云盘算:OpenStack 分布式架构摆设(单控制节点与单盘算节点)
目录一、实验
1.环境
2.OpenStack包安装
3.数据库安装
4.消息队列安装
5.令牌缓存安装
6.认证服务安装
7.镜像服务安装
8. 盘算服务安装(控制节点)
9. 盘算服务安装(盘算节点)
10. 网络服务安装(控制节点)
11. 网络服务安装(盘算节点)
12. Dashboard图形化界面安装(控制节点)
一、实验
1.环境
(1) 主机
表1 主机
主机架构IP备注controller控制节点192.168.204.210compute01盘算节点192.168.204.211 (2)官网
OpenStack Docs: OpenStack Installation Guide for Red Hat Enterprise Linux and CentOS
(3)网络
① 控制节点 ping 盘算节点
# ping compute01 -c 1 https://img-blog.csdnimg.cn/direct/4ca7a2e7605e42778f1c4ba261154a76.png
②盘算节点 ping 控制节点
# ping compute01 -c 1
https://img-blog.csdnimg.cn/direct/eeaa3ecb52d44f469663f006c2e7699f.png
(4) 时间同步
① 控制节点
# yum install -y chrony
https://img-blog.csdnimg.cn/direct/ed5d850afbb147e89cb3ef2dfd19410b.png
# vim /etc/chrony.conf
# systemctl restart chronyd.service && systemctl enable chronyd.service https://img-blog.csdnimg.cn/direct/df64e2e3e09e4f0cb4a01d157456b877.pnghttps://img-blog.csdnimg.cn/direct/2d5e6fce708640cbaa5f5d74b437d6ad.png
② 盘算节点
# yum install -y chrony
https://img-blog.csdnimg.cn/direct/36f83d4c887947a89c11e097138b74ea.png
https://img-blog.csdnimg.cn/direct/d8804fa3644340e2ab74bf67583ab93d.png
③测试
# date
# date
https://img-blog.csdnimg.cn/direct/37fb5b1d334645d0ae64f2ce51bfab08.pnghttps://img-blog.csdnimg.cn/direct/0d703489fc094640bb392301724220a7.png
2.OpenStack包安装
(1)控制节点安装 OpenStack 客户端
# yum install python-openstackclient
https://img-blog.csdnimg.cn/direct/80be3bf9454d42a1a329de3d6fe93c25.pnghttps://img-blog.csdnimg.cn/direct/cd11670bf65b46a4a1ac5c0f661a55b9.png
(2)CentOS 默认启用了 SELinux . 安装 openstack-selinux 软件包以便主动管理 OpenStack 服务的安全策略
# yum install openstack-selinux
https://img-blog.csdnimg.cn/direct/ca811640f8b04fa4ad76d10d0faa8277.png
3.数据库安装
(1)安装软件包
# yum install mariadb mariadb-server python2-PyMySQL https://img-blog.csdnimg.cn/direct/23fbeb49e7ba440983e3760335e72da4.pnghttps://img-blog.csdnimg.cn/direct/c571968189824963b84866b747df5a4f.png
(2)创建并编辑 /etc/my.cnf.d/openstack.cnf
① 在 部分,设置 bind-address值为控制节点的管理网络IP地点以使得其它节点可以通过管理网络访问数据库
...
bind-address = 192.168.204.210 ②在部分,设置如下键值来启用一起有效的选项和 UTF-8 字符集
...
