|
|
Openstack_安装基础使用
- y8 I# e) C8 vopenstack 版本周期, h$ G* p A: e% ?$ i L
; E* T j8 \/ a4 e: l2 E% ]4 J https://releases.openstack.org/. m. X5 E$ u: B3 d
官方安装文档2 A5 L9 g H# @ ?# ?9 Q
4 i- v3 U. _: R: [5 j; u/ A
https://docs.openstack.org/insta ... ackages-ubuntu.html
7 S) N$ w8 |: p* X% [ https://docs.openstack.org/install-guide/openstack-services.html
/ d) N1 Z4 u- d+ U1 z8 }手动集群部署部署: X' }8 k# A1 o8 k- ~! a
架构
: d8 s1 }; o; e0 L6 i* @' n主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色
, a b( N, u, I) u: Eopenstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点01
0 @$ _0 t( }- Z2 {( [openstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02
) ]* }7 [9 G, k5 ?openstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ4 R8 [7 c6 v7 K+ T! u1 b
openstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点: B: P+ z- ], I5 t% [* v* w% W
openstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点1 S U- l3 x( g2 E
openstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived( U3 X1 T! U/ V
1)前期准备5 [" u8 Y% Q6 I; M2 p
1.1)所有节点安装
( z1 I1 _1 A5 a. W" I ~# apt install -y bridge-utils, e0 e# C9 y6 W
~# modprobe br_netfilter
) c+ l& Z- B# P7 S* V& V* Q1 | ~# echo 'br_netfilter' | sudo tee -a /etc/modules) j/ N4 z6 _4 X& B! m$ Q8 c
~# swapoff -a
" }# l( \+ V% u/ y% r! q ~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab2 w% \7 I; I3 c9 K7 P. R, |# h
~# apt install -y software-properties-common/ }+ A T' u1 f( ]( A
1.2)时间同步8 U( {3 I+ s+ i+ c [- y8 K1 m1 S
"controller1作为时间同步服务器"6 m6 |3 f- r4 t! g% l2 A0 p4 P, C( K
root@openstack-controller1:~# apt install chrony -y0 I6 u/ [8 ]+ n
root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"
$ V7 G) l# H* z7 x* J0 | L1 O' _ confdir /etc/chrony/conf.d
8 S4 C% L& s7 [' G1 B8 X6 H: z server ntp1.aliyun.com iburst2 c3 Y/ z% I" C4 D( H) R
server ntp2.aliyun.com iburst
% m: k; q% i3 s4 ]- @2 r4 P0 {7 j server ntp3.aliyun.com iburst6 G2 p Y2 l- V- s' `2 m! t% R8 Q
allow 192.168.139.0/24' ~. Q5 p) f! c2 O
allow 172.16.1.0/24
; I) x2 a- U9 k& u. p" L local stratum 10
" h* {2 z: @6 M& s& M sourcedir /run/chrony-dhcp2 r7 i4 w( B$ J7 q2 t' S; w7 d
sourcedir /etc/chrony/sources.d
: V4 i3 y+ t! y2 d U9 m keyfile /etc/chrony/chrony.keys/ F: \ [- ~/ \- i
driftfile /var/lib/chrony/chrony.drift
, D9 v# l, Z3 Z/ F6 U& D$ U$ f3 l ntsdumpdir /var/lib/chrony! F) C: p4 z9 T6 Y2 M
logdir /var/log/chrony
5 I; C" b. i& H maxupdateskew 100.0+ ^! X: p- E u a. c3 n% j+ S0 U
rtcsync
+ [( K* w" A" |2 Q8 b makestep 1 3" n; H+ ^* q9 \
1 r* V) ]8 n4 J) N! e9 E `启动服务`
# b( x: J" i, A8 j root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony
{0 a1 a+ F, ~9 Y
, e" s6 D6 i: z9 H% ~ `验证`
r5 t/ W# `8 E/ I, @ root@openstack-controller1:~# chronyc sources
8 g9 |% C4 K4 m 210 Number of sources = 2 U3 R" `& |& J% v% B
MS Name/IP address Stratum Poll Reach LastRx Last sample
+ F" P9 {. T5 Q9 i ===============================================================================3 C7 M& v0 c- D8 }3 z
^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms( c' n5 K, D Y* b) G; I3 P
^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms
6 a: O0 G; B9 n4 H, y/ ?& w t
0 u( u0 u7 n1 y# ~1 X8 H0 i "其他节点配置(集群涉及到的节点都要配置--我演示一个)"
5 Y4 S% _9 K: {: K) l( } root@openstack-mysql:~# apt install chrony -y
7 B& g- v! N( e! T root@openstack-mysql:~# vim /etc/chrony/chrony.conf 1 W/ ?4 H" Y' ?0 }* @# l
#server 0.centos.pool.ntp.org iburst* e9 O7 m8 q$ c' e
#server 1.centos.pool.ntp.org iburst7 E2 Q" `' T; i
#server 2.centos.pool.ntp.org iburst
0 K; M P+ C0 ~5 K2 l #server 3.centos.pool.ntp.org iburst
8 F8 _) q7 c8 R# z7 v$ B* [3 n server 192.168.139.31 iburst # 添加这条信息指向controller1
( V! w) B* B- A6 d3 |( m0 M: V- o root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony
# M, H: V) E: }5 A$ h; B4 ~ root@openstack-mysql:~# chronyc sources1 U6 {: z$ i2 N' ^
210 Number of sources = 1
- V4 f! K* [3 h H/ ? e MS Name/IP address Stratum Poll Reach LastRx Last sample
* k- a0 L6 ` `9 y/ R. m# j' l1 f ===============================================================================
4 I% L% j y" D1 E1 \$ s' o ^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms) A$ I$ I) |$ Y f2 l5 d2 q" H
1.3)配置openstack官方源
+ O3 d5 o3 b, | `controller管理节点`
. A9 H2 R$ g; g/ B: m: m+ |" E/ r* B root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
2 l; F9 d; ]3 ~ root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache
- g. l5 O( C9 e 2 Z0 _5 J/ ?0 M0 `. `+ M5 y' M
`node计算节点`
- a" F/ L) i$ A. m& ^4 H5 \ root@openstack-controller1:~# add-apt-repository cloud-archive:caracal' y# h' d! a. i( ? }
root@openstack-controller1:~# apt install -y python3-openstackclient T6 @2 B- S0 | R( P! {) X
`数据库节点`
/ |- W) T6 @- W* A0 V4 H root@openstack-controller1:~# add-apt-repository cloud-archive:caracal) l$ h0 J2 b. v5 M
root@openstack-controller1:~# apt install -y python3-openstackclient% u3 `& _$ `& K
1.4)数据库配置4 U& z. D9 \ @9 c; |
root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql
8 S4 y0 p6 h# N* r" [. p root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF
! e8 ~& a/ M$ e, A7 @/ m/ e [mysqld]3 K9 D g3 O- V$ }; H
bind-address = 192.168.139.33 W, `0 Y7 B4 }' [1 J& f- k/ y- N
default-storage-engine = innodb
. I* J: @" C7 R- Z7 E innodb_file_per_table = on
! W5 W0 k9 o* o- U( R max_connections = 4096$ z/ l5 w9 ?* @+ P' V. D9 Y9 x/ y
collation-server = utf8_general_ci
" X4 R6 D" E0 D& J5 n6 J4 l1 H! F) y character-set-server = utf8! s: g! E( `9 f) T
EOF
. I4 k- f2 E$ i4 G6 ` root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb( Z& K0 V, i( f( L7 [
1.5)RabbitMQ配置
4 F. O4 F0 C; h root@openstack-mysql:~# cat >> /etc/hosts << EOF
2 E! ?6 n1 D& Q" U5 @ Z" ^- M 192.168.139.33 openstack-mysql.stangj.local openstack-mysql
- e! I0 D" U4 X; n/ w EOF* y" C6 V8 g/ C* J* Z% p p
root@openstack-mysql:~# apt install -y rabbitmq-server
! ]' P9 b7 a7 |" B" l8 g root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service
( i* @ n- V3 Y( b5 c3 f& S root@openstack-mysql:~# rabbitmqctl add_user openstack openstack123
. Z Y# Z( T. }- ~! C Adding user "openstack" ...+ p) }$ _4 V6 v5 B/ `+ P
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
2 `$ X9 N O+ k. u9 d! l* s root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*"
7 k& S; _1 c, Q" s! g$ `. y$ [, F Setting permissions for user "openstack" in vhost "/" ...6 y- v; A. v0 c- _% q, L$ x7 p
`查询插件`
& x* y! q7 y! C0 d& A. a root@openstack-mysql:~# rabbitmq-plugins list. `% T8 Z u- ^! @8 }: v( z+ T/ P
Listing plugins with pattern ".*" ...
) y+ ~2 x# [2 p Configured: E = explicitly enabled; e = implicitly enabled
) |' D. Y8 m5 L0 r | Status: * = running on rabbit@openstack-mysql
, h5 E+ D5 \5 y/ [ Z$ M2 T! G |/
9 X/ E# s8 g) Z, T y [ ] rabbitmq_amqp1_0 3.9.27
( A( z! b$ _8 s# k& S [ ] rabbitmq_auth_backend_cache 3.9.279 H: z; p& W2 a* x1 l$ N3 R! F
[ ] rabbitmq_auth_backend_http 3.9.27
) }, V; _% o5 f8 v) D [ ] rabbitmq_auth_backend_ldap 3.9.27
, c/ G1 a: u4 p) d/ H8 C' D* Z: r! z [ ] rabbitmq_auth_backend_oauth2 3.9.27" T; l0 l: G2 p
[ ] rabbitmq_auth_mechanism_ssl 3.9.27; H9 h K. u- r5 G6 o
[ ] rabbitmq_consistent_hash_exchange 3.9.274 A& s) y! {/ ^3 U
[ ] rabbitmq_event_exchange 3.9.272 O! a) K {. _. U) _
[ ] rabbitmq_federation 3.9.27
" W, r; n- M% s& r- u$ u& m3 \ [ ] rabbitmq_federation_management 3.9.27
# B6 Q$ }$ ^4 A' `5 e M. Q; k [ ] rabbitmq_jms_topic_exchange 3.9.27+ A$ W9 B! F9 J/ ]7 H
[ ] rabbitmq_management 3.9.27. \- C) O C" j+ R
[ ] rabbitmq_management_agent 3.9.272 I! j6 E0 E" Z) l3 f/ R
[ ] rabbitmq_mqtt 3.9.27: Y0 k$ J# U% ~+ R: o5 M; y0 n
[ ] rabbitmq_peer_discovery_aws 3.9.27
$ f1 d* e# e7 Z! E d$ H4 M [ ] rabbitmq_peer_discovery_common 3.9.27' D0 y0 `" l1 [5 Y4 x1 _
[ ] rabbitmq_peer_discovery_consul 3.9.27- {# o9 L% W; R% E; n4 X1 G# c
[ ] rabbitmq_peer_discovery_etcd 3.9.27, J6 S3 D$ H' f1 g
[ ] rabbitmq_peer_discovery_k8s 3.9.27
s. E q: W0 N( l: G1 I4 S [ ] rabbitmq_prometheus 3.9.27
# W( @9 u5 X" c8 n [ ] rabbitmq_random_exchange 3.9.27
( ?, w! A8 N4 [2 \9 z: i [ ] rabbitmq_recent_history_exchange 3.9.27
, x/ Z9 |7 Z& \2 e7 h( L- K8 D [ ] rabbitmq_sharding 3.9.272 x$ J% T; C3 f2 B
[ ] rabbitmq_shovel 3.9.27! `8 W' L8 H, e6 i5 U
[ ] rabbitmq_shovel_management 3.9.27
: A* [- S3 A, b) T2 x- v/ k [ ] rabbitmq_stomp 3.9.278 U/ O2 o8 \2 s# |* d2 y# Q
[ ] rabbitmq_stream 3.9.27
2 {0 Y% E, z0 z) U: X [ ] rabbitmq_stream_management 3.9.273 L# ^( t( r' u
[ ] rabbitmq_top 3.9.27) L* s3 h! |2 A8 ^: G% L: C
[ ] rabbitmq_tracing 3.9.27+ ]7 X4 `2 a& P5 X0 V. P7 O
[ ] rabbitmq_trust_store 3.9.27
' e/ J9 O( i. e [ ] rabbitmq_web_dispatch 3.9.27
2 G" ?) E" b2 I- |; y [ ] rabbitmq_web_mqtt 3.9.276 t, n0 _3 u2 h9 \
[ ] rabbitmq_web_mqtt_examples 3.9.27
( F5 j8 H5 ~) I2 a3 x# X! S [ ] rabbitmq_web_stomp 3.9.27
0 B" n; ^) X" [ [ ] rabbitmq_web_stomp_examples 3.9.27 g; z+ j) |! A9 ^
`打开插件`( n" I2 `; c: ~8 [- A2 A# P, k3 [
root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management
I% s) c1 Y" l7 I5 ] ?5 a
8 d% t& d3 }9 |2 v root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf- g* G7 j" q) A) K( w0 b3 T# Q% R
loopback_users = none
, i' b7 H: ], V root@openstack-mysql:~# systemctl restart rabbitmq-server.service
: d# W& `+ F5 D% z' i- M. o
, I# i3 r; w1 J访问 http://192.168.139.33:15672/
# u5 j7 h! M7 N- o4 F
" F8 k9 i: C: c( W* m
. B$ s9 Q) r0 t. _3 d: T
6 R& R& M3 {% r% y0 L; B2 X) v! g y0 [3 }9 F( q1 S
1.6)配置memcached, A5 u- h6 Z, M |4 b" g1 b/ [
root@openstack-mysql:~# apt install -y memcached python3-memcache& ^% P6 g. V' L( w
root@openstack-controller1:~# apt install python3-memcache
& c% {% C9 D, q$ V; R: @7 b: F1 W: ~1 ^4 B
% p0 ~, T& t+ i2 A9 t) T6 V root@openstack-mysql:~# vim /etc/memcached.conf ; e4 f2 P4 K: G0 [' d8 |! X5 K
# Specify which IP address to listen on. The default is to listen on all IP addresses6 D" N, m( U6 X+ L
# This parameter is one of the only security measures that memcached has, so make sure& V9 {* {% I& \+ G+ {! e' t
# it's listening on a firewalled interface. L/ s( W) j2 Q' w7 Y
-l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:
" N) u. ?/ u% r B4 u root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service
4 A1 L" ^# ?% {: w1.7)配置haproxy
) }( R2 E3 m: m! L4 | root@openstack-haproxy:~# apt install haproxy4 b, u! ^) e) c Z; s$ l4 \: c
root@openstack-haproxy:~# apt -y install keepalived
) a; z* f. ^% N1 ~' S2 ~& D `配置keepalived`; R2 w1 C9 l" h' A4 a$ b
root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf
; Z7 _, u$ |, }" ? global_defs {
/ ~0 N4 w! |1 J: T( } smtp_connect_timeout 307 M( F0 @3 b0 x* c
router_id LVS_DEVEL. M/ Z1 E' W% k! c
vrrp_skip_check_adv_addr! H1 f0 q- S3 I. G0 J8 N0 y
vrrp_iptables
, X7 |* q3 P0 a) b+ ]% v& a7 C: Q: O vrrp_garp_interval 0- R& R1 e% c. W @& e
vrrp_gna_interval 0# s; m% M8 P3 A9 Y& X% s8 k5 B
}9 D0 c6 g# k' ^: v
" ^0 _/ @5 f8 m2 ^" e; V0 f1 \
vrrp_instance VI_1 {" K5 e4 @2 j2 {* w, c" m" K6 G- c
state MASTER- F4 Q7 r. _4 W5 K
interface eth0
1 j) f6 J+ Q' ^* N% j/ b virtual_router_id 51
) {3 s" O4 O! k9 M3 H priority 100
+ M5 b; [! ]. O A _ advert_int 1
, r6 Y6 {" S6 [9 x* o authentication {$ \. r4 S, h/ D
auth_type PASS5 q4 Q" W1 U4 U2 D1 |' ]
auth_pass 11117 m6 R8 G* e5 y2 J1 h; i
}
% Y& m) A% S) S$ `/ w! b4 | virtual_ipaddress {% v* ~, [# |& o X% B
192.168.139.248 dev eth0 label eth0:0
: F; s5 F D+ W5 X; G; F }
/ l; m) c* |4 k/ D }
. Q7 h3 m1 o4 F root@openstack-haproxy:~# systemctl enable --now keepalived.service
; B9 ^* d: c2 p) O: E root@openstack-haproxy:~# systemctl restart keepalived.service ' c. K1 |. O/ b5 C2 }# e
`配置haproxy`
7 M- h( ? m* y4 M root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg ) Y( C% ~5 V7 |( p* F6 l4 `
# 把后面的frontend和backend模块配置全部删除
5 b g, O+ E2 V( `$ _ # 最后一行添加, L1 R1 C( y+ ]( A* c; I5 h2 R
listen openstack-mysql-3306
. |. Q0 U+ e; F9 |. V; I bind 192.168.139.248:3306. r3 o1 L0 a U9 v3 \ ~7 h) Y
mode tcp
3 v0 L, A; a0 A9 p4 q+ _ server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5
1 s( c- E# r8 o- D U- } 7 H- o' E. E( o* L
listen openstack-mq-56724 r) J8 ?, {0 |6 A6 @
bind 192.168.139.248:5672# C) N$ Q) X- u1 [! M
mode tcp1 P3 l$ j ?$ R% E$ p
server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 53 G+ n& X2 t! S \
6 \3 c% A* K2 y+ x8 } listen openstack-memcached-11211
' Z' n+ Y( o4 c bind 192.168.139.248:11211
4 |! ]5 X2 W. k# p2 k mode tcp- O2 x$ [2 W' P C: d
server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 51 g1 k7 n! F3 U& n- I/ l
# T. J8 V$ Y$ m7 v7 `$ O$ {- ?- T1 X5 E
root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf
( l/ `/ M& ]. @4 X7 n; a root@openstack-haproxy:~# sysctl -p% \2 n. {. J9 m& j
root@openstack-haproxy:~# systemctl enable --now haproxy.service & l' L ^+ S9 M5 E& f! {
root@openstack-haproxy:~# systemctl restart haproxy.service 2 K. h; v) Y! }( x
root@openstack-haproxy:~# ss -tnl
$ W' l7 w g/ l6 Z& [( w6 [: B State Recv-Q Send-Q Local Address:Port Peer Address:Port
- k, D/ B! C% \3 l+ i$ a7 P" n$ R LISTEN 0 128 *:22 *:*
) C- `) W( u! B6 z; `% j LISTEN 0 100 127.0.0.1:25 *:*
) K5 l4 X: M8 k1 s9 d" o8 ~- z- p LISTEN 0 128 192.168.139.248:5672 *:* ' K ~3 U ?/ ~& B0 D! Y( i
LISTEN 0 128 192.168.139.248:3306 *:* ! x$ a" K7 M# d$ _+ _8 A
LISTEN 0 128 192.168.139.248:11211 *:*
" P2 c/ G [$ K5 W/ N: m$ I LISTEN 0 128 [::]:22 [::]:* # K. _/ L# v0 {1 z# l$ T
LISTEN 0 100 [::1]:25 [::]:*
' U$ _- T5 V$ E- ^# Z$ r验证
2 l) n) { Y9 v% z' C! w
' e6 S" z' O9 S i& x4 d root@openstack-controller1:~# telnet 192.168.139.248 33067 C7 v2 `# `2 | v+ S9 C
Trying 192.168.139.248...* |! @6 r! A, b- p7 W
Connected to 192.168.139.248.
% t$ g- T9 ^" {) K% U Escape character is '^]'.+ a3 R( z! B/ z: H; q/ m
/ F4 b. E2 J2 S root@openstack-controller1:~# telnet 192.168.139.248 5672
5 `+ x4 O5 K8 I( b" V9 H4 U- g9 V Trying 192.168.139.248...
