Openstack 安装

作者: davisgao | 来源:发表于2018-05-09 14:26 被阅读0次

    1.环境准备

    centos7

    1.1、yum安装设置

    • yum list |grep openstack

      centos-release-openstack-newton.noarch 1-2.el7 extras
      centos-release-openstack-ocata.noarch 1-2.el7 extras
      centos-release-openstack-pike.x86_64 1-1.el7 extras
      centos-release-openstack-queens.x86_64 1-1.el7.centos extras
    • yum install centos-release-openstack-queens.x86_64 1-1.el7.centos -y 此时会在/etc/yum.repo.d/下产生Openstack的yum源配置

    1.2、OpenStack 客户端

      yum install python-openstackclient -y
      yum install openstack-selinux -y
    

    2.安装

    2.1、mariadb数据库的安装

    OpenStack使用数据库来存储,支持大部分数据库MariaDB或、MySQL或者PostgreSQL,数据库运行于控制节点。

    • 卸载原版本mysql
      rpm -qa|grep mariadb
      rpm -e --nodeps mysql-community-common-5.7.9-1.el7.x86_64.rpm
      rpm -e --nodeps mysql-community-libs-5.7.9-1.el7.x86_64.rpm
      rpm -e --nodeps mysql-community-client-5.7.9-1.el7.x86_64.rpm
      rpm -e --nodeps mysql-community-server-5.7.9-1.el7.x86_64.rpm
      
    • 安装mysql
       yum install mariadb mariadb-server python2-PyMySQL  -y
      
    • 修改配置(/etc/my.cnf.d/mariadb-server.cnf)
        [mysqld]
        bind-address = 10.20.16.229
        default-storage-engine = innodb
        innodb_file_per_table = on
        max_connections = 4096
        collation-server = utf8_general_ci
        character-set-server = utf8
        # 目录预先规划
        datadir=/data/openstack/mysql/data
        socket=/data/openstack/mysql/mysql.sock
        log-error=/data/openstack/mysql/log/mariadb.log
        pid-file=/data/openstack/mysql/mariadb.pid
      
      
    • 修改工作目录属组
        chown mysql:mysql -R /data/openstack/mysql
      
    • 启动
        systemctl enable mariadb.service
        systemctl start mariadb.service
      
    • 执行初始化设置
        #账号初始化
        mysql_secure_installation
        #远程访问设置(用于后期其他节点连接)
        GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'ips';
      

    2.1、rabbitmq数据库的安装

    • 卸载老版本(略、、、)
    • 安装
      yum install rabbitmq-server -y
      
    • 设置账号和权限
      # 此处RABBIT_PASS 设置为ips
      rabbitmqctl add_user openstack RABBIT_PASS
      rabbitmqctl set_permissions openstack ".*" ".*" ".*"
      
    • 创建工作目录
      mkdir -p /data/openstack/rabbitmq
      chown rabbitmq:rabbitmq -R rabbitmq
      
    • 修改启动文件(/usr/lib/systemd/system/rabbitmq-server.service)
      Environment=RABBITMQ_LOG_BASE=/data/openstack/rabbitmq/log
      WorkingDirectory=/data/openstack/rabbitmq/data
      
    • 启动
      systemctl enable rabbitmq-server.service
      systemctl start rabbitmq-server.service
      
    • 为方便管理可以启用相关插件(属于rabbitmq相关,不详述)
       rabbitmq-plugins enable rabbitmq_management 
       systemctl restart rabbitmq-server
       登录(http://ip:15672/) 
       注意:用户必须拥有admin权限
      

    2.3、Memcached的安装

    • 卸载老版本(略、、、)
    • 安装
      yum install memcached python-memcached -y
      
    • 修改配置文件(/etc/sysconfig/memcached )
      PORT="11211"
      USER="memcached"
      MAXCONN="1024"
      CACHESIZE="64"
      #主要增加controller
      OPTIONS="-l 127.0.0.1,::1,controller"
      
    • 启动
      systemctl enable memcached.service
      systemctl start memcached.service
      

    2.4、身份认证服务keytone(控制节点)

    • 创建存储
      CREATE DATABASE keystone;
      GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'  IDENTIFIED BY 'ips';
      GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'  IDENTIFIED BY 'ips';
      
    • 安装相关包

      yum install openstack-keystone httpd mod_wsgi -y
      
    • 配置keystone(编辑文件 /etc/keystone/keystone.conf)
      /etc/keystone/keystone.conf

       [database]
       ···
       connection = mysql+pymysql://keystone:ips@controller/keystone
      
       [token]
       ...
       provider = uuid
      
    • 初始化身份认证服务的数据库和Fernet

        su -s /bin/sh -c "keystone-manage db_sync" keystone
        keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
        keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
      
    • Bootstrap the Identity service:

        # 在Queens版本中只需要一个端口(5000),就用于所有接口,以前的版本中中5000用于普通接口,35357仅负责管理服务,该换此处ADMIN_PASS为ips
        keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
          --bootstrap-admin-url http://controller:5000/v3/ \
          --bootstrap-internal-url http://controller:5000/v3/ \
          --bootstrap-public-url http://controller:5000/v3/ \
          --bootstrap-region-id RegionOne
      
    • 配置Apache HTTP 服务器(/etc/httpd/conf/httpd.conf)
      vim /etc/httpd/conf/httpd.conf

       ServerName controller  
      

      cp -f /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

         #主要修改日志产生的路径
          Listen 5000
          Listen 35357
      
         <VirtualHost *:5000>
            WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
            WSGIProcessGroup keystone-public
            WSGIScriptAlias / /usr/bin/keystone-wsgi-public
            WSGIApplicationGroup %{GLOBAL}
            WSGIPassAuthorization On
            <IfVersion >= 2.4>
              ErrorLogFormat "%{cu}t %M"
            </IfVersion>
            ErrorLog /data/openstack/httpd/keystone-error.log
            CustomLog /data/openstack/httpd/keystone-access.log combined
      
            <Directory /usr/bin>
                <IfVersion >= 2.4>
                    Require all granted
                </IfVersion>
                <IfVersion < 2.4>
                    Order allow,deny
                    Allow from all
                </IfVersion>
            </Directory>
        </VirtualHost>
      
        <VirtualHost *:35357>
            WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
            WSGIProcessGroup keystone-admin
            WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
            WSGIApplicationGroup %{GLOBAL}
            WSGIPassAuthorization On
            <IfVersion >= 2.4>
              ErrorLogFormat "%{cu}t %M"
            </IfVersion>
            ErrorLog /data/openstack/httpd/keystone-error.log
            CustomLog /data/openstack/httpd/keystone-access.log combined
      
            <Directory /usr/bin>
                <IfVersion >= 2.4>
                    Require all granted
                </IfVersion>
                <IfVersion < 2.4>
                   Order allow,deny
                    Allow from all
                </IfVersion>
            </Directory>
        </VirtualHost>
      
    • 创建admin-rc文件,并写入一下内容

      export OS_USERNAME=admin
      export OS_PASSWORD=ips
      export OS_PROJECT_NAME=admin
      export OS_USER_DOMAIN_NAME=Default
      export OS_PROJECT_DOMAIN_NAME=Default
      export OS_AUTH_URL=http://controller:35357/v3
      export OS_IDENTITY_API_VERSION=3
      export OS_IMAGE_API_VERSION=2
      
    • 创建domain、project、user和role

       # 创建domain,默认情况下已有domain:default
        openstack domain create --description "An Example Domain" example
        openstack project create --domain default  --description "Service Project" service
       # 创建project
        openstack project create --domain default --description "Demo Project" demo
       # 创建project,此时设置密码为ips
        openstack user create --domain default   --password-prompt demo
       # 创建role,此时需设置为ipsrole
        openstack role create user
       # 绑定user、role、project三者关系
        openstack role add --project demo --user demo user 
       #  验证
        unset OS_AUTH_URL OS_PASSWORD
        openstack --os-auth-url http://controller:35357/v3 \
      --os-project-domain-name Default --os-user-domain-name Default \
      --os-project-name admin --os-username admin token issue
      
    • 创建client 访问配置admin-rc已创建,下面创建demo

        export OS_PROJECT_DOMAIN_NAME=Default
        export OS_USER_DOMAIN_NAME=Default
        export OS_PROJECT_NAME=demo
        export OS_USERNAME=demo
        export OS_PASSWORD=ips
        export OS_AUTH_URL=http://controller:5000/v3
        export OS_IDENTITY_API_VERSION=3
        export OS_IMAGE_API_VERSION=2
      ``
      
      
    • 本节QA
      QA1:Error: Package: perl-DBD-MySQL-4.023-5.el7.x86_64 (@base)

         rpm -ivh mysql-community-libs-compat-5.7.18-1.el7.x86_64.rpm
      

      QA2:Missing value auth-url required for auth plugin password

      source admin-rc
      

      QA3:Invalid command 'WSGIDaemonProcess', perhaps misspelled or defined by a module not included in the server configuration

       # 安装说明中有,但是有时候为了处理httpd的问题,卸载httpd会同事卸载该组件,安装时需一并安装
       yum install apache2-mod_wsgi
      

      QA4:The request you have made requires authentication. (HTTP 401) (Request-ID: req-9a49935d-49a6-4673-ae3b-193d53eb0444)

       # 安装过程中难免有错误,当回头处理问题时,一种可能是修改过密码,另一种情况是是之前的执行尚未生效
           keystone-manage bootstrap --bootstrap-password ips \
      --bootstrap-admin-url http://controller:5000/v3/ \
      --bootstrap-internal-url http://controller:5000/v3/ \
      --bootstrap-public-url http://controller:5000/v3/ \
      --bootstrap-region-id RegionOne
      

    2.3、镜像服务glance(控制节点)

    • 创建存储
      CREATE DATABASE glance;
      GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'ips';
      GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'ips';
      
