- 积分
- 16844
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
在正式部署之前,需要对每个节点做如下配置和检查:7 l6 z u$ |) Z- J
! a; K& ?0 y( }- ~
配置 |openEuler 24.03 LTS SP1 官方 yum 源,需要启用 EPOL 软件仓以支持 openstack/ a! m Y+ f0 M! r
! @6 {# x) H9 n! B( Q( Gyum update+ w8 k- n6 l8 i' ` e$ U
yum install openstack-release-antelope8 U6 c5 v1 W+ O3 ]! f/ ]4 P) u
yum clean all && yum makecache; `% g% a4 D L. I# j
注意:如果你的环境的YUM源没有启用EPOL,需要同时配置EPOL,确保EPOL已配置,如下所示。
7 a7 ]8 }: X, P( L6 g c s2 R# `, P; T3 U8 @* Y [
vi /etc/yum.repos.d/openEuler.repo. Y/ V2 F O t( o4 A
$ m6 n% l: q/ i# Y6 T3 n[EPOL]1 M9 L, Y: K ?2 I8 g6 g0 P
name=EPOL
9 W9 ] s/ t5 l) o+ \1 t0 ubaseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/& i( Z3 }1 k, w# O2 k; A9 W* o
enabled=1
5 I% m: o; D, hgpgcheck=1
- m) ]& L6 i6 X, \+ {/ Bgpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler; i2 W, ~9 ^1 x0 [! d/ w2 B
7 L8 I' K) O5 x3 M: `! Q9 [- I8 u( f
修改主机名以及映射
R5 G8 N2 H, ~6 Z3 S5 L% `& N/ ]1 b: B! q
每个节点分别修改主机名,以controller为例:1 p+ c5 D6 x" U! M; C% b
1 Q! \( l v9 s* R( U
hostnamectl set-hostname controller1 L* Q! a; @; s0 v2 ?% M# \
* V" r) ^9 H& O# c) E. g
vi /etc/hostname1 v. h# X3 O4 q G6 s+ f. Y
内容修改为controller4 T ]. \$ }$ T! @2 w% i& g
然后修改每个节点的/etc/hosts文件,新增如下内容:
! e% E% @" I6 ^* k* b- F5 o* Z4 P: Y+ C
192.168.16.2 controller
) L" d( z6 ^3 C" E$ ~, D192.168.16.3 compute1; u) A" H$ s3 b/ r T
192.168.16.4 compute24 ^5 Y" y1 ?0 n: w4 I2 Z( U
时钟同步¶
4 y" w" H: |3 A) S. Z集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证。本文使用chrony软件。步骤如下:4 R/ K$ @, ~( J6 O. C
4 u3 t& G- g* W- A; ?Controller节点:" j: q- {0 g& A. \/ e
+ j, n: }( J3 v
安装服务! f% \4 V. m0 m7 w
dnf install chrony
- W9 n- }5 ~% t- ^; Q, b1 `修改/etc/chrony.conf配置文件,新增一行
: N$ e2 V- d& g$ s7 v3 u. m# 表示允许哪些IP从本节点同步时钟0 n/ `- \3 N! n3 m+ D+ Z: y
allow 192.168.16.0/24% n6 e" G" i7 S
重启服务
% T/ L6 L7 J0 l* Dsystemctl restart chronyd. K8 f/ ]5 \% r: Y5 O/ l
其他节点
+ V2 ^, [( m% T* }5 M1 b. ?) v2 H1 o6 ?* A0 `0 l0 w
安装服务
0 @4 \& s! }6 u; M. ?8 q. y9 K- \4 L9 A/ N6 w+ p7 n! ]0 i
dnf install chrony
) s8 r8 N0 ^( f3 y. |5 J# t修改/etc/chrony.conf配置文件,新增一行
0 w- c: A9 H0 Y2 \$ f H
+ d- }4 O. `. T( p# NTP_SERVER是controller IP,表示从这个机器获取时间,这里我们填192.168.16.2,或者在`/etc/hosts`里配置好的controller名字即可。7 G" Y% p. W5 R2 S* B3 ]3 K: i
server controller iburst
% R# d: C! X5 I& L# x% \同时,要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。- k7 F; O+ F. T, w! W& s
' A3 z' ~( g+ i! E; _8 d8 \重启服务
/ o! e9 @9 ?5 v9 ^! g9 W @; t( b+ G y( @+ W
systemctl restart chronyd. k1 p/ Q+ K- z6 m4 r
配置完成后,检查一下结果,在其他非controller节点执行chronyc sources,返回结果类似如下内容,表示成功从controller同步时钟。
5 b+ U) F c, Y* N3 F* `2 ~) |/ B' M' d0 A: x$ \
MS Name/IP address Stratum Poll Reach LastRx Last sample" ^3 I" A/ }& e+ v! R+ W: m. j) m& N
===============================================================================* L/ r; C& `/ c% `+ y& X
^* 192.168.16.2 4 6 7 0 -1406ns[ +55us] +/- 16ms
$ [. `! L' F6 `- e1 g: C6 K安装数据库¶0 y" W9 w8 a9 y8 X! f5 L4 F* S
数据库安装在控制节点,这里推荐使用mariadb。
x0 C) \! f0 q, M( x
; B6 s7 p: q6 |! Z8 \安装软件包
' z8 z. ?3 D+ V+ X4 H
8 O5 m, N3 V3 b( R9 Qdnf install mysql-config mariadb mariadb-server python3-PyMySQL9 \/ c- k0 @! }% A- ?% D! i! F
新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下8 K2 o" J4 y5 h6 f1 `1 a9 x% O
9 w4 ]* M# T7 S. T- M
[mysqld]" l! a% e9 x7 V) c% z
bind-address = 192.168.16.2* N' W# y% P" C
default-storage-engine = innodb& K0 h) ?; \2 A' f! F
innodb_file_per_table = on5 s: T, x$ t6 _7 H+ d4 O$ K
max_connections = 4096
7 G% N k8 d: V* L3 h8 zcollation-server = utf8_general_ci
_( U; ]0 Z, V$ ~character-set-server = utf8
) k$ N8 H& x6 U3 c- b8 [启动服务器
$ I4 j& k' K6 |0 w7 _ Q, H
6 @* V9 _2 _. c: M7 E" z' Vsystemctl start mariadb k3 b! o% j& U9 ~2 `
初始化数据库,根据提示进行即可
. c2 v; l% S8 |+ N& m, ` s
# i J. q' Y/ \4 `mysql_secure_installation* X1 {+ t K( {& V! } X- I
示例如下:! `7 x* m! K9 f
% O( P6 z9 |/ }3 I2 pNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
+ [5 h( q* u: J$ f5 {1 k3 h/ u2 z1 ] SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!! w+ ?# z3 d: C$ g9 j; J8 I' Q8 G
3 z( q' l7 H9 q/ S4 c4 g
In order to log into MariaDB to secure it, we'll need the current
6 ?+ M( i* R3 B! Ipassword for the root user. If you've just installed MariaDB, and
* U: Y0 R8 G, h0 Khaven't set the root password yet, you should just press enter here.
) U5 _! M7 [ y# k# C& y
) K& A! J% b/ x: V9 @' b- nEnter current password for root (enter for none):
3 f8 a6 @( y& p& q+ Z
$ ]. v" a& I3 R @#这里输入密码,由于我们是初始化DB,直接回车就行% G- g( |/ {3 i3 d% Q; L
4 N* U, s2 l' [+ n4 y1 u
OK, successfully used password, moving on...
( e% L( t1 w$ T
& N( Z% x: Q/ v! C8 }* V- NSetting the root password or using the unix_socket ensures that nobody$ Y; \4 _# o8 x; F" ]) m
can log into the MariaDB root user without the proper authorisation.9 w9 {5 }' g1 Z9 ]
/ E4 j+ d% g4 w c- z
You already have your root account protected, so you can safely answer 'n'.
/ e2 W. g; \" c' {+ t1 t6 }3 L Y5 Q: S* P# Y G
# 这里根据提示输入N! [+ S1 z+ S2 I! O, `$ w$ M$ S
+ z+ q9 } t, H0 T. ^/ o
Switch to unix_socket authentication [Y/n] N1 a) `7 {8 M- ~5 k# N$ a2 o
- g0 H P* }2 F, A& }Enabled successfully!5 k; A' S' D0 F. ?* o* k& X
Reloading privilege tables..& }1 Y6 {5 X6 i0 y
... Success!* M* l" f. L) I/ q, d% ^& I
: [. y6 x& m8 O( G. U$ M4 f
$ Q, k* l l4 p
You already have your root account protected, so you can safely answer 'n'.& ~ v- k/ F% R0 U
* S; _. w% o- a ?+ f
# 输入Y,修改密码3 U" I6 |2 W' B) p/ [
Q) Y6 w- F6 z5 o2 M% PChange the root password? [Y/n] Y: A9 T, v; T: g- L) Z: {4 l
4 T8 @* _1 l+ M" O8 }3 L6 i* P3 I
New password: 3 Y: I1 Q5 v! N6 \6 v* m
Re-enter new password: 9 N3 u9 h( t6 d q& A9 w
Password updated successfully!
6 P/ g/ p9 j V2 W9 G; c, KReloading privilege tables..$ ~# ^. N; m6 F: n4 \( b
... Success!
' |/ ]- @: }) }; Q/ k+ J: }
+ u4 _- Q6 B! |* b( o& Y( f- Q9 j) s; m0 z9 {
By default, a MariaDB installation has an anonymous user, allowing anyone: O! i) I$ G* I" `1 s( q
to log into MariaDB without having to have a user account created for8 P# L: a) ?; b K
them. This is intended only for testing, and to make the installation
7 \6 X+ H' |+ A+ kgo a bit smoother. You should remove them before moving into a
! m _6 O+ I: l: e' S* D( Iproduction environment.
/ o) h+ J9 {& x1 ^; u
5 Y" G7 q! N! f% p# 输入Y,删除匿名用户
- |& n7 S+ S( }* M
# H. w) H5 F: Z2 L nRemove anonymous users? [Y/n] Y
* L, `' K3 |9 Q& S) Z8 f... Success!9 {/ H9 o4 {3 o
$ A/ o9 Q* @+ e1 `4 ~
Normally, root should only be allowed to connect from 'localhost'. This, W2 p: }0 i/ g
ensures that someone cannot guess at the root password from the network.
$ G: ~: P1 F1 R3 a+ l' b6 T! C v( H2 I+ M( Y- L+ b: C
# 输入Y,关闭root远程登录权限
4 {. w5 U5 e- w1 ?
' g2 N9 H7 ]" DDisallow root login remotely? [Y/n] Y1 D8 l4 `9 [9 A. a' `! M, r
... Success!
. e' L J7 D+ K/ J; Q; ?
; I1 s+ O( k( ]By default, MariaDB comes with a database named 'test' that anyone can" O p7 N; r& r; s! y3 s
access. This is also intended only for testing, and should be removed
I; o4 u, C- nbefore moving into a production environment.
: J( X0 }5 I. \* V6 S' a, t
* l8 }0 N9 d5 }: T7 i3 {# 输入Y,删除test数据库
, G2 q- e! b' H4 m& X
0 q& {' _# q. c1 b* k! CRemove test database and access to it? [Y/n] Y4 T) F" I' |* h1 a+ z4 J: I
- Dropping test database...2 C+ @7 N/ N+ y, N2 Y3 C' V1 ?
... Success!3 B" h4 n0 ]' Z4 d
- Removing privileges on test database...