1 ?$ d# J. \5 _- E; e2 m) e Connected to 192.168.139.248.
; ?: [. V5 H3 [- E3 D' j/ p Escape character is '^]'.
5 t1 _( H/ U6 w! n$ o& j3 q, R8 M/ y
, C& ^& p+ R' z" O) B root@openstack-controller1:~# telnet 192.168.139.248 11211# V* E3 s) Z" F
Trying 192.168.139.248...+ \& V _) E0 J
Connected to 192.168.139.248.
9 s; n, e, H+ m2 S Escape character is '^]'.
) R5 U% X& f7 R1 n% I2)安装keystone) w# v& F3 z' |2 K% m
2.1)创建keystone数据库& h+ }7 w- l+ Q# z& i8 ^4 M7 \
root@openstack-mysql:~# mysql
) S! z5 z, h `' ]" g% p) U# | MariaDB [(none)]> CREATE DATABASE keystone;& i% j( _( `/ a) Q5 d& R7 y
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
- l5 B, z: k) a* ]6 y `controller节点验证`$ F2 {. g1 d' t# y* ?* ?
root@openstack-controller1:~# apt install -y mariadb-server
, E3 y. \! J9 I$ B, z" G root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone123" H5 l7 ?) K; U. |& u& B( l; C$ Q* ]
Welcome to the MariaDB monitor. Commands end with ; or \g.
% [6 h, w5 k( t4 u$ D Your MariaDB connection id is 35
, y, H6 _( a: m3 { Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
- i' D+ K/ o2 g5 Z7 o+ d a 7 [7 N# N+ Q* `* ^1 V
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
- ^5 q: d) f) I! n; Q+ a% \ 6 Q( ]: D. i% M6 i- J" A5 U
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
$ n8 P. o/ a8 ?( _ ' y$ H+ o" W8 Q& q+ I
MariaDB [(none)]>8 P! Z3 c, s1 f, D+ E9 E* G# B
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123
* R4 h% y9 K: ~4 [ Welcome to the MariaDB monitor. Commands end with ; or \g.
. K2 y2 r3 {8 `4 E4 E; O Your MariaDB connection id is 36
" o. i& g9 f5 A0 ? Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.045 @' r d' L9 v2 N' {# A) ]
7 g7 e" }' G0 F5 Z7 v* e
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. P! [* \' C) {# v
. u) A$ \& Q% V- x. A Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
, T0 M L& W R5 u) D( ~ 2 K; a8 y1 _3 R q4 `" Q
MariaDB [(none)]> ! B: l/ a! l. f; Q* i
2.2)下载配置keystone
2 y) _+ e4 ?8 [% }# n+ t root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py3
; Y% Y- U$ Z" G- z `添加vip的域名解析`' \' n) g, K7 N4 D9 k
root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts
. a5 D3 h5 n: L$ I! d# x1 y2 m `修改配置`7 V2 J5 t. h8 z) Y# c$ Q& I* J
root@openstack-controller1:~# vim /etc/keystone/keystone.conf
; z0 |# n( ~) [, L( A3 s [database] # 在这个模块下面添加下面这一行信息1 o! [- J5 k, i* U X; P
connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone6 C+ j- f+ r' B6 X/ P: o
[token] # 在这个模块下面添加下面这一行信息
' c+ t' @. B. S1 i! O rovider = fernet
4 ?9 c) o4 r2 c* D* Y$ @2.3)初始化keystone数据库
) ^9 x# k1 Q% [0 B# }# R# q root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone* |; a; i* z( d
`验证是否初始化成功`# B4 g/ ], `% n" w# Z
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables"# M! M% L! F0 P3 s( p1 h
+------------------------------------+9 s. c9 x& Y# b9 ]
| Tables_in_keystone |
) E6 y0 Q: o" q- _! t1 h- U+ } +------------------------------------+
7 ^0 a* O! o$ ~" `1 | | access_rule |% g) B3 L# v& a
| access_token |
/ ], Z9 [* a8 O' T d: M | application_credential |
& c7 h1 [+ p; D3 ~5 s6 E2 ] | application_credential_access_rule |
$ M: o6 W+ E0 {) V! ^% {: v+ T" h( P | application_credential_role |3 p* H" B3 R+ f) I( l5 O+ y9 g
| assignment |
9 r' Q+ h6 V- H* @' `& [ | config_register |! ~. p. Z+ D+ Y1 c7 J6 X' S5 l+ G
...................................... ]) R( E3 O! M5 ~1 [
......................................$ F) t4 \( A5 o+ K q0 P2 t2 J( w
| user_group_membership |
9 T( {0 L7 c! ~; w4 E- B+ W2 e | user_option |
9 j3 u+ i, l2 ~$ J) o9 X | whitelisted_config |
' }- C O8 v2 ?9 w* L" N( ? +------------------------------------++ Q& G: p2 A' o9 @
9 Y, G0 H+ G' x, u, M4 S9 t
2.4)初始化 Fernet 密钥存储库3 K7 ^/ O) r6 t! p6 K9 H
root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone6 O3 X" @. q9 u& y1 @
root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone, f) }: A Q- N3 _
2.5)引导身份服务
4 k' m7 I- X" K$ R J6 \ root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
& ], _! ^7 o1 r8 C3 e) i2 L- z # 在最后一行添加下面4行内容+ ~) Y: b3 T! m& ?& x$ P0 b6 m
listen openstack-keystone-5000+ Q+ L/ \* @4 w: {
bind 192.168.139.248:5000# D3 ^6 K3 H. J
mode tcp! H8 V- P4 f* x! n
server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5
/ ~% C5 E7 D1 e4 M root@openstack-haproxy:~# systemctl restart haproxy.service 4 J6 A. a* o/ l h3 }
# 设置,密码为admin+ x# S* F# G6 O/ G5 ~9 ^* B
root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \" i3 h7 L% `% G- h( T% ]* X
--bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \
1 g; M Z5 @& c --bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \
- O L& P8 |' | D --bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \4 }9 R2 u, i4 @6 H! C; x
--bootstrap-region-id RegionOne8 R! d/ l: R5 d- J1 w$ |9 R; W
`验证`4 Y9 y+ D+ ~' `4 S- ^. p# n
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service"
# O- Y8 g- S' N: b, ^( |; F" z +----------------------------------+----------+---------+----------------------+
7 r" V4 _1 _. P9 C1 D8 w | id | type | enabled | extra |
3 [' @+ v* M1 ?2 B +----------------------------------+----------+---------+----------------------+
; L d: U: h0 U | 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |) d" m$ M: _$ w3 A4 }# \
+----------------------------------+----------+---------+----------------------+
) [ N' w) N0 P; I2 ?4 u [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "
. J* H: @- U* {( d- L1 a( F1 M/ @* l +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+$ W$ y- Y% z, x. f( O" B
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
$ l" M/ A$ J& l/ {$ c M +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
' I( \+ m) |, R8 D% A3 D | 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |4 O/ L$ b9 ~+ z# n
| ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
+ |8 @9 k& k# C% ^ | def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |# I) \+ T3 ?5 z1 e
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
8 Y `7 V0 A5 {0 X2 Q, r/ {) | F2.6)配置Apache HTTP 服务器
" @4 A0 K/ w( s/ ^4 O7 V root@openstack-controller1:~# vim /etc/apache2/apache2.conf
7 `1 n# V; y. t* w, \ ... # 找空位置添加5 C" g5 O# ]. M
ServerName 192.168.139.31:80/ {, b! b7 n1 X% Z( p4 F, }" F
root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart" T: V: g# _0 Z3 ?0 K
`验证服务`9 E( }* I. H$ n8 r! w
root@openstack-controller1:~# curl 192.168.139.31:5000
% ]( e6 [( T* O5 K8 g {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}4 W9 O7 u. {) Z& l3 f; L
root@openstack-controller1:~# curl 192.168.139.248:5000# c: S* N& o- r: T. v( C+ I
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}7 E" W5 b X6 U& d0 s
root@openstack-controller1:~# curl openstack-vip.stangj.local:5000
1 F8 i+ Q @" ?/ \3 i7 d& V2 [: ]$ x: ? {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}
* l, e0 u4 N* b% k2.7)配置环境变量来配置管理帐户% y( P6 L1 P. r( @* [4 z) s
root@openstack-controller1:~# cat > admin.sh <<EOF
# ]) ?7 ^ i/ b/ Y: U9 h export OS_USERNAME=admin
/ q1 Z/ b" H% }1 p" K, `0 g6 m8 I export OS_PASSWORD=admin
' B. @" z- E8 q8 D0 U export OS_PROJECT_NAME=admin; ^( p0 p* H1 p$ l5 n
export OS_PROJECT_NAME=admin
* C9 m6 ?- T% B- r export OS_USER_DOMAIN_NAME=Default
3 s7 j( M* ?- a! c. J) N7 [, X export OS_PROJECT_DOMAIN_NAME=Default
( F) q' u/ O' o export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3, |( G: \' a6 J x1 R
export OS_IDENTITY_API_VERSION=3' t* s% o" E9 K* K! D' q5 F; I
EOF0 D/ h$ H8 A6 @, i% i# [9 t% {
`生效配置`9 {1 h* G9 g. I5 k) }2 Y, [) b
root@openstack-controller1:~# source admin.sh
; t% |" D! G" l' M' a. u `验证服务`- T% s2 Q& M+ B# Q
root@openstack-controller1:~# openstack user list( q5 f4 w' e- X/ L/ {
+----------------------------------+-------+
2 W* L, s) R; H P% f; ^0 ]* ~ | ID | Name |4 ?) w" Q5 Y5 ?: T
+----------------------------------+-------+
! |8 x+ T [4 x& Y& P4 w2 k | 5c4b6243d95742799de0fc97ef119967 | admin |
0 m' ]0 S# F" P3 o( b +----------------------------------+-------+7 Q* [( r" k9 W* ^. O! c! @. w
2.8)创建域、项目、用户和角色5 X$ k. l0 Z6 e: D# }0 _) B3 ~
`创建域`
2 {, A- F9 ]+ W root@openstack-controller1:~# openstack domain create --description "An Example Domain" example5 {& h% x( b: g' y* w
# [root@openstack-controller1 ~]# openstack domain list
) i1 W. \# u- Z D( P; e! O$ p- o5 g +-------------+----------------------------------+
3 {6 B' [& D+ j- k | Field | Value |
( p" t7 U% ^2 m/ m# S( T2 ^ +-------------+----------------------------------+
: u7 b$ D) u. E% q | description | An Example Domain |
! K- m) }; i7 Q$ i# Y6 s( z | enabled | True |
# k8 n) ~% {4 f# w% { H | id | 7233934db37f4e839da0bbc62bdebdf5 |
+ \; W0 P0 E) ~" Q o. F | name | example |
# {7 {3 Q3 v8 ~ | options | {} |
- }& I( t) w0 e7 M | tags | [] |+ U8 U, Q$ r, j2 ?$ ~4 r# X
+-------------+----------------------------------+
, V- z; V- T4 D. X6 y6 j; s `创建项目`
( P; U5 t4 {! g% o root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service
- w: b9 Z/ x8 Y" E # [root@openstack-controller1 ~]# openstack project list
; o, {# W- ]! b; g' F1 ~ +-------------+----------------------------------+
# ^6 ~, o- H* _2 L+ m% t | Field | Value |
`* n9 Y0 s2 b3 } +-------------+----------------------------------+
4 c1 q' f! m& D | description | Service Project |) s4 K$ F0 y. b; y. N
| domain_id | default |1 N. q* A/ i1 ]8 o
| enabled | True |$ b8 Z' ]$ l" G1 Z) g# L
| id | 024872cab1fb4329997f4bb552cc7439 |/ K8 V" T$ W% q! ^; X" |3 l
| is_domain | False |
4 w2 \2 W2 X' b: e | name | service |+ c* A6 Y b4 {( [$ K: x
| options | {} |
% q% k4 j( k8 D. Z) h9 d | parent_id | default |* |$ O% r) I8 i- j# C* Z, ^! N# P
| tags | [] |: J+ o# {3 ^) ]
+-------------+----------------------------------+$ F$ ]2 Y/ \" e- F9 A
`在default域-创建项目:myproject`- N; w+ B6 }& ^ Z* {+ b
root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject1 c) W: ?1 j8 E5 @+ G( h
+-------------+----------------------------------+2 f" T9 B6 H* R
| Field | Value |
# p4 d& S+ B: n0 l; d; S +-------------+----------------------------------+. S) ]. W+ u: v
| description | Demo Project |: W' v: v @4 G
| domain_id | default |1 z2 |; R' ^: i9 f
| enabled | True |
! ?3 I7 @9 C& H! J9 D ~( a) `: ] | id | 35e14efc4bb64fd18ab58ab793881459 |, p* m T& V+ A% s
| is_domain | False |; _. a. c Q# a, N
| name | myproject |' W$ K) v0 m& O: e% _) @% w: S
| options | {} |
J. J$ e, z }; O W$ U! t/ \+ ] | parent_id | default |: R( C. Y4 v. A' [" m
| tags | [] |5 ~/ h+ j1 N" y; O& ^8 K, Y
+-------------+----------------------------------+& T9 H. j, [0 E' V
`创建用户:myuser`
+ e! X8 Y! e1 q6 y( J9 p6 y2 I root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser
1 d9 }0 X1 J# M, y2 X. ? User Password: # myuser* x& C( \5 Q5 M' N) p: W# C/ y
Repeat User Password:# myuser
- n Z1 R g% [ +---------------------+----------------------------------+7 A3 i% ~) Z C+ Q0 Z/ s* A
| Field | Value |
* d$ K6 |, c9 ]+ f1 J& J +---------------------+----------------------------------+: a5 B( ^ t: ~5 k# |3 B+ I
| domain_id | default |
& g5 Q: D' u7 R* \( I$ y | enabled | True |
& q( A5 m' _& X ~& X, W | id | f40449a65bcf491aaf44cc4f8e09f3fa |' M8 [& ~4 c, W% j# @/ E0 Q w/ L
| name | myuser |3 r x% Z; \% e: z
| options | {} |
7 y4 b+ ~8 q' E, b3 k | password_expires_at | None |" u/ U7 a F* j, m A
+---------------------+----------------------------------+( U4 r7 e7 j- n5 @6 n: u
`创建角色:myrole`5 j) p# ^( F- ?7 q! `+ h: t
root@openstack-controller1:~# openstack role create myrole! ]5 o I8 l! u
+-------------+----------------------------------+3 S2 c8 T, Z% S: Y" H0 v& L
| Field | Value |% {2 |5 i3 g% I5 y1 H3 }
+-------------+----------------------------------+( k3 z' q$ \7 S' {: ~
| description | None |6 r' ?. A$ H% M( E
| domain_id | None |
U1 ~4 y' A+ U" c9 ] | id | b1cf825f18194c858ba735c3a873e87b |
2 F; n. C/ d6 x4 o- `0 ] | name | myrole |
* Y1 `; E* m. L! G2 N8 X) z | options | {} |, w3 J7 B) U' [
+-------------+----------------------------------+' f1 A' A3 a' O6 z- J
`将角色添加到项目和用户:myrole/myproject/myuser`
5 N9 q3 j' J# S4 ]; Y5 f root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole
6 v; p" j2 Y$ V! g2.9)验证操作" ]$ l: j6 |- _5 Y! Z4 f
root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD# x* F& I% h' e' C4 e) b* J
`获取admin的token信息`
& j% \9 w$ K: F# Z% o! b( T root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
0 z2 s" `5 w# m# T
/ v: s5 X6 s8 M8 R Password: # admin2 q9 H8 v9 v8 N3 H& V" t
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+5 D8 H7 ~& y2 L
| Field | Value |; N! e& U" u& J: v
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+ s( [" F& z- B6 c, a | expires | 2024-12-07T12:25:41+0000 |
9 D$ E5 W0 Y; D- k1 e' l& ~9 J | id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |
, F: ?- y7 \' s$ p( c$ O | project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |0 l( K6 i( n3 |+ l* N
| user_id | 5c4b6243d95742799de0fc97ef119967 |% M. D9 V1 q* i( W+ `! L+ s3 @
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+/ p+ h9 K7 T/ n8 N: U5 K
`获取myuser的token信息`" L: i' D8 W( ?$ W
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
4 M$ w+ f( s! f' W) q Password: # myuser9 Z; P. y& p# b! G& l7 t3 l
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+; Z- |- F5 m. \/ I2 v" Q. c
| Field | Value |
2 B3 _4 \( V, z/ {' ? +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 i5 M- n* Q& ^! u$ Z, ~( c
| expires | 2024-12-07T12:25:41+0000 |
. y) w2 O: Y2 \. `% R | id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |
& c; R7 Q4 B, S& E5 y U | project_id | 35e14efc4bb64fd18ab58ab793881459 |
( `* T" E3 R4 y$ j | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
% Z5 R5 l1 P* C- G1 I) M9 ]8 ?0 o9 b +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+" A( i4 l9 ~7 \5 r, r5 M
2.10)新增配置环境变量来配置管理帐户1 f5 F6 i2 E1 V3 ~
root@openstack-controller1:~# cat > admin.sh <<EOF3 z1 f1 T v) Z: \/ G
export OS_PROJECT_DOMAIN_NAME=Default3 _! X8 [) z I e
export OS_USER_DOMAIN_NAME=Default
5 j" X+ e! [$ l export OS_PROJECT_NAME=admin9 d2 D3 o/ H. K; m$ P. z. k$ H J
export OS_USERNAME=admin
; y, B/ G9 n. x* ^" f3 S export OS_PASSWORD=admin
8 Z6 a2 g" A6 a; @& D/ B% U export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
! z+ e7 }1 o% p export OS_IDENTITY_API_VERSION=3$ h% F0 L6 n) G" l$ R" p" Q
export OS_IMAGE_API_VERSION=28 {, |# |. I! T8 a3 n" e4 e" H
EOF
' t8 H# {7 C/ z# S. e root@openstack-controller1:~# source admin.sh
; |4 W$ N% U* f `验证`+ G, y6 C4 P" u: |
root@openstack-controller1:~# openstack token issue4 h- W; `6 a5 r; ?
+------------+--------------------------------------------------------------------------------------------------------------+2 Y" A5 S7 G9 u* ^
| Field | Value |
2 ]! v; T* c$ ^5 { +------------+--------------------------------------------------------------------------------------------------------------+
/ ^; K9 z6 k; r8 f4 r | expires | 2024-12-07T12:25:41+0000 |. |# ?2 k% O) K6 G- c7 E$ ?' _5 s
| id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |* V! t& {* V& J8 y \% g
| | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |
c+ ^$ \1 y. O1 P2 V+ ?' m" b" c2 b | | qj3vDQYbVyFBbnIY |" G1 Q4 y5 D2 ~& a2 `- L7 H" U& S
| project_id | 96bbc0e66a5246fdaf29843498ef49a1 |
6 V. p. J+ C! j' o' ]# G1 X | user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |9 q- }9 a) s' o
+------------+--------------------------------------------------------------------------------------------------------------
( w& h; ~2 p2 a
( t1 d( b4 L* C7 z3 h7 P `创建普通变量环境`
1 V) x* R* @" x root@openstack-controller1:~# vim demo.sh' B7 |7 c: }& ?, ?# _. q
export OS_PROJECT_DOMAIN_NAME=Default( O6 a O: z3 \* f, W0 |/ z% q
export OS_USER_DOMAIN_NAME=Default
^ J& v2 r) B8 v! V' |# k9 o* A. [ export OS_PROJECT_NAME=myproject! m7 m! O2 u( T! N
export OS_USERNAME=myuser; r3 ]! Q. _- v
export OS_PASSWORD=myuser
7 z; x# u7 X! |% S+ ~" o- Z export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
0 d7 f4 X* e$ I& Z( s export OS_IDENTITY_API_VERSION=3
% p) k8 _. K* }$ J" m7 w2 F export OS_IMAGE_API_VERSION=26 {2 m) _/ _9 Q. @
root@openstack-controller1:~# source demo.sh
) S& R7 E; T5 c7 m `验证`6 W4 k8 H) Q! j
root@openstack-controller1:~# openstack token issue
6 u7 @' S' p& h% L* d( t +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+$ h2 T1 c9 g; k6 ~" \/ E
| Field | Value |
' z$ `! |* R. b, Q5 [" N# e +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2 J' T% T7 P/ K) f$ X0 d | expires | 2023-12-14T14:26:22+0000 |$ ~3 Z6 g, t) T4 P
| id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |
. R- B9 U0 K2 C! F2 W | project_id | 35e14efc4bb64fd18ab58ab793881459 |. ]& n: l+ [% B- X( O8 Z' _; s
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |6 [3 B3 B; z# O+ J
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
' T6 {0 V4 F9 v& Q5 Y2 b3)安装glance6 V& J( D6 f! ?, f6 b# J- v1 W
3.1)存储准备工作5 _- r% d. g8 c6 P/ U- S
# 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs
1 h2 }6 t5 ?" u0 D: r; D root@openstack-haproxy:~# mkdir /data/glance -p B2 {& s$ w" g* s) |9 T( x0 z
root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y
# j- m& x6 g9 k. ?1 A 4 G) V" d' }: b
root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports 9 R6 N4 X4 v) c" C X7 L
root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server
$ D: `" J! J; Y a, } root@openstack-haproxy:~# systemctl restart nfs-kernel-server( J$ C1 N! d; ?