    • 创建openstack中的用户glance
        # 创建user ,此时设置密码为ips
        openstack user create --domain default --password-prompt glance
        # 给glance赋予service权限和admin角色
        openstack role add --project service --user glance admin
        # 创建service和endpoints,用于镜像,
        openstack service create --name glance  --description "OpenStack Image" image
        openstack endpoint create --region RegionOne image public http://controller:9292
        openstack endpoint create --region RegionOne image internal http://controller:9292
        openstack endpoint create --region RegionOne image admin http://controller:9292
      
    • 安装相关软件包
      yum install openstack-glance -y
      
    • 修改配置文件
      /etc/glance/glance-api.conf
       [database]
       connection = mysql+pymysql://glance:ips@controller/glance
      
       [keystone_authtoken]
       auth_uri = http://controller:5000
       auth_url = http://controller:5000
       memcached_servers = controller:11211
       auth_type = password
       project_domain_name = Default
       user_domain_name = Default
       project_name = service
       username = glance
       password = ips
      
       [paste_deploy]
       flavor = keystone
      
      # 镜像存储方式和位置
       [glance_store]
       stores = file,http
       default_store = file
       filesystem_store_datadir = /data/openstack/glance/images/
      
      /etc/glance/glance-registry.conf
       [database]
       connection = mysql+pymysql://glance:ips@controller/glance
       [keystone_authtoken]
       auth_uri = http://controller:5000
       auth_url = http://controller:5000
       memcached_servers = controller:11211
       auth_type = password
       project_domain_name = Default
       user_domain_name = Default
       project_name = service
       username = glance
       password = ips
      
      [paste_deploy]
       flavor = keystone
      
    • 创建工作目录
       mkdir -p /data/openstack/glance/images/
       mkdir -p /data/openstack/glance/log/
       chown glance:glance -R /data/openstack/glance
      
    • 初始化glance数据库
       su -s /bin/sh -c "glance-manage db_sync" glance
      
    • 修改openstack-glance-api.service和openstack-glance-registry.service 统一存储日志,并启动
       # 主要是重新指定日志的存储位置
       ExecStart=/usr/bin/glance-api --log-dir /data/openstack/glance/log/
       ExecStart=/usr/bin/glance-registry --log-dir /data/openstack/glance/log/
       #启动
       systemctl daemon-reload 
       systemctl enable openstack-glance-api.service openstack-glance-registry.service
       systemctl start openstack-glance-api.service openstack-glance-registry.service
      
    • 验证
       # 下载测试镜像
       wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
       # 导入镜像
        openstack image create "cirros" \
        --file cirros-0.3.5-x86_64-disk.img \
        --disk-format qcow2 --container-format bare \
        --public
       # 查看镜像
        openstack image list
      # 拉取qcow2
        wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
      # 导入镜像
      openstack image create "CentOS7" \
        --file CentOS-7-x86_64-GenericCloud.qcow2 \
        --disk-format qcow2 --container-format bare \
        --public
      

    2.4、Compute 服务(nova)

    2.4.1、控制节点安装

    • 创建存储
      CREATE DATABASE nova_api;
      CREATE DATABASE nova;
      CREATE DATABASE nova_cell0;
      GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'ips';
      GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'ips';
      
      GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'ips';
      GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'ips';
      
      GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'ips';
      GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'ips';
      flush privileges;
      
    • 创建openstack中的用户nova
        # 创建user ,此时设置密码为ips
        openstack user create --domain default --password-prompt nova
        # 给nova赋予service权限和admin角色
        openstack role add --project service --user nova admin
        # 创建service和endpoints,用于镜像,
        openstack service create --name nova  --description "OpenStack Compute" compute
        openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
        openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
        openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
      
    • 创建openstack中的用户placement
        # 创建user ,此时设置密码为ips
        openstack user create --domain default --password-prompt placement
        # 给placement赋予service权限和admin角色
        openstack role add --project service --user placement admin
        # 创建service和endpoints,用于镜像,
        openstack service create --name placement --description "Placement API" placement
        openstack endpoint create --region RegionOne placement public http://controller:8778
        openstack endpoint create --region RegionOne placement internal http://controller:8778
        openstack endpoint create --region RegionOne placement admin http://controller:8778
      
    • 在控制节点上安装相关软件包
      yum install openstack-nova-api openstack-nova-conductor \
      openstack-nova-console openstack-nova-novncproxy \
      openstack-nova-scheduler openstack-nova-placement-api  -y
      
    • 创建工作目录
       mkdir -p /data/openstack/nova/
       chown nova:nova -R /data/openstack/nova
      
    • 修改配置文件(/etc/nova/nova.conf )
       [DEFAULT]
       # ...
       enabled_apis = osapi_compute,metadata
       transport_url = rabbit://openstack:ips@controller
       my_ip = 10.20.16.229
       use_neutron = True
       firewall_driver = nova.virt.firewall.NoopFirewallDriver
      
