|
|
Openstack_安装基础使用8 G3 @* A# d8 ^2 b6 A
openstack 版本周期
3 q4 R8 G. L' w! |6 E7 K g, ]2 B: @% }1 v
https://releases.openstack.org/
$ P* E2 r7 i4 D5 O! @( V官方安装文档
1 e9 c+ r! O8 k4 t7 D' @) c8 n+ T0 D' r7 ]" g4 ~) x L3 {
https://docs.openstack.org/insta ... ackages-ubuntu.html3 ^; ~8 `5 e) w0 O; p* u
https://docs.openstack.org/install-guide/openstack-services.html
' _) J7 V% h" s" O+ t手动集群部署部署
3 [0 I( y4 Z. N0 U/ u架构 F6 T, B: _$ g/ i! a
主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色
7 r, R V* j9 I1 J% Gopenstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点01' e" x& p9 E2 O4 T; E+ M' h! g
openstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02% ~3 ]& A5 \; V0 y- h% c- n! N
openstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ
4 Q4 L% v- [# `' B$ Q/ O' yopenstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点
- `- J" J1 I5 X5 mopenstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点! I) }, C8 ~* A. ]% l. f" R/ p; J. C/ _
openstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived
/ m' C! F( Y- O( y ~$ B1)前期准备1 j+ Z" {% ]2 Q* |) t
1.1)所有节点安装
+ P5 S4 V/ M0 A8 v; a2 ]" o ~# apt install -y bridge-utils) ^: r, A+ u* L
~# modprobe br_netfilter
/ X5 Y8 V# u$ b3 f4 K6 O& G ~# echo 'br_netfilter' | sudo tee -a /etc/modules$ l/ ~' [7 g% H m+ I) u
~# swapoff -a
; m0 T4 Y3 c9 i+ j+ Z0 a ~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
( p( p" ~' z/ ?9 c( O0 p ~# apt install -y software-properties-common
) a5 P& _& c* A6 G1.2)时间同步
, N9 w8 g4 M, ?2 W; o "controller1作为时间同步服务器"
1 D, j# _5 d8 F4 ^9 r e- w root@openstack-controller1:~# apt install chrony -y" }/ I8 ~( ^7 _6 n/ i
root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"
6 \$ e7 ?3 d% t; w- ?; E7 y confdir /etc/chrony/conf.d
. g4 K3 c0 Y3 |6 l2 l, \& ] server ntp1.aliyun.com iburst5 N( @7 e% |( v- i$ M x4 q- T
server ntp2.aliyun.com iburst
' v; C* o% o5 t5 u. ?/ O server ntp3.aliyun.com iburst" m2 g, z# N7 I4 o
allow 192.168.139.0/240 w0 I! r; ]. d \' z" w
allow 172.16.1.0/243 o6 |# k& z5 j/ N: n* H
local stratum 10
# O. o; k8 ?: y6 D" O sourcedir /run/chrony-dhcp
, ]& X2 ?5 s! C& G! i# g7 t+ y sourcedir /etc/chrony/sources.d/ N! q: f, t+ E. \8 Z$ C: \
keyfile /etc/chrony/chrony.keys) v9 M$ o1 V0 G% @9 j# G
driftfile /var/lib/chrony/chrony.drift
0 }2 r0 O# c/ a, E# X4 H+ y ntsdumpdir /var/lib/chrony: I: M0 L( B, q, u% z( E: c, S
logdir /var/log/chrony; s, P$ Q2 _$ X; g5 Q& |9 u+ l' K
maxupdateskew 100.06 m, T/ p p4 K, b( h
rtcsync' e" s9 S8 `3 q
makestep 1 3
4 ?: ]! ?. c9 P U$ D
- s( _& M* e( `% g3 b! M E `启动服务`5 b/ a. `) g2 j1 w; \' S2 K0 @
root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony
2 U4 s* _" ]; q% \* C& O1 g
- R) @% e- q }2 }( B- U8 L `验证`
+ v- A' J/ {) D root@openstack-controller1:~# chronyc sources# a* X& f- B" A: n) V5 T H
210 Number of sources = 2" d$ Z+ y; T1 V
MS Name/IP address Stratum Poll Reach LastRx Last sample 4 j; j8 H* n2 e$ ?2 j9 p
===============================================================================4 d8 u" O& R/ S
^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms
* ~ u$ _0 Z# \- ?6 f6 m ^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms
" z c$ Y3 s, o. R, P$ A
) R; P5 [, Y2 l2 J5 m2 a" W "其他节点配置(集群涉及到的节点都要配置--我演示一个)"+ E' @) f4 ]: L; L2 a3 j
root@openstack-mysql:~# apt install chrony -y) H4 A4 u# X7 m. \, g* W
root@openstack-mysql:~# vim /etc/chrony/chrony.conf ' E1 V5 j) ]" c* h
#server 0.centos.pool.ntp.org iburst6 F% d5 u8 x2 Q6 J4 [
#server 1.centos.pool.ntp.org iburst( P$ k! O d1 v, F; v
#server 2.centos.pool.ntp.org iburst h. l4 u+ @. S; n: v+ O
#server 3.centos.pool.ntp.org iburst
8 T# F+ z: t( {+ r server 192.168.139.31 iburst # 添加这条信息指向controller1' b: [2 _+ c- k1 p* ^
root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony
1 C6 ?+ B5 @/ j4 W: i/ K root@openstack-mysql:~# chronyc sources
6 o" g* y9 b4 C0 _/ j; { 210 Number of sources = 1
( j9 s. Z! H! |1 g* S/ l MS Name/IP address Stratum Poll Reach LastRx Last sample # A8 J7 O: s2 _9 L9 i
===============================================================================. }- g: Z$ w7 u9 b( o/ v! T
^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms- b5 C$ l% h( d% {. v4 h
1.3)配置openstack官方源
! x& f: `9 g4 {' A x% X4 C `controller管理节点`" F% [! o! J/ R0 V5 u$ {: j- ~
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
+ f( O' k* C* c" I root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache ; ^9 P$ R0 v& p5 w$ o
' ]- i6 }7 a2 N6 r0 I. l. |9 K! J8 V$ f1 u `node计算节点`: E2 _, {& R6 v+ ^
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
( G. d7 B2 O% | root@openstack-controller1:~# apt install -y python3-openstackclient
" E& R* ]% B6 t3 h7 ~8 J0 q* I% m, s `数据库节点`
; E& B6 c' ^* n' e0 X6 V6 A root@openstack-controller1:~# add-apt-repository cloud-archive:caracal# `9 Q- e$ x5 `( S2 w
root@openstack-controller1:~# apt install -y python3-openstackclient T, J8 S {/ n8 w; w: D+ ~, B
1.4)数据库配置, a% \/ W! P( i, ^0 o% \1 {
root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql! Y% U2 i9 _0 J' Q6 o [3 q3 t
root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF1 v, B& h& g4 a) {) R) ?7 I
[mysqld]
7 u0 x5 s \0 f( B6 ~/ S" ^ bind-address = 192.168.139.33
' r1 h. l6 K G0 r' v default-storage-engine = innodb
' N7 _! Y5 R) t) u9 l* ?' s innodb_file_per_table = on8 S7 D# V4 } M' ^
max_connections = 4096
: |: D+ Y: f0 `3 k collation-server = utf8_general_ci; ]+ s1 K- z8 Z* T( N- B
character-set-server = utf8
) P% _" \0 k; O' ~ EOF+ H2 L: H1 g: _! H2 I: o- l5 M6 f
root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb7 Z! F! k) B y# _
1.5)RabbitMQ配置" `0 V9 v. h, Z% f/ C! O0 Y
root@openstack-mysql:~# cat >> /etc/hosts << EOF
9 ~1 q, c1 X0 z! Y5 D" g 192.168.139.33 openstack-mysql.stangj.local openstack-mysql- T' T" _0 x* }% e
EOF! a0 W$ l. J' h' U8 Q2 J
root@openstack-mysql:~# apt install -y rabbitmq-server. j4 A Y: h$ @) y9 Y0 g
root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service
1 o8 H- A( J. v! _6 A root@openstack-mysql:~# rabbitmqctl add_user openstack openstack123+ F- O* j7 e" g M5 L3 [! s# q
Adding user "openstack" ...
3 m+ S. t- `( J' ^ E' I Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
: u5 d0 \ ~, T* Q; r* N0 { root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*" ; _: J- t# l* E' v J
Setting permissions for user "openstack" in vhost "/" ...# K3 R( g4 ^2 u/ A
`查询插件`6 {2 R6 x5 `/ `1 r6 @" i4 J
root@openstack-mysql:~# rabbitmq-plugins list/ f) T) Y8 Z8 ]9 u; b% c0 v) e
Listing plugins with pattern ".*" ...! u/ I" K `& G/ n' x" p
Configured: E = explicitly enabled; e = implicitly enabled
7 l, N2 @9 Y: x0 g) u& p+ {* ^0 O | Status: * = running on rabbit@openstack-mysql C+ W" f9 l! _! d! ~1 N: W
|/6 O/ W/ D8 F( `* C5 d
[ ] rabbitmq_amqp1_0 3.9.27
& A5 }# \ _5 P/ V- t1 | [ ] rabbitmq_auth_backend_cache 3.9.270 N! i q' r6 i; K
[ ] rabbitmq_auth_backend_http 3.9.278 U/ ?. m# w+ c1 X
[ ] rabbitmq_auth_backend_ldap 3.9.27
2 _; ]! c4 D2 `: S [ ] rabbitmq_auth_backend_oauth2 3.9.27
, k2 z' o2 b6 Z7 K7 s [ ] rabbitmq_auth_mechanism_ssl 3.9.27% r* X. I6 p/ O' m
[ ] rabbitmq_consistent_hash_exchange 3.9.27
5 [+ K: s. q3 M/ h [ ] rabbitmq_event_exchange 3.9.27
+ {7 a9 M- U2 a [ ] rabbitmq_federation 3.9.27
. f$ m" h% o( e# z1 t [ ] rabbitmq_federation_management 3.9.27, Q% ~* |2 P3 _: p5 P6 r: ^. f
[ ] rabbitmq_jms_topic_exchange 3.9.27+ g5 Y# J. f4 @! ~5 W( Y- X3 `
[ ] rabbitmq_management 3.9.27
$ G2 C& M( x4 K& f [ ] rabbitmq_management_agent 3.9.27
, S0 G+ I' H7 i) I1 W7 d [ ] rabbitmq_mqtt 3.9.27
( ^9 _2 p: s; N- w; ~9 }+ U% G [ ] rabbitmq_peer_discovery_aws 3.9.27# Z% e: c0 Y$ M) K% n' {- a
[ ] rabbitmq_peer_discovery_common 3.9.278 u) d4 C3 S) j P0 N
[ ] rabbitmq_peer_discovery_consul 3.9.27% {4 c8 I( N4 m- {; y
[ ] rabbitmq_peer_discovery_etcd 3.9.27
: c3 F, Q- q& v1 W [ ] rabbitmq_peer_discovery_k8s 3.9.27
0 @/ w- x) [& T( h8 q- N [ ] rabbitmq_prometheus 3.9.27, X: q; C2 r S5 t: M8 ~/ C
[ ] rabbitmq_random_exchange 3.9.27
; Y# c) s" z" Q; {4 L [ ] rabbitmq_recent_history_exchange 3.9.27
3 s; b1 o; n) u0 P/ j [ ] rabbitmq_sharding 3.9.27
2 V* L: x% v" u; o" ?- K9 h [ ] rabbitmq_shovel 3.9.275 b d+ q" c/ P5 k5 s& ~
[ ] rabbitmq_shovel_management 3.9.27
7 [ @/ ]; N- { [ ] rabbitmq_stomp 3.9.27
! W( T: G% B. {) }. X [ ] rabbitmq_stream 3.9.27
8 a: |# F1 g; [! T, k9 K [ ] rabbitmq_stream_management 3.9.27) u4 S' |( F6 U- @% {( t
[ ] rabbitmq_top 3.9.27" j2 f# R! W- j7 u J
[ ] rabbitmq_tracing 3.9.27) H$ L+ x- f) {2 D, h4 s) [
[ ] rabbitmq_trust_store 3.9.27" }/ z, i& m2 p' X1 \3 H4 g
[ ] rabbitmq_web_dispatch 3.9.27
2 d. L( @. T' I! C' ~! X9 D [ ] rabbitmq_web_mqtt 3.9.27' ?% z7 Z* A/ H5 s+ C3 X7 g
[ ] rabbitmq_web_mqtt_examples 3.9.27
" b N, k: N2 Y0 l# l [ ] rabbitmq_web_stomp 3.9.27
; N8 e3 ]5 a$ y4 K$ `# T4 |& J [ ] rabbitmq_web_stomp_examples 3.9.27& f( G( l+ `/ K3 E0 e7 A$ X* s$ `
`打开插件`: ?/ `' f, i* Z& w9 {
root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management% s3 L4 D! A$ C$ U. A' G7 u
8 t& H2 x. d; ~ root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf' P1 S! p( K. X3 _% j
loopback_users = none6 F- Y2 n' ?7 l& a& ~- j# O4 Z
root@openstack-mysql:~# systemctl restart rabbitmq-server.service 4 B: {9 G$ |# {. D# H
, T6 T( ^; [/ w- y/ a p$ a0 ?
访问 http://192.168.139.33:15672/* d9 \: M" n% B) ]4 u. f
+ B! |: o2 x- o, J+ n1 I5 y) V
$ ]) n/ R# @6 k0 d6 h$ K1 ~- q# i/ k6 X* f6 Z0 |
0 g2 m8 _9 }6 I4 x1.6)配置memcached
' R# U4 I! G# i" x/ D3 n4 X# ^6 _ root@openstack-mysql:~# apt install -y memcached python3-memcache
. V! h5 |" p9 e) p3 W root@openstack-controller1:~# apt install python3-memcache; B# O, q- d) y8 @/ s
, c- p# a1 _# i
root@openstack-mysql:~# vim /etc/memcached.conf
% C9 v4 f: [; e2 T5 X& V( v6 D3 U9 Q # Specify which IP address to listen on. The default is to listen on all IP addresses. D( c& H' v0 [# z- l' b
# This parameter is one of the only security measures that memcached has, so make sure
( v% ]8 z: n8 Y' v4 g # it's listening on a firewalled interface.; k9 U+ E/ U6 p) B6 O6 S
-l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:
) h! e6 V1 Q0 D0 _$ J( z) } root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service
$ k5 ?4 c3 f1 }1 {. W+ M9 m1.7)配置haproxy* X0 j& q0 X. u6 m) F8 f
root@openstack-haproxy:~# apt install haproxy! g9 ?: v. s* }+ v" `9 H
root@openstack-haproxy:~# apt -y install keepalived
# D g; i& M. N8 T% [ `配置keepalived`! L0 E+ |7 ]. N
root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf ; F R0 z, |! `, v/ `4 [$ g' j
global_defs {( t( `( |, C& Q7 Z( p! Y
smtp_connect_timeout 30
$ S, e5 Y4 g: X" K$ } router_id LVS_DEVEL [ m- w, F! \" {+ Y1 _
vrrp_skip_check_adv_addr
( ?8 w2 |: b5 o# e vrrp_iptables
5 i& W6 k) i W/ ] vrrp_garp_interval 0' b; s: X- M7 N
vrrp_gna_interval 07 u M0 L4 y9 @+ V0 Y/ z
}+ n; y4 {$ i! m ]: `) ^
# v: M4 B( o k8 B0 c4 a5 V: L
vrrp_instance VI_1 {* u _6 K s' Y; d9 r$ M) }
state MASTER. B' a7 m% A) S8 A4 d
interface eth0; h" e, B, I! P( r( ?" t; E v: I& T2 q
virtual_router_id 510 m9 `* M4 s6 {/ ]& ~! Q j4 u
priority 100+ O% n) y n4 U! f* Y3 H$ h4 Z
advert_int 1
' ]3 n& P7 G' g# O, ` authentication {% N7 m/ L. S5 `$ I. A( l
auth_type PASS
/ U" ~ X$ }3 p7 ^3 l2 V& x auth_pass 1111# G' B1 E/ ?- H! H9 W1 z
}8 v: y# D: ?/ j4 H' V; y
virtual_ipaddress {
. t# B% x; ~: e- e/ f3 a! w 192.168.139.248 dev eth0 label eth0:0
& Y5 P: h. O) G/ k7 _ }6 E7 ~' K$ ^% ?3 H* Z( r# [
}; q6 @" q# U" S% K& x V
root@openstack-haproxy:~# systemctl enable --now keepalived.service ( f6 v4 W1 z5 A! P4 P
root@openstack-haproxy:~# systemctl restart keepalived.service 8 S4 W# b$ x6 x" ?
