在ubuntu16.04上安裝opstack ocata版本
可以看連結https://www.linuxidc.com/Linux/2017-04/142431.htm下面是我自己配的, 日誌是在/var/log/目錄下,dashboard日誌可以通過/var/log/apache2/中檢視 sudo apt install vim 一、搭建基礎環境
192.168.30.145 controller【2vCPU、4G記憶體、40G儲存、雙網絡卡】(控制節點) 192.168.30.146 compute【2vCPU、4G記憶體、40G儲存、雙網絡卡】(計算節點)我只設定了controller節點的資訊,我配置的是opsentack ocata 單機(all in one)不知道怎麼配置計算節點,這個可以暫時不配,不影響搭建環境
1.安裝ssh並配置root密碼 $ sudo apt install ssh $ sudo passwd root Enter new UNIX password: Retype new UNIX password: passwd: password updated successfully
2.獲取臨時認證令牌 # openssl rand -hex 10 bdb5cad50653d4e85b7d
3.新增阿里雲映象 # cp /etc/apt/sources.list /etc/apt/sources.list.bak # vim /etc/apt/sources.list deb-src http://archive.Ubuntu.com/ubuntu xenial main restricted deb http://mirrors.aliyun.com/ubuntu/ xenial main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial main restricted multiverse universe deb http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial-updates main restricted multiverse universe deb http://mirrors.aliyun.com/ubuntu/ xenial universe deb http://mirrors.aliyun.com/ubuntu/ xenial-updates universe deb http://mirrors.aliyun.com/ubuntu/ xenial multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-updates multiverse deb http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse deb-src http://mirrors.aliyun.com/ubuntu/ xenial-backports main restricted universe multiverse deb http://archive.canonical.com/ubuntu xenial partner deb-src http://archive.canonical.com/ubuntu xenial partner deb http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted deb-src http://mirrors.aliyun.com/ubuntu/ xenial-security main restricted multiverse universe deb http://mirrors.aliyun.com/ubuntu/ xenial-security universe deb http://mirrors.aliyun.com/ubuntu/ xenial-security multiverse
4.配置網路介面IP # ip addr # vim /etc/network/interfaces auto ens33 iface ens33 inet static address 192.168.30.145 netmask 255.255.255.0 gateway 192.168.30.2 dns-nameserver 114.114.114.114 因為我的ubuntu16.04系統是連線的wifi的,沒有網線,這個我以前配過,但是出錯,這個檔案我沒動,我是直接連上wifi,手動新增的ip地址,右擊右上角的wifi標誌-編輯連線-點選連線的wifi名字-點選編輯-ipv4-手動,然後新增資訊如下: ip:192.168.30.145 子網掩碼:255.255.255.0 閘道器192.168.30.2 dns:192.168.30.2 點選儲存
# The provider network interface(配置第二個介面為提供者介面) auto ens34 iface ens34 inet manual up ip link set dev $IFACE up down ip link set dev $IFACE down 這個我暫時沒配
5.配置host # vim /etc/hosts 192.168.30.145 controller 192.168.30.146 compute (計算節點)計算節點暫時不懂,相關資訊我都沒配
6.配置NTP時間協議 # dpkg-reconfigure tzdata ##修改時區 Current default time zone: 'Asia/Chongqing' Local time is now: Tue Mar 28 20:54:33 CST 2017. Universal Time is now: Tue Mar 28 12:54:33 UTC 2017. # apt -y install chrony ##安裝chrony時間同步軟體
Controller Node # vim /etc/chrony/chrony.conf allow 192.168.30.0/24 ##設定允許該網段與自己同步時間 # service chrony restart
Compute Node 這個關於計算節點的我也暫時沒配, # vim /etc/chrony/chrony.conf # pool 2.debian.pool.ntp.org offline iburst server 192.168.30.145 iburst ##設定時間同步伺服器地址 # service chrony restart # chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* controller 3 6 377 33 -375us[ -422us] +/- 66ms
7.在所有節點啟用openstack庫、安裝openstack客戶端 # apt -y install software-properties-common # add-apt-repository cloud-archive:ocata # apt -y update && apt -y dist-upgrade # apt -y install python-openstackclient
8.安裝並配置資料庫服務(Controller Node) # apt -y install mariadb-server python-pymysql # vim /etc/mysql/mariadb.conf.d/99-openstack.cnf [mysqld] bind-address = 192.168.30.145 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 # service mysql restart # mysql_secure_installation ##執行該指令碼來保證資料庫安全,為root賬戶設定一個合適的密碼
9.安裝並配置Rabbitmq訊息佇列服務(Controller Node) # apt -y install rabbitmq-server # rabbitmqctl add_user openstack openstack ##新增OpenStack使用者並配置密碼 Creating user "openstack" ... ##允許openstack使用者的配置、寫、讀許可權 # rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/" ... # rabbitmqctl list_users ##列出使用者 Listing users ... guest[administrator] openstack[] # rabbitmqctl list_user_permissions openstack ##列出該使用者許可權 Listing permissions for user "openstack" ... /.*.*.* # rabbitmqctl status ##檢視RabbitMQ相關資訊 # rabbitmq-plugins list ##檢視RabbitMQ相關外掛 Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on [email protected] |/ ...... # rabbitmq-plugins enable rabbitmq_management ##啟用該外掛 The following plugins have been enabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applying plugin configuration to [email protected] started 6 plugins.
