|
|
Openstack_安装基础使用
, d& w; W+ e- }/ dopenstack 版本周期
Q9 R+ |8 ]. ~6 E7 R* |: u, Z3 ? O: a# g: h2 M; N3 M
https://releases.openstack.org/
- ~2 |6 s5 T6 i( B+ B% q% V官方安装文档$ M" p7 S) t! l
0 N' g4 M F+ i( ~: _6 d
https://docs.openstack.org/insta ... ackages-ubuntu.html6 @: a; y- m! A* U4 C8 O% j4 o
https://docs.openstack.org/install-guide/openstack-services.html1 J$ N4 f3 V" w
手动集群部署部署2 f/ D2 ?) r, v" m1 A
架构% T9 O& c8 I" p6 S( Z# }
主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色" I1 R# b' ?5 z7 v2 @ s9 |% @
openstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点01
[) W4 f( S8 i, c& T( Mopenstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02
! u% Z9 k$ U0 o; \; [" ]0 ~4 i% e3 ?# nopenstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ
# l, ~6 A0 C4 x1 f, sopenstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点) x* `; I5 j1 Q
openstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点
( b) `7 Q0 ^2 z0 t$ h W1 ?/ D9 iopenstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived9 Y$ x2 t# Y# n3 b- A1 m) g6 U
1)前期准备
! u8 t+ W1 H9 R& c7 h' o* w4 I3 J2 {1.1)所有节点安装
8 K1 n8 Z. a* {0 `/ z ~# apt install -y bridge-utils* A8 S& h- O# ~( q0 v
~# modprobe br_netfilter5 g1 n" B5 |5 g2 P& k! a7 H5 o2 h" Y
~# echo 'br_netfilter' | sudo tee -a /etc/modules3 s6 w* a5 C& N3 t3 n: e' s
~# swapoff -a: q0 n! R* H- v$ |( S9 o% X, i
~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab/ J* }. L& T' P9 N5 Q4 p
~# apt install -y software-properties-common7 v" O5 u1 {/ p' e! Q1 H
1.2)时间同步/ D( \6 Q0 D: X3 L. m
"controller1作为时间同步服务器"3 J' N: ~) w2 s
root@openstack-controller1:~# apt install chrony -y
6 u& C' L1 s5 g# Q7 O root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"
: A0 p; l7 G1 i7 o( h/ ? confdir /etc/chrony/conf.d) W+ {4 }( e* u. }+ ]1 M- M3 U4 }0 r8 `
server ntp1.aliyun.com iburst5 ~4 M% Q0 r3 {9 G
server ntp2.aliyun.com iburst
+ }* ^7 l- p; ^5 _3 ^( ~8 [% @2 t server ntp3.aliyun.com iburst
# b- b9 ^8 o# A+ K) J/ A" q allow 192.168.139.0/24
) T. U8 V2 Y: @& v% a4 [9 I allow 172.16.1.0/240 o" I# A8 w$ ] C0 {1 G- N
local stratum 10" W- p' X8 l2 k
sourcedir /run/chrony-dhcp+ R( N5 e9 P6 y: b( o
sourcedir /etc/chrony/sources.d2 S0 [2 F( ]! _. K4 T
keyfile /etc/chrony/chrony.keys
( }0 V4 |8 q% g: z3 q driftfile /var/lib/chrony/chrony.drift" o- U6 e @1 D' w7 x5 q/ }
ntsdumpdir /var/lib/chrony) y$ j1 J* P5 m* W
logdir /var/log/chrony1 U- @) g" w) k ^, k
maxupdateskew 100.0! h7 y ]! H2 \# C% y+ Z
rtcsync5 z) t) ~( E, ^
makestep 1 3
: T. }2 D1 t1 N( X B$ ]! x
, ]7 {1 ~( g* K* F7 o1 J `启动服务`
5 h; f" m7 m1 l6 ~ root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony
( }2 t) N& [5 W L* V1 d5 I0 [; ^5 a+ d
`验证`9 w. x$ A, a5 f- i7 g4 t9 Z3 F
root@openstack-controller1:~# chronyc sources" U% n0 ^, s3 K1 D
210 Number of sources = 2% n) f4 A" @' ^0 ^6 X H6 b( ?
MS Name/IP address Stratum Poll Reach LastRx Last sample 6 {/ s% ^, U4 b& ?. [+ w; e
===============================================================================
3 H2 k, J8 a0 y/ v0 a ^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms/ C. J% p9 Q/ o
^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms7 j$ r# [- _; k+ E" p/ \" z
6 i( ^5 y* p, S9 | "其他节点配置(集群涉及到的节点都要配置--我演示一个)"
- ]7 R! y7 E6 V2 K5 x root@openstack-mysql:~# apt install chrony -y" C5 G( I% z/ G+ W7 ~* r
root@openstack-mysql:~# vim /etc/chrony/chrony.conf
+ T3 [9 I0 S9 G) R( | #server 0.centos.pool.ntp.org iburst9 r9 w: ?3 u- @
#server 1.centos.pool.ntp.org iburst$ B! u. e- @1 J! n4 y: \
#server 2.centos.pool.ntp.org iburst5 i' s$ I! u1 a" P* j/ ]5 @2 ]
#server 3.centos.pool.ntp.org iburst/ T. D' J& l. W9 ]7 V5 ^
server 192.168.139.31 iburst # 添加这条信息指向controller1
3 B3 R" L2 w0 J root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony \) I. e5 Q/ k
root@openstack-mysql:~# chronyc sources
/ H* ?% D( X0 k) R9 f, s8 L 210 Number of sources = 1& H8 k" f J' x q- R, E( h3 T. Y
MS Name/IP address Stratum Poll Reach LastRx Last sample " F7 }) o. V8 Z1 p* b
===============================================================================
6 k6 x! s% D2 A ^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms
/ w; y) G% s" o4 Q6 l/ x- @1.3)配置openstack官方源& p, s1 i9 {" w+ x& a6 `9 ^ W
`controller管理节点`
( B! g. H; s) C, l; w" [% \ root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
& a% A( C/ v) V) l1 _$ U3 q root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache . A/ |5 Z0 F, ^) J7 q4 e! l0 e
4 f! d& R- R6 a: A
`node计算节点`. z' v5 k4 m$ E" ]) x" O, g
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal) T" n! y4 d8 S2 E- J. J
root@openstack-controller1:~# apt install -y python3-openstackclient
+ L$ p0 x6 s! y( A1 ~7 ^( V# R, Q `数据库节点`# K, t0 Z6 l2 n2 X: S+ A
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal& A$ g2 w( j- U# S$ H
root@openstack-controller1:~# apt install -y python3-openstackclient
! E: p: C% W% f: t, l6 N5 s0 \1.4)数据库配置
/ }1 C+ _# j$ P4 d root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql
2 w# R) ~# d0 k# C root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF
+ o( |9 [) j2 _5 _ [mysqld]9 f: w. b9 b! `, F- j5 F
bind-address = 192.168.139.331 Y! O) g9 @1 K# z
default-storage-engine = innodb+ y' t+ |; s, H4 _
innodb_file_per_table = on
: S* g: K* R/ W/ O9 N1 L2 R max_connections = 4096
0 ~- O- L2 m, X: L- z' I collation-server = utf8_general_ci
& O1 e! d; q+ Q. T6 V' _0 j3 f character-set-server = utf8
) r1 @1 t' _# @# H% | j8 k EOF
% G) A0 v& M( t7 {6 v, L8 H; m root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb3 I3 ^" S- Z# k3 T) P: {6 n- O
1.5)RabbitMQ配置
8 `+ ?7 A' {0 p; b8 r root@openstack-mysql:~# cat >> /etc/hosts << EOF
2 S$ D; m, g" L3 n. ? 192.168.139.33 openstack-mysql.stangj.local openstack-mysql
, O8 N) g; Z. `8 ?' ~, y EOF
+ o- B, \+ L( X5 o4 ~) w root@openstack-mysql:~# apt install -y rabbitmq-server& W& s* G$ L3 \: Y
root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service % ^: H8 [% n% m. k+ A% n
root@openstack-mysql:~# rabbitmqctl add_user openstack openstack123
% q/ {2 l7 z: A! `: v# k& X. k Adding user "openstack" ...$ b( V3 ^: z- ~2 p2 }9 r- Y2 t
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more., s9 W( F( H* F: i
root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*"
" o4 s, j. j7 \9 T& h$ M g Setting permissions for user "openstack" in vhost "/" ...( p/ m' T/ S# K* |
`查询插件`; z# _" `5 B. B0 W% E; G! @3 c
root@openstack-mysql:~# rabbitmq-plugins list
7 d6 j# K; v( P, ]; D& `, T Listing plugins with pattern ".*" ...% B% u5 z* N, |6 A7 {5 i
Configured: E = explicitly enabled; e = implicitly enabled- g% R" H( p9 M3 Q* ?; e) q
| Status: * = running on rabbit@openstack-mysql- [0 Q, T6 e: }9 Z
|/, g0 h7 G% o0 s" |) w8 |9 a4 G+ Y% Y
[ ] rabbitmq_amqp1_0 3.9.272 L* ~) @: T! J* W, k
[ ] rabbitmq_auth_backend_cache 3.9.27
: W R- N' s7 z |! t; e [ ] rabbitmq_auth_backend_http 3.9.278 }: R5 H$ ]& g) K: t7 N
[ ] rabbitmq_auth_backend_ldap 3.9.27
3 y$ v) W& d. s [ ] rabbitmq_auth_backend_oauth2 3.9.27
' b0 m# z# x4 a1 a9 |' Z [ ] rabbitmq_auth_mechanism_ssl 3.9.274 W8 c) [$ o3 M* O+ D
[ ] rabbitmq_consistent_hash_exchange 3.9.27
7 L3 `3 @* C, r! R/ I [ ] rabbitmq_event_exchange 3.9.27
* H) {! I7 N$ X* z8 A* ~* \ k [ ] rabbitmq_federation 3.9.27+ x" _# L" J/ z- k, r6 k
[ ] rabbitmq_federation_management 3.9.27
# k" v& a$ X% i, M [ ] rabbitmq_jms_topic_exchange 3.9.27( z5 k* d. h3 F6 C7 f7 m6 y2 _
[ ] rabbitmq_management 3.9.27
( B) p5 L# o% ~- ? [ ] rabbitmq_management_agent 3.9.27/ l$ M: ?: H9 D9 q
[ ] rabbitmq_mqtt 3.9.27
# p4 N3 \ y- \: c [ ] rabbitmq_peer_discovery_aws 3.9.27! E, p" }4 q: X$ I0 i
[ ] rabbitmq_peer_discovery_common 3.9.27
4 m& N I) S/ |! W7 ?' j, [) q [ ] rabbitmq_peer_discovery_consul 3.9.27: [3 o! D: l9 T' {- x; p
[ ] rabbitmq_peer_discovery_etcd 3.9.27& ?) t/ w+ U$ k% d" L; S8 w
[ ] rabbitmq_peer_discovery_k8s 3.9.27
4 B6 a W/ _ F- m8 c [ ] rabbitmq_prometheus 3.9.27% x$ L; X+ r6 ]" D/ U& c! T
[ ] rabbitmq_random_exchange 3.9.27$ E+ w( a% ]& g
[ ] rabbitmq_recent_history_exchange 3.9.27/ w; | H( k' F( E! e
[ ] rabbitmq_sharding 3.9.27
6 m- P; t n& J7 @: Q [ ] rabbitmq_shovel 3.9.27
' W8 \9 X A1 T [ ] rabbitmq_shovel_management 3.9.27" L/ ~6 u) F% s# c! P) z v
[ ] rabbitmq_stomp 3.9.27
2 ]5 f% n1 t* H3 c0 A [ ] rabbitmq_stream 3.9.27
4 k/ P+ M! V7 V! L4 ? [ ] rabbitmq_stream_management 3.9.27
; c7 u7 b C- r5 h, d [ ] rabbitmq_top 3.9.27" [6 ^3 R$ Y/ c1 F8 L% V; P2 N
[ ] rabbitmq_tracing 3.9.27
# F; P8 r% E- _5 f! [0 l9 S [ ] rabbitmq_trust_store 3.9.27" x0 g; ]1 Q2 i8 G' Q
[ ] rabbitmq_web_dispatch 3.9.27, }6 ], w! I2 `3 z
[ ] rabbitmq_web_mqtt 3.9.27
" }. Q8 R- M, D# N- y+ G [ ] rabbitmq_web_mqtt_examples 3.9.27- W! y( s! r1 H' L% c5 n3 G$ s+ l
[ ] rabbitmq_web_stomp 3.9.27
: T5 u* G, Y$ X! o6 n [ ] rabbitmq_web_stomp_examples 3.9.27
. n' p; F3 O0 \% [0 ~. s `打开插件`0 P9 y, V% _- L4 o; o
root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management' ?' n- C8 d7 l- E
. O0 r0 {# E+ ?% G
root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf7 c# l5 @5 {' \* \; ^' P. y4 l
loopback_users = none7 O8 I% x) q. n, Q- \* @8 C% z) k
root@openstack-mysql:~# systemctl restart rabbitmq-server.service 0 a, P8 o" I" e2 p6 T
& @7 G: r( s: A# L5 d8 m& m5 ?访问 http://192.168.139.33:15672/
: R8 m8 W* e" C! j5 Q9 K* ?4 N
: J: o6 E! }$ p$ g9 B) m
7 G [+ G# ] g: [0 b K
3 h9 ~4 O1 m( H( J: [: I* y, y. x' `6 Y; C0 r' g( s9 t. t
1.6)配置memcached
: [! E: i% i8 U/ c2 I root@openstack-mysql:~# apt install -y memcached python3-memcache- y6 z9 s/ w- }8 c; [4 Q9 d
root@openstack-controller1:~# apt install python3-memcache
8 M! M$ d5 C4 o; e& |2 ^. @. M& N8 H . C* ? E, ~7 }% n9 N
root@openstack-mysql:~# vim /etc/memcached.conf
* b' q7 o$ w5 W J$ r # Specify which IP address to listen on. The default is to listen on all IP addresses
7 P; u3 c; Q' S2 ^/ o # This parameter is one of the only security measures that memcached has, so make sure
7 f9 F& N2 C5 J+ j7 F; r0 L c1 @ # it's listening on a firewalled interface.
5 `- T2 {; K- U0 e5 I8 v# ` -l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:# }# X! ?: a* t( b
root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service
+ J' J/ A5 S" s1 X6 k( r1.7)配置haproxy
2 a" n! F3 N8 ~1 a root@openstack-haproxy:~# apt install haproxy
% i% ?; ?: i* n7 U root@openstack-haproxy:~# apt -y install keepalived
- l2 L8 h3 U! f7 N `配置keepalived`
* B' G. L5 a* F g1 g8 l) R root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf
?$ F) O& H' L2 i: u9 c9 ]8 l! y global_defs {. H9 u4 z5 g* q: n3 ], O* Z2 W
smtp_connect_timeout 30# m6 ^' c8 V; g
router_id LVS_DEVEL
' o6 K% }; ^1 H9 q& c3 ^2 N9 B vrrp_skip_check_adv_addr
1 Q/ s5 W0 Q8 o1 n2 C% w vrrp_iptables
" T% e, U, C6 a7 o, b3 J vrrp_garp_interval 0
" B7 Q) M: _" S3 ]# @ vrrp_gna_interval 03 U% O0 \1 e6 j3 {( h( ~. U
}& \4 P3 C7 p, U o
$ e1 `/ w& m5 R vrrp_instance VI_1 {
2 s$ T- f; a1 ]9 h/ N0 t, P state MASTER
: D! i" f& Y& R+ Y interface eth0/ |/ Z* `6 ^3 p/ k- X9 A. E
virtual_router_id 51
) S' f9 q" f* U5 [7 ~ priority 100" D5 g4 @* n+ L: W/ e" U7 z
advert_int 1
& z+ n) n9 N+ \5 C authentication {. _9 o2 z% `9 r* L* u& o
auth_type PASS
" e/ k/ U& P$ Q* w- w auth_pass 1111
/ z3 p0 }2 y3 |7 R1 a. T% T) G- ` }) w+ a2 t0 A A" p, M$ j
virtual_ipaddress {9 R0 Z0 l/ S7 b; k
192.168.139.248 dev eth0 label eth0:0
6 K) K; K2 V& ` }8 J( Z: o U8 x
}; i4 z0 l: H/ f# Q. D) _2 t+ a
root@openstack-haproxy:~# systemctl enable --now keepalived.service
1 e( G0 o5 v2 {' U+ A root@openstack-haproxy:~# systemctl restart keepalived.service
O$ d5 v1 J# j# y0 F& a8 f) A( x `配置haproxy`
$ a* a( y+ @! a0 B8 g# | root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
% {" @2 |/ h2 A1 u$ f M" z # 把后面的frontend和backend模块配置全部删除
6 E. U: u" ]* q1 {7 Y # 最后一行添加
; {6 D) A4 l. j9 j+ c listen openstack-mysql-3306& @$ ]6 |7 q6 v
bind 192.168.139.248:3306; x8 [" O: U2 _- S
mode tcp
+ i/ e1 G$ u _8 \! Q( @$ v3 T server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5
1 p* u. k" }9 d+ ? 4 {6 s i" [; ?2 G2 A
listen openstack-mq-5672
: T+ \# [# z9 w) i bind 192.168.139.248:5672
7 o* u) ]$ }7 S4 X3 u$ n; I mode tcp* N! w/ i8 t. E/ ^9 k
server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 5$ J" z' }* a8 W
& O6 D2 E& E% \) L! w
listen openstack-memcached-11211* U* m( L0 Y# x4 U" ?
bind 192.168.139.248:11211
9 m. K. H! H! n mode tcp+ g! w y, Y1 u# U$ A2 y- ^
server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 5
" z) X( s. f% {$ c; S5 L' ^) Q5 ~
. P, c2 I l" h7 W! j) A; { root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf
- n, L/ A$ g; e; i! ^5 S, ?- c root@openstack-haproxy:~# sysctl -p
) [0 X, A% G9 s5 y+ F- x7 U8 e root@openstack-haproxy:~# systemctl enable --now haproxy.service
7 S% p% A/ A" l* E root@openstack-haproxy:~# systemctl restart haproxy.service
, ~8 b: Q- |/ z' [1 D root@openstack-haproxy:~# ss -tnl
- C) l- A: ]. E% ^) d State Recv-Q Send-Q Local Address:Port Peer Address:Port
8 H/ v1 n; } ~. _1 t* k. c% K& l LISTEN 0 128 *:22 *:*
+ F% ^ w. o% [0 A LISTEN 0 100 127.0.0.1:25 *:*
# c% s9 P: p V" }% j6 w LISTEN 0 128 192.168.139.248:5672 *:*
: i; ?6 v4 i I1 e" }( q LISTEN 0 128 192.168.139.248:3306 *:* 9 W; h( \$ c5 O! z( ^1 l' c
LISTEN 0 128 192.168.139.248:11211 *:* 6 K; W, s# G1 A; I" ?" N% r
LISTEN 0 128 [::]:22 [::]:* ( g3 \* ]" M( ^. i
LISTEN 0 100 [::1]:25 [::]:* % B1 l) Q8 k5 n! |- X/ a
验证
' U1 j5 Z7 c u8 B; Z9 \
E1 l. w, k' k) ]9 ^: K root@openstack-controller1:~# telnet 192.168.139.248 3306
) C" K% x( \7 C8 T Trying 192.168.139.248...
, D9 d1 R+ o# I% S x; X' f Connected to 192.168.139.248.7 Q. _: x1 O T4 I: I) a& n7 F
Escape character is '^]'.$ m9 |, ]/ e M, D
6 O3 r' @0 X' Z6 U2 \) _& T- ^$ M root@openstack-controller1:~# telnet 192.168.139.248 5672- G% B1 n- v* F* y
Trying 192.168.139.248.... b) l$ a1 U% u
Connected to 192.168.139.248." M2 L7 k3 Q8 R- L) u
Escape character is '^]'.
