- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
openstack_安装基础使用
2 c# |. t+ J% Y$ vopenstack 版本周期
8 l, `- a3 g, c$ W7 [" P& |" u4 Y) V6 N% k2 k. j$ l
https://releases.openstack.org/" B: q4 z- |1 T+ P" m) \# @2 a
官方安装文档( l. |" @8 j+ d/ h
4 T4 O! N: m( P" A. r; l& x0 D4 Z
https://docs.openstack.org/insta ... ackages-ubuntu.html
+ Q/ {6 }1 i" j' |- v1 w5 t+ y https://docs.openstack.org/install-guide/openstack-services.html! Z0 s/ H+ }1 d3 R0 w* z
手动集群部署部署
" w! N( y/ l% g4 N7 k! W架构
' I/ n4 Z4 W) \8 a1 T主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色! U. N8 A0 K7 b n! P9 a
openstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点01
. t- U* g. o& ?openstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02
0 b8 w( ]5 m% v9 {! Eopenstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ
( H7 b4 I, a ^openstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点
) i6 L! M. b* L8 `: ` o! Nopenstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点
( x9 ~. [( z8 H2 Q* Dopenstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived3 o+ u2 |7 e- E. a* h
1)前期准备5 \5 _( b, Q3 H* H
1.1)所有节点安装
! z) t, a+ ? p8 }. R$ x ~# apt install -y bridge-utils
% @# Q& d# d5 T5 m! U) |4 q9 D ~# modprobe br_netfilter% O. F d' C4 q$ G5 A$ K4 i
~# echo 'br_netfilter' | sudo tee -a /etc/modules
6 M. y8 T4 W( L$ R/ A C8 { ~# swapoff -a5 g4 N2 y: A* o; G8 x9 T7 {
~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab% }1 A" Q7 X5 X
~# apt install -y software-properties-common$ v6 A: m$ W1 x* g B$ {! f
1.2)时间同步0 E% H& y$ H- T( V1 ^
"controller1作为时间同步服务器" K" W; r+ ~; V- \
root@openstack-controller1:~# apt install chrony -y9 E$ w, {/ t, m( o# ]
root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"
; h) F: L- _* p' ~5 q confdir /etc/chrony/conf.d
% q1 g" O n/ W; K) N& g4 m server ntp1.aliyun.com iburst% s& {) K1 @0 \4 K# [& }' Q
server ntp2.aliyun.com iburst3 i; P) P8 U. S. {3 G
server ntp3.aliyun.com iburst
5 ~; q2 C% H$ T# l allow 192.168.139.0/24: i4 c$ N. q: u( ]
allow 172.16.1.0/249 V9 m |' I1 g( r- G2 g
local stratum 10
5 ~" {9 B: D% _1 k8 h' r sourcedir /run/chrony-dhcp4 ^5 N, ]2 i+ A5 H
sourcedir /etc/chrony/sources.d; p0 z" o2 S O$ m) z( \
keyfile /etc/chrony/chrony.keys
& p4 w5 i/ Q, i2 H7 j3 \ driftfile /var/lib/chrony/chrony.drift
" @/ a1 t8 d8 T3 J1 U ntsdumpdir /var/lib/chrony/ u5 n! Z' O/ Q6 x
logdir /var/log/chrony4 ^0 V! l8 k. t& ?
maxupdateskew 100.0
8 I) f+ M* N3 d* d: z% B rtcsync( i: x3 {+ I+ |$ Z) X% y# K
makestep 1 3
6 w n# s& q: h: E$ \( t- ^0 V* n6 z 2 j. v/ ]6 |/ f9 m
`启动服务`7 e+ R w- U8 A8 l5 x6 n$ b, m
root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony: J, w* E0 P7 L$ @
% z4 |% e3 D) l+ F. `) O; B% ]
`验证`6 ?. D( \# J, q9 d4 O
root@openstack-controller1:~# chronyc sources& ~2 e% f! X5 S% {3 C+ d3 {
210 Number of sources = 2# R0 q2 c2 b' H( a! I5 e% T- h8 q
MS Name/IP address Stratum Poll Reach LastRx Last sample
8 e/ ^; _; g. E) O, ^# N2 w6 N ===============================================================================
5 R% t5 f+ y. Z, g, }# _7 U: I ^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms0 W8 v& o7 N7 t0 A0 ~7 M% E A# t1 a: N
^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms
- h9 v6 q8 \7 B" ~ ! j: \) S2 @8 B3 y: l% F- q! H
"其他节点配置(集群涉及到的节点都要配置--我演示一个)"
8 |: a1 c6 a, F4 N3 E root@openstack-mysql:~# apt install chrony -y% D8 U6 g- D+ c/ Z1 K3 J
root@openstack-mysql:~# vim /etc/chrony/chrony.conf
, k Q" l0 M( [* J s. e- a+ R; _ #server 0.centos.pool.ntp.org iburst1 `8 n9 @+ ]. D$ N/ s2 O( l
#server 1.centos.pool.ntp.org iburst
3 y5 y7 |& H0 B9 X8 N #server 2.centos.pool.ntp.org iburst
2 j! a0 q* a9 Q E$ R, G; P3 H #server 3.centos.pool.ntp.org iburst8 o6 R9 L8 I9 M/ A. s, H! X
server 192.168.139.31 iburst # 添加这条信息指向controller1
- ?* e. O, `3 z- q$ Q root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony' |! M6 _# J0 o
root@openstack-mysql:~# chronyc sources
( O! t' T$ f" P% G 210 Number of sources = 19 ^# X+ y- k7 W0 ^" q& }- M
MS Name/IP address Stratum Poll Reach LastRx Last sample
6 H) w. p( z }( K9 z$ G o9 T' q' ] ===============================================================================
! m9 S' P6 m4 {6 C( K ^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms
+ [* S0 A4 h5 q3 d' c1.3)配置openstack官方源( s/ {) J; j- u9 ?
`controller管理节点`
- V' B( e& w8 z root@openstack-controller1:~# add-apt-repository cloud-archive:caracal: d$ O7 @6 a- D
root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache
4 N E- p) Z: L% V ) E$ _6 T7 Q" Q F8 M( H6 O1 y
`node计算节点`/ H0 |/ f% R: F. Y) r7 I/ o& J
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
0 B( O# l3 A% s) L7 T root@openstack-controller1:~# apt install -y python3-openstackclient1 { V4 D; x J
`数据库节点`
z" q2 V! f4 |! S) [ root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
8 g3 a X: f2 R% O- c9 T root@openstack-controller1:~# apt install -y python3-openstackclient* D; u8 p- J) ^7 e4 c6 @0 X
1.4)数据库配置: ~* a! m6 I3 `' v: ^$ V
root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql
z k2 L- U; [& ~& h/ _ root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF; i$ D- E7 f$ B/ }7 f% [2 W6 m
[mysqld]
4 c/ S% U( U7 V3 q9 } bind-address = 192.168.139.332 Y8 u4 R F/ f
default-storage-engine = innodb& V. Y5 K1 a0 N) q
innodb_file_per_table = on( h9 g; R, H6 [7 y2 z% u
max_connections = 4096& ~6 _" o8 T( j6 ^5 _
collation-server = utf8_general_ci$ ~1 M/ |: C! u' T1 L: V; G
character-set-server = utf8
: g' W) u' ~ K+ u2 j. d. C# Y8 g EOF6 h+ |! F3 r5 Q' ?3 z4 F7 o4 R
root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb
$ {( U( l m7 @1.5)RabbitMQ配置
& W/ l2 f7 v1 B, F, ^3 K root@openstack-mysql:~# cat >> /etc/hosts << EOF! Y) A6 u: [7 Q) F$ @+ O
192.168.139.33 openstack-mysql.stangj.local openstack-mysql! N. G1 q3 ^+ ]7 T9 S5 u2 E
EOF8 E" y4 y( [+ w% z. g
root@openstack-mysql:~# apt install -y rabbitmq-server
1 Y- `2 v3 i* G root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service ( T4 N8 ]. D Z8 R k1 ]3 E& J( P* W
root@openstack-mysql:~# rabbitmqctl add_user openstack openstack123
+ Y" {0 |9 W' h Adding user "openstack" ...1 ~# p) _! _. T: m' s
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
' M! A _. O/ G- x6 f0 n4 b8 { root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*" 2 t7 R" d' K( V" `! f
Setting permissions for user "openstack" in vhost "/" ...
2 z! q7 E7 J! j" f" B8 H `查询插件`; B, o$ Q! f$ K3 S* l" E- R* ?
root@openstack-mysql:~# rabbitmq-plugins list0 P9 ~) g/ y2 Q6 k/ {& e
Listing plugins with pattern ".*" ...
- h" C* D7 i& n$ v; S6 T! T( q& D+ g: p Configured: E = explicitly enabled; e = implicitly enabled
' h% F3 W- ~6 a$ \! Y/ n$ Y | Status: * = running on rabbit@openstack-mysql
1 w$ T) O/ W, B |/
2 |# b( [' C: E) V% v3 Z [ ] rabbitmq_amqp1_0 3.9.27% K! K) x4 a+ z
[ ] rabbitmq_auth_backend_cache 3.9.27
/ T7 A- r2 j+ V- ` [ ] rabbitmq_auth_backend_http 3.9.27
: b! F+ Z/ P; t8 | [ ] rabbitmq_auth_backend_ldap 3.9.27
. D1 S+ b& Z7 t( a) Y K [ ] rabbitmq_auth_backend_oauth2 3.9.27
8 u% h* K# @$ g$ A5 F) }& ? [ ] rabbitmq_auth_mechanism_ssl 3.9.27; v; I6 T9 M3 a2 S
[ ] rabbitmq_consistent_hash_exchange 3.9.27
% }$ l+ N; x) ?8 @# B' D8 n' V [ ] rabbitmq_event_exchange 3.9.27( W5 K6 F6 A! r* n4 ^
[ ] rabbitmq_federation 3.9.27
8 I' l$ y% e5 Q& ^4 z0 ^% f [ ] rabbitmq_federation_management 3.9.27
# R0 E/ X, @3 G z3 z, C [ ] rabbitmq_jms_topic_exchange 3.9.27
% h8 B4 b3 J0 K/ {* H i. ~ [ ] rabbitmq_management 3.9.270 U6 T+ b6 q. i/ d# T+ [8 r
[ ] rabbitmq_management_agent 3.9.27
! v% v" K9 ?5 N' C% M" c' C [ ] rabbitmq_mqtt 3.9.27
4 S& o' _( s% u% W [ ] rabbitmq_peer_discovery_aws 3.9.27& F3 Z2 J9 o8 o$ d
[ ] rabbitmq_peer_discovery_common 3.9.275 [# X: j- \( M
[ ] rabbitmq_peer_discovery_consul 3.9.27
0 O& p. j: S7 | [ ] rabbitmq_peer_discovery_etcd 3.9.27
& l8 A# d6 Y6 c [ ] rabbitmq_peer_discovery_k8s 3.9.27
. |; B! ]) ~. c% n- ]% T) K [ ] rabbitmq_prometheus 3.9.27
; w r8 E0 }! O7 i, A [ ] rabbitmq_random_exchange 3.9.27
4 {. m: p) ~" ` [ ] rabbitmq_recent_history_exchange 3.9.274 g$ k4 p2 U' V
[ ] rabbitmq_sharding 3.9.272 T2 ?% r- j, e
[ ] rabbitmq_shovel 3.9.27
; P3 G+ {. {* u0 v+ I2 L [ ] rabbitmq_shovel_management 3.9.27; p8 v$ V" w9 i: ~" R. s
[ ] rabbitmq_stomp 3.9.27$ M- O5 @* z1 j3 \! g- |8 e! n
[ ] rabbitmq_stream 3.9.27
- v v8 `2 c2 }: o3 i [ ] rabbitmq_stream_management 3.9.27. n l) q# o5 X4 M
[ ] rabbitmq_top 3.9.27* l0 i4 o( P1 W. g$ Z
[ ] rabbitmq_tracing 3.9.27
% J5 R5 c5 s$ E [ ] rabbitmq_trust_store 3.9.27
0 k0 u, k# [3 O+ ~) ] [ ] rabbitmq_web_dispatch 3.9.27
# |" I) s2 s5 B [ ] rabbitmq_web_mqtt 3.9.27
# j; p5 R. n; V6 U& m5 R% o! S3 h [ ] rabbitmq_web_mqtt_examples 3.9.27
- \+ C! Q& C- m8 t& B [ ] rabbitmq_web_stomp 3.9.27
+ i$ B# x7 n H* {+ Z- K- r& O [ ] rabbitmq_web_stomp_examples 3.9.277 k Y" w+ N1 T R
`打开插件`* ]$ h- g+ Q3 s) }/ G! [2 V# Y
root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management
" H0 R- I L: R/ Y$ x
, X; ~/ q5 u j: z root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf
# J, o; }; v# M {9 q+ c+ a' t* R" ? loopback_users = none
; ]: |3 d$ I9 V' G root@openstack-mysql:~# systemctl restart rabbitmq-server.service
8 O0 l! \9 q2 w: K
6 W0 P" O1 S. H6 M访问 http://192.168.139.33:15672/% ^0 N% A/ A: o6 y! e5 e
: \: W* h5 O8 p' j+ K3 V
) H6 H0 A& B8 D$ d: I8 I4 `+ L/ ^$ d
1 b( x; q, A" t( P0 c3 o
1.6)配置memcached z% j4 a9 O" f% b5 z% y6 ~# T, d
root@openstack-mysql:~# apt install -y memcached python3-memcache
1 x4 s8 S9 f |. O' h! F! G& P root@openstack-controller1:~# apt install python3-memcache
( U: C: ^ e$ ?; Q6 e
7 n/ X& E6 l% z8 Z6 w) D$ l, a, @ root@openstack-mysql:~# vim /etc/memcached.conf 8 J' p. t, J. j4 I
# Specify which IP address to listen on. The default is to listen on all IP addresses' l: r2 `& B2 }
# This parameter is one of the only security measures that memcached has, so make sure# z: p1 F* A) d
# it's listening on a firewalled interface.
1 Z* A% \ {! N2 b$ [2 s -l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:
* T! U/ b k) X, Z1 v: } root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service" |1 s( a& [9 g& k3 X. A' r0 D+ J/ C
1.7)配置haproxy
$ U3 B4 p# T3 }8 n) U) J root@openstack-haproxy:~# apt install haproxy/ F U! {1 E4 `; B8 a, [7 c
root@openstack-haproxy:~# apt -y install keepalived
: ~3 B( G" v8 }4 p- `* Y( m+ Z `配置keepalived`
; S! y$ K" j, ^8 n2 C, T' s4 I! I% L! a6 u root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf $ T, j0 d5 S4 p( _& X: E
global_defs {
$ G: d& J0 K2 l, v B smtp_connect_timeout 30
* q/ p& p0 x: y! b& k) D( n5 K5 ` router_id LVS_DEVEL* q# w6 J4 c, n1 ?
vrrp_skip_check_adv_addr) U& s1 R$ L: w
vrrp_iptables: T9 g+ N E9 W2 o$ k p
vrrp_garp_interval 0* [: G6 L; O3 l( i0 r! N1 F. \, ?
vrrp_gna_interval 0
/ ]( N; T+ n$ b0 Q3 d6 X' H, T8 M }
1 d8 [ u' _. O/ }: Y 3 p( e. n& M+ Q/ r
vrrp_instance VI_1 {, q: x; {2 h7 f
state MASTER
1 e% a ^" R- E interface eth0* T( P: V0 K* x; a5 B
virtual_router_id 51
: D5 U! p. b O/ {( b priority 1000 X! n; }& _, z9 [: n% J( J6 y5 B
advert_int 1
% N, k# }8 d+ R7 i5 P, \ authentication {
/ l$ |4 H) ~! m: r) S% n/ A# a1 M auth_type PASS. }7 t7 U* c& t" K
auth_pass 11119 z5 x. H2 ^0 ^" P7 r3 B. m
}% I) h$ ?# c$ u5 t' N* h3 E$ M
virtual_ipaddress {+ k Y e3 ~* h- f+ g" L' `+ E9 X- `
192.168.139.248 dev eth0 label eth0:0. G# @# e; e9 N: @
}
3 [9 L8 C$ r, I6 ` }
/ I2 t, }* { h4 u; S root@openstack-haproxy:~# systemctl enable --now keepalived.service " L/ a( i3 R& J) p! x) T; }/ N
root@openstack-haproxy:~# systemctl restart keepalived.service
( f! O" p: \: N7 U) T9 n `配置haproxy`, W3 Z, z! F$ S9 V' J5 m
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 2 V6 b+ O. {8 t' Q/ t+ ]) y# ~2 z6 L$ V
# 把后面的frontend和backend模块配置全部删除
/ e* f: v7 Y0 Z, r8 m/ u # 最后一行添加1 B! o- y% A/ y( X+ ~/ H1 c* e, n' L
listen openstack-mysql-33062 Z R0 |# O9 x0 C: }+ Q( Y7 @$ G
bind 192.168.139.248:3306+ [9 P E6 H' c; v5 @
mode tcp
6 O9 H/ {1 D7 d4 L5 _) k server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5
. _' F6 ^! _. p/ G6 U/ _- a
; M# T |) ^( \7 u! F listen openstack-mq-5672
3 O- f( |5 D0 ~1 N bind 192.168.139.248:5672
& a7 v* z4 N+ v$ M& |$ f5 Y9 i mode tcp6 L. b3 N' f& v7 ?" g- c! q: r
server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 55 q, {# I7 a# u6 C
3 a2 T' J! z# r
listen openstack-memcached-11211
& o2 W$ @1 E' `0 N+ r' j# n. \ bind 192.168.139.248:11211
* L# ^' F" c4 ~3 Q6 i- i mode tcp2 l$ O) d4 v9 l
server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 53 c1 `, O9 K; ]! U% a8 y4 L
) E* j% W3 S; Y6 j
root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf
6 K; F# M7 ~0 [; O% z$ d0 h root@openstack-haproxy:~# sysctl -p
7 q6 I" g4 @/ ]2 Z% D) p root@openstack-haproxy:~# systemctl enable --now haproxy.service 0 ]' U4 e, u w2 P2 h5 J; u
root@openstack-haproxy:~# systemctl restart haproxy.service , E1 ?* H( O6 o5 ~- _/ w
root@openstack-haproxy:~# ss -tnl
$ F' e# B2 P4 A, f State Recv-Q Send-Q Local Address:Port Peer Address:Port& J, _1 Q9 p& j+ ~+ G% r8 m7 K- G: C
LISTEN 0 128 *:22 *:* 9 t$ u3 U% N Z( m) S. j2 V; c
LISTEN 0 100 127.0.0.1:25 *:* / h" z$ `6 Q$ h0 D" I
LISTEN 0 128 192.168.139.248:5672 *:*
6 ?' c$ f; R6 x LISTEN 0 128 192.168.139.248:3306 *:* , R) N6 r6 K4 }. M+ b/ i7 H4 T
LISTEN 0 128 192.168.139.248:11211 *:*
- H7 L/ }5 E* z8 K. A5 a LISTEN 0 128 [::]:22 [::]:* 8 Q3 H o, v9 @
LISTEN 0 100 [::1]:25 [::]:* ! P. `. k2 m6 V& \5 Q% q$ x8 S
验证
3 \/ V( r" d( I$ \4 F* a) J; p* ^ p/ u1 U; e9 U( a* M# y
root@openstack-controller1:~# telnet 192.168.139.248 3306
8 {& d0 w; f1 g0 S8 w* \3 f Trying 192.168.139.248...
7 N+ Y h, c! _8 j3 B/ X! p Connected to 192.168.139.248.
) D( [* a: g3 i/ C$ {$ e8 L' P7 _& j Escape character is '^]'.' v3 w J) g! s
" |/ Y! c6 P& T' {) }/ I
root@openstack-controller1:~# telnet 192.168.139.248 56726 P- m& D3 N9 e: N& V! K1 L
Trying 192.168.139.248...
