OpenStack(Xena) 最小安装
OpenStack 最小安装
control
node1
node2
环境 apt update
apt upgrade -y
网络 修改 hosts 文件
1 2 3 4 5 # /etc/hosts 127.0.0.1 control 172.18.21.73 control 172.18.21.72 node1 172.18.21.74 node2
NTP 时间 控制节点 编辑配置文件 /etc/chrony/chrony.conf
1 2 server NTP_SERVER iburst allow 172.18.21.0/24
重启 chrony 服务
service chrony restart
其他节点 编辑配置文件 /etc/chrony/chrony.conf
1 2 server NTP_SERVER iburst allow 172.18.21.0/24
重启 chrony 服务
验证操作 chronyc sources
OpenStack 包 1 2 3 4 apt install software-properties-common -y add-apt-repository cloud-archive:xena # [版本号,xena] apt install nova-compute apt install python3-openstackclient
SQL 数据库 *** 在控制节点上执行 ***
MariaDB
apt install mariadb-server python3-pymysql
编辑配置文件 /etc/mysql/mariadb.conf.d/99-openstack.cnf
1 2 3 4 5 6 7 8 [mysqld] bind-address = 172.18.21.73 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
重启数据库服务
service mysql restart
数据库初始化
mysql_secure_installation
消息队列 *** 仅需在控制节点上运行***
RabbitMQ
1 2 3 4 5 6 7 apt install rabbitmq-server # 创建消息队列 OpenStack 用户 rabbitmqctl add_user openstack rabbit123456 # 为用户授权 rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Memcached *** 仅需在控制节点上运行***
1 apt install memcached python3-memcache
编辑配置文件 /etc/memcached.conf
service memcached restart
Etcd *** 仅需在控制节点上运行***
apt install etcd
编辑配置文件 /etc/default/etcd
1 2 3 4 5 6 7 8 9 ETCD_NAME="control" ETCD_DATA_DIR="/var/lib/etcd" ETCD_INITIAL_CLUSTER_STATE="new" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER="control=http://172.18.21.73:2380" ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.18.21.73:2380" ETCD_ADVERTISE_CLIENT_URLS="http://172.18.21.73:2379" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" ETCD_LISTEN_CLIENT_URLS="http://172.18.21.73:2379"
开机自启
systemctl enable etcd
重启服务
systemctl restart etcd
OpenStack 最小安装 身份认证组件 (KeyStone) *** 在控制节点上安装配置 ***
数据库配置 1 2 3 4 5 CREATE DATABASE keystone;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone' @'localhost' \IDENTIFIED BY 'keystone123456' ; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone' @'%' \IDENTIFIED BY 'keystone123456' ;
安装 apt install keystone
配置 编辑配置文件 /etc/keystone/keystone.conf
1 2 3 4 5 [database ] connection = mysql+pymysql://keystone:keystone123456@control/keystone [token ] provider = fernet
初始化数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化 keystone 库
1 2 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动服务
1 2 3 4 5 keystone-manage bootstrap --bootstrap-password admin123456 \ --bootstrap-admin-url http://control:5000/v3/ \ --bootstrap-internal-url http://control:5000/v3/ \ --bootstrap-public-url http://control:5000/v3/ \ --bootstrap-region-id RegionOne
配置 Apache2 服务器 /etc/apache2/apache2.conf
重启服务
service apache2 restart
设置环境变量 1 2 3 4 5 6 7 export OS_USERNAME=admin export OS_PASSWORD=admin123456 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://control:5000/v3 export OS_IDENTITY_API_VERSION=3
创建域,项目,用户,角色 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 openstack domain create --description "An Example Domain" example openstack project create --domain default \ --description "Service Project" service openstack project create --domain default \ --description "Demo Project" myproject openstack user create --domain default \ --password-prompt gpj openstack role create myrole openstack role add --project myproject --user gpj myrole
验证 1 2 3 4 unset OS_AUTH_URL OS_PASSWORD openstack --os-auth-url http://control:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
镜像服务(Glance) *** 仅需在控制节点安装 ***
配置数据库 1 2 3 4 5 CREATE DATABASE glance;GRANT ALL PRIVILEGES ON glance.* TO 'glance' @'localhost' \ IDENTIFIED BY 'glance123456' ; GRANT ALL PRIVILEGES ON glance.* TO 'glance' @'%' \ IDENTIFIED BY 'glance123456' ;
安装 创建 glance 用户
1 2 openstack user create --domain default --password-prompt glance openstack role add --project service --user glance admin
创建glance服务实体和 API 接口
1 2 3 4 5 6 7 8 openstack service create --name glance \ --description "OpenStack Image" image openstack endpoint create --region RegionOne \ image public http://control:9292 openstack endpoint create --region RegionOne \ image internal http://control:9292 openstack endpoint create --region RegionOne \ image admin http://control:9292
安装
apt install glance