* t( K- E6 K4 N6 @# L; \2 K
/ b0 a9 K! G- u2 K0 A root@openstack-controller1:~# telnet 192.168.139.248 11211
% ]; J6 _4 Z4 s! G Trying 192.168.139.248..., Z& z; ^5 E) X( t* h
Connected to 192.168.139.248.
9 U0 _. x8 j* e2 F. ~ Escape character is '^]'.( t' q" k+ w, k0 }
2)安装keystone
' u0 w+ Y4 J3 J0 x! W2.1)创建keystone数据库& \. n6 N( i) P
root@openstack-mysql:~# mysql
+ S5 I6 d0 P! U MariaDB [(none)]> CREATE DATABASE keystone;
1 J; z% O6 F: s+ d0 [" }- J2 i MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';6 }) o+ f9 g$ r3 `- H, y8 a4 Y- u9 U1 `
`controller节点验证`
. Z' j) v d' G+ Y( K9 }3 P root@openstack-controller1:~# apt install -y mariadb-server: @6 f6 w& ? d) C
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone123( V$ b" _3 n( s# `* h7 H
Welcome to the MariaDB monitor. Commands end with ; or \g.8 }# l# m( Q( m4 M% z
Your MariaDB connection id is 35
2 j' m' V+ o& H# ~7 y' _ Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04( C! o7 x+ x% L4 S) }0 Q4 G" ^
. E7 @" T) e& G- V. A5 g1 i
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.0 }1 n7 ]7 c8 c" T+ z( P0 V
. ]4 S3 @9 S" B* S" P1 |* @3 d Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
3 z; a8 U: J7 F& D: `$ w 0 V4 e( R" {0 V( h+ _
MariaDB [(none)]>
8 i" l' I$ h1 ~3 s root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123, A& `0 G2 X9 N2 w+ N
Welcome to the MariaDB monitor. Commands end with ; or \g.
7 f Q" [/ k$ Y! Z# o8 B( q Your MariaDB connection id is 36. }! j) ~* ~7 {$ g: M
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
% w. r C' m5 L+ s: |
- G. e3 z: F/ k' @ Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.( J6 w9 \7 L2 T0 y$ G
0 q5 p9 D, I! d" b0 h
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.0 P7 `) d5 V9 @% e, O! y. v
0 u3 l* I* P( j1 G6 u8 g+ g* d MariaDB [(none)]> 7 }. t U& X% M' F% `1 H
2.2)下载配置keystone
$ j" x7 p- h+ t) u root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py33 N, `6 Y0 H' a0 v$ _) [
`添加vip的域名解析`
& P2 U- Y {8 K& K root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts. v x; W7 F5 @
`修改配置`- y+ w# N3 R) Z n8 U6 F
root@openstack-controller1:~# vim /etc/keystone/keystone.conf8 @/ R8 N% p; _4 ~/ C, ]
[database] # 在这个模块下面添加下面这一行信息
9 R9 n# [ s5 B0 O1 } connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone
4 u2 n, B. l. p# F9 `% u* B [token] # 在这个模块下面添加下面这一行信息
6 _+ `* h$ i' O1 r' ]! Z rovider = fernet0 F5 l; m6 f' ~8 l9 x2 e
2.3)初始化keystone数据库
0 m1 t% o3 s$ u5 h, a root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
3 S! @9 O, {9 h8 P* O `验证是否初始化成功`
0 }1 U" h; g! W* n4 f* O- V root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables": y. l3 P' ^5 S3 {, }. o
+------------------------------------+
1 W& B3 v" \; `7 l0 c | Tables_in_keystone |* k. ]! i5 Z X# e3 @
+------------------------------------+2 B! c+ G' P, F
| access_rule |7 R& y5 F. q' S, y
| access_token |# n D( O' n4 Q+ d4 `* O- m5 i `4 G
| application_credential |/ k8 T/ |3 R5 E+ @5 x7 q2 p A
| application_credential_access_rule |
9 h: D- w1 ^9 l2 G$ K | application_credential_role |3 k2 N. t, U# X; H8 x: b. R
| assignment |
; L" T7 r# ?- @0 b | config_register |! |+ a: ]$ `7 O. j: w0 Q: G! v
......................................
7 d2 x! q4 ~, ]8 C# ` ......................................
* q: u5 ?. g. K8 ~6 z: N5 W | user_group_membership |( i" @4 u3 u% S0 A+ L
| user_option |
) @1 w% Q9 g& z) _& V$ u, ^* y | whitelisted_config |
# ~+ {! O! }7 [ ~2 N +------------------------------------+) T; f D4 B/ o/ l% Y0 ]! t% J
; C5 H- S) _5 K4 e9 D ]2.4)初始化 Fernet 密钥存储库" L# A) y! U7 `; \. l2 Y
root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone# j( _0 ?( Q" f6 t
root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone2 w1 Z6 P0 H' N9 e
2.5)引导身份服务8 W# A# q# o! [8 o v& c$ {
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 0 X( x. r7 x/ I _$ B4 v0 p
# 在最后一行添加下面4行内容) V+ W# r" b+ @8 @! D
listen openstack-keystone-5000) r* k2 D. Q; d2 u# g" N n1 @
bind 192.168.139.248:5000% Y+ W/ ^- S2 e( k% j; M* B
mode tcp
# Y" b3 ]/ D5 X5 r server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5
7 Y2 c$ v1 {: p6 f root@openstack-haproxy:~# systemctl restart haproxy.service 5 M$ F' n# f* ~. N
# 设置,密码为admin
, P% ]; G; [1 g& d6 _; i" p root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \8 v; V& k9 a& d5 |2 A& @
--bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \
: I5 E, H) w; o9 o --bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \
4 g' ]* Y) A! _4 C S* f --bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \
. I# |4 K) a/ U7 K8 }: r/ M --bootstrap-region-id RegionOne
W/ C: k) @* F2 _/ `& ] `验证`+ E$ a X+ \( B9 y0 _; ^
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service"7 G; B5 \" y% E5 Y' H# U
+----------------------------------+----------+---------+----------------------+
7 t$ d# ^0 @0 M) Z/ S( G) \ | id | type | enabled | extra |4 [6 F B; E$ O* l5 f
+----------------------------------+----------+---------+----------------------+
( v. n9 ]# U3 r' l. L1 n V | 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |+ q6 T5 f+ v8 ^& n% H/ }
+----------------------------------+----------+---------+----------------------+( T) r" X" _3 W n1 e( }0 M+ f
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "
; R( P; b8 v; c2 x0 b1 I +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+: L& o2 z2 o. `
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |1 L% i' S7 q* i6 j
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
, u2 M9 }" _- f' Q }( B) m | 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
. I# Y: M, p9 g* k% V; d; q! b | ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |0 a/ U4 D% k( X0 Y5 k+ ]
| def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
1 Z0 Q" D; k a0 B +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
) U- l J' ?1 W" K7 q2.6)配置Apache HTTP 服务器6 k9 f( Y+ S( T' ^
root@openstack-controller1:~# vim /etc/apache2/apache2.conf 7 l- x' u: z8 |+ D0 o
... # 找空位置添加
9 C. Y" e/ s. h+ J; e, n3 ~ ServerName 192.168.139.31:808 b# c" D3 l& p2 m, ^/ r
root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart
0 b# R: Y b3 m6 M" M `验证服务`
8 B$ O3 ]4 c: P) S root@openstack-controller1:~# curl 192.168.139.31:50005 d, R8 K& D, m% n, l
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}% E; d8 {6 Y) w: c. W3 P2 E( f" P! F
root@openstack-controller1:~# curl 192.168.139.248:5000
0 T) w* t9 z* a/ U {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}: h$ Y9 h' Q Q- R1 A$ H) `
root@openstack-controller1:~# curl openstack-vip.stangj.local:5000
1 w( G6 B1 \/ f" S {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}
. D* k$ o! q* ^9 m( ^; b6 f2.7)配置环境变量来配置管理帐户- H" K3 H* I# _. \9 `
root@openstack-controller1:~# cat > admin.sh <<EOF
/ g) f8 C1 r! B: K& r export OS_USERNAME=admin- a' u* V& `' A
export OS_PASSWORD=admin0 Z8 l& d: t. o$ w2 o: p- L
export OS_PROJECT_NAME=admin/ k; V" f. ]( u9 o, V5 r3 B
export OS_PROJECT_NAME=admin
M6 U' C1 r7 F6 j export OS_USER_DOMAIN_NAME=Default
% {1 e/ n3 m0 _0 ~" G7 u export OS_PROJECT_DOMAIN_NAME=Default" v) G w w+ x0 Z
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
0 L" `$ D& v3 `6 {3 T) Z export OS_IDENTITY_API_VERSION=38 \% [, k' h# u0 f: {! M
EOF
3 f" D% X# q) A- ?7 o. d `生效配置`
3 {3 j8 `5 z2 V root@openstack-controller1:~# source admin.sh) h# q( q9 I; S/ \
`验证服务`
" m ]8 f2 |) t; B( z; L3 j9 e root@openstack-controller1:~# openstack user list( p+ b" p6 E( u E# I# s# m* f
+----------------------------------+-------+' ?, L5 E9 w1 d* ^
| ID | Name |: S2 k; c4 T+ Y6 K- K
+----------------------------------+-------+
]* w. F. ~/ [0 m% F: p' x4 b1 m | 5c4b6243d95742799de0fc97ef119967 | admin |: P* x# r: H, _4 `9 l" t6 r/ o0 t
+----------------------------------+-------+
; t( ]& e$ W% k+ c, U. k- o$ D; D2.8)创建域、项目、用户和角色
+ U4 e' X/ C- P# W8 Y* z `创建域`
& @+ j) u! N% k: U( F; K root@openstack-controller1:~# openstack domain create --description "An Example Domain" example% C7 [6 \! H' x- C; D' G
# [root@openstack-controller1 ~]# openstack domain list* I* I+ B% N/ b/ X g' j
+-------------+----------------------------------+
* w k$ l- ~/ o$ m! [$ X4 t | Field | Value |. ?) B- x- }9 Y; |5 B7 Q- Z( H9 A
+-------------+----------------------------------+
. y0 D2 C+ s4 O* m1 [7 G% C | description | An Example Domain |7 |# v" z% A6 h2 J, s+ C4 a: `
| enabled | True |( p; u" L0 |* y& N+ C
| id | 7233934db37f4e839da0bbc62bdebdf5 |: n/ l( i5 {! G
| name | example |' m4 j. h) R* B2 P6 P1 D
| options | {} |9 w' {) c! l; D2 l4 J( D; t6 v9 E" ^
| tags | [] |6 J) L; I7 l2 Y- N& H5 V
+-------------+----------------------------------+
- S$ u$ b i; z" Q `创建项目`
: m/ _: g: E* _. J9 O% k4 I6 Q7 \, v root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service
1 ]/ |2 |( F, ^- W: @9 c) C # [root@openstack-controller1 ~]# openstack project list
/ p" P7 O) s9 d" y' l3 O: U8 b +-------------+----------------------------------+
- P3 A1 W" e/ w5 [6 l/ E | Field | Value |* }2 l1 G( c! t/ L$ ^
+-------------+----------------------------------+$ ]* x$ l0 j h# h
| description | Service Project |
( |6 X2 L( J" Z2 o | domain_id | default |( S6 p* N4 U6 N
| enabled | True |6 o2 t/ C& k2 i+ m! J7 d6 v E+ `2 I
| id | 024872cab1fb4329997f4bb552cc7439 |
$ \/ n+ A$ v8 k$ y3 S | is_domain | False |# R% D0 L& h! U9 U3 M7 }5 x
| name | service |+ J2 Y. r y$ \( E8 K8 p5 f
| options | {} |- [* Y, y$ h! k- `7 f" ]: F
| parent_id | default |
" w4 {0 @2 Q& O! Z$ e/ m | tags | [] |: ~7 f' t" u4 G8 q
+-------------+----------------------------------+
$ |/ X0 L! M8 ^9 z0 o, @ `在default域-创建项目:myproject`, X- s: Q" n9 n1 n
root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject
& Y3 ]$ n1 q0 X( `! \* u$ S +-------------+----------------------------------+
; S% e! o1 z' g e! b# l6 ]* B | Field | Value |
$ N, ?& }. f4 n5 n- M +-------------+----------------------------------+
- p( U6 @' ]) I$ z7 w: Z | description | Demo Project |
( ^( a. F# y8 N" w | domain_id | default |
% c/ ~9 `: n# M% k# M | enabled | True |" o l0 m$ n) j3 y: p; y1 a- g
| id | 35e14efc4bb64fd18ab58ab793881459 |
' O X, ^# d6 h) ^& t6 ~ | is_domain | False |
/ \8 O# N, ?7 S2 U1 r | name | myproject |
% E3 i* l. O" J- h8 A. P | options | {} |
( }* r0 q$ b# q5 Z, k4 V9 j | parent_id | default |
& p; U) N1 o% A* K5 n6 i" } | tags | [] |' v% O: U: a4 m# X9 @& I. l
+-------------+----------------------------------+
1 C" E( w) Y& P" S, A! a `创建用户:myuser`
0 |% j2 E4 f( ?( d root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser
( M& M$ n2 L$ b, z7 h7 F2 K5 I User Password: # myuser
& }$ ^' ?1 y' q1 y3 ^! G: n Repeat User Password:# myuser
8 W! {2 {: y6 ^* \9 f +---------------------+----------------------------------+
* _/ E( E# _; s6 S) Y# X% W | Field | Value |% m5 g5 M6 ]+ S/ N# M- A0 V3 p! b
+---------------------+----------------------------------+% W2 z2 g' b. r! w
| domain_id | default |: m0 S" L: t/ u- K8 F4 J& Y
| enabled | True | L1 J+ g& M- n/ b& C( t3 {
| id | f40449a65bcf491aaf44cc4f8e09f3fa |
# X$ y& Q" ^5 [! H: L) X5 n | name | myuser |# S( Q5 U: q- c p, ^. H( x) k; {
| options | {} |% X6 M9 B' x+ r; D
| password_expires_at | None |
7 f' r2 R) i: j9 L$ s6 W +---------------------+----------------------------------+
+ d2 ]/ p" s; g' H+ ~. Z; B `创建角色:myrole`
; H; a& Z$ i/ H3 e9 x9 q+ |* B root@openstack-controller1:~# openstack role create myrole* J& L) Z7 w% W
+-------------+----------------------------------+
% n" n P/ f0 {! B9 ] | Field | Value |
" |! s; `: S6 Q% Z- ^* N, X& C; G: o +-------------+----------------------------------+1 U6 o& _! C0 L
| description | None |' H& F; E7 D' z- i3 y& x
| domain_id | None |, C6 o% f2 p; i3 a# ?2 c
| id | b1cf825f18194c858ba735c3a873e87b |8 o7 ?/ ?: `: K0 i3 R
| name | myrole |
3 m& E3 B9 q, t/ \5 e | options | {} |
. h. ~6 w& q) s +-------------+----------------------------------+3 n1 [% P# S( t# |) Q2 J' V/ {
`将角色添加到项目和用户:myrole/myproject/myuser`7 p/ g0 U l: V& ?! ~
root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole1 ~7 `: o+ k: |
2.9)验证操作, N8 T D" ~' k0 ]$ k: b
root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD) m: c8 x5 A. v" m
`获取admin的token信息`& {5 L* y* l/ o- J
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue j# j0 P- g5 a7 f3 N, u r! C
6 ^' d% x( p& e, x; J Password: # admin$ J$ r: m J: R1 G( J
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
/ E9 Z4 J. `- B+ w8 D | Field | Value |
3 V( c D R5 p( {) \6 C9 U. y, w +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
6 U. J1 J7 g$ T( p | expires | 2024-12-07T12:25:41+0000 |2 `% T& K! ? G" x) U; x2 O* p8 R$ Q
| id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |
# F; H' b4 H* z4 T | project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |
7 a( \# Y, I0 a | user_id | 5c4b6243d95742799de0fc97ef119967 |; C. J+ @$ D: y5 m- T/ ]4 C
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+* L" ~. l% y; t
`获取myuser的token信息`% t8 G- X2 ~5 t
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
5 a" @. q! p) u9 o% s+ F* k! k9 A Password: # myuser8 J( y6 r+ G9 y- v. Y
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
* T5 t1 ^7 L1 s" M | Field | Value |
; v4 X8 M2 O/ H" ? +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 a$ B' F" k/ G | expires | 2024-12-07T12:25:41+0000 |% P" N3 L) J4 G/ |2 S, ^! [
| id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |# | w! Y- H. V" ?
