OpenStack-rocky 安装部署(one-controller + one-compute)

旧城冷巷雨未停 提交于 2020-01-22 22:02:38
系统版本为Centos7.5
内存均分配:4G
存储:40G
CUP:1核(根据电脑实际情况分配)
准备两台电脑或虚拟机(配置两张网卡)
192.168.2.188
192.168.2.190

准备

###查看时区
date
###修改时区
timedatectl set-timezone Asia/Shanghai结果是:Mon Jul  8 17:25:28 CST 2019
###修改语言环境
查看语言
locale
查看系统拥有的语言包
locale -a
yum install kde-l10n-Chinese
vi /etc/locale.conf
##加下面内容到第一行,设置中文
LANG=zh_CN.UTF8
方法(二)(该命令会修改上面配置的值)
localectl  set-locale LANG=en_US.UTF-8
###查看网卡UUID
(修改第二块网卡的配置/etc/sysconfig/network-script/ifcfg-enp0s8)
在/etc/sysconfig/network-script/目录下复制ifcfg-enp0s3为ifcfg-enp0s8,并修改相关的配置
nmcli con show
###安装文件上传工具
yum install -y lrzsz
###关闭防火墙
###我的建议是先关闭防火墙,等配置好了,再去设置防火墙。systemctl restart network
 
systemctl stop firewalld
 
systemctl disable firewalld
 
setenforce 0
 
sed -i 's/=enforcing/=disabled/' /etc/selinux/config

###更新软件包

yum upgrade -y
###重启
reboot
###设置主机名
hostnamectl set-hostname controller
hostnamectl set-hostname compute
###添加主机映射
cat << EOF >> /etc/hosts
192.168.2.188 controller
192.168.2.190 computeEOF
设置阿里云镜像源
1.备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2. 下载阿里云的CentOS-Base.repo 到/etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3. 清理缓存
sudo yum clean all
4. 生成新的缓存
sudo yum makecache
添加Openstack yum源:
cat << EOF >> /etc/yum.repos.d/openstack.repo
[openstack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
 
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
EOF

###配置时间同步

controller节点
yum install -y chrony
编辑/etc/chrony.conf文件,修改配置为如下:
server controller iburst
allow 192.168.0.0/16
启动服务
systemctl start chronyd
systemctl enable chronyd
-----------------------------------------------------------
compute节点
yum install -y chrony
###编辑/etc/chrony.conf文件,修改配置为如下:
server controller iburst
###启动服务
systemctl start chronyd
systemctl enable chronyd

 


 
###安装OpenStack客户端和selinux服务
yum install -y python-openstackclient openstack-selinux
 

 
###安装数据库服务
在controller节点安装数据库
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
修改数据库配置文件
vim /etc/my.cnf.d/openstack.cnf
新建数据库配置文件/etc/my.cnf.d/openstack.cnf,添加以下内容:
[mysqld]
bind-address = 192.168.2.188
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
###启动数据库服务
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
###设置数据库密码
运行mysql_secure_installation命令,创建数据库root密码
[root@controller ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:   ## 此处为root用户密码,这里设为123456                                
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them.  This is intended only for testing, and to make the installation
go a bit smoother.  You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'.  This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] n
... skipping.
By default, MariaDB comes with a database named 'test' that anyone can
access.  This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
Dropping test database...
... Success!
Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done!  If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!

 



###安装消息队列服务
在controller节点安装rabbitmq-server
[root@controller ~]# yum install -y rabbitmq-server -y
###启动消息队列服务
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
###添加openstack用户
[root@controller ~]# rabbitmqctl add_user openstack 123456
Creating user "openstack" ...
###设置openstack用户最高权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
###安装memcached 服务
在controller节点上安装memcached
[root@controller ~]# yum install -y memcached
修改memcached配置文件
编辑/etc/sysconfig/memcached,修改以下内容
修改OPTIONS="-l 127.0.0.1,::1"为
OPTIONS="-l 127.0.0.1,::1,controller"
###启动memcached服务
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# systemctl enable memcached.service
 

 
###安装etcd服务
在controller节点上安装etcd服务
[root@controller ~]# yum install etcd -y
修改etcd配置文件,使其他节点能够访问
[root@controller ~]# vim /etc/etcd/etcd.conf
编辑/etc/etcd/etcd.conf,在各自的位置修改以下内容
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.2.188:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.2.188:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.2.188:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.2.188:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.2.188:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
###启动etcd服务
[root@controller ~]# systemctl start etcd
[root@controller ~]# systemctl enable etcd
 

 
安装keystone服务
创建数据库
[root@controller ~]# mysql -uroot -p123456

过程如下:

Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 9
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456'; 
Query OK, 0 rows affected (0.00 sec)

 


 

 
###安装软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
编辑配置文件/etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
provider = fernet
###同步数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
###初始化fernet key库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
###引导身份认证
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
###编辑httpd配置文件
vim /etc/httpd/conf/httpd.conf
ServerName controller
###创建文件链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
###启动httpd服务
[root@controller ~]# systemctl start httpd
[root@controller ~]# systemctl enable httpd
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.