3.2)创建glance数据库5 Q9 v4 z `8 h* w! W
root@openstack-mysql:~# mysql1 K0 E; K r, e5 H" I* p9 _8 v
MariaDB [(none)]> CREATE DATABASE glance;
: p. y' K2 f$ I' Y X. K" \ MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
4 a' p0 n1 `% T/ [1 n [root@openstack-controller1 ~]# source admin.sh + D! W4 }9 n$ N; @
`创建glance账号`% Y/ j+ Y& z* d- E
[root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance. v, S$ X% Y- a7 S0 z& |, z# s' U
User Password: # glance) Y. O$ w- |7 x3 V
Repeat User Password: # glance2 N+ M6 Q# d" ~7 A9 n
+---------------------+----------------------------------+' I" Z! K6 j( `! ?
| Field | Value |% o& E7 @2 Z9 Y6 o
+---------------------+----------------------------------+
2 k2 }. K/ }. n: x# D | domain_id | default |. |3 Y( u5 k1 \' m" g# Y
| enabled | True |
6 A4 _0 A8 L$ h: E; k W+ a | id | 34a900b8a67f40439804c830cd5957da |
7 `! _* P* t) O; d/ R4 v; W; M | name | glance |
5 ?' v6 d3 W0 | | options | {} |
) F( H* V( z7 W | password_expires_at | None |8 H8 k$ ~: k6 \5 i& o7 x6 `
+---------------------+----------------------------------+
* m& v$ h" _: C3 E `将角色添加到用户和项目:admin/glance/service`
* t9 a7 |4 _, \1 t/ e; J( [ # 让glance拥有service项目的admin权限. {3 J$ y5 }3 D2 G: M: o: k
root@openstack-controller1:~# openstack role add --project service --user glance admin
1 A- S2 f- Z3 n root@openstack-controller1:~# openstack service list% ?9 X5 O: @& R% ]8 `# w
+----------------------------------+----------+----------+
: H- r: Q: e. U: t1 l! V | ID | Name | Type |2 u. p! A! v0 w7 s. a' Q0 w, }
+----------------------------------+----------+----------+; B8 F3 F6 i, _5 B& J6 Z. I
| 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
4 ] \% T0 |# c# |7 J1 @; m +----------------------------------+----------+----------+& E* _0 ?' E% B x" v; D( J: ~
3.3)创建服务实体glance
* }/ z' Y4 u, D3 ?# l/ i4 o2 B+ J root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image
$ F! l2 T% t7 l7 z. k8 Y +-------------+----------------------------------+ E' p. D/ b( i# y+ R/ E$ S
| Field | Value |9 f/ Q0 r- }" e( I4 s
+-------------+----------------------------------+- f* p& Y# [# L: k( `9 y% U, L2 n2 H
| description | OpenStack Image |
# l1 n0 N) G3 T$ Z& p3 b | enabled | True |& x& [# {$ w) f
| id | e53a2bd43aaf48f1840064e9cb594293 |
& h! h( s8 r$ J; A4 B6 ?1 \' K | name | glance |# c2 }$ H2 d/ b6 |3 k9 [0 \
| type | image |7 H" W) K- R7 N
+-------------+----------------------------------+
! J3 J' K. L0 I& B+ y root@openstack-controller1:~# openstack service list
# ^. ?- q8 \" x* z6 N +----------------------------------+----------+----------++ M7 F% z1 ?# t4 r+ H7 X' I
| ID | Name | Type |8 I/ i8 _" M& c- | K
+----------------------------------+----------+----------+! [+ T7 S0 A9 \& i
| 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |5 S2 q3 C2 X4 \- j. P' y" \1 L5 W
| e53a2bd43aaf48f1840064e9cb594293 | glance | image |0 z7 |4 n, i2 [% {4 O4 a+ N
+----------------------------------+----------+----------+
* {2 C+ a% r" D" i3.4)创建Image 服务 API 端点:* [; q5 l3 S; r6 P. }. ~/ X' r! {
root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:9292
9 B) d( N) T+ L. C. }: J5 y D +--------------+----------------------------------------+; b+ C Y7 T' B7 I% L- ?+ j& h
| Field | Value |- t4 o& ~- ~0 G2 Z- _0 L
+--------------+----------------------------------------+8 C7 @2 J8 P6 T2 C
| enabled | True |' ^: b& J- f, |: |. z: v& n
| id | 3fc61c0f302d41359da99b80ca32853f |
5 ]5 V- i) X9 A* G | interface | public |" P% y: H% ]; c) U, [! l) Q; Q
| region | RegionOne |
' K$ k8 `% k5 x" ? | region_id | RegionOne |
" u: O) C/ V. l& M | service_id | e53a2bd43aaf48f1840064e9cb594293 |" T0 K/ U3 a9 I7 Z
| service_name | glance |
, j+ _% y* f0 R$ ~0 Z$ i | service_type | image |
4 X z; H, l" M | url | http://openstack-vip.stangj.local:9292 |
. s4 W0 ^% u. Q# g% e+ D2 } +--------------+----------------------------------------+
* ] o! ^6 o. ~- C root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:9292' h6 N7 [; z5 Z! [! E: |9 m" F8 |
+--------------+----------------------------------------+
) F( k; a9 N" ? ?/ D9 l" U6 |0 d- c | Field | Value |
! C4 D# p% M7 L* o +--------------+----------------------------------------+4 I. o/ K& z' T7 z$ `- c
| enabled | True |
" J1 y! L5 t% _ | id | 671f3dd8ddd643d08b922df0f9c7f4d8 |
: j5 p# e1 E" Z! N1 Q( p( y- ` | interface | internal |
0 k3 X- W4 E( b( Z; v | region | RegionOne |
8 u. V) m8 B- H6 o9 e | region_id | RegionOne |, q2 t' r$ t$ _3 E+ t! v) |
| service_id | e53a2bd43aaf48f1840064e9cb594293 |3 u" d4 R3 i% D5 e' x! s4 O
| service_name | glance |; B* Q* S& V4 B5 l3 o
| service_type | image |
4 `% A1 O6 ^" [- [! [8 G5 H | url | http://openstack-vip.stangj.local:9292 |( s7 ^/ b* j0 j3 b1 f
+--------------+----------------------------------------+
% X8 x+ N9 }! }( S' X" k root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:9292
7 T4 u4 |4 k; m J. g0 {1 t! p- m +--------------+----------------------------------------+
- q; O# ]2 v4 e X1 g) \" e | Field | Value |
: x4 O9 j/ K0 }, @0 E +--------------+----------------------------------------+
5 b2 G& Z$ R) Z, e | enabled | True |6 C6 Z5 Y v6 z) |4 X& i
| id | afea7ab2f5914bcca88f088957f6144f |3 J* v( z. v, ^
| interface | admin |1 Q4 q* l4 @( Y" \" X
| region | RegionOne |
3 N* a- ~% S; r5 j. v( O6 y& f/ c | region_id | RegionOne |, s! E$ ^# ^: ]; N1 s: ] F
| service_id | e53a2bd43aaf48f1840064e9cb594293 |
8 }% p5 d, S+ A1 Z | service_name | glance |8 m1 k: Q; X) w0 |0 y6 H+ f
| service_type | image |, Z$ u, l, w9 q4 F+ k+ B7 m' O/ R
| url | http://openstack-vip.stangj.local:9292 |" C1 {+ Q1 u! b# S" `
+--------------+----------------------------------------+1 U4 f: Y: q4 v, ^4 G; A) R
3.5)配置haporxy代理 b. d. d% I F
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
: d8 C; m* ]: g # 最后一行加入下面4行信息! X2 w7 O9 U' w; S0 x
listen openstack-glance-9292
1 d* z9 U: B c bind 192.168.139.248:9292
$ U) c' O* D+ I6 e5 j% H7 i mode tcp; E) W' _5 _( k$ L
server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 5
/ { ]- c# w. n( K7 w root@openstack-haproxy:~# systemctl restart haproxy.service + f- D1 M+ o s9 b; L/ s' e
root@openstack-haproxy:~# ss -tnl | grep 9292
, X! s/ W6 L) }" [; ]1 Q! B. a, T LISTEN 0 128 192.168.139.248:9292 *:*
/ k/ I3 X8 g: n: Z. |! t0 e3.6)部署glance服务
1 ?2 u" i- Y3 |1 T9 l& i root@openstack-controller1:~# apt install -y glance
0 p7 i9 v* c2 ` a4 H3.7)配置glance服务
, v% V8 |( x9 x root@openstack-controller1:~# vim /etc/glance/glance-api.conf$ k9 S/ p( C$ t2 r
[database] # 在这个模块下面添加下面这一行信息
3 g% \; y) b. x8 j. r& A connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance
' p" L7 r6 e# O; s+ u, Z& U 3 R* A* M8 e0 l& m& Z
[keystone_authtoken] # 在这个模块下面添加下面这9行信息: f: {, S$ p5 o; \* A
www_authenticate_uri = http://openstack-vip.stangj.local:5000
7 M4 Z- @; A9 c! {& v' b7 G auth_url = http://openstack-vip.stangj.local:5000
4 _9 t, ~% Z/ w" { memcached_servers = openstack-vip.stangj.local:11211+ p$ }+ u8 w0 k6 v9 O8 o% u- A
auth_type = password
5 J1 d5 | i3 p2 ?# _) \2 e project_domain_name = Default; c: q( m2 D) u
user_domain_name = Default
' W) ~/ b3 p9 o, y project_name = service4 G6 {/ Q: K0 A. Y& P: \9 \
username = glance
7 p. x: t0 c$ A7 Q( | password = glance
$ f+ i- L/ L# T7 `$ h2 s9 F
1 k% F6 A w0 g; ^) _7 _& S, z [paste_deploy] # 在这个模块下面添加下面这一行信息, _: d( I9 T `, G6 J7 ^
flavor = keystone
4 L% k5 k4 S5 ]; a& s4 D" K 7 Z7 N: \. y* Z K( @* e
[DEFAULT] # 在这个模块下面添加下面这一行信息
' m/ z. r2 O3 m5 U ^& k enabled_backends=fs:file
& ~5 G4 |( \ U ( |; I/ j" G: l- ^
[glance_store] # 在这个模块下面添加下面这3行信息
0 E5 H' L2 ~; D! n3 q R. ]: i$ R5 C default_backend = fs
/ B8 a1 }. v. ?, V. x1 g6 ` [fs]! [' t4 |6 L q5 k) [% a! Z
filesystem_store_datadir = /var/lib/glance/images/
( |; y& B% C) F: S z 4 v$ B+ X% a" h7 e* W/ e9 o8 F; c% w
" I+ S3 p- f3 T
`确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`
+ n& F; M% u& R4 k; C) J6 J root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader3 }# g/ Z9 v# Z/ [0 B% D
3.8)初始化glance数据库
0 ?' W' B* w, l3 r# v& J) G9 w root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance& H8 u$ d! r5 C7 |' `. V# s; J" ?
`验证`& y0 K6 ?) R- _6 i, I) g+ h. s
root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables"
! Q& |4 Y4 V& B4 O. F7 N% W +----------------------------------+6 U3 S) x$ {9 Z+ q
| Tables_in_glance |
& t \3 {7 t9 Y+ ?2 \+ T +----------------------------------+
0 a, A! T* I2 i7 r6 N7 I( w2 n3 C | alembic_version |8 f4 u2 }* q _4 z
| image_locations |4 f, J) d+ m# A' B% C
| image_members |6 O; G) p* F+ ^" h( O* e% c1 q- Q
| image_properties |
0 d8 R w7 k; I$ S- d8 k | image_tags |
( Z% C A& z2 c8 \, \ | images |
0 k6 w9 d! _6 t- e& z# i! ^: _/ ] | metadef_namespace_resource_types |
& O B- t: W N5 g: \; o | metadef_namespaces |, e8 e( V5 Q; `
| metadef_objects |
: a1 T" F3 n8 ]* s7 P | metadef_properties |' E1 J0 d' y D: L
| metadef_resource_types |
! P4 ]0 ^- j0 y8 j; s$ @9 p | metadef_tags |
" Z' |8 K9 G" X( T | migrate_version |- |& S% R, {, h( n
| task_info |8 Y; o( {& }0 P& r; n/ |9 ~
| tasks |
5 b% O7 d( ~# C9 f2 n( O) { +----------------------------------+
D# {3 b1 }9 i3.9)启动glance服务
( ?3 `9 _5 l$ A# t( X1 G root@openstack-controller1:~# systemctl enable --now glance-api
! ]$ ~8 s+ |: j root@openstack-controller1:~# systemctl restart --now glance-api! m5 r7 m, h& C4 }$ _5 O
root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log 6 o+ _, p+ n& C
2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:9292
; `3 G) s" j1 G8 x+ L 2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel'! Y6 y; Z, W1 R5 o( w
2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
3 p: e2 F8 M1 \& J6 j9 F4 S* Z 2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.
% d! W/ E# s: [* m2 G9 Y/ b# k 2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.2 W4 m& g* f' r5 C7 |3 \8 l2 \
2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers& M/ q% w( d h% N$ W1 [
2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 11724# H5 x1 h/ }6 O( {4 Z- V0 N
2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:92922 N! c, `) U' i' G/ H, S" W
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 11725
; Q8 h4 [ M! H( |7 Q2 s9 B3 g. `' k 2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:9292% g( N" [4 v9 W* N* b. d* n
3.10)挂存储3 m8 g: ^/ O* j1 J
root@openstack-controller1:~# systemctl stop glance-api
- `' u' B U, a! I5 H( S! o' G+ i* r root@openstack-controller1:~# showmount -e 192.168.139.36: j% ]5 l4 D, L' [, t0 r6 T4 c
Export list for 192.168.139.36:. c# \: G( S& q/ A) P# _
/data/glance *
' i* |4 m2 K" L t8 W5 \ root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images
+ b- F8 t% E8 }: ]8 w root@openstack-controller1:~# vim /etc/fstab 1 S) r( h' I) i+ y i' E
# 最后一行添加下面这一行内容& y- _# T+ R5 ~2 O- K8 m0 v# _5 O0 m
192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 0
: a' u6 k. b# l1 B) k: [( M root@openstack-controller1:~# mount -a0 v. i; W, I% f$ c0 X6 t" Z
root@openstack-controller1:~# id glance
* W X$ m9 L( F0 G9 W9 N uid=64062(glance) gid=64062(glance) groups=64062(glance)+ _. i: p4 B' Q/ o$ |
root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images/+ ?5 M0 v# Y+ M8 ?# O$ s' C- N
root@openstack-controller1:~# ll -d /var/lib/glance/images/
2 n$ R; j6 s6 D6 P% p' [, h drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/
8 D+ W) `( |- T I root@openstack-haproxy:~# ll -d /data/glance/
% k- N( c7 z+ ~! k" c drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/$ t9 n/ q& B- ]& i& J1 z
`启动服务`
1 E0 F! O1 T e4 [+ [& Q [root@openstack-controller1 ~]# systemctl start glance-api
O& x0 o3 z5 Q( l0 F/ C7 h. G% i3.11)验证操作
0 R9 z* X5 j* ^% w4 D/ ?+ r: A5 O [root@openstack-controller1 ~]# source admin.sh
& `/ i9 z q- z/ ]: Y# x5 d ?: ]8 d root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img
: a, b- O( d$ l [root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \) N ], i1 }/ {* H
--file cirros-0.4.0-x86_64-disk.img \* Y) E6 E, J5 T- D5 C( o! X
--disk-format qcow2 --container-format bare \4 `& j1 U& ^1 M" L1 n; d
--visibility public( d3 S9 l1 F( b$ {& i" K7 c& i3 p
" r6 M5 }, P5 A, a0 j4 B$ s, q* [
+------------------+----------------------------------------------------------------------------------+
; L& ~% t4 V1 K! P# ` | Property | Value |# v) D& [4 P$ |0 a4 R2 g* U
+------------------+----------------------------------------------------------------------------------+5 e1 Z3 k% @7 W' Y7 j
| checksum | 443b7623e27ecf03dc9e01ee93f67afe |
& Z: S" y; ~ J. V) y0 H- Q& x | container_format | bare |
* O& t+ |; d, m. [ | created_at | 2024-12-07T13:12:19Z |
7 ~: I8 }' v; k7 H5 O$ K6 m | disk_format | qcow2 |
& X+ G; k A, R+ D& o | id | 68249b5f-9eac-4873-be74-cc11ac9af61e |. g1 H! j& Z4 N. c6 J, c
| min_disk | 0 |
- R1 E0 R- P$ v1 a' T9 a. ~ | min_ram | 0 |
( C1 H5 f+ A8 L6 X# Z | name | cirros-0.4.0 |8 ?, K& s7 U" E! @. }
| os_hash_algo | sha512 |/ r4 E! i. B4 p) D/ T$ F' } b6 p
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |4 C' T+ {4 S; a$ k. Y% C
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
# d/ B- x( m0 ?% C2 K/ C4 ? | os_hidden | False |
6 C3 a3 @/ o3 N+ M/ l | owner | 96bbc0e66a5246fdaf29843498ef49a1 |0 R" s; L1 g0 C% Z" ?7 k+ z. Q
| protected | False |$ E& S& ~. K: J. i; o& S h4 e
| size | 12716032 |
, r/ Z) k$ T6 A | status | active |
2 j, p# T. l1 G* Y1 \( E0 I' ?0 ^ Q | stores | fs |
3 M- V# {) S, Z( @: G8 x | tags | [] | x% T" X' p' i
| updated_at | 2024-12-07T13:12:20Z |3 B/ l/ r+ u e6 V
| virtual_size | 46137344 |2 }8 v7 a" q; h: o4 u
| visibility | public |
# o( Y e7 `5 _* s* l& r2 s1 k +------------------+----------------------------------------------------------------------------------+5 h5 t2 f1 G9 X" F, \
3 N& c9 b3 d: F' |, L2 l8 N
`验证服务`$ @ t+ p+ R7 e1 l [3 H5 I
root@openstack-controller1:~# openstack image list
X% Z3 W' W: n8 [' S2 G2 A' b +--------------------------------------+--------------+--------+
9 K+ D0 p- y, {( m6 q | ID | Name | Status |
6 t( G' T6 K" m8 ? +--------------------------------------+--------------+--------+
+ V6 H( ~( C$ E# f) f | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |
6 ?7 H2 @) L. F" V7 t- ?% [2 V +--------------------------------------+--------------+--------+
- T$ m; {( ]* ] # 或者 [root@openstack-controller1 ~]# glance image-list! \8 E# O$ f! P% }8 P& e2 r8 o: Z# ^
# 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7
; W: T) I0 b2 `, a root@openstack-haproxy:~# ll /data/glance/$ I' d' J) ~, @% w3 X5 u
total 12420
- o4 j- k5 r( Y- d& E/ J' {( A -rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a
6 m+ {5 X4 x5 L- @ I6 K4)安装Placement% ?3 K @0 v1 U) B3 y3 L; l
4.1)创建Placement数据库8 O' M+ @" B( T7 l. M
root@openstack-mysql:~# mysql
, o4 ?$ [( N! Y* G7 D! X+ e5 ] MariaDB [(none)]> CREATE DATABASE placement;
( M' Y& b- Z- \7 U% x: Z$ C& j MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';
, o( n7 Z! u- f4 V8 v `验证`& S2 Q# z& L. i8 ~- r# ]1 o8 |9 P
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123
$ |3 \. V3 k+ h5 Q$ n Welcome to the MariaDB monitor. Commands end with ; or \g.4 Y; u& ?% U8 ]5 ?& x
Your MariaDB connection id is 118
4 T+ \9 B( P( R& @ \9 {2 Y Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04' i& g L3 F" i+ S
/ |% Q' m9 n! ?0 a! f8 Q: y: w# D! w Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
% \0 M/ h r F' S, N. }: S( o
" N' [+ m- A" q0 O6 f+ L* p. @ Type 'help;' or '\h' for help. Type '\c' to clear the current input statement., r8 L: [! k+ B0 [
1 a0 D. Q; s1 E& g6 T MariaDB [(none)]>- N% ^6 ?3 A. ~1 W6 k2 e) I
4.2)配置用户和端点
' j) \& C# A' z' w4 E9 ] y7 ?1 w root@openstack-controller1:~# source admin.sh 7 _# F1 w8 U* s( w' k1 L* U" T
root@openstack-controller1:~# openstack user create --domain default --password-prompt placement. }" q7 Q" B4 f; ?