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8 ③修改
https://img-blog.csdnimg.cn/direct/6d8171cbe8e443c6b24f158a0ac929de.png
(3) 完成安装
①启动数据库服务,并将其设置为开机自启
# systemctl enable mariadb.service
# systemctl start mariadb.service https://img-blog.csdnimg.cn/direct/5ff028e6a72d4b328400ef97d754c2d9.png
②为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别必要阐明的是,为数据库的root用户设置一个适当的密码。
https://img-blog.csdnimg.cn/direct/e5baf7319f354b65817bc058d7f8f041.png
4.消息队列安装
(1)安装包
# yum install rabbitmq-server https://img-blog.csdnimg.cn/direct/a8adf63357af46a298dfaa2f43bdd01c.pnghttps://img-blog.csdnimg.cn/direct/bfe850a74bb94eddbd5a9a72ee540ce6.png
(2)启动消息队列服务并将其设置为随系统启动
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service https://img-blog.csdnimg.cn/direct/c86ff270d91045ad9befd3353c7cb914.png
(3)添加 openstack 用户
# rabbitmqctl add_user openstack RABBIT_PASS https://img-blog.csdnimg.cn/direct/80614f5daef34df69f2d3ff3af3cd7c9.png
(4)给openstack用户设置写和读权限
# rabbitmqctl set_permissions openstack ".*" ".*" ".*" https://img-blog.csdnimg.cn/direct/89a918fc670a4f01aa4477892af7bc21.png
5.令牌缓存安装
(1)安装软件包
# yum install memcached python-memcached https://img-blog.csdnimg.cn/direct/a50e431dbdc6426e8c326e3edc4a1f06.png
(2)修改设置
# vim /etc/sysconfig/memcached https://img-blog.csdnimg.cn/direct/1a0a9b2fb2894a8d92bcc5f39457fc6d.png
https://img-blog.csdnimg.cn/direct/7b331ae88f8f4e0a90e0cc11fb8bb9ba.png
(3)启动Memcached服务,而且设置它随机启动
# systemctl enable memcached.service
# systemctl start memcached.service https://img-blog.csdnimg.cn/direct/b45272f78dff49ebbb2a763686e1a0ec.png
(4)查看服务
https://img-blog.csdnimg.cn/direct/131b7985e46947be8d0f4cb6f52a8b66.png
6.认证服务安装
(1)创建数据库和管理员令牌
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS'; 用数据库连接客户端 (注意生产环境必要账户及密码)
$ mysql -u root -p 创建 keystone 数据库
CREATE DATABASE keystone; 对keystone数据库授予恰当的权限
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS'; https://img-blog.csdnimg.cn/direct/26e47681fe364071802df16f34401da6.png
(2)安全并设置组件
运行以下命令来安装包
# yum install openstack-keystone httpd mod_wsgi 安装工具包
# yum install -y openstack-utils https://img-blog.csdnimg.cn/direct/92f4f548d3c84ea2bc91befedf454dff.png
(3) 编辑文件 /etc/keystone/keystone.conf
① 在部分,界说初始管理令牌的值
...
admin_token = ADMIN_TOKEN ②在 部分,设置数据库访问
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone ③ 在部分,设置Fernet UUID令牌的提供者。
...
provider = fernet
④初始化身份认证服务的数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone https://img-blog.csdnimg.cn/direct/bd610f0641694f46afc733b477fceb86.png
④ 查看
mysql keystone -e "show tables;" https://img-blog.csdnimg.cn/direct/5de8e4bf8c494057aaf9f817977beb38.png
⑥初始化Fernet keys
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone https://img-blog.csdnimg.cn/direct/2971fb0b848d4a19b5ff37c5a0ed3de4.png(4)设置 Apache HTTP 服务器
① 编辑/etc/httpd/conf/httpd.conf 文件,设置ServerName 选项为控制节点
ServerName controller
②创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost> ③ 启动 Apache HTTP 服务并设置其随系统启动
# systemctl enable httpd.service
# systemctl start httpd.service https://img-blog.csdnimg.cn/direct/8152a5c5a8c54560b47596518c63fc3f.png
# systemctl status httpd.service
https://img-blog.csdnimg.cn/direct/eb07e7bb580f4ddba51421929600881e.png
(5) 创建服务实体和API端点
①阐明环境变量
$ export OS_TOKEN=ADMIN_TOKEN
$ export OS_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3 https://img-blog.csdnimg.cn/direct/bd2ff1151afd4125a1b6146defddc0df.pnghttps://img-blog.csdnimg.cn/direct/890ee699566449879c56e69638ef2d30.png
② 创建服务实体和身份认证服务
$ openstack service create \
--name keystone --description "OpenStack Identity" identity https://img-blog.csdnimg.cn/direct/98e56fd82ee644749f7b438f77c1f878.png
③ 创建认证服务的 API 端点
$ openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
$ openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
$ openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3 https://img-blog.csdnimg.cn/direct/7781c3b1e89e4e569627c63d046769f3.png
https://img-blog.csdnimg.cn/direct/15c34676ca0642f1a5e5b5f0db764fe3.png
https://img-blog.csdnimg.cn/direct/20c5c7dacc1c4010bd1c422de767ee25.png
④ 查看
# openstack service list
# openstack endpoint list https://img-blog.csdnimg.cn/direct/a9c5fa731e53401c9f3391192ebd6733.pnghttps://img-blog.csdnimg.cn/direct/d51ff110f34f4a9bbe9c6a0e22e8ad39.png
(6)创建域、项目、用户和角色
①创建域default
$ openstack domain create --description "Default Domain" default https://img-blog.csdnimg.cn/direct/4cf797329bb14b02a39077dc694cc51e.png ②创建 admin 项目
$ openstack project create --domain default \
--description "Admin Project" admin https://img-blog.csdnimg.cn/direct/04c32f388b8e49c89b9a7b50f788cce9.png ③ 创建 admin 用户
$ openstack user create --domain default \
--password-prompt admin https://img-blog.csdnimg.cn/direct/f72c66d1565548be97f24ecdab84547f.png
④创建 admin 角色
$ openstack role create admin https://img-blog.csdnimg.cn/direct/36922bd9fea4410684b31a9df73bc754.png
⑤ 添加admin 角色到 admin 项目和用户上
$ openstack role add --project admin --user admin admin https://img-blog.csdnimg.cn/direct/484999f2fdd7433d9909d6d17ea49dfb.png ⑥ 创建service项目
$ openstack project create --domain default \
--description "Service Project" service https://img-blog.csdnimg.cn/direct/1a8479cef799464b8d56cff0b26f5ee1.png
⑦ 查看 (必要后续脚本支持)
# openstack domain list
# openstack project list
# openstack role list
# openstack user list https://img-blog.csdnimg.cn/direct/535e911ea0464b178106eeb4fbea35ae.pnghttps://img-blog.csdnimg.cn/direct/873fdfe726d24fb0b33da9a066fcfe29.pnghttps://img-blog.csdnimg.cn/direct/13ad1b316d784f748ebe5c6cc52b0650.pnghttps://img-blog.csdnimg.cn/direct/973f2c5728254a6b81b3aaf00a28f939.png
(7) 创建 OpenStack 客户端环境脚本
编辑文件 admin-openrc,将 ADMIN_PASS 替换为你在认证服务中为 admin 用户选择的密码。
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2 https://img-blog.csdnimg.cn/direct/0e55e09f72e343b2ad96aa56687876e7.png
7.镜像服务安装
(1)创建数据库
用数据库连接客户端以 root 用户连接到数据库服务器
$ mysql -u root -p 创建 glance 数据库
CREATE DATABASE glance; 对glance数据库授予权限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS'; https://img-blog.csdnimg.cn/direct/44becaf5d2224d3b9abb334db14f94c1.png
(2)创建 glance 用户
① 创建
$ openstack user create --domain default --password-prompt glance https://img-blog.csdnimg.cn/direct/d0ddd24f86e947c7826728afc21011f6.png
查看
https://img-blog.csdnimg.cn/direct/bb06aabb136d44a5b5ed947a1d8e850c.png
② 添加 admin 角色到 glance 用户和 service 项目上
$ openstack role add --project service --user glance admin https://img-blog.csdnimg.cn/direct/8c20cbd52c4542e9b0635b0758a35aa0.png
③创建glance服务实体
$ openstack service create --name glance \
--description "OpenStack Image" image https://img-blog.csdnimg.cn/direct/d367538dec624b0bae7b75992d4aa9b3.png
查看
https://img-blog.csdnimg.cn/direct/f65d76e994d44c9ba11c84ffd4754553.png
④创建镜像服务的 API 端点
$ openstack endpoint create --region RegionOne \
image public http://controller:9292
$ openstack endpoint create --region RegionOne \
image internal http://controller:9292
$ openstack endpoint create --region RegionOne \
image admin http://controller:9292 https://img-blog.csdnimg.cn/direct/62236742f48a40dc9cea5746b4a143bd.pnghttps://img-blog.csdnimg.cn/direct/acc6eefc52ad43baa843fd8d6d9efadd.pnghttps://img-blog.csdnimg.cn/direct/4a8cde18f9324d2b8dcf39411a6677a0.png
(3)安装软件包
# yum install openstack-glance https://img-blog.csdnimg.cn/direct/a583c2c806d24381b6108bf7311e1265.pnghttps://img-blog.csdnimg.cn/direct/f8fabf179614427ebc040ca2cb21009b.png
(4)编辑文件 /etc/glance/glance-api.conf
① 在 部分,设置数据库访问
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance ② 在 和 部分,设置认证服务访问
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
...
