|
|
在正式部署之前,需要对每个节点做如下配置和检查:: U6 Q; d5 q' G& O7 w$ F) W. F. A
N: t! x0 C$ X% t# x配置 |openEuler 24.03 LTS SP1 官方 yum 源,需要启用 EPOL 软件仓以支持 OpenStack: O0 E0 o$ u" M$ v, m
8 w1 z7 z( t* W: C' y& r8 lyum update
# i! }3 N! p) m C) q Kyum install openstack-release-antelope% R( V- s" G3 N" }
yum clean all && yum makecache
, J i5 V* h, ~ y6 R& s( i注意:如果你的环境的YUM源没有启用EPOL,需要同时配置EPOL,确保EPOL已配置,如下所示。5 X A) I* M, E
' ~4 a3 k/ t- q7 o% b- o1 D
vi /etc/yum.repos.d/openEuler.repo
, n" H: } f! l& Z
7 Y2 M m6 W8 _7 e! q3 Y8 r; @[EPOL]$ S3 m. F2 f5 d* v
name=EPOL; F4 Y% c7 \& v( o6 a+ c
baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/
6 h7 g. ~, u7 @/ ]( wenabled=1
8 g8 Q$ q* ?) V8 m Ogpgcheck=1( C8 j7 x9 ^1 g) e* `4 p
gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler0 L$ `3 M f2 v
}8 E1 }9 ?6 R& o; e: Z2 ~- f
0 ^$ h* |2 }. }+ M; p n O修改主机名以及映射- O' Y1 m7 r5 u' I g
4 D( p9 ?5 T: c. O. U
每个节点分别修改主机名,以controller为例:
; [4 Y# i" ~/ m4 ]2 a& l
# G# c% D1 W% r; l5 U/ ~. Zhostnamectl set-hostname controller
8 u' C! r/ d% K5 G7 F. g! Y5 F* H6 m7 L
vi /etc/hostname
- n/ A3 ?* c9 R& a内容修改为controller& u) u& B; o: `. R1 f$ P
然后修改每个节点的/etc/hosts文件,新增如下内容:9 S9 M3 ^2 u* W- E7 K. m
V" V2 C" }( S, ~
192.168.16.2 controller
0 n1 T' H `$ y% r192.168.16.3 compute18 r0 y4 C: Z! Z/ U
192.168.16.4 compute2
3 [5 Q: J+ {# H时钟同步¶ \1 F3 b3 ]2 R
集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证。本文使用chrony软件。步骤如下:! K2 E: a4 l" y) P) `
; A! S1 C# \& ~( M9 Z: l: s8 P! T
Controller节点:
- _; b! f' E5 W, B& K
% Y" h5 N1 I7 n& F1 X$ ~" ]安装服务/ R2 w/ y0 N. v
dnf install chrony
! s( C- y7 x2 g; A' B8 K" n' E; ^修改/etc/chrony.conf配置文件,新增一行" ^9 F, s7 u! R& N
# 表示允许哪些IP从本节点同步时钟- w, a' }& Q" R- V) K3 G7 W
allow 192.168.16.0/24
( Z M" z3 A C5 P2 B; ~! n: P重启服务% m& L: k) ?# b' U
systemctl restart chronyd$ n8 W; n5 P3 [/ L8 L7 t9 Y
其他节点
/ _0 H5 r5 R. y# J7 B$ X# T4 f) X& H; h) E% _3 p" h) L) |- x
安装服务
& a7 R9 ^" f, k6 o5 e* r
) k8 ]. v+ T# P4 Z1 l6 ?3 Bdnf install chrony' F6 B% ?- J, i/ F5 G. ~
修改/etc/chrony.conf配置文件,新增一行3 }) K8 {/ [% C4 l) u& h# S
; N, X) b) \' d# NTP_SERVER是controller IP,表示从这个机器获取时间,这里我们填192.168.16.2,或者在`/etc/hosts`里配置好的controller名字即可。
) k" O- z; y% e6 d; d. Lserver controller iburst . g$ e0 d" y' ?' V( B/ K
同时,要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。
, d$ G* ~2 E4 \2 p4 ]
9 J' D2 ^$ r. h% H1 W) A. r0 P重启服务
8 \4 S8 b7 {+ A. u4 h; m- _$ c0 D4 J0 S# R
systemctl restart chronyd3 U( M$ z4 ], [5 t
配置完成后,检查一下结果,在其他非controller节点执行chronyc sources,返回结果类似如下内容,表示成功从controller同步时钟。
. a; a. U: q* y6 P' z
( `9 G1 d4 i% {( J% X. pMS Name/IP address Stratum Poll Reach LastRx Last sample; V1 w0 u0 y9 w$ u C$ [( h
===============================================================================: k7 P, E5 `* m* ]0 |8 ^0 _/ ~
^* 192.168.16.2 4 6 7 0 -1406ns[ +55us] +/- 16ms! Q. J1 ?/ n0 T9 z* n& L N
安装数据库¶
" Y9 Y2 f& ~3 j. o数据库安装在控制节点,这里推荐使用mariadb。
& N; k) F3 K# b D' i
- L9 T8 X* A' F, y安装软件包
7 ^2 D/ S/ J* |: W2 u9 b* }' ?/ E+ u8 m$ q$ ]+ \% B
dnf install mysql-config mariadb mariadb-server python3-PyMySQL, J. z: x; f# g6 q* D, W
新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下* S- ?3 M) ~* g" J8 M
* M0 s( B( x: h' p
[mysqld]
$ G) J/ z2 Y& n4 N: r& F. R+ rbind-address = 192.168.16.2" g D" A% R/ D4 M1 m
default-storage-engine = innodb
, l: C2 b1 j8 k2 R5 sinnodb_file_per_table = on
0 n% x ]) M, L) t6 u, ]max_connections = 4096
$ U3 M7 X( F4 \collation-server = utf8_general_ci
9 o5 v# o/ M7 X7 ]% b. Gcharacter-set-server = utf8
4 v4 P, K# {8 S2 i7 i( G8 Y启动服务器7 J( [2 k, B( B( |
# p s- m l' U. P/ d7 ^systemctl start mariadb
$ N3 f3 Q% E1 u" f: m( \7 S }初始化数据库,根据提示进行即可; k/ _* w9 |! s, n3 p
1 A5 B: v$ d) k# @$ _' D
mysql_secure_installation
) c4 N: w. O8 G/ k" I0 ]示例如下:
+ r" R1 _( f# A% @& ]- P: \% o1 F3 h: P8 X
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB( F. S! G# G; F4 r4 M
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! z- N4 U( S3 I1 E0 c9 O8 y% S" z
" ~4 e* { l2 p; \* r5 l" @In order to log into MariaDB to secure it, we'll need the current
2 p, [) U2 g* ^+ k3 [5 fpassword for the root user. If you've just installed MariaDB, and6 g: q! H- a" F& f* {4 z
haven't set the root password yet, you should just press enter here.
# h0 y. G5 r. U7 K5 E% k7 q7 a: f1 a4 V% \: T
Enter current password for root (enter for none):
$ N5 D* t h8 h- |% {
; z# F% l6 `/ B#这里输入密码,由于我们是初始化DB,直接回车就行1 g8 H5 |# l6 @
/ J4 ^% } ?0 Q; ]" m4 }3 x0 sOK, successfully used password, moving on...
( g7 Z& L: N1 F# U R# A
) q# c/ }* ~3 h6 \: M9 @! \ S) qSetting the root password or using the unix_socket ensures that nobody5 p Q% h3 ]+ l0 }! k
can log into the MariaDB root user without the proper authorisation./ S7 U* I5 u5 u5 l$ Z0 q4 Q7 w
* `! F" [4 W/ c& |, Z+ N' {' zYou already have your root account protected, so you can safely answer 'n'.! e3 G& L& a+ C! u# ~ F1 D& U/ w! T
: R T9 D4 S) M6 ^( w/ P
# 这里根据提示输入N* R; @ c1 L9 o' T2 F( M
) [0 ^/ [- v6 hSwitch to unix_socket authentication [Y/n] N
( _3 t- S7 E3 G/ o$ U" Q- |" @" d& @0 s5 X, K# p" Z
Enabled successfully!1 c$ a5 Q" @4 y/ p0 W, o0 ^0 K
Reloading privilege tables.., i3 N. M! e) K* U
... Success!; E7 b" T8 l8 M6 s: i& D
$ X: ~* F, Y/ e
% j& A/ f# O; Y2 C2 N
You already have your root account protected, so you can safely answer 'n'.
* C R% V4 F5 e3 Q- R
" k* x; ^. @* s4 @% |# 输入Y,修改密码
8 n+ a3 E+ R) Z% p/ N
7 h# ^1 d V" o2 R2 @; rChange the root password? [Y/n] Y: T. [- d9 H n I# A! V
# Q" b& Z1 l' o: {0 ] U4 S
New password: ) k, s" v" n& Z/ G N; X3 @
Re-enter new password:
6 I! Z: ^/ n3 |Password updated successfully!: J1 |1 k# o/ j+ e, F
Reloading privilege tables..
& r7 q) U4 p1 ~4 c0 U... Success!
6 k; C( _& Z$ h* i
0 O6 M$ I- ?9 @$ M+ P. ~6 k G3 g4 c- a9 _) t1 e4 W1 }
By default, a MariaDB installation has an anonymous user, allowing anyone3 i" z8 L8 ?1 X _
to log into MariaDB without having to have a user account created for; [9 A4 L2 F. }! M q) k3 i
them. This is intended only for testing, and to make the installation
; J' I$ G4 B1 V$ Z2 N9 z+ ngo a bit smoother. You should remove them before moving into a
% s- k( I# n d1 z9 s* `% Xproduction environment.
) Y3 i% x" Y4 N# T0 {! G& |3 I, ?3 U F
. n4 d+ H, S7 B* p/ u# S+ C" J. m# 输入Y,删除匿名用户) u9 O8 f$ d; @4 k6 ]
/ I/ J( a" p( ]4 @+ aRemove anonymous users? [Y/n] Y. a2 s, o3 Y- q7 }4 J7 f
... Success!
1 H8 u! ?4 X* V5 y5 U
7 l8 s0 D+ k: ^& FNormally, root should only be allowed to connect from 'localhost'. This
% B7 k' x' `+ O+ p% r5 i2 mensures that someone cannot guess at the root password from the network.
0 g3 R/ |3 o$ |' \! l" s
% M4 ^' g3 h+ p5 u# 输入Y,关闭root远程登录权限$ n' W* ?% I+ q" Z
) b" ^. [% d5 \Disallow root login remotely? [Y/n] Y
' r3 Q' T+ w, @. R7 a7 b... Success!% N) a" M9 z6 P. _) }, `% q* J
" H L$ D1 x1 D: J9 }+ l$ s
By default, MariaDB comes with a database named 'test' that anyone can4 }2 [4 x/ A8 Y4 f% a7 E% o
access. This is also intended only for testing, and should be removed
3 ~; x9 I1 s$ A# x% K1 `before moving into a production environment.% p; G( x) c) i4 k. u$ H. L# s
1 D- W! f5 `$ r8 \& }# 输入Y,删除test数据库5 J& m+ b" X5 x$ A/ U
. k8 D( U+ o/ n9 ZRemove test database and access to it? [Y/n] Y9 A8 {% w, C: X- I
- Dropping test database...$ A& z1 g" k2 d6 ^* e2 Q7 O
... Success!* r) ~ M. {- L8 g: K- L) \$ Z
- Removing privileges on test database...
