当前位置: 首页 > article >正文

国产操作系统openEuler22.09系统OpenStackYoga 部署指南

目录

openEuler22.09系统搭建OpenStackYoga

一.前置环境搭建

1. 修改主机名及映射文件

2.更改yum源

3.配置时间同步

3.1 Controller节点:

3.2 其他节点

3.3 测试

4.安装数据库

4.1 安装数据库

4.2启动数据库

4.3初始化数据库

4.4 测试数据库

5.安装消息队列与缓存服务

5.1 安装消息阵列

5.2 创建openstack用户

5.3 安装缓存服务

二.Openstack服务搭建

1.Keystone

1.1 创建keystone数据库并授权

1.2 安装软件包

1.3 编辑配置文件

1.4 初始化Fernet密钥仓库

1.5 启动服务

1.6 配置apachehttpserver

1.7 启动apache http服务

1.8 创建环境变量

1.9 创建domain, projects, users, roles

1.9.1 安装软件包

1.9.2导入环境变量

1.9.3创建project service

1.9.4创建(non-admin)project myproject

1.9.5创建user myuser 

1.9.6创建role myrole

1.9.7为 myproject 和 myuser 添加角色myrole。

2.Glance

2.1 创建 glance 数据库并授权

2.2 创建glance用户

2.3 创建glance服务实体:

2.4 创建glance API服务:

2.5 安装软件包

2.6 修改 glance 配置文件

2.7 同步数据库

2.8 启动服务

2.9 测试

3.Placement

3.1 创建placement数据库并授权

3.2 配置用户和Endpoints

3.3 安装软件包

3.4 修改配置文件

3.5 同步数据库

3.6 启动服务

3.7 测试

4.Nova

4.1 创建Nova数据库并授权

4.2 配置用户和Endpoints

4.3 安装软件包

4.4 修改配置文件

4.5 同步数据库

4.6 启动服务

Compute节点操作:

4.7 安装软件包

4.8 修改配置文件

4.9 确认计算节点是否支持虚拟机硬件加速(x86_64)

4.10 确认计算节点是否支持虚拟机硬件加速(arm64)

4.11 配置qemu(仅arm64)

4.12 启动服务

Controller节点

4.13 添加计算节点到openstack集群

4.14 测试

5.Neutron

Controller节点

5.1 创建数据库并授权

5.2 配置用户和Endpoints

5.3 部署 Neutron API 服务:

5.4 安装软件包

5.5 修改配置文件

5.6 创建/etc/neutron/plugin.ini的符号链接

5.7 同步数据库

5.7 启动网络服务

Compute节点

5.8 安装软件包

5.9 修改配置文件

5.10 重启nova-compute服务

5.11 启动Neutron linuxbridge agent服务

6.Cinder

6.1 创建数据库并授权

6.2 配置用户和Endpoints

6.3 安装软件包

6.4 修改配置文件

6.5 同步数据库

6.6 修改nova配置文件

6.7 启动服务

Storage节点

6.8 安装软件包

6.9 创建lvm

6.10 修改配置文件

6.11 启动服务

6.12 测试

7.Horizon

7.1 安装软件包

7.2 修改配置文件

7.3 重启服务

7.4 浏览器访问控制台

7.5 登陆

8.核心组件测试

8.1 测试账户管理模块

8.2 镜像测试

8.3 网络测试

8.4 云主机测试


openEuler22.09系统搭建OpenStackYoga

本项目是OpenStack三节点环境进行部署,手动搭建OpenStack平台。

三个节点分别是控制节点(Controller)、计算节点(Compute)、存储节点(Storage)。

首先准备三个openEuler 22.09环境,根据自己的环境,下载对应的镜像并安装即可。

节点规划:

Controller

192.168.100.10

Compute

192.168.100.20

Storage

192.168.100.30

一.前置环境搭建

1. 修改主机名及映射文件

修改主机名

[root@localhost ~]# hostnamectl set-hostname controller

[root@localhost ~]# hostnamectl set-hostname compute

[root@localhost ~]# hostnamectl set-hostname storage

修改映射文件

[root@controller ~]# vi /etc/hosts

192.168.100.10 controller

192.168.100.20 compute

192.168.100.30 storage

2.更改yum源

# Generic-repos is licensed under the Mulan PSL v2.

# For details: http://license.coscl.org.cn/MulanPSL2

[OS]

name=OS

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

[everything]

name=everything

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/everything/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/everything/$basearch/RPM-GPG-KEY-openEuler

[EPOL]

name=EPOL

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/EPOL/main/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

[debuginfo]

name=debuginfo

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/debuginfo/$basearch/

enabled=0

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

[source]

name=source

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/source/

enabled=0

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

[update]

name=update

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/update/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