flavor = keystone ③在 部分,设置当地文件系统存储和镜像文件位置
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/ ④在 部分,设置数据库访问
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance ⑤在 和 部分,设置认证服务访问
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
...
flavor = keystone ⑥备份并修改
https://img-blog.csdnimg.cn/direct/0cea72f6e028408f97bcc827eb090845.pnghttps://img-blog.csdnimg.cn/direct/06e1f39655104d01998eab6d89ca71a3.png
(5)写入镜像服务数据库(忽略输出中任何不推荐使用的信息)
# su -s /bin/sh -c "glance-manage db_sync" glance https://img-blog.csdnimg.cn/direct/2e90c3693c04430896bb0fb92b0742d1.png
(6)查看数据库
# mysql glance -e "show tables;" https://img-blog.csdnimg.cn/direct/7ca8b19774fe49e9b09541a2862508b4.png
(6)完成安装
启动镜像服务、设置他们随机启动
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service https://img-blog.csdnimg.cn/direct/3ef10181b48c410299518a73c3c47454.png
(7) 查看网络
# netstat nltup https://img-blog.csdnimg.cn/direct/c5ed0469243b4062adb42b46c0eeb128.png
https://img-blog.csdnimg.cn/direct/a47a48eb8bf540108e793bed8ba36be2.png
(8)验证利用
①下载源镜像
$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img https://img-blog.csdnimg.cn/direct/459f80be827d412eb325eb80ec83f5c2.png
https://img-blog.csdnimg.cn/direct/b43ece4b4d884f6f9b6f59f7ea31b050.png
② 使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,如许所有的项目都可以访问它
$ openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public https://img-blog.csdnimg.cn/direct/17be577f3d1544c9ac60b0b234df673a.png
③确认镜像的上传并验证属性
$ openstack image list https://img-blog.csdnimg.cn/direct/c57c9b649d0c4865a4fe6765025eface.pnghttps://img-blog.csdnimg.cn/direct/5b035de4cbce430f9cc009faf315c4be.pnghttps://img-blog.csdnimg.cn/direct/5075bb9988864020987dd5d60b9917e3.png
④ 登录数据库验证
https://img-blog.csdnimg.cn/direct/7d204f6cc1b34a50ac3f217285944aaf.pnghttps://img-blog.csdnimg.cn/direct/d3ea501b5615484a9c892903e186a3a0.pnghttps://img-blog.csdnimg.cn/direct/6acfa14a745742e38ad05ff2ba7d5b92.png
⑤查看
# openstack endpoint list | grep glance https://img-blog.csdnimg.cn/direct/33ff4c937e354444904958d608c71951.png
8. 盘算服务安装(控制节点)
(1)创建数据库
用数据库连接客户端
$ mysql -u root -p 创建 nova_api 和 nova 数据库
CREATE DATABASE nova_api;
CREATE DATABASE nova; 对数据库举行准确的授权
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS'; https://img-blog.csdnimg.cn/direct/cdb8d6be076e4b55a9c8b7a76d904ace.png
(2)创建 nova 用户
$ openstack user create --domain default \
--password-prompt nova https://img-blog.csdnimg.cn/direct/2ea5989b51cc49fdb64beefbaaa38d81.png
① 给 nova 用户添加 admin 角色
$ openstack role add --project service --user nova admin https://img-blog.csdnimg.cn/direct/f62e14d8eb9f4a3394415646b19b12c1.png
② 创建 nova 服务实体
$ openstack service create --name nova \
--description "OpenStack Compute" compute https://img-blog.csdnimg.cn/direct/f18af67d3e2e4bfb8045b3434e17821d.png
③ 创建 Compute 服务 API 端点
$ openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s https://img-blog.csdnimg.cn/direct/adcf137b21c3466e938b325f1ebfabd3.png
https://img-blog.csdnimg.cn/direct/5bb6ddf9cfd64b21a803ccfb7fbf9325.png
https://img-blog.csdnimg.cn/direct/b89e0ccb48324e7eaa34a8e2a823e452.png
(3)查看
# openstack endpoint list https://img-blog.csdnimg.cn/direct/db821197d87f4be58da035772a20b617.png
https://img-blog.csdnimg.cn/direct/29ead827ae414275bbbbd168b4f5299c.png
(4) 安装软件包
# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler https://img-blog.csdnimg.cn/direct/6fe29f0f7f3f47fa93834bd577f0b301.png
(5) 编辑/etc/nova/nova.conf
① 在部分,只启用盘算和元数据API
...
