1、前言
本文旨在記錄本人的一個實驗過程,因為其中有一些坑,方便以后回顧查詢。
其中限於篇幅(大部分是配置部分)有些內容省略掉了,官網都有,各位如果是安裝部署的話可以參考官網,不建議使用本文。
以下是ocata版本官網鏈接
https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/common/conventions.html
阿里雲相關鏈接
https://www.aliyun.com/product/ecs?source=5176.11533457&userCode=kv73ipbs&type=copy
2、環境
在centOS 7中部署Openstack,按照官網只需要控制節點和計算節點,網絡節點安裝和控制節點安裝在一起
版本:openstack-ocata
2.1、約定
/etc/hosts
# controller
192.168.2.19 controller
# compute1
192.168.2.21 compute1
# block1
192.168.2.21 block1
# object1
192.168.2.21 object1
# object2
192.168.2.21 object2
控制節點和計算節點都需要兩個網絡接口,一個作為管理網絡接口,一個作為外部網絡接口。接口配置如下:
| 節點名稱 |
網絡名稱 |
IP地址 |
子網掩碼 |
默認網關 |
| 控制節點 |
管理網絡 |
192.168.2.19 |
255.255.255.0 |
192.168.2.1 |
| 外部網絡 |
10.1.12.10 |
255.255.255.0 |
10.1.12.1 |
|
| 計算節點 |
管理網絡 |
192.168.2.21 |
255.255.255.0 |
192.168.2.1 |
| 外部網絡 |
10.1.12.11 |
255.255.255.0 |
10.1.12.1 |
2.2、關閉
永久關閉:vi /etc/selinux/config
SELINUX=disabled
臨時關閉:setenforce 0
關閉iptables
永久關閉:systemctl disable firewalld.service
systemctl disable firewalld
臨時關閉:systemctl stop firewalld.service
systemctl stop firewalld
sed -i '/SELINUX/s/enforcing/disabled/' /etc/selinux/config
2.3、時區設置
timedatectl set-timezone Asia/Shanghai
2.4、密碼表
| 密碼名稱 |
描述 |
| 數據庫密碼(不能使用變量) |
數據庫的root密碼(空) |
| ADMIN_PASS |
admin 用戶密碼(111111) |
| CINDER_DBPASS |
塊設備存儲服務的數據庫密碼 |
| CINDER_PASS |
塊設備存儲服務的 cinder 密碼 |
| DASH_DBPASS |
Database password for the Dashboard |
| DEMO_PASS |
demo 用戶的密碼 |
| GLANCE_DBPASS |
鏡像服務的數據庫密碼(glance) |
| GLANCE_PASS |
鏡像服務的 glance 用戶密碼(111111) |
| KEYSTONE_DBPASS |
認證服務的數據庫密碼(keystone) |
| METADATA_SECRET |
Secret for the metadata proxy(111111) |
| NEUTRON_DBPASS |
網絡服務的數據庫密碼(neutron) |
| NEUTRON_PASS |
網絡服務的 neutron 用戶密碼(111111) |
| NOVA_DBPASS |
計算服務的數據庫密碼(nova) |
| NOVA_PASS |
計算服務中``nova``用戶的密碼(111111) |
| PLACEMENT_PASS |
Password of the Placement service user placement(111111) |
| RABBIT_PASS |
RabbitMQ的openstack用戶密碼(rabbit) |
2.5、yum本地源
rpm.tar.gz(/var/cache/yum/$basearch/$releasever“/var/cache/yum/x86_64/7”打包)再解壓就相當於用來本地yum源,別忘了打開/etc/yum.conf中緩存。
2.6、OpenStack包
啟用OpenStack庫
yum install centos-release-openstack-ocata -y yum upgrade -y yum install python-openstackclient -y
2.7、SQL數據庫
2.7.1、安全並配置組件
yum install mariadb mariadb-server python2-PyMySQL -y cat >/etc/my.cnf.d/openstack.cnf<<eof [mysqld] bind-address = 192.168.2.19 # default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 eof systemctl enable mariadb.service systemctl start mariadb.service mysql_secure_installation
2.8、消息隊列
消息隊列運行在控制節點。
2.8.1、安全並配置組件
yum install rabbitmq-server -y systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service rabbitmqctl add_user openstack rabbit rabbitmqctl set_permissions openstack ".*" ".*" ".*"
2.9、Memcached
各類服務的身份認證機制使用Memcached緩存令牌。
緩存服務memecached通常運行在控制節點。
在生產部署中,我們推薦聯合啟用防火牆、認證和加密保證它的安全。
2.9.1、安全並配置組件
yum install memcached python-memcached -y sed -i 's#OPTIONS="-l 127.0.0.1,::1"#OPTIONS="-l 127.0.0.1,::1,controller"#g' /etc/sysconfig/memcached systemctl enable memcached.service systemctl start memcached.service
3、認證服務
3.1、安裝和配置
3.1.1、先決條件
mysql -u root -proot CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; exit
生成一個隨機值在初始的配置中作為管理員的令牌。
openssl rand -hex 10
66ef83a4b21cebde6996
3.1.2、安全並配置組件
yum install openstack-keystone httpd mod_wsgi -y vim /etc/keystone/keystone.conf su -s /bin/sh -c "keystone-manage db_sync" keystone keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone keystone-manage bootstrap --bootstrap-password 111111 \ --bootstrap-admin-url http://controller:35357/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
3.1.3、配置 Apache HTTP 服務器
echo ServerName controller >> /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
3.1.4、完成安裝
systemctl enable httpd.service systemctl restart httpd.service 快照6 export OS_USERNAME=admin export OS_PASSWORD=111111 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 .......................................................................................................... export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 慎用:不然會報錯(經測試沒問題黃線上面的就可以) export OS_TOKEN=66ef83a4b21cebde6996 export OS_USERNAME=admin export OS_PASSWORD=111111 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default ..........................................................................................................
3.2、創建域、項目、用戶和角色