User Password: # placement* b! N) ]% f6 b9 |4 Y& `
Repeat User Password: # placement
0 ~8 W Q( g5 u+ s2 @# X( {0 ?' s +---------------------+----------------------------------+
# \0 h1 H' p, N' w | Field | Value |" {. [3 a) v$ o6 S2 R; u
+---------------------+----------------------------------+; ]7 k! a. l# ^8 K, V% `
| domain_id | default |& y/ L' }8 Q& F% i# M8 q! K
| enabled | True |* r' ?6 f, v, h3 i, N
| id | 804e53f0a44b4403af8278711a7274a5 |
2 y( L$ Z+ e; l9 y4 o7 X | name | placement |; T/ x/ Q& Q, u
| options | {} |% ^& x$ }* C, o% y) d9 \
| password_expires_at | None |
5 ?9 q* P0 U# ^$ M, R +---------------------+----------------------------------+8 R* K. j2 y# \) t
: W! l T# L$ j
`将 Placement 用户添加到具有 admin 角色的服务项目`3 o/ I0 Q( z5 B$ y6 d
# 让placement拥有service项目的admin权限`
7 X2 r5 Z: }: _5 d0 Y root@openstack-controller1:~# openstack role add --project service --user placement admin. @; ^4 g' S' i5 \! f3 d
: D1 _+ D% @0 t, h( \
`在服务目录中创建 Placement API 条目`+ D. I5 u3 i w" k4 M1 R
root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement& e# g% ]1 ]/ Y; D" U$ v& V( Y
+-------------+----------------------------------+' a/ U2 n4 C' |6 r
| Field | Value |
' W1 p+ V" H" [" @ +-------------+----------------------------------+
$ G/ _2 g; s9 J v | description | Placement API |! m! N- t/ w* i4 e+ y) Q0 h# o* W: k
| enabled | True |
l$ N$ x# w; U0 \ l5 {9 [& T | id | 9eaa1f08648c44c5a937759d7217016f |% i0 v! w/ |7 `6 e! r: h& Y9 I
| name | placement |
+ B" j+ ?( G4 V9 m' A1 |" { | type | placement |; Y& r$ Q0 c) D3 L8 k) e
+-------------+----------------------------------+6 S# ]' i2 e5 X* y( n
4.3)创建 Placement API 服务端点:
- P& L) d: s5 B y/ _4 j: B root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:87780 A' H$ Q4 N) P) r7 L
+--------------+----------------------------------------+" |( b2 I% s# d* u7 f# i
| Field | Value |5 J% p, R0 l q& U9 G# p% w4 e
+--------------+----------------------------------------+6 ?! l: Y# d1 K8 }
| enabled | True |# Q3 E& n; Y3 A/ M
| id | 88aae422c80e4adabf613aef31fb0c3d |
3 Z: U, V1 w0 V& N | interface | public |
* [# O- k% @! G T r0 q | region | RegionOne |9 a/ h5 J- h% R7 I
| region_id | RegionOne |- }* C% z# T* W- ?9 i4 K
| service_id | 9eaa1f08648c44c5a937759d7217016f |
3 |* l" y" n/ V | service_name | placement |
/ V9 {5 o, k! \% B | service_type | placement |
# B$ r. O( [( Q' |+ \# j6 E, F# t9 o | url | http://openstack-vip.stangj.local:8778 |
1 r+ P1 t. P5 J3 }% D0 Y8 u& A +--------------+----------------------------------------+
+ a7 b$ V% K* \8 L, q( |* \3 D7 L ; v. |1 c/ l( A/ G3 I
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:87781 G. S9 ]; v2 D
+--------------+----------------------------------------+
/ h6 R0 Q- |* S, _ X- C | Field | Value |
x! T* k* p5 X( _. q +--------------+----------------------------------------+/ O4 Y T2 ~1 M, o- D$ |
| enabled | True |, l- w, F2 T; U V, d9 t6 R+ ~
| id | b706b4abdcdd44a588eacf5d1cb7f75c |
2 G' d" F# p7 u4 e: i) x | interface | internal |3 f0 Y! [2 q/ G
| region | RegionOne |
5 I) }# q7 v) K | region_id | RegionOne |4 y* ]% m. o! |1 X0 P
| service_id | 9eaa1f08648c44c5a937759d7217016f |/ I( C: u) q& y6 n* Y! Y# C
| service_name | placement |+ B6 @4 v2 ^ N8 {7 O
| service_type | placement |$ K: A, p3 s- Q3 x# j/ r
| url | http://openstack-vip.stangj.local:8778 |. t. m3 _9 T `5 R. g
+--------------+----------------------------------------+
0 k4 p4 V6 Z5 l- C8 e# m. {+ L D$ `9 K6 A( i7 I# i/ d
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:87787 O; ]7 |: S8 Q" a5 M
+--------------+----------------------------------------+5 U) o1 ~8 n* r
| Field | Value |
0 ^* l$ J6 X. z/ e. e6 J6 O +--------------+----------------------------------------+1 o: q9 \. p- f; O ^4 I8 _# h. v
| enabled | True |
, O0 |& }% I6 [% v9 l: D | id | f62a5305854e492ea9c76e77e13b10b4 |
5 A. G7 L+ V9 k3 M9 l' A | interface | admin |
, b `. v. Z0 m6 r: o | region | RegionOne |
" d; v) r3 T3 S' K: { | region_id | RegionOne |
2 t$ d1 F" h# h5 Y | service_id | 9eaa1f08648c44c5a937759d7217016f |" n8 ^/ l0 W6 x: E* n D$ y
| service_name | placement |
- _: j9 |" n4 m* `, j9 S | service_type | placement |
0 O2 `7 e6 f; W [7 m A7 V | url | http://openstack-vip.stangj.local:8778 |' h; K$ y* \9 X# W. L( J
+--------------+----------------------------------------+
x. x# k' ]/ F+ a) \ 7 j3 |% y5 }5 @
`验证`
( S! Y+ k. S1 J" H root@openstack-controller1:~# openstack endpoint list. X/ m) Z v# N0 p) b
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
3 l& c l: j. D) m | ID | Region | Service Name | Service Type | Enabled | Interface | URL |
, ]/ M* M, c( u- F- H +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+1 B& R" S b" p% L
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |2 y, m. X3 |+ X# ]% b; X+ V
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |/ f; t q/ ]- |, y: D% M5 f
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
' E3 K* ]) ^# N, c- ~' N: K | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
9 d! J3 I. |* _ | 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |7 M# Q M, w# p, b+ v! ?. y
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
- s$ z4 x6 X& _ | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |
: p# f0 }" ~7 _' H) E% [ | afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |) c4 d. j# x4 O; ^9 s5 s4 p( [, X
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |1 f6 D) Q3 o5 W" E9 `6 y5 Y
| def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
2 p* a3 K1 g& k a4 ]6 b3 P | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |
, @, L$ X Z) {. Y9 Y# k$ e +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+ {+ z% O: @8 ~# M$ G$ s8 i
4.4)配置haporxy代理5 R7 I% b; a. X; ]
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 9 M! L1 O# B# r
# 在最后一行加入下面内容! \7 O& W& x* G& J' r4 k
listen openstack-placement-8778% E1 p) c S" e/ k( M# b8 m
bind 192.168.139.248:8778
# H5 j3 b+ C6 l! b, i. R mode tcp
) j7 f# R. Z1 a7 q2 Y server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5: Z) F* K9 k/ @# [, _" C
root@openstack-haproxy:~# systemctl restart haproxy.service 5 O, W+ t. t) S1 N* J# b
root@openstack-haproxy:~# ss -tnl | grep 8778
9 g4 H0 x* J. A: L' F LISTEN 0 128 192.168.139.248:8778 *:*
$ r' P3 u& p- ~4.5)部署placement% _5 T8 f8 O/ ]2 u7 @ g" k
root@openstack-controller1:~# apt install -y placement-api
2 W1 o8 w: P+ z7 `! i" M. Y4.7)配置placement服务
9 M0 S; y7 z# w( u6 E; o root@openstack-controller1:~# vim /etc/placement/placement.conf5 g" a3 t$ S; Z
[placement_database] # 在此模块下面添加下面一行信息
1 A( n# ^' D( \# ?9 Y' |5 u connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement; Q1 A K* _7 H) A5 R, k6 Z1 I
7 l. E G- Z T
[api] # 在此模块下面添加下面一行信息
9 A( p2 g/ u Q e$ q. ^4 y auth_strategy = keystone
" Y2 g- x5 {& @$ F & v, X1 m" V3 g1 t+ f
[keystone_authtoken] # 在此模块下面添加下面8行信息
/ p2 `, I& e; i; M: I auth_url = http://openstack-vip.stangj.local:5000/v3) |/ [! x3 T2 i. Z6 k. Z
memcached_servers = openstack-vip.stangj.local:112111 E, s$ z' M# N8 P$ w% ^% h
auth_type = password3 V9 i9 [& C0 y F$ X& y; [, W- i' W
project_domain_name = Default) k5 Q c& \, R. K' M: K
user_domain_name = Default
2 S; ]( A$ g/ G. h) R' y6 o+ X project_name = service# j' ?+ Q& j1 ]& ?' Y" k9 P) {
username = placement3 I3 F& I2 {2 u1 p4 ~
password = placement
9 M/ \+ a, G! X2 b4 |- L4.8)初始化placement数据库+ y0 x3 s( v* E( | @$ y/ W: B# J
root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement
/ x- v6 V% M0 [* v/ N
" D! O; O4 a$ Q4 c% M. s7 w+ Z `验证`) r' R5 X1 F. s# J! q( b; h
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables"
v* O: {1 p% _ n +------------------------------+: m1 ]6 C9 \* e" a2 ~
| Tables_in_placement |, B7 M" n( V8 `8 u6 {! X% e' |, Y
+------------------------------+9 O: l' E! \- G3 t/ C% F% L
| alembic_version |( H/ _. l3 N! l7 w1 ]
| allocations |7 J- z+ K5 B9 ^+ ~0 X
| consumers |: b u- D5 D- m; u; l( o+ n
| inventories |
( Y. l; h4 F' T C( a" g7 \8 i | placement_aggregates |7 T) j( N4 [9 E+ `: X: }6 r
| projects |
: D* p' y* L' f! G Y% B a# X | resource_classes |. X6 K) Y: Q6 }, ?8 g2 p: b
| resource_provider_aggregates |
! [. n! p' g4 y( B6 r% _* S | resource_provider_traits |& k& u4 a9 J9 m& |. k% x
| resource_providers |3 u& O3 Y+ j f0 E
| traits |( h! }. e' }. N8 r7 l+ e
| users |
7 J7 J0 Z/ }- a9 ]3 B& y +------------------------------+$ b7 o3 r. e: k& Y
4.9)解httpd带来的问题(以免后续会出现403)
5 H+ U4 B; m! L! f root@openstack-controller1:~# apache2 -v
0 v4 k% j: \ C Server version: Apache/2.4.52 (Ubuntu)7 P! l! J8 `1 v7 w( ]
Server built: 2024-07-17T18:57:26, Q! t# {/ R1 K/ \1 @. S
root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf9 T1 x/ o/ G! d2 Y R ?/ p8 N: M
<Directory /usr/bin>8 G5 |2 I6 a3 e/ q* H. b; l
<IfVersion >= 2.4>
8 b' E# s0 W; |3 h2 z8 D Require all granted
- T. U8 m m9 d2 S! U, _ </IfVersion>
3 q5 }2 ^. l" e+ U6 [. l1 @ <IfVersion < 2.4>6 Y n0 J1 U2 B# o
Order allow,deny: H8 P Z- b& Y
Allow from all
& _9 j: t! [0 H' W- I5 r </IfVersion>! E; B- y3 o" G
</Directory>
, H& q6 K2 }# X, r. k2 y; N ) ^1 _+ S$ D% c# C! G+ F
root@openstack-controller1:~# systemctl restart apache2.service & u) O/ D2 G/ t
root@openstack-controller1:~# systemctl enable apache2.service : m& z5 E! N) {8 _
4.10)验证服务
% Y4 r0 p3 S! H [root@openstack-controller1 ~]# source admin.sh 6 E- P5 ]/ s V& D! R2 y
root@openstack-controller1:~# placement-status upgrade check
L7 j7 B/ f9 A& B6 h$ n8 o +-------------------------------------------+( O: e% G1 F6 ^% o& c
| Upgrade Check Results |
; q* \. P4 p1 h: Q1 | +-------------------------------------------+
- a( h% X( @7 m2 d4 X | Check: Missing Root Provider IDs |
( y, M# _; m5 |3 s' ~! ^ | Result: Success |
% C. }2 n- j9 |. y | Details: None |" X8 o% j" G1 }6 r
+-------------------------------------------+ u" |, _6 ?4 }6 J
| Check: Incomplete Consumers |: n1 O9 ~5 E* I
| Result: Success |
$ {$ c' ` ~! Y | Details: None |8 f+ | I' I" v* l
+-------------------------------------------+
+ w% a, G" L) ` | Check: Policy File JSON to YAML Migration |
: O9 t& K/ D' j1 Q% G/ T | Result: Success |
! L* }% K8 u2 j/ I% e, w* n | Details: None |" y: c; ~, v' j5 ^& W- p
+-------------------------------------------+
0 _- u' _- H3 t8 Y root@openstack-controller1:~# curl 192.168.139.31:8778
$ Q O4 Q7 ]8 E; l+ @# d {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}, A( K' g3 D d
root@openstack-controller1:~# curl 192.168.139.248:8778
; P0 y* g5 }. B$ C! L7 D; q3 I0 O1 | {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}0 p" d$ g W7 O9 t0 a9 Z
5)安装Nova$ I# {& ?1 [7 a! S$ L5 Z# g
5.1)配置nova控制节点
& I+ n6 X" `: a5.1.1)创建Nova数据库3 \" s6 U* H, a
root@openstack-mysql:~# mysql, Y5 r% K+ }! O3 z
MariaDB [(none)]> CREATE DATABASE nova_api;
5 y0 Q2 E5 k5 R7 O' `0 U MariaDB [(none)]> CREATE DATABASE nova;& i$ F; x7 d$ T) f7 k. Z
MariaDB [(none)]> CREATE DATABASE nova_cell0;, P3 L3 w' u7 y7 E& \# M" |! O
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';* u4 m( [" q9 @+ V; v& \& z2 Q
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
- @! ^1 e% q; R% O! r3 z- Z3 S; s6 ]7 W MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
: n$ }& Z5 f8 l, _7 Y5.1.2)配置用户和端点" s5 j' l/ D/ ~$ A0 ]
root@openstack-controller1:~# source admin.sh
0 r' b- Z: f9 ? root@openstack-controller1:~# openstack user create --domain default --password-prompt nova$ N! f- q& M, c) ?& w; X
User Password: # nova
! Q% t7 S. F M% t$ q' O Repeat User Password: # nova
( z% z- W# C0 d6 m: ?* H: E +---------------------+----------------------------------+
, \3 s2 B! I: E* @ | Field | Value |
# _* u) E! h" U2 m4 n +---------------------+----------------------------------+
' n0 E) p8 A* J3 [ | domain_id | default |
6 T! Y( s# R0 G3 y | enabled | True |8 N. r6 I$ u0 `% ?! d/ d2 g
| id | 223adc571a2b4a2fa32cd7bdff6e7c3b |
$ v4 p( g7 b* m5 W _9 x | name | nova |
1 s) O. w$ q7 |- ^& i | options | {} |7 Y9 c5 R V7 D* r8 e% j5 P1 G
| password_expires_at | None |' l: t6 N( _0 F% n* G
+---------------------+----------------------------------+
( H9 o. W* j. G, w5 D# n0 t ( X+ \' {' U% V* ]7 s
`将 nova 用户添加到具有 admin 角色的服务项目` C( Q% w, ?2 u; o: O$ w
# 让nova拥有service项目的admin权限`
6 K9 N C( T) M7 `9 \ root@openstack-controller1:~# openstack role add --project service --user nova admin/ {% d7 _, A! @5 }9 w; V/ e) b6 E
% E9 |1 x9 j9 H6 Y& w
`创建service实体:nova` d* |9 Q$ n7 e& \+ U) z% ?& O
root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute
( O6 ^1 U6 v H! u5 w. C* J. N" K +-------------+----------------------------------+
, i( l' `. o) V | Field | Value |
8 v' h, p2 F$ I+ v2 j5 c$ Q3 n- T +-------------+----------------------------------+
D( c9 W0 p. z2 q | description | OpenStack Compute |2 c8 Q4 e2 R& Y5 E) D7 K1 m; q2 S
| enabled | True |$ x9 ~" l3 g2 j
| id | 63028385934a4290b66880dab62a4c4d |
* O2 @/ W' p) L# X% a | name | nova |% g# o+ U: j0 X; c8 x
| type | compute |! @$ i0 ^" V( y% Y; ^
+-------------+----------------------------------+
) I2 ]# C* j6 ?7 _9 I+ z6 C% z # g$ N* j6 [% V
5.1.3)Create the Compute API service endpoints:4 d4 s2 _; K8 x
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1) n* M' H7 H; a' f# @4 K- \
+--------------+---------------------------------------------+
2 V1 m( X7 k# k- e, P5 O& D, } | Field | Value |3 h* p) @1 X+ J7 s& y
+--------------+---------------------------------------------+3 J/ q, l; u2 D* h! ]
| enabled | True |) x# b# q& ~ i2 C8 k
| id | d5564488f45d47009640dcea5e0083f8 |7 ?6 L5 f9 y1 T/ O. ^3 M0 |5 D5 B8 J
| interface | public |4 ]2 H6 w, Q& o O1 p+ m* f
| region | RegionOne |
" I2 U' T" O, N' ? | region_id | RegionOne |/ @% P/ y1 ^. d: |3 m! D! c
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
( S& J0 ^& p! M5 Y/ ? | service_name | nova |0 }- J* w z% a; u' d0 G5 k
| service_type | compute |
, D2 w) ?2 w6 f( C+ z# v3 o | url | http://openstack-vip.stangj.local:8774/v2.1 |, o( A% @5 m5 N5 T" m0 G t
+--------------+---------------------------------------------+
. f ]2 C, K7 l' M: J root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.1
" e* L* Y8 {0 V3 o0 x, Q +--------------+---------------------------------------------+
7 u# k M8 l% C$ @' |! d$ C, b0 y3 b | Field | Value |
; k! o+ h9 ?- K# D) J8 }9 s +--------------+---------------------------------------------+& d# \0 M2 o j: A& d/ _
| enabled | True |/ a. Y7 n, T3 m& R
| id | bce779f873ad48cdaf7aa65c9c310e0b |# J" N* _. e9 A& I! F: |, U
| interface | internal |. O5 y0 z/ A1 P9 v1 ^. d3 V
| region | RegionOne |& z, Q5 \# Y1 u4 N5 A6 j
| region_id | RegionOne |
0 B. r/ h. v, x4 ~ z1 v9 A | service_id | ba27d9ae56314e208a3b9b7e1dead803 |( b1 j7 w. l; {7 |+ f
| service_name | nova |
9 P( u* n5 G: L+ B8 [ | service_type | compute |* E: o1 \0 T& M
| url | http://openstack-vip.stangj.local:8774/v2.1 |1 ?9 P3 A$ [+ @
