|
|
在正式部署之前,需要对每个节点做如下配置和检查:
# I( s8 i2 s* ~7 D5 R ~5 T- R4 L3 W9 X# f9 f5 K0 B
配置 |openEuler 24.03 LTS SP1 官方 yum 源,需要启用 EPOL 软件仓以支持 OpenStack3 x$ A6 a* F8 @% W& ~
6 ?- y' ^ Z; M M1 Q
yum update
- u5 @5 s0 C3 h% wyum install openstack-release-antelope( @9 a, d6 \5 V, Y9 E: V3 v
yum clean all && yum makecache% ^9 l) o, G7 s5 [
注意:如果你的环境的YUM源没有启用EPOL,需要同时配置EPOL,确保EPOL已配置,如下所示。
* B5 a$ m& }: t; o+ ^7 B% q3 E% \# u5 B
vi /etc/yum.repos.d/openEuler.repo
% d( A9 K* C* |; s5 u; z, ^
$ Y: V; _$ G% R* n6 v0 W2 f3 p% L2 O[EPOL]7 e+ e+ t. H) h2 M6 @: x" Z9 v
name=EPOL+ Q! j d* R; |" a! o: `6 T- t
baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/' \/ Q( s# i, G& e
enabled=1
: D- ~$ ` v7 A+ E/ b( P/ F5 qgpgcheck=1# f, ]: M! q( L( T* n7 J {2 `
gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler2 H) R; n& |1 V1 H2 Z
: Z/ d! k# F2 o6 H; e0 S
, [& f0 F- N, ?/ T修改主机名以及映射7 ]! ~ ], d. W5 w/ e
3 J- n) M# A) Q
每个节点分别修改主机名,以controller为例:
/ v1 h9 R3 i3 z
7 T% @# {5 Z8 J5 Yhostnamectl set-hostname controller. m, l5 m. T! @0 ^6 a
, z7 u( _* ^' `5 t$ k0 Lvi /etc/hostname% Q c% n& F& I! T
内容修改为controller0 Y' D( V* j$ }- R# Y
然后修改每个节点的/etc/hosts文件,新增如下内容:8 _9 G, X, K$ q' d" {, x
9 G( T; k9 Y4 f; S192.168.16.2 controller" t, ]4 A4 A0 U- D! I' ^
192.168.16.3 compute1& T$ }2 W2 X% N; a* K
192.168.16.4 compute2
5 M/ z9 ? x) g0 ~) B时钟同步¶
" K2 H( M6 Q3 N+ |3 |集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证。本文使用chrony软件。步骤如下:
. S( M" a+ A) E5 F+ R5 m6 E
, N2 v$ P- `* _Controller节点:
! {8 X, j! v O& J7 n& [6 Q W
7 `# y* H$ a$ Q) h1 C. B, b安装服务* u( ~7 D+ X# F: W
dnf install chrony
- x1 i$ q/ x# u) G5 K8 C2 ~! e3 N修改/etc/chrony.conf配置文件,新增一行% t$ q. c2 i6 J# }: I/ K
# 表示允许哪些IP从本节点同步时钟
4 T2 E. F$ O3 z4 Lallow 192.168.16.0/24
. ?9 k9 G& B, c重启服务4 U7 H* k) n( O- `/ f
systemctl restart chronyd
3 I+ n% b/ n/ n$ s* [其他节点
# i- c# @/ i: H Z# T& a# j# ?4 L0 w, A; u- s$ c# M/ w8 D4 V$ A2 r
安装服务5 u- t/ U7 z- O9 m
9 T2 `) `" m8 p0 N1 y: r
dnf install chrony
1 X v) g# P7 d4 z( c修改/etc/chrony.conf配置文件,新增一行; m# M# D# ?2 o
% a* x; H5 d# }# N u; s$ }5 D7 i# NTP_SERVER是controller IP,表示从这个机器获取时间,这里我们填192.168.16.2,或者在`/etc/hosts`里配置好的controller名字即可。
# Q/ ^/ j' C" [2 nserver controller iburst
- ?0 V: y$ \2 w5 h7 [ x同时,要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。
1 H2 @) L; U l/ z- l- @7 S! ~0 `- f; E
重启服务
. U, e! ?3 q' I
/ | C- ]3 v$ ?7 R5 d9 F1 }) vsystemctl restart chronyd( j) y8 S+ c5 y: t; R
配置完成后,检查一下结果,在其他非controller节点执行chronyc sources,返回结果类似如下内容,表示成功从controller同步时钟。 T, M+ N( q& A9 B
% d2 I$ R/ A8 _; g, d
MS Name/IP address Stratum Poll Reach LastRx Last sample
8 A6 M0 b/ R0 m4 _! b===============================================================================
0 O' I* h6 C5 e3 G2 F3 D1 S) d^* 192.168.16.2 4 6 7 0 -1406ns[ +55us] +/- 16ms' w8 V5 L/ j3 e' q, g2 P9 s7 `% ~
安装数据库¶
3 X& N' C4 M1 ]7 @& H数据库安装在控制节点,这里推荐使用mariadb。3 Z$ M9 B9 x3 A0 z; \6 N3 I
V) L. E/ a7 d8 O( s* j2 y/ B安装软件包
: T5 H; _. w' @9 \1 s# G
0 Z) G3 E$ m; O& _8 u: rdnf install mysql-config mariadb mariadb-server python3-PyMySQL
- b2 |7 z) P0 ]* O+ m; Z1 |. S新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下
0 K0 m3 k4 o$ F+ u/ l3 e! b0 M# I9 w) K9 F4 r
[mysqld]
. E; d8 O0 r4 Jbind-address = 192.168.16.2$ y4 A3 c3 y& l& }: ]7 V# Z
default-storage-engine = innodb
7 ~" Y' R+ }) Sinnodb_file_per_table = on0 J! [1 ], P# G5 O: Q' z# h5 z
max_connections = 40964 Q0 r+ F, J1 I ^. }, a
collation-server = utf8_general_ci
9 x8 V, w x5 `& X2 v" kcharacter-set-server = utf8
C9 o7 G0 x6 ]( R' T$ H/ E, [启动服务器
5 n: c; v Y5 V" U5 ]# S0 u/ b5 ? F3 y) H8 x7 @4 F! @* j3 p; p
systemctl start mariadb
`, v8 J2 z& ^5 _" i% W6 C初始化数据库,根据提示进行即可# ^2 ]3 |( {% F$ U$ ~
1 m7 G* i: r" ^ @mysql_secure_installation( A& m# ]* T7 |8 y
示例如下:
) O0 ]3 |' v& k" G/ ]
% v% f+ v6 j, w( T+ RNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB% x" Q! P, d. E o9 E$ {0 z
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
7 V3 c. O; _- R: Q* ~
; S5 x) i! k1 b1 K0 y% GIn order to log into MariaDB to secure it, we'll need the current% J- }$ g$ U E) ?/ L7 W9 z
password for the root user. If you've just installed MariaDB, and2 D& J( x+ C' Z n, n
haven't set the root password yet, you should just press enter here.
, {* ]3 `4 X. u* {3 c& p% {% N5 E& U
Enter current password for root (enter for none): " L/ Q4 d2 Y4 p
' s! J5 }7 m/ {
#这里输入密码,由于我们是初始化DB,直接回车就行4 {% }4 F3 L& W0 B" q& r
. @, L9 f' J) M# ^" [- m2 E
OK, successfully used password, moving on...
+ c! @: k/ Q; s7 L4 T" J6 ?" H' v, |! D
Setting the root password or using the unix_socket ensures that nobody( O7 s5 C0 _5 P8 t6 q4 v
can log into the MariaDB root user without the proper authorisation.8 `! E7 d2 l; X; |2 K+ L; @
; o! i2 x1 o6 O6 _You already have your root account protected, so you can safely answer 'n'.0 y! e6 s9 {% J- `7 H5 @& x+ O
: Q! h# ^1 O' {2 Y4 W# 这里根据提示输入N9 l9 @, {' y8 m( k
+ ~ R, w# |/ R6 M) H. r. Q5 j
Switch to unix_socket authentication [Y/n] N( {7 E6 G# h3 e J" f; P3 w9 i, n8 b
a5 U; d9 I h3 s
Enabled successfully!
- t0 ]5 `9 w3 }* i, N8 jReloading privilege tables..
9 P/ |# g: m4 M5 E( F+ A1 O... Success!
6 L; B: y- o7 B2 [0 J% X( N- p3 h2 x2 ^1 h) r3 _! W
2 L2 ^9 H8 u! K. x3 A" B( {' n5 X
You already have your root account protected, so you can safely answer 'n'.9 L6 C8 c* z4 J- o8 A( _7 f& i
- t; x: h) A7 A+ T$ Q
# 输入Y,修改密码8 `3 ~* D7 ]. i3 T$ V$ R. R
" Z- f7 y7 ?( _4 U' ^' S6 E
Change the root password? [Y/n] Y
, V5 }" l2 P0 d p( T) n4 j8 C" w8 @/ T. m* C& b# l
New password: : d, c P3 {1 X' X( \4 D# R
Re-enter new password:
& k) c/ f$ R" J! i" F4 t& G4 @4 W, N! KPassword updated successfully!! Y6 I; M* D7 _2 N# O& q. I7 x3 w
Reloading privilege tables..# F. ^, n# v8 s+ B" c
... Success!
9 I2 T7 E* Q5 G7 d# [$ s! H4 B0 V
5 H8 @, o% p) V/ Y' l( z/ |, S1 m+ V" t
By default, a MariaDB installation has an anonymous user, allowing anyone
% ~7 d+ w' l. {6 x7 Y& Fto log into MariaDB without having to have a user account created for2 ]/ f9 f8 d8 @3 G
them. This is intended only for testing, and to make the installation
& B% E+ N2 V! d/ ?* D% g$ ?go a bit smoother. You should remove them before moving into a5 J. i( Q/ t" ]6 Y" S9 ~' p; X
production environment.9 C! g. Z9 R7 Z) G
+ {, M3 u5 I% J" b# 输入Y,删除匿名用户
, d& M G8 q. u5 Y# O3 T7 R6 i# |; P4 @0 s: ?7 }' }% M
Remove anonymous users? [Y/n] Y
4 W" t+ D( y6 t3 d+ K* l... Success!5 q3 n" ?6 U9 @ D" [
1 s' w: G5 Q' i0 ~/ Z
Normally, root should only be allowed to connect from 'localhost'. This
" L: U, _ a+ I+ E# o! Yensures that someone cannot guess at the root password from the network.. J: Y: C. J- l! i' T
: q* K- a' q* v1 f" s5 [+ Z# 输入Y,关闭root远程登录权限
* _! u) T( Y# ]3 _: z3 ]0 M9 Y" t! W% P3 }. d2 @" W* M
Disallow root login remotely? [Y/n] Y* w) [4 _# v5 o/ e
... Success!7 ~" o& P+ M( H6 ^
( d$ S, X+ c5 F6 h# \
By default, MariaDB comes with a database named 'test' that anyone can. [" G- U# S% W8 n* s4 y# h
access. This is also intended only for testing, and should be removed
' S/ W/ q" ?# p; \$ o$ p- bbefore moving into a production environment.0 q& m) P0 v5 J
; \; w2 @; U) g3 |! e; Q9 v
# 输入Y,删除test数据库
1 I' C# `' F# Y3 E
9 K1 W! u( }6 }3 MRemove test database and access to it? [Y/n] Y( \; }0 _7 ?# z7 c" S* {3 Q# i
- Dropping test database...