2 ^ }/ b, e1 _- m3 H... Success!
6 B+ s9 C- e, ]3 K1 H. m" I) U7 \ A# U1 U# A$ P) S; \
Reloading the privilege tables will ensure that all changes made so far
3 x' H) F* u2 S6 s; |will take effect immediately.
: k5 R/ h1 s+ h3 F6 f+ t5 I6 P. }* _0 S9 Z' Z/ m
# 输入Y,重载配置
) N n" p) e. m9 E3 e
7 x1 {4 ` P: T. k- L) pReload privilege tables now? [Y/n] Y
& d2 U$ | X0 ~) k) x) f( @, T... Success!
9 m. P7 L& B- E+ ]; R K% d6 z6 N8 j* o q
Cleaning up...4 [1 c9 }: z( O# z+ }
: T1 z$ Q M8 G
All done! If you've completed all of the above steps, your MariaDB
; B3 d( r2 l( \1 }. finstallation should now be secure.
: H; _3 J( R+ P) j. y验证,根据第四步设置的密码,检查是否能登录mariadb
' R5 I ]+ x9 v, `. y" \ e# J2 x
1 Y2 X. J8 N$ ~/ W; h% K0 Z7 Pmysql -uroot -p
+ u# B/ ]9 k; r即可直接登录数据库" @; {5 O! T( O' L8 W
. v1 Y( Q9 e+ n Z5 ^& Y6 o
安装消息队列¶
+ x2 P) i' k3 b% ?6 ^7 w; q6 ^消息队列安装在控制节点,这里推荐使用rabbitmq。
& i+ J% Z& w* ^6 {8 z U% d* _% C4 A9 F. i' x
安装软件包, w/ O& ^2 P6 X. ?3 I! d
dnf install rabbitmq-server
9 i; d) h! b+ M* i: j+ I启动服务& a. }( }: r+ s* Q; v; {
systemctl start rabbitmq-server% z" F8 i* d* a1 G
配置openstack用户,RABBIT_PASS是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。- `. m5 m! A# ]4 R+ L
rabbitmqctl add_user openstack RABBIT_PASS
$ \: P1 s9 T; f- t, erabbitmqctl set_permissions openstack ".*" ".*" ".*"3 x/ w' a1 Z6 ^& ?! v, B* }' n
安装缓存服务¶
! E5 S9 t' R* A# Z消息队列安装在控制节点,这里推荐使用Memcached。
1 e s/ U# c# B9 y2 p) b- Y" W; r$ {5 T2 x: i# w; w( X5 D2 I
安装软件包
; Y0 R. U8 ~* S1 Idnf install memcached python3-memcached1 ?% `0 d, Q9 @8 L+ @
修改配置文件/etc/sysconfig/memcached0 y! K7 B0 y; N' B, W. R( f
OPTIONS="-l 0.0.0.0,::1,controller"
; m, H: ]" @! @: S启动服务
/ t" ^/ P) j" K3 D* l/ v7 Psystemctl start memcached; z4 L4 Q) j9 e2 O) ^ q
部署服务¶
% t% O" y+ A D; n8 fKeystone¶& `" d2 Q$ u! }2 `( p
Keystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。
1 d- G7 p4 \ f9 A' }7 r
0 k% o! e k4 |/ g! q创建 keystone 数据库并授权: Q1 N5 P( m5 l0 o* P! G2 r
% L- Q& Y$ K! B, omysql -u root -p
; P* l% l5 F1 Y+ Z N) ^. e1 C" w2 ^4 G4 f
MariaDB [(none)]> CREATE DATABASE keystone;
" q* z3 X, c3 E! s" ]$ g% N, m5 P, U* iMariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
8 s0 V$ J+ U$ r7 tIDENTIFIED BY 'KEYSTONE_DBPASS';
/ Z' Q% A4 x N# @. ^, pMariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
& q6 G# \5 y9 Q5 |7 yIDENTIFIED BY 'KEYSTONE_DBPASS';- e" Z) L6 b9 ~- R0 j; N! D8 Y' K
MariaDB [(none)]> exit
4 p! N5 m) |* [- l2 j+ f, E9 m: @" Z注意
9 Z4 b( O2 A8 i" Q0 R1 k3 u9 d/ @
! I/ L' C& l/ \8 ~2 H替换 KEYSTONE_DBPASS,为 Keystone 数据库设置的密码 (一般可用opessl 或者uuidgen方式生产复杂密码)
. r- O* w' ]# a& F" Z% F3 u7 t, }3 S$ c
安装软件包
& h7 n" m( z7 [+ q5 ~+ B x& s/ J7 C$ _
dnf install openstack-keystone httpd mod_wsgi # y# \. N) W8 o5 C( T @" F2 M! s
配置keystone相关配置
3 M; a, u' J! F: g, Q# l" e+ [- I- M$ g3 G
vim /etc/keystone/keystone.conf
z |( A1 @1 T d# r2 B
: L% N! n5 ?6 X8 |; J4 ^[database]& P& ~3 U+ C: \& W0 m
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
4 Y7 y4 w7 ]* p: I1 A
8 \1 F2 u; Y8 v5 w[token]. x% u& g$ R; m( Q1 @2 e3 [7 k6 d9 I" i9 z
provider = fernet( r1 |# l5 |: U8 `0 ^$ X6 t& ^
m, i2 \8 K/ G# a Z5 z1 b: b
$ `% J, X/ G; x$ v4 q% x* g解释
) e+ d- L" R0 T. R- ?/ l0 ? \$ ^& I4 G
[database]+ C$ [4 B" o' N* t! ]
部分,配置数据库入口# V, ]6 V5 f4 N) o3 M
6 V2 ]/ ~1 d2 h* i. C- {& e: z
[token]
. U( P, I) M7 }: U" K部分,配置token provider3 |9 R0 ~% [+ d
& L& q: l$ h. V8 X. f* [: u% P N/ f6 ]6 ^1 R0 i* c! z
同步keystone数据库/ x; g# E2 m4 f' e& C8 ?
4 ?* B: J. P. }& t' u' o
su -s /bin/sh -c "keystone-manage db_sync" keystone
3 T; d3 ?% A5 t+ s6 w
# J5 V9 R; A* p, Q/ A8 _初始化Fernet密钥仓库0 J ` l7 g' ?! L! |2 p3 a
$ w* R- |5 [* s8 u( b$ L v
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone6 Y6 |& L- F1 Y8 l, D
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
0 c1 {% t% }" A) G$ L7 {, c& \
8 U* O8 F/ l: _, ^% l% b启动服务
# s- G+ N1 I, `4 R5 ^这两种方式都可以:
]3 S. t' |- C( Z7 Akeystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne$ T2 z' q) |$ t/ U9 x4 S" k
+ B+ l& _9 q5 [
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000 --bootstrap-internal-url http://controller:5000 --bootstrap-public-url http://controller:5000 --bootstrap-region-id RegionOne
0 l) w, V6 i! N9 g3 F注意
0 i( E3 w% p2 f; L2 A3 G( w& a% W. c3 t! W1 @
替换 ADMIN_PASS,为 admin 用户设置密码
6 H( C7 k" H9 A0 r- B5 }9 ]' a1 ~. B. G
配置Apache HTTP server0 ^' R: d+ u; u' ?. ]6 j& u" x
/ @1 Y0 M6 X# K3 G, O
打开httpd.conf并配置
8 e' w/ C% D6 l! D
0 x6 q- ^6 s! y7 I% I* u6 S#需要修改的配置文件路径
( j% |/ ^. M7 L( ^9 b: C$ f/ Tvim /etc/httpd/conf/httpd.conf4 ]" j% Z1 E( a8 ~- A
. w' |/ a& E( W9 R
#修改以下项,如果没有则新添加
y' ^2 `$ l' K& gServerName controller2 z, D! Z0 X) {* x
创建软链接3 w5 ]0 o Q/ w4 K0 D/ h% x
# L! T& I8 h& _$ y) }2 s4 G, V2 Hln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
! Z/ l/ z2 m8 }, q. N解释
! S' I; g; W% _0 _1 s$ @4 O( u0 Y$ a
& M8 [* k0 n* N3 F配置 ServerName 项引用控制节点5 E! h3 {% _( G* B
1 e& I; z7 ~ F7 [5 H
注意 如果 ServerName 项不存在则需要创建4 J1 G) J5 B2 X; u
# r4 f( t% t- R3 T- d启动Apache HTTP服务
" r( J9 i' n- d+ h. o) q9 X
6 o/ J9 j/ Q9 E0 l; X: Y5 Msystemctl enable httpd.service
+ X8 {/ P$ [( O+ @' S4 X/ [+ Gsystemctl start httpd.service
& v; d+ x- B( _2 x) y8 @创建环境变量配置$ X9 H( O! f& r3 | Q# U" `
4 e9 @3 G. X/ K/ a! x: e" |/ |& V- k
cat << EOF >> .admin-openrc" `/ K4 R2 Z+ H
export OS_PROJECT_DOMAIN_NAME=Default
0 S f/ i* ]! p0 S8 Hexport OS_USER_DOMAIN_NAME=Default
& `: X6 ]1 s! e4 p# c) P/ Wexport OS_PROJECT_NAME=admin
1 X0 }1 V5 W9 f( O3 T" B3 ^export OS_USERNAME=admin3 q, C$ \! ?# X2 w% d, E' J# E
export OS_PASSWORD=ADMIN_PASS/ \3 V; D. V! L) l/ j8 r( b+ G
export OS_AUTH_URL=http://controller:5000/v3
# l z8 d# ?4 G( z( P% D# n: zexport OS_IDENTITY_API_VERSION=3) m! y8 i, }3 X
export OS_IMAGE_API_VERSION=2
9 z5 A* w) n! Y6 q2 W7 ^3 @EOF
8 H1 D6 ^4 z9 n8 }9 V5 m: r" y# A7 x" {3 Y9 d4 p
注意
6 J6 I, E% t' c$ E! L; [9 K- n7 a) y5 x
替换 ADMIN_PASS 为 admin 用户的密码
# O% q( a: G2 e. w. D/ y9 _
0 D9 r7 U8 M: |6 M) B- T! p依次创建domain, projects, users, roles
' ]2 j; |* M8 y" y/ D- r/ }0 j* @$ P1 {
/ d2 t3 b8 [* X, S0 O$ K; }
需要先安装python3-openstackclient
' [7 i' s' i1 L2 [+ W. F8 b+ V
' U: K! \- T( f4 g- N& J; b9 Z% Xdnf install python3-openstackclient
% k; }" e7 R$ y4 t. m8 h6 r+ z v8 e0 O" Q( |8 \# S6 I! R V* k
导入环境变量- B+ o5 J6 _; j& f p, t6 y
2 c: H0 t0 f, q- Z" x5 [: U" Z w6 N- Fsource ~/.admin-openrc
; C- v4 _2 t% s, e" b创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建2 a) y! ? U) ?3 R h& r
# X0 W/ E+ n' u# aopenstack domain create --description "An Example Domain" example
q4 N I2 f" C) L: g, G% x* y9 o
6 P( p2 ~# S8 h* v2 g3 o2 popenstack project create --domain default --description "Service Project" service8 U- x; T) |/ {+ V, U( D1 e0 s
1 Y" G# G$ {; h ^% z
创建(non-admin)project myproject,user myuser 和 role myrole,为 myproject 和 myuser 添加角色myrole# Y9 J$ d! y' L% U% K9 n; R
/ d% B9 [4 z% F& q5 C( m+ L( Fopenstack project create --domain default --description "Demo Project" demo
8 P6 E) n* q: [, a9 X2 M7 [3 T" }1 y, ?' ^) j! J7 Y6 g
openstack user create --domain default --password-prompt demo( r3 S; ^. b2 _! `3 u# F y! M
openstack role create demo
% a$ F$ u6 [% f; @ p; vopenstack role add --project admin --user demo demo3 W, V6 O4 s& H: Z
验证/ | t2 Z- a5 O, o9 ~8 [3 z* x
, c4 s; B& K; P% K取消临时环境变量OS_AUTH_URL和OS_PASSWORD:
: t+ v: v7 F S: Z
9 [' Z& \/ O! H4 E* E* f( D' t" ?source .admin-openrc4 y! a I# E* D7 P& L4 y
unset OS_AUTH_URL OS_PASSWORD
7 ^ }7 a3 ?. `' K* ?" w$ S+ C! [为admin用户请求token:# G, Y* U2 q3 b; ?1 `: Z$ n
4 p5 e% I, p) @1 n/ yopenstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
, |) I8 J8 }: k# b, {6 E( r X; T, c S2 ~% P% O
为myuser用户请求token:
& }' B* j }( P5 v: u( @: J$ G5 z6 [9 ~
