国产操作系统openEuler22.09系统OpenStackYoga 部署指南
目录
openEuler22.09系统搭建OpenStackYoga
一.前置环境搭建
1. 修改主机名及映射文件
2.更改yum源
3.配置时间同步
3.1 Controller节点:
3.2 其他节点
3.3 测试
4.安装数据库
4.1 安装数据库
4.2启动数据库
4.3初始化数据库
4.4 测试数据库
5.安装消息队列与缓存服务
5.1 安装消息阵列
5.2 创建openstack用户
5.3 安装缓存服务
二.Openstack服务搭建
1.Keystone
1.1 创建keystone数据库并授权
1.2 安装软件包
1.3 编辑配置文件
1.4 初始化Fernet密钥仓库
1.5 启动服务
1.6 配置apachehttpserver
1.7 启动apache http服务
1.8 创建环境变量
1.9 创建domain, projects, users, roles
1.9.1 安装软件包
1.9.2导入环境变量
1.9.3创建project service
1.9.4创建(non-admin)project myproject
1.9.5创建user myuser
1.9.6创建role myrole
1.9.7为 myproject 和 myuser 添加角色myrole。
2.Glance
2.1 创建 glance 数据库并授权
2.2 创建glance用户
2.3 创建glance服务实体:
2.4 创建glance API服务:
2.5 安装软件包
2.6 修改 glance 配置文件
2.7 同步数据库
2.8 启动服务
2.9 测试
3.Placement
3.1 创建placement数据库并授权
3.2 配置用户和Endpoints
3.3 安装软件包
3.4 修改配置文件
3.5 同步数据库
3.6 启动服务
3.7 测试
4.Nova
4.1 创建Nova数据库并授权
4.2 配置用户和Endpoints
4.3 安装软件包
4.4 修改配置文件
4.5 同步数据库
4.6 启动服务
Compute节点操作:
4.7 安装软件包
4.8 修改配置文件
4.9 确认计算节点是否支持虚拟机硬件加速(x86_64)
4.10 确认计算节点是否支持虚拟机硬件加速(arm64)
4.11 配置qemu(仅arm64)
4.12 启动服务
Controller节点
4.13 添加计算节点到openstack集群
4.14 测试
5.Neutron
Controller节点
5.1 创建数据库并授权
5.2 配置用户和Endpoints
5.3 部署 Neutron API 服务:
5.4 安装软件包
5.5 修改配置文件
5.6 创建/etc/neutron/plugin.ini的符号链接
5.7 同步数据库
5.7 启动网络服务
Compute节点
5.8 安装软件包
5.9 修改配置文件
5.10 重启nova-compute服务
5.11 启动Neutron linuxbridge agent服务
6.Cinder
6.1 创建数据库并授权
6.2 配置用户和Endpoints
6.3 安装软件包
6.4 修改配置文件
6.5 同步数据库
6.6 修改nova配置文件
6.7 启动服务
Storage节点
6.8 安装软件包
6.9 创建lvm
6.10 修改配置文件
6.11 启动服务
6.12 测试
7.Horizon
7.1 安装软件包
7.2 修改配置文件
7.3 重启服务
7.4 浏览器访问控制台
7.5 登陆
8.核心组件测试
8.1 测试账户管理模块
8.2 镜像测试
8.3 网络测试
8.4 云主机测试
openEuler22.09系统搭建OpenStackYoga
本项目是OpenStack三节点环境进行部署,手动搭建OpenStack平台。
三个节点分别是控制节点(Controller)、计算节点(Compute)、存储节点(Storage)。
首先准备三个openEuler 22.09环境,根据自己的环境,下载对应的镜像并安装即可。
节点规划:
Controller | 192.168.100.10 |
Compute | 192.168.100.20 |
Storage | 192.168.100.30 |
一.前置环境搭建
1. 修改主机名及映射文件
修改主机名
[root@localhost ~]# hostnamectl set-hostname controller [root@localhost ~]# hostnamectl set-hostname compute [root@localhost ~]# hostnamectl set-hostname storage |
修改映射文件
[root@controller ~]# vi /etc/hosts 192.168.100.10 controller 192.168.100.20 compute 192.168.100.30 storage |
2.更改yum源
# Generic-repos is licensed under the Mulan PSL v2. # For details: http://license.coscl.org.cn/MulanPSL2 [OS] name=OS baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler [everything] name=everything baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/everything/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/everything/$basearch/RPM-GPG-KEY-openEuler [EPOL] name=EPOL baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/EPOL/main/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler [debuginfo] name=debuginfo baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/debuginfo/$basearch/ enabled=0 gpgcheck=1 gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler [source] name=source baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/source/ enabled=0 gpgcheck=1 gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler [update] name=update baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/update/$basearch/ enabled=1 gpgcheck=1 gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler |
3.配置时间同步
集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证,使用chrony软件
所有节点安装chrony,并且所有节点关闭防火墙
[root@controller ~]# dnf -y install chrony [root@compute ~]# systemctl stop firewalld && systemctl disable firewalld [root@compute ~]# setenforce 0 |
3.1 Controller节点:
编辑配置文件
[root@controller ~]# vi /etc/chrony.conf # Please consider joining the pool (https://www.pool.ntp.org/join.html). pool ntp.aliyun.com iburst # Allow NTP client access from local network. allow 192.168.0.0/24 #表示允许哪些IP从本节点同步时钟 |
重启服务
[root@controller ~]# systemctl restart chronyd |
3.2 其他节点
[root@compute ~]# vi /etc/chrony.conf # NTP_SERVER是controller IP,表示从这个机器从哪里获取时间 server controller iburst [root@compute ~]# systemctl restart chronyd |
并且要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。
# Please consider joining the pool (https://www.pool.ntp.org/join.html). #pool pool.ntp.org iburst |
3.3 测试
[root@compute ~]# chronyc sources |
4.安装数据库
4.1 安装数据库
数据库再控制节点进行安装
[root@controller ~]# dnf install mysql-config mariadb mariadb-server python3-PyMySQL |
新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下
[root@controller ~]# vi /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 192.168.100.10 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 |
4.2启动数据库
[root@controller ~]# systemctl start mariadb |
4.3初始化数据库
