|
|
Openstack_安装基础使用( G& b- r9 p+ E2 o# p, E
openstack 版本周期! v# h9 P) k& g
6 a( b" z" J: L9 f! ?6 y5 q5 o https://releases.openstack.org/
4 M9 K7 \3 \0 V% O官方安装文档
% _6 z# c% E: I6 F0 Q* ?$ l' d. j, v; q
https://docs.openstack.org/insta ... ackages-ubuntu.html9 J a4 [% ]0 B% Y& l# G
https://docs.openstack.org/install-guide/openstack-services.html/ j" U; c! Y: }
手动集群部署部署
0 u8 m$ z( S2 M( t/ m0 |& d( r架构5 o& G# \8 M; M: ^$ M# v
主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色+ w2 b8 C; N' k" c6 v3 ?
openstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点015 a. ?6 U2 V( J/ U: o
openstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02
3 C/ J \# J" T3 jopenstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ
' w# C. D: C0 wopenstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点5 v9 d+ ?; l: _" i6 f
openstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点& a: Z) J8 q, g- t8 g) Z( }
openstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived
) m1 f0 ^" f* _- x2 y+ a1)前期准备7 s2 a: H! K% e: ~# X
1.1)所有节点安装$ Z" o) L* z$ C3 H p
~# apt install -y bridge-utils r, ]. s- ]% P [( m$ N
~# modprobe br_netfilter
* C2 k2 @' ~ N/ Y8 B ~# echo 'br_netfilter' | sudo tee -a /etc/modules3 [' c. U1 Q# A
~# swapoff -a/ S) D9 @* ~$ z7 }7 T* g
~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- o! I: t0 a# U ~# apt install -y software-properties-common
0 @9 \5 ]0 C6 c. L/ g! ?+ m1.2)时间同步
$ G6 {& s" e! q4 h% X9 z "controller1作为时间同步服务器"8 K$ C: X9 d' i' _9 Z
root@openstack-controller1:~# apt install chrony -y
2 q( R7 x$ o. u$ A root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"/ Z5 b9 O2 X7 K# [* w
confdir /etc/chrony/conf.d
j% n( w- ?8 z. p server ntp1.aliyun.com iburst
/ ?8 m+ {( {3 Z server ntp2.aliyun.com iburst& F) R6 w3 I: h9 `
server ntp3.aliyun.com iburst
+ b3 L: ?! N/ ` allow 192.168.139.0/24) N: u* x+ ` u$ @( U) i
allow 172.16.1.0/243 @9 S5 m& C5 A: n, K
local stratum 10
8 [. ?2 V2 x$ K& C0 g" F. P0 t3 | sourcedir /run/chrony-dhcp) ?" t" ~3 p7 t& e; }6 k
sourcedir /etc/chrony/sources.d5 y1 F6 j B3 G; Q3 ], D
keyfile /etc/chrony/chrony.keys
: \4 h* M! D+ f: G driftfile /var/lib/chrony/chrony.drift
8 @ `- b' q- Z9 C ntsdumpdir /var/lib/chrony
( ~& R: Q- R: t% K9 n9 a6 v8 x3 t logdir /var/log/chrony4 g, t0 k# b/ e4 U; K
maxupdateskew 100.03 J j$ g5 v5 G1 y) N
rtcsync3 t; I' e+ I' P
makestep 1 3
2 d* P' O5 }) o, N- X) {4 y 8 s1 n9 V/ i4 k' n
`启动服务`
) b+ Q, l3 ^. T" s: W4 N' v! a root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony2 b! l5 s* e9 G' A6 l1 a5 S8 H
, n& T/ T2 a7 M% w
`验证`" ^8 ~3 Y9 E* u
root@openstack-controller1:~# chronyc sources" H u' H% M: N1 S3 l
210 Number of sources = 2: K0 W2 }6 v+ l# X: Y y# I
MS Name/IP address Stratum Poll Reach LastRx Last sample , Q1 S* W; q/ L
===============================================================================
5 G( v, }7 q) _' J0 Y& r$ \ ^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms. ? P- p% N: Q5 [5 M' d2 Y6 t
^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms
) i1 E1 ~" H, W7 I0 q 1 @8 W3 g: {* A, s1 I8 \
"其他节点配置(集群涉及到的节点都要配置--我演示一个)"4 F$ n+ a" U3 M2 F2 b, o$ n' t
root@openstack-mysql:~# apt install chrony -y! y; ~& h4 d2 V$ M7 z
root@openstack-mysql:~# vim /etc/chrony/chrony.conf
1 G$ @8 b! S2 q #server 0.centos.pool.ntp.org iburst
6 c) @: Z; [- ~$ n #server 1.centos.pool.ntp.org iburst1 l3 P# r7 p+ @% j+ T1 u9 u% H
#server 2.centos.pool.ntp.org iburst4 Q' s$ }6 |$ j
#server 3.centos.pool.ntp.org iburst9 g4 U" a4 C5 r0 `" h
server 192.168.139.31 iburst # 添加这条信息指向controller1
& j6 o, c: `3 U4 s3 w( k) |* q" z I; j root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony; ^% w" R( m6 N7 F
root@openstack-mysql:~# chronyc sources7 H6 O8 h! [9 `# u& m3 q8 b% u
210 Number of sources = 16 @/ Z; C N5 P0 e
MS Name/IP address Stratum Poll Reach LastRx Last sample . W0 t- `7 X/ _+ _6 ^3 H0 t
===============================================================================
^4 i! i/ F" E7 @3 I7 R. J* Q- ? ^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms
, i* S n" N9 R) k% _/ r1.3)配置openstack官方源
, \; \8 k7 R, o/ G9 F `controller管理节点`
$ F0 z8 q/ O, s* c: n root@openstack-controller1:~# add-apt-repository cloud-archive:caracal0 @" X/ b% N* w/ ^* O n
root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache
/ M6 S+ B" G5 X
" r" d! q4 M9 t6 |& ~) K3 z* Z `node计算节点`
& o" _( h9 R. W; b1 H/ I root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
' u/ L! r6 z/ k& Y/ O/ D1 j root@openstack-controller1:~# apt install -y python3-openstackclient& B4 { L. n. K. J& C& J8 b. S; K
`数据库节点`
5 Y1 N/ @/ Z7 n% x6 d* Z$ W0 \ root@openstack-controller1:~# add-apt-repository cloud-archive:caracal! \; N7 v( I9 x0 q- B
root@openstack-controller1:~# apt install -y python3-openstackclient! g" `: T: x, K! O5 v4 k
1.4)数据库配置3 T s5 O! n) a2 @3 H
root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql
6 y5 o5 h9 y3 ?6 H root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF3 D" }" A Q# | F% l/ ~8 V' ~& e0 h' K
[mysqld]' U5 }8 I' n5 Q) y+ w8 u
bind-address = 192.168.139.33
y! r; x: D( H8 {- L, t1 {: u( e4 n6 m7 l default-storage-engine = innodb
# f) l$ f. d( R: X innodb_file_per_table = on( v2 ^: { y1 z+ P
max_connections = 40962 V8 B1 T7 V; }$ |2 R
collation-server = utf8_general_ci
6 G% F9 c c$ Z6 F) D1 @$ k character-set-server = utf86 }" O9 P" F/ G! Q$ F
EOF0 b# Z/ n! j% ?0 a. g% I
root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb
. E) g2 e5 N( A3 J) @1.5)RabbitMQ配置/ K' l' b8 U# b, p p/ R! U3 p
root@openstack-mysql:~# cat >> /etc/hosts << EOF' Y, m6 w- N6 D9 V! j
192.168.139.33 openstack-mysql.stangj.local openstack-mysql
N: u1 l3 C0 ]* _" z4 Z EOF
! x3 C" ? e2 g. d: X. T5 \: r S root@openstack-mysql:~# apt install -y rabbitmq-server7 H$ Y5 n5 B! I( F1 D5 N
root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service
: b) J1 }% Y/ b. n root@openstack-mysql:~# rabbitmqctl add_user openstack openstack1235 Q1 q; o/ w9 x: V$ Y% ~4 [
Adding user "openstack" ...) w4 M5 A, |: Q/ W
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
: |+ N( K! Z) N; R" Q root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*"
" m& |" ]1 W/ L& H Setting permissions for user "openstack" in vhost "/" ...
3 {; D* a, U: e, Z3 W* X2 y5 ] `查询插件`1 e G# c- K; b) M/ ^% `$ G
root@openstack-mysql:~# rabbitmq-plugins list/ e. i5 F; @/ E \
Listing plugins with pattern ".*" ...4 w+ q7 M& ^- A. ?8 G( I& c
Configured: E = explicitly enabled; e = implicitly enabled' `! }/ K t$ G+ E8 K5 Z( }
| Status: * = running on rabbit@openstack-mysql
! a5 Z5 [2 u% U0 c# u: @8 ? |/6 k8 A$ z- U! l# [ F
[ ] rabbitmq_amqp1_0 3.9.27
6 I! a# ?3 g( m5 E( P; w# { [ ] rabbitmq_auth_backend_cache 3.9.273 \& c% \" q. G( {
[ ] rabbitmq_auth_backend_http 3.9.27
; G5 x! j/ q9 A3 E( R0 ^7 C [ ] rabbitmq_auth_backend_ldap 3.9.27
0 k, S6 p- z+ ?( r [ ] rabbitmq_auth_backend_oauth2 3.9.27
& I5 U$ t U; D# f7 D [ ] rabbitmq_auth_mechanism_ssl 3.9.27- S. ~- W2 F6 `/ t
[ ] rabbitmq_consistent_hash_exchange 3.9.271 f' h5 t. H2 w, Q# [
[ ] rabbitmq_event_exchange 3.9.27
) Z, D6 p+ C, E. N& x [ ] rabbitmq_federation 3.9.27
9 Q/ R; H4 m- W* B: w" n [ ] rabbitmq_federation_management 3.9.27
5 A; J( X+ \' g; ^. B9 Y+ Y2 t% L [ ] rabbitmq_jms_topic_exchange 3.9.27
/ ?2 f. @" o7 a/ o [ ] rabbitmq_management 3.9.27
1 l4 h- L7 x' V6 |) z4 u4 J4 N [ ] rabbitmq_management_agent 3.9.27
% w1 y4 I' i) o) ?" W2 C [ ] rabbitmq_mqtt 3.9.27# D; f& F% _* b& P: p8 q
[ ] rabbitmq_peer_discovery_aws 3.9.27
~: z7 [( i# ~* m* W; ]3 k* Z# g [ ] rabbitmq_peer_discovery_common 3.9.279 T' G$ A% i g( O# @9 ^& ?
[ ] rabbitmq_peer_discovery_consul 3.9.27+ @5 w& V7 a$ B3 [
[ ] rabbitmq_peer_discovery_etcd 3.9.27
, T9 Q! ^6 {- V: Z; ^( W9 _ [ ] rabbitmq_peer_discovery_k8s 3.9.27
4 H: } g- T% E: w$ q7 N [ ] rabbitmq_prometheus 3.9.27' H/ P/ k/ d2 ~) h- a+ }7 @4 c( A
[ ] rabbitmq_random_exchange 3.9.27
3 h7 @& F; W8 T( J; J& L( | [ ] rabbitmq_recent_history_exchange 3.9.27. `6 D* b, r" I& r- V
[ ] rabbitmq_sharding 3.9.27
& n# } o+ S7 F' ~! {( Y3 P [ ] rabbitmq_shovel 3.9.27! [, o: P! B- R4 z0 a& U: K4 Z7 m
[ ] rabbitmq_shovel_management 3.9.27
' ]! M3 K0 g; k% Q [ ] rabbitmq_stomp 3.9.27
* g3 q" p* k1 @1 M4 i [ ] rabbitmq_stream 3.9.277 m0 G; \) V, n
[ ] rabbitmq_stream_management 3.9.27
0 y* u g& K3 @1 |' | [ ] rabbitmq_top 3.9.27
! C! \* e) Z' y [ ] rabbitmq_tracing 3.9.27, Z! {, x0 L( Y1 h9 r
[ ] rabbitmq_trust_store 3.9.27
# H8 L# P; U; `$ }/ c; f: g } [ ] rabbitmq_web_dispatch 3.9.27
" A! X) N0 {+ o( m* S( W U [ ] rabbitmq_web_mqtt 3.9.27
) Z7 y, E3 ?1 c/ H3 r9 y [ ] rabbitmq_web_mqtt_examples 3.9.27
% L- e9 D( s5 Q" c! y [ ] rabbitmq_web_stomp 3.9.273 l9 A3 u; Z- Z3 ]: [& O
[ ] rabbitmq_web_stomp_examples 3.9.276 ?9 v/ j: J V0 W2 {
`打开插件`
% r/ P; p M; p2 S+ d& S root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management4 j" W: Y$ }% `
) v! ]8 b" v( j; |1 H8 M( E root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf- `: e( U, [' M0 @. u" t
loopback_users = none
4 @/ Q) w3 W. H8 `3 P% O8 V root@openstack-mysql:~# systemctl restart rabbitmq-server.service
0 G2 I2 R5 p* o: T8 w. ^
% j: i6 C" N/ `6 Q2 s访问 http://192.168.139.33:15672/
% H# S# _$ B- A1 w8 J1 |' r$ O5 y% j0 w
9 J8 C e0 w# ^4 \ Q* e7 W- U L7 M8 J" F5 ~
" u7 `% \: h3 r# l( B5 y, Y
1.6)配置memcached4 f3 I( v( m: c; K$ g9 ~: z' \. ], J
root@openstack-mysql:~# apt install -y memcached python3-memcache' M% }# f4 y4 _0 \4 s
root@openstack-controller1:~# apt install python3-memcache
3 @; e5 t0 {" l$ M E$ u ! I) Y4 \4 a. V$ x8 i. l" U+ h! K
root@openstack-mysql:~# vim /etc/memcached.conf 1 ^/ E3 V2 e- {: l. S, x4 V
# Specify which IP address to listen on. The default is to listen on all IP addresses; K% [9 A5 \0 K" F7 e
# This parameter is one of the only security measures that memcached has, so make sure
* S+ n# D+ P* p$ ~% c7 H+ S # it's listening on a firewalled interface.5 m! X7 r+ C4 @6 W! b
-l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:! B$ o# F$ h6 n' o Q) e/ g
root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service0 f5 C# I2 m1 t" G7 w
1.7)配置haproxy$ i7 W X# c. B5 X
root@openstack-haproxy:~# apt install haproxy
! m4 Q* o3 q9 D- p root@openstack-haproxy:~# apt -y install keepalived2 P# T! a) f( H+ l5 _/ I$ Y
`配置keepalived`- p$ o1 J8 Z/ l# J8 ^
root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf
4 b/ @( r/ I' e9 u9 X global_defs {) F9 y# W7 n) K, y ~. b
smtp_connect_timeout 30: Y3 S- ^* \1 D4 c( b
router_id LVS_DEVEL* z; d$ Y/ W9 G7 M) k: P
vrrp_skip_check_adv_addr
3 `+ _; ]4 V" U$ a- d6 C vrrp_iptables
6 k, g) v' q1 v# x; I+ m vrrp_garp_interval 0
* q( G# n( t4 _) t: e7 ` vrrp_gna_interval 0% z1 V; L, m; s# n& v7 V" F
}
& x, ~( @6 L4 } \0 p , V& D* c6 H, m" Q
vrrp_instance VI_1 {& R% u4 g% g, n H7 F
state MASTER
) ^1 n$ ~- D! Q2 }5 b interface eth0
' m5 e( r7 e6 a2 k9 t/ Z5 P4 X virtual_router_id 51. F- k* a; N9 S& N0 v
priority 100
) r* g4 ]4 P1 H/ F9 l" I advert_int 1 H) `+ S8 H1 h
authentication {, A' D2 u" x9 a3 ?0 \
auth_type PASS
& }7 v( U, d! U auth_pass 1111
2 F# Q* I, d) ~ }) S/ x# o7 K1 _4 J+ Y; u y
virtual_ipaddress {% H0 I4 W! _/ S6 Z
192.168.139.248 dev eth0 label eth0:03 U6 h) e" N4 U# o! E
}
& W: ]3 h8 P' c$ ^ }
9 T1 R5 ]& S0 [- W: u) \; O root@openstack-haproxy:~# systemctl enable --now keepalived.service T! j$ ~: J, }; l0 n6 [
root@openstack-haproxy:~# systemctl restart keepalived.service
2 J6 Y* g: D! ]# E( i$ K `配置haproxy`
9 g, D- j* e' y root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
T; ~1 L4 d5 c7 s # 把后面的frontend和backend模块配置全部删除
) W( u2 Z0 D0 O; J. B3 D6 m # 最后一行添加
N* x D: i3 m2 i$ P- W. P listen openstack-mysql-3306
2 l' [6 N) h: A, O ^# u1 I bind 192.168.139.248:33069 f( w, A" y& a
mode tcp8 r" J. A) B5 X& q
server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5$ Y! U" C% ^. c- I. T/ Y
/ `# w4 f# o% v. ^
listen openstack-mq-5672/ Z0 C; @, o- `) X7 |: ?: _! @
bind 192.168.139.248:56727 l5 b' G i x& m$ \& B* R0 ]- e
mode tcp
. ^$ z5 p% ]* [, t( x( J I" t+ B: h server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 5/ C3 E0 p0 s. g9 K7 }) Y
7 ^ U5 e5 Q8 d- K5 o$ O0 _) \ { listen openstack-memcached-11211* V" @( Z5 X/ C3 G6 x
bind 192.168.139.248:11211
( T. N' U* |+ y' } mode tcp
- `3 P* a7 d6 `! W' J server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 5
/ P1 I2 l/ q9 z- q( v P9 L
5 I; `5 t. R! j& U root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf 3 h" X) M& ?- h$ q2 k9 J
root@openstack-haproxy:~# sysctl -p
. N5 P. w* f$ E0 n& M9 ^ root@openstack-haproxy:~# systemctl enable --now haproxy.service 8 r2 d5 [( p1 j8 A
root@openstack-haproxy:~# systemctl restart haproxy.service 5 f1 A: e+ u: w, A& T
root@openstack-haproxy:~# ss -tnl
! R1 B! p2 O1 s/ Q G State Recv-Q Send-Q Local Address:Port Peer Address:Port
7 Q6 l" `5 ?' O0 f( ~8 i LISTEN 0 128 *:22 *:*
; o6 S# J6 m# ^6 \5 n. v LISTEN 0 100 127.0.0.1:25 *:* . u* J# h7 c$ U
LISTEN 0 128 192.168.139.248:5672 *:* - S' p( K- k" e7 \( U" D% P( C, ^
LISTEN 0 128 192.168.139.248:3306 *:*
' s% t# c8 M3 q9 e LISTEN 0 128 192.168.139.248:11211 *:*
& C% Z O$ s1 W LISTEN 0 128 [::]:22 [::]:*
" p- {, y/ i8 ]; v LISTEN 0 100 [::1]:25 [::]:*
2 t$ }& _( s) R验证5 m# N" V$ H# j6 [# ^8 p
0 \$ ]4 i% T2 X8 ?
root@openstack-controller1:~# telnet 192.168.139.248 3306
( z/ l/ Y! f2 x( F. T' h Trying 192.168.139.248...
* D9 y' d6 Q% r5 r5 H9 s. O Connected to 192.168.139.248.
3 W6 Z7 c% W+ b; _+ ~; A Escape character is '^]'.0 l# j0 y, Y) |; t, v3 x+ j# h' @6 q
4 r4 y% \ P# N9 z' J( U
root@openstack-controller1:~# telnet 192.168.139.248 5672
! Q5 j8 o/ n$ i, h" z Trying 192.168.139.248...' Y* Q. {1 l8 }9 N
Connected to 192.168.139.248.