| project_id | 35e14efc4bb64fd18ab58ab793881459 |
# W, w( k. `. V. ]) g8 C2 i: b | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
$ T8 [7 B6 X8 [# M0 ]5 f +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
. Q$ l/ {/ Q7 E2.10)新增配置环境变量来配置管理帐户
0 h s( G4 n5 D. _0 Z& h0 x root@openstack-controller1:~# cat > admin.sh <<EOF
1 w, T3 Y% H4 U export OS_PROJECT_DOMAIN_NAME=Default0 p4 {) d' [) m! \0 f
export OS_USER_DOMAIN_NAME=Default' ~* N* j v) J; K' n3 c
export OS_PROJECT_NAME=admin
7 Y& ]' \- v% e1 w. L% `7 P export OS_USERNAME=admin6 Q% x" ]" l, G( S5 x! g
export OS_PASSWORD=admin
2 v" n3 I7 w# C- h2 I* V: U O export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3, \; S9 @) L& Y5 \
export OS_IDENTITY_API_VERSION=3
' } _: L! p9 T t8 G2 y export OS_IMAGE_API_VERSION=2
3 c- S# K& t8 S6 O0 ^7 O EOF5 P. v( u2 {! P0 [. ?/ i/ }% Z
root@openstack-controller1:~# source admin.sh , Z9 [. O B7 S+ s/ F# ~
`验证`
+ y" P! p- ~+ m3 ^& g F root@openstack-controller1:~# openstack token issue
4 {, m. g# ]6 w3 M' C$ g +------------+--------------------------------------------------------------------------------------------------------------+0 U' [' f- E. ]+ F2 m
| Field | Value |
5 P8 k" n' `0 z. }4 H' f +------------+--------------------------------------------------------------------------------------------------------------+
3 M0 g4 A/ K( q/ j" Z! x, Y | expires | 2024-12-07T12:25:41+0000 |! t5 n) I. i& F. ^& H y8 _8 t
| id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |
/ y- _: _) h. D5 o: |: L | | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |
4 i, O, {& l9 B0 @ | | qj3vDQYbVyFBbnIY |
; B: ^4 Y! \1 ^* T$ ]1 F | project_id | 96bbc0e66a5246fdaf29843498ef49a1 |8 h0 U C. m* `' P: F% j
| user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |3 H" O V# H: a
+------------+--------------------------------------------------------------------------------------------------------------
$ s r! l! K; [9 N# j * M1 F4 m$ a+ X0 C1 D D
`创建普通变量环境`
1 p1 J' o8 Q+ B0 }% D' L5 E2 B root@openstack-controller1:~# vim demo.sh$ v* Q- d& M& U! e* O% `# B+ @" \
export OS_PROJECT_DOMAIN_NAME=Default$ ]* ]: _; F* h4 q5 _. |
export OS_USER_DOMAIN_NAME=Default. I( e7 |, U. t: Y0 c, i6 w' L
export OS_PROJECT_NAME=myproject
( j3 H3 F$ Z2 C export OS_USERNAME=myuser
4 ]* g/ v2 b2 L' _/ X* g& A export OS_PASSWORD=myuser
' V' P1 n5 u4 A export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v32 u* D: p" S; n3 j' v3 G
export OS_IDENTITY_API_VERSION=3: N. P" [8 }% q# M) r0 V7 Q6 P% Z, q
export OS_IMAGE_API_VERSION=2
' G7 q% u2 q% R$ J/ J9 [7 I& w root@openstack-controller1:~# source demo.sh & l3 i1 A7 j+ c1 k1 W8 J; Y; i
`验证`
( z2 D3 Y1 O) l" t$ D9 k) R" v root@openstack-controller1:~# openstack token issue
$ c/ H* U' s3 u- a" O +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+. `: J* j9 ?+ `
| Field | Value |$ u' |& k4 T$ O# D/ j
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+3 A/ _+ U8 Y, G, s+ d7 [; R6 s
| expires | 2023-12-14T14:26:22+0000 |! ^/ p6 d' Q- c
| id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |
c. E* O) e9 ?& G& s& D4 F | project_id | 35e14efc4bb64fd18ab58ab793881459 |" m2 J( i1 |8 Q1 W
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
, }. g R s2 i" x- \8 _& { +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+. ]+ L7 Z+ L# _. l( E
3)安装glance) A8 p K# E" r" T) r
3.1)存储准备工作2 y$ ]. d+ a. v; W0 i4 ^! y$ P
# 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs
( a! @7 w% P0 ^+ [5 s% v root@openstack-haproxy:~# mkdir /data/glance -p" C5 I1 s" M) s5 M
root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y: T2 [' c8 V3 J9 }8 c4 a1 \
; I1 K+ K, P0 R6 w6 {) o
root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports . L1 ~# g! l4 j6 f9 _% u; J
root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server% j4 Z. D9 D3 z0 F9 |% z: R
root@openstack-haproxy:~# systemctl restart nfs-kernel-server# b5 T- Z- p( S7 S$ i/ T i
3.2)创建glance数据库
: ^. y' Z1 D2 E2 a root@openstack-mysql:~# mysql' y6 w9 |. T: Q& N K+ H. |6 n
MariaDB [(none)]> CREATE DATABASE glance;, i5 s4 F/ e2 B( Q# m
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
" Z; ^! U3 I3 \ [root@openstack-controller1 ~]# source admin.sh
5 N z- n7 s. O2 m `创建glance账号`
9 I( f& G1 E! H4 l# {& X [root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance, Z: ^% C/ G5 J$ z7 s2 t @
User Password: # glance
' `/ v0 u: m7 _/ m5 U9 m Repeat User Password: # glance, h# \# ^+ i5 @) k1 U8 f, p% Q2 V0 @
+---------------------+----------------------------------+
- V! }% M6 `/ ] | Field | Value |( J* N+ J; W" {, e: h1 ?) D
+---------------------+----------------------------------+
2 W# w- l: `$ g% a6 I | domain_id | default |# N% U# b& K4 \
| enabled | True |9 W0 Z9 u/ X3 K2 Q
| id | 34a900b8a67f40439804c830cd5957da |
5 W) O0 k N9 c4 T! q/ C | name | glance |
8 P+ j) i# b+ B' ? | options | {} |# U" A; C: c+ e% w- d# D y
| password_expires_at | None |
; U' q2 i$ d& u3 C0 x" u: c# c +---------------------+----------------------------------+- q# q* R( x7 |1 s U# w* M
`将角色添加到用户和项目:admin/glance/service`, M" g( \7 w- t( c5 e3 e
# 让glance拥有service项目的admin权限
$ B* S/ ~& @4 e, n5 G root@openstack-controller1:~# openstack role add --project service --user glance admin9 P: \, W& c- H5 ~) J
root@openstack-controller1:~# openstack service list3 i* J9 x/ A5 E* s8 h
+----------------------------------+----------+----------+
# G p; z4 G* e: Z$ T3 p4 f2 q2 ?$ ` | ID | Name | Type |
8 E; ~9 m" \+ ~! F0 @( d +----------------------------------+----------+----------+
y) g S6 V- E: N- [! n5 m! j | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |! u) d# M0 H! n, B
+----------------------------------+----------+----------+
5 F" N- r& H/ m D3.3)创建服务实体glance
6 I# S7 [. K0 g- \ root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image
+ {: ?$ I4 {9 E* ` +-------------+----------------------------------+1 j! G1 _5 Z0 `5 ?5 m
| Field | Value |3 t+ d0 Q* J: |5 C8 c
+-------------+----------------------------------+$ l9 P8 y# |; R( a8 g2 N
| description | OpenStack Image |
T' o% f1 F% Y8 o8 h7 v, t | enabled | True |5 S0 y j* a1 G8 A1 _
| id | e53a2bd43aaf48f1840064e9cb594293 |
. i" F* g9 s2 L" a# y+ Q | name | glance |. `( L# U, E+ }3 l( }. s0 I
| type | image |# I: P9 S0 J4 V* D
+-------------+----------------------------------+" d9 K& e- [6 \1 o$ J* M
root@openstack-controller1:~# openstack service list' ^& v. Z0 ~. h0 ~" ^
+----------------------------------+----------+----------+
4 |$ `) R4 n# ~9 k | ID | Name | Type |
; k6 w& O- ?" v7 C3 {* T$ A +----------------------------------+----------+----------+- S7 a+ {- J( I6 A. ]
| 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity | e5 e/ l' @1 B
| e53a2bd43aaf48f1840064e9cb594293 | glance | image |
- M5 v+ e# g3 j! o3 R: g! [ +----------------------------------+----------+----------+3 W0 O- Z% a% C- v5 q) F" |7 p: Q
3.4)创建Image 服务 API 端点:5 a7 o5 w' c5 I7 ?& C% b7 z
root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:92926 U# }/ j$ S: r S; Z* e
+--------------+----------------------------------------+
* C) n9 B: l7 F: P | Field | Value |
, j5 [5 U. v( C* a +--------------+----------------------------------------+
5 G& m3 R. X5 i | enabled | True |
3 I/ C& x1 g& |1 m. q& `9 B | id | 3fc61c0f302d41359da99b80ca32853f |
3 W# a2 a5 ?6 O6 @5 a | interface | public |
% V+ Y- n# N6 W/ \ | region | RegionOne |
4 T; m1 n" h: ~ | region_id | RegionOne |
4 E1 d3 u6 h. f | service_id | e53a2bd43aaf48f1840064e9cb594293 |
. L- n3 Y1 X6 @0 U7 F0 L8 A | service_name | glance |
9 _ v. r* @5 e' Z1 T | service_type | image |1 g0 o \8 K4 H' j$ C5 n' ~9 D
| url | http://openstack-vip.stangj.local:9292 |
" m) y" @& t* Z9 i+ ] +--------------+----------------------------------------+* A. j/ D7 z ?( i& i9 S
root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:92926 x, a3 S( W* B$ r3 a, m
+--------------+----------------------------------------+
" w3 H7 q1 G8 U2 v9 B9 T | Field | Value |! w" \( ~4 R" o' E# s
+--------------+----------------------------------------+
, d3 W, `& W+ j: R0 Q | enabled | True |5 I. @3 l* o3 s/ F/ P! r
| id | 671f3dd8ddd643d08b922df0f9c7f4d8 |
1 Z: F: t# Z1 G& |6 X | interface | internal |
! s* G/ f2 j' l1 y! } | region | RegionOne |5 H4 |# {1 \. l+ ^
| region_id | RegionOne |
% d" `- u% ^: g7 d; t | service_id | e53a2bd43aaf48f1840064e9cb594293 |
# s" s. k# o! Z4 t3 a | service_name | glance |
$ a+ j* g' w' V- @# @3 _% L | service_type | image |
6 o7 B! Y8 C( U# |; J8 s | url | http://openstack-vip.stangj.local:9292 |2 `# J% [: W4 E2 B2 J) w
+--------------+----------------------------------------+) M, l8 f: w ]
root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:9292
7 E8 L" c/ G3 _$ v/ v* M( K- M +--------------+----------------------------------------+
5 J! F8 w& ]0 R, y$ X5 P. O | Field | Value |
0 g7 t) T/ A% E0 O& w! t& c7 O, e +--------------+----------------------------------------+
6 X0 e1 i3 G' ?; k5 C, z1 _: _ | enabled | True |; B6 }/ J. ?! C y
| id | afea7ab2f5914bcca88f088957f6144f |0 y8 |1 t. X0 {! }4 m* Z
| interface | admin |
" v8 L4 l$ ?6 o | region | RegionOne |
, b3 k! u1 l& N: v! d | region_id | RegionOne |8 i* {! W8 A. U0 I" E& y9 g& Z+ B
| service_id | e53a2bd43aaf48f1840064e9cb594293 |
. j2 X. y5 p; z. z5 s( y8 z# Q" W | service_name | glance |
6 Z5 H p' O2 p) j4 f | service_type | image |/ u7 a) h" s* V( L# H2 n; u$ C
| url | http://openstack-vip.stangj.local:9292 |
" b2 ~0 }" q+ \9 R0 t: C6 Q +--------------+----------------------------------------+
& \) @& K! A+ L3.5)配置haporxy代理
Y$ z' H* v, S2 D! m% M0 E1 x) { root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg : o/ Q V t6 R4 {) e
# 最后一行加入下面4行信息
3 N! K' h I8 t H& Z; u listen openstack-glance-9292
% U3 R5 Q Q+ x* h! x bind 192.168.139.248:9292
/ n1 w0 n/ s% o mode tcp, s" k0 S6 R% N- x' R
server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 58 f: J4 t$ r( a6 U. k( ~
root@openstack-haproxy:~# systemctl restart haproxy.service 4 ?! p! ^" C7 c
root@openstack-haproxy:~# ss -tnl | grep 9292
9 I7 {3 M( o% B9 y0 g* c$ u LISTEN 0 128 192.168.139.248:9292 *:* / o) D7 Z y3 F1 z
3.6)部署glance服务4 I( l6 p+ d4 H D( L9 g
root@openstack-controller1:~# apt install -y glance
& q+ ?3 e9 _" Y! m+ h3 M3 i3.7)配置glance服务7 a3 x3 z: R- ?9 M; Y5 w8 H" J7 e" Q
root@openstack-controller1:~# vim /etc/glance/glance-api.conf
% c! P5 ~5 Q/ q7 j. x [database] # 在这个模块下面添加下面这一行信息( ?+ ? L3 X4 H+ t1 A4 \8 z4 w/ L
connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance7 O6 R1 G+ d; F* s; r( Q' P
9 P- z! A( W) Z0 e$ J i
[keystone_authtoken] # 在这个模块下面添加下面这9行信息$ x+ n% Z* V6 e! t/ I1 z1 E& v; s
www_authenticate_uri = http://openstack-vip.stangj.local:5000
. a# H9 i% ^4 f* f, b. a auth_url = http://openstack-vip.stangj.local:5000
) D# K5 n, d! @3 N memcached_servers = openstack-vip.stangj.local:11211. Q' `/ Q8 H: \
auth_type = password
u: T5 S& U6 T6 U project_domain_name = Default
* g7 d* l$ J" Y5 z* O0 e6 J1 u user_domain_name = Default( f, D8 O) ]. ?$ {
project_name = service
" `9 |* J# D/ i' ~0 E( @) V# m username = glance
8 D3 h0 y6 j3 O+ J( v1 y password = glance8 }1 z# |3 b, q8 o+ t4 R
* E+ ?* e P" R
[paste_deploy] # 在这个模块下面添加下面这一行信息' X/ Y2 w9 w- U/ Y l
flavor = keystone
, c2 O1 l/ L' B3 i$ z8 x1 D 6 y' o( x$ l; F& x c! v
[DEFAULT] # 在这个模块下面添加下面这一行信息. x% c1 ~ h- L2 X) e
enabled_backends=fs:file
8 p% p, X# n4 T ( b4 o8 o. O& ^- E
[glance_store] # 在这个模块下面添加下面这3行信息: ?& g4 A2 }# b8 K8 ~
default_backend = fs
1 v4 ]5 c' u+ Q! r0 U c4 S; p! }( | [fs]
Q9 ~6 a. B, g( t$ } filesystem_store_datadir = /var/lib/glance/images/
% ?6 R5 r: t1 b - |% h* _ A% ]7 j
) D' u; _0 j8 l( ~6 S
`确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`) }' o0 ]; X" O" v% ]
root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader
7 R& t7 j! V; j% F. \! h3.8)初始化glance数据库
6 @" A7 @/ A" J- M1 |3 n/ x root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance
: H% y7 {3 L3 H! _1 E( b `验证`
/ D: p' s+ o; }1 D# n, K, E root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables": r) C- C9 [' q$ J; Y: j* V4 ]
+----------------------------------+4 j- N- E7 A6 T! A
| Tables_in_glance |; c# U' X- O8 S; @! t7 J
+----------------------------------+2 T1 y0 v2 H4 C5 ?
| alembic_version |
: E L W! g) r, r F4 i | image_locations |
9 b% E9 r& B9 b | image_members |9 o, c* [8 Q- F/ P
| image_properties |8 P/ O% f' j4 s) D
| image_tags |
9 L$ N4 e% L) X" k" Z, s | images |
* z0 R' W, w$ ?, C) { | metadef_namespace_resource_types |
# o3 b; A$ [2 k# }) m2 I | metadef_namespaces |
4 X5 [7 C5 l. h4 {# r | metadef_objects |3 J5 W+ j7 `# K! j* U: V
| metadef_properties |' ^/ `! Z" u( }, n4 V) n0 \1 u! C! m7 V
| metadef_resource_types |
+ }- ]8 l# j# V3 @ | metadef_tags |7 G5 j1 J* P" t, d" L: f+ U
| migrate_version | ~2 \7 i. ^2 G4 A3 `/ O
| task_info |" {3 @0 o% Y q. M6 S
| tasks |
( o- @5 z" \2 O +----------------------------------+# f+ D: ]4 j9 U
3.9)启动glance服务7 r% ^2 ~, Y4 D* H6 X
root@openstack-controller1:~# systemctl enable --now glance-api 5 l9 _: F* p" i1 j3 J
root@openstack-controller1:~# systemctl restart --now glance-api
4 H- X# W3 M6 I root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log
: p: u w4 ~& K! O6 |2 V 2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:9292
% d, V1 q9 I4 g$ z* ~ 2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel'0 M* |4 b; X- S+ \; b& `: d3 y
2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
1 W* f/ `; e& i6 K( N# X. a 2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.- b5 w% h* N. p
2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.
& {' y$ x, Y, j 2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers
6 F8 Q) i+ V6 D- F 2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 117241 s. j1 e+ b+ X: E& C- U5 H
2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:9292. [& [$ Q7 [' e, G9 F9 d
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 117253 X' v4 Q K; r
2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:9292
; Z- ^5 n( a) _! y3.10)挂存储. Z9 Y9 y) S+ P& I4 o- f
root@openstack-controller1:~# systemctl stop glance-api 6 d2 k& k M8 l) p, b8 H0 K
root@openstack-controller1:~# showmount -e 192.168.139.36
5 t" \# o$ T+ \* W/ _8 y% M Export list for 192.168.139.36:' ]& G0 ^, K" X% T2 s/ r
/data/glance ** h& Z1 k6 t2 G" H2 H* _
root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images" r9 p: A7 A S
root@openstack-controller1:~# vim /etc/fstab
9 U; y. Y. i2 J. `2 w+ {# O r' H) P # 最后一行添加下面这一行内容: e! R0 W8 P, O: G7 P- e
192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 09 ?% ^* r/ R' k; y
root@openstack-controller1:~# mount -a2 s7 d8 F/ B( L' F
root@openstack-controller1:~# id glance
* S* q( {( ^ X5 k. L+ `# A uid=64062(glance) gid=64062(glance) groups=64062(glance)
% w' ~; r$ J6 Y R+ [: y root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images// l% _ r. T0 D7 K
root@openstack-controller1:~# ll -d /var/lib/glance/images/( U @9 K# Q5 a6 [/ N3 T$ _
drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/
+ Z' {8 I9 e* Y. h' k$ Y8 V root@openstack-haproxy:~# ll -d /data/glance/; u1 L# ~ L% M% C
drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/2 R9 o! x0 K1 s4 h0 H/ m) W" Y
`启动服务`) x# X- P: t. b3 G
[root@openstack-controller1 ~]# systemctl start glance-api
3 z1 G3 i) {/ O3.11)验证操作: s# g2 r* z0 W7 v2 N2 ?. ?
