OpenStack Yoga 双节点部署 ubuntu
序言
我将采用Ubuntu20.04作为环境进行搭建,由于不同版本系统对应不同openstack版本,估推荐读者采用与作者相同的版本。在部署的过程中遇到问题推荐阅读官方的英文文档,因为英文文档是持续更新的文档。
1.环境设置
1.1基础环境测试
| controller | 外网:192.168.100.193 内网:192.168.25.20 hostname: controller |
|---|---|
| compute | 外网:192.168.100.194 内网:192.168.25.30 hostname: compute |
设置hostname命令
#controller 执行以下命令
hostnamectl set-hostname controller
#compute 执行以下命令
hostnamectl set-hostname compute
#验证hostname 输入以下命令输出对应设备hostname (两台设备执行)
hostname
设置hosts (两台设备操作)
vim /etc/hosts
127.0.0.1 localhost
192.168.25.20 controller
192.168.25.30 compute
连通性测试
# 从controller发送ping命令连通外网
ping -c 4 www.baidu.com
# 从controller发送ping命令连通compute
ping -c 4 compute1
# 从compute发送ping命令连通外网
ping -c 4 www.baidu.com
# 从compute发送ping命令连通controller
ping -c 4 controller
1.2 NTP时间同步
在controller上执行以下命令,从阿里云的NTP服务器上同步时间
apt -y install chrony
# 备份NTP服务的原始配置文件
mv /etc/chrony/chrony.conf /etc/chrony/chrony.conf.bak
# 编写一个空的配置文件
vim /etc/chrony/chrony.conf
--------------------
server ntp.aliyun.com iburst
allow 192.168.25.0.0/24 #允许192.168.25.0网段服务器从本节点同步时间
再配置compute的NTP服务,从controller节点拉取时间。
apt -y install chrony
# 备份NTP服务的原始配置文件
mv /etc/chrony/chrony.conf /etc/chrony/chrony.conf.bak
# 编写一个空的配置文件
vim /etc/chrony/chrony.conf
--------------------
server controller iburst
#重启系统的ntp服务
service chrony restart
校验NTP服务是否连上正确的服务器
两台节点都执行如下命令
chronyc sources
1.3 为所有节点配置openstack包
openstack每半年发布一个新版,版本号从A-Z。
以下的命令请在controller和compute上都执行(所有的openstack节点都要安装openstack包!!!)
# 添加yoga的官方apt源
add-apt-repository cloud-archive:yoga
# 安装nova计算组件
apt -y install nova-compute
# 安装客户端
apt -y install python3-openstackclient
1.4 controller节点安装数据库
官方指南推荐使用mariaDB,这一步安装操作只在controller上执行。官方说明
# Ubuntu 20.04 安装以下包
apt -y install mariadb-server python3-pymysql
# Ubuntu 18.04 or 16.04 安装以下包
apt install mariadb-server python-pymysql
创建并编辑/etc/mysql/mariadb.conf.d/99-openstack.cnf文件并完成以下操作:
-
创建一个
[mysqld],并将bind-address` key设置为控制节点的管理IP地址,以供其他节点通过管理网络访问。设置附加键以启用有用的选项和 UTF-8 字符集:[mysqld] bind-address = 10.0.0.10 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
重启数据库服务
service mysql restart
通过运行脚本来保护数据库服务mysql_secure_installation。
mysql_secure_installation
# 我设置了mariaDB的root密码是123456,并取消了mariaDB的远程登录功能(一路Y的时候有一步就是取消远程登录)
1.5 controller 安装消息队列服务
官方支持的消息队列有RabbitMQ、Qpid和ZeroMQ。推荐使用rabbitMQ。官方文档
以下命令在controller上面执行
# 安装rabbitMQ
apt -y install rabbitmq-server
# 给rabbitMQ添加openstack用户和密码(我设置了密码123456)
rabbitmqctl add_user openstack 123456
# 开放openstack用户的设置+读+写权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
1.6 controller 安装内存缓存服务
对于 18.04 之前的 Ubuntu 版本,请使用:
apt install memcached python-memcache -y
对于 Ubuntu 18.04 及更高版本,请使用:
apt install memcached python3-memcache -y
编辑该/etc/memcached.conf文件并将服务配置为使用控制器节点的管理 IP 地址。这是为了允许其他节点通过管理网络进行访问:
-l 192.168.25.20
1.7 controller节点安装etcd存储器
以下操作在controller节点上运行。
安装etcd
apt -y install etcd
配置etcd,将本地ip配置进去
# 安装etcd
apt -y install etcd
# 配置etcd,将本地ip配置进去
vim /etc/default/etcd
-------------------------
ETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.10:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.10:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.10:2379"
# 重启服务并设置开机自启动
systemctl restart etcd
systemctl enable etcd
1.8 小结
至此,基本环境安装完毕。
2. yoga版本最小启动服务
2.1 本章节概述
想要安装一个可用的openstack,至少安装以下几个服务