`配置haproxy`/ x9 A' x- i+ P6 x' n$ b8 r
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
% _' J2 S: c. v$ A" A # 把后面的frontend和backend模块配置全部删除
5 e) R9 d" y# t: H # 最后一行添加4 [6 Z# O2 j# V' Q& H
listen openstack-mysql-3306
! r. u" K7 ^. Q" E& O1 z( ?( p bind 192.168.139.248:3306' g. q7 d4 r6 `( p5 l( l
mode tcp
8 w3 ? w5 q7 \ server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5! S- @) `8 e) N, o$ r
* y- n$ v: W" J5 Z3 g, J
listen openstack-mq-5672' V4 D6 |6 z9 W6 U
bind 192.168.139.248:5672+ A$ W* z, A4 F6 F
mode tcp
( L, i. t* }+ d$ z, b server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 5
% c- W( o: Z! Q( p, T- D% k) l ' ~. X/ c( w# ^9 A
listen openstack-memcached-11211 i+ f* {1 e& O$ n! O0 r J
bind 192.168.139.248:11211
4 X! K' _" c7 M" E mode tcp) b5 l S! J8 u0 p/ P) {
server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 5
) l7 G: K: |( J' \& o- y- M& B
' s/ b' D+ P" d! A; z# _. Q root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf
, B9 ]( R9 y/ z9 z7 X' t4 Q root@openstack-haproxy:~# sysctl -p" Y7 z9 ]0 t9 Y4 I
root@openstack-haproxy:~# systemctl enable --now haproxy.service
) D5 B, C- J4 A4 {8 l7 O$ E root@openstack-haproxy:~# systemctl restart haproxy.service 6 c; l; }! W" p& j# B2 |$ Q9 W
root@openstack-haproxy:~# ss -tnl4 ]3 u- a0 J$ l& A1 R
State Recv-Q Send-Q Local Address:Port Peer Address:Port3 J* C8 S1 E4 R, G7 a: ?# @& r
LISTEN 0 128 *:22 *:* 3 I$ `8 B# [# ]. q
LISTEN 0 100 127.0.0.1:25 *:*
- i. }, I: Y1 n7 `/ z+ H LISTEN 0 128 192.168.139.248:5672 *:* 9 I* V8 U) z# W2 q3 z* e9 I
LISTEN 0 128 192.168.139.248:3306 *:*
! o4 D7 y0 b4 @3 c LISTEN 0 128 192.168.139.248:11211 *:* ) P1 T! Y% h, m% G' R, @
LISTEN 0 128 [::]:22 [::]:* 2 n$ h; r, R2 Q3 l/ B: U) ]
LISTEN 0 100 [::1]:25 [::]:* ; P/ V0 L- z8 S2 Y! Q7 G
验证3 D3 k1 r( m5 u2 b) I
9 \% m1 T C5 g! t9 x root@openstack-controller1:~# telnet 192.168.139.248 3306: ]# m3 `, h+ b9 Q9 Q# z6 v
Trying 192.168.139.248...
3 }1 O" t2 {2 Q Connected to 192.168.139.248.& l* q+ B0 Z% Z' Z5 \# O
Escape character is '^]'.$ p0 T$ I' H+ O- i: i7 C+ g9 x" M
V$ T# U: I/ p/ e/ Q4 r" R9 V
root@openstack-controller1:~# telnet 192.168.139.248 5672
* ^1 h7 n3 }2 t8 v( K% o Trying 192.168.139.248...$ k; X- w# x3 \( G! D! l9 C, T8 |% D
Connected to 192.168.139.248.
8 s9 w( o5 A, k; }' U7 B% o3 ]# X W Escape character is '^]'.. t& T* }, S9 S. t: E
. i! M3 i- H/ ]1 A' D. O root@openstack-controller1:~# telnet 192.168.139.248 11211
. Y. ]+ @4 `9 V6 }# R! W h# ~- a Trying 192.168.139.248...0 j0 c" v- J" q8 U+ ~% W
Connected to 192.168.139.248.
& f, e2 B. N+ c6 I% O$ r0 D Escape character is '^]'.! N4 W# f9 d! x4 b* N0 {
2)安装keystone! J! G, w. Y1 X0 B9 u
2.1)创建keystone数据库
7 x5 Z& A8 L5 e) z2 R. T root@openstack-mysql:~# mysql2 r r. v: `* q* g
MariaDB [(none)]> CREATE DATABASE keystone;' P+ z9 ]. E& S9 Q. O$ U" |- D
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
2 J: z: i& L. ?. L/ R2 y/ i `controller节点验证`
' \+ {! |4 Z( q2 E root@openstack-controller1:~# apt install -y mariadb-server
( W) m; T* Y0 V7 I root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone123
. }7 M# R$ \' c! \' [ Welcome to the MariaDB monitor. Commands end with ; or \g.9 p; V+ g* p" E5 e2 d
Your MariaDB connection id is 35* o+ w8 S4 V) m
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04& G' N4 O8 p% L$ Z `
2 B D& ?- J$ p, k4 o! k Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
( Q5 k7 E% O; l3 R. N+ ]6 e ; s% W% S& D* m5 ?0 }
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
, z( T1 R' w3 x / }; I$ H# j5 J* X, e4 ^
MariaDB [(none)]>4 Y9 K. M$ I( J' ]! U
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123
; m6 g$ e8 a0 w+ x! @ Welcome to the MariaDB monitor. Commands end with ; or \g.
9 @3 {& R. l& x* _3 E/ M Your MariaDB connection id is 36
1 D0 B+ G# O6 ~ Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
l/ B k x7 `6 T# O
- q" e2 B T' }0 u6 g1 B! C2 X Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
* d" Q8 H* v- V1 h) i
& J* y1 Q. e; U! X) z; O1 k/ x Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.5 I4 M! B5 b, [( K/ V1 L# V, Q
! a! ?: p. L" I+ v, A! R. M1 m$ P MariaDB [(none)]>
5 m8 T! v8 s" Z0 ?8 I& b# e: Z, d u2.2)下载配置keystone
: u. ]; |- q. d2 n root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py3
9 U. _9 N5 g1 Z9 S# e- C5 S- E `添加vip的域名解析`9 Y& M/ s) [3 J* X( |. D6 T. r b
root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts) }! a7 R: v) w7 L% b2 `7 m: D
`修改配置`! E+ V& F/ D4 _4 C
root@openstack-controller1:~# vim /etc/keystone/keystone.conf
, `" }9 f! [- M! |# B [database] # 在这个模块下面添加下面这一行信息
3 G) Q7 B$ |7 x Y connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone, w4 o4 c: ]! [$ T! a1 f/ x w
[token] # 在这个模块下面添加下面这一行信息4 S7 n1 f, s+ X) {5 b% ~
rovider = fernet2 R" ?' I* q2 k5 Y. z% z2 M7 D
2.3)初始化keystone数据库" O5 M- w7 O9 B" U
root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
) F# x- G; g. d2 u `验证是否初始化成功`2 o7 D, f' I R* w: y4 r8 ]
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables"
) V2 l- ^2 y4 |& o* u6 a +------------------------------------+
* Z1 u; ^# @7 H" D, H( { | Tables_in_keystone |
; J" {2 C! s; |0 Q +------------------------------------+
8 S/ R+ u) L/ u | access_rule |
. y- o* E$ w- E0 _! ~3 P/ s5 d | access_token |
- e' a8 c. D7 e6 K$ x0 @ | application_credential |
0 O* n6 x' S# C6 t | application_credential_access_rule |
, I( @& X/ Y7 B# p }( k | application_credential_role |
# i g2 h! L( E0 q- c | assignment |
5 \: w$ }- B0 h | config_register |
/ ?. ~1 s3 O4 p( D7 ]# f ......................................
' {9 ~( m% a% |8 |' X- i. r ......................................7 V1 n `0 l2 ?. i
| user_group_membership |
: r0 r' f& ?, t E | user_option |8 {7 D/ }& U* k2 b* c
| whitelisted_config |
3 B# [" V f; T' L/ q3 V +------------------------------------+9 s9 g5 t7 c4 ^1 v
3 ^, Q! u) [' H; v% D7 A7 t/ u
2.4)初始化 Fernet 密钥存储库
* @3 U$ _; L5 \3 Y* J! }4 H/ ^ root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone# e; a' G! A; T9 v
root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5 m& s- O4 m; Y( r7 N: J2.5)引导身份服务
8 A: V! ?# L7 c root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 5 m2 {0 e$ h v4 y$ _
# 在最后一行添加下面4行内容9 Z- C9 P) @4 ?( E+ C% ~
listen openstack-keystone-5000) x0 Y& t8 i% C0 ]0 @( P
bind 192.168.139.248:5000
& h! _4 n9 x0 X( O3 s mode tcp
- M) C% S W* R* m1 A/ [ M) W server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5) x q0 D; v* {
root@openstack-haproxy:~# systemctl restart haproxy.service & X5 ]- }9 Z2 `9 ^$ [3 R
# 设置,密码为admin, ]5 S5 [- i$ B/ g! ?# B- R
root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \
6 Z1 @) f% W# s8 _2 _2 k --bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \7 V7 C' L3 K2 U9 x
--bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \
3 ~' S, K; D2 [! X --bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \2 K' | Z' c- o
--bootstrap-region-id RegionOne
E& K2 T" N& ?4 t6 K; K `验证`
$ ^, r/ m- m1 @0 V7 n5 y [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service"
6 t8 J$ s4 V i1 { P +----------------------------------+----------+---------+----------------------+' L; A, i: \& {* W6 e8 k! N5 E! Y
| id | type | enabled | extra |
4 ~6 B8 M4 |3 X- w$ H4 R: j/ N +----------------------------------+----------+---------+----------------------+
% C" _- C+ z) P3 \9 l | 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |
$ ~+ x3 n$ E1 `! W {0 Y6 |' t +----------------------------------+----------+---------+----------------------+
8 M4 J+ ?5 P) G) J [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "3 h7 e p$ A8 x+ c+ c6 I0 t
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
$ m' \4 _/ l/ C9 g8 V) B4 F | id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
. Y- _' r2 c8 _4 q& ~: Y +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
. P+ M# X- j+ e3 P, k$ x; P | 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
8 w( j' Q& Q, L* e3 n | ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |+ j6 B* j/ t# \
| def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |4 G+ v' E- [, |+ N* P
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
0 T5 A3 k2 l1 I4 m# H& h9 K) g2.6)配置Apache HTTP 服务器
0 H& y3 L2 Z3 x- a% A V root@openstack-controller1:~# vim /etc/apache2/apache2.conf
; U5 p" p1 @$ n0 L( F( f& ?* F ... # 找空位置添加
; E2 ]+ A' {5 v- d2 w* G ServerName 192.168.139.31:80( t, M$ U! n% u, e
root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart- g. i0 q8 @$ d: C J
`验证服务`- H3 O/ A6 F7 e
root@openstack-controller1:~# curl 192.168.139.31:5000$ \$ `' a! ]( Y
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}* E+ J8 c. c/ T! `3 }, I$ o
root@openstack-controller1:~# curl 192.168.139.248:5000
& _5 p# O6 p# H* }1 Y {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}3 o; a5 `; Y: b$ o, n# x3 n
root@openstack-controller1:~# curl openstack-vip.stangj.local:5000
" o8 G1 s$ p; v3 |* a+ Y2 t {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}
& P0 x; }& K1 b& f& T- A# k2.7)配置环境变量来配置管理帐户, {. {# r/ d X; G8 Z O- D. n
root@openstack-controller1:~# cat > admin.sh <<EOF
" ]: D" m: s7 z export OS_USERNAME=admin/ r2 A+ h' e, D* D: T6 M' A
export OS_PASSWORD=admin
- |6 v3 ]0 P' ^- F6 f export OS_PROJECT_NAME=admin% }( e j% D/ R0 Y6 F
export OS_PROJECT_NAME=admin
5 `& W: P2 B; A/ Y" d; h export OS_USER_DOMAIN_NAME=Default6 u7 V" h6 \: l5 l
export OS_PROJECT_DOMAIN_NAME=Default; L+ G9 I4 z9 ]( T) n6 u0 S
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3% y* P) P/ p* e& t! M
export OS_IDENTITY_API_VERSION=3; B6 f" b0 m5 Y8 |+ A; ^
EOF
% J6 H8 D6 d: i7 _ `生效配置`
2 D9 G2 r- h B8 I5 H0 S root@openstack-controller1:~# source admin.sh* e$ f$ h& G( ^6 j
`验证服务`8 X% s6 a8 s4 ~% \
root@openstack-controller1:~# openstack user list, ]$ K+ r" j, }; t3 ~6 ~' j* O
+----------------------------------+-------+
- \& @- O$ p8 l | ID | Name |3 N, M! X# H7 n+ t. ]/ M$ X7 w0 S
+----------------------------------+-------+
7 ]- h. |6 A% ~# _- L | 5c4b6243d95742799de0fc97ef119967 | admin |' q! V: {' c( B* O4 b% i' X$ m
+----------------------------------+-------+
2 q' l: [& Y7 v2.8)创建域、项目、用户和角色
5 T, @% H1 s ] `创建域`
0 }! {( }- Y; T; {3 w# J" \ root@openstack-controller1:~# openstack domain create --description "An Example Domain" example% T# {4 q! }3 J, b2 P( B
# [root@openstack-controller1 ~]# openstack domain list
" X4 {# ]9 M3 R( C5 `1 H +-------------+----------------------------------+
& y8 z3 N: Q3 M/ {4 f& `2 e | Field | Value | u" u" C2 Q6 W0 Y' H. F' `8 [ H
+-------------+----------------------------------+
! _, v3 F4 V9 b | description | An Example Domain |
5 ~- S1 N+ f' D- l2 W% T* ] | enabled | True |
* x8 t: R/ H9 M- E | id | 7233934db37f4e839da0bbc62bdebdf5 |
( _* F+ {, Q4 h) G6 ^+ z | name | example |: b6 b1 x. r2 [
| options | {} |
4 m, P ?& o, |" C- c4 e" @+ l/ l | tags | [] |
@4 z- G" C5 G1 @: o' y0 T +-------------+----------------------------------+6 \# ~& i9 F2 M+ W+ [4 O1 D; g
`创建项目`, T' s% B* a1 G' S' l1 |- i. a
root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service- l8 C* l1 m3 ^: d8 q
# [root@openstack-controller1 ~]# openstack project list* |' |/ i _, z+ k Q3 l& I
+-------------+----------------------------------+7 t5 t O$ Q( Q: w
| Field | Value |
/ a8 [0 Z6 G J0 O5 q +-------------+----------------------------------+
# c. M8 ^- g' T | description | Service Project |
. E# r$ A! P; p# Y" I | domain_id | default |7 ?* J. [6 K, ^9 k
| enabled | True |
1 P7 M+ }* J- K, D | id | 024872cab1fb4329997f4bb552cc7439 |$ E& ?3 n% m) a" [
| is_domain | False |; b1 \( N7 h2 I& u+ V: P- l
| name | service |
`% |5 C2 K% X9 I | options | {} |
9 V3 q1 l7 e+ I7 Y | parent_id | default |
& y5 R7 p: u1 }# T1 g+ o, d | tags | [] |
7 N) V- s4 m# U +-------------+----------------------------------+
k- e0 ^- U2 s& R) O6 S% Q0 Q `在default域-创建项目:myproject`/ C2 Q1 p: G+ E- ?
