[root@controller yum.repos.d]# yum list
5、时间同步(两个节点)
安装时间同步软件
[root@controller ~]# yum install -y chrony
修改配置文件
[root@controller ~]# vi /etc/chrony.conf
设置开机自启
[root@controller ~]# systemctl start chronyd
[root@controller ~]# systemctl enable chronyd
验证是否同步成功(计算节点验证)
[root@controller ~]# systemctl restart chronyd
[root@controller ~]# chronyc sources或者timedatectl
// 如果是 ? 号:控制节点重启之后等一会再验证
[root@controller ~]# systemctl restart chronyd
[root@controller ~]# chronyc sources
6、清除防火墙规则(两个节点)
iptables -F
iptables -X
iptables–Z
[root@controller ~]# /usr/sbin/iptables-save
# Generated by iptables-save v1.4.21 on Tue Oct 9 11:30:46 2018
*filter
:INPUT ACCEPT [25:1884] //关闭成功
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [18:1672]
COMMIT
# Completed on Tue Oct 9 11:30:46 2018
[root@controller ~]#
查看selinux模式为Disabled(关闭)
[root@controller ~]# getenforce
Disabled
或
[root@controller ~]# cat /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
或
[root@controller ~]# cat /etc/sysconfig/selinux (修改之后永久生效,需重新启动虚拟机)setenforce 0 关闭1开启临时生效
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
7、升级yum(两个节点)时间有点长
[root@controller ~]# yum upgrade——————〉输入y
更新成功界面
删除多余的yum包
[root@controller ~]# rm -rvf /etc/yum.repos.d/CentOS-*
removed ‘/etc/yum.repos.d/CentOS-Base.repo’
removed ‘/etc/yum.repos.d/CentOS-CR.repo’
removed ‘/etc/yum.repos.d/CentOS-Debuginfo.repo’
removed ‘/etc/yum.repos.d/CentOS-fasttrack.repo’
removed ‘/etc/yum.repos.d/CentOS-Media.repo’
removed ‘/etc/yum.repos.d/CentOS-Sources.repo’
removed ‘/etc/yum.repos.d/CentOS-Vault.repo’
[root@controller ~]#
8、安装openstack client端(两个节点)
[root@controller ~]#yum install python-openstackclient -y
9、安装openstack-selinux(两个节点)
[root@controller ~]#yum install openstack-selinux -y
完成界面
注:m版需要充气让selinux生效,因为selinux已经关闭,所以不用重启
10、安装数据库(controller节点执行)
大多数OpenStack服务使用SQL数据库来存储信息,数据库通常在控制器节点上运行。本文主要使用MariaDB或MySQL。
安装软件包
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y
新建一个mysql的配置文件
[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.32.24.115
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096//最大的连接数
collation-server = utf8_general_ci
character-set-server = utf8
注:bind-address使用controller节点的管理IP
设置服务开机启动
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
通过运行mysql_secure_installation脚本来保护数据库服务。
[root@controller ~]#回车进入
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y //设置密码
New password: //输入密码
Re-enter new password: //在次输入密码
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y //是否移除其他用户
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n //不允许远程登陆
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
/ / 能登陆安装正确
[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]>
MariaDB [(none)]>
MariaDB [(none)]> quit
Bye
[root@controller ~]#
[root@controller ~]#
注:所有的mysql命令都在
[root@controller ~]# ll /usr/bin/ |grep mysql
-rwxr-xr-x 1 root root 1446 Oct 4 2017 msql2mysql
-rwxr-xr-x 1 root root 3949952 Oct 4 2017 mysql
-rwxr-xr-x 1 root root 111565 Oct 4 2017 mysqlaccess
-rwxr-xr-x 1 root root 3728944 Oct 4 2017 mysqladmin
-rwxr-xr-x 1 root root 3910424 Oct 4 2017 mysqlbinlog
-rwxr-xr-x 1 root root 10475 Oct 4 2017 mysqlbug
-rwxr-xr-x 1 root root 3730680 Oct 4 2017 mysqlcheck
-rwxr-xr-x 1 root root 4249 Oct 4 2017 mysql_convert_table_format
-rwxr-xr-x 1 root root 25162 Oct 4 2017 mysqld_multi
-rwxr-xr-x 1 root root 31690 Oct 4 2017 mysqld_safe
-rwxr-xr-x 1 root root 3809264 Oct 4 2017 mysqldump
-rwxr-xr-x 1 root root 8151 Oct 4 2017 mysqldumpslow
-rwxr-xr-x 1 root root 3317 Oct 4 2017 mysql_find_rows
-rwxr-xr-x 1 root root 1265 Oct 4 2017 mysql_fix_extensions
-rwxr-xr-x 1 root root 34941 Oct 4 2017 mysqlhotcopy
-rwxr-xr-x 1 root root 3725352 Oct 4 2017 mysqlimport
-rwxr-xr-x 1 root root 16620 Oct 4 2017 mysql_install_db
-rwxr-xr-x 1 root root 3549768 Oct 4 2017 mysql_plugin
-rwxr-xr-x 1 root root 11971 Oct 4 2017 mysql_secure_installation
-rwxr-xr-x 1 root root 17503 Oct 4 2017 mysql_setpermission
-rwxr-xr-x 1 root root 3719824 Oct 4 2017 mysqlshow
-rwxr-xr-x 1 root root 3743488 Oct 4 2017 mysqlslap
-rwxr-xr-x 1 root root 4309056 Oct 4 2017 mysqltest
-rwxr-xr-x 1 root root 3545080 Oct 4 2017 mysql_tzinfo_to_sql
-rwxr-xr-x 1 root root 3628848 Oct 4 2017 mysql_upgrade
-rwxr-xr-x 1 root root 3540688 Oct 4 2017 mysql_waitpid
-rwxr-xr-x 1 root root 3892 Oct 4 2017 mysql_zap
-rwxr-xr-x 1 root root 7932 Oct 4 2017 wsrep_sst_mysqldump
[root@controller ~]#
11、在controller节点安装、配置RabbitMQ
1.安装配置消息队列组件(如果安装不成功,检查yum是否正确)
[root@controller ~]# yum install rabbitmq-server -y
2.设置服务开机启动
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]#
查看rabbitmq-server的语法:
[root@controller ~]# rabbitmqctl --help|grep user
Error: could not recognise command
add_user <username><password>
delete_user <username>
change_password <username><newpassword>
clear_password <username>
authenticate_user <username><password>
set_user_tags <username><tag> ...
list_users
set_permissions [-p <vhost>] <user><conf><write><read>
clear_permissions [-p <vhost>] <username>
list_user_permissions <username>
channels, protocol, auth_mechanism, user, vhost, timeout, frame_max,
user, vhost, transactional, confirm, consumer_count, messages_unacknowledged,
添加openstack用户 如果报错重新连接
[root@controller ~]# rabbitmqctl add_user openstack 000000
Creating user "openstack" ...
