本系列文章包含从OpenStack离线源制作到完成OpenStack安装的全部过程。
在本系列教程中使用的OpenStack的安装版本为第20个版本Train(简称T版本),2020年5月13日,OpenStack社区发布了第21个版本Ussuri(简称U版本)。
OpenStack部署系列文章
OpenStack Victoria版 安装部署系列教程
OpenStack Ussuri版 离线安装部署系列教程(全)
OpenStack Train版 离线安装部署系列教程(全)
欢迎留言沟通,共同进步。
控制节点Horizon服务组件安装
官方参考:
OpenStack官方安装指南:服务组件
horizon-install
horizon-install-rdo
horizon-verify-rdo
博客:
CentOS7安装OpenStack(Rocky版)-07.安装horizon服务组件(控制节点dashboard)
OpenStack Train版-10.安装horizon服务(计算节点)
OpenStack Train版-安装部署教程
OpenStack Train版-11.安装horizon服务(计算节点)
一、服务说明
OpenStack仪表板Dashboard服务的项目名称是Horizon,它所需的唯一服务是身份服务keystone,开发语言是python的web框架Django。
从Stein版本开始,Horizon支持以下服务:
- cinder:块状存储
- glance:镜像管理
- neutron:网络
- nova:计算
- swift:对象存储
如果已配置好服务keystone的endpoint,那么Horizon将对其进行检测并自动启用其支持。
Horizon还通过插件支持更多其他OpenStack服务。
Django 2.0和2.2支持在Train版本中处于试验阶段
Ussuri发行版(Train发行版之后的下一个发行版)将使用Django 2.2作为主要的Django版本。Django 2.0支持将被删除。
注:
①可以选择在计算节点(compute01)上安装仪表板服务horizon。由于horizon运行需要apache,为了不影响控制节点上的keystone等其他服务使用的apache,亦可在计算节点上安装。
②安装之前确认以前安装的服务是否正常启动。
③本系列教程是在控制节点安装。
二、安装与配置dashboard相关软件
yum install openstack-dashboard -y
三、配置文件修改
1.local_settings
/etc/openstack-dashboard/local_settings
检查确认有以下配置
方法一
在实际的部署过程中采用的是方法三,方法一中的网络相关配置需要结合实际情况进行配置True与False。
vim /etc/openstack-dashboard/local_settings
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_fip_topology_check': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
}
TIME_ZONE = "Asia/Shanghai"
方法二
# 其他方式
sed -i.bak '/^OPENSTACK_HOST/s#127.0.0.1#controller#' /etc/openstack-dashboard/local_settings
sed -i '/^OPENSTACK_KEYSTONE_DEFAULT_ROLE/s#".*"#"user"#' /etc/openstack-dashboard/local_settings
sed -i "/^ALLOWED_HOSTS/s#\[.*\]#['*']#" /etc/openstack-dashboard/local_settings
sed -i '/^#SESSION_ENGINE/s/#//' /etc/openstack-dashboard/local_settings
sed -i "/^SESSION_ENGINE/s#'.*'#'django.contrib.sessions.backends.cache'#" /etc/openstack-dashboard/local_settings