root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject1 F+ n& U$ A2 g2 u2 K+ f0 e
+-------------+----------------------------------+ R# p0 s( g2 a2 o
| Field | Value |
) O- |0 r/ l Z# b7 I +-------------+----------------------------------+
5 n6 W) X# V, N9 p/ R | | description | Demo Project |
" i, @4 Q5 U" F9 V- Y | domain_id | default |
5 @4 P% G8 R! ^, h7 B | enabled | True |
; c: H* h' U( Q. n$ _. L6 X | id | 35e14efc4bb64fd18ab58ab793881459 |* X; u7 w' r7 O: b9 D
| is_domain | False |6 x; O3 i( @2 d+ q0 ~ b
| name | myproject |
v8 k5 R. U; H. { | options | {} |5 z/ z% g0 ~& ` ^6 c7 P
| parent_id | default |" D8 U3 d; r! S* U8 f
| tags | [] |
% f7 o5 ~5 f5 S [" s/ Y% V +-------------+----------------------------------+7 w- P3 a# [1 J' A0 t0 x( B
`创建用户:myuser`
J# f, K M, K2 |+ x5 z root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser, s* T$ [% L2 f+ W9 S6 K: [/ b! p% M; L
User Password: # myuser. }! m/ @7 c; E( x/ s! V
Repeat User Password:# myuser
, i: E% E* S- X$ |. k8 d +---------------------+----------------------------------+: V3 {6 `: i/ I: y4 w) D) P
| Field | Value |
) }1 B# c5 k! @3 Y f# E, |8 Q6 w' r. H +---------------------+----------------------------------+
- k" s w% N5 _$ p, R9 {( R/ L | domain_id | default |
8 I2 n/ i1 \$ _! l | enabled | True |* y$ w5 d3 [0 Y4 B3 W. e+ R
| id | f40449a65bcf491aaf44cc4f8e09f3fa |/ t$ V5 i; h p0 B- l' E) v$ x
| name | myuser |
: r1 l8 j) Y' F/ o/ o( f | options | {} |, N1 m: _" K, e0 M
| password_expires_at | None | M7 v2 q& ?2 h. h
+---------------------+----------------------------------+
) e+ h8 L( c- A! a' L! Z `创建角色:myrole`
& X( f# _" k4 L* ?( e root@openstack-controller1:~# openstack role create myrole6 g2 }' G7 p+ A* x) c
+-------------+----------------------------------+- |* s2 J! s! J. Q! x4 s
| Field | Value |" m1 p1 Q' m8 G
+-------------+----------------------------------+* U+ ~2 X/ n+ _3 k) f: a! ?
| description | None |
/ l" B! k9 b) y- b$ b6 {6 \ | domain_id | None |
4 Z( [$ a7 B- V B T6 x | id | b1cf825f18194c858ba735c3a873e87b |9 X; ?) |& i/ L6 N$ J1 n H% M
| name | myrole |
. k4 U% W [, _. ^' ~ | options | {} |
w' R1 d8 u" H" T7 s5 Q' H5 v+ b +-------------+----------------------------------+
$ _9 e6 X; U H `将角色添加到项目和用户:myrole/myproject/myuser`. y h$ @" G3 t9 {+ A
root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole
: R* x1 ?7 B" \( o! z) X0 q& A9 z2.9)验证操作: |! `- L. a' I
root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD2 w! G, p2 ~$ K2 K6 Q6 {
`获取admin的token信息`
# C7 y4 s# Q- N: V root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue8 q" K7 L: r9 C' X
+ j/ _! x I5 ]9 q1 @. g+ x# @7 k
Password: # admin# @, l T5 T- j4 R; ^8 N: ~5 o
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ a/ o" O( W0 G9 N5 ?
| Field | Value |
. d5 I" J% L9 Q" M8 ?! B, ^8 o +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3 q3 ]( I* }& F; i6 W' _ | expires | 2024-12-07T12:25:41+0000 |. A2 S' a W9 Z/ u2 l" t
| id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |" ~+ V" A) A. s$ B' Y, u
| project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |5 d: ?- w2 r# a
| user_id | 5c4b6243d95742799de0fc97ef119967 |" w2 u* r1 P7 ]/ D
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+. [& c( |! U. Q( y$ M* o$ q
`获取myuser的token信息`- P! a% p1 l$ B+ b9 o
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue* t& z8 e, o: y9 ~7 h8 X' P
Password: # myuser
8 ^" E" b7 A5 ?- M, r4 H +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
, I" | p: @; h# Z. |" r | Field | Value |
% N+ k1 p5 ]& y" T +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+! R3 S/ s6 `, Y" \1 ` I
| expires | 2024-12-07T12:25:41+0000 |
4 ^- W8 R# @0 K1 j | id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |9 P5 r2 C- g1 l0 `+ H
| project_id | 35e14efc4bb64fd18ab58ab793881459 |
6 E5 X, G' O& X$ u0 R | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |& T' H3 A- ~1 I4 Z- H1 D2 q
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
4 Z, j6 m0 K" P: i2.10)新增配置环境变量来配置管理帐户
* S, Q; y) ?5 g f root@openstack-controller1:~# cat > admin.sh <<EOF/ q* [/ Y; L5 F
export OS_PROJECT_DOMAIN_NAME=Default2 h1 w- k' X* @9 D4 j9 Q# D
export OS_USER_DOMAIN_NAME=Default; u# z. a, h9 N% z
export OS_PROJECT_NAME=admin
* d8 A: ~5 U5 L5 z+ A+ W/ l export OS_USERNAME=admin ?/ k# |7 Y3 W- {. s9 t" j3 y
export OS_PASSWORD=admin/ W& Z7 g8 x7 ^+ \- W; x& d
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
3 p' _, Y- b. X* L! L/ } export OS_IDENTITY_API_VERSION=3
, \3 j, `8 l& m7 L, X7 B export OS_IMAGE_API_VERSION=2" _ k& F7 h+ S: \' w9 L$ h% e# }
EOF
y: X' b, a+ F0 N4 G root@openstack-controller1:~# source admin.sh 0 D! D2 I* V4 _& t3 t8 A
`验证`8 V7 y3 V, f5 R1 N0 W
root@openstack-controller1:~# openstack token issue
1 d3 L( A6 \9 @$ B$ a6 f g +------------+--------------------------------------------------------------------------------------------------------------+4 n( g# {) j- A3 U
| Field | Value |9 V' v/ u1 @# R" N4 {
+------------+--------------------------------------------------------------------------------------------------------------+
$ {& f( k" Z- T | expires | 2024-12-07T12:25:41+0000 |
3 [# W! f) w# T1 M( _1 a | id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |3 {2 n- j, M; y9 I- w) g0 F
| | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |
$ a! S; x- c- r( _4 \; W | | qj3vDQYbVyFBbnIY |
" a9 k7 p0 m, L0 o& J3 J | project_id | 96bbc0e66a5246fdaf29843498ef49a1 |# T' a8 h q4 q" Q
| user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |6 e# I+ O0 s0 }: w
+------------+--------------------------------------------------------------------------------------------------------------
9 ?. H/ N8 t: a% H0 _+ N
: c' F. F5 C+ w; [ `创建普通变量环境`
: l# O6 r$ m4 `5 h4 i8 f# B7 e root@openstack-controller1:~# vim demo.sh
. l2 q0 w! t& z6 J; x export OS_PROJECT_DOMAIN_NAME=Default, Q+ v; Y+ a: q# Z2 V! w
export OS_USER_DOMAIN_NAME=Default2 j7 x7 R* n+ y7 k
export OS_PROJECT_NAME=myproject
( H. T3 t! [6 D R3 C export OS_USERNAME=myuser
% g( r, g; I9 G: m export OS_PASSWORD=myuser: f4 a8 D! A; x0 ^; [0 r
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
; F: {6 A( W" I# A' S. d export OS_IDENTITY_API_VERSION=3
5 ?$ R5 d [% T' L. r8 h3 c) M export OS_IMAGE_API_VERSION=2
, |; o0 ^2 }0 g3 `2 o7 d- ` z; g; a root@openstack-controller1:~# source demo.sh
: Z }/ O! T; Y6 y0 ~$ S4 I `验证`
' X W/ I5 Y5 S/ K u7 \ root@openstack-controller1:~# openstack token issue5 ~# I7 V( R% t) Q* I2 V
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+0 h% u m" b8 K' v
| Field | Value |
2 B2 e* t! O |" m) R$ e +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+- p* f Y. z7 j* L. ], ^
| expires | 2023-12-14T14:26:22+0000 |
# w a6 |! ?* S8 {3 ^7 _5 d | id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |8 C4 p# K/ k6 T/ \6 \
| project_id | 35e14efc4bb64fd18ab58ab793881459 |( S2 U: {8 _- u; m) P5 G
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
6 Q, g. a1 O# a +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+- i; k3 l8 X& @* v( H6 v0 c
3)安装glance
+ o0 I- I; g# C, p! ?" O6 t* V3.1)存储准备工作
9 {1 A1 ^$ u' o W+ b% V' t # 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs; W- r: j2 n- f3 w6 ^$ t }
root@openstack-haproxy:~# mkdir /data/glance -p
% O/ ?9 m' ^/ u& I root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y
6 d; c5 H' X& \. F/ n5 d/ Y( z
& U, K, y5 K) W+ S) I7 | root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports
7 {: |4 X( a3 @, Z% L3 Z( @ root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server
/ f1 g# j7 v4 c& K1 q root@openstack-haproxy:~# systemctl restart nfs-kernel-server% F; \- t. |- C
3.2)创建glance数据库/ Y# T+ d3 Z! H6 j4 p1 t. [6 I
root@openstack-mysql:~# mysql/ {( m7 Y" x) q% V/ R! A2 M( r
MariaDB [(none)]> CREATE DATABASE glance;
2 {0 y- w: Q, M MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
5 h5 a1 {" a5 J: c6 p& E/ ~ [root@openstack-controller1 ~]# source admin.sh u1 b2 x" J1 Z7 I
`创建glance账号`( G( U' z/ u5 W5 ]
[root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance
3 z6 R; N" R: D+ F" o7 F User Password: # glance
8 |; D! [& Q: d. m9 }/ C Repeat User Password: # glance
" |5 ^6 G2 o. ]' M: A +---------------------+----------------------------------+
0 i! i# S+ T/ s+ ? | Field | Value |
9 m/ e$ A+ c0 i +---------------------+----------------------------------+
, d+ Y) _. v$ F3 c$ f+ q | domain_id | default |, y4 m- } N8 P# ]0 v5 c9 ~
| enabled | True |9 S& V, D) |: F7 G+ n2 v' f
| id | 34a900b8a67f40439804c830cd5957da |; o2 X5 z% Q- ?+ b& A- b' z
| name | glance |1 z5 a9 d1 E& L/ J! y% Q
| options | {} |
" c$ Q$ ?1 R6 W/ W | password_expires_at | None |% ]9 g) z# Z/ ?# v
+---------------------+----------------------------------+% i, M U' ~4 V* P3 m( b
`将角色添加到用户和项目:admin/glance/service`. p# n$ l8 [; ?1 X+ g0 X
# 让glance拥有service项目的admin权限
; Z4 r+ Q1 [: j; A+ a$ i root@openstack-controller1:~# openstack role add --project service --user glance admin
9 M4 X. ?# E8 F5 C* s$ ~* [8 k, L root@openstack-controller1:~# openstack service list
! D8 m- \7 C! P: Y+ E# a +----------------------------------+----------+----------+' t" u' S2 v; k" r- J/ v
| ID | Name | Type |; w; i% k+ D( n0 V! G0 T
+----------------------------------+----------+----------+
, b; [ n/ ~) |( q& ? | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
, T/ n+ M# _0 i2 Z7 b +----------------------------------+----------+----------+; M3 a4 u. d4 y; @& d# |1 k
3.3)创建服务实体glance j; z6 Q, z/ x% F8 P
root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image( e- b A# H. j6 h
+-------------+----------------------------------+
) O6 w- W" Y9 S6 _& t | Field | Value |
( h3 ^) v' p0 h. x +-------------+----------------------------------+
2 e; n Y2 y5 O0 `- v) I* C1 J( S | description | OpenStack Image |
1 M, ]9 R+ T2 [ | enabled | True |
9 q4 E3 _, z8 ]& q' @) r | id | e53a2bd43aaf48f1840064e9cb594293 |
" f# |+ P; F6 `6 W" G# d | name | glance |, F+ r n: Y" C
| type | image |$ ^; z( B0 }/ k U/ i5 y
+-------------+----------------------------------+
* S( ~0 h+ r; e% @ N root@openstack-controller1:~# openstack service list
5 q* ]3 ?/ U- x: w +----------------------------------+----------+----------+
' r# H& x* M' J9 n7 Y2 g | ID | Name | Type |
: K) a" L' Z3 i0 @0 O# K: } +----------------------------------+----------+----------+9 H; f8 \, P e: w: u3 g2 e0 U
| 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |% K& f/ k0 C: d7 ^3 N. w- j9 c: e
| e53a2bd43aaf48f1840064e9cb594293 | glance | image |
* `' X3 V- D+ D% A +----------------------------------+----------+----------+9 L3 y' o& h1 q
3.4)创建Image 服务 API 端点:
* r+ \' h9 b$ G root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:9292
1 k+ I" K! h. d8 v$ m0 u9 ` +--------------+----------------------------------------+