编写环境变量脚本admin-openrc.sh

export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
###创建service项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 617e64ff415b45ef975b8faf3d5207dd |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+
###验证
[root@controller ~]# openstack user list  
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 5238d646322346be9e3f9750422bcf4d | admin |
+----------------------------------+-------+

###查看

[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2018-09-03T14:30:02+0000                                                                                                                                                                |
| id         | gAAAAABbjTdauHEUmA_PQ1deLrPsMXiITgOyGu325OkqBYxhwYK5pS5A217gFJcnt_T50T6vfVXDTPR1HJ-HM7_Dlmm5GbPBAe_4KuWygSebGPAU7_NQoZT5gH0gjtyW5aF0mw-dyqvVykcXQWeeZ_q15HOjUZ2ujn_O2GYfjFhUmhaagrUvYys |
| project_id | 1a74d2a87e734feea8577477955e0b06                                                                                                                                                        |
| user_id    | 5238d646322346be9e3f9750422bcf4d                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

 


 
###glance安装
创建数据库
[root@controller ~]# mysql -uroot -p123456
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 17
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
###创建用户、服务等
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:123456
Repeat User Password:123456
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 73e040b3ca46485dad6ce8c49bfbd8e2 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | e61eb0929ae842e48c2b1f029e67578b |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ee8719ec7a5547fbaa1ca685fca1d8e0 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e61eb0929ae842e48c2b1f029e67578b |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 27379aa551644711b2f3568a5387e003 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e61eb0929ae842e48c2b1f029e67578b |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b9f6c2bfee5f46bf8d654336094c4360 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | e61eb0929ae842e48c2b1f029e67578b |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+

 


 

 

###安装软件包
[root@controller ~]# yum install -y openstack-glance
编辑配置文件/etc/glance/glance-api.conf
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123456@controller/glance
 
[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
 
[paste_deploy]
flavor = keystone
 
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑配置文件/etc/glance/glance-registry.conf
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:123456@controller/glance
 
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
 
[paste_deploy]
flavor = keystone

 

###同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
 
###启动服务
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
 
###验证
[root@controller ~]#. admin-openrc
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field            | Value                                                                                                                                                                                      |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                                                                                                                                                           |
| container_format | bare                                                                                                                                                                                       |
| created_at       | 2018-09-03T13:49:12Z                                                                                                                                                                       |
| disk_format      | qcow2                                                                                                                                                                                      |
| file             | /v2/images/8faa9dc9-7f29-4570-ae87-9bab0d01aa63/file                                                                                                                                       |
| id               | 8faa9dc9-7f29-4570-ae87-9bab0d01aa63                                                                                                                                                       |
| min_disk         | 0                                                                                                                                                                                          |
| min_ram          | 0                                                                                                                                                                                          |
| name             | cirros                                                                                                                                                                                     |
| owner            | 1a74d2a87e734feea8577477955e0b06                                                                                                                                                           |
| properties       | os_hash_algo='sha512', os_hash_value='1b03ca1bc3fafe448b90583c12f367949f8b0e665685979d95b004e48574b953316799e23240f4f739d1b5eb4c4ca24d38fdc6f4f9d8247a2bc64db25d6bbdb2', os_hidden='False' |
| protected        | False                                                                                                                                                                                      |
| schema           | /v2/schemas/image                                                                                                                                                                          |
| size             | 13287936                                                                                                                                                                                   |
| status           | active                                                                                                                                                                                     |
| tags             |                                                                                                                                                                                            |
| updated_at       | 2018-09-03T13:49:13Z                                                                                                                                                                       |
| virtual_size     | None                                                                                                                                                                                       |
| visibility       | public                                                                                                                                                                                     |
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
 
 
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 8faa9dc9-7f29-4570-ae87-9bab0d01aa63 | cirros | active |
+--------------------------------------+--------+--------+

 


 

 