[root@controller ~]#
[root@controller ~]# rabbitmqctl list_users //查看用户
Listing users ...
openstack []
guest [administrator]
[root@controller ~]#
3、给openstack用户的权限配置
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
12、安装缓存数据库Memcached(controller节点)
说明:服务的身份认证服务使用Memcached缓存令牌。 memcached服务通常在控制器节点上运行。对于生产部署,我们建议启用防火墙,身份验证和加密的组合来保护它。
1.安装配置组件
[root@controller ~]# yum install memcached python-memcached –y
/ / 修改配置文件
[root@controller ~]# vi /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 127.0.0.1,::1,controller" //标红为添加内容
"/etc/sysconfig/memcached" 5L, 98C written
/ / 设置开机自启
[root@controller ~]# systemctl start memcached
[root@controller ~]# systemctl enable memcached
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
/ / 验 证
[root@controller ~]# systemctl status memcached
● memcached.service - memcached daemon
Loaded: loaded (/usr/lib/systemd/system/memcached.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-10-09 12:24:29 UTC; 19s ago
Main PID: 13392 (memcached)
CGroup: /system.slice/memcached.service
└─13392 /usr/bin/memcached -p 11211 -u memcached -m 64 -c 1024 -l 1...
Oct 09 12:24:29 controller systemd[1]: Started memcached daemon.
Oct 09 12:24:29 controller systemd[1]: Starting memcached daemon...
[root@controller ~]#
2.安装 etcd 并编辑/etc/etcd/etcd.conf文件
[root@controller ~]# yum install -y etcd
[root@controller ~]# vi /etc/etcd/etcd.conf
//标红处为修改内容
ETCD_INITIAL_CLUSTER
ETCD_INITIAL_ADVERTISE_PEER_URLS
ETCD_ADVERTISE_CLIENT_URLS
ETCD_LISTEN_CLIENT_URLS
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS=http://10.71.11.12:2380 // //控制节点IP
ETCD_LISTEN_CLIENT_URLS=http://10.71.11.12:2379 // //控制节点IP
ETCD_NAME="controller" //控制节点名字
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS=http://10.71.11.12:2380 // //控制节点IP
ETCD_ADVERTISE_CLIENT_URLS=http://10.71.11.12:2379 // //控制节点IP
ETCD_INITIAL_CLUSTER="controller=http://10.71.11.12:2380" // //控制节点IP
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new" // //控制节点IP
3.设置服务开机启动
[root@controller ~]# systemctl enable etcd [root@controller ~]# systemctl start etcd [root@controller ~]# systemctl status etcd
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-10-09 12:43:38 UTC; 1min 44s ago
Main PID: 13757 (etcd)
CGroup: /system.slice/etcd.service
└─13757 /usr/bin/etcd --name=controller --data-dir=/var/lib/etcd/de...
Oct 09 12:43:38 controller etcd[13757]: fe1f7391c09ad469 received MsgVoteRes... 2
Oct 09 12:43:38 controller etcd[13757]: fe1f7391c09ad469 became leader at term 2
Oct 09 12:43:38 controller etcd[13757]: raft.node: fe1f7391c09ad469 elected ... 2
Oct 09 12:43:38 controller etcd[13757]: setting up the initial cluster versi....2
Oct 09 12:43:38 controller etcd[13757]: set the initial cluster version to 3.2
Oct 09 12:43:38 controller etcd[13757]: enabled capabilities for version 3.2
Oct 09 12:43:38 controller etcd[13757]: published {Name:controller ClientURL...2f
Oct 09 12:43:38 controller etcd[13757]: ready to serve client requests
Oct 09 12:43:38 controller etcd[13757]: serving insecure client requests on ...d!
Oct 09 12:43:38 controller systemd[1]: Started Etcd Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@controller ~]#
注:登陆数据库删除 drop 建create 用 use 查show select 查询内容
[root@controller ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help.Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases;
13、安装keystone组件(controller)
1.创建keystone数据库并授权
[root@controller ~]# mysql -u root –p
create database keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]>
验证
MariaDB [(none)]> show grants for keystone;
+---------------------------------------------------------------------------------------------------------+
| Grants for keystone@% |
+---------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'keystone'@'%' IDENTIFIED BY PASSWORD '*032197AE5731D4664921A6CCAC7CFCE6A0698693' |
| GRANT ALL PRIVILEGES ON `keystone`.* TO 'keystone'@'%' |
+---------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]>
注:退出或flush priviles(单词有误)生效
2.安装、配置组件
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
3.编辑 /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:000000@controller/keystone
[token]
provider = fernet
4.同步keystone数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
5.数据库初始化
[root@controller ~]#keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
注:不能有返回值
6.引导身份认证服务
/ / 这是命令哦:
[root@controller ~]#keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
14、配置apache http服务
1.编辑/etc/httpd/conf/httpd.conf,配置ServerName参数
/ / 添加
ServerName controller
2.创建 /usr/share/keystone/wsgi-keystone.conf链接文件
[root@controller ~]#ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3.设置服务开机启动
[root@controller ~]#systemctl enable httpd.service;
[root@controller ~]#systemctl start httpd.service
启动服务报错
[root@controller ~]# systemctl start httpd.service
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service"and"journalctl -xe"for details.