3 G% }9 O' N0 e | Field | Value |) v9 d# {" x) y0 ^) W% ?
+--------------+----------------------------------------+
/ x2 ]- N* ?: z0 Q | enabled | True |9 s4 p( l, m0 l* q* \8 [4 C6 d
| id | 3fc61c0f302d41359da99b80ca32853f |
5 Q1 Q. ]9 E' D8 ^* g' c! X4 @ | interface | public |
/ y. {; Q* i1 o, i9 o1 V. v s* S | region | RegionOne |% V$ |( [/ f, N. M- f
| region_id | RegionOne |
$ n2 \0 J5 T5 ~3 T7 O' ]9 U | service_id | e53a2bd43aaf48f1840064e9cb594293 |
6 U, _; o+ a4 g! u- b3 P | service_name | glance |
! L+ p0 {- R. p3 ~% k# \: a | service_type | image |: N B6 j, k3 l. Q
| url | http://openstack-vip.stangj.local:9292 |
; D/ k, H( Y2 ]. i9 z +--------------+----------------------------------------+. q- i D3 b; }
root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:9292
, {$ V3 Y+ `5 Z. C$ n +--------------+----------------------------------------+" e; p/ ?# ~7 H7 U8 W8 |
| Field | Value |
( v$ [. l$ n9 z2 { +--------------+----------------------------------------+8 G; d( e B: s* G8 x* ?2 ~/ C, C- w6 z
| enabled | True |3 U: ^& q: ^ _0 Y0 _# l
| id | 671f3dd8ddd643d08b922df0f9c7f4d8 |
& i& G/ `- }6 D: A2 D# e& C7 u5 | | interface | internal |& B& {8 L! a: C, V3 G: |
| region | RegionOne |" j' ?+ a' H; R" D0 s' u! G/ c
| region_id | RegionOne |$ b9 S# j: E6 L4 L# U' g* z
| service_id | e53a2bd43aaf48f1840064e9cb594293 |: \+ L0 a3 v0 k1 o( I9 z( e6 [2 E
| service_name | glance |
/ i% S2 @9 ` k" i) T* |' X | service_type | image |
# p$ ~; E2 R3 P- O | url | http://openstack-vip.stangj.local:9292 |
7 o$ K! j4 O& S8 o9 n; \ +--------------+----------------------------------------++ L" Z1 p+ Y4 Y. N# C' ?/ Q
root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:9292/ s b# p8 N5 M6 m, b( X8 F
+--------------+----------------------------------------+. |- I; M/ y5 l, y$ B
| Field | Value |1 ]1 y+ @/ t0 Y9 J9 X9 |( d
+--------------+----------------------------------------+
. h& H3 m# d% }- D4 q9 J6 u | enabled | True |7 F% e0 e& \+ p/ q, R/ A" |/ L+ D
| id | afea7ab2f5914bcca88f088957f6144f | P* W k# T1 @& K
| interface | admin |4 |( d( Y- [9 |
| region | RegionOne |# \" |% f- o' ?( b7 p9 r% f
| region_id | RegionOne |" P1 l$ t6 E; o) W
| service_id | e53a2bd43aaf48f1840064e9cb594293 |
' Z% \# R0 I! u8 l( h: R$ M | service_name | glance |
( i0 |1 g: F$ w6 T0 [ | service_type | image |
; t* z; \: {; r6 k: T | url | http://openstack-vip.stangj.local:9292 |. {& r2 H+ P$ J* D# H+ D4 |6 G0 P
+--------------+----------------------------------------+1 |" B7 _- A( H4 l0 `
3.5)配置haporxy代理) \* D7 K# F1 F3 S3 t
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
v, k( |7 a$ v1 I+ [ # 最后一行加入下面4行信息( q) `3 O) s; Z
listen openstack-glance-9292
4 Q. b% D$ o9 o; a bind 192.168.139.248:9292
6 X7 Y* U/ J1 h4 U! T+ C6 t: H mode tcp% U: B/ `3 z+ a) V7 [6 h
server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 5( X! u5 S1 g, V
root@openstack-haproxy:~# systemctl restart haproxy.service
( K o" q0 L2 v/ T) s6 ]% G0 s! ~ root@openstack-haproxy:~# ss -tnl | grep 9292( d* z1 f! P5 H; r( f% p* h+ b9 ~
LISTEN 0 128 192.168.139.248:9292 *:* ! a/ k. W7 O1 j% n8 s
3.6)部署glance服务3 f/ X0 ?8 e+ w6 Y0 O2 B- o
root@openstack-controller1:~# apt install -y glance
! d+ _; k/ k0 L9 ?$ y% y) o3.7)配置glance服务4 W* c1 n3 M; ] B6 B5 y
root@openstack-controller1:~# vim /etc/glance/glance-api.conf& R3 ]7 W6 j; ^+ |8 y& G/ A! H( U
[database] # 在这个模块下面添加下面这一行信息! X2 m, p( C$ q9 W
connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance* U' D8 S4 i1 r: A/ |
& D2 l' k4 U& u% L9 m3 l
[keystone_authtoken] # 在这个模块下面添加下面这9行信息
! E; S' O$ L% M/ f, a0 k+ g www_authenticate_uri = http://openstack-vip.stangj.local:5000
9 V6 x* [) @: a& _% i* P( R auth_url = http://openstack-vip.stangj.local:5000
# ]( I( u4 C" D+ l' u+ B, E& @ memcached_servers = openstack-vip.stangj.local:11211% y% M$ c7 Q/ `; i3 j( i5 C. [
auth_type = password
" q7 U7 I& U# S project_domain_name = Default2 V6 j) F9 e- [+ M4 p6 b0 x% a
user_domain_name = Default
) N( Z! Z7 C `4 v2 t! m+ R project_name = service% s" `# n5 b! u1 ^0 X
username = glance
! D+ @2 ?: B& i& P- N& S password = glance8 D% f/ q* \0 m" y1 @ B
+ s9 G8 H( k$ g ~ [paste_deploy] # 在这个模块下面添加下面这一行信息
# K5 G" Z, M8 b+ A, h flavor = keystone
. f" y3 y2 g& S7 L; I7 A5 e0 K P5 K
0 y& ]. c, _9 R$ S [DEFAULT] # 在这个模块下面添加下面这一行信息$ Y& c1 G/ h, K) K
enabled_backends=fs:file
5 t" @$ Q1 s! q4 `- v# k# Y. W3 f 4 W: t, x( j8 Q
[glance_store] # 在这个模块下面添加下面这3行信息& M* A* {% U8 n* V9 K
default_backend = fs
8 \! m0 p; r, g# G [fs]
% ]' v+ Z9 |3 R filesystem_store_datadir = /var/lib/glance/images/
% }1 y3 _2 ~ ]3 [; L8 i
0 l- ^5 z% A( K. ^1 l# d4 Q
! I% Q/ X7 `5 k" h/ `5 E `确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`
5 w; H- s! _& ?9 Y$ T root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader
3 T, n% v, |7 ]" n6 o. i5 B6 c0 R3.8)初始化glance数据库
5 j) }1 D9 z+ S% q! U Y+ X& K! S7 | root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance
# D9 P; p2 d" W+ L `验证`: g2 v0 }. i! |% J$ P6 D; r; J( ]7 J
root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables"3 B. M1 P k" ~6 P$ y) s' r$ j& S
+----------------------------------+5 d2 C" r1 M8 E; }
| Tables_in_glance |! e: @, @2 J: t6 I9 r( F' Z/ l6 v
+----------------------------------+
" a$ v& m) j9 v" l | alembic_version |
I# U6 m" j- t4 M% Y | image_locations |/ Z" ]6 ~' k4 g$ q3 B+ L9 `+ @
| image_members |
9 c0 X9 ~; C$ H, j | image_properties |% {. [* j# ~3 q( U% T/ d) ~4 Q
| image_tags |
; e! ]/ F' Y1 a- Q | images |
0 H) Z8 d, W# U6 x( d, z! ?( y | metadef_namespace_resource_types |. X' a! ?4 A/ f! g
| metadef_namespaces |
% L. L; O" }& R0 ] | metadef_objects |
m, i& _, p2 T+ k | metadef_properties | M1 G$ U6 d/ E1 i; n2 m
| metadef_resource_types |
' m! m# u! Y7 S) S# x | metadef_tags |
1 r4 D1 x: h: B5 q* v+ g | migrate_version |; `, q& n7 V" s( L$ G7 ~
| task_info |( K, i7 v9 W' p ~+ c
| tasks |
1 p" W3 L( h1 j( W+ j. h% X +----------------------------------+
" f* q" e/ h- k. x! C) d3 Q k2 J" s3.9)启动glance服务
' R3 R" j5 Z8 v. ?8 n( e root@openstack-controller1:~# systemctl enable --now glance-api % W/ e+ R* a4 k. @+ F, | m
root@openstack-controller1:~# systemctl restart --now glance-api( E, z2 G- [( {" u9 f
root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log $ p8 `: V+ y: h: L- c
2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:92926 W5 }/ ?; S2 Y2 T9 x5 S
2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel'6 k* r2 s# ]0 @" f/ y% ~0 P
2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
) J: l; K1 n" L Q5 |+ [# N 2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.
( W+ [& _, z1 ^ 2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.. ^( v4 L' Y; S9 O
2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers% |$ O: X, _: N! w6 C6 B. _0 s3 @
2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 11724
! N$ D- a1 I1 ^$ r& } 2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:9292/ L1 f3 W( G; H1 Z% [
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 11725
8 J4 K9 V0 z% P/ |5 Q 2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:9292
& W/ j `$ J4 f2 ^# j; S3.10)挂存储0 f# S2 `) d% R; B" o0 B/ D
root@openstack-controller1:~# systemctl stop glance-api 7 }) I+ B6 M. m+ v
root@openstack-controller1:~# showmount -e 192.168.139.36/ k# L( I9 W% Q4 q
Export list for 192.168.139.36:
1 W8 P7 p7 j) o6 Z* n /data/glance *
0 x6 [: P- q9 q1 w9 y& S! s' Z' P root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images6 }6 W& P* L! b1 u+ A- R
root@openstack-controller1:~# vim /etc/fstab
+ i1 |: I# ], o# }+ x% l5 N # 最后一行添加下面这一行内容0 W9 c: i9 j; _3 I: `, T
192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 0$ O$ z9 c4 j2 u' x% r8 ?
root@openstack-controller1:~# mount -a- P0 ]# m" X3 t) h8 L
root@openstack-controller1:~# id glance$ e( ~8 p' L- X
uid=64062(glance) gid=64062(glance) groups=64062(glance)
9 ~* q! I9 R5 }) N' ]1 U% ` root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images/
3 W0 q- D1 B" ]1 L# N root@openstack-controller1:~# ll -d /var/lib/glance/images/+ d2 X2 P' i2 `% Z
drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/
* {! y: b, Q9 y) r root@openstack-haproxy:~# ll -d /data/glance/
# E" i; ]- W9 l7 N; A9 _2 W: ? drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/
! f! W- _9 w& z: s5 x6 t8 S `启动服务`
* w% d; `' B3 P [root@openstack-controller1 ~]# systemctl start glance-api
; ^( ?# ~+ y5 m0 L' K$ Z# {3.11)验证操作
3 h% E+ u7 k- S [root@openstack-controller1 ~]# source admin.sh
) b# d8 x& r) n# _# L4 Q root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img- `- _. k7 Y6 W4 ]' b0 u
[root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \
0 T; V6 C6 t' o" z* z" ^ --file cirros-0.4.0-x86_64-disk.img \# \( }9 g# [& Y& f1 L9 x3 \1 c
--disk-format qcow2 --container-format bare \6 O. z; d3 ?6 T) [
--visibility public: [+ Z; D; H! l4 P& g. b. W
- b4 l9 c: U/ t. I) ]8 l +------------------+----------------------------------------------------------------------------------+
- o$ ]" H" K9 R5 c7 l | Property | Value |$ } G' x2 U$ b* i- ?* q
+------------------+----------------------------------------------------------------------------------+
' |2 Q8 b: L& s! O' j | checksum | 443b7623e27ecf03dc9e01ee93f67afe |! [3 P- v" h, j- K& [
| container_format | bare |
" |( _$ Z' d; U7 K8 C | created_at | 2024-12-07T13:12:19Z |( G1 s# `( d G& V1 S( N4 W- s& J& q
| disk_format | qcow2 |
3 H! a; c+ y9 ?( q _ | id | 68249b5f-9eac-4873-be74-cc11ac9af61e |
4 F* J& u: H0 R( L0 `3 v6 I | min_disk | 0 |! h: E X2 n0 [; M) [( B
| min_ram | 0 |
. C3 q: U! h7 f j | name | cirros-0.4.0 |
% @ K. I5 f8 Y3 G, E @6 T | os_hash_algo | sha512 |: ^9 |8 s) [/ m) U' k
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e | c1 ?7 k3 S/ u% e
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
% Q6 t/ r2 i$ u2 P | os_hidden | False |
7 B+ r) r/ }! i$ w: a | owner | 96bbc0e66a5246fdaf29843498ef49a1 |5 `5 @; ~* F: v* n
| protected | False |
$ e, r M7 n6 _$ Y! p% u0 Q8 I | size | 12716032 |4 _3 `4 R; f" Z: Y0 v
| status | active |3 i, L2 f% J0 X- B9 {
| stores | fs |
) {$ c" o& n) r) p* H | tags | [] |
) d* _5 K9 e3 E: G! S* r | updated_at | 2024-12-07T13:12:20Z |7 V9 r/ U q& H2 g# i- t9 |* N3 b
| virtual_size | 46137344 |
& l/ P/ s: [* h# M( b6 V2 ^! i | visibility | public |# O3 C) N: l% \4 }4 m! [2 D2 v7 \5 y
+------------------+----------------------------------------------------------------------------------+
. |5 v' C2 F% \+ o / m; X' @* w$ ^$ k/ \
`验证服务`
P1 i0 N! l$ }7 T9 i" e root@openstack-controller1:~# openstack image list; g* J* u4 }" E: K. s
+--------------------------------------+--------------+--------+
& B6 T) u1 a$ f | ID | Name | Status |8 h) t1 L; K* x& N' B
+--------------------------------------+--------------+--------+
6 H3 R" T3 ]; W8 H | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |
" A) p$ ~0 {& A6 I4 H% y3 ` +--------------------------------------+--------------+--------+5 x4 @' Y. r' h2 \" n+ n$ G4 c
# 或者 [root@openstack-controller1 ~]# glance image-list
* G6 M2 b3 _ t) M O# z: P # 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7
) m m7 r# _5 N9 ^. W% ~0 V8 G root@openstack-haproxy:~# ll /data/glance/
0 w; P/ j" {) J/ F total 12420( P1 C. ~" n4 h) U( M- g
-rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a
8 R: k& v3 ?5 r3 `# U f8 b4)安装Placement
3 d8 U6 g: \1 k4.1)创建Placement数据库- Y& F$ ?& ], i6 Y5 q
root@openstack-mysql:~# mysql
4 \2 ^, Y5 d6 }0 _. d! g- e& r MariaDB [(none)]> CREATE DATABASE placement;. E; w3 X; n" S" a2 l5 J! G9 X
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';% N- I7 j! D: z( P1 j- K
`验证`
! Y0 Z, w/ c" m root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123
* A; S, d8 G, j2 R3 r( F$ |, g) i0 k Welcome to the MariaDB monitor. Commands end with ; or \g.+ {/ _0 ?1 T7 ~; ^8 j* N/ P3 M
Your MariaDB connection id is 118' T. F/ `! `9 N. X! {
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
2 x% }1 g: q( F) E ! t# V% u1 ~6 l) d* Y
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.- C3 N. m+ Q* h, Y
5 j0 `8 A% g; |" D/ M
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.1 E D( }- `- q( Y9 h+ ~' {
3 F( Q* [. j. a' c$ z1 t MariaDB [(none)]>" B' f8 b$ t7 f. z& A1 z R
4.2)配置用户和端点
8 w7 M: O" W! E2 x root@openstack-controller1:~# source admin.sh 6 y) w8 N/ z& ~2 J. v, v2 D, Q3 n2 s
root@openstack-controller1:~# openstack user create --domain default --password-prompt placement
3 V; y6 G% b' G* b( O. P3 m User Password: # placement
: w4 d4 j# q' _& c* |/ e! e. R Repeat User Password: # placement0 q$ |% a0 v3 `6 T3 z5 q l9 W
+---------------------+----------------------------------+
6 @: H, p2 y6 i | Field | Value |1 q3 t" i4 |& I2 c
+---------------------+----------------------------------+& l) E H& J. V( |( ^0 U3 Q
| domain_id | default |
* |% y- N; t/ w& y | enabled | True |
" M/ b* n [( Z8 r5 \; {9 s | id | 804e53f0a44b4403af8278711a7274a5 |$ j! M8 w" g P. a# W) g
| name | placement |
n! \/ a) i6 ]3 Y, G5 ]* B | options | {} |
* _3 D# G }; w7 q* Q | password_expires_at | None |
' x1 U, E: m' l! c# ^ +---------------------+----------------------------------+: V9 |6 k: m6 l3 Z/ s: Q W
1 z9 s; n5 V( G `将 Placement 用户添加到具有 admin 角色的服务项目`
1 u$ D0 a$ p- h2 o: N% u! ^ # 让placement拥有service项目的admin权限`
' I7 O3 }' X! T* W7 n) P( w3 i9 K root@openstack-controller1:~# openstack role add --project service --user placement admin1 G% v- R0 } o$ f z! h2 M
( ]6 D( z8 B. p+ Q
`在服务目录中创建 Placement API 条目`
6 G3 g9 }' t, @8 J root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement; L# J/ |& |( U# w$ O2 ^
+-------------+----------------------------------+
$ Q! _: `- `, I0 r/ X | Field | Value |
" T% M4 \& x' ]2 s Z +-------------+----------------------------------+$ n" A( e( p1 s& Q$ H4 f3 h' H$ v
| description | Placement API |
" T8 t+ p. l2 `( _ | enabled | True |