3.配置时间同步

集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证,使用chrony软件

所有节点安装chrony,并且所有节点关闭防火墙

[root@controller ~]# dnf -y install chrony

[root@compute ~]# systemctl stop firewalld && systemctl disable firewalld

[root@compute ~]# setenforce 0

3.1 Controller节点:

编辑配置文件

[root@controller ~]# vi /etc/chrony.conf

# Please consider joining the pool (https://www.pool.ntp.org/join.html).

pool ntp.aliyun.com iburst

# Allow NTP client access from local network.

allow 192.168.0.0/24

#表示允许哪些IP从本节点同步时钟

重启服务

[root@controller ~]# systemctl restart chronyd

3.2 其他节点

[root@compute ~]# vi /etc/chrony.conf

# NTP_SERVER是controller IP,表示从这个机器从哪里获取时间

server controller iburst

[root@compute ~]# systemctl restart chronyd

并且要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。

# Please consider joining the pool (https://www.pool.ntp.org/join.html).

#pool pool.ntp.org iburst

3.3 测试

[root@compute ~]# chronyc sources

4.安装数据库

4.1 安装数据库

数据库再控制节点进行安装

[root@controller ~]# dnf install mysql-config mariadb mariadb-server python3-PyMySQL

新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下

[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf

[mysqld]

bind-address = 192.168.100.10

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

4.2启动数据库

[root@controller ~]# systemctl start mariadb

4.3初始化数据库

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current

password for the root user. If you've just installed MariaDB, and

haven't set the root password yet, you should just press enter here.

Enter current password for root (enter for none):

OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody

can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer 'n'.

Switch to unix_socket authentication [Y/n]

Enabled successfully!

Reloading privilege tables..

 ... Success!

You already have your root account protected, so you can safely answer 'n'.

Change the root password? [Y/n]

New password:

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

Remove anonymous users? [Y/n]

 ... Success!

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

Disallow root login remotely? [Y/n]

 ... Success!

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

Remove test database and access to it? [Y/n]

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

Reload privilege tables now? [Y/n]

 ... Success!

Cleaning up...

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

#密码为000000

4.4 测试数据库

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 13

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]>

MariaDB [(none)]> exit

Bye

5.安装消息队列与缓存服务

5.1 安装消息阵列

在控制节点进行,安装软件

[root@controller ~]# dnf install rabbitmq-server -y

启动消息队列服务

[root@controller ~]# systemctl start rabbitmq-server

5.2 创建openstack用户

[root@controller ~]# rabbitmqctl add_user openstack 000000

Adding user "openstack" ...

Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.

配置openstack用户,000000是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。

设置openstack用户权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setting permissions for user "openstack" in vhost "/" ...

[root@controller ~]#

5.3 安装缓存服务

在控制节点安装缓存服务Memcached

[root@controller ~]# dnf install memcached python3-memcached -y

修改配置文件

[root@controller ~]# vi /etc/sysconfig/memcached

PORT="11211"

USER="memcached"

MAXCONN="1024"

CACHESIZE="64"

OPTIONS="-l 127.0.0.1,::1,controller"

启动服务

[root@controller ~]# systemctl start memcached

二.Openstack服务搭建

1.Keystone

Keystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。

1.1 创建keystone数据库并授权

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 14

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \

    -> IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \

    -> IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit

Bye

1.2 安装软件包

[root@controller ~]# dnf install openstack-keystone httpd mod_wsgi -y

Last metadata expiration check: 1:12:31 ago on 2024年12月19日 星期四 09时00分01秒.

Package openstack-keystone-21.0.0-1.oe2209.noarch is already installed.

Package httpd-2.4.51-11.oe2209.x86_64 is already installed.

Package python3-mod_wsgi-4.9.1-3.oe2209.x86_64 is already installed.

Dependencies resolved.

Nothing to do.

Complete!

1.3 编辑配置文件

[root@controller ~]# vi /etc/keystone/keystone.conf

[database]

connection = mysql+pymysql://keystone:000000@controller/keystone

[token]

provider = fernet

配置字段解释

[database]部分,配置数据库入口

[token]部分,配置token provider

同步数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

1.4 初始化Fernet密钥仓库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

1.5 启动服务

[root@controller ~]# keystone-manage bootstrap --bootstrap-password Hzy20050702 \#(主机密码)

--bootstrap-admin-url http://controller:5000/v3/ \

--bootstrap-internal-url http://controller:5000/v3/ \

--bootstrap-public-url http://controller:5000/v3/ \

--bootstrap-region-id RegionOne

替换 ADMIN_PASS,为 admin 用户设置密码

1.6 配置apachehttpserver

[root@controller ~]# vi /etc/httpd/conf/httpd.conf

ServerName controller

#添加或修改该行文件

创建软链接

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

配置 ServerName 项引用控制节点

注意 如果 ServerName 项不存在则需要创建

1.7 启动apache http服务

[root@controller ~]# systemctl enable httpd

Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

[root@controller ~]# systemctl start httpd

1.8 创建环境变量

[root@controller ~]# cat << EOF >> ~/.admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=Hzy20050702 #adminpass

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

EOF

1.9 创建domain, projects, users, roles

1.9.1 安装软件包

依次创建domain, projects, users, roles,首先需要安装python3-openstackclient

[root@controller ~]# dnf install python3-openstackclient -y

1.9.2导入环境变量

[root@controller ~]# source ~/.admin-openrc

1.9.3创建project service

其中 domain default 在 keystone-manage bootstrap 时已创建

[root@controller ~]# openstack domain create --description "An Example Domain" example

