官方文檔:https://docs.openstack.org/install-guide/environment-packages-rdo.html\
列出OpenStack版本並安裝s版本
# yum list centos-release-openstack*
# yum install centos-release-openstack-stein.noarch -y
安裝組件
# yum install python-openstackclient
# yum install openstack-selinux
設置Identity service
mysql端:
安裝mysql
# yum install mariadb mariadb-server python2-PyMySQL
添加OpenStack配置文件
#vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
# systemctl start mariadb
# systemctl enable mariadb
安全初始化並登錄測試
# mysql_secure_installation
設置消息隊列
官方文檔:https://docs.openstack.org/install-guide/environment-messaging-rdo.html
安裝軟件並設置開機啟動
# yum install rabbitmq-server
# rabbitmqctl start_app #啟動模塊
# rabbitmq-plugins enable rabbitmq_management
# rabbitmqctl stop
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
創建用戶和權限
# rabbitmqctl add_user openstack openstack123
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安裝memcached
# yum install memcached python-memcached
配置
# vim /etc/sysconfig/memcached
PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE=1024"
OPTIONS="-l 0.0.0.0,::1"
啟動服務
# systemctl enable memcached.service
# systemctl start memcached.service
登錄數據庫並創建數據庫並創建授權用戶
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
Query OK, 0 rows affected (0.002 sec)
客戶端測試
101端:
# yum install openstack-keystone httpd mod_wsgi
配置keystone
# vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone123@openstack-vip.magedu.net/keystone
[token]
provider = fernet
使用hosts文件解析域名
初始化Fernet密鑰存儲庫
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置httpd
# vim /etc/httpd/conf/httpd.conf
ServerName 192.168.7.101:80
配置軟鏈接,為了啟動wsgi
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
啟動服務
systemctl start httpd
systemctl enable httpd
初始數據庫
# su -s /bin/sh -c "keystone-manage db_sync" keystone
驗證:到mysql數據庫端查看keystone庫是否生成默認表
配置token口令
生成口令復制到token中
# openssl rand -hex 10
# vim /etc/keystone/keystone.conf
admin_token = 270a1dc2bf80499abc90
# su -s /bin/sh -c "keystone-manage db_sync" keystone #從新初始化數據庫
創建域、用戶、項目和角色
聲明環境變量(新建一個選項窗口進行,所有命令需在聲明變量下進行)
export OS_TOKEN=270a1dc2bf80499abc90 #koten口令
export OS_URL=http://192.168.7.101:5000/v3
export OS_IDENTITY_API_VERSION=3
創建域
[root@controller1 ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | 90940c9d92d3491baab937c57e2d437b |
| name | default |
| tags | [] |
+-------------+----------------------------------+
創建admin項目
[root@controller1 ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | df9d5122c2ea48a98a24e07c5580cd56 |
| is_domain | False |
| name | admin |
| parent_id | 90940c9d92d3491baab937c57e2d437b |
| tags | [] |
+-------------+----------------------------------+
創建admin項目密碼
[root@controller1 ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | 5f87e3432cfa4ac19458072421176272 |
| name | admin |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
創建admin角色並查看角色
[root@controller1 ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | a7aa14e542a54fa59ea26d21b0380590 |
| name | admin |
+-----------+----------------------------------+
[root@controller1 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| a7aa14e542a54fa59ea26d21b0380590 | admin |
+----------------------------------+-------+
授權admin
# openstack role add --project admin --user admin admin
創建demo項目並設置密碼
[root@controller1 ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | f07be594e62b411ba6847fe45111f371 |
| is_domain | False |
| name | demo |
| parent_id | 90940c9d92d3491baab937c57e2d437b |
| tags | [] |
+-------------+----------------------------------+
[root@controller1 ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | 686251271a91415d896d1fd835e16972 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
創建角色user
[root@controller1 ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 4e7a2691e97d4dc4a582d7b4bbbc21f9 |
| name | user |
+-----------+----------------------------------+
將demo用戶加入到demo項目中
賦予user權限
# openstack role add --project demo --user demo user
創建用於測試service項目
[root@controller1 ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | 90940c9d92d3491baab937c57e2d437b |
| enabled | True |
| id | f441060f5280442784a6bbfdc9cc0ea6 |
| is_domain | False |
| name | service |
| parent_id | 90940c9d92d3491baab937c57e2d437b |
| tags | [] |
+-------------+----------------------------------+
服務注冊
將keystone注冊到OpenStack
創建用於訪問OpenStack