###安装nova服务
controller节点
创建数据库
[root@controller ~]# mysql -u root -p000000
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> CREATE DATABASE placement;
Grant proper access to the databases:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123456';
###创建相关用户、服务
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | ea181b4b1de3430e8646795f133ad8fe |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

 

[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute

 

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 52a1c2cd42fb45df9ab5ac0782faae4e |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4f009d7ff354428ab5dafadf0ed0095d |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 52a1c2cd42fb45df9ab5ac0782faae4e |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+

 

 
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5191feea83ba4a17b79a4a7d83f85651 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 52a1c2cd42fb45df9ab5ac0782faae4e |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2fa5622c3f134f0ba8215baab1bad899 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 52a1c2cd42fb45df9ab5ac0782faae4e |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller:8774/v2.1      |
+--------------+----------------------------------+

 

[root@controller ~]# openstack user create --domain default --password-prompt placement

 

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | ab7f16a5e08c4140b396f27f8fc75f69 |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

 

[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]#  openstack service create --name placement --description "Placement API" placement

 

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | be7f6d35fbd448c79b04d816df68e2d1 |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 443ad9ccf38c4930be407e6c755c37fd |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | be7f6d35fbd448c79b04d816df68e2d1 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 8827a5950f1a49fbb77267812daae462 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | be7f6d35fbd448c79b04d816df68e2d1 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2e5bb38b860643f1b2bf7c2cd6ff6447 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | be7f6d35fbd448c79b04d816df68e2d1 |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://controller:8778           |
+--------------+----------------------------------+
 

 
###安装软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y

 

编辑配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf

 

[DEFAULT]
enabled_apis = osapi_compute,metadata
 
[api_database]
connection = mysql+pymysql://nova:123456@controller/nova_api
 
[database]
connection = mysql+pymysql://nova:123456@controller/nova
 
[placement_database]
connection = mysql+pymysql://placement:123456@controller/placement
 
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
 
[api]
auth_strategy = keystone
 
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
 
[DEFAULT]
my_ip = 192.168.2.188
 
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
 
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
 
[glance]
api_servers = http://controller:9292
 
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
 
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123456

 

编辑/etc/httpd/conf.d/00-nova-placement-api.conf
vim /etc/httpd/conf.d/00-nova-placement-api.conf

添加以下内容

<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>

 

###重启httpd服务
[root@controller ~]# systemctl restart httpd

 

###同步nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova

 

###注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
 
###创建cell1单元
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
54e6c270-7390-4390-8702-02b72874c5a7

 

###同步nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova

 

/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)

 

###验证cell0和cell1注册成功
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
|  Name |                 UUID                 |           Transport URL            |               Database Connection               | Disabled |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 |               none:/               | mysql+pymysql://nova:****@controller/nova_cell0 |  False   |
| cell1 | 54e6c270-7390-4390-8702-02b72874c5a7 | rabbit://openstack:****@controller |    mysql+pymysql://nova:****@controller/nova    |  False   |
+-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
 

 

###启动服务
[root@controller ~]# systemctl start openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
[root@controller ~]# systemctl enable openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.

 

PS:官网没有启动nova-conductor服务,这个服务是交互数据库的,如果不启动这个服务,虚拟机创建不成功
 

 

compute节点

###安装软件包
[root@compute ~]# yum install openstack-nova-compute -y
编辑配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf

 

[DEFAULT]
enabled_apis = osapi_compute,metadata
 
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
 
[api]
auth_strategy = keystone
 
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
 
[DEFAULT]
my_ip = 192.168.2.190
 
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
 
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http:// 192.168.2.188:6080/vnc_auto.html
 
[glance]
api_servers = http://controller:9292
 
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
 
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123456

 

###检查是否支持虚拟化
# egrep -c '(vmx|svm)' /proc/cpuinfo

 

如果等于0,则要在/etc/nova/nova.conf的[libvirt]下添加以下参数
[libvirt]
virt_type = qemu

 

###启动服务
[root@compute ~] # systemctl start libvirtd.service openstack-nova-compute.service
[root@compute ~] # systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.