* l' `3 G3 s' F* n8 _7 d... Success!
8 Y) z6 B! a$ Y* D- Removing privileges on test database...
9 |3 i+ b9 P. T( C: l... Success!+ _3 g- }3 k: D9 @- T1 P
) E( j: ~# e( a
Reloading the privilege tables will ensure that all changes made so far% x+ e* V4 Z6 Z$ O; @
will take effect immediately.
3 H0 v# G3 U/ D K1 p5 i6 `
: P& Z9 Z. }, N9 B( W# 输入Y,重载配置& a* N0 I' d5 O
8 W) x) k( o2 }7 y: hReload privilege tables now? [Y/n] Y+ Z) R. r0 i H4 }2 [
... Success!
( q( h4 o& n! v6 o3 B. i7 u1 \) d6 Y7 {; {
Cleaning up...
4 ~% g4 u( d* {6 {! Y% u! ]+ _8 k+ t& o* e1 G) R% S/ p
All done! If you've completed all of the above steps, your MariaDB4 r. w) M0 Z7 x$ D3 K
installation should now be secure.
$ @/ p Q5 E" J% \. g' S* a验证,根据第四步设置的密码,检查是否能登录mariadb
$ n" c' g/ d U+ R [3 \! Z$ V% U* a- h5 U- O
mysql -uroot -p
# o7 _6 z1 ?; L. e" t/ r即可直接登录数据库1 m# l1 X! _: [& d9 t
. M0 ]9 [5 k/ @2 L8 e
安装消息队列¶
4 G; @7 }5 i( z6 X& j& x消息队列安装在控制节点,这里推荐使用rabbitmq。
& H3 |6 u3 q: K3 k* w1 u% I, ]- [ s2 L% n8 \1 l/ s* K
安装软件包# l8 _' q' v) n7 T" w
dnf install rabbitmq-server+ z, M; b; E2 I& r
启动服务
4 }8 Q" z0 j$ P, g. Q$ M: m6 w# qsystemctl start rabbitmq-server/ t9 F: Y; c" w& n2 m- I
配置openstack用户,RABBIT_PASS是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。
7 D: i# U( Y8 D9 l7 ]" U9 grabbitmqctl add_user openstack RABBIT_PASS
! [/ b4 U1 t! A2 M+ _rabbitmqctl set_permissions openstack ".*" ".*" ".*"1 x6 h7 g1 z: O
安装缓存服务¶
& X. t; F9 Q* B! h+ S# |消息队列安装在控制节点,这里推荐使用Memcached。6 l. x1 O( O" m( w
: }0 V- m+ M$ r+ r/ [9 P' n
安装软件包
1 \" h: P2 O* Fdnf install memcached python3-memcached% W2 F0 Q2 a$ q) R) O
修改配置文件/etc/sysconfig/memcached
. N3 `6 x- K# p ?# Z F- I$ b. DOPTIONS="-l 0.0.0.0,::1,controller"
& ~ \: L `- h/ y: r( ~启动服务6 P, y$ S a1 M4 u# w
systemctl start memcached
1 [6 \! Y3 z( x; J. q部署服务¶; u; q7 @" w) }* `; W" x. ?
Keystone¶ C6 ?; O v. j! b
Keystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。2 {9 h# m! A7 T% M, m
7 T1 ?" `, F$ `! w9 R' r0 U, y/ w1 X/ }创建 keystone 数据库并授权 |, W$ V7 ^6 |: J' u
9 q9 K) d/ D9 ?6 p5 M, n3 v4 P3 [4 B
mysql -u root -p9 N0 I) l. @3 p% v) d
. y8 x; G8 i$ D! r5 [0 S
MariaDB [(none)]> CREATE DATABASE keystone;9 T j! f* M- m$ Q% o/ j7 z
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \2 Y8 L' `7 D! [" p! M+ J
IDENTIFIED BY 'KEYSTONE_DBPASS'; [! F" U' `2 m$ F T
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
+ H# Y- j# H0 U4 dIDENTIFIED BY 'KEYSTONE_DBPASS';8 B( L$ L+ y4 u8 a5 I+ n6 O9 L
MariaDB [(none)]> exit
9 [* H$ W! }6 ]$ b: {5 `4 d7 i+ y1 ?' V注意 G! i! ^& x) G: w. v, k- p
- T: F' V4 J$ O5 a替换 KEYSTONE_DBPASS,为 Keystone 数据库设置的密码 (一般可用opessl 或者uuidgen方式生产复杂密码)/ z! E; l0 W, Y( p ]! f. J6 F4 R
/ \: \1 x) T9 N' k* `
安装软件包
& D( K, @: Q6 o' A7 k- q
+ h9 p; b2 D8 s$ `; b8 `4 Mdnf install openstack-keystone httpd mod_wsgi
7 {! z( `' o( ?配置keystone相关配置
/ E5 r! u. W+ a) D6 p4 l) y
. D& a3 L8 h' R! ~" X6 Xvim /etc/keystone/keystone.conf7 U: j$ M# Z: @; G% v
# a! @, M7 a0 V2 G6 c[database]$ }& w$ N2 d2 G! d1 ~
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
- l* B, T( T' ?/ F* I8 J2 U7 X4 s/ n, @; i' u# U
[token]
2 a0 B. A3 c" N2 gprovider = fernet
3 }" S' u7 B1 x' n' u. V5 R& f2 |
2 F7 Y$ E: R) V
% F" X6 I3 z ^% }9 |# X( o解释
( ^2 I3 o3 Z, S0 t1 y1 _3 |' a1 ? g$ j. [$ ?
[database]
0 A% v) y- R0 V) U w+ e2 l0 F7 q部分,配置数据库入口+ H1 K! t. O4 E4 o2 D" y
) w$ P+ S. ^& C2 g/ a; t% N[token]( g; P( Z3 _& L: N3 q1 N
部分,配置token provider4 y5 L% n8 b, K6 w# K
' s" M6 V6 [: G
2 o5 q- d- K$ j5 p$ T+ @同步keystone数据库( }4 z" B5 c7 D, N l, l
$ L3 S5 x; |2 P7 M) \
su -s /bin/sh -c "keystone-manage db_sync" keystone! Q; P3 z( S: n) O# k5 L- U
y3 l4 k, |1 M( n, b- L$ \+ e初始化Fernet密钥仓库
! a5 i7 D9 d3 v# L. Z3 w0 a
7 O' Y! i$ X" qkeystone-manage fernet_setup --keystone-user keystone --keystone-group keystone2 z, |, g! w7 _: j2 [# o, U
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone# d( M8 c* V: J2 \" A% X$ C
9 [5 ^5 z4 w |5 p启动服务
: T- c0 k/ i1 \这两种方式都可以:
: b, I* V+ U/ R7 O! Mkeystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne6 r1 ?7 N3 Q) \- H
4 f/ M8 }) j G$ Hkeystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000 --bootstrap-internal-url http://controller:5000 --bootstrap-public-url http://controller:5000 --bootstrap-region-id RegionOne
" n t: `- T* {; w注意
* O: a |$ v/ P- }( k- L7 b2 y
$ ]; Y- A* B/ N% @4 r) V替换 ADMIN_PASS,为 admin 用户设置密码
. M4 P6 G: E5 {4 `4 g: j. q$ C! K1 ~) `2 _' H- _
配置Apache HTTP server
& v8 C- b" U2 t* M( X0 A! \8 H( ]2 D5 ^7 y- x' Z6 `
打开httpd.conf并配置' |& Z# y5 q8 I! u& l" c! P
1 w3 s3 K$ C3 Q/ i" A) {, g; |#需要修改的配置文件路径
, D8 t' n/ Q" zvim /etc/httpd/conf/httpd.conf
8 c. ]7 T6 F& n a. t$ m$ F; m
4 a' a7 C" ~. O#修改以下项,如果没有则新添加
% a8 y7 }* B) o& XServerName controller3 |! [# U9 b- s. ?/ g1 S8 S' g5 K; O
创建软链接 {9 e! n' Z+ H4 F
6 W+ C. C0 B; A9 e0 j
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
9 ~+ h6 [3 c# _! |9 w0 H( _, B解释
) \8 U, V8 v9 c8 p& c6 \4 D$ [+ A: H, a
配置 ServerName 项引用控制节点
& U& \8 n$ F/ h) ^8 S+ U' u/ z
9 u. F; u# w8 t5 S b注意 如果 ServerName 项不存在则需要创建
/ _4 d+ X) F( Z4 p- Q" M, O' o0 M
启动Apache HTTP服务
6 q- Z% j3 P) G% H7 O# w( b3 p* L' S$ l' n) u5 }0 m
systemctl enable httpd.service/ Q3 G; F; H. D M+ _2 H+ k
systemctl start httpd.service* R2 Y Q# S+ T" i b
创建环境变量配置7 I# S; j2 G s) w
4 u+ v0 S5 `' v) F" Vcat << EOF >> .admin-openrc
9 P1 h2 t1 ^, q" P) w& \1 sexport OS_PROJECT_DOMAIN_NAME=Default0 d3 z" l9 J8 M
export OS_USER_DOMAIN_NAME=Default
- \& K5 J$ j* e- M" j5 V* Vexport OS_PROJECT_NAME=admin
7 K( g7 G5 T7 j) r, Kexport OS_USERNAME=admin3 Q* x4 ~1 A* Q' }
export OS_PASSWORD=ADMIN_PASS
" n( E" S! E( B$ r5 Uexport OS_AUTH_URL=http://controller:5000/v3* {1 i O! |$ A) b8 Y& m. e
export OS_IDENTITY_API_VERSION=3) E4 d! F. s G5 _
export OS_IMAGE_API_VERSION=2
5 ?/ P! ?, V% CEOF
. `9 h4 Y u0 X4 e# L4 E4 d/ ^& {: f0 m9 w& ?$ J
注意5 {" ~; c. u, ?. e! S( L) S
5 `/ h8 ]3 H9 m, ^
替换 ADMIN_PASS 为 admin 用户的密码
; `) K5 R* \. J' Q* A6 @% H3 m# p! `; c. I' r
依次创建domain, projects, users, roles3 D y# l2 Z+ e9 [7 [
; ]3 ^( G B% ?; G/ L$ L
' e) G5 _/ V4 P& }8 q) K需要先安装python3-openstackclient" S2 Z7 L4 R; S) R