+--------------+---------------------------------------------+8 Q( I" O4 f5 ~) U7 F# \; a$ F, D$ B
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.1+ x4 G U# g, c/ K) O3 h- W% |
+--------------+---------------------------------------------+
! c y$ M8 P5 U" Z- A% E) y | Field | Value |
0 R) @* T! N3 N2 b- M +--------------+---------------------------------------------+
* p. f H# B, x | enabled | True |
$ T8 C- u( @( B/ ^ | id | 229163f968084cef9cc0150d1c7b14d8 |
2 L8 `5 R: n3 V/ N" P | interface | admin |6 O# ^1 S$ E) g4 R
| region | RegionOne |
) Y; [# ~$ b. c d1 o | region_id | RegionOne |3 O) W8 B3 D! y1 J" }
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |: x9 H3 j" i) u- v
| service_name | nova |2 S# K+ V% t6 @" y- a: o: \1 n
| service_type | compute |& W- Q$ G% p" F2 ?% _8 l
| url | http://openstack-vip.stangj.local:8774/v2.1 |
- m) A3 h+ o. A: Y +--------------+---------------------------------------------+
1 J2 n1 c ]4 i& b+ g6 I `验证`
) X3 X" N* g6 C [root@openstack-controller1 ~]# openstack endpoint list) O3 W! O4 l4 @$ @3 {
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+3 L9 i- h& i5 O5 F
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
& |$ d. D% d) T, B2 p- U* ? +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
- C. _1 y, I1 ^7 c | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |+ s' M& Z4 Y1 b% G$ X& |
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |( X) U5 [) k3 h- [1 t* d* ~6 U
| 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |
% K! l# Z; U1 t5 }# g | 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
- w; D/ f+ [8 u W5 y. y s- v | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |7 B* ~9 U2 T% _3 h
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
z3 F" ^" H8 p# n | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
' I4 D8 w6 Z- [. Q | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |1 v: b, m$ R; R8 O: j ~9 q
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |( O, q8 a8 c j5 g
| bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |
$ t- m$ @: t. a& \% W' p | d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |
% H" ~) s9 }6 `3 W( {5 J | dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
% f, O8 y/ a2 W! {* Q | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
! N0 E* V& m' g; G: T1 |5 I | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |! {( X* }% @( m* w4 E: ^: I
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
$ r7 {) A. ?( i& Z2 e5.1.4)配置haporxy代理( q% x5 Y3 f3 p2 s
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 3 r* k/ L7 T$ _1 M$ M
# 在最后一行加入下面内容" v4 R& q7 }& I8 f' F
listen openstack-nova-8774 }. Q1 V" a; H; ^' J# q
bind 192.168.139.248:8774
$ `3 P* u, ~9 p8 ~ E& S' e mode tcp- O- T) _$ V5 Q5 Q' J6 \6 [. u) n
server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 5
5 {6 H/ m% q$ L- a f
4 D0 }6 {( N5 F9 d* t listen openstack-nova_api-87757 [, S' g" r* a ^3 z( J
bind 192.168.139.248:8775
' D% b$ T$ N: Q2 S/ z% f mode tcp: |' u3 K% X* K
server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 5
: F$ u* P9 t& z1 @, p
2 F( u0 E9 J# M6 @9 Z! T root@openstack-haproxy:~# systemctl restart haproxy.service
$ _" S. l# C& J! C* e root@openstack-haproxy:~# ss -tnl | grep 8774- t# _6 _* V) B, R) w- j. N/ k
LISTEN 0 128 192.168.139.248:8774 *:*
4 K/ d: W2 r. w) W7 [5.1.5)部署nova-conductor1 J* n) {/ G* g# T2 b6 ~ N
root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler; q! I+ p! E3 @- k
5.1.6)配置nova-conductor! S* u- i: h6 f- \* M2 }
root@openstack-controller1:~# vim /etc/nova/nova.conf g. k: s- M2 q6 G; a, s, @- L8 T
[DEFAULT] # 在此模块下面添加下面4行信息" n% }+ Z' R" a- Z
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/9 z8 ]3 a0 x8 X- w6 g; a% d
my_ip = 192.168.139.314 ^7 d N2 C& ~: W9 U2 [9 m/ D& q9 u
# Q$ s4 B8 b2 A. p C [api_database] # 在此模块下面添加下面一行信息
, N8 f& N) ]/ E* i w8 g3 b( p connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api
( r/ }2 ]) \3 M& q- z W6 o F/ c$ E
[database] # 在此模块下面添加下面一行信息
8 z h" x [" L* X$ c3 q* S; J connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova
* W$ y1 R [; u+ b/ B% P
7 W* O( G( G( @( b* T [api] # 在此模块下面添加下面一行信息
1 c( n4 M2 i3 M1 N$ b5 E6 s3 k auth_strategy = keystone6 m5 n4 j9 V3 }1 D" ]
; s6 Q: V9 x/ W) G [keystone_authtoken] # 在此模块下面添加下面9行信息$ R6 t! _4 C" r& p; l
www_authenticate_uri = http://openstack-vip.stangj.local:5000/8 _2 z$ [* q1 j! \; r
auth_url = http://openstack-vip.stangj.local:5000/
7 a4 ^7 @& G" U l& M memcached_servers = openstack-vip.stangj.local:11211/ e1 i$ m% m" Z% r
auth_type = password h! `) u9 Z" Z
project_domain_name = Default
2 x* t) C" z& p2 Y; U" B) t user_domain_name = Default
( A- k& n* \" J- m project_name = service0 Z2 r9 X9 t' j# J! J U$ y
username = nova
$ K- v( e; L4 P$ { password = nova" L4 u4 I; B& H8 ^9 x3 i0 \; \2 Y
2 y6 }+ d* z$ Q' F7 |* P0 n1 O, O5 u [vnc] # 在此模块下面添加下面3行信息" X/ }' }7 w- O1 U% u
enabled = true6 W6 ~9 r( @* I+ x7 w
server_listen = 192.168.139.31% J4 B/ a* T% c; F: l
server_proxyclient_address = 192.168.139.31% q. _( N/ x% R
0 B+ i- t D4 s' |4 r4 t3 C; X3 [8 N& B
[glance] # 在此模块下面添加下面一行信息
6 N# U" ^5 c: e6 L- j2 Z api_servers = http://openstack-vip.stangj.local:92925 y( b1 ]% E) p C' Q' w7 F, N
: Y+ B5 p% B. l' a% b# ]7 O* Y* m
[oslo_concurrency] # 在此模块下面添加下面一行信息/ \% p o# Y$ D8 z- s, F3 z) h E
lock_path = /var/lib/nova/tmp
: ~+ Q5 y. q& E% {0 d* R! H
7 b2 w% \, M4 ^) m [placement] # 在此模块下面添加下面8行信息- y1 W# b0 y. G. S
region_name = RegionOne8 U- l; h- x+ t5 J. c3 |/ U
project_domain_name = Default8 V! F6 l. H- V6 P8 s% z( b
project_name = service
L4 L# X( w, k4 m) U9 ^7 S0 m auth_type = password* {: R! }. S" {6 k) v( e
user_domain_name = Default% h |2 H1 j5 b$ g
auth_url = http://openstack-vip.stangj.local:5000/v3# |7 ^( Q) \9 c) b4 E; z# z
username = placement) b: M$ l1 ?. S* O$ `( G& ?4 {. P% L
password = placement9 H* {9 R! ]4 p6 F; V! u" e' S
. b9 q% d% \: l" [
[service_user] # 在此模块下面添加下面9行信息$ M' z/ }/ Y$ C( I; J6 u
send_service_user_token = true" d1 d, y0 _" O( x
auth_url = http://openstack-vip.stangj.local:5000/v31 N3 e, V% i- n+ ^
auth_strategy = keystone! y: d) }( m" o- T2 S1 ?
auth_type = password
# I5 s. u# G2 A5 f project_domain_name = Default
9 R# G. ^8 f2 p: p5 C! e; N- m: M project_name = service
3 u# Y- ^& n) W- A: l" B3 f7 y* a9 l user_domain_name = Default4 _0 K5 c9 K N M/ g
username = nova' T) Y; M+ P6 E5 v9 S6 U
password = nova
! X7 J- m0 f4 I) o# F [5.1.7)初始化nova数据库
9 a; I! ^( s( i; V l0 `) ^) E root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova5 W) e6 c3 }1 B6 p. h: A9 z0 L
root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables", } C3 r- U% ]& H
+------------------------------+3 T: d! z) W& b" y) T
| Tables_in_nova_api |
3 ^1 t1 L, B) B8 T' a +------------------------------+
4 C( s# @ T! x/ G& s3 h | aggregate_hosts |" Q2 F8 G# y/ J. D* k; J3 v& ]/ j
| aggregate_metadata |
" y* s2 U4 E: v4 I- I% i | aggregates |2 ], k4 W) H0 S0 n s: y
| allocations |4 Q* N y& ~* C
| build_requests |
5 w" F g+ b# _9 s8 L1 @" `: m+ I) f& l ................................
. d$ {) k8 B/ i& s' N ................................
3 ^2 j2 @4 j( E" Y' C7 [' h% e | resource_providers |
3 p j, {- \$ x | traits |: [; V) A2 ^! h' c
| users |
- ?2 n( ^" |3 |1 K, W +------------------------------+
; P" ~% V3 i; Y- p+ K root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova [3 c; l# |% p c7 s8 S! V$ b
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova* D1 D/ \/ w. Z; b
....
9 ]+ B, u8 ?+ y' i+ j- r c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
' @- C% T2 ?5 d) l/ }, t : \- i' q8 I0 V1 m7 o4 g/ H
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova3 Q4 D9 |# [, Y4 J/ Q0 B
5.1.8)验证 nova cell0 和 cell1 是否正确注册:& F: B1 j8 a1 d3 @
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova0 [1 [' ~! q/ \6 W2 p
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+- b0 d3 n( T' W! a& {: a1 G! @
| Name | UUID | Transport URL | Database Connection | Disabled |/ c/ d: o8 W* r1 ~: S: R# s
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+ r; x+ z* ~1 H; l9 K4 R
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False |
. A; P4 Z& R S) D, g0 N9 g# M5 @ | cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False |0 f4 M8 N! B3 k1 `6 k: A- L, _) `
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
6 P! b+ o2 b( e, M1 |8 P
/ r! ~. J# a7 I" b4 S* I, T5.1.9)启动服务
4 N& C% T) W* r; }: w, z root@openstack-controller1:~# systemctl enable --now \
% T9 v- E5 c- l- u0 t nova-api \
( r7 V( M7 h, y- {$ q$ N7 M nova-scheduler \
/ Z6 ?# U, l. D nova-conductor \. {, P. ]0 Q3 H) n5 i
nova-novncproxy/ g' F9 C4 Y& O- `& j M
root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy
2 q1 u) o* E5 W: m5.1.10)把novncporxy代理到haporxy6 p1 b: [; C, s: y
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg : P# u- R, K3 O. J5 s1 {& {
# 在最后一行加入下面内容& m l0 O# P; w& r1 s
listen openstack-vnc-6080* C' Z. g7 j4 z2 `6 |
bind 192.168.139.248:6080+ K2 v3 s2 @) r+ m8 |3 N
mode tcp2 y) ], a1 L7 t6 a
server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 5
; B6 Z5 [" ]+ N- q root@openstack-haproxy:~# systemctl restart haproxy.service . ~& X6 b- \) W0 L h5 h/ D* B
root@openstack-haproxy:~# ss -tnl | grep 6080 G( B# w! m/ ]- [$ m" s* j
LISTEN 0 128 192.168.139.248:6080 *:*
9 B% s i& ]1 h% ?5.1.11)配置nova重启脚(为了方便后续实验), D) s% s, n# |& m( e6 j& ]+ G* L
[root@openstack-controller1 ~]# vim restart_nova.sh
& ?) y2 ?( J+ ~' ?& v9 [ #!/bin/bash
5 i% ]: h/ J6 |2 T+ ^ systemctl restart nova-api \
+ P [4 A9 @. z5 f; G6 H nova-scheduler \7 T# h& e n; f2 x$ D( C! |4 b
nova-conductor \/ r" f( q8 v+ ~
nova-novncproxy
: J ?9 @3 [. R; s0 F+ l5.2)配置nova计算节点4 h3 G; v0 \- M$ a. v% N
必须保证开虚拟化$ D2 E2 T5 W: g7 n
, A Y. Y1 S+ X w# N( C# o! n
image-20231215224936327
- Q' I5 }4 n/ u* R, V
! r: ^3 I U9 o# r2 O$ N5.2.1)部署nova-compute
# _# K6 `& V) a5 |) [; W root@openstack-node1:~# apt install -y nova-compute1 h- o0 s8 G) |) Q8 X
5.2.2)配置nova-compute
4 l- `$ E; {& d root@openstack-node1:~# vim /etc/nova/nova.conf! A1 B: a' Z6 u" f; ]: Z% j+ T
[DEFAULT] # 在此模块下面添加下面4行信息
+ q D. |1 G n- _ transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/& z- ~( }: O- p3 c8 ^ S) u
my_ip = 192.168.139.34% Y8 l1 w9 h Z
# state_path = /var/lib/nova: Z) _) }6 @/ R- s {4 x- m; n
1 @* r- z7 A* p9 c [api] # 在此模块下面添加下面一行信息! p- [0 F7 P/ m
auth_strategy = keystone
3 Q6 C. q( ]3 [+ s) R/ N4 r+ k$ K . z0 \" B3 w, F( \! r) s$ R; N
[keystone_authtoken] # 在此模块下面添加下面9行信息
" d( P, z0 B w8 u# E. C www_authenticate_uri = http://openstack-vip.stangj.local:5000/
6 i: G* U4 J8 [2 X g# U3 Z! V auth_url = http://openstack-vip.stangj.local:5000/
3 c1 R d) u7 q5 g8 Y8 g, B memcached_servers = openstack-vip.stangj.local:11211
+ x. q/ ~: ~2 t/ z- w9 G auth_type = password
* j, n2 \2 F: _" d8 b( Q" L project_domain_name = Default; }& f5 o- q" M# ]
user_domain_name = Default
: y; C- a* A4 p# o p3 H. w. L5 L project_name = service
. b/ k. D8 j' G/ M( f" ]/ p; @, V username = nova8 x' ~1 T% O, I! R, Z6 `- j
password = nova9 y; y' D3 q4 H& N b3 q
) s& F. d3 `) v: j4 F. Y
[vnc] # 在此模块下面添加下面4行信息
; t% D5 x$ r6 D) \( r enabled = true$ ?9 m! c0 |: `
server_listen = 0.0.0.0& ~8 s$ h+ n" B) W2 {
server_proxyclient_address = 192.168.139.34
4 ?% O$ Z8 F( j+ |/ h; U novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html
1 s; D$ D$ T: f
! P8 x+ \/ V, y- W8 m! K$ m5 Q [glance] # 在此模块下面添加下面一行信息
. B" c4 D. K' c) h api_servers = http://openstack-vip.stangj.local:9292
2 E7 e9 V1 C! Y9 [5 F7 K. M* o
2 m+ q/ X) M) J( ? |; Q [oslo_concurrency] # 在此模块下面添加下面一行信息: n; d9 X6 G# t7 \* z5 w
lock_path = /var/lib/nova/tmp3 m8 O. n, d+ r, n" i( ]
c" x, S9 }4 N [placement] # 在此模块下面添加下面8行信息
; ^7 W2 m+ E5 B8 v/ c- C, m- l$ t region_name = RegionOne/ w+ l& f6 r2 A7 d
project_domain_name = Default W) b9 @/ Z8 t% o! l/ z2 l
project_name = service
" k2 ^/ I" ?3 ~" y: { auth_type = password+ z6 I& z7 y$ ]0 s5 d& G/ D( w+ I) D- Y
user_domain_name = Default
/ C6 G9 ~/ o% k4 s# W auth_url = http://openstack-vip.stangj.local:5000/v3$ v8 C; R: l' D9 w7 u0 Q
username = placement' g- u, ]& s" O" b) X5 S. c$ E
password = placement
+ E" X4 y' C7 z7 M' P* [ ! a( h1 t6 k, g
[service_user] # 在此模块下面添加下面9行信息. g+ G5 f) o3 ]" v7 s0 i, g! q7 z) Z
send_service_user_token = true& H/ b+ O- c9 t( d- ?/ v
auth_url = http://openstack-vip.stangj.local:5000/v3. j7 c) A3 I0 q8 s% g* \! {
auth_strategy = keystone2 D; m6 E: p+ v) Z, Z- J
auth_type = password1 ~% X( B+ e3 w8 K( b& p- a
project_domain_name = Default( f' ^( G' q* w1 }; d
project_name = service o$ b. {. i8 @8 G* `0 d2 C
user_domain_name = Default
* m- Y4 ~- ?# C9 T username = nova/ S/ Q: V$ I; U2 W
password = nova
X1 A, o7 r) Z- v( Z# v 0 ?5 ?7 t- b5 |# Q% S
root@openstack-node1:~# vim /etc/nova/nova-compute.conf/ Z7 W: F% Q' t" G% w+ I% W4 t
! K- ?! `+ K- J# R9 Y/ T% g& H
[libvirt] # 在此模块下面添加下面一行信息
1 Q5 g) B, z( F2 i6 Q+ a virt_type = qemu( i8 ]! z3 b3 I$ X/ {2 c; O2 Y
% q2 y6 u5 m$ B( B' {* i$ \* g `检测是否可以用虚拟化`
. ?" Z5 u2 u1 n: ^ root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo$ D3 B3 Y( S' Y% q7 W; y8 C# x
4
( L" W* I3 o0 E9 s/ g* r, ^- t5.2.3)配置hosts解析
4 o* R7 Z6 D& d" |: q: y root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts' R! N) w( x( r7 [
5.2.4)启动服务
( ^1 _, }3 g# B) _: j root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute
1 T$ H% X& O* n) M `编写重启nova-compute脚本`
% s" |" Z! l( w( Z root@openstack-node1:~# vim restart_nova.sh6 X4 j$ `- {. N1 m) `0 ~& ~
#!/bin/bash+ L' n9 `" B, H1 i$ o: y
systemctl restart nova-compute
: F9 x/ a$ r4 d; a! u) }; F, W2 ~ root@openstack-node1:~# bash restart_nova.sh
, v4 B9 f- N: {0 m' ^* O 9 p+ _9 l; a9 e9 G' \+ Q
5.2.5)验证服务: e! i1 _! `6 G' u+ P2 f
root@openstack-controller1:~# source admin.sh ! U& y9 z# h4 Y* I3 j; _6 z
root@openstack-controller1:~# openstack compute service list --service nova-compute- b. D5 K. {# I1 `* k% f' v( ~
+----+--------------+------------------------------+------+---------+-------+----------------------------+; d; f) ^" a# R' t) R2 q# `# `
| ID | Binary | Host | Zone | Status | State | Updated At |
) v/ m2 {5 a8 ?9 @ +----+--------------+------------------------------+------+---------+-------+----------------------------+
& X, b: J/ V; H G* `& c | 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |
, h7 s/ K# t9 q5 _ +----+--------------+------------------------------+------+---------+-------+----------------------------+
3 v& S! V5 h h% [5.2.6)发现计算主机
0 ?$ M1 E/ N% U* `/ Z" ^如果加入新的node节点需要执行下面操作
- e& d, k# I3 b1 l; D T2 s. Y" w$ v1 s* `
[root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova& e: x, f S; D2 Q' h3 q! _
Found 2 cell mappings." z: T6 V- D5 }7 A7 L0 U" u) U
Skipping cell0 since it does not contain hosts.