: M! Q8 Z$ b/ Q6 F/ g Connected to 192.168.139.248.
7 S4 Q: `4 n+ A Escape character is '^]'.
$ @) G# b1 j6 a9 ^: t& p 3 E8 H$ b3 q) n( s) x+ L6 F
root@openstack-controller1:~# telnet 192.168.139.248 112111 Y; Y M" j* B4 x
Trying 192.168.139.248.../ Y. O+ \( ~3 t1 C
Connected to 192.168.139.248.
/ {6 s' u* ~) q" E& Y Escape character is '^]'.- N' @- Z' T& @+ W# D I: u' Z
2)安装keystone
: x6 b! }6 N Y/ q# \6 B* F2.1)创建keystone数据库
, O0 _9 d. A5 p% K6 J! b root@openstack-mysql:~# mysql
! @: o5 n% t" R, d MariaDB [(none)]> CREATE DATABASE keystone;2 u) J% f1 y3 f* _
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';* x9 ]8 l9 ]* y& H6 U; ?. v( x$ t0 b
`controller节点验证`
* K3 n+ @7 R- L1 Q& E% [ root@openstack-controller1:~# apt install -y mariadb-server
+ l. f- d- D8 W. ^4 N$ i root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone1231 R& e3 S1 ~* e; `3 Z
Welcome to the MariaDB monitor. Commands end with ; or \g.! e, X! ?& X* m, ?5 F! R, N
Your MariaDB connection id is 35
( G. ~$ a3 F2 { Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
/ M1 ?2 @5 ? Y( |2 R G/ X" w
. e# v+ T' y: V7 Z Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
; [- C2 c. P) ~( ~3 z . u. J, u2 E; X' D1 E
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
, e- s: b$ `( v( P $ ~% X) F i% ]' E& r' A
MariaDB [(none)]>
+ ^! W: d# v" n# u- j# E, I root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123
0 E) y8 f6 [2 p6 d' {, G& s. b+ J Welcome to the MariaDB monitor. Commands end with ; or \g.
" i) _5 S% o9 c/ ?6 p Your MariaDB connection id is 360 a9 N) N3 A7 d) H) @3 @1 @$ O
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
. ]" U# A# o' s4 Q) u
1 x9 ^& X$ P* l3 T7 k4 `) O" y+ U Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.8 {) {6 l6 L/ r& A5 i$ T9 m6 Y7 f7 j$ x' e
' m' q9 C; A* z! q
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.: ^) x9 g9 ~, L8 H; P
& f. P, `& M7 o. U& V) a
MariaDB [(none)]>
2 Q1 n' W4 t! C3 U* [3 `2.2)下载配置keystone
' ]- N. L& D2 \2 L* J+ E) z root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py3
1 C) F* o% g2 ^# C `添加vip的域名解析`. v/ t" M8 K! K, b; Y" ^5 G
root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts2 g( ~2 ?" F3 u- Z
`修改配置`
5 ?$ Z: A) u5 }* z root@openstack-controller1:~# vim /etc/keystone/keystone.conf. |- e4 \" J0 w$ A
[database] # 在这个模块下面添加下面这一行信息
4 E2 [4 t e$ a5 p connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone. E5 ?& i$ F& B9 U) `
[token] # 在这个模块下面添加下面这一行信息
; j f6 X, g1 w. ~( b1 [ rovider = fernet
% k& Q# C# ?+ T2.3)初始化keystone数据库
/ K% R2 J% x1 [- I) z/ r& b9 Z" P( w root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
; c4 x( o4 D$ Z5 i( N! h3 ^ `验证是否初始化成功`. c4 {$ j3 |9 l/ h* k* E
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables"1 @/ n j! s& O# g( B4 E6 Z
+------------------------------------+5 V' z6 H0 r1 `
| Tables_in_keystone |3 t9 X1 p2 E/ n8 n! Q: [ o
+------------------------------------+9 _0 X' _0 g6 f
| access_rule |) Q! e+ f2 U: ~2 i u
| access_token |% `/ {4 ^; B. ~
| application_credential |
" k& ]7 N+ R% R | application_credential_access_rule |1 I0 p0 l5 {+ A1 W" T
| application_credential_role |
% M/ h# n3 r) w, o2 _, N | assignment |
7 d# w, g6 e# r1 ?: |+ ? | config_register |
6 t2 t% i: ] _: }/ Y _0 t ......................................8 K% T$ x) V) ?* W: C& g: Q# a M
......................................2 w8 T) i& P! @/ Z/ x }
| user_group_membership |
' S3 j7 }2 r; }6 I | user_option |
% X( }& K) c D7 q | whitelisted_config | R) G7 {+ F: v4 I% H- X1 K
+------------------------------------+
n) I% F( p4 X$ l0 C3 B; K- X - h2 A9 x @) o) @: r- t! n! v' J
2.4)初始化 Fernet 密钥存储库0 h. l6 }9 i1 l5 `2 M" Y( ]
root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone( P# H+ s# G/ R/ |( j+ E( K% ^. b
root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone& ^" \6 S0 L0 ?4 ]
2.5)引导身份服务
& N9 A2 ^% H0 N( y6 A root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
9 H* H/ o1 S4 a# L4 }: {! R" x; b # 在最后一行添加下面4行内容
7 y, [9 M8 W- r6 M4 f5 A4 F listen openstack-keystone-5000
7 s; Y; o- @2 H# V1 [ bind 192.168.139.248:5000; j# C) B+ j6 `6 ?- T4 Z
mode tcp3 k8 Z W/ s# A% @, e6 j; w, X: j0 A
server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5
2 N' i# u3 [% I3 ~; A root@openstack-haproxy:~# systemctl restart haproxy.service
- I7 Z# y+ ?1 I5 M, R+ y- w # 设置,密码为admin% F* P& l+ ?2 _
root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \! J2 K) P5 s. x4 Q
--bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \
' u+ D9 M, f- d! x --bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \/ G) P- M: }# I6 ]4 o( e
--bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \
& @' O! t8 @& q. f/ x --bootstrap-region-id RegionOne
3 _ \/ S. a) e9 B! U( w; ` `验证`
8 T$ z6 ~' r0 h! V: R2 k [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service"
5 k7 I r ?/ d o: }2 N" J +----------------------------------+----------+---------+----------------------+1 P" v0 K/ s/ }0 w9 u( g
| id | type | enabled | extra |
2 U* `# K# j2 f5 D +----------------------------------+----------+---------+----------------------+
- r& y% p5 s5 S! \) V | 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |
# S" v p) g( d0 ]5 L. G7 z +----------------------------------+----------+---------+----------------------+7 D# y( ~6 E7 o# f! e: S4 D, E
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "
" l& N9 d$ h% A+ g0 U +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+0 e# S+ O' w( I0 Y( Y/ x
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |. Z2 d1 h# _- s6 Q2 J4 a
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
* z+ h7 O% _5 j; C O- P | 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
$ H( @- o, P+ o' { | ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |* m8 Q! G# C0 u* R; J- z% B
| def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
) Y1 l' b9 b n# ]# Z) T +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+6 \! v% i" X% n
2.6)配置Apache HTTP 服务器
' {# b( ^( S, w. \2 A root@openstack-controller1:~# vim /etc/apache2/apache2.conf
2 _7 I, S) v) g! i+ p$ T9 l ... # 找空位置添加
, l5 C: N( n6 [1 a: V# J ServerName 192.168.139.31:80+ y% n% U8 k# u9 ]/ Q8 D- W1 F
root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart/ C+ g: A2 {7 v
`验证服务`
" J; g& E7 X* d: I1 c root@openstack-controller1:~# curl 192.168.139.31:5000
1 b, Y0 @$ [% l, I w* B {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}
* `/ n- W# Z. S% Z1 d, q root@openstack-controller1:~# curl 192.168.139.248:5000" U4 g9 u- [3 F# e
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}; v: A# S. V& }7 {$ o2 Y F
root@openstack-controller1:~# curl openstack-vip.stangj.local:50004 S" ^/ Y7 [ U/ B6 Y
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}4 z7 x6 r& L) l4 }
2.7)配置环境变量来配置管理帐户
`/ _. S$ A& X( `0 L5 s root@openstack-controller1:~# cat > admin.sh <<EOF
- I* p/ Z- j/ c: p- J export OS_USERNAME=admin; q2 y1 V4 s3 Q5 B
export OS_PASSWORD=admin
6 g* ]3 |1 O) ~! J' f! F& [3 G U export OS_PROJECT_NAME=admin
# s0 E& ]3 V% K$ q export OS_PROJECT_NAME=admin
0 G4 |% E4 F, N. t: v export OS_USER_DOMAIN_NAME=Default
8 c/ a5 H0 }' f& b+ ?6 e4 {& L export OS_PROJECT_DOMAIN_NAME=Default. q! k# L) C8 \- _$ h0 Q
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3* z/ c& h4 q, \- f1 ]+ b1 m. B- `
export OS_IDENTITY_API_VERSION=3
; j+ X- l4 R4 X5 @9 N+ h6 Q9 K EOF
& O& B$ T& Z" e( O; D `生效配置`& G! d7 M2 C* b+ h0 A8 i/ z( H
root@openstack-controller1:~# source admin.sh: }9 v# k$ D6 j) t3 g' A8 K
`验证服务`
* X# w8 F/ f8 ^: @& _1 s4 H; p2 t; X root@openstack-controller1:~# openstack user list
" z5 z, j% L( C; u2 h. J +----------------------------------+-------+
2 S4 Q5 D f* ~* ` | ID | Name |
" O/ z; ^8 e8 {" Q5 J +----------------------------------+-------+
2 M7 b, U- ^/ f( a3 k2 ` | 5c4b6243d95742799de0fc97ef119967 | admin |0 F) L( ]" y. W* g9 o
+----------------------------------+-------+7 i; s1 O; G8 Y# p
2.8)创建域、项目、用户和角色" n$ n1 Q* g0 \
`创建域`7 M' B" I! j+ W. @
root@openstack-controller1:~# openstack domain create --description "An Example Domain" example2 I, \/ a6 G: r
# [root@openstack-controller1 ~]# openstack domain list% R1 A: r' p8 [* ~
+-------------+----------------------------------+
! P3 H9 H% \0 {7 U# u | Field | Value |
1 V6 l# L$ z9 [1 }! ?" K +-------------+----------------------------------+
, d2 k: I( {. W/ m | description | An Example Domain |
" I/ M% K s6 Q | enabled | True |
. i2 r. z4 ]# S, Q | id | 7233934db37f4e839da0bbc62bdebdf5 |1 d* u- k7 n, {( a
| name | example |
" Q; F( f8 H+ o$ q$ b | options | {} |$ Q4 n3 D/ l X3 ?8 `
| tags | [] |
, a0 M. l: J5 i1 _/ X, r +-------------+----------------------------------+
8 s3 S0 \( Q( Y# M* r3 G/ f `创建项目`# y: R! r5 [) z, _
root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service& C# {* _( S: }- y( [! m7 K
# [root@openstack-controller1 ~]# openstack project list8 c/ w( j; _: X; b6 P
+-------------+----------------------------------+5 Q) i8 p( s( N9 H
| Field | Value |+ D. b" p1 `+ p, X6 U
+-------------+----------------------------------+
' a/ Z/ q/ M# S; ` | description | Service Project |
; S* \9 Q7 T: v) {* F, Z | domain_id | default |% M0 D" Z* y7 h2 M: h
| enabled | True |
& h3 S T1 v' U | id | 024872cab1fb4329997f4bb552cc7439 |
) s5 Z1 h" _% b$ j3 e | is_domain | False |
7 K: P1 q& \6 Z0 _3 S5 [ | name | service |
6 b- r% O$ l: B% @* `- F | options | {} |
2 z9 R5 m% O/ P$ R/ u& u$ t4 m: d4 P | parent_id | default |0 e( l, E6 L4 Z- `& J
| tags | [] | u( {+ K) a. x" ~1 P
+-------------+----------------------------------+0 {+ i( R3 W, ^2 o
`在default域-创建项目:myproject`
/ z$ e0 P4 v+ C root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject% T6 A j# v6 P* `1 D( G
+-------------+----------------------------------+
2 t+ B: m9 ^6 n0 D" ^0 G | Field | Value |
7 x7 @ }, H- f4 S" W" x +-------------+----------------------------------+
- a; w1 G! u9 s# E7 }, l) F# ]# Z | description | Demo Project |! t, y! Z/ j9 y* V
| domain_id | default |: j7 c0 G; n1 @
| enabled | True |- K& n5 V: R7 |8 N( e# O! Y
| id | 35e14efc4bb64fd18ab58ab793881459 |( B$ H" Q. M- p! d; K% y8 Q4 s2 `
| is_domain | False | G7 S! ^3 j; X( J$ K1 ^7 l
| name | myproject |8 W$ P2 `+ P, l
| options | {} |( f7 h+ l2 k1 |0 p; m
| parent_id | default |
* p6 w+ M) ^9 {" Q" o `+ \: ] | tags | [] |* P, z; R2 @' \" `2 q* _
+-------------+----------------------------------+
9 ?8 r, t2 M/ s3 l+ n N `创建用户:myuser`1 M4 F8 U# S/ x5 h
root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser. X% D& z; u+ O( Q
User Password: # myuser
: F9 W3 Y5 y+ g! J9 t% }. ] Repeat User Password:# myuser: f. l2 @1 R7 C/ \$ F h* h! }
+---------------------+----------------------------------+
2 o K0 U! n* E k0 ?) } | Field | Value |, ~/ |) t$ v7 T( f3 ?- l7 q+ g
+---------------------+----------------------------------+
0 Z2 \% {- o! Q" v) d( h | domain_id | default |
d8 d: u# m( }, v6 Z4 H0 R | enabled | True |
" G4 S$ u9 z# m4 c4 `, [ | id | f40449a65bcf491aaf44cc4f8e09f3fa |
) @# X, ?7 l6 g7 o/ a) c% ?: L | name | myuser |+ f' u' r, S& Q {# k! o: b! w
| options | {} |* [: S* T& J/ W* V! {& p5 t
| password_expires_at | None |/ S0 j7 B! k' a
+---------------------+----------------------------------+
5 |0 `, ]" A- `6 Y' q9 M1 i& G9 D `创建角色:myrole`" @, v4 c y9 A/ e6 v6 U5 S
root@openstack-controller1:~# openstack role create myrole2 T( y( S7 j, Q( @. z
+-------------+----------------------------------+$ T4 |( \* u, V7 e9 _ _1 Z& |
| Field | Value |
- e. Z& ]* g; j$ K0 c +-------------+----------------------------------+
# ?6 @ T* V6 g8 S8 V2 E8 V9 c* J | description | None |" u# i1 W- {. U9 q# @
| domain_id | None |
7 ^5 J/ A) \) ?9 ^ | id | b1cf825f18194c858ba735c3a873e87b |# a! B% y E- j+ j6 p- |$ z
| name | myrole |
0 s* [+ g7 E, @, h. V. i" \ | options | {} |0 O$ {! E) W7 f" E, Z
+-------------+----------------------------------+, m3 I) J5 s" O }# }
`将角色添加到项目和用户:myrole/myproject/myuser`3 \ T" \$ h% g+ e% p
root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole4 a/ x; h# t( {. [
2.9)验证操作/ O# u) Z" f5 |" {# x
root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD( w4 E: I8 a l1 k% X# A4 W, B
`获取admin的token信息`
& `7 W7 o, @ {* m root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue0 l, H; U+ M' H. d
- U4 Y5 P3 w5 s" i3 {
Password: # admin
7 O" H' t" h# d +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+$ k$ @: X/ R+ S- N% O& L" E, N$ V" q5 S
| Field | Value |
- X8 B1 y( ~% G. w$ e$ Y +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
% }9 t! P. e5 \3 ]9 w2 \ b3 R/ g! U6 g | expires | 2024-12-07T12:25:41+0000 |
( A2 P7 E6 \: l. d' S$ k. H* _8 s | id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |5 o* D4 j7 f& n" t5 N4 j/ j0 b
| project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |
3 f: } j" V3 o/ w9 c/ B | user_id | 5c4b6243d95742799de0fc97ef119967 |
* Y/ w& a6 ?& [9 k: t* U +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7 H0 m) B- }6 c7 u `获取myuser的token信息`
7 p! [* P$ O( `9 _9 `* s% K2 h' i: p root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
+ k7 s" V2 n' I( B Password: # myuser+ L: g9 B- [3 c# F0 G* p- B8 I
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+5 V4 y+ G$ k8 B0 M' X8 ?2 V
| Field | Value |: j+ H2 W; L; Y* d( C
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+# ^1 l5 Z/ ], a9 O) G5 H8 Z0 |
| expires | 2024-12-07T12:25:41+0000 |
1 o9 y+ S6 p( g* @; o4 H | id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |4 l6 ^; K$ m! f3 k
| project_id | 35e14efc4bb64fd18ab58ab793881459 |
, c9 t$ \2 j% ~( C7 u | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |# f0 ]' q) ]- T- y$ t
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+5 @: }) q( P: L2 a
2.10)新增配置环境变量来配置管理帐户
- k* \4 ] @0 [* d' e+ c' ^. j# x! _ root@openstack-controller1:~# cat > admin.sh <<EOF* H0 m! X y2 b+ ]
export OS_PROJECT_DOMAIN_NAME=Default
) w- ~0 m& B& D+ L% { a export OS_USER_DOMAIN_NAME=Default
8 {3 z2 c4 i \1 u. j6 {% @ export OS_PROJECT_NAME=admin
8 d- k: ]$ `5 D9 b% m export OS_USERNAME=admin
, ^. a4 A3 D/ f) E1 |! _# ~ export OS_PASSWORD=admin. ?+ b! `8 k8 R: k! D
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
) m( f. H& |1 w+ n export OS_IDENTITY_API_VERSION=3. X2 {) K9 c" O' Z) F% A! f
export OS_IMAGE_API_VERSION=2) H( H# _5 B+ }7 y) k
EOF2 k5 j: Q% p. W9 n
root@openstack-controller1:~# source admin.sh
7 ]% s0 ~: [) ?% ~. v! Y8 A `验证`
. Z1 r& g, \8 j3 c- E+ ^ root@openstack-controller1:~# openstack token issue8 U( d/ B# l6 {( e4 _8 K3 l B6 ?) W
+------------+--------------------------------------------------------------------------------------------------------------+
( P' F4 G! w! G% w: g# u | Field | Value |
; O; C$ ]' t3 Q: B% o +------------+--------------------------------------------------------------------------------------------------------------+0 `$ u! M1 i" n) M, A& X
| expires | 2024-12-07T12:25:41+0000 |
6 g% ~3 P ?3 S | id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |% k, F( f: X" P: i
| | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |6 h u# K: _; z* F) T
| | qj3vDQYbVyFBbnIY |9 T6 P- z( y; _! ~6 g) A
| project_id | 96bbc0e66a5246fdaf29843498ef49a1 |
t) o& Y$ S7 {5 t6 q& N | user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |
6 e6 y9 }8 Y" Y +------------+--------------------------------------------------------------------------------------------------------------* ^+ o- U6 J; C( }0 l
' G6 d" q3 \% {! x; [1 q
`创建普通变量环境`
$ {3 Q: w( u% |# e root@openstack-controller1:~# vim demo.sh
. o# \0 Z. W9 u; y export OS_PROJECT_DOMAIN_NAME=Default( C" L: T; B5 e
export OS_USER_DOMAIN_NAME=Default
: {. v) D( z9 q# S2 W: M, h8 ] export OS_PROJECT_NAME=myproject/ k4 G; Z* `2 T* l- K' \
export OS_USERNAME=myuser8 G4 L) E9 I( a$ W+ M
export OS_PASSWORD=myuser
4 O6 m( v% ]! } s, X# ] export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3* J& Q$ e3 S- A/ U9 r
export OS_IDENTITY_API_VERSION=3 O7 |7 i/ _. x) K7 U
export OS_IMAGE_API_VERSION=2
4 j! D' c6 o- _ root@openstack-controller1:~# source demo.sh ! q- m5 V7 h. e; O2 B8 ?
