虚拟机的前期准备
-
virtualbox(virtualbox在构建虚拟网络时会有bug,强烈不建议使用!) - vmware15
- centos7
vmware的配置
- 16G内存
- 6核Cpu
-
300G空间
虚拟机配置
设置双网卡
网络的设置
- 192.168.140.1/24(管理网)VMnet1
- 192.168.150.1/24(连接外网)VMnet2
centos7的前期准备
虚拟机安装时的空间分配
配图是virtualbox,但是设置内容一致
设置网卡
cd /etc/sysconfig/network-scripts/
vim ifcfg-enp0s3
#### 修改:
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.140.99
NETMASK=255.255.255.0
GATEWAY=192.168.140.1
#### 重启网络:
systemctl restart network
网卡设置
之后就可以用ssh直连服务器操作了
访问外网
此时的192.168.137.99应该能访问外网(windows下让能上网的共享网络给对应的网卡)
设置DNS
vi /etc/resolve.conf
nameserver 114.114.114.114
virtualbox有时需要这样设置才能连通外网
1、查看本机实际ip地址并记录下来
2、将虚拟网卡的默认网关与DNS服务器均改为实际ip地址
3、在虚拟机中设置DNS服务器与虚拟网卡地址一致
还是别用virtualbox了
关闭防火墙
systemctl stop firewalld
systemctl disable firewalld
关闭selinux
vi /etc/selinux/config
SELINUX=disabled
设置主机名
hostnamectl set-hostname openstack
# 测试hostname
# hostname
> openstack
设置域名解析
vi /etc/hosts
# 增加:
192.168.140.99 openstack
# 效果如下:
[root@localhost ~]# ping openstack
PING openstack (192.168.140.99) 56(84) bytes of data.
64 bytes from openstack (192.168.140.99): icmp_seq=1 ttl=64 time=0.026 ms
64 bytes from openstack (192.168.140.99): icmp_seq=2 ttl=64 time=0.027 ms
^C
配置环境
安装清单……
cd /etc/yum.repos.d
rm -rf *
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum install epel-release -y
# epel 似乎是pip的必备包
# 安装epel是为了能安装ansible,否则ansible无法安装。
# 替换epel源为国内清华源/ 可以尝试,但是替换之后容易出现拉取不到安装包的情况,慎重!
# 将所有的baseurl改为: baseurl=https://mirrors.tuna.tsinghua.edu.cn/epel/7/$basearch
# vi /etc/yum.repos.d/epel.repo
# 参考网址:https://mirrors.tuna.tsinghua.edu.cn/help/epel/
yum install docker -y
yum install python-devel libffi-devel gcc openssl-devel libselinux-python git vim bash-completion -y
yum install net-tools -y
yum install python-pip -y
pip install -U pip
# [设置国内源](https://mirrors.tuna.tsinghua.edu.cn/help/pypi/)
pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple
yum install ansible -y
# 此处若不使用 --ignore-installed PyYAML,会被PyYAML版本冲突提示出错……
pip install kolla-ansible --ignore-installed PyYAML
pip install python-openstackclient
踩坑
[root@openstack ~]# openstack server list
Traceback (most recent call last):
File "/usr/bin/openstack", line 6, in <module>
from openstackclient.shell import main
File "/usr/lib/python2.7/site-packages/openstackclient/shell.py", line 24, in <module>
from osc_lib import shell
File "/usr/lib/python2.7/site-packages/osc_lib/shell.py", line 33, in <module>
from osc_lib.cli import client_config as cloud_config
File "/usr/lib/python2.7/site-packages/osc_lib/cli/client_config.py", line 18, in <module>
from openstack.config import exceptions as sdk_exceptions
File "/usr/lib/python2.7/site-packages/openstack/__init__.py", line 16, in <module>
import openstack.config