• Identity service keystone installation for Yoga(Keystone认证服务)
• Image service glance installation for Yoga(Glance镜像服务)
• Placement service placement installation for Yoga(Placement接口服务)
• Compute service nova installation for Yoga(Nova计算服务)
• Networking service neutron installation for Yoga(Neutron网络服务)
其他的推荐安装服务:
• Dashboard horizon installation for Yoga(Horizon用户网页面板服务)
• Block Storage service cinder installation for Yoga(Cinder块存储服务)
2.2 安装keystone
keystone 为整个openstack 环境提供认证服务,且采用http作为认证方式。
2.2.1 创建数据库用户
mysql -u root -p
Enter Password: 此处输入密码123456(之前安装mariaDB时设置的)
# 创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.001 sec)
# 创建一个keystone用户为了方便记忆将密码也设置为keystone,专门用于访问keystone数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 rows affected (0.001 sec)
# 退出mysql
exit;
Bye
2.2.2 安装配置keystone
apt -y install keystone
vim /etc/keystone/keystone.conf
-----------------------------------
[database]
# 注释其他所有数据
connection = mysql+pymysql://keystone:keystone@controller/keystone
[token]
# ...
provider = fernet
2.2.3 同步数据库并初始化fernet 密钥库
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2.2.4 运行keystone API
# 这个admin就是keystone的初始密码,你可以设置成别的。
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
至此,keystone的三个接口就运行起来了,web server是apache服务器。
2.2.5收尾操作
设置apache
vim /etc/apache2/apache2.conf
---------------------------
ServerName controller #没有就添加
# 修改完后重启apache
service apache2 restart
设置以下环境变量
export OS_USERNAME=admin
export OS_PASSWORD=admin # 这个就是之前运行API时候的bootstrap-password
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
配置域、项目、用户、角色
#逐条执行
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser # 为了方便记忆,密码也设置成myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
验证keystone是否安装成功
unset OS_AUTH_URL OS_PASSWORD
# 用admin用户尝试获取一个token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
# 随后提示输入密码,就是之前设置的admin
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2023-08-27T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
# 用myuser用户尝试获取一个token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
# 密码是myuser
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2023-08-27T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
在controller上编写两个凭证文件,以后就不用手动输入密码
mkdir ~/openrc
vim ~/openrc/admin-openrc
------------------------------------
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim ~/openrc/demo-openrc
------------------------------------
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
尝试加载admin-openrc试试
. ~/openrc/admin-openrc
openstack token issue
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2023-08-27T16:48:29+0000 |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
2.2.6 本章小结
至此,所有的keystone安装结束。
2.3 安装glance
yoga版本的glance组件的官方安装文档:
https://docs.openstack.org/glance/yoga/install/install-ubuntu.html
2.3.1 首先为Glance创建数据库
mysql -u root -p
Enter password: 123456
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 rows affected (0.001 sec)
exit;
Bye
2.3.2创建glance用户和项目
加载admin用户(这个用户在keystone安装时创建,所以不能跳)
. ~/openrc/admin-openrc
openstack user create --domain default --password-prompt glance # 这里要输入密码,方便记忆密码也设置成glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
2.3.3 下载安装并配置Glance
apt -y install glance
vim /etc/glance/glance-api.conf
------------------------------------
[DEFAULT]
use_keystone_quotas = True
[database]