5 O; @* r" C) ?# ~... Success!- G9 t+ P. x" B) E# f2 {/ Q, L
2 L( J+ R* E/ C* X/ }1 M4 u! G$ GReloading the privilege tables will ensure that all changes made so far1 U# d! V+ Z5 @! X( Z. L! R4 D- m
will take effect immediately.! H- r# {6 a n6 k8 H: l
) z) h: A) s# G3 d+ }3 } g! s" S8 }2 ?
# 输入Y,重载配置
7 q' n l6 h" t. h% k/ x" t
; d V( A6 D: ?* UReload privilege tables now? [Y/n] Y
6 t5 ?; A. ?! n' [4 f6 U, c" h+ l... Success!
- t* }8 y' Z1 Q$ u, f7 I( L9 M2 H2 P" c# w3 ?
Cleaning up...9 v+ D w( Z1 g
& i/ T3 ]1 C3 nAll done! If you've completed all of the above steps, your MariaDB
/ H; I; q+ m, q2 B# d! e; b( ^9 Cinstallation should now be secure.7 t# B, x! R) b
验证,根据第四步设置的密码,检查是否能登录mariadb2 O+ V) M! U d9 D2 g% h/ D
/ E2 K: b& S0 m) k
mysql -uroot -p
) C& L. C$ b+ d6 y即可直接登录数据库! o. R% e6 d0 E% z
) ?7 w C, T; J
安装消息队列¶* D! T& F; L9 a5 B( Z Q& W; M
消息队列安装在控制节点,这里推荐使用rabbitmq。: T4 D" d1 v9 u
- D: C. ^$ z! \" K. p. x; F& v" H" |3 }安装软件包
# u+ d' u6 _8 `+ Y) k2 d c0 c2 u! adnf install rabbitmq-server: W) V& ?5 q: a2 N- v
启动服务( {$ c. {4 i- ]0 P
systemctl start rabbitmq-server/ ~0 x% C/ {9 I5 q& F3 s; p
配置openstack用户,RABBIT_PASS是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。
9 C( y6 Y# w. w7 m# Wrabbitmqctl add_user openstack RABBIT_PASS! y. |. X- e6 `$ A! [( m. Y
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
& X8 f5 Q0 L N5 K. z安装缓存服务¶ R% k' c2 `# k" z
消息队列安装在控制节点,这里推荐使用Memcached。
4 q5 K& g3 H( o( f* n7 i- |5 X( V& y3 q% ]
安装软件包
' X. ~/ z: k4 K% Q$ v% T, Ddnf install memcached python3-memcached
9 p7 c/ d5 T I$ ^8 d5 W修改配置文件/etc/sysconfig/memcached
/ M Z8 X1 T! kOPTIONS="-l 0.0.0.0,::1,controller"' D n6 p" ?" |: O2 Y6 J8 E" h
启动服务
3 y* q4 |) r7 H; Q0 O7 N$ U1 Csystemctl start memcached, ?( E p6 q% A: a* p9 ]# o
部署服务¶. n5 A! `- u F6 P& ~- G$ ]9 _
Keystone¶
8 N/ `5 E9 m$ ? w. KKeystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。
& s" }/ x3 u* B& H L, ?2 S% t, K* n! }; w7 `, L8 A2 X
创建 keystone 数据库并授权
: S1 X) f) k6 G7 S
2 X( Z3 y E7 \mysql -u root -p& P! K/ ?. I3 f$ k8 C- p: n( ?7 k
' h; I4 A/ j- D9 _# R; WMariaDB [(none)]> CREATE DATABASE keystone;0 \# [0 U4 q. Q/ z) H% `; m& C9 S
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
; z }$ h# Z: I$ x: m4 P0 Z [IDENTIFIED BY 'KEYSTONE_DBPASS';7 N, w8 Z8 \6 G# f7 O
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
: `% b: J% o3 P" |+ L1 P# e [9 LIDENTIFIED BY 'KEYSTONE_DBPASS';
) Q: G' G( S/ {7 B& I8 G( zMariaDB [(none)]> exit
8 V+ D1 s+ S; {9 l$ T6 M注意4 W$ [& j5 v# l! V4 T7 i
" w5 ]! g! r0 b4 g
替换 KEYSTONE_DBPASS,为 Keystone 数据库设置的密码 (一般可用opessl 或者uuidgen方式生产复杂密码)" }: i' F7 E" X! P
# f1 m+ k5 E+ j安装软件包 p! W3 T, m5 r' W2 V
: Z" x9 d0 v- d& U- N& I1 K& Y
dnf install openstack-keystone httpd mod_wsgi 3 M8 e& P- Y ^' X! \6 g) K8 r
配置keystone相关配置
* n4 o) Y, L2 V; V' O& L! [/ ~2 [; Y8 _7 e' \# X
vim /etc/keystone/keystone.conf
, M* }2 |% O: G8 a; ~2 x' W H5 {4 n+ ?8 [
[database]
0 T* ~5 h- o7 tconnection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
3 j1 I6 s- A" s% T/ z5 y1 _# p3 K$ q0 t; W6 V b
[token]" U" T5 d- L# n( W
provider = fernet3 a5 z7 |, E+ s; z' v4 Y0 W( T
- k3 O: y: {5 z$ _" t1 Z x( N, ~4 f/ O$ U' h
解释8 M+ W6 ]: I7 U# H+ f9 I5 U6 s
9 Z' Q6 ~% _& b8 g2 H[database]
2 H3 [/ |" U3 [- T部分,配置数据库入口1 p) E& t/ t+ E0 @" J" D6 |8 l
3 T% f# Z$ ], s j' O; @
[token]
! H: H( d( J3 l7 A部分,配置token provider9 m1 Q& \' |" L5 R: X3 p3 ~/ O4 ^
8 L! |+ w4 W m8 w, }
0 @2 I9 I8 ?* W9 ^9 D. c同步keystone数据库" F( l8 B" E, w5 [' |& b
9 W8 ]6 ]4 R1 k. A9 k' Wsu -s /bin/sh -c "keystone-manage db_sync" keystone
, n8 O# l/ n5 Z) k
- s5 K, C4 f6 j初始化Fernet密钥仓库* {0 I( x( Z' B2 C, K+ W% B
* e+ U& ]+ Q. `3 v5 U6 [7 ckeystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
6 I5 J0 D5 ~7 f$ i' ckeystone-manage credential_setup --keystone-user keystone --keystone-group keystone/ y( K. g; Q9 G/ H% s$ S
* D( h* Z5 u, z, T5 H$ |0 F4 m
启动服务
& \2 I* `) Q6 h% Q2 H o* x这两种方式都可以:, P' q3 @- i2 n! A$ X, J0 A
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
$ H& g8 q' W/ w& ]3 f4 c2 j i6 f" F7 v% e" j
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000 --bootstrap-internal-url http://controller:5000 --bootstrap-public-url http://controller:5000 --bootstrap-region-id RegionOne$ M. p1 ~% M1 u7 @ {
注意, t v" f! F% G8 V8 z o
6 ^" _# _' l( N& z) a
替换 ADMIN_PASS,为 admin 用户设置密码
0 [( @8 ?( _* z+ n
$ w7 @4 u' D$ G0 ~: S配置Apache HTTP server1 ^) B/ b+ Z* n# t1 |, F
3 C, Q6 s: a! u# N( b( v9 K打开httpd.conf并配置# ^7 x6 H5 `) `' h. J3 y) }
; I, e& N9 e6 Q#需要修改的配置文件路径* i7 u: ~ w$ P5 o2 p$ t
vim /etc/httpd/conf/httpd.conf
" R" ]- ?, i M+ j* E. N$ Y6 Q. g& v- J$ n0 }
#修改以下项,如果没有则新添加
) ~" k. y/ U s. [# g6 B9 z6 X6 ~ServerName controller
% x; W( ]" P; x创建软链接# J' k5 [) a/ @' V& v) W I" ?: a
* _& {; Y, n( Z2 j, b+ {
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/* C% f. k8 H, W2 j
解释: e4 U6 M# G: R# U% h
3 g! @; z* k0 {5 f, h0 g6 N
配置 ServerName 项引用控制节点8 Y% ]' B6 V& B$ A9 f
, W, g' h E1 E6 [1 N; ?注意 如果 ServerName 项不存在则需要创建
- l4 ^ l7 G$ s# N2 N3 K! \$ A- O1 I% | a, {% W& X/ t: i
启动Apache HTTP服务
% H7 z2 C4 W* z8 G
# F9 ~# r% r2 k8 osystemctl enable httpd.service; b0 i" C5 ]7 T6 h3 e" F
systemctl start httpd.service
" b3 Q! c5 Z, y+ u创建环境变量配置
8 d) d( t* N6 p" N" ]/ w
" X3 C! i% K$ V8 o$ q! Zcat << EOF >> .admin-openrc5 q$ @' `2 }. _0 d5 b" p% O+ T
export OS_PROJECT_DOMAIN_NAME=Default
) h7 T$ d" u4 P8 s F1 B: w: qexport OS_USER_DOMAIN_NAME=Default
7 ]0 g2 E x, r/ y4 _& t! l6 Fexport OS_PROJECT_NAME=admin
b: |& b2 e5 b" A, rexport OS_USERNAME=admin
, e; V) l1 M6 h* h: {export OS_PASSWORD=ADMIN_PASS
$ R# E0 c% \) Q& h( q, Kexport OS_AUTH_URL=http://controller:5000/v3
" J' A' ]# i dexport OS_IDENTITY_API_VERSION=3
9 e' h7 O7 ]4 z- {4 l+ \- B6 Pexport OS_IMAGE_API_VERSION=2
; ^# _$ h7 I7 \ C( c2 |EOF9 e1 l: I n$ o- m
9 j" r$ G* o, l$ u/ S5 O3 ^' C4 c
注意
1 R( E5 Z8 e4 k* l& [1 }; L- Z. d9 a9 c& s) d, M% j
替换 ADMIN_PASS 为 admin 用户的密码
9 N1 _/ ~5 R/ i2 I' A! M0 J; c$ n% Z* b
依次创建domain, projects, users, roles
# u) J2 U- A+ @ z: L
' f" W$ i/ i7 ^ |2 f# m) j9 Y# x1 N( g' h8 J+ K2 R% W
需要先安装python3-openstackclient
2 d, e2 G( W2 R* q! W( l6 h
5 o& g5 b5 }( Y" h pdnf install python3-openstackclient! A7 A, I/ @6 U4 B2 |( Y
L* T( F8 J8 m& G+ O( C
导入环境变量
2 R$ D5 l; h6 t6 D- T1 m2 i, g5 o. i1 q3 B
source ~/.admin-openrc3 ^5 h1 e! r" S
创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建; S- x( J3 [# h% T# X
) z2 {$ ^: d5 Lopenstack domain create --description "An Example Domain" example* ?6 N9 e5 @/ f
4 T% b$ x' {+ I( I
openstack project create --domain default --description "Service Project" service1 K3 S1 g H6 b9 T
9 V9 ?& |# A, `) F- M' d' d创建(non-admin)project myproject,user myuser 和 role myrole,为 myproject 和 myuser 添加角色myrole
+ U2 O7 r3 X% ], _: Y" H% L! {. n$ @9 L! W- I) d, J
openstack project create --domain default --description "Demo Project" demo! K+ x- S5 b# I+ B% F0 e4 n. P) D
9 B0 O U& @* Q' lopenstack user create --domain default --password-prompt demo
$ W3 {$ P1 m6 x- e! V& q; ~openstack role create demo
" O" J- n8 j9 u6 X* c8 mopenstack role add --project admin --user demo demo v2 a0 r: s+ W: ]+ l# o
验证
* a) v a+ P; c7 L. j# D) b3 q7 t- k
取消临时环境变量OS_AUTH_URL和OS_PASSWORD:
! h8 @( m" y: z7 _& B5 ] Q( X% r* O
source .admin-openrc5 w2 S% L1 O1 F' ?