[root@openstack-controller1 ~]# source admin.sh + ]4 b: P" N5 n) |: v- U
root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img
2 u4 t2 c, @: S- e6 Y [root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \
- q, m. `% d t7 j6 i2 F" n: i% V% X --file cirros-0.4.0-x86_64-disk.img \
1 o$ \ H3 q! v, m9 P# { --disk-format qcow2 --container-format bare \3 V: \' I7 S, I- I6 h7 k
--visibility public
9 e, \3 p, @* k/ _
0 o/ G1 _ X& ~ +------------------+----------------------------------------------------------------------------------+: C4 v2 J1 Q: e- @5 {
| Property | Value |
' Y0 w- e0 Q" p +------------------+----------------------------------------------------------------------------------+
; C4 y" f0 V4 b( V# E& { | checksum | 443b7623e27ecf03dc9e01ee93f67afe |
3 }0 u4 _8 v6 b8 z, @( V | container_format | bare |) Y# o- c. O5 {3 S8 ]
| created_at | 2024-12-07T13:12:19Z |1 v' P/ b& f3 g+ s' W# w: e
| disk_format | qcow2 | W+ A# B7 n4 O# W; I: a' Z
| id | 68249b5f-9eac-4873-be74-cc11ac9af61e |, J% d$ C3 D7 G& I& h; ~$ G
| min_disk | 0 |0 P' Q% R/ q5 h* T4 O7 O0 c8 _0 k+ n
| min_ram | 0 |
. [ s/ U8 u, d0 \ | name | cirros-0.4.0 |5 i- E9 o% g5 z! |& ]- i
| os_hash_algo | sha512 |2 y$ n: s b( [" n
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |9 w2 w$ \5 k0 ~4 T" V& E! b- W
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
3 i( }! e$ @+ X# B9 y( x | os_hidden | False |* P D0 Z/ ?( d C4 a% _
| owner | 96bbc0e66a5246fdaf29843498ef49a1 |
% a/ e! G% U9 r+ x( l k | protected | False |: N2 J% w6 A" b: V/ W- R/ W
| size | 12716032 |3 S9 c! w: p( G! f9 N' D
| status | active |9 J4 J: |! n4 \. z9 T6 K
| stores | fs |5 g# o5 Q+ F% j0 H
| tags | [] |! z$ m. t6 \) U7 r( `% R
| updated_at | 2024-12-07T13:12:20Z |
* ~( c! \ j2 v, O1 m/ K# _/ n2 k | virtual_size | 46137344 |. M6 d. ^* n5 v- @8 V }& [0 \1 Z) |
| visibility | public |8 g& j' P% E# b% T
+------------------+----------------------------------------------------------------------------------+
4 O1 R! i# ?4 K" }9 ?% k ! Y0 e+ X! l4 K
`验证服务`
/ R& w1 s: x2 ~7 v root@openstack-controller1:~# openstack image list
) r- Y$ d t$ M" Y' s0 V +--------------------------------------+--------------+--------+
; f, F6 R$ A- F0 a' Z( v! j3 w | ID | Name | Status |& _+ w/ e1 T7 N! |' A+ X
+--------------------------------------+--------------+--------+
/ a G: S% I' O | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |
$ n$ S% N' s) D: I +--------------------------------------+--------------+--------+" q( u4 d# { P
# 或者 [root@openstack-controller1 ~]# glance image-list
$ q! F) j9 ?- T; \# _$ G. i # 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7
* h( z W2 ~3 a* \0 T$ w root@openstack-haproxy:~# ll /data/glance/
1 V3 E. B) u8 C) b total 12420
3 z5 q1 M# \2 b6 d) n1 N3 T9 U -rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a; U7 U+ {, A6 K! k5 B: j1 @3 G
4)安装Placement
* S( [% b9 \0 S7 d% J0 H" {4.1)创建Placement数据库
2 x# Y( L- w) _0 h5 ^7 C root@openstack-mysql:~# mysql6 f/ K5 ?$ O- a( ]3 A
MariaDB [(none)]> CREATE DATABASE placement;
& F, ^8 I) i- w MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';
0 u# u" a( E7 [- V9 B) E. m `验证`
% w; P! S' c2 @/ G; b/ i root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123
+ H/ m) t* I$ b o& O Welcome to the MariaDB monitor. Commands end with ; or \g.6 n4 e) J9 @' w* D2 D8 X
Your MariaDB connection id is 118* W' \" \5 y! {+ L
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
! N" }0 p" v* \9 S' C
! I6 S2 R$ j4 e9 v+ z. J Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.4 M) b+ V- S; W; c; J$ \
a( K) t; R' _9 c
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
8 K1 k- G7 H2 m' x, B 6 K/ S! p) k6 m$ ] g7 Q
MariaDB [(none)]>
8 ]) J' Y) S! G* h4 |$ k5 g4.2)配置用户和端点
, @5 \, J. F! s root@openstack-controller1:~# source admin.sh
5 O$ X( l0 [$ O root@openstack-controller1:~# openstack user create --domain default --password-prompt placement
% B4 z: B" m6 z* a0 c4 h User Password: # placement: b! O6 R+ k+ A' y8 V
Repeat User Password: # placement6 M' G+ d' \7 U) [# D: j7 q
+---------------------+----------------------------------+' a# J2 D1 r/ j! S& \$ N I
| Field | Value |* Y" r+ K' a0 \5 l4 K4 C: b
+---------------------+----------------------------------+; {' b% [6 r/ U8 j' G3 f
| domain_id | default |) p ~$ {$ @- g" D) R% i
| enabled | True | u0 J% J' ~) v
| id | 804e53f0a44b4403af8278711a7274a5 |
3 I8 g, }& ~4 _; T& O7 V. ` | name | placement |
/ m) i2 C" J9 k8 x+ O g5 | | options | {} |
" \ B o8 J' X4 U7 q% _4 P | password_expires_at | None |% X4 x$ d$ q+ ]
+---------------------+----------------------------------+8 X0 p0 @ K6 v' h. A
, P( S' T* |- c, U: O' q% @
`将 Placement 用户添加到具有 admin 角色的服务项目`& ^+ r9 `1 J+ L* M" {
# 让placement拥有service项目的admin权限`
6 E6 V. u3 a' I8 n* D( s z root@openstack-controller1:~# openstack role add --project service --user placement admin# J) }0 i3 h6 P
! ^; U; ?% X" t2 G4 J1 x
`在服务目录中创建 Placement API 条目`& Z* D, V% m& |( z4 |' C: f' O
root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement
n, C: g: K& k* F0 ` r +-------------+----------------------------------+
8 i5 _3 a" \) A8 O# ~7 j | Field | Value |* V! ?1 h. I, U
+-------------+----------------------------------+
- U! F9 u! b" V0 z8 e1 U | description | Placement API |& u. H" d- q3 @1 `6 k
| enabled | True |* b7 n- q% w9 Y N- P7 `8 Y2 H
| id | 9eaa1f08648c44c5a937759d7217016f |4 Z" \' x% d5 e: v. p p) r
| name | placement |
7 B2 i1 R u T% O" R# U% m8 G | type | placement |
6 ?8 `" R$ j$ L' |' F3 R +-------------+----------------------------------+$ I" X; s9 }! Z {& X
4.3)创建 Placement API 服务端点:9 g6 | q7 V' }& O: `* q
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:87789 `' S$ y/ |. j& \& v3 y. ~$ i- _+ i5 h
+--------------+----------------------------------------+
5 U e0 a5 U4 y. J3 a3 d" ^, y# O4 a | Field | Value |
- m8 a& R4 n& D$ E$ B8 p +--------------+----------------------------------------+
: s: l$ Q) G2 b- b" M5 z- N% e | enabled | True |
7 @9 M- k7 f9 J2 O0 w0 _ | id | 88aae422c80e4adabf613aef31fb0c3d |! z% E/ y4 ^& p! @, f* x; S
| interface | public |
$ O; W* A% ]. ~5 Q! @3 M | region | RegionOne |
. B- }4 R$ |0 {6 e6 X | region_id | RegionOne |
8 F( L+ A* L1 L! u2 q | service_id | 9eaa1f08648c44c5a937759d7217016f |
, U! e/ |& W2 F# i* _* U | service_name | placement |
6 a {* W' w# |- C% G | service_type | placement |
$ a# W3 B' P) h' \ | url | http://openstack-vip.stangj.local:8778 |
- @6 s; e4 @- l! X0 a +--------------+----------------------------------------+7 ]' {) ^' C; R! w6 h$ V
3 L% i5 f, q: x+ @. Z
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:8778, d& F6 \# O3 D2 I# {9 X
+--------------+----------------------------------------+8 `/ E. r. @ {# y, X
| Field | Value |1 S0 a" V" C0 Y% I( W5 y; |
+--------------+----------------------------------------+
$ w) m2 p( u% Z6 _1 O, o+ x1 k | enabled | True |/ t: x7 p5 m z% W' F
| id | b706b4abdcdd44a588eacf5d1cb7f75c |
' O2 s8 P3 W" z; m6 J' n) ~ | interface | internal |
' I1 e! o+ |$ I Q1 H. D. Y; G- t | region | RegionOne |
; a2 c/ ^- [/ E' ]4 F) ^ | region_id | RegionOne |; |* Y+ q# Q) X H5 }+ B z5 {
| service_id | 9eaa1f08648c44c5a937759d7217016f |# t( J9 U9 j7 i! f$ K
| service_name | placement |
2 E, ~: c, O; w. D6 t( c2 p2 U# Z | service_type | placement |
2 L* v4 S/ ]/ _" N+ ^ | url | http://openstack-vip.stangj.local:8778 |
* |) w g1 _8 P* i9 } @ +--------------+----------------------------------------+
- t* `% E4 |8 [: m5 W% C 2 d9 @0 ?' j8 d* k1 G R1 b) }
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:8778
9 p" j6 P( _( }' `9 Z, i8 y0 O4 t +--------------+----------------------------------------+: K' I( g' @5 s8 o$ K" s
| Field | Value |# M$ m+ c3 @7 a1 @ k8 |
+--------------+----------------------------------------+
" D7 b1 }, v: B# J- `* q3 x | enabled | True |
9 W" |! s1 x+ ^2 v0 M$ b0 n | id | f62a5305854e492ea9c76e77e13b10b4 |2 @; O$ I% d2 k5 J9 m6 Q' ~
| interface | admin |
) f: p- W! L) @; l7 \! G | region | RegionOne | o! B' l% M9 R0 x% \. ~$ p* ~
| region_id | RegionOne | J) V! f5 b. `3 a2 s
| service_id | 9eaa1f08648c44c5a937759d7217016f |# N F8 c' {# n: ]4 R$ B5 l6 M
| service_name | placement |
7 k$ l6 O, A+ a | service_type | placement |% T9 Y/ B, o, x
| url | http://openstack-vip.stangj.local:8778 |
+ w; ^% X( ?- i. Q +--------------+----------------------------------------+ s& q- @, s# \- m& A
( ]* O7 h+ x6 X9 ~7 `5 A# q6 s `验证`0 {/ v' c1 n j* e3 ?
root@openstack-controller1:~# openstack endpoint list( Z% Q A0 {3 |* S! f3 v. b8 l
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
$ @+ J P) o/ `2 A) _3 I | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
; L3 O4 h! l% G/ I4 J r$ }( _# A6 S +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+1 \. }5 X: M% I; S3 t: B
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
; Q7 [5 h4 }* N9 W | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
: J4 f' N# j* E6 @5 Q | 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |- y# Y) o7 Y2 K- ^% S
| 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
* l# ^: T g0 A+ S, X' b( e. ? | 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
- n! T5 ~4 a8 r! N! r/ w% k | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
( A: ~, [8 O" B9 l- u8 b% b | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |8 w' p$ G/ y" L" c, K( ~
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
. e1 q0 [" n$ ~6 R' D/ Y | dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
5 _! ^, m. L: e$ P | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
- j9 E% q2 e5 m2 F: I# R | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |2 G& _2 `( q, ?
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
( O( S! x% _/ {- A# K$ [. W4.4)配置haporxy代理
6 V; G$ d; s+ v* M5 \) d2 \1 C% e8 s. A root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 9 f+ Y/ q" {7 v( U+ C% {0 L
# 在最后一行加入下面内容' ?; m0 x% G; }8 P5 |! o7 d
listen openstack-placement-87783 M! i, q. u' N" d; X& \
bind 192.168.139.248:8778
+ m# w5 Y G& d9 I5 a e2 G8 U mode tcp6 Z# L% \9 l3 ^" N
server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5' m' e# w Z( u9 @0 B8 O
root@openstack-haproxy:~# systemctl restart haproxy.service
4 w& G6 i9 t C& U root@openstack-haproxy:~# ss -tnl | grep 8778
9 A1 f( v; ~9 b8 N LISTEN 0 128 192.168.139.248:8778 *:*
/ Q% x2 [( W8 V% a1 p$ n* v, Y0 ~4.5)部署placement
2 U3 l& T' q( f3 {2 C6 [1 {/ l root@openstack-controller1:~# apt install -y placement-api
& M! v- B: G5 j2 t2 S Q4.7)配置placement服务* z9 j$ N7 X: {- @ N5 P% S
root@openstack-controller1:~# vim /etc/placement/placement.conf# }* s! @5 {# I' m5 C/ W$ J
[placement_database] # 在此模块下面添加下面一行信息/ U# s! a$ z+ e
connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement3 S' S/ E/ K: W8 q
' y% |; }$ ^+ e" K; a' |% o
[api] # 在此模块下面添加下面一行信息
) C3 |# k, H/ z1 e1 G4 M" u/ Y auth_strategy = keystone
* Y# ^8 }2 h7 e1 x
( d; a# L- o5 b, K" e' M" i [keystone_authtoken] # 在此模块下面添加下面8行信息 e+ L0 f# T# F# A( e
auth_url = http://openstack-vip.stangj.local:5000/v3
/ Z8 a% V) y: A' }$ H, @ memcached_servers = openstack-vip.stangj.local:11211, u z8 ^! ^% U) k
auth_type = password
' U( a! x) m+ J) K9 q c/ C project_domain_name = Default) z* P' W! k$ ~* u4 c. y: P
user_domain_name = Default" R0 G3 E4 ?# ` i
project_name = service& U1 l9 l! t4 u7 T! S. C- ~) ]
username = placement
/ f" C% P5 @ Q8 Y password = placement" i) G9 M' Z& D2 K; l4 c2 R
4.8)初始化placement数据库
; q" s$ {. @( `5 R: G root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement
9 O! d) w [, s3 @5 Z " x9 u% c9 C8 P9 C( J
`验证`8 R, k3 O3 ^$ m; U5 w% M
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables": d z. `. z5 Y2 t z
+------------------------------+- k- t& s+ R6 Y8 Y0 U2 k
| Tables_in_placement |
* s2 @8 j0 n @7 O" J +------------------------------+/ p* {% t" y. B; _
| alembic_version |
" H5 t& m4 M9 {$ }; `* X | allocations |
; m- {' _/ b' m0 W1 Q9 ~ | consumers |
- Y3 h+ i; E( a- R& o% n2 Q | inventories |! T( D( U8 J# L J. f$ k9 \
| placement_aggregates |
; D) s8 Y( E+ j: M) h8 j) N | projects |
) I" C/ Y; V1 t5 ?# J | resource_classes |4 p. A, _ ?. @: s4 D6 P' E
| resource_provider_aggregates |
1 ^2 ]$ [ J( a/ |# L | resource_provider_traits |
$ J' l" u3 }9 L0 k- ?/ o | resource_providers |- h+ q2 k, w' u' ]; T2 p
| traits |. [; w, y" w- l g9 ^/ l: ^
| users |/ c; y) H2 L' p Q, ~2 j
+------------------------------++ D3 v) X# q) Y5 c* ^
4.9)解httpd带来的问题(以免后续会出现403)
, j5 `% h( E4 m" L1 S' e0 [! N; M root@openstack-controller1:~# apache2 -v
6 Z7 [% ~7 Z: H8 ? Server version: Apache/2.4.52 (Ubuntu)
0 B* Z3 X( n: G' w6 O, u+ [ Server built: 2024-07-17T18:57:26
/ H! s) y. V `( S+ P root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf
! p u/ u) B! M0 [$ K <Directory /usr/bin>) P% h; ^# G% ?' J9 B3 G8 m
<IfVersion >= 2.4>
, R3 P+ y# q2 H. e& z Require all granted, l& L* @. q5 Z( w0 |
</IfVersion>4 k, n2 M; D% r4 o, t
<IfVersion < 2.4>- c' C5 I( y2 ?) C/ L. m/ w' c
Order allow,deny
( t) x* N/ Z' W& l4 m Allow from all
% m1 v m0 ~# r/ {! g _ </IfVersion>
0 E" L5 x6 h9 ]) K- h0 }) m7 A! f </Directory>
6 C0 o8 n# {9 i( m& D$ N! M a1 O! t: i$ L3 ]9 ~
root@openstack-controller1:~# systemctl restart apache2.service - H. j' t5 Q/ Q% @/ g5 V i( N( F
root@openstack-controller1:~# systemctl enable apache2.service - G; K: b5 T1 e+ s Q* b2 J/ F
4.10)验证服务
$ S9 |& p; Y* e i [root@openstack-controller1 ~]# source admin.sh $ ~& \& T# Z2 P3 [8 d! p
root@openstack-controller1:~# placement-status upgrade check
0 I, H7 M0 I# F. }# p# I. y3 ? +-------------------------------------------+& r& z% J x2 E5 W
| Upgrade Check Results |
( _1 G( |5 H4 D2 ^4 [. f* v6 E +-------------------------------------------+
: N& y2 E9 A; @4 L | Check: Missing Root Provider IDs |: u& o' W$ R8 |
| Result: Success |
: D4 n' O) ?& ^7 `9 i | Details: None |
) D% b% u6 f2 X% j O +-------------------------------------------+
; {. k+ A6 D, H4 @ o | Check: Incomplete Consumers |
9 Y# U9 \$ E7 f# R | Result: Success |
. _2 H# W6 U* K | Details: None |
$ C' f% _2 J/ x+ f4 R +-------------------------------------------+5 a- f( O3 o$ d1 ~
| Check: Policy File JSON to YAML Migration |$ L3 l! ]8 k! V+ H, s
| Result: Success |, A7 k- }- @3 n1 u6 c
| Details: None |
$ ~1 S8 J) x9 ~2 C! Z- c2 g +-------------------------------------------+" k0 y( h% t8 S5 q
root@openstack-controller1:~# curl 192.168.139.31:8778
8 M8 h. q T$ c- K% w2 Y {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}7 Q3 K2 c3 G7 A
root@openstack-controller1:~# curl 192.168.139.248:8778$ |0 z9 H% p) ^
{"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}6 U% V) h" v% Z1 F3 q
5)安装Nova; d: a3 V/ e& v
5.1)配置nova控制节点. z B7 f! m" P! t$ N0 ?; B6 z
5.1.1)创建Nova数据库$ {# H3 k4 v# h& U, P
root@openstack-mysql:~# mysql2 v' }2 h. V v% y! D
MariaDB [(none)]> CREATE DATABASE nova_api;
; K5 f/ w) U( j8 q MariaDB [(none)]> CREATE DATABASE nova;) S; `0 p# s8 n9 J$ G% C9 C0 f
MariaDB [(none)]> CREATE DATABASE nova_cell0;+ W- y( V- D3 E
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
4 m8 q5 I. F; R MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';9 {. H; W; Z V
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';, v) M8 p1 s+ g% T$ C7 T
5.1.2)配置用户和端点
. c% _ B. t6 U' m* m root@openstack-controller1:~# source admin.sh : w1 w% |5 z, k
root@openstack-controller1:~# openstack user create --domain default --password-prompt nova9 W2 i; l6 Y! S2 J% D) X' G
User Password: # nova
$ R n5 Z' Z# n6 t6 z Repeat User Password: # nova$ S, J' ]- V4 Z
+---------------------+----------------------------------+
( Q" C" q. @* }# D0 `$ M | Field | Value |
/ {4 y5 ]- p3 M* ?% V8 k; t +---------------------+----------------------------------+$ w. d I" d' Y# {9 S* x
| domain_id | default |6 i" z3 g. b. A" `7 f$ K: }
| enabled | True |
. Y) F. R: i- B2 Q0 M$ s1 Z | id | 223adc571a2b4a2fa32cd7bdff6e7c3b |# d8 h/ {1 A" y' v4 y+ h
| name | nova |
/ W x* W1 F! B% a7 e | options | {} |* P0 M" r, G( G' @. D5 W
| password_expires_at | None |
0 V1 S& s. |8 U8 O& E +---------------------+----------------------------------+
( e) T6 i' @% j+ ? 7 n2 y$ @. r- @) f6 ~
`将 nova 用户添加到具有 admin 角色的服务项目`2 ?, {; e7 T; R- F b
# 让nova拥有service项目的admin权限`
7 E q5 n# x9 Z1 ` root@openstack-controller1:~# openstack role add --project service --user nova admin
3 a, \6 K% @$ v0 } 9 x2 w& X) Y- }5 i7 {# I
`创建service实体:nova`+ F2 u- O+ \* m. k
root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute6 J8 Y F# O" Z
+-------------+----------------------------------+& w) P, h/ w2 m& n& v! g Y, \
| Field | Value |2 ]& D, {/ `7 z- z+ P0 p1 {* \
+-------------+----------------------------------+
6 [/ s! W( I5 U; P" x | description | OpenStack Compute |7 d2 E5 w& q. U# W1 d! G. Z
| enabled | True |
" [" Z1 Q0 [7 u; U7 D | id | 63028385934a4290b66880dab62a4c4d |) Q: L% ^ v" O" I" v3 u5 i
| name | nova |
o( W; ?3 i6 M G+ s; c! Y; o9 | | type | compute |
; P& s D/ D6 Q' L +-------------+----------------------------------+
' N# _7 L \& `, N: K! x8 U: g $ `! c$ x2 `% D' r( n! \3 Y' u; ?