[root@controller1 ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | b2b8bf611df743c0b40dea4714ab3871 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
You have new mail in /var/spool/mail/root
[root@controller1 ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| b2b8bf611df743c0b40dea4714ab3871 | keystone | identity |
+----------------------------------+----------+----------+
注冊公共端、私人端、
# openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3
# openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3
# openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3
# openstack endpoint list
具體如下:
[root@controller1 ~]# openstack endpoint create --region RegionOne identity public http://openstack-vip.magedu.net:5000/v3
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 136eea1f0023475ebf4d5aa1e909dc95 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b2b8bf611df743c0b40dea4714ab3871 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-vip.magedu.net:5000/v3 |
+--------------+-----------------------------------------+
You have new mail in /var/spool/mail/root
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne identity admin http://openstack-vip.magedu.net:5000/v3
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 9f72039555c74f7190350f7773f0f4af |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b2b8bf611df743c0b40dea4714ab3871 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-vip.magedu.net:35357/v3 |
+--------------+------------------------------------------+
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne identity internal http://openstack-vip.magedu.net:5000/v3
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | a1be963cf0a74c5ebaac092b0587e6ca |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b2b8bf611df743c0b40dea4714ab3871 |
| service_name | keystone |
| service_type | identity |
| url | http://openstack-vip.magedu.net:5000/v3 |
+--------------+-----------------------------------------+
[root@controller1 ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| 136eea1f0023475ebf4d5aa1e909dc95 | RegionOne | keystone | identity | True | public | http://openstack-vip.magedu.net:5000/v3 |
| 9f72039555c74f7190350f7773f0f4af | RegionOne | keystone | identity | True | admin | http://openstack-vip.magedu.net:35357/v3 |
| a1be963cf0a74c5ebaac092b0587e6ca | RegionOne | keystone | identity | True | internal | http://openstack-vip.magedu.net:5000/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
刪除認證
# openstack endpoiont delete 136eea1f0023475ebf4d5aa1e909dc95
# openstack endpoiont delete 9f72039555c74f7190350f7773f0f4af
# openstack endpoiont delete a1be963cf0a74c5ebaac092b0587e6ca
新開窗口測試用戶認證
# export OS_IDENTITY_API_VERSION=3
第一種方法測試:
# openstack --os-auth-url http://openstack-vip.magedu.net:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
第二種方式測試:
# admin腳本
# vim admin-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
#demo腳本
# vim demo-stein.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://openstack-vip.magedu.net:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
新開窗口測試驗證用戶
[root@controller1 ~]# source scripts/admin-stein.sh
[root@controller1 ~]# echo $OS_AUTH_URL
http://openstack-vip.magedu.net:5000/v3
[root@controller1 ~]# openstack token issue
出結果即為keystone完成
設置Image service
官方文檔:https://docs.openstack.org/glance/stein/install/
105端:
創建數據庫和創建授權用戶
MariaDB [keystone]> create database glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [keystone]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
Query OK, 0 rows affected (0.000 sec)
101端
安裝軟件
# yum install openstack-glance
創建glance角色並設置密碼
[root@controller1 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | fd996aaccc8941d39e3febe5fcfe9725 |
| enabled | True |
| id | ad62639928ac420c8ee4acf4262e3ea3 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
授權admin角色權限給glance
# openstack role add --project service --user glance admin
創建glance服務實體並查詢
[root@controller1 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 4f4d877fa9e14e12b5423279ffbf267f |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@controller1 ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| 4f4d877fa9e14e12b5423279ffbf267f | glance | image |
| d5faa46d421f46c4b2d37607ee546d5d | keystone | identity |