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue7 y$ x3 c, e) }5 Z( o
; F6 N! W. I! A2 v安装Glance¶1 X/ E& p) [& T2 V* c
Glance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。
3 s: L5 Q e4 `* B
$ L! S- P* c3 j Z8 G9 y, VController节点:/ A, r& G9 P- ?6 h z# y/ h
4 v0 E2 C) z* v8 s# K创建 glance 数据库并授权
M4 Z0 c0 z1 H( T6 T) C9 e- Z, F- t* H" j
mysql -u root -p
8 c5 a; h$ e2 d; {: R8 a- k
: X' w3 L7 Q4 K6 @, b8 [2 aMariaDB [(none)]> CREATE DATABASE glance;
% O6 ~: \* S. x" Y% g. d* yMariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \ E0 O! i& t9 C, K4 v/ b1 o. p
IDENTIFIED BY 'GLANCE_DBPASS';+ Z4 Q0 z3 w8 q- Q G; i
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \8 `" B$ Z4 P7 }& s7 z! [5 _
IDENTIFIED BY 'GLANCE_DBPASS';
3 K9 h. L$ ~/ [3 Z+ x! @MariaDB [(none)]> exit
5 X! G Q, Z' K注意:1 b8 y, s# ~% R! Q2 A+ W
/ g: I* s8 x- L6 r1 [( y- t
替换 GLANCE_DBPASS,为 glance 数据库设置密码# e8 `3 |. K4 s( w5 n
" Y2 Y7 | d; \0 P) R0 b
初始化 glance 资源对象
C) j2 s$ z4 g7 J1 T% M1 H
4 _9 p4 C1 V3 n" Z2 ~& C导入环境变量
, ~( O/ d# h( x2 R
! @8 k2 n7 J1 t- x) \* k4 `source ~/.admin-openrc& ]& l/ v) x. A% e( C! X5 `
创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到GLANCE_PASS的地方替换成该密码即可。* i3 U$ V0 O/ Y X. [8 `5 M3 r7 ?
y: a- `# I# [
openstack user create --domain default --password-prompt glance# h: r* m" n q' t0 b& i
User Password:9 R7 ~1 Z6 n2 A6 S% N' d
Repeat User Password:
; v! V _ ?; x( N, h) l, E4 ?* c添加glance用户到service project并指定admin角色:
* i3 S' t) t% m4 C: U) m
u W8 I5 b& f1 R4 n8 uopenstack role add --project service --user glance admin0 w: V* f9 F% L4 u0 v
创建glance服务实体:9 R. L# f5 k; }. D e( ^) x" T
! A- s" v8 u& _' Popenstack service create --name glance --description "OpenStack Image" image
2 |$ [) w( r2 T. V( h8 @创建glance API服务:- |) D: t$ z- z8 a9 ^% F
& R- Y) G" t$ k4 B6 qopenstack endpoint create --region RegionOne image public http://controller:9292% m) F# w/ b5 y1 l: e
openstack endpoint create --region RegionOne image internal http://controller:9292( n$ D( g8 R! F; R
openstack endpoint create --region RegionOne image admin http://controller:9292' q% g" w1 p: o& _$ J! `- Y
安装软件包$ Q+ ?& ~& F- o5 G9 X7 F
* l. u% G: `2 D8 v' Zdnf install openstack-glance; C. \9 o) O9 l5 w
修改 glance 配置文件0 c2 `4 }6 v4 V8 Z
$ n) }8 N3 ?3 |- Z* tvim /etc/glance/glance-api.conf
# |2 m( T r+ D0 Q ^, z6 O# r
[database]
% v9 u# g$ _+ V" f, Rconnection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
, A0 W+ A: E4 C$ m6 g, T5 V7 `# G& u
[keystone_authtoken]
- y6 Q6 _0 r' \* h! `: e4 Vwww_authenticate_uri = http://controller:5000
2 d: D* G. N& `: l D5 E. ]auth_url = http://controller:5000+ o$ F' H1 y1 u" J; H9 x+ N
memcached_servers = controller:112119 z6 R# r" C) v4 n( Q+ i
auth_type = password
1 O j) h) T& c0 {$ I' j4 T: l) @project_domain_name = Default! j# a* j, R6 p$ q& x) `3 _
user_domain_name = Default! w- n4 x* s m, ?
project_name = service% O% E! K" e% A0 o; p A
username = glance+ w& O0 |, P! y8 u
password = GLANCE_PASS
! X ]* }% D+ g( T4 V ?' S- G6 b* g n9 c0 D) i9 ]9 }* `7 h
[paste_deploy]
, V. ^! _+ S: |) d- }; e, Y+ ]flavor = keystone
5 s% S. Z6 I. f; B2 P6 ~1 `2 x! V3 Y0 U9 s% T# j
[glance_store]
3 R' k( h2 k- ^stores = file,http
1 m" |& e v; E! m# Z; `default_store = file+ Z! |0 i4 Z: b2 J& O" C
filesystem_store_datadir = /var/lib/glance/images/% c. x% d5 j: I) ]2 b+ \
解释:
1 `& y! @+ A1 g" A z0 s- V0 F5 d$ `7 N/ o1 u
[database]部分,配置数据库入口8 P6 ~8 s) E- x7 u3 S( g u) D
( p# V/ y$ J D2 B( u, [; U[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
9 h6 L( C" {1 d
% t) I; E0 b+ a9 J' y& e[glance_store]部分,配置本地文件系统存储和镜像文件的位置
$ F) z' C& I, ^# g" E; ~3 p& P+ h7 _, s7 M4 C) e, d
同步数据库
6 [2 j0 q1 F0 c7 G% }2 ~# ? ~3 Q# d" u- {5 \! a: E
su -s /bin/sh -c "glance-manage db_sync" glance
, B9 n' {* s8 A" A4 G) \7 U" A7 _启动服务:
u% M8 i+ s; c" g8 z! q
& g7 e& u. V- ?" \% [# o1 X' zsystemctl enable openstack-glance-api.service
/ ~, |3 ^/ ]/ T5 h; i csystemctl start openstack-glance-api.service
7 S8 F H5 {- R% I1 r) P- f验证2 J$ a. D$ B! N1 X/ o6 G
( ^# `$ G- l2 x# j3 J5 U/ Y导入环境变量& [) U. ?, u: i3 `) [
; R/ C. o8 l/ L0 H4 R% n1 X
sorce .admin-openrcu2 |# z4 {+ q& k5 m- y' D7 O6 n, N
下载镜像$ \- L, V. v8 I$ y% L/ D
# Z4 D. o, _& ?% Q/ g
x86镜像下载:5 G6 H. Q$ c/ Y; b3 f# p
wget http://download.cirros-cloud.net ... 5.2-x86_64-disk.img
* c+ b: p3 l' L" c; f5 u0 x+ h3 }) X2 q6 v
arm镜像下载:
8 U, V( G; o$ @# B1 c. Bwget http://download.cirros-cloud.net ... .2-aarch64-disk.img
$ P: A3 w, M+ V6 }1 K4 A/ R% f3 Q注意; n6 p1 |5 }& I- l5 C: A! H
`% i& R3 g7 s6 O( Y
如果您使用的环境是鲲鹏架构,请下载aarch64版本的镜像;已对镜像cirros-0.5.2-aarch64-disk.img进行测试。/ O% b1 B7 A: w7 k
' L! ?* Q u8 N; K) L, C向Image服务上传镜像:5 R8 q3 _- Z6 i% m# V i3 k
4 s1 e. ^: x, s6 G" o9 _
openstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.2-x86_64-disk.img --public cirros8 w1 V* \; I6 k. k3 @
确认镜像上传并验证属性:7 m1 B. a, \4 Q
9 ~) j/ i, B3 K! J' O1 A
openstack image list1 E3 i1 Y J2 `- q2 b- q4 t
+ {' v, p, ?7 d& r' n6 J
3 P/ Q' O4 g* r- I3 yPlacement¶ `6 G8 X1 @) o( n
Placement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。
$ a# @* @/ g7 H$ R8 D+ f8 b5 J
7 Q: C! w9 u4 k3 ]安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。; F; P, d9 ]) c2 ?* v) y, g
/ B5 ~& J: q, H2 W6 M6 L
创建数据库# Y X. `( h4 h9 `, T' l
" M( l: |: Z F2 N使用root用户访问数据库服务:1 g7 l% d/ B/ M T0 c
# Q8 |5 q, Y% ?- `. |/ dmysql -u root -p$ c" R$ ^& B. z* j& V
创建placement数据库:9 s, }7 i( I3 O( c- _) {
h! h9 m1 R. Z1 ?$ LMariaDB [(none)]> CREATE DATABASE placement;" ?6 h, F+ C2 O: Y# d2 o# i7 N7 i% ]
授权数据库访问:
, J$ P9 y- w. u8 L/ O+ ]1 R2 _- V2 h9 {! n7 j' s# @# P8 ?2 A
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \; A8 p1 [8 ?: G( Z$ Q' g p
IDENTIFIED BY 'PLACEMENT_DBPASS';
, k. n$ W; n2 f1 AMariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \" J& k8 F: z$ I. `. ]. y
IDENTIFIED BY 'PLACEMENT_DBPASS';3 m- C( d2 H$ _+ t
替换PLACEMENT_DBPASS为placement数据库访问密码。% F4 U" Q/ y% n
' G. w% R+ \2 B* d$ v6 V( c退出数据库访问客户端:4 @* {) N& w9 ?# [
# p& J8 B. a6 q: u
exit& L7 V3 R) d- `4 y [- v
配置用户和Endpoints
$ \$ V* q& q; |# _3 O- Q1 H: \
source admin凭证,以获取admin命令行权限:
! i. m J! |1 [4 {/ C
7 y, Q. Q. g& z- T7 S qsource ~/.admin-openrc) @! G7 U4 X* m! m! Y! A% I
创建placement用户并设置用户密码:* g0 d8 C" A4 O! a$ s
# Z9 ~% t+ W9 W2 Uopenstack user create --domain default --password-prompt placement
! b, P: Q! ]! L8 V8 ]! y# X" y! i k
' g) M( G( k4 M- QUser Password:5 G! |$ d: M/ d( ~+ T! U$ Y) a
Repeat User Password:
' b( [' f. z, ~4 Z- u) F/ {添加placement用户到service project并指定admin角色:8 {8 ~! I& s/ M3 |% v% A
9 m3 u7 K5 ^# r8 [7 {
openstack role add --project service --user placement admin
: B7 w! `& N. H5 D5 [5 P* b创建placement服务实体:
2 t9 C& a7 H; `7 n
; m" u3 i1 N2 J0 T% X3 lopenstack service create --name placement --description "Placement API" placement
8 k/ _7 ` P) o y0 h7 _创建Placement API服务endpoints:
8 a4 T$ r. ~: d' k {# } l, m/ P! l: |! {1 y; ~' Z
openstack endpoint create --region RegionOne placement public http://controller:8778
0 D; E2 b- e/ `/ }* dopenstack endpoint create --region RegionOne placement internal http://controller:8778$ S4 `6 K+ l6 l) U# y) J
openstack endpoint create --region RegionOne placement admin http://controller:8778
0 P# N9 U9 W$ Q0 Q安装及配置组件1 b# u9 F: v, N) u# ?2 m2 M# @
4 i% C& Q% t; c% p* k4 J安装软件包:
4 k/ m, h i& i5 V' v. b# g) g" ]
& V7 A; m% V2 z# V }& fdnf install openstack-placement-api
9 j- ~9 C8 p, f编辑/etc/placement/placement.conf配置文件,完成如下操作:
( x& i0 o& ]# U8 V, q- L4 T" M7 c9 C/ R! j6 Y0 a
在[placement_database]部分,配置数据库入口:! I# o) P5 v( y6 @, m
0 A' I& o. D6 | E6 t
[placement_database]
) ~4 ^, B( H" ? j: {connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