5.1.3)Create the Compute API service endpoints:
+ T* U% J g1 e8 H4 l- U& f root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1+ e6 H& D: \! e
+--------------+---------------------------------------------+
' r- L# Y3 ^# q8 q& d+ e | Field | Value |
! Y3 v o* d% a1 H +--------------+---------------------------------------------+
1 d8 I! v9 v1 F. f9 U# L | enabled | True |1 S1 Y; L- u1 V
| id | d5564488f45d47009640dcea5e0083f8 |
: T( |/ }9 N8 v: J | interface | public |
; u7 {& K& i, j8 G | region | RegionOne |/ c; }2 ^9 e Z
| region_id | RegionOne |( Q+ ~: R8 y- H# e- M4 k% t
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
' u/ e7 j7 i& |8 @, }1 c* E2 R | service_name | nova |
9 ?! m8 r: Z' H3 j5 a @2 ?+ I | service_type | compute |0 ^) \! Z) W/ n C0 U+ B
| url | http://openstack-vip.stangj.local:8774/v2.1 |. a" Z, v& l0 V \9 l4 L+ y
+--------------+---------------------------------------------+8 y1 r! s9 Q' E( Y7 }- C
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.12 U2 b- O" u3 D
+--------------+---------------------------------------------+8 I4 w9 f5 r) h; h
| Field | Value |1 o4 L d Q3 ]5 |0 Z; y' [
+--------------+---------------------------------------------+/ d2 U5 d' q4 L- m, |8 m
| enabled | True |3 s* t" O4 E; f3 }3 `
| id | bce779f873ad48cdaf7aa65c9c310e0b |
+ @& U' s: q. ? | interface | internal |
1 G$ H) z+ U* f+ J( l: V, H7 l | region | RegionOne |0 }. E/ `, n% A" e7 N1 I: A
| region_id | RegionOne |
( Y; M2 {/ A: ^8 w; _) Q | service_id | ba27d9ae56314e208a3b9b7e1dead803 |
6 n/ V6 g" S% y) s | service_name | nova |
0 x1 c: [4 l- X- p6 v% j | service_type | compute | W: M1 o* B, R0 B. N6 B% k' A
| url | http://openstack-vip.stangj.local:8774/v2.1 |
+ X, H; R5 b) Y +--------------+---------------------------------------------+
7 O; x7 h: x4 Z# B5 m5 b root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.1
. Y5 U6 A( Q$ v9 n; k( T9 b( y +--------------+---------------------------------------------+
+ A4 h; e% l7 H( L* n | Field | Value |: e9 W7 @: A0 n! Y7 q( b
+--------------+---------------------------------------------+2 v" v' E) E# D; T }! l: n$ I
| enabled | True |
8 j: e7 ?& Z+ \ | id | 229163f968084cef9cc0150d1c7b14d8 |
# R! v1 X0 I0 A$ q" E | interface | admin |, P) r8 p9 w, h. P" m+ R
| region | RegionOne |3 Y- s8 s/ t+ k2 O
| region_id | RegionOne |8 ^. S9 i! X* J; B- t1 t4 t' y
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
4 P# r# y4 u/ h1 z4 T | service_name | nova |3 y9 h% Z8 K% |/ K- E$ W, O% v. `
| service_type | compute |
+ F, C; L- P2 E | url | http://openstack-vip.stangj.local:8774/v2.1 |
! v! C. g* S( s# J" m +--------------+---------------------------------------------+
4 }: m. m2 A7 T c6 O$ ~; U% X9 }/ k `验证`
' E- Z3 P# d0 ~4 c: j! M [root@openstack-controller1 ~]# openstack endpoint list
* G* M, ?; d, K. w$ [5 V" Z +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
* J) g% y& T. ]* N, S$ h- R: s | ID | Region | Service Name | Service Type | Enabled | Interface | URL |& P0 [) y. B& h: f
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
) k. ?4 |, l$ d5 A9 T. O | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |/ [, T3 Y1 w, p( F1 }! A
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |2 K3 P- B4 Q$ p* n( l" M3 d
| 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |& R8 g5 Z+ G, _# e
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 | a# Z) M% r' V5 Y$ Q# {$ Z
| 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
, D5 U. r0 d) i5 u7 { | 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |; s2 k9 ?0 i4 V$ `/ m6 U9 @+ ^
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |7 V* \8 @0 t8 m; m, N1 G5 Q
| ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |
0 L0 y4 B, k7 N- ] | afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |" c. L" v8 p( Y4 k$ A3 T" L$ g& A* Y
| bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |: e8 A( T% K b
| d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |
3 v/ t" _7 B- h; A6 R | dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
: ]5 W' U4 n* R3 f | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
4 x% y- N5 i+ e8 e! C$ _- f6 W | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |: ^1 e V4 T$ g; K! R
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+8 v( t+ i6 r/ ] Q, B
5.1.4)配置haporxy代理; ~3 q6 j$ b4 K
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
4 x `& S9 j2 Y$ q1 S; x7 p+ F c # 在最后一行加入下面内容
1 M1 c2 q' |* }' G; | listen openstack-nova-8774% k4 |! H+ K5 ^
bind 192.168.139.248:8774
0 ~ s! l8 D3 X* N3 ^ mode tcp
6 I1 A% ]9 B g! r+ P server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 5
! A' [' [& n* P: L# }
: |, I! r* l8 P9 ? listen openstack-nova_api-8775
% {- f1 J# D% P& T' X0 U4 { bind 192.168.139.248:8775
! m0 b) w8 E- d mode tcp
6 P' ~/ {* T+ R: F server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 5, t: z' p; g! ?
. E r3 i$ ?: U root@openstack-haproxy:~# systemctl restart haproxy.service 2 U( o0 O4 z2 o- N
root@openstack-haproxy:~# ss -tnl | grep 8774
: m) f6 }; d. |- C( M LISTEN 0 128 192.168.139.248:8774 *:* 5 D. W5 B4 w4 Y+ r* j
5.1.5)部署nova-conductor
- s4 {0 a& H, }3 z) w root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler; n% ?& D0 m* `1 @- r! ~
5.1.6)配置nova-conductor
- y% n1 A( \4 ^9 l% l0 P root@openstack-controller1:~# vim /etc/nova/nova.conf
+ r" K0 z/ @: h+ U' _& A [DEFAULT] # 在此模块下面添加下面4行信息
2 P5 I% ^, q. h. f* K transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/* f) |$ g0 u% t X8 T
my_ip = 192.168.139.314 K7 {! j: ?. A9 Q7 C0 F- ?
; W4 T8 f9 u- L; y+ t; A [api_database] # 在此模块下面添加下面一行信息8 w, ^: M- F0 O# R& W
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api
9 n g; w/ i+ Y4 u& x / c7 O' V) ^ Y& R G7 R3 s
[database] # 在此模块下面添加下面一行信息% _3 @/ x9 U' t
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova0 I0 H7 W1 E: E1 b8 {2 t4 G7 Y
8 V# d4 I& x _6 k
[api] # 在此模块下面添加下面一行信息( h9 {+ @+ j( ~, m
auth_strategy = keystone4 u" Y. L8 L$ n7 Q
" ^: j& n) l# r [keystone_authtoken] # 在此模块下面添加下面9行信息
1 ?: E4 C, j2 ^- @ www_authenticate_uri = http://openstack-vip.stangj.local:5000/
G7 q6 l# B+ n g% t7 ]" V auth_url = http://openstack-vip.stangj.local:5000/
! `0 t9 T; c4 V4 k# J5 w0 W memcached_servers = openstack-vip.stangj.local:112119 j. U; D$ K8 h
auth_type = password: q2 Y' U. Z" `3 s) B" w
project_domain_name = Default" V* F, d8 I9 {! e& _! C0 N3 [
user_domain_name = Default
) D% W1 n' k z$ g& k* S9 Q project_name = service
9 z5 r/ v, |# G& C$ ~# z username = nova
# C' r- ]- y" O$ w0 t% ?6 ] password = nova4 k" ~, p* `2 m6 f" d( S
( \: O" e! W" T# @' y [vnc] # 在此模块下面添加下面3行信息
4 X1 @ q5 E1 r+ A% K) Z. e) K enabled = true
% f( `1 D; C/ Y& f: O# m server_listen = 192.168.139.31
3 C7 E6 |& x+ I2 F, t server_proxyclient_address = 192.168.139.31
9 K {2 {% g. j( n# V # T1 [, {4 Y( H4 e5 V# W6 k. {
[glance] # 在此模块下面添加下面一行信息
4 [* x! ?' Z; w3 {3 o& D9 a api_servers = http://openstack-vip.stangj.local:9292
+ h! a8 ~9 F- p) `8 p: ^
, {, C9 w2 G$ j! ~* K# { [oslo_concurrency] # 在此模块下面添加下面一行信息1 Q% W/ \2 |5 P1 d
lock_path = /var/lib/nova/tmp+ E& O- N# J0 h0 g; `/ a- @
* n: D. S' C! K: f$ h+ Y" ?4 t& P
[placement] # 在此模块下面添加下面8行信息7 I* y( |8 p! O5 ~! y# ^' x
region_name = RegionOne) l4 q/ t' @; [& V
project_domain_name = Default+ B3 x' u$ R0 u; M( w3 [
project_name = service
0 s5 E* x) r* T auth_type = password8 W4 Y# f5 P1 l( s2 x [9 v+ e
user_domain_name = Default+ S: I3 C- p, k% U
auth_url = http://openstack-vip.stangj.local:5000/v3
2 W" K9 c9 D8 x2 [% R0 Z4 M. K username = placement! S T w' ^- u& ~3 o4 J
password = placement* |" K3 ~6 J( u
) q( i; d* `+ Y; V9 Y0 G& N2 s [service_user] # 在此模块下面添加下面9行信息( E3 J. a$ t9 C# s9 s C
send_service_user_token = true; S6 S8 i: b/ j" E" U+ h
auth_url = http://openstack-vip.stangj.local:5000/v3
4 J% I( Y& ~! L' f8 T7 Q% ]0 Q auth_strategy = keystone% V2 u" ?$ e$ r' G! E
auth_type = password
# v8 c2 S" C X+ V! ~" d6 D _% X project_domain_name = Default
$ ^+ l F9 q0 W3 f' H project_name = service6 a l* ?5 Y8 v. W
user_domain_name = Default
9 i# g- ~6 m1 O8 F1 \- h4 B7 O username = nova
( j, J4 F4 I/ [# _/ W password = nova3 c6 \$ C0 c$ m9 E* z& m+ Y' V
5.1.7)初始化nova数据库( C& a- A+ N2 S/ H9 Q% n
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova
% k1 j( c$ b3 M m/ g3 H" } root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables"
1 R/ Q4 {4 { B# s( g +------------------------------+
* L3 X8 v: ?2 O0 U | Tables_in_nova_api |
$ t' f. O& P+ k- Y0 q8 w$ B +------------------------------+
9 n1 r' `# k `3 Z) S1 C! a0 A | aggregate_hosts |
* S+ J' S* _' P' N" |& Q( A | aggregate_metadata |
) X8 E% F" |3 N Z+ a" @ i | aggregates |6 S& |( r# J y# [1 V4 Z
| allocations |# v7 z- I: @5 J# ~# ^' X1 Q
| build_requests |( g2 ^& E$ J) W% s
................................
6 l+ ^4 {6 s# i! s$ d, A( { K ................................3 z4 Y6 ~0 z1 d* l
| resource_providers |- @, H9 t1 z, D. S* N
| traits |6 X% `9 p5 M/ z! B1 h8 @* J
| users |
. E4 ] M4 x3 w# D +------------------------------+
- G7 [; S9 W3 Y, X root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova. ?5 G: C5 F" c
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
- c- d- B; f8 S' {' m ....
: z* u4 c5 y6 N7 b# D c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
7 |& M) ~ u! i* ?
+ E% B ^" a/ f% e& P# g0 S) R/ ^: B root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova
2 e% I2 u: v+ M$ s8 S5.1.8)验证 nova cell0 和 cell1 是否正确注册:
2 o( i/ B4 r4 C5 { root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
* d* i5 D" w7 z K0 x& T( { +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
( Z ` T; Y% @4 }# @% l* h | Name | UUID | Transport URL | Database Connection | Disabled |
: i2 H1 `7 h6 v6 X% W +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------++ `$ A' ~$ D) m+ e+ p- R6 l) p8 h
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False |1 S. O$ _: X- t% l: m
| cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False |
0 o9 `1 m7 Y/ h3 X0 y+ k +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+0 I8 I6 g0 _2 x3 k
; q+ m$ U: \- C, R2 h- Y5.1.9)启动服务& m$ x: E- T' D' [7 W
root@openstack-controller1:~# systemctl enable --now \: Y7 B) g0 f# Y* e4 L+ v7 I8 R
nova-api \
/ \ C2 o( N6 W3 D) X/ E8 a+ T nova-scheduler \; ]" [& F0 l( i! B( u/ r
nova-conductor \& P, R5 S! v4 O- ^8 v3 Y& r. j
nova-novncproxy; J( g& G$ n( i# C; H
root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy
7 a+ Z$ {; A' F4 K5.1.10)把novncporxy代理到haporxy4 m2 N; e5 E- L) R, V" M
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
( T3 G: F& C8 _; o: r # 在最后一行加入下面内容% s' b# x: c+ _ G! H0 l
listen openstack-vnc-6080
: ?# m" x& O* c1 k5 U, J bind 192.168.139.248:6080 a$ b. z; I2 @7 Z% j( }
mode tcp
1 H( [* c# f8 Z! @% K a, D* @ server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 5
) } E2 n# M8 {, U- k* w$ ^ root@openstack-haproxy:~# systemctl restart haproxy.service , d) ] ]3 W9 }5 L
root@openstack-haproxy:~# ss -tnl | grep 6080. e& b3 M" r* G% g! x/ w5 A
LISTEN 0 128 192.168.139.248:6080 *:*
+ I. ]+ @% k B/ o4 f5.1.11)配置nova重启脚(为了方便后续实验)
% d3 L/ w5 z, r6 V [root@openstack-controller1 ~]# vim restart_nova.sh
5 v- w5 b) X9 B+ }0 B #!/bin/bash9 \2 |6 y7 c7 s1 I* i- C' Q4 ?- D
systemctl restart nova-api \
% h j4 v; s5 W+ t8 d) R$ d! B& H( O nova-scheduler \0 L- Q, p0 P5 R( C! y% \
nova-conductor \" Y) i" o9 y+ r/ |7 O
nova-novncproxy& t) ?1 ^, x# v. M7 u
5.2)配置nova计算节点
6 g- F* d! u# G' I, h- @& {% t, h必须保证开虚拟化
( ]% t! n) u* H4 \& p
- p' |- V* k9 w# e3 n! Aimage-20231215224936327/ D9 U2 v9 [. q* Y0 E
4 V7 ]5 ]- L/ c. w% i0 J: n
5.2.1)部署nova-compute7 A: t! G! c7 \
root@openstack-node1:~# apt install -y nova-compute5 q/ y& ~# B: R; C
5.2.2)配置nova-compute
4 Q+ U& x& u) M. J root@openstack-node1:~# vim /etc/nova/nova.conf
, a' D3 H8 V' f4 f: j [DEFAULT] # 在此模块下面添加下面4行信息
' q( @2 `# V1 e/ r+ N1 ^- s% T, O transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/8 l8 I! c8 r/ X4 [$ J" Q
my_ip = 192.168.139.34
( i' m# W# A* y/ _3 X- y" \ # state_path = /var/lib/nova* S4 w7 ` d/ T7 ~* v
* a# A% j U) A C" S9 Y" c" q [api] # 在此模块下面添加下面一行信息* R( b5 m0 l' l8 s8 h
auth_strategy = keystone
/ k2 }. N$ h! \' p " W! w5 W1 E9 h
[keystone_authtoken] # 在此模块下面添加下面9行信息1 G" k9 H5 \, L! w( N) v
www_authenticate_uri = http://openstack-vip.stangj.local:5000/
" E; A D+ {1 N5 E! c! g' R auth_url = http://openstack-vip.stangj.local:5000/; d% x9 Y6 K& C) B7 }& i0 M
memcached_servers = openstack-vip.stangj.local:11211
$ @1 F5 ?. J0 ^/ z% e- _8 M5 z auth_type = password
) ?& x8 m% k( b/ j7 Y5 `. M4 | project_domain_name = Default/ o C+ e) w4 V3 x* L
user_domain_name = Default
6 L; J. {, A5 V( G' z project_name = service
2 a! u! N8 i7 I/ R username = nova
% l9 T; T) [1 w8 l# x: k$ t9 i3 ~ password = nova
2 a' p$ Q6 Z: [- s5 ^% T* v
2 w. q2 V. ^/ C [vnc] # 在此模块下面添加下面4行信息 B7 O2 ]" }8 s3 ^: n+ k2 P
enabled = true+ J0 G( {; M! [4 a, ?8 J+ ^- X
server_listen = 0.0.0.0
9 I2 {9 g T" x/ C' c4 E8 Z3 _ server_proxyclient_address = 192.168.139.34
4 u2 j8 Y, V, d5 D4 J novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html, V, q% t( o' S5 M: }& p
! @. Z k' T! [5 p, `
[glance] # 在此模块下面添加下面一行信息- y8 N. X8 _! F* A
api_servers = http://openstack-vip.stangj.local:9292
/ v: X2 Q: y2 i: Q2 f% s2 }; v
( w s5 d6 N# n' \! e" ? [oslo_concurrency] # 在此模块下面添加下面一行信息
4 ?4 h7 p& A5 F$ R; r V lock_path = /var/lib/nova/tmp+ \0 R6 u& r( y, O
9 R) T: i3 B @ [placement] # 在此模块下面添加下面8行信息
8 W1 B: |/ F# h- [& u region_name = RegionOne
6 l g& q1 t- D3 q: U project_domain_name = Default
- }. C( E( Y6 T. ^5 v$ C! P project_name = service
! S# l1 B$ m. H8 J3 T auth_type = password" |1 X# O4 O/ C3 s
user_domain_name = Default) v" s9 t- J0 ^% n7 y2 |
auth_url = http://openstack-vip.stangj.local:5000/v3
0 v D+ |9 U9 d- w, { username = placement7 u/ @. v2 b: O& i; q
password = placement
R. L6 j$ g/ t* p0 _
; f7 h& \! `& c( l# ^0 M, x [service_user] # 在此模块下面添加下面9行信息
" j1 I P; w8 W- {, ` send_service_user_token = true
; Y' T: j+ H! j2 Q auth_url = http://openstack-vip.stangj.local:5000/v3
8 z- p& ]6 t' w) \9 j8 n1 d; V auth_strategy = keystone
( E# B8 b9 E! r$ Y auth_type = password3 Y/ H. V8 Y9 p1 w3 h: X W
project_domain_name = Default
" s+ u8 B i! Q+ ~) C' U1 x project_name = service5 Y; ?6 ~! z# l* s0 e/ A. v6 ~
user_domain_name = Default' ~( h6 }, i- B) D( j& S0 V* V
username = nova! m8 J& @4 G/ x) e" d+ s
password = nova
3 s7 w) @1 ?/ P: ~! l/ v
( l) b6 ~) l2 H+ J5 Y root@openstack-node1:~# vim /etc/nova/nova-compute.conf# O T- ~+ J$ o' m) ^3 u1 j; _
4 n* B; t2 C, L7 S Y7 x3 r
[libvirt] # 在此模块下面添加下面一行信息6 R e7 a$ Y* S- a
virt_type = qemu0 C. Q8 t+ R( N
. T: [& ^ F" h' t b9 q0 l1 S
`检测是否可以用虚拟化`3 [5 z, {$ X: b: }6 V3 Z0 l6 B
root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo
6 u$ G% h) Q" g4 |8 ^0 {+ j) F4 E 4* Z% u5 u+ t- l9 D: w0 o
5.2.3)配置hosts解析: A7 j. z2 R6 a6 e7 a
root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts- T3 ]7 ^! T, t- c8 s
5.2.4)启动服务- l; a* S) C7 A( v) z
root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute- q, W E z& b% ~: X; h) Q4 r
`编写重启nova-compute脚本`/ f3 ]- B' }3 G( [
root@openstack-node1:~# vim restart_nova.sh+ V" u+ D! W7 P: l" E# v9 e
#!/bin/bash3 Z- v7 _* R, `- b
systemctl restart nova-compute
' r K9 a: A8 X+ k root@openstack-node1:~# bash restart_nova.sh# q9 v) q5 t0 a: s
8 `4 w( i$ e5 l8 i) j" H Z5.2.5)验证服务! t8 ]4 z) h# p" I9 m8 a; B6 `
root@openstack-controller1:~# source admin.sh
/ }3 U9 _1 S6 i8 k2 y$ p) g1 M root@openstack-controller1:~# openstack compute service list --service nova-compute
9 G' o/ X% O; g& r5 O8 l9 f2 } +----+--------------+------------------------------+------+---------+-------+----------------------------+9 q8 |1 `8 l" @# A7 v [2 `; _! R
| ID | Binary | Host | Zone | Status | State | Updated At |" X& v+ z( d; s" ^6 j' Q; N
+----+--------------+------------------------------+------+---------+-------+----------------------------+) L( C4 U: k3 s& ]' y S* o i% V
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |
2 u" W8 m5 H) p& ~, l +----+--------------+------------------------------+------+---------+-------+----------------------------+0 x9 d' w8 r1 X9 V+ ~5 H
5.2.6)发现计算主机) L6 t) [( ~& @: _, G; Q( z
如果加入新的node节点需要执行下面操作
$ t* ?; Z! t% I9 q# |1 V) [- O: `8 D
[root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
! {0 W0 x$ P8 h Found 2 cell mappings.