+----------------------------------+----------+----------+
注冊API信息
# openstack endpoint create --region RegionOne \
image public http://openstack-vip.magedu.net:9292
# openstack endpoint create --region RegionOne \
image internal http://openstack-vip.magedu.net:9292
# openstack endpoint create --region RegionOne \
image admin http://openstack-vip.magedu.net:9292
# openstack endpoint list #列出表注冊信息
[root@controller1 ~]# openstack endpoint create --region RegionOne \
> image public http://openstack-vip.magedu.net:9292
image admin http://openstack-vip.magedu.net:9292+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 19d347745ac94396b6baa6348e80ddc5 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f4d877fa9e14e12b5423279ffbf267f |
| service_name | glance |
| service_type | image |
| url | http://openstack-vip.magedu.net:9292 |
+--------------+--------------------------------------+
You have new mail in /var/spool/mail/root
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne \
> image internal http://openstack-vip.magedu.net:9292
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 199dbcce917849baa7e4d2b93f934da0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f4d877fa9e14e12b5423279ffbf267f |
| service_name | glance |
| service_type | image |
| url | http://openstack-vip.magedu.net:9292 |
+--------------+--------------------------------------+
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne \
> image admin http://openstack-vip.magedu.net:9292
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | a19f9a3712624d038fcaf6afe69d76e3 |
| interface | admin |mkd
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4f4d877fa9e14e12b5423279ffbf267f |
| service_name | glance |
| service_type | image |
| url | http://openstack-vip.magedu.net:9292 |
+--------------+--------------------------------------+
配置共享文件
105端:
yum install nfs-utils -y
# mkdir /data/openstack/image -p
# cat /etc/exports
/data/openstack/image *(rw,no_root_squash)
設置開機啟動並啟動服務
systemctl start nfs
systemctl enable nfs
101端
mkdir /var/lib/glance/images/
mount -t nfs 192.168.7.105:/data/openstack/images/ /var/lib/glance/images/
# vim /etc/fstab
192.168.7.105:/data/openstack/image/ /var/lib/glance/images/ nfs defaults,_netdev 0 0
配置hapoxy
listen mysql
bind 192.168.7.101:3306
mode tcp
server mysql1 192.168.7.105:3306 check inter 3s fall 3 rise 5
listen memcached
bind 192.168.7.101:11211
mode tcp
server mysql2 192.168.7.105:11211 check inter 3s fall 3 rise 5
listen rabbitmq
bind 192.168.7.101:5672
mode tcp
server mysql2 192.168.7.105:5672 check inter 3s fall 3 rise 5
#驗證
# ss ntl
配置文件
#兩個配置文件進行同樣配置
# vim /etc/glance/glance-api.conf
# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:glance123@openstack-vip.magedu.net/glance
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.magedu.net:5000
auth_url = http://openstack-vip.magedu.net:5000
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
# vim /etc/glance/glance-api.conf 額外添加
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
初始化數據庫
# su -s /bin/sh -c "glance-manage db_sync" glance
顯示輸出如下即為成功
Database is synced successfully.
開啟服務
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
掛載nfs
# yum install nfs-utils -y
# systemctl stop openstack-glance-api.service openstack-glance-registry.service
# mount -t nfs 192.168.7.105:/data/openstack/image/ /var/lib/glance/images/
# systemctl start openstack-glance-api.service openstack-glance-registry.service
# vim /etc/fstab
192.168.7.105:/data/openstack/image/ /var/lib/glance/images/ nfs defaults,_netdev 0 0
修改權限
101端
# chown -R glance.glance /var/lib/glance/images/
[root@controller1 ~]# id glance
uid=161(glance) gid=161(glance) groups=161(glance)
105端
[root@mysql ~]# ll -d /data/openstack/image/
drwxr-xr-x. 2 161 161 6 Aug 22 19:58 /data/openstack/image/
兩端id相同既不用修改
驗證:
官方文檔:https://docs.openstack.org/glance/stein/install/verify.html
下載官方鏡像
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
新開窗口驗證
# # source script/admin-stein.sh
# openstack image create "cirros" \
--file /root/cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
成功后查看
# glance image-list
# openstack image list
配置Placement service
官方文檔:https://docs.openstack.org/placement/stein/install/install-rdo.html
105端
創建數據庫和創建授權用戶
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';
Query OK, 0 rows affected (0.054 sec)