unset OS_AUTH_URL OS_PASSWORD
# Z% J# ~4 L3 r k6 @7 `7 o为admin用户请求token:8 c) R, Y; H8 V: X0 C
! z1 M3 R& r% F" K) T
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
& y! U7 ?- X/ d# [6 F
- a( p- Q9 @ p j为myuser用户请求token:1 C/ I9 h B, i) H' w+ R
7 C; o" h* D9 \1 o* `* K- L8 Q# O" [
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
2 P) a; ?' ?- i8 g; ` H' }6 U6 m3 d9 E- x: z' S! X |. `- ]
安装Glance¶
' O G2 r0 ?* z# J. H6 qGlance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。
- h2 O& a2 D+ K$ j# a& {( e2 c. h
8 V$ g' N7 J1 v2 {" I. RController节点:
! _/ X* {' `' i: \) G
1 |' n, p M& Z6 I* q8 r" E创建 glance 数据库并授权- Z; F3 p, a" _9 C4 w) n& ]9 m
' S6 }: }" L! }& z9 [! h
mysql -u root -p
$ a4 J) g( A4 Z; E6 e0 p4 |& k9 A1 n2 ]9 v2 H E
MariaDB [(none)]> CREATE DATABASE glance;
( Q9 ^, Q0 c* c; YMariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
0 B: y! l5 ?$ {+ [ O# \IDENTIFIED BY 'GLANCE_DBPASS';7 S7 W, n5 k0 M8 N2 v3 c
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \8 H7 w) t+ D g
IDENTIFIED BY 'GLANCE_DBPASS';6 N0 L& V8 Z& Z3 _2 }1 B, H4 I
MariaDB [(none)]> exit
- [7 `! o) Q4 I2 t$ a3 R注意:
( f5 C# Y) J. d3 h0 T- |
% Y S( a3 C( k2 b替换 GLANCE_DBPASS,为 glance 数据库设置密码2 w) P- [; c" s
. K7 }4 _" b" C. g. n" V
初始化 glance 资源对象7 ~+ I/ D8 Q( {: N1 e( s
: H& d. H7 V' l, F, b导入环境变量
0 s) P# m7 t W5 o. K' s2 u* Q$ w& o$ I: t3 {* |- i
source ~/.admin-openrc
9 E3 B* E, E* D' d4 [( |5 l+ \创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到GLANCE_PASS的地方替换成该密码即可。
, |6 o' I2 H. j1 ~5 ]7 {0 _0 V
: Y' F+ R* H& a0 [& r+ ~; _openstack user create --domain default --password-prompt glance" e+ T3 ^1 K1 f9 S: g1 q8 t3 j6 z
User Password:
( A3 W5 S* l1 [, L+ D) C6 `Repeat User Password:
3 y' w; z3 \8 z$ \. t) o( m5 J添加glance用户到service project并指定admin角色:; ^" G' q& n0 b$ N9 D4 F y, S
+ C/ n& a, w, h$ W# j' mopenstack role add --project service --user glance admin
2 c+ \( R$ e2 l创建glance服务实体:; c( w, ]: y# m- j
( e+ v( g) g3 B9 [7 O
openstack service create --name glance --description "OpenStack Image" image
) B" @9 X7 |# z- H( W/ I. g. I创建glance API服务:! q( R4 K6 ^& ?; B( r
! r1 k0 b R& }: f9 d# a2 w
openstack endpoint create --region RegionOne image public http://controller:92920 h" j( [. h$ z, O- h
openstack endpoint create --region RegionOne image internal http://controller:9292
" ^6 l: f& \& K C1 m/ Popenstack endpoint create --region RegionOne image admin http://controller:9292
7 f4 k: m6 i% M2 B9 d+ }安装软件包
4 O6 @( P. }6 [0 z9 T0 A
0 u2 e; W& v) A8 v2 M8 C5 _ T" Ednf install openstack-glance
) Z! X4 i: Q, F) f, a5 Z. ^修改 glance 配置文件! W. n: n+ |) Y S2 t l2 ^( I
( ^; u, n) j" yvim /etc/glance/glance-api.conf
, I0 i. ~; ?' o9 R0 L- X. y2 \ _& J4 Y% t% `. C6 l
[database]/ s4 [ B$ R! [5 Z5 {7 \
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance6 A# b8 \. }9 U
8 f' e: `, c! G- Y- T L[keystone_authtoken]9 q2 K) X. y: e2 }9 c- b
www_authenticate_uri = http://controller:5000
9 n5 V+ Y2 B) V9 f1 r! ^5 oauth_url = http://controller:5000, x, ~% z7 r2 b5 J$ B
memcached_servers = controller:11211
6 W0 x# ~0 G$ M2 z2 K* Vauth_type = password
- i: Q$ P2 n- s5 d6 }3 yproject_domain_name = Default
- z- K. [5 t& ^2 t% [user_domain_name = Default: b5 i' @& E3 @* m5 m0 d9 j% v
project_name = service
( M9 K& v$ m+ T- k" x, Nusername = glance
f' {' _3 p; P2 V3 _( w# g. kpassword = GLANCE_PASS
! q4 p/ z; v3 F
4 W. u8 c- ]& B! K4 a' C% E[paste_deploy]
: `; Q1 ?# X. T4 r$ b: W4 hflavor = keystone: P/ c) {# u, x
. d& Z! ~. d5 j* f, u[glance_store]
2 w) f7 Q! R+ D S: G, \stores = file,http
$ z7 V. V9 x, U$ Hdefault_store = file
6 o9 ]. |: ~9 _ ]4 D6 w( Xfilesystem_store_datadir = /var/lib/glance/images/
& z- g+ J G3 o7 E3 i6 D6 f7 W5 U解释:
& |2 D+ u7 q/ j* Y! i o1 n1 p1 Y/ g$ p% u, n0 A
[database]部分,配置数据库入口
* U' E/ t5 X. o* c0 q
; K8 l/ k1 e6 A1 B[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
; \8 z" \9 @$ K; h# k% ^! |1 Y9 g+ R/ q: R0 S) @- e/ s
[glance_store]部分,配置本地文件系统存储和镜像文件的位置9 Y; U& }6 o; |) H3 E: A2 ^
' u, s8 u: c' ]; `同步数据库
- N7 v" R+ I3 t1 K) s
+ j" Q) N, y4 l) a! w) `1 Lsu -s /bin/sh -c "glance-manage db_sync" glance: V- v) l+ x. F% |
启动服务:
& I2 y8 I' `6 f ^7 x a9 A
6 }% j3 _' o5 I/ B6 D9 f9 ?% bsystemctl enable openstack-glance-api.service+ C$ q6 l, s# G& J7 t) A
systemctl start openstack-glance-api.service( [$ b* j6 g7 ^! v2 b2 S4 h
验证
: |- Y, G! V: @6 n# _
, V' i- {6 `/ Y4 S导入环境变量
; e2 B# n- B0 I) w: r, ?2 ~$ j( C) O E3 l+ G3 @2 R
sorce .admin-openrcu" J. L$ ^" x$ b
下载镜像
$ D F, |* ?, T+ y" {- ?- ^
4 |; W# r( ^& m7 N/ _) Px86镜像下载:
0 T6 t: d% `5 F( Qwget http://download.cirros-cloud.net ... 5.2-x86_64-disk.img: {9 l" _- f: d3 M: o
4 m( b% z b5 s# t( e
arm镜像下载:4 r4 X; K H" I! ]+ [$ a# m6 Y
wget http://download.cirros-cloud.net ... .2-aarch64-disk.img
' @; W8 _) t7 s( i9 x( w: L% L& n! x注意, F7 S% R9 F6 _9 j
& @0 {" o% Y- N! n" L2 H如果您使用的环境是鲲鹏架构,请下载aarch64版本的镜像;已对镜像cirros-0.5.2-aarch64-disk.img进行测试。) m) e3 Z8 J$ T$ c5 U$ ~* g1 ]7 P3 b
* h3 z) ~! r8 h3 `
向Image服务上传镜像:
1 t, A# o6 X! m. A
9 g- s2 W1 c2 \; B! ^- x1 Kopenstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.2-x86_64-disk.img --public cirros
. H! u) O5 U# C确认镜像上传并验证属性:
& ]9 A1 ]0 v& n' U. z0 J
1 g6 Y5 t4 b: F6 W1 X2 ]4 Copenstack image list% h3 M3 [5 W+ P) k& x
) _3 c3 u" W9 v8 p* O% ?