j& B3 w4 v( ^3 T+ F Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f8 K8 R2 M' ^2 h( F- f! D
Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e08 g$ [' j& s9 K! w) t6 v2 i9 y$ W
Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
6 M- n* X% @" z9 |* @$ g& d6 _1 n; a Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f0 F. t8 r6 w5 V" S1 O% W# d
5.2.7)配置自动发现计算节点
f. }: o& c: P; b9 n; c9 E [root@openstack-controller1 ~]# vim /etc/nova/nova.conf
2 h. O4 m+ Y0 G% [& k [scheduler] # 在此模块下面添加下面一行信息& Q( ?% N- L6 O- a3 ]
discover_hosts_in_cells_interval = 300 s$ ^4 g0 T5 R& H
`重启nova-conductor服务`
+ Y! D% W7 I4 L k; |7 H [root@openstack-controller1 ~]# bash restart_nova.sh ) a$ y* F+ [/ C/ |% p5 u
5.2.8)验证操作
& h2 o8 \3 K& p4 A; o [root@openstack-controller1 ~]# source admin.sh # K; q: H* m% `& I( e1 a" Y k
[root@openstack-controller1 ~]# openstack compute service list( V3 `' k, n/ p7 V" X
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+ w) C) `2 W+ D( w2 V
| ID | Binary | Host | Zone | Status | State | Updated At |/ e5 Z: ^4 P, u2 c
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+
; w, e- ?# ~# q0 U# P1 x | 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
9 U$ I1 }! _2 W0 z$ R | 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |1 u- Z# m$ q7 l/ W
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |( |1 t" e7 \0 @' h Y% U2 y$ ~! L
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+
& n- f3 I0 Z: E" {. C# z root@openstack-controller1:~# openstack catalog list
: T& F9 O S' T4 Y6 n +-----------+-----------+---------------------------------------------------------+
5 e- G$ J9 q! I! f7 i | Name | Type | Endpoints |
7 G0 y% Y& C1 V$ Z/ J +-----------+-----------+---------------------------------------------------------+& r* N2 T2 U) N2 U6 A
| nova | compute | RegionOne |
$ D |/ s. ~/ Y, D3 P& q | | | public: http://openstack-vip.stangj.local:8774/v2.1 |. j3 e+ N3 X6 k, E
| | | RegionOne |
* L- h: y' o0 M7 g L | | | admin: http://openstack-vip.stangj.local:8774/v2.1 |1 }# Q' l0 b8 U4 J+ F6 d! L
| | | RegionOne |
4 B% A" i- z. X5 Y | | | internal: http://openstack-vip.stangj.local:8774/v2.1 |5 C9 s, B4 l0 u# H1 B- e0 A2 _
| | | |# Y$ s6 x" b. p: t$ J1 _
| glance | image | RegionOne |
) \5 E- ^) t. d | | | public: http://openstack-vip.stangj.local:9292 |1 Y7 i g- }$ m0 A( N( `( u4 R( I
| | | RegionOne |& }! v9 V9 B3 t4 g
| | | admin: http://openstack-vip.stangj.local:9292 |
2 S! U" K' E6 J | | | RegionOne |
3 h: H+ z; N0 |3 } | | | internal: http://openstack-vip.stangj.local:9292 |
" q% Z7 }' t: Z4 T, Y5 U | | | |& i3 _, h/ ^) W
| placement | placement | RegionOne |9 X3 y! ~$ h! f4 W& w; t/ B
| | | public: http://openstack-vip.stangj.local:8778 |7 P# L/ H) {# K- J0 L( d
| | | RegionOne |2 R$ ^' V+ k, Y- r& y# v
| | | internal: http://openstack-vip.stangj.local:8778 |
3 N7 o7 c) d/ n/ M9 Z | | | RegionOne |
1 W/ V# Z. k. y) p7 J | | | admin: http://openstack-vip.stangj.local:8778 |
* A' z/ D, q" m: D8 O | | | |% S. V# v; S7 Z/ H' M. H1 a3 H) a
| keystone | identity | RegionOne |
# l, R& ]* d0 j | | | internal: http://openstack-vip.stangj.local:5000/v3/ |
, {* \& z4 y5 v D7 v | | | RegionOne |% x% }8 h' J$ o7 R
| | | admin: http://openstack-vip.stangj.local:5000/v3/ |
7 u$ j/ E( ^- E7 u! J- }& ?$ | | | | RegionOne |
$ Q e1 h/ E+ g3 ] | | | public: http://openstack-vip.stangj.local:5000/v3/ |
8 M2 G8 P# S# ^) i | | | |. z3 V, ^/ P) N) Q% w
+-----------+-----------+---------------------------------------------------------+
7 Q& U1 k+ F% R
, @5 A+ b2 I" q; f S root@openstack-controller1:~# openstack image list" o. M4 O6 S4 }1 q/ r
+--------------------------------------+--------------+--------+* K* f5 Z0 b% Q% j# f; v( d
| ID | Name | Status |
8 o! W: N( w/ w. d6 r+ O( L +--------------------------------------+--------------+--------+
$ i! d( H) I: V8 b | 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |3 E! T$ ?* q9 u, J. ^) ^' k: e
+--------------------------------------+--------------+--------+
9 G' j$ `: o7 |
; [8 N" v0 d0 e- |" L root@openstack-controller1:~# nova-status upgrade check" s+ f' S- {* U5 m& D" c! m) ~
+-------------------------------------------+
P4 c: g( M& S2 D( s0 ~3 Z4 j | Upgrade Check Results |
( K1 ~! Q& d9 E/ f h! f; h +-------------------------------------------+
5 X5 k7 O% g- C' s | Check: Cells v2 |
( X+ i/ p5 L' x! P4 u3 _ | Result: Success |
2 ? N E9 v+ J& k3 l | Details: None |/ R$ j3 s$ Q# y( P
+-------------------------------------------+5 z5 X8 _$ M4 x1 Z3 q
| Check: Placement API |4 H. n5 D& P; Z, T0 H
| Result: Success |& m4 }& O) O! d3 T& X# P
| Details: None |# A/ a& i8 }0 k0 P5 z
+-------------------------------------------+
4 Z1 f8 \ b. V* U | Check: Cinder API |: m9 Q: }7 _! |2 j
| Result: Success |
3 b2 P" R$ G) A# f" A s: y | Details: None |3 L6 F8 g& D |' s9 c+ G5 q. n, A0 p
+-------------------------------------------+
. E0 x8 |/ G0 a5 D$ K$ p- U | Check: Policy File JSON to YAML Migration |, l; i& E/ ^' x. e6 V e2 B
| Result: Success |
! x$ Z3 t& `, T | Details: None |; i4 D! n- q# \0 i
+-------------------------------------------+
* ^, c; d( T* ~. a6 p | Check: Older than N-1 computes |
3 R5 \- X( y2 g) y | Result: Success |
, `+ Q5 s, M# r | Details: None |, p$ ]# `' @3 k& X- O3 b2 O
+-------------------------------------------+
7 [( y( G i& h | Check: hw_machine_type unset |
: X; k, F, P- q( o; ? | Result: Success |# `- E2 q# r7 z. o6 x( P6 Q
| Details: None |
$ i1 H/ @* i7 @; X( L% m +-------------------------------------------+
$ ]1 \2 O% {7 o | Check: Service User Token Configuration |3 g7 q. O" J. D5 v* I
| Result: Success |7 p0 M7 K1 |, `* l' u( B4 H
| Details: None |
0 U* o( O/ `/ d, F +-------------------------------------------+9 z9 E1 ?( r5 }
6)安装neutron1 L6 b. T; e* }4 a4 G8 L! ?
6.1)安装neutron-controller节点
) K5 N" z: w+ K7 [0 _' m1 ^+ N6.1.1)创建Nova数据库 m8 K6 r3 N; F) p8 @
root@openstack-mysql:~# mysql/ ?% `' Y- \8 i& x5 O) W
MariaDB [(none)]> CREATE DATABASE neutron;+ c$ W l" G1 u1 I4 `8 J. Y6 }
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
! u ]0 x1 i5 F* J6 C! | IDENTIFIED BY 'neutron123';
+ ?$ T) C) z4 J MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \ O9 Q+ T8 q4 F$ I' M
IDENTIFIED BY 'neutron123';* h/ x+ @8 D' Z
6.1.2)配置用户和端点
' u5 s9 d i1 b' w6 d5 F' H. W* } root@openstack-controller1:~# source admin.sh
, v4 `1 T( b1 ?/ j X7 A root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron
0 P/ p# u3 H6 I0 i/ T- P User Password: # neutron4 q4 _9 s. n/ s% ?2 z
Repeat User Password: # neutron
9 f1 j* }/ \8 R2 W1 x! c: t. p +---------------------+----------------------------------+
$ q' }0 v8 X+ W | Field | Value |. y" X, p1 C- P
+---------------------+----------------------------------+: q3 N& N/ L+ z. _* c7 t8 a
| domain_id | default |
0 ?8 g4 `0 h7 X% I4 C* f& b | enabled | True |
/ q( E3 X2 \; V) s | id | 282317cd0bb74396a7a12dcdd96aeed0 |; e) z! y+ l. R
| name | neutron |: o) Z* c5 X: u x$ ]$ t( `
| options | {} |+ ?6 W: d8 {5 U6 y/ m _7 J
| password_expires_at | None |. ^7 D4 k. h2 I! ]
+---------------------+----------------------------------+
+ w/ a& j- c' P1 c, i3 {2 k ; k4 }* {8 a; J
`将 neutron 用户添加到具有 admin 角色的服务项目`
: |7 x$ T$ y, {# w6 r # 让neutron拥有service项目的admin权限`/ ^/ L1 ?) A& z. l) J* }
root@openstack-controller1:~# openstack role add --project service --user neutron admin0 N6 _7 g }. E5 b8 k/ u
`创建service实体:neutron`5 H0 p# j1 M* a- k7 o: t
root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network3 i) d9 A$ R/ f5 s
+-------------+----------------------------------+
6 C5 P+ Y$ r* U, n: _8 G/ W | Field | Value |8 @' d9 H* q+ G0 J! `8 n( ?
+-------------+----------------------------------+
/ e% o8 t X: U% v3 `. [ | description | OpenStack Networking |& W$ m- ]& {4 d0 ~$ z0 [3 b& x5 \
| enabled | True |
1 Z4 h$ }& n# W3 `4 S. N | id | e4ff8c65882a401a83e2203ce49daeaf |* D/ |6 r/ ^5 z! X a& g% G8 H
| name | neutron |# b- e0 p3 I) b) I" N/ Z4 Y8 ]
| type | network |" u8 T" @, d2 z5 ]2 P
+-------------+----------------------------------+
4 x, } h" U. a& o! ^4 p [root@openstack-controller1 ~]#
0 A( _! q1 G7 O5 w6.1.3)Create the Networking service API endpoints:
1 |' Z i1 O( o" j/ a8 {% G, o [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696
( A6 H+ ?( t* `; c7 J, E +--------------+----------------------------------------+4 K/ h% M+ H7 N0 o, i- G, z- f
| Field | Value |7 ~ V- u3 i/ Q7 U
+--------------+----------------------------------------+
Z1 J5 |# s1 g$ U( B; j, x2 q4 G | enabled | True |
2 T) p5 N2 S, J$ }1 c | id | 970ca60adf5746299d48f7659d500809 |( u1 w# h H! s
| interface | public |
$ O6 A3 S, X2 ?$ g [7 d- l8 \- R K | region | RegionOne |! P+ ]& ]: W9 F. F$ t0 [4 C
| region_id | RegionOne |
- J& U& d- g# x. u | service_id | e4ff8c65882a401a83e2203ce49daeaf |
$ y& D1 v7 M" y3 f" U. W3 j; Z | service_name | neutron |
3 x2 X# k- O: M4 `' X | service_type | network |4 X a& Z, Y* s% I& b6 x
| url | http://openstack-vip.stangj.local:9696 |
6 ~0 d% E' W1 Y- e* P9 N +--------------+----------------------------------------+
4 d; Q% Z) y0 A- g a: I: g [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696
% _# M7 Y9 \& _" Y +--------------+----------------------------------------+3 T& `4 i0 j' b5 x1 I2 Z
| Field | Value |
# r: e+ D( e- u +--------------+----------------------------------------+
+ ~2 n m) l6 H$ A | enabled | True | I8 } t6 }" g6 e, L
| id | 4c5f5ffbba4a4c668377a86cfd4a2320 |
- z s& @3 z _+ y | interface | internal |
( {5 n/ t* |2 A* M' F | region | RegionOne |
, r3 E0 o; Q: I | region_id | RegionOne |
% C5 J8 U. h7 Z3 Q! E | service_id | e4ff8c65882a401a83e2203ce49daeaf |
7 j* F' P& ^! M) p2 T4 M | service_name | neutron |
& t2 i3 X( i0 K) D! k5 a& u+ `4 D | service_type | network |
6 W/ t% A) {# S6 [: ~/ f& X | url | http://openstack-vip.stangj.local:9696 |8 ?2 Q/ P' f9 U7 Z/ X" y
+--------------+----------------------------------------+
. V2 T! v/ s' C6 ?
: |" s& h! Y+ G& u4 Y' Q [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:96963 X+ ?$ \1 r! G! n
+--------------+----------------------------------------+
, d; [7 {1 {+ f8 P9 O0 T+ S | Field | Value |: s: X' S8 w+ b: p. e8 F" Y- g; \
+--------------+----------------------------------------+; V! L8 i* U5 r z& |5 v1 z
| enabled | True |. x* c7 M+ @6 b& X+ r. V; @
| id | d8c4e83eab66486983680b69520ca92a |7 H+ C' O9 `! A& o5 _9 e
| interface | admin |
: K7 X9 K% g$ |$ N" e' i2 x0 O | region | RegionOne |
4 y* z% c' H: C' g" g | region_id | RegionOne |
/ B7 Z& a2 l$ Q5 o5 H6 P | service_id | e4ff8c65882a401a83e2203ce49daeaf |
; Z0 ~' Z. [1 q, d; q4 k | service_name | neutron |
5 j3 C- w( h1 n8 E) l | service_type | network |3 o' n) s6 z% h' O1 X
| url | http://openstack-vip.stangj.local:9696 | \- P/ N0 M3 z
+--------------+----------------------------------------+8 y4 e% g2 n0 A& R& H1 q: j3 ~" X0 z; E
6.1.4)配置haproxy! u7 d- q( J2 ^* C
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
( o1 C) @6 l+ W% ~1 l # 在最后一行添加下面4行内容0 q F5 ^( X. h% { L0 G
listen openstack-neutron-9696) y' c+ `9 ?% ?: h1 z* K2 [, a, E
bind 192.168.139.248:9696! O8 B% W3 A4 d$ |
mode tcp
. W: `( s0 h2 t4 U+ q server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 54 o0 f0 b. o* L9 k# ~
root@openstack-haproxy:~# systemctl restart haproxy.service 2 I, k% y1 l5 \ G) O
root@openstack-haproxy:~# ss -tnl | grep 9696
: B9 I+ ~- Z0 d5 ]8 @ LISTEN 0 128 192.168.139.248:9696 *:* % m2 l" R7 ^+ P, M K1 @9 t; J& D
6.1.5)部署neutron
! ?2 q6 y4 I$ F; C N: U5 T1 u root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \# h1 }$ f' @( }4 E" y# j$ ]
neutron-openvswitch-agent neutron-dhcp-agent \, W9 b& j; J0 n1 {% n4 J
neutron-metadata-agent# q. h# \, d" y% u
6.1.6)配置neutron主配置文件
% N r, ^& L: A; v7 f, m4 l root@openstack-controller1:~# vim /etc/neutron/neutron.conf9 s# I% E8 {5 y8 Z
[database] # 在此模块下面添加下面这一行
) A3 H' m2 i: @6 x& S, I connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron
: v0 ?8 t. z& _! f# ?: k# L
+ E+ q* Z( O" A; M9 V7 i [DEFAULT] # 在此模块下面添加下面这4行- J5 }% ^; C! A& c8 j# T1 V2 R; j+ Z
core_plugin = ml2
% w& n& Y* H: r/ u5 i i& M- f' m service_plugins = ( l2 K ~8 `1 h, j2 V1 s+ v
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local
3 f( f+ C: c. x- `4 L4 y7 ~ auth_strategy = keystone" r/ v; z& l, K5 h3 i! V' |* ?