enabled_apis = osapi_compute,metadata ②在和部分,设置数据库的连接
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova ③在 和 部分,设置 RabbitMQ消息队列访问
...
rpc_backend = rabbit
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS ④ 在 和 部分,设置认证服务访问
...
auth_strategy = keystone
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS ⑤ 在 [DEFAULT 部分,设置my_ip 来使用控制节点的管理接口的IP 地点
...
my_ip = 192.168.204.210 ⑥在 部分,使能 Networking 服务
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver ⑦在部分,设置VNC代理使用控制节点的管理接口IP地点
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip ⑧在 区域,设置镜像服务 API 的位置
...
api_servers = http://controller:9292 ⑨在 部分,设置锁路径
...
lock_path = /var/lib/nova/tmp ⑩备份并修改
https://img-blog.csdnimg.cn/direct/504808834160485cb80df8a35dbfbef8.pnghttps://img-blog.csdnimg.cn/direct/088f7d1908114eefa93ae68b10fdb30c.png
(6) 同步Compute 数据库
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova https://img-blog.csdnimg.cn/direct/abcdf06ff8d745e3858f2d8a1982aafa.png
(7)查看数据库
# mysql nova -e "show tables;" https://img-blog.csdnimg.cn/direct/581550303b054380871053590432b32f.png
(8)启动 Compute 服务并将其设置为随系统启动
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service https://img-blog.csdnimg.cn/direct/6e7a5a6f0d484d11a1297228853b4009.png
(9) 查看服务列表
# openstack service list https://img-blog.csdnimg.cn/direct/b741506a3c4a4bc5b163d564d6d5a0e1.png
9. 盘算服务安装(盘算节点)
(1)安装软件包
# yum install openstack-nova-compute -y
# yum install libvirt -y
# yum install openstack-utils.noarch -y https://img-blog.csdnimg.cn/direct/31525a2849b24f079d478c06b7b0971d.png
https://img-blog.csdnimg.cn/direct/562f7ab629ad4c89b36036b43516bd9f.pnghttps://img-blog.csdnimg.cn/direct/f84f12d8c1db48b39292ef358e721fb1.pnghttps://img-blog.csdnimg.cn/direct/a7a68680f8ae418bafc773e2b5a85662.pnghttps://img-blog.csdnimg.cn/direct/1a011a714a7d4715b5bd2ea6c826390c.png
(2)编辑/etc/nova/nova.conf
①在和 部分,设置RabbitMQ消息队列的连接
...
rpc_backend = rabbit
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS ② 在 和 部分,设置认证服务访问
...
auth_strategy = keystone
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS ③ 在 部分,设置 my_ip 选项
...
my_ip = 192.168.204.211 ④ 在 部分,使能 Networking 服务
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver ⑤ 在部分,启用并设置长途控制台访问
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html ⑥在 区域,设置镜像服务 API 的位置
...
api_servers = http://controller:9292 ⑦ 在 部分,设置锁路径
...