: G- ^. t1 F+ _8 }0 h4 jdnf install python3-openstackclient5 l5 w5 C# [0 Y+ X. e
^- ?: s- i/ y9 f+ b9 g M
导入环境变量9 U9 C9 w& L" M% y2 m
1 X' E% `; l. M5 u0 x8 _4 P6 K2 k
source ~/.admin-openrc! L, x( k7 c% Z$ g8 s9 t \
创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建9 `! b o1 o$ c
( C$ I1 D6 |- U# u# Oopenstack domain create --description "An Example Domain" example
6 t& v o6 t; ~) z# |! m* P" c5 `) y7 h! s6 S+ D
openstack project create --domain default --description "Service Project" service
+ G1 j0 [- m! \- K5 e5 i5 d# ?+ C% o9 p6 {
创建(non-admin)project myproject,user myuser 和 role myrole,为 myproject 和 myuser 添加角色myrole
8 v4 W5 E- v0 d5 @. _4 U, @ u( `1 n) @& u
openstack project create --domain default --description "Demo Project" demo
5 P# B4 l# X& e! V+ n
* V1 Q$ p" A9 G8 Vopenstack user create --domain default --password-prompt demo# Q3 {3 l3 b! @5 ^
openstack role create demo
) Z4 f: J( }' Gopenstack role add --project admin --user demo demo C i' [' F3 G4 I! F
验证- c1 N' G5 d4 t& F" U
* f0 j3 M0 l" {! S7 ]
取消临时环境变量OS_AUTH_URL和OS_PASSWORD:5 k3 B! n F% y6 Z' ~- G
+ \2 F4 m5 r) R- isource .admin-openrc# ]. b4 j. Y1 _7 q/ U" e
unset OS_AUTH_URL OS_PASSWORD/ O0 f) Q( F6 d1 V
为admin用户请求token:) w" w2 q9 t' I W( \+ o% z2 Y8 ]9 M7 F
1 s8 h3 U, K; p9 y/ q Copenstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
' `( y' s1 q$ q
# \$ Z% n1 H0 {4 p为myuser用户请求token:
a, T) Q1 h6 U
+ U, L( O- q0 O. Bopenstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue$ P& h% _- Y" y
3 x% d$ M L2 Z8 z9 ~7 e
安装Glance¶' F# {9 j' T6 A9 ~- Q# g7 a
Glance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。
- _! A' I* M) R9 O4 w
5 H, V& M$ ~. o. H; _: h! _Controller节点:$ ^# Q+ k/ {# [5 C
7 J* t( ]/ n' z4 T创建 glance 数据库并授权
7 q7 a! m) z$ f- G: f
1 N" F% G9 n5 V5 e! ?; O1 d1 dmysql -u root -p$ r. H, b, M+ B6 @- I
! u: k# N* F( f& D( L1 w- w
MariaDB [(none)]> CREATE DATABASE glance;& N4 j5 r* R/ |2 q2 n) O/ O
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
6 V, B/ n& l5 q, l( Y; p# B5 f+ }IDENTIFIED BY 'GLANCE_DBPASS';
/ _7 `5 X) Q" \2 JMariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \2 L0 i3 _/ G, @: P& E
IDENTIFIED BY 'GLANCE_DBPASS';
+ O5 x! r8 w4 ^6 W6 i2 B0 f% SMariaDB [(none)]> exit* @! ] ]0 L( N* ]
注意:
. v3 m) F( ]5 J$ q
1 d/ L/ h7 N8 g替换 GLANCE_DBPASS,为 glance 数据库设置密码1 g) J# P% } l9 j
$ k6 u$ r% B2 D4 b9 `初始化 glance 资源对象
3 O' X2 `. d! y+ d( b: M
. U, }! n9 x# D: G; z# ]导入环境变量' K0 M3 U: `$ W8 d3 R! Z
) Z1 m' p6 @2 _3 L. p1 @
source ~/.admin-openrc6 e8 h S/ K/ o4 ?# C
创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到GLANCE_PASS的地方替换成该密码即可。 Z4 N3 _9 @7 r. V' W; [+ a
) \/ |& M+ }5 n: X! A5 gopenstack user create --domain default --password-prompt glance+ M: O' J& ]- B& Y" J K3 t
User Password:
8 u$ o6 p$ O) G' ? bRepeat User Password:! x% e1 Q4 Z2 O' P! V
添加glance用户到service project并指定admin角色:. D3 \! j+ e7 B4 c Y+ q
4 I: C8 ?2 L) P n9 n J. c" I( X% Z
openstack role add --project service --user glance admin) H- B7 X3 ]1 b( G. y; O4 F/ t6 v
创建glance服务实体:
$ |5 t4 h7 s# |! W2 O3 w( m% @) p6 f: A
openstack service create --name glance --description "OpenStack Image" image
1 w) g" R" P9 b& e3 \" Q& J创建glance API服务:! B# W+ [/ { C( g5 E0 J6 Y5 Y7 }
& f, [( Z5 O& |) p. k; sopenstack endpoint create --region RegionOne image public http://controller:9292
. u8 Q/ `# q4 v# G1 lopenstack endpoint create --region RegionOne image internal http://controller:9292
! H3 m0 {" w+ I, dopenstack endpoint create --region RegionOne image admin http://controller:9292, D$ t A. [! p
安装软件包
, T: X( k) J: Q
F0 V7 a- i7 p* x% u, `( wdnf install openstack-glance
! c$ y; H% ]( i8 q: E3 E. j修改 glance 配置文件
0 i: h$ X. e% Q! V( W' w- v) `2 ~1 M# P9 ?
vim /etc/glance/glance-api.conf7 ?3 E# w. o2 B5 Y% |) ?
2 Z k4 f" ~6 O7 {+ _+ w3 s[database]7 d r- V% [$ a
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
3 c: r/ ^1 u) n% H: _: O
6 s3 b# \* Q8 _& ~$ o" Q) v6 E[keystone_authtoken]
; k' }& h7 I0 A* }+ |( X4 D/ Owww_authenticate_uri = http://controller:5000" M* v! T1 L% C: |% `- n
auth_url = http://controller:5000, U7 G( c, ?' {6 Q" A
memcached_servers = controller:11211
6 z4 ?2 |/ A" y6 yauth_type = password
/ `: V/ b% J. m; C, B2 a: f: Q# Hproject_domain_name = Default
' @, u f$ |( D, yuser_domain_name = Default
+ `) e% [" V6 j Z1 x; T0 kproject_name = service- N6 W( @3 D( M* k5 E
username = glance' e9 b7 G( U) H
password = GLANCE_PASS
# }. K% `# m' v6 n9 Y) J& h' }
# N- E; F) a3 [) {7 \) d$ K7 g[paste_deploy]' o8 K6 m+ t( J }
flavor = keystone
, ~0 s% h' Y8 E$ `' ^. r
4 k$ t) l- k0 H/ U[glance_store]
+ @) |1 v! D6 l4 fstores = file,http
! B6 c+ d* \9 C* w- wdefault_store = file/ r% ^3 u3 r) M
filesystem_store_datadir = /var/lib/glance/images/
) D9 |$ ?2 [# s7 W3 }解释:
' t+ y: _: J! _" p8 f& E5 x- e+ s5 S" v5 X8 D
[database]部分,配置数据库入口
; W, ~5 T5 q: v. ^
2 ~3 H% _4 _1 \) N[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
* [7 B0 ^: h2 o5 s8 Q' u e2 Q6 i+ k6 ?! K1 e
[glance_store]部分,配置本地文件系统存储和镜像文件的位置0 T5 k Q$ c! E+ Q! x/ ]1 L9 I0 W
. d, f) z/ {& N) P1 b; S Z) V5 R1 @
同步数据库- N7 Y' i- Y4 r M
4 \( `, }4 ~9 X& k, q( F# Q
su -s /bin/sh -c "glance-manage db_sync" glance) Q8 ~' |5 Z" `, v" p8 p
启动服务:
0 e C8 f, Y+ f$ V$ j! f3 W' e
. f; }4 e1 K8 q7 y6 `systemctl enable openstack-glance-api.service
v) z2 g7 b1 H# U2 P* @; ^' Tsystemctl start openstack-glance-api.service
' d1 d! w# z+ f$ W2 a1 C q验证
/ d: }8 b y3 G, @! S; y7 c; R
, B J6 w* `; Z* S+ P导入环境变量
& j P9 w& c- U1 X+ W" M3 Q2 x
2 F3 _5 A* [; e# l: Zsorce .admin-openrcu
3 x6 A( B5 m; x下载镜像
/ z* U" S7 Y1 N6 |, p
5 W) W/ y3 p2 \; L/ c- S! p# s) J0 xx86镜像下载:7 K2 y' i+ P# H6 @$ k8 K$ y/ Y. s6 f
wget http://download.cirros-cloud.net ... 5.2-x86_64-disk.img
! |7 F, [- G/ L# Z" P1 e& j; ^, W" k) I4 p
arm镜像下载:$ |4 q2 ]: x$ ?
wget http://download.cirros-cloud.net ... .2-aarch64-disk.img
$ }6 O9 Y4 q; c' t4 U5 @注意
- n( E. H5 x: D" N8 @2 U
+ W) I* c- Y9 W9 r如果您使用的环境是鲲鹏架构,请下载aarch64版本的镜像;已对镜像cirros-0.5.2-aarch64-disk.img进行测试。
" S3 |6 }8 P( P. g) Y9 F! \, [0 I8 j' k' M8 ~7 R
向Image服务上传镜像:1 G3 Z4 e# E( C! A& R0 F( i: K
* p1 H- ?5 `% ^' ?
openstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.2-x86_64-disk.img --public cirros
! A8 y" B/ P: n% t d( |8 o, n" v确认镜像上传并验证属性:
% T9 O+ Y/ s4 {" V3 b* f) R" f; I$ k9 \! Y" o( c
openstack image list1 E+ ?1 l. ~$ O9 U
' y& a5 q! R! r
. a$ _/ o, F9 j9 gPlacement¶
& j% o3 w/ U/ S1 mPlacement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。
9 ^+ X- s% m. j& D# N- C
( ?4 E! Z" z) L/ F3 P5 D/ C9 P# x4 {安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。
0 K$ s+ F& {+ |2 R4 n
( S# y$ x h0 B+ R- K创建数据库
2 G" B2 F( x9 _* n% P4 c" a# y( d: h5 x+ w( K- f' a
使用root用户访问数据库服务:
: H9 S3 w9 E6 [+ v: g! ?. d1 b. y* o: ~. A$ n& N; y
mysql -u root -p
8 i* S' ]8 f# ~" p1 |创建placement数据库:
( h1 J$ N$ O8 H+ Z% P/ j- S+ U* Z: t+ B/ t4 ^
MariaDB [(none)]> CREATE DATABASE placement;
8 q- s( R5 t( E0 Z授权数据库访问:9 B7 ?7 A1 o, B+ Q6 S, N6 o' W
3 S: J! g9 r) A+ _1 F
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \* ]7 ^9 m. u8 ~/ [: Z' X0 T# D) f
IDENTIFIED BY 'PLACEMENT_DBPASS';
0 a2 c& e& Y' r7 y/ `( k6 [/ oMariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
, W0 `3 b; @$ _) Z7 r. N- z IDENTIFIED BY 'PLACEMENT_DBPASS';
+ q3 s$ v v; _: r* @' @替换PLACEMENT_DBPASS为placement数据库访问密码。! j, h, J3 ^# k/ j
; t2 F7 l" {+ A2 k8 x. d
退出数据库访问客户端:+ S: \) d' j( s& d
) [9 q& U( M% |exit' q) |5 H4 A! r
配置用户和Endpoints1 n1 @2 ]- K3 c
: G) R* v) ?; V3 Rsource admin凭证,以获取admin命令行权限:9 k2 T. o4 T0 @( ~& p8 V
" _6 C; T# ^3 D* ]1 i
source ~/.admin-openrc1 z+ O( e+ A3 c+ s( m
创建placement用户并设置用户密码:' g9 R {7 W9 t2 Y$ u
" B0 }, L t7 t0 u% y3 Nopenstack user create --domain default --password-prompt placement6 I4 m, r4 E+ G' @
# w+ ` K& `1 L3 w5 a% e
User Password:6 e+ E; I; V. @# ^0 i' }
Repeat User Password:& f; c: U# r( v7 k/ g5 n" ~% |6 [
添加placement用户到service project并指定admin角色:: ~9 L% C. v; H. Y4 A1 E- v6 H1 _! X
( S+ K# M. g! _8 Bopenstack role add --project service --user placement admin
2 [* z+ R; W8 E! b/ o' q创建placement服务实体:4 `0 P8 d+ V. h1 C, A
7 A5 i% v7 q" J- u' e4 I0 }8 Eopenstack service create --name placement --description "Placement API" placement
# ^+ x9 O" \. f8 {0 _创建Placement API服务endpoints:
$ b3 R4 g! G8 @7 @1 d5 Z; B# r5 p/ }; P3 ^* j
openstack endpoint create --region RegionOne placement public http://controller:87780 x7 w( q, t1 ^! w
openstack endpoint create --region RegionOne placement internal http://controller:8778
# ^: W$ @+ D* c$ k& \openstack endpoint create --region RegionOne placement admin http://controller:87780 ? i- r, l8 ?' A' ~
安装及配置组件
$ T& J! w# m6 h; ]6 }' v$ L. o- j( ~
安装软件包:
+ o' s( r8 r, T: \9 ~" K, ?0 ? b2 d3 @$ G4 U* a! ?0 H N
dnf install openstack-placement-api
6 j/ x1 Q6 I. Z9 o7 A! |! A编辑/etc/placement/placement.conf配置文件,完成如下操作:
e/ v U$ O0 b: Z8 r" X4 ^: t% W B& s2 q* f# i
在[placement_database]部分,配置数据库入口:
3 g$ X! |! m$ _+ f7 i
8 X0 }/ l4 D+ Q- ?[placement_database]
9 ~7 {, |: K) M# d' fconnection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
' |' e! s( U0 x5 `3 c) ~* \! u替换PLACEMENT_DBPASS为placement数据库的密码。6 V3 o' C- d) H4 _* X
# A: k7 ?& i0 X3 e9 S在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
) D6 K7 z3 w! P, y( x3 d, S4 I
3 F' k- a8 k2 c% Z) b1 p# h. V[api]( q( @4 T Z+ B' l: Z9 a# n: s! R
auth_strategy = keystone
$ O1 Q0 I {8 l f7 S% s/ e+ u) p
& w b3 f9 ^, g$ B* I$ q. J[keystone_authtoken]" P5 D+ z: o' e; T* p" a
auth_url = http://controller:5000/v33 W% o0 S5 \1 v; H$ g$ x2 ?+ [
memcached_servers = controller:11211+ W! A! Y% Y& M( D
auth_type = password
3 r% s6 S( { V2 N. U6 d: sproject_domain_name = Default; z" @+ u q% V& X8 c/ n( `, }
user_domain_name = Default& }9 x& \( W; A; A2 N" v
project_name = service
7 q2 W3 R) m( z' Pusername = placement& I' {- M$ U4 z* W" K
password = PLACEMENT_PASS
1 q; L$ e* O% J e/ b( F替换PLACEMENT_PASS为placement用户的密码。# ^ z4 Y! E; q
+ J7 b* D9 V* a* A8 U1 y5 Z) ^0 F5 L数据库同步,填充Placement数据库:
+ o/ `* d, l: t; b1 p& h1 |( ^7 w$ R5 q/ f
su -s /bin/sh -c "placement-manage db sync" placement
+ R- _- Q/ R) B3 g0 q v启动服务
5 ?- z) n) |5 p7 X
6 i' n" X3 ~0 w; P# \, r# s7 F重启httpd服务:
' }# L8 q0 F! J. `& r+ v+ z8 c2 V/ P, `2 h
systemctl restart httpd
2 R; L& o5 m R L验证/ x+ \! a0 u# ^, K
6 r/ D7 N/ _- O$ R9 S- ~
source admin凭证,以获取admin命令行权限
8 N2 [" ?3 \1 E; m4 b( i
1 x% a2 {) o4 j4 Zsource .admin-openrc9 ~; V( m& q X- Y4 `9 e
执行状态检查:" O4 i( K9 k. v1 I1 Q
' ^- a+ q, ?4 g& Z
placement-status upgrade check+ l6 o; C) x4 o' R7 I5 C$ j
+----------------------------------------------------------------------+/ [$ D4 D% L. W/ k3 k
| Upgrade Check Results |
5 p9 i* z; Y$ v( G2 I1 `3 {+----------------------------------------------------------------------+
5 ]9 d2 U o" C% `| Check: Missing Root Provider IDs |
/ Q( b$ d+ A5 ? h' g! m| Result: Success |
3 [( C9 C; V1 N! q& r| Details: None |- @$ P8 l4 V& ^! U) P. z: |: Y" e
+----------------------------------------------------------------------+
7 d! V p, V9 T| Check: Incomplete Consumers |
* r% P+ y+ S! F1 y, Q| Result: Success |% U0 u9 k: U' ^' Y3 M
| Details: None |
: C) M; e7 F) H+----------------------------------------------------------------------+- T) {% ?# f$ e( t/ R
| Check: Policy File JSON to YAML Migration |
( s1 t: t: T' X% A" J& y% h| Result: Failure |
( W/ N9 Q7 Y( s9 f" K% s| Details: Your policy file is JSON-formatted which is deprecated. You |
8 ?; ~- `. @- d; q5 ~5 s| need to switch to YAML-formatted file. Use the |5 p( g }! W* k0 g
| ``oslopolicy-convert-json-to-yaml`` tool to convert the |
' ? \5 c# g; D! K5 U$ J+ E* K| existing JSON-formatted files to YAML in a backwards- |
; g, q: l8 T/ x! A" y2 z9 ]; e| compatible manner: https://docs.openstack.org/oslo.policy/ |$ W) f" ]7 }. ^ s" d' v0 m
| latest/cli/oslopolicy-convert-json-to-yaml.html. |
, j# o% O' E6 U" \+----------------------------------------------------------------------+* ], p6 D+ S; p" u' n
这里可以看到Policy File JSON to YAML Migration的结果为Failure。这是因为在Placement中,JSON格式的policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示,使用oslopolicy-convert-json-to-yaml工具 将现有的JSON格式policy文件转化为YAML格式。
3 J% o+ K' r1 J8 p0 a( z. s
, C6 m7 o( S9 j# Foslopolicy-convert-json-to-yaml --namespace placement \
& \2 O: [$ H x --policy-file /etc/placement/policy.json \4 i( Z: m0 e" a( v0 c
--output-file /etc/placement/policy.yaml6 v% S! z) u) S# s1 s
mv /etc/placement/policy.json{,.bak}1 ~% _, ?8 ~0 T: I
8 r4 \5 i9 _2 O% o- n, n
注:当前环境中此问题可忽略,不影响运行。
! }% Z- E" J6 G" x" \
! l) `+ P* W5 |6 k$ J8 {3 U0 y, x
1 f( x; O+ C) o* R W
Nova¶3 I: w7 N& k, @. n m
Nova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。
# t. x4 q _7 f) [ b; F, S/ m) \: V! `4 J+ o1 _
Controller节点
+ [0 |( k& f; R8 P' j2 O' }6 n0 m- _
在控制节点执行以下操作。
, y. X; I; T) i: f; w7 |; T- \+ B# B, G
创建数据库
) C8 d( g# [3 J2 S0 `9 d5 h
, ]) B4 e( C3 N7 U+ |) T使用root用户访问数据库服务:0 |6 l4 |6 K* _: N: H
) I) j& [" m* |0 Y& A. [' jmysql -u root -p
, ]5 ?- `* v2 o" c4 o7 v! g o创建nova_api、nova和nova_cell0数据库:
. Y6 g) N K# K
( _- a: ]' M0 j! L8 {' p$ hMariaDB [(none)]> CREATE DATABASE nova_api;( U1 P( B V0 W
MariaDB [(none)]> CREATE DATABASE nova;+ [0 b! R8 P0 N2 X- E9 Q/ G; G
MariaDB [(none)]> CREATE DATABASE nova_cell0;# U7 e4 m9 b# @: B
授权数据库访问:
2 r: F4 [) S ]' R: v
+ F* i4 x8 @, n, Q5 oMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';, S' T" `$ R: b2 _8 G
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; n3 U" W3 _, \% L5 C
; U% j! |3 j$ E- y, |MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';' u/ Z- y ^( E5 a& j
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; X6 q" [7 [" |' m* z
% S; c- W2 G; ^* E+ t1 z9 C
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';( N# e' Z1 i4 }# X; I& ]
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
% i, e/ R' a3 {+ f! I/ D% y1 f% Q2 b/ @5 I
替换NOVA_DBPASS为nova相关数据库访问密码。
* y7 P$ J2 x. h, t: ~9 C1 T" a+ H% S; T6 R7 i9 T
退出数据库访问客户端:
: C6 m3 ~4 k/ D" T+ u: B' c& v" y; A( p8 g( D5 a" o. m+ z7 `
exit
7 @$ m' `& F0 v% q6 V r配置用户和Endpoints! O1 a* I# E. O" I
0 a8 y e1 n+ q6 qsource admin凭证,以获取admin命令行权限:
( O9 |7 ?0 f& v
; M7 a- B" R- I. A9 C" v S) ysource ~/.admin-openrc
6 u) V' `0 r' c# I( q1 A9 F创建nova用户并设置用户密码:
6 [' z7 I, }: q* s* F
& D, v4 ~+ B0 }) V4 P+ t% u$ vopenstack user create --domain default --password-prompt nova
5 b6 k0 l$ V3 n0 }& a1 k
' L/ B9 l( R9 H! s9 K j4 VUser Password:" U$ _1 T. p3 _0 o+ |/ t
