|
|
在正式部署之前,需要对每个节点做如下配置和检查:1 | _$ x2 w2 Q- b, Y
: ^* m3 \; ?; N
配置 |openEuler 24.03 LTS SP1 官方 yum 源,需要启用 EPOL 软件仓以支持 OpenStack. m9 Y# b& Z& A+ I2 R
8 k; ~) ^+ J. b `2 `$ l. }yum update& t) m# d. o2 z9 D* X% z( \! S
yum install openstack-release-antelope9 [! b9 k5 [: e& B/ j) S' {
yum clean all && yum makecache
7 z7 E, G3 e7 g: ]注意:如果你的环境的YUM源没有启用EPOL,需要同时配置EPOL,确保EPOL已配置,如下所示。
* |, ]/ ~; O5 c$ g$ b% W
0 w' O( @; ]1 I9 {& ]( uvi /etc/yum.repos.d/openEuler.repo
0 J* O _! d! \' B$ ~$ U U8 }; C* C+ m+ _' o* E7 ~7 K
[EPOL]1 I0 [7 j! W7 S( {( S
name=EPOL
: v' i3 U9 Z- I3 dbaseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/
! C( Q5 _+ G2 \" Jenabled=1
3 Y9 H4 N. [# I' M$ I; I( Sgpgcheck=1
4 h& n) N% I, Z t, ?gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler
9 H, E0 `# C" U+ s& F2 [
1 G' G- v* | U) T; s) m) V) y) g
~, S$ e' P4 k修改主机名以及映射
2 j* o; P' t& Q) W
% n+ C8 p; {" h/ Q q4 i0 n! r每个节点分别修改主机名,以controller为例:& H5 E" L2 G# E! u7 [
# ?6 ^ E9 P; chostnamectl set-hostname controller* {% i* |) C/ Z
& H$ a; b6 D& J" g+ u" J
vi /etc/hostname
3 }7 v1 Z& l/ I内容修改为controller* C. [1 F( \ D5 q/ ?9 q" h
然后修改每个节点的/etc/hosts文件,新增如下内容:/ d6 b: e$ Q4 o3 x3 M
- C0 y+ a$ E9 z
192.168.16.2 controller2 C. b6 S2 _+ H. b. G; f
192.168.16.3 compute1+ m5 v) J" j# u: K/ W# T3 J6 ?! _
192.168.16.4 compute27 j& h% N. j! v7 F' y& c! R( |( N
时钟同步¶
) k" ^- ~/ y" U' ~* T9 d集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证。本文使用chrony软件。步骤如下:7 z- t T9 g+ h, D0 G* _
& l- C( g* M$ M# _" i" X
Controller节点:
- M k4 z/ O6 z2 O* O$ v3 a8 \5 X; c" C3 y B5 ^* V5 @' e
安装服务
# G( V5 P4 \0 o: T* W; qdnf install chrony' S7 j, ]. T4 y Y# w
修改/etc/chrony.conf配置文件,新增一行
! R! `+ b0 n. ^# 表示允许哪些IP从本节点同步时钟' K& o, w' Q1 u r/ s
allow 192.168.16.0/24
3 g0 s5 O; X* J( N- Y V) g. z重启服务
9 g% o; n6 K' q7 r2 H4 b# m; esystemctl restart chronyd
: }, ?5 F9 d) a% ]其他节点
# t) F! N% r1 ]
) k. ^" q- S z0 B- T安装服务$ F, q- X% t& g+ B. g
- p# w' ?3 k+ R8 ^dnf install chrony
* g2 w$ f7 Y+ l. E4 c, z# _修改/etc/chrony.conf配置文件,新增一行
~* R4 |$ U5 c6 ~, ]! g. @7 J, t
( `2 O" o) p9 w1 y1 @! M, q" W# NTP_SERVER是controller IP,表示从这个机器获取时间,这里我们填192.168.16.2,或者在`/etc/hosts`里配置好的controller名字即可。; l* k* ~# K X7 H+ x7 k* b0 S/ F
server controller iburst 0 k- A1 K$ V& |
同时,要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。 n z+ g; f$ O: E
! x- r# y* J2 Z0 v* A; _6 v重启服务
( W( W% r/ d7 r8 ?: L. k
; l$ J+ G! a$ S- y6 a! J# osystemctl restart chronyd
9 Q) G) ]5 A6 y+ I3 T Z/ Y* c配置完成后,检查一下结果,在其他非controller节点执行chronyc sources,返回结果类似如下内容,表示成功从controller同步时钟。9 d Z! [9 P, v8 F; V e
$ {* _3 Z. N" P' G( hMS Name/IP address Stratum Poll Reach LastRx Last sample
; c- U y' t) x4 ]===============================================================================
9 ?& M: |- v0 G' B0 X7 c, x^* 192.168.16.2 4 6 7 0 -1406ns[ +55us] +/- 16ms- ~4 q! x+ U+ ]! v- F& R% C2 v
安装数据库¶
# H6 T5 K$ S6 }数据库安装在控制节点,这里推荐使用mariadb。, a$ e! v: n2 G
: ~2 X2 R: ~1 x1 m% i, w) ]! f1 z安装软件包
( H7 t0 ]+ W( Q# ?$ Y; @: r( _
) {8 l) f4 g. `6 ?& ydnf install mysql-config mariadb mariadb-server python3-PyMySQL; }( v8 `/ K) r+ F* y
新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下- ~+ j, t6 ?4 |1 M7 ?! f
( k6 y1 l4 O% k/ a# M" U[mysqld]- @, Y" P) p* y+ E
bind-address = 192.168.16.2
0 S, `) z7 W" Q" kdefault-storage-engine = innodb; {1 r& ]5 Z' ~% ]9 e
innodb_file_per_table = on
! [- h% m4 O/ `, W) k& V3 kmax_connections = 4096
Q2 R7 _5 ~' l P( j" n& mcollation-server = utf8_general_ci
) q0 I- [; I/ ` i' [# x% tcharacter-set-server = utf86 c4 s# K3 E2 N
启动服务器9 g3 z& F6 q- J
) P* o) s* X8 ^" S2 |systemctl start mariadb
- T# w6 R- s& u9 _初始化数据库,根据提示进行即可
; e" p9 b- M- \0 Q. q; o9 }& S$ U' u; p' J1 @" p7 X; S
mysql_secure_installation# A q# Q' k9 J L
示例如下:; h l6 N7 u; h& c& D; O% D4 ~
6 H: O, Q4 N/ B# f, O b
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
4 s5 E4 r8 v5 Y( g SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!1 F* t( J" |( ~& d
3 u8 J7 A, ?# `1 c* L: y3 `1 @In order to log into MariaDB to secure it, we'll need the current. i) e8 q$ E2 R+ H( |' A+ g
password for the root user. If you've just installed MariaDB, and
0 ?# K, i0 |& N( b; r2 K. `haven't set the root password yet, you should just press enter here./ ?; C8 a$ q$ U6 |! j% R
* w; N/ G( }* R0 }Enter current password for root (enter for none): 0 P# V. u$ _( P8 J& q- C! R
7 t1 A* f2 ~, q- r#这里输入密码,由于我们是初始化DB,直接回车就行
2 P) f0 j4 w/ y* Y$ l% R. J3 W& m! ^' D$ H7 \1 `. j
OK, successfully used password, moving on...1 K/ d+ a! O/ m; t
3 ?! H/ y) ^- ^6 p; Y8 @
Setting the root password or using the unix_socket ensures that nobody3 `9 p* ^8 p# M- E/ p$ T
can log into the MariaDB root user without the proper authorisation.
E6 r: [( D2 N; C8 D! X+ y5 P" e1 f1 M# f% X
You already have your root account protected, so you can safely answer 'n'.
( @) b( g! V* M+ F% H( d+ G, j" a) L7 l
# 这里根据提示输入N* z# o, x& K9 O
& G: A( B7 O; ]" i) Q" q% J6 H" b
Switch to unix_socket authentication [Y/n] N/ A. {' F2 [ i h+ p9 _
- s. ^+ e" ?) f# V, q) kEnabled successfully!! k2 U: f$ A5 G0 Z* y
Reloading privilege tables..$ @4 V* [7 s8 R8 x
... Success!# I- w) H( M* d& x) F
" m4 Q4 G3 ~3 W, P# }- _; D" `0 \) X: J$ B0 [+ b# e
You already have your root account protected, so you can safely answer 'n'.8 N+ k( N; s- W% N% I8 V0 N6 C
2 o8 @* Q0 D* E# 输入Y,修改密码
3 h+ g/ I e" O5 ]
v# p" p! v$ f. IChange the root password? [Y/n] Y' w" @3 G/ [8 h: |
! c+ S+ U7 c* n4 ^/ T8 O
New password:
: G8 N( k a5 A* k1 [Re-enter new password:
: g3 z+ l- g: r N% y }/ ~( h, OPassword updated successfully!6 Y3 F7 s( R7 q- L
Reloading privilege tables..
: w0 ` l2 A; G4 H... Success!2 i0 g' `% O% v8 z% \% T8 l) q
; W- X8 L2 H: Q8 k3 J3 A y# b8 F- x
0 q: u5 C% D& U, `; y: @By default, a MariaDB installation has an anonymous user, allowing anyone$ _+ s5 o. w. `6 h0 g" N4 F
to log into MariaDB without having to have a user account created for
Y3 T% c+ J, S2 Nthem. This is intended only for testing, and to make the installation" r! a0 s3 z a) \# p O! E; m
go a bit smoother. You should remove them before moving into a
' Q$ D' b; r) I$ lproduction environment.2 G. r" \% l" ]7 }5 v, U
: N" }! {- K+ w8 W# 输入Y,删除匿名用户0 S& s7 k$ s, [6 c
4 e3 X& Z& |- x+ [( J# |/ tRemove anonymous users? [Y/n] Y: j r2 D& @- |9 Q. D9 d
... Success!7 d; b' p; ~4 Q/ s9 D8 ~4 f
: N' O) C$ \: X3 \Normally, root should only be allowed to connect from 'localhost'. This
! U9 R) Y; x2 C3 M+ F' Iensures that someone cannot guess at the root password from the network.# B; O) v5 f" M2 p
8 z' v) u. i6 I* m, S4 K4 o# 输入Y,关闭root远程登录权限
7 r3 m% x7 r5 F) V
, Q# J) i8 Y m5 ^Disallow root login remotely? [Y/n] Y
$ d+ V: _, W( {... Success!) d' z- X% O) [! ]$ W
$ H# D3 t6 f# GBy default, MariaDB comes with a database named 'test' that anyone can
& D$ `2 B- O% { c- Q( E& saccess. This is also intended only for testing, and should be removed5 V2 B, v7 x/ h; @4 a
before moving into a production environment.7 } p* r) }* Y0 o3 ?5 d
; c# g: z; F& \! Z- b# 输入Y,删除test数据库 J: `3 q0 a2 G% F3 C7 ~
5 {4 I, C2 e f6 O/ j- LRemove test database and access to it? [Y/n] Y- m: u1 T# I0 Z, F
- Dropping test database...
7 M" {- N& x7 K+ W... Success!8 y; D; ?. F: K: M
- Removing privileges on test database...