" t& D7 U1 u2 y: ?' T/ r* u5 o
Placement¶
' n) Z1 }5 i) N ZPlacement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。/ Y+ r0 Q% j4 s& q$ v8 p
) Q2 m. O( U f" C q s9 ?5 l
安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。
: {* S X$ G# A. Y. o% `. v3 {( E9 a1 t, N0 }3 f, o$ _( [7 U
创建数据库$ a( c) L9 f( r4 Y. o% ] @
# b& g; u3 o( r2 n. s
使用root用户访问数据库服务:+ ~) O+ G: B% b1 g) A7 x, a7 \
8 a, m# x! T3 f9 Emysql -u root -p
7 f6 W- Y% A* k$ r7 O( V创建placement数据库: E6 h, c; G9 D" q% T4 o
2 }1 \9 @; f& z# b4 ?6 y9 H4 aMariaDB [(none)]> CREATE DATABASE placement;
( G: S- T x- F* U2 i授权数据库访问:
" d# q) F5 l" G, p; d3 y
5 V2 W1 r* k* a& y& t. F& g: cMariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \# M, F9 G# i% |& u) k3 _
IDENTIFIED BY 'PLACEMENT_DBPASS';7 w9 D! B" J O9 t" M3 j/ A) l$ g
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \- w4 P5 b6 x' {; z R7 o$ P
IDENTIFIED BY 'PLACEMENT_DBPASS';; f; c, u& y9 D, a1 [. G" k
替换PLACEMENT_DBPASS为placement数据库访问密码。4 E. b- U2 z& k' C: P
; V9 }' m# L& K* E$ Y
退出数据库访问客户端:, \7 T6 V9 r& s" s7 d' `2 ]
- y6 g6 W: d. V' T% Lexit) i- Q+ r: |4 P( n1 l
配置用户和Endpoints
9 L; a% e1 k8 Q- _* O: q) d9 S k5 f/ ?0 e7 r2 k& Y1 r* y# {
source admin凭证,以获取admin命令行权限:
~/ ^3 D& {. n5 c; ~3 f/ e; q5 q. M' [+ x/ E' ]2 H0 i
source ~/.admin-openrc
& W2 `/ V& P4 R创建placement用户并设置用户密码:
/ K- A# ~! _7 x& y, ^# F9 ]1 N8 b0 K* F- Q5 I2 K' G6 r: j+ p
openstack user create --domain default --password-prompt placement0 T0 E, s, n1 X0 B' T
6 f$ S% ~' e6 g( j4 U
User Password: J0 e$ i+ g" Z3 @% ^
Repeat User Password:
2 F4 i* M' s: f! v9 l5 P1 W2 ?添加placement用户到service project并指定admin角色:( e/ p. Z3 T. o
: r; L5 d% }# F' Z2 @4 o2 C$ M4 c
openstack role add --project service --user placement admin
! f9 P6 g2 Q; e o/ m+ O: ~创建placement服务实体:
2 X& l! ~3 _6 G5 i6 F! h" r f7 p) P- z8 b9 y# S
openstack service create --name placement --description "Placement API" placement
4 X- o# u* s6 @ u" H5 g创建Placement API服务endpoints:
5 ~- O! H% ^( U3 j; e; @& f; j2 o; V1 T9 S& u k
openstack endpoint create --region RegionOne placement public http://controller:8778( s4 a' N v* I0 d+ _5 `1 K" [0 }) U
openstack endpoint create --region RegionOne placement internal http://controller:8778
& R$ u/ [% D; X# X0 sopenstack endpoint create --region RegionOne placement admin http://controller:8778% E$ M: D3 x) E9 B/ W V
安装及配置组件
) \: l; X4 e$ |$ k4 ~& K- L6 @
/ y, d, ~& E7 z! F ~3 i安装软件包:9 K4 K+ Q j9 `8 u6 \" w
. U; o" v) M& X( ], i: w5 n: Ydnf install openstack-placement-api
7 w+ y. D$ X7 u4 ^5 t编辑/etc/placement/placement.conf配置文件,完成如下操作:
5 q, S; S4 o+ J+ q9 u$ ~0 \; o% Z$ x8 R* ~7 {# }9 H( K, R4 T4 e; q
在[placement_database]部分,配置数据库入口:$ ?5 b% T$ d9 i( V0 A7 ~
. R4 w. E& X6 w, I+ i
[placement_database]
& T* G/ @2 u+ C3 rconnection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' A+ J& r2 R; l+ a
替换PLACEMENT_DBPASS为placement数据库的密码。
) V" t- e2 k+ l' |+ Q9 M0 ?+ S* r/ B3 C" T9 k
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
+ W2 _) x4 z1 f: \) K: s/ i$ E2 h0 S
& H" ]$ Q: f; n% z8 E( y[api]
3 L. V, x8 {. d" w# C% u& d/ Gauth_strategy = keystone
6 m- K1 X' P+ K# p: v% s( J& N( ^* l1 o5 y! n' l; f
[keystone_authtoken]1 K5 b' z- b; W9 W m
auth_url = http://controller:5000/v3/ e6 E" X7 {/ s: M6 ]
memcached_servers = controller:112117 m) m$ ]3 A# ~, _/ w# L
auth_type = password3 n- [5 A |2 i
project_domain_name = Default
, g2 j$ _$ _$ Y0 B5 B2 wuser_domain_name = Default' |) `6 {; i9 _( T5 G+ I
project_name = service2 `: m& Q4 o, K, Z. e% p5 ?) ?
username = placement: q7 q5 z& M$ r) }0 `
password = PLACEMENT_PASS6 f' R5 p! Y5 R; Y8 Q% U- L+ |
替换PLACEMENT_PASS为placement用户的密码。
* t/ ^9 M: t- o$ g* _9 W" h z$ ?% M
数据库同步,填充Placement数据库:& E% y3 I+ m2 k+ ]* U% E
1 _8 `' p. ?! B8 t4 ~su -s /bin/sh -c "placement-manage db sync" placement# l( O/ Y. r/ ?* A/ z
启动服务8 b* N( B% A: o6 Z
3 {% q- V( x Q2 I, d3 F* f重启httpd服务:. e, P/ ~: i$ L4 v( j! `* j
" v/ I& t6 y1 T, C
systemctl restart httpd
9 Y" F( V' o( T验证8 @ f( |& E( I! b( D
- w6 \; j% V6 ~& g; _$ {source admin凭证,以获取admin命令行权限
% h! r! W! n1 N4 N: S3 |
7 G. T- T0 N8 W3 q0 r: m9 [source .admin-openrc" M' h- q0 K- d! h5 e a+ e
执行状态检查:& m5 d' W6 o1 I7 B
: R- L4 F# ]" \$ V1 g3 {& bplacement-status upgrade check( H* _# d% Y; l1 o( w/ p
+----------------------------------------------------------------------+: M* K3 R6 k8 f. U0 O' C
| Upgrade Check Results |! k( T$ l) `( S0 |
+----------------------------------------------------------------------+
6 Q. Q& P; z! l! @$ `| Check: Missing Root Provider IDs |' i0 ?% `& Q, m+ ^/ A4 D
| Result: Success |& P0 P3 |- d/ G, P5 s2 I! C5 G
| Details: None |
: A7 ^# O4 \! ]3 j+----------------------------------------------------------------------+
* }' O2 r% C& v) m+ N| Check: Incomplete Consumers |- c3 v- `# n8 _
| Result: Success |
W; A l8 r: l9 w9 |& N| Details: None |
j6 c' x, `' y0 t: t# ~+----------------------------------------------------------------------+
3 H# W1 W. l& p& |1 M0 u| Check: Policy File JSON to YAML Migration |
+ T! e2 j' z$ j/ S5 q- s; F| Result: Failure |
- l" `) ?3 P! ~2 O8 x8 Z8 s$ K; M| Details: Your policy file is JSON-formatted which is deprecated. You |
& E: w( ]& z% J J7 B/ w1 {| need to switch to YAML-formatted file. Use the |5 a' P& w( r' V7 {
| ``oslopolicy-convert-json-to-yaml`` tool to convert the |
$ e% q! H; f% M7 {| existing JSON-formatted files to YAML in a backwards- |
+ @5 J4 h ?1 w% c| compatible manner: https://docs.openstack.org/oslo.policy/ |
1 |- s7 n4 `5 \: S. g+ F; m2 Q7 w| latest/cli/oslopolicy-convert-json-to-yaml.html. |$ T2 [1 g$ [( V! ~6 |0 [7 x
+----------------------------------------------------------------------+
0 E) l- j) i6 a+ n这里可以看到Policy File JSON to YAML Migration的结果为Failure。这是因为在Placement中,JSON格式的policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示,使用oslopolicy-convert-json-to-yaml工具 将现有的JSON格式policy文件转化为YAML格式。; u& j6 L: z0 R9 w, t1 u, n
( K4 Z: t1 y, a+ E6 c5 t6 Poslopolicy-convert-json-to-yaml --namespace placement \% l2 i9 ~" Z6 v: j) F. m. Z: N% }
--policy-file /etc/placement/policy.json \
0 K# v2 w( a% x- ` --output-file /etc/placement/policy.yaml9 C. @: k3 w% s( ^9 W& D
mv /etc/placement/policy.json{,.bak}5 U. Z7 j2 E! K8 @
; Z* n" n3 q# Z& m8 s E注:当前环境中此问题可忽略,不影响运行。" N8 L; E. ?; t( c/ r, A% [
; {5 q9 N* ^, S5 W6 o, }3 K# c1 d! {1 b7 l5 B. [8 b0 K
& p$ g! D# `, a% e& @1 s% X
Nova¶
! A: u4 Q4 e: B( ^2 B0 r4 q2 xNova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。+ W6 ]" E$ i! l9 C
/ Q2 |! D/ `5 R5 ?
Controller节点
2 E. T, X% ?7 x4 E* `1 t0 H9 F+ b! x' [& \, C
在控制节点执行以下操作。6 k) B# f' W- f" ]) b4 S
4 b8 B4 e) R1 e$ j- e4 `8 G
创建数据库, Z- s7 B+ `5 e: y b3 o5 O/ `; h* ~8 ^
4 }6 P( R! J+ [9 c8 d; e; q! r* }+ J使用root用户访问数据库服务:
: G# [4 w1 t; ?$ X7 \, l: X, c3 i/ E( m1 V1 p/ @
mysql -u root -p
( P9 r9 r: I7 ?9 D: u% A创建nova_api、nova和nova_cell0数据库:2 }$ Q2 M: I* g8 x9 `
' R0 S! Z& q. `* ?3 T
MariaDB [(none)]> CREATE DATABASE nova_api;
0 N6 w, e( e$ d3 tMariaDB [(none)]> CREATE DATABASE nova;
! n" V3 u; K' i7 ^" X* TMariaDB [(none)]> CREATE DATABASE nova_cell0;0 X+ b' \! Y0 D" R
授权数据库访问:, G1 y/ d2 X! G/ h# w# p
4 P; r+ b8 ]: @
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';/ ?7 Y$ W+ [- ~% o. ~
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';- Q1 I. H. T+ Y' b- B6 ~
3 Y v$ r$ G: L! D- J, nMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
" k) i J- K! c6 CMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';% g/ f6 w- D0 j p% G
, m( l. b# Q( C/ q( ~* n/ e
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
( q9 H" h- P5 M: bMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';( i2 k d4 d# j* w8 a; O# u4 r
7 @1 {4 _& M6 B8 Y1 ]7 V替换NOVA_DBPASS为nova相关数据库访问密码。
' t: \) U% J0 C' C8 w" n+ P& z, T* G5 Q8 k6 q o$ n- H
退出数据库访问客户端:
: Y' _! r+ e5 C2 K* } I. H" P7 z: ^6 r( g4 l% C
exit' m4 B. L/ g5 M8 X o- |7 r
配置用户和Endpoints+ c+ c1 I8 f" @0 c) Z* ]) t$ H `
% ^2 [9 w) _# k9 @1 M6 }& O( C2 p
source admin凭证,以获取admin命令行权限:' i( s* U0 P2 N/ n2 o
# Z$ ~! ?7 n) Z$ w) i3 Psource ~/.admin-openrc) F* Z; g& p3 S+ @6 \ V
创建nova用户并设置用户密码:
; h+ o! q/ [2 l
2 P2 L0 j8 s6 N4 p3 q* a: F$ u4 ^* I& yopenstack user create --domain default --password-prompt nova
4 d: } z5 ^0 P1 M+ r5 T) g; {% w
1 _3 Y4 L. s$ \ s9 s) rUser Password:
1 x L9 r; S, @% Y, f* ]Repeat User Password:
8 O8 s. H# _& L3 } o- z$ _0 A添加nova用户到service project并指定admin角色:
' s, l( f3 z/ ^
* X# f2 W. Y: l+ w( |3 `. G6 c7 P- popenstack role add --project service --user nova admin
! c" O, D& L; X% h创建nova服务实体:
" r4 r" F( u; m! |% l( m2 I8 U( v- e" ~! `/ m3 c; y, \; a" t
openstack service create --name nova --description "OpenStack Compute" compute
9 ]! N" o8 K; Z/ I; m9 g* X% H创建Nova API服务endpoints: r2 H# w# w) w( c q' d
. C( } x+ A8 U! n