瀏覽器輸入http://localhost:15672,預設使用者名稱密碼都是guest。
10.安裝並配置Memcached快取服務【對認證服務進行快取】(Controller Node) # apt -y install memcached python-memcache # vim /etc/memcached.conf #-l 127.0.0.1 -l 192.168.30.145 # service memcached restart
二、配置 Keystone 認證服務(Controller Node)
1.建立 keystone 資料庫 # mysql MariaDB [(none)]> CREATE DATABASE keystone; ##建立 keystone 資料庫 ##對 keystone 資料庫授權[使用者名稱@控制節點...BY 密碼] MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'192.168.30.145' \ IDENTIFIED BY 'keystone'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \ IDENTIFIED BY 'keystone'; MariaDB [(none)]> flush privileges;
2.安裝並配置 Keystone # apt -y install keystone # vim /etc/keystone/keystone.conf [database]---配置資料庫訪問[使用者名稱:密碼@控制節點] connection = mysql+pymysql://keystone:[email protected]/keystone [token]---配置Fernet UUID令牌的提供者 provider = fernet # grep ^[a-z] /etc/keystone/keystone.conf connection = mysql+pymysql://keystone:[email protected]/keystone provider = fernet
3.初始化身份認證服務資料庫 # su -s /bin/sh -c "keystone-manage db_sync" keystone
4.初始化Fernet keys # keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone # keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5.配置引導標識服務 # keystone-manage bootstrap --bootstrap-password qaz123 \ --bootstrap-admin-url http://192.168.30.145:35357/v3/ \ --bootstrap-internal-url http://192.168.30.145:5000/v3/ \ --bootstrap-public-url http://192.168.30.145:5000/v3/ \ --bootstrap-region-id RegionOne
6.配置 HTTP 伺服器 # vim /etc/apache2/apache2.conf ServerName controller # service apache2 restart ##重啟Apache服務 # service apache2 status # rm -f /var/lib/keystone/keystone.db ##刪除預設的SQLite資料庫
7.配置管理賬戶 # export OS_USERNAME=admin # export OS_PASSWORD=qaz123 # export OS_PROJECT_NAME=admin # export OS_USER_DOMAIN_NAME=default # export OS_PROJECT_DOMAIN_NAME=default # export OS_AUTH_URL=http://192.168.30.145:35357/v3 # export OS_IDENTITY_API_VERSION=3
8.建立 service 專案 # openstack project create --domain default \ --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 945e37831e74484f8911fb742c925926 | | is_domain | False | | name | service | | parent_id | default | +-------------+----------------------------------+
9.配置普通(非管理)任務專案和使用者許可權
a.建立 demo 專案 # openstack project create --domain default \ --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 2ef20ce389eb499696f2d7497c6009b0 | | is_domain | False | | name | demo | | parent_id | default | +-------------+----------------------------------+
b.建立 demo 使用者 # openstack user create --domain default \ --password-prompt demo User Password: (這個密碼是自己設定的,我設定的是123456) Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 7cfc508fd5d44b468aac218bd4029bae | | name | demo | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
c.建立 user 角色 # openstack role create user +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | None | | id | 83b6ab2af4414ad387b2fc9daf575b3a | | name | user | +-----------+----------------------------------+
d.新增 user 角色到 demo 專案和使用者 # openstack role add --project demo --user demo user
10.禁用臨時身份驗證令牌機制 # vim /etc/keystone/keystone-paste.ini [pipeline:public_api]即把這裡面的下方程式碼刪掉 # pipeline = admin_token_auth [pipeline:admin_api] # pipeline = admin_token_auth [pipeline:api_v3] # pipeline = admin_token_auth
11.重置 OS_AUTH_URL 和 OS_PASSWORD 環境變數 # unset OS_AUTH_URL OS_PASSWORD
12.使用 admin 使用者,請求認證令牌(密碼為admin使用者密碼) # openstack --os-auth-url http://192.168.30.145:35357/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name admin --os-username admin token issue Password: (這個密碼是上方配置的admin的密碼qaz123) +------------+-----------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------+ | expires | 2017-03-28T15:11:50+0000 | | id | gAAAAABY2m8mE9pMATPuFW9YpgoBMTg9mCI6GcmFeQAudwbhGiVblXZP | | | kmSmHc5aFwTZSIdjLzPJaMd1k16UZghj59v45Gvzdh5CLhSFGWPsT8rL | | | fRJD4eE1D_eRz2Jjjk5rDmwAHm5mmffuszJLSe4B2KJyBXkdmmznXL-A | | project_id | 2461396f6a344c21a2360a612d4f6abe | | user_id | 63ca263543fb4b02bb34410e3dc8a801 | +------------+-----------------------------------------------------------+