# ... 原先这个database组下的已经有的所有配置删除或注释掉!!!
# 我注释了一行backend
connection = mysql+pymysql://glance:glance@controller/glance
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[oslo_limit]
auth_url = http://controller:5000
auth_type = password
user_domain_id = default
username = glance
system_scope = all
password = glance
endpoint_id = ENDPOINT_ID
region_name = RegionOne
给glance服务添加读权限
openstack role add --user glance --user-domain Default --system all reader
同步配置到数据库
su -s /bin/sh -c "glance-manage db_sync" glance
重启glance服务
service glance-api restart
2.3.4 验证glance
验证安装是否成功
. ~/openrc/admin-openrc
下载一个cirros镜像用于测试
apt -y install wget
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img -O ~/cirros-0.4.0-x86_64-disk.img
glance image-create --name "cirros" --file ~/cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public
+------------------+----------------------------------------------------------------------------------+
| Property | Value |
+------------------+----------------------------------------------------------------------------------+
| checksum | d41d8cd98f00b204e9800998ecf8427e |
| container_format | bare |
| created_at | 2023-08-27T05:01:27Z |
| disk_format | qcow2 |
| id | 76d504e7-8b0b-4fc3-846c-6a14b7f86877 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| os_hash_algo | sha512 |
| os_hash_value | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
| | ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
| os_hidden | False |
| owner | 21d38e79032b46f5bf2ff1f65cf03b2e |
| protected | False |
| size | 0 |
| status | active |
| tags | [] |
| updated_at | 2023-08-27T05:01:27Z |
| virtual_size | Not available |
| visibility | public |
+------------------+----------------------------------------------------------------------------------+
查看激活镜像
glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| 76d504e7-8b0b-4fc3-846c-6a14b7f86877 | cirros |
+--------------------------------------+--------+
2.3.5 本章小节
至此,Glance安装成功了。
2.4 Placement安装
参考文档:https://docs.openstack.org/placement/yoga/install/
以下操作在controller节点上执行。Plancement是一个API和端口管理服务
2.4.1 创建数据库
mysql -u root -p
Enter password: 123456
MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';
Query OK, 0 rows affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';
Query OK, 0 rows affected (0.001 sec)
exit;
Bye
2.4.2 创建项目和用户
. ~/openrc/admin-openrc
openstack user create --domain default --password-prompt placement # 设置密码也是placement
openstack role add --project service --user placement admin # 将admin用户添加到placement
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
2.4.4 下载placement并配置
apt -y install placement-api
vim /etc/placement/placement.conf
------------------------------------
[placement_database]
# ...
connection = mysql+pymysql://placement:placement@controller/placement
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement
2.4.5 同步配置到数据库
su -s /bin/sh -c "placement-manage db sync" placement
重启apache
service apache2 restart
2.4.6 验证placement是否安装成功
. ~/openrc/admin-openrc
placement-status upgrade check
+-------------------------------------------+
| Upgrade Check Results |
+-------------------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+-------------------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+-------------------------------------------+
| Check: Policy File JSON to YAML Migration |
| Result: Success |
| Details: None |
+-------------------------------------------+
2.4.7 测试placementAPI
apt -y install python3-pip # 安装pip3
pip3 install --upgrade pip -i https://mirrors.aliyun.com/pypi/simple/# 升级pip3
pip3 install osc-placement -i https://mirrors.aliyun.com/pypi/simple/
openstack --os-placement-api-version 1.2 resource class list --sort-column name
+----------------------------------------+
| name |
+----------------------------------------+
| DISK_GB |
| FPGA |
| IPV4_ADDRESS |
| MEMORY_MB |
......
openstack --os-placement-api-version 1.6 trait list --sort-column name
+---------------------------------------+
| name |
+---------------------------------------+
| COMPUTE_ACCELERATORS |
| COMPUTE_ARCH_AARCH64 |
| COMPUTE_ARCH_MIPSEL |
| COMPUTE_ARCH_PPC64LE |
......