101端
創建admin項目用戶並授權
# openstack user create --domain default --password-prompt placement
# openstack role add --project service --user placement admin
創建實體
openstack service create --name placement --description "Placement API" placement
注冊API
# openstack endpoint create --region RegionOne placement public http://openstack-vip.magedu.net:8778
# openstack endpoint create --region RegionOne placement internal http://openstack-vip.magedu.net:8778
# openstack endpoint create --region RegionOne placement admin http://openstack-vip.magedu.net:8778
# openstack endpoint list
[root@controller1 ~]# openstack endpoint create --region RegionOne placement public http://openstack-vip.magedu.net:8778
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 014e2bf9cd3b4c46bc17e7308eeff054 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 219405a9cd07447ca83f93f2a92fdf84 |
| service_name | placement |
| service_type | placement |
| url | http://openstack-vip.magedu.net:8778 |
+--------------+--------------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne placement internal http://openstack-vip.magedu.net:8778
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 83a8258a58eb4b17a297a1a0f303325a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 219405a9cd07447ca83f93f2a92fdf84 |
| service_name | placement |
| service_type | placement |
| url | http://openstack-vip.magedu.net:8778 |
+--------------+--------------------------------------+
[root@controller1 ~]#
[root@controller1 ~]# openstack endpoint create --region RegionOne placement admin http://openstack-vip.magedu.net:8778
+--------------+--------------------------------------+
| Field | Value |
+--------------+--------------------------------------+
| enabled | True |
| id | 6130511da6ea4c2a87070a26606e9640 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 219405a9cd07447ca83f93f2a92fdf84 |
| service_name | placement |
| service_type | placement |
| url | http://openstack-vip.magedu.net:8778 |
+--------------+--------------------------------------+
配置placement
安裝軟件
# yum install openstack-placement-api
配置配置文件:
# vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:placement123@openstack-vip.magedu.net/placement
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
:
初始化數據庫
# su -s /bin/sh -c "placement-manage db sync" placement
重啟httpd
因為placement在http有個配置文件
[root@controller1 ~]# rpm -ql openstack-placement-api
/etc/httpd/conf.d/00-placement-api.conf
# systemctl restart httpd
查看端口8878即為成功
驗證
[root@controller1 ~]# source script/admin-stein.sh
[root@controller1 ~]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
配置Compute service
官方文檔:https://docs.openstack.org/nova/rocky/install/controller-install-rdo.html
105端
創建數據庫
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
授權並創建訪問nova用戶
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
101管理端
創建角色並加入admin角色權限
# openstack user create --domain default --password-prompt nova
# openstack role add --project service --user nova admin
創建nova實體
# openstack service create --name nova --description "OpenStack Compute" compute
注冊API
# openstack endpoint create --region RegionOne compute public http://openstack-vip.magedu.net:8774/v2.1
# openstack endpoint create --region RegionOne compute internal http://openstack-vip.magedu.net:8774/v2.1
# openstack endpoint create --region RegionOne compute admin http://openstack-vip.magedu.net:8774/v2.1
[root@controller1 ~]# openstack endpoint create --region RegionOne compute public http://openstack-vip.magedu.net:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | dd4c8b762acb41cca7000f38304b7e5d |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f892543734740d9b4a9a10ec544e643 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-vip.magedu.net:8774/v2.1 |
+--------------+-------------------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne compute internal http://openstack-vip.magedu.net:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | f69e4b3081ad4f64b6a25f3e8dbfbe19 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f892543734740d9b4a9a10ec544e643 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-vip.magedu.net:8774/v2.1 |
+--------------+-------------------------------------------+
[root@controller1 ~]# openstack endpoint create --region RegionOne compute admin http://openstack-vip.magedu.net:8774/v2.1