       [api_database]
       # ...
       connection = mysql+pymysql://nova:ips@controller/nova_api
      
       [database]
       # ...
       connection = mysql+pymysql://nova:ips@controller/nova
      
       [api]
       # ...
       auth_strategy = keystone
      
       [keystone_authtoken]
       # ...
       auth_url = http://controller:5000/v3
       memcached_servers = controller:11211
       auth_type = password
       project_domain_name = default
       user_domain_name = default
       project_name = service
       username = nova
       password = ips
      
       [vnc]
       enabled = true
       # ...
       server_listen = $my_ip
       server_proxyclient_address = $my_ip
      
       [glance]
       # ...
       api_servers = http://controller:9292
      
       [oslo_concurrency]
       # ...
       lock_path = /data/openstack/nova/tmp
      
       [placement]
       # ...
       os_region_name = RegionOne
       project_domain_name = Default
       project_name = service
       auth_type = password
       user_domain_name = Default
       auth_url = http://controller:5000/v3
       username = placement
       password = ips
      
    • 修改配置文件(/etc/httpd/conf.d/00-nova-placement-api.conf)并重启httpd
       #官方BUG,增加配置
       <Directory /usr/bin>
          <IfVersion >= 2.4>
             Require all granted
          </IfVersion>
          <IfVersion < 2.4>
             Order allow,deny
             Allow from all
          </IfVersion>
       </Directory>
       # 重启
       systemctl restart httpd
      
    • 初始化nova数据库,并验证
       # 初始化
       su -s /bin/sh -c "nova-manage api_db sync" nova
       su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
       su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
       su -s /bin/sh -c "nova-manage db sync" nova
       # 验证
       nova-manage cell_v2 list_cells
      
    • 修改openstack-nova-*.service相关文件,主要统一存储日志,并启动
        # 主要是重新指定日志的存储位置
        # openstack-nova-api.service
        ExecStart=/usr/bin/nova-api --log-dir /data/openstack/nova/log/
        # openstack-nova-consoleauth.service
        ExecStart=/usr/bin/nova-consoleauth --log-dir /data/openstack/nova/log/
        # openstack-nova-scheduler.service
        ExecStart=/usr/bin/nova-scheduler --log-dir /data/openstack/nova/log/
        # openstack-nova-conductor.service
        ExecStart=/usr/bin/nova-conductor  --log-dir /data/openstack/nova/log/
        # openstack-nova-novncproxy.service
        ExecStart=/usr/bin/nova-novncproxy --web /usr/share/novnc/ $OPTIONS --log-dir /data/openstack/nova/log/
      
       #启动
       systemctl daemon-reload 
       systemctl start openstack-nova-api.service \
        openstack-nova-consoleauth.service openstack-nova-scheduler.service \
        openstack-nova-conductor.service openstack-nova-novncproxy.service
      
    • 本节QA
      QA1:官方BUG:修改配置文件/etc/httpd/conf.d/00-nova-placement-api.conf:

    2.4.2、计算节点安装

    • 在计算节点上安装相关软件包

      yum install openstack-nova-compute -y
      
    • 更改配置文件( /etc/nova/nova.conf)

      [DEFAULT]
        # ...
       verbose = True
       #替换为计算节点上的管理网络接口的IP 地址,例如 :ref:example architecture <overview-example-architectures>`中所示的第一个节点 10.0.0.31 。
       my_ip = 10.20.16.228
       enabled_apis = osapi_compute,metadata
       transport_url= rabbit://openstack:ips@controller
       use_neutron = True
       firewall_driver = nova.virt.firewall.NoopFirewallDriver
      
      [api]
      # ...
      auth_strategy = keystone
      
      [keystone_authtoken]
      # ...
      auth_url = http://controller:5000/v3
      memcached_servers = controller:11211
      auth_type = password
      project_domain_name = default
      user_domain_name = default
      project_name = service
      username = nova
      password = ips
      
      [vnc]
      # ...
      enabled = True
      #服务器组件监听所有的 IP 地址
      vncserver_listen = 0.0.0.0 
      #代理组件仅仅监听计算节点管理网络接口的 IP 地址
      vncserver_proxyclient_address = $my_ip 
      #使用 web 浏览器访问位于该计算节点上实例的远程控制台的位置
      novncproxy_base_url = http://controller:6080/vnc_auto.html
      
      [glance]
      # ...
      api_servers = http://controller:9292
      
       #配置锁路径
      [oslo_concurrency]
      # (可选的)为帮助排错,在 “[DEFAULT]”部分启用详细日志(verbose = True)。
      lock_path = /data/openstack/nova/tmp
      [placement]
      # ...
      os_region_name = RegionOne
      project_domain_name = Default
      project_name = service
      auth_type = password
      user_domain_name = Default
      auth_url = http://controller:5000/v3
      username = placement
      password = ips
      
    • 查看CPU核数,确认是否支持CPU加速

        egrep -c '(vmx|svm)' /proc/cpuinfo
        #如果这个命令返回 >1的值,说明计算节点支持硬件加速。如果等于0 ,需要在/etc/nova/nova.conf中修改virt_type为QEMU,否则KVM。
        [libvirt]
        ...
        virt_type = qemu
       