: B: A) Z9 ~! p V& V, y | id | 9eaa1f08648c44c5a937759d7217016f |4 h" W7 T4 s5 G l( ~) u
| name | placement |
B( |4 E- f+ ?9 Q7 Q | type | placement |2 ~( v3 C: n& v+ o# C# n( Q) E
+-------------+----------------------------------+0 _4 \3 I7 Y' U( W8 d& {
4.3)创建 Placement API 服务端点:
5 J. Y8 i* F7 m3 H5 e root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:87786 P5 o* M: x R8 [" H$ v) `
+--------------+----------------------------------------+; O6 K4 g9 \" A/ W
| Field | Value |
9 @' Q1 ` ~+ h0 H +--------------+----------------------------------------+
1 a J' J4 Z5 A- w- O | enabled | True |: {4 z" c1 ~* c. r' R8 t' O
| id | 88aae422c80e4adabf613aef31fb0c3d |
2 k6 T* Q4 u4 j3 ~2 t+ ? | interface | public |6 e" j, a$ M- v
| region | RegionOne |
5 M0 l8 u1 \6 s8 k | region_id | RegionOne |
* x& H1 F/ p! ^1 C: f# h: V | service_id | 9eaa1f08648c44c5a937759d7217016f |0 M; Z* T `: [$ j( e- w
| service_name | placement |$ T; E. m5 v \. J) v; F( H
| service_type | placement |
7 @2 m( G* M, X3 T" D | url | http://openstack-vip.stangj.local:8778 |
" o0 H/ j _! I5 G; n +--------------+----------------------------------------+
) `- w+ o6 _* ]9 S% j
# s* B" g k2 g% o4 G. ~8 ~. x root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:8778 h. j0 b2 A( Z4 C; X& @( _2 m: N
+--------------+----------------------------------------+! D" S" j6 q# l9 [4 q& G- G
| Field | Value |
V4 n7 J* x1 N3 W( ^5 n4 x +--------------+----------------------------------------+4 l- i5 C1 C/ B v3 i/ W$ v
| enabled | True |
7 b) a6 H* m% f/ y% G% I# X8 e | id | b706b4abdcdd44a588eacf5d1cb7f75c |
4 \/ A5 D# _# y! j7 N0 V0 n | interface | internal |! W- ~5 Q- s3 P3 l2 {0 E. S
| region | RegionOne |
9 v; e0 w3 }# s5 z& ^9 k B | region_id | RegionOne |
5 `+ z$ R; a0 |8 ^! e | service_id | 9eaa1f08648c44c5a937759d7217016f | l+ |% |+ N P* }$ [9 k9 ?9 P
| service_name | placement |
9 |* r9 [0 b! g. ] | service_type | placement |
7 ~- r3 ]$ U' H | url | http://openstack-vip.stangj.local:8778 |
6 T8 Y. o2 i$ V1 Y8 _+ W +--------------+----------------------------------------+; E/ L U% ^: i. W0 [: _
" v) x4 o6 K }
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:8778
( H7 q1 a5 [7 U+ K' q8 g- _ +--------------+----------------------------------------+
4 I2 _# Y0 t+ ` | Field | Value |" U1 _# h9 _8 R4 W# B2 B
+--------------+----------------------------------------+
5 E! ]/ f# O3 H0 r% f3 T( t7 s3 L | enabled | True |
& o% Y; g" R/ l( J5 k | id | f62a5305854e492ea9c76e77e13b10b4 |
0 a' N" x9 A3 n( }( ` | interface | admin |
' J8 e8 U, N T | region | RegionOne |
3 C9 k' G% c: i$ W0 Z( S2 ~ | region_id | RegionOne |" i3 o; d2 z& _5 b
| service_id | 9eaa1f08648c44c5a937759d7217016f |/ f" Y1 S9 Z6 I: i9 M
| service_name | placement |
: @8 L/ K# Z& ^* i | service_type | placement |" m/ f: r- T. C* x# ^
| url | http://openstack-vip.stangj.local:8778 |
9 v: {+ O" ~1 h# B9 w, n +--------------+----------------------------------------+
6 N; I& u f$ R* J* a0 _
k8 o/ E* s" u+ g8 ^" M `验证`# N7 r2 i4 K& G4 a% Y
root@openstack-controller1:~# openstack endpoint list
8 V: p; u) y+ l, e% y +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
- [! W [( A; M# p0 P1 E | ID | Region | Service Name | Service Type | Enabled | Interface | URL |7 d1 N# r# @+ M/ d2 I
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+, }* E. k+ Q7 i; K* s
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
0 b/ y( G5 C$ b6 b& a2 c4 W | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |( i: p. b6 K% D' ~- t
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |+ B3 P( U* e8 a2 [9 L, O
| 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
1 m( n5 c) K) e0 k. ? | 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
) m0 n2 \8 u# d& i | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |* U! h5 B; G% \& Z- B4 t
| ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |
/ Y+ i2 D$ z4 ^7 \: O9 s | afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |+ V& g" u- T. x; Q
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
' T0 p0 E4 }' E( W | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |" G% b$ `% w H. d0 ~
| e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |* E( G1 ?; O$ Y% z) G: r7 [. _5 O1 G; d
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------++ Z; v2 ?. d( m$ o
4.4)配置haporxy代理
. g5 W! ~; f) F" b/ Z) o root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
/ r5 Q' b( ]4 k' j; c$ E1 [' \ # 在最后一行加入下面内容
' E! E4 B9 W0 ]' e Q" m; Q% _ listen openstack-placement-8778
1 S! A9 J1 o- j. Q4 s4 ^* { bind 192.168.139.248:8778
7 {6 g% [: n+ Y, Y mode tcp
0 ~$ L8 C& |! ` F# F1 ?- q1 T server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5
; f, _7 m5 \. D$ w root@openstack-haproxy:~# systemctl restart haproxy.service ! O* u0 t4 n0 X. q" Z0 p
root@openstack-haproxy:~# ss -tnl | grep 87785 m# ?* O) f9 X+ E; N; Y
LISTEN 0 128 192.168.139.248:8778 *:* ; v$ y! @- a) G z ~' s
4.5)部署placement
( z k- u# k$ L$ `. [+ Z @ root@openstack-controller1:~# apt install -y placement-api
8 j6 C T/ U# [+ X2 y5 J4.7)配置placement服务: _0 \% i' u( u- ~* ]2 a/ s/ q
root@openstack-controller1:~# vim /etc/placement/placement.conf
6 ~+ Z( v; z6 T$ [) B [placement_database] # 在此模块下面添加下面一行信息8 b2 R) A. K% }
connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement
# v5 z% P1 F8 k2 g, L: o. w, P+ \ # y+ F) ?1 S0 G$ n
[api] # 在此模块下面添加下面一行信息
`- {- G0 K* f$ h auth_strategy = keystone
. _8 Y6 h8 G5 e* ?8 N# ~ . ]1 w7 m& A1 M8 C6 [9 V) b
[keystone_authtoken] # 在此模块下面添加下面8行信息
- O2 L5 S/ e) F6 d8 \$ H$ o auth_url = http://openstack-vip.stangj.local:5000/v3
7 u# W- X' S. F. G0 Y memcached_servers = openstack-vip.stangj.local:11211' C& D1 U: z! O& j
auth_type = password
# u( a. W& z' _+ `& m project_domain_name = Default
. Y5 x+ Z5 c+ L5 l0 f N2 y- l# J$ } user_domain_name = Default9 {/ v+ [7 x* H& }6 o7 E) P
project_name = service
E/ M( l! h/ c! V8 z/ z: l username = placement4 J' F5 X" f0 |* E6 I
password = placement
5 D2 {; l ?! t4.8)初始化placement数据库
& q' s- K4 v0 {; L! Y* y root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement
/ B' ^: D c! K9 G; T: J4 W/ x , u+ b1 a7 L, z& O
`验证`
& A& L+ |1 G2 Q( D4 o. E6 z root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables" [: `8 `: K5 b8 d. h# U
+------------------------------+7 v* b% l! w5 l3 m
| Tables_in_placement |! c$ q/ e5 R. S) u O
+------------------------------+
; w! a8 C: x2 ~. P* W | alembic_version |; q# X, ?4 Q4 A+ f' C1 n, P
| allocations |: R* P: v2 }8 c, A' S2 M
| consumers |
2 r# m5 ]" W8 I8 H$ `$ _+ ?2 @ | inventories |
' k6 j( X9 n' s/ d3 Y | placement_aggregates |5 }1 f8 h/ ^/ h7 P/ x. y" |: @
| projects |% ~. P! r+ D$ K0 Q; ~. D
| resource_classes |
* ?4 q: q8 D- @; F | resource_provider_aggregates |
7 }: m, C. e5 ^ B& O- a6 I | resource_provider_traits |
: e( m R4 M. | | resource_providers |% r: U% L& q& N$ E2 C7 v
| traits |, P( f: e3 C4 A& X
| users |2 J" A+ u# k S) E8 Q1 k
+------------------------------+
# T* c3 t9 l8 T3 ?$ u& r; o$ x4.9)解httpd带来的问题(以免后续会出现403)* `" \4 H; p! ~/ m" C( `
root@openstack-controller1:~# apache2 -v1 l/ W4 V$ T- k
Server version: Apache/2.4.52 (Ubuntu)' w8 m+ W: W# X0 i7 S( G9 F
Server built: 2024-07-17T18:57:26* m+ e% M' w, D
root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf
, ]0 _2 Y% N$ C9 D1 r' f- D/ ~ <Directory /usr/bin>
f# ~1 P# s* [0 P <IfVersion >= 2.4>
5 m9 L) e8 i2 O9 U0 L2 b8 A Require all granted
) g! k+ K* L6 g1 k" y </IfVersion>
) F L }$ k# }2 a <IfVersion < 2.4>0 M- N7 C8 L% G/ x+ }8 j. A" S7 Z
Order allow,deny
+ C) G! }$ ~0 |4 B0 v& h Allow from all+ V: q; H, c: f7 Q6 g
</IfVersion>9 ?8 {% a3 K) R. O$ H! w, f( W
</Directory>* S+ P% B* j- C. m3 u8 `+ t
; D, [! T) t* d+ ] root@openstack-controller1:~# systemctl restart apache2.service 6 _7 y. U2 A: F+ `
root@openstack-controller1:~# systemctl enable apache2.service , J, ~1 W( P! V6 N+ e1 N) I6 s4 J
4.10)验证服务* F2 T0 S" T) v
[root@openstack-controller1 ~]# source admin.sh
3 O$ A* ~0 w: k f5 g; M2 H. e root@openstack-controller1:~# placement-status upgrade check
% \& g, N3 m7 W6 x +-------------------------------------------+% Q5 Q! U: R& l: i/ r
| Upgrade Check Results |# ~. L/ j* t2 D4 v! n
+-------------------------------------------+3 x/ `: H3 g2 j# v: Q
| Check: Missing Root Provider IDs |
1 [! w d7 p. f1 ? | Result: Success |
/ e6 E- z* ?9 z | Details: None |# `& g" g- D/ Z" I* _. b' w) q
+-------------------------------------------+6 O' v1 }- a g6 I. E! W
| Check: Incomplete Consumers |
; Z8 M, [, c- \ u" f | Result: Success |6 c4 @+ h7 Y+ a8 x
| Details: None |1 |" Y7 ~* l; ~0 k9 t a
+-------------------------------------------+
! Q7 B2 Y' w ?1 G: W9 J9 A, W: ] | Check: Policy File JSON to YAML Migration |6 H9 X3 y8 J; I% R
| Result: Success |; v x! \7 i8 c% r
| Details: None |; ]' i' _, e4 |. Z
+-------------------------------------------+
0 \. W3 x; A e; d1 _8 A* g4 K root@openstack-controller1:~# curl 192.168.139.31:8778
9 x$ J/ G& W9 {$ ]* f2 N9 y {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}
) B1 W `8 t+ s. i root@openstack-controller1:~# curl 192.168.139.248:8778
" O9 Q7 q/ u* D! N {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}
4 L: W2 ~* Q/ N0 F, t; k5)安装Nova1 V7 f8 y- W2 [8 M$ u2 M
5.1)配置nova控制节点
. Y" I; A8 F& ~5 n, M( n5.1.1)创建Nova数据库" q" ?- P3 V& W. w8 f
root@openstack-mysql:~# mysql
1 g( f$ P9 `+ x) B C+ ^) e MariaDB [(none)]> CREATE DATABASE nova_api;# [& P7 S$ B: z, f* z8 b
MariaDB [(none)]> CREATE DATABASE nova;5 c3 ^7 u8 X+ A( I, ~4 s/ \+ |
MariaDB [(none)]> CREATE DATABASE nova_cell0;8 N7 X+ H0 M! x* b' A5 f
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
* C. q; x; [% ` MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
5 B+ J# z2 W( r: L MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';+ \7 J! {8 h9 \5 z M
5.1.2)配置用户和端点+ ^4 {6 ^$ M) L3 W+ P5 d
root@openstack-controller1:~# source admin.sh ( |/ ?; V7 ?4 \& B, k4 H
root@openstack-controller1:~# openstack user create --domain default --password-prompt nova% n1 Y1 b* J. g" z+ H( \
User Password: # nova
! k& }, R/ G4 R; ~) X) s Repeat User Password: # nova
4 j+ p6 N3 U/ t0 o ? +---------------------+----------------------------------+
) {( W8 `: o& e* ^8 d | Field | Value |
: u- A4 ]3 }4 u E% H +---------------------+----------------------------------+
) B2 @4 X d6 u- D/ Z `5 X& x | domain_id | default |% Z. M, i4 F# ` V+ o' ]' H, j8 p
| enabled | True |6 j8 {: ?6 k0 O0 N- V: {$ H
| id | 223adc571a2b4a2fa32cd7bdff6e7c3b |) G/ @. X+ v1 D" ] C( h5 g
| name | nova |
# L6 @" p4 D# ^3 u | options | {} |
7 Z b h4 W" P" ~0 a9 U | password_expires_at | None |
% ?- L% X9 R8 x +---------------------+----------------------------------+; l" l. @) v! q3 w. J! ~ X
+ e/ [3 a3 l8 z `将 nova 用户添加到具有 admin 角色的服务项目`
$ b! n( U" f) h, R/ b # 让nova拥有service项目的admin权限`
# k* i0 R* K' \6 r" C! n% Y+ J root@openstack-controller1:~# openstack role add --project service --user nova admin# u8 m3 } _' d3 n- P0 r* q( ^* q
: Y, o( L6 r$ o1 d" S `创建service实体:nova`
# ?$ M/ y% g2 |6 p# u root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute
5 x; C& v$ E. s0 W/ s* \ +-------------+----------------------------------+* b U# T* ^0 z% y2 [
| Field | Value |
; P' {5 q& p% j6 ~ +-------------+----------------------------------+2 O, g/ B; Z# a1 Q
| description | OpenStack Compute |
# C9 z, N! D% K | enabled | True |
: j3 |/ \. I2 [. ^ | id | 63028385934a4290b66880dab62a4c4d |
6 N8 n2 t7 F( t" n/ \ | name | nova |
G+ b- D/ v' q | type | compute |5 h- g! e0 E' Q; C: {
+-------------+----------------------------------+! C* A4 h9 ?7 G3 C4 J8 T; E4 u
& d. P5 S. u$ B S/ e, B* i5 j1 P5.1.3)Create the Compute API service endpoints:1 \/ R8 ]1 d# o) m- O0 ~6 a
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1
|' K2 h; P7 H# I( ~' n7 H0 g* X +--------------+---------------------------------------------+
2 P2 t0 M/ S2 S* w; M5 D5 q$ a' S | Field | Value |( ~6 }% r; i5 g" p& M& k( N! g) {
+--------------+---------------------------------------------+& g1 ?" T9 o; [1 p5 @
| enabled | True |7 }# F% Q0 o$ O- y9 u
| id | d5564488f45d47009640dcea5e0083f8 |3 j5 p6 [2 A, _
| interface | public |
! e$ | n6 X+ T$ S/ j | region | RegionOne |
& p6 R2 @+ K7 d | region_id | RegionOne |* k& T* h0 Q( V+ V" i' Y
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
+ P$ d7 f- i2 Y! i+ f& g, i2 W | service_name | nova |
4 w* H! q/ a9 U3 `: ^7 V+ m+ e | service_type | compute |
; X* L; F" v, P* R | url | http://openstack-vip.stangj.local:8774/v2.1 |
. G: w0 x4 f! o; d! R$ L3 V +--------------+---------------------------------------------+
- d' K5 P% l1 s' z' Z5 e9 T root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.1( H, |9 d" S* [9 S6 C8 b
+--------------+---------------------------------------------+1 _# s* p. R O8 c6 G1 l# ~
| Field | Value |. T- e D2 `8 j/ f- `
+--------------+---------------------------------------------+2 [2 W( \( q% G" d# a4 y d9 \
| enabled | True |& I0 d7 Z. ^ h! K& }4 J! F! s) [
| id | bce779f873ad48cdaf7aa65c9c310e0b |- y# l* Z* T8 ]% \( W G
| interface | internal |/ [9 o' \$ ?$ |6 h Y l3 L
| region | RegionOne |
2 R4 h: Z. ~9 Y& p | region_id | RegionOne |% I( ^3 Y( t3 ]1 Q% s K
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |* h3 x3 W9 P: F' W9 c# }
| service_name | nova |
" p% n, }, B4 s0 ~# } | service_type | compute |* i9 ^2 W7 N# m. X
| url | http://openstack-vip.stangj.local:8774/v2.1 |3 M7 o" ~# {, C# N
+--------------+---------------------------------------------+# x! Y- h6 N: C ~+ i; S; b0 S
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.1
3 l' n( ~ Y! F6 H5 Y' Z) i +--------------+---------------------------------------------+
- x A: u% ]9 f: V9 t( y7 \1 \ {4 z | Field | Value |" E: T/ Z: B! t- w/ X1 @3 o
+--------------+---------------------------------------------+2 Q9 e& Z3 K& ~8 h' \) ?