lock_path = /var/lib/nova/tmp ⑧ 备份修改
https://img-blog.csdnimg.cn/direct/b1159d3951cf42f3a4bc5f52213353c5.png
https://img-blog.csdnimg.cn/direct/0eedc148643441d79934c26ba6fffef2.png
(3)完成安装
① 确定盘算节点是否支持假造机的硬件加速
$ egrep -c '(vmx|svm)' /proc/cpuinfo https://img-blog.csdnimg.cn/direct/abdda0ae597b40d79e3560ed03509e1b.png
② 启动盘算服务及其依靠,并将其设置为随系统主动启动
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service https://img-blog.csdnimg.cn/direct/e2e31eb965d34f0b8c84e28c51359053.png
(4)验证利用
查看服务列表
# openstack service list https://img-blog.csdnimg.cn/direct/8f392410bb0e481697a9a520ec0c2be2.png
10. 网络服务安装(控制节点)
(1)创建数据库
用数据库连接客户端
$ mysql -u root -p 创建neutron数据库
CREATE DATABASE neutron; 对neutron数据库授予符合的访问权限,使用符合的密码替换NEUTRON_DBPASS
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS'; https://img-blog.csdnimg.cn/direct/f5c72ed4e3e040aebe7ac838489587e5.png
(2)创建neutron用户
$ openstack user create --domain default --password-prompt neutron https://img-blog.csdnimg.cn/direct/661143dcc4274c54a436d3e65318ece3.png
(3)添加admin角色到neutron用户
$ openstack role add --project service --user neutron admin https://img-blog.csdnimg.cn/direct/99fd2c8dd66f4b558d549014b9441b00.png
(4)创建neutron服务实体
$ openstack service create --name neutron \
--description "OpenStack Networking" network https://img-blog.csdnimg.cn/direct/b1deb9b4a4f847f2862643c57fbde4e1.png
(5)创建网络服务API端点
$ openstack endpoint create --region RegionOne \
network public http://controller:9696
$ openstack endpoint create --region RegionOne \
network internal http://controller:9696
$ openstack endpoint create --region RegionOne \
network admin http://controller:9696 https://img-blog.csdnimg.cn/direct/e9d467fc776d4e2e9f23b27d0083ec8e.pnghttps://img-blog.csdnimg.cn/direct/004b477b155e43dca3ae020e3f6d5acc.pnghttps://img-blog.csdnimg.cn/direct/7f0c102f317e44ef97a99959fcbd4d00.png
(6)查看
https://img-blog.csdnimg.cn/direct/a5999af35ae84cf6b721c5abed13f6ab.png
https://img-blog.csdnimg.cn/direct/001725f545204a7d97a7f2a44ba53fd7.png
https://img-blog.csdnimg.cn/direct/5e0f502722104b00af0844cc12fd5cfc.png(7)安装 Modular Layer 2 (ML2) 插件
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables https://img-blog.csdnimg.cn/direct/e774f31ee82f4b15b74f6fd838ee1d8a.pnghttps://img-blog.csdnimg.cn/direct/25089497139044139886e5880b0e86f2.png
(8)编辑/etc/neutron/plugins/ml2/ml2_conf.ini
① 在 部分,设置数据库访问
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron ② 在部分,启用ML2插件并禁用其他插件
...
core_plugin = ml2
service_plugins = ③ 在 和 部分,设置 “RabbitMQ” 消息队列的连接
...
rpc_backend = rabbit
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS ④在 和 部分,设置认证服务访问
...
auth_strategy = keystone
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS ⑤ 在和部分,设置网络服务来通知盘算节点的网络拓扑变革
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS ⑥ 在 部分,设置锁路径
...
lock_path = /var/lib/neutron/tmp ⑦备份修改
https://img-blog.csdnimg.cn/direct/da1ad2647b3a422e81541a64890bba89.pnghttps://img-blog.csdnimg.cn/direct/b968a16409904f38829a50030527f7d1.pnghttps://img-blog.csdnimg.cn/direct/3102d365fc80416b930d12d990f85812.png
(9)设置 Modular Layer 2 (ML2) 插件,编辑/etc/neutron/plugins/ml2/ml2_conf.ini
① 在部分,启用flat和VLAN网络
...
type_drivers = flat,vlan ② 在部分,禁用私有网络
...
tenant_network_types = ③ 在部分,启用Linuxbridge机制
...
mechanism_drivers = linuxbridge ④在部分,启用端口安全扩展驱动
...
extension_drivers = port_security
⑤ 在部分,设置公共假造网络为flat网络
...
flat_networks = provider ⑥ 在 部分,启用 ipset 增加安全组规则的高效性
...