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e1552d52bc1e44f2b9fecd2ea8abe250 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9f892543734740d9b4a9a10ec544e643 |
| service_name | nova |
| service_type | compute |
| url | http://openstack-vip.magedu.net:8774/v2.1 |
+--------------+-------------------------------------------+
安裝軟件
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler #openstack-nova-scheduler這個軟件s版中沒有,但是需要添加
配置文件
# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
my_ip = 192.168.7.101
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy=keystone
[api_database]
connection = mysql+pymysql://nova:nova123@openstack-vip.magedu.net/nova_api
[database]
connection = mysql+pymysql://nova:nova123@openstack-vip.magedu.net/nova
[glance]
api_servers = http://openstack-vip.magedu.net:9292
[keystone_authtoken]
auth_url = http://openstack-vip.magedu.net:5000/v3
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-vip.magedu.net:5000/v3
username = placement
password = placement
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
初始化數據庫
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650 #隨機生成一竄數據串
# su -s /bin/sh -c "nova-manage db sync" nova
# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+
| Name | UUID |
+-------+--------------------------------------+
| cell1 | 109e1d4b-536a-40d0-83c6-5f121b82b650 |
| cell0 | 00000000-0000-0000-0000-000000000000 |
+-------+--------------------------------------+
啟動服務
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
驗證
[root@controller1 ~]# source script/admin-stein.sh
[root@controller1 ~]# openstack host list
+------------------------+-------------+----------+
| Host Name | Service | Zone |
+------------------------+-------------+----------+
| controller1.magedu.net | consoleauth | internal |
| controller1.magedu.net | conductor | internal |
| controller1.magedu.net | scheduler | internal |
+------------------------+-------------+----------+
103端:
安裝軟件
# yum install openstack-nova-compute
添加hosts文件
vim /etc/hosts
192.168.7.101 openstack-vip.magedu.net
配置文件
[root@node3 ~]# grep -v "^#" /etc/nova/nova.conf | grep -v "^$"
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[glance]
api_servers = http://openstack-vip.magedu.net:9292
[keystone_authtoken]
auth_url = http://openstack-vip.magedu.net:5000/v3
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://openstack-vip.magedu.net:5000/v3
username = placement
password = placement
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.7.103
novncproxy_base_url = http://openstack-vip.magedu.net:6080/vnc_auto.html
啟動服務
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
加裝httpd補丁
# vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
# systemctl restart httpd
驗證nova服務
# source script/admin-stein.sh 聲明環境變量
# openstack compute service list 列出compute列表
# openstack catalog list
# openstack image list
# nova-status upgrade check
都有列表即為nova安裝成功
# [root@controller1 ~]# openstack compute service list
+----+------------------+------------------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller1.magedu.net | internal | enabled | up | 2019-08-25T02:20:30.000000 |
| 2 | nova-conductor | controller1.magedu.net | internal | enabled | up | 2019-08-25T02:20:30.000000 |
| 3 | nova-scheduler | controller1.magedu.net | internal | enabled | up | 2019-08-25T02:20:31.000000 |
| 8 | nova-compute | node3 | nova | enabled | up | 2019-08-25T02:20:34.000000 |
+----+------------------+------------------------+----------+---------+-------+----------------------------+
[root@controller1 ~]# openstack catalog list
+-----------+-----------+-------------------------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-------------------------------------------------------+
| placement | placement | RegionOne |
| | | public: http://openstack-vip.magedu.net:8778 |
| | | RegionOne |
[root@controller1 ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| e981dafb-03b2-4ed7-a786-22830f2621b1 | cirros | active |
+--------------------------------------+--------+--------+
[root@controller1 ~]# nova-status upgrade check
+------------------------------------------------------------------+
| Upgrade Check Results |
+------------------------------------------------------------------+