Repeat User Password:* M C0 F# q( x6 P+ d
添加nova用户到service project并指定admin角色:8 p- C( c$ R6 Y1 c5 L
. i' i |# Y- Y$ |0 U
openstack role add --project service --user nova admin
0 n3 t* A3 U6 o0 i, K创建nova服务实体:2 v: W9 p* F+ l$ N1 I
/ S2 E' b/ a- E5 O; T% V7 uopenstack service create --name nova --description "OpenStack Compute" compute; Z. F( i& u3 b4 J
创建Nova API服务endpoints:
- i" T: Q# \' O
; k r: ?+ Y- j9 g# a; j- |openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
6 U6 A+ P& {9 xopenstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1, F* \, ~ K, `+ o& {* i; L
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1& H( Q. H3 E8 B% s& I$ v) U( |
, t2 h7 u; P' a4 {7 l; y5 v5 l
安装及配置组件7 H8 _9 Y$ {+ \
% f1 Z# C& N. f8 X" f$ g安装软件包:1 Q% a, r/ \# H/ U3 ~7 e/ b! c. [+ E
. k4 k9 v8 d. }dnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler" M$ F* P7 O: }$ F8 M
编辑/etc/nova/nova.conf配置文件,完成如下操作:; Q% f" B* k7 J# }3 l, H' F& \0 }
! w8 S- m( ^, Z2 v9 L+ j
在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:
! W4 G* N b# c
J$ A! l0 X0 o& _8 ?[DEFAULT]
: V1 j- Q; W9 y8 Q5 F6 K4 tenabled_apis = osapi_compute,metadata1 d( b( \5 K$ a6 @% [1 ~
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/8 e1 {' s0 m& `
my_ip = 192.168.16.2
8 M. V, K$ v1 }1 j6 glog_dir = /var/log/nova
. q' p) B7 ]0 [: `, \state_path = /var/lib/nova
; p% G& I8 m9 Z+ L( j* T% M4 L* |+ [: M% Z3 S9 z
替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
1 f2 I2 r+ p( W" V* C9 B$ Y" M1 N0 v7 l
在[api_database]和[database]部分,配置数据库入口:' q9 d0 i1 M! E: r6 {
3 s2 p9 U! A! ^$ a4 E, \8 M[api_database]
4 A$ k0 d- v' s- v1 S" m9 s, Oconnection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
3 A3 u2 ?( O1 @5 F# [+ ^7 C# n6 E" W |8 q9 B( C3 s0 E
[database]! {# t0 c3 O4 z
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
: [! i0 M2 j! \# [替换NOVA_DBPASS为nova相关数据库的密码。
' [( i5 F0 R. Q q2 {$ F) R$ x4 \3 |/ e# m( C/ r
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:' B) K# D P: G0 N
$ D7 H0 M5 P+ D8 Z$ l1 g' B, g' {2 D[api]
# W- S" i X+ F1 c3 @7 Uauth_strategy = keystone
% X7 w1 Y: Y+ q" {7 ?, n7 _
* V7 y, ^' l' u+ ^2 ]4 G& m[keystone_authtoken]
5 u K% A) N+ \$ o6 lauth_url = http://controller:5000/v3
+ [6 u" H6 ~# c5 W: Jmemcached_servers = controller:11211 p/ ~& K( v8 T& B
auth_type = password9 g1 ^8 q( t: K9 k8 i
project_domain_name = Default
$ K# P+ F7 C2 D, kuser_domain_name = Default5 m/ n6 _! L/ u" J5 f! y
project_name = service4 y1 p3 g( A1 k* O
username = nova
% B- L* e* O& W3 I Zpassword = NOVA_PASS
) U& D% w9 e" g0 w& a& r5 o9 U6 B替换NOVA_PASS为nova用户的密码。
- ?" O% x" O, t' ~ u
0 o, j4 ?6 g! a$ N. H" |在[vnc]部分,启用并配置远程控制台入口:
) {3 B6 h, w. `0 }0 S @4 _! {3 {+ o3 J k1 {7 T" v
[vnc]8 Q5 _) q$ Y' z' w2 l# ]5 ~& @
enabled = true2 R$ E$ S G8 ^( f9 Z: z
server_listen = $my_ip controller ' i- B/ t' `; y- [7 k
server_proxyclient_address = $my_ip controller1 r. V1 r9 q% p4 {
: m" N; w2 z, E% Z8 D% `1 ~在[glance]部分,配置镜像服务API的地址:
' j6 ?& [5 A) i" o$ g2 e3 G n0 P4 O8 M% W
[glance]7 |6 |: A0 w* p3 J
api_servers = http://controller:9292. [! V; P" a' e. x! A, ]
+ C' x n& K3 C4 A. j8 v在[oslo_concurrency]部分,配置lock path:
$ q" ~% I) [2 z" E( m* o" P( \' k
6 e/ A V' }( j[oslo_concurrency]9 r! w) d8 \$ ~% ]# u
lock_path = /var/lib/nova/tmp
" E3 R6 s7 w. H: j[placement]部分,配置placement服务的入口:8 `7 A! m1 `' T/ S |& e
4 K% ^0 f# a# J5 @
[placement]6 h* j" t1 a1 g: ~5 s$ N2 g2 u
region_name = RegionOne; W% j, ^' h) Z) }5 x9 B: T
project_domain_name = Default
5 a, A. F6 K( w ]# ]project_name = service% E6 N% v: m' W
auth_type = password0 _! R8 z0 G* D+ E
user_domain_name = Default0 u; G g% D* P1 j
auth_url = http://controller:5000/v3
4 J9 V5 j1 {1 I* V& Musername = placement
4 D# l. j8 {" s& ? epassword = PLACEMENT_PASS
) e1 Q4 y: k2 {9 z5 G: ?0 F替换PLACEMENT_PASS为placement用户的密码。
0 i; B8 d0 B& z; Q y) ?& d, H y+ S. Z5 y) A+ Z% U
数据库同步:" d4 |5 \' o+ m+ u0 i M$ w2 b
* q8 _+ V; q' O8 L3 R3 A+ p) G
同步nova-api数据库:& E5 b+ G$ H5 t. t
( U3 _+ C0 m3 o; Gsu -s /bin/sh -c "nova-manage api_db sync" nova
5 _7 H8 j0 A3 D+ w/ I% |5 {4 M$ H注册cell0数据库:
& M2 x0 G9 e* x
/ M- Y& }6 _# i# r% k# H. E9 t$ K1 }+ A2 p! _su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova: @) f* \6 ~1 J/ `
创建cell1 cell:3 N9 Q) s) Z+ [% A2 q$ @! F# h
7 ?) e, ?( v8 D2 h2 I% \
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
; z3 N) o5 C1 @同步nova数据库:
1 `9 ^: m0 H8 i! k0 V/ G
( i# R% G( w& F9 P6 d, usu -s /bin/sh -c "nova-manage db sync" nova, S5 _4 A) Q7 {0 g ]& q$ ~* a
验证cell0和cell1注册正确:
# w- y: P1 |" m8 F$ H& _' ^* _9 B) ?. i7 q0 _3 R3 U( x
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova+ z; ~) ]' i0 G; @
启动服务
) H4 e# m# D- k7 A( U6 H k8 Z4 l+ @3 t/ Z
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
' z' r$ y8 P1 B7 C* e% z0 S9 \7 f1 y$ Q5 @: o% f
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service+ Z% h1 m$ {' z8 y
% u9 @. ]% T8 ~. K* |- lCompute节点
3 U* Q4 c, B9 ?
) Q% n& I2 h L/ z在计算节点执行以下操作。
( d! D2 ^+ S7 V3 r% H/ P5 y$ A: p) s& s" J8 Y, d! r5 ~; D
安装软件包
$ h: Z8 F7 M/ u& q$ L, g
& ~! R" `; [9 `% R, Vdnf install openstack-nova-compute, q5 c; a, f0 N2 U
编辑/etc/nova/nova.conf配置文件) y" l8 o" A+ `. A' ~ D5 i; O0 c
. ]6 h- v3 W- S0 }/ ^在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用Compute节点管理IP配置my_ip,显式定义compute_driver、instances_path、log_dir:) l5 a# Z, F3 y. w4 a3 Q6 V
4 ?6 F3 H& o7 f0 J
[DEFAULT]4 w9 k! K3 z# C% Z& _" R! n
enabled_apis = osapi_compute,metadata- N" ^/ S m7 R. @
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' O! F, y1 E D$ G0 A0 v# d# ]
my_ip = 192.168.0.39 P& `6 F% i' ?0 o; Q
compute_driver = libvirt.LibvirtDriver; d# V6 ]/ I' z" l8 z
instances_path = /var/lib/nova/instances$ l$ |1 Q1 P' Q; N2 c
log_dir = /var/log/nova
8 n( U+ [# Y& t3 d3 t: M7 T: {替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
4 S& x, L+ H" g4 ?% a( i
; I5 P) |0 `; D) V+ e9 _在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
( r" ^9 [* x) c; z0 V
( f7 K5 V' V" @4 q[api]
6 V& X5 [' f$ e; Gauth_strategy = keystone
, i$ c5 s& J% g9 A5 ?5 P
/ h. \$ k5 U, W. Y[keystone_authtoken]$ \% h5 b! r2 g$ K2 J; Q
auth_url = http://controller:5000/v3) p, @, l3 `* o
memcached_servers = controller:11211
0 |2 s) z" V1 Z0 J* bauth_type = password
, {5 Q5 z$ k0 h2 \5 Jproject_domain_name = Default) T0 J, \& R9 D8 N% q: u
user_domain_name = Default3 z2 z( G! s, K+ J
project_name = service7 g5 e9 V" q1 K( z! O* D
username = nova
* K) H' ~, H. I0 P$ L, fpassword = NOVA_PASS
; a/ j& l/ J9 B h# O替换NOVA_PASS为nova用户的密码。2 I w5 B$ V7 G3 Y: F! {% X
! `, j% r- I: A& x在[vnc]部分,启用并配置远程控制台入口:
) `; a0 ] J& x7 t5 f4 V9 B- n2 m0 }7 I2 S' @9 H
[vnc]/ m* [4 x0 N: a) s! L
enabled = true, l% a/ |6 x9 O* X8 J# D2 y+ P* m
server_listen = $my_ip
0 K. B! N5 J) s; Gserver_proxyclient_address = $my_ip3 k* m4 G4 T5 z3 O$ m9 x
novncproxy_base_url = http://controller:6080/vnc_auto.html1 O- `, S! B' Y
在[glance]部分,配置镜像服务API的地址:, E. m. z5 ~" K' y
* s+ \" I- \: M( l4 f; Q[glance]
M! P% E; v7 P! V3 S7 O7 Lapi_servers = http://controller:9292
6 }/ W: x8 ^! z: Q, s在[oslo_concurrency]部分,配置lock path:# ^8 U i0 O& |$ R3 V6 p, [0 g
" T; `8 H" H5 G8 w$ r; v
[oslo_concurrency]. k% V7 f8 }( R
lock_path = /var/lib/nova/tmp1 v8 | H+ l# q ?
[placement]部分,配置placement服务的入口:, Y# F: e% ]8 Z- W
3 l! v* K( H# E% G+ T& C* G- r[placement]8 e) G" J5 @0 F- q% O: N
region_name = RegionOne
; A* b, [* e5 Z; H" [project_domain_name = Default5 f7 W6 K6 X. S2 u C
project_name = service
5 }9 r, [7 t: P& F4 {! eauth_type = password
9 U3 a+ n+ j5 Q3 y& h7 W% {user_domain_name = Default
/ E& Q4 z) T$ q8 j) X vauth_url = http://controller:5000/v3
' i' x) r, J' d9 }( Husername = placement& f9 g5 V" w7 P4 ] i
password = PLACEMENT_PASS
: o3 H1 L* c/ E* Z7 U7 v' V替换PLACEMENT_PASS为placement用户的密码。# ~/ ?6 i }2 c0 H+ H' n5 T
A6 ]8 t+ G" S: b) f) K
确认计算节点是否支持虚拟机硬件加速(x86_64), G! {( r+ e# D+ ^, k% U
! W% H5 J, D: Q+ @& G/ ?: e+ u处理器为x86_64架构时,可通过运行如下命令确认是否支持硬件加速:
- A4 P4 a( ~7 c q C+ V. s6 s/ M$ h) t$ o6 w; _
egrep -c '(vmx|svm)' /proc/cpuinfo
: L& w/ y/ {0 O5 n/ \& M如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:" v( v. z2 v A
: n& O- C; T0 b
[libvirt]! h% z1 \0 U, y, e1 S' ^1 A F1 t: ^
virt_type = qemu5 p) X7 m8 j* J: T: {
如果返回值为1或更大的值,则支持硬件加速,不需要进行额外的配置。
4 w L* y* b4 V3 C% m# v( k+ d) l- o: X, o2 k' ?