3 B7 ?8 k9 [% j' j' c1 Q... Success!" k2 P3 n. G [2 H3 Z' t; J
$ P' M0 g5 a0 H- I! S
Reloading the privilege tables will ensure that all changes made so far
" N @& h. d( G- u# k/ ywill take effect immediately.. a4 B* l* w, Q% i
( z# ~4 {2 W% f9 T2 Q) l# 输入Y,重载配置2 w4 z4 d' y- r: B
' k7 B& X0 g h9 K$ z8 B4 p" H A$ XReload privilege tables now? [Y/n] Y
2 K( f- y& k z9 j. _... Success!
% j3 b' @9 x N# B$ p! L
0 C X' A" l8 e8 t$ |8 \7 TCleaning up...
* O; n4 N S( o( L5 w; a1 D3 J4 s3 K0 o- N& e8 ]
All done! If you've completed all of the above steps, your MariaDB( w4 e0 F% O( ~6 p
installation should now be secure.
7 R4 |4 Y, f/ ~& ~; {- h验证,根据第四步设置的密码,检查是否能登录mariadb
+ Z9 s, |. v2 h" p- y- | }
5 p4 U' i& W( N8 @. ~% T/ lmysql -uroot -p' W- _7 I. m" x0 u& T$ w& T
即可直接登录数据库+ k/ J( z0 Q6 @
" b/ {* L7 p$ E8 g安装消息队列¶
7 g1 o- x8 L9 k* o" H8 J! X* M消息队列安装在控制节点,这里推荐使用rabbitmq。
! {' ]+ z, d' j9 U
# Z+ u# }: b6 l安装软件包
7 q5 U/ Z2 U7 M! _# q' W7 B) `dnf install rabbitmq-server
5 {5 i7 a$ \' W1 Z* Q! E. O6 D2 m' u启动服务
3 t! @, J, i9 `( f {# z% osystemctl start rabbitmq-server' K, S5 ?8 x3 t
配置openstack用户,RABBIT_PASS是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。: d" H8 o; E6 @2 C
rabbitmqctl add_user openstack RABBIT_PASS2 o2 ^! R0 k8 v8 X& {
rabbitmqctl set_permissions openstack ".*" ".*" ".*"4 [& R) x) L i! ]& s
安装缓存服务¶
`. Y0 [- b, }/ B) i消息队列安装在控制节点,这里推荐使用Memcached。3 C# d3 N3 e% z1 e' ?* m! x/ f3 ?) \! q# ]
: x- X Q0 i, W# a: O安装软件包
* H( S& l) U' Q) I, Ednf install memcached python3-memcached
' M: N# J/ @ f4 {1 M+ ~4 {修改配置文件/etc/sysconfig/memcached
$ i* h: T5 Q3 |+ R" yOPTIONS="-l 0.0.0.0,::1,controller"0 ]2 W5 g# I. T! P8 Z I
启动服务' s$ o9 a( g6 O% k! v3 W
systemctl start memcached) _& L A* i! D% d& G
部署服务¶
( N% E0 V4 s* |8 kKeystone¶
% T- O& r2 E0 M( jKeystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。
( ? q" x4 `6 D8 v7 G9 p
x3 b/ L1 |# B) d创建 keystone 数据库并授权# v7 Q' t: c3 K! f4 V' d
# N3 G& c5 a7 M+ i V0 e3 i
mysql -u root -p
6 t# ~* s% V# S5 i! W. S
0 q3 x/ N/ s4 KMariaDB [(none)]> CREATE DATABASE keystone;8 }5 j2 |) I+ X# M
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
& `; e4 m: e$ m5 n9 ~ s7 KIDENTIFIED BY 'KEYSTONE_DBPASS';
3 t. w9 ^8 r6 oMariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \' |* z. l+ J. y+ v+ C/ j
IDENTIFIED BY 'KEYSTONE_DBPASS';
& h4 ?: _1 p0 T( [7 G$ X8 SMariaDB [(none)]> exit
2 |9 c0 F0 P, C4 y4 X注意- ^: g/ [0 A/ P1 d# K
- R8 v, N8 a2 K$ F替换 KEYSTONE_DBPASS,为 Keystone 数据库设置的密码 (一般可用opessl 或者uuidgen方式生产复杂密码)/ G( t! y3 o3 @+ S3 X$ x0 y9 t5 |; ]+ q
2 i( l) k) P: {& A0 {* ~9 V安装软件包
: k# F) e+ _0 }+ |( b- z4 r+ |
K' I2 ?$ s- b: l( U( w9 ^dnf install openstack-keystone httpd mod_wsgi x+ v/ N: j4 T
配置keystone相关配置
2 a8 ^% H n, h8 k4 Y) G) e( R9 k* a' l( m9 k% c# d% m3 R
vim /etc/keystone/keystone.conf
9 v( G- o/ t9 [7 I8 g% t+ q, Y
[database]1 ~9 r" o. K/ m. |6 D- U
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
) x& U3 F) }( B! v: u% ~% g: g# n. R: Z/ P. ~: D4 c0 w4 i
[token]! m1 O% u0 M1 J" @/ U) O" n! }
provider = fernet
# }# ^: C7 C N8 Q* b3 I8 [
6 t' v# p6 ^& w( [8 q3 f! `* O U
) C( Q; `6 r A. X& J解释
* D3 H; Z$ T4 k! B: ~0 M+ n) i% u2 ]2 v' i$ s
[database]
# V8 t4 d4 D# v% u) D+ e部分,配置数据库入口4 P, s, O$ c* x4 f0 `, q; Y& l
# H3 s# G: @& I
[token]1 B3 V5 d# d; w$ P+ u4 }; E
部分,配置token provider
6 n' J; U4 f7 s" ?
$ F* U0 \& R1 I; B. t0 {# y z: f* `
同步keystone数据库
. p! e) Z/ Q( r: K* D# `6 L8 n0 T* s; K% T
su -s /bin/sh -c "keystone-manage db_sync" keystone3 k, ]! a% `+ ]8 R) B& ~$ P$ B
6 A }) ] B# s8 X3 r" x+ l
初始化Fernet密钥仓库, e/ a, ~1 T6 M) g7 ?
- g8 d7 c7 J+ d( J4 e8 i2 u0 d# F
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone4 `1 g8 w& h* e1 l1 G/ @9 N# {6 D0 E
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone7 I+ I2 k4 B: c
1 a/ H9 m% E+ d$ i5 l' K启动服务/ H# {1 u D0 i2 f% R5 y; U
这两种方式都可以:
0 @4 G& m+ J7 K: hkeystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
3 u. \5 z8 H8 f
/ v+ E( ^4 `& j4 b! ikeystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000 --bootstrap-internal-url http://controller:5000 --bootstrap-public-url http://controller:5000 --bootstrap-region-id RegionOne
' m$ j" d8 l# n s2 J- K5 w注意- e& e" V( C3 N' x
! E7 y! W, h; [9 G8 `2 e7 q替换 ADMIN_PASS,为 admin 用户设置密码
0 Q2 b" t/ m. L5 V0 P9 k0 h2 b# D4 q$ ~3 ?
配置Apache HTTP server
9 N+ q5 z& k8 i+ o. U5 j7 Z5 Y5 }/ G5 t- X
打开httpd.conf并配置
2 G5 K" ~4 _1 |& f, f
" u7 u9 `) r& k7 i! I#需要修改的配置文件路径5 m- t% M" b3 t: ^
vim /etc/httpd/conf/httpd.conf
" w: ^7 I4 c3 p- o: `8 F
: G/ w/ K1 G- R' l0 g#修改以下项,如果没有则新添加
! A _" R% N: Q" ^ServerName controller
- r: P6 D( t9 z6 \2 m创建软链接) z) E! r3 B7 ^* `/ E' e7 H
0 M Q* |8 w/ b- V) C0 R( s5 f
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/$ V4 @. k* k2 y, C, I. \ @7 o: k
解释
0 ?" f; Y" g& f' W. j0 t) j: t8 b* ~; |8 y2 s2 O- `
配置 ServerName 项引用控制节点
: @* T. `5 d% { K$ }3 `/ [3 _7 f( V3 z* A) H0 d
注意 如果 ServerName 项不存在则需要创建
5 B, |6 N9 I! l6 D' c+ ~% M' Z& X4 B
启动Apache HTTP服务
+ t% j: o5 ]! S( R, o; K* F- m' S7 G; a$ j7 q% L; t+ N- l
systemctl enable httpd.service
4 A. }4 h6 b& W1 w- _1 h5 r( Ksystemctl start httpd.service0 T: z; E2 f; p% c& t3 _" U, m9 C
创建环境变量配置
# Y6 \) W' V% g1 o/ \2 ~
7 v2 {( V7 j/ J0 X% f: t) n+ gcat << EOF >> .admin-openrc
! y: z+ n/ v) I/ B. H- [' x5 ~# M+ w: iexport OS_PROJECT_DOMAIN_NAME=Default
4 c& \! T0 _& b( e' ~export OS_USER_DOMAIN_NAME=Default
3 s. Q0 {. k5 F0 fexport OS_PROJECT_NAME=admin* n& D2 w P1 k+ {1 i" t+ X; B
export OS_USERNAME=admin _4 l+ W% B4 H
export OS_PASSWORD=ADMIN_PASS0 Q' r8 h5 Y7 c4 s
export OS_AUTH_URL=http://controller:5000/v3
! Z; I% m, R! W' ^, @! J3 Vexport OS_IDENTITY_API_VERSION=36 R2 a g; Y$ F1 E' u0 V6 t0 m
export OS_IMAGE_API_VERSION=2
( F2 z4 h* q! F" b. S1 ]EOF
" i4 h4 L! c; ~! c3 D. \9 c, G7 U: v! j% u( i6 I. n: t5 P- e
注意& z& ~. h# v( u1 F7 ^
' G9 h1 F' ^% g l" j0 l2 }& C替换 ADMIN_PASS 为 admin 用户的密码7 K8 R! O1 b3 u6 A2 P2 { R4 f" ]+ {0 S
6 P! |; m: ~9 y1 X$ H9 Y" e: @: @
依次创建domain, projects, users, roles
- K* |0 t% U, |9 @' I8 I4 k
! Q7 }$ L3 ^" j. v
- t4 \" _3 r) k) m/ j! J9 a9 w需要先安装python3-openstackclient1 ?4 M9 p& |+ h9 L
( o8 ?* f" }1 {2 ]0 X
dnf install python3-openstackclient
4 M: _/ c# }# e9 H
$ S1 J5 {( u3 F" p1 b* [导入环境变量
2 ]3 ]/ \/ B( O6 O" o" d7 E. C& n f# b. K, T3 R
source ~/.admin-openrc+ z9 h2 D" h6 v
创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建+ f% G9 d% n& V
2 L5 ]7 ?+ A7 L0 Z, Oopenstack domain create --description "An Example Domain" example
: C1 ^ M; z4 ?* F3 h, s
+ v9 c4 [6 G' u6 D |' hopenstack project create --domain default --description "Service Project" service
. f0 c7 y1 {1 }* F n/ a6 ?4 T) u% W3 Y, C# \' O' v" o6 R
创建(non-admin)project myproject,user myuser 和 role myrole,为 myproject 和 myuser 添加角色myrole
9 \1 W" `$ ~6 c' T9 b9 r/ Q' o1 L* k% h9 U2 ^( _
openstack project create --domain default --description "Demo Project" demo# u2 z5 P. a, |# P5 @/ b
/ r. N: D, ^9 d3 {8 i" Eopenstack user create --domain default --password-prompt demo
[* P& f/ H% ~, iopenstack role create demo5 \5 d6 H; h- {3 z, n3 i2 t
openstack role add --project admin --user demo demo* U9 R8 M) a8 k( ~+ ]+ s3 E+ R: T
验证
" X+ s0 b2 x1 y3 k5 g; P1 u e
8 V1 `8 y4 U. n# S& q取消临时环境变量OS_AUTH_URL和OS_PASSWORD:
$ L6 P, @1 p6 P, I" J8 \0 e# B# q' g0 p
source .admin-openrc
5 y) b+ w# ^6 e/ L0 q) @& k1 Aunset OS_AUTH_URL OS_PASSWORD4 I7 d# P8 o( z% U: C9 Q, s, z
为admin用户请求token:
1 h. f5 q8 @: h" Y$ ?8 F
) l S7 Z- H- R" P; {2 D( |1 qopenstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
) e9 N& _& z" m _1 B8 c& a6 ?1 q. b/ G8 W; K/ u
为myuser用户请求token:
; Y! n: ~! q. s# V, T/ J5 H. F' a- x
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
7 r. L+ T7 s$ q* J; `# N) g) I3 e" B: C) |& Q3 ~6 W
安装Glance¶# ~; a; y7 _6 X% ^# o
Glance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。2 p5 T% u" k! y+ n6 G) Q2 f8 p+ |$ Z
, K# c( p) S1 C: a, p9 XController节点:2 B, ~) K. U' z. Y0 p6 A
- P& H: h- a' S. n$ q创建 glance 数据库并授权8 l7 L2 \% T& [9 C3 a/ T
/ B8 i7 D4 B; \9 j' O
mysql -u root -p* L3 L; A( f" {' t8 r
( R% B# C) L. W" Y
MariaDB [(none)]> CREATE DATABASE glance;) e4 y$ Z. ~1 S
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \3 a, q m% } m0 v" `" K: i
IDENTIFIED BY 'GLANCE_DBPASS';2 T; y5 S1 l2 C+ d9 K1 b* `9 G
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \: }; J x: p3 \6 ?& B( U: j
IDENTIFIED BY 'GLANCE_DBPASS';, Z, U. Q5 m! g+ c2 _+ V
MariaDB [(none)]> exit
$ v1 i, o: v4 m2 K K注意:
! r; e0 C5 h1 V2 \; s/ ~, R. r6 v1 B: f1 ^5 L4 T# H; z1 J" @. ?1 W
替换 GLANCE_DBPASS,为 glance 数据库设置密码
$ K, I1 P7 u( C/ B Q' \( F8 p1 V1 o6 U1 x; t. t6 G) ?