/ o, P" m/ N7 i2 f* I Skipping cell0 since it does not contain hosts.
o( E7 s3 s% H3 g Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
: _* V I" a- J! {0 |- ` Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
" ]% r a' h. Z8 r( \7 o% ^8 W) P Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
, P6 j) D; F1 p7 ] Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
H* I- m( n( [. n/ F0 D3 D5.2.7)配置自动发现计算节点' x5 e1 v% Y3 w# Q3 X5 d
[root@openstack-controller1 ~]# vim /etc/nova/nova.conf! K6 [; _9 I) j E9 Q' P
[scheduler] # 在此模块下面添加下面一行信息
& ]7 V7 L6 e! c6 t9 A- b discover_hosts_in_cells_interval = 300- E" m1 T T" R. y
`重启nova-conductor服务`
0 S! t2 I5 A9 q# }# a8 K3 {3 c [root@openstack-controller1 ~]# bash restart_nova.sh
# c# M* q. F5 i$ h( t2 K X& u5.2.8)验证操作
3 \1 f& @$ D g% G6 a( L6 V) b [root@openstack-controller1 ~]# source admin.sh
2 H; ?" L' B0 h [root@openstack-controller1 ~]# openstack compute service list
; V2 ?" @/ T( S+ C; K L( {, h +----+----------------+------------------------------------+----------+---------+-------+----------------------------+4 K6 Z& [* d/ s2 Q
| ID | Binary | Host | Zone | Status | State | Updated At |: V3 @+ Q2 b5 P9 O
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+
+ {4 N2 r& k; n8 s# Z: I4 R6 A$ E | 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
7 n l0 g: {# z) F | 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
4 \/ c3 R( M) R# b | 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |
& P% x' c$ R2 A) H% H +----+----------------+------------------------------------+----------+---------+-------+----------------------------+ V* E1 b: X' ^( Q
root@openstack-controller1:~# openstack catalog list) J. Y- b" x1 \/ g' L
+-----------+-----------+---------------------------------------------------------+
0 d7 ~2 a) M, W+ R2 r% e' n7 ]# S% ^% E0 Y | Name | Type | Endpoints |
# }' m8 S# U; L8 x; @6 h$ g +-----------+-----------+---------------------------------------------------------+' K5 r; ]& F: [5 P$ N% |! e
| nova | compute | RegionOne |
* P6 J$ n' a$ e5 W | | | public: http://openstack-vip.stangj.local:8774/v2.1 |
4 h# r0 K+ `0 I. |8 s | | | RegionOne |0 m% e- C* S: }, p6 _+ }* F5 _7 r
| | | admin: http://openstack-vip.stangj.local:8774/v2.1 |# h2 M+ |: N8 n! v
| | | RegionOne |9 M( J9 j, C! ^1 E5 q
| | | internal: http://openstack-vip.stangj.local:8774/v2.1 | u/ R `& E; Z/ ^3 L
| | | |
/ h' L$ {' O, ]& ?! m0 v | glance | image | RegionOne |
' q0 y8 D+ A1 m! @2 f | | | public: http://openstack-vip.stangj.local:9292 |" y; O# N* |+ _( L2 p
| | | RegionOne |
& u" h. u4 _. N& R | | | admin: http://openstack-vip.stangj.local:9292 |; @3 l+ q, T" s" h
| | | RegionOne |
+ q: M, d( X N- q | | | internal: http://openstack-vip.stangj.local:9292 |
% Y" J# l; M9 V) d& G | | | |) S, J$ {& n6 R3 [1 H
| placement | placement | RegionOne |; i6 }1 Z& A2 H9 s F
| | | public: http://openstack-vip.stangj.local:8778 |9 w- _7 M& _ G& @- }
| | | RegionOne |
0 t+ U s8 E5 H' K) b; w8 {2 ` | | | internal: http://openstack-vip.stangj.local:8778 |; N- x9 R$ M, \1 t! ~' [" U
| | | RegionOne |
% U8 t; Y+ r7 ^1 ^1 \0 [ | | | admin: http://openstack-vip.stangj.local:8778 |
# H9 `! m/ J$ F3 ^7 a | | | |$ ?& Q3 N' B% P- d& q( c W
| keystone | identity | RegionOne |% T$ r8 A7 h% U: f4 A2 p+ M& _9 o
| | | internal: http://openstack-vip.stangj.local:5000/v3/ |
* a" X4 x1 ]5 m/ x9 d; R5 r | | | RegionOne |& g4 K. R4 B4 A6 Z
| | | admin: http://openstack-vip.stangj.local:5000/v3/ |
. W- g, K, G- h1 X8 R1 ~ | | | RegionOne |; ~- Y1 B1 d- {
| | | public: http://openstack-vip.stangj.local:5000/v3/ |
, P: v' P$ p& r: _& m | | | |' s4 T s1 d: ^+ X4 b0 I# C
+-----------+-----------+---------------------------------------------------------+# }7 S; L- n+ L* {. w
, Y/ d9 o- Y$ K1 Z, N; `+ |4 X root@openstack-controller1:~# openstack image list* U% w- I4 @$ O% x4 Y
+--------------------------------------+--------------+--------+4 ]5 f, S5 H/ Q2 F
| ID | Name | Status |8 |7 O8 z. U/ g) B* E3 w
+--------------------------------------+--------------+--------+* J- }; x8 S( @2 k* o4 Z6 o5 A0 z# ]
| 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |, [7 m. Q: O7 z
+--------------------------------------+--------------+--------++ O% a* n i+ k6 I( Q" M- E
4 v! e* G" Y! R8 A$ u8 s# [ j( \
root@openstack-controller1:~# nova-status upgrade check7 U* X5 z; z8 M- `
+-------------------------------------------++ E& {) w9 Y& e8 c! O) h }! D
| Upgrade Check Results | B# b3 r6 q/ s- ^. Y3 Q
+-------------------------------------------+
+ P- n$ A3 b" L$ @- m | Check: Cells v2 |
+ H5 g" [/ D2 e _2 | | Result: Success |
$ {! _- ~' l" R9 L! I | Details: None |' a0 I% E" `% Z( d, |
+-------------------------------------------+4 |; w U3 ~1 p4 x0 N$ H% h. Q
| Check: Placement API |. ]0 v; _% r3 `0 R
| Result: Success |8 Z( U$ k0 l( f, q7 ]) \: E
| Details: None |
' Z0 W0 D; k- k, @0 z# X0 { +-------------------------------------------+
# ~$ ]! b; Y; s6 E% p | Check: Cinder API |
8 o+ P& @% z i" I! S | Result: Success |" c {* E8 X9 f& x
| Details: None |6 c, E* n$ e" g; o1 `1 u
+-------------------------------------------+* u3 I, v3 X6 ^' t
| Check: Policy File JSON to YAML Migration |
) E! p. @0 w: t, }9 q+ E | Result: Success |
2 Y J* @1 Q! L; G6 o) K | Details: None |
: x: t& i" r1 D0 A7 d- Y9 h) L +-------------------------------------------+, i2 X7 |) b }
| Check: Older than N-1 computes |4 R$ P2 S) ~0 G% C7 `, E
| Result: Success |/ x' p0 k* p+ v6 ]9 _; F0 m1 n$ r
| Details: None |2 H$ U3 M- `2 H& R/ r% o' i
+-------------------------------------------+
( @, ?, W- S- }7 Q/ o/ b, v7 o | Check: hw_machine_type unset |
% l3 {- P- D: O9 ?. ^; o8 h; a0 b | Result: Success |' j0 A0 R- ]+ w" O# w+ b
| Details: None |
/ A4 }, o5 [, ^! H$ { +-------------------------------------------+( ]* f( B& M, a: q/ j+ ~
| Check: Service User Token Configuration |
' ]. u( E$ u8 f) _) A | Result: Success |- M3 _/ n9 T1 K/ l' h+ P
| Details: None |
, P0 O8 p* R$ z$ i4 j +-------------------------------------------+
! E3 w5 G+ S% Z e( Y: a" F6)安装neutron; g1 O- _2 ?7 ^9 N# M! I
6.1)安装neutron-controller节点, m4 F: `9 w0 W/ d+ Y# e3 o: q
6.1.1)创建Nova数据库' j( G1 z1 w. K6 j$ k F0 Z) s
root@openstack-mysql:~# mysql
7 b2 ?! y7 }* M! F6 V& d2 m MariaDB [(none)]> CREATE DATABASE neutron;9 S' y9 M/ d6 k1 y7 D
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \4 J+ M9 p/ v6 z y A
IDENTIFIED BY 'neutron123';
5 r; ~5 v& |/ y( s: _4 \& y MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
) ^; m. C% j6 E5 U3 c- a IDENTIFIED BY 'neutron123';* a. } X. k1 a+ r
6.1.2)配置用户和端点8 X4 d# f: b7 z l4 a3 Q
root@openstack-controller1:~# source admin.sh
, Y3 T/ m& `' B' j9 u- \ root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron
" y- s' @6 C& M5 n User Password: # neutron9 f' G- J+ S2 I% r" c3 o @9 R
Repeat User Password: # neutron: a- C% z3 k' l p. y- L5 v, P
+---------------------+----------------------------------+( b. M+ C6 A2 Z- k1 G$ E% B
| Field | Value |
+ M& W$ x5 I7 Z+ Z( j @) a +---------------------+----------------------------------+
. C7 q& ?! W" F7 E+ ?' ?0 @ | domain_id | default |
5 B" i' y: @- H$ G) o/ \# }7 r+ g | enabled | True |
$ t& U" L& _2 J0 \& j! F# v& R S | id | 282317cd0bb74396a7a12dcdd96aeed0 |0 T t# C5 o2 t( H3 s( Y
| name | neutron |
& j- w* e( U. [8 p+ k5 H | options | {} |8 o7 }; B" s* ~( u' x6 ^
| password_expires_at | None |
1 _* X1 T7 H4 h9 y) e +---------------------+----------------------------------+
6 ^2 u+ x, j- r7 m
- M6 A4 P, E+ b# L1 t `将 neutron 用户添加到具有 admin 角色的服务项目`
7 y l! J- x6 K! A. D$ q+ W9 i # 让neutron拥有service项目的admin权限`
- J$ r8 p% D" q) R' ^# ~ root@openstack-controller1:~# openstack role add --project service --user neutron admin
2 g, F/ o2 G6 E! p `创建service实体:neutron`
9 _3 O; e& [, _2 m; J root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network
9 a' a# `2 f2 Z9 e% z+ X( v +-------------+----------------------------------+
: u$ D' z/ P; H9 z+ }, M | Field | Value |
2 Q5 D/ u! k: \) ]5 [9 D +-------------+----------------------------------+
& H8 i' O9 C" ^% ^! {+ R- H | description | OpenStack Networking | ~- c; n# o7 y" ~" t: L3 l/ }! ?
| enabled | True |# I# U. k3 p4 f5 B
| id | e4ff8c65882a401a83e2203ce49daeaf |
& ^0 A0 N/ m% O& i | name | neutron |1 s+ M" G" y9 I0 {- c
| type | network |" ?% `4 z7 l L7 y& C1 s
+-------------+----------------------------------+% W, x+ @0 J- B
[root@openstack-controller1 ~]# $ `% e- D" ]7 _/ n$ \. z
6.1.3)Create the Networking service API endpoints:
6 n* ]- f2 n6 M; b3 @5 V' A [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696
2 t( ~* [5 l: _6 a, H +--------------+----------------------------------------+0 X. x2 e3 }# o
| Field | Value |
9 x1 u* \# `* Y9 g( U* m8 |* C +--------------+----------------------------------------+6 W$ Y! l% u7 D% F1 n
| enabled | True |
, O5 i* ^1 z% B) b | id | 970ca60adf5746299d48f7659d500809 |4 o0 I( J( L5 Y- C( v+ H4 y. _9 h( `& {
| interface | public |; V; ]% z/ l" ]- I6 N5 z3 m: b% H
| region | RegionOne |! q% | \' h. R2 t+ z* A& y/ n
| region_id | RegionOne |
$ A$ ~# H; Z% R, y# H t- F. T; t | service_id | e4ff8c65882a401a83e2203ce49daeaf |
! R- c1 Q% o, i4 b9 ~# H4 c2 S | service_name | neutron |
+ ~1 ~9 a [' P9 g% U8 l4 z! ^5 ~ | service_type | network |
! C$ ^, D6 p) j4 p6 Y; G# S | url | http://openstack-vip.stangj.local:9696 |
7 u* \' w/ [, W8 E +--------------+----------------------------------------+
2 U' G. `3 T! F$ P& U [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696
6 _8 D8 Y4 ]/ D7 c +--------------+----------------------------------------+
' ]5 ?$ V# Z4 W( ~& m9 j/ c: Q | Field | Value |
, q* T9 V* F% Q- y2 E7 P, D! C +--------------+----------------------------------------+
+ b3 S1 t( _( U- j; r | enabled | True |5 r, ]% _, n, ?! S
| id | 4c5f5ffbba4a4c668377a86cfd4a2320 | q5 }2 s8 {3 a( ~& v" L
| interface | internal |: W+ d. ?. [/ y) e S
| region | RegionOne |
& W/ I* V- ~. f: q- P2 ` | region_id | RegionOne |+ r8 L8 H0 ^' Y3 M1 @! X
| service_id | e4ff8c65882a401a83e2203ce49daeaf |
& W2 _& N) ^1 |7 J$ }3 n8 ~+ @1 e7 H | service_name | neutron |
) d/ r9 n8 @, w) {% h$ t5 r | service_type | network |2 i6 ]! A- T, m4 |
| url | http://openstack-vip.stangj.local:9696 | L# Z" a6 S% h4 l8 \% S' N
+--------------+----------------------------------------+) `6 o" P' i {1 l; b! f' H
" f+ {, \7 n! k. o
[root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:9696
( K8 Z; k' L8 L4 K! B( m8 W9 V% ^ +--------------+----------------------------------------+
$ g3 }+ ?* C) c | Field | Value |
3 ^7 w2 H V7 a z +--------------+----------------------------------------+8 l: v2 o5 z/ o# I% I5 |5 J! A
| enabled | True |
- X& ?9 j8 f; }* I- r | id | d8c4e83eab66486983680b69520ca92a |( C3 n! w3 c3 U/ S3 k$ g
| interface | admin |% C% ~/ w/ I3 g3 l" v% x1 J
| region | RegionOne |
' O3 g4 W; P( x8 ~+ e | region_id | RegionOne |- }: @# f! r0 T
| service_id | e4ff8c65882a401a83e2203ce49daeaf |, k- A' v3 v7 s8 r
| service_name | neutron |
e1 ~# Z0 E) l; s: A! K | service_type | network |0 I1 o6 ?# u, N# C0 l! @& M
| url | http://openstack-vip.stangj.local:9696 |# W& v1 Y( S( ^/ {
+--------------+----------------------------------------+
3 s5 ~% ^( M4 S6 [( q; ]* b7 m6.1.4)配置haproxy
. m {5 l- n( C/ y/ f root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
9 m; r6 X3 J7 a: k, ?1 a& T( r # 在最后一行添加下面4行内容
. J8 | Q6 `. P3 p( K listen openstack-neutron-9696
! e/ p# I% [! W6 y" M5 B' B bind 192.168.139.248:9696
* f+ r* f2 v; U4 E5 ~2 y6 B mode tcp5 {6 o) ]% q8 `3 R7 X% C, n
server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 5
- d$ K% B. D1 ^8 y root@openstack-haproxy:~# systemctl restart haproxy.service ' ~6 e0 L/ x! F8 _6 {
root@openstack-haproxy:~# ss -tnl | grep 96966 z1 A3 U( Z2 Q
LISTEN 0 128 192.168.139.248:9696 *:*
3 ]' }# I5 S# w) p. y1 z" z+ i6.1.5)部署neutron
* Y9 Z# L2 c' W& o( [7 x; I root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \
0 s+ v5 c' w1 L+ x, ? neutron-openvswitch-agent neutron-dhcp-agent \
# X; _5 v- n- R* u neutron-metadata-agent( x+ {$ I, P$ C, J
6.1.6)配置neutron主配置文件
6 W: l# Q$ Y4 j3 _3 Z/ C c8 v root@openstack-controller1:~# vim /etc/neutron/neutron.conf4 u) [, F% {' {$ z, L' U
[database] # 在此模块下面添加下面这一行
% O, b/ L9 \# d$ F5 w connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron
( l- \0 l: m& g: u
7 R. U$ L- n7 a& e* _9 ?5 }$ c [DEFAULT] # 在此模块下面添加下面这4行4 S# b0 h( s0 B2 [) o3 l! n
core_plugin = ml2
6 G) r/ x1 P* K, R# W% B service_plugins = 5 N7 ~( }6 |; X
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local; L8 k5 O8 }* @& b2 ?9 I, E( B# g
auth_strategy = keystone/ S7 f8 ^- ]: D) _
notify_nova_on_port_status_changes = true' X2 m( O+ \- q; i% D3 b
notify_nova_on_port_data_changes = true% M5 k' l+ K+ f: r: @8 O7 @+ e
& | ~2 ]7 j) l- i$ T( ]. o7 C T [keystone_authtoken] # 在此模块下面添加下面这9行# w3 T/ r& m7 w t4 L/ k# P: z/ u
www_authenticate_uri = http://openstack-vip.stangj.local:5000
6 U7 [( @ @/ q( F3 o3 ^4 V auth_url = http://openstack-vip.stangj.local:5000
' s# F6 y* q P v memcached_servers = openstack-vip.stangj.local:11211/ j7 O2 {2 J4 t( M
auth_type = password
2 Q: ~" ^7 R5 M" Q! v- } project_domain_name = default
1 V; R: o8 \: X user_domain_name = default% P7 P- b$ s/ g7 d3 @. q/ d% j$ |
project_name = service. ?' a w+ T; p0 z6 ]) \
username = neutron& n# |+ { a% I8 r+ Y- X; v2 b
password = neutron
" J+ n A+ l' N , R3 l, p1 x" |9 X
# 配置文件的最后添加下面9行
% l: U( p# ]) Q% p7 N [nova]
, ?# E. v9 w& q auth_url = http://openstack-vip.stangj.local:5000% E+ }* \: J. z' O4 q$ B
auth_type = password
# s2 w% M7 ] ?& Y, z project_domain_name = default
6 S$ C# h# S7 {* S+ G9 S user_domain_name = default' \' t% g; w/ Z& a( X( g
region_name = RegionOne
! H: ]' }7 J5 e+ T2 D1 [- { project_name = service$ p- u7 Q+ X, [. d+ ]) }
username = nova$ a* M R4 j" @) w5 i; ]& s
password = nova& m- w4 }* [. ^# n: d- X* t
. L) r, }" | Y( f* n! _9 F" h z
[oslo_concurrency] # 在此模块下面添加下面这一行
3 A, |) F+ H* d7 ~1 F lock_path = /var/lib/neutron/tmp
: ?( {3 a+ M/ `/ L; Q % n! b$ |1 r5 |
$ c! }% b/ a7 R
#service nova-api restart& c- s" M E: A# D! y: O2 s
#service neutron-server restart0 A' x- b d; u$ F; ~" K
#service neutron-linuxbridge-agent restart! g2 H) z2 d% a( |" X6 T
#service neutron-dhcp-agent restart
4 l4 k |$ O8 a #service neutron-metadata-agent restart
' C4 J h( W6 d$ J1 q0 H6.1.7)Configure the Modular Layer 2 (ML2) plug-in
' r* @/ N; |4 ?- I+ Z2 a可以从网站上获取完整的ml2_conf.ini8 v. M t3 C* \9 [4 [, F
, c. ~) y7 m3 D0 ?