OPENSTACK_KEYSTONE_BACKEND = {
215 'name': 'native',
216 'can_edit_user': True,
217 'can_edit_group': True,
218 'can_edit_project': True,
219 'can_edit_domain': True,
220 'can_edit_role': True,
221 }
注:注意一些python语法格式。
方法三
将配置文件写好,先备份原文件,然后直接替换。
cp -a /etc/openstack-dashboard/local_settings{,.bak}
/bin/cp -rf ./local_settings /etc/openstack-dashboard/local_settings
文件内容如下
#
# -*- coding: utf-8 -*-
# ----------------------------------------------------------------------
# NOTE: The default values of the settings are defined in
# openstack_dashboard/defaults.py. Prevously most available settings
# were listed in this example file, but it is no longer true.
# For available settings, see openstack_dashboard/defaults.py and
# the horizon setting reference found at
# https://docs.openstack.org/horizon/latest/configuration/settings.html.
#
# Django related settings and HORIZON_CONFIG still exist here.
# Keep in my mind that they will be revisit in upcoming releases.
# ----------------------------------------------------------------------
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
# This setting controls whether or not compression is enabled. Disabling
# compression makes Horizon considerably slower, but makes it much easier
# to debug JS and CSS changes
#COMPRESS_ENABLED = not DEBUG
# This setting controls whether compression happens on the fly, or offline
# with `python manage.py compress`
# See https://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
# for more information
#COMPRESS_OFFLINE = not DEBUG
# If horizon is running in production (DEBUG is False), set this
# with the list of host/domain names that the application can serve.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
#ALLOWED_HOSTS = ['horizon.example.com', 'localhost']
ALLOWED_HOSTS = ['*',]
# Set SSL proxy settings:
# Pass this header from the proxy after terminating the SSL,
# and don't forget to strip it from the client's request.
# For more information see:
# https://docs.djangoproject.com/en/dev/ref/settings/#secure-proxy-ssl-header
#SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# If Horizon is being served through SSL, then uncomment the following two
# settings to better secure the cookies from security exploits
#CSRF_COOKIE_SECURE = True
#SESSION_COOKIE_SECURE = True
# If provided, a "Report Bug" link will be displayed in the site header
# which links to the value of this setting (ideally a URL containing
# information on how to report issues).
#HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com"
# Show backdrop element outside the modal, do not close the modal
# after clicking on backdrop.
#HORIZON_CONFIG["modal_backdrop"] = "static"
# Specify a regular expression to validate user passwords.
#HORIZON_CONFIG["password_validator"] = {
# "regex": '.*',
# "help_text": _("Your password does not meet the requirements."),
#}
# Turn off browser autocompletion for forms including the login form and
# the database creation workflow if so desired.
#HORIZON_CONFIG["password_autocomplete"] = "off"
# Setting this to True will disable the reveal button for password fields,
# including on the login form.
#HORIZON_CONFIG["disable_password_reveal"] = False
LOCAL_PATH = '/tmp'
# Set custom secret key:
# You can either set it to a specific value or you can let horizon generate a
# default secret key that is unique on this machine, e.i. regardless of the
# amount of Python WSGI workers (if used behind Apache+mod_wsgi): However,
# there may be situations where you would want to set this explicitly, e.g.
# when multiple dashboard instances are distributed on different machines
# (usually behind a load-balancer). Either you have to make sure that a session
# gets all requests routed to the same dashboard instance or you set the same
# SECRET_KEY for all of them.
SECRET_KEY='3345bb8247a669fe58e2'
# We recommend you use memcached for development; otherwise after every reload
# of the django development server, you will have to login again. To use
# memcached set CACHES to something like below.
# For more information, see
# https://docs.djangoproject.com/en/1.11/topics/http/sessions/.
#CACHES = {
# 'default': {
# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
# 'LOCATION': '127.0.0.1:11211',
# },
#}
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
# If you use ``tox -e runserver`` for developments,then configure
# SESSION_ENGINE to django.contrib.sessions.backends.signed_cookies
# as shown below:
#SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
# Send email to the console by default
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
# Or send them to /dev/null
#EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend'
# Configure these for your outgoing email host
#EMAIL_HOST = 'smtp.my-company.com'
#EMAIL_PORT = 25
#EMAIL_HOST_USER = 'djangomail'
#EMAIL_HOST_PASSWORD = 'top-secret!'