确认计算节点是否支持虚拟机硬件加速(arm64)
' W+ M% O7 T8 B( R: k" _0 F
( r; Q% E; ?* b$ P8 T2 Q2 _处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:
" O! r( d; w: k4 h6 i* c% f# [# Z8 O" {+ p+ k6 B
virt-host-validate: M& b6 L+ m; d2 v
# 该命令由libvirt提供,此时libvirt应已作为openstack-nova-compute依赖被安装,环境中已有此命令
: Q$ ]+ ]! o" p# w4 `$ E& o显示FAIL时,表示不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。
4 \! `2 g6 w' E9 ^8 b' N% |5 k& Q4 r( k: |0 D8 p; g6 Z$ k
QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded)% Y2 P# W! K- ~ `: U
编辑/etc/nova/nova.conf的[libvirt]部分:
- @9 K; k* D5 s* Z# q, q& m6 N0 S; x
[libvirt]9 r! [. E! z0 z: I! H# \" o1 J
virt_type = qemu
0 q# p/ T: M5 y* M显示PASS时,表示支持硬件加速,不需要进行额外的配置。: }, [$ |$ j3 [7 }- X
0 c, c2 e6 n: x, {) o8 ]5 QQEMU: Checking if device /dev/kvm exists: PASS! t' C7 L6 H. |
配置qemu(仅arm64)
+ h- e7 z* v! K0 ]1 q9 x/ k- v, M5 Y& x) V3 Z
仅当处理器为arm64架构时需要执行此操作。
3 i5 f1 ?0 r/ X- i+ S4 ]6 X3 h+ k# y4 U! p5 h7 K
编辑/etc/libvirt/qemu.conf:
; M3 J5 u0 @6 g' \) R6 U" o2 c9 ?( S) m @' W4 ]% A( U4 C T
nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \% @# ^" }* K' [7 h4 ^6 n
/usr/share/AAVMF/AAVMF_VARS.fd", \
! d4 I( h, \' X7 N4 _* ^) Z "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \
5 ]# C& ]8 k4 L6 }% M /usr/share/edk2/aarch64/vars-template-pflash.raw"]
6 t( V4 v: ?8 B; L编辑/etc/qemu/firmware/edk2-aarch64.json
# S0 H* g- V* b# t6 B3 V& p/ B% e: _7 s( G
{( W/ X- _- |+ R) R
"description": "UEFI firmware for ARM64 virtual machines",
& W; q) U8 R" K8 \5 K "interface-types": [
: D' ?8 X& O$ y' C9 _) g6 U* E8 S "uefi". z8 s$ {, K# V6 d; l% x
],: k3 H0 {! ]8 k, P5 s. h2 J- a
"mapping": {' V- K2 S, e+ |2 S% T
"device": "flash",
/ A/ r* x( ^+ y3 r3 z4 B9 L "executable": {% z8 x2 R1 D; [7 t( R5 v4 S( R V6 U
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",* a( ]/ G3 ?! G0 P
"format": "raw"
# @/ y, t, V1 A4 y },( ~8 h+ B& C# X, S \) p! T1 I' x
"nvram-template": {
" z: F% N" u2 R$ l "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",4 p$ X! D4 ]9 r5 j- r8 Y
"format": "raw"7 u# x9 B4 k4 @8 Q
}$ R- G- _! Z( T0 N& c7 T
},
% _1 C1 D: ~# y; } "targets": [0 k9 A& a7 g6 s2 Z6 t
{
7 v* Y3 v5 m' T [9 k "architecture": "aarch64",
: p p1 X8 Z N/ f% \+ ` "machines": [6 E0 b8 n2 a' Y3 C
"virt-*"
* m+ c# E; M. H# ?( x ]
8 O' O2 W0 ^. d1 g" Y* \$ C }
* F0 f9 D4 P9 ?- J9 |7 N* o/ i/ ?3 N3 j ],
/ X* }2 G' J4 C2 q "features": [: m+ d, B4 _7 _8 H' j
$ q; x$ @' Y( K+ H ],6 x: v E7 r- S0 l- \: y
"tags": [! W- `! g( e" N( s1 ~$ j; ]: v
6 a" U7 b% G; W- a! c6 g ]
$ [1 W& G% n& W( {' t}1 e. r9 I: D5 d9 F5 q! j
启动服务
2 Q% O# C. g# t) y @1 R1 B. G& z# Z+ p! K$ B+ I3 V5 \
systemctl enable libvirtd.service openstack-nova-compute.service6 F( H; H* O, Z p# v) ~. N7 j
systemctl start libvirtd.service openstack-nova-compute.service
B$ }' B. [- P0 b1 f1 ]: qController节点' `2 D, k) \/ D" L/ T9 T& E9 w: I
6 J- I' ~/ v2 y. ?在控制节点执行以下操作。
4 }( P" ^3 V5 f0 X; f G9 J. D- M6 j' v6 ^$ c* Z
添加计算节点到openstack集群
* }- V, \/ O+ h; b! R) L" P& N" N
) C+ c8 V+ R- q0 u2 @7 asource admin凭证,以获取admin命令行权限:
$ a6 [; C$ B8 ~, b6 c* L& [6 d8 ?7 ?) n0 d* q3 H1 d1 C
source ~/.admin-openrc+ H# G8 w) M5 E
确认nova-compute服务已识别到数据库中:
2 E- G/ w+ t: X3 w3 d3 q+ p5 ^, d2 y3 h6 w `- e$ h1 q
openstack compute service list --service nova-compute
. Q8 R. y$ H9 f }: t. T/ x" S+ U发现计算节点,将计算节点添加到cell数据库:5 N; Z/ M; X! Y& p6 _" I
4 s9 |4 c5 I* Z3 p( H* u
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
% i4 _2 o$ z5 w& h& ^! Y; A结果如下:( U/ q+ z3 {7 ?" o
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code.
' S; }* f" r' P4 E7 V5 \Found 2 cell mappings.: E4 f% u" G2 N8 \ [, I1 \
Skipping cell0 since it does not contain hosts.3 P) H* X, n0 d- x* r0 b5 T) u
Getting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2' h3 `9 B8 m' _/ p+ @" t: I8 q
Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e
" \# v/ m9 c l1 L: U3 f% sCreating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e
' V1 k2 }; s. Y/ vFound 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2* N i5 q: n2 k+ Y4 v
验证 s: v- a) [) ^4 p7 U' h j: ^8 S
5 w- H7 k& A; |2 x列出服务组件,验证每个流程都成功启动和注册:
8 ]& S; R+ I: W# H( Xopenstack compute service list% }- g# I1 n+ G1 H: U4 K
列出身份服务中的API端点,验证与身份服务的连接:
% K5 p; b* z; q6 r" g! Copenstack catalog list
+ L- P/ u8 b! L1 z* A: B列出镜像服务中的镜像,验证与镜像服务的连接:
1 Z6 o: S4 |7 \; d+ U5 oopenstack image list
4 l# a( ^- p* ]# y" c检查cells是否运作成功,以及其他必要条件是否已具备。6 L+ C7 Z, W2 o7 C
nova-status upgrade check7 D: l$ ^% ^9 h# L7 F6 t: a2 l
Neutron¶" z, @* \5 z I, Y
Neutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。
" T8 J, J) m( E( i3 _1 C4 j- L" `$ n* h" x
Controller节点: I) u; g# c& Z2 B' W
+ f5 m8 ~7 e! [
创建数据库、服务凭证和 API 服务端点
# O2 C5 Q- A3 _- l- d
! |: r; x( Z4 H* U$ m; i4 W" y创建数据库:3 d+ h9 D1 B5 _3 a. U
. S! v8 D3 J! m* Q/ f. M; H% r
mysql -u root -p; y& {! W4 H% S+ y2 l q
! `. F5 y: J" t4 C
MariaDB [(none)]> CREATE DATABASE neutron;- a& O$ o7 [. M4 S, @. Z
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';' H' u* K3 J% a9 ]0 }7 \
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
$ k8 Y6 ?- R9 V z% P: P* l2 GMariaDB [(none)]> exit;
}5 \1 E3 Y+ z; u创建用户和服务,并记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS:
5 ^7 l z. A% [& G/ ^+ W* x1 O& K& A) g3 r3 d9 Y# W
source ~/.admin-openrc
6 K1 ?1 L, ], ]0 L' Q, _/ bopenstack user create --domain default --password-prompt neutron$ |3 n) s, I* V6 d+ L
openstack role add --project service --user neutron admin
1 L* J" J/ U/ e, C% P$ @" Dopenstack service create --name neutron --description "OpenStack Networking" network
2 V, o6 }' P" @/ N! H* }部署 Neutron API 服务:
$ U# @2 n& @# ?' R& ]4 D$ ]
6 a- h0 h9 n7 f, nopenstack endpoint create --region RegionOne network public http://controller:9696
6 Q) A9 e1 q4 d) ?7 |openstack endpoint create --region RegionOne network internal http://controller:9696
) F/ k% A4 s {% ropenstack endpoint create --region RegionOne network admin http://controller:9696
8 Q1 S# E% D8 C- Q; _安装软件包% n3 @8 e: i# v3 m/ G8 o6 b- V
7 s: L+ M! S9 p& U: W% t! }/ f
dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2
# z7 m+ B! z7 b Z9 ?3. 配置Neutron# X4 I# Z* }+ w! C
修改/etc/neutron/neutron.conf5 c6 ~# Z8 r7 N" w+ I `
H5 Z+ A+ J# }6 \' `( |
[database]" B/ ~( T7 I" T& M! C
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron+ A! J! r* ]2 P$ w% _0 K. a
' i5 U; n5 d8 v: w6 @5 H[DEFAULT]
1 H/ [% N V2 @1 ^core_plugin = ml2" h9 M5 c( a9 j# g' i
service_plugins = router
" C+ P4 K, w4 A2 k9 S$ t/ lallow_overlapping_ips = true! ^( w; [+ \% Q1 ?4 r- y& B
transport_url = rabbit://openstack:RABBIT_PASS@controller, G8 F" H/ O8 J
auth_strategy = keystone8 ?2 A' ~! @4 X- X$ a
notify_nova_on_port_status_changes = true1 Z# Y$ j8 N c" P! ]. v y$ L: L
notify_nova_on_port_data_changes = true. f; P1 ]2 S2 S( K! H" [; L
# K' o- O; R* @3 n N$ P
[keystone_authtoken]