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1) c7 ]5 [( t9 C, E5 T8 U% A
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.19 H, x3 L7 U8 J9 Q
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
3 N6 I u7 T6 M& t5 w% {
0 Z8 C9 G) I; R) ?& k/ R8 n9 K安装及配置组件
4 F( a; z0 z( C8 K6 o+ A+ H1 x& ?! U) o
安装软件包:- H& [4 j \2 ]8 M" D
" h' J5 f4 n2 j4 |
dnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler U3 {2 a, p' V. X& K7 O
编辑/etc/nova/nova.conf配置文件,完成如下操作:
4 t8 h* M% o8 {' ^+ M* E8 `
% L- W* N4 N( p( K# B) c f在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:
: x$ K8 D& S; c5 v3 a8 y3 D& a
" Z; l9 M. Z R$ x/ X* Y! R[DEFAULT]
" M) M% x. \! t4 F/ i# }9 Wenabled_apis = osapi_compute,metadata
! D/ v' `7 V" H( m, ?/ }; q" Ttransport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
- K* x4 i9 B9 Qmy_ip = 192.168.16.2
5 T% e. x+ v' }$ _' Q0 slog_dir = /var/log/nova
) e! @& o2 f5 g: |6 ~state_path = /var/lib/nova
$ m/ _6 s% I4 w6 X8 g+ Q2 z0 A6 h0 |, S' R9 E; l
替换RABBIT_PASS为RabbitMQ中openstack账户的密码。2 l( _& o1 E3 {8 e8 g
r* j9 G& V1 W/ s+ `
在[api_database]和[database]部分,配置数据库入口:
a0 @- i( q: J2 z' _ H
- a5 E0 L/ r( C[api_database]
; l8 W0 N2 b* G$ Dconnection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api1 a" k& w; @7 T; i; S5 z
* T8 n7 n) G% L" z[database]
3 J" l% M Q8 S0 |connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova9 L" u6 Z# ^" M9 u% \% ^/ D+ l
替换NOVA_DBPASS为nova相关数据库的密码。" X, \5 Q1 n7 k4 i: `. a3 Q5 t
. l. d8 V0 l! H) O, T在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
; b6 O. v+ \. y( i- I0 l( [. ?7 I/ v6 s5 x, k
[api]
: D% m' @4 e$ Z" j9 k/ kauth_strategy = keystone
( k Y3 E+ }( r# T0 U, B$ h. T9 v* h. e0 N
[keystone_authtoken]$ L4 f$ ~% d+ w
auth_url = http://controller:5000/v38 s; }0 t0 f% Q9 ~/ m& W
memcached_servers = controller:11211 g Z4 @( u+ O$ @8 X; v; E: m% U& }( R
auth_type = password
3 b G2 k, {$ S. K+ Q9 jproject_domain_name = Default- d' J Z) k) M* _, T: t" b
user_domain_name = Default
$ o" Q: P0 _$ x8 Fproject_name = service
. k# A4 _" ^7 d# I& E9 h$ L8 zusername = nova9 a, L# Z6 Q* i8 H1 E6 p' u5 y( N
password = NOVA_PASS l0 m3 R: U: b
替换NOVA_PASS为nova用户的密码。
& v6 l4 g6 K& Z
! L5 B4 v1 p3 o; ]在[vnc]部分,启用并配置远程控制台入口:2 Z9 g2 N# ^) I2 x- _) N
5 k& B. T) e% f
[vnc]' D' w* b) ?$ O( r& E' w
enabled = true: j0 Q w; ?5 r8 a, M$ K) B% m" y
server_listen = $my_ip controller " a6 Z2 O, S& E8 c& E. z( o' A, s
server_proxyclient_address = $my_ip controller- S; c1 K' Q3 P9 k% H$ l s
3 p/ |8 T0 g" }" Q0 \8 ~在[glance]部分,配置镜像服务API的地址:
$ p# M/ ]. r, ]4 t( S( y3 C" R% T, z' r3 ?! K Z: \! D8 T
[glance]# p2 ~ S; a% s0 p
api_servers = http://controller:9292
% Y! N$ a. m# ~6 P" P/ {9 V9 p* O4 v7 g) R& ~% @$ O
在[oslo_concurrency]部分,配置lock path:
6 ^% ~# l2 a, N, _
5 o' u; g; r1 F[oslo_concurrency]
6 x8 b# \7 o5 c7 s( Z, i7 {lock_path = /var/lib/nova/tmp
" d% `! x+ B+ J" ]% y+ {& H0 U[placement]部分,配置placement服务的入口:
3 b: z' o8 d: @9 z1 H6 ~3 i
8 c' l8 O* ]8 D9 r4 { y[placement]/ x6 c; T% O" c7 F" ~. `) I
region_name = RegionOne3 ]4 H: L; j# E# ~ K ]9 X
project_domain_name = Default9 X9 C! O$ d& T. k8 l( [& }+ L$ f
project_name = service
& p/ T' g4 H; D* W* Oauth_type = password
) U8 N! [6 d! G$ r* f- Y" Duser_domain_name = Default: p7 D" H3 T3 X6 n+ B
auth_url = http://controller:5000/v3
# { t3 w) B# K4 u8 Pusername = placement2 x# G" e( V1 u, r7 V
password = PLACEMENT_PASS% C f: y% V" x5 Q& J" s6 r4 i
替换PLACEMENT_PASS为placement用户的密码。
0 z& b8 V, L% a; C4 J5 p, f+ w, w6 k
+ P0 P8 d3 Z3 F- g数据库同步:9 _9 J4 n: Y1 u6 R& a
, G: M3 A. K) v9 }% o* q
同步nova-api数据库:/ c/ m- Y2 `7 a1 O. Y+ f% F/ x! [
$ \( T, U) \9 G/ x
su -s /bin/sh -c "nova-manage api_db sync" nova7 n+ J/ E4 I4 {" Q" @) g; w
注册cell0数据库:1 b3 Q% Q+ U: t! Z
5 ~) C7 `6 O8 ~, G d$ M
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
& G* f& R% I- P7 ^& D9 l$ k& r创建cell1 cell:
+ P6 `9 T( d% D% Y& ~2 R- b. ~' q, ~% V# o( r t- E
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova; o# _2 q) j) t d
同步nova数据库:% {- v9 u3 O5 _& D [ `
4 K6 m) s- H9 }' ^2 e$ b7 x3 \
su -s /bin/sh -c "nova-manage db sync" nova0 j$ q: i- _. I* {1 I- w4 n( }
验证cell0和cell1注册正确:3 X' ?: x( J+ S: s5 {. d' s
$ Y; ]) s- Y& lsu -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+ L# Z$ p: o N0 p% W( A启动服务$ G1 d( W$ o) V6 E- D
( l/ Q2 H4 v) S" r
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
8 p( {2 b N7 T: A& A, Y1 ~, h8 @; ^. s3 F# n( ]8 e9 A3 T6 s
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
3 S/ j! C' n' x: c. N }( {4 H, i9 g. `/ L
Compute节点
1 A9 [* Y- ]5 c3 o/ I5 I
( O! l/ ^' h- r$ s" K在计算节点执行以下操作。
' V6 N5 g6 N/ M$ Z2 f% x
; L- o9 ^& a) H! K6 F( {% c安装软件包. N* v( `4 b5 A( D
; f3 T, z- G4 V, i
dnf install openstack-nova-compute
9 x# m( R$ {. X% _, F J; R0 H编辑/etc/nova/nova.conf配置文件
/ v: {9 R( }, O$ }+ @4 L
" l* _: p7 {8 @5 L8 k, T在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用Compute节点管理IP配置my_ip,显式定义compute_driver、instances_path、log_dir:$ {$ Q! q8 n# ?" V7 L% o3 ?
- ?1 m4 o8 J, `; Z5 _9 T( l5 |+ I[DEFAULT]
9 g0 ~/ z$ m% I5 P! w2 }enabled_apis = osapi_compute,metadata! g5 j3 ~1 T" E y: ]/ c6 U/ C" c C
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
3 i f1 p$ Z- _# Y! g, ]* amy_ip = 192.168.0.3: m& e! r$ `! ~: g
compute_driver = libvirt.LibvirtDriver
, A# c, }. P Vinstances_path = /var/lib/nova/instances% h5 b6 O6 u$ I/ R& L
log_dir = /var/log/nova
; Y: e- U) r4 T; T8 J- G, Z: y替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
' \! E) e1 {" j+ {: \1 h2 g( Q! a; Q
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
3 D3 T# \6 n0 y
# w& q7 J* J. U, [[api]0 b' z, i0 U2 }
auth_strategy = keystone4 C# F+ W2 R5 i, v* f
. b: K1 b! M. M0 f
[keystone_authtoken]
g; u0 L! u9 p" B+ F7 X; gauth_url = http://controller:5000/v3& N7 Y' ~2 d2 ^5 O
memcached_servers = controller:112114 C8 d) a, f# K! Y: G2 p1 w" F$ l* H
auth_type = password- I3 l: W/ k' \% S
project_domain_name = Default
4 f9 y. o" k+ guser_domain_name = Default
# e$ r! d3 Y! Q! o8 l0 i# I) W2 oproject_name = service% N* p% e6 ?% x9 D9 I& `9 F
username = nova$ J6 Y! B# @, ~) n0 ^8 P
password = NOVA_PASS& s/ N9 i! e2 j0 A
替换NOVA_PASS为nova用户的密码。+ J" a i6 m4 Y; o7 u. u
4 u3 \/ F0 ~& l( J在[vnc]部分,启用并配置远程控制台入口:+ u4 u3 ^- ?. h# t
- p6 m0 Z2 r: C4 h5 V
[vnc]% ]& S6 h* G B* Y
enabled = true
- ?, @: E' Y% P1 Q3 tserver_listen = $my_ip/ ]" ^, o8 @; X& S
server_proxyclient_address = $my_ip
5 A! t6 q3 a9 [- i! o. U% S6 {9 unovncproxy_base_url = http://controller:6080/vnc_auto.html
' ^2 P& @ @' e* ]6 \在[glance]部分,配置镜像服务API的地址:$ J+ U* g& U" m2 f- X: m' {) Z
6 x* @8 A8 N6 \ p5 R' q[glance]9 r; _% f# ?. N+ f1 J
api_servers = http://controller:9292
# D K. A5 G! D, p4 p- i5 N2 [7 P2 c在[oslo_concurrency]部分,配置lock path:
]* B' ?0 O3 S9 q) d# F# S" k, x: K. K
[oslo_concurrency]
. d' b i7 x- a6 g( g% H! D2 alock_path = /var/lib/nova/tmp6 A; w! \0 ]4 e3 m% l5 u4 p
[placement]部分,配置placement服务的入口:
2 B! m2 f9 w; ~: Q9 h" I) A1 r' ?9 k
[placement]
+ S$ m7 m) p4 Z# z0 yregion_name = RegionOne) M) w1 f7 T- m1 H
project_domain_name = Default6 J, _0 m" f$ d" Y. l8 ]
project_name = service3 A, E# o' h/ Q
auth_type = password
0 X: B! e3 i" p' `3 E3 v5 auser_domain_name = Default
. A: a7 q& e* y i2 Lauth_url = http://controller:5000/v3) X1 L+ R+ c( x
username = placement- ~. k& g3 o4 x5 Y* x) \5 @# y$ ^
password = PLACEMENT_PASS0 T" U: \+ \( \3 Q' e m
替换PLACEMENT_PASS为placement用户的密码。 Y& v# M z, |* r' w
+ o) s( N! E8 \8 S, F
确认计算节点是否支持虚拟机硬件加速(x86_64)- G' u6 i3 o. @6 h
% D3 ?4 r8 f' O \1 x, ]) `
处理器为x86_64架构时,可通过运行如下命令确认是否支持硬件加速:
- d2 g' j7 x5 B* {9 u7 C- _/ K
7 M6 v q' H8 }- K4 E) legrep -c '(vmx|svm)' /proc/cpuinfo8 s6 t8 P" p: k# [6 G
如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:7 [& `) K" G- W' y1 s( q
* ?" v( X" C" I! ?[libvirt]
, _% j; z B9 ?virt_type = qemu
# D. R$ {. O5 g) ]! T3 F! \- l6 G如果返回值为1或更大的值,则支持硬件加速,不需要进行额外的配置。1 l I; Z. w6 `5 z( J* ^% k+ x7 A
2 d7 f( c: _ Q* k
确认计算节点是否支持虚拟机硬件加速(arm64)
* B* s, \9 |& B, t# G; L
8 K* N% |$ ^: `. ]5 g1 `1 p0 \处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:
# Q: }7 k8 p! o; e5 l
: m5 s1 p0 @3 Uvirt-host-validate, ]1 ^0 m, W! C* u) }
# 该命令由libvirt提供,此时libvirt应已作为openstack-nova-compute依赖被安装,环境中已有此命令0 H/ z+ c, v6 o% L1 E- ~
显示FAIL时,表示不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。8 X. u. V( h( c" Y$ X
3 [; i! ?7 s9 O
QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded)6 l6 m1 q% b$ ^, @
编辑/etc/nova/nova.conf的[libvirt]部分:
0 ~0 O: G. q$ G# i1 p3 W3 y) D, O9 g- _* [$ ^% y4 _
[libvirt]( O8 z: G9 k* s' |
virt_type = qemu9 A3 d0 q& i K. M$ E( W
显示PASS时,表示支持硬件加速,不需要进行额外的配置。+ s# Z1 p$ i2 H: l
$ H4 n9 Z$ p3 e- \; X
QEMU: Checking if device /dev/kvm exists: PASS7 z' t, ~4 ?% K. R; s" e" A
配置qemu(仅arm64)6 ~* U) |, u0 O( e/ Y" \4 ?