openstack project create --domain default \ --description "Service Project" service openstack project create --domain default \ --description "Demo Project" demo openstack user create --domain default \ --password-prompt demo 111111 111111 openstack role create user openstack role add --project demo --user demo user sed -i 's#admin_auth_token# #g' /etc/keystone/keystone-paste.ini unset OS_AUTH_URL OS_PASSWORD -------------------------------------------------------------------- 作為 admin 用戶,請求認證令牌: openstack --os-auth-url http://controller:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue -------------------------------------------------------------------- 作為``demo`` 用戶,請求認證令牌: openstack --os-auth-url http://controller:5000/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue
3.3、創建 OpenStack 客戶端環境腳本
3.3.1、創建腳本
cat >admin-openrc<<eof export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=111111 export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 eof cat > demo-openrc<<eof export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=111111 export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 eof
3.3.2、使用腳本
. admin-openrc
openstack token issue
4、鏡像服務
mysql -uroot -proot CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance' openstack user create --domain default --password-prompt glance 111111 111111 openstack role add --project service --user glance admin openstack service create --name glance \ --description "OpenStack Image" image openstack endpoint create --region RegionOne \ image public http://controller:9292 openstack endpoint create --region RegionOne \ image internal http://controller:9292 openstack endpoint create --region RegionOne \ image admin http://controller:9292
4.1、安裝配置文件
yum install openstack-glance -y
配置文件:
/etc/glance/glance-api.conf [database] mysql+pymysql://glance:glance@controller/glance [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 111111 [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ ############################################## /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:glance@controller/glance [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 111111 [paste_deploy] flavor = keystone
寫入鏡像服務數據庫:
su -s /bin/sh -c "glance-manage db_sync" glance
完成安裝
systemctl enable openstack-glance-api.service \ openstack-glance-registry.service systemctl start openstack-glance-api.service \ openstack-glance-registry.service
4.2、驗證操作
使用 `CirrOS`對鏡像服務進行驗證,CirrOS是一個小型的Linux鏡像可以用來幫助你進行 OpenStack部署測試。
. admin-openrc yum install wget -y wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img openstack image create "cirros" \ --file cirros-0.3.5-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public
確認鏡像的上傳並驗證屬性:
openstack image list
5、計算服務
5.1、安裝並配置控制節點
5.1.1、先決條件
mysql -uroot -proot
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ IDENTIFIED BY 'nova'; exit
. admin-openrc openstack user create --domain default \ --password-prompt nova 111111 111111 openstack role add --project service --user nova admin openstack service create --name nova \ --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1
openstack user create --domain default --password-prompt placement 111111 111111 openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778
5.1.2、安全並配置組件
yum install openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler openstack-nova-placement-api -y
/etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:rabbit@controller my_ip = 192.168.2.19 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver [api_database] connection = mysql+pymysql://nova:nova@controller/nova_api [database] connection = mysql+pymysql://nova:nova@controller/nova [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = 111111 [vnc] enabled = true # ... vncserver_listen=$my_ip vncserver_proxyclient_address=$my_ip [glance] # ... api_servers=http://controller:9292 [oslo_concurrency] # ... lock_path=/var/lib/nova/tmp [placement] # ... os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:35357/v3 username = placement password = 111111
/etc/httpd/conf.d/00-nova-placement-api.conf 增加: <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory>
systemctl restart httpd.service su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova 會有如下輸出,不用管。 /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.') result = self._query(query) /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.') result = self._query(query)
nova-manage cell_v2 list_cells
5.1.3、完成安裝
systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
5.2、安裝和配置計算節點
日志為/vat/log/nova-compute.log
5.2.1、安全並配置組件
yum install openstack-nova-compute
/etc/nova/nova.conf
5.3、完成安裝
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service &
l 重要
Run the following commands on the controller node.