`验证`, h0 u4 K; ^# U- x: Z' A
root@openstack-controller1:~# openstack token issue
* M* \+ d" |, x' n +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+; m9 E7 L. s4 E9 u. ]
| Field | Value |
( K$ Q$ }% s- w- E1 H +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+$ k3 D0 G( @! ?
| expires | 2023-12-14T14:26:22+0000 |, o0 ~$ Q1 u8 ?
| id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |
$ k/ k0 q1 }& n# c7 [& s% c | project_id | 35e14efc4bb64fd18ab58ab793881459 |1 u! B$ Z( ^# ~; L
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
- n: |- d5 e5 c0 t +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
5 U8 T, @2 U2 G2 N3)安装glance! ^ Z" I" y7 [' f
3.1)存储准备工作: {, z0 J8 }) I4 r& j& e, I; R, I4 s7 [
# 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs7 x4 r: W N$ h- L6 _7 T# |9 e R
root@openstack-haproxy:~# mkdir /data/glance -p# K5 f# x$ N. o( E7 X: [
root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y% C8 i0 Q# I6 \0 n) Y
, P# {5 V: [' g$ P
root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports - k2 V: y9 g* D, B' Q, ^
root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server
! w# |, h n5 w0 \. n root@openstack-haproxy:~# systemctl restart nfs-kernel-server
# y9 H: u i8 k+ R# n7 ]" ~* Y8 T3.2)创建glance数据库9 D( I m$ i. W5 A
root@openstack-mysql:~# mysql" W6 h% U- A$ [
MariaDB [(none)]> CREATE DATABASE glance;
: E. q" ]& A' M/ e MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';, @ M2 w' U- q
[root@openstack-controller1 ~]# source admin.sh
6 u, B0 x0 ?8 n `创建glance账号`2 B- d2 ?/ ]5 U$ n( @6 }
[root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance
+ Q9 W% v3 @, V$ j% B User Password: # glance
2 s# J9 H# o5 v8 s6 }' d; H- h) W Repeat User Password: # glance
0 N3 H- V! N# W0 \+ v( S! Z( Q3 } +---------------------+----------------------------------+
5 ]: U! A' W! |; A4 R/ O/ u | Field | Value |
" U+ M8 v6 m9 y v7 E +---------------------+----------------------------------+
' p% S6 W+ ]! o. N! r3 f" g | domain_id | default |' W% w9 b- L& E" Z ^( {+ v
| enabled | True |9 B e) D: V% ]. h/ ^
| id | 34a900b8a67f40439804c830cd5957da |
& ?8 D7 w4 T$ l0 s$ Z/ a; Z | name | glance |( o P, a& i, j2 C( N: U
| options | {} |
& m( w7 ^. V& I: T | password_expires_at | None |
% E1 O* ]/ N. g7 } +---------------------+----------------------------------+
6 h% ^% r2 K6 \- l2 [9 h `将角色添加到用户和项目:admin/glance/service`
& b+ j/ Q5 e, K$ i5 d # 让glance拥有service项目的admin权限
8 J2 A* B. t+ z3 f root@openstack-controller1:~# openstack role add --project service --user glance admin
# h) B4 M) v# C4 y! V' x% J root@openstack-controller1:~# openstack service list
) }# n! B4 e" l+ f: d +----------------------------------+----------+----------+ y' Q5 F: n9 j9 p( A8 [
| ID | Name | Type |( x. o1 P4 {( P; D
+----------------------------------+----------+----------+
: @' g. Q) N2 S4 b. H | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
3 J Y. U, l3 k/ r) d3 ~( s+ C +----------------------------------+----------+----------+/ U' x8 _( h! e
3.3)创建服务实体glance
! s1 N# g5 J8 q! D) N5 t, p root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image2 q- N; ~2 _8 l7 i* X' Q9 @- x
+-------------+----------------------------------+: d( V. I1 m2 m. }$ E- |
| Field | Value |
! T+ t2 D- V) R4 Q G8 l +-------------+----------------------------------+0 N+ j/ r; V6 | l
| description | OpenStack Image |% V& z/ M; t8 ]3 }
| enabled | True |4 i5 r8 x$ ~# r3 j# v
| id | e53a2bd43aaf48f1840064e9cb594293 |9 g; C8 X# Q2 l" t
| name | glance |! k# D0 v1 X3 j E
| type | image |0 y0 v5 d6 `5 J: T( [. e/ [% n; e
+-------------+----------------------------------+
, y& X. Q2 r" D- D: n root@openstack-controller1:~# openstack service list
- v' }- ~! z1 d! L7 L# l/ G- Y +----------------------------------+----------+----------+' m/ q0 Z& V, R7 m% P5 l# [8 w
| ID | Name | Type |
! M B% b' ^% H% U" Q +----------------------------------+----------+----------+
0 F; ]( z- Y% W* n" E; C9 m | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
3 Y3 \ v1 f% g( }1 V- |! \; p | e53a2bd43aaf48f1840064e9cb594293 | glance | image |% a: v) l7 N4 z+ I4 K0 R
+----------------------------------+----------+----------+
! B2 L& M* S- n: P& s( W1 x% x$ T3.4)创建Image 服务 API 端点:
, t% G( F" Y9 h7 f E, G2 Z c- P root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:9292
3 v, v+ h5 i; Q% k0 N# a +--------------+----------------------------------------+
* N' D# z2 |+ @7 g0 g1 F# T9 R | Field | Value |
. h. v) V& Z/ [9 Q3 Z +--------------+----------------------------------------+
Y5 M+ S) a* z% \$ t _1 C9 H | enabled | True |
1 B J* o& P+ `8 f8 N2 a | id | 3fc61c0f302d41359da99b80ca32853f |& S9 j- ^9 `- V9 a
| interface | public |0 G: ]2 T! a# i. k, B. d, p
| region | RegionOne |
& b2 K* h5 P7 g# m | region_id | RegionOne |# T" N, Q2 W8 D9 L6 y8 P
| service_id | e53a2bd43aaf48f1840064e9cb594293 |8 K: p# ]4 s2 A- Z) J; q- L0 ?
| service_name | glance |
$ \5 A- ~% k& U" N+ L+ ^6 v, B | service_type | image |
3 x: z5 f; o7 G$ ? d | url | http://openstack-vip.stangj.local:9292 |' ^$ U0 U4 ~/ Y& }6 A8 r! W
+--------------+----------------------------------------+, Z- ~+ V) i4 R4 ^5 L, a; k
root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:9292) o* V- m& ^! n) e& J4 f$ H
+--------------+----------------------------------------+
6 R; j4 j& e, t. j | Field | Value |
$ w# g4 R- U3 }# i' h7 q) R1 C +--------------+----------------------------------------+$ p. e7 v" I( v0 \/ @& S) v
| enabled | True |( M# E2 }1 I2 _) j. R& B
| id | 671f3dd8ddd643d08b922df0f9c7f4d8 |
- R0 Q! Y. a' F | interface | internal |
% ~, C' x6 v* e6 Z' l/ Q( B | region | RegionOne |
/ L9 j* i! R6 O8 T8 G8 c | region_id | RegionOne |
5 a. K! V& j H; @0 O9 U | service_id | e53a2bd43aaf48f1840064e9cb594293 |6 O. M8 I4 B0 P" n) I8 Q* W: T- Y% f
| service_name | glance |+ f4 K) B$ o8 y) ~5 t) n4 h" B. z
| service_type | image |- m4 N5 g7 s# \& V _# R8 g% `) o
| url | http://openstack-vip.stangj.local:9292 |
' ^9 Y+ a( Q5 |3 Z; d +--------------+----------------------------------------+) ^. T- d/ H. _+ K
root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:92922 W$ v3 _* `" {' [& {2 \# W6 a
+--------------+----------------------------------------+
$ h. N& ~9 {5 T) r1 z( m | Field | Value |
: ^/ L% y4 ~/ j) H7 o! `# }5 g% I +--------------+----------------------------------------+! }! T6 d; I+ U2 X6 f, e6 A1 t4 q
| enabled | True |
$ [: y! M! a6 h2 Y3 P1 ~' ]6 z. q& G | id | afea7ab2f5914bcca88f088957f6144f |* r0 d' a. T* t3 R& G# V/ z9 P
| interface | admin |. r* o5 j U$ T1 y
| region | RegionOne |
7 ]3 b% C& ]3 W9 L4 Z/ C8 ] | region_id | RegionOne |7 ]5 o3 A7 m7 s$ I& b
| service_id | e53a2bd43aaf48f1840064e9cb594293 |
& B! ?4 M q! H1 h | service_name | glance |
) `! }+ F1 I/ T | service_type | image |; V6 s0 N# ]+ @: l4 [* u% f
| url | http://openstack-vip.stangj.local:9292 |5 a* _6 k; C3 [
+--------------+----------------------------------------+
5 _% e) A6 R* C/ r" S3.5)配置haporxy代理
r% r6 X% e( m: e root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
/ O2 z8 |; ?" C4 \$ O* ^ # 最后一行加入下面4行信息8 ?0 G X# N H" `- e
listen openstack-glance-9292( ~+ g3 a8 t, Q9 }% }5 P& X: ?4 a
bind 192.168.139.248:9292& A, s* F% q" |5 z% F/ G
mode tcp8 i7 W8 o) y9 B3 Y& o
server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 5
9 M6 l( T& w! ^ \( P0 l: i9 I: p+ q root@openstack-haproxy:~# systemctl restart haproxy.service
. \2 m- g7 ]0 l B( ` root@openstack-haproxy:~# ss -tnl | grep 92929 j* R2 Z) b) y% B
LISTEN 0 128 192.168.139.248:9292 *:* 8 r, s( L$ C' ~: |
3.6)部署glance服务. Y- l& j5 i9 ]. Z3 [# y
root@openstack-controller1:~# apt install -y glance8 E! x7 l# G/ T7 y& R& ~0 W' \
3.7)配置glance服务( l3 A# ?% l. F8 \, c
root@openstack-controller1:~# vim /etc/glance/glance-api.conf
* n3 V; ~. K8 A9 K/ E u [database] # 在这个模块下面添加下面这一行信息
7 P h" }, l- _8 ^+ T connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance
3 Q6 C9 ?; Y w( V/ V; ? & @& U2 B; b/ m* W; o+ _! l
[keystone_authtoken] # 在这个模块下面添加下面这9行信息
* H8 U# H6 q9 d& f/ z www_authenticate_uri = http://openstack-vip.stangj.local:5000' M, R* Y9 l: G w1 `/ E/ }- f
auth_url = http://openstack-vip.stangj.local:5000
/ X! y4 V9 d y8 a4 ~8 N: E- T! D3 t: } memcached_servers = openstack-vip.stangj.local:11211
5 v% N* R& h7 E2 y$ x% l auth_type = password1 k* D$ u0 x' L) @( Z) [* s. e
project_domain_name = Default- o* {7 v, a2 a* r! P/ h- Y- w
user_domain_name = Default
1 }; a3 E! @% m, x project_name = service
! y; f( S! y" K/ N( X! K1 s" a3 i0 r username = glance* A: B' |! W( n; ]7 F
password = glance8 j, U# o( W. X
5 o1 w7 Q2 R' c8 X( J6 I* G [paste_deploy] # 在这个模块下面添加下面这一行信息
2 H W$ Z0 O7 j8 w0 [3 O1 ~ flavor = keystone& @( a4 k1 o5 j7 @" s4 s$ C
- h- V- ~( D2 E5 ~! k8 j [DEFAULT] # 在这个模块下面添加下面这一行信息* N! G0 v, F' N6 y( T
enabled_backends=fs:file
& R) V) d7 P. T: `
' y% @9 o4 z% O9 O$ E [glance_store] # 在这个模块下面添加下面这3行信息1 U* s! y1 S6 K$ y* x1 g/ n! E1 ~
default_backend = fs
4 }3 Q2 q# q( z6 M. @% V1 ? [fs]
6 H" ]/ K8 i5 J, \6 @; k$ X7 M filesystem_store_datadir = /var/lib/glance/images/
) `5 w+ m9 p- A) f' n $ G; [ V" {' S
2 Z* R& V3 T9 B% k
`确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`+ i- Y% s) F% I
root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader3 D2 ]& k% T/ y! Y0 @- N0 u
3.8)初始化glance数据库: k6 f+ e4 f; E1 C
root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance- o! | @, d2 s6 E+ o
`验证`) @5 J+ V( l3 v: q& _) b' O
root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables" |6 }' h. D% |0 Y
+----------------------------------+
* g E# ?2 _# i) K | Tables_in_glance |# c- H* A0 t; q* W7 n
+----------------------------------+2 q. o9 |' D g, v" G
| alembic_version |
0 r# }! u" g9 I; T | image_locations |
% f7 F* r7 e3 H | image_members |
( Q" Q/ K6 z. R; H) U9 G% E | image_properties |, w* \! r( C% @" W2 C2 c+ Z+ n
| image_tags |
$ t6 h5 v* u. Y3 u. U* d G | images |, C1 {$ |0 j4 b# z7 x
| metadef_namespace_resource_types |- x% ]) v% L# m5 l$ Y, [, M( _
| metadef_namespaces |
0 t8 F% x: H4 ]3 v | metadef_objects |
, D6 y4 M& |3 Z: @) G% ]2 x! y | metadef_properties |0 j4 A e9 f0 Y( i5 ]
| metadef_resource_types |8 d6 Y5 o! E l Q0 M; @
| metadef_tags |
8 Z# V8 }' Z6 r0 R% g& E | migrate_version |
) v3 }) K1 L0 N | task_info |
) U6 x; s C$ F; c- L/ p | tasks |
' P7 [) e6 o1 { +----------------------------------+
2 p2 F7 L) b9 U! P3.9)启动glance服务
6 h# j2 J3 s# ? u) c root@openstack-controller1:~# systemctl enable --now glance-api
8 n6 D% t# g n% G$ R" @ root@openstack-controller1:~# systemctl restart --now glance-api
$ w8 ~" l/ s6 p8 b* H root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log
8 `9 s7 p, D V8 W 2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:9292
4 E/ G& h s% M8 c9 W1 Z" S6 M 2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel' f/ [; C' x* ], V5 o
2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.9 n5 W3 b3 o! O( A( I/ `
2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.
+ H- |) `" B# e( w 2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.2 h$ ?% x' ?+ R! c6 w$ S7 ]
2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers
" `: m c) W) M8 u7 R 2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 11724
" V2 x+ E" K$ [ 2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:9292" a* r9 @1 ?, A1 Y1 }( ?
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 11725
( b, o$ b! l0 j4 K- {/ e 2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:92920 g; Z8 o5 J& \% e
3.10)挂存储
. Q) k7 |1 O* n. T% P# P- a root@openstack-controller1:~# systemctl stop glance-api 5 p) Z: b+ o7 I% ~9 Q k
root@openstack-controller1:~# showmount -e 192.168.139.36
! z7 W/ A1 y* C" Z; l+ O5 S1 l1 A Export list for 192.168.139.36:4 r$ t6 P" B' c8 |! Z( C8 v# D6 }
/data/glance *0 A* i& z. }$ N
root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images
, M) }6 A2 N' }/ e- ]1 s root@openstack-controller1:~# vim /etc/fstab : J0 n3 M% c( O" Q2 Z
# 最后一行添加下面这一行内容
; P1 J* o S& Z- r# c4 b: f 192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 0& k5 Y& s, | ?9 B3 }2 j
root@openstack-controller1:~# mount -a! k/ }8 V9 G9 Z& t# J' `
root@openstack-controller1:~# id glance
- y7 l' x" r) j, x! P/ \( O2 W5 c uid=64062(glance) gid=64062(glance) groups=64062(glance)/ a, H5 K. L% R: H0 ]+ X) \& @
root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images/
5 I; P9 G O8 K# f9 C root@openstack-controller1:~# ll -d /var/lib/glance/images/1 I! K9 v1 V, R/ v
drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/+ Y5 V( n6 G, P7 B6 e7 q
root@openstack-haproxy:~# ll -d /data/glance/
7 U' X6 i# X* q drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/' v* P) |5 N9 F. _* u0 B
`启动服务`
) T' u4 i4 J$ v. ~2 U. Z2 p7 @4 F9 x [root@openstack-controller1 ~]# systemctl start glance-api , Y9 M* K7 ?% b% }
3.11)验证操作
5 t; k3 r4 k7 n/ d; A' V# V* h [root@openstack-controller1 ~]# source admin.sh : V, D! M: I0 ~! ?7 h2 U9 ?# L
root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img
) D0 }# z7 w) f. h0 T$ _ [root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \' H$ v) F/ j4 U# }" X h2 i3 A1 a
--file cirros-0.4.0-x86_64-disk.img \% x& Y3 u- T; I4 G" X
--disk-format qcow2 --container-format bare \
* T1 ]! O6 H8 N4 k --visibility public% z" }6 h3 T9 J) b3 l
9 H: x; j; [4 g" H( }) m2 ~
+------------------+----------------------------------------------------------------------------------+
* b n; i5 f, ~2 B | Property | Value |
( E1 I9 Y0 |& n3 Y +------------------+----------------------------------------------------------------------------------+ P Z+ i/ A3 g
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |( P6 p: i& u* s/ p: B. i
| container_format | bare |' M6 q) N' _& o2 W1 u8 b
| created_at | 2024-12-07T13:12:19Z |
1 B+ p9 U [$ |! N$ l* y | disk_format | qcow2 |
' G, s. C, b3 X4 A" @+ M | id | 68249b5f-9eac-4873-be74-cc11ac9af61e |
/ z5 E- y- ~) t6 { | min_disk | 0 |
0 v+ V$ `# s# \' M/ M | min_ram | 0 |
: z) Z) ~, t7 @ | name | cirros-0.4.0 |" [; D7 X0 m/ p7 G
| os_hash_algo | sha512 |! u7 F: k% e' O
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |
9 w- c4 S# F3 W* Q$ J" h% K | | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |: E* e$ O7 B8 N" q$ `
| os_hidden | False |
0 H+ j& ?/ C" F- _3 ?# L | owner | 96bbc0e66a5246fdaf29843498ef49a1 |
, |* Z; e5 _; a0 v/ J | protected | False |
9 l9 N7 C" h' C6 { | size | 12716032 |
! x- _3 M# ~# G9 w& ?( C- c | status | active |
# |( n2 j! n8 A | stores | fs |+ z6 L# o2 U( a
| tags | [] |6 z5 W/ _5 D/ W) Y2 J% }
| updated_at | 2024-12-07T13:12:20Z |0 e: H0 ^' b6 m, p
| virtual_size | 46137344 |/ l# g c* J8 @$ M7 g1 C
| visibility | public |2 S9 W1 ^$ }) Z. G! Z6 i7 o
+------------------+----------------------------------------------------------------------------------+
3 D2 S! L* i) H$ N% Y 9 E; a1 ?! B" Q; D! D9 m1 h( `
`验证服务`# U4 k6 x- R5 V: i+ b3 h
root@openstack-controller1:~# openstack image list
2 z5 L) Z- n( J R1 o- | +--------------------------------------+--------------+--------+" y+ S$ i$ |0 ^; t* S' b, e
| ID | Name | Status |
! f1 I2 m7 ~% E' _ +--------------------------------------+--------------+--------+
' e. `! V" U, _9 U+ L | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |% l1 n/ E- H& m$ J
+--------------------------------------+--------------+--------+
. f. O/ {% Q! _8 d) l # 或者 [root@openstack-controller1 ~]# glance image-list; i, J: x1 V: N% x) Z
# 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7
% X- ~0 _) T- Y& X1 t& E8 d9 f6 | root@openstack-haproxy:~# ll /data/glance/
& B" O9 L; ?3 R6 m total 12420
; C' y' V0 a' j! B& q -rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a7 n& M, n N1 K) D# W, O5 V1 @4 ~
4)安装Placement
" r. {0 m% Z5 g" l4.1)创建Placement数据库4 l0 p6 `4 y. d! t+ C' |; y" x2 F
root@openstack-mysql:~# mysql5 y/ m ~2 V- R, x
MariaDB [(none)]> CREATE DATABASE placement;
I7 h2 e; Z; ?1 o+ g* u1 x; T MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';. @$ t% ~0 P% j
`验证`
1 H9 W8 k C5 g6 b0 o( p root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123
, s( \3 x: F0 ^6 y Welcome to the MariaDB monitor. Commands end with ; or \g.