13.使用 demo 使用者,請求認證令牌(密碼為demo使用者密碼) # openstack --os-auth-url http://192.168.30.145:5000/v3 \ --os-project-domain-name default --os-user-domain-name default \ --os-project-name demo --os-username demo token issue Password: (這個密碼是上方配置的demo的密碼123456) +------------+-----------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------+ | expires | 2017-03-28T15:13:50+0000 | | id | gAAAAABY2m-eSIWmQg1SyZFaiGcP2kjHf742ktr8YcVH3Q4aHKTflDJ | | | RLAfgmeoDW2z1sbdHQmKQNSb--F-1Pn_hTFHYqgyMlIxYpEQxGhJ-rg | | | b0EuxUT9opwl0m5onaA5Cv_MBX6awxeity8Gh1dc50NUeYela5Yl4uSG | | project_id | 2ef20ce389eb499696f2d7497c6009b0 | | user_id | 7cfc508fd5d44b468aac218bd4029bae | +------------+-----------------------------------------------------------+
14.建立指令碼
a.建立並編輯檔案 admin-openrc 並新增如下內容: # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=qaz123 export OS_AUTH_URL=http://192.168.30.145:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
b.建立並編輯檔案 demo-openrc 並新增如下內容: # vim demo-openrc export OS_PROJECT_DOMAIN_NAME=default export OS_USER_DOMAIN_NAME=default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=123456 export OS_AUTH_URL=http://192.168.30.145:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
15.使用指令碼
a.載入指令碼 # . admin-openrc
b.請求身份認證令牌 # openstack token issue +------------+----------------------------------------------------------+ | Field | Value | +------------+----------------------------------------------------------+ | expires | 2017-03-28T15:22:55+0000 | | id | gAAAAABY2nG_diuPBMl66vJye3mV3S7CWZKesIiSnbicq5XddujfHhc3x| | | PHni3iHWPcTQAjHoIEMTvSH6yKOQ6Z74QL6hVbshqP1dJrRJ6xEa9WvIk| | | F7H5j7lPmM7ncfVvr9k96gLJ6Uhz38R5qRnHBWkxrlNsgw1jdnAjxf5e | | project_id | 2461396f6a344c21a2360a612d4f6abe | | user_id | 63ca263543fb4b02bb34410e3dc8a801 | +------------+----------------------------------------------------------+
三、配置 Glance 映象服務(Controller Node)
1.建立 glance 資料庫 # mysql MariaDB [(none)]> CREATE DATABASE glance; ##建立 glance 資料庫 ##對 glance 資料庫授權[使用者名稱@控制節點...BY 密碼] MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'192.168.30.145' \ IDENTIFIED BY 'glance'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \ IDENTIFIED BY 'glance'; MariaDB [(none)]> flush privileges;
2.獲取管理員訪問許可權 # . admin-openrc
3.建立服務證書
a.建立glance使用者: # openstack user create --domain default --password-prompt glance User Password: (自己設定的,我設定的也是123456) Repeat User Password: +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 3edeaaae87e14811ac2c6767ab657d6b | | name | glance | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
b.新增 admin 角色到 glance 使用者和 service 專案上: # openstack role add --project service --user glance admin
c.建立“glance”服務實體: # openstack service create --name glance \ --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 22a0875ba92c4512989666f116ae1585 | | name | glance | | type | image | +-------------+----------------------------------+
d.建立映象服務的 API 端點: # openstack endpoint create --region RegionOne \ image public http://192.168.30.145:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ff6d9ed365cf4e7f8cc53d47e57cd46b | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 22a0875ba92c4512989666f116ae1585 | | service_name | glance | | service_type | image | | url | http://192.168.30.145:9292 | +--------------+----------------------------------+ # openstack endpoint create --region RegionOne \ image internal http://192.168.30.145:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7408dd72bc1745758cdf23e136ef7392 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 22a0875ba92c4512989666f116ae1585 | | service_name | glance | | service_type | image | | url | http://192.168.30.145:9292 | +--------------+----------------------------------+ # openstack endpoint create --region RegionOne \ image admin http://192.168.30.145:9292 --------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8ed4e7e1a5834177b4ce1896c21e6cb9 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 22a0875ba92c4512989666f116ae1585 | | service_name | glance | | service_type | image | | url | http://192.168.30.145:9292 | +--------------+----------------------------------+