: u: m* B* B4 S2 X- ~% [: A仅当处理器为arm64架构时需要执行此操作。, C( ^! J; q) C: I5 @* h
& Y# o0 k! E4 Z+ s* A
编辑/etc/libvirt/qemu.conf:2 p7 F, N# `4 z" v; p3 Z) P
8 l. B" ~3 j: A' F% A# Snvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \
8 W& t( M3 ?" d7 h) `: F /usr/share/AAVMF/AAVMF_VARS.fd", \2 w9 b- {6 Y4 C7 Q% X0 g
"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \
5 P. A6 [' F& e0 M' T6 G; m /usr/share/edk2/aarch64/vars-template-pflash.raw"]5 B/ E7 ?, l- i0 T6 d0 M
编辑/etc/qemu/firmware/edk2-aarch64.json
. `; I0 v" H( u' s. x: [, j; j$ i6 `$ t7 u9 }
{( Z" H7 f' L3 D# D0 b
"description": "UEFI firmware for ARM64 virtual machines",
' l( D/ ~/ j, K! ~3 M Q( C# p) Q "interface-types": [
& Q5 U$ n" Z0 ?$ Y7 S) O "uefi"- y* }% Y. l, p1 M
],0 E- L: f) P% A3 P3 w/ [
"mapping": {7 U& ]/ D6 n6 y. ^% A
"device": "flash",; i) K) p4 u# \
"executable": {
. |# `3 n4 H& W* d# ]4 X "filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
1 M; {! A9 _' ]% t& j "format": "raw"
% N% x( m+ W* C" y },: j5 h' v8 L1 o- P @2 B3 D
"nvram-template": {
+ H3 M: |; s3 m% a3 J! n* } { "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",8 s* `( c' _- q* n5 l; X* j0 h
"format": "raw"
9 j9 z, Z) }* B: b- y: a0 f3 l' I }
) t% Q: n3 ?% C d J! y },7 q* l% _. W$ Z6 t0 G) N' L, s
"targets": [
6 E. Q: V- r+ X- Y# S- V {
9 S- x2 U& U% U7 |7 D: w1 S "architecture": "aarch64",
3 s$ l- z" n- F "machines": [1 ?( l* T6 D. \) u Q
"virt-*", Q5 e* E; ]/ w* Y8 l4 \
]8 B, n! X: @+ H, ~# F9 a
}" b) g2 S& g0 h/ E" @
],1 n5 I" D+ n# Y' g# C
"features": [1 z* Z8 f2 q \3 h
, |$ u; N2 R6 {" Q( f2 m
],5 @4 m2 v: k8 u b A4 S4 e
"tags": [" x2 m4 D/ Z1 d
* a6 c3 p; u6 G) ^7 H5 F4 ]6 g ]
7 n$ M) S* m! m- c5 V2 b}: P7 {3 ^! ?( ?: E. O
启动服务
0 g3 v7 P( C! c( m' K; T% A
" n ]. C J6 J; ?5 M2 V: X2 W8 F' ?systemctl enable libvirtd.service openstack-nova-compute.service4 o5 h! Y n% B( J# V9 M, I
systemctl start libvirtd.service openstack-nova-compute.service
6 c9 x& j- Q1 B5 T1 FController节点% I8 o* @. p/ `, }5 s4 N* Y
! |: P& Q6 }* H+ ~( v f) H在控制节点执行以下操作。
: g/ j; n! t8 X& {+ ~1 [+ m$ g0 m* E8 p( b
添加计算节点到openstack集群1 | j7 l3 w* X0 E9 R/ D8 N( u2 |
0 m8 N8 B3 k4 b' v( y7 Z# lsource admin凭证,以获取admin命令行权限:: X' q" S$ c! K# ?8 e
) r. c6 ^& K! y% w1 Y2 a0 U
source ~/.admin-openrc* L n- W! p. M6 p: d
确认nova-compute服务已识别到数据库中:
! U3 K r* b3 B" n3 M
3 Y( J/ v9 d5 ^0 Xopenstack compute service list --service nova-compute( w, q. ]4 I5 M/ V k- v
发现计算节点,将计算节点添加到cell数据库:, b7 G; w$ L; K [% `
8 h# P* k& q( O$ _
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
, a" d Y0 |( d$ i结果如下:
% n# n/ T$ |4 N! @$ ^$ \Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.' n |7 w( _" o1 B- Q9 _7 G0 d
Found 2 cell mappings.
# r k" f# G% @1 G" D XSkipping cell0 since it does not contain hosts.( R7 g8 W7 r- ~/ w% v7 g$ X$ o
Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2! |3 ]' d( H K9 T: v
Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e
+ ?+ u# o, \' p9 u hCreating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e) b* i! i3 {# b# f& k
Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2
3 A9 U2 M0 G! j; ?1 x验证5 g" f U: v8 [
5 _" |% a2 E2 c6 J5 a
列出服务组件,验证每个流程都成功启动和注册:
% N; d8 H, ?& ]! A' x& L3 P' b9 wopenstack compute service list
5 e# c; f- t& }. v. U! |, w5 v列出身份服务中的API端点,验证与身份服务的连接:
- \0 o8 a* a/ G3 k/ A+ hopenstack catalog list
+ Y2 a2 R" u- _4 P i& S列出镜像服务中的镜像,验证与镜像服务的连接:1 g6 j D1 `/ i
openstack image list
9 }! L) e* A- p检查cells是否运作成功,以及其他必要条件是否已具备。
' k$ q; C, y J! C, @nova-status upgrade check
: H& @$ C: k* n9 c2 v) }2 c0 ZNeutron¶0 q* v9 T; o, w7 K8 |$ W' c
Neutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。8 X; Y6 s: E1 X
$ M* j' \1 C" Z9 X$ U x, @6 {0 a
Controller节点
/ p' Y0 e# v+ b" o/ b7 K
! g3 v( q- J+ Y n$ w创建数据库、服务凭证和 API 服务端点 I) ]/ I( P& E& _( A& M0 @
: v4 i) y, E5 b0 ?% W+ [
创建数据库:
* ~$ Y5 M. u" G5 Q& }+ X5 O6 p$ L# s4 N( F( j3 G; o
mysql -u root -p4 B9 I% Z$ ]" _9 M: v& C
3 c% s2 V6 m( l3 {9 p
MariaDB [(none)]> CREATE DATABASE neutron;
C3 t T+ \1 r. y w4 I. pMariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';! W5 V, D7 M: a Z4 q& E
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
! B2 N: V) H" N( L+ r/ R( x+ pMariaDB [(none)]> exit;
+ e# S2 C0 T. X. G创建用户和服务,并记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS:
" ?3 n u7 {& R0 n2 C
1 U' F$ R4 u0 c0 G( s7 ?0 Isource ~/.admin-openrc
! r: n. m s- K1 }: f, S1 ~( c7 ^openstack user create --domain default --password-prompt neutron
; d2 u' M6 V# T0 jopenstack role add --project service --user neutron admin; r: K; W. ~( l+ a5 V! n4 h3 l
openstack service create --name neutron --description "OpenStack Networking" network/ g4 L% V! q" g) T) E# ?; i
部署 Neutron API 服务:: c E! Z9 d" I3 N- ~' a9 B
' `0 G' I" p9 d7 ]
openstack endpoint create --region RegionOne network public http://controller:96968 _0 G. H0 N4 v
openstack endpoint create --region RegionOne network internal http://controller:9696# f* C0 x( Z% G- P u- M8 T. o
openstack endpoint create --region RegionOne network admin http://controller:9696
+ I3 f' @7 S) V8 M- Z; E ~6 Z安装软件包* L0 i. h! h' m: V, Z! e2 o& {. E' G
4 A& y- F w& F( S
dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2
3 Q# ^( n. M: z( R( x# D3. 配置Neutron
c+ i8 [4 \: J& }修改/etc/neutron/neutron.conf
3 D" Q2 a" `3 ]! J5 i1 L' N8 A( I
5 {, H, K1 F' d6 |; I- g# M9 G[database]* ^1 d. Q, H! Y( G1 m7 O
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
9 W5 t% Q, L' F) e; e; l% A$ w" E6 a# y5 X4 J; C( F$ R7 Y2 _' Z
[DEFAULT]
2 b/ r/ a1 @2 T3 {, pcore_plugin = ml2
4 P A, h, @8 t9 kservice_plugins = router
1 o8 o. I1 F: F7 @* Kallow_overlapping_ips = true8 X3 k8 W6 f8 {( X9 u1 W7 {
transport_url = rabbit://openstack:RABBIT_PASS@controller
6 `3 A! Z# O& L# Aauth_strategy = keystone
! X3 s, L# y2 N6 h! l4 [notify_nova_on_port_status_changes = true
$ p) t3 Q6 p( ~4 f7 Snotify_nova_on_port_data_changes = true
* Q3 C3 j+ R, Y2 Y* K) A
4 l$ ^' H" }' s* U7 V3 k$ g9 t, y' m[keystone_authtoken]5 K6 Q8 M- Q7 R7 U1 l
www_authenticate_uri = http://controller:5000$ W& ^2 y4 t+ |! U' e
auth_url = http://controller:5000' T) O# p/ Z# M2 \) m6 y- f% P
memcached_servers = controller:112118 A% o$ C, }) ^6 Q3 T4 F) b$ f
auth_type = password" e) {+ } t4 Q4 ~8 ?