      
    • 修改日志目录,启动计算服务

        # openstack-nova-compute.service
         ExecStart=/usr/bin/nova-compute --log-dir /data/openstack/nova/compute
        # 启动
         systemctl  daemon-reload
         systemctl enable libvirtd.service openstack-nova-compute.service
         systemctl start libvirtd.service openstack-nova-compute.service
      
    • 将新的计算节点加入到库中(cell )

        openstack compute service list --service nova-compute
        # 新增节点此处都要执行
        su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
        #当然如果不想手动执行,可以在 /etc/nova/nova.conf配置定时扫描发现
        [scheduler]
        discover_hosts_in_cells_interval = 300
      
    • 本节QA

    2.5、网络服务neutron

    2.5.1、控制节点

    • 创建存储
      CREATE DATABASE neutron;
      GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'ips';
      GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'ips';
       flush privileges;
      
    • 创建openstack中的用户neutron
        # 创建user ,此时设置密码为ips
        openstack user create --domain default --password-prompt neutron
        # 给neutron赋予service权限和admin角色
        openstack role add --project service --user neutron admin
        # 创建service和endpoints,用于镜像,
        openstack service create --name neutron  --description "OpenStack Networking" network
        openstack endpoint create --region RegionOne  network public http://controller:9696
        openstack endpoint create --region RegionOne  network internal http://controller:9696
        openstack endpoint create --region RegionOne  network admin http://controller:9696
      
    • 安装软件包(Provider networks)
       yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
      
    • 修改配置
      /etc/neutron/neutron.conf
       [DEFAULT]
       # ...
       core_plugin = ml2
       service_plugins =
       transport_url = rabbit://openstack:ips@controller
       auth_strategy = keystone
       notify_nova_on_port_status_changes = true
       notify_nova_on_port_data_changes = true
      
       [keystone_authtoken]
       # ...
       auth_uri = http://controller:5000
       auth_url = http://controller:35357
       memcached_servers = controller:11211
       auth_type = password
       project_domain_name = default
       user_domain_name = default
       project_name = service
       username = neutron
       password = ips
      
       [nova]
       # ...
       auth_url = http://controller:35357
       auth_type = password
       project_domain_name = default
       user_domain_name = default
       region_name = RegionOne
       project_name = service
       username = nova
       password = ips
      
       [oslo_concurrency]
       # 预先创建好工作目录 
       # mkdir -p /data/openstack/neutron/lock
       # chown neutron:neutron -R /data/openstack/neutron
       lock_path = lock_path = /data/openstack/neutron/lock
      
      Modular Layer 2 (ML2) plug-in: /etc/neutron/plugins/ml2/ml2_conf.ini
       [ml2]
       # ...
       type_drivers = flat,vlan
       tenant_network_types =
       mechanism_drivers = linuxbridge
       extension_drivers = port_security
      
       [ml2_type_flat]
       # ...
       flat_networks = provider
      
       [securitygroup]
       # ...
       enable_ipset = true
      

      Linux bridge agent: /etc/neutron/plugins/ml2/linuxbridge_agent.ini

       [linux_bridge]
       physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
      
       [vxlan]
       enable_vxlan = false
      
       [securitygroup]
       # ...
       enable_security_group = true
       firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
      
      iptables: /usr/lib/sysctl.d/00-system.conf使之生效 sysctl -p
         net.bridge.bridge-nf-call-ip6tables = 1
         net.bridge.bridge-nf-call-iptables = 1
      
      DHCP agent: /etc/neutron/dhcp_agent.ini
       [DEFAULT]
       # ...
       interface_driver = linuxbridge
       dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
       enable_isolated_metadata = true
      
      metadata agent : /etc/neutron/metadata_agent.ini
       [DEFAULT]
       # ...
       nova_metadata_host = controller
       metadata_proxy_shared_secret = ips
      
      /etc/nova/nova.conf (不要改变以前的配置过的)
       [neutron]
       url = http://controller:9696
       auth_url = http://controller:35357
       auth_type = password
       project_domain_name = default
       user_domain_name = default
       region_name = RegionOne
       project_name = service
       username = neutron
       password = ips
       service_metadata_proxy = true
       metadata_proxy_shared_secret = ips
      
    • 配置连接到指定文件
        ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
      
    • 初始化数据库
        su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
      
    • 由于刚才更改nova的配置文件,需重启
         systemctl restart openstack-nova-api.service
      
    • 修改启动配置,并启动
      # /usr/lib/systemd/system/neutron-server.service
      ExecStart=/usr/bin/neutron-server \ 
      --config-file /usr/share/neutron/neutron-dist.conf  \ 
      --config-dir /usr/share/neutron/server \ 
      --config-file /etc/neutron/neutron.conf \ 
      --config-file /etc/neutron/plugin.ini \ 
      --config-dir /etc/neutron/conf.d/common \
      --config-dir /etc/neutron/conf.d/neutron-server \ 
      --log-file /data/openstack/neutron/log/server.log
      