7 l/ Y; e/ }* o4 u! x# H' \ Escape character is '^]'., I$ T u6 Q L9 n3 ?, x* O
7 k) O+ g# \/ k2 q, n2 S& q
root@openstack-controller1:~# telnet 192.168.139.248 11211/ A2 Z' b! E. k& }$ Q& @1 i
Trying 192.168.139.248...; g8 d8 `, @ D3 }
Connected to 192.168.139.248.- l! c7 U0 ]: |2 N# A
Escape character is '^]'.% C$ T$ w: k7 a0 T) V' e
2)安装keystone. h# O8 M0 n7 {& O
2.1)创建keystone数据库
1 p, H! [9 q6 ^3 x" u4 t" s( v& H) X root@openstack-mysql:~# mysql
1 ?5 b! r% @+ ]9 m$ \4 l4 c+ c5 ` MariaDB [(none)]> CREATE DATABASE keystone;' j6 l7 d; A3 ~1 ^* e
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
# ^" H! P, k& C8 H `controller节点验证`
/ y# h8 T& S0 z; Z0 h J root@openstack-controller1:~# apt install -y mariadb-server
+ m, u7 L4 R: D/ G: i root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone123
6 \- C' ?8 N' j( F1 h Welcome to the MariaDB monitor. Commands end with ; or \g.7 N* o8 W# ]6 Z, b! T
Your MariaDB connection id is 35
( \& Z/ C9 \& e" F5 C1 L% T Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04) [9 k# A# W. o$ J* ~3 K
X. _3 {2 `2 i+ d, I0 @6 @* A
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
" A8 Y$ V1 V3 X' k- U ( j9 \2 ]) @) L
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
# y; b1 x8 P1 Y3 N % ^9 V _4 o8 C% X( z
MariaDB [(none)]>% O* C1 `4 X) S; P0 k9 t
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123
0 l7 x8 a8 J4 B. w' u, J Welcome to the MariaDB monitor. Commands end with ; or \g.
1 D" H$ ~3 @) K8 p1 i. X2 t$ n Your MariaDB connection id is 36
- u6 _5 E, C2 H8 J' e; ]' F$ f2 X Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
3 H D, J" K% k M* e 3 B% U4 m8 {( |% G( x& P5 S
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
& a) x: L1 p/ T0 A$ B9 w. D- |
8 l! l; ^6 K( ]5 U, P/ {9 ^ Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.8 \' K8 K: a6 g) l
8 s6 ~1 i6 S6 H5 O: o! k MariaDB [(none)]>
( q) X7 X$ {1 k+ J7 O; z2.2)下载配置keystone
8 C( S9 @( w2 A! b root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py3+ U8 [$ s N- {- O8 Z
`添加vip的域名解析`/ `2 p1 n% ]6 m: x
root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts4 C2 q) w" u' N# ^
`修改配置`0 v( S( o" i; `+ H S' I
root@openstack-controller1:~# vim /etc/keystone/keystone.conf8 Y) F" e+ n8 `
[database] # 在这个模块下面添加下面这一行信息
- B5 K% i( J7 U. B2 ]6 W5 K connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone% n. {9 ?! q5 S# D/ G' `
[token] # 在这个模块下面添加下面这一行信息9 |0 L$ G2 [2 C
rovider = fernet
/ j0 V) i4 r, h! H2.3)初始化keystone数据库( g, @1 m* e, t7 f1 A" q
root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
' N1 O' D/ e7 j; u$ Z: e/ G& | `验证是否初始化成功`
& k( r7 _% k0 X$ | root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables"$ u" r" K0 U" M
+------------------------------------+5 I* r# O5 R! A P. f7 g$ ^
| Tables_in_keystone |
+ B" u2 _$ h$ s5 F2 t# T +------------------------------------+
9 q# r3 B& V* U | access_rule |7 |7 s+ Y% a1 d1 J" V# N
| access_token |
3 o& J+ p. |7 J+ a) V | application_credential |
# D7 d: T% o2 p8 L+ R | application_credential_access_rule | E6 M: A# I! M& B2 F; p
| application_credential_role |5 i( S+ s7 u# a3 T% z, p
| assignment |
A: U( g5 K# C4 W p& {. r | config_register |
7 p, [5 k2 \! M8 S9 I/ O ......................................
4 A/ V$ b+ e& L. {- l. f5 I ......................................
4 B1 h! ?( I6 @0 i2 a | user_group_membership |* T* G3 S6 g. F: e, \
| user_option |$ h' x& a8 G: v q# ~( _1 }
| whitelisted_config |
" B$ c8 k/ w4 j2 x +------------------------------------+3 V) [8 C4 W( G( U G! [
) M6 g/ {/ F- O6 l/ ]! R1 e" u, L2.4)初始化 Fernet 密钥存储库8 Q6 |! N+ Q& y9 U1 A5 Y# h$ D" J
root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
, p2 e% t' J1 O7 M" H root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
4 E" ]. w2 F7 c9 `' L& C2.5)引导身份服务7 e; m& {! U, y; k0 f- P% r
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg % B7 V$ v# c- |/ x: E
# 在最后一行添加下面4行内容
4 ]8 D( P/ N- z4 m/ S( W, A listen openstack-keystone-5000: b. q' O3 ~0 n
bind 192.168.139.248:50006 J2 R) k' i; o, w5 J9 C
mode tcp. p7 @7 p" F9 f9 l0 y0 ~
server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5
7 ]1 E$ V% Y- ^4 c! X6 q6 o root@openstack-haproxy:~# systemctl restart haproxy.service
; Q& Z2 d8 p# i% V* {0 w # 设置,密码为admin1 S' R9 j% j) y% A
root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \1 Z; W; J* J: M8 f6 `+ B
--bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \
/ ]! i+ P/ t Y6 j; l1 F --bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \
! `/ m& y; r" u0 F, u# S, G --bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \
0 j- h. F5 L* s- f( g% o& w. e0 A7 T --bootstrap-region-id RegionOne
' t5 |$ i4 W) q* [ `验证` }( [4 K- M3 @
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service"
0 r4 ^$ i8 N0 F! K1 C! Q$ `+ B +----------------------------------+----------+---------+----------------------+: a$ B. I; B+ x6 O* p
| id | type | enabled | extra |* e$ x8 {2 v% O( x3 N4 ~0 L5 t+ f
+----------------------------------+----------+---------+----------------------+) Q6 n" D+ J6 a! `% z
| 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |( x3 G; A/ O9 A/ w9 z
+----------------------------------+----------+---------+----------------------+
' C8 q8 k; Q- f3 a" Y/ I* P [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "1 `" I4 [, |! d( _: D) A5 P
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
Z& l7 U5 A1 j* _" o+ x6 _ | id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |# K' P/ Y( r7 ?: ^ B
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
; L; O- h/ \+ v2 }* A | 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
6 i* T# O" i r4 T1 `8 U | ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |& n1 {$ b, i/ g4 C
| def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |% Q6 N+ I$ D" h. f7 r- M; ^
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
$ L# |3 `' z+ K3 t2.6)配置Apache HTTP 服务器" K. j. f3 g/ x2 p: w
root@openstack-controller1:~# vim /etc/apache2/apache2.conf ; t' ~+ Q% N# W- B: z1 ^3 ~6 T
... # 找空位置添加8 Y; P- h. {. B4 o4 J2 r- W
ServerName 192.168.139.31:80, Z* k9 F' Z: N n( C p
root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart" t& g s v' g: j( U
`验证服务`
, q6 n2 {+ l1 A! P: o1 | root@openstack-controller1:~# curl 192.168.139.31:50003 p( n3 E- B, M; z
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}
3 O8 |: [( B; P3 I5 ^: Q root@openstack-controller1:~# curl 192.168.139.248:50008 K9 J' a/ s+ E2 b( u2 C
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}
+ |* M. g. e7 Y, D& d1 [ B% r root@openstack-controller1:~# curl openstack-vip.stangj.local:5000; {* k9 }4 J' o1 R# V/ {
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}) j' V7 ^5 c% ~' s$ O. [0 ~! j; x
2.7)配置环境变量来配置管理帐户
% q( G, e1 ?+ X. G4 R, ^& i root@openstack-controller1:~# cat > admin.sh <<EOF
' B/ N1 O& p+ k( [4 x X# ?: _+ ? export OS_USERNAME=admin+ B- c5 x( N" h* D
export OS_PASSWORD=admin
% {" b2 |8 z( M& n! \1 a" S export OS_PROJECT_NAME=admin
2 s& C/ `5 A( o$ h export OS_PROJECT_NAME=admin
4 L% P/ N3 m+ B& f0 O9 ?9 u export OS_USER_DOMAIN_NAME=Default- l6 ~2 @; N- t( i4 @/ Q
export OS_PROJECT_DOMAIN_NAME=Default
# B6 K. ] v! M* S9 E export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v38 _8 z/ M5 e; W" X
export OS_IDENTITY_API_VERSION=3
* W! U4 e7 z' Y) c EOF
2 T4 I7 Q3 W: L: H; ] `生效配置`
, F0 A% H1 T' O7 | root@openstack-controller1:~# source admin.sh
0 i3 D% F$ M% H4 _4 i `验证服务`
$ }5 A# Y% L- O1 P" E root@openstack-controller1:~# openstack user list
' n( S. f: P. i' p0 a7 ]4 j% y +----------------------------------+-------+6 j" L1 j* _& O# v% ^( I
| ID | Name |3 H8 E* }) a& {4 E: X0 ?. Z
+----------------------------------+-------+
0 a7 s& ?5 \1 x/ [" s2 l | 5c4b6243d95742799de0fc97ef119967 | admin |5 D3 {9 K8 C/ `' _& f" l
+----------------------------------+-------+
. i* ~* `( G, m) @% r# c7 Z: z2.8)创建域、项目、用户和角色
3 e! P& S" @: I. G+ I5 e `创建域`
- v5 H0 h( \2 Q' P( a root@openstack-controller1:~# openstack domain create --description "An Example Domain" example% v4 F0 L0 |: g! k% W; [$ @. l
# [root@openstack-controller1 ~]# openstack domain list
1 `3 I: Z6 t# o +-------------+----------------------------------+ m4 M7 R2 K6 N5 R1 {
| Field | Value |
$ g: F* a4 P9 W1 D: K +-------------+----------------------------------+# |+ x- `6 p) D+ Q% M% J& l
| description | An Example Domain |1 o6 Q9 Y6 T# A$ [3 g; p' S5 g
| enabled | True |( U& q. ~+ s; r" l& B5 g
| id | 7233934db37f4e839da0bbc62bdebdf5 |" a0 a8 F4 r, \# J
| name | example |) ? I- s0 f8 K" G6 z% J
| options | {} |
- T; G( A; O8 B% ~- W% H/ v7 D | tags | [] |" a+ D7 |- Q" v$ l3 h( F3 H
+-------------+----------------------------------+* _ {' @% ^( p: G( Q6 S
`创建项目`
" D+ V7 O. r% m0 N/ _ root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service
: D+ f- |+ c4 m7 l # [root@openstack-controller1 ~]# openstack project list
3 f/ o. v* |0 S6 {4 K/ f, y. ^( ^ +-------------+----------------------------------+
2 w5 l( P" q5 Z1 Q5 O% t | Field | Value |* M0 t) ~7 v# i( I
+-------------+----------------------------------+$ A& N' A: j& G) b/ u
| description | Service Project |
1 C- m: D& ?" ?$ ^' `9 w# g | domain_id | default |- x, g; L- H, K2 o4 @2 v
| enabled | True |
! X1 v" |; ~8 O4 q: L& J | id | 024872cab1fb4329997f4bb552cc7439 |
, f& d$ h# h; M3 m6 f: A" C8 I6 F) D | is_domain | False |: q7 z* K! f/ b2 S/ b3 |
| name | service |
! }( X/ H3 D6 Z6 O | options | {} |
& H, M0 {$ W+ E1 G/ g# O | parent_id | default |
* J% q& b+ p7 ^ L | tags | [] |' @ ~- Q3 v# l% p, y/ l, F
+-------------+----------------------------------+
$ e _6 v( l, E' r6 O) W `在default域-创建项目:myproject`
/ _2 ?! C& r3 y1 c7 B root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject
0 q" i/ N. e* W% N +-------------+----------------------------------+
8 R& G$ q: e+ `, r | Field | Value |7 F" K; K6 ]" a/ | P4 l$ D! g" q
+-------------+----------------------------------+/ v q2 o3 i8 n6 x Z: C
| description | Demo Project |) N: a6 v* a9 J5 f7 q$ L) }9 q9 n
| domain_id | default |
) L! l$ n5 c8 d | enabled | True |
/ O0 Y$ U; L1 \ | id | 35e14efc4bb64fd18ab58ab793881459 |
0 y3 k: ~8 P3 W | is_domain | False |
8 Y. G: q* C* ~2 M. m | name | myproject |
. g/ @: Y3 x+ M: ~, q3 C! A. |* T; C | options | {} |8 h# @( L$ n1 Q# h( M9 J6 ~- h
| parent_id | default |4 [5 t/ o) H0 B. T2 n
| tags | [] |/ Q+ n: y: ~. ]3 x# V
+-------------+----------------------------------+" _! K4 w8 W1 x& {
`创建用户:myuser`
- Y$ S* b( X. Y7 F# b root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser
9 {! I4 j# P$ q- [. i! N/ p# b8 M User Password: # myuser @8 V! s8 a9 n1 D4 v" \
Repeat User Password:# myuser; q; Q) Y1 L# b* a% o9 |6 b
+---------------------+----------------------------------+
' {! d/ b3 ?- F& a$ {8 D) R | Field | Value |3 A' m7 u# }( N% F) V6 e; R
+---------------------+----------------------------------+, r' b+ d# {5 Z
| domain_id | default |
% z, b3 Y7 I( r3 F7 T | enabled | True |
" U1 f d* U; I" D( f$ `5 z; w$ Z/ E6 X | id | f40449a65bcf491aaf44cc4f8e09f3fa |
' M7 @/ H1 ~& x6 _: y `& y | name | myuser |
, {6 G Z$ P, D! d+ W$ T: m$ C | options | {} |) | s$ v7 |' j( X* |3 @
| password_expires_at | None |4 s M" y; Z5 j& i& s8 B
+---------------------+----------------------------------+
5 J3 U) p' \2 E9 _ `创建角色:myrole`1 K& b- R7 ~% [' a, D, b
root@openstack-controller1:~# openstack role create myrole
/ g4 a& _. J! @2 D8 E, d* h) G* E) J +-------------+----------------------------------+* C5 D. V- r8 M* A, x* b' @
| Field | Value |: N' i4 [ F' l S
+-------------+----------------------------------+
/ Z" e& K6 \0 Q% J! r% f1 ^ | description | None |
4 z; E+ m, j' U/ ` | domain_id | None |( L' e3 k7 o, k8 m* X2 Q
| id | b1cf825f18194c858ba735c3a873e87b |& n7 r/ L1 j- B5 V/ n2 M
| name | myrole |+ U a! z6 Y: g
| options | {} |
( m/ Y. J# ~+ S1 }' ]% _ +-------------+----------------------------------+6 {! d% ?8 w: }9 f9 a8 {
`将角色添加到项目和用户:myrole/myproject/myuser`. V$ z& O9 g" ?) a, ~
root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole+ f; Y# `8 d* \: O. x# o
2.9)验证操作
" e" o+ l' [+ g- J4 V root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD0 }: L: g6 B d
`获取admin的token信息`7 A$ j/ r7 T! L! Y4 g' H+ `, C
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue0 W! f6 ]) D% o7 Y2 W9 V
+ r$ y# K9 X% U0 I6 y4 l' _8 f2 z
Password: # admin% G6 Q5 f, g: u. u4 J
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+5 O5 ]- c- T! ]6 }5 l9 T& L+ ^2 x
| Field | Value |0 u- G2 Y; R0 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- `/ F4 B- ^1 H D& \ | expires | 2024-12-07T12:25:41+0000 |0 g+ m8 T2 \7 |- S6 E$ Z" b* X
| id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |
9 X. p8 H3 @+ x9 X | project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |+ t! d! k3 c/ ?: d( T" ]
| user_id | 5c4b6243d95742799de0fc97ef119967 |
# R( I& G( D; Z3 z +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
N/ ?; z$ x1 y& `3 K7 v9 I `获取myuser的token信息`
4 k% o6 W8 f( Y) T2 } root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
8 n% B* M( ^" @9 C7 q Password: # myuser
% }5 P$ ]8 A4 C0 S3 E5 U3 ~3 } +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 p/ J a- V/ D4 t7 V& X. s | Field | Value |$ h9 O5 p0 r% h
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
% B# C4 J9 M# [" g9 V% \1 } | expires | 2024-12-07T12:25:41+0000 |! a# U2 J4 p. ] e
| id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |2 ^" ^! F) A( G# ?2 ?6 m$ x3 x
| project_id | 35e14efc4bb64fd18ab58ab793881459 |2 C; q7 ~% s7 j# b9 O z
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
7 z1 C3 z3 u6 a& N +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
& Z% x' I# y7 O+ o9 m2.10)新增配置环境变量来配置管理帐户
4 K' A: i6 W5 W root@openstack-controller1:~# cat > admin.sh <<EOF
; T) H9 C# k/ @* G export OS_PROJECT_DOMAIN_NAME=Default; `" n' ?/ [8 |+ E$ u4 ^* A
export OS_USER_DOMAIN_NAME=Default
6 C* p) y- G+ x* Z* [ export OS_PROJECT_NAME=admin: U6 M# ]# @3 z
export OS_USERNAME=admin& K% _$ `& l- j* w) G
export OS_PASSWORD=admin
: u6 N" p8 `, @. V export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3 t: Z" N( K- `
export OS_IDENTITY_API_VERSION=3
8 @8 y# m( G+ B9 `4 {' t0 {0 K export OS_IMAGE_API_VERSION=2
- k& j) C4 H. P! U EOF
1 K X6 L0 G3 I* _- v% k root@openstack-controller1:~# source admin.sh
' P( I4 T4 l: G/ P% M1 c4 ] `验证`
, o+ {. I, @4 E: c root@openstack-controller1:~# openstack token issue. t" z8 V0 ]" o [* a- l
+------------+--------------------------------------------------------------------------------------------------------------+
5 d0 y+ B0 U" J, Y/ K3 l, Q9 Q' @2 _ | Field | Value |
3 r w# S1 J7 I! S +------------+--------------------------------------------------------------------------------------------------------------+' X( }* U$ P) d. l7 L9 ?! E
| expires | 2024-12-07T12:25:41+0000 |; f1 o v( T! w2 L" E% ]* g* J
| id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |; [% F& v: Y# d8 h
| | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |. Z; o6 [$ j3 g; g H4 t- e
| | qj3vDQYbVyFBbnIY |
/ I D; s4 G( v0 t& Z: w | project_id | 96bbc0e66a5246fdaf29843498ef49a1 |
7 o# n c' L% l1 X | user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |
; Z7 W, \2 m; ?, Y8 l" k +------------+--------------------------------------------------------------------------------------------------------------
9 R6 {2 }" D0 O8 ]3 d
: Y( p% n, s9 ?( D: e* g `创建普通变量环境`
7 m4 {2 P9 f1 E! D- a root@openstack-controller1:~# vim demo.sh& a4 j* z0 p* C
export OS_PROJECT_DOMAIN_NAME=Default0 F2 c, z \" x) I" m
export OS_USER_DOMAIN_NAME=Default
' T: O3 F- N; t export OS_PROJECT_NAME=myproject) _& ^! B7 N1 s; Q5 k! C6 U0 o
export OS_USERNAME=myuser5 V) Y% s) f" y8 l