#OPENSTACK_HOST = "127.0.0.1"
OPENSTACK_HOST = "controller"
#unchanged
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#add new
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#add new
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
#unchanged
# The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional
# services provided by neutron. Options currently available are load
# balancer service, security groups, quotas, VPN service.
OPENSTACK_NEUTRON_NETWORK = {
'enable_auto_allocated_network': False,
'enable_distributed_router': False,
'enable_fip_topology_check': True,
'enable_ha_router': False,
'enable_ipv6': True,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_quotas': True,
'enable_rbac_policy': True,
'enable_router': True,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
# The timezone of the server. This should correspond with the timezone
# of your entire OpenStack installation, and hopefully be in UTC.
#TIME_ZONE = "UTC"
TIME_ZONE = "Asia/Shanghai"
# Change this patch to the appropriate list of tuples containing
# a key, label and static directory containing two files:
# _variables.scss and _styles.scss
#AVAILABLE_THEMES = [
# ('default', 'Default', 'themes/default'),
# ('material', 'Material', 'themes/material'),
# ('example', 'Example', 'themes/example'),
#]
LOGGING = {
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
# If apache2 mod_wsgi is used to deploy OpenStack dashboard
# timestamp is output by mod_wsgi. If WSGI framework you use does not
# output timestamp for logging, add %(asctime)s in the following
# format definitions.
'formatters': {
'console': {
'format': '%(levelname)s %(name)s %(message)s'
},
'operation': {
# The format of "%(message)s" is defined by
# OPERATION_LOG_OPTIONS['format']
'format': '%(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'DEBUG' if DEBUG else 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'console',
},
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
},
'loggers': {
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
'level': 'INFO',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneauth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'oslo_policy': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'urllib3': {
'handlers': ['null'],
'propagate': False,
},
'chardet.charsetprober': {
'handlers': ['null'],
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
}
# 'direction' should not be specified for all_tcp/udp/icmp.
# It is specified in the form.
SECURITY_GROUP_RULES = {
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
}
# Help URL can be made available for the client. To provide a help URL, edit the
# following attribute to the URL of your choice.
#HORIZON_CONFIG["help_url"] = "http://openstack.mycompany.org"
2.openstack-dashboard.conf
/etc/httpd/conf.d/openstack-dashboard.conf
如果没有则新添加
vim /etc/httpd/conf.d/openstack-dashboard.conf
#add follow
WSGIApplicationGroup %{GLOBAL}
3.重启Apache服务、会话存储服务
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service
#由于dashboard的运行机制是把网站下的所有文件删除之后再重新复制,所以重启httpd需要等待一段时间。
4.检查dashboard是否可用
浏览器直接访问:http://192.168.232.101 地址后面不需要加dashboard。
是否需要输入域default取决于,/etc/openstack-dashboard/local_settings文件中进行OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT内容配置值
域:default;用户名:admin;密码:admin。
四、Dashboard访问问题
此时,dashboard虽可以访问,且url中不需要输入dashboard,但是在进行系统的项目管理的时候打不开页面会报错。
1.重建openstack-dashboard.conf
下面将重建并修改配置openstack-dashboard.conf。
# sw 'Rebuild openstack-dashboard.conf'
cd /usr/share/openstack-dashboard
python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
cp -a /usr/share/openstack-dashboard/openstack_dashboard/defaults.py{,.bak}
cp -a /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py{,.bak}
cp -a /usr/share/openstack-dashboard/static/dashboard/js/9937cc9f2cae.js{,.bak}
# sw 'Change WEBROOT'
#vim /usr/share/openstack-dashboard/openstack_dashboard/defaults.py
#line32
#WEBROOT = '/' # from openstack_auth
sed -i "32c WEBROOT = '/dashboard' # from openstack_auth" /usr/share/openstack-dashboard/openstack_dashboard/defaults.py
#vim /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py
#line32
#WEBROOT = '/'
sed -i "32c WEBROOT = '/dashboard'" /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py
#vim /usr/share/openstack-dashboard/static/dashboard/js/9937cc9f2cae.js
#line1
#var STATIC_URL="/dashboard/static/";var WEBROOT="/";/*!