[root@controller ~]# journalctl -xe
Apr 0102:31:03 controller systemd[1]: [/usr/lib/systemd/system/memcached.service:62] Unknown lvalue 'ProtectControlGroups'in section 'Service'
Apr 0102:31:03 controller systemd[1]: [/usr/lib/systemd/system/memcached.service:65] Unknown lvalue 'RestrictRealtime'in section 'Service'
Apr 0102:31:03 controller systemd[1]: [/usr/lib/systemd/system/memcached.service:72] Unknown lvalue 'RestrictNamespaces'in section 'Service'
Apr 0102:31:03 controller polkitd[928]: Unregistered Authentication Agent for unix-process:18932:9281785 (system bus name :1.157, object path /org/freedeskt
Apr 0102:31:09 controller polkitd[928]: Registered Authentication Agent for unix-process:18952:9282349 (system bus name :1.158 [/usr/bin/pkttyagent --notify
Apr 0102:31:09 controller systemd[1]: Starting The Apache HTTP Server...
-- Subject: Unit httpd.service has begun start-up
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has begun starting up.
Apr 0102:31:09 controller httpd[18958]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000
Apr 0102:31:09 controller httpd[18958]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000
Apr 0102:31:09 controller httpd[18958]: no listening sockets available, shutting down
Apr 0102:31:09 controller httpd[18958]: AH00015: Unable to open logs
Apr 0102:31:09 controller systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Apr 0102:31:09 controller kill[18960]: kill: cannot find process ""
Apr 0102:31:09 controller systemd[1]: httpd.service: control process exited, code=exited status=1
Apr 0102:31:09 controller systemd[1]: Failed to start The Apache HTTP Server.
-- Subject: Unit httpd.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit httpd.service has failed.
--
-- The result is failed.
Apr 0102:31:09 controller systemd[1]: Unit httpd.service entered failed state.
Apr 0102:31:09 controller systemd[1]: httpd.service failed.
Apr 0102:31:09 controller polkitd[928]: Unregistered Authentication Agent for unix-process:18952:9282349 (system bus name :1.158, object path /org/freedeskt
经过判断,是SELinux引发的问题
解决办法:关闭防火墙
[root@controller ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
再次重启服务报错解决
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# Systemctl start httpd.service
4.配置administrative账号
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
验证:
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-09-18T15:18:38+0000 |
| id | gAAAAABboQk-YwCOHAG01erLButPoqaAMc4egspNUy7fr-kTlXtShu0NC3pto9jTZyNVrAVIMlT9fbZJTQD3_ksZ0RA1CPX4D8bGgdZB1zQdIWxRwEpOanXm6DYT653pZsNbTTocU7xLQJ6LLGgyEXBC5fSqyngdTfDzf0oHXEl29J-0fZB2WYw |
| project_id | 2738b79871864728818e71a8711da1b5 |
| user_id | d9b994e3811741ad8602406e67a602de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
正确!
15、创建 domain, projects, users, roles(生效环境变量)
1.创建域(多余的可不做)
penstack domain create--description "Domain" example
[root@controller ~]# openstackdomaincreate--description "Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Domain |
| enabled | True |
| id | 199658b1d0234c3cb8785c944aa05780 |
| name | example |
| tags | [] |
+-------------+----------------------------------+
+-------------+----------------------------------+
2、创建服务项目
openstack project create --domain default --description "Service Project" service
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 03e700ff43e44b29b97365bac6c7d723 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 2738b79871864728818e71a8711da1b5 | admin |
| 925929f4b4e5455bba99c07035f9fc90 | service |
| d808d70e6dfc46dbb7abb23e8fef7f8d | demo |
+----------------------------------+---------+
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| d9b994e3811741ad8602406e67a602de | admin |
3.创建平台demo项目
openstack project create --domain default --description "Demo Project" demo
[root@controller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 61f8c9005ca84477b5bdbf485be1a546 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
4、创建demo用户
openstack user create --domain default --password-prompt demo
[root@controller ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fa794c034a53472c827a94e6a6ad12c1 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
5、创建用户角色
[root@controller ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 155c193be58f4c77ad34b7dd58b71e4f |
| name | user |
+-----------+----------------------------------+
6、添加用户角色到demo项目和用户
[root@controller ~]# openstack role add --project demo --user demo user
说明:此条命令执行成功后不返回参数
验证操作
1.取消环境变量
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
2.admin用户返回的认证token
[root@controller ~]# openstack --os-auth-urlhttp://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-09-18T15:41:25+0000 |
| id | gAAAAABboQ6Vnhj0CCIkXg_E3WY0PqrLkI0Mn9jAC6ZLgnxl3mCHFC4guQPYWQ7XmVwmUGkrQj5jWpsMlr82v8znHsTq-Bk1AbTE9qXQ_Fzpbof_WXpDKqKy_2aJO1Z5q3pk0dBuBG899jIvAPFc5IbspkEKFDi4bEbApLso7H3xJm5bkqiJ96M |
| project_id | 2738b79871864728818e71a8711da1b5 |
| user_id | d9b994e3811741ad8602406e67a602de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3.demo用户返回的认证token
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-09-18T15:42:02+0000 |
| id | gAAAAABboQ66QpVYU9Wsqyqf6IneESLfBnXH_4kGSnC75FylD8hAbIvaZQo3C_f2WfUvIlDQdrCFl0uX_bI4CjEFy4E5_nYu289OOTlV0MvJV2BUfBEiE2bK7tIHx4x-oCzmNJtdXK7QjqVM2jwwctmlL4GxD-ufs4IyPoIqmRWkwjUCY67v3Hs |
| project_id | d808d70e6dfc46dbb7abb23e8fef7f8d |
| user_id | 5204ba17edd34988bd46fbf92484bed8 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
成功!