enable_ipset = True (10)备份修改
https://img-blog.csdnimg.cn/direct/dd1d2d91c2404e83aa6ac52978122f7e.png
https://img-blog.csdnimg.cn/direct/1b3ab68c10a246789604fec962caf2b6.png
(11)查看IP
https://img-blog.csdnimg.cn/direct/8cb859f2d3914952bac0f6b2564af414.png
(12)设置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
① 在部分,将公共假造网络和公共物理网络接口对应起来
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME ② 在部分,克制VXLAN覆盖网络
enable_vxlan = False ③ 在 部分,启用安全组并设置 Linuxbridge iptables firewall driver
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver (13)修改备份
https://img-blog.csdnimg.cn/direct/2aa65d77a9db40489aea9524c01da6ab.png
https://img-blog.csdnimg.cn/direct/aa89d201b0d74b1d9fb24ccc0f079715.png
(14)设置DHCP代理,编辑/etc/neutron/dhcp_agent.ini文件
① 在部分,设置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,如许在公共网络上的实例就可以通过网络来访问元数据
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True ② 修改备份
https://img-blog.csdnimg.cn/direct/77645c711e324e6eacd546729741a7c7.png
https://img-blog.csdnimg.cn/direct/bace36f1526b40d3821416f3396748a6.png
(15)设置元数据代理
① 编辑/etc/neutron/metadata_agent.ini文件,在 部分,设置元数据主机以及共享密码
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET ②修改备份
https://img-blog.csdnimg.cn/direct/72e05cf4dfe24cbb97ecd614d6ea8e2f.pnghttps://img-blog.csdnimg.cn/direct/e8d69a21ed374634ab4669d241c3fd26.png
(16)为盘算节点设置网络服务
①编辑/etc/nova/nova.conf文件,在部分,设置访问参数,启用元数据代理并设置密码
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET ② 直接修改
https://img-blog.csdnimg.cn/direct/670ac039e07e4e1baa12ed855d33aa01.png
(17)完成安装
① 网络服务初始化脚本必要一个超链接 /etc/neutron/plugin.ini指向ML2插件设置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini ② 同步数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron https://img-blog.csdnimg.cn/direct/e9e2f0df455a47b185e04383caa38bdb.png
③ 重启盘算API 服务
# systemctl restart openstack-nova-api.service https://img-blog.csdnimg.cn/direct/5af17df7c75c4689920c597d31cef695.png
(18)查看
# neutron agent-list https://img-blog.csdnimg.cn/direct/571dfea696e04fde979e6b0506269b1b.png
11. 网络服务安装(盘算节点)
(1)安装组件
# yum install openstack-neutron-linuxbridge ebtables ipset https://img-blog.csdnimg.cn/direct/87c2eeb996fb47ad9c85124f7ff8c8b6.pnghttps://img-blog.csdnimg.cn/direct/a2eff5ed8af84612bd3ccbdc0fa7eded.png
(2)设置通用组件,编辑/etc/neutron/neutron.conf文件
①在部分,注释所有connection项,由于盘算节点不直接访问数据库;
②在 和 部分,设置 RabbitMQ消息队列的连接
...
rpc_backend = rabbit
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS ③ 在 和 部分,设置认证服务访问(将 NEUTRON_PASS 替换为在认证服务中为 neutron 用户选择的密码)
...
auth_strategy = keystone
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS ④ 在 部分,设置锁路径
...