File "/usr/lib/python2.7/site-packages/openstack/config/__init__.py", line 17, in <module>
from openstack.config.loader import OpenStackConfig # noqa
File "/usr/lib/python2.7/site-packages/openstack/config/loader.py", line 33, in <module>
from openstack.config import cloud_region
File "/usr/lib/python2.7/site-packages/openstack/config/cloud_region.py", line 44, in <module>
from openstack import proxy
File "/usr/lib/python2.7/site-packages/openstack/proxy.py", line 24, in <module>
from openstack import resource
File "/usr/lib/python2.7/site-packages/openstack/resource.py", line 49, in <module>
from openstack import utils
File "/usr/lib/python2.7/site-packages/openstack/utils.py", line 13, in <module>
import queue
ImportError: No module named queue
原因:
queue的包已经变更为Queue……
所以在所有引用到queue的地方都得更改为引用Queue
解决:
将所有 import queue的变为import Queue as queue
vim /usr/lib/python2.7/site-packages/openstack/utils.py
vim /usr/lib/python2.7/site-packages/openstack/cloud/openstackcloud.py
# import queue
import Queue as queue
此时正常:
[root@openstack ~]# openstack server list
Missing value auth-url required for auth plugin password
配置kolla服务
systemctl enable docker
# 配置阿里云镜像减速器,可自行登录阿里云获取自己的加速器地址
vim /etc/docker/daemon.json
{
"registry-mirrors": ["https://qdugzrq8.mirror.aliyuncs.com"]
}
systemctl daemon-reload
systemctl start docker
cd /etc/systemd/system
mkdir docker.service.d
cd docker.service.d
vim kolla.conf
#新增文件内容:
[Service]
MountFlags=shared
#新增文件E
systemctl daemon-reload
systemctl start docker
#测试docker是否正常
[root@openstack ~]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS
NAMES
建立私有仓库(为deploy环节增加成功率,后续多节点部署也能方便很多)
docker pull registry:2
# 设置私有仓库重启就自动启动,并且设置4000端口给它(openstack占用了5000端口)
docker run -d --name registry --restart always -p 4000:5000 docker.io/registry:2
此时此刻,访问对应的网址,就会显示私有仓库的内容(目前还没有push东西上去)
本地私有仓库
调整globals.yml,让deploy拉取私有仓库的镜像
vim /etc/kolla/globals.yml
docker_registry: 127.0.0.1:4000
docker_namespace: "kolla"
这里最好使用私有仓库,否则网络问题会让你的部署一直失败……
拉取kolla和kolla-ansible代码
[root@openstack ~]# mkdir test
[root@openstack ~]# cd test/
[root@openstack test]# git clone https://gitee.com/weiyibo/kolla.git
[root@openstack test]# git clone https://gitee.com/weiyibo/kolla-ansible.git
# 这里拉取的代码是openstack-train稳定版本,我为了方便自行在gitee上建立了新仓库
[root@openstack test]# cp -r ~/test/kolla/* .
kolla配置globals.yml、kolla-genpwd生成password.yml、设置密码
#### 前期准备
mkdir -p /etc/kolla
cd /etc/kolla/
cp -r /usr/share/kolla-ansible/etc_examples/kolla/* .
vim /etc/kolla/globals.yml
# 修改:
kolla_base_distro: "centos"
kolla_install_type: "source"
openstack_release: "train"
kolla_internal_vip_address: "192.168.140.97"
network_interface: "enp0s3"
neutron_external_interface: "enp0s8"
# 将multinode与all-in-one的配置文件放入~目录下
cd ~
cp /usr/share/kolla-ansible/ansible/inventory/* .