| Check: Cells v2 |
| Result: Failure |
| Details: No host mappings found but there are compute nodes. Run |
| command 'nova-manage cell_v2 simple_cell_setup' and then |
| retry. |
+------------------------------------------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
登錄rebbitmq的web界面也看查看下
配置Networking service
105端
創建數據庫和創建授權訪問用戶
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123';
Query OK, 0 rows affected (0.001 sec)
101端
創建用戶和加入admin角色權限
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
創建實體
openstack service create --name neutron \
--description "OpenStack Networking" network
注冊API
openstack endpoint create --region RegionOne network public http://openstack-vip.magedu.net:9696
openstack endpoint create --region RegionOne network internal http://openstack-vip.magedu.net:9696
openstack endpoint create --region RegionOne network admin http://openstack-vip.magedu.net:9696
配置
網絡配置中有兩種網絡選擇;我們選擇橋接網絡配置
安裝軟件:
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
配置配置文件
配置/etc/neutron/neutron.conf
# /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:neutron123@openstack-vip.magedu.net/neutron
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.magedu.net:5000
auth_url = http://openstack-vip.magedu.net:5000
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[nova] #如果沒有這個參數,就在后面添加即可
auth_url = http://openstack-vip.magedu.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
配置/etc/neutron/plugins/ml2/ml2_conf.ini
# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
配置 /etc/neutron/plugins/ml2/linuxbridge_agent.ini
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = external:eth0 宿主機網卡
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
You have new mail in /var/spool/mail/root
在返回network主頁配置neutron配置
# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = openstack-vip.magedu.net
metadata_proxy_shared_secret = 20190823
配置nova
# vim /etc/nova/nova.conf
[neutron]
url = http://openstack-vip.magedu.net:9696
auth_url = http://openstack-vip.magedu.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
建立軟鏈接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
初始化數據庫
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重啟nova服務
systemctl restart openstack-nova-api.service
重啟主網絡服務
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.servi
重啟從服務
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
每一步啟動服務都需要查看日志,看是否有報錯信息,沒有才是成功
tail -f /var/log/neutron/*.log
計算節點103端
官方配置文檔:https://docs.openstack.org/neutron/stein/install/compute-install-rdo.html
安裝軟件
yum install openstack-neutron-linuxbridge ebtables ipset
配置橋接網絡服務配置文件
# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = external:eth0 #宿主機物理網卡和類型
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
在內核配置文件增加
# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables
net.bridge.bridge-nf-call-ip6tables 服務沒啟動,會報錯,啟動服務在啟動即可
[root@node3 ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
配置配置文件
# vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack123@openstack-vip.magedu.net
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack-vip.magedu.net:5000
auth_url = http://openstack-vip.magedu.net:5000
memcached_servers = openstack-vip.magedu.net:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
# vim /etc/nova/nova.conf
[neutron]
url = http://openstack-vip.magedu.net:9696
auth_url = http://openstack-vip.magedu.net:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
重啟服務
# systemctl restart openstack-nova-compute.service
重啟網絡服務
# systemctl enable neutron-linuxbridge-agent.service
# systemctl restart neutron-linuxbridge-agent.service
驗證
# openstack extension list --network
# openstack network agent list
[root@controller1 ~]# openstack network agent list #四個服務起來即可
+--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
| 4017d2c0-273e-4742-89da-95166a267df6 | DHCP agent | controller1.magedu.net | nova | :-) | UP | neutron-dhcp-agent |
| 721a2248-c4bb-480d-ae21-de7e6d86f49b | Metadata agent | controller1.magedu.net | None | :-) | UP | neutron-metadata-agent |
| 73be4bb7-6912-4aa2-bf54-38a538b77739 | Linux bridge agent | node3 | None | :-) | UP | neutron-linuxbridge-agent |
| ab2a2efc-354e-4e61-925c-7b95599f1223 | Linux bridge agent | controller1.magedu.net | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------------------+-------------------+-------+-------+---------------------------+