https://docs.openstack.org/newto ... s/ml2_conf.ini.html5 {* d6 e% E1 [
" k9 H2 N" {* q: d! b
root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini
. O1 R5 h6 h6 m) u- B5 V [ml2] # 在此模块下面添加下面这4行
W% g e' o' f$ ? type_drivers = flat,vlan* j! H3 G+ F2 V
tenant_network_types =& ]/ n' W1 _% ?- \8 z
mechanism_drivers = openvswitch" ~! ^& m$ \3 y1 W
extension_drivers = port_security
4 `4 d+ X r2 F. q9 O. J
7 v: W3 E! R9 T; i) H3 I: V [ml2_type_flat] # 在此模块下面添加下面这一行
) ^; \( p$ z! c& t, z" a0 j flat_networks = provider
% W* q- }7 d% n3 s# g1 C l2 k5 \ : O) }2 c4 |: x0 E& U0 N
/ ^/ L- z6 @: r% j' s
`最终配置信息`5 u3 N8 U" B3 L0 ?4 o1 j7 C
root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini
9 S6 N( q% _& p0 e- } [DEFAULT]- x* x8 t+ u% ]" A( i) j
[ml2]- y4 k. I8 p& t" D4 Y4 w2 l
type_drivers = flat,vlan
1 c# q9 |( @) p# V tenant_network_types =. F8 [' Z: T5 `1 n! z! M
mechanism_drivers = openvswitch, G0 H" i$ b$ m% b( M$ F
extension_drivers = port_security" }2 J8 o2 n1 O* M! W
[ml2_type_flat]
6 c) `6 D/ [" U4 S$ n; ? flat_networks = provider
. S& B' {: ^, M( ]/ \# Z& o0 w5 O8 A [ml2_type_geneve]
( G% ?% O6 i9 \9 W% [2 A2 `( A6 L [ml2_type_gre]
' l% O @% X+ x( v N [ml2_type_vlan]
( i0 ]4 ^+ k# U$ R7 \. D [ml2_type_vxlan]
# k9 x9 W" L$ x" [8 `( { [ovn]
) x: N3 S- m, g' s2 i8 o [ovn_nb_global]
: h- ~8 D* b( @1 I: T2 m3 c2 ] [ovs]
- ~4 K @/ c4 c1 G! z* R2 d [ovs_driver]' r+ H" Y' t6 F, W4 b
[securitygroup]$ N, w9 [" X$ R/ z
[sriov_driver]
9 V. c4 `& v2 P; d/ b6.1.8)Configure the Open vSwitch agent
! j$ T) b# V# H* g可以从网站上获取完整的openvswitch.ini) H+ G/ H k& Y9 e: k: s; u
1 K' X" F3 Q, t* k1 a
https://docs.openstack.org/newto ... itch_agent.ini.html) ~6 |2 y2 [- N- {. H
3 D" U+ ~5 V$ X% ~ root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
* ^+ J, ]9 ~6 d. Z& C8 t8 e [ovs] # 在此模块下面添加下面这一行
; W E3 x% @ F$ C9 L bridge_mappings = provider:br0
& \7 V/ T% Q5 N / i# O9 r6 R% I
[securitygroup] # 在此模块下面添加下面这2行
( @1 H, p) l$ d( u: L+ b enable_security_group = true1 u' o& M( n8 Y1 h
firewall_driver = openvswitch: f3 Y* T0 u9 }+ T$ _: J
; p. L! |( m1 K2 k
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`& l( m. |9 a5 I4 o' ^. s% o- K( F
root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf
- E# ~( B% M# ?' Y% h8 N开机加载网络配置0 K1 d3 o% I* r V& Z2 L e
" u+ f% S8 W$ P. m$ P' j% x% J #!/bin/bash
6 D0 d* Y4 L! K* R ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31
" g& X( a9 ? A+ M ip route add default via 192.168.139.26 w% g" s9 J- s3 f( i- z3 v7 w- h
echo "nameserver 223.5.5.5" >> /etc/resolv.conf# h/ A4 J+ N) Z6 c) s) i @
6.1.9)修改内核参数
2 [: B' ~1 q, `" t# M0 \ root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
7 N: p2 g0 B3 \ I0 o, ]1 g root@openstack-controller1:~# tail -2 /etc/sysctl.conf6 o; b5 w+ \) Q* L8 X7 D
net.bridge.bridge-nf-call-iptables = 1
! h ^ c- o- i3 S9 h( a net.bridge.bridge-nf-call-ip6tables = 1) N2 A! W( w) v4 x2 _1 Q
`加载模块并让内核配置生效` 8 E7 p5 U) }. J5 t. r- g
root@openstack-controller1:~# modprobe br_netfilter* h! a- S" E6 i$ N8 b) v
root@openstack-controller1:~# sysctl -p
- s) w' ^# d7 s3 Z5 c+ T net.bridge.bridge-nf-call-iptables = 1/ Z* n) r* Z) D7 W( Z
net.bridge.bridge-nf-call-ip6tables = 13 ?4 ~8 ?* Q% z4 x+ h3 ]
6.1.10)配置DHCP
# _. ~/ i8 w I7 I( X2 c; W root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini4 ~/ {9 j0 d( ] ~" {7 o& b
[DEFAULT] # 在此模块下面添加下面这3行- e" ?- K" a. U
interface_driver = openvswitch
1 q# T: ]5 z7 | dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
1 T/ s" K6 B7 l: P9 ^$ [( ]( \, d enable_isolated_metadata = true
; e6 P) i0 g. ]0 g" Y3 f #enable_metadata_proxy=True/ M! r8 l/ f0 W! s. i( Q
#metadata_proxy_shared_secret=openstack
" y E' c; `4 z& H3 g) \4 ^! G& V6.1.11)Configure the metadata agent: w. |6 m. K) v' T
root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini9 U. j E8 Z, u R* Q
[DEFAULT] # 在此模块下面添加下面这2行
- s! a- i0 Y2 A+ g2 G( @, g5 R p nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址
; H( y& e, b# K5 h4 U1 t metadata_proxy_shared_secret = openstack
. s4 {0 c5 a# `/ M6.1.12)Configure the Compute service to use the Networking service; C& O) Y$ Y, r
root@openstack-controller1:~# vim /etc/nova/nova.conf
# l, F% |9 Q7 r8 g1 H7 x [neutron] # 在此模块下面添加下面这10行5 b, f- u/ W5 y; h; S4 ^+ N
auth_url = http://openstack-vip.stangj.local:5000
m! a3 {1 f5 D0 s, a; u7 N3 J) j auth_type = password
0 j8 H1 z- v) @& D3 u project_domain_name = default
9 D# \$ S8 [# B2 i+ C: q n; ] user_domain_name = default! Z, r' {) ^- _" u! J/ F' Y3 T
region_name = RegionOne m& \7 t0 c# t2 u9 M% L' K, P0 V
project_name = service
& e0 G3 h( S/ P. o username = neutron
) @+ C! e3 }" c password = neutron' j7 ^3 j3 T1 o
service_metadata_proxy = true% o. ^1 J, k/ ~& H/ q
metadata_proxy_shared_secret = openstack
S0 i( W6 ?5 Q" X) `& Y" m6.1.13)初始化数据库
4 v5 I# e3 G- B root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
8 G9 W9 c2 q4 R1 d5 i root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron- I; b' S1 D; k$ K% ?% J9 {
`验证数据库`% s5 Z; X6 u( w2 p
root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables"
. U9 a9 C l, I/ R( |" Z4 I +-----------------------------------------+- w" T; s* ^+ U& g U
| Tables_in_neutron |0 w/ C# F+ S7 u) x' v8 ~- s. ]
+-----------------------------------------+# T) D9 J' W1 S+ Q* i' I
| address_scopes |
3 u6 T+ r" \: E0 E- B8 I5 g3 D2 A* O | agents |) X" o2 i3 s' P3 P# P* g: r2 ]1 A" q
| alembic_version |
2 ]& F. B7 X) g( W | allowedaddresspairs |4 V! \* U G% C/ ]$ p$ s5 }8 [
| arista_provisioned_nets |( M# l& s1 N8 C# G9 O
...........................................' M8 w6 r$ a* F. P( F, @' \4 N
...........................................
8 k/ c4 J7 i+ K9 X8 w: E% J1 P% | | vcns_router_bindings |4 P8 t {0 I" |$ n U u4 Y
| vips |* e" r1 ^; {4 e# X8 h( ^
| vpnservices |7 M; q" X4 |- n3 z0 m8 c G+ P
+-----------------------------------------+% B9 @( s. X% m# B8 W6 D$ n
. b+ x7 i! b# N, I6.1.14)重新启动nova-api API 服务
1 l4 F2 r- U: s root@openstack-controller1:~# bash restart_nova.sh# a7 [( g' O3 L0 o
6.1.15)启动网络服务# z' r' {0 t# f" S0 w: e. I
root@openstack-controller1:~# systemctl enable --now neutron-server \5 j+ o( A6 W: d6 a: k
neutron-openvswitch-agent neutron-dhcp-agent \* e$ g& a4 A! @
neutron-metadata-agent
% `7 J8 B) n: }$ K3 C6.1.16)编制neutron的重启脚本
! V: Y- C" ]2 {3 \ [root@openstack-controller1:~# cat > restart_neutron.sh <<EOF
6 S: C) ~6 q' A6 p8 c #!/bin/bash4 D+ f% ?3 P0 N0 _2 w0 a
service neutron-server restart& q0 f9 s A6 M
service neutron-openvswitch-agent restart
* U5 _2 H. |' a0 D6 H service neutron-dhcp-agent restart5 o3 v$ l. Q5 L0 v
service neutron-metadata-agent restart! e/ n: I: v. m" e2 J4 a# Q
EOF
2 g; s. U! L* M+ ^1 ` [root@openstack-controller1:~# bash restart_neutron.sh8 O2 H, O+ l: u( a" h
6.2)安装neutron_compute节点
! h# W; R4 X) s j6.2.1)安装相应服务
& ^" t! y/ m' R, _ root@openstack-node1:~# apt install -y neutron-openvswitch-agent
/ W: @3 {' p# n; E$ g* r/ b* c6.2.2)修改配置
6 t* K9 ` s6 ^ root@openstack-node1:~# vim /etc/neutron/neutron.conf
* k. V* C3 P" p, V/ T [DEFAULT] # 在此模块下面添加下面这2行4 A: ?, K! K' Z0 H
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local
+ U% M" |. i+ f : s+ v ?7 T' ]1 _6 C! y
[oslo_concurrency] # 在此模块下面添加下面这1行% G! u. L$ w7 G1 [# _, f
lock_path = /var/lib/neutron/tmp
; c8 G6 _# P- }' X6.2.3)Configure the Open vSwitch agent
' ?8 Z; s8 p0 { V- z可以从网站上获取完整的openvswitch_agent.ini
# K" Z2 h2 s4 O( o \) I) ]& f1 U5 y
https://docs.openstack.org/newto ... envswitch_agent.ini( ~6 L: o. [7 I" v
/ q& P" y" {; R/ d
root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini0 u2 C: u9 j5 r. [$ L2 k3 C
[ovs] # 在此模块下面添加下面这1行: @: {3 i( k' Y% c6 P- q2 K- P
bridge_mappings = provider:br0
5 s1 K, v7 f; s R9 X7 a3 z
+ o+ ^# X, A6 A; H [securitygroup] # 在此模块下面添加下面这2行! `: ~6 V" `( p; P( }, z
enable_security_group = true4 O0 L* ? V8 A9 h [% z2 o
firewall_driver = openvswitch- A* F: M1 ?) p. T% F
9 P( c8 ~1 t, O, m
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
' U+ ^: Q* y0 o$ B: O3 D' D; S root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.2
; J+ l, m/ I$ |开机加载
3 c3 s; R6 K, @: p/ ?) e" _4 a7 k* s$ `( H) _
root@openstack-controller1:~# cat /etc/rc.local 7 j4 {7 r7 W5 z# O0 A
#!/bin/bash
6 J- c* S3 s1 _3 I, l4 J ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.340 N% L/ R+ _$ C6 u
ip route add default via 192.168.139.2' R2 x9 x, Y8 ~, l6 _1 M2 |0 B' e
echo "nameserver 223.5.5.5" >> /etc/resolv.conf
" P& Q/ Q' H" ~! @" `8 D. u6.2.4)修改内核参数
6 {3 `/ H% F" m) M% [5 Q root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
: H* _" V3 X1 b
- N6 c/ s/ _/ x6 S3 u$ O, [ root@openstack-node1:~# tail -2 /etc/sysctl.conf7 m( |0 A: x5 @1 C) H: c+ y' V1 S
net.bridge.bridge-nf-call-iptables = 1
; Q @9 T; _- p/ G net.bridge.bridge-nf-call-ip6tables = 1
" S& J& e. m, ~, A `加载模块并让内核配置生效` - y2 A5 b8 P# z+ k
root@openstack-node1:~# modprobe br_netfilter
+ o7 ^; F3 X3 A7 s s1 } root@openstack-node1:~# sysctl -p
0 G' Y0 t" Q' i1 S3 S net.bridge.bridge-nf-call-iptables = 1) _* x4 k/ [0 F, Z/ |
net.bridge.bridge-nf-call-ip6tables = 1) Z! D8 L6 N/ Z+ b8 O" d ]9 R4 E
6.2.5)Configure the Compute service to use the Networking service- j! x5 _# `( H+ G
root@openstack-node1:~# vim /etc/nova/nova.conf
7 V5 Z; @" e3 H$ r5 j [neutron] # 在此模块下面添加下面这8行
* b5 G/ Q0 }) R/ N; \! u* a auth_url = http://openstack-vip.stangj.local:50008 l! J5 [# ~) R% ^' D
auth_type = password
5 S, p6 v9 U) d$ Z/ Y project_domain_name = default' k9 G1 \: G4 v; |- ?# c: q g
user_domain_name = default
' V7 @2 B- P3 d) f2 o3 \ region_name = RegionOne+ e" a0 O! f; E. O& C& u, q
project_name = service4 }0 _5 H. ]* y5 {
username = neutron
2 ~) t8 d9 D0 i" _ F password = neutron
, g* F3 ~# r1 A3 J service_metadata_proxy = true
/ F: w3 F1 G' i5 X metadata_proxy_shared_secret = openstack
9 f7 t1 t3 A4 u& U+ J( E/ T* F5 N2 ]6.2.6)启动neutron_compute
; Y C8 u: L4 J' m( c root@openstack-node1:~# systemctl restart nova-compute
1 g; a h/ C0 ]& d root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart
& l- ^5 f2 E9 x: x) e, i" @7 @' M6.2.7)编写重启neutron_compute脚本
8 e; [9 W6 C6 R9 F2 B- ? root@openstack-node1:~# vim restart_neutron.sh' ]# W6 @; ~! _- z6 B
#!/bin/bash6 T' |% V. a' p8 q- Y
systemctl restart neutron-openvswitch-agent
0 X2 m' I* Z' `& f W0 C; C7 L3 Y6.3)验证服务
! N! Q1 K6 M5 c1 A [root@openstack-controller1 ~]# openstack network agent list5 B1 J0 @8 S6 q1 [5 f
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+, H7 R! T* A Q4 a, \9 t% R3 C
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |$ \3 i! |9 @1 Y( S/ O9 h) |
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+" u' c+ {( a! K9 e) \3 d* @$ j
| 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |$ d8 ~6 L# M/ b, h5 Z* X
| 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
- s, v/ B8 G/ H* v% {; m/ s' a | 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |
5 y, s9 y" w- X( w6 M3 O. U | afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |7 K# z& K# L1 z7 ?