[root@controller ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and haven't set the root password yet, you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password or using the unix_socket ensures that nobody can log into the MariaDB root user without the proper authorisation. You already have your root account protected, so you can safely answer 'n'. Switch to unix_socket authentication [Y/n] Enabled successfully! Reloading privilege tables.. ... Success! You already have your root account protected, so you can safely answer 'n'. Change the root password? [Y/n] New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! #密码为000000 |
4.4 测试数据库
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 13 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> MariaDB [(none)]> exit Bye |
5.安装消息队列与缓存服务
5.1 安装消息阵列
在控制节点进行,安装软件
[root@controller ~]# dnf install rabbitmq-server -y |
启动消息队列服务
[root@controller ~]# systemctl start rabbitmq-server |
5.2 创建openstack用户
[root@controller ~]# rabbitmqctl add_user openstack 000000 Adding user "openstack" ... Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more. |
配置openstack用户,000000是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。
设置openstack用户权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ... [root@controller ~]# |
5.3 安装缓存服务
在控制节点安装缓存服务Memcached
[root@controller ~]# dnf install memcached python3-memcached -y |
修改配置文件
[root@controller ~]# vi /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1,controller" |
启动服务
[root@controller ~]# systemctl start memcached |
二.Openstack服务搭建
1.Keystone
Keystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。
1.1 创建keystone数据库并授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 14 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> exit Bye |
1.2 安装软件包
[root@controller ~]# dnf install openstack-keystone httpd mod_wsgi -y Last metadata expiration check: 1:12:31 ago on 2024年12月19日 星期四 09时00分01秒. Package openstack-keystone-21.0.0-1.oe2209.noarch is already installed. Package httpd-2.4.51-11.oe2209.x86_64 is already installed. Package python3-mod_wsgi-4.9.1-3.oe2209.x86_64 is already installed. Dependencies resolved. Nothing to do. Complete! |
1.3 编辑配置文件
[root@controller ~]# vi /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:000000@controller/keystone [token] provider = fernet |
配置字段解释
[database]部分,配置数据库入口
[token]部分,配置token provider
同步数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone |
1.4 初始化Fernet密钥仓库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone |
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone |
1.5 启动服务
[root@controller ~]# keystone-manage bootstrap --bootstrap-password Hzy20050702 \#(主机密码) --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne |
替换 ADMIN_PASS,为 admin 用户设置密码
1.6 配置apachehttpserver
[root@controller ~]# vi /etc/httpd/conf/httpd.conf ServerName controller #添加或修改该行文件 |
创建软链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ |
配置 ServerName 项引用控制节点
注意 如果 ServerName 项不存在则需要创建
1.7 启动apache http服务
[root@controller ~]# systemctl enable httpd Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service. [root@controller ~]# systemctl start httpd |
1.8 创建环境变量
[root@controller ~]# cat << EOF >> ~/.admin-openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=Hzy20050702 #adminpass export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOF |
1.9 创建domain, projects, users, roles
1.9.1 安装软件包
依次创建domain, projects, users, roles,首先需要安装python3-openstackclient
[root@controller ~]# dnf install python3-openstackclient -y |
1.9.2导入环境变量
[root@controller ~]# source ~/.admin-openrc |
1.9.3创建project service
其中 domain default 在 keystone-manage bootstrap 时已创建
[root@controller ~]# openstack domain create --description "An Example Domain" example +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | An Example Domain | | enabled | True | | id | 14c7f7c903544fc7b83fe13288c7aa78 | | name | example | | options | {} | | tags | [] | +-------------+----------------------------------+ |
[root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | bf2a0ac4ba844606b62bc4f53f79bc60 | | is_domain | False | | name | service | | options | {} | | parent_id | default | | tags | [] | +-------------+----------------------------------+ |
1.9.4创建(non-admin)project myproject
[root@controller ~]# openstack project create --domain default --description "Demo Project" myproject +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 2bceda2684fa424abd910455c6dfc917 | | is_domain | False | | name | myproject | | options | {} | | parent_id | default | | tags | [] | +-------------+----------------------------------+ |
1.9.5创建user myuser
[root@controller ~]# openstack user create --domain default --password-prompt myuser User Password:000000 Repeat User Password:000000 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | c88a2c86fc6d4e4c8e1d37b856096d64 | | name | myuser | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ |
1.9.6创建role myrole
[root@controller ~]# openstack role create myrole +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | None | | domain_id | None | | id | 2b5ad1ed3c734a2b9a74089abc2d847c | | name | myrole | | options | {} | +-------------+----------------------------------+ |
1.9.7为 myproject 和 myuser 添加角色myrole。
[root@controller ~]# openstack role add --project myproject --user myuser myrole |
1.10 测试
取消临时环境变量OS_AUTH_URL和OS_PASSWORD:
[root@controller ~]# source ~/.admin-openrc [root@controller ~]# unset OS_AUTH_URL OS_PASSWORD |
为admin用户请求tocken
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue Password: |
为myuser用户请求tocken
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue Password: |
2.Glance
Glance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。
2.1 创建 glance 数据库并授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 23 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) |
导入环境变量
[root@controller ~]# source ~/.admin-openrc |
2.2 创建glance用户
[root@controller ~]# openstack user create --domain default --password-prompt glance User Password:000000 Repeat User Password:000000 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | e9e6e125c0c24355a29d635d409f7b52 | | name | glance | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ |
添加glance用户到service project并指定admin角色:
[root@controller ~]# openstack role add --project service --user glance admin |
2.3 创建glance服务实体:
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | fadfce11db9c458a9fe455fd97c31e56 | | name | glance | | type | image | +-------------+----------------------------------+ |
2.4 创建glance API服务:
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 5dcb9b4e435f4028a7c3deceb7b7636c | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | fadfce11db9c458a9fe455fd97c31e56 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | e0acbd5f31b944d59493821ba9c9fbac | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | fadfce11db9c458a9fe455fd97c31e56 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d590478c5bb1467dbcd7188b86f77e93 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | fadfce11db9c458a9fe455fd97c31e56 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ |
2.5 安装软件包
[root@controller ~]# dnf install openstack-glance -y |
2.6 修改 glance 配置文件
[root@controller ~]# vi /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:000000@controller/glance [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = 000000 [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ |
[database]部分,配置数据库入口
[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
[glance_store]部分,配置本地文件系统存储和镜像文件的位置
2.7 同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance |
2.8 启动服务
[root@controller ~]# systemctl enable openstack-glance-api.service Created symlink /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service → /usr/lib/systemd/system/openstack-glance-api.service. [root@controller ~]# systemctl start openstack-glance-api.service |
2.9 测试
导入环境变量
[root@controller ~]# source ~/.admin-openrc |
下载镜像进行测试
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img |
上传镜像测试
[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare --file cirros-0.4.0-aarch64-disk.img --public cirros |
验证:
[root@controller ~]# openstack image list |
3.Placement
Placement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。
3.1 创建placement数据库并授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 34 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE placement; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> exit Bye |
3.2 配置用户和Endpoints
source admin凭证,以获取admin命令行权限:
[root@controller ~]# source ~/.admin-openrc |
创建placement用户并设置用户密码:
[root@controller ~]# openstack user create --domain default --password-prompt placement User Password:000000 Repeat User Password:000000 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 28e92c956ed746bf8d7e903047b9cbbc | | name | placement | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ |
添加placement用户到service project并指定admin角色:
[root@controller ~]# openstack role add --project service --user placement admin |
创建placement服务实体
[root@controller ~]# openstack service create --name placement \ --description "Placement API" placement +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Placement API | | enabled | True | | id | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 | | name | placement | | type | placement | +-------------+----------------------------------+ |
创建Placement API服务endpoints:
[root@controller ~]# openstack endpoint create --region RegionOne \ placement public http://controller:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 692b18a8ec25479a856bc72c63407720 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 | | service_name | placement | | service_type | placement | | url | http://controller:8778 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne \ placement internal http://controller:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 12a83523f6de4a1394df92403e18f8ab | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 | | service_name | placement | | service_type | placement | | url | http://controller:8778 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne \ placement admin http://controller:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 1ef360ca2d72495f96f61292ba423276 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | a0b7f2c47b8b4d70b1e3bc94c4ce3e37 | | service_name | placement | | service_type | placement | | url | http://controller:8778 | +--------------+----------------------------------+ |
3.3 安装软件包
[root@controller ~]# dnf install openstack-placement-api -y |
3.4 修改配置文件
[root@controller ~]# vi /etc/placement/placement.conf [placement_database] connection = mysql+pymysql://placement:000000@controller/placement [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = 000000 |
3.5 同步数据库
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement |
3.6 启动服务
重启httpd服务
[root@controller ~]# systemctl restart httpd |
3.7 测试
source admin凭证,以获取admin命令行权限
[root@controller ~]# source ~/.admin-openrc |
执行状态检查:
[root@controller ~]# placement-status upgrade check +----------------------------------------------------------------------+ | Upgrade Check Results | +----------------------------------------------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------------------------------------------+ | Check: Policy File JSON to YAML Migration | | Result: Failure | | Details: Your policy file is JSON-formatted which is deprecated. You | | need to switch to YAML-formatted file. Use the | | ``oslopolicy-convert-json-to-yaml`` tool to convert the | | existing JSON-formatted files to YAML in a backwards- | | compatible manner: https://docs.openstack.org/oslo.policy/ | | latest/cli/oslopolicy-convert-json-to-yaml.html. | +----------------------------------------------------------------------+ |
针对placement API运行命令:
安装osc-placement插件:
[root@controller ~]# dnf install python3-osc-placement -y |
列出可用的资源类别及特性:
[root@controller ~]# openstack --os-placement-api-version 1.2 resource class list --sort-column name |
[root@controller ~]# openstack --os-placement-api-version 1.6 trait list --sort-column name |
4.Nova
Nova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。
4.1 创建Nova数据库并授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 42 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE nova_api; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> CREATE DATABASE nova; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> CREATE DATABASE nova_cell0; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ -> IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> exit Bye |
4.2 配置用户和Endpoints
source admin凭证,以获取admin命令行权限:
[root@controller ~]# source ~/.admin-openrc |
创建nova用户并设置用户密码:
[root@controller ~]# openstack user create --domain default --password-prompt nova User Password:000000 Repeat User Password:000000 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 9f5b276dbd4c4b63a41de370f64f6ca1 | | name | nova | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ |
添加nova用户到service project并指定admin角色:
[root@controller ~]# openstack role add --project service --user nova admin |
创建nova服务实体:
[root@controller ~]# openstack service create --name nova \ --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | efd0460a58c8458f99ef0eec726c0c66 | | name | nova | | type | compute | +-------------+----------------------------------+ [root@controller ~]# |
创建Nova API服务endpoints:
[root@controller ~]# openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 9c16ddbb93034393803ab3fb698643f1 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | efd0460a58c8458f99ef0eec726c0c66 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | f0ad60b148924808b9c5732b1f7cf10e | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | efd0460a58c8458f99ef0eec726c0c66 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | e0730e9a0ef74b419f5489f6ff9d947c | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | efd0460a58c8458f99ef0eec726c0c66 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1 | +--------------+----------------------------------+ |
4.3 安装软件包
[root@controller ~]# dnf install openstack-nova-api openstack-nova-conductor \ openstack-nova-novncproxy openstack-nova-scheduler -y |
4.4 修改配置文件
在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:
[root@controller ~]# vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:000000@controller:5672/ my_ip = 192.168.100.10 log_dir = /var/log/nova [api_database] connection = mysql+pymysql://nova:000000@controller/nova_api [database] connection = mysql+pymysql://nova:000000@controller/nova [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = 000000 [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 000000 |
4.5 同步数据库
同步nova-api数据库:
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova |
注册cell0数据库:
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova |
创建cell1 cell:
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova |
同步nova数据库:
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova |
验证cell0和cell1注册正确:
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova |
4.6 启动服务
[root@controller ~]# systemctl enable \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service → /usr/lib/systemd/system/openstack-nova-api.service. Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service → /usr/lib/systemd/system/openstack-nova-scheduler.service. Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service → /usr/lib/systemd/system/openstack-nova-conductor.service. Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service → /usr/lib/systemd/system/openstack-nova-novncproxy.service. [root@controller ~]# systemctl start \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service [root@controller ~]# |
Compute节点操作:
4.7 安装软件包
[root@compute ~]# dnf install openstack-nova-compute |
4.8 修改配置文件
[root@compute ~]# vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:000000@controller:5672/ my_ip = 192.168.100.20 compute_driver = libvirt.LibvirtDriver instances_path = /var/lib/nova/instances log_dir = /var/log/nova [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = 000000 [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html [glance] api_servers = http://controller:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 000000 |
4.9 确认计算节点是否支持虚拟机硬件加速(x86_64)
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo 0 |
如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:
[libvirt] virt_type = qemu |
4.10 确认计算节点是否支持虚拟机硬件加速(arm64)
处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:
[root@compute ~]# virt-host-validate QEMU: 正在检查 硬件是否支持虚拟化 : 通过 QEMU: 正在检查 if device /dev/kvm exists : 通过 QEMU: 正在检查 if device /dev/kvm is accessible : 通过 QEMU: 正在检查 if device /dev/vhost-net exists : 通过 QEMU: 正在检查 if device /dev/net/tun exists : 通过 QEMU: 正在检查 for cgroup 'cpu' controller support : 通过 QEMU: 正在检查 for cgroup 'cpuacct' controller support : 通过 QEMU: 正在检查 for cgroup 'cpuset' controller support : 通过 QEMU: 正在检查 for cgroup 'memory' controller support : 通过 QEMU: 正在检查 for cgroup 'devices' controller support : 通过 QEMU: 正在检查 for cgroup 'blkio' controller support : 通过 QEMU: 正在检查 是否支持IOMMU : 警告 (No ACPI IVRS table found, IOMMU either disabled in BIOS or not supported by this hardware platform) |
4.11 配置qemu(仅arm64)
[root@compute ~]# vi /etc/libvirt/qemu.conf nvram = [ "/usr/share/AAVMF/AAVMF_CODE.fd:/usr/share/AAVMF/AAVMF_VARS.fd", "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw:/usr/share/edk2/aarch64/vars-template-pflash.raw" ] [root@compute ~]# mkdir -p /etc/qemu/firmware/ [root@compute ~]# touch /etc/qemu/firmware/edk2-aarch64.json [root@compute ~]# vi /etc/qemu/firmware/edk2-aarch64.json { "description": "UEFI firmware for ARM64 virtual machines", "interface-types": [ "uefi" ], "mapping": { "device": "flash", "executable": { "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw", "format": "raw" }, "nvram-template": { "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw", "format": "raw" } }, "targets": [ { "architecture": "aarch64", "machines": [ "virt-*" ] } ], "features": [ ], "tags": [ ] } |
4.12 启动服务
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service Created symlink /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service → /usr/lib/systemd/system/openstack-nova-compute.service. [root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service |
Controller节点
4.13 添加计算节点到openstack集群
source admin凭证,以获取admin命令行权限:
[root@controller ~]# source ~/.admin-openrc |
确认nova-compute服务已识别到数据库中:
[root@controller ~]# openstack compute service list --service nova-compute +--------------------------------------+--------------+---------+------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +--------------------------------------+--------------+---------+------+---------+-------+----------------------------+ | 1c34a584-bc75-440a-b823-8c7c8457fd77 | nova-compute | compute | nova | enabled | up | 2024-12-19T10:34:57.000000 | +--------------------------------------+--------------+---------+------+---------+-------+----------------------------+ |
发现计算节点,将计算节点添加到cell数据库:
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code. Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 6a2f0cf4-5ddf-48fa-a828-d3a6a9da7b75 Checking host mapping for compute host 'compute': 3d494409-3bcf-4007-a41b-0a258b697a2e Creating host mapping for compute host 'compute': 3d494409-3bcf-4007-a41b-0a258b697a2e Found 1 unmapped computes in cell: 6a2f0cf4-5ddf-48fa-a828-d3a6a9da7b75 |
4.14 测试
列出服务组件,验证每个流程都成功启动和注册:
[root@controller ~]# openstack compute service list |
列出身份服务中的API端点,验证与身份服务的连接:
[root@controller ~]# openstack catalog list |
列出镜像服务中的镜像,验证与镜像服务的连接:
[root@controller ~]# openstack image list |
检查cells是否运作成功,以及其他必要条件是否已具备。
[root@controller ~]# nova-status upgrade check |
5.Neutron
Neutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。
Controller节点
5.1 创建数据库并授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 125 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]> exit; Bye |
5.2 配置用户和Endpoints
[root@controller ~]# openstack user create --domain default --password-prompt neutron User Password:000000 Repeat User Password:000000 +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 1c4dc39d37dc49d584b615b0b5bc1a5b | | name | neutron | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ [root@controller ~]# openstack role add --project service --user neutron admin |
创建用户和服务
记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS:
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 4a9d83cb53c74d78b1160bdc111edefc | | name | neutron | | type | network | +-------------+----------------------------------+ |
5.3 部署 Neutron API 服务:
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8cb137b9edc3409dadf94be4fac74640 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 4a9d83cb53c74d78b1160bdc111edefc | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 5ebf9758cc89456182017b2a6f0e4eb3 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 4a9d83cb53c74d78b1160bdc111edefc | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 54d47e1f9de24d39883fb472970e8c8c | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 4a9d83cb53c74d78b1160bdc111edefc | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ |
5.4 安装软件包
[root@controller ~]# dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2 -y |
5.5 修改配置文件
[root@controller ~]# vi /etc/neutron/neutron.conf [DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = true transport_url = rabbit://openstack:000000@controller auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [database] connection = mysql+pymysql://neutron:000000@controller/neutron [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = 000000 |
配置ML2
ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**
修改/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true |
修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] physical_interface_mappings = provider:ens32 #网卡名 [vxlan] enable_vxlan = true local_ip = 192.168.100.10 #本地IP l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver |
配置Layer-3代理
修改/etc/neutron/l3_agent.ini
[root@controller ~]# vi /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge |
配置DHCP代理 修改/etc/neutron/dhcp_agent.ini
[root@controller ~]# vi /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true |
配置metadata代理
修改/etc/neutron/metadata_agent.ini
[root@controller ~]# vi /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET |
配置nova服务使用neutron,修改/etc/nova/nova.conf
[root@controller ~]# vi /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 000000 service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET |
5.6 创建/etc/neutron/plugin.ini的符号链接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini |
5.7 同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron |
重启nova.api服务
[root@controller ~]# systemctl restart openstack-nova-api |
5.7 启动网络服务
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service Created symlink /etc/systemd/system/multi-user.target.wants/neutron-server.service → /usr/lib/systemd/system/neutron-server.service. Created symlink /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service → /usr/lib/systemd/system/neutron-linuxbridge-agent.service. Created symlink /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service → /usr/lib/systemd/system/neutron-dhcp-agent.service. Created symlink /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service → /usr/lib/systemd/system/neutron-metadata-agent.service. Created symlink /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service → /usr/lib/systemd/system/neutron-l3-agent.service. [root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service \ neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service |
Compute节点
5.8 安装软件包
[root@compute ~]# dnf install openstack-neutron-linuxbridge ebtables ipset -y |
5.9 修改配置文件