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | An Example Domain                |

| enabled     | True                             |

| id          | 14c7f7c903544fc7b83fe13288c7aa78 |

| name        | example                          |

| options     | {}                               |

| tags        | []                               |

+-------------+----------------------------------+

[root@controller ~]# openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | bf2a0ac4ba844606b62bc4f53f79bc60 |

| is_domain   | False                            |

| name        | service                          |

| options     | {}                               |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

1.9.4创建(non-admin)project myproject

[root@controller ~]# openstack project create --domain default --description "Demo Project" myproject

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 2bceda2684fa424abd910455c6dfc917 |

| is_domain   | False                            |

| name        | myproject                        |

| options     | {}                               |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

1.9.5创建user myuser 

[root@controller ~]# openstack user create --domain default --password-prompt myuser

User Password:000000

Repeat User Password:000000

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | c88a2c86fc6d4e4c8e1d37b856096d64 |

| name                | myuser                           |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

1.9.6创建role myrole

[root@controller ~]# openstack role create myrole

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | None                             |

| domain_id   | None                             |

| id          | 2b5ad1ed3c734a2b9a74089abc2d847c |

| name        | myrole                           |

| options     | {}                               |

+-------------+----------------------------------+

1.9.7为 myproject 和 myuser 添加角色myrole。

[root@controller ~]# openstack role add --project myproject --user myuser myrole

1.10 测试

取消临时环境变量OS_AUTH_URL和OS_PASSWORD:

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

为admin用户请求tocken

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

Password:

为myuser用户请求tocken

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue

Password:

2.Glance

Glance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。

2.1 创建 glance 数据库并授权

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 23

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE glance;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \

    -> IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \

    -> IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.001 sec)

导入环境变量

[root@controller ~]# source ~/.admin-openrc

2.2 创建glance用户

[root@controller ~]# openstack user create --domain default --password-prompt glance

User Password:000000

Repeat User Password:000000

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | e9e6e125c0c24355a29d635d409f7b52 |

| name                | glance                           |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

添加glance用户到service project并指定admin角色:

[root@controller ~]# openstack role add --project service --user glance admin

2.3 创建glance服务实体:

[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Image                  |

| enabled     | True                             |

| id          | fadfce11db9c458a9fe455fd97c31e56 |

| name        | glance                           |

| type        | image                            |

+-------------+----------------------------------+

2.4 创建glance API服务:

[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 5dcb9b4e435f4028a7c3deceb7b7636c |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | fadfce11db9c458a9fe455fd97c31e56 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | e0acbd5f31b944d59493821ba9c9fbac |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | fadfce11db9c458a9fe455fd97c31e56 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | d590478c5bb1467dbcd7188b86f77e93 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | fadfce11db9c458a9fe455fd97c31e56 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

2.5 安装软件包

[root@controller ~]# dnf install openstack-glance -y

2.6 修改 glance 配置文件

[root@controller ~]# vi /etc/glance/glance-api.conf

[database]

connection = mysql+pymysql://glance:000000@controller/glance

[keystone_authtoken]

www_authenticate_uri  = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = 000000

[paste_deploy]

flavor = keystone

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

[database]部分,配置数据库入口

[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口

[glance_store]部分,配置本地文件系统存储和镜像文件的位置

2.7 同步数据库

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance

2.8 启动服务

[root@controller ~]# systemctl enable openstack-glance-api.service

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service → /usr/lib/systemd/system/openstack-glance-api.service.

[root@controller ~]# systemctl start openstack-glance-api.service

2.9 测试

导入环境变量

[root@controller ~]# source ~/.admin-openrc

下载镜像进行测试

[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img

上传镜像测试

[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare                     --file cirros-0.4.0-aarch64-disk.img  --public cirros

验证:

[root@controller ~]# openstack image list

3.Placement

Placement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。

3.1 创建placement数据库并授权

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 34

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE placement;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit

Bye

3.2 配置用户和Endpoints

source admin凭证,以获取admin命令行权限:

[root@controller ~]# source ~/.admin-openrc

创建placement用户并设置用户密码:

[root@controller ~]# openstack user create --domain default --password-prompt placement

User Password:000000

Repeat User Password:000000

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 28e92c956ed746bf8d7e903047b9cbbc |

| name                | placement                        |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

添加placement用户到service project并指定admin角色:

[root@controller ~]# openstack role add --project service --user placement admin

创建placement服务实体

[root@controller ~]# openstack service create --name placement \

  --description "Placement API" placement

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Placement API                    |

| enabled     | True                             |

| id          | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 |

| name        | placement                        |

| type        | placement                        |

+-------------+----------------------------------+

创建Placement API服务endpoints:

[root@controller ~]# openstack endpoint create --region RegionOne \

  placement public http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 692b18a8ec25479a856bc72c63407720 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne \

  placement internal http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 12a83523f6de4a1394df92403e18f8ab |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne \

  placement admin http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 1ef360ca2d72495f96f61292ba423276 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