$ Y: P# A1 |& @+ H V Your MariaDB connection id is 118
, k$ D5 A* H8 w5 f* R! ` Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
/ c0 f8 h+ F( g. T5 w6 ?' R1 y" @ 9 m8 n5 b& d/ G! t- z- v
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Y. Q3 }! [& C$ o7 {+ B( ]
" U6 z* G& i" v Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
2 ?( v' `8 E" a: \3 f
! J8 a% [3 ~- Z. v* i9 L& ^/ H MariaDB [(none)]>
8 {3 z" @% N1 P. F( D4.2)配置用户和端点0 d: h- b9 F+ q9 Y! ^3 \
root@openstack-controller1:~# source admin.sh
4 B: B! \5 x7 W. h F root@openstack-controller1:~# openstack user create --domain default --password-prompt placement+ y( n% i5 z+ x7 S }/ X" D( Q5 s3 y
User Password: # placement- b& F" T" {2 x4 [3 X6 V: K
Repeat User Password: # placement. w- Q; x6 n* O" [6 `; C
+---------------------+----------------------------------+$ q! a& `0 a! E( ?) d0 n) j3 Q
| Field | Value |7 }* \1 L: t/ {* Q: w' I$ u! a+ d2 Q$ F
+---------------------+----------------------------------+3 o- H' N) V/ |( p
| domain_id | default |" }- _: [! D/ l8 F6 z* p% x! i) H
| enabled | True |
1 u/ j% j1 B0 E1 d3 ^. ? | id | 804e53f0a44b4403af8278711a7274a5 |
; n2 l+ X) t$ a( d* U8 Q% M8 R | name | placement |% ]( K, N6 Y6 k: Y1 w2 w H
| options | {} |
. E0 f+ L& I0 V& w R: K. x" o& ~ | password_expires_at | None |* o8 X1 _4 }, R6 F0 J! ?0 x3 n6 D
+---------------------+----------------------------------+
V. G, `$ ~8 z, v, }0 _
" ?5 _/ `1 g2 X2 j `将 Placement 用户添加到具有 admin 角色的服务项目`( o, S" B- L0 m& t; I
# 让placement拥有service项目的admin权限`
3 l2 D1 ~) r- a, H/ [ b, _ root@openstack-controller1:~# openstack role add --project service --user placement admin- }6 h1 s! n: o0 f/ x: U
( t7 k* @3 [1 ~1 C& y7 f
`在服务目录中创建 Placement API 条目`, \% a, `8 @/ G$ W" Y( v2 R- z# R
root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement
* I ?6 e0 L9 D7 u +-------------+----------------------------------+# Q: d- y& b) P; K; \2 Y3 I3 {5 V
| Field | Value |# K. Y7 ~4 q3 X5 p& W% n. `
+-------------+----------------------------------+8 I# B+ X, l1 H8 u+ V4 C$ {
| description | Placement API |
" r) `+ p6 N8 Q' b* }- a! j* T | enabled | True |
0 E0 s9 Q3 z% U% f) U9 I | id | 9eaa1f08648c44c5a937759d7217016f |
! V' }' u0 _6 \2 @ | name | placement |
4 w2 V* g; x! @7 S | type | placement |1 @/ c6 O2 b* j, ^, G
+-------------+----------------------------------+4 o5 d6 X9 x* L# B; ]
4.3)创建 Placement API 服务端点:) G7 ]3 ?+ I1 t8 w8 c: ?( l, }# L, f
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:8778# u4 E: l; V# j1 H% u N) F
+--------------+----------------------------------------+
, b) H2 P) U4 ~' q. z | Field | Value |- N6 ^; r' ?! L
+--------------+----------------------------------------+9 K- N7 Y# V/ W5 Y0 j
| enabled | True |1 @3 j) ]: z# G" q
| id | 88aae422c80e4adabf613aef31fb0c3d |. J" B( O6 G: ]! C& \. T
| interface | public |5 m9 ?! c! t$ ]& d/ x' D
| region | RegionOne |
- F9 z. t2 i; ~: G# D: B | region_id | RegionOne |+ M3 y% Y7 O9 _
| service_id | 9eaa1f08648c44c5a937759d7217016f |: C: ?1 e+ e3 ^5 n
| service_name | placement |
3 C [3 f: D) p) }: s6 \" c2 p | service_type | placement |7 Z/ G( [5 p9 C2 }8 a9 W* H& X4 H2 ?
| url | http://openstack-vip.stangj.local:8778 |
) b9 u( e5 A# B! Y +--------------+----------------------------------------+
" `3 ^6 a$ h. b7 G 1 u! A' b) Q. c, u
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:8778
' T$ T5 n8 m# p +--------------+----------------------------------------+
z. X. ~. H. c @' r8 ~4 Z | Field | Value |
+ b9 R! v r( C" H) v +--------------+----------------------------------------+
6 y( [8 d8 Z! C | enabled | True |
' H, _3 O- ~- n0 J; a | id | b706b4abdcdd44a588eacf5d1cb7f75c |
6 i% L H) H5 i5 H+ _! U | interface | internal |
. O0 |7 h, H' H9 [, |; G | region | RegionOne |
6 `4 [& d" X# f N; ] | region_id | RegionOne |5 J& {4 `+ ?, ?7 j* |
| service_id | 9eaa1f08648c44c5a937759d7217016f |: z! z+ a1 E% U% S& d$ T* ^
| service_name | placement |( {- }, R& h! E! E/ u g3 @9 ~
| service_type | placement |
; E- M2 O4 ]" S% ?! O% @+ V. ~! ^ | url | http://openstack-vip.stangj.local:8778 |$ m& F/ X3 Z$ f% q# G- y8 P
+--------------+----------------------------------------+! y |( m' b$ h
7 X. {) u& n. W9 ]) M- I root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:8778
# A' K1 T, o- K +--------------+----------------------------------------+
% W) V9 ~% D n! N+ o* ^ | Field | Value |" x( }. ]/ ]: ~* X% t* Q- b, {- z
+--------------+----------------------------------------+0 M, T% f9 @& _3 i9 x& e5 [/ B; f
| enabled | True |
5 B) O. a* a) P( V, Q | id | f62a5305854e492ea9c76e77e13b10b4 |
. E+ L7 M$ I! i2 _: P | interface | admin |( X+ s; u+ _" U' q2 Y
| region | RegionOne |
! p. l& x+ h. P: M) F7 ` | region_id | RegionOne |
( I' n# S( o+ G% g3 Y& k | service_id | 9eaa1f08648c44c5a937759d7217016f |8 O! c5 z4 U4 R2 y% h- A$ j
| service_name | placement |
/ `$ q0 b2 u5 T1 r7 ^1 t' a: K | service_type | placement |
1 j* E7 Q e7 g9 o0 h. z7 b | url | http://openstack-vip.stangj.local:8778 |3 C' Y+ w4 r# C7 {
+--------------+----------------------------------------+
% m. I# \$ x& J# a* T 9 g$ `: A8 p {
`验证`
' G5 S; [! n6 ?9 `0 x4 a root@openstack-controller1:~# openstack endpoint list
) ~% O; n& p% m5 L2 f +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+2 p* l0 l# E6 Z% r* N$ a
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |8 L! Q4 E; s: D# {2 k& ~
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
6 T. u+ X( ^, y1 A7 w0 [( v | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
& t2 k9 ^& G' X1 g | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
- u6 g1 @) M3 e) l y0 C# { | 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
! J% v/ I$ {2 f" s5 ] | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |* Q8 S" d' }" ~9 }
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |1 v7 e. G) C) I- H0 f8 m$ o0 x- G' z) V
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
2 u; y( i5 G* l1 ?% T6 R6 f% t' \2 P | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |: N' o# r' E5 J! d: A' L
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |/ v& _8 G( G5 i4 Q( ?
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
( B0 J3 b8 h5 r- W2 E& q | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
8 z# S$ ^ d7 c6 o) D f0 G | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |+ y8 { K7 X- [* p
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------++ }4 t0 ^1 N1 L
4.4)配置haporxy代理
, c! _ O- ?) o root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
! h4 ?4 Q/ v0 R# E, c, T0 n# m # 在最后一行加入下面内容
& x8 f% a# ]# F" P8 W( K listen openstack-placement-8778
9 t7 t# B, H, E/ f. g) ~# j" k, I bind 192.168.139.248:8778
/ j. j0 D4 z+ s1 H6 C8 Y$ B4 s0 s- i mode tcp
( z; r* i7 P& {( @7 t( ^ server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5
6 a8 A4 @1 L- l& w4 Y; I root@openstack-haproxy:~# systemctl restart haproxy.service
; p- E+ Z+ L7 K p2 V' t0 ^ root@openstack-haproxy:~# ss -tnl | grep 8778
Z. \4 J2 t# Z {4 K2 u0 J7 C LISTEN 0 128 192.168.139.248:8778 *:*
' [. ^3 E% m. P0 }! U4.5)部署placement
$ |. r0 Y' N# m1 z5 t# G/ q2 Z root@openstack-controller1:~# apt install -y placement-api* W4 M" b: c3 i2 ~/ ~& ~0 b
4.7)配置placement服务
3 {/ B7 d8 F3 H5 W. u; J E root@openstack-controller1:~# vim /etc/placement/placement.conf$ O. K7 ?. V9 }9 P8 E
[placement_database] # 在此模块下面添加下面一行信息
$ F$ V" D4 s' u% g" T1 m connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement
, ~3 W, H0 Z0 [$ S9 ~) k3 s1 F
" ^1 h# A$ H# n$ @& u) s( o [api] # 在此模块下面添加下面一行信息
2 ~: `. ]7 n W5 E) f! Z auth_strategy = keystone
/ E' x) ^* l# j + d w( z+ _+ C/ k& ~8 A& M4 Z
[keystone_authtoken] # 在此模块下面添加下面8行信息
1 W+ u' i! k7 {3 j B# {! Z K4 ? auth_url = http://openstack-vip.stangj.local:5000/v3
) d$ r8 A7 q, d! Q( E memcached_servers = openstack-vip.stangj.local:112114 I# Y8 z9 g; q1 w9 S" o
auth_type = password
( w: _$ [* h% |: y- l; ? project_domain_name = Default
" [- T' T+ D4 @6 z user_domain_name = Default
7 u; a8 v8 B- d" |' y project_name = service
' f9 [3 B& |- y' }8 N; s* O4 a username = placement
. j- V6 m" H8 y) \4 P( W" o password = placement
6 y( d8 U6 i% b0 d0 y5 o) p4.8)初始化placement数据库
3 x1 Q9 N! c0 x' N root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement' o+ F7 {% {5 b$ C9 `! P! p
& a% T- V5 h( u3 K6 }/ M) f, S) d
`验证`7 g5 l; Q( J% L% v3 D
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables"
3 ^( [9 b9 f! U1 ]- p9 M) l8 U +------------------------------+; P. g+ I5 {- T1 t( x
| Tables_in_placement |# v; G! C- P/ j) T* ?4 j M2 J4 v
+------------------------------+
6 v7 K5 w2 k. h | alembic_version |
" }& D) y- U* I | allocations |
7 A& w- ]2 @2 o7 G6 \ | consumers |
7 u5 R0 N- H0 s b- s | inventories |
& X" E3 Z0 u' e4 T | placement_aggregates |, f8 w% @* A8 R; y) `
| projects |7 G: L* E4 ?" `6 w
| resource_classes |
5 g4 I2 l6 T2 n( o6 K7 w( m6 L8 [ | resource_provider_aggregates |; {, X; s' P0 Q$ }
| resource_provider_traits |5 F$ M# }9 T, n7 k% P8 N7 x2 G$ J4 Z
| resource_providers |
7 s- F6 ]5 t( L6 B& x/ H | traits |7 ^4 g; F c) l9 d
| users |
0 Y) i/ E m' }2 z3 h$ V4 H +------------------------------+& M) a. M: E, B, `
4.9)解httpd带来的问题(以免后续会出现403)
& C9 |3 @: C) P& o/ l8 i root@openstack-controller1:~# apache2 -v! O. ^2 s# g4 L4 k1 N! u+ H
Server version: Apache/2.4.52 (Ubuntu)
& ?0 |! ]- R. ]5 X' J Server built: 2024-07-17T18:57:26: _5 ?, `3 p3 E7 @& Q1 y' {% o. G
root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf! V, ^4 t$ D1 @! a* y
<Directory /usr/bin>- {" L9 T1 m1 t8 r9 i$ N. q' V
<IfVersion >= 2.4>
# _1 g, y7 @+ z, S# w8 }1 O+ P Require all granted+ S4 Y1 }% d* l/ [
</IfVersion>2 R$ O# f. ?- c+ @& Y) B( V- O
<IfVersion < 2.4>
8 Z1 C- u% A' i: U9 ?; U Order allow,deny
" P" {/ ^# ]" d3 Q Allow from all
/ F+ k: N( f! f! W* N; ]) |8 q$ K </IfVersion>( S" a* F, u- r
</Directory>1 T' F) C% b( s$ E- \ ]
- d' J8 u% B; J; | E3 H: l" |0 R2 M8 p root@openstack-controller1:~# systemctl restart apache2.service
0 x C+ u1 v! x8 \ root@openstack-controller1:~# systemctl enable apache2.service # I( k; s/ q5 K; s1 W
4.10)验证服务
e1 @2 p/ V$ k; H& K+ {- f; S& [ [root@openstack-controller1 ~]# source admin.sh
: J' n! K% ~+ C4 O: e+ ? root@openstack-controller1:~# placement-status upgrade check
$ L8 L; x; o+ t/ D1 S +-------------------------------------------+
/ Y, g7 i$ m5 R/ x/ L | Upgrade Check Results |# Y, r8 }' p9 {# ~6 p8 ^
+-------------------------------------------+
4 c+ E# m2 ^$ f6 X& g D | Check: Missing Root Provider IDs |
/ X7 C' l$ u) `, R; y& k | Result: Success |
( k% g5 j, I. i0 {4 I$ Z$ Y0 q | Details: None |& k; P2 o, K' @
+-------------------------------------------+
$ C* ~6 |. N( F6 x0 P$ c6 @ | Check: Incomplete Consumers |
, ?/ Q' j" o9 H9 T. F9 E+ w | Result: Success |
+ h- u8 c5 Y, [* L9 e | Details: None |$ b& B7 o/ p0 j1 F3 ?$ Q% k
+-------------------------------------------+
" i$ N" j+ p* Y9 Q# g | Check: Policy File JSON to YAML Migration |
+ q& n& p' `/ E | Result: Success |
6 |( t3 d$ k$ p- J6 a5 K/ k0 j | Details: None |
' d6 [8 u, I8 L! o! l7 G +-------------------------------------------+$ L. b* y) y- ?( M! Z1 T8 n" w+ e
root@openstack-controller1:~# curl 192.168.139.31:8778
* N. E1 q8 `. s$ F {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}- u# _1 H- {; ?) j
root@openstack-controller1:~# curl 192.168.139.248:8778
- P$ V- X) g0 C e: T+ ~' ` {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}4 S+ j( D( A+ W" U- \. e
5)安装Nova$ v6 L; ~3 p, B2 Y
5.1)配置nova控制节点- u; \) c- e$ {# {8 ]
5.1.1)创建Nova数据库
- e* B! D0 Z+ @7 C4 V root@openstack-mysql:~# mysql
v% s" p- k+ M; D- |" }9 d MariaDB [(none)]> CREATE DATABASE nova_api;* M& O' @% r4 Y N3 i8 B# e" |
MariaDB [(none)]> CREATE DATABASE nova;: ~6 B2 t+ K, w2 I$ r; _
MariaDB [(none)]> CREATE DATABASE nova_cell0;" l8 d- I6 v `* M/ U, f
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';. W) J4 j9 g0 _2 ^0 g ^6 s
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
! _" X& ]! N7 p" @! _/ u7 H MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';0 |5 V) O$ @% _0 N$ d
5.1.2)配置用户和端点5 R' L) X, z0 A. a
root@openstack-controller1:~# source admin.sh - D! D1 R% [& }5 R. q/ q
root@openstack-controller1:~# openstack user create --domain default --password-prompt nova/ _/ X4 f6 k+ a0 ]0 o9 q: ]
User Password: # nova
2 n" i- g& B- \ Repeat User Password: # nova
' {2 T8 s. |7 @3 E* [# T* y- c) \ +---------------------+----------------------------------+: W: \* S; B! A- Y1 C7 I: z- K
| Field | Value |: r/ U8 ?: ~% `/ |" j
+---------------------+----------------------------------+$ V) q$ S+ @! D: M% D/ ?
| domain_id | default |
, Z D3 B4 w1 z% {) } | enabled | True |; v! t- I' G- M9 B
| id | 223adc571a2b4a2fa32cd7bdff6e7c3b |
2 z4 c% r7 a$ K! S( E# @+ Q | name | nova |
+ p: \" h3 X- R | options | {} |% {/ j3 ?; e( ?, `9 ^
| password_expires_at | None |( I7 V% Q9 O' ~- s
+---------------------+----------------------------------+
' R- ?, K" |0 n: j- A% h4 N! t + ~$ T Z0 x4 ] f d* T
`将 nova 用户添加到具有 admin 角色的服务项目`% ~0 ?; R# a1 b+ v4 S- X; s
# 让nova拥有service项目的admin权限`6 j# Y; o# c) p
root@openstack-controller1:~# openstack role add --project service --user nova admin: Z1 s' G3 e# P9 p
% {6 p9 U% z {5 e
`创建service实体:nova`5 p. X E5 [7 @4 o" u1 {
root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute
3 L( C9 ]# S0 R* O5 V +-------------+----------------------------------+& d. ?2 ^* A5 {
| Field | Value |
5 U+ s$ K$ |/ \+ [ +-------------+----------------------------------+
1 s' |8 p L1 Q! K | description | OpenStack Compute |
" s3 C6 i" O9 u, ?+ ^7 W6 r | enabled | True |
0 K6 M4 n8 i! Q6 h) a4 M; n. e | id | 63028385934a4290b66880dab62a4c4d |7 t! v2 N: s* Y' q5 i7 ^
| name | nova |9 n8 `* r2 {1 Z5 ]: z+ p- T' Q3 `
| type | compute |7 I, `- ?% a- U7 `" g: e
+-------------+----------------------------------+
X* |" ^/ s. @8 Y
& R7 g% l) _& s0 o5.1.3)Create the Compute API service endpoints:! y+ `9 n, H5 L8 ~/ Y
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1, @0 J8 o3 H2 ^$ m0 T4 N& M; D
+--------------+---------------------------------------------+
2 c( O1 ^5 Z( n& r: ? | Field | Value |
9 k6 v, W9 ?! i +--------------+---------------------------------------------+7 J: I8 z% |) ?* B4 |
| enabled | True |! W1 t9 Z) N: H# g6 ~
| id | d5564488f45d47009640dcea5e0083f8 |4 \7 ?! k4 R: y4 ]( ~. b
| interface | public |
9 O; `2 X# h. ^+ x6 N* } | region | RegionOne |% W1 l$ v5 C2 C) \
| region_id | RegionOne |0 y1 t# x$ S& U% z
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
( q, j6 e$ H) j. ?: \7 U, E, u( \ | service_name | nova |
7 x( \- I9 W7 C4 @ | service_type | compute |
3 X0 L$ L% m4 ~0 d6 S3 G9 @ | url | http://openstack-vip.stangj.local:8774/v2.1 |; D3 a7 f; i9 n) r
+--------------+---------------------------------------------+! f8 D# B0 t" v- i: ?