cd kolla-ansible/
pip install -r requirement.txt
cd kolla/
pip install -r requirement.txt
# 踩坑
ERROR: Could not find a version that satisfies the requirement GitPython<2.1.12,>=1.0.1 (from -r requirements.txt (line 7)) (from versions: none)
ERROR: No matching distribution found for GitPython<2.1.12,>=1.0.1 (from -r requirements.txt (line 7)
原因:
GitPython的版本发布有问题(作者账号曾经被盗了?神奇),而且依赖的gitdb也有问题。
直接使用Python3安装就能解决一切问题。
解决:
# 安装python3
yum install -y python3 python3-devel
cd ~/kolla/require_item/
pip3 install GitPython-2.1.12-py2.py3-none-any.whl
pip3 install gitdb-4.0.1-py2.py3-none-any.whl
生成密码
kolla-genpwd
cd /etc/kolla/
vim passwords.yml
# 修改密码:
keystone_admin_password: admin
设置ansible
vim /etc/ansible/ansible.cfg
# 修改内容
forks = 100
host_key_checking = False
pipelining = True
设置nova
设置虚拟化,否则openstack无法创建虚拟机(因为不是部署在物理机上,是部署在docker上)
mkdir -p /etc/kolla/config/nova
cd /etc/kolla/config/nova
vim nova-compute.conf
[libvirt]
virt_type = qemu
cpu_mode = none
kolla-ansible 安装openstack
利用prechecks检查
kolla-ansible prechecks
# 若检查无问题,则拉取镜像
kolla-ansible pull
# 因为网络问题,很容易出现拉取失败的情况……多拉几次,直到全部成功为止
推送镜像至私有仓库中
a="kolla"
b="127.0.0.1:4000"
推送镜像到私有仓库 修改tag:
for i in $(docker images |grep $a | awk '{print $1":"$2}');do echo $i;docker tag $i "$b$(echo $i | awk -F '.io' {'print $2'})";done
推送:
for i in `docker images |grep $b | awk '{print $1":"$2}'`;do echo $i;docker push $i;done
deploy部署
# 若pull完成后,可直接部署
kolla-ansible deploy
初始化
[root@openstack ~]# openstack server list
Missing value auth-url required for auth plugin password
[root@openstack ~]# kolla-ansible post-deploy
[root@openstack ~]# source /etc/kolla/admin-openrc.sh
[root@openstack ~]# openstack server list
# 显然,现在我们还没有openstack实例
创建openstack实例
配置初始化参数
[root@openstack ~]# vim /usr/share/kolla-ansible/init-runonce
将以下内容注释,因为后续操作不会让操作网联通外网,创建实例时就不用拉取cirros镜像。
# Let's first try to see if the image is available locally
# nodepool nodes caches them in $IMAGE_PATH
#if ! [ -f "${IMAGE_PATH}/${IMAGE}" ]; then
# IMAGE_PATH='./'
# if ! [ -f "${IMAGE_PATH}/${IMAGE}" ]; then
# echo None found, downloading cirros image.
# curl -L -o ${IMAGE_PATH}/${IMAGE} ${IMAGE_URL}/${IMAGE}
# fi
#else
# echo Using cached cirros image from the nodepool node.
#fi
#openstack image create --disk-format qcow2 --container-format bare --public \
# --property os_type=${IMAGE_TYPE} --file ${IMAGE_PATH}/${IMAGE} ${IMAGE_NAME}
# 修改网络:
ENABLE_EXT_NET=${ENABLE_EXT_NET:-1}
EXT_NET_CIDR=${EXT_NET_CIDR:-'192.168.150.0/24'}
EXT_NET_RANGE=${EXT_NET_RANGE:-'start=192.168.150.150,end=192.168.150.199'}
EXT_NET_GATEWAY=${EXT_NET_GATEWAY:-'192.168.150.1'}
切换外网
1、修改windows下注册表内容,控制共享网络的ip信息
计算机注册表地址:\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters
修改注册表
ScopeAddress:192.168.150.1
ScopeAddressBackup: 192.168.150.1
并将共享网络切换给VMnet2网卡:
共享网络给VMnet2网卡
运行脚本创建实例
bash /usr/share/kolla-ansible/init-runonce
# 另一张网卡不用人工打开,这里会直接部署网络在指定的网段范围
大功告成
image.png
而且openstack创建的虚拟机也能访问外网
创建的实例访问外网
后续发现的常见问题与解决思路
虚拟机重启时,会出现无法正常开启网络的情况
自行查看日志会发现是ens33网卡开启失败:
Error: Connection activation failed: No suitable device found for this connection (device lo not available because device is strictly unmanaged).
思路:
我只重启,并未动过任何网络配置。
排除MAC地址不对应的问题。
猜测是和NetworkManager起冲突了……一试还真就这样……
去了解下资料得知:
Centos上有network和NetworkManager这两套网络管理工具,之前我们配置了network(手动配置静态ip地址),但是NetworkManager的并没有配置……难怪不少高手在部署centos时都要彻底关掉NetworkManager服务
解决办法:
chkconfig NetworkManager off
chkconfig network on
service NetworkManager stop
service network start
openstack所创建的虚拟机无法ping通dns服务器
问题:
问题
即,能ping通内部网关,除了不能上外网外一切正常。
思路:有可能是neutron_linuxbridge_agent组件出现问题。
解决办法:
# 控制节点中:
docker restart neutron_linuxbridge_agent
网友评论