美文网首页
Openstack学习笔记(四):其他组件的安装和配置

Openstack学习笔记(四):其他组件的安装和配置

作者: 邵胜奥 | 来源:发表于2017-03-31 00:30 被阅读0次

    Nova

    Nova,即计算服务,是OpenStack计算的弹性控制器。Nova可以说是整个云平台最重要的组件,OpenStack的其他组件依托Nova,与Nova协同工作,组成了整个OpenStack云平台。Nova服务包含了6个子组件,分别为:Nova API、Nova Cert、Nova Compute、Nova Conductor、Nova Scheduler、Nova Consoleauth以及Nova Vncproxy

    控制节点

    • 数据库配置
      [root@controller images]#mysql -u root -p000000
      create database nova;
      grant all privileges on nova.* to nova@'localhost' identified by '000000';
      grant all privileges on nova.* to nova@'%' identified by '000000';
      flush privileges;
      exit

    • 创建服务证书
      (openstack) user create --domain default --password 000000 nova
      (openstack) role add --project service --user nova admin
      (openstack) service create --name nova --description "OpenStack Compute" compute
      (openstack) endpoint create --region RegionOne compute public http://controller:8774/v2/%(tenant_id)s
      (openstack) endpoint create --region RegionOne compute internal http://controller:8774/v2/%(tenant_id)s
      (openstack) endpoint create --region RegionOne compute admin http://controller:8774/v2/%(tenant_id)s

    • 安装相关组件
      yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

    • 修改相关配置文件/etc/nova/nova.conf
      openstack-config --set /etc/nova/nova.conf database connection mysql://nova:000000@controller/nova
      openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
      openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
      openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
      openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_assword 000000
      openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
      openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
      openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
      openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
      openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
      openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
      openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
      openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
      openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
      openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.211
      openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
      openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
      openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
      openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
      openstack-config --set /etc/nova/nova.conf vnc vncserver_listen $my_ip
      openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ip
      openstack-config --set /etc/nova/nova.conf glance host controller
      openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
      openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
      openstack-config --set /etc/nova/nova.conf DEFAULT verbose True

    • 同步数据库配置,执行命令即可进行相关配置
      su -s /bin/sh -c "nova-manage db sync" nova

    计算节点

    • 下载安装nova计算节点的服务
      yum install openstack-nova-compute sysfsutils

    • 配置nova
      openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
      openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
      openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.211
      openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
      openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
      openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
      openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
      openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.212
      openstack-config --set /etc/nova/nova.conf DEFAULT verbose True
      openstack-config --set /etc/nova/nova.conf vnc enabled True
      openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
      openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ip
      openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
      openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
      openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
      openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
      openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
      openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
      openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
      openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
      openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
      openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
      openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
      openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
      openstack-config --set /etc/nova/nova.conf glance host controller
      openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

    • 测试本机是否支持cpu虚拟化,结果>0则支持,如果不支持需要在vmware里面进行设置
      [root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo

    Paste_Image.png
    • 启动compute服务并设置自启动
      [root@compute ~]# systemctl restart libvirtd.service openstack-nova-compute.service
      [root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service

    • 在控制节点上验证
      [root@controller ~]# nova service-list

    Neutron

    控制节点

    • 配置数据库
      [root@controller ~]#mysql -u root -p000000
      create database neutron;
      grant all privileges on neutron.* to neutron@'localhost' identified by '000000';
      grant all privileges on neutron.* to neutron@'%' identified by '000000';
      flush privileges;
      exit

    • 创建Neutron用户、角色、端点等
      [root@controller ~]# openstack
      user create --domain default --password-prompt neutron
      role add --project service --user neutron admin
      service create --name neutron --description "OpenStack Networking" network
      endpoint create --region RegionOne network public http://controller:9696
      endpoint create --region RegionOne network internal http://controller:9696
      endpoint create --region RegionOne network admin http://controller:9696

    配置网络选项

    openstack支持两种选项的网络部署模式,这里选择比较容易的提供者网络:

    • 提供者网络
      部署部署最简单的架构,只支持绑定实例到公共网络。没有自服务网络,路由器和浮动IP地址。只有admin或者其它特权用户可以管理提供者网络。

    • 自服务网络
      提供3层服务,支持绑定实例到自服务(私有)网络。demo或非特权用户可以管理自服务网络,包括路由器。路由器提供自服务网络和提供者网络之间的互通。同时,浮动IP地址提供从外部网络访问实例的能力,比如因特网。

    • 安装组件
      [root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset

    • 配置服务组件
      openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:000000@controller/neutron
      openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
      openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
      openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
      openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
      openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
      openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
      openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
      openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
      openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
      openstack-config --set /etc/neutron/neutron.conf nova auth_plugin password
      openstack-config --set /etc/neutron/neutron.conf nova project_domain_id default
      openstack-config --set /etc/neutron/neutron.conf nova user_domain_id default
      openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
      openstack-config --set /etc/neutron/neutron.conf nova project_name service
      openstack-config --set /etc/neutron/neutron.conf nova username nova
      openstack-config --set /etc/neutron/neutron.conf nova password 000000
      openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