验证操作(先生效环境变量、在取消设置OS_PASSWORD OS_AUTH_URL)
1.取消环境变量
[root@controller ~]#unset OS_AUTH_URL OS_PASSWORD
2.admin用户返回的认证token
[root@controller ~]# export OS_USERNAME=admin
[root@controller ~]# export OS_PASSWORD=000000
[root@controller ~]# export OS_PROJECT_NAME=admin
[root@controller ~]# export OS_USER_DOMAIN_NAME=Default
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ~]# exportOS_AUTH_URL=http://controller:35357/v3
[root@controller ~]# export OS_IDENTITY_API_VERSION=3
[root@controller ~]# unset OS_PASSWORD OS_AUTH_URL
[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
Password: //
密码
000000
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-09-21T13:17:20+0000 |
| id | gAAAAABbpOFQzUeAKhZ1Dtlcv0ZoYb-jFqmj76sqtZzVdvZLuFmBf1aH8m5ctr0pLI1AgiQc8aDQ5bTZDPg89l2v56ezS_aXEItbLylGRO9gS_xvDk_1Stm7GG4FdRsraM17_15bjRxdUrxdZ1ovAT7gepJ2xMW2Q0VomWOJsW9PIgljE3P2p2g |
| project_id | 2738b79871864728818e71a8711da1b5 |
| user_id | d9b994e3811741ad8602406e67a602de |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3.demo用户返回的认证token
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
>> --os-project-domain-name Default --os-user-domain-name Default \
>> --os-project-name demo --os-username demo token issue
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-09-21T13:22:34+0000 |
| id | gAAAAABbpOKK2sreFQpB2tDidFRAqRkvLwmVJ3PlLyDB5diR1Tqj-G2PVT4oGyJvTwOMtSCHO-1kVD9Nhyb3CkjWo7Xj4QFjZE2kP1Q7L3BfY8_7MfAEORDsLNN_B0P0MmkPUe8vORQ6BaL63Ct9rZYJoPWLlqTr9g77EEJBkUlfV1Q2U_cj7Bs |
| project_id | d808d70e6dfc46dbb7abb23e8fef7f8d |
| user_id | 5204ba17edd34988bd46fbf92484bed8 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
创建数据库 glance
[root@controller ~]# mysql -uroot -p000000 //进入数据库
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 35
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help.Type '\c' to clear the current input statement.
MariaDB [(none)]> show databases; //显示数据库
+--------------------+
| Database |
+--------------------+
| information_schema |
| keystone |
| mysql |
| performance_schema |
| xcl |
+--------------------+
5 rows in set (0.00 sec)
MariaDB [(none)]> create database glance; //创建数据库glance
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> show databases; //显示数据库
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| performance_schema |
| xcl |
+--------------------+
6 rows in set (0.00 sec)
MariaDB [(none)]> show grants for glance; //查看数据库 glance 权限
ERROR 1141 (42000): There is no such grant defined for user 'glance' on host '%'
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000'; //给 glance 赋权
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';
Query OK, 0 rows affected (0.00 sec) //给 glance 赋权
MariaDB [(none)]> show grants for glance; //查看 glance 权限
+-------------------------------------------------------------------------------------------------------+
| Grants for glance@% |
+-------------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'glance'@'%' IDENTIFIED BY PASSWORD '*032197AE5731D4664921A6CCAC7CFCE6A0698693' |
| GRANT ALL PRIVILEGES ON `glance`.* TO 'glance'@'%' |
+-------------------------------------------------------------------------------------------------------+
2 rows in set (0.00 sec)
MariaDB [(none)]> quit //退出数据库
Bye
创建openstack 客户端环境脚本
- 创建admin-openrc脚本(vi admin-openrc.sh编辑)
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
2.创建demo-openrc脚本
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=000000 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
3.使用脚本,返回认证token
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-04-01T08:17:29+0000 |
| id | gAAAAABawIeJ0z-3R2ltY6ublCGqZX80AIi4tQUxqEpw0xvPsFP9BLV8ALNsB2B7bsVivGB14KvhUncdoRl_G2ng5BtzVKAfzHyB-OxwiXeqAttkpQsuLCDKRHd3l-K6wRdaDqfNm-D1QjhtFoxHOTotOcjtujBHF12uP49TjJtl1Rrd6uVDk0g |
| project_id | 4205b649750d4ea68ff5bea73de0faae |
| user_id |475b31138acc4cc5bb42ca64af418963 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
安装Glance服务(controller)
1、创建glance用户
[root@controller ~]# source admin-openrc.sh [root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | eba368ed70524b86b20a87372a50bd49 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
2、把admin用户添加到glance用户和项目中
[root@controller ~]# openstack role add --project service --user glance admin
说明:此条命令执行不返回不返回
创建glance服务
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ac679c8830a04d85a49b6ab03a9d0fbb |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller ~]# openstack service list //查看
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 30dccfb186194825b6f98c3afa94c688 | keystone | identity |
| ac679c8830a04d85a49b6ab03a9d0fbb | glance | image |
+----------------------------------+----------+----------+
3.创建镜像服务API端点
[root@controller ~]# openstack endpoint list //查看API
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
| 3c00fdad9b334ac3adbf836606acc420 | RegionOne | keystone | identity | True | public | http://controller:5000/v3/ |
| 53d73bf1512947e9b9840ce9670b29ea | RegionOne | keystone | identity | True | internal | http://controller:5000/v3/ |
| ff4b19d4582a4222ae5a21c5104a139b | RegionOne | keystone | identity | True | admin | http://controller:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+----------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f860c9666d244deab28c0b94164d0145 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ac679c8830a04d85a49b6ab03a9d0fbb |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 75bfcddae1be4070a472f91f3b464a85 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ac679c8830a04d85a49b6ab03a9d0fbb |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 79eadf7829274b1b9beb2bfb6be91992 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 5927e22c745449869ff75b193ed7d7c6 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
安装和配置组件
1.安装软件包
[root@controller ~]#yum install openstack-glance -y
2.编辑/etc/glance/glance-api.conf文件
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 000000 //改为自己密码
[paste_deploy] flavor = keystone
[glance_store]
stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
3.编辑/etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 000000 //改为自己密码
[paste_deploy]
flavor = keystone
4.同步镜像服务数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
验证 两个running
[root@controller ~]# systemctl status openstack-glance-api.service openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-10-09 14:05:41 UTC; 30s ago
Main PID: 15592 (glance-api)
CGroup: /system.slice/openstack-glance-api.service
├─15592 /usr/bin/python2 /usr/bin/glance-api
└─15617 /usr/bin/python2 /usr/bin/glance-api
Oct 09 14:05:44 controller glance-api[15592]: /usr/lib/python2.7/site-packages....