5 `$ ~/ l: R6 y$ T5 u替换PLACEMENT_DBPASS为placement数据库的密码。& w. C' L5 Z8 D2 S; n9 ~
; W$ m: D: M1 Z& [
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
9 X- }; R$ {3 J- |- w6 t% E W* t% j3 g: j/ l
[api]
! V8 F, F* q& K' b5 yauth_strategy = keystone; @, [6 J+ u5 V( J$ P
' L; [0 f- S7 M: V0 i$ F[keystone_authtoken]9 g8 g3 c0 i; Y& d/ u* N$ {% V
auth_url = http://controller:5000/v30 w# |) |1 h1 T- X- r, j6 _
memcached_servers = controller:11211
5 d5 z% w& {7 j! T1 X' ]5 hauth_type = password; b3 i- ? ~0 L, I
project_domain_name = Default0 t: \9 g; h) F& t# B
user_domain_name = Default
$ ~# f$ h: w( b( G' dproject_name = service
( a# f- z: Q. Z: G/ ?; Ausername = placement
, v# v4 R% _3 J: R' lpassword = PLACEMENT_PASS
' P" F0 r# V% N9 Q替换PLACEMENT_PASS为placement用户的密码。
6 S: m0 c/ Z+ i) m% j3 W3 a
1 `3 x* Z* V9 Q5 [% x# g数据库同步,填充Placement数据库:, Y% a: {; b& I- u. x
4 Q7 ^" o0 j8 Z( xsu -s /bin/sh -c "placement-manage db sync" placement
$ r# f2 N/ K, S2 P启动服务 M& o! o% w; ?! J
, o3 N! ^- P1 _1 D' I, R# y; v, O重启httpd服务:
+ ?$ J9 a! N. n& a' Y) z
% r+ v5 E) E6 D5 I m. z8 u* fsystemctl restart httpd( f H; m, P" d& `
验证
1 i; u! \) x* p @( x
9 V1 k0 Z/ A- Csource admin凭证,以获取admin命令行权限1 d" m& @6 D4 B0 c r
3 a& \3 A$ Y) g. fsource .admin-openrc
. M! M) h( P9 S执行状态检查:, K7 h* f% L- C- D3 M
# V. g: j- t* A3 v1 ]8 yplacement-status upgrade check
p- S1 I5 Y6 w% e$ G% M* V' D# Y$ A+----------------------------------------------------------------------+" O5 [! f' D, o6 F, P8 j; z
| Upgrade Check Results |
* X/ W6 G' v* k4 z+----------------------------------------------------------------------+
" M. b4 h, x) _1 P| Check: Missing Root Provider IDs |2 ~* ?+ i, E2 @ p8 u5 r9 K$ Y- ^
| Result: Success |' w; n, F/ z$ r% K
| Details: None |
( W9 G# y/ |+ \7 H+----------------------------------------------------------------------+
. e3 S' R8 T# I1 c% o' ~' l| Check: Incomplete Consumers |
+ N4 R: k. B- t" d/ k9 X5 @| Result: Success |
$ G* |9 i# u. ?* e/ h/ F| Details: None |
7 X; ]# _ ]8 w6 A* d4 k' l B8 H+----------------------------------------------------------------------+# G# N8 C# A; Z3 N" I! m* S
| Check: Policy File JSON to YAML Migration |
9 ?( g/ t0 k8 v. N5 ~ S# l| Result: Failure |
' o/ K r* ]& _7 N8 m9 C2 x| Details: Your policy file is JSON-formatted which is deprecated. You |. f4 D% y0 i1 Y! ]4 V9 [( Z
| need to switch to YAML-formatted file. Use the |
& G3 y; T, `' Y8 [( B/ @8 k& {| ``oslopolicy-convert-json-to-yaml`` tool to convert the |
* i$ }1 J- y/ ^1 W8 M C' R$ t| existing JSON-formatted files to YAML in a backwards- |( Z% }8 x4 c. g- g9 M
| compatible manner: https://docs.openstack.org/oslo.policy/ |* _9 g5 {- `9 r# O" j5 {* F* L
| latest/cli/oslopolicy-convert-json-to-yaml.html. |
) j5 t# w L' _3 I# d3 J+----------------------------------------------------------------------+
: B0 Z. D$ x$ s6 |4 E" o1 c6 `' ]这里可以看到Policy File JSON to YAML Migration的结果为Failure。这是因为在Placement中,JSON格式的policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示,使用oslopolicy-convert-json-to-yaml工具 将现有的JSON格式policy文件转化为YAML格式。
: a8 d' a ]1 J I( j/ B; `: q& B Z6 k% w+ F( z( I
oslopolicy-convert-json-to-yaml --namespace placement \
1 [, r* x; _. x1 y% y; l. W7 H+ W --policy-file /etc/placement/policy.json \
. s* J* b! P. H) ]0 p/ u --output-file /etc/placement/policy.yaml
. Y9 H0 G/ Z1 k7 E g; J" smv /etc/placement/policy.json{,.bak}4 T" q3 X+ D9 }- e. o
# L6 }) n4 k9 d7 n
注:当前环境中此问题可忽略,不影响运行。
& M3 ]( ]& v$ b* s7 d$ P5 Z( ]" g5 ?& a8 b5 o+ V
8 r2 N5 q6 j9 [" t9 E$ }' v
j2 b4 [7 \4 k0 {. JNova¶. o0 q* Y( ~' Y9 B9 s
Nova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。% J; U8 l8 ?, |
# Y% ]4 q. G+ M
Controller节点
) w1 J8 s/ A j4 a) A; @
& o% d7 w) C; @) m在控制节点执行以下操作。
2 E* A+ Y" A4 H# o* }5 t7 ]: a
创建数据库. v) Y' V, ~& K, K& D, \1 U' r4 L2 l. K
+ i+ M/ M b" ?; W9 |使用root用户访问数据库服务:$ `- _# d% B$ A) S3 S
8 p( `) E4 F. A" S1 Hmysql -u root -p3 b% Q0 r p) |) O; ?; g
创建nova_api、nova和nova_cell0数据库:3 J9 |9 {8 m# y" d
6 h4 m5 ~$ R4 w1 _. ]. w& s6 V. q- d* s
MariaDB [(none)]> CREATE DATABASE nova_api;
; q. r9 x: |3 [$ ` dMariaDB [(none)]> CREATE DATABASE nova;6 }) S- k& q3 ?5 @5 H
MariaDB [(none)]> CREATE DATABASE nova_cell0;8 v! s- @5 a& \* o& V8 ?# T t6 F
授权数据库访问:2 A3 C) g% E8 F9 d3 a
6 W& j. |9 C- C. ]MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';9 q6 V. i& [6 N2 _; z
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
$ k2 p- R- i4 B7 x3 |
; O- v- G B5 }6 _MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
; g) j& A% C0 w MMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
$ w1 f! C9 v) s2 {5 X4 t" T; K6 Z
5 c' I. \( I- R9 b% u- [MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
6 X$ Z: B7 \% K" JMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
: c6 F7 s- W0 c( e
0 M6 z" R" _+ O5 ]( a( o/ Q替换NOVA_DBPASS为nova相关数据库访问密码。& G4 q' L Q+ K$ T
; t& V0 x0 g W5 O! X5 s# Q6 R
退出数据库访问客户端:. k& `5 W3 y. S2 v. j0 r$ c
- o5 j( W0 j" f2 c aexit L, ]! p, B6 W; a5 d7 z
配置用户和Endpoints
+ m$ A3 _& _0 F- _8 j- H* u1 d r- z4 M- U1 _( q( _: ^1 n9 Y
source admin凭证,以获取admin命令行权限:
0 T$ H& C7 K$ {- X6 T1 B
8 O$ c; n) Z0 m: i# asource ~/.admin-openrc
5 x6 x3 X/ A) h6 y3 |0 e创建nova用户并设置用户密码:3 P j' L0 ]1 }$ `' e: s7 }" z
9 t' e# W" I, G& @4 Q
openstack user create --domain default --password-prompt nova. u2 ?, J5 F. A7 X
5 U( I3 ~0 z% R. p
User Password:1 t: |9 s9 p1 a
Repeat User Password:
& w, [3 a, d. l+ O5 p6 G添加nova用户到service project并指定admin角色:
4 B' }+ J4 h# ] f0 M
6 `. T- E- O) J& U0 `9 c( Y& m8 Hopenstack role add --project service --user nova admin9 w5 P2 q$ c: q7 W K
创建nova服务实体:) }# ]; c' s: y) g9 ^# F* Q Z0 E
& ?- Y4 c# w# y/ d- z$ T9 f) zopenstack service create --name nova --description "OpenStack Compute" compute
$ g7 P, P: r+ E9 e创建Nova API服务endpoints:
# J; ]$ l: j0 r N9 v& @) a) W/ L3 u1 o6 n. \3 E. H7 s
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.17 `: F$ G' L& O R, _3 v
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1; [9 B: W; c+ S; D( B7 T/ H- X- k
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1) M+ U3 n$ X; B! M6 y
! ^: B8 N. e N6 o+ s
安装及配置组件' g5 ]2 o' V n; ?7 N
& O2 l, g! w3 f: q% R* y安装软件包:
4 m( k+ [; q9 t, R4 p; e. x- i1 ?( Q$ p: u I' q" f2 |
dnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
$ E$ H G; e9 U: e P- Z编辑/etc/nova/nova.conf配置文件,完成如下操作:8 }$ [. v, L0 F! J- T4 G' q
, C5 C6 c. P3 E& H- A" {在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:" z. O0 h8 k3 M6 i( c
}- |$ q- ]4 W& c# _- ^/ `* w% U
[DEFAULT]! [+ L; {9 Z/ K. x
enabled_apis = osapi_compute,metadata" ~% f) z! G* ]
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
8 y B: p& B/ c0 |# O$ E7 pmy_ip = 192.168.16.2
2 \, f5 O/ T. \' N/ ^8 elog_dir = /var/log/nova
( s, B. _8 [8 Bstate_path = /var/lib/nova/ ]7 p8 U( \! ?' O
1 T* _) F. O" F! j7 X替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
2 T; ?& E! [$ z# Z x2 D6 v$ f3 W1 _2 D/ ]
在[api_database]和[database]部分,配置数据库入口:
: ]( A- b6 t. J" a2 Z! [
* p2 s# G# J. V" ], K[api_database]
7 N& W; `4 d) s' I) b2 jconnection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api/ T8 F+ Q2 u: j
3 p9 \: W. }0 C8 n/ W+ a
[database]0 o6 \1 ?8 X. U, ?& Z
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova3 K- N( I. [4 ]4 q8 D
替换NOVA_DBPASS为nova相关数据库的密码。
. Z3 |1 e! S' Y9 p/ G/ K* s; a: `) T+ q5 N& O7 q
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
) G! M$ J9 y; M( y! C8 q: G, d
3 `; c5 | r) H- F! T% Q[api]0 S6 i) f# C! C) B' F/ V* D
auth_strategy = keystone% z/ f b) G# p/ P2 ?2 V
. k2 Z6 A/ }( a8 H4 w, S) a
[keystone_authtoken]* g4 |9 w$ ^9 u; \9 i
auth_url = http://controller:5000/v3
. K3 _# o% i, ]8 A* \5 |0 b1 qmemcached_servers = controller:11211
