【云计算】OpenStack单节点allinone部署
OpenStack单节点all-in-one部署
- 工具准备
- 环境搭建
- 创建centos7虚拟机
- ssh连接
- 安装前的设置
- 禁用防火墙
- 禁用 NetworkManager服务
- 启用 network 服务
- 修改主机名以及映射
- 时间同步
- 安装openstcak
- 项目配置
- 主机原网络配置
- 修改网络配置
- 使配置生效
- 删除项目默认的路由和网络
- 创建外网ext-net
- 创建内网int-net
- 创建路由R1
- 运行云主机
- 镜像上传
- 镜像创建
- 创建实例
- 编辑安全组规则
- 添加ALL ICMP规则
- 添加SSH规则
- 连接云主机
- 获取浮动IP
- 绑定浮动IP
- 查看网络拓扑
- 测试
- ping测试
- ssh测试
- 云硬盘管理
- 创建卷
- 连接卷
- 查看
- 云存储管理
- 创建容器
- 容器管理
工具准备
VMware Workstation Pro 16
CentOS-7-x86_64-DVD-1804.iso
SecureCRT、SecureFX
cirros-0.4.0-x86_64-disk.img
环境搭建
这里一定内存不能少于8G,不然后面安装容易出问题!!还有虚拟化一定要勾上!!!
启动虚拟机centos7
选中文,你要英文好选英语也行。
选配置分区,可以不配,可以不配!!!不影响!!!我同学没分区照样能做!!!
可以不分区,选默认也一样,主要我电脑存储空间本来就不够,分区分了个寂寞!!
ens33要打开,后面下载openstack要网的!!
划重点:最小安装,分区可以不分选默认,禁用Kdump,ens33必须打开!!
设置root密码,待会ssh要用。
安装完成后,登录,查ip地址
使用SecureCRT 连接
ssh成功连上
测下网络,能访问互联网。
安装前的设置
Last login: Tue Apr 23 03:22:49 2024 from 192.168.196.1
[root@localhost ~]# systemctl disable firewalld
Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
[root@localhost ~]# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
~
~
"/etc/selinux/config" 13L, 545C written
重启
[root@localhost ~]# reboot
Last login: Tue Apr 23 07:36:39 2024 from 192.168.196.1
[root@localhost ~]# systemctl disable NetworkManager
Removed symlink /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.NetworkManager.service.
Removed symlink /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
[root@localhost ~]# systemctl stop NetworkManager
[root@localhost ~]# systemctl enable network
network.service is not a native service, redirecting to /sbin/chkconfig.
Executing /sbin/chkconfig network on
[root@localhost ~]# systemctl start network
[root@localhost ~]# hostnamectl set-hostname node-a
[root@localhost ~]# vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.196.44 node-a node-a.localdomain
~
~
"/etc/hosts" 3L, 201C written
[root@localhost ~]# ping node-a
PING node-a (192.168.196.44) 56(84) bytes of data.
64 bytes from node-a (192.168.196.44): icmp_seq=1 ttl=64 time=0.020 ms
64 bytes from node-a (192.168.196.44): icmp_seq=2 ttl=64 time=0.046 ms
^Z
[1]+ 已停止 ping node-a
[root@localhost ~]# yum install -y chrony
已加载插件:fastestmirror
Determining fastest mirrors
* base: ftp.sjtu.edu.cn
* extras: mirrors.bfsu.edu.cn
* updates: mirrors.ustc.edu.cn
base | 3.6 kB 00:00:00
extras | 2.9 kB 00:00:00
updates | 2.9 kB 00:00:00
(1/4): base/7/x86_64/group_gz | 153 kB 00:00:00
(2/4): extras/7/x86_64/primary_db | 253 kB 00:00:00
(3/4): base/7/x86_64/primary_db | 6.1 MB 00:00:05
(4/4): updates/7/x86_64/primary_db | 26 MB 00:00:24
正在解决依赖关系
--> 正在检查事务
---> 软件包 chrony.x86_64.0.3.4-1.el7 将被 安装
--> 正在处理依赖关系 libseccomp.so.2()(64bit),它被软件包 chrony-3.4-1.el7.x86_64 需要
--> 正在检查事务
---> 软件包 libseccomp.x86_64.0.2.3.1-4.el7 将被 安装
--> 解决依赖关系完成
依赖关系解决
==================================================================================================================================================
Package 架构 版本 源 大小
==================================================================================================================================================
正在安装:
chrony x86_64 3.4-1.el7 base 251 k
为依赖而安装:
libseccomp x86_64 2.3.1-4.el7 base 56 k
事务概要
==================================================================================================================================================
安装 1 软件包 (+1 依赖软件包)
总下载量:307 k
安装大小:788 k
Downloading packages:
警告:/var/cache/yum/x86_64/7/base/packages/libseccomp-2.3.1-4.el7.x86_64.rpm: 头V3 RSA/SHA256 Signature, 密钥 ID f4a80eb5: NOKEYkB 00:00:42 ETA
libseccomp-2.3.1-4.el7.x86_64.rpm 的公钥尚未安装
(1/2): libseccomp-2.3.1-4.el7.x86_64.rpm | 56 kB 00:00:14
(2/2): chrony-3.4-1.el7.x86_64.rpm | 251 kB 00:00:35
--------------------------------------------------------------------------------------------------------------------------------------------------
总计 8.7 kB/s | 307 kB 00:00:35
从 file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 检索密钥
导入 GPG key 0xF4A80EB5:
用户ID : "CentOS-7 Key (CentOS 7 Official Signing Key) <security@centos.org>"
指纹 : 6341 ab27 53d7 8a78 a7c2 7bb1 24c6 a8a7 f4a8 0eb5
软件包 : centos-release-7-5.1804.el7.centos.x86_64 (@anaconda)
来自 : /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
Running transaction check
Running transaction test
Transaction test succeeded
Running transaction
正在安装 : libseccomp-2.3.1-4.el7.x86_64 1/2
正在安装 : chrony-3.4-1.el7.x86_64 2/2
验证中 : libseccomp-2.3.1-4.el7.x86_64 1/2
验证中 : chrony-3.4-1.el7.x86_64 2/2
已安装:
chrony.x86_64 0:3.4-1.el7
作为依赖被安装:
libseccomp.x86_64 0:2.3.1-4.el7
完毕!