Oct 09 14:05:44 controller glance-api[15592]: return pkg_resources.EntryPoint....)
Oct 09 14:05:44 controller glance-api[15592]: /usr/lib/python2.7/site-packages....
Oct 09 14:05:44 controller glance-api[15592]: return pkg_resources.EntryPoint....)
Oct 09 14:05:45 controller glance-api[15592]: /usr/lib/python2.7/site-packages....
Oct 09 14:05:45 controller glance-api[15592]: return pkg_resources.EntryPoint....)
Oct 09 14:05:45 controller glance-api[15592]: /usr/lib/python2.7/site-packages....
Oct 09 14:05:45 controller glance-api[15592]: return pkg_resources.EntryPoint....)
Oct 09 14:05:45 controller glance-api[15592]: /usr/lib/python2.7/site-packages...r
Oct 09 14:05:45 controller glance-api[15592]: val = callable(*args, **kw)
● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2018-10-09 14:05:41 UTC; 29s ago
Main PID: 15593 (glance-registry)
CGroup: /system.slice/openstack-glance-registry.service
├─15593 /usr/bin/python2 /usr/bin/glance-registry
└─15616 /usr/bin/python2 /usr/bin/glance-registry
Oct 09 14:05:44 controller glance-registry[15593]: /usr/lib/python2.7/site-pac....
Oct 09 14:05:44 controller glance-registry[15593]: return pkg_resources.EntryP...)
Oct 09 14:05:44 controller glance-registry[15593]: /usr/lib/python2.7/site-pac....
Oct 09 14:05:44 controller glance-registry[15593]: return pkg_resources.EntryP...)
Oct 09 14:05:44 controller glance-registry[15593]: /usr/lib/python2.7/site-pac....
Oct 09 14:05:44 controller glance-registry[15593]: return pkg_resources.EntryP...)
Oct 09 14:05:45 controller glance-registry[15593]: /usr/lib/python2.7/site-pac....
Oct 09 14:05:45 controller glance-registry[15593]: debtcollector.deprecate("Gl..."
Oct 09 14:05:45 controller glance-registry[15593]: /usr/lib/python2.7/site-pac...r
Oct 09 14:05:45 controller glance-registry[15593]: val = callable(*args, **kw)
Hint: Some lines were e
成 功!
[root@controller ~]# systemctl enable openstack-glance-api.service
[root@controller ~]# systemctl enable openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service
[root@controller ~]# systemctl start openstack-glance-registry.service
[root@controller ~]# source admin-openrc.sh
[root@controller ~]# glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
[root@controller ~]# openstack image list
5、从10.32.24.58:/root/CentOS_7.2_x86_64_XD.qcow2 /root拷镜像
[root@controller ~]# scp -r 10.32.24.58:/root/CentOS_7.2_x86_64_XD.qcow2 /root
The authenticity of host '10.32.24.58 (10.32.24.58)' can't be established.
ECDSA key fingerprint is SHA256:myy48j+F3yF3/KybxOgv9LnT/E7Xc8q6VAj+8DMADPo.
ECDSA key fingerprint is MD5:37:48:34:56:ad:65:08:c1:0b:53:35:ce:fc:4f:c0:3e.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.32.24.58' (ECDSA) to the list of known hosts.
CentOS_7.2_x86_64_XD.qcow2 100% 382MB 36.3MB/s 00:10
[root@controller ~]# ll
total 391384
-rwxrwxrwx 1 root root 274 Sep 18 15:22 admin-openrc.sh
-rw-r--r-- 1 root root 400752640 Sep 21 13:40 CentOS_7.2_x86_64_XD.qcow2
-rwxrwxrwx 1 root root 272 Sep 18 15:23 demo-openrc.sh
-rwxrwxrwx 1 root root 245 Sep 18 15:24 huanjing.sh
-rw-r--r-- 1 root root 0 Sep 21 12:22 --os-project-domain-name
-rw-r--r-- 1 root root 167 Sep 21 12:22 --os-project-name
-rw-r--r-- 1 root root 174 Sep 21 12:14 test.txt
-rwxrwxrwx 1 root root 237 Sep 18 14:16 t.txt
6、上传镜像
[root@controller ~]# glance image-create --name "CentOS7" --disk-format qcow2 --container-format bare --progress </root/CentOS_7.2_x86_64_XD.qcow2
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ea197f4c679b8e1ce34c0aa70ae2a94a |
| container_format | bare |
| created_at | 2018-09-21T13:46:20Z |
| disk_format | qcow2 |
| id | 290e702a-224e-4864-bd47-a3a71534496b |
| min_disk | 0 |
| min_ram | 0 |
| name | CentOS7 |
| owner | None |
| protected | False |
| size | 400752640 |
| status | active |
| tags | [] |
| updated_at | 2018-09-21T13:46:22Z |
| virtual_size | None |
| visibility | shared |
+------------------+--------------------------------------+
7、查看上传的镜像
[root@controller ~]# glance image-list
+--------------------------------------+---------+
| ID | Name |
+--------------------------------------+---------+
| 290e702a-224e-4864-bd47-a3a71534496b | CentOS7 |
+--------------------------------------+---------+
[root@controller ~]#
注:存放镜像地址
[root@controller ~]# ll /var/lib/glance/images/
total 391360
-rw-r----- 1 glance glance 400752640 Sep 21 13:46 290e702a-224e-4864-bd47-a3a71534496b
[root@controller ~]#
[root@controller ~]# yum search qemu-img //查看 qemu-img 所需依赖包
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
============================== N/S matched: qemu-img ==============================
qemu-img.x86_64 : QEMU command line tool for manipulating disk image // 查出的依赖包
qemu-img-ev.x86_64 : QEMU command line tool for manipulating disk images // 查出的依赖包
Name and summary matches only, use "search all" for everything.