/ C! O+ r7 ~3 Dauth_type = password: Q5 r1 r" B( P: z
project_domain_name = Default+ r. Y* O) j1 w: K
user_domain_name = Default' M V8 U; c' Q) m$ t* u2 {
project_name = service1 l; f# |+ _7 i( r9 G1 }3 Z, S6 a
username = nova6 F% e5 }+ W( k. A" G! C
password = NOVA_PASS
8 C1 |# `, Q) ^2 E替换NOVA_PASS为nova用户的密码。
' y1 x2 u: p- F# J! j4 v2 A7 O/ ~! W7 o+ n. g" W- s
在[vnc]部分,启用并配置远程控制台入口:
8 n- S9 ?8 |" v" T; \ ^" w
7 ^" \+ c3 T/ A) j" |[vnc]# y3 I# C/ u3 P1 N' q* x
enabled = true9 B5 ]- X3 R) S8 y
server_listen = $my_ip controller
/ [, C* Z1 e5 iserver_proxyclient_address = $my_ip controller
/ \" b c5 P% X2 Q& v B7 d M( X* o8 a- ^5 u% ~
在[glance]部分,配置镜像服务API的地址:8 ]: U/ Z7 r- @* ~. U# H
9 T* c8 x9 N6 j[glance]
1 B1 e! {- c2 |* P1 qapi_servers = http://controller:9292' z3 w0 U0 h8 L( c+ B% J! f
( {4 v, R" ?4 [* ~$ {; n在[oslo_concurrency]部分,配置lock path:
7 l/ X. c. h1 F
5 a4 G0 m8 b! i J5 I1 k[oslo_concurrency]
- i* m* K) `4 N4 a, w8 S: j: glock_path = /var/lib/nova/tmp$ w; c1 x M% e: k+ l3 k7 w1 O, @
[placement]部分,配置placement服务的入口:
( y3 \3 T: }/ g5 T1 |
( A3 X r% \6 ?: z; \" j[placement]
& J# l) b) }9 W; S3 u7 uregion_name = RegionOne
! p6 |# _! H% h# K& E$ n" w5 Vproject_domain_name = Default3 B* Z, [2 B R
project_name = service
5 s* ~% \9 k- r1 R0 }4 eauth_type = password8 z( R! W' t: b& `2 }! T
user_domain_name = Default. [7 P' [% l+ y% H
auth_url = http://controller:5000/v3
* R$ v" G8 |$ h5 r8 v/ S6 o+ \) ~username = placement" }* N/ ~2 D+ j0 b( Y7 b
password = PLACEMENT_PASS
% V- y$ q1 ^) v替换PLACEMENT_PASS为placement用户的密码。
6 @ [* [- b+ O m* [
& A1 }% }5 g$ E; Z- s! k& _' ?$ p数据库同步:; _! |) ~2 S! S* p
, Q4 u. K8 t: k4 a' m. j, B% i O
同步nova-api数据库:9 @" c, f# H6 t$ }0 r* X
+ c! u7 ^. A; \- B
su -s /bin/sh -c "nova-manage api_db sync" nova
# T; D; b3 ]: {$ t9 V' S注册cell0数据库:
% p* h& N7 a* ^( z: J
) k! H- S0 }, S5 Ssu -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova$ z+ H/ e* B3 a! C# V. `
创建cell1 cell:0 P+ R8 B' ?# T, D4 K, f# r9 g4 L' Z
( P# t6 i; ]' a+ {2 b& _( K- E! l
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova" x0 P" G3 [7 [: j0 o
同步nova数据库:+ [, a- k7 I0 h. `+ V/ s5 x& n
8 F4 R/ q! N X3 M9 a t# Tsu -s /bin/sh -c "nova-manage db sync" nova
# o7 ^2 |! p# a. n: n验证cell0和cell1注册正确:& r9 w, h% E0 E% K3 [% [
) Q! V# Y. I4 J4 ~, V0 Bsu -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
9 g% a. S6 Y3 @启动服务 ~2 P+ ~/ ?( y9 s# n n
' v8 _, j3 r/ L# x6 r* j
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service: j" z& U Y6 S- [& C- v
2 ~0 b9 [ q3 I' h' P) [
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service2 f6 ]! L/ V r
2 m1 t# m) V/ J) N8 ]3 ZCompute节点
* \7 n% V( U* p
. [# U( g! ^( n( ]% X9 _: h+ d在计算节点执行以下操作。7 F7 ~/ v5 D. {+ Y% A8 h- ]6 g; @. Y
. \9 o4 y3 m* f) c安装软件包2 ?. Z6 X. [( L
6 m# m5 f8 F- v. c
dnf install openstack-nova-compute
% _0 I, t# B O4 ]% V0 s4 V! E编辑/etc/nova/nova.conf配置文件* j& e7 i" f! c( C
; K0 `" \( C$ c1 F在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用Compute节点管理IP配置my_ip,显式定义compute_driver、instances_path、log_dir:
$ W$ r7 q0 {0 M* {$ y+ `7 a( N! [. C0 E: B- m
[DEFAULT]6 B6 a* h1 S0 \3 h$ j, Z* {8 ^8 K
enabled_apis = osapi_compute,metadata1 X( C! \6 ]4 m, |& t
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/: w* ~ z* T3 B. A/ Z
my_ip = 192.168.0.3
! n# q, n4 O; S* l( n5 M% N0 a7 A+ Kcompute_driver = libvirt.LibvirtDriver
3 a* _! S+ O+ F! R: Y; linstances_path = /var/lib/nova/instances! Y: o1 B1 {% U, K' V. [5 J$ \% g
log_dir = /var/log/nova2 Y1 }6 z; k8 E! e, Z, }
替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
5 Z/ N/ ?7 w9 c/ W2 r! ?2 z& B! x& l/ Y0 j# m, ]; q$ F Y
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:" m9 t+ ~* U4 x, ?
; ]+ I5 W h E! @
[api]3 U7 I. M6 M1 F6 t
auth_strategy = keystone
1 L( }2 Z0 F& h0 y2 u6 y
3 k; H6 l$ r. q$ |7 c3 u, _[keystone_authtoken]$ L e0 }5 Z6 g8 I- S
auth_url = http://controller:5000/v3
$ u. r9 h* @* r7 smemcached_servers = controller:11211
+ ^7 _. m- c# @8 ^! Y( }6 dauth_type = password
$ o4 m* D' B0 A Y. Rproject_domain_name = Default$ G3 F# v' a6 d2 ^" \! C9 n* K
user_domain_name = Default U4 J. Z! Y4 E' \# j
project_name = service6 C) `, X) s2 L/ ~& M
username = nova% ]& [2 o4 t' K& P7 r
password = NOVA_PASS
w5 ~8 n5 E* W! l _替换NOVA_PASS为nova用户的密码。
6 _6 Y) x; }& d, u# |
# T0 H$ v8 @- {1 R在[vnc]部分,启用并配置远程控制台入口:) J# V# n5 C+ u( K2 p: [
( c; M, e) N' B[vnc]
! s/ x: Q1 G6 M# w( [' U6 Eenabled = true8 ~# i! ?6 X* ^* w6 s' M
server_listen = $my_ip
. H2 p2 E% f& c% u+ k! J4 [; \) \server_proxyclient_address = $my_ip
# O. n1 h6 J2 J% enovncproxy_base_url = http://controller:6080/vnc_auto.html
. N, X; Q( r, `8 r8 w+ a8 f" J6 r在[glance]部分,配置镜像服务API的地址:% F v1 J6 a' E: H9 A
, G- Q8 e- ^( s8 H
[glance]
6 b9 K: x/ v" y5 g/ v( K, Hapi_servers = http://controller:9292
+ ^4 q/ ~' I( t7 s; t在[oslo_concurrency]部分,配置lock path:( g( ]" D( l( L3 U a
- {) M D5 }5 b0 D$ Z
[oslo_concurrency]" ~8 i7 K5 K1 X# j( p& I7 n
lock_path = /var/lib/nova/tmp) J- b+ ~2 @+ W7 |. U! F! e& X8 X
[placement]部分,配置placement服务的入口: T; k, p/ b. n7 _: |4 c
# b# \& M6 P/ |0 r[placement]
4 C7 j8 c! Q1 B+ y- Vregion_name = RegionOne5 `2 L# S; e% E- t1 _& ]
project_domain_name = Default7 P5 U! V, o- O- M& ?2 P- W
project_name = service, j$ d; M! @/ `1 A/ j' j9 C
auth_type = password0 { U+ O9 v8 ~
user_domain_name = Default
# T( ?9 v( N* n( [' fauth_url = http://controller:5000/v3
, x: L& Q% p/ O: k E1 Gusername = placement
- ?5 F7 `) O+ G1 V6 t9 r4 Xpassword = PLACEMENT_PASS
6 X% e) ~$ l/ f+ e替换PLACEMENT_PASS为placement用户的密码。7 m% t8 z7 z0 e, U& s4 W
' ~: o% F9 }, C( z1 W( R: g; h) b确认计算节点是否支持虚拟机硬件加速(x86_64)
* j6 d8 P. s/ h0 D4 ~8 C1 G5 p$ u1 [/ C; ?6 Z/ P
处理器为x86_64架构时,可通过运行如下命令确认是否支持硬件加速:
9 |; n" V b/ W i, X) G0 q! p
& v8 k" |* t9 r- N4 F) }egrep -c '(vmx|svm)' /proc/cpuinfo
) C9 }: D6 K9 ?如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:$ F) A2 S5 H( n, F6 i7 E
' |5 H1 _/ I7 y" h/ o' E[libvirt]
+ _& C6 i) y" v# Q4 J: Svirt_type = qemu
; C3 k4 p2 w: Y+ X如果返回值为1或更大的值,则支持硬件加速,不需要进行额外的配置。
# K" O0 j9 W/ e: @; s4 S0 W' D' s
1 K1 S8 c: J( M+ V确认计算节点是否支持虚拟机硬件加速(arm64) f7 |6 d$ G& r5 }4 p( Z M& i, J
! ^0 ]- V: U9 C9 c+ H @. M( o
处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:: j% l8 N) n- ?9 O0 B6 Q
/ W& c. U d8 @9 M
virt-host-validate, d; x; n: [( v ^* y; c
# 该命令由libvirt提供,此时libvirt应已作为openstack-nova-compute依赖被安装,环境中已有此命令. V% i6 I/ z4 F! Q f x2 J
显示FAIL时,表示不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。' Z. F& Y+ z1 x1 N# @# H
* L( l' k. c& ^4 l! @2 r6 M C
QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded)
8 Z6 G' I# [/ w, L$ k, t/ f编辑/etc/nova/nova.conf的[libvirt]部分:
& h* F- t2 s" f4 }' K4 V
+ O; c9 C& k5 S[libvirt]
( ?) C; y) Y2 K- ~virt_type = qemu; x5 F0 V( I3 |
显示PASS时,表示支持硬件加速,不需要进行额外的配置。6 D4 }8 m! ~( {( C7 m' s" r% Z: v
/ T5 u: O9 C3 R8 o! a" i L+ h
QEMU: Checking if device /dev/kvm exists: PASS
8 o6 }) O# Y, @( |3 J配置qemu(仅arm64)# b) h5 b) h' G2 t7 j" Z. r
* |. g' ^. Q; b仅当处理器为arm64架构时需要执行此操作。
! `. X: C/ l8 X4 l9 X* [7 I3 E0 Z6 x- v0 s
编辑/etc/libvirt/qemu.conf:5 S# T- r4 w' \* A* Q& |2 p
0 x, u( s0 G$ y/ e$ r7 \, J
nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \# T; f% n% g0 Y( C# N4 b
/usr/share/AAVMF/AAVMF_VARS.fd", \
" t' Z. y+ N# Y. [: o+ u. C "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \' r2 v, U- R% _& h0 C+ i# {
/usr/share/edk2/aarch64/vars-template-pflash.raw"], H8 Z& A( |( ^/ [
编辑/etc/qemu/firmware/edk2-aarch64.json
7 e3 w {6 p5 j/ q& ]' n
+ u* }5 Y. \3 H! f1 z6 v{% ~6 n7 ` K" Z" j, m
"description": "UEFI firmware for ARM64 virtual machines",/ x* E" |0 C0 J. C
"interface-types": [
* h+ I' [ q) A3 u! p4 ]" x "uefi", p4 A% v: K* n/ K/ k& l, Y1 ?