4.安裝並配置 Glance 元件
a.配置映象API # apt -y install glance # vim /etc/glance/glance-api.conf [database]---配置資料庫訪問[使用者名稱:密碼@控制節點] connection = mysql+pymysql://glance:[email protected]/glance [keystone_authtoken]---配置身份服務訪問 auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 (這個密碼是上方自己設定的glance密碼) [paste_deploy] flavor = keystone [glance_store]---配置本地檔案系統儲存和影象檔案位置 stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ # grep ^[a-z] /etc/glance/glance-api.conf sqlite_db = /var/lib/glance/glance.sqlite backend = sqlalchemy connection = mysql+pymysql://glance:[email protected]/glance stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 flavor = keystone
b.配置映象註冊服務 # vim /etc/glance/glance-registry.conf [database]---配置資料庫訪問[使用者名稱:密碼@控制節點] connection = mysql+pymysql://glance:[email protected]/glance [keystone_authtoken]---配置身份服務訪問 auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 [paste_deploy] flavor = keystone # grep ^[a-z] /etc/glance/glance-registry.conf sqlite_db = /var/lib/glance/glance.sqlite backend = sqlalchemy connection = mysql+pymysql://glance:[email protected]/glance auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = 123456 flavor = keystone
5.同步映象服務資料庫 # su -s /bin/sh -c "glance-manage db_sync" glance
6.重啟服務 # service glance-registry restart # service glance-api restart # service glance-registry status # service glance-api status
7.驗證操作
使用 CirrOS 對映象服務進行驗證
CirrOS是一個小型的Linux映象,可以用來進行 OpenStack部署測試。
a.獲取管理員許可權
# . admin-openrc
b.下載源映象 # wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
c.使用 QCOW2 磁碟格式, bare 容器格式上傳映象到映象服務並設定公共可見 # openstack image create "cirros"\ --file cirros-0.3.5-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | f8ab98ff5e73ebab884d80c9dc9c7290 | | container_format | bare | | created_at | 2017-03-29T05:57:56Z | | disk_format | qcow2 | | file | /v2/images/4b6ebd57-80ab-4b79-8ecc-53a026f3e898/file | | id | 4b6ebd57-80ab-4b79-8ecc-53a026f3e898 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 2461396f6a344c21a2360a612d4f6abe | | protected | False | | schema | /v2/schemas/image | | size | 13267968 | | status | active | | tags | | | updated_at | 2017-03-29T05:57:56Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+
d.確認映象的上傳並驗證屬性 # openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 4b6ebd57-80ab-4b79-8ecc-53a026f3e898 | cirros | active | +--------------------------------------+--------+--------+
四 nova的配置 https://blog.csdn.net/chenvast/article/details/71036233
https://www.cnblogs.com/yangdonghao/p/6762472.html https://blog.csdn.net/zhujie_hades/article/details/52181244 上方是參考的 1. 先決條件 在安裝和配置 Compute 服務前,你必須建立資料庫服務的憑據以及 API endpoints。 ① 為了建立資料庫,必須完成這些步驟: # mysql MariaDB [(none)]> create database nova_api; MariaDB [(none)]>create database nova; MariaDB [(none)]> create database nova_cell0; MariaDB [(none)]>grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'nova'; MariaDB [(none)]> grant all privileges on nova_api.* to 'nova'@'%' identified by 'nova'; MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by 'nova'; MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by 'nova'; MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by 'nova'; MariaDB [(none)]> grant all privileges on nova_cell0.* to 'nova'@'%' identified by 'nova'; MariaDB [(none)]> flush privileges ; MariaDB [(none)]> exit ② 獲得admin憑證來獲取只有管理員能執行的命令的訪問許可權 . admin-openrc ③ 建立計算服務憑證 建立nova使用者: openstack user create --domain default --password-prompt nova 此處需要輸入密碼: 給nova使用者新增 admin 角色: openstack role add --project service --user nova admin 建立nova服務實體 openstack service create --name nova --description "OpenStack Computr" compute
④ 建立計算API服務端點 openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
⑤ 建立placement service的一個使用者placement openstack user create --domain default --password-prompt placement
此處需要輸入密碼:
⑥ 增加placement使用者到service project和admin角色 openstack role add --project service --user placement admin ⑦ 建立placement API服務目錄 openstack service create --name placement --description "Placement API" placement