export OS_PASSWORD=myuser
( ~( { A7 t# U0 O$ R export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3$ L B% P; W D+ A# B+ i4 n& Q9 ^
export OS_IDENTITY_API_VERSION=3
) ]' a1 W8 J1 V, m+ {" h7 ]$ U export OS_IMAGE_API_VERSION=2
0 A2 z& x; S9 `& s- \4 y1 M root@openstack-controller1:~# source demo.sh
5 ]$ z: Z j; J* X% s% N$ N `验证`
. S$ _: D1 c, o0 l% F root@openstack-controller1:~# openstack token issue W/ s* }+ V/ A) Y8 C
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+' e0 ?! H; z) Q
| Field | Value |. h& W& S' z6 g( g$ I
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+ Q# v8 Q f9 u" x7 g | expires | 2023-12-14T14:26:22+0000 |7 R6 d; c: u& X. ?: ^
| id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |
. G# ^. E8 r. B3 I | project_id | 35e14efc4bb64fd18ab58ab793881459 |0 w/ D9 N. H$ E, N. a! `( z2 E f
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
p8 l+ N4 |0 B8 k +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+6 p" d5 e3 f' o8 t. k: x' E
3)安装glance5 c0 e7 B# M- a& c, [1 z- M
3.1)存储准备工作
5 g0 ]& d7 V! s* [$ \& K: d0 U5 W! Y # 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs S, s% N% X8 l( ?2 x" E9 k
root@openstack-haproxy:~# mkdir /data/glance -p
6 k$ R8 k3 Q0 C0 M- D3 n8 h2 Z root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y
) k' r7 S- d- H; K, q. y0 c ! g, Y' q: l/ A& N& B! y9 F" ~; |
root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports 7 b3 T( ]9 W* Q
root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server7 U9 f5 K% K: O
root@openstack-haproxy:~# systemctl restart nfs-kernel-server
8 `% x+ w2 p& \( @3.2)创建glance数据库 b& k* X) B5 J# z6 D' j
root@openstack-mysql:~# mysql
, V! O7 L2 }" B" a MariaDB [(none)]> CREATE DATABASE glance;" M. A, L+ \" r8 g m( k
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';( w" S& {, x N& B
[root@openstack-controller1 ~]# source admin.sh ; p; W8 g1 O+ B. K
`创建glance账号`
6 v/ S; W8 R- P( w, Q2 s4 E/ I [root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance# D6 J% ^- k7 w' r
User Password: # glance
# s$ ^, t1 S; D# b, d1 p Repeat User Password: # glance
' }& D- R9 E- M; h$ _ +---------------------+----------------------------------+ @' Y, [+ ?, a% u4 a2 Y1 q
| Field | Value |
8 M6 p% a: r+ c: O +---------------------+----------------------------------+1 `# G& Q* A4 u2 P' k7 f
| domain_id | default |
9 Z+ T6 K! @ q | enabled | True |
. c$ c) n& m$ @ E | id | 34a900b8a67f40439804c830cd5957da |0 A5 K5 t6 _2 k
| name | glance |
# x! c# P, e I/ R0 h | options | {} |6 O: {9 t9 x" {! K1 ?* t3 y
| password_expires_at | None |
0 V# T- ?; m0 j" e7 n: w +---------------------+----------------------------------+- @/ o5 R' r6 f, u# c
`将角色添加到用户和项目:admin/glance/service`
" O5 p( }# r e9 ]) ~7 K9 C # 让glance拥有service项目的admin权限% B. {3 s9 S" R* q! \$ Z' V9 V: z
root@openstack-controller1:~# openstack role add --project service --user glance admin' u5 E- o6 W3 Q
root@openstack-controller1:~# openstack service list: F: | P+ S! V& N% \& y4 \
+----------------------------------+----------+----------+
$ ?: ^* \ c- } | ID | Name | Type |# l* s4 s: d0 V4 B' B9 U1 [; H8 h: r
+----------------------------------+----------+----------+
7 v" I( c1 a) L/ {9 \ | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
1 [, @, s5 V8 r) E +----------------------------------+----------+----------+
. Y, d+ r. H2 F3.3)创建服务实体glance5 p! w- Q0 z- ]1 J2 l( { f `
root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image
3 O4 o+ z1 D- A5 Q +-------------+----------------------------------+6 r6 `6 R: a9 {. ~5 q& c* F1 y) Z
| Field | Value | S2 a+ U7 z* v) U. U' x" R0 s
+-------------+----------------------------------+* z' |7 d3 H7 o& [3 {, Z
| description | OpenStack Image |/ x$ F- e5 r/ ^- t' E6 E1 S
| enabled | True |
) k$ S- o" z, |! d& n+ B7 R2 }/ s7 u | id | e53a2bd43aaf48f1840064e9cb594293 |+ N( P# _+ Y' d
| name | glance |
" T! U1 B( X3 E- z6 K | type | image |( n5 i: L5 B" A' Q
+-------------+----------------------------------+
4 k, d4 a* A( [$ H( O root@openstack-controller1:~# openstack service list
9 I* p# M2 {9 A- Z, S/ A +----------------------------------+----------+----------+
; a. m* o( {7 W2 M9 ~ | ID | Name | Type |2 f8 P8 m" K( t' e, m
+----------------------------------+----------+----------+
4 _! \- u1 p# x% c* O- s | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
+ }3 X# `" x7 c | e53a2bd43aaf48f1840064e9cb594293 | glance | image |
' }2 U$ e/ l7 c& w# ]5 k +----------------------------------+----------+----------+
6 {! I0 ~$ h9 X' m3.4)创建Image 服务 API 端点:- a# G5 ?- t2 E- D4 I) B
root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:9292
% [. m J4 T, t4 X0 z+ y3 h +--------------+----------------------------------------+
1 Y0 r7 ~/ {+ i) O8 X | Field | Value |
7 r: X2 |8 T$ _! x +--------------+----------------------------------------+/ X8 |5 j2 U4 P- a
| enabled | True |
4 U$ }7 {1 `; w" k3 @ | id | 3fc61c0f302d41359da99b80ca32853f |
( R$ I* w" \$ l- ?1 Z2 i- b0 R: L | interface | public |) k( X/ I+ s6 V0 k2 g7 P% V
| region | RegionOne |
8 c( t; ]" p7 _4 Z5 d | region_id | RegionOne |
: k, k6 t+ }; W, E | service_id | e53a2bd43aaf48f1840064e9cb594293 |7 a1 S" e. r, s( w( O0 k! Y
| service_name | glance |
9 H3 p) j. N& x8 `3 J' ~ | service_type | image |
# t" K. B ` p9 t. z# ~ | url | http://openstack-vip.stangj.local:9292 |
6 Z0 V4 u- h( h# H! G- B' D9 R% o) D +--------------+----------------------------------------+
) r& M4 @; @! }/ e root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:9292
7 Z: h+ `" W2 L, d +--------------+----------------------------------------+
5 q4 ]- d% D9 M' [) D$ L" } | Field | Value |2 ^" [# R- T4 B: r+ s6 Y# T
+--------------+----------------------------------------+7 r& v* Z/ N1 n/ } W$ e0 B
| enabled | True |( ?. J+ E: O3 ?& G' v6 `: }4 g
| id | 671f3dd8ddd643d08b922df0f9c7f4d8 |
3 H4 B, W) h- W- m | interface | internal |. i& ?5 ?2 }" ?
| region | RegionOne |
) P* g) v: m0 v1 j- y | region_id | RegionOne |) Y" o' A. k2 L! b' f
| service_id | e53a2bd43aaf48f1840064e9cb594293 |+ F( f# J+ _+ {& t7 o, B
| service_name | glance |
- t0 P, G+ M6 S" _7 U) Q3 o | service_type | image |( @3 E* M4 @, k3 I n
| url | http://openstack-vip.stangj.local:9292 |# Z% ~, {, F% f0 o1 E w
+--------------+----------------------------------------+
) c! w' y1 j4 C5 x! S3 ] root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:9292
8 ^2 G1 |" Q2 d' q +--------------+----------------------------------------+/ k2 k! m, I7 O( e" a. v& I
| Field | Value |2 G4 I/ X& J7 t8 ] | }* Z0 s: Y
+--------------+----------------------------------------+8 }8 F& q- X( A$ `6 j2 J; c
| enabled | True |
! P* b3 @( `% T2 N6 _ | id | afea7ab2f5914bcca88f088957f6144f |8 M+ D3 Y! m9 |$ X: p" t. k
| interface | admin |
8 G4 `# y+ `8 ~7 j" u | region | RegionOne |2 S: ^$ i/ g( u9 A1 l
| region_id | RegionOne |
0 X" d. z4 C1 k! ^1 S6 C Y A | service_id | e53a2bd43aaf48f1840064e9cb594293 |" m. y( b% O3 D4 N
| service_name | glance |# [2 Q% k' b. h$ y. ~# ]3 O0 G
| service_type | image |
0 p. T. }4 E* o$ W | url | http://openstack-vip.stangj.local:9292 |8 q+ J- @3 D4 f$ o
+--------------+----------------------------------------++ ~! {9 d' F: i2 G- I6 [! [% \
3.5)配置haporxy代理; u- s3 M( L# L2 U4 Z8 e) n
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg / x$ }/ F/ N. p$ K' P8 A- x
# 最后一行加入下面4行信息' |8 R o4 M) N# j
listen openstack-glance-9292
, \% c1 c) d2 L& A5 [1 J bind 192.168.139.248:9292
; [7 L' P- r' V% g mode tcp+ W# e) b: v5 y
server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 5
8 b. I8 f- Y5 ]+ K) h P, t; ~ root@openstack-haproxy:~# systemctl restart haproxy.service
- M9 L6 z. Z0 A E" r root@openstack-haproxy:~# ss -tnl | grep 9292
# E7 f! r$ t' J" h# P* M6 q" G& r# u LISTEN 0 128 192.168.139.248:9292 *:*
# j* C5 I! R8 c9 Z4 \3 T3.6)部署glance服务
% T+ ]( N- ?, @5 x root@openstack-controller1:~# apt install -y glance1 x) l' S, ~" A; b. K1 T, c
3.7)配置glance服务7 d/ j" I+ V6 A3 p" x0 R d
root@openstack-controller1:~# vim /etc/glance/glance-api.conf) c, a; F2 X, Q
[database] # 在这个模块下面添加下面这一行信息 {5 c! U8 G- W% [0 m) Q3 U; n" E0 ^
connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance9 }6 `- r1 b. @- T7 P
]3 Z6 ?& r! ?7 H [keystone_authtoken] # 在这个模块下面添加下面这9行信息+ T, J5 i) K% D1 I# Z
www_authenticate_uri = http://openstack-vip.stangj.local:5000
/ G! t6 O0 @* m% R8 A! a) g+ y auth_url = http://openstack-vip.stangj.local:5000
* H5 j' H1 W4 ?8 v9 I' z memcached_servers = openstack-vip.stangj.local:112115 m0 P7 w5 t, J% E6 j6 A7 F; j0 H
auth_type = password
9 s: M4 ^4 F8 r$ t# t project_domain_name = Default
7 p; Y% _4 T4 ]& ~, ?( b user_domain_name = Default
+ W7 }; l; q: U6 D2 B* Y- i project_name = service
; Q# K- @' f" r# c) j: A2 I3 P% j username = glance! E2 Z* m1 o% |* \3 H* h
password = glance3 w# |0 S/ o9 ]1 e
! g y; K n: Z: R4 G [paste_deploy] # 在这个模块下面添加下面这一行信息
* u/ [+ b. P9 H flavor = keystone% ]7 q4 { [8 i0 K1 E1 H. K; z
( P1 r! l& o1 z9 q: u [DEFAULT] # 在这个模块下面添加下面这一行信息9 f7 g5 G7 Y: W7 Y7 u, W
enabled_backends=fs:file7 w) q) @$ k% M) n5 E! ^
. s% L5 h+ y% h [glance_store] # 在这个模块下面添加下面这3行信息
, T. Z9 Y& A, m3 b default_backend = fs
7 A0 |# Q$ x! `# A+ q [fs]
. q. V0 T, f! |: o9 j filesystem_store_datadir = /var/lib/glance/images/
6 E/ s( H$ m% ?; }* G* f6 b# x+ n
; F, s& t) x0 z+ D: T+ c. Z+ J ' E9 u$ n7 V( ~, z
`确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`4 U$ G! w) `6 }8 X- n' P! M* F
root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader
( r0 Q8 `- }+ d4 Q7 H2 Z3.8)初始化glance数据库
- n2 G' ]$ B* y+ p6 A) {, ^ root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance
$ o! N }6 ~+ U0 ` `验证`
% b1 m7 t; `5 W0 [) R0 k root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables"
0 O7 Z; W" ^, \1 y6 V +----------------------------------+
- x* T( P8 C* g) [2 A' A6 C | Tables_in_glance |
" @5 V( [4 b2 k; D- H; ~! F6 G& x +----------------------------------+
6 Y- z4 G2 q: u0 o; V; ^ | alembic_version |
' Z5 |1 }+ \2 Y: Y | image_locations |
3 R5 t2 a& B1 d' e" r' R |. a | image_members |. a2 n* I4 w* I9 b
| image_properties |2 [- T0 ?$ X W% U) ^' o, p1 z
| image_tags |
9 K' ~0 y. d8 p8 b | images |- k+ w$ @5 ?- i, L, x; J; ~6 X1 |
| metadef_namespace_resource_types |- C0 J8 h# A i
| metadef_namespaces |
. @% I* R# ^/ ^& n I/ w2 {9 Y) J: m | metadef_objects |" E* G! M. ]4 O, b5 l2 C
| metadef_properties |& Z0 N9 o0 M. ^' X3 X2 M0 q" B# {$ A
| metadef_resource_types |* ^. N: z8 _, P4 i* W
| metadef_tags |, m& ^2 N+ p5 N2 M
| migrate_version |( \( H% u% o9 ~* L9 |1 w
| task_info |
& f+ z7 u2 K& i | tasks |
7 h9 A9 V3 W. p' Z# X* @ +----------------------------------+( ?- x- n* h( a8 R- j: Z b
3.9)启动glance服务6 i7 b) F: _6 w! C& H3 I+ T
root@openstack-controller1:~# systemctl enable --now glance-api 3 Q1 T: e2 J, M- V1 H( o
root@openstack-controller1:~# systemctl restart --now glance-api
) j) `5 _7 T* e3 L root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log
6 G3 ` W! w1 H, W& S, c3 L 2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:9292
( w/ E& [- o' M0 Z/ C S% _( ? 2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel'+ X. t2 O, ?; E
2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.0 ~6 U$ Z2 U& R Z3 d4 p* d
2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.: u, [8 [! J( V9 u: _/ _' X7 u% \
2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.8 H" P/ o+ n3 g V+ X$ W& ~
2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers7 Z H1 c ]& i# v2 E% c
2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 11724, A" s4 q1 G: y A
2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:9292$ O" B& [# d( N
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 11725
. t) I# n* _+ C( q* W c+ x R 2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:9292& j0 C6 ^ E/ [( o" P
3.10)挂存储$ Z# H: R$ g& \" b6 D$ h3 ~. [
root@openstack-controller1:~# systemctl stop glance-api 9 h s# O( D# K6 H9 D
root@openstack-controller1:~# showmount -e 192.168.139.363 P" a6 B. e w7 |6 z4 ~3 B8 H
Export list for 192.168.139.36:
" W% x; b) u2 y+ d" i8 e /data/glance *& |$ ]* D/ H. p" [
root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images0 Y! }+ F3 S: x; O' j- H
root@openstack-controller1:~# vim /etc/fstab 1 k( l W" o, U$ h4 a$ X1 A
# 最后一行添加下面这一行内容
- n. X! @) A5 S0 z5 B* u1 k& h8 j 192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 0 N+ Y# d! U* m- E% w
root@openstack-controller1:~# mount -a
- i5 o* `" S- X) l: V$ |$ B- W7 _ root@openstack-controller1:~# id glance% W' Z3 d i; n, }% v% F5 f V
uid=64062(glance) gid=64062(glance) groups=64062(glance)
8 j/ _! E9 Y+ c& o" q1 Z root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images/9 c: F# ~; {. P3 n& a5 H
root@openstack-controller1:~# ll -d /var/lib/glance/images/' K% B: g* ^- d5 l" G, m3 n
drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/
( z! o6 S5 c3 x) V0 `3 @, ` ` root@openstack-haproxy:~# ll -d /data/glance/1 d/ J+ Z: B$ d1 ^
drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/+ f/ k7 X) I4 I0 p) `0 V
`启动服务`* ~- _" |1 H9 n4 ?- }8 O$ A) |
[root@openstack-controller1 ~]# systemctl start glance-api 3 m, \$ q+ R) M( A" B: G7 Y
3.11)验证操作* V, a3 g8 @6 K" u/ ]! ^
[root@openstack-controller1 ~]# source admin.sh
~9 k9 P* }. | root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img) J5 K. f/ t i
[root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \
# j2 \3 W: e% K, @" Q2 _ --file cirros-0.4.0-x86_64-disk.img \8 e3 C: } p# ~+ W4 M7 V3 v
--disk-format qcow2 --container-format bare \
3 M4 r6 t$ {5 x --visibility public) c' R" |) T3 g7 g, D/ p4 _1 b
$ V( u( X3 Q$ ~/ ? +------------------+----------------------------------------------------------------------------------+
2 j I4 h( [9 V0 i( l | Property | Value |9 |% O0 ^1 o3 p& n% u4 l$ ^
+------------------+----------------------------------------------------------------------------------+
9 V3 b! U9 B9 r% L | checksum | 443b7623e27ecf03dc9e01ee93f67afe |
3 l" B7 i8 I! e/ a& T | container_format | bare |- m# `6 w+ T5 A% x( n' f
| created_at | 2024-12-07T13:12:19Z |. y9 i8 u8 W; X! I, r' N$ F; z
| disk_format | qcow2 |3 m& p- ~* f# [
| id | 68249b5f-9eac-4873-be74-cc11ac9af61e |
& ?- L# t( k- u, e1 ^4 @& }! i | min_disk | 0 |
: _. j" R( J1 \ | min_ram | 0 |
# ~( }2 Q% l; z | name | cirros-0.4.0 |
3 b% q8 o% a, ~5 Z8 P+ \# f: f | os_hash_algo | sha512 |
( M: ^8 f1 c! O! y. K4 m | os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |: p9 T9 n% j% B2 X, P5 v! }
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
; ]$ O* w* M1 b. F3 I. T | os_hidden | False |
$ p) E! b4 G) G, A | owner | 96bbc0e66a5246fdaf29843498ef49a1 |0 q' A0 I2 a- R" E! l
| protected | False |7 R X/ Q* y% C, ]
| size | 12716032 |/ `. Q5 }- p$ Z N1 g
| status | active |8 e7 g% r- |) S( d4 p
| stores | fs |' g" D/ |5 g) C# x0 u
| tags | [] |
6 `+ R0 l4 x- c; c | updated_at | 2024-12-07T13:12:20Z |
' V& ^) w. a' y6 O2 m | virtual_size | 46137344 |" C+ k; K$ F* g9 y+ Y/ T Y
| visibility | public |( w* q3 j" m6 r2 @
+------------------+----------------------------------------------------------------------------------+5 E1 K5 L3 U( V* e& ?+ M" v
! Y2 G0 m" n5 u$ ?+ Y+ [0 k
`验证服务`3 x' n/ n( p3 B) ^$ p6 A
root@openstack-controller1:~# openstack image list
# M0 T9 T* K. m% P" u- d +--------------------------------------+--------------+--------+
* O: l: Z" q5 Z) g | ID | Name | Status |+ @; c! q' }$ L9 S$ x0 o( |4 l1 {+ R/ R
+--------------------------------------+--------------+--------+
& F& Q" x! t4 k9 m4 j& m; u% ^ | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |
4 L3 {; @( V0 @/ ]' E; d +--------------------------------------+--------------+--------+# y" o' |2 y: d5 S# m0 d/ G! @* [1 E E3 ?