project_domain_name = Default
* i. t" M: s( z4 _user_domain_name = Default
/ B) R; }0 s9 d* h& hproject_name = service
& `7 o0 O4 O2 ~* D" `8 g; f/ Wusername = neutron
. R; j; ]/ i- F# h$ w/ {( c5 V4 G* Wpassword = NEUTRON_PASS
/ u2 w7 G3 i) V" ?* w3 Z M& B% ?* l0 D
[nova]/ h6 M1 S- J. l1 G3 F+ K
auth_url = http://controller:5000$ [& S8 ]( `5 C9 a9 ^2 E0 T1 h H J
auth_type = password
1 [+ p& U4 }7 [; _* N- H1 Zproject_domain_name = Default9 ?! q7 A7 G7 m* G' L1 n* f
user_domain_name = Default3 X% ?1 G v; U' L' r2 X8 P5 _
region_name = RegionOne
; P! e+ k" Q/ n; J5 A/ Dproject_name = service
, O: _5 V- B8 Z3 {& s! Wusername = nova, r x M3 W# a% v i
password = NOVA_PASS
/ W' Y$ n" M& h& g, H8 A
. u! ~/ K$ @8 ?$ b7 _/ L[oslo_concurrency]$ l r& @3 f0 y0 x
lock_path = /var/lib/neutron/tmp$ |0 @; e3 N5 C- v& F
1 r* R g- O% `$ r% K2 Y% p6 K
[experimental]6 w B! ~7 _6 s, N7 \9 I# `
linuxbridge = true
' |% _, H' {2 S" r) _' I7 f配置ML2,ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**
( [* m( T: _6 \8 v
* ?$ J- l$ F Z; C8 m4 |修改/etc/neutron/plugins/ml2/ml2_conf.ini, I1 A; U5 g+ G3 n/ v& U* ^
) N# l9 ~: J* n3 n) |0 F
[ml2]
$ A2 H/ o+ k8 l& _type_drivers = flat,vlan,vxlan
- I0 r4 W- D6 S5 Y; wtenant_network_types = vxlan' `+ W1 J( t. G& S( C
mechanism_drivers = linuxbridge,l2population
7 j) a6 ^; y" k4 m8 Qextension_drivers = port_security
1 ]* f; c; i3 y4 A8 }" w0 j/ [5 ]6 d; P( j
[ml2_type_flat]
% X9 |" z- g6 r) S. i7 F& Zflat_networks = provider/ F4 V) N9 o/ f3 R% D
, N% D- t. Z T
[ml2_type_vxlan], ` P+ |9 L6 Y# f" p
vni_ranges = 1:10004 [0 J+ n, M: p5 B7 F& B
5 t: f3 F) i* W5 g: d[securitygroup]5 w, ^5 o7 x3 F% f( t" u5 @: K
enable_ipset = true
3 r" o. G# m# l& W% G修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
, s, s6 h! q9 \; K( c
# A0 ]$ a/ B8 x1 B( Z[linux_bridge]/ |& y, e# d. {+ l( G
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME0 `$ h. b# x M% f2 m! G& r4 m
* w1 ~! p! I! W/ s+ _[vxlan]
; K, P- x5 `0 x" o) ~enable_vxlan = true
+ B0 Y6 Y) P' x, w% H2 W% Ulocal_ip = OVERLAY_INTERFACE_IP_ADDRESS( i+ F0 e$ ^, v8 O# W4 S5 l
l2_population = true! n* ?! r A7 s& o0 `# _% D
: l/ u1 ~- H& E) P) }[securitygroup]3 s, U! g/ I+ j; Y {* @. s
enable_security_group = true
% b. W4 u# N; D, [firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver( G3 ~) I6 h) m$ `" W
配置Layer-3代理. Y, Q! V. D7 }' C0 Z4 \& ~
7 M0 I) T6 x* n/ T! g修改/etc/neutron/l3_agent.ini( z5 d0 E2 b/ V) i6 \
& v. v$ U# ?* f! u/ U
[DEFAULT]/ v) r5 H$ G8 }$ ^
interface_driver = linuxbridge. p6 u+ @4 S& i N1 y. H6 I+ z
配置DHCP代理 修改/etc/neutron/dhcp_agent.ini- s, P$ I- J; p- I9 w" b3 {& C/ e
" t8 r$ ]" i3 A, ^[DEFAULT]$ v" c% r. h5 }/ i0 @' d
interface_driver = linuxbridge2 [0 y/ Q, V0 L
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq; L- Q' P$ S5 x8 U
enable_isolated_metadata = true, |$ O R5 t/ S. c# g
配置metadata代理) d H$ J$ I$ J% N) x+ D
4 F6 O7 \! x& i! J! ?% G0 {修改/etc/neutron/metadata_agent.ini
* \, L# I6 p( H- t" B# b! I- X' D7 a- V6 q% F6 I1 \
[DEFAULT]
U6 b. S& i9 \- Ynova_metadata_host = controller: ?2 M: {5 ]# S$ k# F
metadata_proxy_shared_secret = METADATA_SECRET3 ?& d! h0 \: x( C0 @! u" ~
配置nova服务使用neutron,修改/etc/nova/nova.conf- T' _5 c. K4 N/ ?: R
[neutron]4 J4 H U+ t! ~
auth_url = http://controller:5000
) ?" _! U8 S% e. L, w; [( E, mauth_type = password" p: a R: x3 L9 U
project_domain_name = default$ G+ F' h6 E! X, ?! M' D' ?. _
user_domain_name = default
1 D7 C! `( C! o: p0 @1 g. Qregion_name = RegionOne9 B8 A# f" T$ z1 ~5 z6 V
project_name = service
( ^+ c5 v5 u6 p( q" xusername = neutron
5 L+ C }& E1 E0 R7 E8 u# w5 ^" rpassword = NEUTRON_PASS
4 @( v2 P- D8 d7 Z( y1 Vservice_metadata_proxy = true; _9 q5 y& H- X, t, G6 `' w1 K
metadata_proxy_shared_secret = METADATA_SECRET! [" V& y. R" a6 j/ F+ ?; k: y" z
创建/etc/neutron/plugin.ini的符号链接% }. i; B0 |: `1 i0 M
4 \* r( N* c( e, a
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini( Q3 P0 p+ ?# z) Z% \, R
同步数据库8 R. g* I' }* K, `9 {' e! a; z
: q- G0 H% g; |9 Ysu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron7 t+ U0 l: p! X. B
重启nova api服务
! Z& X( J, F4 T, Q* K6 M/ d5 u4 b3 Usystemctl restart openstack-nova-api. d8 g$ ^8 k6 V! K
启动网络服务* q9 S* X; k' y5 J1 m' V( ~$ X* r
9 O* L% l0 u4 t- m5 m! Dsystemctl enable neutron-server.service neutron-linuxbridge-agent.service \7 N( R' p, g% ]6 G
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
' |' h$ l/ P2 E" J" o# rsystemctl start neutron-server.service neutron-linuxbridge-agent.service \7 s% d/ w: k+ n
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
( f7 [0 Z% [1 t1 Y& }4 |1 XCompute节点4 i* |5 x) ]: F8 c
$ E! ?4 P9 I( A& [安装软件包
4 {" B% r9 s4 e+ ~0 e) ldnf install openstack-neutron-linuxbridge ebtables ipset -y
4 j0 r0 r: {0 Q+ o, b) b3 E配置Neutron5 F+ [2 A1 D! b) s2 D$ O& e
4 p6 c+ _7 Q: Q4 P5 h) _4 W
修改/etc/neutron/neutron.conf
8 h. w+ ^* j& ^) F$ U+ m- T& L, K: P$ n* ^2 W/ r
[DEFAULT]
& e+ D) P4 Q. P% E, ntransport_url = rabbit://openstack:RABBIT_PASS@controller2 q# i7 B/ w1 s! [
auth_strategy = keystone- C0 a3 t- a5 N1 H5 v- ~# c( c) g
) ^5 Q+ N/ u" o y0 M( R[keystone_authtoken], z6 j$ w* L1 R+ J ?. m
www_authenticate_uri = http://controller:50008 n: _0 \) m1 T3 m, ?/ d, C
auth_url = http://controller:5000: {7 F2 p2 q5 D0 n; e
memcached_servers = controller:11211) |" p! W0 N! s" u& n
auth_type = password
8 H- F( N! ` F: G+ pproject_domain_name = Default
& f1 w5 @; _& K( F1 {' A! e9 Wuser_domain_name = Default
6 y [' p" u5 O- g. hproject_name = service
1 Y, M5 s! G& y4 t$ m8 @username = neutron, V4 l D( I0 d, W9 n* m
password = NEUTRON_PASS7 l! f( T: W! b9 p# ]$ n0 F
! O- v0 `2 O& i& [
[oslo_concurrency]8 L' a8 o9 W! c7 ]
lock_path = /var/lib/neutron/tmp
" Y2 S/ E& c5 C. z4 } y修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
) f! J! E0 s X
( I R' I8 D+ c! Q[linux_bridge]- x7 f+ N. k& k& c* {- V2 p
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME9 F9 b" ]/ ~- W6 v0 n% K: w
1 S0 j2 K% C8 `3 v4 q4 D ]2 A3 {
[vxlan]( H6 N* F2 N1 ?0 M7 y/ k* a8 Y
enable_vxlan = true
2 \( x4 c2 W" R0 Glocal_ip = OVERLAY_INTERFACE_IP_ADDRESS0 U6 [+ U- ]9 O4 `
l2_population = true) }4 A' n) t7 W2 _5 A0 X
f5 {3 h1 h' \2 A; r$ K9 |[securitygroup]
6 ^ i* v. |5 ^6 E; ^enable_security_group = true
# A, a3 K$ W9 `9 Lfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver& h2 z4 X( d- `7 l$ b x
配置nova compute服务使用neutron,修改/etc/nova/nova.conf( w( a4 z" d% R8 \- `% B6 a8 `
% W8 b0 R' z% U8 L[neutron]2 d9 E' e7 a& _0 _
auth_url = http://controller:5000
6 D7 t$ e, [0 z# cauth_type = password/ Y. l; c2 n6 o3 k3 t& S, v- N
project_domain_name = default6 M1 b; b. ~1 l+ O6 }9 @2 s
user_domain_name = default& {" |& M1 ?) a1 e# I5 j' J
region_name = RegionOne
6 _4 m' k. i* J2 j* Y1 uproject_name = service
* M; g' K+ q' Q+ m6 @6 Zusername = neutron/ a/ | H+ s. I9 {3 |
password = NEUTRON_PASS
( H1 c/ J3 r3 B& k* b* \重启nova-compute服务9 O7 c3 {. E; h* r4 g
systemctl restart openstack-nova-compute.service, C- x5 w2 T3 n9 L9 W
启动Neutron linuxbridge agent服务
7 }' x6 T' A7 k8 m- wsystemctl enable neutron-linuxbridge-agent
/ g4 k, A, y5 S3 X$ C: i( O8 msystemctl start neutron-linuxbridge-agent) F0 X2 M( A8 H
Cinder¶! }. ^2 X' `9 N8 l/ ^" n! y* C
Cinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。
2 D/ k0 E# s/ L* T# [" w7 N. k9 Q
5 l$ a5 h; ~* h! Z w2 z" W+ KController节点:/ \, _% a9 Y7 l. a+ ?' ]
+ O% j3 m' p) e; q; n; p0 ~2 |
初始化数据库. w, O U) l- Z' A- q. u g' A2 O& }
) a- `% W; C+ {6 ~CINDER_DBPASS是用户自定义的cinder数据库密码。% }% x. c4 q8 F1 Q& q; q+ }3 w/ `
9 ~ [; o' @# p6 {$ R
mysql -u root -p
$ N' q# V4 B) s- `% @) M: g
& w' d) r' e3 Y) v! @2 h- DMariaDB [(none)]> CREATE DATABASE cinder;$ t! j7 N6 e7 e6 I* n* L0 G
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
/ z( t" I& j, N0 p* Q7 \# cMariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
- i# a0 f1 L- F* hMariaDB [(none)]> exit
% P4 s$ U8 ~3 u+ j- d) S初始化Keystone资源对象( h6 `3 ?) U% O% B8 _9 g# y
0 r3 b9 A! ` U/ o$ q+ l6 g; u y
source ~/.admin-openrc1 |$ C$ O7 e& u) ^& N
5 _ ~; E, |3 I( X3 V0 s
#创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到`CINDER_PASS`的地方替换成该密码即可。8 \. r U' O T q
openstack user create --domain default --password-prompt cinder
; B2 B8 a* J: q1 |$ d8 H# M% c% q9 s5 V0 H
openstack role add --project service --user cinder admin5 M1 A! X1 p' X; d& h8 i
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
3 O" {/ X4 F0 K; [# J
$ Z# e0 y# j' u2 J) L2 o* Copenstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s6 Y, H7 i2 n6 ?9 V$ _
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s' l" U" r2 o0 [5 Y
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s9 [' c- s9 A. s ]6 {, Q9 T1 x
3. 安装软件包
) N3 s5 u' [9 [8 \8 p& t0 Ldnf install openstack-cinder-api openstack-cinder-scheduler
: S0 a- d+ h; {3 a- p修改cinder配置文件/etc/cinder/cinder.conf
& S5 T" E# _4 d/ Z' l8 b {% ~7 _# S, W/ ^4 _# W' L5 t. k- Q3 Z
[DEFAULT]
7 \3 b, D! J) H) @/ U2 Itransport_url = rabbit://openstack:RABBIT_PASS@controller
9 y( |+ w* h" ]8 ? m. nauth_strategy = keystone
- j0 I# A5 ^7 Fmy_ip = 192.168.16.25 d$ `, Z4 i2 Q f" d8 a5 P$ c
" \8 s F# D$ K P[database]$ ^% x) t z7 f: u& _3 {* b
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
5 Q0 p2 M' b6 i! y6 Y- F! Y- s* z( z# k
[keystone_authtoken]
5 f. b4 d: A2 x. r9 ewww_authenticate_uri = http://controller:50009 V" X8 @! B6 h) p4 z
auth_url = http://controller:50000 S6 M+ F# o5 k9 }3 B+ X
memcached_servers = controller:11211
/ ^+ l4 G% c% O1 o) X" vauth_type = password
\' ]+ S6 r( }/ m( [, L& ~project_domain_name = Default" I. }& Q- l' w2 @5 M4 G5 J0 v
user_domain_name = Default% b( w$ r8 s5 r* {7 F/ X
project_name = service
# ?( V1 Q9 K6 }username = cinder
9 @$ S1 q, [5 J) }8 ^password = CINDER_PASS
- g) g& A( S; e O
2 ^3 `6 G, ?# t2 _. z[oslo_concurrency]. i4 x- e- D% F5 @3 T# O; w% k
lock_path = /var/lib/cinder/tmp! Q( r \" u8 I. w5 D1 N1 h# K
数据库同步
' K; E4 `$ ]! _, p6 ?) R0 P! F9 J9 v! A, W- ?