3.3 安装软件包

[root@controller ~]# dnf install openstack-placement-api -y

3.4 修改配置文件

[root@controller ~]# vi /etc/placement/placement.conf

[placement_database]

connection = mysql+pymysql://placement:000000@controller/placement

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = placement

password = 000000

3.5 同步数据库

[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement

3.6 启动服务

重启httpd服务

[root@controller ~]# systemctl restart httpd

3.7 测试

source admin凭证,以获取admin命令行权限

[root@controller ~]# source ~/.admin-openrc

执行状态检查:

[root@controller ~]# placement-status upgrade check

+----------------------------------------------------------------------+

| Upgrade Check Results                                                |

+----------------------------------------------------------------------+

| Check: Missing Root Provider IDs                                     |

| Result: Success                                                      |

| Details: None                                                        |

+----------------------------------------------------------------------+

| Check: Incomplete Consumers                                          |

| Result: Success                                                      |

| Details: None                                                        |

+----------------------------------------------------------------------+

| Check: Policy File JSON to YAML Migration                            |

| Result: Failure                                                      |

| Details: Your policy file is JSON-formatted which is deprecated. You |

|   need to switch to YAML-formatted file. Use the                     |

|   ``oslopolicy-convert-json-to-yaml`` tool to convert the            |

|   existing JSON-formatted files to YAML in a backwards-              |

|   compatible manner: https://docs.openstack.org/oslo.policy/         |

|   latest/cli/oslopolicy-convert-json-to-yaml.html.                   |

+----------------------------------------------------------------------+

针对placement API运行命令:

安装osc-placement插件:

[root@controller ~]# dnf install python3-osc-placement -y

列出可用的资源类别及特性:

[root@controller ~]# openstack --os-placement-api-version 1.2 resource class list --sort-column name

[root@controller ~]# openstack --os-placement-api-version 1.6 trait list --sort-column name

4.Nova

Nova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。

4.1 创建Nova数据库并授权

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 42

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE nova_api;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> CREATE DATABASE nova;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> CREATE DATABASE nova_cell0;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]>

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]>

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]>

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \

    ->   IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit

Bye

4.2 配置用户和Endpoints

source admin凭证,以获取admin命令行权限:

[root@controller ~]# source ~/.admin-openrc

创建nova用户并设置用户密码:

[root@controller ~]# openstack user create --domain default --password-prompt nova

User Password:000000

Repeat User Password:000000

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 9f5b276dbd4c4b63a41de370f64f6ca1 |

| name                | nova                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

添加nova用户到service project并指定admin角色:

[root@controller ~]# openstack role add --project service --user nova admin

创建nova服务实体:

[root@controller ~]# openstack service create --name nova \

  --description "OpenStack Compute" compute

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Compute                |

| enabled     | True                             |

| id          | efd0460a58c8458f99ef0eec726c0c66 |

| name        | nova                             |

| type        | compute                          |

+-------------+----------------------------------+

[root@controller ~]#

创建Nova API服务endpoints:

[root@controller ~]# openstack endpoint create --region RegionOne \

  compute public http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 9c16ddbb93034393803ab3fb698643f1 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | efd0460a58c8458f99ef0eec726c0c66 |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne \

  compute internal http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f0ad60b148924808b9c5732b1f7cf10e |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | efd0460a58c8458f99ef0eec726c0c66 |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne \

  compute admin http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | e0730e9a0ef74b419f5489f6ff9d947c |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | efd0460a58c8458f99ef0eec726c0c66 |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

4.3 安装软件包

[root@controller ~]# dnf install openstack-nova-api openstack-nova-conductor \

  openstack-nova-novncproxy openstack-nova-scheduler -y

4.4 修改配置文件

在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:

[root@controller ~]# vi /etc/nova/nova.conf

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:000000@controller:5672/

my_ip = 192.168.100.10

log_dir = /var/log/nova

[api_database]

connection = mysql+pymysql://nova:000000@controller/nova_api

[database]

connection = mysql+pymysql://nova:000000@controller/nova

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = 000000

[vnc]   

enabled = true

server_listen = $my_ip

server_proxyclient_address = $my_ip

[glance]

api_servers = http://controller:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[placement]

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = 000000

4.5 同步数据库

同步nova-api数据库:

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova

注册cell0数据库:

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

创建cell1 cell:

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

同步nova数据库:

[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova

验证cell0和cell1注册正确:

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

4.6 启动服务

[root@controller ~]# systemctl enable \

  openstack-nova-api.service \

  openstack-nova-scheduler.service \

  openstack-nova-conductor.service \

  openstack-nova-novncproxy.service

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service → /usr/lib/systemd/system/openstack-nova-api.service.

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service → /usr/lib/systemd/system/openstack-nova-scheduler.service.

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service → /usr/lib/systemd/system/openstack-nova-conductor.service.

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service → /usr/lib/systemd/system/openstack-nova-novncproxy.service.