# 或者 [root@openstack-controller1 ~]# glance image-list
% G5 [7 I% L" i # 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7* i, E# `+ R! l: ^7 P e
root@openstack-haproxy:~# ll /data/glance/0 z0 J/ K% p' L; L* j3 `# x6 g5 U; M
total 12420
5 F, B, \1 \+ O -rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a# z- n- y$ F3 F5 P2 D
4)安装Placement. G% z3 W: ^, {' X) w
4.1)创建Placement数据库
8 q+ L R# c5 |; d! X# V! y( C root@openstack-mysql:~# mysql9 V8 p5 q* ^( Z, Y6 z/ I! L* s8 ]
MariaDB [(none)]> CREATE DATABASE placement;
% \; S7 F* A4 Z- B MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';3 {2 B9 t7 U3 k7 D8 { T. g, A
`验证`4 {8 `) l0 d$ Z: l5 U' [+ \0 C, o
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement1232 {5 ~1 i, M" }* z2 G* E* H4 @
Welcome to the MariaDB monitor. Commands end with ; or \g.
8 i0 H) W( B, k/ X" a$ F Your MariaDB connection id is 1185 n2 Q) m S$ m+ |' ]
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.048 c6 Q: H6 V# z( L" Y' C
9 z; c {" e: g, J
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.8 H5 a" K! l" M1 r. G
+ l! T' R7 o8 g' J+ u, S, l
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.! p: P$ R {5 A! }
6 x. U7 X$ t! v) x" g1 k MariaDB [(none)]>. u! C4 E( F2 F! Q) c
4.2)配置用户和端点
: ?' d8 W2 {# H0 I9 f root@openstack-controller1:~# source admin.sh 8 S0 E5 K! o& h
root@openstack-controller1:~# openstack user create --domain default --password-prompt placement
2 q6 M$ x" T Z' j) y) `6 a' y User Password: # placement
7 T$ j, O* ?5 ~3 K: k Repeat User Password: # placement& |3 G3 |/ K" \* i
+---------------------+----------------------------------+
8 x2 p; f6 K) c% y | Field | Value |! h) z6 C9 ?- J
+---------------------+----------------------------------+
$ h9 g% j+ B% O1 L | domain_id | default |5 j: r$ @. {0 N& P3 F; K! E, k
| enabled | True |
O. _& ]( U! |! @ | id | 804e53f0a44b4403af8278711a7274a5 | z% K6 g$ \: C# P( X9 k( h$ I3 r
| name | placement |% p+ r' o- T0 `% _2 K- k* L9 ~
| options | {} |) P. Y" x- e) _: l, i0 l, ^
| password_expires_at | None |
$ `% o( B9 K- c1 r! \ H* p+ z9 Y +---------------------+----------------------------------+
. P1 n/ @- B0 t: v7 ` ( h. b" r8 u% R* @; e0 J
`将 Placement 用户添加到具有 admin 角色的服务项目`# {/ M. f) o- A5 X# ?8 \# {; r
# 让placement拥有service项目的admin权限`. [* @$ g- `& u2 g3 z
root@openstack-controller1:~# openstack role add --project service --user placement admin
, Z0 @" t- B7 ^9 ^ . Q1 F4 O' ]; N+ l
`在服务目录中创建 Placement API 条目`
" e( q/ x- g( W: S! x root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement8 s5 H4 m% W5 l$ a' M$ [7 N
+-------------+----------------------------------+
8 N/ k" {) Y2 k | Field | Value |+ ^( {( R: j5 o/ f5 o* A
+-------------+----------------------------------+
L& Z, T, g5 t7 w+ n5 O | description | Placement API |
* X3 A9 S/ Q+ C& T3 f& O | enabled | True |
" }3 D$ R w9 {4 Y | id | 9eaa1f08648c44c5a937759d7217016f |
* D' E. E+ `7 R6 Z | name | placement |, Q# b& T( g2 n4 f' N
| type | placement |
4 a5 C, n4 ?4 F) t8 z& e: o; v +-------------+----------------------------------+0 C( i7 y1 Y( E/ G
4.3)创建 Placement API 服务端点:$ j2 p1 x; D/ N0 u! I
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:8778
" X" _9 N1 ^( M/ m3 |. F" A S +--------------+----------------------------------------+) l6 @. X! k+ B1 @
| Field | Value |
' F( E% f6 a7 y9 f) H7 @ +--------------+----------------------------------------++ J9 h- T# i( M- W
| enabled | True |
/ l6 P5 ^4 ?; { | id | 88aae422c80e4adabf613aef31fb0c3d |
0 M$ @1 K. o; Y! Z s6 q$ @$ S2 t7 i | interface | public |1 X7 M" @4 g* v5 v7 m( @
| region | RegionOne |
8 N+ [: H2 ?7 P# a$ F | region_id | RegionOne |& @. u/ U. ~9 _3 B- O' s
| service_id | 9eaa1f08648c44c5a937759d7217016f |
3 a* g/ b' U- t; {4 n8 { | service_name | placement |
& M# ?9 U% h2 O1 R2 `4 [ | service_type | placement |' l/ \6 B; J( r4 ]
| url | http://openstack-vip.stangj.local:8778 |
6 J& S) a" }& N, _6 v. n8 A +--------------+----------------------------------------+
0 Z- v9 p& T, w: T
" k- {1 A T6 C( h+ x root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:8778. h8 z0 K5 s, u9 S$ q Z
+--------------+----------------------------------------+6 p2 R% s a) C' k& r% k9 O: H
| Field | Value |
# ]0 o1 `, }" J9 H) x- g +--------------+----------------------------------------+
" L- h9 x1 i$ ]* H | enabled | True |
) ~+ R# s- I5 Q9 x. e | id | b706b4abdcdd44a588eacf5d1cb7f75c |
$ k; N7 A) _/ d0 V* ? | interface | internal |) U' P# a# L& W* [3 ]8 V
| region | RegionOne |
2 `6 f( E7 B0 h' K/ z% L. g | region_id | RegionOne |& j1 P- d, k2 z
| service_id | 9eaa1f08648c44c5a937759d7217016f |
6 E! d' d9 }9 H6 S9 F A: ]8 s | service_name | placement |3 n4 D$ n! C O6 @7 M
| service_type | placement |* [+ ^% J5 K4 E* o- M# j
| url | http://openstack-vip.stangj.local:8778 |
" ]* s/ {) f8 D: o: K +--------------+----------------------------------------+, R7 k# q5 ]! F0 Q4 X6 u
4 P, C( w5 q/ W+ n' D& p6 i root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:8778
( X3 O v4 [) U) o +--------------+----------------------------------------+
5 O7 G* Q ^! ~+ }" H# W( N | Field | Value |
8 z, n3 {- K$ T' O Q +--------------+----------------------------------------+
" o1 t( b7 S/ X | enabled | True |
9 Z$ N0 O$ a' g% V4 N' C* w | id | f62a5305854e492ea9c76e77e13b10b4 |1 S" F) \9 d% Y0 k$ {. g
| interface | admin |- `' H4 A. V# n& ~- H
| region | RegionOne |
+ t0 W W. p" ? C# L- N3 y$ g( @ | region_id | RegionOne |
0 u9 Y4 U& [6 Z8 ^& k | service_id | 9eaa1f08648c44c5a937759d7217016f | o; k# h. R* W# ?
| service_name | placement |' {+ j0 N) S# S" k) |& z
| service_type | placement |
7 K1 R' p1 H1 G; v6 \ | url | http://openstack-vip.stangj.local:8778 |+ ^5 u' `7 N' T) }3 i, l, i
+--------------+----------------------------------------+8 A t! l, E, l1 y! g/ `4 I
" s7 {3 S9 c0 [6 {5 |. s- ], A; I `验证`
% K0 r ~0 U, y4 f& g root@openstack-controller1:~# openstack endpoint list
# N; v. D7 z: C# \5 N) |8 d +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+. X+ a- E5 b2 G8 T
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
! u" X: p% C9 ^/ S9 Z0 J, o* F +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
! w8 w; {/ K7 ~* z0 V* A | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
6 b. c4 y: Y- u | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
& ?0 ?$ g& F$ z | 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
$ M8 g- r# h! d | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
& X8 V9 S9 k: C7 E( i- h2 s/ z | 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
* ~, h: d1 u1 \) Y( C: o | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |0 i1 a% j- U) O( H) a/ e- S# I1 K
| ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |' m# |. v8 m) \6 E
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |" K5 I" E+ \7 C! }* @
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |5 B% ]/ \+ m! y2 X$ Q4 m$ t: T
| def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |" c6 I* r7 X4 Z- B2 I
| e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |: y. G) N# L* v0 E+ E- `+ ~
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
/ _7 ~% r. x. m# L4.4)配置haporxy代理1 l# o% D& M) V7 V; ?
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
$ C7 K* q6 C# F # 在最后一行加入下面内容
) o( F+ a% r0 e3 Q$ s. z( ^& D listen openstack-placement-8778
5 p9 f' }6 q! U& L, r: S/ g. j bind 192.168.139.248:8778
) O0 \. K5 W, v) `5 ]' i, r mode tcp7 g w, D5 q1 h6 R9 y
server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5" m9 G- m, `' r9 Q
root@openstack-haproxy:~# systemctl restart haproxy.service
$ ?2 L. T9 }# i* i, [7 G root@openstack-haproxy:~# ss -tnl | grep 8778
/ q7 b# W) g( w2 G" y1 t1 b LISTEN 0 128 192.168.139.248:8778 *:*
6 u% ^ z1 b/ [# z8 f) k1 X4.5)部署placement9 L+ A. M' J& b i
root@openstack-controller1:~# apt install -y placement-api: r3 M4 P- L* A: J+ c! a6 Z9 D1 \
4.7)配置placement服务" j5 ?) ?) p5 m: E6 P
root@openstack-controller1:~# vim /etc/placement/placement.conf
, `; H! b0 m/ D& C6 c [placement_database] # 在此模块下面添加下面一行信息% M: g8 s: B) b4 [3 ^
connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement
8 n7 {6 B4 D$ q
& U! o! y, \1 ? ]* o [api] # 在此模块下面添加下面一行信息- O" m5 c9 j# n
auth_strategy = keystone
4 T1 Y5 c4 T1 I( f- ~" K
0 U: @0 T' P7 }* A [keystone_authtoken] # 在此模块下面添加下面8行信息 V' `. y9 }; ]& ^4 G! z
auth_url = http://openstack-vip.stangj.local:5000/v30 z* m0 f( b- C0 C+ {
memcached_servers = openstack-vip.stangj.local:11211
- p' K& ~4 S5 t" @ auth_type = password
$ I' V( h2 i: F; u/ E; ] project_domain_name = Default- T7 q4 J1 R3 P7 M
user_domain_name = Default
7 D5 O# Z3 m4 x' u4 Z. ?4 r, V3 L project_name = service! O3 l" G4 y+ j' t" d
username = placement
0 g+ Y/ z7 T' E password = placement
! k5 j; ~: e* b3 s. w$ |8 f) ]4.8)初始化placement数据库
$ Q# w, K* P6 P root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement
+ J$ l D ]& @! ~; o$ w2 y1 _6 A ) _, n* b7 m2 G1 U# i' u
`验证`
H/ h; p& p3 B- e3 u root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables"( |6 ~) n5 L# P: _
+------------------------------+
7 h9 `% \# p) T2 J | Tables_in_placement |# r* r+ O/ ^2 r& m, W
+------------------------------+
* K o. h5 Z0 V- h | alembic_version |( l: `* j8 d6 b8 i& \0 F( r1 p
| allocations |' y( A( D0 I& S. W0 G- [
| consumers |7 q+ a( L5 b: n. |+ X3 S7 h1 ?
| inventories |
. `' ~! T; M0 _3 M | placement_aggregates |- E: G8 ]) ?0 Z. _
| projects |
1 l5 N/ q# _, [) u0 z | resource_classes |2 F8 H$ Z, n9 p# G+ _# m
| resource_provider_aggregates |# T5 m) ?0 i8 w% }0 V
| resource_provider_traits |
) u4 V4 v9 e- w% }; _7 i | resource_providers |
% @$ a; ]; w# _* C1 v | traits |: D6 r' U* q5 B6 `
| users |3 Z% a) `7 i* B
+------------------------------+% P. P, @+ w ^
4.9)解httpd带来的问题(以免后续会出现403) u/ x" S! D/ A9 |
root@openstack-controller1:~# apache2 -v1 y- |8 q% t4 r4 N
Server version: Apache/2.4.52 (Ubuntu)
2 i0 h- l" n% ?+ G Server built: 2024-07-17T18:57:26
( i2 q$ C ]% R# l7 m root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf) B6 d+ p7 b. i, C7 y3 N- r# l m
<Directory /usr/bin>$ {8 ]$ t6 n& X* ~9 E
<IfVersion >= 2.4>
' p6 E0 g; C1 L- q B Require all granted
3 A& T6 S+ {" A6 [ </IfVersion>
) t4 O: I: `2 A <IfVersion < 2.4>
- P6 W0 |- `- e$ Y Order allow,deny
) O2 ^6 J% K0 `; \0 I$ _ Allow from all
2 [1 `1 z* @# O, z: r </IfVersion>
x" v' A, I p# G7 G </Directory>" I; @+ J& d. r$ o1 F' d' T
/ s& q) N; g$ }5 Z( I; M" t root@openstack-controller1:~# systemctl restart apache2.service 0 R6 v3 b$ m L3 G
root@openstack-controller1:~# systemctl enable apache2.service
( Z# T7 Y; O# J9 {" Y* T4.10)验证服务
3 j. D4 k9 M. N8 }$ U( {' z [root@openstack-controller1 ~]# source admin.sh
; A$ e. F- e+ E! Z1 \; } root@openstack-controller1:~# placement-status upgrade check& ^" S! k2 `4 O9 n) y
+-------------------------------------------+
! a* r9 \' N, S I s | Upgrade Check Results |+ g" Z5 a" T# o
+-------------------------------------------+! O( H! J' {+ S: `
| Check: Missing Root Provider IDs |
* m) G+ _0 t. k4 Y | Result: Success |
8 f+ q5 s! T- C) }* ` | Details: None |
( f$ V9 U, B2 U+ w +-------------------------------------------+
( q: P- C. P0 s2 I | Check: Incomplete Consumers |
# p: \. O$ y) I# l | Result: Success |
* c- b U) v4 v* v: c | Details: None |' L( j* N G1 O
+-------------------------------------------+
: a: w* E0 m( [0 [% H | Check: Policy File JSON to YAML Migration |, j. S8 r9 b6 ^( r
| Result: Success |
- q/ v( s, Y, y/ J3 e' O9 {% |. ? | Details: None |: q$ Q8 ~6 w% `" I
+-------------------------------------------+
' j5 F/ g% N' j& J8 C8 |! O% `# ]5 p root@openstack-controller1:~# curl 192.168.139.31:8778
6 ~: E. ]* X7 I- J$ E {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}
r. p3 r' Y* ?- L) l root@openstack-controller1:~# curl 192.168.139.248:8778
. c' }6 V( p& \ {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}. k- n6 p X, }
5)安装Nova7 E @, l" l1 P$ n. g4 \
5.1)配置nova控制节点
/ B& g* i, C" F+ F& e) Z7 ^5.1.1)创建Nova数据库4 U: ` b4 Q I& A7 M
root@openstack-mysql:~# mysql% H% e6 @5 u8 e6 }9 _; Q
MariaDB [(none)]> CREATE DATABASE nova_api;
. m0 P3 k- r; P% H7 ? v0 V MariaDB [(none)]> CREATE DATABASE nova;- Y3 Q4 D( A2 o" n
MariaDB [(none)]> CREATE DATABASE nova_cell0;
# k$ Y6 y- ~; n* @6 g4 | MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';$ F6 J1 R ?) Z* T
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
: b2 |! a# Q9 S7 p; e3 E MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
5 M1 g# H: L3 Z% z* z7 l; y6 m. I0 D5.1.2)配置用户和端点( B. T! p z* x" L8 O8 q! ^
root@openstack-controller1:~# source admin.sh
& P9 a3 b; C# F6 c8 q6 I root@openstack-controller1:~# openstack user create --domain default --password-prompt nova% v2 R# J) F. }7 a! j/ F9 }
User Password: # nova
- P/ D1 R, j( e1 Y+ I' [ Repeat User Password: # nova
3 P' H/ p2 [ \" g +---------------------+----------------------------------+9 l! \8 P1 c- W1 x J3 J9 a! i' \) @
| Field | Value |5 v& R; U6 }9 q6 ^2 P* G
+---------------------+----------------------------------+5 \1 t% ]$ `8 S- h/ h; i' ~
| domain_id | default |
% b9 h7 k- p. ?4 i0 _ | enabled | True |
! b* |2 w+ P4 L( _5 `2 | | id | 223adc571a2b4a2fa32cd7bdff6e7c3b |
, V9 s9 V4 y' Y7 v | name | nova |& H0 Q( r- j' Q5 K! m6 \
| options | {} |) i: Q0 Z) j% J* r- A7 }
| password_expires_at | None |
) h6 t, P! S$ n* p3 Y- T +---------------------+----------------------------------+
) N" `7 q; Q! ~, Y
, A- ~ ~1 G9 _. c* G `将 nova 用户添加到具有 admin 角色的服务项目`
( W a8 L4 d) g2 Z7 Y1 ?5 U( [ # 让nova拥有service项目的admin权限`
O' {9 W5 U5 y! j3 m1 U root@openstack-controller1:~# openstack role add --project service --user nova admin
( P9 s/ Z2 d& P0 p, _ 7 C; D. u% t V' V
`创建service实体:nova`/ ^' F/ Q# b8 e
root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute) p1 \" l5 @( `" C! Y1 o9 y
+-------------+----------------------------------+( t: |- u' |8 x4 X! P7 B- z
| Field | Value |9 p5 j x J2 S! N/ l
+-------------+----------------------------------+
3 u4 O# i* r# L, b+ D | description | OpenStack Compute |
+ X$ R7 V9 n: O# h1 S3 l: H | enabled | True |
4 r! a. c' B2 {3 k8 q | id | 63028385934a4290b66880dab62a4c4d |4 O3 T+ V& `0 n0 H F8 T
| name | nova |+ M8 [( {5 d6 U3 |0 u
| type | compute |* E7 i. T% c$ I1 `/ n. Q8 |# z4 u
+-------------+----------------------------------+7 N% {- |, ~4 Z+ ], i, Q
( a5 w/ U4 `! G5.1.3)Create the Compute API service endpoints:
& M. `- z1 V1 M+ L3 b5 u. w root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1
]! W; X5 C7 |, ?5 w/ k +--------------+---------------------------------------------+* [' D/ [: m( \ J% V
| Field | Value |. u e, o+ _$ {" _1 e
+--------------+---------------------------------------------+
- s+ L8 m6 N7 {1 G5 j | enabled | True |
( B% @7 J: [2 d9 \$ { | id | d5564488f45d47009640dcea5e0083f8 |! f' X& v$ ]1 q( K. G
| interface | public |
1 X! V9 n8 s8 U+ P& M | region | RegionOne |
0 [8 I! G0 t4 t& `# H: V | region_id | RegionOne |1 F. c2 O0 B/ l' T8 U
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
' ?* H$ t, ^- K# t' | | service_name | nova |
0 f/ V4 [) {' R | service_type | compute |7 Z* R Y" \( q
| url | http://openstack-vip.stangj.local:8774/v2.1 |# I; ] Y! C( @7 _- @6 U
+--------------+---------------------------------------------+
3 t( w/ |5 ?1 x* U& i root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.1- ^+ e) A: J* p# t1 a1 e
+--------------+---------------------------------------------+
, [3 O" G* x& f4 i | Field | Value |
, C+ b5 H q6 w! I; F0 J3 b$ P +--------------+---------------------------------------------+& v2 X/ _! a4 ^( j9 r, P* L
| enabled | True |
* R9 J5 \& e* z j* E | id | bce779f873ad48cdaf7aa65c9c310e0b |1 v) T. W( A' q* x: j/ y
| interface | internal |! I$ h) ?- w8 T
| region | RegionOne |, k! w' P: Q( P: f; X! x
| region_id | RegionOne |8 m9 a" _+ g9 @9 R; f _- K1 _" d% ?4 G
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |7 D: Z- d% ]2 ?. }- r0 x8 Z
| service_name | nova |
$ X: m* L- E$ { G( I0 ] | service_type | compute |
8 b" S& K# x$ f0 Z1 P- q5 c | url | http://openstack-vip.stangj.local:8774/v2.1 |6 O* u( _9 |5 j* |3 n' Q" r
+--------------+---------------------------------------------+
7 u; p! R, z$ {/ N8 y root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.12 p% t1 g8 p9 a% p% E1 u1 z
+--------------+---------------------------------------------+
" m7 ]8 `( R' `7 J9 ]; P0 O | Field | Value |# Q( o+ _4 I* y% O$ M$ F5 x
+--------------+---------------------------------------------+& N0 v) ]; U& z8 B" r$ }% m$ [
| enabled | True |* \8 p9 u L" u3 [
| id | 229163f968084cef9cc0150d1c7b14d8 |
* D ?; \6 X5 O7 A+ c1 H& e! i | interface | admin |8 m+ E4 `8 [ L: M0 Z1 H V
| region | RegionOne |2 b6 Z* ], a# O
| region_id | RegionOne |
* v6 b, A( `/ m& p5 R# Y, Z | service_id | ba27d9ae56314e208a3b9b7e1dead803 |
1 `4 x4 p9 Z* ?/ Y$ \6 p0 @; ` | service_name | nova |- }7 c h0 d0 N* D, R
| service_type | compute |
; h2 C, e1 z) d) Y. F | url | http://openstack-vip.stangj.local:8774/v2.1 |: \$ [+ G5 O5 ]& w- a5 Z
+--------------+---------------------------------------------+
5 a% c4 f4 X+ i: L6 Q. }: \+ d `验证`
) }3 C8 A2 G5 _' Q3 I [root@openstack-controller1 ~]# openstack endpoint list. x+ S) ?1 K* d B* S) T$ v
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+, M3 k# @1 a+ j
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
; n7 Y! M, S( ]4 j E u +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+/ d$ s- C4 A, q2 K
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |. a+ S o" j8 l6 s2 W/ t0 i9 Y0 E' u
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
1 ~& f% w, P; R | 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |* a7 V" W6 g: q3 B1 V4 [
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |, j% O0 a' ]; X
| 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |3 l$ f$ |+ {( A+ p6 q
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |, q2 B+ c8 Y" X$ x
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |- W- S! |" \1 Q3 G9 }; I
| ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |
7 q1 _9 [3 t* O2 R | afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
4 |6 T: s" p+ `4 P$ N. h! ^ | bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |
+ m3 _% |7 J, |+ J! ~ | d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |! r0 ~# e4 S2 W' D1 r) ^3 p
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
f& u& L; V) E! E. ^) _3 v | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
! E0 u9 N, u" D& Z+ U | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |) c$ X; K, a& s# H" T: u+ V
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+- O5 ?. e; [. v! x8 k- R/ d- I
5.1.4)配置haporxy代理: G+ y7 |! C3 f- ?