su -s /bin/sh -c "cinder-manage db sync" cinder
1 k" \3 k) Y& |+ x- g' d修改nova配置/etc/nova/nova.conf& c3 n2 e/ I% M# \# ?; u5 ?
% d. v; }/ l. E[cinder]0 a3 |& Z* C# q( T
os_region_name = RegionOne
: x$ k2 G: i+ b J- D启动服务; H! ?& O+ I1 L1 [ V! f6 T
6 }% ]4 @3 `: [; V7 @! z
systemctl restart openstack-nova-api
& Z* v# D# H" }/ U' E& hsystemctl start openstack-cinder-api openstack-cinder-scheduler
, l6 Q: N" ^* X( K- ]8 TStorage节点:
C S* o7 `% d' D# Z& Z
6 j- |& n2 [, C% Q; ]0 S' H9 uStorage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。$ i% ~* V2 `( Q( X
1 H* m7 H! E2 `Cinder支持很多类型的后端存储,本指导使用最简单的lvm为参考,如果您想使用如ceph等其他后端,请自行配置。
; B+ ~. {% k+ b8 [
. X( d( x' p. T安装软件包
4 [/ [% z% A' I- G
6 u. n; J3 T/ f! w1 Kdnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup
2 s( W. ?0 A% m+ U7 \( h配置lvm卷组$ `- `/ q1 @: U( B- S ~3 \% d6 O
7 n. }+ Y1 D: p+ B/ b
pvcreate /dev/sdb
+ l/ Z3 n, Y& \3 c! ]# ` `vgcreate cinder-volumes /dev/sdb
( p2 ^. u) t9 S" Y& N1 i7 _修改cinder配置/etc/cinder/cinder.conf
" [# C% ?5 a: R4 Z# R: t
" ?( O9 @. a3 |- g, r! n7 L: p7 R[DEFAULT]6 c0 L6 u: g, J
transport_url = rabbit://openstack:RABBIT_PASS@controller
. {- `3 @$ `: x8 Mauth_strategy = keystone- O7 ~) ]# @( Q" H) C7 |
my_ip = 192.168.16.4
" x4 s. T; K; w( v2 y4 {: X7 R6 I- ~enabled_backends = lvm
9 g* u+ t+ s# s6 k" G# H* Uglance_api_servers = http://controller:9292 b2 H, j( Z. [) b# n: r: Z+ Y
( I* O; R7 k7 i6 U, t- J/ ^
[keystone_authtoken]2 ^/ ]# {: p6 } ^
www_authenticate_uri = http://controller:50000 h3 L9 J" f8 k2 o: A( h* x( @
auth_url = http://controller:5000
: d$ i7 \2 W U$ |, [memcached_servers = controller:112112 \( O9 v4 a( ]9 e% o3 |) v7 u" [& Z
auth_type = password) G9 E2 S, e6 m8 H, A" s7 e
project_domain_name = default2 b( x8 d( e0 E+ K* o
user_domain_name = default1 p- c( u( c0 d/ \* U3 |! D
project_name = service
W* C T3 R% S0 h7 |0 Busername = cinder
% h) t' W2 h( }1 Ppassword = CINDER_PASS* z; t, W. H( R) i$ n
, k3 F: a! r% S5 r" c2 k) v+ {[database]
) c1 B" \" b: e, r# K8 Z0 zconnection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder6 u! u; F G; d1 `* K$ v
u4 x' q G7 l. X/ t5 C% C' z[lvm]
w4 Y( `$ W7 y. d6 d( i! Z/ cvolume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver9 ~$ H; h# s: c( d$ U! L
volume_group = cinder-volumes# L* l- t/ |) D% Y" d
target_protocol = iscsi0 [( r+ r' K1 x7 \: p; y; U
target_helper = lioadm
, P( f& r3 B* |: _* T
+ _- w$ ^- v$ y, T[oslo_concurrency]
* w9 ?2 i% k* h2 R/ Hlock_path = /var/lib/cinder/tmp. J6 m: J' f2 ]+ Y6 J
配置cinder backup (可选)
5 `$ ?1 F! X- i+ A+ g! I+ T
* [6 \5 T' U8 J9 T7 J( c, Bcinder-backup是可选的备份服务,cinder同样支持很多种备份后端,本文使用swift存储,如果您想使用如NFS等后端,请自行配置,例如可以参考OpenStack官方文档对NFS的配置说明。
; I% x ~1 I2 |- `( w( g E+ T. L
修改/etc/cinder/cinder.conf,在[DEFAULT]中新增
- j0 q; W/ b/ D5 u
( E7 C4 }. j& T, S[DEFAULT]$ }7 ~! {1 z' p, C/ E
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver
3 }0 J4 [) ]4 B# ~9 x5 d1 |backup_swift_url = SWIFT_URL6 X5 u0 m/ Z' C8 R
这里的SWIFT_URL是指环境中swift服务的URL,在部署完swift服务后,执行openstack catalog show object-store命令获取。, W5 ?' k0 s, \+ a/ t
# B* R I- ?( x启动服务5 U F' _# ^, [, o5 e
- M. h) A0 l+ ?$ h' J, B2 Y9 a) ~systemctl start openstack-cinder-volume target3 v' x- E+ Q' p) e: O" l
systemctl start openstack-cinder-backup (可选)$ W* b# K8 i2 d4 S
至此,Cinder服务的部署已全部完成,可以在controller通过以下命令进行简单的验证
7 P9 z. P! ]: Y+ J9 b* Z8 @6 o7 i
' a( V: P1 X* {4 o, dsource ~/.admin-openrc, r: y- [2 i# V5 ^ |2 [& W
openstack storage service list. h3 a! ?: r# Z* }
openstack volume list
% ~7 ?+ T" f2 q" K, bHorizon¶
: L; Q0 U3 \; n! h) M( q- gHorizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。0 }9 r% L" Z4 d
& `/ u7 \* Q' N" @8 [3 w! D
安装软件包- w" p4 t o9 Q8 X6 Q1 g1 x& F
! e& j7 h. z) p# Qdnf install openstack-dashboard
' b( Z C( M8 D修改配置文件/etc/openstack-dashboard/local_settings/ ]4 G3 t1 n+ i4 F. I3 [- O7 d
* C5 K' S9 Y% B! h1 m7 ]/ X& B* u
OPENSTACK_HOST = "controller"
! Q8 ~0 P5 L+ e& @ALLOWED_HOSTS = ['*', ]
' k9 S* o. t! F/ w/ n: OOPENSTACK_KEYSTONE_URL = "http://controller:5000/v3"2 v, L; u4 n$ N% M/ z
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
- u# @% r& ?0 OCACHES = {
. a+ y, v C/ ^5 v'default': {
2 A& m2 V2 b4 j" L 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',; a" s' V6 W+ ^1 z. K8 y- K* J
'LOCATION': 'controller:11211',- e) L* U* n- a4 ^4 T/ l
}
1 f) Z& {# V+ [5 f4 K5 C9 ?: \}
Y. u. G" o. c! F4 B: D, w3 g# ?$ }OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True% C! B3 @0 _1 n6 p6 v: k
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
5 g# k0 i7 C/ e1 |4 h" [$ D2 [" OOPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
' H$ j/ f& w( o% J. t+ S# C& A0 K, } jWEBROOT = '/dashboard'
; S3 i, b5 d& |! b VPOLICY_FILES_PATH = "/etc/openstack-dashboard"
. O: ?( X8 Q- ]( q7 l+ X) Z- e4 m" b8 l) J
OPENSTACK_API_VERSIONS = {
' T/ @5 b% B7 |4 R "identity": 3,% T+ R1 Z( z, O' [& ~
"image": 2,2 `; y: `/ o) }3 a* \2 A
"volume": 3,
1 b3 w+ A, y$ r x, V3 N7 F}
2 [) @/ B9 y0 N6 U4 ^8 O$ r重启服务
. L6 e( C$ S' O3 s. h5 h; n* J, Q& T- h7 V; ]( \' e& h; Y: _/ `
systemctl restart httpd& z7 f' u# |8 Q' Q' `1 s9 d( f
至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.16.2/dashboard,打开horizon登录页面。
4 I' G1 ?+ G, [
5 N9 S1 O( ]# ?8 N+ f |
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2025-3-16 22:32:36
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