5 H% |# ^8 ?: G% Pwww_authenticate_uri = http://controller:5000 p% w, e: w0 X: z
auth_url = http://controller:50007 m$ {8 _2 Q0 F- I
memcached_servers = controller:11211- ~. H- Q$ c% z7 m5 v( V, b( Z; i
auth_type = password
0 C# w! d! T, q, u- K. kproject_domain_name = Default1 T( d( d! b- q. m9 k' h$ m
user_domain_name = Default& n, J1 l3 a7 K7 U+ P5 {8 D1 q2 E9 {3 w
project_name = service- [, R Z Z/ K" H5 @
username = neutron
- A( G/ x0 ~' T8 tpassword = NEUTRON_PASS
' _8 y8 Y' D" M% X+ [; \- y, ^' N9 c. X9 h
[nova], X. h# _ C/ p0 a" m$ B8 J. m
auth_url = http://controller:5000! ~; @2 a" t+ j
auth_type = password
: L+ {$ N/ Q; [1 o1 Oproject_domain_name = Default: Z; f L( _0 i4 {
user_domain_name = Default& g9 K# a p/ Q, Q; l
region_name = RegionOne
, N( Q6 B4 l- y; r# \" O" dproject_name = service
$ K! G: t0 M1 N" susername = nova4 i( M5 T( w, G+ N
password = NOVA_PASS+ _4 K7 _4 Q% u* N8 J9 W* E
4 a1 Q* Y+ o& T
[oslo_concurrency]; q5 J6 P8 F8 L# y, p+ n+ ~# t) g
lock_path = /var/lib/neutron/tmp
, x9 v( R$ l9 ~4 |9 ?) B1 p6 ~3 {& j% c/ U6 x0 h
[experimental]
$ _; Q4 ]% a$ X% t+ Q# m9 }linuxbridge = true
0 b( X9 `/ y, {% F- o, h配置ML2,ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**2 G2 G/ j5 Y0 s* m% o- S( v
- D* x# y+ c/ m* A7 r修改/etc/neutron/plugins/ml2/ml2_conf.ini
% z* ^2 @- Y4 m% O! j3 s S+ }* O" z0 o* s: ?1 ^4 a5 |! H
[ml2]1 z" [5 q" L/ U: o& X) p) u
type_drivers = flat,vlan,vxlan
0 C, [) w7 C/ F, otenant_network_types = vxlan
; z) M/ X5 a( ]* s X/ jmechanism_drivers = linuxbridge,l2population# L1 T% G+ Z& F+ H$ Y6 I8 ?9 @
extension_drivers = port_security& l1 o' \6 k- n% x0 e4 ~( W
" b8 a9 F! r2 l3 E[ml2_type_flat]/ r- R4 Y r- X$ t7 |5 p
flat_networks = provider: u1 k7 {( c/ d; `) I- n
. x/ O: r9 i6 m ~8 H
[ml2_type_vxlan]) e+ B9 y. @ E+ \! n# u
vni_ranges = 1:1000" i" [6 z8 x$ v
) y" n( _2 F# }, N2 ][securitygroup]8 o! ?' e' h6 ^: o' {
enable_ipset = true" B: t7 a: }( V" A0 V! Z M
修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini( A, C, k- d: G& w
, l8 T' e" D- A* \2 U% [
[linux_bridge]
# Y( k* D1 |0 [9 t; [ s( k& qphysical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
o. h+ y$ z& b6 x; C: K
) N! D/ C. [2 o" w[vxlan]
6 }3 p. d3 _8 K+ p5 s5 Lenable_vxlan = true
6 D7 p' B# h$ f# q9 f. a; l/ Elocal_ip = OVERLAY_INTERFACE_IP_ADDRESS2 Z5 Q! P; C- b# E
l2_population = true% J# f; u, B) P* J2 t+ `
. n* h( w- Q9 K$ [/ a6 |
[securitygroup]
1 S' {6 @9 A) P$ penable_security_group = true
- x E: w1 {+ ~' `& Z9 jfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- T5 l. Y) v Z$ d- ^& k. O: Z配置Layer-3代理: H1 g) _; m# S3 H- K% w2 b* x5 A4 n
% T# R7 j6 o: N5 I, s$ @) d3 r7 H) [
修改/etc/neutron/l3_agent.ini
" g; B2 ~, Z; _) }! ?# u9 [* |# f' o
4 P0 X, M; U8 A9 X2 R- D7 _[DEFAULT]
9 j, R' E2 \- e) j* M- I: linterface_driver = linuxbridge
; p7 N; }( X I配置DHCP代理 修改/etc/neutron/dhcp_agent.ini
+ [7 m/ @; |# ?, y) d9 P* b4 G! o8 ^6 C) q# U( B( V% @* ` R6 t2 n! |: F- L
[DEFAULT]
8 i0 h3 E" x% Y# }& ointerface_driver = linuxbridge8 V6 a7 d- d( d# O# Q3 y/ D$ R- _
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
6 ?. i9 D# L* H. ~8 o, \enable_isolated_metadata = true
1 v* o+ r. e0 j8 W- u/ G配置metadata代理
6 g" J" [1 N0 @/ ?) p
; D0 h6 X8 t; ]! Y3 S' E4 t修改/etc/neutron/metadata_agent.ini
' N+ J8 t) O' L% ~ R
5 C8 Y% \6 i3 t+ T* L[DEFAULT]: H1 j! d G2 U! H
nova_metadata_host = controller
% d# h: G( L" `, f' Cmetadata_proxy_shared_secret = METADATA_SECRET) n' [5 P }$ F, r, G3 F
配置nova服务使用neutron,修改/etc/nova/nova.conf
- C! r3 J$ I) @, |% a* \[neutron]
6 e5 X# i5 z4 N+ oauth_url = http://controller:5000
5 F2 A, h+ n) f# C% u6 Xauth_type = password3 l" ^ G, {) R9 W6 l7 Y
project_domain_name = default
4 o2 c) l0 o+ K! p3 J0 Iuser_domain_name = default" f) s9 V ^' o2 N" e
region_name = RegionOne! ]8 z, `- @8 y* T; k3 I
project_name = service
+ z+ o7 N9 ^$ @username = neutron
* d" B a& s/ H( u3 ?& @3 qpassword = NEUTRON_PASS& O9 o# x% W' E1 I, ?
service_metadata_proxy = true/ W- f+ {0 @# \, j
metadata_proxy_shared_secret = METADATA_SECRET# e, L& k" h- u1 s9 D
创建/etc/neutron/plugin.ini的符号链接
0 H5 ?7 Z% c- t/ j c5 M3 z5 l% F+ G+ |) b+ t4 r1 K
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini6 A+ P9 z% n% k1 D! d
同步数据库
0 l0 {) \; C9 m m5 c3 ]0 }! e( G7 c! v$ S2 U( C' `. y
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
5 F$ ?. |0 j( u重启nova api服务
2 N# t* H, z# _: x0 Wsystemctl restart openstack-nova-api4 O5 Q6 O' ^- `3 ^
启动网络服务. j+ C. y5 l8 P# [" V) o
3 }3 r3 s+ ?8 Z, }
systemctl enable neutron-server.service neutron-linuxbridge-agent.service \1 `3 m; k% I4 G& P9 h7 {
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service% i( T$ }; W* V( p
systemctl start neutron-server.service neutron-linuxbridge-agent.service \6 d/ Y4 X4 p$ ]7 t! x
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service' p" P+ W w- C% b6 w) J# g
Compute节点+ c" {9 p" _4 [
6 k8 r: F. H: l
安装软件包# ~0 i; @" h* {, e9 {' m
dnf install openstack-neutron-linuxbridge ebtables ipset -y
3 |( Q U9 [: ?4 W9 q' Y$ o% k, w配置Neutron
/ j; w: S. _3 T: M- j0 T
. S" R7 w$ I0 h6 u修改/etc/neutron/neutron.conf
8 j* W# G- g7 t# ^6 }; X8 P. Q- U. Q& E& e
[DEFAULT]" L+ t4 p/ A6 i2 |4 j
transport_url = rabbit://openstack:RABBIT_PASS@controller( g) h3 ?6 y8 v& W5 A$ Q
auth_strategy = keystone
1 v4 q1 k3 @2 d& m
8 X* p- N! L; g. |[keystone_authtoken]
4 f; d& L4 V% O- Mwww_authenticate_uri = http://controller:5000# R0 L3 `4 u" {) L3 `
auth_url = http://controller:5000
; H5 K9 c- Y# ]0 w9 ^, jmemcached_servers = controller:11211
6 o, Z1 E) @1 s9 B/ C! pauth_type = password
; s4 G8 m3 e. hproject_domain_name = Default m* e# w0 X# i* c! s7 w
user_domain_name = Default- ^' x- P3 X# p' r
project_name = service9 p1 l& E4 |: m8 h# s) O0 _$ m5 ?0 F
username = neutron- ~- G1 ^! A+ z4 w, p
password = NEUTRON_PASS! M4 y4 C5 ]' Q/ A) k
9 j4 m* ^- ?! q. _[oslo_concurrency]1 j& M5 L' b# h% w6 s
lock_path = /var/lib/neutron/tmp# ?1 E3 f. e3 C/ i5 }/ R/ `9 O' t- S
修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini8 @- H3 x. ~1 C! k2 n _5 y' Z8 P& D
2 q# X* f/ _ S+ M; L" e" \8 Y& Y
[linux_bridge]
4 t" `! ~% M i2 Z0 E0 ?* q9 mphysical_interface_mappings = provider:PROVIDER_INTERFACE_NAME) T; R$ v3 e3 P% H
1 T8 s8 B, o2 \* N2 U$ b! n8 ?' G[vxlan]: y5 c8 ~$ Y4 }
enable_vxlan = true
7 i; W, v! E5 n/ m' u" _& M" Wlocal_ip = OVERLAY_INTERFACE_IP_ADDRESS
0 Y/ t, n: P1 K& e) r$ w& Ml2_population = true
s. }. F; Q9 f3 {1 f, g1 m: q3 d/ q1 v& n3 a- q
[securitygroup] W7 f. q* I1 E5 x$ ~
enable_security_group = true
) a. {3 f, g% m1 i! kfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
8 ~ d2 g: J( d配置nova compute服务使用neutron,修改/etc/nova/nova.conf$ t: ]) F. }( c0 O
' j4 Q7 G2 [9 ?9 c
[neutron], o# L6 n. O8 T$ u( C) `3 e% T
auth_url = http://controller:50000 e& X6 Q8 J$ q7 Z8 ?