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg {' f- r( ]- L
# 在最后一行加入下面内容
2 F$ N q6 b3 O N' }' G' r9 K { listen openstack-nova-8774
; ]) b+ _: I3 D! v: f: i/ U bind 192.168.139.248:8774
+ \9 [: ]+ ~& u8 R" t* i( ]9 a mode tcp/ a* ]7 }4 P/ U1 D
server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 5
2 h0 {0 q7 x" |, f
& }' S& D, T3 a% c* |! a1 _) ? listen openstack-nova_api-8775
- u" k: n8 P% {. n% X bind 192.168.139.248:8775$ M7 a, T' T5 d% a9 k
mode tcp6 j/ [ ^) k# B* J& R
server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 5, t7 y% O( z! Q) ^% h
/ w" @0 n/ w( ^$ W; M* f' L root@openstack-haproxy:~# systemctl restart haproxy.service
1 Z/ K) m& A3 C! r root@openstack-haproxy:~# ss -tnl | grep 8774( a$ p6 w& o% X) u
LISTEN 0 128 192.168.139.248:8774 *:*
. c/ e0 Q0 p* ?9 o% u$ P. i5.1.5)部署nova-conductor0 o/ Y5 R! V8 A8 s1 f+ v. ~# _5 ^
root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler
) I- x* ]3 w3 C: c5.1.6)配置nova-conductor
- _* |9 {" e$ r+ }! O root@openstack-controller1:~# vim /etc/nova/nova.conf
* j& h8 o3 k: [7 G' O1 s [DEFAULT] # 在此模块下面添加下面4行信息
" o* [5 m5 g' b; m" L3 M. L- ~% { transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/
: {2 {1 A/ s7 `7 U u my_ip = 192.168.139.31$ n$ h+ Z9 g, U0 i6 Q9 _
- M, Y2 E" A( E4 w/ k1 A' G
[api_database] # 在此模块下面添加下面一行信息: r" j: y5 p' E6 W) H; f
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api3 H0 k2 F4 Q7 T& l0 L
3 a# F5 @* t3 [' [
[database] # 在此模块下面添加下面一行信息7 I! A' C4 N2 r) s
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova* H7 j# [5 }* x3 d- E9 n% Q0 x
; K2 D1 W: u9 S2 c$ b
[api] # 在此模块下面添加下面一行信息
4 z- _* e# }8 y B auth_strategy = keystone
+ Q' k( l; g/ z( I8 c1 |
8 J6 S2 |0 ^5 W" t' w! ~! { [keystone_authtoken] # 在此模块下面添加下面9行信息7 J7 y, y: y- T/ p+ G* p
www_authenticate_uri = http://openstack-vip.stangj.local:5000/
8 H& N* f2 M! ^( Z) W4 n# l auth_url = http://openstack-vip.stangj.local:5000/" b4 W0 x5 f6 {2 x
memcached_servers = openstack-vip.stangj.local:11211+ @0 g' k3 }% o) _2 ~( P9 q6 [# K0 c
auth_type = password
1 [1 z( f0 b K# Z, y1 }2 v( ^: F project_domain_name = Default
8 b6 z3 z3 _" `) A0 o6 d user_domain_name = Default
6 j5 j1 W/ p, l7 T% j. g; X project_name = service
' D/ c- U# U% C) K, e; S& z username = nova
' K2 I* u+ a( L password = nova6 n( t( G) Y5 b+ I
z% |3 l! @7 w+ \4 U [vnc] # 在此模块下面添加下面3行信息8 R# q$ g7 y! c u
enabled = true
$ R! ^0 A; o5 L2 s& s8 c2 M server_listen = 192.168.139.314 c. k$ x' T5 {. |; E3 [
server_proxyclient_address = 192.168.139.318 v: E/ ^, q# @* U9 R0 K
% V. k7 | A: x+ r# k' l [glance] # 在此模块下面添加下面一行信息* q- W: c* Z, X t4 Z: \3 G
api_servers = http://openstack-vip.stangj.local:9292
; w+ {' J8 f6 R1 `, o }9 r( I1 c: B+ Y2 r. q4 ^
[oslo_concurrency] # 在此模块下面添加下面一行信息% X% s6 g m4 r5 T
lock_path = /var/lib/nova/tmp3 i# ^! S8 D6 A% c; ]9 M' S4 c
' t0 h& x" K5 J* A! V: ^$ x9 h
[placement] # 在此模块下面添加下面8行信息: D! z) ~ M- e* b4 u @
region_name = RegionOne' y! ]) X w! d8 E9 H
project_domain_name = Default" _( _' g" b; g! D# x# g
project_name = service
" D% a$ w6 B! t7 I! U. i' ?9 y auth_type = password
$ v# j2 F: u. L5 n* G/ g user_domain_name = Default7 A( F: g0 `0 W& h; I3 Z# H
auth_url = http://openstack-vip.stangj.local:5000/v3
" A5 z D) x! E5 \( e0 |+ c: R# b/ q username = placement
$ Q( Q, K7 T, x! d/ @1 Y5 q password = placement
- M( S/ i! Z& D$ g2 C! g) j# B
! a0 K9 k- A* l- T [service_user] # 在此模块下面添加下面9行信息2 B8 E9 o' i; m: z2 t2 l% V H
send_service_user_token = true
$ L$ h7 c$ n" Z auth_url = http://openstack-vip.stangj.local:5000/v3- A7 g, h% P- J& W6 ]
auth_strategy = keystone" Z) s3 e" Z: r( I% Z" z) L
auth_type = password& H* U$ @0 w" d9 b4 ~! y; a& @! Y7 Z
project_domain_name = Default% ~ r8 ~1 n* c: X
project_name = service
- P, j/ g8 C4 p- H& Q4 J4 g% v user_domain_name = Default' {: q1 v3 E; D' e! C5 u( M2 ~
username = nova6 [3 w( V+ v( g2 ~, W
password = nova
( S; T; }' ?* x6 q- \9 W7 p5.1.7)初始化nova数据库6 V" t+ s* ~) s% N7 E( u7 k9 v' R. W
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova
: p5 T5 B; [# X2 m" X9 K1 q# f% p root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables"4 T1 U5 F; R# X* N; z, d! G
+------------------------------+
" j6 `" U& r( S# N7 j | Tables_in_nova_api |( ?+ b4 J: o! B* a, ?
+------------------------------+" h0 U* Y5 n- o; T* c: b
| aggregate_hosts |0 m) y u+ Z X
| aggregate_metadata |
1 ]) Q p7 V- k s4 g, k | aggregates |* `9 w) }# B+ Q, b5 U1 W
| allocations |
+ H0 T" Y/ [7 s7 Q | build_requests |# [9 r" ^3 b3 U5 d- C
................................
" d( Q6 Y4 g5 D3 y ................................2 X! O; C; b* x
| resource_providers |
0 U4 P' n$ [+ ?+ g6 t+ g | traits |
4 B/ f7 x8 \' h" s: e6 Y | users |5 L K6 U z& g+ b9 h4 e# W+ Z
+------------------------------+5 W7 ~( k1 v/ {) p( y
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova1 m2 F& H; y& n' m# ~
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova, K( ~8 ?4 B- ?6 ~( k" ?& q
..... H) ^6 H( b/ Y/ e/ p% Q7 w) j. R! }
c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
& G$ G! B# S! k" j( |+ Z6 d! M
2 X4 D t' Y |9 V; r) N" t root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova
# {- B% K- b, n1 o5.1.8)验证 nova cell0 和 cell1 是否正确注册:2 Y* F; k( _/ p" F# A1 K$ q9 r
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
0 F. H1 p" A/ o +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
4 ]: p5 b" T0 W$ R2 M | Name | UUID | Transport URL | Database Connection | Disabled |; c3 @/ L& k0 x8 p, E* \& M
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
; }- G* K. ?, @ K | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False |; i& r/ @/ |) X7 k$ c/ Z8 H
| cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False |0 s0 A* o1 o4 z2 {. Y
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
, J( |$ W4 y: P! K 0 ]0 M2 J# t# M; w) |9 d
5.1.9)启动服务* h9 a1 {* `, ?2 r$ W# N% G3 ~
root@openstack-controller1:~# systemctl enable --now \
5 u" D, _3 J9 ^. v [/ e nova-api \8 p* @! k: a9 T2 K. u* t9 d
nova-scheduler \
" {/ M8 y j+ D5 Q/ I8 C; ]* ^ nova-conductor \
# z( g8 Y8 w: T2 r nova-novncproxy- x2 o$ l% e+ q1 A
root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy- c. K! r! m' V ~. ?
5.1.10)把novncporxy代理到haporxy( ]- j( V- a) p# {. H4 m
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 3 U: s* d K( F
# 在最后一行加入下面内容2 i. k; ]: x9 Y
listen openstack-vnc-6080
' c& ^0 N+ j3 U' J: z1 D* ^ bind 192.168.139.248:6080
( o7 O2 U& @: m0 S# E6 h+ C( }9 d mode tcp" G1 H& q, v/ }& l! `
server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 53 U. x$ o/ [; c1 y3 d/ D6 Y- E: u5 M# D
root@openstack-haproxy:~# systemctl restart haproxy.service
9 ]- U1 B4 E; l6 s0 i root@openstack-haproxy:~# ss -tnl | grep 6080( a# K! \+ \$ v! W
LISTEN 0 128 192.168.139.248:6080 *:* 2 C0 {5 m& U9 \; s* F6 j& `. n
5.1.11)配置nova重启脚(为了方便后续实验)
9 W1 B* a: _) M# f$ g [root@openstack-controller1 ~]# vim restart_nova.sh
; @( @& r9 s0 i+ K0 z8 I0 s a #!/bin/bash& l$ F# X9 v3 V0 K; E! R* T3 R
systemctl restart nova-api \
' K: o1 I3 |4 c0 X! ~# Y- p nova-scheduler \
, b/ o4 k* i$ Q' u nova-conductor \# b6 f% v& u( I
nova-novncproxy
5 I8 t( ?. q; {: M( @# u! a5.2)配置nova计算节点
+ S% |% A$ ~9 N1 Q4 I; v必须保证开虚拟化1 _4 P" r# z, f
" Z9 A e# z8 r0 [; _image-20231215224936327
* F# Z. S+ Q5 j' q
% a8 U; a2 ]8 c& p# a5.2.1)部署nova-compute
) }( \6 i5 O6 v: e# x root@openstack-node1:~# apt install -y nova-compute! ?1 t3 o% R% M4 d
5.2.2)配置nova-compute* ^) o. P% M4 g- y8 y
root@openstack-node1:~# vim /etc/nova/nova.conf
9 O+ I% C0 r- Y7 o- Y$ t# W8 Z [DEFAULT] # 在此模块下面添加下面4行信息
- N9 D. }/ b5 b9 R+ \/ m1 @ S. R transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672// \6 J( {1 Y6 S; C5 F8 K" p9 f
my_ip = 192.168.139.341 ~, v0 W2 `7 J3 ^' T, E& z
# state_path = /var/lib/nova
: Q+ ^7 Y" ^! Q6 @2 c
! g$ S% y: `% E$ {9 _/ G1 y# ^( x( ] [api] # 在此模块下面添加下面一行信息
( J% ^$ C/ V- Z* ^# R auth_strategy = keystone$ E9 Y/ k, e9 d8 h) V6 {" }
: \0 F4 V4 c- r" Y4 P4 q
[keystone_authtoken] # 在此模块下面添加下面9行信息8 p# n/ Y/ H: R
www_authenticate_uri = http://openstack-vip.stangj.local:5000/% b# o+ ?* e' y5 L
auth_url = http://openstack-vip.stangj.local:5000/
9 O K# i( h$ r, P% v( `3 p. J memcached_servers = openstack-vip.stangj.local:112113 o; ?% U5 F# X7 b3 l
auth_type = password" B0 a9 q- i$ R( _, f( ?
project_domain_name = Default, u: l) p$ P) r* G8 t/ P
user_domain_name = Default
3 k k3 o9 L3 j project_name = service
& k: \3 m( M: @9 p v9 ~ username = nova( O" y# N8 E$ e
password = nova
/ l t& c' _4 B; B 3 i& Y5 j. d2 h# e" s) W" q( k
[vnc] # 在此模块下面添加下面4行信息
# k+ h& P, z$ H2 `& s/ ^ enabled = true/ R) ]" d& v# Y& L/ h
server_listen = 0.0.0.0
8 A, |% V& x7 J8 j1 a, j# ?$ v server_proxyclient_address = 192.168.139.34
7 D( Q7 X0 K" E) b/ O* u$ w9 i novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html
- }9 H# ?6 L/ D( q& n- @
) x9 ~1 q; B5 D+ W7 G. T [glance] # 在此模块下面添加下面一行信息& y4 e( N3 N5 {0 K( r5 S* M0 h5 Y1 n8 R
api_servers = http://openstack-vip.stangj.local:9292, S, e/ \2 z2 b3 J! m; w% h7 `
/ t, ]3 i2 f! M, v
[oslo_concurrency] # 在此模块下面添加下面一行信息
& B; r- J- V" K* V, q, s lock_path = /var/lib/nova/tmp! D1 p; Q g- H1 z# ^1 V& z
4 \7 s5 ]& A- B% I, @& C5 I
[placement] # 在此模块下面添加下面8行信息
+ b# ]; x% U }5 y1 \7 S region_name = RegionOne
7 W; s5 t3 e( l, ?5 i' j% ~ project_domain_name = Default0 f: J: l& Y8 p2 ]& e2 ]$ H: S
project_name = service
/ \9 c# a' i; O, f" z1 h% z auth_type = password( O; m) B7 r- R2 k: y) j% z
user_domain_name = Default A* W; z$ O7 D, X" w2 n, f
auth_url = http://openstack-vip.stangj.local:5000/v34 {9 v7 m% y8 l1 x: J* I
username = placement
( N& }" H& L. L6 V$ c5 H* v password = placement
, ~( `- n# G1 O; J6 v6 u( Z1 S5 W2 { ) u- ^7 g# V/ ~/ p4 I* z; f
[service_user] # 在此模块下面添加下面9行信息
& g2 ]& q6 p3 f1 V |' Y send_service_user_token = true, D! T' \3 b; Y6 E" O+ P
auth_url = http://openstack-vip.stangj.local:5000/v3
! x+ N0 Q6 g6 [) C E) J auth_strategy = keystone8 f& I! }! u9 a' _+ N* K$ @
auth_type = password% T3 B5 e5 g8 B( `4 B. A: q
project_domain_name = Default
} P( M: B- {) }1 d project_name = service
! b1 i! M2 q; n+ a" o user_domain_name = Default
$ D- ~. i/ _' |, h% ?' N* `5 S username = nova
$ b1 a: n* T% {: S7 p password = nova; y N( I* x$ ^. l* P- ^( M$ C) N. V: K
4 a3 i% P9 [7 [# e( r# n
root@openstack-node1:~# vim /etc/nova/nova-compute.conf
. J6 l2 ~ n$ Q) K# d9 \ k# _
& A O& y2 c, K# [ [libvirt] # 在此模块下面添加下面一行信息
1 l* @# O; r' {' |7 ?4 q virt_type = qemu5 B3 h( m2 D ^4 c o" q
$ h. l+ h3 d/ [5 g
`检测是否可以用虚拟化` x d: u' S4 L
root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo# ^8 q% A5 Z @8 P
4
; o& o% \% ^6 W! Q5.2.3)配置hosts解析
; w B! m1 {5 L1 L$ m$ ` root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts* r" Z4 E0 t4 b
5.2.4)启动服务
, _+ F$ t; s$ }% d root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute
4 O- m5 |, r/ M% A& ?3 c, v' M6 _ `编写重启nova-compute脚本`: P, L$ @- g, {9 Y# @) y
root@openstack-node1:~# vim restart_nova.sh. t2 O; ~# n9 Y/ h$ t
#!/bin/bash
0 A: m7 o7 p1 N2 E3 w m systemctl restart nova-compute# m [3 Q7 _5 {% c& U5 o
root@openstack-node1:~# bash restart_nova.sh
, S: e0 k+ ]0 C0 Y; a% D / w2 n, Z- o1 G
5.2.5)验证服务
i X! M1 L, L" K V root@openstack-controller1:~# source admin.sh , l; j: z& D6 f4 O6 p
root@openstack-controller1:~# openstack compute service list --service nova-compute
* y( w) }. s3 a3 }- h H$ i5 L +----+--------------+------------------------------+------+---------+-------+----------------------------+2 `! P/ W* w$ O q7 p ~
| ID | Binary | Host | Zone | Status | State | Updated At |6 i( V6 |( y+ x7 Z. ^$ [$ K: A* l
+----+--------------+------------------------------+------+---------+-------+----------------------------+
$ L$ u: ~$ A! r; H7 n! O | 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |
: Y- ?& J% D; t4 F( ^ +----+--------------+------------------------------+------+---------+-------+----------------------------+
) i. c" K& U( n5 Y" ^5 J) u5.2.6)发现计算主机! l# ^* N( p1 }, L+ ^; F* Y* N; E
如果加入新的node节点需要执行下面操作
& q( C9 Z: {8 N$ }1 I& p1 g) o: G( A6 d0 t
[root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
- M/ S, E* V4 Q. s1 M ^ Found 2 cell mappings.