[root@localhost ~]# vi /etc/chrony.conf
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
server ntp1.aliyun.com iburst
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
"/etc/chrony.conf" 39L, 1138C written
[root@localhost ~]#
安装openstcak
[root@localhost ~]# yum -y install centos-release-openstack-train
(略。。。。。。)
已安装:
centos-release-openstack-train.noarch 0:1-1.el7.centos
作为依赖被安装:
centos-release-ceph-nautilus.noarch 0:1.2-2.el7.centos centos-release-nfs-ganesha28.noarch 0:1.0-3.el7.centos
centos-release-qemu-ev.noarch 0:1.0-4.el7.centos centos-release-storage-common.noarch 0:2-2.el7.centos
centos-release-virt-common.noarch 0:1-1.el7.centos
作为依赖被升级:
centos-release.x86_64 0:7-9.2009.1.el7.centos
完毕!
[root@localhost ~]# yum -y install openstack-packstack
(略。。。。。。)
rubygem-io-console.x86_64 0:0.4.2-39.el7_9 rubygem-json.x86_64 0:1.7.7-39.el7_9
rubygem-pathspec.noarch 0:0.2.1-3.el7 rubygem-psych.x86_64 0:2.0.0-39.el7_9
rubygem-rdoc.noarch 0:4.0.0-39.el7_9 rubygem-rgen.noarch 0:0.6.6-2.el7
rubygems.noarch 0:2.0.14.1-39.el7_9 yaml-cpp.x86_64 0:0.5.1-6.el7
作为依赖被升级:
libselinux.x86_64 0:2.5-15.el7 libselinux-python.x86_64 0:2.5-15.el7 libselinux-utils.x86_64 0:2.5-15.el7 libsepol.x86_64 0:2.5-10.el7
完毕!
挂起虚拟机,拍快照,因为下一步要装大半小时,防止出意外。。。
Last login: Tue Apr 23 14:05:26 2024 from 192.168.196.1
[root@node-a ~]# packstack --allinone
Welcome to the Packstack setup utility
The installation log file is available at: /var/tmp/packstack/20240423-141738-Yav4Yc/openstack-setup.log
Packstack changed given value to required value /root/.ssh/id_rsa.pub
Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries [ DONE ]
等了半个多小时,卡住了好像。。。不用CRT了。。。直接虚拟机里面执行。。。
等了快一个小时了,看到successfully就是成功了。
Last failed login: Tue Apr 23 14:53:18 CEST 2024 from 192.168.196.1 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Tue Apr 23 14:20:06 2024
[root@node-a ~]# nova-manage --version
20.6.0
ping连通性测试
用户admin和demo的登录的密码
[root@node-a ~]# source keystonerc_admin
[root@node-a ~(keystone_admin)]# cat keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='fa6313c270674503'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.196.44:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
[root@node-a ~(keystone_admin)]#
[root@node-a ~(keystone_admin)]# source keystonerc_demo
[root@node-a ~(keystone_demo)]# cat keystonerc_demo
unset OS_SERVICE_TOKEN
export OS_USERNAME=demo
export OS_PASSWORD='1a6a9ec34331441f'
export PS1='[\u@\h \W(keystone_demo)]\$ '
export OS_AUTH_URL=http://192.168.196.44:5000/v3
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
浏览器访问http://192.168.196.44并登录
项目配置
br-ex,是外部网桥
br-int,是集成网桥
[root@node-a ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:2e:5a:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.196.44/24 brd 192.168.196.255 scope global dynamic ens33
valid_lft 1779sec preferred_lft 1779sec
inet6 fe80::20c:29ff:fe2e:5a9a/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether d6:e3:e2:8c:e5:86 brd ff:ff:ff:ff:ff:ff
4: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 2a:91:47:32:af:4e brd ff:ff:ff:ff:ff:ff
inet 172.24.4.1/24 scope global br-ex
valid_lft forever preferred_lft forever
inet6 fe80::2891:47ff:fe32:af4e/64 scope link
valid_lft forever preferred_lft forever
5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 36:71:1c:85:37:40 brd ff:ff:ff:ff:ff:ff
[root@node-a ~]# vi ifcfg-ens33
DEVICE=ens33
TYPE=OVSPort
DEVICETYPE=ovs
OVS_BRIDGE=br-ex
ONBOOT=yes
~
"ifcfg-ens33" 5L, 69C written
[root@node-a ~]# vi ifcfg-br-ex
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=static
IPADDR=192.168.196.44