notify_nova_on_port_status_changes = true9 [9 L) i! N7 L }$ y
notify_nova_on_port_data_changes = true, p- c1 m7 z1 X/ }- _1 B
+ o9 g, ~% }5 l
[keystone_authtoken] # 在此模块下面添加下面这9行4 M/ ?) V" I# d+ m% ?* k
www_authenticate_uri = http://openstack-vip.stangj.local:5000 r [7 O! l# j
auth_url = http://openstack-vip.stangj.local:5000+ A+ o6 c: k. L9 l/ L4 f; U& B Q
memcached_servers = openstack-vip.stangj.local:11211/ i5 E9 o) h [+ C
auth_type = password9 a* I6 I& ~- o" ^2 b3 t* U
project_domain_name = default/ l! d: ~9 z, v+ h6 Q2 Y9 N; z
user_domain_name = default+ g, j# W: D' r5 s1 m/ x' ^
project_name = service6 M9 m j& T) _% Z7 R* c2 o
username = neutron
! l8 e0 G |9 U7 K/ K password = neutron# ?5 v4 H; f" I
" K3 \* n5 A+ T: ~" C3 Y& t8 X # 配置文件的最后添加下面9行! U0 |" _; F O& {9 E
[nova]
3 l8 w7 u ~5 I$ g, P auth_url = http://openstack-vip.stangj.local:50007 `7 A* r) }3 u, M+ w
auth_type = password
/ y9 D2 W) K; y- g project_domain_name = default
@ u* U! W0 i user_domain_name = default
1 |8 G2 a$ J+ [) l& E region_name = RegionOne
5 D0 i4 h' L) ~2 g1 @7 P project_name = service F& x1 ~9 h1 D6 o3 A* n% F+ C
username = nova
2 y2 [9 I, s8 B password = nova
5 ?* X5 Z+ ~0 z1 a$ o5 X) ?( ^ - U3 s$ s1 }1 |* m
[oslo_concurrency] # 在此模块下面添加下面这一行% f; I& } e( i) u% a% W$ x u
lock_path = /var/lib/neutron/tmp/ _* N, e* `/ R5 h; K: D2 Q
; Q$ A/ {+ C# `9 W4 w
5 j* k. L4 \2 d9 ?" M# S, d# R #service nova-api restart
) d5 |! }+ o/ [ B$ M& n/ ~. Z #service neutron-server restart
4 f# r: |: m) e4 T' o #service neutron-linuxbridge-agent restart
; D/ X& i, c: \+ f) H #service neutron-dhcp-agent restart2 n( R# C- S* y
#service neutron-metadata-agent restart
% L6 Z" J, J1 Z; @, E/ Q9 z6.1.7)Configure the Modular Layer 2 (ML2) plug-in! I/ |4 J5 d$ s( j2 K2 g
可以从网站上获取完整的ml2_conf.ini$ N& _" s7 ~% a5 x
8 d6 @ e8 D E& a# _. ?" Jhttps://docs.openstack.org/newto ... s/ml2_conf.ini.html0 J) h+ T1 J4 Z, {
^4 v7 H9 }) c6 J. n: y9 J root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini* z& @* ]+ L% G3 I4 B
[ml2] # 在此模块下面添加下面这4行, L8 Y- m D* Q) F6 t1 u
type_drivers = flat,vlan& G! W5 w& J7 g8 M7 s9 |! a
tenant_network_types =
' W% {$ c; m" n) h& N7 Z% S9 P mechanism_drivers = openvswitch& @& E9 i" w! w! |, s
extension_drivers = port_security( K4 \* r |. U, q$ }( { C
" w! j1 _4 l2 W5 M/ g
[ml2_type_flat] # 在此模块下面添加下面这一行
. K7 }1 ]# S* ^. k0 e# v flat_networks = provider
8 A; G: n8 i* _ d1 |$ m2 y
; r0 c& D. @5 `) o , F5 A7 i4 \) W+ `1 h) o
`最终配置信息`% K* P& N2 j: F: v, p8 |7 I- S+ y
root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini
) N: ~8 A& p3 G3 O; b& M% B% y" n; \ [DEFAULT]
" B2 n# @' z1 {5 Z1 @. t$ ^ [ml2]
8 l. ^! x- a: e# U type_drivers = flat,vlan$ F/ t7 T: d* W4 H& S# B. I1 a
tenant_network_types =" a. s* g& y9 {3 P4 V% L
mechanism_drivers = openvswitch
% h1 r7 b& ~1 T7 G0 p: T extension_drivers = port_security; x7 w0 ?! M8 W8 _" @& K- i3 G
[ml2_type_flat], e# U7 C1 _4 H: `% v5 e& u
flat_networks = provider
# F* {- F4 ~! {- J5 y9 Z, p [ml2_type_geneve]* }0 \9 E6 O5 s
[ml2_type_gre]
4 B% H4 C- u! U+ y) } [ml2_type_vlan]: R8 m( u5 i/ e7 X' M& @2 e
[ml2_type_vxlan]# z$ O4 G9 O" X& I
[ovn]; Z U+ W" [9 x- w4 w; v
[ovn_nb_global], q8 V9 y6 Y, ]7 N6 q n
[ovs]) e! U8 c+ U* r7 h& t2 `
[ovs_driver]
9 ~; k" W7 e; y' O, o' E/ F; z [securitygroup], y0 m1 K, f- O6 B: ~
[sriov_driver]& I3 a, D8 q, }, [& S6 `
6.1.8)Configure the Open vSwitch agent
" q8 k% ~: ]! A8 k; k1 Y8 Y可以从网站上获取完整的openvswitch.ini& [$ q) j' S7 P. z$ [* @) C- g
# O+ y, {' x; @! K, Z! C6 g$ }https://docs.openstack.org/newto ... itch_agent.ini.html
9 V$ ?- u8 Y+ M7 P
" i+ f5 a3 ^8 |+ {5 N root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini1 P0 i% B8 s: I% [: ]! v
[ovs] # 在此模块下面添加下面这一行
4 C* L, S6 v& W, O' r bridge_mappings = provider:br08 x& o8 H, x) U% `+ Z: H; \
}3 d0 Q0 n* o$ t4 P [securitygroup] # 在此模块下面添加下面这2行& T. ^, |! `( s' w1 F6 [9 l. Z( h
enable_security_group = true3 h, C7 N5 l; G: v' @3 N
firewall_driver = openvswitch" v+ V- Y( ?0 g: O3 [
! g: l* a! ~8 | `因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
3 Z/ ^# q. ]& ], g root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf
0 I2 ?8 {4 ^1 j! x2 a开机加载网络配置+ F6 [% G0 k4 k8 Z4 a
! n5 w0 B% c p- D7 w" t$ ]+ V$ s
#!/bin/bash
6 M( O4 B" ^+ z3 r ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31
M6 l- }' I8 u- H) a ip route add default via 192.168.139.2/ B' u+ P% {% l7 S
echo "nameserver 223.5.5.5" >> /etc/resolv.conf
( b# D/ Q/ I3 z; W: M9 V6.1.9)修改内核参数
7 \# d0 }. O& B root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
* K* y. V4 n* v root@openstack-controller1:~# tail -2 /etc/sysctl.conf
, [% e/ |, a9 b5 | net.bridge.bridge-nf-call-iptables = 1
9 h% Z! y7 l9 {* ` net.bridge.bridge-nf-call-ip6tables = 17 Y, I7 q9 p0 i2 |
`加载模块并让内核配置生效`
& q6 N. o1 Y6 O( ~! Y/ X root@openstack-controller1:~# modprobe br_netfilter7 J, w/ a' ^* E5 @' g1 E
root@openstack-controller1:~# sysctl -p
0 B; z3 L; i! C- z8 q# Z9 ^ net.bridge.bridge-nf-call-iptables = 1
- T( k; P+ c9 V, X8 v net.bridge.bridge-nf-call-ip6tables = 1
( A' ~8 p! e7 a8 M6.1.10)配置DHCP
. [. D) C0 u) k$ [+ s" I root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini
$ e% p0 {/ u% W. w [DEFAULT] # 在此模块下面添加下面这3行
8 n: X5 P' x9 B) \ interface_driver = openvswitch
' U4 q" e# d8 l5 P. ] dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
9 `6 [" u2 W( o enable_isolated_metadata = true7 \2 _8 o( H5 c
#enable_metadata_proxy=True8 N; J8 j- z7 v, ?' ]" u1 O( k
#metadata_proxy_shared_secret=openstack
) \7 s! W% y. \; b6.1.11)Configure the metadata agent
) q2 u) {7 ?' f p' i- B, H root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini9 t! W- G, o; W( x2 G- o: r9 I
[DEFAULT] # 在此模块下面添加下面这2行0 v9 j4 g" g3 s( D) `
nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址
2 y ?) q6 Q0 k/ M, d metadata_proxy_shared_secret = openstack* g% N! H6 B' {. k8 f( r
6.1.12)Configure the Compute service to use the Networking service
$ ^: A0 }3 t l root@openstack-controller1:~# vim /etc/nova/nova.conf( L; D6 c9 H7 x* ~: H8 D
[neutron] # 在此模块下面添加下面这10行+ h: {+ }7 F D9 m) S8 M0 J' f
auth_url = http://openstack-vip.stangj.local:5000: Z$ t5 o5 p3 c$ p3 u, E
auth_type = password
9 j9 k5 B4 p, K. B' x5 j9 T* ?4 @ project_domain_name = default- ~% p6 m% D( ^* \4 Q
user_domain_name = default, }. K3 n' }7 J1 H
region_name = RegionOne
8 K3 e, S* q; P f project_name = service( \% G d! h9 Z( ]9 v/ a9 N
username = neutron
" B# \- Z8 V5 c' w, Y) @1 Y password = neutron, v: O7 _) ]" a! r# G1 b4 V
service_metadata_proxy = true9 L5 J3 C% c7 N/ j/ r+ b' ]
metadata_proxy_shared_secret = openstack% w4 i( c7 K% g& L' a. O
6.1.13)初始化数据库
f8 b# }" i, K5 U1 j& e7 r& X root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
7 l9 |9 O, K" ]" |2 v root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron$ w# S# T2 g" y4 @' t
`验证数据库`
2 w9 E+ E% s" o- b- [- e root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables"+ b* q& u+ N1 W% G/ y
+-----------------------------------------+
' J9 d& i! u4 f0 G9 G- k9 Z, U# M | Tables_in_neutron |
3 h% O1 _. I4 V; A& E% w +-----------------------------------------+
% t; J1 X. z+ ?( ?: ^5 g( n | address_scopes |
* |( Q8 V) z# E$ h2 c& P8 X& d | agents |
9 E3 y4 {& j2 E5 v7 _1 D5 I7 w2 G | alembic_version |
0 @' I5 S p+ k! r | allowedaddresspairs |3 ^# x; f. r+ g1 [
| arista_provisioned_nets |) B+ Z4 Q# \3 R7 |
...........................................
G B0 \, U0 W7 W% j ............................................ q- v! j9 ~' d6 C
| vcns_router_bindings |
* B5 x4 s6 K; R | vips |# e& `* y! Z) b5 ?2 G6 u; B
| vpnservices |
$ z$ M2 K# B) x1 E' G +-----------------------------------------+0 t5 J! L: j) V9 A
x* L; ]' I$ K
6.1.14)重新启动nova-api API 服务" S# D3 B8 c5 ]+ }$ ]
root@openstack-controller1:~# bash restart_nova.sh6 e4 U P# D$ M. ]3 ~2 b, r8 }8 A
6.1.15)启动网络服务
# j8 U! V3 t% Z/ o4 \' Q root@openstack-controller1:~# systemctl enable --now neutron-server \
( t) v4 ]# `& t* c+ o neutron-openvswitch-agent neutron-dhcp-agent \
) S t( j# J/ }4 [ neutron-metadata-agent& X4 U. r3 a+ T9 Q5 J
6.1.16)编制neutron的重启脚本
6 i* k A P3 R. Q [root@openstack-controller1:~# cat > restart_neutron.sh <<EOF4 m0 T' R+ o# ?- P' {5 g
#!/bin/bash w. l. n/ m0 S
service neutron-server restart# l& W! ^( A# J. z& b: B! o
service neutron-openvswitch-agent restart
8 f" G* J, g. F6 o service neutron-dhcp-agent restart
k9 x) @+ Y% f service neutron-metadata-agent restart
! J3 J; \( `+ [$ ^! a8 [ EOF
5 J5 d5 m& Y7 g' p. v: U8 M+ p1 _ d [root@openstack-controller1:~# bash restart_neutron.sh' ^, V/ U5 ?2 Q9 b' T- K
6.2)安装neutron_compute节点6 Z6 q4 p5 r" r+ K8 ?9 U
6.2.1)安装相应服务' ?4 ~) R! Q0 Z6 ~; u
root@openstack-node1:~# apt install -y neutron-openvswitch-agent# Z F2 a; G3 H6 _" Y6 Q( s( K V
6.2.2)修改配置% P" B, e0 c/ `5 y+ l0 i
root@openstack-node1:~# vim /etc/neutron/neutron.conf
7 I" |" K- \" S$ Z [DEFAULT] # 在此模块下面添加下面这2行
* [( O6 ]' M% V: M: T transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local" Y* }- m; q. `* U: K
; Z! M8 d* j, d, ^
[oslo_concurrency] # 在此模块下面添加下面这1行- s. G# j5 l6 e h- v0 T$ d
lock_path = /var/lib/neutron/tmp/ v! ]1 v- i% a0 w/ U
6.2.3)Configure the Open vSwitch agent
& l" @$ B5 G/ V( p6 Y# }1 W可以从网站上获取完整的openvswitch_agent.ini
+ Q5 \# x/ }2 o" b o
P( b: c$ c: _% J: _https://docs.openstack.org/newto ... envswitch_agent.ini
/ T% s% n w( g3 O K' [, `3 q v/ y2 v0 c' P' D# |
root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini( s" ?0 ^. q, O: t
[ovs] # 在此模块下面添加下面这1行, |2 G! `3 \9 c; t: `$ m* v
bridge_mappings = provider:br0
9 ^9 z; X" k) C 2 H, W; J9 y5 f* n! j: c9 O
[securitygroup] # 在此模块下面添加下面这2行
1 \7 s+ o6 R- O' f* t$ ? enable_security_group = true
: Y8 k8 k; R8 Z Z, m firewall_driver = openvswitch. r2 c1 D8 i$ |6 ^- W
( M& U( i+ q& `9 d+ k `因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
7 i0 x6 m7 Y# V8 W2 a root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.26 e: S4 q+ E$ R* ?
开机加载- h/ n4 o- @+ T% \0 F2 m/ t
1 ^7 T( b+ S; L) f; V root@openstack-controller1:~# cat /etc/rc.local
( C/ Z; N: g2 s8 ~3 [7 Y #!/bin/bash: y9 B. v/ L7 g- f
ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34% o2 b/ \9 l- H( s# d- N# m% Q+ k5 S
ip route add default via 192.168.139.2
% }; W. k2 O" R0 x, E; F+ K echo "nameserver 223.5.5.5" >> /etc/resolv.conf
! {/ v6 O6 e2 g9 P# D5 v- q8 q6.2.4)修改内核参数
7 p( n% F& b1 v) ` root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf / n" f5 B3 t- \, O) p b
/ ?7 J" Q2 D) @3 t
root@openstack-node1:~# tail -2 /etc/sysctl.conf
9 } m! x2 K1 Y k/ W net.bridge.bridge-nf-call-iptables = 1
) c* P) a9 J2 d9 b( Z6 g net.bridge.bridge-nf-call-ip6tables = 1
6 O9 R% b% |& U1 b# R3 N2 i `加载模块并让内核配置生效` 4 f8 S. W) r; `2 {1 m' P% U
root@openstack-node1:~# modprobe br_netfilter
' p% @8 ^4 w) k* o root@openstack-node1:~# sysctl -p+ n1 _, z: [) @. A. l
net.bridge.bridge-nf-call-iptables = 1
8 W: O7 y$ ~- p3 b. F+ V net.bridge.bridge-nf-call-ip6tables = 11 R$ t {7 B2 p* e$ z! Z9 T0 [
6.2.5)Configure the Compute service to use the Networking service
& [# X7 i c# c X3 U Q0 C root@openstack-node1:~# vim /etc/nova/nova.conf
+ @7 \) `" w3 ^ [neutron] # 在此模块下面添加下面这8行
$ `" | R+ W% n( t auth_url = http://openstack-vip.stangj.local:5000$ @9 C! d" f4 {; g% f5 s8 ~
auth_type = password1 P& Y% `& J0 B3 N N: g: p! N0 i
project_domain_name = default4 u9 ?/ N, `) M! m+ ?. N% X, r
user_domain_name = default5 a( v; `" c0 g8 D5 G5 K7 d! l! R+ o
region_name = RegionOne
% k& i. S; a9 V, m' X% f- k project_name = service2 e% g6 |9 p/ ~" o) x, f
username = neutron
M. ` z1 a2 {' G. w$ A8 ] password = neutron! y. T& Y% i4 }3 Z0 N' R% Y/ K
service_metadata_proxy = true* Y6 c0 @9 c! h) K- p
metadata_proxy_shared_secret = openstack+ G; a7 ?8 g/ P4 t6 ]6 A
6.2.6)启动neutron_compute
% `* t$ \) }0 T# X+ l0 G root@openstack-node1:~# systemctl restart nova-compute
. R& C, k3 K+ i root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart7 G( O K6 T" Z* K v+ u4 A
6.2.7)编写重启neutron_compute脚本
" f' Z/ w, H6 u root@openstack-node1:~# vim restart_neutron.sh
8 T3 o! N/ l5 A6 J7 V/ w #!/bin/bash1 d# d. A9 _. A
systemctl restart neutron-openvswitch-agent& A; A R I3 x
6.3)验证服务
/ G& E r5 O; }. T. p [root@openstack-controller1 ~]# openstack network agent list
/ ^5 e; a) |( b- q" R2 I +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
* P ? U- @1 | x( n | ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
- e$ R% k8 |; _ +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
# n( y3 {3 O* G8 z2 S3 K( P | 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |" v, S' ]( C, V% f' ]
| 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
; t! A" W! B& q | 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |
: B8 a5 d5 Y5 k t | afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |1 i6 [$ N# J: m% W
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
; S4 N% O2 c! T" ?: k [root@openstack-controller1 ~]# nova service-list! e5 o/ a z/ ?: m; R
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
4 a& a( f/ N ?5 e- t: q$ L( H | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |
$ n+ C0 W& x1 m% G2 ~4 f2 y +--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+7 s& l! O- l6 _, u/ g
| 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |6 v/ i/ r E1 B t% k' w. i
| 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False |9 m8 Q6 ~. y! W& n# [$ @, @$ h% n# E
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |
. k# c2 A! L0 l4 V+ s +--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+$ q# d q; V/ S4 j; N9 l! ~
7 J: W6 g+ E6 R8 s) U6 ^7)创建测试实例+ t# Q% z8 t9 d0 W
7.1)创建一个provider网络" s0 _0 k& ?! L# _$ F4 P9 }/ n8 U
root@openstack-controller1:~# source admin.sh
+ n& y5 Y: `9 A. O root@openstack-controller1:~# apt -y install bridge-utils, k9 v1 F$ S! S2 W
root@openstack-controller1:~# openstack network create --share --external \% f9 A9 q$ ], Q; p
--provider-physical-network provider \
% Y; c8 S# D* S; m% @4 t2 U+ }$ Z --provider-network-type flat provider-net R: x3 M5 _; m" r& ]* c) j1 }# |; r8 A
#####################第一个external表示创建一个共享网络并声明他是一个外部网络#######################
4 ?; G9 ]6 R& [ ########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########
9 l& V1 g/ |) N: Y5 n8 d" f' k6 y4 o ############################第三个external-nat表示提供的桥接网络的名称############################. q# H9 k5 a0 X0 F" T
root@openstack-controller1:~# openstack network list" [& ? `6 F" x0 ~! E9 y* P
+--------------------------------------+--------------+---------+
; p& {* e# K7 u- P | ID | Name | Subnets |! a! r5 \# J( N: F1 ?8 j3 r; S0 `
+--------------------------------------+--------------+---------+" L9 o& }; u' u& V) ?