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.1
8 q2 j6 H. c$ t2 t+ _# C/ p2 l +--------------+---------------------------------------------+3 e! c8 o9 L) \5 a
| Field | Value |
% ]1 \8 W g$ s8 N2 \ +--------------+---------------------------------------------+
- r6 {1 r3 A/ R- w, U1 U# K | enabled | True |$ K0 s$ K' q" }; K
| id | bce779f873ad48cdaf7aa65c9c310e0b |+ K9 A! [0 l8 H( C2 c
| interface | internal |
0 J7 g }3 C G1 ] | region | RegionOne |- C' G. w5 Z0 D! n9 v. k
| region_id | RegionOne |
* Z+ }2 R' _ }! t& u8 _ | service_id | ba27d9ae56314e208a3b9b7e1dead803 |
' \ K% W: K) F | service_name | nova |
8 W. U+ C/ s! a3 g! r3 O) [ | service_type | compute |
8 x7 ?! H. [7 v% Z | url | http://openstack-vip.stangj.local:8774/v2.1 |
( e* E. Z+ Y0 b; y2 N5 @; } +--------------+---------------------------------------------+
7 m6 o; S' }5 M. V/ l6 ~ root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.1
8 V1 y# b; M J +--------------+---------------------------------------------+1 T; \9 \* H, b
| Field | Value |
5 w. @; |! v6 W, q +--------------+---------------------------------------------+
2 O0 t) v# o6 I* @4 Q5 D0 _' N | enabled | True |5 Y& y0 q( F2 G5 |/ `: c
| id | 229163f968084cef9cc0150d1c7b14d8 |$ |: Y8 T O# S8 E4 R
| interface | admin |
8 n( N5 v1 C" e& {/ H% j | region | RegionOne | r& \4 V C6 r
| region_id | RegionOne | g8 [8 k4 d3 \1 r
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |! D5 I+ u4 O7 S- ?) ?+ l
| service_name | nova |* k: H% F" X$ ^ F' e1 B$ A) S
| service_type | compute |3 z; h l6 A/ j- r) [
| url | http://openstack-vip.stangj.local:8774/v2.1 |5 G1 j# c* d' P$ {/ G
+--------------+---------------------------------------------+/ ~ _. B- p9 q: H8 Q h! O
`验证`
6 j$ O; c+ @4 s& h [root@openstack-controller1 ~]# openstack endpoint list0 R: Q6 M0 Q9 o F H& g
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+' C/ }3 X* [* P, ~, B
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
5 p5 _9 l4 A) a% t- [' ]% J9 l +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
( Q, R' y1 F5 H, D9 B4 B6 \4 J6 X | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |8 T* V( y' O1 ]! c8 E- f7 \
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
& q' ?. Q3 k y0 Z. n7 w/ A9 m2 ] | 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |9 Z, G! U1 t* v5 {. M' ?
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
+ d3 Z" i6 M8 c6 K, o | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |: ?! f- g' x/ z Z
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |5 J9 K) g/ A& `8 ?
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
# A$ s- Q5 d2 a4 ^1 X; a' { | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |2 n; i7 ^5 \% Y) U6 d6 }) _
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
6 L2 ]8 \- i* s; K' t7 N | bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |
2 a6 |2 v, c' H2 t. @ | d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |! V" }! g) {; q* I4 R! ?0 y' g
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |, a" b0 {6 Z* k0 Y; g* r, z6 R
| def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
- W0 t( E7 {6 A | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |% X: c+ g/ q! i) X4 g3 i, W1 w3 h: q
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
$ h) }& C; }9 ]! h- O* G7 |- m5.1.4)配置haporxy代理" H8 ~& Y) N- q! c" q5 W. x$ Q2 [
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 2 W" S8 g& _; U9 k. E0 N* [6 J
# 在最后一行加入下面内容5 H& a% U8 ^/ K5 o: |* E
listen openstack-nova-8774( @( {, g3 x2 B- V/ A7 @
bind 192.168.139.248:8774
# D4 m H9 c G& c# u1 Y9 f( `( J* X mode tcp& N0 t2 K$ c0 E Z5 Z5 }4 _4 O
server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 5' m/ L! A% S, v6 m
" F- R$ } G) J% V' V
listen openstack-nova_api-87754 e: N$ s( k/ q; ]7 A
bind 192.168.139.248:8775" D" k; }) |: Y( w' d K
mode tcp. ~9 g1 }0 g: i6 T. s6 q
server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 53 C2 _! R1 ^9 Q" [$ E3 b3 V
- q2 ^1 q/ g1 i+ }; l" x/ y1 b
root@openstack-haproxy:~# systemctl restart haproxy.service 9 v9 |- C" v) I) e6 k
root@openstack-haproxy:~# ss -tnl | grep 8774
3 ]! i3 y+ W1 v* f' i LISTEN 0 128 192.168.139.248:8774 *:*
( J5 R T* N3 Q: o5.1.5)部署nova-conductor5 f$ y, ~5 C& P |; A- Z. h& C
root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler
8 d" }, N" I7 M: k5.1.6)配置nova-conductor
- I+ J+ H- i: B4 s6 n root@openstack-controller1:~# vim /etc/nova/nova.conf
6 e* [7 y8 ]9 A) S: |& Y4 C [DEFAULT] # 在此模块下面添加下面4行信息: k. J, x0 [* w2 F0 A: ? o
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/
: {0 J1 f) I. Q8 B% A/ Y my_ip = 192.168.139.31" I! z8 s1 a& f: r
8 ?+ Q& \) s% x [api_database] # 在此模块下面添加下面一行信息6 q% f& c0 j/ e7 [8 f! y1 n
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api
+ ]$ Y4 X8 Y* h- R
# J* N0 q5 }4 A# a [database] # 在此模块下面添加下面一行信息6 a* [0 O0 G2 a- W7 p0 m- w
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova
9 t! f" }, \6 n3 k: ?- z
- @9 A T' A) G [api] # 在此模块下面添加下面一行信息9 m4 f) N( P( S+ o
auth_strategy = keystone
3 L1 Q, I+ y$ C
4 y" b8 c3 ]# a! u* n6 W3 M, A9 H; ~ [keystone_authtoken] # 在此模块下面添加下面9行信息' z2 k# @; ^; P: y9 G
www_authenticate_uri = http://openstack-vip.stangj.local:5000/
! P1 a: j' v: G. H6 K3 O auth_url = http://openstack-vip.stangj.local:5000/
5 i5 t+ j' ]! i# i0 W! S- |, s memcached_servers = openstack-vip.stangj.local:112117 e6 ]) J6 l9 p+ v7 b: v
auth_type = password
T3 ]' S* A- ~' e, s& E' G project_domain_name = Default
! y) [/ d! r: U, d8 z: \ user_domain_name = Default/ Y: \7 m6 Y- I+ M* W$ `" s
project_name = service& \6 K0 L' c; S7 M) m _4 I* T
username = nova
6 {, d+ |8 p; b) E password = nova3 u. f$ n. Q) Q. l9 p
# ]" a9 L6 N0 [. V1 }& A! h2 a* E- C [vnc] # 在此模块下面添加下面3行信息
$ U# m' G0 n: p9 e8 d enabled = true
7 T% e/ g' m9 j# v0 X" R* s server_listen = 192.168.139.31
5 w! F, a H1 t/ v1 ` server_proxyclient_address = 192.168.139.31" c, p' m# Q6 |% a: T2 R/ F) C
+ s* C4 ?# x+ e0 C4 e( f6 }
[glance] # 在此模块下面添加下面一行信息' ~# k% |; d6 Y k
api_servers = http://openstack-vip.stangj.local:9292$ S1 a4 ^/ I) C i: }2 o
. R) b% L2 A; N [oslo_concurrency] # 在此模块下面添加下面一行信息
6 }2 B4 {( |! t# @# z( ^ lock_path = /var/lib/nova/tmp
9 a2 c/ G0 v& `0 u% l ! H5 Q' K4 q O3 S( b0 K* A6 T4 E
[placement] # 在此模块下面添加下面8行信息
9 M# g3 I8 d: B+ J/ O region_name = RegionOne+ J* \; z9 R0 ^8 F) l0 A
project_domain_name = Default. q4 A2 [/ d' Y9 }+ D3 u9 M
project_name = service$ E5 k3 t" G% F0 ^. E
auth_type = password
5 i& g* n9 v; a user_domain_name = Default
1 h( G l' d0 g, l% ] auth_url = http://openstack-vip.stangj.local:5000/v3$ g1 Q4 t3 b3 B! S2 J: @9 b: m8 O
username = placement
* Q8 I; L$ O/ P6 ?, P8 Z password = placement
, q0 J. U1 |: `- `0 t4 b& C ~ 1 l7 R! U, z: R& A' h* w# L
[service_user] # 在此模块下面添加下面9行信息; b1 F: D2 {% z, [9 C1 G# l2 K: i
send_service_user_token = true. C* z' X1 s9 ~( y9 j8 k" |7 o" F
auth_url = http://openstack-vip.stangj.local:5000/v3
6 ]! a, m5 T( @* ` auth_strategy = keystone2 Y. Q) H$ G. V" l% I
auth_type = password
% z6 Q0 |$ s" A) \5 Z project_domain_name = Default
8 z- t1 J9 C {& `) K project_name = service; Q! h S; {$ w7 d; R% @/ D
user_domain_name = Default
: Q2 m: {4 \; @0 J8 l$ e, o; G username = nova5 d, j' |3 O* l9 y4 o$ K& r9 D
password = nova- Z5 m' r" @6 R: H: f; B9 [
5.1.7)初始化nova数据库 l0 o3 a! ?! e% L) f, e D$ O1 u
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova
$ p$ `4 x1 F5 p7 v root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables"' Q x# y% w/ h' T' Z w0 y( v
+------------------------------+, y/ B" f% f L7 ]/ {8 C. Y, t
| Tables_in_nova_api |
# C: { V: s9 @5 T +------------------------------+! P5 T @3 e6 S) V
| aggregate_hosts |
, n( U* e0 `3 V2 ^: b+ V4 h | aggregate_metadata |" v! D7 l( v' _9 w
| aggregates |4 x. ~9 A. R, a9 n/ o$ _& j
| allocations |
* ~8 H' o0 W$ K, h | build_requests |; r% {5 H0 {9 a% ]: d
................................7 i4 @- ?% t/ w) l! a
................................
% Y- N4 `, j; g | resource_providers |$ }3 b: {* H6 k* o0 s, ]6 j
| traits |
& ~9 e2 o: ~4 Z( n) {1 `( l8 m$ ]& [( t | users |
# M8 Z3 s0 O, W d+ `& ~% N +------------------------------+
0 L" X; D; P1 m% B& h' D9 L root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
+ f0 S2 \/ C; Z root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
* G2 z5 ^2 y1 r ....
% R I9 r ]/ |6 ]5 Q* R c14b4cfb-a4f6-41a5-8418-a3d3ee04228f# [: Y, h! y m4 c. J
) A `7 o1 U4 s, t root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova9 x8 s" T5 ^1 O, s/ `6 b
5.1.8)验证 nova cell0 和 cell1 是否正确注册:
9 _; z& \: j# B8 C root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
' e9 e+ ?. Y8 |6 c- @ l3 ~ +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+3 b8 T7 o/ A& S8 @1 B
| Name | UUID | Transport URL | Database Connection | Disabled |9 H/ N# z; I3 c0 I; O. a1 T
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+ E G7 q8 L/ m+ T& l
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False |$ }# q4 l, w# }$ x" V
| cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False |# Z8 r8 @. x4 |$ [* B2 }
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+7 w& u* z0 j6 A; T, _ M# a* W+ i$ n
' R, i/ W! }3 l) d' w/ B2 T/ c
5.1.9)启动服务( Y$ G# r0 k1 {0 ?/ R4 k$ G. J
root@openstack-controller1:~# systemctl enable --now \; e$ W7 \$ ^6 z
nova-api \& G$ G' F( N( L: [
nova-scheduler \
1 i5 C* d2 W0 G5 l$ Y" z! ? nova-conductor \9 }/ q& C. x8 B- l K
nova-novncproxy
+ K# A' w* E( }9 M; G( f; E root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy
' x+ {' ?$ U- } x' u9 @5.1.10)把novncporxy代理到haporxy& L. U9 ?) f) Z+ f9 j$ S* s4 x
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 3 f; K+ @; i( E) B3 L4 v8 K. e- D
# 在最后一行加入下面内容
7 i$ }3 O( W: q# p0 U listen openstack-vnc-6080
, C& B/ S# j' q) ]- c! U bind 192.168.139.248:6080' d0 @/ f6 y5 j; o2 N0 r
mode tcp
5 S' d9 L t* P9 o) i! r7 j) A server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 5
: X, `' z: v" o5 N6 Y/ l t6 W root@openstack-haproxy:~# systemctl restart haproxy.service
: B& K2 d1 F. E7 B0 s R root@openstack-haproxy:~# ss -tnl | grep 6080
5 G0 k) ~+ J8 }; L! T$ l7 d LISTEN 0 128 192.168.139.248:6080 *:*
6 d% a' L2 Q# d0 V" @6 K' n5.1.11)配置nova重启脚(为了方便后续实验)
& M# ~" a* | e, k) y [root@openstack-controller1 ~]# vim restart_nova.sh$ o* N1 F/ w b: z' w/ a
#!/bin/bash; ?$ S9 S$ @. ]/ l1 T4 i( B8 B
systemctl restart nova-api \4 m3 J" |) N) V% j1 _& H
nova-scheduler \
7 P* E6 K& D) C- L# s nova-conductor \$ F% d2 a" }3 c7 z0 o9 A0 W2 i8 C
nova-novncproxy, {$ o9 ~6 @% c
5.2)配置nova计算节点. f$ i8 ~7 u% @; I: s
必须保证开虚拟化+ t, K1 L; q8 R. G/ y4 R9 U# P
: ~# F% u8 v4 T, @' T8 T
image-202312152249363273 ]- O3 ?( F+ g# `, B
0 R+ C7 h6 u7 g8 \: L X
5.2.1)部署nova-compute
/ u: s, x5 G5 k6 @9 w5 D$ s. J root@openstack-node1:~# apt install -y nova-compute
* K9 z4 c. M) {& q" p; W" v5.2.2)配置nova-compute' \, Z' T" y8 S& {! J
root@openstack-node1:~# vim /etc/nova/nova.conf1 ~' u G7 |5 m+ |; j( I0 R' h, Y( P, W
[DEFAULT] # 在此模块下面添加下面4行信息0 D% ~+ ]1 i0 j/ M; M
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/# @& o9 M( _6 Y, j& F- |
my_ip = 192.168.139.341 K4 p- v; |+ w
# state_path = /var/lib/nova* W; c, w0 p$ y7 D, o
; B, Y2 |9 Y4 u6 Q; @, O' O
[api] # 在此模块下面添加下面一行信息
- R6 ?; G e+ S9 v! ~" o. Q" D2 z auth_strategy = keystone
6 W' P4 ], v& @) Z3 }( `% `% u
/ O6 [5 e/ i7 M0 [1 u [keystone_authtoken] # 在此模块下面添加下面9行信息2 W4 B7 A) ]& J$ D2 w
www_authenticate_uri = http://openstack-vip.stangj.local:5000/. M2 g. G& s$ W5 Z) S! H
auth_url = http://openstack-vip.stangj.local:5000/
$ a4 ^, A) V2 R4 o" [ memcached_servers = openstack-vip.stangj.local:11211( h" ~/ q, T4 [$ y( b
auth_type = password. j+ F9 r' G; h+ D
project_domain_name = Default I0 }6 o+ Z0 ^ F6 v
user_domain_name = Default: g( T; P3 M( j6 o& H( C" L
project_name = service
. c. r: @( m) j6 i0 F4 k username = nova
( }5 M* s, L5 O' V password = nova& \( T* O+ t2 | S5 J" i
( I( \0 x/ B, h [vnc] # 在此模块下面添加下面4行信息
0 T% x" x4 J' _4 Z' O enabled = true x# ^ o5 u% I; s" Z7 S8 f+ H0 f
server_listen = 0.0.0.06 |) K w, q3 o* b
server_proxyclient_address = 192.168.139.34
0 C3 ]& {/ M6 S novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html
$ u; ], ]7 `; g Y
! {& Q0 z' ]( R [glance] # 在此模块下面添加下面一行信息. V" Q9 X- N4 o) m
api_servers = http://openstack-vip.stangj.local:9292" u5 K, p- q! Y( l2 Z
2 h1 G. I0 k" a
[oslo_concurrency] # 在此模块下面添加下面一行信息7 W3 B- |7 o( f' _! ], W. k. r
lock_path = /var/lib/nova/tmp
) q4 s! J0 W l( J1 q
- @" v. ~" t( V5 Y" Q. V* k [placement] # 在此模块下面添加下面8行信息# D) I B/ F# a8 U2 V+ k
region_name = RegionOne2 _! N3 G( c* {. O/ A6 O
project_domain_name = Default
8 B2 F3 a8 g" i: `6 g project_name = service
, H0 h' k. o6 R$ ]# i auth_type = password
8 k- C8 \- g2 }/ D2 \* M% E7 D user_domain_name = Default, N& i/ N% l B! J, z4 z: H3 X3 X1 f
auth_url = http://openstack-vip.stangj.local:5000/v32 ?3 P/ e/ \' O3 I0 H% z, j
username = placement
4 t! I4 O- D1 F7 {8 o password = placement: I& l, u! s% h( @; x7 r/ m6 d6 ~
7 _8 H" K( a' U1 r
[service_user] # 在此模块下面添加下面9行信息0 a- U3 j1 V% i! \% ^! ]: J" M
send_service_user_token = true
9 ~* R! l& P( ?9 e2 T' d e auth_url = http://openstack-vip.stangj.local:5000/v3
% ]% R; {. }( @5 @ auth_strategy = keystone
, c e% p& S q& u auth_type = password* r9 P) n6 V, F" I! Z
project_domain_name = Default
. T/ D* c _; p5 e& \8 l project_name = service
+ f+ U/ K& z, y) O- n user_domain_name = Default
1 T3 ^7 R A5 ^& ?* Z, p username = nova
# q- k& s; @4 h1 h6 g password = nova, b H/ ?+ p/ i/ x1 ~( a. q3 ?0 A
* W) ^: x, ^, U& @1 Y8 w& e. X& E root@openstack-node1:~# vim /etc/nova/nova-compute.conf
5 h$ T! H$ y4 q3 T
8 c1 f/ V) P$ }$ t [libvirt] # 在此模块下面添加下面一行信息
& |! Q* C. p" a% d, E9 p5 N virt_type = qemu$ t% d, A/ z* j- h, f) g
8 H- r, B* p/ m; ]7 f# l `检测是否可以用虚拟化`0 w1 n! M% W) w9 w2 T/ k/ B
root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo
9 F) M" `( P. m. ]. g$ ~/ h; [ 4( r! g$ i) j) B% B% o% B c
5.2.3)配置hosts解析+ Y3 f% y* G( S% Z
root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts6 B& w6 b# S% o3 A
5.2.4)启动服务
/ K. C' A S- I' m root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute
/ |- G+ x3 y, s1 @- E; |6 C) t `编写重启nova-compute脚本`* I" c( `. ~$ m8 @3 T1 d9 W% c
root@openstack-node1:~# vim restart_nova.sh8 v4 a& D- h% |4 N# E( {$ l& r
#!/bin/bash* l' d$ z6 t* y0 F7 p, M& Z; l7 K/ Y/ k
systemctl restart nova-compute
7 s6 N8 g% \, I4 ?. F root@openstack-node1:~# bash restart_nova.sh
, W3 o, a. r+ M2 ?6 L" e
, ?0 \, h* X" G5.2.5)验证服务
( ?' l3 y' ^1 T8 ? root@openstack-controller1:~# source admin.sh 1 d* f, R3 v1 B- V4 S7 X7 l
root@openstack-controller1:~# openstack compute service list --service nova-compute3 v! B. i/ z d4 P
+----+--------------+------------------------------+------+---------+-------+----------------------------+
( }/ ]) K Q8 q' r- |! N i/ R | ID | Binary | Host | Zone | Status | State | Updated At |) h) x1 Q' k ^+ Z
+----+--------------+------------------------------+------+---------+-------+----------------------------+' x% Y; e3 K" |: ]+ ]
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |# I6 }3 F2 T" A& N% Y
+----+--------------+------------------------------+------+---------+-------+----------------------------+
0 [$ T r5 [! i) V5.2.6)发现计算主机6 U* @3 U, F3 j- W9 J3 r1 Q6 x7 O
如果加入新的node节点需要执行下面操作# C- y- r o2 d! c
( z' P+ S) P$ m+ A: b* W: r5 d: f7 R
[root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
% x3 ?; x% X f; f$ O$ g+ D Found 2 cell mappings.