6 M0 o7 @+ a/ Y Skipping cell0 since it does not contain hosts.
( G4 e' o. `! A3 f( K# ~+ ^ Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f" N2 C D% B& y1 E/ @9 V
Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
5 K0 Y% G: h$ R* _ Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
. }; ?( l9 u" ^ Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f6 Z1 F. t! m" g) n/ J/ A, E
5.2.7)配置自动发现计算节点, n% }& M; J! z* K+ c
[root@openstack-controller1 ~]# vim /etc/nova/nova.conf( P5 x, ?0 c2 C
[scheduler] # 在此模块下面添加下面一行信息% j' s: Q: U4 D3 l% I8 u- l+ ~
discover_hosts_in_cells_interval = 300
) Z" W9 x5 Q' t% y0 P `重启nova-conductor服务`
* p% q# |- l9 ]" x7 I! L p3 Y: `. H [root@openstack-controller1 ~]# bash restart_nova.sh 9 |6 z/ @* y; [ h+ q
5.2.8)验证操作! M$ P( V) ^4 _% l X
[root@openstack-controller1 ~]# source admin.sh $ ~+ H! z, D8 X4 l: x
[root@openstack-controller1 ~]# openstack compute service list
) P" u& R4 x& f; _* p0 |% R! o: c +----+----------------+------------------------------------+----------+---------+-------+----------------------------+" i! l6 P! p1 d( S
| ID | Binary | Host | Zone | Status | State | Updated At |% J7 f) }% U9 U) p! P
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+- V9 G% P7 {' e# L! {
| 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |3 ]# ^3 B7 Q: h9 `. \+ y- T
| 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |+ W) o1 T2 ]/ P1 U
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |
2 K. m/ p F% j0 w +----+----------------+------------------------------------+----------+---------+-------+----------------------------++ S: w" P6 ^' g4 O3 D9 z: B
root@openstack-controller1:~# openstack catalog list
+ W- R; N+ U2 m- ?) ? +-----------+-----------+---------------------------------------------------------+1 E& p+ n% w7 Y5 T, u* `
| Name | Type | Endpoints |
$ |4 }- s# P* g7 S2 C +-----------+-----------+---------------------------------------------------------+ z P, d+ n: b, `) ~. ^; e
| nova | compute | RegionOne |/ w+ G: W3 z$ K, r7 T) u/ ^, A
| | | public: http://openstack-vip.stangj.local:8774/v2.1 |8 ?& b R+ i* H* d' h( [; n7 X
| | | RegionOne |
) H( G/ i# n+ O | | | admin: http://openstack-vip.stangj.local:8774/v2.1 |+ v" S& M H0 A3 `4 [
| | | RegionOne |
" h% @ G0 K6 a8 y3 @! | | | | internal: http://openstack-vip.stangj.local:8774/v2.1 |1 x- K0 b) Y/ J/ K# g, A& l; ]
| | | |% @* d" `$ S# n3 u7 c, q9 z& p
| glance | image | RegionOne |% x# w; m& C4 t# U$ E/ i/ _% O: v
| | | public: http://openstack-vip.stangj.local:9292 |
8 a `) U2 s, }4 ~: h- ]* { | | | RegionOne |
& N" o6 ~- T8 N. Y9 G | | | admin: http://openstack-vip.stangj.local:9292 |: e; |; V( @, \: g# Z- T: ?- Q
| | | RegionOne |
8 q" o) L$ I; ] | | | internal: http://openstack-vip.stangj.local:9292 |8 K8 @! p8 P' H3 ?
| | | |
% { g0 G- e* w) C# L | placement | placement | RegionOne |4 I/ K r6 _* u! y% Q, K3 U" t3 D
| | | public: http://openstack-vip.stangj.local:8778 |
3 R: a' [/ F; h7 r | | | RegionOne |+ ^: Y8 r$ D0 b7 g1 D8 e
| | | internal: http://openstack-vip.stangj.local:8778 |
$ z4 I0 i6 {8 V) S3 t | | | RegionOne |) a$ Z6 ~4 a+ E" e: R6 i* F& ~' O4 ?
| | | admin: http://openstack-vip.stangj.local:8778 |& O) m* m+ J3 R8 k7 F
| | | |+ U& r& E1 E! U' L( _; _. O" g
| keystone | identity | RegionOne |# E! u3 s8 H; M! [7 R5 U8 d# y
| | | internal: http://openstack-vip.stangj.local:5000/v3/ |0 N0 u/ L8 K& T- Q. B* }
| | | RegionOne |
3 \5 ^& Q/ t6 T' ~) h+ ^ | | | admin: http://openstack-vip.stangj.local:5000/v3/ |8 `+ d" r' b" Q
| | | RegionOne |
* r$ K4 k8 W" u" Y+ s2 u6 b! Z | | | public: http://openstack-vip.stangj.local:5000/v3/ |7 y4 V- w5 X/ Y- n0 D4 ?
| | | |
- G; B7 _, L7 T +-----------+-----------+---------------------------------------------------------+
* S2 s$ O2 R: k1 p ! V8 C" y6 C7 O, i
root@openstack-controller1:~# openstack image list
+ U% a; l) D6 S8 z: s2 X +--------------------------------------+--------------+--------+
3 X: H, E4 h; `# d% K/ W | ID | Name | Status |
; g( K8 c- ~5 G +--------------------------------------+--------------+--------+& B, u2 r9 w* A$ v
| 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |% ~5 K7 M `, m8 ]4 f
+--------------------------------------+--------------+--------+
8 ]( |; Y% E( ~4 B5 G% R" G8 w
" z( l* K. u* h5 J5 ?$ Y* s root@openstack-controller1:~# nova-status upgrade check
! B' ]4 L4 s; c. M4 k" ~ +-------------------------------------------+8 y3 o3 l# P0 x5 O
| Upgrade Check Results |
6 ~& J, M, i8 c* H$ Q( b +-------------------------------------------+) v' b9 i& u, S' m7 `5 B
| Check: Cells v2 |; j$ W q# S) S' K1 _7 B2 ~
| Result: Success |
: R6 W6 W. g/ n | Details: None |; R: g. s# e. d2 B4 @
+-------------------------------------------+
) W/ K! o1 R# g9 u | Check: Placement API |" p3 O# l: m1 o
| Result: Success |
* p3 A c+ L# ^& a! D | Details: None |
! x+ K9 F; `3 M* X4 K/ y. z +-------------------------------------------+' k, e* ^. h, F9 k& d2 A: @8 ^
| Check: Cinder API |
8 W% {9 Y7 l1 i | Result: Success |
: |$ {" H+ _) ?2 w0 L+ h | Details: None |
: G) g* i2 F/ ], q1 h3 [ +-------------------------------------------+9 N; o' D7 D3 ]: W
| Check: Policy File JSON to YAML Migration |
, M; [: P" u) g1 y% u r9 U | Result: Success |$ w0 C" M3 t7 |. x4 h2 n
| Details: None |1 D+ t) g9 ?; [- p
+-------------------------------------------+" c) _8 f9 k4 ~5 u, g- Q/ }
| Check: Older than N-1 computes |6 s# X0 u& ?2 ~' U+ B
| Result: Success |- k9 P0 S4 M b% `+ n: d, W
| Details: None |
% O0 Y9 k; L6 l +-------------------------------------------+
3 N- ^' N5 U3 i | Check: hw_machine_type unset |2 N! d/ l5 B0 S: T! B
| Result: Success |
( N9 ~5 {: ^" l' q5 Y | Details: None |+ j! V- `) f/ m; V+ x7 v' m) \/ q# q
+-------------------------------------------+
: c/ i! w% [- s4 `5 h | Check: Service User Token Configuration |
+ w1 {/ U+ |$ G | Result: Success |9 C6 i" L- H4 J9 L3 B% Y* K/ ~
| Details: None |8 q( D( o) K6 _2 t" ~9 Z- Y
+-------------------------------------------+4 V/ A. p2 ]+ M7 ~2 I
6)安装neutron5 |% u" M, e$ N5 w: m( I
6.1)安装neutron-controller节点4 g0 t) V6 @! o1 \0 a
6.1.1)创建Nova数据库
$ Y* j; }( r: Z! B: @' s% L. w root@openstack-mysql:~# mysql
, g- t& ]; Z( |: q; F3 i MariaDB [(none)]> CREATE DATABASE neutron;
& E+ F5 ?/ X9 g J MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \) C5 R) R* E8 t
IDENTIFIED BY 'neutron123';
1 h: V: C: Q: m, V- v' o/ s9 n+ k MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
7 L) r7 j. H, D( v3 x IDENTIFIED BY 'neutron123';
& g* z+ ]2 l* a: ^& ]6.1.2)配置用户和端点2 H1 Q, W8 l6 C" g4 ^1 N& V
root@openstack-controller1:~# source admin.sh
# \$ M8 L G8 u" L' ]9 v# a root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron) M* L! r \" ^) I e% T
User Password: # neutron' z- ?( A+ ?) q8 B1 y* k( S
Repeat User Password: # neutron
: X/ I8 ?5 j3 h +---------------------+----------------------------------+
* ]+ o. Q& B2 O& h! } | Field | Value |1 K c& R3 \: A+ {
+---------------------+----------------------------------+; Y- D5 N0 V% H: A' d1 D! L. P
| domain_id | default |
, z5 h0 l- D* K. C* R7 n8 V | enabled | True |: X2 E" o% V! z' O7 ~
| id | 282317cd0bb74396a7a12dcdd96aeed0 |- e1 V5 j" p* j
| name | neutron |: D g/ w8 h3 y: _: Q& X3 A2 Z
| options | {} |& A% _3 S$ e |" p8 i: j! B
| password_expires_at | None |: x, ~) i, N% f$ l2 ~ W% X6 h
+---------------------+----------------------------------+. u+ p- O7 T* E9 S& V+ T% q
7 z! [; u6 h/ @/ Q8 x' I+ a `将 neutron 用户添加到具有 admin 角色的服务项目`& K ~. ~" y# v8 k- Y
# 让neutron拥有service项目的admin权限`
: r1 V% M/ i' K1 v8 F root@openstack-controller1:~# openstack role add --project service --user neutron admin
, M7 u8 }/ M/ l0 V! l. b `创建service实体:neutron`
' _, T6 f# Z9 M( y root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network7 i1 u1 H$ V" X: U9 F9 D. I
+-------------+----------------------------------+9 Q& s: Y; h) G9 N6 S, A
| Field | Value |* N$ O( s3 s# x) f
+-------------+----------------------------------+
! \0 A+ o' i- H | description | OpenStack Networking |' J2 l4 V* p4 [/ [( g
| enabled | True |
& e: y4 C5 `" H! x | id | e4ff8c65882a401a83e2203ce49daeaf |
1 E# D8 J7 l7 j8 W9 }7 n | name | neutron |! f5 J- H4 X2 S+ p' A3 S
| type | network |; U2 J& h8 I8 v+ f9 \
+-------------+----------------------------------+
, }2 ? i# K' h' o" d& F [root@openstack-controller1 ~]#
% Z* }8 F; ?% c4 V% Q7 F" i" {6.1.3)Create the Networking service API endpoints:
- |, y, p: C5 P2 }! v9 A [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696* e3 I( [1 i) L3 b7 u$ `2 [# B
+--------------+----------------------------------------+4 o0 o/ I- p3 M
| Field | Value |% w# f# q) ~4 }3 X- U
+--------------+----------------------------------------+
/ L, i# l: Y& r$ x/ g3 k | enabled | True |
0 ~4 r' h1 l. r/ \2 _ | id | 970ca60adf5746299d48f7659d500809 |
+ e4 g3 o/ t2 _# y | interface | public |2 l- i9 h1 y1 @& b- [
| region | RegionOne |
; n: R7 [; m6 _8 X" W" j0 R | region_id | RegionOne |
# ?5 `4 Y! R( v+ c& g& } | service_id | e4ff8c65882a401a83e2203ce49daeaf |
$ F5 V) ^ a8 M ^4 }$ E | service_name | neutron |) U0 [9 |) o4 s* }/ M
| service_type | network |
. w9 F3 `2 H* |: y | url | http://openstack-vip.stangj.local:9696 |, b9 R" C- c4 Z6 L/ I5 C, X
+--------------+----------------------------------------+
) L* ]# Z4 f; j0 p( { [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696
" b/ R1 B5 L3 k8 F$ N! m0 e( E1 \ +--------------+----------------------------------------+8 J- Z5 |; L& g5 F0 v& Z- @8 A
| Field | Value |% ~ k4 I) k( t! i+ p! c1 m) v
+--------------+----------------------------------------+
3 e1 k z2 S( l/ R- e! t7 W | enabled | True |& F& {! J; e* B* W# Z
| id | 4c5f5ffbba4a4c668377a86cfd4a2320 |
' Y) [2 x& K( S N | interface | internal |
, b2 u2 m+ @1 I/ d | region | RegionOne |
. |- j9 A: ^7 ]( e | region_id | RegionOne |
3 ~5 R4 ~. l; d1 s$ G4 b1 e" H7 s | service_id | e4ff8c65882a401a83e2203ce49daeaf | g5 ~" u4 c$ ^) d
| service_name | neutron |: ]( W+ m2 T' m
| service_type | network |
9 {( t+ n' Q; f ?' g9 n | url | http://openstack-vip.stangj.local:9696 |0 w4 D/ u2 I0 l, U1 P- i
+--------------+----------------------------------------+0 y8 J* S+ D8 R0 N. @4 F
. f& k7 D3 D; f- [. y
[root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:9696' _% {! h! z5 Q& t8 R1 m0 g
+--------------+----------------------------------------+0 U. _, t- m* B6 v
| Field | Value |( h9 I7 s/ `4 {/ s; l$ _
+--------------+----------------------------------------+
. ]: u" Z& a8 ^: L& x0 g7 F2 ? | enabled | True |
9 n! Z% L/ s% ?; G! [3 i4 `6 {# t | id | d8c4e83eab66486983680b69520ca92a |$ Q/ b1 A3 ?7 u7 t3 A I+ ]6 J7 ?
| interface | admin |5 f! L& ~- E. a1 I# S' R
| region | RegionOne | u! m# O: S2 r$ r. F$ Q+ M
| region_id | RegionOne |" T* L/ T0 f" |& B! _# y+ ?
| service_id | e4ff8c65882a401a83e2203ce49daeaf |/ g% e/ r3 n, d! _% D% U5 C
| service_name | neutron |
h) Y# F' w Q0 b' Q9 y | service_type | network |0 Q) R' X7 f/ j$ z; f; M: b
| url | http://openstack-vip.stangj.local:9696 |; w/ O) V0 w% i9 M/ R7 p9 l3 i
+--------------+----------------------------------------+' y9 G( j5 A I
6.1.4)配置haproxy5 `7 R5 B0 p3 z; l7 t
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg / v; c' W0 v- o/ H1 ?
# 在最后一行添加下面4行内容
! [) [0 X% z4 |! d0 Q. W listen openstack-neutron-9696# R& q- @3 O& X6 }4 o
bind 192.168.139.248:9696
7 ]7 T$ P2 @5 O! }5 W5 s mode tcp
/ R* B' j) b& V2 b, E& F6 T4 T% Q# G server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 5
+ l6 B8 ^# y( F' [ W root@openstack-haproxy:~# systemctl restart haproxy.service
% ~1 `% T9 i0 b8 ]: \# n6 M5 o. v root@openstack-haproxy:~# ss -tnl | grep 9696
J1 N) {# g4 F5 M y6 L5 K' @ LISTEN 0 128 192.168.139.248:9696 *:* 4 c& P5 q0 [8 e& k- W
6.1.5)部署neutron3 h/ y7 w$ C4 b- E' ]
root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \& g4 ~8 r' k' p' W
neutron-openvswitch-agent neutron-dhcp-agent \
' p' ?2 _; P$ B/ c) b7 K# ^ neutron-metadata-agent$ N1 I0 j8 H/ \; P+ O
6.1.6)配置neutron主配置文件
4 A; o S; a- G+ S9 X, Z root@openstack-controller1:~# vim /etc/neutron/neutron.conf# c0 l7 D# g& F( l' `+ t" C' y
[database] # 在此模块下面添加下面这一行# a% W$ }4 g- L2 Z. p% h( S8 o
connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron
: l- _& n( N. i# K# A 4 g: }- V8 C, F* T
[DEFAULT] # 在此模块下面添加下面这4行
, M$ ?1 P+ r& G; J core_plugin = ml2
2 m! b( i. x9 @8 o1 M service_plugins =
5 C3 X3 e1 V! K% g; n transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local2 j* C1 m7 C7 g' \9 @. O
auth_strategy = keystone6 p2 `6 Y, i3 v- `1 ~
notify_nova_on_port_status_changes = true
* d, y( G% H5 R notify_nova_on_port_data_changes = true1 M$ Y$ ]& L" ?, d' H
1 _9 _4 A" }, Z) c8 t
[keystone_authtoken] # 在此模块下面添加下面这9行
/ J9 h. l6 U- m; J R1 o5 f www_authenticate_uri = http://openstack-vip.stangj.local:5000
8 @. c- U3 n# a5 m- X H7 X$ h auth_url = http://openstack-vip.stangj.local:50000 @2 `4 j. Z; ^1 D; D$ L+ i
memcached_servers = openstack-vip.stangj.local:11211. c5 p& w2 g6 s' ]- b, {
auth_type = password* Z. R$ c& T, K$ @2 a
project_domain_name = default( o3 y3 K; A# ^9 j& {
user_domain_name = default
/ J3 Y" P# f9 L project_name = service# N; b4 x C e$ y8 }2 K/ [
username = neutron+ I! v1 L, q% l, \
password = neutron
2 Y, R5 M8 \7 c" Y+ x A# n
+ I1 ` u6 ?1 D: M; S # 配置文件的最后添加下面9行" u; H+ V' m7 y: h% o% l% R; z! D
[nova]
, i& e9 `+ h# J) ?4 L' q* n auth_url = http://openstack-vip.stangj.local:5000
; R7 O6 b$ U0 Y, X9 } auth_type = password" W) M" q7 T( q: T
project_domain_name = default$ J) i8 i; i9 f6 i
user_domain_name = default4 R. d3 h" s+ {/ ~# E) l _
region_name = RegionOne8 W e3 m9 w0 _/ w3 _6 d
project_name = service4 k" u" e4 a: D8 \( p! r2 g
username = nova3 m' n. o! @+ A0 X1 W' l
password = nova
! j! F, V6 L) r4 E; ^ $ ]: `# Y ^$ b
[oslo_concurrency] # 在此模块下面添加下面这一行
0 A0 [1 z4 l: D4 O" C0 a3 d" _+ J lock_path = /var/lib/neutron/tmp
- U1 @5 G5 R# J! l; v/ z+ B [" f 3 ` \0 ~9 }4 u, F. A
! q) V0 r+ x* j' |& D #service nova-api restart0 J9 r1 O; J. [0 w% B
#service neutron-server restart" r9 q q) `9 [1 _+ Q% _
#service neutron-linuxbridge-agent restart
; g. `/ X% ^: ~ #service neutron-dhcp-agent restart
( A p4 K9 s, B, [, g2 l #service neutron-metadata-agent restart
. F9 s4 s A" A) }4 y" p6.1.7)Configure the Modular Layer 2 (ML2) plug-in8 Q/ L" t5 L; L E8 l c
可以从网站上获取完整的ml2_conf.ini# M- n1 _/ E$ ]% w) s" M% H; k
! H% C. k2 ?: W& o) V9 v
https://docs.openstack.org/newto ... s/ml2_conf.ini.html+ E& w# ^9 N! D$ s# E/ N
0 x- J1 S, b$ O3 r; A+ \) A
root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini
: D9 E/ `) G3 o' S H" Q [ml2] # 在此模块下面添加下面这4行
A1 L2 C1 I5 L1 j type_drivers = flat,vlan
& B. a7 \2 V9 n( S$ z- Z# g# \ tenant_network_types =$ }& ?; e- Y$ Q x) O
mechanism_drivers = openvswitch
% |( k* J+ O1 E+ v9 f extension_drivers = port_security- O9 D# D/ x! A5 e
0 O# X0 S' X# Y4 `
[ml2_type_flat] # 在此模块下面添加下面这一行
3 S* \, R4 i$ @$ f8 b! n3 F; | flat_networks = provider
& X- b4 Y& s) t5 V 6 J( j+ y1 ]" ~5 Y+ u, O3 z
4 F9 y9 |. D/ s1 X Z. G `最终配置信息`7 F% Z5 Y, \8 s+ v% I
root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini
/ x' `8 z- K* X9 s2 s [DEFAULT]
' R% R- p/ } i3 E( o, B+ A [ml2]
; S( D1 W! Z' ?8 _ type_drivers = flat,vlan' ^8 ]; _! b8 c) G p! Z
tenant_network_types =
* t1 w% |4 z* j* d. @; K5 P1 {# [ mechanism_drivers = openvswitch
% d8 O" a, ?4 j, ?- ?: v" E" o extension_drivers = port_security
- n4 r8 Y: V* U' t+ j [ml2_type_flat]: w6 O7 ?3 _1 [$ m/ C
flat_networks = provider
* j* G! ]1 M& T$ [/ Z* M [ml2_type_geneve]8 x Q, c: T! z0 ?