[root@controller ~]# systemctl start \

  openstack-nova-api.service \

  openstack-nova-scheduler.service \

  openstack-nova-conductor.service \

  openstack-nova-novncproxy.service

[root@controller ~]#

Compute节点操作:

4.7 安装软件包

[root@compute ~]# dnf install openstack-nova-compute

4.8 修改配置文件

[root@compute ~]# vi /etc/nova/nova.conf

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:000000@controller:5672/

my_ip = 192.168.100.20

compute_driver = libvirt.LibvirtDriver

instances_path = /var/lib/nova/instances

log_dir = /var/log/nova

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = 000000

[vnc]

enabled = true

server_listen = $my_ip

server_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]

api_servers = http://controller:9292

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[placement]    

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = 000000

4.9 确认计算节点是否支持虚拟机硬件加速(x86_64)

[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo

0

如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:

[libvirt]

virt_type = qemu

4.10 确认计算节点是否支持虚拟机硬件加速(arm64)

处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:

[root@compute ~]# virt-host-validate

  QEMU: 正在检查 硬件是否支持虚拟化                                 : 通过

  QEMU: 正在检查 if device /dev/kvm exists                                   : 通过

  QEMU: 正在检查 if device /dev/kvm is accessible                            : 通过

  QEMU: 正在检查 if device /dev/vhost-net exists                             : 通过

  QEMU: 正在检查 if device /dev/net/tun exists                               : 通过

  QEMU: 正在检查 for cgroup 'cpu' controller support                         : 通过

  QEMU: 正在检查 for cgroup 'cpuacct' controller support                     : 通过

  QEMU: 正在检查 for cgroup 'cpuset' controller support                      : 通过

  QEMU: 正在检查 for cgroup 'memory' controller support                      : 通过

  QEMU: 正在检查 for cgroup 'devices' controller support                     : 通过

  QEMU: 正在检查 for cgroup 'blkio' controller support                       : 通过

  QEMU: 正在检查 是否支持IOMMU                                           : 警告 (No ACPI IVRS table found, IOMMU either disabled in BIOS or not supported by this hardware platform)

4.11 配置qemu(仅arm64)

[root@compute ~]# vi /etc/libvirt/qemu.conf

nvram = [

    "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd",

    "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw"

]

[root@compute ~]# mkdir -p /etc/qemu/firmware/

[root@compute ~]# touch /etc/qemu/firmware/edk2-aarch64.json

[root@compute ~]# vi /etc/qemu/firmware/edk2-aarch64.json

{

    "description": "UEFI firmware for ARM64 virtual machines",

    "interface-types": [

        "uefi"

    ],

    "mapping": {

        "device": "flash",

        "executable": {

            "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",

            "format": "raw"

        },

        "nvram-template": {

            "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",

            "format": "raw"

        }

    },

    "targets": [

        {

            "architecture": "aarch64",

            "machines": [

                "virt-*"

            ]

        }

    ],

    "features": [

    ],

    "tags": [

    ]

}

4.12 启动服务

[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service → /usr/lib/systemd/system/openstack-nova-compute.service.

[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service

Controller节点

4.13 添加计算节点到openstack集群

source admin凭证,以获取admin命令行权限:

[root@controller ~]# source ~/.admin-openrc

确认nova-compute服务已识别到数据库中:

[root@controller ~]# openstack compute service list --service nova-compute

+--------------------------------------+--------------+---------+------+---------+-------+----------------------------+

| ID                                   | Binary       | Host    | Zone | Status  | State | Updated At                 |

+--------------------------------------+--------------+---------+------+---------+-------+----------------------------+

| 1c34a584-bc75-440a-b823-8c7c8457fd77 | nova-compute | compute | nova | enabled | up    | 2024-12-19T10:34:57.000000 |

+--------------------------------------+--------------+---------+------+---------+-------+----------------------------+

发现计算节点,将计算节点添加到cell数据库:

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.

Found 2 cell mappings.

Skipping cell0 since it does not contain hosts.

Getting computes from cell 'cell1': 6a2f0cf4-5ddf-48fa-a828-d3a6a9da7b75

Checking host mapping for compute host 'compute': 3d494409-3bcf-4007-a41b-0a258b697a2e

Creating host mapping for compute host 'compute': 3d494409-3bcf-4007-a41b-0a258b697a2e

Found 1 unmapped computes in cell: 6a2f0cf4-5ddf-48fa-a828-d3a6a9da7b75

4.14 测试

列出服务组件,验证每个流程都成功启动和注册:

[root@controller ~]# openstack compute service list

列出身份服务中的API端点,验证与身份服务的连接:

[root@controller ~]# openstack catalog list

列出镜像服务中的镜像,验证与镜像服务的连接:

[root@controller ~]# openstack image list

检查cells是否运作成功,以及其他必要条件是否已具备。

[root@controller ~]# nova-status upgrade check

5.Neutron

Neutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。

Controller节点

5.1 创建数据库并授权

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 125

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE neutron;

Query OK, 1 row affected (0.000 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.000 sec)

MariaDB [(none)]> exit;

Bye

5.2 配置用户和Endpoints

[root@controller ~]# openstack user create --domain default --password-prompt neutron

User Password:000000

Repeat User Password:000000

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 1c4dc39d37dc49d584b615b0b5bc1a5b |

| name                | neutron                          |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