. admin-openrc openstack hypervisor list su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
執行后會輸出
Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting compute nodes from cell 'cell1': e46118d6-f516-4249-8e11-559f1a2602be Found 1 computes in cell: e46118d6-f516-4249-8e11-559f1a2602be Checking host mapping for compute host 'compute1': 9460baa8-d770-4841-9934-2e02df2b1ec9 Creating host mapping for compute host 'compute1': 9460baa8-d770-4841-9934-2e02df2b1ec9
/etc/nova/nova.conf -----> [scheduler] discover_hosts_in_cells_interval = 300
5.4、驗證操作
在控制節點上執行這些命令。
. admin-openrc
openstack compute service list
openstack catalog list
openstack image list
nova-status upgrade check
6、網絡服務
6.1、安裝並配置控制節點
6.1.1、先決條件
mysql -uroot -proot CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \ IDENTIFIED BY 'neutron'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ IDENTIFIED BY 'neutron'; exit
. admin-openrc openstack user create --domain default --password-prompt neutron 111111 111111 openstack role add --project service --user neutron admin 創建``neutron``服務實體: openstack service create --name neutron \ --description "OpenStack Networking" network 創建網絡服務API端點: openstack endpoint create --region RegionOne \ network public http://controller:9696 openstack endpoint create --region RegionOne \ network internal http://controller:9696 openstack endpoint create --region RegionOne \ network admin http://controller:9696
6.1.2、配置網絡選項
l 網絡選項1:提供者網絡
l 網絡選項2:自服務網絡
安裝組件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
配置服務組件
/etc/neutron/neutron.conf [database] # ... connection = mysql+pymysql://neutron:neutron@controller/neutron [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:rabbit@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] # ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 111111 [nova] # ... auth_url = http://controller:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 111111 [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
配置 Modular Layer 2 (ML2) 插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] # ... type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] # ... flat_networks = provider [ml2_type_vxlan] # ... vni_ranges = 1:1000 [securitygroup] # ... enable_ipset = true
配置Linuxbridge代理
/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:ens33 [vxlan] enable_vxlan = true local_ip = 192.168.2.19 l2_population = true [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置layer-3代理
/etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
配置DHCP代理
/etc/neutron/dhcp_agent.ini
6.1.3、配置元數據代理
/etc/neutron/metadata_agent.ini
需要設置元數據密碼:這里就是第一次設置,直接設置即可,本例為111111
6.1.4、配置計算服務來使用網絡服務
/etc/nova/nova.conf
6.1.5、完成安裝
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步數據庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron systemctl restart openstack-nova-api.service
對於兩種網絡選項(即不管是網絡1還是網絡2都要做):
systemctl enable neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service systemctl start neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
對於網絡選項2,同樣啟用layer-3服務並設置其隨系統自啟動
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
6.2、安裝和配置計算節點
6.2.1、安裝組件
yum install openstack-neutron-linuxbridge ebtables ipset -y
6.2.2、配置通用組件