初始化 glance 资源对象
4 [; R4 O5 |0 a2 C9 ]+ X6 z
, x0 x b& ]4 r导入环境变量1 w, F9 p# T! f. Z. w
. { b4 s& A5 T. ?3 i( M
source ~/.admin-openrc
: b4 j3 ?; [4 |) V& q创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到GLANCE_PASS的地方替换成该密码即可。
6 a% G+ w2 N' l
) b* x) Q$ B6 a, W: u1 \7 _7 aopenstack user create --domain default --password-prompt glance" G1 N3 D; Y' L) M/ G2 m. w
User Password:
8 o% n7 N% J* z6 f4 D7 O& S% SRepeat User Password:
+ ^3 U; S" i, S添加glance用户到service project并指定admin角色:
; b3 W6 C& x7 u0 f F4 U$ @; \- c9 d" O) n$ S9 q3 q
openstack role add --project service --user glance admin: y+ o F* k- J/ G8 ~
创建glance服务实体:: d5 [! G7 f2 `2 @& N& ~7 D
4 \3 ~/ R0 [$ G# P
openstack service create --name glance --description "OpenStack Image" image$ d" W: Y1 B4 V5 w2 N! N3 ]
创建glance API服务:* q! G! i$ q5 ~- n! J
' A( X: L/ }5 W9 E
openstack endpoint create --region RegionOne image public http://controller:9292
1 U5 y* Y6 r& p2 {2 o1 F& ?openstack endpoint create --region RegionOne image internal http://controller:9292
5 Q0 {8 ~) u( ~4 _5 R, hopenstack endpoint create --region RegionOne image admin http://controller:9292
7 X# @5 }) q/ |安装软件包7 Q& N! l8 F) V
' M1 s- Y# M, L, m+ z
dnf install openstack-glance
, f$ g0 E2 t: O; P$ ?( {! R* }修改 glance 配置文件
]& y$ S- b; E/ q) ]
7 y9 L* Q0 w$ q- a! pvim /etc/glance/glance-api.conf6 U: I1 h/ ?8 ~6 l* ?, M
* \2 m3 }; j, ] H( g
[database]7 F9 j6 @ H* Y+ x- p% S
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
9 F6 |) x8 S3 k6 A. j6 l& f% C1 r; N1 r+ v d% I6 c
[keystone_authtoken]6 x% |, G# K6 S5 [
www_authenticate_uri = http://controller:5000 n0 o$ i- b7 X6 Q/ a
auth_url = http://controller:5000) Z Q9 Z$ E9 c; p' e, }
memcached_servers = controller:112116 R0 Z0 q/ W1 f4 I* z- N9 c) a+ W
auth_type = password: z2 y3 o: Y1 f6 C; |1 s
project_domain_name = Default
/ ]- I; I6 c7 v) m. w2 X2 V/ tuser_domain_name = Default
6 S0 ?+ u! H2 E" R% Q4 g8 _: Lproject_name = service: S: z0 G4 u0 [+ {2 x. f7 T3 r0 ]4 L! }
username = glance! D: b# L! V7 f/ m: t, @
password = GLANCE_PASS
. @- |) @) u$ t) Z2 }- A9 C$ q( o2 q
[paste_deploy]; Q) t1 q$ Y1 a/ B
flavor = keystone: L( j' i- X9 l' E1 z8 d6 C6 R* o' Z
3 v L- A2 v; H: S- E1 |[glance_store]2 N1 {3 x$ P9 ]
stores = file,http
! {3 H# p( T" K; |6 Ydefault_store = file* z, }" [" y4 B9 o* S+ I: y
filesystem_store_datadir = /var/lib/glance/images/0 }1 K) `& ^- q( b2 [: n
解释:
' y9 a2 s6 W0 s1 j& [! W: p, r4 y+ Q
[database]部分,配置数据库入口& }* \. n/ D" o& P' \; D! N; k) r, W
1 a. ?% ~3 K W$ g J" j$ v[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
% ~8 e3 F4 Y: Y* H( S" I3 T, c) P, E/ `2 c: y* P3 n
[glance_store]部分,配置本地文件系统存储和镜像文件的位置
: o* N5 p' A' \2 w" U4 t9 J% y' p0 M- `% x/ J
同步数据库
0 E" G6 a6 Q$ T/ s0 Z$ {9 z, p6 \/ V) H; g9 F" K. ~. v
su -s /bin/sh -c "glance-manage db_sync" glance2 K* k1 `- ], s4 V: M
启动服务:& a4 v! ?, r+ W& s( l, t1 Q
$ q# P& n/ \0 [- N6 P, e1 u
systemctl enable openstack-glance-api.service4 i6 v( L; l) N4 z% s
systemctl start openstack-glance-api.service
5 q( l" O6 v4 Y: g验证' g; Q; v; q# p' k+ L# m$ ]/ s
$ c4 |7 t7 `2 X2 n# ~; y! y
导入环境变量! J8 u8 I7 Q5 E- ]; ]
4 k# @1 L, e$ Y! f: ?% l3 O4 f+ V
sorce .admin-openrcu
& d* j5 b+ f! z下载镜像
# F7 R5 Q* q8 l; l; m, `; \
# r( }# n: m! u G- y \; {" ^x86镜像下载:
0 a( d, U" r, p( }, F, A' ]wget http://download.cirros-cloud.net ... 5.2-x86_64-disk.img
" C' n C# l- C) Q# A* H9 j, j) o
- B8 | [! v' x+ Garm镜像下载:
% E+ m* W I- C: F6 @1 ?: hwget http://download.cirros-cloud.net ... .2-aarch64-disk.img
5 m. y! ^$ t8 K1 G注意% a1 H- D: n# m- X [% N1 y8 f! B
0 p9 ~8 ?, x, v5 o% Y
如果您使用的环境是鲲鹏架构,请下载aarch64版本的镜像;已对镜像cirros-0.5.2-aarch64-disk.img进行测试。
$ k; `* S" e# g5 V/ j4 X ?( i, b* K- V: F# _
向Image服务上传镜像:& h& K& a0 g4 R7 q0 i+ Z) U
7 j( k4 Y p+ p2 q/ sopenstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.2-x86_64-disk.img --public cirros
( D: O* Y! X2 U% i: T, a. ^+ L' X确认镜像上传并验证属性:
( c) U, |0 e" T' }$ i6 s
3 C6 d! V! z* Q. f' e- W7 H* Kopenstack image list* o! m. n7 I! C( I+ P/ I$ e. W' o
) o+ D: i3 a/ Z
. L4 [8 a; j9 Q8 n% @Placement¶$ I2 _: A, q) d
Placement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。
( o8 U- d9 A0 ^5 `( a8 X* j( M
" R* d1 b/ `4 `: P4 }" D, q/ q安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。
. w$ C9 S. A1 w; g0 B3 R" Y* {) w' O7 z8 h T
创建数据库/ a6 r0 [- g8 J. H+ w1 X4 y; n
9 ?1 T" f; {- A# }& ]! v9 z使用root用户访问数据库服务:
3 y% w6 ?+ u0 c$ O7 \- Y7 o9 y' R: w. J
mysql -u root -p
# W) u6 P: N) t创建placement数据库: x: K9 s1 k$ y1 R
' K6 }8 |' `. r$ @ m/ X( `; U
MariaDB [(none)]> CREATE DATABASE placement;
5 C }& _# n7 M3 R' Q* A+ |授权数据库访问:! q/ S) B) L2 w7 q5 j
4 f; t- F7 x0 {" p! q
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
7 n2 r" m4 J2 [' n IDENTIFIED BY 'PLACEMENT_DBPASS';9 S* ?* Q. _# R- y
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
( F" ?% e# r$ Z- S" } IDENTIFIED BY 'PLACEMENT_DBPASS';) Z8 ]4 r" ]0 H% n4 F
替换PLACEMENT_DBPASS为placement数据库访问密码。1 W2 }) ?% C5 x, O
9 c+ g! N8 r- D退出数据库访问客户端:$ o# b" c, N( o, J C
2 y. B9 W+ O2 K0 Q( T" U$ @, r" p, U
exit$ |. o. c. Y) u2 O9 q
配置用户和Endpoints
) e$ c( v6 Z' o1 d& z, e5 N3 {3 @
source admin凭证,以获取admin命令行权限:) h. v. N/ g" Z. S! L" Y
1 v, c |: T" f1 s
source ~/.admin-openrc+ S9 u% \* o7 G, k! }5 ^' E3 \' o8 ~+ x& [
创建placement用户并设置用户密码:( m, R( _, k& V7 H
# v7 Z. q: U; A
openstack user create --domain default --password-prompt placement
V+ A& [ O; V$ ]; d# }
1 f4 G; h* r) I% HUser Password:
7 L2 Q, e8 w. {( j) URepeat User Password:
1 Q- L; q* w( \# z添加placement用户到service project并指定admin角色:9 T& R2 I' l( Y
+ U* i, _. N8 D e! {/ [5 I4 y
openstack role add --project service --user placement admin/ x9 q3 X8 H8 J" i" d
创建placement服务实体:9 S1 w" z: b9 s, w& Z+ @
3 I% u; R/ F. y3 j9 d- l
openstack service create --name placement --description "Placement API" placement
3 c$ g9 P& z1 Z& c) h/ y" R创建Placement API服务endpoints:' _1 w7 z0 w8 u2 v2 S+ D: S( d# t
- |& l8 L8 m# B* u, y6 h
openstack endpoint create --region RegionOne placement public http://controller:8778
) n" A+ a! X4 Y/ H2 N9 x& e: sopenstack endpoint create --region RegionOne placement internal http://controller:8778
3 W- I6 K1 Y, j7 x2 eopenstack endpoint create --region RegionOne placement admin http://controller:8778
* Q; L/ A& v# _4 e/ x安装及配置组件
3 E& C& x! \) \# A2 Z/ v( p" r" Z+ e' S. a# o3 [2 E
安装软件包:& r9 O6 L& `: g
0 x' F* V# E; u$ t* s6 ]+ `' Ydnf install openstack-placement-api
: B: k" X0 u1 N; |7 c: [% H编辑/etc/placement/placement.conf配置文件,完成如下操作:
& c3 K! \. L7 F1 Y( l, |: v! ]9 z5 H# K, }' z" N
在[placement_database]部分,配置数据库入口:7 p- G4 t) I5 A; d' I$ }
, Q7 J5 h$ G. k+ b- B
[placement_database]+ n2 _5 `0 ?, {0 ~9 J* Q
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' m' H1 {. O" L: X* a
替换PLACEMENT_DBPASS为placement数据库的密码。: `2 Y" l N( [! X/ \( I
, `& i9 @9 r1 a2 g( u
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:; H( l1 `% N' }- Q/ r
2 v& v% r) |, O3 `6 X# S8 p[api]
6 H8 @( b2 ~ Q7 [auth_strategy = keystone
; Z+ S% f6 {" p* U. R+ K' L# ?4 ~+ `# o* d; H; P9 o
[keystone_authtoken]) N& }: \7 a5 l. x2 Q
auth_url = http://controller:5000/v37 T* l" t: R8 }
memcached_servers = controller:11211
" X- ?5 i' [7 u9 Z6 tauth_type = password; h, Q; L0 M& r& ~! }9 `
project_domain_name = Default
9 a& d2 C* m$ O$ ]# Auser_domain_name = Default# f: Q3 P4 [0 \
project_name = service' H# D8 T* n; x6 E \
username = placement