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+) K7 a# K. n: k( i
[root@openstack-controller1 ~]# nova service-list; V2 H$ g" R& ]5 ^8 |0 a ^$ _
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+% r6 ]1 {" z) w6 Z
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
; k+ J; \" a" T/ W: m* g% M +--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
! H* D; S u* w- Q9 V* Z1 M( E | 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |
) _8 n1 G6 ]7 A | 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False |: [6 e; g: C3 J" X2 c: L
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |! d. v( M r+ a& w% i% D; F7 I& I& m
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+- m0 Y& [9 s" L
7 ]* Y* B* |0 `7)创建测试实例- {) c) |' a; s/ r( @: N9 B8 b
7.1)创建一个provider网络" w2 o* K0 j1 V4 h7 Z4 v5 O" h
root@openstack-controller1:~# source admin.sh # ?. S3 G2 U" d; I/ ^# K) i
root@openstack-controller1:~# apt -y install bridge-utils
2 R4 U, \ o' i* f P, w/ U root@openstack-controller1:~# openstack network create --share --external \
! Q' M, o( ^8 O; n --provider-physical-network provider \
) n: f1 N5 i) N: @' i0 h$ G6 p --provider-network-type flat provider-net
; {8 D: F* J6 n; \% p# ` #####################第一个external表示创建一个共享网络并声明他是一个外部网络#######################! N2 y) e- ?# T6 @' u
########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########" l; B5 |+ f+ B* L) S! x( j& J
############################第三个external-nat表示提供的桥接网络的名称############################
' T9 A! Y7 n w: N root@openstack-controller1:~# openstack network list6 ]. z+ ^3 {1 @" m0 y
+--------------------------------------+--------------+---------+
. q$ P! O7 ` O | ID | Name | Subnets |! n7 L: I" B& ~8 G
+--------------------------------------+--------------+---------+
4 m& ^( c0 I$ f" Z! w8 P3 j5 I | c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |
/ k3 s' d. o" E) `. [ +--------------------------------------+--------------+---------+
1 O' c$ P" ^: p9 b6 P7.2)创建一个子网2 V6 Y7 k! K& u
root@openstack-controller1:~# openstack subnet create --network provider-net \
% \: d. g; z0 N+ i' E, r --allocation-pool start=192.168.139.100,end=192.168.139.200 \
- ]0 \! i+ V; y --dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \: v; a0 r7 a# } b; n7 ~8 M+ H
--subnet-range 192.168.139.0/24 provider-sub. C9 c( q( K, S! \* ~, I0 \
############################创建provider-net的子网provider-sub############################
; W, y, d& B0 e; ` `验证`
- \- `$ f X. _" E) X [root@openstack-controller1 ~]# ovs-vsctl show/ h6 L! U Z3 u) p# O
28a508de-e0a2-418a-b357-4a93f9f69127
+ L/ |7 h: h3 R Manager "ptcp:6640:127.0.0.1"8 l8 @) y9 Z" ]4 T' W2 e1 e
is_connected: true" c& _% a8 G( @8 f4 ?% z
Bridge br-int
0 \4 j* @7 K% Y _ Controller "tcp:127.0.0.1:6633") G- f3 s& v/ d
is_connected: true- @" h% ^. p, {! b9 n2 K" e+ `
fail_mode: secure: Z2 N4 g- v J3 P7 r) |
datapath_type: system' n0 P% F/ @: v6 M$ f+ G
Port br-int$ w: ^3 l& `4 h5 d
Interface br-int
! z i+ ?' }" @ type: internal* [$ C* v6 p- H5 }( r% n1 |
Port int-br0, d( a$ D8 ~% w. R+ J3 J
Interface int-br03 G {7 k) w, _
type: patch% u4 h' \+ P$ f% h
options: {peer=phy-br0}7 H0 M9 F5 b- k5 w! l' Q2 M* [$ Z
Bridge br0 x$ S% t* F" U# O. T3 B1 E( r* K
Controller "tcp:127.0.0.1:6633"( X" i H9 b2 S' ~' J. J9 g
is_connected: true+ g5 I7 |7 T+ A
fail_mode: secure
E% C6 [* W, a7 T+ t' G datapath_type: system
1 x9 h: l! q2 F Port phy-br0
% A6 F2 l# |/ ` Interface phy-br0
- ?9 n. B5 f. @$ C type: patch) i! W- o: Z- F, n/ O6 z" J
options: {peer=int-br0}
: {9 C n- Z3 L0 s5 \ Port eth0: W7 M+ ]# @7 ?' k5 f# ]7 Q
Interface eth0
- w- b: C" n# s8 W. H Port br0
* i3 E5 ~' b; | Interface br0
c" _6 t( Q% o1 ^/ m6 @9 _' ^ type: internal
1 ?3 r* z5 f$ |/ ^8 A ovs_version: "3.3.0"
3 }4 T5 D; B$ r M# [+ c6 u) | 0 {2 b6 @/ `& R/ e8 @- t0 D& H
[root@openstack-node1 ~]# ovs-vsctl show
! m- L/ K- N1 u- G ea324764-3f52-419d-94ff-784dadc75aa9; _. o/ c2 g. C) l
Manager "ptcp:6640:127.0.0.1"
& s. h4 \* O/ S8 q8 p( Q is_connected: true/ j% e' O8 n9 U7 ~) w
Bridge br-int# Z7 n9 @8 Q# I1 ~$ V2 z2 O% `2 f
Controller "tcp:127.0.0.1:6633"
8 l6 o5 A& ]- H* I* ^ is_connected: true
$ E2 b) Q' y8 z( I2 D! _ fail_mode: secure
7 O" k3 N ^. y5 v0 { datapath_type: system
t% d. _+ G3 c: ] A2 `: _ Port int-br03 V9 V5 i6 O4 ^ S8 X; O K8 U$ e
Interface int-br0
* G' a( L) S& v& z type: patch/ V( ^5 p7 @( B s" l0 K- _
options: {peer=phy-br0} Z9 k# s2 p: E
Port br-int, I# ]- n) k; v5 o
Interface br-int t7 C6 v& N& W" S8 J; Z/ ^8 V
type: internal3 H% ^5 p, C+ X X) }$ p
Bridge br0; y5 i! o" Q" R2 B& }3 g
Controller "tcp:127.0.0.1:6633". K9 [- @& m9 N3 B9 {6 C7 `
is_connected: true
" q6 k$ z6 P% `+ W6 o/ b fail_mode: secure
& s7 _, K& H/ ^ Z; y6 W& e; v% R datapath_type: system
* |" B9 w. |4 f: {3 F Port br0! q* H2 z. X6 D8 s+ h
Interface br0. e5 h0 }: O; C% V1 `' m
type: internal
6 ]$ v0 n \: B3 m" d Port phy-br0
$ W9 |5 i# [2 m4 r Interface phy-br09 a7 ]% r+ A' x" B8 r7 n( K7 F
type: patch* {, x9 ~& [6 C) |) S
options: {peer=int-br0}0 `3 d6 y; ^ B
Port eth0
J/ b! ^- T4 V# k, x3 }3 Y Interface eth0
& M( P$ W( x/ R% d ovs_version: "3.3.0"
" o5 I8 s' |5 c) v2 `( I/ v# k7.3)创建虚拟机类型0 |7 v5 l- U( L6 J: G, H# B
[root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
" N+ A8 m" A. Q/ W& I +----------------------------+---------+% I3 h( g% {$ u
| Field | Value |4 ] _5 I2 M% o7 n
+----------------------------+---------+' A. r1 |: G3 Q: }
| OS-FLV-DISABLED:disabled | False |5 V8 G1 ~& f' g3 s) B
| OS-FLV-EXT-DATA:ephemeral | 0 |6 S1 h' b; s8 o' B' j: @
| disk | 1 |
/ u: z _' {: S5 Z | id | 0 |+ F, j: _; R+ I/ a7 Y& j; [" f2 d
| name | m1.nano |" o' l3 J+ W5 a+ U; V) l9 G. H
| os-flavor-access:is_public | True |5 E# U" S8 `5 z0 v) V2 i$ Q' J
| properties | |
8 @- v7 r: ~% u, R7 i9 V- P* M9 p) t | ram | 64 |* J( d- c: ~" \, f7 t2 Y5 o
| rxtx_factor | 1.0 |
( u* e& V. C# ~ | swap | |# b9 r+ ~9 f: l0 r( s* I
| vcpus | 1 |2 S+ r' D8 f1 E; D2 m4 {
+----------------------------+---------+/ u7 E- Q( z* g; U; }. H8 M+ X
7.4)生成密钥对
9 K& A& c6 Q5 y( a( p5 q# m, T& ` [root@openstack-controller1 ~]# source admin.sh * `3 S+ V3 Y4 U* M" Q' \8 Q
[root@openstack-controller1 ~]# ssh-keygen -q -N ""8 l( b, h2 }$ J* d
[root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
9 ?' l! P$ @2 t* I +-------------+-------------------------------------------------+& p# w2 o& j9 i6 a# _+ {
| Field | Value |1 Q) c+ ?* ]2 t% h) j
+-------------+-------------------------------------------------+" K& h4 k# K/ y5 S( K
| fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |
- H7 W8 ~( m" a. z8 y/ v | name | mykey |
* L$ O; s. n/ k/ C! |# r8 H | user_id | 5c4b6243d95742799de0fc97ef119967 |
) c# m, d9 h* I6 R+ T7 q +-------------+-------------------------------------------------+
8 G, k. \, T' m$ [" Z( @ `验证`
9 w8 @" h' b% Q [root@openstack-controller1 ~]# openstack keypair list, Y* }" Z' j6 ^* J, X
+-------+-------------------------------------------------+
( z( P, F# v3 v! @* Q | Name | Fingerprint |$ M$ V& Q5 L6 p: J
+-------+-------------------------------------------------++ [6 l8 z2 k. W2 X- M9 f
| mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |$ Z8 P, A: V n% X2 J! a/ J( y Z
+-------+-------------------------------------------------+
, T% q/ M6 b! K. ^7.5)添加安全组规则
- Q: D; `3 @" ?7 z8 ^# s root@openstack-controller1:~# openstack security group rule create --proto icmp default
- F" ^ v, S H! O# Y `开始ssh`" t! `& V. ^" q7 v+ D' x) `3 A
root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default
* d6 F* S* [6 j1 J! h0 `* Y6 I
+ I' w! v% u( Q( H root@openstack-controller1:~# openstack security group rule list
) T# q9 k5 _) t +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------++ I2 t$ z1 n+ P
| ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |
/ W- L5 F! K4 L/ g +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
7 ^# ], ?0 O6 x# C" |' N/ r | 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |+ U0 G) J% ~% P6 w3 K* T" V
| b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 |
6 x! t5 B8 T+ k3 S) o7 |" E | 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- |8 i' f# c! p/ N; c; b% Q# u5 m2 I
7.6)在provider network启动实例7 E. R \- D7 B
7.6.1)前期验证4 \9 ~2 k1 T3 a. u C$ H4 B, F
`验证有没有虚拟机类型`
. J, T* [: t9 f: p( z4 Z0 ? root@openstack-controller1:~# openstack flavor list
, }" x7 S+ z8 l: | +----+---------+-----+------+-----------+-------+-----------+
0 b8 B; n1 \$ z | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+ E( N) D; }& ?2 ^# U +----+---------+-----+------+-----------+-------+-----------+9 u: M+ I3 v- b
| 0 | m1.nano | 64 | 1 | 0 | 1 | True | O/ J; X% g; S
+----+---------+-----+------+-----------+-------+-----------+
1 c: z/ a% T1 l- r ) `: `' B; f. ?* J/ s2 J) s
`验证有没有镜像`
L! w: ~8 n/ n' ` root@openstack-controller1:~# openstack image list
`$ t: O9 x3 V1 f6 B7 j e: S1 J +--------------------------------------+--------------+--------+5 B0 F" K9 v t" V9 Q6 t3 D
| ID | Name | Status |
0 n. W3 i0 @8 c/ q" Z +--------------------------------------+--------------+--------+
' L" `; @4 Q: Q6 s& x | 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |! }( U6 B* y. w! c& T* I/ ~0 `, n: @; H
+--------------------------------------+--------------+--------+
7 R% l' E/ T; l/ O- p % l$ }+ H3 U, y; ]3 N0 R5 M5 T) @5 x
`验证有没有网络`/ v- s+ ?. _2 F( a, H
root@openstack-controller1:~# openstack network list
, y h0 D. Q& F& i ` +--------------------------------------+--------------+--------------------------------------+
0 C6 _( M4 j" o& v5 b, N8 { | ID | Name | Subnets |9 G& B& L8 k( q7 r; @7 S8 C/ N
+--------------------------------------+--------------+--------------------------------------+
6 d0 X4 P! k1 B+ R' |& V1 L9 ] | 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |1 |0 b; m; J6 g0 v6 f; O
+--------------------------------------+--------------+--------------------------------------+' ?& u- ]( z' C) e$ Q% S* Z/ q
1 ^7 {) d: W- e$ l8 a2 M0 w `验证有没有安全组`" d& ^1 j' s: C7 G6 U
root@openstack-controller1:~# openstack security group list4 H: N& `+ v4 [7 C# R
+--------------------------------------+---------+------------------------+----------------------------------+------+& ?! I/ v/ S2 u6 K
| ID | Name | Description | Project | Tags |* s/ T# v) T7 `+ S
+--------------------------------------+---------+------------------------+----------------------------------+------+6 {0 O1 p: H* [: _- q( A
| f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] |
) ^/ }( j+ W) F8 B# T4 B -+
N q! s( v$ T8 R {7.6.2)创建虚拟机
5 ^* k4 N& @+ V! Z" N6 m- l( V [root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \# ]- c4 t* u7 j
--nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \+ K. r+ h" B: I" U0 W
--key-name mykey linux-stj-1* `9 i8 M2 K8 K, I
#################################参数解释#######################################
! F6 T7 O& k, P. l, Y2 j/ C ###m1.nano:为虚拟机类型;
|" V. z% z! u P ###cirros-0.4.0:为镜像; h, O* L" s, p3 ?) h: I
###net-id=[网络ID=openstack network list列出来的ID];
" p: U$ V, B9 P }' W7 j ###mykey:为ssh密钥对;9 X# i1 K8 t1 U, g* Z0 i; z' N
###default为默认的安全组;6 r- b" T: `7 r6 P( E1 R
###linux-stj为虚拟机名称
( ], D% Z4 t- o #############################################################################0 l/ G* U9 {" X
openstack server create --flavor 1c-1g-10g --image centos7.9 \. Q+ s+ v3 s2 ^8 q+ Z" o: M7 }
--nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \
, O$ \ _9 I( n0 D5 z! B5 O% I/ t --key-name mykey centos-stj-1
, Q9 v2 B, p: K7.6.3)验证虚拟机状态4 ]) a5 _! m" d
root@openstack-controller1:~# openstack server list
5 O& t6 s; g4 s6 L; V1 j +--------------------------------------+-------------+--------+------------------------------+--------------+---------+' ]) C1 C& E) k
| ID | Name | Status | Networks | Image | Flavor |/ I& S- @" E, I: w% j0 \
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+1 g S+ u* T# `; F2 Y, h4 S
| 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano |7 }! u% c% l" i& H$ _# W5 ^! L
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
, D2 J+ q) t$ ?( e q # 加一条默认路由
! }' f+ }. t0 L4 L root@openstack-node1:~# ip route add default via 192.168.139.2/ O1 z: H6 y) y- b/ B
root@openstack-controller1:~# ip route add default via 192.168.139.2# z% T }$ f- w2 l8 G
###一定要拿到IP地址 external-nat=*****: D3 W9 `7 p, a8 Q) y6 ?
[root@openstack-controller1 ~]# ping 192.168.139.140
% x' G( a# g% x. J6 R$ Q PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.
# W4 D+ A1 E4 L 64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms
' Q( J% j; \$ l5 W: `7.6.4)使用虚拟控制台访问实例6 Z" _! R/ [, `: U( B" |
[root@openstack-controller1 ~]# openstack console url show linux-stj-2: w0 M/ G$ o6 B( }! f; E: {$ s& _
+-------+-----------------------------------------------------------------------------------------------------------+
0 g. \% R) e2 ]. E7 R0 G3 e f: D | Field | Value |
# {* \' O: H% d0 y +-------+-----------------------------------------------------------------------------------------------------------+5 c! |5 M9 q" o K2 `& v0 G
| type | novnc |
$ }. C8 \3 [ B% a7 }* d& o$ S4 A- e | url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |
# d" M5 \* t& _8 M2 @3 _4 u +-------+-----------------------------------------------------------------------------------------------------------+4 l! B/ S7 Y% s9 g
image-20241208195008663+ o- {( e+ N5 i/ x/ ^
9 `7 g# T" [) o7 G3 G' iimage-20231217134249953# Y* F! |3 i$ y4 K+ I
& y+ {* s- C3 N% {" K; e: \8 Y' S注意:如果你的访问出现下面这种情况) H* F* D0 D: h v
% j( ^) Z2 X6 o2 s" I8 ^7 ~image-20231217135224898
) s9 f7 P. z" Y, ?# n* x% A7 y' ^* {( @
解决办法:3 ] L9 l; R) f. b. @ s
5 ~7 ?& [1 }2 X: B9 I% V
[root@openstack-node1 ~]# virsh capabilities
: v' [, u% J2 C6 k' Z [root@openstack-node1 ~]# vim /etc/nova/nova.conf0 U1 ?" V: R2 }" ]2 ]
# 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容5 P$ B1 |5 o; }* a% t: E* s0 X5 Y( M
hw_machine_type = x86_64=pc-i440fx-rhel7.2.0
) A, C: U( E! U cpu_mode = host-passthrough
$ n; A) L g$ X `重启nova`( r# [0 v! v( C8 x1 r* d5 d" C
[root@openstack-node1 ~]# bash restart-nova.sh $ x/ a- B( M5 P6 Z9 v" t1 n$ Y
######理论上还用重启openstack对应你要访问的虚拟机#######
+ s7 b q" w, ~5 I) b6 y如果没有出现上面的问题则不用修改nova配置文件操作9 _/ q& P! ?- t1 H" g$ E
: G% A, a3 i( [/ F4 @
, d9 L$ `/ |' Y0 J7 X1 ?+ R
8)安装-dashboard
9 O& [* N; K' P5 m& E8.1)下载dashboard
. d, ?$ }+ E% F8 |, } root@openstack-controller1:~# apt -y install openstack-dashboard% ~! l4 C. d0 w4 S& z; ?0 g
8.2)修改配置文件-local_settings% O2 `8 T" Q. N' ~& r1 g# a$ b* G
root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py
3 s) d- W; V/ E& V( C6 w # 23行 添加+ g/ u0 B2 G+ G/ ?3 ]
WEBROOT='/horizon/': j+ o( B9 `/ S0 F
( n# J; f# t% J. L1 v- L1 b # 125行 修改, V* e6 c. @7 C# z# A
OPENSTACK_HOST = "openstack-vip.stangj.local"
, t# \+ ^: V5 H1 R& H8 u( j OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST
" C3 b& N$ J! D: X6 |. l* U/ Z 3 F+ C, d$ r- c( K
# 39行 修改4 A; o ?. v" s Q0 a8 P+ H
ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']
( _" \8 U" Q! V' q
, E5 i0 T/ X" D3 y # 105行 添加# k0 X. k( P) k9 E5 P
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
$ j* n$ i a8 d9 ~& m8 { CACHES = {
9 i! L, n, T& ]2 s9 J8 |; j, V 'default': {
( E! _8 e$ P/ n 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',$ f* ]) p: ?7 d. k
'LOCATION': 'openstack-vip.stangj.local:11211',' d% T" Z- q) G9 ^' Z$ J
}2 r' p: _' e9 F/ D2 P& p
}& S# _4 K8 Y$ l" ^
, `" @3 w% ?) o& R1 C1 C # 127行 添加
% v) l! Y; X8 \6 I OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
, M/ u5 v1 Q- s& m: e 5 V% }3 y" e/ |( u7 O
# 128行 添加5 G0 _7 _9 Y( Y1 {5 `
OPENSTACK_API_VERSIONS = {& B, N" ]& ]) L
"identity": 3,) o; t6 ^ C& }$ {: n7 f$ }
"image": 2,
: Z* P- f4 j/ r "volume": 3,
: T6 p. P) E# x# C }. A9 n$ r1 [- T) A& `. V
8 O1 h$ j9 T1 } _# Z2 e2 J # 133行 添加, r' a! \8 S. P, J/ d! ? ^
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default": B* a8 W; l& R9 K: @. @1 ?* ^
6 y# u5 `0 c, b( c5 H: d # 134行 添加
1 }" ~! S3 L% |1 p: P OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
! d+ \, P) |5 L% h7 F7 T' x3 v
- Q9 S+ m- s" c1 c6 t- }3 F # 138行 对照修改,把True全部改为False
- Z2 x3 B" Q z2 b/ S OPENSTACK_NEUTRON_NETWORK = {
+ J7 v5 B( Y d1 `* c3 K 'enable_auto_allocated_network': False,
1 d" n. x/ Q* b0 a 'enable_distributed_router': False,, D7 Z# k8 J% E6 I- ~0 n7 l
'enable_fip_topology_check': False," g, R- _6 p) _' s% y: o6 Z( n# D
'enable_ha_router': False,2 X/ e, G& K. M9 X
'enable_ipv6': False,' e! P6 L9 m; m l8 J! v
'enable_quotas': False,
" D: I0 Z9 w0 i& i 'enable_rbac_policy': False,
7 ?# Z2 ?" N6 _) Y8 {* Z1 F, I8 X 'enable_router': False,
' ` C: e5 S- s6 s! A) o9 L T }5 [8 d- B2 z! {5 j
# 161行 修改
: C: v# N' Y- F& R7 i2 N& C TIME_ZONE = "Asia/Shanghai"
& o' F0 @1 P$ W" @/ l; ~. S8.3)修改haproxy
9 Y5 S% r8 r5 h ]7 M' T5 F. x [root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg 1 m: U( P6 c u. P/ u' L2 o; w
# 最后面添加下面内容
; Q8 ?' U6 c9 H0 q5 A3 V+ t listen openstack-dashboard-805 Y, }$ K# j5 {9 u6 `6 M
bind 192.168.139.248:80
1 t+ S R+ `4 F% X3 a! {: s' a mode tcp
+ ~# r! m9 |5 y3 S! o1 C* i server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 5. k# ]* |# @) [( U2 f9 d
[root@openstack-haproxy ~]# systemctl restart haproxy.service ) [6 W4 E2 S4 w
[root@openstack-haproxy ~]# ss -tnl | grep 80' f! A% f; K, \2 m$ f
LISTEN 0 128 192.168.139.248:6080 *:* 1 z( e3 v8 Y2 `0 K+ R7 W5 B
LISTEN 0 128 192.168.139.248:80 *:*
' V- L' ]8 @& F" F$ n8.4)修改配置文件-openstack-dashboard.conf
# s+ _& o) H7 R# X# G' q7 ` root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf
) [" R# y+ c2 r0 Q" J% F # 4行 添加/ [; i9 [3 ^% ~& j0 R
WSGIApplicationGroup %{GLOBAL}
- [1 }3 I- c% Q) R5 g T: y2 l8 K8.5)重启动httpd& K6 H3 } R( q" G" V
root@openstack-controller1:~# systemctl restart apache2.service ; L; \+ h. ^% L G+ w- f
8.6)访问dashboard页面- `. i: v) r1 q# t& j1 Z
http://openstack-vip.stangj.local/horizon/" |1 N# x- ~7 O
( ]% K1 X) f9 c7 T% d; o; |, U
|
|
发表于 2025-3-17 08:00:02