Networking 通用組件的配置包括認證機制、消息隊列和插件
/etc/neutron/neutron.conf
6.2.3、配置網絡選項
選擇與您之前在控制節點上選擇的相同的網絡選項。
l 網絡選項1:提供者網絡
l 網絡選項2:自服務網絡
配置Linuxbridge代理
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
6.2.4、配置計算服務來使用網絡服務
/etc/nova/nova.conf
6.2.5、完成安裝
重啟計算服務:
systemctl restart openstack-nova-compute.service
啟動Linuxbridge代理並配置它開機自啟動:
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
6.3、驗證操作
l 注解
在控制節點上執行這些命令。
. admin-openrc
openstack extension list --network
使用網絡部分你選擇的驗證部分來進行部署,網絡選項2:自服務網絡
輸出結果應該包括控制節點上的四個代理和每個計算節點上的一個代理。
openstack network agent list
7、儀表盤
7.1、安裝和配置
這個部分將描述如何在控制節點上安裝和配置儀表板。
7.2、安全並配置組件
yum install openstack-dashboard -y
/etc/openstack-dashboard/local_settings OPENSTACK_HOST = "controller" ALLOWED_HOSTS = ['horizon.example.com', 'localhost','192.168.2.19']
7.3、完成安裝
systemctl restart httpd.service memcached.service
訪問 http://192.168.2.19/dashboard
admin 111111
排障: Openstack安裝Dashboard之后無法打開頁面 [root@controller ~]# cd /var/log/httpd/ [root@controller httpd]# less error_log [Wed Aug 15 04:55:22.431328 2018] [core:error] [pid 109774] [client 192.168.2.1:9918] Script timed out before returning headers: django.wsgi [Wed Aug 15 04:56:15.073662 2018] [core:error] [pid 109701] [client 192.168.2.1:9748] End of script output before headers: django.wsgi 修改 /etc/httpd/conf.d/openstack-dashboard.conf 文件 在WSGISocketPrefix run/wsgi下面加一行代碼: WSGIApplicationGroup %{GLOBAL} 保存退出,然后重啟httpd服務。
8、塊存儲服務
這個部分描述如何在控制節點上安裝和配置塊設備存儲服務,即 cinder。
這個服務需要至少一個額外的存儲節點,以向實例提供卷。
8.1、安裝並配置控制節點
mysql -u root -proot CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder'; exit
openstack user create --domain default --password-prompt cinder 111111 111111 openstack role add --project service --user cinder admin
注解 塊設備存儲服務要求兩個服務實體。 openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
注解
塊設備存儲服務每個服務實體都需要端點。
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
8.1.1、安全並配置組件
yum install openstack-cinder -y
/etc/cinder/cinder.conf [database] # ... connection = mysql+pymysql://cinder:cinder@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:rabbit@controller auth_strategy = keystone my_ip = 192.168.2.19 [keystone_authtoken] # ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = 111111 [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp
初始化塊設備服務的數據庫:
su -s /bin/sh -c "cinder-manage db sync" cinder
8.1.2、配置計算節點以使用塊設備存儲
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
8.1.3、完成安裝
systemctl restart openstack-nova-api.service systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
8.2、安裝並配置一個存儲節點
8.2.1、先決條件
l 注解
在存儲節點實施這些步驟。
[root@compute1 ~]# yum install lvm2 -y systemctl enable lvm2-lvmetad.service systemctl start lvm2-lvmetad.service
pvcreate /dev/sda
vgcreate cinder-volumes /dev/sda
只有實例可以訪問塊存儲卷組。但是呢,底層的操作系統(如centos)管理着與這些卷相關聯的設備。默認情況下,LVM卷掃描工具會對底層操作系統掃描``/dev`` 目錄,查找包含卷的塊存儲設備。
如果項目在他們的卷上使用了LVM,LVM卷掃描工具便會在檢測到這些塊存儲卷時嘗試緩存它們,這可能會在底層操作系統和項目卷上產生各種問題。所以您必須重新配置LVM,讓它掃描僅包含``cinder-volume``卷組的設備。編輯``/etc/lvm/lvm.conf``文件並完成下面的操作:
vim /etc/lvm/lvm.conf devices { ... filter = [ "a/sdb/", "r/.*/"] 或者如果sda也是lvm卷的話: filter = [ "a/sda/", "a/sdb/", "r/.*/"]
【PS】
centos7默認情況下是創建不了pv的(原因待查證),解決方法如下:
默認:
[root@compute1 ~]# pvcreate /dev/sdb
Device /dev/sdb excluded by a filter.