- @0 A! H, }6 }+ f+ d3 t0 ^0 Ipassword = PLACEMENT_PASS! Q* b/ y3 R$ }: P
替换PLACEMENT_PASS为placement用户的密码。3 I( J# r$ [) P& |4 c
* B9 g, |6 c6 H5 R$ ~5 f数据库同步,填充Placement数据库:' ?/ M6 N3 B- D
) z( ~9 h- c* J) L1 _+ S
su -s /bin/sh -c "placement-manage db sync" placement
% B4 N- m; P! `4 y2 G% j; O启动服务' r! Q& o% w4 O6 g: R# r
6 t" V7 P$ f( w( \- X
重启httpd服务:
5 _6 \% C/ \; \! k6 v7 J
( D7 ]( k* Z3 n) p0 T6 b" bsystemctl restart httpd
% h7 S5 H8 W& N验证8 _% d& C3 s- x6 P
* @* f' t0 v+ B$ a
source admin凭证,以获取admin命令行权限
: C8 F" ~2 J/ t- {' G; H$ W9 b2 p! t
source .admin-openrc( a3 b9 S. B# l( D
执行状态检查:
7 C! x: K$ ]# Y: H, k7 T6 i& h6 m) _! M0 D
placement-status upgrade check0 Q4 M9 K9 C! }9 S1 F
+----------------------------------------------------------------------+0 t. y- Q! E7 D; f7 C
| Upgrade Check Results |
0 D+ z+ O9 M- k3 ~+----------------------------------------------------------------------+' a( \4 l t1 O0 j3 i* k
| Check: Missing Root Provider IDs |
0 W& ~5 M1 u% G6 p+ K| Result: Success |
( f5 V: F+ W$ B| Details: None |( m7 |6 R1 d6 y% E" i
+----------------------------------------------------------------------+
1 H" i: s& Z. m8 l% G| Check: Incomplete Consumers |
2 I) \5 x* Q6 c; @| Result: Success |5 I& C4 I; v2 Q+ y
| Details: None |
1 q0 l+ j6 t+ r+----------------------------------------------------------------------+
+ p R1 H% I& j# l5 K| Check: Policy File JSON to YAML Migration | Z- B0 G* q$ A, l6 ^% n0 O
| Result: Failure |/ p4 h; |) v" {# |6 Q8 J
| Details: Your policy file is JSON-formatted which is deprecated. You |0 e8 I' C' F* E( t0 U. Y8 R- S. J
| need to switch to YAML-formatted file. Use the |
/ v8 _" u& v! I# E* l' `| ``oslopolicy-convert-json-to-yaml`` tool to convert the |
6 B, }- ~9 b+ {3 { A! q% C) O' c, L| existing JSON-formatted files to YAML in a backwards- |
* M) {( G2 X+ c2 D/ J! C| compatible manner: https://docs.openstack.org/oslo.policy/ |
3 ?( n3 N$ A! m! Q( n0 k1 C. v| latest/cli/oslopolicy-convert-json-to-yaml.html. |" ~/ Q* Q6 C M4 a# R2 }
+----------------------------------------------------------------------+- G, d( Y8 N+ M: e) p0 d
这里可以看到Policy File JSON to YAML Migration的结果为Failure。这是因为在Placement中,JSON格式的policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示,使用oslopolicy-convert-json-to-yaml工具 将现有的JSON格式policy文件转化为YAML格式。6 J. o6 R+ y% f- G3 H4 L
% z8 R$ H( m. H+ goslopolicy-convert-json-to-yaml --namespace placement \+ ~) q; [) Y" V% j% H0 s9 Q( Q
--policy-file /etc/placement/policy.json \$ y9 s/ [* z. w* ]1 W8 K! H1 [, }3 x
--output-file /etc/placement/policy.yaml
" @7 Q- d! \; @5 x7 @* P8 L% U6 R% gmv /etc/placement/policy.json{,.bak}
. D/ Z7 Y7 v {: P* _% e# q1 S1 D- J0 x8 G4 O
注:当前环境中此问题可忽略,不影响运行。
, w7 D$ ~( z: M1 b& u
- K; B$ N4 i8 u7 R- H9 L+ Z; `/ c3 a2 k: n
) P: S* V4 V' e: U1 R' U
Nova¶
+ n( E2 O- w: v4 ?$ P, h1 M( sNova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。5 S1 Z# f B, Z" X: D. O7 X/ p6 C
5 F: ^) z+ ~7 c6 K
Controller节点9 `) C; `( s% o8 v
. {9 `9 D9 R5 x+ p5 E* Q
在控制节点执行以下操作。
5 Q. q& W* ?, ~9 m3 w) m, M f) @) O$ \! I% h
创建数据库
, ~# V$ t6 k6 v0 B; g* E& V
( G5 m1 Z% I9 G- `; `( F3 ]4 C! Z使用root用户访问数据库服务: O) ]' _9 f. {) b0 C' f! U! Y
1 g6 w( a5 `6 _8 u# B1 Gmysql -u root -p/ g1 y8 s& q4 B! N, P4 j' C% W- o
创建nova_api、nova和nova_cell0数据库: F9 l' f( x2 i
- b, J& u) p' r( h$ ZMariaDB [(none)]> CREATE DATABASE nova_api;9 Y; w( S! I; Y! _% o9 a5 C
MariaDB [(none)]> CREATE DATABASE nova;3 n' N4 t9 S7 I0 ^0 X9 _) n- @1 e
MariaDB [(none)]> CREATE DATABASE nova_cell0;" `9 e2 h4 C' g5 |, E* r1 U1 r0 q
授权数据库访问:
+ j, D$ @! u2 m" T
f4 W( N p# A& z7 L+ K( EMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
$ a8 ?" K. q' TMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';# C0 e& f4 M3 e7 R: D. r( V
3 i1 F, g8 o' T
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';0 [2 _' L; c1 t7 D" u" A3 M( l
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';, h! U4 C" h- |' V
4 e: ~5 }2 O) w* A/ `, AMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
9 p0 _! ^* V, {3 }* JMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
: z! C$ B- l( N4 C& c' t6 L- p! z! y
替换NOVA_DBPASS为nova相关数据库访问密码。6 ~4 W4 W- t9 z w, V
1 {& F" N7 I( D. e5 {7 Q. }: ]
退出数据库访问客户端:
0 v& o0 M9 k2 ]5 o1 x6 o! r9 I" _5 B3 `: }
exit6 H" ~$ P; K+ o# Z' W4 R) f0 q
配置用户和Endpoints7 x2 j& b5 A; T8 ?8 H @) A( j: i6 a: @
+ a, h w- G( q) D5 f! J! tsource admin凭证,以获取admin命令行权限:
" e% q( X( U2 J; W/ ]9 R+ G0 f; R: k1 I4 ^' y0 [
source ~/.admin-openrc- A* [- R& s* U* W3 v. Q
创建nova用户并设置用户密码:
E3 O" w w- s. L" f# R/ c* X- I- o
openstack user create --domain default --password-prompt nova
1 W) L. [7 T& M; f* R6 T* s4 n& O C' |4 {1 k* F" z, Q
User Password:
+ l! H, P2 n3 xRepeat User Password:, h0 Q$ }& p: q
添加nova用户到service project并指定admin角色:/ l7 b: ]5 D0 E, x: X, J
+ U3 t% z5 I, y( Q& ` w9 |
openstack role add --project service --user nova admin$ ~6 A. t( z9 m) O" j( W( X* L" r4 {
创建nova服务实体:% d X' k$ [- b8 u1 L
4 H$ n, {/ V* V: J& d& Dopenstack service create --name nova --description "OpenStack Compute" compute
W" q. q- y( ?, |创建Nova API服务endpoints:
$ a' T! M, j q$ T' _: X0 A }/ M6 E
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+ e0 n4 w, x/ v3 uopenstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
9 Y6 ^/ \" ?2 Q4 |2 k2 v: Popenstack endpoint create --region RegionOne compute admin http://controller:8774/v2.10 M; d6 z6 g0 T5 A- b
) Z( l; t; f- b9 P0 I5 f; `( I安装及配置组件5 w. O, T- i. b5 ^. `8 z' f+ o& j
6 w. U2 Y. k' G" I, P5 ~安装软件包:) k& V8 o4 V* I4 q! _
" c2 b) N1 A/ adnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler5 j, M6 K5 V* ~' u3 x
编辑/etc/nova/nova.conf配置文件,完成如下操作:! `, K, u( I' U( s2 P
$ L; M/ r& F( d
在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:( X, ] e7 j9 Y0 v* N2 O7 s* m$ X
- z( |+ H2 D, Q" q# z& \/ |
[DEFAULT]. R6 [" C: p x: I/ s& _+ k
enabled_apis = osapi_compute,metadata5 Q" P6 T! b- t
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/" ]0 ]# Z/ V+ ]
my_ip = 192.168.16.2( o; q S7 G' m- b9 |6 @) N" b# }. n
log_dir = /var/log/nova
$ B w- }+ R2 q* \+ T; ]state_path = /var/lib/nova- N, ?# p2 Z# q" P) ?1 Y; D, h9 U9 f
. @% S+ f2 E3 W7 t, E( g, e1 ]6 C替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
1 |. }7 f: _3 f3 V9 `5 L( e# A
" w$ |+ w2 c& G5 y' U4 z) O在[api_database]和[database]部分,配置数据库入口:! v: \* `1 e5 C8 \
, c- ]# z6 J |# j# ]0 M
[api_database]
6 c! n5 F6 e4 ^' v+ D- }connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api3 U ~3 W7 R. H4 Y7 M
; S( y1 w& @( M5 a5 m4 Z
[database]' j; F( W/ I3 k0 ]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova+ T9 r$ ^' V3 U2 B
替换NOVA_DBPASS为nova相关数据库的密码。
5 [/ B% N3 B9 P2 j) U# T2 @" E, `
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
2 N/ C F( A7 N N7 N0 _
# h9 f0 p; ]* c+ }0 n; ?[api]7 r- S0 x1 r1 r" W; o
auth_strategy = keystone" x% G; D" a1 {/ r5 W. D
! ~: `, J* B, `. @
[keystone_authtoken]
/ n7 R, c: P# bauth_url = http://controller:5000/v3
8 X y0 W. e) p+ |; C" N# g' |memcached_servers = controller:11211
0 r% c p8 w/ @* w' A3 wauth_type = password7 b! R2 w0 p/ U( D
project_domain_name = Default
5 ]: L7 D' i. luser_domain_name = Default* Q/ `! u: `2 X6 s4 V
project_name = service
' ?! j& \: z9 x& x+ m8 I( Rusername = nova) l2 n; O$ \" B& x7 {! K% A% `$ Z
password = NOVA_PASS" T$ Y, i5 F0 z9 S& y
替换NOVA_PASS为nova用户的密码。+ W, Y; ]& z! f. `# U3 f9 I3 [
7 d: Q9 }, {. p. I8 K8 e( M9 ?