⑧ 建立placement API 服務端點 openstack endpoint create --region RegionOne placement public http://http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778
2. 安裝並配置元件
① 安裝資料包 sudo apt-get install nova-api nova-conductor nova-console nova-novncproxy nova-scheduler nova-placement-api
② 編輯/etc/nova/nova.conf檔案完成以下操作。 在[DEFAULT]部分下,只啟用compute和metadata API [DEFAULT] enabled_apis = osapi_compute,metadata 在[api_database]和[database]部分下,配置資料庫連線 [api_database] connection = mysql+pymysql://nova:[email protected]/nova_api [database] connection = mysql+pymysql://nova:[email protected]/nova 在 “[DEFAULT]”部分,配置 “RabbitMQ” 訊息佇列訪問: [DEFAULT] transport_url = rabbit://openstack:[email protected] #RABBIT_PASS:也就是安裝rabbitmq時候建立的openstack的使用者名稱和密碼,上方我設定的密碼是openstack
在 “[api]” 和 “[keystone_authtoken]” 部分,配置認證服務訪問: [api] auth_strategy = keystone [keystone_authtoken] auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS (NOVA_PASS是上方建立nova賬戶的密碼即nova) 在 [DEFAULT 部分,配置my_ip來使用控制節點的管理介面的IP 地址。 [DEFAULT] my_ip = 192.168.30.145 在 [DEFAULT] 部分,啟用支援Networking 服務: [DEFAULT] use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver 注意: 預設情況下,計算服務使用內建的防火牆服務。由於網路服務包含了防火牆服務,你必須使用nova.virt.firewall.NoopFirewallDriver防火牆服務來禁用掉計算服務內建的防火牆服務。
在[vnc]部分,配置VNC代理使用控制節點的管理介面IP地址 : [vnc] enabled = true vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip 在 [glance] 區域,配置映象服務 API 的位置: [glance] api_servers = http:// 192.168.30.145:9292 在 [oslo_concurrency] 部分,配置鎖路徑: [oslo_concurrency] lock_path = /var/lib/nova/tmp 在[placement]部分,配置placement API: [placement] os_region_name = RegionOne project_domain_name = default project_name = service auth_type = password user_domain_name = default auth_url = http:// 192.168.30.145:35357/v3 username = placement password = PLACEMENT_PASS(placement的密碼) 由於一個打包的 bug ,必須從 [DEFAULT] 區域去除 logdir 選項。但我沒找到
③ 填充nova-api資料庫(同步compute資料庫) su -s /bin/sh -c "nova-manage api_db sync" nova ④ 註冊cell0資料庫 su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova ⑤ 建立cell1 cell su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova ⑥ 填充nova資料庫 su -s /bin/sh -c "nova-manage db sync" nova ⑦ 核查nova cell0和cell1 是否註冊成功 nova-manage cell_v2 list_cells 3. 完成安裝 啟動compute服務和設定開機自動啟動 service nova-api restart service nova-consoleauth restart service nova-scheduler restart service nova-conductor restart service nova-novncproxy restart
安裝和配置一個計算節點 本節描述如何安裝和配置在一個計算節點的計算服務。服務支援多種虛擬機器監控程式或vm部署例項。為簡單起見,這個配置使用QEMU虛擬機器監控程式在計算節點上通過KVM擴充套件,支援虛擬機器的硬體加速。在傳統硬體,這個配置使用通用QEMU虛擬機器監控程式。您可以遵循這些指令和少量修改與額外的計算節點橫向擴充套件您的環境。 這部分假設您遵循本指南中的說明一步一步配置第一個計算節點。如果你想配置額外的計算節點,他們準備以類似的方式對第一個計算節點在示例架構部分。每個額外的計算節點需要一個唯一的IP地址。 接下來操作在計算節點上操作 1. 安裝和配置元件 ① 安裝資料包 apt-get install nova-compute ② 編輯/etc/nova/nova.conf檔案完成以下操作。 在[DEFAULT]部分,僅僅啟用compute和metadata APIS: [DEFAULT] enabled_apis = osapi_compute,metadata 在[DEFAULT]部分,配置RabbitMQ資訊佇列接入: [DEFAULT] transport_url = rabbit://openstack:[email protected] 在[api]和[keystone_authtoken]部分,配置身份服務接入: [api] auth_strategy = keystone [keystone_authtoken] auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = nova password = NOVA_PASS
在[DEFAULT]部分,配置my_ip選項:(ip是計算節點的管理段ip) [DEFAULT] my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS 將其中的 MANAGEMENT_INTERFACE_IP_ADDRESS 替換為計算節點上的管理網路介面的IP 地址,我沒配置計算節點,因此這一項我沒配 在[DEFAULT]部分,啟用支援networking服務: [DEFAULT] use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver 通知: 預設情況下,計算使用內部防火牆服務。因為網路包含防火牆服務,您必須使用nova.virt.firewall禁用防火牆計算服務 通過nova.virt.firewall.NoopFirewallDriver firewall driver