],
8 D" u6 ^# S7 `8 b/ ]9 g$ J "mapping": {
$ A% N$ b9 b0 x t# y* `7 x "device": "flash",
3 j1 l( x; d+ _1 b/ x' @! g "executable": {% C: k/ ?7 n2 R+ B$ j! ~$ I. l% L; I
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
; B2 |6 O. y5 C* o "format": "raw"
) @& a- [ `/ P" U },2 X) n8 u; v9 V. w X3 y
"nvram-template": {! @$ Z r9 D$ d3 Z$ H; ~9 M
"filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",
/ p" ~) T: _* l: N) S8 A "format": "raw"0 [% f, J1 ]5 s) U) u( S
}
8 w. j4 F' E+ _ a& X+ z },
1 H2 U) m* q0 p% G "targets": [6 B5 o2 P! F# c
{: V# z" V) b1 s( M' Q0 u: E
"architecture": "aarch64",
& W# m- Q& H Y+ }/ [( _3 P "machines": [
C; [+ I- j% K; W5 u, R, @ "virt-*") s9 y0 w. P5 w5 E
]; _! s6 v1 X3 ~! N8 }' p# U
}
$ n, T% F* `7 i8 v' M+ k ],
5 I( v2 I$ O: X6 u# Z "features": [
- k- _* V2 g0 n" X5 S- \
3 s- A* K# d" ~8 g6 Q; S+ K- O ],
9 p! N, H; F8 e1 l7 Q! ]8 q d3 e "tags": [$ D) p! w) J4 D6 f; _
2 v2 X2 m r& j& P
]
* o: A7 Q: z$ `9 v! P0 u1 L}. B$ E8 |2 Z W: N( q- Q" f, y
启动服务% u! X) S9 \3 W
: W& G! X$ |1 O3 X1 E, k4 Isystemctl enable libvirtd.service openstack-nova-compute.service6 S& U1 ~4 F7 r u
systemctl start libvirtd.service openstack-nova-compute.service% R3 Q: G' p% P8 P" S1 P7 p
Controller节点
s( I; N3 _4 j- F5 }
- B5 D6 L) l$ s9 C1 N) ?在控制节点执行以下操作。+ Z8 d+ J. i4 W
4 P/ ?* J- R2 h
添加计算节点到openstack集群
2 v% X1 U% Y r1 P4 Z
6 }% p7 x3 c7 Z! bsource admin凭证,以获取admin命令行权限:
3 Q( ^! E2 C1 V" P0 X/ B& Y4 Y1 ?3 j0 h, S
source ~/.admin-openrc
7 P" @% Z g% u7 w/ W' s: g0 u确认nova-compute服务已识别到数据库中:
9 u% h5 N B. `0 ]( K
2 g3 t V' m; d" n, n' j8 ~* J7 vopenstack compute service list --service nova-compute& `. D a+ s$ X' I; r$ }6 G
发现计算节点,将计算节点添加到cell数据库:' M, x; O" |# }; U" W4 M# |8 S/ b
2 h) h/ J; W( s: d5 z
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
' \) P. I( K) z! j结果如下:! _% ^6 I& H- [% h* s2 M. y
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.- e% R& D3 D# H/ w& t% T) ~8 _! l
Found 2 cell mappings.
/ v6 a2 q* a! `- Y2 t2 |2 d/ }Skipping cell0 since it does not contain hosts.
/ F4 U& k3 s$ _Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2
5 v5 S* M0 U; W) uChecking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e
7 `. G* _+ u" i6 l' D& C( `) SCreating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e
4 U6 S4 c. X2 P: P4 H2 {8 JFound 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2& O: Q/ I; e6 D: r g
验证! A1 D( Y# n% r E4 c
' e" B) R1 P1 A列出服务组件,验证每个流程都成功启动和注册:
) m; {+ B9 I3 k7 |; Kopenstack compute service list
% p. I; Z" C' `* E& j列出身份服务中的API端点,验证与身份服务的连接:2 @2 \) |% Q% }* X/ I+ [5 _
openstack catalog list- K; ~7 S! D' q0 o5 V
列出镜像服务中的镜像,验证与镜像服务的连接:
$ |, Z/ L7 { y7 R) Qopenstack image list7 l V4 N& k, m* t J% }. I. u3 n
检查cells是否运作成功,以及其他必要条件是否已具备。: H! v- E/ S. C5 }6 m
nova-status upgrade check: b9 ~# |& q8 C. K
Neutron¶
1 z5 f$ o7 C! b9 P4 Q' ~Neutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。
3 @+ S7 }3 q+ o
J% ?. a3 ?, E: B# g ]Controller节点- F# ?' i4 Z7 p" p+ R
+ i6 c( c& c/ W1 D创建数据库、服务凭证和 API 服务端点3 m; T* c9 I( z
, I% A! A3 T5 w, \; E0 g6 ]创建数据库:
) ?" n6 G5 k9 G B% J; Y! ~) N! `0 s4 N" w; d
mysql -u root -p1 p$ M, p+ K1 {/ w( ]7 ]2 W3 a$ \2 a Y
4 H9 @& K5 [% @+ r9 HMariaDB [(none)]> CREATE DATABASE neutron;
! r9 u- h' r4 E+ d4 j1 q K) T) {MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';" i& @+ s% Z" U$ h
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
+ R. @- B& ^, H) ~) u0 L8 dMariaDB [(none)]> exit;2 V! _/ d) c- M. {- ~, Y! h
创建用户和服务,并记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS: c4 A6 A2 ^$ _6 n0 J2 Z9 Y
+ F3 V% m5 B) u$ Usource ~/.admin-openrc
3 O. s9 E: y; o8 g7 q0 @: _8 Q" Z* qopenstack user create --domain default --password-prompt neutron% h7 y J3 Q% a. B+ o' f
openstack role add --project service --user neutron admin
8 O) F/ w' }/ x( B* ?openstack service create --name neutron --description "OpenStack Networking" network' k! P/ {/ {# A- ]0 s
部署 Neutron API 服务:
1 ]( c1 P) v- J" A6 X; l) f
7 U7 k3 p( n; e0 j7 bopenstack endpoint create --region RegionOne network public http://controller:9696! j2 O2 f5 k$ C7 L; m& Q: b
openstack endpoint create --region RegionOne network internal http://controller:9696" d+ M3 @0 e* A, f
openstack endpoint create --region RegionOne network admin http://controller:9696( h4 v, ]' d* D' ]0 e* Z! E: G
安装软件包
0 B+ l { ]: H8 V1 G& k8 I
@5 s& Z5 y, `1 ~' Jdnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2
; @5 `6 n. r) c9 Q- {. l; S" U3. 配置Neutron( R& }% l# j# w& H) U% p
修改/etc/neutron/neutron.conf& g2 @. M1 f! U6 |2 o5 \
% S$ J$ c) |1 }) H! s
[database]
6 H' v+ n' R# o! ~" T' nconnection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
( ^( E( x% T' p& C5 V, `6 }1 }& f1 s2 d
[DEFAULT]
: k3 G6 q" {% L; r8 {core_plugin = ml2
' i' L4 e2 t! Eservice_plugins = router/ O" N6 ~5 W4 V
allow_overlapping_ips = true
( }( `( \0 l7 Y) O: Mtransport_url = rabbit://openstack:RABBIT_PASS@controller H: L5 T( `1 T, a) d& t
auth_strategy = keystone
- D. Q- Q1 }& X2 q8 Tnotify_nova_on_port_status_changes = true
- p8 p3 w" e: b* z$ T2 R! bnotify_nova_on_port_data_changes = true
; j7 ?. _. w V, D0 R
8 d7 v! u, C4 q. L W[keystone_authtoken]
7 `/ _! v4 r% S R, Vwww_authenticate_uri = http://controller:5000
: ^+ r6 e+ L! {. T1 X8 X: oauth_url = http://controller:50009 r/ ]4 J; p$ x! U; X& H/ x
memcached_servers = controller:112118 X" {0 U- G2 Z; [
auth_type = password
2 G5 u2 n1 |& A7 N8 wproject_domain_name = Default1 B1 C' d4 A/ w$ j
user_domain_name = Default
1 B& y0 | ]4 m. h( ?* R% a1 Kproject_name = service# F) Z) I2 p% d
username = neutron
. J8 N+ M# f* c* qpassword = NEUTRON_PASS
. J- s* \3 x# a/ j4 ]
n1 r8 w. d) z) \: _5 l) _[nova]
?3 z* f; R; j# j& kauth_url = http://controller:5000
$ b2 ]" G K3 B7 A( hauth_type = password
4 k3 v7 ^8 d8 H/ U! i, Nproject_domain_name = Default
4 f3 P6 `% C: U+ nuser_domain_name = Default# g! P: r* J O* t R8 n
region_name = RegionOne
9 O+ D, c$ O: ?- f1 a8 ?2 [" oproject_name = service6 _ {1 t& b! } d+ n
username = nova4 }- H/ P& @0 t
password = NOVA_PASS
+ \/ ?# f* F# K' |
/ Z- `. l; T& v# V! W5 H+ o! J1 }[oslo_concurrency]6 L% W, i, _: q' U: x
lock_path = /var/lib/neutron/tmp
9 P! N* Q0 x; @- @* F7 f3 _$ I m8 a2 y% G' W' J- f* S
[experimental]3 G/ Q) @ x$ m/ |+ |% `: }
linuxbridge = true8 F I2 |% v/ k6 K/ V" P' J- p' J
配置ML2,ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**- G7 S& t$ [5 _9 @5 l+ @& A
& s) N b- j$ }' E8 {7 I
修改/etc/neutron/plugins/ml2/ml2_conf.ini7 [# ~% Y* ?' Y: y" l8 g4 {2 R' v* t
7 B2 L2 z3 ~* T6 \' Q4 L[ml2]
0 V d& v3 R: w) n1 g, Ltype_drivers = flat,vlan,vxlan& V, i4 C+ H. m8 Z+ o5 u7 r
tenant_network_types = vxlan
& c6 {& C. ?- i3 S5 `+ Pmechanism_drivers = linuxbridge,l2population# d0 @. Y& ]5 g$ @' \
extension_drivers = port_security
6 u, A) G/ @7 A0 N$ [2 S
6 Q+ p8 L8 b2 L3 @% c. n[ml2_type_flat]