修改/etc/neutron/neutron.conf
[root@compute ~]# vi /etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:000000@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = 000000 [oslo_concurrency] lock_path = /var/lib/neutron/tmp |
[root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini [vxlan] local_ip = 192.168.100.20 |
配置nova compute服务使用neutron,修改/etc/nova/nova.conf
[root@compute ~]# vi /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 000000 |
5.10 重启nova-compute服务
[root@compute ~]# systemctl restart openstack-nova-compute.service |
5.11 启动Neutron linuxbridge agent服务
[root@compute ~]# systemctl enable neutron-linuxbridge-agent Created symlink /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service → /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [root@compute ~]# systemctl start neutron-linuxbridge-agent |
6.Cinder
Cinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。
Controller节点:
6.1 创建数据库并授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 152 Server version: 10.5.16-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE cinder; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> exit Bye |
6.2 配置用户和Endpoints
创建cinder用户并设置用户密码:
[root@controller ~]# source ~/.admin-openrc [root@controller ~]# openstack user create --domain default --password-prompt cinder User Password: Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 8fa932d715c849f0bcfb439ff927a862 | | name | cinder | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+ |
添加cinder用户到service project并指定admin角色:
[root@controller ~]# openstack role add --project service --user cinder admin [root@controller ~]# openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3 +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Block Storage | | enabled | True | | id | 682312a7857d4228815530f7c7429276 | | name | cinderv3 | | type | volumev3 | +-------------+----------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s +--------------+------------------------------------------+ | Field | Value | +--------------+------------------------------------------+ | enabled | True | | id | c822422cc0a947999eba0a5834c9e016 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 682312a7857d4228815530f7c7429276 | | service_name | cinderv3 | | service_type | volumev3 | | url | http://controller:8776/v3/%(project_id)s | +--------------+------------------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s +--------------+------------------------------------------+ | Field | Value | +--------------+------------------------------------------+ | enabled | True | | id | 53930a867fbc4029b59fd24d6064ca61 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 682312a7857d4228815530f7c7429276 | | service_name | cinderv3 | | service_type | volumev3 | | url | http://controller:8776/v3/%(project_id)s | +--------------+------------------------------------------+ |
[root@controller ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s +--------------+------------------------------------------+ | Field | Value | +--------------+------------------------------------------+ | enabled | True | | id | 5ec74710379d4a868f6c04add4f10b13 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 682312a7857d4228815530f7c7429276 | | service_name | cinderv3 | | service_type | volumev3 | | url | http://controller:8776/v3/%(project_id)s | +--------------+------------------------------------------+ |
6.3 安装软件包
[root@controller ~]# dnf install openstack-cinder-api openstack-cinder-scheduler -y |
6.4 修改配置文件
修改cinder配置文件/etc/cinder/cinder.conf
[root@controller ~]# vi /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:000000@controller auth_strategy = keystone my_ip = 192.168.100.10 [database] connection = mysql+pymysql://cinder:000000@controller/cinder [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = 000000 [oslo_concurrency] lock_path = /var/lib/cinder/tmp |
6.5 同步数据库
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder |
6.6 修改nova配置文件
[root@controller ~]# vi /etc/nova/nova.conf [cinder] os_region_name = RegionOne |
6.7 启动服务
[root@controller ~]# systemctl restart openstack-nova-api [root@controller ~]# systemctl start openstack-cinder-api openstack-cinder-scheduler [root@controller ~]# systemctl enable openstack-cinder-api openstack-cinder-scheduler Created symlink /etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service → /usr/lib/systemd/system/openstack-cinder-api.service. Created symlink /etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service → /usr/lib/systemd/system/openstack-cinder-scheduler.service. |
Storage节点
Storage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。
Cinder支持很多类型的后端存储,使用最简单的lvm
6.8 安装软件包
[root@storage ~]# dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup -y |