在[vnc]部分,啟用和配置遠端console接入: [vnc] #vncserver_listen = $my_ip vncserver_proxyclient_address = $my_ip enabled = True vncserver_listen = 0.0.0.0 vncserver_proxyclient_address = $my_ip novncproxy_base_url = http://192.168.30.145:6080/vnc_auto.html 在[glance]部分,配置映象服務的API位置: [glance] api_servers = http://192.168.30.145:9292 在[oslo_concurrency]部分,配置鎖定路徑: [oslo_concurrency] lock_path = /var/lib/nova/tmp 在[placement]部分,配置placement API: [placement] os_region_name = RegionOne project_domain_name = default project_name = service auth_type = password user_domain_name = default auth_url = http://controller:35357/v3 username = placement password = PLACEMENT_PASS 2. 完成安裝 ① 確定您的計算節點支援虛擬機器的硬體加速:(關於計算節點的這一項我也沒配置) egrep -c '(vmx|svm)' /proc/cpuinfo 如果這個命令的返回值是1或者更大,則代表支援虛擬化。 如果這個命令的返回值為零,計算節點不支援硬體加速,您必須配置libvirt KVM使用QEMU。 編輯/etc/nova/nova.conf,在[libvirt]部分,virt_type = qemu ② 啟動計算服務包括依賴項和開機自動啟動 service nova-compute restart 3. 增加一個計算節點到cell資料庫(這一項我也沒配置) 接下來操作在控制節點上操作 1. 獲得 admin 憑證來獲取只有管理員能執行的命令的訪問許可權,並確認1個計算節點是在主機列表中: . admin-openrc openstack hypervisor list 2. 發現compute主機列表: su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova 注意: 當你新增新的計算節點,您必須執行nova-manage cell_v2 discover_hosts控制器節點上註冊新計算節點 驗證操作 接下來操作在控制節點上操作 1. 獲得 admin 憑證來獲取只有管理員能執行的命令的訪問許可權, . admin-openrc 2. 列出服務元件:admin身份執行openstack compute servic list 該輸出顯示三個服務元件在控制節點上啟用,一個服務元件在計算節點上啟用。 3. 在標識服務API端點列表與身份驗證連線服務: 注意:下面端點列表可能不同,這取決於OpenStack的安裝元件。在這個輸出忽略任何警告。 openstack catalog list 4. 驗證映象服務和映象列表: openstack image list 五、配置 Neutron 網路服務【各節點皆要配置】
1.建立 neutron 資料庫 # mysql MariaDB [(none)] CREATE DATABASE neutron; ##建立 neutron 資料庫 ##對 neutron 資料庫授權[使用者名稱@控制節點...BY 密碼] MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.168.30.145' \\ IDENTIFIED BY 'neutron'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \\ IDENTIFIED BY 'neutron'; MariaDB [(none)]> flush privileges;
2.獲取管理員訪問許可權 # . admin-openrc
3.建立服務證書
a.建立 neutron 使用者 # openstack user create --domain default --password-prompt neutron User Password: Repeat User Password: (neutron的密碼,此時我設定的是123456) +---------------------+----------------------------------+ | Field | Value | +---------------------+----------------------------------+ | domain_id | default | | enabled | True | | id | 54cd9e72295c411090ea9f641cb02135 | | name | neutron | | options | {} | | password_expires_at | None | +---------------------+----------------------------------+
b.新增 admin 角色到 neutron 使用者 # openstack role add --project service --user neutron admin
c.建立 neutron 服務實體 # openstack service create --name neutron \ --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 720687745d354718862255a56d7aea46 | | name | neutron | | type | network | +-------------+----------------------------------+
d.建立 neutron 服務API端點 # openstack endpoint create --region RegionOne \ network public http://192.168.30.145:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | a9b1b5b8fbb842a8b14a9cecca7a58a8 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 720687745d354718862255a56d7aea46 | | service_name | neutron | | service_type | network | | url | http://192.168.30.145:9696 | +--------------+----------------------------------+ # openstack endpoint create --region RegionOne \ network internal http://192.168.30.145:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 61e2c14b0c8f4003a7099012e9a6331f | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 720687745d354718862255a56d7aea46 | | service_name | neutron | | service_type | network | | url | http://192.168.30.145:9696 | +--------------+----------------------------------+ # openstack endpoint create --region RegionOne \ network admin http://192.168.30.145:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 6719539759c34487bd519c0dffb5509d | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 720687745d354718862255a56d7aea46 | | service_name | neutron | | service_type | network | | url | http://192.168.30.145:9696 | +--------------+----------------------------------+
4.配置網路型別2:私有網路
a.安裝元件 # apt -y install neutron-server neutron-plugin-ml2 \ neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent \ neutron-metadata-agent