[root@controller ~]#
[root@controller ~]# yum install qemu-img.x86_64 qemu-img-ev.x86_64 –y //安装
注: 查看镜像的格式(如查看CentOS_7.2_x86_64_XD.qcow2的格式)
[root@controller ~]# ll
total 391384
-rwxrwxrwx 1 root root 274 Sep 18 15:22 admin-openrc.sh
-rw-r--r-- 1 root root 400752640 Sep 21 13:40 CentOS_7.2_x86_64_XD.qcow2
-rwxrwxrwx 1 root root 272 Sep 18 15:23 demo-openrc.sh
-rwxrwxrwx 1 root root 245 Sep 18 15:24 huanjing.sh
[root@controller ~]# qemu-img info CentOS_7.2_x86_64_XD.qcow2
image: CentOS_7.2_x86_64_XD.qcow2
file format: qcow2 / / 镜像格式
virtual size: 8.0G (8589934592 bytes)
disk size: 382M
cluster_size: 65536
Format specific information:
compat: 0.10
refcount bits: 16
[root@controller ~]#
controller节点安装和配置compute服务
1.创建nova_api, nova, nova_cell0数据库
[root@controller ~]# mysql -uroot -p000000
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
数据库登录授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; //本机权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000'; // 远程权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; //本机权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000'; // 远程权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; //本机权限
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '000000'; // 远程权限
查看赋权
MariaDB [(none)]> show grants for nova;
+-----------------------------------------------------------------------------------------------------+
| Grants for nova@% |
+-----------------------------------------------------------------------------------------------------+
| GRANT USAGE ON *.* TO 'nova'@'%' IDENTIFIED BY PASSWORD '*032197AE5731D4664921A6CCAC7CFCE6A0698693' |
| GRANT ALL PRIVILEGES ON `nova`.* TO 'nova'@'%' |
| GRANT ALL PRIVILEGES ON `nova_api`.* TO 'nova'@'%' |
| GRANT ALL PRIVILEGES ON `nova_cell0`.* TO 'nova'@'%' |
+-----------------------------------------------------------------------------------------------------+
4 rows in set (0.00 sec)
MariaDB [(none)]>
2.创建nova用户
[root@controller ~]# source admin-openrc.sh //生效环境变量
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
|id| 8e72103f5cc645669870a630ffb25065 |
| name | nova |
|options| {} |
| password_expires_at |None|
+---------------------+----------------------------------+
3.添加admin用户为nova用户
[root@controller ~]# openstack role add --project service --user nova admin
4.创建nova服务端点
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
|description| OpenStack Compute |
| enabled | True |
|id| 9f8f8d8cb8e542b09694bee6016cc67c |
| name | nova |
|type| compute |
/ / 查看nova 服务
[root@controller ~]# openstack service show nova
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 5b727a39e0a9412c8e20e5274d27079d |
| name | nova |
| type | compute |
+-------------+----------------------------------+
5.创建compute API 服务端点
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cf260d5a56344c728840e2696f44f9bc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id |9f8f8d8cb8e542b09694bee6016cc67c |
| service_name | nova |
| service_type | compute |
|url| http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f308f29a78e04b888c7418e78c3d6a6d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id |9f8f8d8cb8e542b09694bee6016cc67c |
| service_name | nova |
| service_type | compute |
|url| http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id |022d96fa78de4b73b6212c09f13d05be |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id |9f8f8d8cb8e542b09694bee6016cc67c |
| service_name | nova |
| service_type | compute |
|url| http://controller:8774/v2.1 |
+--------------+----------------------------------+
创建一个placement服务用户
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
|id| fa239565fef14492ba18a649deaa6f3c |
| name | placement |
|options| {} |
| password_expires_at |None|
+---------------------+----------------------------------+
6.添加placement用户为项目服务admin角色
[root@controller ~]#openstack role add --project service --user placement admin
7.创建在服务目录创建Placement API服务
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
|description| Placement API |
| enabled | True |
|id| 32bb1968c08747ccb14f6e4a20cd509e |
| name | placement |
|type| placement |
+-------------+----------------------------------+
8.创建Placement API服务端点
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b856962188484f4ba6fad500b26b00ee |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id |32bb1968c08747ccb14f6e4a20cd509e |
| service_name | placement |
| service_type | placement |
|url| http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id |62e5a3d82a994f048a8bb8ddd1adc959 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id |32bb1968c08747ccb14f6e4a20cd509e |
| service_name | placement |
| service_type | placement |
|url| http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f12f81ff7b72416aa5d035b8b8cc2605 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id |32bb1968c08747ccb14f6e4a20cd509e |
| service_name | placement |
| service_type | placement |
|url| http://controller:8778 |
+--------------+----------------------------------+
安装和配置组件
1.安装软件包
[root@controller ~]#yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
2.编辑 /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:000000@controller //rabbit 密码 my_ip = 10.32.24.115 // 本机ip use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:000000@controller/nova_api
[database]
connection = mysql+pymysql://nova:000000@controller/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 000000
[vnc]
enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 000000
3.由于软件包的一个bug,需要在/etc/httpd/conf.d/00-nova-placement-api.conf文件中添加如下配置
<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion <2.4> Order allow,deny Allow from all </IfVersion> </Directory>
4.重新http服务
[root@controller ~]#systemctl restart httpd
/ / 如果报 job 。。。。错,请检查配置文件
5.同步nova-api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
同步数据库报错
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
Traceback (most recent call last):
File "/usr/bin/nova-manage", line 10, in<module>
sys.exit(main())
File "/usr/lib/python2.7/site-packages/nova/cmd/manage.py", line 1597, in main
config.parse_args(sys.argv)
File "/usr/lib/python2.7/site-packages/nova/config.py", line 52, in parse_args
default_config_files=default_config_files)
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 2502, in __call__
else sys.argv[1:])
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 3166, in _parse_cli_opts
returnself._parse_config_files()