在[vnc]部分,启用并配置远程控制台入口:
4 m5 q' Q% v9 s9 \, h# ]! T8 D* m7 ^4 h6 l# b- i, i6 [
[vnc]! d. S& ?6 U) A. d1 ]
enabled = true, V! S, s5 h. `) ^# |
server_listen = $my_ip controller 5 G3 Z- y( F/ c! F s# H3 s
server_proxyclient_address = $my_ip controller
% l; c* o6 S: j1 B. X( ~
! A h9 v5 Y5 n0 @$ o- Q; L/ @. ?. O在[glance]部分,配置镜像服务API的地址:9 z2 J) n0 G2 F( l9 @7 K: C
' Y2 O" R/ n- T+ ?. x5 S- i[glance]
' I4 L m2 W+ `3 T( Bapi_servers = http://controller:9292
6 M1 t3 n) Z5 t# B' ]% b. m0 J; B7 i! ^
在[oslo_concurrency]部分,配置lock path:1 M# ~- T2 B g- w; x( T
" w9 G. }8 `9 ^2 o. K! B( @. P
[oslo_concurrency]* r) V/ a' j9 W1 M. e& b% G* z
lock_path = /var/lib/nova/tmp
' P- ^$ R/ _2 _6 E w* ~[placement]部分,配置placement服务的入口:
; ^ _5 }: k% j) F7 C
1 t/ h1 l6 h$ z9 Q& |3 n8 X[placement]
! o4 S; ?* J7 ^1 bregion_name = RegionOne( g9 ~7 o# W: @& _: d# u2 ?
project_domain_name = Default
" F$ `. l' |! ~$ A$ oproject_name = service
5 [6 M) R: h( W4 X7 m; {' x6 i" Xauth_type = password
$ j, |9 f9 Q5 W3 `user_domain_name = Default, x* L x, d4 n1 K7 z O
auth_url = http://controller:5000/v3
) X6 @' Z* J- gusername = placement0 E1 V3 c- g& V n2 `$ T
password = PLACEMENT_PASS/ _# d" ]6 u" B* a( [
替换PLACEMENT_PASS为placement用户的密码。7 M5 s7 m1 P/ |" n
3 _9 S3 N# }! j) U5 h+ X) v% H数据库同步:
: D6 g* i* W3 |! t- ~
0 m3 H' Q* x* N/ C: a同步nova-api数据库:& d) R- n' q% g% g
3 ~1 ?" a& q* t: i" }5 [) }7 @% H
su -s /bin/sh -c "nova-manage api_db sync" nova% M$ o8 |" v* |9 m3 `" E4 S
注册cell0数据库:! `! Z+ |7 c& i8 T8 B
: e1 J* ^/ d: j2 s# \' Gsu -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
; ^7 J F, X+ U2 {) T% D创建cell1 cell:
" i& Q1 O) \) S* d0 }" z8 G
/ b5 K. I/ k) Y: s( E5 E Zsu -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova4 Z# ~7 o8 @& V: H: |" p: P
同步nova数据库:
* _, m+ X) X6 Y: r" l' \% L' c* s! t# \7 s8 r R8 j4 d1 `
su -s /bin/sh -c "nova-manage db sync" nova( J' [1 k' U1 U" I9 S# q6 Z5 G
验证cell0和cell1注册正确:
) ?( b: s0 R" K' K2 F
$ q* `: `5 p6 u) n' v& o! C Ksu -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
2 X. Q; w! P$ B- w2 b启动服务
1 l9 x6 D" ~. c7 i2 S F
& C( y& U6 F* |; v+ Q; Asystemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
" u" \4 f# K! ^- O, U6 ^% O7 w( Q" |
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
' r: q% K% T4 z, b/ }9 N2 Y
t" e7 i% C$ H7 [# ^Compute节点4 @; o) G& |, N0 O7 q9 W% v
7 D1 b3 w* E7 v' C ^/ N+ ~" m3 Q( y& m8 `
在计算节点执行以下操作。
, f( j( E/ i( C' v4 R/ f9 }4 e! D2 a9 w2 i6 C
安装软件包2 r; m9 C9 }, |. b4 w' e
; }! D; a. Y+ D% D4 Q1 odnf install openstack-nova-compute, m$ @7 h" m. G1 ]) E, G' }) c% A
编辑/etc/nova/nova.conf配置文件# [6 Q4 j, Y6 S' u
; c1 ~6 J0 {. h4 ?9 |' j& B m在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用Compute节点管理IP配置my_ip,显式定义compute_driver、instances_path、log_dir: C, n6 j" H) I; N+ ?& J8 V( I* C
3 X' b8 K' L J6 L
[DEFAULT]2 K" w) _, ?0 |% v# z
enabled_apis = osapi_compute,metadata
, N9 T& {2 a( x. B$ J8 Otransport_url = rabbit://openstack:RABBIT_PASS@controller:5672/" s1 N% _0 X( O
my_ip = 192.168.0.3
* \3 y3 z) ]0 X4 Dcompute_driver = libvirt.LibvirtDriver
5 W4 C. _6 n, N. ?instances_path = /var/lib/nova/instances8 `7 }8 A6 ]6 Z( h: ?1 f
log_dir = /var/log/nova3 I4 \* u4 V1 X% A! r6 m8 V! ~, S k4 I
替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
8 F' j5 ]% T& d. M/ D5 _5 H
0 x( r( }7 t' R3 w0 t- M2 J, |6 R在[api]和[keystone_authtoken]部分,配置身份认证服务入口:5 O3 F4 n6 T9 W% d4 r; p
2 a, o7 H7 j$ r% v0 z
[api]
7 o$ s) H7 D- q2 D0 Yauth_strategy = keystone- L/ _3 f- L# Q, j
" B9 _3 u8 `" {1 N" S: a) P[keystone_authtoken]
0 b( Y/ A) c& }. b2 Qauth_url = http://controller:5000/v3
5 I1 _: u# r. ~memcached_servers = controller:11211
' F! \- j' P6 Y5 @: G/ j) z5 [auth_type = password' G1 @# ~; k7 M' N6 r
project_domain_name = Default
$ H" ?8 X4 s8 B' Y, ?9 X0 u7 k9 Muser_domain_name = Default
) e- s7 d* f% {. hproject_name = service6 H9 t' ~6 w3 ~
username = nova
) ]- I* i7 G' d! Npassword = NOVA_PASS
; i# k# X2 M( \" D( d9 j0 W替换NOVA_PASS为nova用户的密码。
+ F" s. B7 Q% q! J V& `0 I P. c6 _/ _
在[vnc]部分,启用并配置远程控制台入口:& M8 [# \3 W" Z1 w0 U& c* e& W
7 [3 A# ^: l* @[vnc]
^6 w3 r0 r/ ]# q: Uenabled = true. @/ x: q( W! `" g+ o
server_listen = $my_ip
) ]' i8 k) G! u/ y( eserver_proxyclient_address = $my_ip
0 _( F& S! b5 ~8 O, ]novncproxy_base_url = http://controller:6080/vnc_auto.html4 W5 _; r' M0 n3 [! `
在[glance]部分,配置镜像服务API的地址:: s0 R+ E+ S( h8 j
0 y* f2 o% \$ k$ Q& G y: P
[glance]' L. m3 E/ @$ G
api_servers = http://controller:9292
3 S+ }. {) ^3 F/ b8 Z在[oslo_concurrency]部分,配置lock path:6 ^3 M, ?% b' m: v! B
$ o# d+ F: g! `; g6 L" ]
[oslo_concurrency]9 O4 H9 z. U' k2 _3 F0 W5 @
lock_path = /var/lib/nova/tmp% H) a$ ]6 L# [9 c! z4 U: m
[placement]部分,配置placement服务的入口:
4 w. A9 W4 M; b" T/ O* S) z4 H t! q q
[placement]
0 L# f; D3 F5 kregion_name = RegionOne
Z, x6 [+ P* i/ |: b. N$ Nproject_domain_name = Default2 @; B/ ^4 h' T" E3 T7 X- U! P! h
project_name = service
. |& }# y- X4 \5 Q9 Oauth_type = password5 H8 K ~/ u% c4 }8 P c
user_domain_name = Default
& J4 ?2 o. P9 {% p1 Qauth_url = http://controller:5000/v3( L2 a q: |; Q# {2 k
username = placement+ l; x! o3 Z, O& `. C8 S# e. }
password = PLACEMENT_PASS
: u5 |$ N) _8 I7 S5 b/ n& [# M替换PLACEMENT_PASS为placement用户的密码。. x U4 l1 i( i/ E# I% O$ k" f
6 [9 c' w( a2 l+ Z, ^
确认计算节点是否支持虚拟机硬件加速(x86_64). H" N4 K' u6 x! S. F i
: @1 I6 ]* C! ]处理器为x86_64架构时,可通过运行如下命令确认是否支持硬件加速:; `( |- ?' k0 x$ Q
' S) ?$ s& I4 d# i5 regrep -c '(vmx|svm)' /proc/cpuinfo
" U8 K% ?7 q% p如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:
$ ~$ A9 p, A& Z3 C! B9 b- [" q0 X8 _4 N
. o9 B4 i9 ?9 S7 g[libvirt]
1 S; B/ }0 V4 \+ S' ^+ Z3 Lvirt_type = qemu' D2 M: r. i/ v8 q
如果返回值为1或更大的值,则支持硬件加速,不需要进行额外的配置。+ d9 P# k9 g+ t: a7 o$ r
5 p, I, j$ @5 k4 `
确认计算节点是否支持虚拟机硬件加速(arm64)5 c/ u( T2 c1 E
$ x+ R# R1 [7 w8 s
处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:
1 j# l( Y: a0 `: i( [+ g; k8 }$ h! G4 Y8 u
virt-host-validate
* T/ ?6 P) h7 c1 j2 T0 U8 G# 该命令由libvirt提供,此时libvirt应已作为openstack-nova-compute依赖被安装,环境中已有此命令
, l7 X" x- k( r6 W显示FAIL时,表示不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。
' h2 ~! u3 l) M# f* x4 e7 u7 z' a- \' [5 @3 t' I' a, c
QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded)
1 E" N# y6 C- f7 x8 L编辑/etc/nova/nova.conf的[libvirt]部分:
& o9 {/ s3 G( g5 c4 A! T1 J/ N) }& L+ H8 y1 T, V+ \2 X
[libvirt]# R) K- ~2 w' @9 m
virt_type = qemu4 l/ I' ~! m) K% d* j: E
显示PASS时,表示支持硬件加速,不需要进行额外的配置。
, p4 z% O* F! B/ c N! }+ U2 ~. D7 b. O! P( k# A
QEMU: Checking if device /dev/kvm exists: PASS4 v, ?: q2 x- |$ R5 T& A
配置qemu(仅arm64). d2 P& g2 M1 k3 o/ }, [. f
6 f- n' I. m' u6 R仅当处理器为arm64架构时需要执行此操作。
, ]0 R# q$ n; q: o, C+ B. O; r6 ?