b.配置 Neutron 元件 # vim /etc/neutron/neutron.conf [database]----配置資料庫訪問[使用者名稱:密碼@控制節點] #connection = sqlite:////var/lib/neutron/neutron.sqlite connection = mysql+pymysql://neutron:[email protected]/neutron [DEFAULT]----啟用ML2外掛、路由器服務和overlapping IP addresses core_plugin = ml2 service_plugins = router allow_overlapping_ips = true [DEFAULT]----配置 RabbitMQ 訊息佇列訪問[使用者名稱:密碼@控制節點] transport_url = rabbit://openstack:[email protected] [DEFAULT]----配置認證服務訪問 auth_strategy = keystone [keystone_authtoken]----配置認證服務訪問 auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 [DEFAULT]----配置網路服務來通知計算節點的網路拓撲變化 notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova]----配置網路服務來通知計算節點的網路拓撲變化 auth_url = http://192.168.30.145:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = 123456 # grep ^[a-z] /etc/neutron/neutron.conf auth_strategy = keystone core_plugin = ml2 service_plugins = router allow_overlapping_ips = true notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true transport_url = rabbit://openstack:[email protected] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf connection = mysql+pymysql://neutron:[email protected]/neutron auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 region_name = RegionOne auth_url = http://192.168.30.145:35357 auth_type = password password =123456 project_domain_name = default project_name = service user_domain_name = default username = nova
c.配置 Modular Layer 2 (ML2) 外掛
ML2外掛使用Linuxbridge機制來為例項建立layer-2虛擬網路基礎設施 # vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2]----啟用flat,VLAN以及VXLAN網路 type_drivers = flat,vlan,vxlan [ml2]----啟用VXLAN私有網路 tenant_network_types = vxlan [ml2]----啟用Linuxbridge和layer-2機制 mechanism_drivers = linuxbridge,l2population [ml2]----啟用埠安全擴充套件驅動 extension_drivers = port_security [ml2_type_flat]----配置公共虛擬網路為flat網路 flat_networks = provider [ml2_type_vxlan]----為私有網路配置VXLAN網路識別的網路範圍 vni_ranges = 1:1000 [securitygroup]----啟用 ipset 增加安全組規則的高效性 enable_ipset = true # grep ^[a-z] /etc/neutron/plugins/ml2/ml2_conf.ini type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security flat_networks = provider vni_ranges = 1:1000 enable_ipset = true
注:Linuxbridge代理只支援VXLAN覆蓋網路
d.配置Linuxbridge代理
Linuxbridge代理為例項建立layer-2虛擬網路並且處理安全組規則 # vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge]----對應公共虛擬網路和公共物理網路介面 physical_interface_mappings = provider:wlp3s0 (因為這個ip是我手動點選圖形化介面加的,網路介面是wlps0,不是enp4s0) [vxlan]----啟用VXLAN覆蓋網路,配置覆蓋網路的物理網路介面的IP地址,並啟用layer-2 population enable_vxlan = true local_ip = 192.168.30.145 l2_population = true [securitygroup]----啟用安全組並配置防火牆服務 enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver # grep ^[a-z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini physical_interface_mappings = provider:wlp3s0 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver enable_security_group = true enable_vxlan = true local_ip = 192.168.30.145 l2_population = true
e.配置layer-3代理
Layer-3代理為私有虛擬網路提供路由和NAT服務 # vim /etc/neutron/l3_agent.ini [DEFAULT]----配置Linuxbridge介面驅動和外部網路網橋 interface_driver = linuxbridge # grep ^[a-z] /etc/neutron/l3_agent.ini interface_driver = linuxbridge
f.配置DHCP代理
DHCP代理為虛擬網路提供DHCP服務
# vim /etc/neutron/dhcp_agent.ini [DEFAULT]----配置Linuxbridge驅動介面,DHCP驅動並啟用隔離元資料 interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true # grep ^[a-z] /etc/neutron/dhcp_agent.ini interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
g.配置元資料代理----負責提供配置資訊 # vim /etc/neutron/metadata_agent.ini [DEFAULT]----配置元資料主機以及共享密碼 nova_metadata_ip = 192.168.30.145 metadata_proxy_shared_secret = qaz123 # grep ^[a-z] /etc/neutron/metadata_agent.ini nova_metadata_ip = 192.168.30.145 metadata_proxy_shared_secret = qaz123
5.在控制節點上為計算節點配置網路服務 # vim /etc/nova/nova.conf [neutron]----配置訪問引數,啟用元資料代理並設定密碼 url = http://192.168.30.145:9696 auth_url = http://192.168.30.145:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123456 service_metadata_proxy = true metadata_proxy_shared_secret = qaz123 # grep ^[a-z] /etc/nova/nova.conf
6.完成安裝
a.同步資料庫 # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron ...... OK
注:資料庫的同步發生在 Networking 之後,因為指令碼需要完成伺服器和外掛的配置檔案
b.重啟計算 API 服務 # service nova-api restart
c.重啟 Networking 服務
對於兩種網路型別: # service neutron-server restart # service neutron-linuxbridge-agent restart # service neutron-dhcp-agent restart # service neutron-metadata-agent restart
對於網路型別 2 ,還需重啟 L3 服務: # service neutron-l3-agent restart
d.確認啟動與否 # service nova-api status # service neutron-server status # service neutron-linuxbridge-agent status # service neutron-dhcp-agent status # service neutron-metadata-agent status # service neutron-l3-agent status