. \, ]" c5 g0 a; a& C! oflat_networks = provider
1 F7 E `( G( j! V H4 h2 S/ G% G) x( D6 V* c2 z0 Q F
[ml2_type_vxlan]1 o) r: l. o' y" Y! e
vni_ranges = 1:1000
& M/ B7 y) J: l. d( B3 y# z3 d+ f% _' U5 a/ S1 ]1 g
[securitygroup]0 Y# _8 d) j8 U+ ]" o% C
enable_ipset = true
! q0 r' D2 t* }( N% M修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini! c' ]4 s5 c. v4 O c
8 |( Q$ A' j, b% a: n[linux_bridge]8 A3 {( Q9 L5 i, S, i' ~' q
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
# s% C& [' ]' q
% X" g! x; K( M6 {2 U[vxlan]
, Z& ]4 t' a7 henable_vxlan = true
4 c1 q* `0 s7 ?5 p& n* H' ?local_ip = OVERLAY_INTERFACE_IP_ADDRESS
# Z1 ^# k7 |& T' vl2_population = true
B$ R4 U8 L$ n9 n0 T
" J" u5 u2 h1 K& U7 U* H7 C[securitygroup]
0 w9 ?) R/ T* c3 j8 V% ienable_security_group = true
|, ?% Y, a8 j" K& z9 Nfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
+ Q" O1 O4 J. ^- I: n$ x/ s配置Layer-3代理
+ d4 X. \& u# p
( T$ t y% m% X3 c% |+ k修改/etc/neutron/l3_agent.ini& j: X6 Y1 P9 H5 R3 U
, c7 \0 `8 |& Y- j% C5 B- R
[DEFAULT]% R. a" J: f( D9 q2 h7 A6 s
interface_driver = linuxbridge
5 g7 M8 R0 h* L+ j9 O( N0 P3 E配置DHCP代理 修改/etc/neutron/dhcp_agent.ini
9 L; ?2 X4 E+ t) h( K, `" h, p0 g o4 s) D, l
[DEFAULT]
% ]3 t4 @& m( f5 B; A* d3 Hinterface_driver = linuxbridge
* c* L& S' P/ Y: w! _( O3 Adhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
4 F: z& l9 t5 |3 Ienable_isolated_metadata = true
) H2 F9 v& P" u) Z1 u! v配置metadata代理
1 R2 e, Y8 h, x$ }2 Y4 U5 s; l) j _, ~
修改/etc/neutron/metadata_agent.ini2 ~2 M4 M5 s6 k" }
# \# C! Q" u- a& U" ?- u }; S[DEFAULT]
4 b; q6 i2 V6 |# }nova_metadata_host = controller1 X4 j1 u; M+ w" u1 B( ^
metadata_proxy_shared_secret = METADATA_SECRET
1 H z) _; q5 U e( x配置nova服务使用neutron,修改/etc/nova/nova.conf
1 Q+ @& u3 V% \. M$ p% g[neutron]
) h' l- z/ q0 |auth_url = http://controller:5000$ [) E% j7 `- r; R+ k
auth_type = password
- L: a! {5 J5 w" p# d! Vproject_domain_name = default; s* a1 L" ]% d; o5 O3 N; o
user_domain_name = default3 b, P$ k1 O8 C5 m; y" f, J
region_name = RegionOne$ f' P/ n3 _0 x
project_name = service
. U2 M d5 }& `2 f) ^username = neutron
4 @4 O$ }' u! D [: ?password = NEUTRON_PASS t4 c4 k# ]: F( V
service_metadata_proxy = true
& c5 J3 }3 V9 ?) `) x1 c8 Nmetadata_proxy_shared_secret = METADATA_SECRET
A- Q |7 s# S J1 u4 P: h创建/etc/neutron/plugin.ini的符号链接7 w( J: r& t* k5 B
6 ^2 h. Q5 r0 q! W5 ~* j$ [
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
' M9 Y+ W5 z2 f7 d/ _ {- W/ F同步数据库
- D0 K) }' e+ [! t% v
1 U: ?& Z' e5 ?. q# B9 I( ]$ {' Msu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
2 Q2 i9 v$ j, w重启nova api服务2 }' [+ c& }0 U1 q, F, }
systemctl restart openstack-nova-api
4 j% @5 H8 K, A7 d启动网络服务. @* o7 r& K O- }
/ Z2 V+ U! _0 `systemctl enable neutron-server.service neutron-linuxbridge-agent.service \
' s5 x$ o7 ?9 D1 g4 W3 W3 eneutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service/ Z4 W: ~) @# _% _ _
systemctl start neutron-server.service neutron-linuxbridge-agent.service \
4 |2 L* p' n7 [) j G c; V4 mneutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service9 ?3 }. h+ F) V, e
Compute节点3 @& @# a" I- e. C: {
. A) O6 R" R; P) U7 q
安装软件包, Y- f6 F, N& i# [
dnf install openstack-neutron-linuxbridge ebtables ipset -y
4 l; j8 g' o @9 D% D% M1 ?; f- \配置Neutron4 e7 Z5 m6 p$ H- a$ n$ X7 B
5 V ^" f3 \0 p
修改/etc/neutron/neutron.conf
- ?- P. I' K( V8 m: w- W
! {# e1 i5 S8 L( c! q[DEFAULT]; E! a7 I( r; S, ^ ]
transport_url = rabbit://openstack:RABBIT_PASS@controller; a1 C3 A/ R4 g+ M9 A
auth_strategy = keystone0 i- T7 q7 Q* B9 O1 @
3 Z; z' O) R% u; r5 D q3 z* e
[keystone_authtoken]/ n+ V! |! G u/ k# U$ w- M
www_authenticate_uri = http://controller:5000+ `0 N) d& [; }% L6 s
auth_url = http://controller:5000/ @$ I7 F) a, { i. A
memcached_servers = controller:112117 Z! Z0 \4 ]; ]; s
auth_type = password" }( X B+ } r0 _& Q1 X, k
project_domain_name = Default$ Q0 g: Z& x( l" `0 o" ?
user_domain_name = Default
8 k% e I! z( ^project_name = service/ s1 [" R, P0 h+ l. Q( z0 K" l% g! h+ `
username = neutron: [/ c9 B0 G$ D9 Q7 o: V. x" w
password = NEUTRON_PASS0 G7 X) T% P% S5 R5 Y
[" N# ~2 ~! Z: l) m[oslo_concurrency]4 _, I0 C6 \+ }5 D
lock_path = /var/lib/neutron/tmp
: K; q6 \3 y% A( \1 k/ m修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
4 K# m" j: p% V* ` m/ E( B' z1 q; b1 w
[linux_bridge]
% P' I' A% c# E# ~7 hphysical_interface_mappings = provider:PROVIDER_INTERFACE_NAME2 c7 N, Q# o8 p6 X( }% ~
; }2 m9 D5 z# }' n# Z[vxlan]
9 q- \( z2 n8 [( zenable_vxlan = true P* S2 u6 [' W1 v
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
3 ? A7 `: E' il2_population = true
+ [9 c3 I! h) j" ]% N( x e! c
* U+ N( \. m( V[securitygroup]
) S4 X; y3 ? H9 ?5 tenable_security_group = true
5 V7 d1 b: B5 {5 Jfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver* A0 Y( M/ @! J- I1 } G$ Y7 o
配置nova compute服务使用neutron,修改/etc/nova/nova.conf) B$ C- m( K6 g
4 Z% O: g x% P; k& n8 n6 c" r
[neutron]4 q: V/ ]! }$ w6 Z7 Y E; X) g
auth_url = http://controller:5000
" e& a* E# i7 Rauth_type = password
! c$ O/ g" i0 T; K, ]! }project_domain_name = default$ M4 }3 E) ^& O$ u+ R
user_domain_name = default5 X& ]# |& d% p
region_name = RegionOne
7 L1 X5 `9 W. W3 L: P2 c4 |project_name = service
1 t0 `1 e0 n* C7 f! Pusername = neutron% d9 a/ `4 }) e O# w
password = NEUTRON_PASS- @9 f6 K$ l5 u! R
重启nova-compute服务
) J% H+ y/ Q* W/ l! Wsystemctl restart openstack-nova-compute.service, I: E$ G3 [$ W8 P
启动Neutron linuxbridge agent服务
$ K% x! Z+ w# j3 k" R0 `, L$ d% Y$ tsystemctl enable neutron-linuxbridge-agent; C* Y6 w; T' M D9 B0 k; U
systemctl start neutron-linuxbridge-agent( I2 g: I1 m, t8 }. @; a2 s. q% R
Cinder¶
; A" Z) U% i; Y8 ~4 D: r6 ]) VCinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。7 D8 R. H' a' Q5 Z! U9 Q3 O
3 |$ \ O4 a- ~' J s! u5 n4 Y( hController节点:
6 G3 M k% ~/ W9 F8 m1 s4 d( O% I3 u3 V* g
初始化数据库3 r! m6 n3 Q1 G
' l, Z/ M: v8 V3 a# j0 a$ ICINDER_DBPASS是用户自定义的cinder数据库密码。! V' z5 T" v9 I) _; ?" P% e
) P. `: b g2 A1 vmysql -u root -p
- w8 k% g0 ~3 v0 i
; f* R3 ?' s5 W% W w, L: bMariaDB [(none)]> CREATE DATABASE cinder;, w6 Z, v! e5 b6 ]4 c X* u
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
# R" [5 T0 _4 V9 uMariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
+ d* c5 p$ | f, ]3 V! kMariaDB [(none)]> exit
" p* F0 Z i$ k: z3 ~+ U初始化Keystone资源对象
3 O$ t$ e2 A- ?5 o5 A6 f9 C4 t5 ^# Y( z" ^
source ~/.admin-openrc
$ Z' J: n' R( m& N0 Y, j
( W; z+ z% D# G5 {8 E q#创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到`CINDER_PASS`的地方替换成该密码即可。
' L. ?; _! u0 H& Z( \. i+ m5 zopenstack user create --domain default --password-prompt cinder5 U* t, P# a0 ^& o+ }7 T
0 C: B& V* F" \( W+ eopenstack role add --project service --user cinder admin; E" m" T/ T3 K" Z
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