| enabled | True |
- i* s- z; t' \+ d3 w | id | 229163f968084cef9cc0150d1c7b14d8 |9 f2 T! {5 @0 G
| interface | admin |
2 b- \' U# `5 Y' ]0 a* @: W | region | RegionOne |
. q K. `% H# y7 M. j1 c2 d | region_id | RegionOne |) K! W0 l1 {, Z. M5 z
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
) B' a4 h. C0 u% y7 [ | service_name | nova |
& g, Y# p0 b5 ~) T( x' E! v | service_type | compute |$ ?5 g: l0 C. A! y- t& U
| url | http://openstack-vip.stangj.local:8774/v2.1 |5 h4 U0 F4 q. D
+--------------+---------------------------------------------+( X) E1 V. M; G* ], z k
`验证`
" l Q8 J1 L' R# M: x [root@openstack-controller1 ~]# openstack endpoint list
# ^( k( k8 _8 H. L/ F +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+9 I5 l& M- j& e1 t6 _. `
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |; N: B1 G3 A0 G7 J
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+: `5 G5 j1 P% l9 `- T0 N; d
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
5 \& r: @. f9 m | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
) Q1 j/ n! _. y) D8 T8 L6 @2 o | 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |! z- b. n2 V! l' [" {' E4 j% j4 D
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
- z" Q! k; W, I# W/ r( s | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |2 d2 ]/ k% @6 }
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
; [) H/ @2 f9 b | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
1 h2 D2 e5 G2 u4 p/ _; @% I1 g& U! ` | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |7 k* X: _' T) L6 T- Q7 ]/ u2 Z
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
/ T4 [* G# {( ?9 Y& j3 U | bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |
% |' \& Z! _; Y8 ]8 C% s' z) s | d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |/ E, E& `( u- `/ f
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
; S ^( o7 |+ ~) M: c | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |9 b- `" W3 y8 C" M& ~9 |
| e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |
% d0 X0 ]/ j( S' _ +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+ E! V. Q6 x q. g, v
5.1.4)配置haporxy代理
) u6 P7 y: ]) _- U+ s5 X root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
" D% [. ]9 V) E2 f0 ~2 f0 N# Y# f # 在最后一行加入下面内容5 V+ v" n9 d3 A8 U( ^+ A
listen openstack-nova-8774
( g! |$ l6 k) |& n% Q( d bind 192.168.139.248:8774
4 @9 I N8 c' m* c1 \" J0 M( T mode tcp
4 t2 [9 q* ^" A" ~ server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 59 T( @& O; p% K, {9 K. [
: c$ z' g8 `" m8 k) H: [ listen openstack-nova_api-87754 h; ]" G. D3 K! p/ g
bind 192.168.139.248:8775
/ G5 w0 f |# H mode tcp
/ j0 {$ A4 b; ?/ a3 D+ @4 e server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 5% R+ X8 i) E; f8 W8 b1 {
% j! _" Y# T$ V/ {/ G
root@openstack-haproxy:~# systemctl restart haproxy.service
# B% ~9 P6 g' b6 s root@openstack-haproxy:~# ss -tnl | grep 8774
2 E( M r) K8 C% I LISTEN 0 128 192.168.139.248:8774 *:*
8 o9 D+ w1 H5 i* p0 c; @5.1.5)部署nova-conductor
' X) x# A- K8 h1 O8 g1 b7 R root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler
6 \: L/ @5 U. \( T$ A C& u5.1.6)配置nova-conductor5 ]3 e" E8 K; h. G, x( m
root@openstack-controller1:~# vim /etc/nova/nova.conf
0 @* D9 n$ k1 z5 [4 a [DEFAULT] # 在此模块下面添加下面4行信息
3 _0 Y! S8 J: _ y transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/
. n! H4 {: f4 A# b& h( d my_ip = 192.168.139.31
5 w/ n4 f9 i" a1 r. `& R
- s8 x$ w8 W6 b! W [api_database] # 在此模块下面添加下面一行信息- _. C5 a5 b' }) b6 ?
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api6 k. @# n4 F- `3 S4 H9 l1 w
( w4 O( l, i+ e# S9 V: q
[database] # 在此模块下面添加下面一行信息+ r2 k; \- k! P
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova
1 Y5 e6 W5 w8 h# [ : m* J9 y2 m, K
[api] # 在此模块下面添加下面一行信息* p9 S) q: D. | ?
auth_strategy = keystone
2 y+ m7 M9 G. c1 G5 x" P " M3 R# u) `% y" ~- M9 q8 Q) T8 k
[keystone_authtoken] # 在此模块下面添加下面9行信息
! B9 \, j! L' j1 d+ W www_authenticate_uri = http://openstack-vip.stangj.local:5000/- _: V) f0 S2 J) b- p! l
auth_url = http://openstack-vip.stangj.local:5000/* P3 R: `! u2 f6 N
memcached_servers = openstack-vip.stangj.local:11211 i6 ~5 i: _9 Z& i) ^1 B
auth_type = password
7 c' {6 ~- q) U1 F project_domain_name = Default% G5 p$ ], b7 q' h; o0 m
user_domain_name = Default3 b1 u$ o4 {' g" e) l- I D6 A8 j2 Z
project_name = service
# R4 L/ q0 I; H/ U8 T username = nova7 ]- k) T/ p$ T, h7 b
password = nova4 |' c0 t7 }) E/ q1 {, ~# k E
' a) R- \- N. p [vnc] # 在此模块下面添加下面3行信息: \1 o% d+ c% Y( e$ Z' ]
enabled = true
3 V6 y* @' R# f8 S- {+ } q, N* W server_listen = 192.168.139.31
4 D* g" D) X: ~* }3 u% f server_proxyclient_address = 192.168.139.31
9 e; e+ V8 n% J. g/ h
1 N/ P) H# Z! q3 W V5 ^* A4 Q% \8 f [glance] # 在此模块下面添加下面一行信息6 x3 ]! r/ Z6 w, A6 z
api_servers = http://openstack-vip.stangj.local:9292, l2 g! S6 n* W# M7 `8 Z7 D
( x9 T% L7 o: [6 i [oslo_concurrency] # 在此模块下面添加下面一行信息$ F! O# ~! z& s3 _2 P
lock_path = /var/lib/nova/tmp
, U% p7 }, C* I3 ?
, K) K2 o. U( O, [( V& |: V% T [placement] # 在此模块下面添加下面8行信息' P2 J8 {' y" U* v4 e; A
region_name = RegionOne4 v$ B% a" H; A; x9 R6 j, w
project_domain_name = Default
/ g/ Q: l8 k9 R, U7 A$ Z project_name = service
/ h$ O/ s4 t7 A0 I auth_type = password$ H/ z7 o3 ] W
user_domain_name = Default/ a- Y6 b; ?$ M
auth_url = http://openstack-vip.stangj.local:5000/v3
0 P8 p$ w8 h" m3 V2 U/ v username = placement
" B% L+ k! k1 d2 h2 ^ password = placement; o% t( x# d$ H' @, _- |2 j5 G1 T
- F# J4 q, v, A: F% ` [service_user] # 在此模块下面添加下面9行信息
& x1 _) r; W) A/ n5 v6 w send_service_user_token = true
1 T7 m) o* z! c. Y auth_url = http://openstack-vip.stangj.local:5000/v3
5 w9 } C" I9 g' }8 g x auth_strategy = keystone. n+ @, j1 C) T/ S3 P ?# j
auth_type = password7 ~0 N0 U# w/ O& s: f" }
project_domain_name = Default
# Z- c8 T4 @9 w2 {) i8 d project_name = service
) }# f1 v" r5 s+ C7 X: g k+ v4 s user_domain_name = Default
0 r/ C4 ?/ V4 m: p username = nova" N) I& i; y6 b: \
password = nova
+ }6 c1 I4 B' a' K5.1.7)初始化nova数据库
3 U2 P, R( K9 @0 h* ~ root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova# |" X# u9 B! A i' Z: Z5 A) r& `
root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables"
+ M8 N+ d" U3 D% S1 { +------------------------------+. i- Z) A+ t& L" T0 e
| Tables_in_nova_api |; f% Q' O/ s: T0 y
+------------------------------+
9 f2 S7 r0 [$ V8 Y, ? | aggregate_hosts |2 B$ k4 W1 p! [: F. h$ q
| aggregate_metadata |% j, Y6 ~# P* ~. }; S- F
| aggregates |6 ]3 d2 Q. I/ c k# B& @
| allocations |
* W9 a3 M# [9 W9 l2 V | build_requests |
2 d/ K% s8 o, ~0 H+ L0 G8 A ................................
5 n% M D* ~. } ................................2 U' {4 p: k' x/ L
| resource_providers |* W/ w1 g- R4 g. o3 Z! V6 M
| traits |
+ R0 o* E) |. O8 v* y | users |
$ z5 L/ j+ P9 D +------------------------------+9 E* [3 U; \1 q3 R2 ^" f0 ~3 a4 x7 E
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova9 S# B' A# \' U3 M! ]; V/ o' t! Q
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
" W" ]% k! m! c$ `3 l9 ~" a ....
( g! F) i8 X' p# Y3 z J4 U- M' ` c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
) Z% x9 l& P o7 P: a % w8 v- t! N$ X2 P* x* n
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova, r1 ?) ~; q, v$ ^' G
5.1.8)验证 nova cell0 和 cell1 是否正确注册:0 E6 z' M% V! L& @
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
, y( [: i+ I/ i$ u# s +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
; a8 l$ B( F9 B( u( p. W | Name | UUID | Transport URL | Database Connection | Disabled |
5 \0 ~1 S% `; l' T9 o/ ?3 H +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
`" R- Z! u% V! Y% A7 d | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False | Y* s( \0 M1 G# N" a
| cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False | W# O+ @7 I- X
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+4 i. `! K! w0 R' M
! E h; w& V% a' ~3 q6 d& J* k1 r1 v+ [
5.1.9)启动服务
7 L' e1 [- ^- Y2 \$ k) I" V root@openstack-controller1:~# systemctl enable --now \
$ p/ \- r& r- D! v5 v/ t4 W nova-api \1 j/ ^$ C! ^' L' }
nova-scheduler \. C+ f, @+ A: d' ^
nova-conductor \4 s: c# B$ d" v( u0 q: b* g
nova-novncproxy5 ], }8 {9 o! f+ }! _1 j
root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy% X8 S& ]: E- A$ V( D
5.1.10)把novncporxy代理到haporxy
9 ]" W$ I: ~. o+ @/ r! Z' A l root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
7 Z' V. k8 `$ H& _6 t1 \& J2 ^ { # 在最后一行加入下面内容
n K- G$ l7 v8 `: M listen openstack-vnc-6080
/ B( V0 ]* V `; f( S8 b bind 192.168.139.248:6080
( s% e2 c. o% J9 M mode tcp4 Q% @4 z, O4 E/ V( g
server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 5: _; q7 c* K' v+ {' O3 e
root@openstack-haproxy:~# systemctl restart haproxy.service
9 f. A9 Z. q2 p' h8 a A root@openstack-haproxy:~# ss -tnl | grep 6080, p5 E5 @4 u# t3 R; `- k% w
LISTEN 0 128 192.168.139.248:6080 *:* 0 C2 P( u6 G! b' R( x5 w7 U, V
5.1.11)配置nova重启脚(为了方便后续实验)& \7 H/ W) h: h( O
[root@openstack-controller1 ~]# vim restart_nova.sh
& B; m' _; n" P% ]; O( V #!/bin/bash
: o7 W* n4 B4 I( l8 U systemctl restart nova-api \
; o1 Y9 b. x1 Y" C6 s Z1 L7 d nova-scheduler \
3 E) ? p I! U G. r2 ~3 ]0 V; P6 U nova-conductor \8 x& U3 E" u3 i5 Y1 k$ f
nova-novncproxy
9 E/ j0 R. B% D8 h/ @5.2)配置nova计算节点- O! }# A# Q; i6 }; l% Z& w
必须保证开虚拟化! Y" a e W+ Z5 o# R
! l3 w5 Q2 ?3 Iimage-20231215224936327
% y7 r7 `; c- U
2 Y) x% Q" ^! i5.2.1)部署nova-compute
) l' E8 ~5 [! ]) ^7 j* B1 X: x root@openstack-node1:~# apt install -y nova-compute
7 w" r0 ~# f/ X' I1 ~5.2.2)配置nova-compute
9 r$ p% U8 N ^3 z4 E1 s root@openstack-node1:~# vim /etc/nova/nova.conf/ B* J- @% }, N: f! M: v* ^* y
[DEFAULT] # 在此模块下面添加下面4行信息
# c! a0 N4 `( ^+ |# O. |6 d transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/4 ^: ^+ S$ Y* O) ^, u
my_ip = 192.168.139.34
( S2 Q3 Q. l) i! x9 X # state_path = /var/lib/nova3 E: G7 F8 E0 ]0 ]1 C
. C! D+ ~/ R# h& o$ W+ I+ Y
[api] # 在此模块下面添加下面一行信息8 r1 D4 i! Z; V) ?$ |+ }# q2 J
auth_strategy = keystone
, n- i$ k3 G" J2 I+ `
. A% j0 h/ l& Q2 E; I* K% W [keystone_authtoken] # 在此模块下面添加下面9行信息6 \! K# a: c( {! e$ Q. n/ X4 _
www_authenticate_uri = http://openstack-vip.stangj.local:5000/
& |3 K, l' B, S) t+ q8 k* z$ s auth_url = http://openstack-vip.stangj.local:5000/
1 E1 I' C/ Q8 o+ l7 `. { memcached_servers = openstack-vip.stangj.local:11211
$ b3 a1 f3 H6 U% a% f& B+ G auth_type = password S; [. ^5 K& n' z4 E! J0 O* V: s
project_domain_name = Default; A) l7 M7 w$ R9 \; a* n
user_domain_name = Default
) D" `# f6 I6 a2 ] project_name = service
, y" h( y0 D3 | username = nova
0 s8 t3 W% r$ V/ L, x password = nova
: R% n; R8 @$ e1 a( s* m$ T 7 A5 f# O1 D1 }, ]9 d$ K* Z, b- q
[vnc] # 在此模块下面添加下面4行信息# q1 ]+ Q; ]3 i0 g d
enabled = true ~- z' l) ]$ F! x- i- s0 X8 a3 E
server_listen = 0.0.0.0
% A) ~6 Z1 E G: J/ J3 b server_proxyclient_address = 192.168.139.34
; \5 K9 n: \; b5 C novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html
. D; _1 z# N# H+ ]% T0 j/ h. w; w
5 ^! i: x# G1 e% P9 v% x6 W* i$ j# g [glance] # 在此模块下面添加下面一行信息4 a+ s0 X& r& r: a% \( k1 W0 C
api_servers = http://openstack-vip.stangj.local:9292
4 u9 H- t. n' c a b$ \) Q : O% j: K* {/ q- Y
[oslo_concurrency] # 在此模块下面添加下面一行信息
' {. {9 o4 F6 p ]" v* J4 \. A lock_path = /var/lib/nova/tmp( W9 X0 n; L: ^$ m
! x9 q8 R! R& K! p [placement] # 在此模块下面添加下面8行信息
z3 a. c$ l9 n C* y D region_name = RegionOne
6 z7 c$ \; M" w+ @ project_domain_name = Default; d4 b1 e, R! Z: ~2 u, U: q3 X
project_name = service. p5 c# Q( X' o
auth_type = password0 F! B2 ~9 ]0 E6 L1 M2 h
user_domain_name = Default" b* b# }. R9 k5 y
auth_url = http://openstack-vip.stangj.local:5000/v3
5 g/ W @* T/ d' H$ u username = placement
6 [3 k2 t% R4 V8 t password = placement9 l: {9 a) ^- V4 @9 `
" \+ J' P) R B
[service_user] # 在此模块下面添加下面9行信息, ]4 A/ L& p. d3 s& c8 w
send_service_user_token = true
$ s; }; q2 U5 k7 R D auth_url = http://openstack-vip.stangj.local:5000/v37 t$ H0 N! `) ]
auth_strategy = keystone
6 P4 Y$ ~# S7 Q# `* x auth_type = password
" @& N5 {7 g5 L, o* U8 ?0 A6 G project_domain_name = Default! }# l6 v9 ]- w: _
project_name = service
; y" C) } Y. I" b* v8 w user_domain_name = Default
; J0 t9 ?2 s2 _/ O# l/ o( A username = nova4 _! [ E; o) Y J
password = nova
. C" W5 L* J7 V+ ~& d, |& t' @7 @( R
& I' l7 U" b, p root@openstack-node1:~# vim /etc/nova/nova-compute.conf d5 D, M) u+ T8 Z5 K3 Y
# y' g5 v4 Z; S% |3 S
[libvirt] # 在此模块下面添加下面一行信息
$ J% V/ A7 _/ W0 ~7 U; S5 L3 ^ virt_type = qemu7 Z, Q$ z0 T9 ~! T6 V
: {2 r5 r# j0 T/ J `检测是否可以用虚拟化`
% ^' p4 e2 c7 _( A" k& X' D root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo& f3 g2 G* p: u9 k8 F0 e# W
4
7 e- K2 U1 u( r$ h5.2.3)配置hosts解析
8 a2 |! E. L8 g7 z# d6 F/ i( l root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts$ v. X, k9 F/ f$ f
5.2.4)启动服务
( ^+ J9 c$ n/ ?. m, B- \, A( R6 s root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute
# d" q* @7 D# d `编写重启nova-compute脚本`
9 A3 v) ]& q1 O/ ? root@openstack-node1:~# vim restart_nova.sh
# W, U g$ J w; \/ F* Y7 } #!/bin/bash* w# l. e5 v% U6 d
systemctl restart nova-compute5 v |) I1 `9 C" Z3 j: }- O
root@openstack-node1:~# bash restart_nova.sh
3 Y- S5 ^3 ~. H1 ^6 u" ~2 s 1 {8 f: B/ @$ n1 K3 ]" H8 |# D) E# u
5.2.5)验证服务2 p. y$ r, z% C+ y) J
root@openstack-controller1:~# source admin.sh 0 _' S" Z: A a5 c4 C4 A2 C3 H- L: f
root@openstack-controller1:~# openstack compute service list --service nova-compute
3 s: V# d# `) G' m/ U9 p6 P/ k +----+--------------+------------------------------+------+---------+-------+----------------------------+' \5 d; a, X/ N; {
| ID | Binary | Host | Zone | Status | State | Updated At |
8 Y2 c- r: I# o6 o9 _$ R$ T# h0 m +----+--------------+------------------------------+------+---------+-------+----------------------------+- I( Y: B% V( u
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |7 u- P) H. [; f1 |, a( @7 c
+----+--------------+------------------------------+------+---------+-------+----------------------------+
, T; Q7 ]- K! G5.2.6)发现计算主机, g, L! g- e5 h" I) Z
如果加入新的node节点需要执行下面操作
h+ ?7 E0 ^' P3 N$ V! k, k2 l5 a8 G4 j+ \8 g
[root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova0 R" C: E$ [) [; S5 z& R
Found 2 cell mappings.