成功后
命令行創建實例
創建網絡
openstack network create --share --external \
--provider-physical-network external \
--provider-network-type flat external-net
#--share選項允許所有項目使用虛擬網絡
#--external選項將虛擬網絡定義為外部。如果您希望創建內部網絡,則可以使用--internal。默認值是internal。
物理上的網絡使用從以下文件的信息在主機上的接口:--provider-physical-network provider--provider-network-type flateth1
在網絡上創建子網
openstack subnet create --network external-net \
--allocation-pool start=192.168.6.201,end=192.168.6.254 \
--dns-nameserver 172.16.0.1 --gateway 192.168.7.2 \
--subnet-range 192.168.0.0/21 sub1
創建實例
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
$ openstack flavor list
$ ssh-keygen -q -N ""
$ openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
$ openstack keypair list
添加安全規則
openstack security group rule create --proto icmp default #ping訪問
openstack security group rule create --proto tcp --dst-port 22 default #ssh訪問
啟動一個實例
$ openstack image list
$ openstack network list
$ openstack security group list
[root@controller1 ~]# openstack server create --flavor 2C-2G-20G --image cirros \
> --nic net-id=c1080890-b677-4b22-b4b7-a4ac1af313ee --security-group default \
> --key-name mykey centos3-vm1
+-----------------------------+-----------------------------------------------+
| Field | Value |
+-----------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | NOSTATE |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | None |
| OS-SRV-USG:terminated_at | None |
| accessIPv4 | |
| accessIPv6 | |
| addresses | |
| adminPass | n3e8KP59gWLw |
| config_drive | |
| created | 2019-08-26T13:15:40Z |
| flavor | 2C-2G-20G (1) |
| hostId | |
| id | 034834c5-cb21-4642-9e06-740e985dff60 |
| image | cirros (97037bf7-40af-4712-9568-37fa0072c74c) |
| key_name | mykey |
| name | centos3-vm1 |
| progress | 0 |
| project_id | 52a52cc7f015405fa0d546d38769f62a |
| properties | |
| security_groups | name='4f502635-a31e-4813-87b0-55572e251e16' |
| status | BUILD |
| updated | 2019-08-26T13:15:40Z |
| user_id | 574cbbfecff641f5bddf26c17d333993 |
| volumes_attached | |
+-----------------------------+-----------------------------------------------+
查看創建的實例服務器:
openstack server list
臨時vnc遠程
[root@controller1 ~]# openstack console url show centos3-vm1
+-------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+-------+---------------------------------------------------------------------------------------------------------+
| type | novnc |
| url | http://openstack-vip.magedu.net:6080/vnc_auto.html?path=%3Ftoken%3Df13a3041-ca05-414d-9be2-4b05dc6b9b9e |
+-------+---------------------------------------------------------------------------------------------------------+
配置web界面訪問OpenStack服
部署dashboard服務開啟web界面
安裝軟件
# yum install openstack-dashboard
配置文件
vim /etc/openstack-dashboard/local_settings
配置web界面以在`192.168.7.101節點上使用OpenStack服務
OPENSTACK_HOST = "192.168.7.101"
允許主機訪問信息中心:
ALLOWED_HOSTS = ['*',]
配置memcached會話存儲服務
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
啟用Identity API的v3版本
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
啟用域
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
配置Default為通過儀表板創建的用戶的默認域
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
配置user為通過儀表板創建的用戶的默認角色:
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
如果選擇網絡選項1,請禁用對第3層網絡服務的支持:
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
配置時區
TIME_ZONE = "Asia/Shanghai"
vim /etc/httpd/conf.d/openstack-dashboard.conf
添加如下
WSGIApplicationGroup %{GLOBAL}
重啟服務
# systemctl restart httpd.service memcached.service #因為我的memchached在105端,所以mem在105端重啟
登錄
管理員無法在首頁查看實例,具體如下可以查看
使用demo創建實例服務去
1、創建實例
填寫詳情、分配源、實例類型、網絡
查看實例
實例詳情
操作1:硬重啟-斷電
軟重啟-正常關閉,表示使用命令重啟,即保存數據后啟動
查看緩存中的session數據
telnet 192.168.7.101 11211 訪問
stats items #列出所有keys
stats cachedump id 0 #獲得key的值,0表示全部列出
get KEY_NAME #get命令獲取指定key的值
實例
[root@controller1 ~]# telnet 192.168.7.101 11211
Trying 192.168.7.101...
Connected to 192.168.7.101.
Escape character is '^]'.
stats items #列出所有keys
STAT items:18:number 2
STAT items:18:number_hot 0
stats cachedump 18 0 #列出具體信息
ITEM tokens/aa819ac8911bb336867a0bffbc6bd96428478ffbad69564db88f2c9333bf06be [3768 b; 1566886978 s]
ITEM tokens/cfa8264731b0ebeb6ffee78c1280853a3d224c97ef7bccb86173291ccc49446a [3770 b; 1566886909 s]
get ITEM tokens/cfa8264731b0ebeb6ffee78c1280853a3d224c97ef7bccb86173291ccc49446 #獲取key值