配置 /etc/glance/glance-api.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [database ] connection = mysql+pymysql://glance:glance123456@control/glance [keystone_authtoken ] www_authenticate_uri = http://control:5000 auth_url = http://control:5000 memcached_servers = control:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance123456 [paste_deploy ] flavor = keystone [glance_store ] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
初始化数据库
1 su -s /bin/sh -c "glance-manage db_sync" glance
重启服务
service glance-api restart
验证 添加一个镜像
1 2 3 4 5 6 7 8 wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img glance image-create --name "cirros" \ --file cirros-0.4.0-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --visibility=public glance image-list
Placement *** 在控制节点安装 ***
配置数据库 1 2 3 4 5 6 CREATE DATABASE placement;GRANT ALL PRIVILEGES ON placement.* TO 'placement' @'localhost' \ IDENTIFIED BY 'placement123456' ; GRANT ALL PRIVILEGES ON placement.* TO 'placement' @'%' \ IDENTIFIED BY 'placement123456' ;
安装 创建用户
1 2 3 4 5 6 7 8 9 10 11 12 13 openstack user create --domain default --password-prompt placement openstack role add --project service --user placement admin openstack service create --name placement \ --description "Placement API" placement openstack endpoint create --region RegionOne \ placement public http://control:8778 openstack endpoint create --region RegionOne \ placement internal http://control:8778 openstack endpoint create --region RegionOne \ placement admin http://control:8778
安装
apt install placement-api
配置 /etc/placement/placement.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [placement_database] connection = mysql+pymysql://placement:placement123456@control/placement [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://control:5000/v3 memcached_servers = control:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = placement123456
初始化数据库
su -s /bin/sh -c "placement-manage db sync" placement
重启服务
service apache2 restart
验证 1 2 3 4 5 6 7 placement-status upgrade check # 尝试执行一些命令 pip3 install osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name
计算服务(控制节点) 配置数据库 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 CREATE DATABASE nova_api;CREATE DATABASE nova;CREATE DATABASE nova_cell0;GRANT ALL PRIVILEGES ON nova_api.* TO 'nova' @'localhost' \ IDENTIFIED BY 'nova123456' ; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova' @'%' \ IDENTIFIED BY 'nova123456' ; GRANT ALL PRIVILEGES ON nova.* TO 'nova' @'localhost' \ IDENTIFIED BY 'nova123456' ; GRANT ALL PRIVILEGES ON nova.* TO 'nova' @'%' \ IDENTIFIED BY 'nova123456' ; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova' @'localhost' \ IDENTIFIED BY 'nova123456' ; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova' @'%' \ IDENTIFIED BY 'nova123456' ;
1 2 3 4 5 6 7 8 9 10 11 12 openstack user create --domain default --password-prompt nova openstack role add --project service --user nova admin openstack service create --name nova \ --description "OpenStack Compute" compute openstack endpoint create --region RegionOne \ compute public http://control:8774/v2.1 openstack endpoint create --region RegionOne \ compute internal http://control:8774/v2.1 openstack endpoint create --region RegionOne \ compute admin http://control:8774/v2.1
安装 apt install nova-api nova-conductor nova-novncproxy nova-scheduler
配置 /etc/nova/nova.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 [DEFAULT] transport_url = rabbit://openstack:rabbit123456@control:5672/ my_ip = 172.18.21.73 # log_dir [api_database] connection = mysql+pymysql://nova:nova123456@control/nova_api [database] connection = mysql+pymysql://nova:nova123456@control/nova [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://control:5000/ auth_url = http://control:5000/ memcached_servers = control:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = nova123456 [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers = http://control:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://control:5000/v3 username = placement password = placement123456
安装网络服务后继续 安装网络服务
/etc/nova/nova.conf
1 2 3 4 5 6 7 8 9 10 11 [neutron] auth_url = http://control:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron123456 service_metadata_proxy = true metadata_proxy_shared_secret = meta123456
初始化数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
注册 Cell0
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建 Cell1
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
填充新数据库
su -s /bin/sh -c "nova-manage db sync" nova
验证 Cell0 和 Cell1
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
???