      # /usr/lib/systemd/system/neutron-linuxbridge-agent.service
      ExecStart=/usr/bin/neutron-linuxbridge-agent \
      --config-file /usr/share/neutron/neutron-dist.conf \ 
      --config-file /etc/neutron/neutron.conf \ 
      --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \
      --config-dir /etc/neutron/conf.d/common \
      --config-dir /etc/neutron/conf.d/neutron-linuxbridge-agent \ 
      --log-file /data/openstack/neutron/log/linuxbridge-agent.log
      
      # /usr/lib/systemd/system/neutron-dhcp-agent.service
      ExecStart=/usr/bin/neutron-dhcp-agent \
      --config-file /usr/share/neutron/neutron-dist.conf \
      --config-file /etc/neutron/neutron.conf  \ 
      --config-file /etc/neutron/dhcp_agent.ini \
      --config-dir /etc/neutron/conf.d/common \
      --config-dir /etc/neutron/conf.d/neutron-dhcp-agent \ 
      --log-file /data/openstack/neutron/log/dhcp-agent.log
      
      # /usr/lib/systemd/system/neutron-metadata-agent.service
      ExecStart=/usr/bin/neutron-metadata-agent \
      --config-file /usr/share/neutron/neutron-dist.conf \
      --config-file /etc/neutron/neutron.conf \
      --config-file /etc/neutron/metadata_agent.ini \
      --config-dir /etc/neutron/conf.d/common \
      --config-dir /etc/neutron/conf.d/neutron-metadata-agent \
      --log-file /data/openstack/neutron/log/metadata-agent.log
      
      # 启动
      systemctl daemon-reload
      systemctl start neutron-server.service \
      neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
      neutron-metadata-agent.service
      

    2.5.2、计算节点

    • 安装计算节点上相关软件包
        yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
      
    • 更改配置文件
      /etc/neutron/neutron.conf
      [DEFAULT]
      ...
      #RabbitMQ消息队列访问
      transport_url = rabbit://openstack:ips@controller
      
      #配置认证服务访问
      auth_strategy = keystone
      verbose = True
      
      [keystone_authtoken]
      # ...
      auth_uri = http://controller:5000
      auth_url = http://controller:35357
      memcached_servers = controller:11211
      auth_type = password
      project_domain_name = default
      user_domain_name = default
      project_name = service
      username = neutron
      password = ips
      
       #配置锁路径:
      [oslo_concurrency]
         ...
      #(可选的)为帮助排错,在 “[DEFAULT]”部分启用详细日志(verbose = True)。
      lock_path = /data/openstack/neutron/tmp
      
      #注释所有``connection`` 项,因为计算节点不直接访问数据库
      [database]
      
      
      Linux bridge agent:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
      [linux_bridge]
      physical_interface_mappings = provider:eno1
      [vxlan]
      enable_vxlan = false
      [securitygroup]
      # ...
      enable_security_group = true
      firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
      
      iptables: /usr/lib/sysctl.d/00-system.conf使之生效 sysctl -p
         net.bridge.bridge-nf-call-ip6tables = 1
         net.bridge.bridge-nf-call-iptables = 1
      
      /etc/nova/nova.conf
       [neutron]
       url = http://controller:9696
       auth_url = http://controller:35357
       auth_type = password
       project_domain_name = default
       user_domain_name = default
       region_name = RegionOne
       project_name = service
       username = neutron
       password = ips
      
    • 由于修改了nova配置,重启计算服务
        # systemctl restart openstack-nova-compute.service
      
    • 修改启动配置,启动Linux桥接代理并配置它开机自启动
      # /usr/lib/systemd/system/neutron-linuxbridge-agent.service 其中目录提前创建
      # mkdir -p /data/openstack/neutron/log
      # chown neutron:neutron -R /data/openstack/neutron
      ExecStart=/usr/bin/neutron-linuxbridge-agent \ 
      --config-file /usr/share/neutron/neutron-dist.conf \ 
      --config-file /etc/neutron/neutron.conf \ 
      --config-file /etc/neutron/plugins/ml2/linuxbridge_agent.ini \ 
      --config-dir /etc/neutron/conf.d/common \ 
      --config-dir /etc/neutron/conf.d/neutron-linuxbridge-agent \ 
      --log-file /data/openstack/neutron/log/linuxbridge-agent.log
      #  启动
      systemctl  daemon-reload
      systemctl enable neutron-linuxbridge-agent.service
      systemctl start neutron-linuxbridge-agent.service
      
    • 验证
       openstack extension list --network
      

    2.5创建实例

    • Flavor

    • 本节QA
        QA1:创建server时,在nova-conductor.log中,报如下错误:

      2018-05-15 11:45:10.816 5547 ERROR   oslo_messaging.rpc.server MessageDeliveryFailure: Unable to connect to AMQP   server on controller:5672 after None tries: (0, 0): (403) ACCESS_REFUSED - Login was refused using authentication mechanism AMQPLAIN. For details see the broker logfile.
      