sed -i '1c var STATIC_URL="/dashboard/static/";var WEBROOT="/dashboard/";/*!' /usr/share/openstack-dashboard/static/dashboard/js/9937cc9f2cae.js
# sw 'Configuration of /etc/httpd/conf.d/openstack-dashboard.conf'
cp -a /etc/httpd/conf.d/openstack-dashboard.conf{,.bak}
#sed -in '3a WSGIApplicationGroup %{GLOBAL}' /etc/httpd/conf.d/openstack-dashboard.conf
sed -i '19c WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' /etc/httpd/conf.d/openstack-dashboard.conf
sed -i '20c WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi' /etc/httpd/conf.d/openstack-dashboard.conf
sed -i '25c Alias /dashboard/static /usr/share/openstack-dashboard/static' /etc/httpd/conf.d/openstack-dashboard.conf
2.重启Apache服务、会话存储服务
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service
source /root/admin-openrc
openstack flavor create --id 0 --vcpus 1 --ram 256 --disk 0 1U256M0G
openstack flavor create --id 1 --vcpus 1 --ram 1024 --disk 0 1U1GM0G
openstack flavor list
至此,可以访问
echo ‘http://controller:80/dashboard’
echo ‘域:default’
echo ‘用户名:admin’
echo “密码:”${ADMIN_PASS}“”
五、官方步骤安装Train版本,常见问题
1.参考链接
https://blog.csdn.net/weixin_28738845/article/details/103348658
https://www.cnblogs.com/omgasw/p/11990435.html
https://blog.51cto.com/11694088/2460460?cid=742064
https://www.cnblogs.com/omgasw/p/12016839.html
https://blog.csdn.net/weixin_42758707/article/details/100055061
2.访问/dashboard后跳转到/auth/login报404(操作下面2步可以解决dashboard访问404问题,请跳过此步骤)
解决方法:重建Apache服务的dashboard配置文件
cd /usr/share/openstack-dashboard
python manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
3…登录到dashboard将出现权限错误
解决方法如下:建立策略文件(policy.json)的软链接
ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
4.身份管理里面的项目、用户、组和角色都无法打开
日志提示:Daemon process called ‘keystone-public’ cannot be accessed by this WSGI application: /usr/bin/keystone-wsgi-public
编辑以下文件,找到WEBROOT = ‘/’ 修改为WEBROOT = ‘/dashboard’ (官方未提及坑点之一)
访问时需要添加地址栏dashboard
vim /usr/share/openstack-dashboard/openstack_dashboard/defaults.py
vim /usr/share/openstack-dashboard/openstack_dashboard/test/settings.py
vim /usr/share/openstack-dashboard/static/dashboard/js/9937cc9f2cae.js
重启Apache服务、会话存储服务
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service
检查dashboard是否可用
注意是否需要添加dashboard
浏览器直接访问:http://192.168.232.101 地址后面是否需要加dashboard。
是否需要输入域default取决于,/etc/openstack-dashboard/local_settings文件中进行OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT内容配置值
域:default;用户名:admin;密码:admin。
修改WEBROOT
737 2020/04/26-14:17:43 by root: vim /usr/share/openstack-dashboard/static/dashboard/js/9937cc9f2cae.js
738 2020/04/26-14:18:18 by root: vim /usr/share/openstack-dashboard/static/dashboard/js/64d85423c263.js
739 2020/04/26-14:18:29 by root: vim /usr/share/openstack-dashboard/static/dashboard/js/b5e88d434bd1.js
修改httpd
741 2020/04/26-14:19:45 by root: vim /etc/httpd/conf.d/openstack-dashboard.conf
# WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
# Alias /static /usr/share/openstack-dashboard/static
Alias /dashboard/static /usr/share/openstack-dashboard/static
修改local_settings
749 2020/04/26-14:26:50 by root: vim /etc/openstack-dashboard/local_settings
中的角色配置要与建立相关。
5.项目角色问题,keystone创建的时候角色名称修改为_member_
扫一扫
717
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