| c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |' Y* P+ b6 d9 W5 o
+--------------------------------------+--------------+---------+
$ |2 b3 D+ D) A( x0 n- l7.2)创建一个子网6 S: |, l% T- I# V* C
root@openstack-controller1:~# openstack subnet create --network provider-net \
& ?6 l8 w7 P/ P) C# S& Y; a$ z- j5 r --allocation-pool start=192.168.139.100,end=192.168.139.200 \
/ [: h5 v8 z6 u4 F --dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \* s7 J4 H, k+ w9 J- Z: e' q. B3 u; A
--subnet-range 192.168.139.0/24 provider-sub
- {5 Q$ j8 u- q) m" u1 ^7 A ############################创建provider-net的子网provider-sub############################
- p9 |1 E! M ?8 m$ }# n `验证`, k1 o# W' _6 Q8 x
[root@openstack-controller1 ~]# ovs-vsctl show& \' p% o. D$ S" R, v; W
28a508de-e0a2-418a-b357-4a93f9f691278 G5 j# b# D* N) R& l3 ^: M
Manager "ptcp:6640:127.0.0.1"6 U; Q% g. f7 J# I' t) f
is_connected: true7 O8 i* ^4 ~' l8 _
Bridge br-int3 u3 F4 _2 W7 K- I( h. |5 ~- n5 g
Controller "tcp:127.0.0.1:6633". U. f8 H% { O
is_connected: true
6 N0 H, d6 o: w- w fail_mode: secure
3 y* z3 } n* B s datapath_type: system
( b: k# O1 T, ~: d& W0 j Port br-int
n6 s p; Q8 J$ X Interface br-int
: L. k1 K( p# h& ~' ~% j9 h type: internal8 b J+ _7 g/ g6 @7 w
Port int-br01 i& Z5 v% p+ p/ s0 L5 p
Interface int-br0- p% X" Z7 o3 o8 t: R1 ]
type: patch
! s( P: e8 Z) m3 ^ options: {peer=phy-br0}
1 N# H* w( }% b3 Z Bridge br0! q* K( ~4 T2 n/ \5 A, _) ~
Controller "tcp:127.0.0.1:6633"
" z9 O$ ^ Z, p( i7 [4 {, D: V is_connected: true' W& M& g" A u
fail_mode: secure
+ j" W. }8 ]8 k& e. ` datapath_type: system0 _7 s0 [( p# X' u1 |4 Z
Port phy-br0+ M- R# B* b) \- y- g
Interface phy-br06 R9 z" B2 I; K& s* S
type: patch
0 M; g% J' I* i0 G2 Q# f2 Y4 y options: {peer=int-br0}
2 @& r2 X; |: g* d! D Port eth0
: T: n9 |9 V5 i- \" H) ? Interface eth0
, D0 M) X2 _( K& \ Port br0
- A+ T; Y% T& t7 M9 ] Interface br0# D- d$ P1 L6 S* G3 z
type: internal5 y8 o; X* ?; G$ P
ovs_version: "3.3.0"
/ h6 V1 l* c+ C0 z# v6 M 9 T6 H& Z& i6 D9 l. X( h- a/ W& `/ Z
[root@openstack-node1 ~]# ovs-vsctl show+ S7 J) o# u3 ^; c: N
ea324764-3f52-419d-94ff-784dadc75aa9
; @/ Z1 N- }% {2 r2 L Manager "ptcp:6640:127.0.0.1"% d/ J; }/ \" q1 Y" {7 P
is_connected: true1 }# u& o% `* d
Bridge br-int
# p6 d! k2 \( b h# U$ x Controller "tcp:127.0.0.1:6633". t+ _2 g$ f1 ^
is_connected: true
- b- e3 g4 Q1 W- s0 B5 x5 x7 C fail_mode: secure k. `# U* E, a; _% }$ l3 R
datapath_type: system
6 p/ v% E) {) M$ d" @3 ^ Port int-br0
* J7 ], S* U% B Interface int-br09 F- l `/ m' f; ~
type: patch- B2 H; L! y3 d' k G
options: {peer=phy-br0}! n8 e, J4 L6 ], u/ f9 N) m2 o
Port br-int- F3 t6 ?/ l# {& x
Interface br-int$ b3 e1 I% m1 b: l' S0 ?
type: internal8 D# E+ ?1 Q9 V \. @7 i/ L
Bridge br09 _- G- o6 o. U
Controller "tcp:127.0.0.1:6633"& J- l+ }$ \( {" T7 B- u+ `0 ^
is_connected: true: R9 e/ Z5 @0 D" U" ^* @$ P, n7 i8 o0 i
fail_mode: secure
. U' b1 D& k1 ]* e X3 o. O, ` datapath_type: system# O; {: b0 w6 ^$ _% B8 ]
Port br0
0 F' K- D2 O# G& N Interface br0
, M. k: y0 r, o$ J. X8 E7 ?/ J& a) Q type: internal
7 r8 q* N3 \/ Q2 \( t7 }2 J) N Port phy-br0
9 c3 v+ L' w. a& g( w Interface phy-br0( M! y2 x& [: q2 N% y2 Q# @9 q
type: patch
: z7 ^5 S, g1 D& `4 L options: {peer=int-br0}& I: G3 J, E# W \3 e$ X& T
Port eth0, n/ y- T; C7 w. V/ Q: K& L; f# s
Interface eth07 a- z- V' l6 {! P* G
ovs_version: "3.3.0"
8 x; c P4 ]; ]' g) `0 i+ y7.3)创建虚拟机类型
. x. B- D6 L( z+ a( K* C% b [root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
; }1 {* a8 W, f D$ p1 B +----------------------------+---------+
- V0 \3 S3 }! t& N Y3 z | Field | Value |- Z) G( G) b/ S; x% E% e; E- {* s
+----------------------------+---------+7 }" k6 W- `: F
| OS-FLV-DISABLED:disabled | False |
- m. M" w8 N" ~- p' W | OS-FLV-EXT-DATA:ephemeral | 0 |; H& q* F, a+ b* _
| disk | 1 |' V8 C6 }6 N) V, Q2 K
| id | 0 |
2 s* H' m! z+ M0 i2 \ | name | m1.nano |
7 y1 T- B4 _. v9 a$ M | os-flavor-access:is_public | True |
/ i1 q0 X+ \7 l5 n! Z | properties | | C1 [8 @ g0 f5 r3 ?% m
| ram | 64 |% e. e; P2 B1 d; y
| rxtx_factor | 1.0 |8 X6 n. x$ ]+ M5 b3 u D& E' t
| swap | |/ N; h- d. S0 ]) x
| vcpus | 1 |! g+ }5 I' i5 F' l1 r; A; W" p
+----------------------------+---------+
: }" D# D) N4 { f7.4)生成密钥对
7 b; ?: p/ | @6 `; t [root@openstack-controller1 ~]# source admin.sh
) c. O5 K1 U1 M* e, g [root@openstack-controller1 ~]# ssh-keygen -q -N ""
( C8 e# ~* n: r [root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
+ k, N, ?9 u7 v +-------------+-------------------------------------------------+ V( w" s5 r \
| Field | Value |$ t4 L8 R8 Q) h
+-------------+-------------------------------------------------+
6 p5 _( ]; S; @, J- A) P | fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |
4 g( ?6 u% W# h9 H( {' m8 [* G& ~& P | name | mykey |
: C; W. P& ?* V9 ^* u) I | user_id | 5c4b6243d95742799de0fc97ef119967 |; D' f# Z6 ?5 d1 p5 B" V/ ^
+-------------+-------------------------------------------------+' `; \. ]) u; a; Z
`验证`
% g8 X4 v$ m# B7 x* {" V6 Y [root@openstack-controller1 ~]# openstack keypair list# W8 ~ n+ N: s+ y- a% E
+-------+-------------------------------------------------++ Q7 K8 k! l& {' w
| Name | Fingerprint |
4 L- `$ c8 H* S% b +-------+-------------------------------------------------+
: i# B+ c! w* j6 u5 Y& V | mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |- Y- G. n' r5 S+ c7 y7 s
+-------+-------------------------------------------------+
. }1 S d( N% a' I k7.5)添加安全组规则0 I6 [" l' d; G
root@openstack-controller1:~# openstack security group rule create --proto icmp default3 H5 B6 U! G M5 J
`开始ssh`) p$ S3 Y; k& [9 L1 Z) C3 a/ u
root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default# ^1 R2 b! z; p6 d7 b/ u W
) `1 \6 X3 w' n3 M) k3 f root@openstack-controller1:~# openstack security group rule list
0 J# h" v- o, e# A +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+( e+ z$ C* J: d+ v
| ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |$ o) Q1 y# `( ^1 Q
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
. @& }% c$ T7 I: @, ] | 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |
: z0 J9 O3 Z% U | b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 |
& \% X+ ]9 c- L. _7 [ | 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- |8 b+ b3 z9 B$ j
7.6)在provider network启动实例5 _! j1 T5 k% \$ g: U. d6 L( S
7.6.1)前期验证- V, R8 M; W) q }4 M: _. f3 u
`验证有没有虚拟机类型`
A. Z0 x; ~0 g% U root@openstack-controller1:~# openstack flavor list
_% z7 J' W: n +----+---------+-----+------+-----------+-------+-----------+
/ e( \8 U- z7 q! F | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
6 e; ~2 F( {% ?+ m# j0 B +----+---------+-----+------+-----------+-------+-----------+
+ M6 E8 k. v2 R9 ` | 0 | m1.nano | 64 | 1 | 0 | 1 | True |0 C5 D6 i6 A9 I" {( I( G. f2 [
+----+---------+-----+------+-----------+-------+-----------++ \7 c: U* N. E' g( H( \9 ~: \
R6 C; b- O: O) |3 W
`验证有没有镜像`( W5 e8 p( s7 G( e
root@openstack-controller1:~# openstack image list
4 {' f0 b' K: p9 E6 {7 l" n+ F0 J +--------------------------------------+--------------+--------+
9 c* D2 l/ V8 [7 ]8 U* O | ID | Name | Status |8 M1 d |( ?8 L, D6 `$ V" R) c* K
+--------------------------------------+--------------+--------+9 ^- I/ x2 y' l( K
| 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |1 d0 k- J+ k/ \8 P
+--------------------------------------+--------------+--------+3 {* S9 b& w2 O% ^! P
' H4 E. T9 N. [) Z2 C. L9 } `验证有没有网络`2 }. t3 q1 z, z* x
root@openstack-controller1:~# openstack network list% ^: f; V) J9 A2 P1 `8 N; A. J
+--------------------------------------+--------------+--------------------------------------+ L3 a# Z9 ^" t$ G/ X4 }, F* { c
| ID | Name | Subnets |4 V' l9 L* S" e& o
+--------------------------------------+--------------+--------------------------------------+& G0 _$ i& }0 V* k% `9 L
| 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |
8 ^- N3 k; Y$ R4 u& y$ j +--------------------------------------+--------------+--------------------------------------+$ Z% Z; o! t6 F$ X2 j5 v
. B: z- F- ]: { `验证有没有安全组`
0 ?! _7 b, t8 z root@openstack-controller1:~# openstack security group list
( }5 [. R/ E, N+ m( p +--------------------------------------+---------+------------------------+----------------------------------+------+
- j3 x+ ^( p% ^$ D+ T* i1 \ | ID | Name | Description | Project | Tags |: q+ t9 D* E' L$ U+ p& E/ f$ T
+--------------------------------------+---------+------------------------+----------------------------------+------+% U* X/ k5 q. {6 e- B
| f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] |
9 K3 k+ v t9 O' Z4 `" b' b -+
% y7 I: t/ M* o* Z1 d* a8 m% }7.6.2)创建虚拟机
4 n+ B1 k7 q8 f$ _) H' u: _* N: B% | [root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \
; w5 V, B! {# O1 h- S( Q6 H. r --nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \
) I8 X7 ~* S% j0 O, Q --key-name mykey linux-stj-1! f/ w+ u3 R! S0 n! |; g
#################################参数解释#######################################
0 S7 E7 L. L' R+ O ###m1.nano:为虚拟机类型;
- P3 l; S' h; _ l& r, T ###cirros-0.4.0:为镜像;% g2 [, V- ~ I8 c
###net-id=[网络ID=openstack network list列出来的ID];
1 P3 C% z3 K% P1 q ###mykey:为ssh密钥对;
; A. `6 b/ g$ Q) d ###default为默认的安全组;% |4 ^* e1 p5 O2 [. f; I& o
###linux-stj为虚拟机名称
, u- ]4 o4 g7 \2 R #############################################################################6 i: @; C1 M% x% _ r9 X/ V. ~! G+ y
openstack server create --flavor 1c-1g-10g --image centos7.9 \1 P3 ^/ Q( |% V, x2 E6 k
--nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \
% d7 g! r4 P3 N6 v7 _ --key-name mykey centos-stj-1; i; z2 o$ U, [
7.6.3)验证虚拟机状态
& L- w. I K- c ?" o6 E, j. G root@openstack-controller1:~# openstack server list
: [! I0 G/ R2 S4 e" ~6 d) n8 J +--------------------------------------+-------------+--------+------------------------------+--------------+---------+
5 i9 ]. A& |% ?/ Y# b- t2 V | ID | Name | Status | Networks | Image | Flavor |5 s3 j6 e' c0 J- i* q. P f
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
( T2 e$ L8 I5 p R+ e" C* v | 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano | J8 P% t+ f) W' @7 u. u& X
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+# m. h" z( b% x* l) e/ [0 `$ K
# 加一条默认路由
c4 D l6 {- O. ^ root@openstack-node1:~# ip route add default via 192.168.139.22 H4 p$ P% r% C, ~ {4 C2 N
root@openstack-controller1:~# ip route add default via 192.168.139.2
* L5 F/ K2 P* ^ ###一定要拿到IP地址 external-nat=*****
# k. x( j$ s. z9 g& H/ U [root@openstack-controller1 ~]# ping 192.168.139.140
- H9 |; p: X, C! | PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.! {2 s4 W; |0 W7 i- j% @
64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms! L2 v8 l$ r6 O4 ?1 J; D+ c
7.6.4)使用虚拟控制台访问实例8 z3 K- J/ ^; P2 h# T
[root@openstack-controller1 ~]# openstack console url show linux-stj-2' x% A) J1 [0 r: V) S' ]. F ]
+-------+-----------------------------------------------------------------------------------------------------------+7 `" J- r7 e0 D! @/ u
| Field | Value |
Z2 [+ ?% Q! N +-------+-----------------------------------------------------------------------------------------------------------+9 J/ i# N- W' h9 \4 ~4 i3 h
| type | novnc |1 L* V b3 q' m4 T( ^# P3 Z
| url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |- r# Z% T0 l) M5 H4 U! L
+-------+-----------------------------------------------------------------------------------------------------------+
% y* ?' \0 b* v4 uimage-20241208195008663
" q6 z+ ~5 r! `" [: Y. X
5 }/ |3 x5 C* h) X% iimage-20231217134249953" G+ d, R- `# |) i" {
% B% L- e/ \) B8 h, t: m注意:如果你的访问出现下面这种情况) W/ V' s3 ^9 R1 l( n
! M4 J5 I9 g3 F3 g7 \0 T7 R* h
image-20231217135224898# c& d0 x X5 K" J: }1 a
# X4 ], R" q8 g8 W% e
解决办法:
: q4 h! D5 `; \2 A7 ~) k7 n. n' o; L- c9 z3 w4 u
[root@openstack-node1 ~]# virsh capabilities
' m, ~1 T' ?4 j( I! x4 A6 ] [root@openstack-node1 ~]# vim /etc/nova/nova.conf3 j: I0 K( G7 G$ p# j& p8 N" z
# 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容7 `, o, ~0 ]! i" U
hw_machine_type = x86_64=pc-i440fx-rhel7.2.05 j# P' p+ k1 _/ T. m C/ i) L
cpu_mode = host-passthrough
`. V) m e; F$ Z; a) \3 _ `重启nova`) j$ D. J, z8 Q4 U- |, ?9 d* e$ U
[root@openstack-node1 ~]# bash restart-nova.sh
. m8 s# f0 v, t) f/ a ######理论上还用重启openstack对应你要访问的虚拟机#######
, m$ ^+ Q# M- ], E0 ^8 e* d如果没有出现上面的问题则不用修改nova配置文件操作
& b" S! o& i0 M! o% y. I# S& Z5 ]0 o
5 f/ A9 t. q4 `1 [" z( @- |8)安装-dashboard
( A! ~& ?; O) `8.1)下载dashboard6 p) G1 e/ K5 ^+ J0 ~5 u' v7 c
root@openstack-controller1:~# apt -y install openstack-dashboard/ G5 `; N7 V8 `) n
8.2)修改配置文件-local_settings2 v4 z6 H6 M% ?/ K" P3 N* F
root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py
" N; D; j1 g8 L: M' q # 23行 添加
' F' H5 m, {3 `9 I( N. i! f WEBROOT='/horizon/'0 b Q8 Y0 e# A9 f# q
) p9 x3 o" U( n" x8 g- A1 y' N # 125行 修改# o0 y9 @! z4 S
OPENSTACK_HOST = "openstack-vip.stangj.local": ?9 F3 S; e( D' ^% \4 C
OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST; S2 P+ n: { Z0 E
+ N R: y% ~4 s& W& O
# 39行 修改" w% e2 K% r. \- \/ N3 r
ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']! X- M2 X) g, b8 W
7 t @0 k8 `7 r% [ # 105行 添加
! D7 q2 z3 h- ~ SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
5 g) O; M% l; i5 }6 Y, v CACHES = {
# ^ D2 g7 h3 d/ W 'default': {, O; C& u/ C$ N1 t( X, Q
'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',
6 n7 w+ }# F! x/ m 'LOCATION': 'openstack-vip.stangj.local:11211',
( G6 C7 r0 w _* P* b }
& s) a) \, {1 c" o }: _5 [+ F1 x V* ^3 T- u1 q6 J' s
" |9 N7 B( q9 B) l: p6 l+ _' \+ b # 127行 添加
' b b& R3 l0 q" B4 ^ OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
- Y' _$ W* N8 F) v7 i) T% E% L % D- N z5 q' Y' R; D' @0 `7 V
# 128行 添加7 {* O+ J# u( z3 q3 p3 }: u
OPENSTACK_API_VERSIONS = {' q1 I6 H9 e3 W" H! _
"identity": 3,
# f1 H+ Y6 D+ Y8 r$ [1 i, F "image": 2,5 s6 G' e4 [; E
"volume": 3,
/ i& P) J% X, Q/ f7 m% H. ] }
2 u$ v0 t5 [! l2 `, r ; V x4 k p9 x9 {: e; p
# 133行 添加9 B3 e) g8 }9 `1 x
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" V9 z9 ?6 ^2 I5 E. k
9 E) A3 l: c: V4 G9 y # 134行 添加0 X% @% M8 i( M" X7 ~2 t
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
5 j$ R C5 }8 O* h8 l' r4 L
' D3 z, g9 V" @" {# s # 138行 对照修改,把True全部改为False
2 m; I3 R1 x" L+ i& j1 v( x OPENSTACK_NEUTRON_NETWORK = {
' h6 p( u6 _) s; T& B# d; w* l' _ 'enable_auto_allocated_network': False,
. _- i0 K8 n1 o P 'enable_distributed_router': False," g/ h$ G! v! n# r' C! e
'enable_fip_topology_check': False,! J$ Y1 w/ }, ]; ^
'enable_ha_router': False,0 ~% T# j, ]% n
'enable_ipv6': False,8 c+ T& a6 O5 [& t+ S7 j3 ~
'enable_quotas': False,
5 J+ v- J5 }$ k) o 'enable_rbac_policy': False,
" p7 {4 T6 g p. O8 Q$ ]' l 'enable_router': False,
: O, [) \' \: F- t) ^% c" T; ` }; p/ P0 i% L# M, ?" i0 [. ^0 r8 C
# 161行 修改* t; ]- \7 G' o A1 r3 y
TIME_ZONE = "Asia/Shanghai"+ W/ V2 y- N9 y2 {7 i- \. _
8.3)修改haproxy
+ }# z/ x q, ]* K& n% r z [root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg 8 {. [8 z& [* a
# 最后面添加下面内容
9 D4 J+ ]. l+ I' r) ? listen openstack-dashboard-80
! _" ~* G7 h2 @. M1 P2 N9 N' Y bind 192.168.139.248:808 g# M# y* Y' m; _
mode tcp
2 V( Y4 @7 d8 a0 c/ O server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 50 g$ O6 A& f* ^! E5 [
[root@openstack-haproxy ~]# systemctl restart haproxy.service $ i+ \ D' L l) a+ x+ `
[root@openstack-haproxy ~]# ss -tnl | grep 80& E5 \' B1 t% n
LISTEN 0 128 192.168.139.248:6080 *:*
+ C% a6 ~+ _3 n4 z1 i- n6 i LISTEN 0 128 192.168.139.248:80 *:*
/ A; i i" m% t) X8 ^; S8.4)修改配置文件-openstack-dashboard.conf7 C/ m5 g2 c) N
root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf/ k& F* B1 b# E1 F
# 4行 添加7 L2 t' T" }7 T) L
WSGIApplicationGroup %{GLOBAL}
I) Q9 ~! v" D f5 q# ~/ w8.5)重启动httpd% }0 {; n% K9 W4 d& N8 }
root@openstack-controller1:~# systemctl restart apache2.service , S7 S% t; G4 h* k( Z4 S8 W
8.6)访问dashboard页面
8 ~: V2 x8 Q& T' Ohttp://openstack-vip.stangj.local/horizon/
0 ^2 t1 h" V+ h) d7 b2 R8 n# T4 f( `+ i3 ^% N
|
|
发表于 2025-3-17 08:00:02