编辑/etc/libvirt/qemu.conf:
4 z$ w4 ^# e. R, v3 [: _( E# v* f6 K3 X% l8 E$ f
nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \3 q; |4 _$ K% G% i7 t0 W
/usr/share/AAVMF/AAVMF_VARS.fd", \
v2 p7 W2 y: L' _& s2 F "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \
. y# ?9 E ~$ ]# k- R# x /usr/share/edk2/aarch64/vars-template-pflash.raw"]
0 b0 R" ]! G+ T- G* P编辑/etc/qemu/firmware/edk2-aarch64.json+ K1 E3 G6 B8 h; s0 ~* _$ F
3 k' I6 v, f5 H4 S, ?{, b$ j6 y. Z2 w' b3 ?
"description": "UEFI firmware for ARM64 virtual machines",6 R' U) `5 F' g, x
"interface-types": [
1 i* }7 q- F, T5 S6 x4 _ "uefi"
) W- s' P. j/ g$ h ],$ Y8 r! I' M M1 S
"mapping": {5 C4 h$ X' t& U+ ]% C
"device": "flash",( e$ N* J8 p3 ~! \, l
"executable": {
8 J) z' [6 j4 o! X( L$ U+ [( u "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
% D: D7 E2 a4 f! I* ^ "format": "raw"- T+ e* s$ g4 H: K6 Z
},
1 _% l# w( ?4 V4 v4 B "nvram-template": {
8 ]' w/ |) P) k) ?$ F "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",. d+ G/ \/ [, N& z
"format": "raw") Y1 D. ?% O" F. Q g: H) O
}# w- y P# ^" H# M7 i- @- f
},
* Z( v. G# `! x "targets": [3 x7 T3 M# E! m1 W, z
{
3 G& W* v5 d8 @) }- E "architecture": "aarch64"," J8 q8 O5 m5 V _, u
"machines": [
. ^4 @2 h3 ?+ G u "virt-*"
# ~4 \1 w& _ `1 B ]
+ i" q; u5 \' c( q% P }3 ^) N8 }5 W4 V
],6 k5 q, T8 n# m9 q$ F: R/ ^
"features": [1 r& [ d7 p: E8 c; N8 z+ r( H
0 I5 u6 l/ r" W; v
],
6 E) g$ S0 _( Z/ Z- r "tags": [
N7 K( @* [7 R( w2 V9 [! l
+ O6 _5 g+ [+ i2 Y( X! p3 t ]
6 N1 _' o) x8 L: k( s: F7 s D}
3 I7 d9 R5 R |启动服务
- l. w; |. i: R$ @4 o/ S: e0 k8 s+ f. ?( h% }6 d
systemctl enable libvirtd.service openstack-nova-compute.service% _! O' s6 k1 m! w/ b6 ?
systemctl start libvirtd.service openstack-nova-compute.service+ Z$ H9 ^6 n1 Q5 i
Controller节点
7 w) C/ j& C8 G3 E
- @/ ^9 e# X, n8 g, w- P在控制节点执行以下操作。
$ P8 e+ c7 f b k" T8 E+ n& O( p, h) f1 z3 w8 ~
添加计算节点到openstack集群
: x. x \% Z% ]/ m6 W$ S$ P* z1 {8 A& B7 t" {
source admin凭证,以获取admin命令行权限:
0 g4 G& y: J9 z0 Y( u8 l; Y$ X7 ?0 s4 q1 ]2 {. e
source ~/.admin-openrc" d' W2 l& b0 G9 }. E" z# A
确认nova-compute服务已识别到数据库中:) A! V1 A) c3 @ y7 M3 ?
0 p" Y. n, p" u& v" v* [- Z6 |# G
openstack compute service list --service nova-compute6 s+ s& O' G+ E! \
发现计算节点,将计算节点添加到cell数据库:8 I; z" M$ x1 X4 _ z" ?
# ^- U: S8 _$ q4 r4 Rsu -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova U' Q; O# P3 S' O. @
结果如下:9 I' f8 R: V9 B
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.% ^$ J7 o2 y9 L. h
Found 2 cell mappings.+ a& o# G7 a R; X+ q
Skipping cell0 since it does not contain hosts." b3 w9 D: k( l) M: j# y
Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc27 |- O8 Z! A& V& f4 ?0 n6 S; e0 U9 q
Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e
6 @3 N7 Z, C# OCreating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e/ w9 F- } |; f" h1 w( p& j
Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc23 e# G' G. |1 v5 j- Q' i
验证
0 d; E: f4 X8 o7 @7 [9 E* G( t' C3 A( C
列出服务组件,验证每个流程都成功启动和注册:
9 h; N/ O6 R. _' u* c8 H. j0 n1 S5 jopenstack compute service list8 K% m$ F8 H/ J" W' g3 e9 g/ j
列出身份服务中的API端点,验证与身份服务的连接:
- K" F; W8 ~! J0 Uopenstack catalog list3 P' h2 |% U9 W/ x
列出镜像服务中的镜像,验证与镜像服务的连接: I7 J2 u, w/ h$ i7 E
openstack image list1 O- ]& H' @# l2 y7 \6 L" v. M
检查cells是否运作成功,以及其他必要条件是否已具备。
, |& T8 H/ J$ |6 F. H9 G" D5 |' e* l! g9 Snova-status upgrade check
/ z2 f( d/ V& NNeutron¶
9 a% S& @% K$ f) ~7 gNeutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。! @" v7 i2 [' P; a/ @' Q
+ L4 P7 A9 ]2 w. c" {Controller节点
5 T' U; X2 N* ~7 K/ c. C; e
) u$ U8 ^: ?# \- \2 A创建数据库、服务凭证和 API 服务端点7 J! {0 s. h5 H. D8 z
* T, y$ H: A2 r r& @! e: b创建数据库:7 w3 e) ~8 D z4 M/ H
0 q4 H8 x4 y4 X. smysql -u root -p' _- q, y {# V; v) Q
/ c* E3 u' f" r! i4 m6 ?! q1 f" l
MariaDB [(none)]> CREATE DATABASE neutron;+ x3 R: [( L9 M0 h
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
- P+ b: ~* x" m2 _% ^; TMariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';' i% u, i: r% a+ b9 ^ Z9 ~4 V1 ?
MariaDB [(none)]> exit;
+ j5 X) W& X4 x% w2 k9 M创建用户和服务,并记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS:/ g/ U7 q3 n3 } Y w! N% U
2 m, B, c5 [3 N1 ~+ c- b( m: a
source ~/.admin-openrc
4 @4 j$ }7 h8 _openstack user create --domain default --password-prompt neutron
* D n& G- @8 H3 Ropenstack role add --project service --user neutron admin
% I$ K$ n; L9 Sopenstack service create --name neutron --description "OpenStack Networking" network
: S! B0 ]/ Z0 Q8 y' q( F部署 Neutron API 服务:; u) Z. C' i3 y: y6 ^2 l
/ w7 Q" C3 \6 p3 I7 Nopenstack endpoint create --region RegionOne network public http://controller:96969 C; [$ b) r. w
openstack endpoint create --region RegionOne network internal http://controller:96962 E8 x2 ^6 T" o# d7 `( M* M
openstack endpoint create --region RegionOne network admin http://controller:9696
4 K2 e& q( S5 H5 R( a" j# n安装软件包% x0 W4 `! |+ \
0 I" n9 H- g5 d; ^% [ V9 cdnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2. ], C& C; Y+ I
3. 配置Neutron" O% W" ~! a+ J% `3 G. Q
修改/etc/neutron/neutron.conf
, |+ D k; ^9 h2 ?) u" e9 _* y. D4 q% K, n
[database]$ v0 e' ~6 [6 J& O: q
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron5 s# o3 _4 M: @# v Y# X% h! y
0 i! J9 }+ G3 s4 c* C9 F/ J- e0 Z% [[DEFAULT]
5 E* a1 P9 o+ Q$ N, Kcore_plugin = ml2
, C( G# h7 V' fservice_plugins = router
9 L. D- ~* f% O: iallow_overlapping_ips = true' n# f) C7 B s a) L. r% U4 \
transport_url = rabbit://openstack:RABBIT_PASS@controller
" V$ k& r* ^& P- ^auth_strategy = keystone
; H/ E2 |1 C% u/ Nnotify_nova_on_port_status_changes = true
x W4 a5 t: H) ]1 J7 s5 hnotify_nova_on_port_data_changes = true
2 e) k8 ]3 e J9 }2 U& V2 t
, N- \; F0 D1 f. q0 m[keystone_authtoken]
, U5 F! ?6 T! c7 w4 P) K. [* }5 iwww_authenticate_uri = http://controller:5000& S" a# n$ T+ d+ _3 [( ^
auth_url = http://controller:5000
3 [+ y& s! N9 b6 o$ y& F/ d3 g/ O0 rmemcached_servers = controller:112114 Q: O6 j3 T( s7 {, @$ s
auth_type = password
2 C* z9 p% h5 l7 z+ J' J/ Z1 P5 r( ?project_domain_name = Default
7 b$ t0 _% D. Y# R7 muser_domain_name = Default+ ] M, Z- O* {& l% ]8 a
project_name = service
' U2 ]- Z- m8 m( D Pusername = neutron' n% e" w/ v, |2 W$ F1 _0 W
password = NEUTRON_PASS
' V6 k, L+ `+ `+ z5 U
+ D U, Z( f: x# j7 Z[nova]