, U8 E+ x& A+ C% q6 E* e Skipping cell0 since it does not contain hosts.; A' ~" i8 }% a
Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
7 v9 A: Q+ Y* f* j Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0) N1 {) g* Z; e) i7 J
Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
( ?" c! |1 b9 G1 d9 f; f Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f, y6 n9 }9 S- [3 L
5.2.7)配置自动发现计算节点" e. `: M- n. r5 L
[root@openstack-controller1 ~]# vim /etc/nova/nova.conf8 r7 Y% g3 T" _
[scheduler] # 在此模块下面添加下面一行信息+ D* }0 b1 h$ r3 C
discover_hosts_in_cells_interval = 300
. u5 k( u C1 M `重启nova-conductor服务`$ J6 k( N9 _+ K+ U$ D; j
[root@openstack-controller1 ~]# bash restart_nova.sh
: ?. }) O; \$ T6 h( J5.2.8)验证操作* @. x+ ?4 k% ]3 C3 J
[root@openstack-controller1 ~]# source admin.sh + L# N; \( w6 [
[root@openstack-controller1 ~]# openstack compute service list3 g- _, F1 w, R8 T, a
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+) T& i7 \ M& \% E! a
| ID | Binary | Host | Zone | Status | State | Updated At |
9 T) I- I' p, |* z: v7 M +----+----------------+------------------------------------+----------+---------+-------+----------------------------+ z1 v p7 \7 l* e s9 A
| 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
' O$ D/ k$ L- |. s9 r0 V | 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
. ?. B: k+ ]4 R& m | 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |* R" F" t6 T( O& g& j
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+6 H* r( k C8 H: q/ S4 m) v
root@openstack-controller1:~# openstack catalog list0 f$ ^0 G2 U$ b+ n- O
+-----------+-----------+---------------------------------------------------------+0 R. o0 t& \9 d X$ z" J2 K
| Name | Type | Endpoints |6 j4 ~: P/ y& c( |/ K% Y
+-----------+-----------+---------------------------------------------------------+' S' W, j& i# O7 U6 t" k! @
| nova | compute | RegionOne |
4 o; ]: @4 [6 r; ^; t Q | | | public: http://openstack-vip.stangj.local:8774/v2.1 |1 Z" S; y+ t- D( y+ m
| | | RegionOne |
6 F' d% @+ E7 q% ~ | | | admin: http://openstack-vip.stangj.local:8774/v2.1 |; \, H3 M- d- u
| | | RegionOne |
1 N5 ?' P9 V% [% E& j* e! S; K | | | internal: http://openstack-vip.stangj.local:8774/v2.1 |
( G! Y( |" H2 J) ` | | | |7 v7 W; I7 z' O) H$ y0 I- @
| glance | image | RegionOne |
5 j- l& e2 p. O& }: d | | | public: http://openstack-vip.stangj.local:9292 |
7 ]- c% f# B# L, s: M$ g | | | RegionOne |+ h# S. d) x# O: v! x
| | | admin: http://openstack-vip.stangj.local:9292 |; k) K; ]9 f( [! y9 g
| | | RegionOne |& }' @0 E9 ?2 H- X' v; [$ G
| | | internal: http://openstack-vip.stangj.local:9292 |
/ Q: z3 ]! L" u. s | | | |
0 G; Z3 x+ _* ?8 `7 Y | placement | placement | RegionOne |* l- i( F- j- w4 L& l f0 f
| | | public: http://openstack-vip.stangj.local:8778 |. M3 h1 d" C/ K. W
| | | RegionOne |
# U% U8 Q+ O* ]3 L6 ~0 Y( u | | | internal: http://openstack-vip.stangj.local:8778 |& B' k/ u" N1 p( R9 S1 m5 a0 S% m
| | | RegionOne |
% ?0 c) b F- w8 Z: |( z- H3 z0 ]; ^ | | | admin: http://openstack-vip.stangj.local:8778 |
# X5 o4 u/ s. n( W: A: A; ? | | | |5 u, H, ?5 m, [3 W
| keystone | identity | RegionOne |% i+ Q5 C+ @. n* e
| | | internal: http://openstack-vip.stangj.local:5000/v3/ |
! p5 B; u7 S( l; u2 U | | | RegionOne |
% i+ V0 l! u; g8 Z: I7 |( p | | | admin: http://openstack-vip.stangj.local:5000/v3/ |) w0 z# \5 A( o8 s
| | | RegionOne |- A4 n3 e% l9 m$ s# N( R1 @
| | | public: http://openstack-vip.stangj.local:5000/v3/ |& _! u( |& t9 M
| | | |
2 I+ q, |# m7 ^" _5 |2 M% k +-----------+-----------+---------------------------------------------------------+0 q- s- h0 {, D3 p0 `0 D
2 u: ^. B2 o, c8 n) |$ a$ e root@openstack-controller1:~# openstack image list
7 ]2 H g* o6 P% y +--------------------------------------+--------------+--------+
+ ?. W+ n1 ^- ]* k% M6 t2 y2 W: p | ID | Name | Status |& f7 ]6 L7 n8 V/ q7 _$ T
+--------------------------------------+--------------+--------+" x, m% o, T! y, [! V
| 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |
: v6 \+ U5 e* i" R +--------------------------------------+--------------+--------+: j" D K7 t$ W" S6 o
5 H8 H3 `+ y2 f( Q7 l root@openstack-controller1:~# nova-status upgrade check; _; q0 ^: E( j$ g1 a' Q
+-------------------------------------------+
/ I0 y1 @# k1 {5 ~! b: Z& C9 L3 h | Upgrade Check Results |3 @" q3 g( n T% f
+-------------------------------------------+
8 N3 w6 ?. z7 ` | Check: Cells v2 |* ?( e3 z1 ^& y# Q% V, V
| Result: Success |8 s/ W2 P v% p3 S" a5 Y( B
| Details: None |1 u p+ }- H+ ?' s5 A+ i
+-------------------------------------------+. Y5 z( d* @3 k+ P5 e' H1 v1 c
| Check: Placement API |' {0 j2 E7 @7 ^3 [
| Result: Success |0 v4 n* K) | D# J4 Y" A' f6 }
| Details: None |
h, [% l7 w% T7 o& } +-------------------------------------------+9 x+ Q, Q/ Z3 w8 S0 t" i# ~
| Check: Cinder API |
- p. j* A6 P* \' z" w | Result: Success |6 Z+ _2 P2 [" B/ Z# q, |
| Details: None |
^. h5 V( E! C/ E8 x) o +-------------------------------------------+4 p9 C0 [& Z1 {. c7 ?0 y+ m3 Q0 P
| Check: Policy File JSON to YAML Migration |/ O+ p4 [5 I0 q/ l' Z
| Result: Success |
. X1 \( ~! I/ |. ]3 p3 T! O2 y | Details: None |( Y9 _. C! ~4 A; |) v: N
+-------------------------------------------+3 Q5 @7 a* H6 M# ^3 p( K
| Check: Older than N-1 computes |' {( m# T2 e; v% H
| Result: Success |9 \# a5 y/ _5 G/ b
| Details: None |+ b/ X) Y$ d) o6 Y7 ?
+-------------------------------------------+
+ t9 t8 F# r1 S( L' F | Check: hw_machine_type unset |
. u8 d! Z S5 W6 v | Result: Success |
. ^* _! \7 h7 Z5 w/ B5 P y | Details: None |: e7 H, I% x; g/ b. j( _4 K! o( e
+-------------------------------------------+9 ?1 j5 s( \+ R
| Check: Service User Token Configuration |' H& i/ N! F m( W: o! V" r5 d! B+ Z8 b
| Result: Success |
% z0 r. q& n& }6 }& Q | Details: None |
" x6 L; k9 r2 H* {8 O0 m' @5 O) N +-------------------------------------------+
) O( N$ M/ m3 ?9 S3 }& U0 C3 J6)安装neutron0 ]3 F1 n0 X9 T; q- M# ~
6.1)安装neutron-controller节点
1 L. S4 Y# Q3 m; M* j6.1.1)创建Nova数据库
: V" {, o8 Y- J) |0 D root@openstack-mysql:~# mysql% @0 f! l0 N2 \8 F
MariaDB [(none)]> CREATE DATABASE neutron;: a, x3 w* E# I" F) f' ]4 |
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
* {2 w/ ?9 r* s9 V6 F IDENTIFIED BY 'neutron123';# z1 i$ P/ \, ?9 S' F& {1 }
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \- ^! a6 \2 t$ D3 P) ~- E1 M6 H8 p
IDENTIFIED BY 'neutron123';1 M0 r# D7 S- P
6.1.2)配置用户和端点
' w) z5 M: L# R# y c- O root@openstack-controller1:~# source admin.sh 3 ?' s' H! { d$ ~
root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron5 x. x1 p. I, W/ s
User Password: # neutron
$ o v) [$ R/ M5 J+ D, G8 G2 o Repeat User Password: # neutron4 |2 x: p4 v/ j; o0 _% p
+---------------------+----------------------------------+
$ J( h( D. p9 J2 ~1 B. } | Field | Value |# |) c0 \7 D- u1 D
+---------------------+----------------------------------+8 A1 k+ \& y# p4 g9 p& C
| domain_id | default |0 e$ [) M, U+ r. k; ~8 x9 O& @0 v" O
| enabled | True |# _# e- F; D1 d0 M/ t6 m
| id | 282317cd0bb74396a7a12dcdd96aeed0 |
2 J% H& u9 V( h9 d4 ~/ ~ | name | neutron |2 A9 F9 y1 y, l U0 `$ {$ @
| options | {} |) R3 U, d( v# ~: e
| password_expires_at | None | n7 p! q$ r/ E/ U$ e
+---------------------+----------------------------------+: t4 O$ m3 b9 R: d' P; L7 {
. Z1 d. f; t1 i/ @+ l9 |
`将 neutron 用户添加到具有 admin 角色的服务项目`
5 r* i) c3 d) E3 A # 让neutron拥有service项目的admin权限` E7 T. M8 G0 B2 z/ j
root@openstack-controller1:~# openstack role add --project service --user neutron admin' t; W+ `$ H. Z$ v( B1 L
`创建service实体:neutron`3 a& w. F/ N2 Y/ ^/ P+ ~: _9 q
root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network/ f9 ?5 h: X5 B
+-------------+----------------------------------+# O$ c& o/ ~, X9 t: P4 O
| Field | Value |: U+ m5 z5 s* N! f: U8 j# Y
+-------------+----------------------------------+9 Q; F. j4 F, A) x K' y
| description | OpenStack Networking |
: u/ U4 D+ A" A4 d( v, x | enabled | True |
. w) _- e" U& M7 w; `) S | id | e4ff8c65882a401a83e2203ce49daeaf |- r7 n4 I5 k$ d0 Y! x) R7 H3 w
| name | neutron |
. a' M, G/ Y |, R' g- J! _) Y | type | network |
" w, r' }/ M5 ?6 o +-------------+----------------------------------+
3 r' q2 O/ F5 U) @/ m* q [root@openstack-controller1 ~]#
5 d! q- L2 n" b J6.1.3)Create the Networking service API endpoints:1 q+ ^5 z5 j, T
[root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696; s; M+ B; `0 \" N5 T
+--------------+----------------------------------------+4 T# {% d5 T% q. Z4 A( O, f
| Field | Value |
1 n L2 q. r) D8 D& u% y +--------------+----------------------------------------+
% U0 s+ f9 Q9 k- \, M+ z) G1 P | enabled | True |
' Q3 D' r! \# h1 c9 C | id | 970ca60adf5746299d48f7659d500809 |+ J: B: V4 U% \
| interface | public |; L) K* H) O( ^
| region | RegionOne |+ G4 z/ P: y3 W1 c* w) [& w0 X
| region_id | RegionOne |
! z% I: a# C* I6 o7 K | service_id | e4ff8c65882a401a83e2203ce49daeaf |) K, k: v% w8 ]4 ^$ F* V1 J3 j
| service_name | neutron |
8 R1 g% F1 V, ]: b# N; C | service_type | network |- F( [0 [/ D4 s* A7 U1 g* E( g- t
| url | http://openstack-vip.stangj.local:9696 |+ M K( j% w2 }# }8 T! e( B% M4 Z' p
+--------------+----------------------------------------+& P9 G8 m0 p# A
[root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696 K6 o) ]' |3 E# Y. u6 l- H7 Z h
+--------------+----------------------------------------+6 z8 ]' @! j4 f! c
| Field | Value |
' Y, B/ I# W& Z) i" n +--------------+----------------------------------------+
; z! ]5 C7 R1 i* g/ U | enabled | True |) G& W4 L$ v: }' g7 f h
| id | 4c5f5ffbba4a4c668377a86cfd4a2320 |, }/ n+ I% |# a6 A
| interface | internal |
9 ~; E( A# V) p% q; P4 ` | region | RegionOne |
I% P T. h9 P | region_id | RegionOne |6 h* @9 J( @4 s6 b: R. K3 x
| service_id | e4ff8c65882a401a83e2203ce49daeaf |
8 `6 n. S4 H: B | service_name | neutron |
4 l4 _* l' L" s( |4 j! e) X | service_type | network |+ f4 C& P$ _+ d1 k
| url | http://openstack-vip.stangj.local:9696 |
m5 f. u: K4 L$ Y, B9 Q +--------------+----------------------------------------+
3 @' U/ o8 ?, f
" J; F* _; y4 J' p+ ~ [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:9696' M$ C7 n _" ~ e
+--------------+----------------------------------------+# J0 p8 p( V. y( S2 |
| Field | Value |8 y: A9 v! J6 e7 E* }% w3 B
+--------------+----------------------------------------+
/ \7 @, ?6 ?' p7 e | enabled | True |& [) z+ M1 y& O
| id | d8c4e83eab66486983680b69520ca92a |9 c P. n. {) F9 Z; P
| interface | admin |2 P$ A6 b7 s8 E# ~( X# A+ }. _
| region | RegionOne |8 |7 y" q1 U# G& D* o& ]9 s
| region_id | RegionOne |
# M5 r, D5 s% e+ P1 |' e) z | service_id | e4ff8c65882a401a83e2203ce49daeaf |- u- X( v9 i; G
| service_name | neutron |
- R1 _/ l$ ~9 z+ F4 N9 ?3 a) p9 w | service_type | network |- G5 [7 i) N/ \) H' t) X- C$ {, l
| url | http://openstack-vip.stangj.local:9696 |
+ d/ s1 L/ Z( }+ x& M% } +--------------+----------------------------------------+* K3 f% ?/ S* E) l
6.1.4)配置haproxy( V" q( j- q7 D
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg # H1 B- x+ J f8 R
# 在最后一行添加下面4行内容
9 w, F7 `; I' C! R: D listen openstack-neutron-9696& u+ g+ c7 ?" b& V1 B; `
bind 192.168.139.248:9696
/ a) U: T& t" f/ z mode tcp6 A" ^, m* H4 ?& Y4 h& U
server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 5
4 Z k5 V; a9 C& z# J0 S root@openstack-haproxy:~# systemctl restart haproxy.service
* `- v% `# V# j9 @ root@openstack-haproxy:~# ss -tnl | grep 9696
4 ]7 v# `' w Q LISTEN 0 128 192.168.139.248:9696 *:*
, p, q) X( T4 @. v( Y( Y6.1.5)部署neutron( T( x e% q' p# w' I) {
root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \; v$ n h! I% S5 B( h
neutron-openvswitch-agent neutron-dhcp-agent \% Q* s3 [+ [) \1 i6 A
neutron-metadata-agent0 g8 c# L4 d, z0 T6 M U1 e( p
6.1.6)配置neutron主配置文件
+ p* ]5 q$ m! v$ b. a g root@openstack-controller1:~# vim /etc/neutron/neutron.conf! j0 j7 o1 P* J* l% B
[database] # 在此模块下面添加下面这一行
& @8 J b/ \! ]7 a4 Z; j connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron6 N3 l9 e6 I6 J! n
* L( Q. N" l* a g
[DEFAULT] # 在此模块下面添加下面这4行- R: Q8 @, u+ _
core_plugin = ml2
& }% o' a. p }0 }% q4 V service_plugins =
0 r) P1 f& T4 t transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local
' o& K$ D9 \# N3 j+ C" ^0 x auth_strategy = keystone
6 \* s2 S2 `+ g; C notify_nova_on_port_status_changes = true
/ Q0 a5 i9 y: o- S k6 P; A# [ notify_nova_on_port_data_changes = true
, L; g/ B. A' `& w; h/ ^ % P# w/ Q6 C5 k5 z
[keystone_authtoken] # 在此模块下面添加下面这9行
( O0 n! m+ C2 b' z2 U www_authenticate_uri = http://openstack-vip.stangj.local:50002 h% z V5 ?- A4 d" l2 L/ `
auth_url = http://openstack-vip.stangj.local:5000
4 t! v/ X6 D' \ memcached_servers = openstack-vip.stangj.local:112113 q4 ?# K$ I, S4 L7 p6 J3 z3 j7 _
auth_type = password: K: H- O2 H1 o1 f$ y
project_domain_name = default
9 s5 P, H4 U; `' U1 L user_domain_name = default
) k& |8 X6 J* V0 l% g# A2 Y project_name = service2 Q6 j7 |3 v4 e' i
username = neutron- c7 ]/ s& |# B# H& b* [ y3 X8 \6 n% @
password = neutron& k- v7 `) r7 g" E+ B4 Y9 j
6 e2 @: ~' ]0 G ^ # 配置文件的最后添加下面9行
& {! a- W3 V8 A$ T0 {% A# j: h [nova]% \1 E$ ~' v/ ^2 W) z% C/ w
auth_url = http://openstack-vip.stangj.local:5000
- f6 h1 H2 D" M- R auth_type = password