解決:
[root@compute1 ~]# dd if=/dev/urandom of=/dev/sdb bs=512 count=64 64+0 records in 64+0 records out 32768 bytes (33 kB) copied, 0.00760562 s, 4.3 MB/s [root@compute1 ~]# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created.
小擴展:http://www.voidcn.com/article/p-uxhrkuzs-bsd.html
8.1.3、安全並配置組件
yum install openstack-cinder targetcli python-keystone
vim /etc/cinder/cinder.conf [database] # ... connection = mysql+pymysql://cinder:cinder@controller/cinder [DEFAULT] # ... transport_url = rabbit://openstack:rabbit@controller auth_strategy = keystone my_ip=192.168.2.21 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] # ... auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = 111111 如果``[lvm]``部分不存在,則創建它: [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = lioadm [oslo_concurrency] # ... lock_path = /var/lib/cinder/tmp
8.1.4、完成安裝
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
8.2、驗證操作
l 注解
在控制節點上執行這些命令。
. admin-openrc
openstack volume service list
9、其他服務
9.1、裸金屬服務(ironic)
裸金屬服務是提供管理和准備物理硬件支持的組件的集合。
9.2、容器的基礎設施管理服務(magnum)
容器的基礎設施管理服務(magnum)是OpenStack API服務,它使容器編排引擎(COE),比如Docker Swarm, Kubernetes和Mesos,成為了OpenStack頭等資源。
9.3、數據庫服務(trove)
數據庫服務(trove)提供了數據庫引擎的雲部署功能。
9.4、DNS service (designate)
The DNS service (designate) provides cloud provisioning functionality for DNS Zones and Recordsets.
9.5、秘鑰管理器服務
密鑰管理服務為存儲提供了RESTful API,以及密鑰數據,比如口令、加密密鑰和X.509證書。
9.6、雲消息服務(zaqar)
雲消息服務允許開發人員共享分布式應用組件間的數據來完成不同任務,而不會丟失消息或要求每個組件總是可用。
9.7、對象存儲服務(swift)
對象存儲服務(swift)通過REST API提供對象存儲和檢索的訪問入口。
9.8、編排服務(heat)
The Orchestration service (heat) uses a Heat Orchestration Template (HOT) to create and manage cloud resources.
9.9、共享文件系統服務(manila)
共享文件系統服務(manila)提供了共享或分布式文件系統的協同訪問。
9.10、監測告警服務(aodh)
當收集到的測量或事件數據符合預定義的規則時,監測告警服務就會觸發告警。
9.11、Telemetry 數據收集服務(ceilometer)
Telemetry 數據收集服務提供如下功能:
- 高效地輪詢與 OpenStack 服務相關的計量數據。
- 通過監測通知收集來自各個服務發送的事件和計量數據。
- 將收集到的數據發布到各個目標區,包括數據存儲區和消息隊列。
10、啟動一個實例
l 警告
在創建私有項目網絡前,你必須:ref:create the provider network <launch-instance-networks-provider>。
10.1、創建Provider網絡
10.1.1、創建網絡
. admin-openrc neutron net-create --shared --provider:physical_network provider \ --provider:network_type flat provider
10.1.2、創建子網
neutron subnet-create --name provider --allocation-pool start=10.2.2.178,end=10.2.2.190 \ --disable-dhcp --gateway 10.2.2.1 provider 10.2.2.0/24
10.2、neutron.wsgi創建自服務網絡
在控制節點上,獲得 admin 憑證來獲取只有管理員能執行的命令的訪問權限:
. demo-openrc openstack network create selfservice openstack subnet create --network selfservice \ --dns-nameserver 8.8.4.4 --gateway 172.16.1.1 \ --subnet-range 172.16.1.0/24 selfservice
10.3、創建路由器
. admin-openrc . demo-openrc openstack router create router neutron router-interface-add router selfservice neutron router-gateway-set router provider
10.4、驗證操作
. admin-openrc
ip netns
neutron router-port-list router
。。。。。。
后續請移步官網https://docs.openstack.org/ocata/zh_CN/install-guide-rdo/common/conventions.html