[root@controller ~]# openstack role add --project service --user neutron admin

创建用户和服务

记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS:

[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Networking             |

| enabled     | True                             |

| id          | 4a9d83cb53c74d78b1160bdc111edefc |

| name        | neutron                          |

| type        | network                          |

+-------------+----------------------------------+

5.3 部署 Neutron API 服务:

[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 8cb137b9edc3409dadf94be4fac74640 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 4a9d83cb53c74d78b1160bdc111edefc |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 5ebf9758cc89456182017b2a6f0e4eb3 |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 4a9d83cb53c74d78b1160bdc111edefc |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 54d47e1f9de24d39883fb472970e8c8c |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 4a9d83cb53c74d78b1160bdc111edefc |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

5.4 安装软件包

[root@controller ~]# dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 -y

5.5 修改配置文件

[root@controller ~]# vi /etc/neutron/neutron.conf

[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

transport_url = rabbit://openstack:000000@controller

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

[database]

connection = mysql+pymysql://neutron:000000@controller/neutron

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = 000000

配置ML2

ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**

修改/etc/neutron/plugins/ml2/ml2_conf.ini

[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]

flat_networks = provider

[ml2_type_vxlan]

vni_ranges = 1:1000

[securitygroup]

enable_ipset = true

修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:ens32 #网卡名

[vxlan]

enable_vxlan = true

local_ip = 192.168.100.10 #本地IP

l2_population = true

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置Layer-3代理

修改/etc/neutron/l3_agent.ini

[root@controller ~]# vi /etc/neutron/l3_agent.ini

[DEFAULT]

interface_driver = linuxbridge

配置DHCP代理 修改/etc/neutron/dhcp_agent.ini

[root@controller ~]# vi /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

配置metadata代理

修改/etc/neutron/metadata_agent.ini

[root@controller ~]# vi /etc/neutron/metadata_agent.ini

[DEFAULT]

nova_metadata_host = controller

metadata_proxy_shared_secret = METADATA_SECRET

配置nova服务使用neutron,修改/etc/nova/nova.conf

[root@controller ~]# vi /etc/nova/nova.conf

[neutron]

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 000000

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

5.6 创建/etc/neutron/plugin.ini的符号链接

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

5.7 同步数据库

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重启nova.api服务

[root@controller ~]# systemctl restart openstack-nova-api

5.7 启动网络服务

[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service \

neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

Created symlink /etc/systemd/system/multi-user.target.wants/neutron-server.service → /usr/lib/systemd/system/neutron-server.service.

Created symlink /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service → /usr/lib/systemd/system/neutron-linuxbridge-agent.service.

Created symlink /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service → /usr/lib/systemd/system/neutron-dhcp-agent.service.

Created symlink /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service → /usr/lib/systemd/system/neutron-metadata-agent.service.

Created symlink /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service → /usr/lib/systemd/system/neutron-l3-agent.service.

[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service \

neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

Compute节点

5.8 安装软件包

[root@compute ~]# dnf install openstack-neutron-linuxbridge ebtables ipset -y

5.9 修改配置文件

修改/etc/neutron/neutron.conf

[root@compute ~]# vi /etc/neutron/neutron.conf

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

auth_strategy = keystone

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = 000000

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

[root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[vxlan]

local_ip = 192.168.100.20

配置nova compute服务使用neutron,修改/etc/nova/nova.conf

[root@compute ~]# vi /etc/nova/nova.conf

[neutron]

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 000000

5.10 重启nova-compute服务

[root@compute ~]# systemctl restart openstack-nova-compute.service

5.11 启动Neutron linuxbridge agent服务

[root@compute ~]# systemctl enable neutron-linuxbridge-agent

Created symlink /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service → /usr/lib/systemd/system/neutron-linuxbridge-agent.service.

[root@compute ~]# systemctl start neutron-linuxbridge-agent

6.Cinder

Cinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。

Controller节点:

6.1 创建数据库并授权

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 152

Server version: 10.5.16-MariaDB MariaDB Server

Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE cinder;

Query OK, 1 row affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.001 sec)

MariaDB [(none)]> exit

Bye

6.2 配置用户和Endpoints

创建cinder用户并设置用户密码:

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# openstack user create --domain default --password-prompt cinder

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 8fa932d715c849f0bcfb439ff927a862 |

| name                | cinder                           |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

添加cinder用户到service project并指定admin角色:

[root@controller ~]# openstack role add --project service --user cinder admin

[root@controller ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Block Storage          |

| enabled     | True                             |

| id          | 682312a7857d4228815530f7c7429276 |

| name        | cinderv3                         |

| type        | volumev3                         |

+-------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+

| Field        | Value                                    |

+--------------+------------------------------------------+

| enabled      | True                                     |

| id           | c822422cc0a947999eba0a5834c9e016         |

| interface    | public                                   |

| region       | RegionOne                                |

| region_id    | RegionOne                                |

| service_id   | 682312a7857d4228815530f7c7429276         |

| service_name | cinderv3                                 |

| service_type | volumev3                                 |

| url          | http://controller:8776/v3/%(project_id)s |

+--------------+------------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+

| Field        | Value                                    |

+--------------+------------------------------------------+

| enabled      | True                                     |

| id           | 53930a867fbc4029b59fd24d6064ca61         |

| interface    | internal                                 |

| region       | RegionOne                                |

| region_id    | RegionOne                                |

| service_id   | 682312a7857d4228815530f7c7429276         |

| service_name | cinderv3                                 |

| service_type | volumev3                                 |

| url          | http://controller:8776/v3/%(project_id)s |

+--------------+------------------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+

| Field        | Value                                    |

+--------------+------------------------------------------+

| enabled      | True                                     |

| id           | 5ec74710379d4a868f6c04add4f10b13         |

| interface    | admin                                    |

| region       | RegionOne                                |

| region_id    | RegionOne                                |

| service_id   | 682312a7857d4228815530f7c7429276         |

| service_name | cinderv3                                 |

| service_type | volumev3                                 |

| url          | http://controller:8776/v3/%(project_id)s |

+--------------+------------------------------------------+

6.3 安装软件包

[root@controller ~]# dnf install openstack-cinder-api openstack-cinder-scheduler -y

6.4 修改配置文件

修改cinder配置文件/etc/cinder/cinder.conf

[root@controller ~]# vi /etc/cinder/cinder.conf

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

auth_strategy = keystone

my_ip = 192.168.100.10

[database]

connection = mysql+pymysql://cinder:000000@controller/cinder

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = cinder

password = 000000

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

6.5 同步数据库

[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder

6.6 修改nova配置文件

[root@controller ~]# vi /etc/nova/nova.conf

[cinder]

os_region_name = RegionOne

6.7 启动服务

[root@controller ~]# systemctl restart openstack-nova-api

[root@controller ~]# systemctl start openstack-cinder-api openstack-cinder-scheduler

[root@controller ~]# systemctl enable openstack-cinder-api openstack-cinder-scheduler

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service → /usr/lib/systemd/system/openstack-cinder-api.service.

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service → /usr/lib/systemd/system/openstack-cinder-scheduler.service.

Storage节点

Storage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。

Cinder支持很多类型的后端存储,使用最简单的lvm

6.8 安装软件包

[root@storage ~]# dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup -y

6.9 创建lvm

[root@storage ~]# pvcreate /dev/sdb

  Physical volume "/dev/sdb" successfully created.

[root@storage ~]# vgcreate cinder-volumes /dev/sdb

  Volume group "cinder-volumes" successfully created

6.10 修改配置文件

[root@storage ~]# vi /etc/cinder/cinder.conf

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

auth_strategy = keystone

my_ip = 192.168.100.30

enabled_backends = lvm

glance_api_servers = http://controller:9292

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = cinder    

password = 000000

[database]

connection = mysql+pymysql://cinder:000000@controller/cinder

[lvm]

volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

volume_group = cinder-volumes

target_protocol = iscsi

target_helper = lioadm

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

6.11 启动服务

[root@storage ~]# systemctl start openstack-cinder-volume target

[root@storage ~]# systemctl enable openstack-cinder-volume target

Created symlink /etc/systemd/system/multi-user.target.wants/openstack-cinder-volume.service → /usr/lib/systemd/system/openstack-cinder-volume.service.

Created symlink /etc/systemd/system/multi-user.target.wants/target.service → /usr/lib/systemd/system/target.service.

6.12 测试

控制节点进行测试

[root@controller ~]# openstack volume service list

+------------------+-------------+------+---------+-------+----------------------------+

| Binary           | Host        | Zone | Status  | State | Updated At                 |

+------------------+-------------+------+---------+-------+----------------------------+

| cinder-scheduler | controller  | nova | enabled | up    | 2024-12-19T12:42:37.000000 |

| cinder-volume    | storage@lvm | nova | enabled | up    | 2024-12-19T12:42:37.000000 |

+------------------+-------------+------+---------+-------+----------------------------+

(如果出现问题,先查时间同步,再去查询各个组件的状态)

7.Horizon

Horizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。

7.1 安装软件包

[root@controller ~]# dnf install openstack-dashboard -y

7.2 修改配置文件

[root@controller ~]# vi /etc/openstack-dashboard/local_settings

#原文查找进行修改

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*', ]

OPENSTACK_KEYSTONE_URL = "http://controller:5000/v3"

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

#取消注释+修改controller

CACHES = {

    'default': {

        'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

        'LOCATION': 'controller',

    },

}

#添加

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"

WEBROOT = '/dashboard'

POLICY_FILES_PATH = "/etc/openstack-dashboard"

OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "image": 2,

    "volume": 3,

}

7.3 重启服务

[root@controller ~]# systemctl restart httpd

至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.100.10/dashboard,打开horizon登录页面。