NETMASK=255.255.255.0
GATEWAY=192.168.196.2
DNS1=192.168.196.2
ONBOOT=yes
~
"ifcfg-br-ex" 9L, 156C written
[root@node-a ~]#
[root@node-a ~]# cp ifcfg-* /etc/sysconfig/network-scripts/
cp:是否覆盖"/etc/sysconfig/network-scripts/ifcfg-br-ex"? y
cp:是否覆盖"/etc/sysconfig/network-scripts/ifcfg-ens33"? y
[root@node-a ~]# systemctl restart network
查看ip
网桥br-ex获得原ens33网卡的IP配置,而ens33作为该网桥上的一个端口后,可以没有IP地址。
[root@node-a ~]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UP group default qlen 1000
link/ether 00:0c:29:2e:5a:9a brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe2e:5a9a/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether d6:e3:e2:8c:e5:86 brd ff:ff:ff:ff:ff:ff
5: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 36:71:1c:85:37:40 brd ff:ff:ff:ff:ff:ff
7: br-ex: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 00:0c:29:2e:5a:9a brd ff:ff:ff:ff:ff:ff
inet 192.168.196.44/24 brd 192.168.196.255 scope global br-ex
valid_lft forever preferred_lft forever
inet6 fe80::1c59:64ff:fe70:74e/64 scope link
valid_lft
进入管理员的分支下,先删路由,后删网络!!!
运行云主机
SecureFX上传 cirros-0.4.0-x86_64-disk.img 到centos7
/root目录下查看上传的img文件
Last login: Tue Apr 23 14:53:29 2024 from 192.168.196.1
[root@node-a ~]# ll
总用量 12484
-rw-------. 1 root root 1574 4月 23 03:18 anaconda-ks.cfg
-rw-r--r-- 1 root root 12716032 4月 24 16:12 cirros-0.4.0-x86_64-disk.img
-rw------- 1 root root 374 4月 23 14:26 keystonerc_admin
-rw------- 1 root root 319 4月 23 14:26 keystonerc_demo
-rw------- 1 root root 51772 4月 23 14:20 packstack-answers-20240423-142037.txt
镜像上传到 Glance
[root@node-a ~]# source keystonerc_admin
[root@node-a ~(keystone_admin)]# glance image-create --name cirros001 --disk-format qcow2 --container-format bare --visibility=public < cirros-0.4.0-x86_64-disk.img
+------------------+----------------------------------------------------------------------------------+
| Property | Value |
+------------------+----------------------------------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
| container_format | bare |
| created_at | 2024-04-25T03:02:02Z |
| disk_format | qcow2 |
| id | 4461e269-6414-4471-b9d7-a1cc8b19396d |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros001 |
| os_hash_algo | sha512 |
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
| os_hidden | False |
| owner | 13aeda797d4f4be3baa99a7d7414f6c9 |
| protected | False |
| size | 12716032 |
| status | active |
| tags | [] |
| updated_at | 2024-04-25T03:02:02Z |
| virtual_size | Not available |
| visibility | public |
+------------------+----------------------------------------------------------------------------------+
查看新建的镜像
[root@node-a ~(keystone_admin)]# glance image-list
+--------------------------------------+-----------+
| ID | Name |
+--------------------------------------+-----------+
| 8f054c85-6b1e-4689-8197-e4c32820c6c8 | cirros |
| 4461e269-6414-4471-b9d7-a1cc8b19396d | cirros001 |
+--------------------------------------+-----------+
[root@node-a ~(keystone_admin)]#
在项目的分支下,能看到刚刚新建的镜像。
云主机正在创建。。。
云主机启动完成,查看控制台。。。
编辑安全组规则
连接云主机
测试
cirros001 => 百度www.baidu.com【√】
cirros001 => centos7 192.168.196.44【√】
cirros001 => 网关192.168.196.2【√】
cirros001 => 物理机win10 192.168.196.1【×】
物理机win10 => cirros001 192.168.196.20【×】
等多一会,再次尝试ping,可以用Wireshare抓包观察。
cirros001能ping网关196.2物理机196.1,也能访问互联网,如下:
win10也能ping通cirros001绑定的浮动ip192.168.196.20
注:如果win10能ping云主机cirros001,云主机cirros001却无法ping通物理机win10,把物理机win10的防火墙关掉!!
抓包验证
云主机cirros001的ip地址为10.10.10.44,抓包时真正通信的是其绑定的浮动ip192.168.196.20
reboot重启云主机
用户名cirros密码gocubsgo
SecureCRT连接成功
云硬盘管理
云存储管理
-
创建目录
-
上传文件