      解决办法:https://blog.silversky.moe/works/openstack-lanuch-instance-infinite-scheduling

       su -s /bin/sh -c "nova-manage db sync" nova
       如果仍有问题,到库中确认配置是否正确
       SELECT * FROM `nova_api`.`cell_mappings` WHERE `created_at` LIKE BINARY '%openstack%' OR `updated_at` LIKE BINARY '%openstack%' OR `id` LIKE BINARY '%openstack%' OR `uuid` LIKE BINARY '%openstack%' OR `name` LIKE BINARY '%openstack%' OR `transport_url` LIKE BINARY '%openstack%' OR `database_connection` LIKE BINARY '%openstack%' ;
      

      此外,即便配置正确在使用openstack4j 拿去token时也会包该问题

         su -s /bin/sh -c "nova-manage db sync" nova
      

      QA2:创建服务时,{u'message': u'No valid host was found. ', u'code': 500, u'created': u'2018-05-17T02:22:47Z'

         管理员给这个工程的资源配额是最多创建10个实例,最多使用20个vcpu,
         最多使用5G的内存,只要达到某一个资源的使用上限,就会出现异常,这就是配额管理。
          # 修改默认配置
         openstack quota set c5ba590cab874f55b1668bad5cd2a6a6 --instances 30 --cores 90 --ram 204800
       
      

      QA3:Build of instance 00b69820-ef36-447c-82ca-7bdec4c70ed2 was re-scheduled: invalid argument: could not find capabilities for domaintype=kvm

        # kvm 被 BIOS 禁用了
         dmesg | grep kvm
        重启进入设置即可
      

    2.6、dashboard安装

    • 安装软件包
        yum install openstack-dashboard -y
      
    • 更改配置文件(/etc/openstack-dashboard/local_settings)
        #配置控制节点,来使用 OpenStack 服务
        OPENSTACK_HOST = "controller"
        #允许所有主机访问仪表板
        ALLOWED_HOSTS = ['*', ]
        #配置 memcached 会话存储服务
         CACHES = {
           'default': {
               'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
               'LOCATION': 'controller:11211',
            }
          }
        #为通过仪表盘创建的用户配置默认的 user 角色
         OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
        #启用multi-domain model
        OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
        #配置服务API版本,这样你就可以通过Keystone V3 API来登录dashboard
        OPENSTACK_API_VERSIONS = {
            "identity": 3,
            "volume": 2,
            "image": 2
        }
       #如果您选择网络参数1,禁用支持3层网络服务
        OPENSTACK_NEUTRON_NETWORK = {
            ...
          'enable_router': False,
          'enable_quotas': False,
          'enable_distributed_router': False,
          'enable_ha_router': False,
          'enable_lb': False,
          'enable_firewall': False,
          'enable_vpn': False,
          'enable_fip_topology_check': False,
      }
      #可以选择性地配置时区
      TIME_ZONE = "Asia/Shanghai"
      
    • 启动web 服务器和会话存储服务,并配置它们随系统启动
       # systemctl enable httpd.service memcached.service
       # systemctl restart httpd.service memcached.service
      

    2.6、块设备存储服务cinder (控制节点和计算节点)

    2.6.1、控制节点

    * 创建存储
      ```
        CREATE DATABASE cinder;
        GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost'  IDENTIFIED BY 'ips';
        GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%'   IDENTIFIED BY 'ips';
        flush privileges;
      ```
    
    • 创建openstack中的用户cinder
         # 创建user ,此时设置密码为ips
         openstack user create --domain default --password-prompt cinder;
         # 给cinder 赋予service权限和admin角色
         openstack role add --project service --user cinder admin;
         # 创建cinderv2 和 cinderv3 服务
         openstack service create --name cinderv2  --description "OpenStack Block Storage" volumev2;
         openstack service create --name cinderv3  --description "OpenStack Block Storage" volumev3;
        # 创建service和endpoints,用于镜像
         openstack service create --name cinderv2  --description "OpenStack Block Storage" volumev2
         openstack endpoint create --region RegionOne  volumev2 public http://controller:8776/v2/%\(project_id\)s
         openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
         openstack endpoint create --region RegionOne  volumev2 admin http://controller:8776/v2/%\(project_id\)s
         openstack endpoint create --region RegionOne  volumev3 public http://controller:8776/v3/%\(project_id\)s
         openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
         openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
      
    • 安装cinder
       yum install openstack-cinder -y
      
    • 修改配置文件 :/etc/cinder/cinder.conf
       [DEFAULT]
       # ...
       transport_url = rabbit://openstack:ips@controller
       auth_strategy = keystone
      
       [keystone_authtoken]
       # ...
       auth_uri = http://controller:5000
       auth_url = http://controller:35357
       memcached_servers = controller:11211
       auth_type = password
       project_domain_id = default
       user_domain_id = default
       project_name = service
       username = cinder
       password = ips
      