g; _# m( i9 N g+ E( n Skipping cell0 since it does not contain hosts.
& w; M5 o- i2 H/ p' u9 ~ Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
4 E+ @' p0 G1 D9 I0 A9 v& f5 x Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
$ A* `9 {5 J! F4 t Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0- ^: d9 b- s; P( _6 ~ @% }
Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f6 g4 b' t) A7 T5 M: m" v
5.2.7)配置自动发现计算节点* i. U' E9 |9 r0 ~9 W8 n& l7 Q% D0 [
[root@openstack-controller1 ~]# vim /etc/nova/nova.conf
/ s! f" ^) C: m& { [scheduler] # 在此模块下面添加下面一行信息5 t9 m- G5 ^$ c& ]0 S3 i
discover_hosts_in_cells_interval = 300
& [* q! F+ H. r `重启nova-conductor服务`0 e1 v- }" Z/ ?5 O
[root@openstack-controller1 ~]# bash restart_nova.sh
+ _; t4 a P2 L v3 {5.2.8)验证操作
% ~/ v3 n0 P1 [$ H1 Q [root@openstack-controller1 ~]# source admin.sh
, Z0 ]8 g1 |& D! q [root@openstack-controller1 ~]# openstack compute service list
' O- L5 V8 ~$ g) d9 u: m/ y +----+----------------+------------------------------------+----------+---------+-------+----------------------------+
+ ]* e9 q9 F6 ]$ _; v | ID | Binary | Host | Zone | Status | State | Updated At |
2 X5 Q; t: Z. D1 U +----+----------------+------------------------------------+----------+---------+-------+----------------------------+! R- s9 v% Y( r {' L H
| 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
2 O6 E; M+ J6 Q! W | 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |
5 q; s2 s, L# ~0 \( `# G& t | 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |& k! u: M' a X/ N8 O3 V1 I
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+. Z1 Q* y7 |3 m5 f7 b" ]% o
root@openstack-controller1:~# openstack catalog list1 G. U# t& m. S% V* D* x _! N$ P
+-----------+-----------+---------------------------------------------------------+
+ M# }9 D+ e. a8 B | Name | Type | Endpoints |) N: D7 h; t4 w' w
+-----------+-----------+---------------------------------------------------------+ X' m, ?% o4 O
| nova | compute | RegionOne |8 d7 Y/ G }( ?4 R
| | | public: http://openstack-vip.stangj.local:8774/v2.1 |# K ^& L! f) ?4 V6 T7 ~) J" z
| | | RegionOne |. Y1 x! K/ H6 `% j
| | | admin: http://openstack-vip.stangj.local:8774/v2.1 |
% P! [/ M8 Q9 G: n% c | | | RegionOne |0 l0 `' i. y1 e. @) n% H: m
| | | internal: http://openstack-vip.stangj.local:8774/v2.1 |
- F1 j. \2 h/ Y4 N; b2 M | | | |0 w1 c* U v; y# X* ]1 I6 N( `+ c8 W
| glance | image | RegionOne |
: L$ o3 l: ~) a* u2 }. b# G | | | public: http://openstack-vip.stangj.local:9292 |
% e. z9 ?4 M1 r) t7 ?& a* B1 S | | | RegionOne |
0 O8 ` ^- e. y4 ?' i5 L | | | admin: http://openstack-vip.stangj.local:9292 |1 {9 c& Q% I* ~. w4 E
| | | RegionOne |* q( |( Y+ n3 q6 k5 y
| | | internal: http://openstack-vip.stangj.local:9292 |
; D( i# N+ R) [4 l3 E) G | | | |
. j; n" C7 E. t | placement | placement | RegionOne |
, I0 h# d( b* \2 _8 [4 n v0 p | | | public: http://openstack-vip.stangj.local:8778 |
, B+ y& P) q6 E# m! \( F0 K | | | RegionOne |
6 n/ Q- `6 s2 K9 o$ Q7 ]! ?, e | | | internal: http://openstack-vip.stangj.local:8778 |1 F( I% }: r7 Y6 q
| | | RegionOne |
. _8 h8 y: @: y i) B: M- m' B | | | admin: http://openstack-vip.stangj.local:8778 |6 x' }! x; D; }2 e
| | | |
: g. D* X4 G6 u! ]( y | keystone | identity | RegionOne |
6 E, t- D' y& |5 H D& K2 a | | | internal: http://openstack-vip.stangj.local:5000/v3/ |
& i3 C% M& o1 l. F2 `8 E | | | RegionOne |
- B- B; O z. \* @ H# S9 u6 A | | | admin: http://openstack-vip.stangj.local:5000/v3/ |' c* d7 k7 j" v1 P! I! @, x
| | | RegionOne |; B# ^0 I! v2 ~, d
| | | public: http://openstack-vip.stangj.local:5000/v3/ |- s6 X8 d g2 j# Z4 o
| | | |. ?$ _; U' Q( r3 x9 |1 U
+-----------+-----------+---------------------------------------------------------+
+ f C! h9 D/ w9 d( G: T 6 c q9 V# i- }) S+ i: ]' T
root@openstack-controller1:~# openstack image list
7 z# a* m/ n; e5 Z& p2 ] +--------------------------------------+--------------+--------+ j- E7 L: B, {7 `# F3 S
| ID | Name | Status |0 X8 D% Y. ?, z9 G7 t
+--------------------------------------+--------------+--------+
0 U2 }% ~- G0 s | 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |! v, Z+ ^- q( D3 j5 V' M3 a4 V# g2 `
+--------------------------------------+--------------+--------+
% n$ X- {, w% e1 }: t. ? / {8 F Y, \' b! R* j9 g% m% ^
root@openstack-controller1:~# nova-status upgrade check
* @' A) V% z7 N +-------------------------------------------+
1 |+ M2 s! p* j# ] | Upgrade Check Results |! I0 D( V1 |, }" w6 j
+-------------------------------------------+
7 ?! P5 z! e- L | Check: Cells v2 |
, D! ]5 c& h* w/ b | Result: Success |1 s6 ]% j* @' F
| Details: None |
8 T& H* g% D$ ^8 t +-------------------------------------------+
/ r' o; y+ C1 W$ C& c/ _ | Check: Placement API |9 f$ Q$ s- e' x% u/ U7 y
| Result: Success | B. A% Z5 O6 j% L0 X, m# W
| Details: None |6 _% B- W% _1 n/ {( g
+-------------------------------------------+: q _" O _" y
| Check: Cinder API |: T! R% ~, u3 w2 z1 o0 M
| Result: Success |
8 l( a8 g- W: H1 j1 R7 i: G) O | Details: None |
6 o) Y5 w" |- t1 l +-------------------------------------------+$ q3 Q; y) ^9 u& [% Z( x
| Check: Policy File JSON to YAML Migration |$ N d9 ]& h! U Q
| Result: Success |
# H3 F5 _) S) e6 `& T2 \0 S | Details: None |
5 r7 s- I9 s6 F; C9 Q, s, \ +-------------------------------------------+$ D& g1 |/ T. M( K9 ~. f
| Check: Older than N-1 computes |
, J% s1 k! y7 M; K" g | Result: Success |
) S/ I- M# K8 U+ f | Details: None |% c: \# y# p& R/ u+ B+ s
+-------------------------------------------+9 h1 G2 n# |1 \
| Check: hw_machine_type unset |
6 z* }) D& \1 p | Result: Success |% m: Z; F( K/ w1 P; |, ^5 `; f1 M; u
| Details: None |3 E; H% k6 ~# i- b4 M
+-------------------------------------------+
4 B3 @. d+ X6 }( l | Check: Service User Token Configuration |# G+ a' ]6 D- X6 k8 C
| Result: Success |1 V( W* m1 [3 o
| Details: None |
4 y7 f$ f! H" @' x4 S; T% c +-------------------------------------------+
6 M6 G B" h5 z$ h6)安装neutron: ?5 W7 |! a0 ], f# T" k
6.1)安装neutron-controller节点- K. ?3 P- _7 d
6.1.1)创建Nova数据库
: j7 m4 B& `/ `! @ root@openstack-mysql:~# mysql7 V; V4 v0 _- v
MariaDB [(none)]> CREATE DATABASE neutron;
9 }1 A1 J! P: b. d+ y2 U MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
U# M7 |6 N' p3 p5 Y IDENTIFIED BY 'neutron123';' s C$ J% P* L3 _4 R
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
8 i8 g9 r. g) M9 d0 J IDENTIFIED BY 'neutron123';
! t E7 ?4 t2 w9 X- J7 W6.1.2)配置用户和端点
8 I9 G9 G9 S2 t9 B5 s root@openstack-controller1:~# source admin.sh
/ Y4 }0 M+ H( n5 s [& I5 c root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron3 c% T+ _4 @; q
User Password: # neutron
) `4 i+ p4 h0 |1 w) F2 | Repeat User Password: # neutron, ]: o% s9 W. B" Q) ]( T( a
+---------------------+----------------------------------+! N1 l4 e. S& V" e) c$ V$ \
| Field | Value |' S3 Y; q% Z/ k: _; Q) s; ~; x* J& T$ h
+---------------------+----------------------------------+& O- t1 H/ {, S& }% d4 a, i$ Y( { K
| domain_id | default |4 _% d0 ]5 L1 B# y
| enabled | True |
4 T" }4 c1 S) z) J | id | 282317cd0bb74396a7a12dcdd96aeed0 |
6 p9 o$ y" M) j9 P: S | name | neutron |
" `& J7 a9 l7 A/ r1 d6 Z | options | {} |
! \6 ]. s$ J0 G' u | password_expires_at | None |3 I0 S8 K, x3 F( @# I
+---------------------+----------------------------------+* J8 a4 o% h. C: ^) @- j) P7 m
4 X* g/ K. E/ ?: N% G5 | `将 neutron 用户添加到具有 admin 角色的服务项目`4 }2 B* K g2 V+ E0 x
# 让neutron拥有service项目的admin权限`
. v5 r. S) D) p4 A7 X0 v root@openstack-controller1:~# openstack role add --project service --user neutron admin
" w- I: q c4 y+ R4 t `创建service实体:neutron`
. k' t; \# p' d G' @& p) } root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network9 h7 I4 X; X; O6 f3 Z
+-------------+----------------------------------+
# Q, _, R- M" p+ \# [$ { | Field | Value |
( P" C) r/ R5 _- B +-------------+----------------------------------+
2 e- Q; f: R& p$ `: v/ K2 v/ d' A | description | OpenStack Networking |
+ I% B( ]/ H4 W& ?# c | enabled | True |- v' I; i7 \$ x( l/ ~, L1 ^5 X
| id | e4ff8c65882a401a83e2203ce49daeaf |
/ ~; |0 q: A4 V3 i) ]( x0 W3 L | name | neutron |
2 @( L/ O1 T& F | type | network |) v& ^" H( x# P" J; m/ A
+-------------+----------------------------------+
; o6 c. w+ Q5 }% P [root@openstack-controller1 ~]# & z% Q8 H- ^7 A4 r; K
6.1.3)Create the Networking service API endpoints:4 o' U; q8 T( p/ ?. V4 N
[root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696
3 E( Z1 x( b5 a0 f0 P3 w% a1 E +--------------+----------------------------------------+3 |& O) U* ?9 u# w
| Field | Value |% Y0 c* Y2 X% Q G* l1 B, }- ~3 G
+--------------+----------------------------------------+
6 ?2 Z+ @ h x! e+ w4 A: } | enabled | True |4 q K9 `( ^ R( a
| id | 970ca60adf5746299d48f7659d500809 |9 q7 ^) h4 ~8 J8 x, c4 w Y
| interface | public |3 Q5 _0 B$ u1 c, ~8 e; t2 k
| region | RegionOne |
1 E2 [+ I! a) j# a3 k9 H | region_id | RegionOne |
. X( I6 x7 J/ {0 W) e6 B8 Y( O | service_id | e4ff8c65882a401a83e2203ce49daeaf |
7 i0 s% t4 g& ^( z | service_name | neutron |. H4 h# r% z/ J% m% q
| service_type | network |
* J6 ^3 X- j4 P3 Y v | url | http://openstack-vip.stangj.local:9696 |2 a0 C, y$ G2 l) B6 K# H% T4 Z
+--------------+----------------------------------------+
( j2 N+ H O! a: l4 k [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696
\# b m2 o3 L+ C4 T! H$ [. f3 M +--------------+----------------------------------------+
/ {2 a+ R5 T) y& U( ^2 E | Field | Value |
# I7 P* c7 [+ r) z( k +--------------+----------------------------------------+$ ^( p3 z$ k0 l- W2 Q) z+ I5 h
| enabled | True |/ C+ c2 q/ M* }$ P5 s, A" d7 P
| id | 4c5f5ffbba4a4c668377a86cfd4a2320 |7 z6 a1 b' q+ P1 n2 F f( Q! X$ W
| interface | internal |# d: H- p6 D7 X' i
| region | RegionOne |
% Q2 I. b! y8 B8 n1 [# {& l) `3 p5 h | region_id | RegionOne |
# Y! W/ C+ r' E+ J, l6 u | service_id | e4ff8c65882a401a83e2203ce49daeaf |! U( o' c9 a- d
| service_name | neutron |
0 v% x$ L2 X0 ^( |6 f% F/ t | service_type | network | v1 y% _/ P) G. B0 h; U
| url | http://openstack-vip.stangj.local:9696 |
0 [+ N( t- K( e! W +--------------+----------------------------------------+5 I7 w' J1 V; Q( K0 y( q
. t1 N! K% T! P1 |- e [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:9696
" Q+ p& C, {# x6 c* U3 D7 t +--------------+----------------------------------------+
1 n1 W; T/ y3 K; C5 A/ \3 ] | Field | Value |