, P# e0 N3 E7 D- _- D& `9 u. t& M! W5 X G- Q
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s. O$ p" D3 I' e" u
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
. o; g. G8 R7 b9 X- C6 H5 w; Jopenstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
; u/ b+ a4 k, w1 |3. 安装软件包! W3 M0 H/ x! `; V) c- Q
dnf install openstack-cinder-api openstack-cinder-scheduler
5 e# j; h* c! [: Z. W$ g9 l修改cinder配置文件/etc/cinder/cinder.conf% [$ B+ h, D/ V/ `4 ]% ~
5 g: C( M8 t* J, ~6 B2 \
[DEFAULT]
5 ^( q# }7 O, b/ h& q- V3 Z8 xtransport_url = rabbit://openstack:RABBIT_PASS@controller) r% W7 ^4 X1 t8 |7 m9 r# C, C
auth_strategy = keystone5 Q7 q5 D" A' Y& b& m$ u1 Z
my_ip = 192.168.16.27 k. {" K" g! d+ \3 i
. G; Y6 p8 e+ i8 ?7 I J[database]
$ M" t/ Z( a' e% t3 Sconnection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder* P9 L1 d$ }9 P( Q
4 H, C5 ^6 l5 ?& @( H
[keystone_authtoken]
3 [ c A3 f8 ?2 Bwww_authenticate_uri = http://controller:5000
. N$ N8 H h* ~9 ~- \! p! fauth_url = http://controller:5000
/ s# ` H) W7 Q2 |memcached_servers = controller:11211; u% Z$ k6 U3 Y6 y% B
auth_type = password) w0 x+ }7 N8 p, K, n& s
project_domain_name = Default4 G0 y, t, z, r
user_domain_name = Default. ~2 ~2 _, q. W$ \# `/ x3 H! C
project_name = service
0 g. s6 _. c5 z6 f2 q musername = cinder" w: w- v. o6 S2 q8 r) m
password = CINDER_PASS. }/ b- L6 Y2 r4 V' E% m; H
6 o& y; f3 m4 K9 B4 Y
[oslo_concurrency]4 g* f p* ^6 T& b* |5 H; K
lock_path = /var/lib/cinder/tmp
# A% f" B. X! C9 y! s1 |数据库同步
; O2 d# V/ n9 _- d) L9 \
8 u% K" d) E x; qsu -s /bin/sh -c "cinder-manage db sync" cinder5 F) C/ ~5 v0 u
修改nova配置/etc/nova/nova.conf
- P( B3 y" f2 ^( u9 `" \8 h @' L0 t( A- D" {; E$ Z
[cinder]3 o) O+ r/ E% R3 H
os_region_name = RegionOne! C9 n" Y5 G$ p" R3 d1 x9 x
启动服务- ~9 m0 K: F$ P5 n
" G6 O' J0 Y4 x! n5 }9 a4 f
systemctl restart openstack-nova-api; N7 Z1 d% k d' X! F
systemctl start openstack-cinder-api openstack-cinder-scheduler
5 L7 a) a+ g/ S6 |Storage节点:" U0 N4 {2 K/ x" ^, A7 Y
, I/ N* d) ~8 l, I& N4 JStorage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。
- b+ i5 Z7 M& {
$ a) x# v' n# W( O0 F' hCinder支持很多类型的后端存储,本指导使用最简单的lvm为参考,如果您想使用如ceph等其他后端,请自行配置。
, P$ P8 S3 C% x. E8 b6 i1 b, d: {& M
. U9 B2 {0 \ {- R/ {! Z安装软件包
0 O# \$ r% F# R7 Q: t$ H3 A' ?* }" p4 c' @' P
dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup
8 `, {2 y( s# q3 \配置lvm卷组
! `7 l: k9 c6 c! {/ h# @7 H
$ y. Y/ o7 H: a) B5 J) @- @pvcreate /dev/sdb
x% L2 N% U& i. y/ f: wvgcreate cinder-volumes /dev/sdb$ i) c. f) P# I8 Z* u
修改cinder配置/etc/cinder/cinder.conf( y. d8 k1 d7 q+ G" E* F
) Z- o, F b [/ Q0 D
[DEFAULT]
% O6 I# S; v1 e9 ktransport_url = rabbit://openstack:RABBIT_PASS@controller
j% n& t, E- Pauth_strategy = keystone# x) f2 E& o, t' |9 I. A
my_ip = 192.168.16.4
7 t# G: e, e% o. ?6 V, k3 m/ b- ]enabled_backends = lvm! N p. F: b- U; z
glance_api_servers = http://controller:9292
6 M# o' h/ T4 M: T* j+ e' T- V) g) \% `% S; Z
[keystone_authtoken]' H+ d3 y9 L' w4 I
www_authenticate_uri = http://controller:5000
. o; g- J( I5 A: N2 d; Pauth_url = http://controller:50005 Q) r' E1 [+ [
memcached_servers = controller:112116 a o$ C8 T1 X' G
auth_type = password
! @6 a, ^9 H$ e& R8 I. Cproject_domain_name = default
9 [- l7 B/ x2 H/ e$ l8 J# muser_domain_name = default
9 S6 _3 J: x" f; Nproject_name = service
# ~* C5 ~9 b7 V4 f% h$ E0 d- ousername = cinder- {3 x0 z7 G' R9 I2 K0 P, I
password = CINDER_PASS
7 L9 {0 w- e! y6 A
7 R4 n, M/ _% s" W k7 U[database]
# E) A2 V) }) bconnection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
% z; z5 F. }' s& W9 c6 @7 u1 j$ T9 Q' h( T
[lvm]
4 }- Q9 n. J* Q( r8 ?0 s0 [4 {/ zvolume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver7 ?) |9 F% x4 o% D9 E1 u9 L- U
volume_group = cinder-volumes( K) n' z. L x& ~' t- ^6 I0 e
target_protocol = iscsi6 w6 U; X) ^8 e2 Z' o; M
target_helper = lioadm
+ R! M" l& v2 s- }/ J- x" s* S+ r- u @6 z' M9 g J2 v
[oslo_concurrency]+ G9 o5 V5 V5 J0 O" _1 `
lock_path = /var/lib/cinder/tmp& h) k0 D7 E) r
配置cinder backup (可选)( j6 U+ S8 U% g Q" y+ p
( C, A2 L; m& T# S( x- F5 p* D
cinder-backup是可选的备份服务,cinder同样支持很多种备份后端,本文使用swift存储,如果您想使用如NFS等后端,请自行配置,例如可以参考OpenStack官方文档对NFS的配置说明。
/ Z; @* n+ x) D& i( Z9 G" _9 O: ~, |. N
修改/etc/cinder/cinder.conf,在[DEFAULT]中新增" ]8 P" `# ] S4 T7 w+ J1 [! D
( Z1 V z) c% X' L9 |
[DEFAULT]
" H* p$ ]% h0 g' |/ z; ]backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver! H4 F% d- t% ]- [2 H" e3 |
backup_swift_url = SWIFT_URL! \4 i/ N* h; ]! g! a: j' z; G: ?3 F
这里的SWIFT_URL是指环境中swift服务的URL,在部署完swift服务后,执行openstack catalog show object-store命令获取。
) |7 M! I: d5 c% r& q7 \1 {( f" |5 F+ C! s3 F4 F- e+ m
启动服务
, I4 v4 ^6 ?- T+ N x: ?
5 s+ G, @% N: K, c3 ^4 hsystemctl start openstack-cinder-volume target) e o5 L2 _5 ~) G3 f0 M
systemctl start openstack-cinder-backup (可选)
" @0 H( [; j9 A+ \2 q至此,Cinder服务的部署已全部完成,可以在controller通过以下命令进行简单的验证/ B3 a' N4 W: I5 H
7 \; Z7 D# C! `5 |5 K4 o. M- C
source ~/.admin-openrc
- m" U2 j) G W4 t8 m9 eopenstack storage service list
" p2 Z9 ^! N _8 Y8 Oopenstack volume list
& V; _7 `! C* ^) I$ GHorizon¶
Z7 L2 \5 V- J5 qHorizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。
5 c: s, I: h0 i6 _+ l9 e5 Z- @, \1 }* y! _& N% g0 ]) V0 e
安装软件包, m: _) w* A) t$ D4 ^
6 I3 i+ I! F! h# b" L$ @2 v. f+ N
dnf install openstack-dashboard
- Z' j6 t: G, [2 W: P9 l( i; M7 b! e* i修改配置文件/etc/openstack-dashboard/local_settings! h1 J% R3 w9 M1 K) g @
) X, [! o9 l3 }3 W; q: m" [4 O
OPENSTACK_HOST = "controller"
9 n: o& M3 `- U4 Y8 i7 PALLOWED_HOSTS = ['*', ]) r! r4 ^* e9 e b5 ^! P; X
OPENSTACK_KEYSTONE_URL = "http://controller:5000/v3"
, b% D1 V) E9 L* C$ H% iSESSION_ENGINE = 'django.contrib.sessions.backends.cache'5 G7 f8 f! Q" p0 _% _" z2 Z
CACHES = {
" A; K" d! w( D7 i( \& Q% V'default': {
) q9 D6 q+ b9 q7 d, \% F 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
0 W9 Y* }& y b. u: U) ^" y5 k 'LOCATION': 'controller:11211',
0 B7 H! ~5 h" c- H3 X }
! U/ {! p; ~! n) z$ |' G}
. b3 ^; [: m% U g7 j0 \OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
3 s2 S9 x4 m+ V2 DOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
; R" H7 E6 x7 t+ ~- zOPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
8 @2 Y, ^0 x: E+ H& D z4 }0 vWEBROOT = '/dashboard'
9 e8 j( c8 z1 a+ r2 C( _3 SPOLICY_FILES_PATH = "/etc/openstack-dashboard"6 U' e, _* Y( a" Q4 p: X- Y% V
' U- Z- i% W$ \1 a. K; hOPENSTACK_API_VERSIONS = {5 I. I, e) W3 J$ V+ q
"identity": 3,+ ]3 ?4 ]+ |% n; q4 z; l5 U
"image": 2,
# @" c$ J" k' D0 B3 P5 z' u "volume": 3,! l2 y4 J- b" g4 F
}
8 M. j- c ?: Z3 A, m, b& T重启服务4 l' s' ?# R; `3 I# N- I6 @
, F2 |2 x7 b0 z( @systemctl restart httpd+ G# z+ E* F& d" }
至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.16.2/dashboard,打开horizon登录页面。. v6 c- {6 Z( p
, G. }* B, i7 h( ]$ W |
|
发表于 2025-3-16 22:32:36