       [database]
       # ...
       connection = mysql+pymysql://cinder:ips@controller/cinder
      
       # 目录预先创建
       # mkdir -p /data/openstack/cinder/tmp
       # chown cinder:cinder -R /data/openstack/cinder
       [oslo_concurrency]
       # ...
       lock_path = /data/openstack/cinder/tmp
      
      
    • 修改配置文件并重启 :/etc/nova/nova.conf
       [cinder]
       os_region_name = RegionOne
      
    • 重启nova
        systemctl restart openstack-nova-api.service
      
    • 初始化数据结构
         su -s /bin/sh -c "cinder-manage db sync" cinder
      
    • 修改启动配置:主要为了归档日志
       # openstack-cinder-api.service
       ExecStart=/usr/bin/cinder-api --config-file /usr/share/cinder/cinder-dist.conf --  config-file /etc/cinder/cinder.conf --logfile /data/openstack/cinder/log/api.log
       # openstack-cinder-scheduler.service
        ExecStart=/usr/bin/cinder-scheduler --config-file /usr/share/cinder/cinder-dist.conf --config-file /etc/cinder/cinder.conf --logfile /data/openstack/cinder/log/scheduler.log
      
    • 启动cinder
       systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
      

    2.6.2、计算节点

    • 增加LVM支持,安装相关组件
         yum install lvm2 device-mapper-persistent-data  openstack-cinder targetcli python-keystone -y
        # 启动
        # systemctl enable lvm2-lvmetad.service
        # systemctl start lvm2-lvmetad.service
      
    • 为块存储服务创建物理卷(cinder 会在这个卷组中创建逻辑卷)
        # 提前准备好分区nvme0n1p4
        pvcreate /dev/nvme0n1p4
        vgcreate cinder-volumes /dev/nvme0n1p4
      
    • 修改配置文件/etc/lvm/lvm.conf
         devices {
         ...
         #此处配置一定要正确不然会导致cinder-volume的State为down
         filter =[ "a|^/dev/nvme0n1p4$|","r|.*/|" ]
      
    • 更改配置文件(/etc/cinder/cinder.conf)
        [DEFAULT]
        # ...
        #RabbitMQ消息队列访问
        rpc_backend = rabbit://openstack:ips@controller
        #配置认证服务访问
        auth_strategy = keystone
        my_ip = 10.20.16.227
        # 启用 LVM 后端
        enabled_backends = lvm
        #配置锁路径
        lock_path = /data/openstack/cinder/tmp
        #启用详细日志
        verbose = True
        #配置镜像服务的位置
        glance_api_servers = http://controller:9292
      
        #配置数据库访问
        [database]
        ...
        connection = mysql://cinder:ips@controller/cinder #替换 CINDER_DBPASS
      
      #配置认证服务访问,注释或者删除其他选项
      [keystone_authtoken]
      ...
      auth_uri = http://controller:5000
      auth_url = http://controller:35357
      auth_plugin = password
      project_domain_id = default
      user_domain_id = default
      project_name = service
      username = cinder
      password = CINDER_PASS #cinder用户选择的密码
      
      #配置LVM后端以LVM驱动结束,卷组``cinder-volumes`` ,iSCSI 协议和正确的 iSCSI服务,在[DEFAULT]中启用
      [lvm]
      ...
      volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
      volume_group = cinder-volumes
      iscsi_protocol = iscsi
      iscsi_helper = lioadm
      
    • 启动块存储卷服务及其依赖的服务,并将其配置为随系统启动
        # systemctl enable openstack-cinder-volume.service target.service
        # systemctl start openstack-cinder-volume.service target.service
      

    CentOS 镜像

    • 设置固定root密码
        virt-customize -a CentOS-7-x86_64-GenericCloud.qcow2 --root-password password:root123
      
    • 设置其他用户密码
       [root@host229 openstack]# guestfish --rw -a CentOS-7-x86_64-GenericCloud.qcow2
       ><fs> run 
       ><fs> list-filesystems
       /dev/sda1: xfs
       ><fs> mount /dev/sda1 /
       ><fs> vi /etc/cloud/cloud.cfg
      
      解除root锁定:/etc/cloud/cloud.cfg
      disable_root: 0
      ssh_pwauth:   1
      ······
      system_info:
        default_user:
          name: centos
          lock_passwd: false
          plain_text_passwd: 'root@ips'
      
      增加ssh 登陆支持:/etc/ssh/sshd_config
      Port 22
      #AddressFamily any
      ListenAddress 0.0.0.0
      #ListenAddress ::
      PermitRootLogin yes
      PasswordAuthentication yes
      
    • 导入镜像
       openstack image create "Centos-7" --file CentOS-7-x86_64-GenericCloud.qcow2 --disk-format qcow2 --container-format bare  --public
      

    相关文章

      网友评论

        本文标题:Openstack 安装

        本文链接:https://www.haomeiwen.com/subject/fpnmrftx.html