2.4.8 本章小节
至此,placement安装成功。
2.5 Nova安装
参考官方文档:https://docs.openstack.org/nova/yoga/install/controller-install-ubuntu.html
nova组件在controller和compute1上都要安装。
2.5.1 首先在controller上安装nova:
2.5.1.1 配置数据库:
mysql -u root -p
Enter Password:123456
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';
exit;
Bye
2.5.1.2 创建项目、用户、角色
. ~/openrc/admin-openrc
openstack user create --domain default --password-prompt nova # 这里设置nova用户的密码也是nova
openstack role add --project service --user nova admin # 将nova用户添加到admin组中变成管理员
openstack service create --name nova --description "OpenStack Compute" compute # 创建服务实体
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 # 提供API服务
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
2.5.1.3下载安装配置NOVA
apt -y install nova-api nova-conductor nova-novncproxy nova-scheduler
vim /etc/nova/nova.conf
----------------------------
[DEFAULT]
# ...不用注释已有配置
my_ip = 10.0.0.10
transport_url = rabbit://openstack:123456@controller:5672/
[api_database]
# ...该组中已有的配置全部注释掉
connection = mysql+pymysql://nova:nova@controller/nova_api
[database]
# ...该组中已有的配置全部注释掉
connection = mysql+pymysql://nova:nova@controller/nova
[api]
# ...该组中已有的配置全部注释掉
auth_strategy = keystone
[keystone_authtoken]
# ...该组中已有的配置全部注释掉
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[vnc]
# ...
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
2.5.1.4 将配置同步到数据库中
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
2.5.1.5 验证是否安装成功
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | dbc442b7-fc9c-4223-983a-3dc4fcd0b5e4 | rabbit://openstack:****@controller:5672/ | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
2.5.1.6 最后收尾,做一系列重启动作:
service nova-api restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
至此,controller的nova计算服务完成
2.5.2 compute安装
下面我们在compute1节点上安装nova服务,这个很重要,因为像compute1这种计算节点就是用来运行很多云服务器的,所以nova对于计算节点至关重要。
以下命令请在compute1节点上执行!!
2.5.2.1下载安装配置nova
apt -y install nova-compute
vim /etc/nova/nova.conf
-------------------------------
[DEFAULT]
# ...
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.20
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://10.0.0.10:6080/vnc_auto.html
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
2.5.2.2 重启nova服务
service nova-compute restart
如果重启失败,自行查看日志/var/log/nova/nova-compute.log。
大概率是compute1无法连接controller的消息队列服务
2.5.3 将compute1加到cell数据库
以下步骤在controller节点执行!!!
. ~/openrc/admin-openrc
openstack compute service list --service nova-compute
+--------------------------------------+--------------+------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+--------------------------------------+--------------+------------+------+---------+-------+----------------------------+
| 0d0f25ef-89e2-4acd-b578-7ad0a51e266e | nova-compute | controller | nova | enabled | up | 2023-08-27T10:15:42.000000 |
| b967a1ab-3328-457c-8ce1-f6eb8ff2b7dc | nova-compute | compute1 | nova | enabled | up | 2023-08-27T10:15:34.000000 |
+--------------------------------------+--------------+------------+------+---------+-------+----------------------------+
2.5.4 让controller节点同步刚发现compute节点的,同步到nova的cell数据库
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
每次添加新的计算节点 ,如compute2 ,compute3 ......
都需要在controller上执行这个nova-manage cell_v2 discover_hosts命令!