7.配置 Compute Node 的 Neutron 網路服務 # apt -y install neutron-linuxbridge-agent # vim /etc/neutron/neutron.conf [database]----計算節點不直接訪問資料庫 #connection = sqlite:////var/lib/neutron/neutron.sqlite [DEFAULT]----配置 RabbitMQ 訊息佇列訪問[使用者名稱:密碼@控制節點] transport_url = rabbit://openstack:[email protected] [DEFAULT]----配置認證服務訪問 auth_strategy = keystone [keystone_authtoken]----配置認證服務訪問 auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456 # grep ^[a-z] /etc/neutron/neutron.conf auth_strategy = keystone core_plugin = ml2 transport_url = rabbit://openstack:[email protected] root_helper = sudo /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf auth_uri = http://192.168.30.145:5000 auth_url = http://192.168.30.145:35357 memcached_servers = 192.168.30.145:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = 123456
8.為計算節點配置網路服務 # vim /etc/nova/nova.conf [neutron]----配置訪問引數 url = http://192.168.30.145:9696 auth_url = http://192.168.30.145:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = 123456 # grep ^[a-z] /etc/nova/nova.conf
9.完成安裝
a.重啟計算服務: # service nova-compute restart # service nova-compute status
b.重啟Linuxbridge代理: # service neutron-linuxbridge-agent restart # service neutron-linuxbridge-agent status
10.在計算節點上配置網路型別2(這一項我沒配)
配置Linuxbridge代理----為例項建立layer-2虛擬網路並且處理安全組規則 # vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge]----對應公共虛擬網路和公共物理網路介面 physical_interface_mappings = provider:wlp3s0 [vxlan]----啟用VXLAN覆蓋網路,配置覆蓋網路的物理網路介面的IP地址,啟用layer-2 population enable_vxlan = true local_ip = 192.168.30.146 l2_population = true [securitygroup]----啟用安全組並配置firewall_driver enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver # grep ^[a-z] /etc/neutron/plugins/ml2/linuxbridge_agent.ini physical_interface_mappings = provider:wlp3s0 firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver enable_security_group = true enable_vxlan = true local_ip = 192.168.30.146 l2_population = true
11.在控制節點上驗證操作
a.獲取管理員許可權 # . admin-openrc
b.列出載入的擴充套件來驗證 neutron-server 程序是否正常啟 # openstack extension list --network +----------------------+----------------------+--------------------------+ | Name | Alias | Description | +----------------------+----------------------+--------------------------+ | Default Subnetpools | default-subnetpools | Provides ability to mark | | | | and use a subnetpool as | | | | the default | | Network IP | network-ip- | Provides IP availability | | Availability | availability | data for each network | | | | and subnet. | | Network Availability |network_availability_z| Availability zone | | Zone | one | support for network. | | Auto Allocated | auto-allocated- | Auto Allocated Topology | | Topology Services | topology | Services. | | Neutron L3 | ext-gw-mode | Extension of the router | | Configurable external| | abstraction for | | gateway mode | | specifying whether SNAT | | | | should occur on the | | | | external gateway | | Port Binding | binding | Expose port bindings of | | | | a virtual port to | | | | external application | | agent | agent | The agent management | | | | extension. | | Subnet Allocation | subnet_allocation | Enables allocation of | | | | subnets from a subnet | | | | pool | | L3 Agent Scheduler | l3_agent_scheduler | Schedule routers among | | | | l3 agents | | Tag support | tag | Enables to set tag on | | | | resources. | | Neutron external | external-net | Adds external network | | network | | attribute to network | | | | resource. | | Neutron Service | flavors | Flavor specification for | | Flavors | | Neutron advanced | | | | services | | Network MTU | net-mtu | Provides MTU attribute | | | | for a network resource. | | Availability Zone | availability_zone | The availability zone | | | | extension. | | Quota management | quotas | Expose functions for | | support | | quotas management per | | | | tenant | | HA Router extension | l3-ha | Add HA capability to | | | | routers. | | Provider Network | provider | Expose mapping of |