3 I% h$ \! ^* d. y1 Vauth_url = http://controller:50004 S7 j& w# r2 h, z% A: |7 ?
auth_type = password
# W8 E7 K3 f0 |" P3 _project_domain_name = Default
2 o5 o$ }& E3 \; r5 }) |user_domain_name = Default; w/ O3 ~8 ^3 h3 u6 ` c' H+ h
region_name = RegionOne
/ T8 b9 H- C: ?1 S+ |4 `" sproject_name = service
5 x3 N* V1 B; C! b% Rusername = nova. V" h1 N# ?& i- A) e% _/ w
password = NOVA_PASS
! {& x0 e+ V; q9 l4 U' O' v- X; J' p: a
! r2 F/ h) v- b L% i[oslo_concurrency]# w: w/ Q9 V, M5 A Z5 `% X. c* A
lock_path = /var/lib/neutron/tmp
5 {; g k3 m5 }' t8 N/ x3 V$ l# Y% m- U
[experimental], {, t; T7 @$ T5 y T6 m! }2 C9 m
linuxbridge = true* ^& R+ u: S4 C& V' d: }! g
配置ML2,ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**7 d' O# @9 h0 `3 Y* P
( j6 x; M) E9 r% a8 s) Y+ d
修改/etc/neutron/plugins/ml2/ml2_conf.ini
7 R9 P) O0 o3 n. Y& o
. Z" @' N2 r5 [, h+ m, f1 W$ J[ml2]
! X2 x0 t6 |# B; N* d5 o: }' g$ htype_drivers = flat,vlan,vxlan
6 B h- J9 c( h" _$ e5 ] G- N Btenant_network_types = vxlan
( o1 ]- e' [$ \8 v9 a$ jmechanism_drivers = linuxbridge,l2population! O1 o ?( [, L" j8 _
extension_drivers = port_security
* z5 Z, {1 G \8 h* T- u7 C! M2 I V
[ml2_type_flat]
7 _# g8 o+ r& E$ @5 Aflat_networks = provider+ V, }7 i6 m) H5 a U( b; v
. `# M9 }" e( l[ml2_type_vxlan]3 }$ s. w6 f/ n% O" t0 M7 M6 ~
vni_ranges = 1:1000# ]+ H$ }- P8 @6 ~
- x( ^; _; c* E5 \[securitygroup]. q9 e' U% W6 y% b0 }
enable_ipset = true
4 P* {4 ~! i- c! e修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini" ^5 Q% u- m$ N5 t) X9 s* q
/ ^& k: i, R$ Y: k) O. f/ u[linux_bridge]" O: I" i' \* p1 |
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
' _. e" a) h" m0 O' a# H W) J; a1 p! E- o+ E# Q
[vxlan]1 R7 a1 c* g/ Q8 A0 h' s) d
enable_vxlan = true
`; r% y# m7 N9 ylocal_ip = OVERLAY_INTERFACE_IP_ADDRESS
. F% @% _7 f9 Xl2_population = true
& J# h# j7 w( }
& b8 A" O" R/ U[securitygroup]
9 y' E" ]1 V# x+ \# qenable_security_group = true
( |% k' @- l" Bfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
) X7 k t- @: i9 W' j* U- E1 I% J配置Layer-3代理& g" v6 f7 j7 n
! Z' ^4 ]3 n- I+ Z7 ^' f( p; G9 N+ b6 ?修改/etc/neutron/l3_agent.ini
3 k! F& D, ^+ C) z* t
, Z) ^ F% ]' p' P2 H3 K[DEFAULT]0 K+ W' a% C# Q+ m7 S
interface_driver = linuxbridge J2 q+ Z# s" j6 c7 j* b
配置DHCP代理 修改/etc/neutron/dhcp_agent.ini
z+ Q/ \$ `% H9 }% Z
2 u6 m2 Y' Z0 l# h5 L# p[DEFAULT]
0 o' s) J. E @* Yinterface_driver = linuxbridge
7 q8 E% x) |- `+ M( f) Z9 hdhcp_driver = neutron.agent.linux.dhcp.Dnsmasq0 R1 W1 a$ A, @. V( [
enable_isolated_metadata = true! K+ C& I/ R! t, M" _3 D
配置metadata代理
- V+ r8 @8 V$ x. M, y, m R5 y" `! Q! ^' U, u$ [6 B
修改/etc/neutron/metadata_agent.ini* h: k5 V m4 I
! }3 H/ J& E* w! B* e+ |( H* H[DEFAULT]
v. ?8 a* U8 ?, Q$ q& o. W \ knova_metadata_host = controller
( S0 D; M- S! k" q4 U! Ametadata_proxy_shared_secret = METADATA_SECRET
9 k& i8 U2 e- p/ a' i! \9 W; `配置nova服务使用neutron,修改/etc/nova/nova.conf5 R$ i1 O$ i1 [9 f
[neutron], p! V; r9 Q+ S- Q/ }
auth_url = http://controller:5000& P6 e& A2 Q3 j
auth_type = password2 h& E5 U4 H5 F8 U8 H t' W0 o
project_domain_name = default0 _5 C9 ], ~6 A
user_domain_name = default
$ }* d5 B1 N% x$ ?region_name = RegionOne
( K5 K9 D" }( H/ _project_name = service
3 ?& B+ y M/ `. Z- M: uusername = neutron- l* ^4 n: V9 F6 A$ }* o. {. J+ n
password = NEUTRON_PASS& _3 ]6 q' u1 R. C* p! o- a
service_metadata_proxy = true Y3 V1 w3 f) M
metadata_proxy_shared_secret = METADATA_SECRET" a% y3 o1 i* s |
创建/etc/neutron/plugin.ini的符号链接
8 l; ^) t8 l. ?! \% b5 t* k
) s( g: m- y' F8 N V4 Xln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
6 U' \6 T" Z- Z同步数据库
1 t5 p( c- g+ x' U M) f
. E& K! l& P |su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
% I" E* o6 Y+ K" p7 V- s2 w重启nova api服务
. A8 `$ B+ J+ T& Y! Esystemctl restart openstack-nova-api$ T; z4 q3 w) w8 C, Z/ i
启动网络服务
2 l, T: K, h1 ]: v4 k
' @! c5 T: V& m5 r( Y* Rsystemctl enable neutron-server.service neutron-linuxbridge-agent.service \
" g {2 a. Q+ B3 d- S) wneutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
3 @: y+ B+ u1 g2 v9 H; gsystemctl start neutron-server.service neutron-linuxbridge-agent.service \ z+ I+ I: D2 U- o! s: i
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
, `7 E+ y: c6 h2 Q+ P3 MCompute节点+ \7 |1 l7 C9 `/ s/ n }
( p7 L6 S4 X; P7 G7 P( u
安装软件包. y# `( [4 f q4 z' ^( {7 ~( K
dnf install openstack-neutron-linuxbridge ebtables ipset -y0 o; j$ W7 {: G( f) p
配置Neutron* E( h3 e2 Z6 m- r# U# |2 m; E1 H
8 Y1 V' i3 _4 g修改/etc/neutron/neutron.conf
1 H3 F5 ~* E: H7 [9 b$ G
5 F7 A1 Q7 ?/ @[DEFAULT]+ D5 [4 B2 O+ J( N4 v
transport_url = rabbit://openstack:RABBIT_PASS@controller, q1 A' w f2 |3 v
auth_strategy = keystone
6 r- U' ~6 \, e0 y7 c1 @$ @+ }8 F6 D: a
[keystone_authtoken]
/ u# {* X3 W+ m% G& o8 zwww_authenticate_uri = http://controller:5000
9 E; Q) m; c; C5 I9 l' hauth_url = http://controller:5000
, l/ t3 k* y" Pmemcached_servers = controller:11211$ o6 f6 | q, B3 Z) r
auth_type = password* n8 d" S5 M C) g9 X& S
project_domain_name = Default' R% k5 C( z! H7 [9 l- Z8 Y' [
user_domain_name = Default6 p: n: p& ^/ W/ \1 n2 R" {
project_name = service, m4 b5 Q% ]0 \
username = neutron
- g5 M# E2 \1 M. h# ~' T7 fpassword = NEUTRON_PASS; _" [5 G! ^6 h# x1 O0 {) N
- t: r3 T# J& F/ s[oslo_concurrency]8 T& ?- ] y7 z
lock_path = /var/lib/neutron/tmp5 {$ l7 t% l4 m# l/ T1 K9 @
修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
6 @2 }' [ A$ ?( d
9 g* d, w. H& \2 K: O+ `[linux_bridge]
9 G- T3 R, K* j; K3 |& a' Lphysical_interface_mappings = provider:PROVIDER_INTERFACE_NAME) r. _6 F8 o) S* L3 v
1 w4 l( t! ?6 [- k5 Q' f[vxlan]2 |: g ]' |, x3 V" s
enable_vxlan = true
c# i3 g# v' m3 j1 V7 w' M+ plocal_ip = OVERLAY_INTERFACE_IP_ADDRESS+ x% T. A+ e& S% u
l2_population = true5 `" {9 P# [ E7 I9 e% y
2 f( d) m% [ y, I2 G[securitygroup]
+ o& h+ ^3 t- q* U+ penable_security_group = true
2 b7 a. z& {3 U, Pfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
) ^" y& k- E7 O* f配置nova compute服务使用neutron,修改/etc/nova/nova.conf
9 I' b% w2 L' H7 K' L9 {. H r7 o( \7 l0 [. R( I! K
[neutron]
2 O W0 b( M; q* Y; i( wauth_url = http://controller:5000
3 G6 ~) o4 z# l5 _6 a, f3 gauth_type = password
- I) A8 Z K4 R$ j9 xproject_domain_name = default
$ K3 l1 a( O8 huser_domain_name = default
" u$ P( g6 Q B/ g( c; bregion_name = RegionOne
4 x% Y$ u ?/ r& k8 K2 w% a- }3 @project_name = service3 |" g2 A3 T8 N
username = neutron
2 _# V8 C7 {( Wpassword = NEUTRON_PASS
* f: U1 F: K2 D) Y o重启nova-compute服务
. \( c# {, l% d. O% f" z$ Qsystemctl restart openstack-nova-compute.service9 a1 F$ W0 {6 X0 k
启动Neutron linuxbridge agent服务# Z7 b) m P* w i9 M! }6 Y
systemctl enable neutron-linuxbridge-agent- F* S* J7 N% m9 \" @
systemctl start neutron-linuxbridge-agent
5 V4 s# X# \+ _( y# z1 j P" {4 FCinder¶
' @' ?. Q' z: U) }) E7 WCinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。* j' X [+ `* Y, ^" O; B
* ^8 O2 g3 a! }0 aController节点:
/ q9 ], f' C7 L" \; a, s- Q8 J. u1 H, J3 }* U: t
初始化数据库
) h5 L. M/ X4 w6 N5 j6 K6 H6 K
8 Z3 m4 ^& a7 T1 |CINDER_DBPASS是用户自定义的cinder数据库密码。4 q( g+ X7 I( e: s; }7 I" M
- k! t1 \$ ^# E6 S$ A
mysql -u root -p
8 _8 H, v& r. p9 { M
$ P1 H& p l8 Q. s3 z7 c8 ~7 {MariaDB [(none)]> CREATE DATABASE cinder;7 a1 s% c4 Q5 m9 e/ ~
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