[ml2_type_gre]6 @8 p& i: F) X8 n: u% u
[ml2_type_vlan]2 ?! G( j/ r9 ^$ F0 X& q" l
[ml2_type_vxlan]
( g |2 K: q6 s/ @' Q: ` [ovn]
: b, y! d/ ^4 u/ M" R4 j [ovn_nb_global]
! f* {- }, m5 b3 q9 s$ C [ovs]. Z- @/ ~, [( E$ Z+ y# G
[ovs_driver] x# H9 x+ D8 f- Z6 L$ Y
[securitygroup]
' j0 L' x+ r6 Z1 Q) N* p [sriov_driver]) c2 @( h5 X# |) k/ ]9 S6 A" M- P! z
6.1.8)Configure the Open vSwitch agent/ ]8 b! F. p1 X7 f/ T
可以从网站上获取完整的openvswitch.ini
: e5 F) J; L3 W1 F
; {$ j2 |5 |- c; dhttps://docs.openstack.org/newto ... itch_agent.ini.html: z% Y4 V9 B+ x, ?" Y
5 q8 J/ d9 ?- g$ |2 d) C root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
) r: [0 ^! b' r5 t6 { [ovs] # 在此模块下面添加下面这一行
( }: |6 c9 H9 C: { bridge_mappings = provider:br0
$ s c( p' A. `& C6 x # P1 c* ^4 C5 N+ g' ?- e
[securitygroup] # 在此模块下面添加下面这2行
1 Q" \* B, \" s1 x; O! J. ^6 X+ j enable_security_group = true
" C5 `1 Z8 u' h+ z2 H$ g0 q4 y0 t firewall_driver = openvswitch7 Q! h+ Z8 \: _9 U! i7 U
5 _& f' G$ P# j: M
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`+ `4 E+ G) K9 W- c9 k4 I
root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf' }! O7 N& h) ^# G7 x+ Y
开机加载网络配置8 }0 \6 n/ G S
( Q$ m/ Y- Q; X$ n# L4 _ #!/bin/bash
# n2 j$ q* w/ s6 M* h. a ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31
/ M# a: _9 |: | ip route add default via 192.168.139.2
; K3 i4 ?7 T$ H- ~& t# t+ t echo "nameserver 223.5.5.5" >> /etc/resolv.conf2 d' Y, N/ p" b; M- J W
6.1.9)修改内核参数
& q9 R9 L7 j( ]! M. u' ? root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf 3 d9 N7 w! R. }: j2 c6 n% \; |) @
root@openstack-controller1:~# tail -2 /etc/sysctl.conf, `% z$ d0 ?+ K" Z1 u" T
net.bridge.bridge-nf-call-iptables = 1
! G1 s# d$ q4 w$ [( \7 a net.bridge.bridge-nf-call-ip6tables = 19 f3 w7 }. I2 k# }+ w4 m2 ~
`加载模块并让内核配置生效` ! r; z7 A' o$ l, e* }6 u
root@openstack-controller1:~# modprobe br_netfilter
$ f M& |3 \" }7 z/ \ root@openstack-controller1:~# sysctl -p
; \3 ]. P4 O; J6 @ net.bridge.bridge-nf-call-iptables = 1
, b. p* h5 H; G+ l i5 e net.bridge.bridge-nf-call-ip6tables = 12 U0 F7 `& G% Q8 ~- {
6.1.10)配置DHCP- c9 y: v- k8 E! n0 a. F
root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini) x: F9 \; `; Q3 M/ t u: U% a5 X
[DEFAULT] # 在此模块下面添加下面这3行
) x" m' I/ z, _2 V7 y interface_driver = openvswitch2 L4 }; }" U# z5 M
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
* c$ M* K6 Z) ~$ N, H enable_isolated_metadata = true2 S* z% S2 Q$ i/ h
#enable_metadata_proxy=True4 o6 _4 l, N* v* B# a! u) q
#metadata_proxy_shared_secret=openstack, W/ e: A( i1 ?9 z
6.1.11)Configure the metadata agent
1 U3 z1 u# t+ O7 P# t+ B7 I5 z) ~ root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini6 u; s- z4 p4 ~3 M! `5 d
[DEFAULT] # 在此模块下面添加下面这2行
+ o" J+ l6 D$ r0 `7 C8 _2 }1 k% J nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址( ~. `) ^9 V4 I4 V; W4 ^. ]8 A7 d( R
metadata_proxy_shared_secret = openstack" r* u( d' r' G1 }- h" \
6.1.12)Configure the Compute service to use the Networking service
4 Z+ M- w6 D/ ?$ A/ X7 l root@openstack-controller1:~# vim /etc/nova/nova.conf
. ^+ n0 \9 n: g [neutron] # 在此模块下面添加下面这10行
' J8 O9 g1 y. Y6 U0 _$ \0 T auth_url = http://openstack-vip.stangj.local:5000
) a; O, v) p+ f0 U9 b auth_type = password
3 V9 y( ^$ Y# \7 @) H; G6 m project_domain_name = default
5 B, R9 P$ V: b user_domain_name = default
( ^0 R5 Z6 J5 `1 x: y) o5 ` region_name = RegionOne( f% g5 I3 O" B5 U2 F7 b( `
project_name = service/ f9 t5 Q- @ f+ u
username = neutron/ Q k& ^8 H! w9 R, ]
password = neutron" x. U* _+ ~7 V( O
service_metadata_proxy = true
" B/ y% P7 h' D( \4 [" ^0 f metadata_proxy_shared_secret = openstack+ G, V }. Q5 ]
6.1.13)初始化数据库& L6 R |: k$ j5 f- ]4 h: G/ L
root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
2 P( }: ^5 O+ s ?* R) w root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
4 z$ v$ Q5 Y7 ?/ `" |4 j8 v7 W% \ `验证数据库`
% Z* ?* y9 r9 n6 R8 m, f! \- f root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables"8 B5 o, Y. _$ V: _% a6 {
+-----------------------------------------+
4 _2 c5 t4 m3 @9 V% o | Tables_in_neutron |' B' K" P6 f' u7 ]3 F9 q
+-----------------------------------------+% W* T( g6 F9 U4 g+ w
| address_scopes |; t5 y' K7 ^* o8 G9 Y W
| agents |. b% e, H w4 w7 |! w
| alembic_version |
% G: }" T$ O" l6 j6 c/ f# L) k | allowedaddresspairs |
: q% K& P# L& @5 B' F | arista_provisioned_nets |
5 A2 X4 m) \ k2 @: U ...........................................) K3 F6 @( Z2 \
...........................................
; W/ E0 c, Y! k8 j/ d# Q5 F | vcns_router_bindings |, z( J4 D0 d) ]& b- j ^, k
| vips |! Q$ x% _( v7 j O$ `3 D, P9 `9 }% N
| vpnservices |
7 l( e! A( g- U9 L +-----------------------------------------+
5 j: C# z2 r+ m8 ~ , I3 ` l% r# K/ r H4 I$ s
6.1.14)重新启动nova-api API 服务
$ F& S1 `; y% P5 p root@openstack-controller1:~# bash restart_nova.sh
' B! B2 o* s8 u' U3 `, q6.1.15)启动网络服务/ Z+ |4 f$ `! t% J' s
root@openstack-controller1:~# systemctl enable --now neutron-server \
# z. B5 _6 e) d7 w+ R& N neutron-openvswitch-agent neutron-dhcp-agent \
* z9 |* W, C) ?, W+ w neutron-metadata-agent
& r4 }# a; G" J+ L0 p3 @3 Z- h1 z6.1.16)编制neutron的重启脚本. ^2 E8 o# g9 t, Z. y$ n# d
[root@openstack-controller1:~# cat > restart_neutron.sh <<EOF
- ^8 s K3 N. k u1 T& C #!/bin/bash l! E# C3 I& C% S# b+ o
service neutron-server restart& \: @+ k! Z3 C0 X' `$ M
service neutron-openvswitch-agent restart5 O6 s) E$ X5 w H E! t
service neutron-dhcp-agent restart3 L) f$ T$ _# z; C6 L) {. r
service neutron-metadata-agent restart# f$ j1 _6 S0 ]6 G# X8 [# E0 Y/ Y
EOF5 E' l: N, V7 i9 F, Q F; {% U
[root@openstack-controller1:~# bash restart_neutron.sh
% s* o( B' J+ L# ~6.2)安装neutron_compute节点& a8 V3 U5 A, \! w6 s% R
6.2.1)安装相应服务
9 Z8 [% f$ H+ w root@openstack-node1:~# apt install -y neutron-openvswitch-agent2 K; G M7 Z: o- f" r
6.2.2)修改配置" L! t! f1 ^- S
root@openstack-node1:~# vim /etc/neutron/neutron.conf
: h9 ?5 l2 ]" ^9 h; c9 k+ H" R4 o [DEFAULT] # 在此模块下面添加下面这2行
7 h( Y s( I# y- H; }6 Y transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local7 ~, K9 [7 @7 X& ^9 U7 o" T
0 c; }% N m$ ^; b) S [oslo_concurrency] # 在此模块下面添加下面这1行
9 X& [1 x0 t% G3 ?$ {2 o9 u7 t6 F lock_path = /var/lib/neutron/tmp
& S$ V$ u4 F. ^' Q6.2.3)Configure the Open vSwitch agent8 O) o+ U1 m1 b! A, B
可以从网站上获取完整的openvswitch_agent.ini
2 `6 l7 G; U. ?! m" |. m# I- m/ c; Y+ g( I
https://docs.openstack.org/newto ... envswitch_agent.ini
/ j" G& i2 k+ {! s2 D
/ w7 X+ \2 A9 k- c, }+ @& j9 r root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
/ R0 G4 R3 b( H# ^- E# w [ovs] # 在此模块下面添加下面这1行
6 h9 _) b/ H) l' V' w2 h' A2 Q bridge_mappings = provider:br0
5 o2 }8 x( L% [/ }1 t. t' \; S
0 k* ?9 _" ?+ T9 k) C4 I1 z [securitygroup] # 在此模块下面添加下面这2行
; f5 A& ~* p3 f/ {+ j! Y enable_security_group = true
3 h$ e4 H6 S2 r* i/ J/ k" X/ F! ` firewall_driver = openvswitch& W" \( y- q5 B7 u2 v4 z
, q, Z2 u% l9 F) v
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`* n* h2 E2 @, q" [
root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.2& w. ^" J7 P# ^) m
开机加载
" O7 }7 Q8 j. T6 V
1 r' W8 B# V# l2 N# E# } root@openstack-controller1:~# cat /etc/rc.local
1 S% a' k8 ?3 A) R3 x9 S0 w #!/bin/bash
' S' U2 I( O0 D! N4 f) ` ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34
" q1 H0 q c( d! R) a; v% n ip route add default via 192.168.139.2, |5 W: r C* _1 B o! a3 ~, `
echo "nameserver 223.5.5.5" >> /etc/resolv.conf! U: K. |' o e/ }& @
6.2.4)修改内核参数
, |; E, F) g4 l. y! c0 ]8 K; H6 l0 @& O root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
6 {% o/ H/ L( E% C5 Q1 ?' |% s * l2 d: ]" j- c/ r5 e& r
root@openstack-node1:~# tail -2 /etc/sysctl.conf
) H" T$ F; P. E, x9 J7 D net.bridge.bridge-nf-call-iptables = 1$ Y- r: I' k' P! a/ `
net.bridge.bridge-nf-call-ip6tables = 1/ w% v2 @. \' Y" `7 o. x
`加载模块并让内核配置生效`
4 n6 |" @. q: S5 m4 @) r- d# d root@openstack-node1:~# modprobe br_netfilter- ~% i7 m7 c/ @4 s ?
root@openstack-node1:~# sysctl -p
$ A, c x/ Y f( |8 V6 q4 C* Z4 M I net.bridge.bridge-nf-call-iptables = 1
% K: }- y" D8 Q3 A net.bridge.bridge-nf-call-ip6tables = 1
- V4 i, D7 d. N' O6.2.5)Configure the Compute service to use the Networking service9 q+ I4 R) e% }" C! C
root@openstack-node1:~# vim /etc/nova/nova.conf
6 R* S Z, q% ~0 r6 E; A [neutron] # 在此模块下面添加下面这8行1 e" P$ d( L" Z) v( \% v
auth_url = http://openstack-vip.stangj.local:5000# T3 t) Z' v: s5 g' a" Z! H
auth_type = password* G' q2 Q, P* z7 M W, m6 F/ f. ~
project_domain_name = default
9 e0 u+ d* O9 G+ _ user_domain_name = default. \9 c% j" | q0 o: X3 ~ g
region_name = RegionOne
7 n: E* H/ _$ n; Z9 G) u project_name = service
; _6 f/ j8 k/ U+ [- j username = neutron/ j+ Y6 o2 |1 B* z; O3 x- C1 c
password = neutron
6 H9 m1 @2 q" o! O service_metadata_proxy = true
/ c! I( S' X7 Q- F% K metadata_proxy_shared_secret = openstack
# s* \5 S8 z% G9 `6.2.6)启动neutron_compute5 z7 l& W" Z$ ?# v
root@openstack-node1:~# systemctl restart nova-compute! X7 t8 n" A6 Y; |
root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart+ \2 C6 ?4 S ^6 y: {4 O+ b Y; ?
6.2.7)编写重启neutron_compute脚本 Y/ b; A8 X7 j0 [" G0 D% C, P- A
root@openstack-node1:~# vim restart_neutron.sh% z$ j8 C$ Q- k" d
#!/bin/bash* d4 F# j$ f* \# _ ]1 t
systemctl restart neutron-openvswitch-agent
G$ B6 J9 o6 a( e; D# @1 o/ K/ Y6.3)验证服务
# x7 s' {5 C* A: u [root@openstack-controller1 ~]# openstack network agent list7 i1 P7 o) J& O# \" Y1 V9 P% J
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+7 ?# h( F. O3 a6 I! D0 }
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
4 h+ R7 ]4 S+ _/ B3 q/ T; }' u% O +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
5 t2 `4 I& R! k. N- f | 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
5 k5 r1 n# s6 m0 |6 Z0 I% h | 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
5 f# {1 E; X: j9 A) a6 O: Z | 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |
$ M5 w/ z+ {! O+ }/ ` | afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |
. }, S4 n' S* F; T* N7 K +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
! v0 \/ r& O! C) G3 @5 Z [root@openstack-controller1 ~]# nova service-list
! s* O* R+ }2 ^. R +--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
4 ?* q) t. C" v4 b, p; @' U4 R, P | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |+ f; T$ J- H' `8 M7 P% M8 f) N
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+3 q- V. z( _( D
| 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |
' A- b) h5 M! z. d, e4 S {; ^ | 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False |5 `( j+ D( v6 F8 t( R: k
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |
7 i7 F5 v8 J$ m4 K' [* w! @ +--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
0 y+ t1 S+ C; n7 T* P$ y - j& P+ [0 L8 y# J% c3 u3 y, _) }
7)创建测试实例. ]5 N4 W# M8 Q3 L6 P4 E; n( ^
7.1)创建一个provider网络
, g/ s$ O. k# {; } ~ root@openstack-controller1:~# source admin.sh
& Y$ M. y' z; ]* q: q6 H root@openstack-controller1:~# apt -y install bridge-utils* Q( t1 D8 i+ h P
root@openstack-controller1:~# openstack network create --share --external \' E5 z: G h$ g
--provider-physical-network provider \0 W" A* N6 Y" d/ M
--provider-network-type flat provider-net' j" Z) q8 c/ I! x7 B1 R8 \- Q
#####################第一个external表示创建一个共享网络并声明他是一个外部网络#######################
6 T: W* r' u% e* B6 K% \1 D/ X9 Y ########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########/ A' f' T) k' s5 K% l& `; ?