 


 

 

controller节点
确认数据库中有计算节点
# . admin-openrc

 

[root@controller ~]# openstack compute service list --service nova-compute

 

+----+--------------+---------+------+---------+-------+----------------------------+
| ID | Binary       | Host    | Zone | Status  | State | Updated At                 |
+----+--------------+---------+------+---------+-------+----------------------------+
|  6 | nova-compute | compute | nova | enabled | up    | 2018-09-03T14:16:10.000000 |
+----+--------------+---------+------+---------+-------+----------------------------+

 

###发现计算节点
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 54e6c270-7390-4390-8702-02b72874c5a7
Checking host mapping for compute host 'compute': 39d80423-6001-4036-a546-5287c1e93ec5
Creating host mapping for compute host 'compute': 39d80423-6001-4036-a546-5287c1e93ec5
Found 1 unmapped computes in cell: 54e6c270-7390-4390-8702-02b72874c5a7

 

如果想要自动发现新compute节点,可以在/etc/nova/nova.conf的[scheduler]下添加以下参数
[scheduler]
discover_hosts_in_cells_interval = 300

 


 

 
安装neutron服务
controller节点
创建数据库
[root@controller ~]# mysql -uroot -p123456
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';

 

###创建用户、服务
[root@controller ~]# openstack user create --domain default --password-prompt neutron

 

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | d5b2036ead024ac0b09d3cf4c1b00e7c |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
 
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network

 

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | bfad907188c74a6f99120124b36b5113 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bcd2134aab2d4202aa8ca0ca0de32d5a |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | bfad907188c74a6f99120124b36b5113 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3ca0c46da89749cfba9b0f117e3ac201 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | bfad907188c74a6f99120124b36b5113 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

 

[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696

 

+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cf69a76a963b41e0a0dd327072c3b5e4 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | bfad907188c74a6f99120124b36b5113 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+

 

配置provider network网络
安装软件包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

 

编辑/etc/neutron/neutron.conf配置文件
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
 
[DEFAULT]
core_plugin = ml2
service_plugins =
 
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
 
[DEFAULT]
auth_strategy = keystone
 
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
 
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
 
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
 
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

 

编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
[ml2]
tenant_network_types =
 
[ml2]
mechanism_drivers = linuxbridge
 
[ml2]
extension_drivers = port_security
 
[ml2_type_flat]
flat_networks = provider
 
[securitygroup]
enable_ipset = true
 
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

编辑配置文件/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

 


 

 
配置Self-service网络
安装软件包
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

 

配置/etc/neutron/neutron.conf文件
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
 
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
 
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
 
[DEFAULT]
auth_strategy = keystone
 
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
 
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
 
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
 
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

 

编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true

 

编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = provider:eth1
 
[vxlan]
enable_vxlan = true
local_ip = 192.168.200.10
l2_population = true
 
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

编辑/etc/neutron/l3_agent.ini文件
[DEFAULT]
interface_driver = linuxbridge

 

编辑/etc/neutron/dhcp_agent.ini文件
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

 

编辑/etc/neutron/metadata_agent.ini文件
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

 

编辑/etc/nova/nova.conf文件
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

 

###创建链接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

###同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf  --config-file 
 
###启动服务
[root@controller ~]# systemctl restart openstack-nova-api
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.

 

如果选择了Self-service网络,还需要启动这个服务
[root@controller ~]# systemctl start neutron-l3-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.

 


 

 

compute节点
安装软件包
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y

 

编辑配置/etc/neutron/neutron.conf文件
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
 
[DEFAULT]
auth_strategy = keystone
 
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
 
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

 

配置provider网络
编辑配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

配置Self-service网络
编辑配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = true
local_ip = 192.168.2.190
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

配置nova配置/etc/nova/nova.conf文件
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456

 

启动服务
[root@compute ~]# systemctl restart openstack-nova-compute
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.

 

验证
[root@controller ~]# openstack network agent list

 

+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 06323fbc-0b13-4c14-a05d-d414678177bf | Linux bridge agent | controller | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 4bd1d3eb-d178-4ff5-8d3f-7307a4415209 | Linux bridge agent | compute    | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 74ba6229-1449-40c7-a0de-53688fbb560a | Metadata agent     | controller | None              | :-)   | UP    | neutron-metadata-agent    |
| d43e223f-c23d-4e60-88b6-ffe12243853f | DHCP agent         | controller | nova              | :-)   | UP    | neutron-dhcp-agent        |
| da0e8763-8082-4a5e-8188-7161d7ad8a05 | L3 agent           | controller | nova              | :-)   | UP    | neutron-l3-agent          |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

 


 

 

安装dashboard
controller节点
安装软件包
[root@controller ~]# yum install -y openstack-dashboard

 

编辑配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', 'localhost']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}

 

编辑/etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
 
启动服务
[root@controller ~]# systemctl restart httpd.service memcached.service

 

验证
浏览器打开192.168.2.188/dashboard
 
到这里就可以进行界面化的操作,配置资源,创建网络,创建镜像,创建实例等。
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!