2 n/ X. g) _' sMariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';$ E9 N+ L; `' h6 k" v
MariaDB [(none)]> exit
9 `' C3 x' X I# {+ k* P初始化Keystone资源对象
6 r( V( K7 P7 z' ]
* L6 q# ]/ ^9 z* g- nsource ~/.admin-openrc
4 A0 c* ]# }; ^& d4 `# D# D$ A+ D) r% N' z7 ~0 P
#创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到`CINDER_PASS`的地方替换成该密码即可。
) w* a7 d2 n2 Y6 m6 z- Zopenstack user create --domain default --password-prompt cinder* s: a9 D$ s3 \
$ l$ v' t/ K8 ], p- V( G/ u) r
openstack role add --project service --user cinder admin
# { w% A2 ?" ]openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
; W a0 ]. j8 c
/ ^0 Z' m( h+ j8 s" Sopenstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s; w* w9 ]4 E# G+ k, m: O3 N/ v
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
1 o" N4 a4 t. }. p# F8 _) p2 topenstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s* W6 S2 M( O3 W5 q F M
3. 安装软件包
" N- K0 i! A; N- x3 U* w! n1 Ldnf install openstack-cinder-api openstack-cinder-scheduler
+ v9 V5 u' |& n6 Y" p修改cinder配置文件/etc/cinder/cinder.conf. T+ t+ X! l' ^7 x- [' r
0 s6 O4 s6 P2 z. J
[DEFAULT]
: t- D# m0 ]7 {5 d3 Etransport_url = rabbit://openstack:RABBIT_PASS@controller! G4 x3 N( V( f: d# f
auth_strategy = keystone
% F$ n0 ~# i2 u" k& }( pmy_ip = 192.168.16.28 V& z2 b+ f) l( J
) g6 q" [- ^8 T0 a4 F. P2 ^[database]8 [) ] s0 N( U/ S4 D
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder5 m1 p# c& o5 Y# M& F
4 v' e) _" h: M3 o8 @3 L' |$ O$ ?/ p
[keystone_authtoken]
w9 r: ]4 @& a; N# ?$ p twww_authenticate_uri = http://controller:5000- B! S( v- q0 S3 y( M" N5 {; ^
auth_url = http://controller:50006 C. ?, J+ p# c [/ C, p6 [
memcached_servers = controller:11211
- H9 t8 ^( u) f" P+ [4 Q5 C0 ~auth_type = password) e# K/ }8 e4 y4 x. {! Z: ]
project_domain_name = Default2 c5 _7 m; i; W2 v9 E# @6 o
user_domain_name = Default
# b/ ~2 h) Z9 U+ K' t& ?3 Cproject_name = service7 `8 e6 b& i0 X0 R* y2 Q9 e
username = cinder
! Q3 g- P2 c' U. b% ?password = CINDER_PASS
# k0 ^! I2 I& ^# e; b) `9 e/ g
% Q" Q) g) L+ k5 n# d[oslo_concurrency]
1 b) s2 j7 j( f* b- U& `; \6 olock_path = /var/lib/cinder/tmp
" i3 b, t! i1 l* t数据库同步
4 U, ]! j( b1 n1 W. J z
0 p9 L% {# H1 ~& fsu -s /bin/sh -c "cinder-manage db sync" cinder
# W8 T' x* Z" f$ e修改nova配置/etc/nova/nova.conf
& ?* W) f& z/ P' S8 W9 ~: m4 s. A
) t( ?" f- [4 M3 Y[cinder]
: K3 P5 S; V4 P R: I: kos_region_name = RegionOne( D9 k/ k& T. u; s
启动服务( [7 `# z! @) X# z$ b3 Z
( W6 w7 o7 b1 B: V
systemctl restart openstack-nova-api) X* f# g j$ E
systemctl start openstack-cinder-api openstack-cinder-scheduler# ]1 S3 i9 y4 k1 W: w
Storage节点:
( c$ G' h( M0 i9 k& r# L4 c; L* w
Storage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。" V. C" t7 x5 ~( S) H* q
- f8 L8 G* A- J+ { @Cinder支持很多类型的后端存储,本指导使用最简单的lvm为参考,如果您想使用如ceph等其他后端,请自行配置。
9 {+ Z; [& Y2 G! ~6 g- v; h0 O U* w. l$ B# }6 d# v/ t7 P! Q
安装软件包
5 R, d0 b' p; B% ~5 y& P1 G+ O2 u1 Z' \% F+ l, s
dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup$ v! t7 @' W! e# v! B1 l1 d& d- t% c" k
配置lvm卷组
- L7 r# m: O, ?% H4 N% I$ H- l4 M5 g
pvcreate /dev/sdb/ d4 Q# Z; i& E, |- @ Z
vgcreate cinder-volumes /dev/sdb
s! D/ k* R0 V! A2 E! Q9 D修改cinder配置/etc/cinder/cinder.conf% W! |4 h. {% y# R
* E; ]4 [- x5 N' r7 |% `[DEFAULT]1 H3 ]( a2 _( |1 Q7 F4 Z
transport_url = rabbit://openstack:RABBIT_PASS@controller3 E" n" [8 I7 ~& a
auth_strategy = keystone
4 f- R: T8 |0 J6 ?) `$ K1 W7 cmy_ip = 192.168.16.4# c- Y6 S- b$ E" b, v# N* l
enabled_backends = lvm
1 B; y) G! H4 x, f* pglance_api_servers = http://controller:9292 W2 e- r3 S& J/ B
& [, V+ {# {: J[keystone_authtoken]! i e, X6 Y% |5 R
www_authenticate_uri = http://controller:5000
4 [0 G6 a. ^0 f* m+ ]& Pauth_url = http://controller:5000
7 Y8 @' F" W$ K; W# j0 Imemcached_servers = controller:112118 z/ f% X& l" v! \, E- X# A
auth_type = password
9 D" O0 d" ^, T+ `- j- P$ {project_domain_name = default
{7 \ h# `8 w$ u6 vuser_domain_name = default
5 E1 e2 R" F) bproject_name = service
5 y d$ c" Z C, u8 Ausername = cinder# I( {, E2 t" U7 o- G1 E# h( p
password = CINDER_PASS
; e+ c5 C* @5 \0 c0 b- S& b
' h4 ~# y+ Y" v M$ {. [1 O8 }[database]" p" B0 M( m, h" S
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
]8 k; K4 `$ r1 ]; S; |6 H; v, z* r! ^
[lvm]
4 G8 Z: L2 D/ v% w& N& kvolume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
5 n3 v8 N* p7 s5 X4 Lvolume_group = cinder-volumes( B+ i) u$ a6 ~4 ~$ t# h5 ~
target_protocol = iscsi
$ i% X( l! L1 H6 Rtarget_helper = lioadm
/ W* F( G7 |1 U) R6 ~) N! e5 n5 g4 A1 M2 l1 X' `$ ^; P9 b5 q
[oslo_concurrency]
3 r; Z% i/ e2 t+ t; w' @lock_path = /var/lib/cinder/tmp7 ^9 c2 y4 g4 i E& }
配置cinder backup (可选)
' p8 F$ Y6 Q8 \1 D% c6 k& P
: a! O* w/ d; b, l" F* h; ?2 |3 wcinder-backup是可选的备份服务,cinder同样支持很多种备份后端,本文使用swift存储,如果您想使用如NFS等后端,请自行配置,例如可以参考OpenStack官方文档对NFS的配置说明。0 G* Z- s4 C7 u n! Z6 J, C
, @2 b; d/ X$ s9 F3 d修改/etc/cinder/cinder.conf,在[DEFAULT]中新增 b' V# q& y1 q3 R& C+ s7 A9 E; L
" t8 Z& g' o& J5 ]
[DEFAULT]8 U7 k; f8 @5 f4 Y0 E( J
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
4 R, E; m2 w1 P0 `6 l# u5 u% sbackup_swift_url = SWIFT_URL
4 P1 ]6 C0 ~; n这里的SWIFT_URL是指环境中swift服务的URL,在部署完swift服务后,执行openstack catalog show object-store命令获取。
3 h- K& d& N5 t! h* u* y$ S% n
" E" s1 Q4 H( }* p8 u& U4 i* \. R启动服务
7 G, \, v/ a# h. u4 Y2 h8 Y+ T1 D5 A8 v
systemctl start openstack-cinder-volume target
$ A9 O8 m+ Z2 Z+ {3 o9 a+ g- _9 |. Xsystemctl start openstack-cinder-backup (可选)
. U, i( }$ g$ c% h至此,Cinder服务的部署已全部完成,可以在controller通过以下命令进行简单的验证
( j2 T) R3 M/ I% n' |6 F: u: O7 v$ C, a
source ~/.admin-openrc9 B7 h5 B3 ^7 u$ u: o
openstack storage service list' w" B( s3 M. R7 n" p
openstack volume list
% A7 m' E! I! B5 w, JHorizon¶$ i; C5 }* J9 C$ ^0 K+ o k
Horizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。0 ~- h u9 Y- u* X% K8 c( l: D
* v+ V8 a5 v2 _* ^2 D$ d* S
安装软件包
- `( ]6 S0 O0 J! R/ C ] P: g v7 i
dnf install openstack-dashboard& D: N1 v; f# _) U" w; b
修改配置文件/etc/openstack-dashboard/local_settings
; `- |$ e T7 \" o O
1 ^7 y- j9 _& b, \OPENSTACK_HOST = "controller"# W! F% K/ A& }4 p
ALLOWED_HOSTS = ['*', ]
1 Q5 @( e) @9 F5 O' ]4 p4 L! vOPENSTACK_KEYSTONE_URL = "http://controller:5000/v3"8 {) l+ v" `+ z
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'' I" }* m2 { |( g c+ ~
CACHES = {
) I0 b( H5 L" h- w! |. R1 P'default': {( n$ [8 |. t2 T/ Y/ e" S
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',9 B6 Q1 s/ @* _% V1 I, l1 h+ ?
'LOCATION': 'controller:11211',5 ?, z5 q( K$ m' |& {
}
\1 `/ k' [( I- r H}4 D/ Q; L r }$ y' ]) p! a
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
1 O X6 w% \9 N4 s6 U' a- B" ?$ xOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
' |) `) N; j5 h. ^" e% P/ NOPENSTACK_KEYSTONE_DEFAULT_ROLE = "member". v2 s' ]: G. y/ C9 z0 t: V& F+ M' Z
WEBROOT = '/dashboard'& T" a8 h# ~& `3 _' A- a6 [# @
POLICY_FILES_PATH = "/etc/openstack-dashboard"- _, K$ t/ l" f
8 z$ o: o `+ |OPENSTACK_API_VERSIONS = {
/ Q; i$ @8 g% I# r+ e/ x! y "identity": 3,3 S. n* u, h% M) h
"image": 2,: I" S# n- k! H$ g3 c1 K4 ]
"volume": 3,
1 i0 b. V! @! b; ?& m/ c6 H8 c3 c$ J}
1 d" G( A+ H9 o& j7 O2 I重启服务
0 y0 G! r+ C. _9 P- E! l2 J# y& C- }/ x+ a
systemctl restart httpd
+ a0 g/ P; K5 x0 b7 G. C至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.16.2/dashboard,打开horizon登录页面。/ E/ i+ `5 x# G3 A
$ k4 l* v' q8 V. u' N |
|
发表于 2025-3-16 22:32:36