或者你可以一劳永逸,配置一个定时器,让controller定时去发现计算节点
vim /etc/nova/nova.conf
-------------------------------
[scheduler]
discover_hosts_in_cells_interval = 300
2.5.5 本章小节
至此,两台机器都安装完成了nova服务,并将计算节点添加到了控制节点。
2.6 Neutron安装
参考官方文档:https://docs.openstack.org/neutron/yoga/install/
最复杂也是难度最高的就是网络配置了,Neutron是openstack的网络组件。
2.6.1 controller节点网络。
网卡和主机名解析我们已经做过了。这里不赘述了,忘了就往前翻在文章开头。
2.6.1.1 创建数据库
mysql -u root -p
Enter Password:123456
MariaDB [(none)] CREATE DATABASE neutron;
Query OK, 1 row affected (0.001 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
exit;
Bye
2.6.1.2 创建用户和角色
. ~/openrc/admin-openrc
openstack user create --domain default --password-prompt neutron # 这里设置密码,密码设成neutron,方便记忆
openstack role add --project service --user neutron admin # 把neutron用户加到admin组
openstack service create --name neutron --description "OpenStack Networking" network # 实例化服务
openstack endpoint create --region RegionOne network public http://controller:9696 # 老样子,创建3大接口
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
2.6.1.3 下载、安装、配置neutron
apt -y install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent
vim /etc/neutron/neutron.conf
---------------------------------
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
# ...database组中已有的配置注释掉
connection = mysql+pymysql://neutron:neutron@controller/neutron
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
配置ml2组件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
-------------------------------------------
[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true
配置linux网桥
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
-----------------------------------------------------
[linux_bridge]
physical_interface_mappings = provider:enp0s3 # 这里的enp6s0是通向外网的网口名称,你需要根据你自己的实际填写,不能照抄我的。
[vxlan]
enable_vxlan = true
local_ip = 10.0.0.10
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置layer-3三层交换机代理
vim /etc/neutron/l3_agent.ini
-----------------------------------------
[DEFAULT]
# ...
interface_driver = linuxbridge
配置DHCP代理
vim /etc/neutron/dhcp_agent.ini
----------------------------------------------
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
neutron基本配置
vim /etc/neutron/metadata_agent.ini
-------------------------------------
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = metadata # 这是设置一个密码叫metedata,下一步会用到
再次配置nova,将上面的密码加入到nova
vim /etc/nova/nova.conf
----------------------------------------------
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata # 这里用到了上一步的密码
同步配置到数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
2.6.1.4 重启nova和neutron
service nova-api restart
重启neutron组件
service neutron-server restart
service neutron-linuxbridge-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
重启3层交换机
service neutron-l3-agent restart
2.6.2compute上安装配置neutron组件。
2.6.2.1 下载安装neutron
apt -y install neutron-linuxbridge-agent
2.6.2.2 配置neutron
vim /etc/neutron/neutron.conf
------------------------------------
[DEFAULT]
# ...不要把core_plugin = ml2注释了,有用的
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
[keystone_authtoken]
# ...已有的配置注释掉
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
配置Linux网桥
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
---------------------------------------------------
[linux_bridge]
physical_interface_mappings = provider:enp6s0
[vxlan]
enable_vxlan = true
local_ip = 10.0.0.20
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
2.6.2.3 配置compute节点上的nova组件
vim /etc/nova/nova.conf
--------------------------
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
2.6.2.4 重启nova和neutron
service nova-compute restart
service neutron-linuxbridge-agent restart
2.6.3 验证neutron是否安装成功
方法就是列出本机的neutron网络组件。controller上应该有四个,compute1上应该有一个。
在controller上执行
openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | None | True | UP | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | nova | True | UP | neutron-l3-agent |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
2.7 Horizon安装
参考官方文档:https://docs.openstack.org/horizon/yoga/
Horizon是个网页,让用户能自由的创建账号,创建虚拟机,规划网络等等一切云资源。
以下命令可以在controller上,也可以在compute1上执行。任意一个能连通controller的节点都能安装Horizon,但是我建议还是把Horizon安装在controller上,这样以后能随意的添加和删除计算节点。
apt -y install openstack-dashboard
配置Horizon
vim /etc/openstack-dashboard/local_settings.py
------------------------------------------------
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*'] # *表示允许任何外部主机访问Horizon,但是这样不安全,生产环境请写几台机器用户访问Horizon。
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST # 这个是Python的语法,字符串格式化输出。
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" # 新注册用户的默认角色和权限为普通用户
TIME_ZONE = "Asia/Shanghai"
通过 ip:5000可以访问Horizon,如果想换其他端口,则修改配置中的5000
vim /etc/apache2/conf-available/openstack-dashboard.conf
---------------------------------------------------------
WSGIApplicationGroup %{GLOBAL}
重启apache
systemctl reload apache2.service
验证是否安装成功:
评论区