) A1 y6 Y3 ~/ n2 n9 U project_domain_name = default
# A$ m& ]5 J8 E- E user_domain_name = default
( Q5 L6 w( A9 W s( [$ E' J! E* N region_name = RegionOne
& s- q* V) @# u, X! Z6 } project_name = service9 _( R* a7 P6 T8 Q2 R# i, `) b! R
username = nova
2 E& }7 D8 O$ \9 E* F$ g6 l G) V password = nova
~, t! D4 O1 h% E$ [2 G" l
, @ \8 ^. _- C4 ~9 U' a [oslo_concurrency] # 在此模块下面添加下面这一行
f5 [, L9 y. o8 x! C lock_path = /var/lib/neutron/tmp; p& a5 G) q' s) X
& y) B3 U1 E: g 1 c9 h# C6 n- ` i+ a M
#service nova-api restart% I9 c. ^* v7 A
#service neutron-server restart* \+ b, m6 x" `5 j# Q+ S
#service neutron-linuxbridge-agent restart7 }, |7 O& k% o/ l
#service neutron-dhcp-agent restart
" u; j6 t% a1 y4 |: R #service neutron-metadata-agent restart' @; A X1 {% o% ]
6.1.7)Configure the Modular Layer 2 (ML2) plug-in' d8 z6 H- T$ Y: `+ }! S- e; H
可以从网站上获取完整的ml2_conf.ini
6 _; l) _8 ^3 D* i
% W1 X' Y4 |1 shttps://docs.openstack.org/newto ... s/ml2_conf.ini.html8 H- x; a# B4 F, t. a3 Z
' i4 S" K% d' ?; g$ X' [ root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini
3 e" z$ ^% L3 I! j, R0 u* Z [ml2] # 在此模块下面添加下面这4行
2 ^" S. e$ H6 {$ V: Q type_drivers = flat,vlan
) a+ R3 s( S$ f: a: b5 V1 D tenant_network_types =
9 m* ^0 J" f- l1 G% y mechanism_drivers = openvswitch
2 O, D. y& E z k9 b1 S extension_drivers = port_security5 D( Q r1 h8 Y0 G* H7 C/ B1 a
7 m; N7 D9 E( a) b! W2 ~
[ml2_type_flat] # 在此模块下面添加下面这一行; F# H$ A0 t. e/ H$ I* V% R5 b; z) U
flat_networks = provider
$ v$ z; ^' D) w w2 H$ G " ?; d1 c0 b& \! a. h
/ e( P+ ^5 F% A4 G: [ `最终配置信息`
% X& o; c1 g8 ^( h' b root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini 7 [ h) s, W4 j+ A- V
[DEFAULT]8 ?! r7 M# d- N7 r6 ?& w- k, Q
[ml2]6 h+ q; X$ y% T) d: u$ V* ~3 J
type_drivers = flat,vlan9 |: ^0 U k; K- s! Q, K; U
tenant_network_types =, _; W: V' R7 X" K8 F0 e+ e8 X
mechanism_drivers = openvswitch
0 C9 G) d; o+ Y8 g. L* V extension_drivers = port_security% r+ l: N. n0 P, b) ?9 |% ?6 ^" `
[ml2_type_flat]/ d3 l+ W0 L- M# N! e
flat_networks = provider
: t9 V2 R' n! _' y' j4 M' c [ml2_type_geneve]7 c: n L3 z4 z# p) N) A1 j9 s4 N( o& O
[ml2_type_gre]$ h4 Q3 Z/ b4 T0 `
[ml2_type_vlan]
$ o9 A: K, b# @- I* d, l [ml2_type_vxlan]
+ n* X" Z6 j4 a9 H* W- U4 Z [ovn]6 N8 u8 ]$ ]; @: a9 ?8 t
[ovn_nb_global]
: F* q0 S/ F: C5 y( E6 e% M7 i& P8 M [ovs]
* ` s8 x0 C. c& @! A: ?6 G [ovs_driver]) } i+ r, F8 F$ c. ]* Y _0 V1 `8 F
[securitygroup]
; t. q$ d; E& P: A [sriov_driver]- S$ R7 C0 O, z1 J
6.1.8)Configure the Open vSwitch agent" U) a, x1 x! W7 Y
可以从网站上获取完整的openvswitch.ini; i3 f! f) b2 t' H% |: g( Z- s
4 F% k6 Z# l+ B h5 k/ V$ lhttps://docs.openstack.org/newto ... itch_agent.ini.html
3 @2 c9 L1 ?; F! q) L
: `$ g8 ~( d, C5 b1 ]/ @0 _ root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
( B3 ]7 Z, O6 \7 o+ } [ovs] # 在此模块下面添加下面这一行
% b V. W6 E5 A6 N bridge_mappings = provider:br0
( ?6 \" a0 u' Z # b5 [% U# ? S& G% n" W% \1 v
[securitygroup] # 在此模块下面添加下面这2行1 ^; a$ m# n* @+ @
enable_security_group = true6 c; ?; ^" H% _5 {, o
firewall_driver = openvswitch
" S" A3 J; w$ [* P % y7 D) ?% I* p
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`5 X% ^9 f9 f- E* l/ ~; V
root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf5 _, @) N. W5 {9 N+ c$ `1 ^" z; A+ l
开机加载网络配置9 u4 j3 a. {3 y |7 s
1 {& }& k9 c- a #!/bin/bash" @' r- F( `; `5 c$ h/ J0 P7 d3 I% @
ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.318 Y' ^& g- i/ U& X/ p. M: ~' ]2 f0 x2 ^
ip route add default via 192.168.139.2
* K& V3 [4 a5 G* V7 e6 y) O echo "nameserver 223.5.5.5" >> /etc/resolv.conf C8 h1 `5 v+ G/ R
6.1.9)修改内核参数$ F: Q' H" N0 E
root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf / O0 M, t3 F& [4 x- O# j) F
root@openstack-controller1:~# tail -2 /etc/sysctl.conf
. J4 q) o# G2 h/ S# b I3 m. u, ` net.bridge.bridge-nf-call-iptables = 1: U4 i. D9 s8 \0 L, {9 a
net.bridge.bridge-nf-call-ip6tables = 1+ b8 \3 ?0 c. z$ w- r. _& q( V6 k
`加载模块并让内核配置生效`
$ W8 m2 }/ Q2 b: r+ A root@openstack-controller1:~# modprobe br_netfilter+ W0 R0 _9 E" B. j) b/ u$ b9 t
root@openstack-controller1:~# sysctl -p# c* h6 [$ j- [3 K2 }
net.bridge.bridge-nf-call-iptables = 1
5 s: a# r$ N7 ^$ P/ o6 t* `2 T net.bridge.bridge-nf-call-ip6tables = 1
2 [; s. ?5 d. b. S% f: t5 `6.1.10)配置DHCP( T) [# R0 R$ U
root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini
) a# n1 o& x$ l2 q( u) @ [DEFAULT] # 在此模块下面添加下面这3行
+ \) N( n3 r: O7 j. k1 @ interface_driver = openvswitch
' Q1 l/ e1 N! C3 B dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq3 a* m* w, {+ a. ] f( u2 K
enable_isolated_metadata = true
: |( ~+ `. U+ b `# A( j #enable_metadata_proxy=True
: F. Y+ V4 k4 [! P; M #metadata_proxy_shared_secret=openstack
7 b1 d1 D b. {! y3 _' |6.1.11)Configure the metadata agent
/ x: _$ r7 v! V3 g x root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini
1 o' y- B% l. }$ m# C [DEFAULT] # 在此模块下面添加下面这2行
% g. S4 @( @8 c, v; R* c nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址' T; I: a9 D! s% b
metadata_proxy_shared_secret = openstack
+ e3 w1 \: H7 q+ I8 f: J6.1.12)Configure the Compute service to use the Networking service! e( c W) F _8 i9 O
root@openstack-controller1:~# vim /etc/nova/nova.conf9 F* d2 n( n1 u
[neutron] # 在此模块下面添加下面这10行
& n: ~" N" Q0 K* {6 f" X auth_url = http://openstack-vip.stangj.local:5000
. B- k0 D# y- T' L' L auth_type = password- L3 w1 y/ X# c4 W. P" ~
project_domain_name = default: t5 y) [4 C; ` {& D4 p
user_domain_name = default
) r% M% o* Q. t$ @; \ region_name = RegionOne5 ^+ P1 D2 l$ i% W; J2 k
project_name = service9 z! g5 G. O, W1 R0 I
username = neutron7 n. D$ Q" G2 e
password = neutron7 L, g1 a- Z; n7 t. F7 [
service_metadata_proxy = true
6 _( x9 V! b/ y5 _( {' k4 ? metadata_proxy_shared_secret = openstack0 x& M) }" y) G3 t. ~
6.1.13)初始化数据库
1 `% I2 f9 N$ n( }9 I root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini0 P7 D+ S) @7 x; M# N; j9 M
root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
& B/ m2 l3 I: a; o: Y `验证数据库` Z% E$ a5 X1 ]( y" ^( q7 Q
root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables"2 A2 k, ^) t3 W' I# ?$ H( @9 _
+-----------------------------------------+2 p* T0 G* {, s% \7 ]! J, F
| Tables_in_neutron |
5 C/ O+ M0 G2 U0 j +-----------------------------------------+) L! E+ D! t7 n5 d1 g
| address_scopes |0 x% `5 `3 \! a
| agents |! d2 f+ d7 A# C5 Y7 n- M) k
| alembic_version |) N1 [2 Y( X U2 W& Z
| allowedaddresspairs |
f8 G9 \& n C | arista_provisioned_nets |
- O+ d. G8 T: L ...........................................
% I. _* {/ z' e) z ...........................................
6 M8 C" N. L7 R8 b. c7 J4 O. j | vcns_router_bindings |
2 K% L5 D) p, a | vips |
( x" F; D6 b2 p4 L( @% _, ~. z | vpnservices |: u& s3 E- L$ j9 X. r
+-----------------------------------------+ ^5 a6 F1 `4 G/ ?: r y# x. x3 y# O& W
& ^ y2 e& U J( r4 h( T2 ^* { v z6.1.14)重新启动nova-api API 服务+ A8 X, a: V, g. H
root@openstack-controller1:~# bash restart_nova.sh
2 S( d3 h* Y3 t4 j6.1.15)启动网络服务9 _' U, q% M5 @- @1 h8 i
root@openstack-controller1:~# systemctl enable --now neutron-server \0 G# q7 ^! x% K* T. b p
neutron-openvswitch-agent neutron-dhcp-agent \: F9 |8 j% q8 }3 o5 o
neutron-metadata-agent; j ]: t% T( B: ~
6.1.16)编制neutron的重启脚本
' d9 Q$ A8 y" a# L$ g [root@openstack-controller1:~# cat > restart_neutron.sh <<EOF N# P; Z+ P+ }/ N
#!/bin/bash! E/ @8 y# U T. {' h' k7 z
service neutron-server restart
' R, A9 k+ N4 ~9 u service neutron-openvswitch-agent restart
/ E. o4 P. D+ i! Q service neutron-dhcp-agent restart
6 {4 f2 j( J; i1 ~* k service neutron-metadata-agent restart. T1 f# _9 `( O+ a2 @
EOF
6 ]0 R/ m7 A9 l1 v8 M2 L* d; g [root@openstack-controller1:~# bash restart_neutron.sh3 Q8 c3 b; k4 M
6.2)安装neutron_compute节点
. [& p2 u Z' q' z( w1 q6.2.1)安装相应服务
5 |& f% r5 j' W5 _- L root@openstack-node1:~# apt install -y neutron-openvswitch-agent% y% V5 u% U: {/ }& c4 T$ `" Y% o4 }
6.2.2)修改配置
$ P% h) ]! z( Q, @ root@openstack-node1:~# vim /etc/neutron/neutron.conf$ c D+ R/ W3 n, A, s$ u
[DEFAULT] # 在此模块下面添加下面这2行
$ J# l/ `. n- F/ @5 o f transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local6 O# S; m- |0 }9 |
% g ^$ D7 R; E( k' L
[oslo_concurrency] # 在此模块下面添加下面这1行
. @0 N+ `, A4 }1 ~4 p6 y lock_path = /var/lib/neutron/tmp
8 e( M4 S; P: Q3 D3 T) K6.2.3)Configure the Open vSwitch agent4 `' Y- B& y5 i
可以从网站上获取完整的openvswitch_agent.ini
6 a& N* d/ ]' \% P. v1 s- v8 U' w
3 j" d: I+ J# \6 _https://docs.openstack.org/newto ... envswitch_agent.ini
2 A- @5 V/ W6 z* j' l8 | w/ d9 f9 I, d+ X, u% U
root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
- X: S8 g: M( l" \% ^- P, W [ovs] # 在此模块下面添加下面这1行4 |/ w: E8 u8 U, k: p. s" h
bridge_mappings = provider:br0 ' L+ y$ L" ^+ F+ N" s
* U$ u2 [. H+ z5 [0 v$ | ?
[securitygroup] # 在此模块下面添加下面这2行; L- b3 _$ m% l! I6 K* T
enable_security_group = true# e2 _) ~6 {# G- s3 s
firewall_driver = openvswitch
8 `( p. D) b4 z W9 b. z! j
/ S, |1 F8 _/ ]# d' s+ ? `因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
+ H+ M, W e d7 q root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.2
+ _% H @, U* n1 \0 _开机加载
3 s/ `9 J$ d1 c) q0 l; {
0 E4 u/ i5 A# h( B6 L. R: x root@openstack-controller1:~# cat /etc/rc.local 2 f- B" I0 @ m& ]2 Y0 K p2 s, Y
#!/bin/bash
8 `% N% C1 R( W1 y8 i/ z* m ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34
3 V+ H( k( c* A& V9 o6 o ip route add default via 192.168.139.2
! y8 T; r. A" s6 ` echo "nameserver 223.5.5.5" >> /etc/resolv.conf0 H$ \$ [/ O" ~; ^3 T, Z0 L+ U
6.2.4)修改内核参数
4 g, U8 q; m% b4 N; [0 `* i root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
2 w# f! f# d8 E! M7 k; a" l 8 S% @) H) c/ M, s2 W
root@openstack-node1:~# tail -2 /etc/sysctl.conf! _4 E. u& b; P5 A, O3 R
net.bridge.bridge-nf-call-iptables = 1; i) |9 _( O" v6 A. }- ]2 ?5 h/ N
net.bridge.bridge-nf-call-ip6tables = 1# f# |( y% b. o* ?+ }4 E
`加载模块并让内核配置生效` ' Q3 F! R r' m& v }7 L4 k- W
root@openstack-node1:~# modprobe br_netfilter( [: X+ M7 ?7 b+ ~2 g( `, A
root@openstack-node1:~# sysctl -p
6 l# o5 K. i, d8 c/ z; B" |# h net.bridge.bridge-nf-call-iptables = 1# `5 F$ F9 Y* [3 ?+ a
net.bridge.bridge-nf-call-ip6tables = 11 c; u* l1 G. g0 C# ?% ^. |' J+ P
6.2.5)Configure the Compute service to use the Networking service
; Q ~- E9 v" K$ q5 y root@openstack-node1:~# vim /etc/nova/nova.conf
4 M& A; p" c' o# A/ o( t [neutron] # 在此模块下面添加下面这8行
8 ^9 R- O7 F# P7 X auth_url = http://openstack-vip.stangj.local:5000. M% D) k# s+ L7 t, l
auth_type = password7 q/ q5 @# [4 t3 w& X7 a3 }5 c
project_domain_name = default% s/ X% J; j7 d! m" |
user_domain_name = default% H1 G- {! I K# T5 k
region_name = RegionOne
' [7 h8 L2 s4 ^9 x& ` project_name = service1 ^ d5 l' _) E8 |4 l6 ~
username = neutron
3 z5 G& S7 q( n1 z, d: C- T password = neutron' O: H2 F! R- I7 W) S
service_metadata_proxy = true4 `9 g+ I8 B0 w
metadata_proxy_shared_secret = openstack
% u5 K- c& d5 s A* B3 U. V1 u6.2.6)启动neutron_compute5 M# I% U) M' W9 q/ R C
root@openstack-node1:~# systemctl restart nova-compute5 m( n# n; f( n" D0 N) o* V1 g
root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart1 ]3 ^/ Q6 o6 Q
6.2.7)编写重启neutron_compute脚本7 k5 v0 s& Z; ?/ v" [4 P
root@openstack-node1:~# vim restart_neutron.sh0 q6 X! f4 i7 e
#!/bin/bash1 N8 h3 e q' I% p6 u: F8 O$ I
systemctl restart neutron-openvswitch-agent4 Q$ j" S4 w- I% w; b4 T5 g l0 A
6.3)验证服务
3 ^: s) t; b- _8 j( H. d# s* Y [root@openstack-controller1 ~]# openstack network agent list; L; ]% ^; @2 U U" Q
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+5 Z3 X3 Z% y; u4 m( u
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |6 z6 W% L$ B! X- r$ d2 h, e) U# U
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
, _. ]" y f- U1 L+ O4 ]5 c' m | 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |5 [ r% L2 K9 C+ e& \& f* J
| 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
' ?' Y& p9 L. Z | 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |% B3 q5 ~ t- h2 x) a" B( n+ o8 z
| afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |
8 N6 n7 z$ ?0 _( b- l3 B7 }% t +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+4 ~9 M; O- b; e- Z& a; Q
[root@openstack-controller1 ~]# nova service-list c0 G3 ` A# x+ |
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
% A4 C5 s2 [0 w# w+ G z0 |( N, d | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |; q" `( _) J' O
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
5 P0 h; B X9 J( Z# N$ g8 I | 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |% X* T& w' n& V# z7 V
| 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False |2 o2 j, D2 z( @5 E1 B: m
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |
" r6 ~5 ~) n# X +--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+% d$ E* N& k3 ?, x2 y
; f8 D h# F9 n- C0 y, h
7)创建测试实例% \3 H# o! X1 _( k
7.1)创建一个provider网络
2 y/ ]( G' J. }: a+ t; ^ root@openstack-controller1:~# source admin.sh ) o2 ^" q6 s' E6 |: R; p7 s
root@openstack-controller1:~# apt -y install bridge-utils
$ e3 D6 c/ Q- X0 V( v* Y$ ` N root@openstack-controller1:~# openstack network create --share --external \
: c* |# I7 ?! A, m3 \: B --provider-physical-network provider \
% T2 G- v$ I4 L2 C! D# N8 m --provider-network-type flat provider-net
! I) ~$ b% m7 y2 f; H #####################第一个external表示创建一个共享网络并声明他是一个外部网络#######################0 p* m k4 D4 d: e! g* C+ ?