7.4 浏览器访问控制台

7.5 登陆

登陆控制台,账户为admin,密码为controller主机密码,默认为default域。

若想使用http://controller/dashboard/地址进行登陆,则需要配置本地DNS解析

在主机的C:\Windows\System32\drivers\etc目录下的hosts文件下,使用管理员用户进行编辑文件

8.核心组件测试

8.1 测试账户管理模块

在Dashboard操作界面中单击“身份管理→用户”,单击右上角的“创建用户”按钮,进入创建用户界面,在输入对应参数之后,单击“创建用户”按钮,创建用户。

在controller节点查询验证

[root@controller ~]# openstack user list | grep hzy

| 7a1d608be68c4785adcf11896cea92b3 | hzy       |

[root@controller ~]# openstack user show hzy

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| description         | 这个用户帅的一批                 |

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 7a1d608be68c4785adcf11896cea92b3 |

| name                | hzy                              |

| options             | {'lock_password': False}         |

| password_expires_at | None                             |

+---------------------+----------------------------------+

8.2 镜像测试

在Dashboard操作界面中单击“管理员→镜像→创建镜像”,进入镜像创建界面,在创建镜像界面中,可以自定义镜像名称,并且添加本地镜像文件,在设置对应的镜像格式后,可以根据其他相应要求进行配置,最后单击“创建镜像”按钮来完成镜像的创建。

点击创建镜像

在controller节点进行验证

[root@controller ~]# openstack image list

+--------------------------------------+-----------------+--------+

| ID                                   | Name            | Status |

+--------------------------------------+-----------------+--------+

| c97d64cd-a595-45af-b031-16e074651319 | cirros          | active |

| b01ac2a7-2774-4f04-bb50-30124843aa83 | cirros-镜像测试 | active |

+--------------------------------------+-----------------+--------+

8.3 网络测试

在Dashboard操作界面中单击“网络”,根据要求创建相应的网络“ext-net”,下拉框选择项目“admin”,供应商网络类型选择“Flat”,物理网络填写“provider”,勾选“共享的”以及“外部网络”选项,使云主机能够连通外网,然后单击“下一步”按钮,进入创建子网界面,填写子网名称testsubnet,网络地址192.168.200.0/24,网关IP为192.168.200.2,然后单击“下一步”按钮,进入最后的确认界面,单击“创建网络”按钮。

Controller节点进行验证

[root@controller ~]# openstack network list

+--------------------------------------+---------+--------------------------------------+

| ID                                   | Name    | Subnets                              |

+--------------------------------------+---------+--------------------------------------+

| c7ec718e-2ff5-45ca-b46a-54b3469d7b4a | ext-net | 95b2c50e-598e-41ec-920a-351298a9ba58 |

+--------------------------------------+---------+--------------------------------------+

8.4 云主机测试

在Dashboard操作界面中单击“管理员→计算→实例类型”,然后单击“创建实例类型”按钮,在弹出的窗口输入相应的属性参数,名称为“T1”,vCPU数量1,内存1024M,根磁盘10GB,最后单击右下方“创建实例类型”按钮即可完成创建。

在Dashboard操作界面中单击“计算→实例”按钮,单击右方“创建实例”按钮,进入创建实例界面,输入实例名称“openstack-T1”

接下来依次选择上述模块创建的“源*”“实例类型*”“网络”,单击“创建实例”按钮,完成实例的创建。

创建完成后,等待片刻,即可在云主机列表中看到云主机“openstack-test”正在运行中,云主机孵化成功

点击新建的实例,点击控制台,即可查看

至此,openstack基础平台搭建完成。

本篇文章篇幅较长,如果能看到这里请您点个赞支持一下,谢谢亲。


http://www.kler.cn/a/447404.html

相关文章:

  • python coding(二) Pandas 、PIL、cv2
  • Linux之磁盘管理相关命令
  • windows下搭建本地sofa-registry
  • 常见的哈希函数构造方法
  • TCL发布万象分区,再造Mini LED技术天花板
  • 【JavaEE初阶】线程 和 thread
  • [笔记]关于Qt的nativeEvent事件无法接收window消息的Bug
  • 【从零开始入门unity游戏开发之——C#篇17】C#面向对象的封装——类(Class)和对象、成员变量和访问修饰符、成员方法
  • Liquibase结合SpringBoot使用实现数据库管理
  • 使用 mstsc 远程桌面连接时无法复制粘贴本地文件或文字解决方法
  • SAP PP ECN CSAP_MAT_BOM_MAINTAIN
  • run postinstall error, please remove node_modules before retry!
  • PyTorch实战-模拟线性函数和非线性函数
  • 基于matlab的单目相机标定
  • C语言 文件操作——按字符读写文件
  • uni-app开发商品分类页面实现
  • 奇怪问题| Chrome 访问csdn 创作中心的时候报错: 服务超时,请稍后重试
  • IIoT赋能绿色智造:2025制造业的可持续发展之路
  • 主要是使用#includenlohmannjson.hpp时显示找不到文件,但是我文件已正确导入visual studio配置,也保证文件正确存在
  • .NET重点
  • 标准模板库(STL)中的一个容器 都有什么
  • ARM学习(38)多进程多线程之间的通信方式
  • 工业摄像机基于电荷耦合器件的相机
  • 三格电子——新品IE103转ModbusTCP网关
  • C++ OCR银行卡文字识别
  • 【潜意识Java】蓝桥杯算法有关的动态规划求解背包问题