nova-manage cell_v2 simple_cell_setup
重启服务
1 2 3 4 service nova-api restart service nova-scheduler restart service nova-conductor restart service nova-novncproxy restart
验证 openstack compute service list
openstack catalog list
openstack image list
nova-status upgrade check
计算服务(计算节点) 安装 apt install nova-compute
配置 /etc/nova/nova.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 [DEFAULT] transport_url = rabbit://openstack:rabbit123456@control my_ip = 172.18.21.72 [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://control:5000/ auth_url = http://control:5000/ memcached_servers = control:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = nova123456 [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://control:6080/vnc_auto.html [glance] api_servers = http://control:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://control:5000/v3 username = placement password = placement123456 [neutron] auth_url = http://control:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron123456
/etc/nova/nova-compute.conf
1 2 [libvirt] virt_type = qemu
安装网络
重启服务
service nova-compute restart
网络服务(控制节点) 数据库 1 2 3 4 5 CREATE DATABASE neutron;GRANT ALL PRIVILEGES ON neutron.* TO 'neutron' @'localhost' \ IDENTIFIED BY 'neutron123456' ; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron' @'%' \ IDENTIFIED BY 'neutron123456' ;
安装 1 2 3 4 5 6 7 8 9 10 11 12 13 openstack user create --domain default --password-prompt neutron openstack role add --project service --user neutron admin openstack service create --name neutron \ --description "OpenStack Networking" network openstack endpoint create --region RegionOne \ network public http://control:9696 openstack endpoint create --region RegionOne \ network internal http://control:9696 openstack endpoint create --region RegionOne \ network admin http://control:9696
安装
1 2 3 apt install neutron-server neutron-plugin-ml2 \ neutron-linuxbridge-agent neutron-dhcp-agent \ neutron-metadata-agent
配置 /etc/neutron/neutron.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 [DEFAULT] core_plugin = ml2 service_plugins = transport_url = rabbit://openstack:rabbit123456@control auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [database] connection = mysql+pymysql://neutron:neutron123456@control/neutron [keystone_authtoken] www_authenticate_uri = http://control:5000 auth_url = http://control:5000 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron123456 [nova] auth_url = http://control:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
/etc/neutron/plugins/ml2/ml2_conf.ini
1 2 3 4 5 6 7 8 9 10 11 [ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = provider [securitygroup] enable_ipset = true
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
1 2 3 4 5 6 7 8 [linux_bridge] physical_interface_mappings = provider:eth0 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
验证网桥
1 2 sysctl net.bridge.bridge-nf-call-iptables sysctl net.bridge.bridge-nf-call-ip6tables
/etc/neutron/dhcp_agent.ini
1 2 3 4 [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
/etc/neutron/metadata_agent.ini
1 2 3 4 [DEFAULT] # ... nova_metadata_host = control metadata_proxy_shared_secret = meta123456
返回继续
初始化数据库
1 2 su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启服务
1 2 3 4 5 service nova-api restart service neutron-server restart service neutron-linuxbridge-agent restart service neutron-dhcp-agent restart service neutron-metadata-agent restart
创建网络 1 2 3 4 5 6 7 8 9 openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider openstack subnet create --network provider \ --allocation-pool start=192.168.16.2,end=192.168.16.250 \ --dns-nameserver 223.5.5.5 --gateway 192.168.16.1 \ --subnet-range 192.168.16.0/24 provider
网络服务(计算节点) 安装 apt install neutron-linuxbridge-agent
配置 /etc/neutron/neutron.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [DEFAULT] transport_url = rabbit://openstack:rabbit123456@control auth_strategy = keystone [database] # connection [keystone_authtoken] # ... www_authenticate_uri = http://control:5000 auth_url = http://control:5000 memcached_servers = control:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron123456 [oslo_concurrency] lock_path = /var/lib/neutron/tmp
/etc/neutron/plugins/ml2/linuxbridge_agent.ini
1 2 3 4 5 6 7 [linux_bridge] physical_interface_mappings = provider:eth0 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
重启服务
1 2 service nova-compute restart service neutron-linuxbridge-agent restart
验证 openstack network agent list
仪表盘(可选组件) 安装 apt install openstack-dashboard
配置 /etc/openstack-dashboard/local_settings.py
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 OPENSTACK_HOST = "control" ALLOWED_HOSTS = ['*' ] SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default' : { 'BACKEND' : 'django.core.cache.backends.memcached.MemcachedCache' , 'LOCATION' : 'control:11211' , } } OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True OPENSTACK_API_VERSIONS = { "identity" : 3 , "image" : 2 , "volume" : 3 , } OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" OPENSTACK_NEUTRON_NETWORK = { ... 'enable_router' : False , 'enable_quotas' : False , 'enable_ipv6' : False , 'enable_distributed_router' : False , 'enable_ha_router' : False , 'enable_fip_topology_check' : False , } TIME_ZONE = "Asia/Shanghai"
/etc/apache2/conf-available/openstack-dashboard.conf
1 WSGIApplicationGroup %{GLOBAL}
重启服务
systemctl reload apache2.service
验证 访问管理页面
滇公网安备 53010202000217号