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 3183, in _parse_config_files
ConfigParser._parse_file(config_file, namespace)
File "/usr/lib/python2.7/site-packages/oslo_config/cfg.py", line 1950, in _parse_file
raise ConfigFileParseError(pe.filename, str(pe))
oslo_config.cfg.ConfigFileParseError: Failed to parse /etc/nova/nova.conf: at /etc/nova/nova.conf:8, No ':'or'=' found inassignment:'/etc/nova/nova.conf'
根据报错,把/etc/nova/nova.conf中第八行注释掉,解决报错
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported exception.NotSupportedWarning
6.注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
7.创建cell1 cell
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
6c689e8c-3e13-4e6d-974c-c2e4e22e510b
8.同步nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
/usr/lib/python2.7/site-packages/pymysql/cursors.py:165: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:165: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
9.验证 nova、 cell0、 cell1数据库是否注册正确
[root@controller ~]# nova-manage cell_v2 list_cells
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| Name | UUID | Transport URL | Database Connection |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
| cell0| 00000000-0000-0000-0000-000000000000 |none:/| mysql+pymysql://nova:****@controller/nova_cell0 |
| cell1 |6c689e8c-3e13-4e6d-974c-c2e4e22e510b | rabbit://openstack:****@controller | mysql+pymysql://nova:****@controller/nova|
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+
10.设置服务为开机启动
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
查看5个服务是否为running
[root@controller ~]# systemctl status openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
安装和配置compute节点服务
1.安装软件包(安装之前一定要同步时间)
[root@controller ~]#chronyc sources或者 timedatectl
[root@controller ~]# yum install openstack-nova-compute
2.编辑/etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:000000@controller my_ip = 10.32.24.251 //计算节点ip use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://10.32.24.251:5000 //计算节点ip auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 000000
[vnc]
enabled = True server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://控制节点ip:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:35357/v3 username = placement password = 000000
要修改成 qemu 不能有空格
3.设置服务开机启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
说明:如果nova-compute服务无法启动,请检查/var/log/nova/nova-compute.log,会出现如下报错信息
2018-04-0112:03:43.36218612 INFO os_vif [-] Loaded VIF plugins: ovs, linux_bridge
2018-04-0112:03:43.43118612 WARNING oslo_config.cfg [-] Option "use_neutron"from group "DEFAULT"is deprecated for removal (
nova-networkis deprecated, as are any related configuration options.
). Its value may be silently ignored in the future.
2018-04-0112:03:43.60918612 INFO nova.virt.driver [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] Loading compute driver 'libvirt.LibvirtDriver'
2018-04-0112:03:43.82518612 WARNING oslo_config.cfg [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] Option "firewall_driver"from group "DEFAULT"is deprecated for removal (
nova-networkis deprecated, as are any related configuration options.
). Its value may be silently ignored in the future.
2018-04-0112:03:43.83218612 WARNING os_brick.initiator.connectors.remotefs [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] Connection details not present. RemoteFsClient may not initialize properly.
2018-04-0112:03:43.93818612 ERROR oslo.messaging._drivers.impl_rabbit [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] [683db769-0ab2-4e92-b19e-d2b711c8fadf] AMQP server on controller:5672is unreachable: [Errno 113] EHOSTUNREACH. Trying again in1seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2018-04-0112:03:45.04218612 ERROR oslo.messaging._drivers.impl_rabbit [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] [683db769-0ab2-4e92-b19e-d2b711c8fadf] AMQP server on controller:5672is unreachable: [Errno 113] EHOSTUNREACH. Trying again in2 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2018-04-0112:03:47.14018612 ERROR oslo.messaging._drivers.impl_rabbit [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] [683db769-0ab2-4e92-b19e-d2b711c8fadf] AMQP server on controller:5672is unreachable: [Errno 113] EHOSTUNREACH. Trying again in4 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2018-04-0112:03:51.24418612 ERROR oslo.messaging._drivers.impl_rabbit [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] [683db769-0ab2-4e92-b19e-d2b711c8fadf] AMQP server on controller:5672is unreachable: [Errno 113] EHOSTUNREACH. Trying again in6 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2018-04-0112:03:57.35118612 ERROR oslo.messaging._drivers.impl_rabbit [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] [683db769-0ab2-4e92-b19e-d2b711c8fadf] AMQP server on controller:5672is unreachable: [Errno 113] EHOSTUNREACH. Trying again in8 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
2018-04-0112:04:05.45818612 ERROR oslo.messaging._drivers.impl_rabbit [req-8f3c2d77-ea29-49ca-933b-bfd4179552dc - - - - -] [683db769-0ab2-4e92-b19e-d2b711c8fadf] AMQP server on controller:5672is unreachable: [Errno 113] EHOSTUNREACH. Trying again in10 seconds. Client port: None: error: [Errno 113] EHOSTUNREACH
@
"/var/log/nova/nova-compute.log"947L, 240212C
控制器:5672上的错误消息AMQP服务器无法访问可能表示控制器节点上的防火墙阻止了对端口5672的访问。配置防火墙以在控制器节点上打开端口5672,并在计算节点上重新启动nova-compute服务。
清除controller的防火墙
[root@controller ~]# iptables -F
[root@controller ~]# iptables -X
[root@controller ~]# iptables -Z
重启计算服务成功
4.添加compute节点到cell数据库(controller)
验证有几个计算节点在数据库中
[root@controller ~].admin-openrc
[root@controller ~]# openstack compute service list --service nova-compute
+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+---------+------+---------+-------+----------------------------+
| 8 | nova-compute | compute | nova | enabled | up | 2018-04-01T22:24:14.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+
5.发现计算节点
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported
exception.NotSupportedWarning
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': 6c689e8c-3e13-4e6d-974c-c2e4e22e510b
Found 1 unmapped computes in cell: 6c689e8c-3e13-4e6d-974c-c2e4e22e510b
Checking host mapping for compute host 'compute': 32861a0d-894e-4af9-a57c-27662d27e6bd
Creating host mapping for compute host 'compute': 32861a0d-894e-4af9-a57c-27662d27e6b
在controller节点验证计算服务操作
1.列出服务组件
[root@controller ~]# source admin-openrc.sh
[root@controller ~]# openstack compute service list