    • 配置Modular Layer2(ML2)插件
      ML2插件使用Linux桥接机制为实例创建layer-2 (桥接/交换)虚拟网络基础设施。
      openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
      openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
      openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
      openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
      openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
      openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

    • 配置Linux桥接代理
      Linux桥接代理为实例创建包括私有网络的VXLAN隧道和处理安全组的layer-2(桥接/交换)虚拟网络设施。
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ens34
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini ecuritygroup enable_security_group True
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

    • 配置DHCP代理
      openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
      openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
      openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
      openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True

    • 配置元数据代理
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password 000000
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 000000
      openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True

    • 配置计算使用网络
      openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
      openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
      openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
      openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
      openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
      openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
      openstack-config --set /etc/nova/nova.conf neutron project_name service
      openstack-config --set /etc/nova/nova.conf neutron username neutron
      openstack-config --set /etc/nova/nova.conf neutron password 000000
      openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
      openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000

    • 完成安装并同步数据库
      [root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
      [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

    *重启计算API服务
    [root@controller ~]# systemctl restart openstack-nova-api.service

    • 启动网络服务并配置开机自启动
      [root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
      [root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

    计算节点

    • 安装组件
      [root@compute ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y

    • 配置通用组件
      openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
      openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
      openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
      openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
      openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
      openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
      openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
      openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

    • 在compute上配置网络组件:配置桥接代理
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ens34
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini ecuritygroup enable_security_group True
      openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

    • 配置计算使用网络
      openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
      openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
      openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
      openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
      openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
      openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
      openstack-config --set /etc/nova/nova.conf neutron project_name service
      openstack-config --set /etc/nova/nova.conf neutron username neutron
      openstack-config --set /etc/nova/nova.conf neutron password 000000

    • 重启计算服务
      [root@compute ~]# systemctl restart openstack-nova-compute.service

    • 启动linux桥接代理并设置自启动
      [root@compute ~]# systemctl restart neutron-linuxbridge-agent.service
      [root@compute ~]# systemctl enable neutron-linuxbridge-agent.service

    • 验证

    成功

    DashBoard

    • 安装软件包
      [root@controller~]# yum install openstack-dashboard

    • 编辑文件 /etc/openstack-dashboard/local_settings 并修改如下部分(可直接vi里面用/来搜索修改):

        在 controller 节点上配置仪表盘以使用 OpenStack 服务:
      
        OPENSTACK_HOST = "controller"
        允许所有主机访问仪表板:
        
        ALLOWED_HOSTS = ['*', ]
        配置 memcached 会话存储服务:
        
        CACHES = {
            'default': {
                 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
                 'LOCATION': 'controller:11211',
            }
        }
         注解
        
        将其他的会话存储服务配置注释。
      
        为通过仪表盘创建的用户配置默认的 user 角色:
      
        OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
        启用multi-domain model:
        
        OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
        配置服务API版本,这样你就可以通过Keystone V3 API来登录dashboard:
        
        OPENSTACK_API_VERSIONS = {
            "identity": 3,
            "volume": 2,
        }
        如果您选择网络参数1,禁用支持3层网络服务:
        
        OPENSTACK_NEUTRON_NETWORK = {
            ...
            'enable_router': False,
            'enable_quotas': False,
            'enable_distributed_router': False,
            'enable_ha_router': False,
            'enable_lb': False,
            'enable_firewall': False,
            'enable_vpn': False,
            'enable_fip_topology_check': False,
        }
      
    • 验证

    至此openstack简单部署成功!

    常见问题

    • 在下载安装nova的时候,会提示需要python-jinja2包,一般这个包好像都是centos7系统自带的,不知道我的为什么没有,需要到相关的镜像站下载。注意,这里的jinja2包一定不要下载错版本,因为百度上面搜索的出来排前面的都是openSUSE系统的版本,如果下载了openSUSE版本的python-Jinja2包,安装时候会提示缺少python-MarkupSafe,而如果再去找python-MarkupSafe的话,则会提示需要python2.7才能安装。对于centos7来说,python-jinja2和python-markupsafe都是小写的,所以即使系统已经安装了python-markupsafe,如果装错了版本还是会提示重新安装。

    • 执行下列命令时候会提示No handlers could be found for logger "oslo_config.cfg",不知什么原因,但是数据库表都已经创建。
      su -s /bin/sh -c "nova-manage db sync" nova

    • 在计算节点下载openstack-nova-compute的时候提示缺少python-libguestfs包,可以去相关镜像站的os目录下下载

    • 在计算节点启动compute服务的时候一直启动不了,查conductor的日志发现是5672端口的问题,5672端口是rabbitmq在使用,查rabbitmq的日志,发现原因是密码错误,查密码相关的配置,发现是controller节点的oslo_messaging_rabbit rabbit_password 000000项中的password写错了,修正后成功启动

    • 下载安装的时候缺少dnsmasq-utils和libxslt-python两个包,下载后重新createrepo即可

    相关文章

      网友评论

          本文标题:Openstack学习笔记(四):其他组件的安装和配置

          本文链接:https://www.haomeiwen.com/subject/oqatottx.html