auth_type = password8 d* v6 r: U) }* u D
project_domain_name = default
+ K. |* x5 {" }, [) @ D& |user_domain_name = default" _# ^' ^- m, @" U; V! a" f4 D7 a
region_name = RegionOne; v' s1 v# u/ C8 O p/ p
project_name = service9 d- o. A( @) e7 I5 [6 p* G* `
username = neutron
: @ g) P; P* ]% v, a) k' rpassword = NEUTRON_PASS( X& O0 G/ c$ R) `
重启nova-compute服务
* {, H1 ]2 B9 T& [! w- zsystemctl restart openstack-nova-compute.service
$ @2 _+ T1 P1 F. ~1 L6 z2 O# c& q启动Neutron linuxbridge agent服务
; S- {* P9 r( ~' _% ^4 L4 f) bsystemctl enable neutron-linuxbridge-agent8 @, d" M& r4 o
systemctl start neutron-linuxbridge-agent
+ n+ ~' F3 V) I' t6 ]9 ACinder¶
3 f/ I! b% B+ E# R" i$ `+ zCinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。" f# H1 ^4 X) |4 e6 \
2 F) d( M! Y" \8 x8 p$ z. l2 s0 U4 x# n$ UController节点:3 ?0 p- B7 B7 y2 w: [
, a' C9 J5 T& Q7 L+ L( }初始化数据库4 }+ P @! d! a0 [& y
" K# Y# t2 J1 w# h. p( \CINDER_DBPASS是用户自定义的cinder数据库密码。: A5 U& t( e5 U; v% W
5 h7 f3 d1 b# T, ~$ N8 S; Jmysql -u root -p
( J \/ P3 e4 O1 \: s1 l& M7 W& I8 A6 w' @0 q
MariaDB [(none)]> CREATE DATABASE cinder;
9 H) {! E" l( r/ i6 N( G! CMariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';7 g6 ~% w9 Z# A9 Z' c
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
/ P3 n5 e% y" nMariaDB [(none)]> exit0 ]' T- P6 Y" y9 d
初始化Keystone资源对象0 Y) H9 Z! Y: q) o1 W& g6 t& t
4 c( ?. Z8 }3 I+ n2 ~) ]source ~/.admin-openrc
2 p' ^# ~9 k% [: C3 q+ R' X$ N! ` s+ W
#创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到`CINDER_PASS`的地方替换成该密码即可。
, L* Y9 t" k9 \- O! iopenstack user create --domain default --password-prompt cinder
8 q2 x* u/ B: M- B7 m7 ]9 j! m; Y
+ T3 U" c, I6 vopenstack role add --project service --user cinder admin
; V, J5 R) r) I! \3 g0 _5 d+ `* O8 r* Gopenstack service create --name cinderv3 --description "OpenStack Block Storage" volumev32 m$ \8 S# ]! G1 M1 e+ @
* w; C0 S( F& U% d
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
( e% y* f0 X0 a! P* X) S) c% u* eopenstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
* V7 g1 \0 x6 B. Eopenstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
& ?7 `: R8 e9 B$ r, V3. 安装软件包' ?2 h& W& b- t7 r
dnf install openstack-cinder-api openstack-cinder-scheduler/ E [7 @2 O6 Z& X2 j
修改cinder配置文件/etc/cinder/cinder.conf
. V0 J1 P3 J; \1 F0 t" B9 X( f& k+ ]4 K8 l* d
[DEFAULT]- I3 l5 R+ e4 z
transport_url = rabbit://openstack:RABBIT_PASS@controller
1 D3 N. f! a9 F1 Z3 Bauth_strategy = keystone( B& s- c# {* i2 Q! z& a+ p
my_ip = 192.168.16.2- K9 R1 {+ V! y4 `
: E* W/ c4 b+ t0 o[database]/ R' U5 l% u; P7 B4 M8 I
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
8 A- ~8 P1 E. Y( L. E. J8 p3 S
' O6 W4 G" G z) O4 z4 q[keystone_authtoken]3 B9 G& G2 s3 |" Q$ ~' w) Z
www_authenticate_uri = http://controller:5000' i, |& ]7 p; s1 ?
auth_url = http://controller:5000
! x; p/ {1 S bmemcached_servers = controller:11211
% l; ?' [3 A8 V- j# s. e/ hauth_type = password7 y+ J3 `( Y. |* _- M+ O
project_domain_name = Default
; Q" K- R# E, V3 suser_domain_name = Default
" @8 X7 o' d5 n) Eproject_name = service
& @- e9 i0 Q# ?3 W# ?# Y6 i6 o! ousername = cinder/ |) I: v3 g9 T5 S
password = CINDER_PASS% f8 B3 E4 G+ E/ F+ K O; k
- e: M( z/ k f4 h
[oslo_concurrency]
5 u! O/ A( H6 @2 g: Q9 j0 klock_path = /var/lib/cinder/tmp1 `# R% h. G0 D
数据库同步, b d# x5 A3 G2 y, t3 w
0 x: t3 j) O7 ^! E0 I0 U
su -s /bin/sh -c "cinder-manage db sync" cinder& d0 H6 k/ g' o- g& b- D$ j
修改nova配置/etc/nova/nova.conf
# {& I0 q! X7 U1 Q# f9 c- t
# h2 u! @3 m: X: a[cinder]- _& f5 c, l- {
os_region_name = RegionOne
+ {3 G7 K- \' y1 f- ~启动服务6 F( x; J7 C3 R) P9 X' o7 y6 ^
- R2 }. G. A: v- [% Y4 z* L, V
systemctl restart openstack-nova-api5 W) K1 F6 ]5 Z. G
systemctl start openstack-cinder-api openstack-cinder-scheduler6 W# N: p$ o/ s9 D% y) ]/ e' i
Storage节点:
( d* K1 ^$ |; t; P" E3 r
: t5 s- N V8 H5 ]- h8 wStorage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。# C, C+ n5 G' n1 [9 V. B
1 y+ G2 A2 F3 B7 K% Q
Cinder支持很多类型的后端存储,本指导使用最简单的lvm为参考,如果您想使用如ceph等其他后端,请自行配置。8 U/ Y; Q+ j) q1 u; ]: }/ M
2 O9 v% E/ I! b$ T6 h; `
安装软件包
4 q+ O% g' f$ |0 f5 C/ Z. Q9 o" G' G7 O
dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup1 J p% \7 E1 H) L* ^& i
配置lvm卷组
6 s, ^1 l) `7 R! K+ m$ Y2 |
5 T7 k7 V) @, O. }2 }1 H" U4 Mpvcreate /dev/sdb# F/ J) I7 s( A6 F* Q- \$ M' Z
vgcreate cinder-volumes /dev/sdb
3 D* w% ~# X; J' D e7 I Q% W修改cinder配置/etc/cinder/cinder.conf
# V4 x0 u; C8 s& p1 @) |& y/ `" S2 i! d' E2 |1 b
[DEFAULT]
1 |! T- a, X. c& Dtransport_url = rabbit://openstack:RABBIT_PASS@controller
( ^" O5 k J; r5 y- ~% iauth_strategy = keystone
% x# a1 ~3 f! Imy_ip = 192.168.16.4
) g8 b3 Y- m6 N5 A! Y9 p& Zenabled_backends = lvm
0 P0 N$ g1 }- Iglance_api_servers = http://controller:92924 l2 M* U9 A2 ~0 e( q0 E/ u4 ?
& V/ `2 z5 }' d- b/ P: ~9 E: c
[keystone_authtoken]5 P: {- u6 ]; e
www_authenticate_uri = http://controller:5000
i# ^7 Q/ ^$ y; r8 U9 U5 lauth_url = http://controller:5000, \7 t2 }3 w, b7 f% [
memcached_servers = controller:11211
- y4 i" {- y* ~3 {; eauth_type = password3 o& `7 W) r9 n2 \! J2 V) q
project_domain_name = default; B2 Q) J. Z h9 c+ i
user_domain_name = default. o, r) E5 k. L6 G# S# U
project_name = service! o3 @# k& O/ c+ U O) z3 C, T
username = cinder' q0 _: l; `9 @( u0 j+ T( R
password = CINDER_PASS0 A! m4 u. J0 h4 S- H t R
2 g: e! o5 P7 k, g# `; u[database]
2 T, H( W5 x9 G" o( ?% }1 lconnection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
6 r7 ~0 c0 ~% l2 @0 i( A" V$ {( P. M3 F3 }6 M% m5 `' y
[lvm]
) r* ]7 E2 H4 ]6 ^! x4 K! Ivolume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
, V; b' ~- l; F) \* O, }/ Tvolume_group = cinder-volumes
' \- Z) O" }0 m: Ttarget_protocol = iscsi
i- c- Q0 n: z5 jtarget_helper = lioadm5 _9 r. ]! r. o
. m% X8 y- o/ a' e[oslo_concurrency]; a. e5 u4 j! ~* Y, h
lock_path = /var/lib/cinder/tmp# ^* I, w8 ^% v5 S+ N
配置cinder backup (可选)! N0 [/ @. Y" M8 w A1 Q' q
% H$ ]8 b% _; U$ D4 a
cinder-backup是可选的备份服务,cinder同样支持很多种备份后端,本文使用swift存储,如果您想使用如NFS等后端,请自行配置,例如可以参考OpenStack官方文档对NFS的配置说明。
h- b# s6 B3 j6 y: P/ O5 o& I4 p F( H
修改/etc/cinder/cinder.conf,在[DEFAULT]中新增
- h! I% @2 b- L# w0 D) \3 `2 k! B1 W( }
[DEFAULT]0 r/ O u( F4 w
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver! L6 g% S0 m% i
backup_swift_url = SWIFT_URL+ p$ l1 }2 W/ R
这里的SWIFT_URL是指环境中swift服务的URL,在部署完swift服务后,执行openstack catalog show object-store命令获取。4 ` g; V6 s' y2 [8 S1 b6 N
% k3 H* P1 e. b% F启动服务7 \5 E' k/ x8 {3 u
: i" H" C2 z4 n; v8 [* `systemctl start openstack-cinder-volume target" _2 N! \' J$ [
systemctl start openstack-cinder-backup (可选)
9 C7 z( v8 B* x- O+ ~& }至此,Cinder服务的部署已全部完成,可以在controller通过以下命令进行简单的验证* Q- h5 ?2 E6 N9 s0 @8 p' {- I
+ z9 {& w7 O" G: U/ q9 `* d6 Jsource ~/.admin-openrc6 t# u2 v6 S& t9 f1 i
openstack storage service list
6 p8 O5 _. o0 nopenstack volume list+ Q( U) c& A' l% O/ s. S
Horizon¶
0 p5 U0 y$ l" ]+ M" @- s% mHorizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。& j1 Y" q& ?% e
) B. }9 P1 z. ~% V安装软件包/ `$ a5 d- a7 m! m
$ T% @5 k7 d' ^4 F5 R8 _5 k7 |
dnf install openstack-dashboard
: A V0 {4 \3 F4 A修改配置文件/etc/openstack-dashboard/local_settings
/ D8 s4 I2 j; j T
0 p3 t- Q* A8 M2 u! `OPENSTACK_HOST = "controller"* X; a! F( @% C, s% o1 C, T2 Q
ALLOWED_HOSTS = ['*', ]6 ^( u! I5 [- V8 S; W, H6 Z g
OPENSTACK_KEYSTONE_URL = "http://controller:5000/v3"
/ J7 P& E9 B* P$ d6 iSESSION_ENGINE = 'django.contrib.sessions.backends.cache'
5 m; n7 ~# I& b& K4 o% UCACHES = {
, A) N& ?' r' v+ a( V'default': {
4 q; s( j& ^, \- o4 p! Q 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
& y% L' j0 Y( M5 H6 Y; Z& t 'LOCATION': 'controller:11211',% I H- [9 F( ?9 ]7 u
}
, W( C" D5 C) B}+ G8 o2 F! c9 D3 [; G! R- r# f; ~6 Z
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
) _" z$ B) C N; ]2 M9 vOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" i* i- D: g: ]4 C \+ w
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
( h. K3 N* i' K) F0 j' YWEBROOT = '/dashboard'
7 H0 E \/ U* cPOLICY_FILES_PATH = "/etc/openstack-dashboard"
/ J* S2 K" H4 l2 H7 d3 L- t- w- \# B7 W- U5 @' X
OPENSTACK_API_VERSIONS = {2 u! O4 i! h. O4 \
"identity": 3,
1 k) y$ ?3 E3 [. U "image": 2,: \' N! J4 b0 K, s8 S, m2 ]. ?/ O
"volume": 3,5 _! D# v$ m% F/ ^3 R* i
}
3 F4 N5 f% i/ E重启服务
2 \2 X3 S( D. C
8 g( }2 l. s- }( Hsystemctl restart httpd' H# G0 l# E' ^# A8 B
至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.16.2/dashboard,打开horizon登录页面。1 B/ P& k8 r6 j! W$ ]: _% ~# ^: p$ s @
2 ^% z2 E" ]3 w% N" [) j2 P
|
|
发表于 2025-3-16 22:32:36