lock_path = /var/lib/neutron/tmp ⑤ 备份修改
https://img-blog.csdnimg.cn/direct/61bcf54365524ae3834b7af171a3a6d8.png
https://img-blog.csdnimg.cn/direct/5d84703d14354f038726505c19252e5f.png
(3) 设置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
① 在部分,将公共假造网络和公共物理网络接口对应起来
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME ② 在部分,克制VXLAN覆盖网络
enable_vxlan = False ③ 在 部分,启用安全组并设置 Linuxbridge iptables firewall driver
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver ④ 备份修改
https://img-blog.csdnimg.cn/direct/f7b4731e9024496aa5e209372c96bf77.png
(4)设置网络选项,编辑/etc/nova/nova.conf文件
在部分,设置访问参数
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS https://img-blog.csdnimg.cn/direct/7532f38ffd2a4e29995c8a833c151095.png
(5)完成安装
重启盘算服务
# systemctl restart openstack-nova-compute.service 启动Linuxbridge代理并设置它开机自启动
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service https://img-blog.csdnimg.cn/direct/2b19de010a9d4865b716684115e2fafb.png
(6)查看
# neutron agent-list https://img-blog.csdnimg.cn/direct/673b87e3db404cdf8da6036bbf118993.pnghttps://img-blog.csdnimg.cn/direct/41c7156f4c674d94b1ea94c717f1a64f.pnghttps://img-blog.csdnimg.cn/direct/74a14f626c4b430ea2967a441e538752.png
(7)验证,列出加载的扩展来验证neutron-server历程是否正常启动
$ neutron ext-list https://img-blog.csdnimg.cn/direct/337a3512afd64b55b8140dbebdedee64.png
12. Dashboard图形化界面安装(控制节点)
(1)安装软件包
# yum install openstack-dashboard https://img-blog.csdnimg.cn/direct/6ee2acfc1ead4361bed4f5ca1c336512.pnghttps://img-blog.csdnimg.cn/direct/34feedf9ee1e4835a88f0f4d9e2a33f6.png
(2)编辑文件 /etc/openstack-dashboard/local_settings
① 在 controller 节点上设置仪表盘以使用 OpenStack 服务
OPENSTACK_HOST = "controller" https://img-blog.csdnimg.cn/direct/b767050efbf446d3bf5df4f44a3af594.png
②允许所有主机访问仪表板
ALLOWED_HOSTS = ['*', ] https://img-blog.csdnimg.cn/direct/290db710e5b7447fb43a33c4d720ba2c.png
③ 设置 memcached 会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
} https://img-blog.csdnimg.cn/direct/29832cd1544646f0b12bb6dd3a41ccef.png④启用第3版认证API
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST https://img-blog.csdnimg.cn/direct/5e44f59a48d44d8ca8504cd4028afd36.png
⑤ 用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True https://img-blog.csdnimg.cn/direct/32ef9aab44254d5e8a8c7b23420970ac.png
⑥ 启设置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
} https://img-blog.csdnimg.cn/direct/c0a90af9331248718266c87c20624bbb.png
⑦ 通过仪表盘创建用户时的默认域设置为 default
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default" https://img-blog.csdnimg.cn/direct/5e3a850b52dd42998798e074663dffa9.png
⑧ 通过仪表盘创建的用户默认角色设置为 user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" https://img-blog.csdnimg.cn/direct/98c69df4c9f84bceb3e87bdb98d1653d.png
⑨ 如果选择网络参数1,禁用支持3层网络服务
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
} https://img-blog.csdnimg.cn/direct/5788e12150d44f248e68e3465d3c0214.png
⑩可以选择性地设置时区
TIME_ZONE = "Asia/Shagnhai" https://img-blog.csdnimg.cn/direct/685aef89552d4eacb5ed2926c8e2d265.png
(3) 完成安装
重启web服务器以及会话存储服务
# systemctl restart httpd.service memcached.service https://img-blog.csdnimg.cn/direct/22e27848e5e04dfb83fd0b6c6c2e3c55.png
(4)验证利用
①验证仪表盘的利用
在浏览器中输入 http://controller/dashboard访问仪表盘。
验证使用 admin用户凭证和default域凭证。 ② 登录成功https://img-blog.csdnimg.cn/direct/affb0de2cc5942ae8d38e04e0a3070ef.png
③ 查看项目https://img-blog.csdnimg.cn/direct/02667bcd084f45e4b8b1a7a36d918b57.png
④查看镜像
https://img-blog.csdnimg.cn/direct/f17970de52174f5c83a689c4475011cf.png
⑤查看用户https://img-blog.csdnimg.cn/direct/b776f7fea6f844648c376e56bb7ecd94.png
⑥ 查看角色https://img-blog.csdnimg.cn/direct/199b4042ff64457daf25c8c7e44bf91c.png
⑦安全https://img-blog.csdnimg.cn/direct/41faff184a984a2195f6eef35adeb87b.png
免责声明:如果侵犯了您的权益,请联系站长,我们会及时删除侵权内容,谢谢合作!更多信息从访问主页:qidao123.com:ToB企服之家,中国第一个企服评测及商务社交产业平台。
页:
[1]