6.9 创建lvm
[root@storage ~]# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created. [root@storage ~]# vgcreate cinder-volumes /dev/sdb Volume group "cinder-volumes" successfully created |
6.10 修改配置文件
[root@storage ~]# vi /etc/cinder/cinder.conf [DEFAULT] transport_url = rabbit://openstack:000000@controller auth_strategy = keystone my_ip = 192.168.100.30 enabled_backends = lvm glance_api_servers = http://controller:9292 [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = 000000 [database] connection = mysql+pymysql://cinder:000000@controller/cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes target_protocol = iscsi target_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp |
6.11 启动服务
[root@storage ~]# systemctl start openstack-cinder-volume target [root@storage ~]# systemctl enable openstack-cinder-volume target Created symlink /etc/systemd/system/multi-user.target.wants/openstack-cinder-volume.service → /usr/lib/systemd/system/openstack-cinder-volume.service. Created symlink /etc/systemd/system/multi-user.target.wants/target.service → /usr/lib/systemd/system/target.service. |
6.12 测试
控制节点进行测试
[root@controller ~]# openstack volume service list +------------------+-------------+------+---------+-------+----------------------------+ | Binary | Host | Zone | Status | State | Updated At | +------------------+-------------+------+---------+-------+----------------------------+ | cinder-scheduler | controller | nova | enabled | up | 2024-12-19T12:42:37.000000 | | cinder-volume | storage@lvm | nova | enabled | up | 2024-12-19T12:42:37.000000 | +------------------+-------------+------+---------+-------+----------------------------+ |
(如果出现问题,先查时间同步,再去查询各个组件的状态)
7.Horizon
Horizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。
7.1 安装软件包
[root@controller ~]# dnf install openstack-dashboard -y |
7.2 修改配置文件
[root@controller ~]# vi /etc/openstack-dashboard/local_settings #原文查找进行修改 OPENSTACK_HOST = "controller" ALLOWED_HOSTS = ['*', ] OPENSTACK_KEYSTONE_URL = "http://controller:5000/v3" SESSION_ENGINE = 'django.contrib.sessions.backends.cache' #取消注释+修改controller CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller', }, } #添加 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member" WEBROOT = '/dashboard' POLICY_FILES_PATH = "/etc/openstack-dashboard" OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 3, } |
7.3 重启服务
[root@controller ~]# systemctl restart httpd |
至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.100.10/dashboard,打开horizon登录页面。
7.4 浏览器访问控制台
7.5 登陆
登陆控制台,账户为admin,密码为controller主机密码,默认为default域。
若想使用http://controller/dashboard/地址进行登陆,则需要配置本地DNS解析
在主机的C:\Windows\System32\drivers\etc目录下的hosts文件下,使用管理员用户进行编辑文件
8.核心组件测试
8.1 测试账户管理模块
在Dashboard操作界面中单击“身份管理→用户”,单击右上角的“创建用户”按钮,进入创建用户界面,在输入对应参数之后,单击“创建用户”按钮,创建用户。
在controller节点查询验证
[root@controller ~]# openstack user list | grep hzy | 7a1d608be68c4785adcf11896cea92b3 | hzy | [root@controller ~]# openstack user show hzy +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | description | 这个用户帅的一批 | | domain_id | default | | enabled | True | | id | 7a1d608be68c4785adcf11896cea92b3 | | name | hzy | | options | {'lock_password': False} | | password_expires_at | None | +---------------------+----------------------------------+ |
8.2 镜像测试
在Dashboard操作界面中单击“管理员→镜像→创建镜像”,进入镜像创建界面,在创建镜像界面中,可以自定义镜像名称,并且添加本地镜像文件,在设置对应的镜像格式后,可以根据其他相应要求进行配置,最后单击“创建镜像”按钮来完成镜像的创建。
点击创建镜像
在controller节点进行验证
[root@controller ~]# openstack image list +--------------------------------------+-----------------+--------+ | ID | Name | Status | +--------------------------------------+-----------------+--------+ | c97d64cd-a595-45af-b031-16e074651319 | cirros | active | | b01ac2a7-2774-4f04-bb50-30124843aa83 | cirros-镜像测试 | active | +--------------------------------------+-----------------+--------+ |
8.3 网络测试
在Dashboard操作界面中单击“网络”,根据要求创建相应的网络“ext-net”,下拉框选择项目“admin”,供应商网络类型选择“Flat”,物理网络填写“provider”,勾选“共享的”以及“外部网络”选项,使云主机能够连通外网,然后单击“下一步”按钮,进入创建子网界面,填写子网名称testsubnet,网络地址192.168.200.0/24,网关IP为192.168.200.2,然后单击“下一步”按钮,进入最后的确认界面,单击“创建网络”按钮。
Controller节点进行验证
[root@controller ~]# openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | c7ec718e-2ff5-45ca-b46a-54b3469d7b4a | ext-net | 95b2c50e-598e-41ec-920a-351298a9ba58 | +--------------------------------------+---------+--------------------------------------+ |
8.4 云主机测试
在Dashboard操作界面中单击“管理员→计算→实例类型”,然后单击“创建实例类型”按钮,在弹出的窗口输入相应的属性参数,名称为“T1”,vCPU数量1,内存1024M,根磁盘10GB,最后单击右下方“创建实例类型”按钮即可完成创建。
在Dashboard操作界面中单击“计算→实例”按钮,单击右方“创建实例”按钮,进入创建实例界面,输入实例名称“openstack-T1”
接下来依次选择上述模块创建的“源*”“实例类型*”“网络”,单击“创建实例”按钮,完成实例的创建。
创建完成后,等待片刻,即可在云主机列表中看到云主机“openstack-test”正在运行中,云主机孵化成功
点击新建的实例,点击控制台,即可查看
至此,openstack基础平台搭建完成。
本篇文章篇幅较长,如果能看到这里请您点个赞支持一下,谢谢亲。