########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########+ m9 s0 k: Y; y* N
############################第三个external-nat表示提供的桥接网络的名称############################
# I2 ^' |$ h: }. u. @ root@openstack-controller1:~# openstack network list/ [" e0 x. ?& j0 j5 c% _1 \; O
+--------------------------------------+--------------+---------+7 ]/ A! m* p2 e. S+ ^) j
| ID | Name | Subnets |& P8 R9 M, u; a
+--------------------------------------+--------------+---------+
: r9 u7 `8 U9 `% } | c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |
3 d" E2 E y4 E1 D1 j! g- ? +--------------------------------------+--------------+---------+
" ]/ C5 Q8 j+ f- h# P7.2)创建一个子网! U" b0 G) y: n g
root@openstack-controller1:~# openstack subnet create --network provider-net \/ y0 l# s8 G+ G: l" o! e) h
--allocation-pool start=192.168.139.100,end=192.168.139.200 \
0 v3 ^- j0 M; g3 Q" u' \1 r2 W3 ` --dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \0 E& D9 d7 X- k9 H3 |
--subnet-range 192.168.139.0/24 provider-sub3 J7 N; R7 s3 w S0 R
############################创建provider-net的子网provider-sub############################
8 f! { s! n1 `7 g: ~ `验证`; R4 m0 C: X7 `3 Q* K% B, O8 c
[root@openstack-controller1 ~]# ovs-vsctl show
8 _9 m5 W* s, ?# C7 s 28a508de-e0a2-418a-b357-4a93f9f69127
; Q$ z; m- n1 S3 d, h! Y: C Manager "ptcp:6640:127.0.0.1"
; t: W/ k2 {2 u/ {5 E is_connected: true
' \- s/ s W0 f" T% t; y Bridge br-int8 D% S% b) F4 Q" f
Controller "tcp:127.0.0.1:6633"
& T3 p7 z( Z* m0 V is_connected: true( N% B! J+ [' A8 A: R7 O7 x, r
fail_mode: secure
% Q I- A! L0 f! f8 a datapath_type: system
: t8 A8 d" Q8 _- R Port br-int+ E3 z$ I% H9 e
Interface br-int& c8 V) s8 k$ K, e
type: internal
( Y* q5 i! n: ?: T$ |! q+ T$ h# z Port int-br0. r& Z3 i& Z; @( q
Interface int-br01 `4 N# l/ M& S6 U( U3 |) G
type: patch/ \9 j' a/ D% C
options: {peer=phy-br0}
g u# A4 k! q3 \2 n9 H Bridge br0/ b& A2 |+ ~+ v; N6 S
Controller "tcp:127.0.0.1:6633": V" d' M4 l5 d* f- F) s1 z
is_connected: true
# ], m- h& J6 Q; V1 f; @ G' ~ fail_mode: secure2 ~9 T6 N9 \+ y \" Y
datapath_type: system; z; \- Y7 ^9 F7 d: {) ]& O* W/ ~
Port phy-br04 r8 Y8 e6 ?, h5 v; Y
Interface phy-br0
% y. a+ U! N S" P! E+ ~# @, Z type: patch5 {3 s9 m# M: X+ i R
options: {peer=int-br0}8 O4 y1 P) ?* K2 m; r
Port eth0
9 ] E+ I1 D" N0 Q/ l4 E- w0 v2 a0 j1 @ Interface eth0
1 U5 S5 D; K6 J, v X& Q4 j Port br0
6 S. }' q; g9 |7 r) w o4 h" z Interface br0& ]0 r4 Q( J# ^1 F% f1 I1 x8 F
type: internal% m! ^( K3 k- R& g
ovs_version: "3.3.0"6 f* |& \7 R1 c1 G7 {, ?0 `9 o) _
) y# l2 Q, K4 h @: J0 f
[root@openstack-node1 ~]# ovs-vsctl show
! z3 q0 {3 {) S# B2 W9 G4 g ea324764-3f52-419d-94ff-784dadc75aa9
" J- i0 a' ^! h, ~/ G* ?5 C& \1 { Manager "ptcp:6640:127.0.0.1"
0 z. R: h7 Z$ B5 R is_connected: true( Y5 E+ Z3 H/ V& O2 K
Bridge br-int
3 N: r+ p4 s, ~; Y: ^$ ^ Controller "tcp:127.0.0.1:6633"$ m( _% M) Y5 ^1 _& Y4 z) V
is_connected: true
$ F! M) r$ o( Y fail_mode: secure$ u1 \7 X# n5 Y* |1 r* C& @
datapath_type: system
7 `) f- E( K7 C Port int-br0
' @4 F; Q0 \+ [ Interface int-br0
^8 G; ~- x6 r, p9 n+ [4 ^ type: patch
9 L: r. p2 W, c options: {peer=phy-br0}
5 ` n! R. `# x" i$ G6 i8 W Port br-int
8 ^+ c; N+ r4 p' @+ c Interface br-int
- \3 W" g9 S# E4 R( T type: internal
5 }; d& v0 K" ` Bridge br0, ]. h# ?: u/ O, B1 `
Controller "tcp:127.0.0.1:6633"
8 [/ I0 X$ T C' r is_connected: true
5 u8 M1 S+ V+ F$ I# p8 D7 ] fail_mode: secure
; y! o) x+ M2 ^- m6 d3 X datapath_type: system4 l3 G6 S% ]( t4 j2 s+ d6 H& J: Z
Port br04 S. y5 e+ F9 m! l0 L I6 a% X
Interface br0
4 u& _3 D+ F8 R. C" j) ^7 R& A x type: internal
( d* t8 q6 p; ] Port phy-br0
$ w( d8 L2 M6 W# R7 x! n Interface phy-br0
) M1 b2 J( u9 B; U! e- S type: patch
$ X, G- Q: m+ D" H% O" H options: {peer=int-br0} Y. H' A# H- s5 [0 f+ u \! y
Port eth0- r6 l, \8 L% G
Interface eth0
2 C5 T0 @' ~4 M. h ovs_version: "3.3.0"/ y, s) Z' U4 R1 R
7.3)创建虚拟机类型* U, {/ M% s( d8 q+ ~ q h
[root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano# `0 ~, k8 p' a
+----------------------------+---------+
5 `& X( n+ b6 t | Field | Value |
- r# p/ [# M/ B( @! x8 Y& M +----------------------------+---------+, y9 h3 {: b; ~( G7 _( d4 o+ Q1 o
| OS-FLV-DISABLED:disabled | False |
- S8 R4 R v- |8 g8 u) ~0 _( ?( B" { | OS-FLV-EXT-DATA:ephemeral | 0 |
" l) p: k" D& X& N | disk | 1 |7 Z/ C& r$ x5 N+ k
| id | 0 |4 r% w& v( z } Z. i
| name | m1.nano |: o. |- o# H5 A8 Y( L3 x
| os-flavor-access:is_public | True |/ H8 X6 U6 [" `" _+ i2 L# T
| properties | |
, n- p7 h2 g Y+ O# d | ram | 64 |+ E% s( W: `7 h3 S0 n
| rxtx_factor | 1.0 |
" l6 Y. V- U9 ^3 d* b) T1 | | swap | | w) W: W5 C% B3 u! h# k/ V
| vcpus | 1 |
1 x- P% L! ]3 c: R. F4 L0 l +----------------------------+---------+1 z5 u/ X% V. B- c L
7.4)生成密钥对+ L6 \- y$ U/ ^" X$ r) [" ^1 _8 ~4 T
[root@openstack-controller1 ~]# source admin.sh
8 D" ] K! _ d3 G [root@openstack-controller1 ~]# ssh-keygen -q -N ""- R8 t: B1 b9 ~9 Y4 Y1 t$ R
[root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey6 b+ V. z1 O( Z$ y+ P
+-------------+-------------------------------------------------+6 q6 ?9 v* H1 T0 }
| Field | Value |
4 c3 B F* v A8 ]8 d9 L$ N# O3 j( F +-------------+-------------------------------------------------+: j) T' j& ^/ P& @/ F9 P
| fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |
X! `# v+ m. x5 O# V2 R% R | name | mykey |
- p$ N" ` M- R: t+ x0 R# A | user_id | 5c4b6243d95742799de0fc97ef119967 |
0 g; Q) ?$ _& w1 ~* R% G. e5 p/ ~ +-------------+-------------------------------------------------+% t( L/ p) I% t/ I Y# W: \2 q6 j
`验证`+ V3 V3 J) {, q9 W. E* t
[root@openstack-controller1 ~]# openstack keypair list
4 O6 T h' t& ^( r3 L: u6 q$ H +-------+-------------------------------------------------+$ M7 j( K A4 ?$ w
| Name | Fingerprint |
( \! z3 U$ i F* ]/ F6 \ +-------+-------------------------------------------------+
- O* r: U+ @# k | mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |
# O2 c* Z7 m8 J +-------+-------------------------------------------------+
/ n8 X) |% j$ d% ~5 p+ W1 I2 ]+ Z7.5)添加安全组规则
& _ J9 G' }( c) O root@openstack-controller1:~# openstack security group rule create --proto icmp default2 V9 Z) p, P8 S/ e4 G" v3 d0 D
`开始ssh`: M; B: f! x) ~5 i$ f, ^7 q
root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default
2 y: w5 ?7 b+ x4 Y% S# p5 m9 w 8 K1 K5 U! Y! s- b/ z& p5 O! E
root@openstack-controller1:~# openstack security group rule list- Y {% Q3 G" g' L ?4 h* P% C
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
+ u6 I$ G3 e( @- V k1 |7 D | ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |9 `" `6 c/ B; Z
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+. r3 }* W3 V+ S! z8 L) l
| 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |9 i& s- r* D4 j* A' R+ b
| b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 | r% }0 d0 f( S. [9 H, l9 m# O
| 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- |
6 X7 D% Z* X' i1 i( z J7.6)在provider network启动实例
0 x' I7 Y" Q4 \9 w% E1 e. [7.6.1)前期验证9 @- _: g* Y1 ]" ~
`验证有没有虚拟机类型`
2 P M, Z4 R5 G" \# ^ root@openstack-controller1:~# openstack flavor list
+ H" d/ w- X7 M: ^ +----+---------+-----+------+-----------+-------+-----------+
0 G, C; _6 |: T* _! S# s: K$ S | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |: T) u5 E* K1 C/ N3 z5 L
+----+---------+-----+------+-----------+-------+-----------+
4 R$ s' f+ G+ l | 0 | m1.nano | 64 | 1 | 0 | 1 | True |' k) e8 K3 D) @& k+ @
+----+---------+-----+------+-----------+-------+-----------+
* ]6 @2 m- E& t0 r* z5 K
+ s7 v0 J( `) r# M( J `验证有没有镜像`. F3 }9 b* M1 [& O/ L( X
root@openstack-controller1:~# openstack image list
1 X. D5 x) b$ p* n7 R +--------------------------------------+--------------+--------+# m# T- B, B" y6 k; d1 X9 {! H! G$ J! Q
| ID | Name | Status |3 W/ R3 v. k' ]8 K9 b( M
+--------------------------------------+--------------+--------+
. C' `" K7 i: f( z8 y$ y4 z | 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |9 F: x- w+ |0 ?* p0 e) [( X4 x# C& d
+--------------------------------------+--------------+--------+
4 s+ Q8 }4 z7 p2 L' } $ @: e: ^4 y" Q# Y/ d, O& P/ ~
`验证有没有网络`
! |3 B# J# j7 N root@openstack-controller1:~# openstack network list, i0 q! g$ ~1 L8 h- D
+--------------------------------------+--------------+--------------------------------------+
% ~" B7 ^1 E3 g3 ]& f: p6 g/ k, b7 ] | ID | Name | Subnets |
# D/ G. s9 p0 J +--------------------------------------+--------------+--------------------------------------+; z( [% d# S0 E" M- q( a
| 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |9 X+ v' d$ x- [9 B) L
+--------------------------------------+--------------+--------------------------------------+
0 F7 W, {$ M9 D# t
/ ^6 C& e% s1 i( \8 v: x `验证有没有安全组`
* o% B1 m+ g6 m1 g& @+ { E% h root@openstack-controller1:~# openstack security group list
4 k7 R/ P7 ]3 ` o7 `# C +--------------------------------------+---------+------------------------+----------------------------------+------+
( b, g$ X$ i+ O8 h9 D | ID | Name | Description | Project | Tags |
( T: G o/ `) J3 O5 a2 e +--------------------------------------+---------+------------------------+----------------------------------+------+
1 y6 F* X9 Q* }9 ]0 {0 \3 ` | f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] |
: C6 e& _ e/ J -+% D! r+ B! T9 v
7.6.2)创建虚拟机
R. q4 H- \' x! Z [root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \3 B) v( l" U' p2 u
--nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \
4 I2 M- J6 h2 d2 D- R5 \% E4 z --key-name mykey linux-stj-1& x8 K' @# M4 |; O. e$ g! e
#################################参数解释#######################################
- Z) T1 k* h7 k% \. W3 D ###m1.nano:为虚拟机类型;0 w/ q+ K/ M7 J/ e V- m
###cirros-0.4.0:为镜像;
- Q8 ]3 R' U% q, i ###net-id=[网络ID=openstack network list列出来的ID];
1 I2 W! O1 L9 w# o+ W( o2 v ###mykey:为ssh密钥对;; e: u" j/ w$ ]4 j; N
###default为默认的安全组;
8 Y! ~( \# ^2 _* l- a& G3 {3 B5 P ###linux-stj为虚拟机名称6 g0 z% d8 R( c8 s; w% {
#############################################################################8 M- Z, f' E' n" r+ z) f
openstack server create --flavor 1c-1g-10g --image centos7.9 \4 \" } n9 ]5 O) Z" O3 z4 M
--nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \
7 H6 s' }/ S, B+ i: x& M0 H --key-name mykey centos-stj-1
, ]( N) y. r9 ?7.6.3)验证虚拟机状态
4 d/ N$ W8 ^ r- v root@openstack-controller1:~# openstack server list
/ ^2 v( s$ m1 d. z# ?' p' N +--------------------------------------+-------------+--------+------------------------------+--------------+---------+
8 g% k! o( G# U: J% E | ID | Name | Status | Networks | Image | Flavor |8 M# E3 x) N0 i- E- W
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
- {5 a- H% D% G% n | 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano |3 V, U) f' u- F! e7 e1 \
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
4 ?* a3 o3 `$ H' v # 加一条默认路由6 V! h) U& a+ i
root@openstack-node1:~# ip route add default via 192.168.139.2
7 a# F$ }: x, m. @ root@openstack-controller1:~# ip route add default via 192.168.139.2
4 R; M1 G# D8 Y( b- }9 J ###一定要拿到IP地址 external-nat=*****
3 `, m( F$ R8 ^' p [root@openstack-controller1 ~]# ping 192.168.139.140
/ X( h$ _9 ^0 H& B; y% s" {9 u PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.. m, _' W8 D/ p% _ {
64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms5 h4 w! d4 r$ c# o0 p+ t
7.6.4)使用虚拟控制台访问实例$ N" p4 f9 \8 ~: p* |! Y
[root@openstack-controller1 ~]# openstack console url show linux-stj-2
" x- a$ N2 l+ z/ ~$ u9 | +-------+-----------------------------------------------------------------------------------------------------------+7 o1 C5 Y% u, Y$ F
| Field | Value |
% ^. c- ]0 }' s! x- J" ^2 Z +-------+-----------------------------------------------------------------------------------------------------------+
9 p6 m( U; ?" Z/ v w$ J2 p. s | type | novnc |
- `& p& k; c0 C$ ^ | url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |
6 u8 O$ J4 e6 x4 D3 y +-------+-----------------------------------------------------------------------------------------------------------+7 L$ W; `1 H1 T4 S) h
image-20241208195008663; ?8 W/ }2 ?# d0 u
/ ^4 F2 e( Z$ D1 q" Yimage-20231217134249953
- a( Y0 x. x# V G+ z
6 Q, H, j! P; q! k4 h% A注意:如果你的访问出现下面这种情况0 F) m' A+ r+ f# U9 w& ?
; ?5 C/ M$ T, w6 j- g- `
image-20231217135224898
1 d( @7 [0 M$ t" j0 N* P M
Q' C5 a* I' d解决办法:8 h% p; A& _# s1 t& X/ q
9 `! q8 }8 U9 `" `- k [root@openstack-node1 ~]# virsh capabilities
. l3 x, z' i# y: v [root@openstack-node1 ~]# vim /etc/nova/nova.conf
) r3 k/ p1 C5 I) X0 e # 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容7 p" T" ]. ~0 x( h( i. |- D
hw_machine_type = x86_64=pc-i440fx-rhel7.2.0
6 ?4 A; S! w" N/ j7 o. X1 R cpu_mode = host-passthrough
& H$ d7 c7 d+ K6 Z2 P- p, w( l `重启nova`. n" `; e0 J' d/ W: @7 U( A6 {
[root@openstack-node1 ~]# bash restart-nova.sh
2 j: N6 Z6 |9 S- s, |/ B ######理论上还用重启openstack对应你要访问的虚拟机#######, P0 u- m9 e. M- W5 O2 z3 N# t
如果没有出现上面的问题则不用修改nova配置文件操作
4 B2 o8 c f7 O. H/ q* b- j: `2 i" K3 c# F' a4 b( f1 B
: I# M. y1 v) T. D# a/ Q5 F! S8)安装-dashboard" S1 p* Z+ ?& {) {: h |) U% ^/ C* E
8.1)下载dashboard% D- R2 H0 ~( n; M( k, _% f: {: y0 V
root@openstack-controller1:~# apt -y install openstack-dashboard
+ H7 ^0 n8 _5 k/ e: {1 C8.2)修改配置文件-local_settings/ |6 p5 z. Z, Y
root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py! c# F& G( S4 h! I& Y6 o
# 23行 添加4 \- [ i! h4 h O3 l3 E% @
WEBROOT='/horizon/'4 B2 R; q9 F/ u* Q
& @$ O2 l# E3 {- L7 b. T # 125行 修改; ~ H: z, e8 N8 t
OPENSTACK_HOST = "openstack-vip.stangj.local"
" s- Y8 Z; r, `; q OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST
% w' N5 [! N, U/ w
( a& |$ c! P( f9 F5 B g; X # 39行 修改
9 u u6 |4 e( v8 X6 w: I5 R5 s ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']* d$ a0 A6 e7 ?7 @
0 ]$ v) v, Z9 k& [: | # 105行 添加
3 j- P7 ]/ q& R8 V2 a SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
: |) V/ p& I, ?" j2 p# s" } CACHES = {
% i; n$ k2 x8 W: k4 | 'default': {
# Q8 R$ {/ d9 r% M# r# C6 L9 `5 W) l 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',# V: Z I9 h1 P6 d: _) j+ k
'LOCATION': 'openstack-vip.stangj.local:11211',
1 ^8 w' y9 A6 v) z# a }+ N3 @2 J) d" E3 k u+ {
}
. o$ a+ _1 i: a/ Y1 M& y1 O ! v; ]2 \! k8 F- w# p
# 127行 添加
; X6 J8 f4 }3 l/ ~ OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True- k8 ~/ }! v' c# |8 Y7 ^- Z" R' e
/ f& r$ }! V: {4 g( l% e
# 128行 添加
+ \9 l8 K& I) w OPENSTACK_API_VERSIONS = {0 R9 G( @! B1 d2 Z0 u
"identity": 3,
5 h& T3 b: p5 B8 P "image": 2,( ^6 ~0 l& G$ |- E, h; _
"volume": 3,+ ~2 s% y. O- r
}
6 }# w7 u2 ~5 Z
( w: w9 |0 k& I, V* F # 133行 添加1 Y X3 A4 R! ^; ?" b
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
$ I4 F4 M* V1 P9 A3 I$ o+ n; c 8 f6 U7 R6 T! s$ s
# 134行 添加
" l" I7 e& E; T: z4 A' H OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user", n3 X9 Q* c# Q! {
8 k$ b# H' a7 g6 p8 G" L; h # 138行 对照修改,把True全部改为False. I# Z1 n1 W, J. b9 w! q- A% ? _
OPENSTACK_NEUTRON_NETWORK = {
~% }6 m4 I; u* O" o' ]% D+ c" X. A 'enable_auto_allocated_network': False,1 n6 `4 X" | c& H/ \4 r
'enable_distributed_router': False,
: Z1 s5 }9 o1 y( r 'enable_fip_topology_check': False,
1 N, B3 L( e, X8 ]/ X( N$ w 'enable_ha_router': False,9 ]* f7 P: z. I7 [
'enable_ipv6': False,
* ?, ~7 _: B# t$ _# o' I/ f 'enable_quotas': False, ~, H. i( q) ^; }& ]7 s% z! C
'enable_rbac_policy': False,
! k+ a( d- j L( U, A/ X 'enable_router': False,) S8 x; e a* l* J8 t4 F2 |
}
0 N# s% M4 e# v s7 u, d # 161行 修改" p5 w% `7 w% v; W$ M5 `+ ?
TIME_ZONE = "Asia/Shanghai"
5 ?+ ^) t; g! b9 c3 l3 P$ ~6 E8.3)修改haproxy- r0 H: z3 j B
[root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg
' M, l" R. U! w+ j) Q, S' ? p1 D9 g # 最后面添加下面内容
- e9 Q" D3 {" u& l listen openstack-dashboard-800 d8 Y0 @# |) c
bind 192.168.139.248:80 S& F; f5 Z; h. o+ m
mode tcp
: Y& M! X4 x2 x b server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 5
. @3 F# @7 i/ O3 k [root@openstack-haproxy ~]# systemctl restart haproxy.service
* a' i9 S5 \0 ~: S% M [root@openstack-haproxy ~]# ss -tnl | grep 80: z% H' [ E, b8 r7 v, J
LISTEN 0 128 192.168.139.248:6080 *:*
9 j( o8 }. z6 q0 R LISTEN 0 128 192.168.139.248:80 *:* : i! s/ h+ D( ~) M
8.4)修改配置文件-openstack-dashboard.conf
$ V, X, A+ R+ Q root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf
5 Z6 _- S0 K; d4 x # 4行 添加
W4 n# T7 t5 ^0 G, y; O( B# j WSGIApplicationGroup %{GLOBAL}
$ E3 C+ R) G( f+ f& ]6 g8.5)重启动httpd7 w; B1 @! o% h, A& F. N3 x$ f
root@openstack-controller1:~# systemctl restart apache2.service $ l( f# U, J& J# u* B* q+ y
8.6)访问dashboard页面
- W/ u: s9 d) p* T- y) \http://openstack-vip.stangj.local/horizon/( `: k$ `; k+ j# j: g6 P
6 @6 R, x! s" \4 m' i: u) ^) V) s2 S
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2025-3-17 08:00:02
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