############################第三个external-nat表示提供的桥接网络的名称############################
2 y. E( F d& A! R root@openstack-controller1:~# openstack network list0 W. {2 V- [9 L$ w) E
+--------------------------------------+--------------+---------+
" o$ n* Y8 R j) \5 E, u | ID | Name | Subnets |
: Q4 i- G3 r, v3 h +--------------------------------------+--------------+---------+0 _$ g$ `4 @) n0 {- O
| c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |
# R! A$ B& Y$ F +--------------------------------------+--------------+---------+( z4 C; O2 A+ `- ?& B2 ^
7.2)创建一个子网- [4 x" C$ g0 L* P: J2 M5 J
root@openstack-controller1:~# openstack subnet create --network provider-net \
1 Y ?1 p2 r2 z1 {' E/ `+ } --allocation-pool start=192.168.139.100,end=192.168.139.200 \
9 r/ U9 c7 X2 q, } --dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \2 l& T/ ^; M9 V0 W, ^# Z
--subnet-range 192.168.139.0/24 provider-sub
8 i) M" u3 E I1 w4 A) f) M) f ############################创建provider-net的子网provider-sub############################
1 l; ~8 v0 O4 \3 Y; s: R5 Z* P. H `验证`/ W/ h, j) a5 F2 }6 J. @
[root@openstack-controller1 ~]# ovs-vsctl show
g! h- w$ E b" c! J 28a508de-e0a2-418a-b357-4a93f9f69127
* W9 S, Y( H3 a E2 S Manager "ptcp:6640:127.0.0.1"
7 M, K, w* r' q. ]+ M is_connected: true
. k8 G, _0 O# B' W- t$ k z( o" M Bridge br-int- k# q7 A; c! c( I
Controller "tcp:127.0.0.1:6633"
5 \- k4 C' J2 W; [ is_connected: true
- \# V: o; F+ K9 b fail_mode: secure+ ~8 [% X# i. S( I$ _! I
datapath_type: system9 z9 D' u- p/ q0 ^ B/ e" F# O
Port br-int+ X) f: r p, b# l) i" J# o' `
Interface br-int1 F) s" _# ?5 F: |( z
type: internal1 y; L3 O: H$ U9 f, A' ]
Port int-br0
0 _" c. |$ i3 E- R8 K Interface int-br0* E M4 R0 A, ]6 y$ E
type: patch2 r% _! U7 D! ]: o4 B0 R6 F1 R2 s* f) x
options: {peer=phy-br0}
; ^/ ?. F9 F$ ?' p/ h0 O Bridge br0/ {4 m1 Y4 z1 d$ ]; I& p8 e
Controller "tcp:127.0.0.1:6633"
1 d; Y/ P5 E) B$ K$ M is_connected: true
! e8 w" w# v( X4 w* D fail_mode: secure
% S" k. }: }" Z( @; m1 i4 F% j" O datapath_type: system+ K# e9 w) O+ ]% b. C/ i4 B2 n
Port phy-br0+ {! M3 L4 `# v& f0 J! h2 Q k
Interface phy-br02 _* S, R# j3 \
type: patch% f; r7 u3 N) t \8 \. w
options: {peer=int-br0}& u- b, C0 |4 C2 h! y
Port eth0* R( I- C0 Z0 C$ ~" J" w
Interface eth0
& ]! Y' N& K' j$ h Port br0/ F8 j3 U5 M- `3 D1 ^7 ^
Interface br0! b3 m+ W. m- l9 U, e
type: internal8 J3 z2 L* x) z$ R7 N
ovs_version: "3.3.0"4 r8 T3 b$ c9 H. ?, M7 ^
: G+ H8 d& f. B7 }" t( T [root@openstack-node1 ~]# ovs-vsctl show
* d( s' H/ D; Z ea324764-3f52-419d-94ff-784dadc75aa9) \; v+ ]9 p: R1 l
Manager "ptcp:6640:127.0.0.1"' C7 T% \! ~. ~) O3 Q
is_connected: true
. k; H% \3 [9 \0 Z) y5 k' U4 ^ Bridge br-int: K% u0 _; l, v% K# p, l& x/ s
Controller "tcp:127.0.0.1:6633"
9 @7 W" g; ?' g6 D& f# @$ t is_connected: true# n) {) d Q* h: l9 j
fail_mode: secure
* Y# F2 ^0 u" p; A4 O' R datapath_type: system
/ `7 y* d1 j% j Port int-br0
0 X9 J( o( [ w* T' ?- g3 ? Interface int-br05 u' v8 }$ b; B: q1 m
type: patch8 e& m" j2 @+ q2 o8 y
options: {peer=phy-br0}
" d/ S9 [# _6 x Port br-int* W" O$ h$ \) Q) S+ l
Interface br-int
) z, Y. e8 j2 h5 R& g. @. @ type: internal# F: U7 A$ `6 w% \# M
Bridge br0" G3 D" m# G/ `
Controller "tcp:127.0.0.1:6633"
) j8 s) T* |) L" K is_connected: true
: z6 |" I7 C$ B# Y fail_mode: secure
. E7 D4 l. E( n. z datapath_type: system
: j" V2 r! ?8 L9 T Port br00 u' Q4 ~9 Q2 o; m9 [, e
Interface br0
* c' ]. _0 Q+ S2 M: S+ L6 g type: internal+ _: U$ j" g+ B# N
Port phy-br00 w- P! g1 Q, ~: ?, ?' R4 h
Interface phy-br0
* S) p1 G* m* C( i* X: H; n type: patch
' u1 A# E% M, t m; O options: {peer=int-br0} N! y# u' D8 c( }4 b8 |
Port eth0* q8 Z x" b/ K# c% v
Interface eth0' \5 R$ t8 N6 \8 m; h
ovs_version: "3.3.0"+ B9 Z, R- ?9 L! |$ a" D1 n# X
7.3)创建虚拟机类型
8 w4 O; {1 b/ f3 ~5 U [root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano$ W( x* s5 v( Q- X7 m4 T4 T
+----------------------------+---------+
4 h2 B4 T& Y; Y0 ]7 J3 f | Field | Value |
+ v# A4 }* f6 }- p" u1 R) O6 f +----------------------------+---------+! b* J$ a/ y$ G! M
| OS-FLV-DISABLED:disabled | False |5 i- T9 V7 I) u) ]) b3 n
| OS-FLV-EXT-DATA:ephemeral | 0 |
( I& c+ A4 W& n% Q' z2 e' l | disk | 1 |
) |" r- g$ f) {1 Q2 i# y | id | 0 |; v4 Z: u( l9 n( ~0 A
| name | m1.nano |
' n6 S/ |: Q/ N | os-flavor-access:is_public | True |* g L# E$ D$ V3 {( Q+ H
| properties | |
( R0 p- N; S5 } | ram | 64 | A0 @8 Y( S4 t( G" N9 F: o
| rxtx_factor | 1.0 |' @4 r9 g$ Q+ c- y" o# q3 V
| swap | |! V$ U0 i9 S* P9 ~: I- S3 u
| vcpus | 1 |
2 _" N& e) E: d$ d% V +----------------------------+---------+" T7 k+ t5 t3 W& }& f
7.4)生成密钥对: U. ?9 Y! n% C; v* X$ K
[root@openstack-controller1 ~]# source admin.sh 5 T; ]+ l; C2 t# _ ^
[root@openstack-controller1 ~]# ssh-keygen -q -N ""
% `. p3 \6 p7 S, S [root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
, Q0 _# }6 F2 t5 p" `9 l) S +-------------+-------------------------------------------------+
7 Y: {! F( t1 Y9 S4 F | Field | Value |
6 o5 p) }$ G8 X) D, x8 ~ +-------------+-------------------------------------------------+
* _( k% d2 ]5 R& F& F: B- g8 { | fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |7 D* N/ R2 I% X/ X$ ^. i6 e4 b
| name | mykey | g: X$ A: A+ D7 Y
| user_id | 5c4b6243d95742799de0fc97ef119967 |
, k" U& q$ T* v" W2 Q! g +-------------+-------------------------------------------------+; D4 ?( N8 H* t5 p, A6 \! S
`验证`8 {& Z- N- y* y8 X% q
[root@openstack-controller1 ~]# openstack keypair list" j* k( P: r( H& F
+-------+-------------------------------------------------+
( |$ Z7 y! L3 k7 i4 z U) _ | Name | Fingerprint |
/ a+ i7 S8 |+ j# r( E +-------+-------------------------------------------------+
# } x) I A. ?" [% q | mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |" g+ L6 H0 n( q* G% O( L# S
+-------+-------------------------------------------------+: h4 M) l9 [2 x6 d5 M4 y
7.5)添加安全组规则
1 ?6 v0 N% R6 ^6 V6 O root@openstack-controller1:~# openstack security group rule create --proto icmp default$ H& g, J- w r$ h `6 X
`开始ssh`2 ]( d5 _" G0 K; V5 B
root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default
. z) j; a4 k$ @+ s' q9 |3 M+ ~ ' U. d0 | j+ x2 b" v( W& T
root@openstack-controller1:~# openstack security group rule list/ U7 Q& v/ B: Y' H; \8 c# K0 I
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
* @* y/ b9 U9 S# r9 f8 ` | ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |
9 b0 u! h0 M4 t1 X1 @* v5 y# h +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+" u2 m* ~8 ~$ ?% ?% }2 S
| 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |/ F5 j+ G, f3 N$ _) J9 C
| b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 |# i) U( @/ G' [, {2 M; y
| 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- | ?3 x3 w* Y# L" }3 ?8 Z
7.6)在provider network启动实例
- u) p, O/ \! B' ~, Q0 ~+ A7.6.1)前期验证
& |& X! k6 S, s, K$ ~$ B `验证有没有虚拟机类型`* Z+ `0 T+ V- Q8 r
root@openstack-controller1:~# openstack flavor list
' [" a( q; G- ` u2 t2 J +----+---------+-----+------+-----------+-------+-----------+6 M" O3 g$ d0 Z% E
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |3 X( Y# v5 j/ n/ k
+----+---------+-----+------+-----------+-------+-----------+
) x+ G% ^4 \1 ?$ G | 0 | m1.nano | 64 | 1 | 0 | 1 | True |
% p' Y7 D: t$ x* a1 h +----+---------+-----+------+-----------+-------+-----------+
: f2 |) H l- Y# X
6 {3 ^, c2 e" [# V% a' { `验证有没有镜像`$ @ D; `, Y5 d
root@openstack-controller1:~# openstack image list* n$ I. B( _, l) V; Q' y
+--------------------------------------+--------------+--------+
( E) A; O) J! ^' |2 o& Q- \+ V | ID | Name | Status |
% l2 Y% O; e4 Q( F +--------------------------------------+--------------+--------+$ e6 L' P/ i# ^3 [- r
| 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |
; v" Y/ [( ~) Z& Z +--------------------------------------+--------------+--------+! ^4 J: p5 N0 u* t. H
" D: k3 z0 [. V3 V `验证有没有网络`
6 `7 |- J' V% P8 ~9 ]; r8 E root@openstack-controller1:~# openstack network list
5 ^1 I% ^1 B, T ] +--------------------------------------+--------------+--------------------------------------+
; \+ v9 j7 Z* w- `/ x7 x) X | ID | Name | Subnets |/ C: ~8 }% L1 w n$ i. l' j: r: P
+--------------------------------------+--------------+--------------------------------------+5 }: b, Y3 I# i' v6 ]
| 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |
! ~9 u9 F0 \4 n9 ` +--------------------------------------+--------------+--------------------------------------+
1 P$ x' @$ U, v
7 v" g! a+ a6 b& M! K `验证有没有安全组`) ]" q7 |# a" `6 G3 s( v# z) a
root@openstack-controller1:~# openstack security group list) Z: S. n q6 ^4 Z& X# i
+--------------------------------------+---------+------------------------+----------------------------------+------+
1 ~! g1 Q, e6 J+ ]) I | ID | Name | Description | Project | Tags |
! I( C7 m! C$ t6 a2 y +--------------------------------------+---------+------------------------+----------------------------------+------+
/ C! W6 `2 h1 T, c+ z/ \* p( [ | f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] |4 d6 l5 x: V. G+ W5 K- p- \
-+/ W9 w I4 l; z
7.6.2)创建虚拟机1 C# ]% T& B8 n& {4 L; s1 z9 V
[root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \( A7 t- [0 b- [) R
--nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \
% S, ]; k( W' m( {$ p4 g --key-name mykey linux-stj-1
; U2 u* S8 S( q1 A7 H( `0 X #################################参数解释#######################################
: ]$ A$ R4 E9 p* U* @4 f ###m1.nano:为虚拟机类型;
& ?3 K" B9 L* e2 x5 {1 R. }* f ###cirros-0.4.0:为镜像;
$ Z* y( T2 @6 r# W4 ], c$ I ###net-id=[网络ID=openstack network list列出来的ID];
' V/ |3 f8 w$ k% B ###mykey:为ssh密钥对;* i: {6 [1 _7 q v+ A4 }3 T7 E
###default为默认的安全组;# |2 @. k( \$ u' C a
###linux-stj为虚拟机名称
0 S6 K2 _6 E- Q, m #############################################################################5 W# @* l9 C c
openstack server create --flavor 1c-1g-10g --image centos7.9 \1 c5 H8 [# g: T& ^
--nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \
( U: ~1 O/ `& Q- s- V --key-name mykey centos-stj-1
8 @7 r! X* t1 w- y+ M7.6.3)验证虚拟机状态0 i9 F+ a, a9 Z2 s: S9 J
root@openstack-controller1:~# openstack server list
. w+ u3 U- N2 F/ u9 a1 s* I! j +--------------------------------------+-------------+--------+------------------------------+--------------+---------+
1 L1 H4 X. ^' B* Y ^. U8 s! z | ID | Name | Status | Networks | Image | Flavor |6 j3 A! M7 y$ [
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
! q7 i" q- G; H5 \0 }: f% K, z | 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano |/ s; [% b& Q0 v
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
+ w7 N% b7 T* N& q# @1 O # 加一条默认路由( V$ g( ^3 ]6 c( D7 o0 ^" g7 x
root@openstack-node1:~# ip route add default via 192.168.139.2$ X9 G3 N8 t1 K% h1 }
root@openstack-controller1:~# ip route add default via 192.168.139.2( p% ?) O% J! Q# u0 {
###一定要拿到IP地址 external-nat=*****- m7 B% R# S! E$ b( X' ^
[root@openstack-controller1 ~]# ping 192.168.139.140: N3 C& W& ^# S4 `
PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.
. g+ s6 @- P( l' P) F% O' U 64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms0 Y! J2 J N8 I! }# q: G% h0 o( o
7.6.4)使用虚拟控制台访问实例
& Z- s: o5 Z5 V; m% T [root@openstack-controller1 ~]# openstack console url show linux-stj-2' V" L" i# h/ k: [4 |
+-------+-----------------------------------------------------------------------------------------------------------+
9 F& X/ z- E2 T5 ~* a+ P( R | Field | Value |+ J& ~8 c- B! S0 }
+-------+-----------------------------------------------------------------------------------------------------------+
) W* y) d3 K% n2 C3 Q/ F | type | novnc |1 Z* ?+ A; p/ s* A
| url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |8 r7 Q1 Y1 N' D, a& Y3 L
+-------+-----------------------------------------------------------------------------------------------------------+
0 t/ Q( ^$ M7 Z( vimage-20241208195008663
) A3 a( P) b) n+ ?" e# W9 |) ~
3 O1 e& [2 K. P8 q' g+ i6 uimage-20231217134249953$ I2 A9 H* a( k7 T( S; Z) u
0 m# H" Y9 z( `# g# E
注意:如果你的访问出现下面这种情况
! Y$ E6 K# F4 b
F- V( ]5 r% h' himage-20231217135224898
5 ~& K+ J; K* d4 e5 G( @0 m' z: V% ~. J+ @) G3 S
解决办法:1 r* g C* r3 f: _! G' L2 A
% v6 P3 u: J7 y) e/ d [root@openstack-node1 ~]# virsh capabilities
. F0 u2 f1 r/ E: ~# e [root@openstack-node1 ~]# vim /etc/nova/nova.conf
" E5 B k# g. r: t # 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容6 \, N. C* ?5 k \) w9 r
hw_machine_type = x86_64=pc-i440fx-rhel7.2.0. U& S( F1 Q X9 M- W. r+ n( t
cpu_mode = host-passthrough+ D$ F; r+ O! v' C5 S( T( @
`重启nova`. J: ~) y- g% v1 t6 a
[root@openstack-node1 ~]# bash restart-nova.sh
% D! R& B: A& E+ L( t" G8 t ######理论上还用重启openstack对应你要访问的虚拟机#######1 s. G+ X) J; C7 k, u6 E8 O1 t
如果没有出现上面的问题则不用修改nova配置文件操作: k+ J" a3 D8 S8 |9 \7 H/ T
0 d: q+ ^) Q2 G# D1 ~$ e F5 c: t% Y
: G" B/ W3 z5 f1 E' U; {8)安装-dashboard. e1 W8 I1 u% ]; D( f2 t7 P3 g/ C
8.1)下载dashboard4 R f4 y2 b, e' U2 E$ S; y; `
root@openstack-controller1:~# apt -y install openstack-dashboard
) Y- w, k& d% B! o4 ?- B. r8.2)修改配置文件-local_settings& p" y/ Q+ A) Q& _
root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py
Y; ?3 [" i/ w' F2 `8 s # 23行 添加
$ s. p& ?4 j; h' \ WEBROOT='/horizon/'4 o" @6 p$ o. O) D7 ^
1 X' Z8 `2 {/ b: |
# 125行 修改: S, z1 ^5 z) u" H4 m5 Q
OPENSTACK_HOST = "openstack-vip.stangj.local"
0 s5 R6 E- _3 u1 } OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST8 O2 x- S- ?, j2 r* [! h
5 C6 L" S7 `, k, N. K& F # 39行 修改
( `5 z( a/ w( _( \" D ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']/ N' b% r* \2 B- X2 ?) D( h. q; ~
% m- d) l! y7 a& p7 H% c$ A # 105行 添加/ O( o! i$ T7 a7 F! K% Q4 m& ^3 f
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
3 N6 l7 b: V; Y* ?/ c# F8 A CACHES = {6 ]% r" Z; m7 D0 U* t) c
'default': {
V$ p* v' Z, s& c0 w 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',
) \8 j# B7 M! [2 P 'LOCATION': 'openstack-vip.stangj.local:11211'," L& J. S4 [1 h- l% S
}
: M* U) w5 w' w2 ? }( d+ W7 [! u2 @& D# N
( g3 `2 A8 t! E6 a3 P) O ]! m; @6 C # 127行 添加
7 N' P( _4 H; Y( I1 v OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True5 e2 {# u* d: @) M; x( z
; \, m7 t7 ?9 H! z4 {3 y) U # 128行 添加) i% s w) f# b4 ]8 g. j
OPENSTACK_API_VERSIONS = {
2 L$ D+ z: r- N6 [+ b& d "identity": 3,/ ~7 u# {5 s3 x: H% v+ K
"image": 2,
0 ~, j: [3 J1 J7 C& r/ H; I "volume": 3,1 x3 g* m* r, Y5 J
}
1 H7 a; ?6 J0 N) \+ V8 ^9 K
# O0 E7 ^' b+ H # 133行 添加
2 }0 f I6 P# D* M OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
. j- H U# B, _+ p & N7 B6 E$ Y' O
# 134行 添加& M- Q+ ]: V% T
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"/ A g7 g% B/ ~0 f! d* M; j
7 [0 Y8 t3 z8 H # 138行 对照修改,把True全部改为False
' q \1 ]; ~5 `! f OPENSTACK_NEUTRON_NETWORK = {
$ I# y' F$ @9 f, s, p( F8 y! } 'enable_auto_allocated_network': False,( o- o" m- g9 F0 y) a' c& ~0 ^, s
'enable_distributed_router': False,' u8 I- B R3 G$ h' t& ~
'enable_fip_topology_check': False,
( [9 W/ ]" r2 p; J 'enable_ha_router': False,
) X; b3 r- h5 y) n: t) C 'enable_ipv6': False,$ h0 _2 ~) A& z8 C
'enable_quotas': False,
/ o: W; N/ \# W9 y 'enable_rbac_policy': False,2 X& E3 f2 j+ r9 L+ d: M
'enable_router': False,
' R# m! Q7 ^3 F+ ^; ]# t }4 Z/ J% H8 i" l2 T2 n
# 161行 修改
. Y4 ?% V! i* G. V" g* K2 ? TIME_ZONE = "Asia/Shanghai"4 _+ F8 h9 h+ _3 V4 M/ l. t' j
8.3)修改haproxy
Y* W! U) @4 r1 q5 _* a [root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg
% I. W. K* k. R5 O; |/ n7 C. w5 J, D, m # 最后面添加下面内容
/ r8 t! w% U8 ?& W/ I+ B listen openstack-dashboard-806 }* j- ^( b0 U/ ~0 _' a
bind 192.168.139.248:80
! }& O% r% f, D; t mode tcp
# c4 F8 T" H/ Y server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 5
2 Y4 D' V! q( P" S% b! m* v, a [root@openstack-haproxy ~]# systemctl restart haproxy.service
3 s% Z9 A( g% f9 g# c [root@openstack-haproxy ~]# ss -tnl | grep 80
. s* H3 B" w$ W! P: o* ]$ \+ | LISTEN 0 128 192.168.139.248:6080 *:*
2 ^9 _ p! X, R) A LISTEN 0 128 192.168.139.248:80 *:* ( Y: }2 K e' @, L0 ?
8.4)修改配置文件-openstack-dashboard.conf1 }/ H$ [( B8 y! p/ `# x6 M
root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf6 b+ d2 l7 Q1 ?% j1 B% A
# 4行 添加
+ R3 \1 o' A8 d. {% ]! ]9 m WSGIApplicationGroup %{GLOBAL}, i$ f8 l/ c/ e3 D
8.5)重启动httpd
2 `5 ?2 N p. t% L root@openstack-controller1:~# systemctl restart apache2.service " s2 C, l* O0 D J, I2 v
8.6)访问dashboard页面7 a# N, w Y, i3 _3 O8 c
http://openstack-vip.stangj.local/horizon/
" K Y2 E0 z6 m. |6 K2 F6 M( m0 u8 E! F% U/ S) k9 E# M( T( R
|
|
发表于 2025-3-17 08:00:02