+----+------------------+----------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+----------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2018-04-01T22:25:29.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2018-04-01T22:25:33.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2018-04-01T22:25:30.000000 |
| 6 | nova-conductor | ansible-server | internal | enabled | up | 2018-04-01T22:25:55.000000 |
| 7 | nova-scheduler | ansible-server | internal | enabled | up | 2018-04-01T22:25:59.000000 |
| 8 | nova-compute | compute | nova | enabled | up | 2018-04-01T22:25:34.000000 |
| 9 | nova-consoleauth | ansible-server | internal | enabled | up | 2018-04-01T22:25:57.000000 |
+----+------------------+----------------+----------+---------+-------+----------------------------+
2.列出身份服务中的API端点以验证与身份服务的连接:
[root@controller ~]
# openstack catalog list
| Name | Type
| Endpoints |
| placement | placement
| RegionOne |
| |
| internal: http://controller:8778 |
| |
| RegionOne |
| |
| public: http://controller:8778 |
| |
| RegionOne |
| |
| admin: http://controller:8778 |
| |
| |
| keystone | identity
| RegionOne |
| |
| public: http://controller:5000/v3/ |
| |
| RegionOne |
| |
| admin: http://controller:35357/v3/ |
| |
| RegionOne |
| |
| internal: http://controller:5000/v3/ |
| |
| |
| glance | image
| RegionOne |
| |
| public: http://controller:9292 |
| |
| RegionOne |
| |
| admin: http://controller:9292 |
| |
| RegionOne |
| |
| internal: http://controller:9292 |
| |
| |
| nova | compute
| RegionOne |
| |
| admin: http://controller:8774/v2.1 |
| |
| RegionOne |
| |
| public: http://controller:8774/v2.1 |
| |
| RegionOne |
| |
| internal: http://controller:8774/v2.1 |
| |
| |
3.列出镜像
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 916faa2b-e292-46e0-bfe4-0f535069a1a0 | cirros | active |
+--------------------------------------+--------+--------+
4.检查cells和placement API是否正常
[root@controller ~]
# nova-status upgrade check
/usr/lib/python2.
7/site-packages/oslo_db/sqlalchemy/enginefacade.
py:332:
NotSupportedWarning:Configuration option(s) [
'use_tpool']
notsupported
Option
"os_region_name"from group
"placement"is deprecated. Use option
"region-name"from group
"placement".
| Upgrade Check Results |
| Check: Cells v2 |
| Result: Success |
| Details: None |
| Check: Placement API |
| Result: Success |
| Details: None |
| Check: Resource Providers |
| Result: Success |
| Details: None |
nova知识点https://docs.openstack.org/nova/queens/admin/index.html
安装和配置controller节点neutron网络配置
1.创建nuetron数据库和授权
mysql -uroot -p000000 MariaDB [(none)]> show databases;
MariaDB [(none)]> create database neutron;//创建数据库
//给数据库赋权
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';
2.创建服务
[root@controller ~]#source admin-openrc.sh
[root@controller ~]#openstack user create --domain default --password-prompt neutron
添加admin角色为neutron用户
[root@controller ~]# openstack role add --project service --user neutron admin
创建neutron服务
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
3.创建网络服务端点
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
配置网络部分(controller节点)
1.安装组件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
2.配置服务组件,编辑 /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[DEFAULT]
auth_strategy = keystone core_plugin = ml2 service_plugins = router //服务的插件 我们用的为路由, transport_url = rabbit://openstack:000000@controller notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 000000
[nova]
auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置网络二层插件
编辑/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
vers = flat,vlan,vxlan tenant_network_types =vxlan mechanism_drivers = linuxbridge extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true vni_ranges = 1 :1000
配置Linux网桥
编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = true local_ip = 10.32.30.244 //用ip a 查出的eht1的ip l2_population = true
[securitygroup]
enable_security_group = true firewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑 /etc/neutron/l3_agent.ini
[root@controller ~]# vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
配置DHCP服务
编辑 /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
配置metadata
编辑 /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000
配置计算服务使用网络服务
编辑/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000
完成安装
1.创建服务软连接nuetron
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2.同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
正确!
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
OK
3.重启compute API服务
[root@controller ~]# systemctl restart openstack-nova-api.service
4.配置网络服务开机启动
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
//验证
[root@controller ~]# systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service |grep Active
5个全启动,正确!
配置compute节点网络服务
1.安装组件
[root@controller ~]# yum install openstack-neutron-linuxbridge ebtables ipset
2.配置公共组件
编辑/etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone transport_url = rabbit://openstack:000000@controller
[keystone_authtoken]
auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 000000
[oslo_concurrency] lock_path = /var/lib/neutron/tmp
配置网络
1.配置Linux网桥,编辑 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:eth1 //物理接口
[vxlan] enable_vxlan = true local_ip = 10.32.30.251 // 本机ip l2_population = true
[securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置计算节点网络服务
编辑/etc/nova/nova.conf
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 000000
验证:
[root@controller ~]# source admin-openrc.sh //生效环境变量
[root@controller ~]#
[root@controller ~]# openstack network agent list
在controller 输入 要有5个服务
正确!
在controller节点安装Horizon服务
1.安装软件包
[root@controller ~]# yum install openstack-dashboard -y
编辑/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
ALLOWED_HOSTS = ['*','two.example.com']
:/ CACHES 在CACHES下添加、配置memcache会话存储
SESSION_ENGINE =
'django.contrib.sessions.backends.cache'添加:
CACHES = {
'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211',}
}
开启身份认证API 版本v3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
开启domains版本支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3, "image": 2, "volume": 2,}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
上课没有这个操作
编辑
vi /etc/httpd/conf.d/openstack-dashboard.conf
添加:
WSGIApplicationGroup %{GLOBAL}
2.完成安装,重启web服务和会话存储
[root@controller ~]# systemctl restart httpd.service memcached.service
/ / 如果报 job。。。。。启动不成功,请检查配置文件。
在浏览器输入http://10.32.24.244/dashboard.,访问openstack的web页面
default admin 000000