' P% V8 j1 R' o" a6 V +--------------+----------------------------------------+
0 h7 m6 W( z3 T | enabled | True |
) u* s% R7 F# R# x5 k) J/ \) v9 @ | id | d8c4e83eab66486983680b69520ca92a |8 I: z$ p2 v% L6 e: l9 [
| interface | admin |2 a- Z& y4 a e4 U5 _; z
| region | RegionOne |
9 y1 [3 b0 c8 I1 e" N$ }) ? | region_id | RegionOne |
7 `5 R% i2 K# L/ l; @0 ~" w | service_id | e4ff8c65882a401a83e2203ce49daeaf |
' s" {8 m0 L! `. ^. q$ [ | service_name | neutron |
+ z* ]9 O5 I% J; ?( H | service_type | network |
4 F. k3 O1 Z( Y" I P7 H( Q! r5 f; h9 D | url | http://openstack-vip.stangj.local:9696 |
8 M3 g) z1 z" X +--------------+----------------------------------------+
8 s. M- L- A( L1 u6.1.4)配置haproxy1 }" Q; a7 b, M1 j+ x1 E
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
, m/ |5 e V3 Q1 p, X # 在最后一行添加下面4行内容" J! s9 e+ G0 d4 l
listen openstack-neutron-96960 a; p6 U% l& ]' S" w$ @( t E$ K
bind 192.168.139.248:9696
$ T3 ]9 Y- ^7 i- v: H mode tcp1 P/ S' ]) u% x: H( u
server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 5
1 d# `& Z+ m( t4 t2 C+ o root@openstack-haproxy:~# systemctl restart haproxy.service
; n% \8 }$ `0 ]/ m root@openstack-haproxy:~# ss -tnl | grep 9696
' {3 B" V" ^) _2 i# I3 M1 { LISTEN 0 128 192.168.139.248:9696 *:*
H& G: S& r8 b: M6.1.5)部署neutron* g# A5 W2 W J: n8 e7 x
root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \
" a4 {9 H$ p/ C4 O/ t# D neutron-openvswitch-agent neutron-dhcp-agent \; f. {3 l7 h& X9 x, z0 l+ x2 j
neutron-metadata-agent* ~! h( t8 z; A2 T6 L) a0 k4 x
6.1.6)配置neutron主配置文件, G: k/ N+ d' J, A6 f; e
root@openstack-controller1:~# vim /etc/neutron/neutron.conf& [ {: C, r6 Q ]. @2 O
[database] # 在此模块下面添加下面这一行/ m" ~5 J1 u* C; X5 N/ n2 ]
connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron
7 L- n" x1 l8 Z6 u
. f9 y$ b5 j1 |. y) y7 k# F [DEFAULT] # 在此模块下面添加下面这4行
, G( |) W) v# l6 B0 s core_plugin = ml2
1 c- M6 Z: B6 ]! o+ B4 y service_plugins = 2 @1 f3 R7 ?# m& I* ^* t7 t
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local) V- Q3 q8 U. E, b8 |( {' |
auth_strategy = keystone
% p- s+ {: d, `6 X5 k! S( D$ z) v notify_nova_on_port_status_changes = true& C9 r1 U, {, t( x0 P
notify_nova_on_port_data_changes = true
( y h9 t [2 s" o! k' z H : |7 G+ T; U, M# x1 `5 g* A
[keystone_authtoken] # 在此模块下面添加下面这9行9 Y+ P' v2 R/ F, j
www_authenticate_uri = http://openstack-vip.stangj.local:50007 m" [- F# E* A# M: G
auth_url = http://openstack-vip.stangj.local:5000
& _, p: x4 H N- b memcached_servers = openstack-vip.stangj.local:11211
* ~& T4 j0 t3 n auth_type = password
! o$ i$ _5 O3 G, ]9 E+ u1 B project_domain_name = default
( a L& l! d$ k user_domain_name = default
* K& R7 H" F L* Z2 \, t# E' a project_name = service, ^' T- l5 s9 `) W! }8 q
username = neutron3 w1 } F5 ~( T2 @* x! F* c" n( z5 f
password = neutron$ \+ X+ E2 c- c/ r. W j
: r+ q3 b4 U# v) o8 t8 H& I # 配置文件的最后添加下面9行+ M& c* d! y, M+ ]% b) W
[nova]
& f: S# T6 `" x7 m auth_url = http://openstack-vip.stangj.local:50006 T% z' ~. V6 y' z" L; Q
auth_type = password7 T+ i0 ~" [& \" D
project_domain_name = default5 w+ Y6 e" A) i# M1 f
user_domain_name = default# N$ \2 U. o S8 z2 m
region_name = RegionOne
, l S, j$ m+ E; ? project_name = service
9 }' |5 M' @6 i' u4 t username = nova
C' s8 Z8 d1 r! H& O password = nova
& n* P' u' V, y- g
: g( H3 f% S; P [oslo_concurrency] # 在此模块下面添加下面这一行9 }+ I3 ~0 K6 o
lock_path = /var/lib/neutron/tmp
9 b5 a5 d: L1 m' P( b d8 N( d8 x' O. G, K
7 H1 v7 I3 w7 t H4 O F) J
#service nova-api restart( n. V2 {; N# o5 \* ?" R( A( F
#service neutron-server restart
! f4 Q/ [, p7 w& V9 G3 u/ Z3 O8 }/ A #service neutron-linuxbridge-agent restart/ W- K0 t: I0 o$ |! Q3 ]
#service neutron-dhcp-agent restart$ f/ [! j9 ?" }) _" t( c6 p& c
#service neutron-metadata-agent restart
: R1 n: E7 N. |# A# h d6.1.7)Configure the Modular Layer 2 (ML2) plug-in
; L. F4 _) H ^ s1 X" N可以从网站上获取完整的ml2_conf.ini
$ a& J& T3 ~3 t4 F3 Y3 r0 k" R- K8 u$ Q9 S* r8 t2 B* w! ^
https://docs.openstack.org/newto ... s/ml2_conf.ini.html
' t# S2 E4 M4 W- t/ d5 m. C! m( W& U, r
root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini0 f2 q. j! J, E" d" @- U
[ml2] # 在此模块下面添加下面这4行
" H. z' d- B) o type_drivers = flat,vlan/ C) j6 `) I/ W6 Y* J' o
tenant_network_types =6 ~' Z+ A o' p2 y2 ?/ L2 D' h
mechanism_drivers = openvswitch9 r" q3 W6 Y0 c8 z
extension_drivers = port_security8 b, W1 y0 _; a4 @
3 s$ p6 `, U1 R$ F5 I
[ml2_type_flat] # 在此模块下面添加下面这一行
6 U; e' C- r/ q- P) _3 I4 @8 x flat_networks = provider
, e5 r! t1 W/ Z V/ U 4 Z% |, e, s7 P1 s) Y
/ R T/ c% i2 X; g5 f0 m `最终配置信息`
3 d: T3 ?; I2 j/ j root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini
7 s! M4 J& i2 d6 V# T/ J: s [DEFAULT]& J9 y* V8 Y8 u% j
[ml2]
2 X. l7 r0 o: Z( h, j" y type_drivers = flat,vlan6 I/ l: @/ y I/ U* Q
tenant_network_types =8 y5 J& ~( e! o+ P7 C
mechanism_drivers = openvswitch' D& ?; b( r ^
extension_drivers = port_security0 G; T' z2 s9 j& [0 O8 j
[ml2_type_flat]
, l. ]& J) C) @& G flat_networks = provider
, ^5 E/ b, E+ o% _ [ml2_type_geneve]2 X* a6 R" X$ `3 x4 R0 [' Y6 K& m
[ml2_type_gre]
- h _3 L# m" K; I [ml2_type_vlan]3 o! D; d* D, n$ ?' p9 X/ L: N) Z9 e
[ml2_type_vxlan]
. i ~" j5 n) _5 | [ovn]+ w/ g0 B$ R: s3 F5 T* g2 H7 }
[ovn_nb_global]+ v! i9 E4 ~5 ?* K
[ovs]
8 F1 w7 [1 G2 `* r5 j' o8 E [ovs_driver]
: T% _: G0 R7 t: h [securitygroup]
* |, K0 @% T# `2 K$ G [sriov_driver]
' l/ L: m5 A6 r3 `) s* z6.1.8)Configure the Open vSwitch agent
& p0 z! s9 V& ?' R可以从网站上获取完整的openvswitch.ini
: D2 t3 J: l: ]& X( I, i" ]+ S( k, y% l* E' R8 k
https://docs.openstack.org/newto ... itch_agent.ini.html
! S9 U: k, H2 }, T! r, D
- c! q$ p$ k& K$ G root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
; I! ~: G0 _6 {; p [ovs] # 在此模块下面添加下面这一行
6 I' n( |0 h+ k9 V, A0 H1 ~ bridge_mappings = provider:br0
# d$ H/ \# W: g/ l 2 A& ~, a' f8 @
[securitygroup] # 在此模块下面添加下面这2行9 ^8 K( l/ Z1 g
enable_security_group = true3 h" |8 j% [8 C& _
firewall_driver = openvswitch, t; G, O! @; n: G
2 @( @: O! z6 e
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
$ y% q6 c# w$ e+ N+ W root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf
9 `% @8 I Z) X6 Y! U开机加载网络配置
: g& J5 n5 i/ E1 }2 w6 i- a
; ?" A2 t& T/ G" J+ W0 b #!/bin/bash8 q8 D Q; _! N
ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31* X. T3 F1 m$ \# z4 O3 v
ip route add default via 192.168.139.2
3 H: H; R( y6 K$ O; D9 N echo "nameserver 223.5.5.5" >> /etc/resolv.conf
9 W/ @% }9 [5 t& m7 |5 r# I6 s6.1.9)修改内核参数$ e4 v' X/ ?; n
root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf : N/ Z6 ^5 t6 E2 b8 B
root@openstack-controller1:~# tail -2 /etc/sysctl.conf1 I' j% P. t; n$ _, _
net.bridge.bridge-nf-call-iptables = 1
3 g3 A! N3 Q3 }! O9 r net.bridge.bridge-nf-call-ip6tables = 1
1 t4 m2 z) y4 L2 i) h; [' w5 s4 Z `加载模块并让内核配置生效`
( X5 g# y! a2 G. O" U9 Z, ~4 f root@openstack-controller1:~# modprobe br_netfilter
, p$ }4 n# ]- G2 I) e' ?! ~ root@openstack-controller1:~# sysctl -p0 ]) \" a7 Y8 p8 r
net.bridge.bridge-nf-call-iptables = 1
1 [( e: F) i) V) n0 {1 z2 c) f net.bridge.bridge-nf-call-ip6tables = 1
7 J- e2 K5 M, Q" m! [6.1.10)配置DHCP
1 A3 g, d* M8 R& X3 a. F5 ~% J" j root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini
7 m' A( O9 C# d* {$ U S0 R) {" V: m [DEFAULT] # 在此模块下面添加下面这3行1 p, |2 l \4 g! R% v4 _! [4 W5 B
interface_driver = openvswitch
& s7 ~, g5 _* O O, Q' S3 [ dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq" ^; ]- l. H: X
enable_isolated_metadata = true
' b9 f( B, `& _ #enable_metadata_proxy=True
. c, [+ K5 K" l1 t5 C+ l& _ #metadata_proxy_shared_secret=openstack
# P3 t8 v0 Y, a$ i( s# ?) J6.1.11)Configure the metadata agent4 o4 {) x5 t2 b. {& ]( `
root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini
9 j* \6 |- ]; H% [ [DEFAULT] # 在此模块下面添加下面这2行( o& `; }% P2 o
nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址! |4 g1 I# u/ q9 z! R4 M
metadata_proxy_shared_secret = openstack
! R+ Y" E- P& m" A- {7 C6.1.12)Configure the Compute service to use the Networking service
* ^3 Y$ N+ [, j/ W8 G9 b root@openstack-controller1:~# vim /etc/nova/nova.conf: ^2 O1 B# ?/ Y. e
[neutron] # 在此模块下面添加下面这10行( n# M4 v( T. K: h' v/ v
auth_url = http://openstack-vip.stangj.local:5000
- ?/ U: @( A4 g" F7 Q6 k auth_type = password0 u% z6 ]5 f5 L1 L! z$ \- O( [
project_domain_name = default
/ {4 u) Q% V; u user_domain_name = default
! M5 Y5 j6 C% U/ A region_name = RegionOne4 I+ O1 d+ q& d. K
project_name = service% @2 Y& a0 C# n' l5 n
username = neutron
% }1 G2 N" q" X( |5 `* X+ I password = neutron" E/ I- w6 Y% {. G: G( G
service_metadata_proxy = true4 A3 Z6 l' ~) A/ R8 K
metadata_proxy_shared_secret = openstack
1 U- s1 J# S) j& s8 X6.1.13)初始化数据库
! L& n5 [5 j5 \& ~ root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
7 U- L3 }/ N. o root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron# l. |2 q: F+ l' O
`验证数据库`/ [1 U3 O' W9 {
root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables"
0 |/ y! i ~. ` +-----------------------------------------+/ m# k; P, M, T/ n' x% _! _
| Tables_in_neutron |5 w6 Z& z6 d( ]3 W* H" F9 j+ v( J+ O& c
+-----------------------------------------+, Y( J. O# T9 b' L6 u1 {7 a
| address_scopes |
5 j8 `) p. x; H3 H7 J | agents |
; q- {5 ^# r0 p' e | alembic_version |5 x" ^, a4 r* X5 _
| allowedaddresspairs |
* n1 i/ H5 y* Z6 B* \ | arista_provisioned_nets |
1 V$ B+ l8 O! I1 k3 s ...........................................( o& B$ j# S9 M: ~0 q: e( D
...........................................
5 R; f' M/ y' }; _4 ]8 n7 f- V | vcns_router_bindings |) f3 c6 \1 x; s- T# ^$ M
| vips |
1 b. p. O2 M% O( z: n5 o( w( @5 j | vpnservices |
" L5 `# A3 E- m7 n# s* b# A +-----------------------------------------+; N8 K* D: R" ]+ R: [# }3 j
6 z( n% a$ }. Y8 w6.1.14)重新启动nova-api API 服务8 f* |* E$ W1 {+ B2 T
root@openstack-controller1:~# bash restart_nova.sh+ @/ f2 a6 g h5 [2 ~6 {( t
6.1.15)启动网络服务) J. w, Q( r9 J) j3 _ P
root@openstack-controller1:~# systemctl enable --now neutron-server \1 P) z3 Q2 u/ T4 y& B1 K9 T
neutron-openvswitch-agent neutron-dhcp-agent \
) J6 l6 [5 `8 n% n0 q( e$ R neutron-metadata-agent
8 W, q3 p6 D- U8 x Y6.1.16)编制neutron的重启脚本
1 `0 }4 [" ~% d, I [root@openstack-controller1:~# cat > restart_neutron.sh <<EOF: `" }$ b9 T* t3 h1 g
#!/bin/bash
7 L; v: f, S( S/ l- F) n! N service neutron-server restart
3 a; v. B8 q# t! E* w/ P service neutron-openvswitch-agent restart7 s) l& n' c/ N4 e& L7 p
service neutron-dhcp-agent restart7 H7 Y9 L H5 N
service neutron-metadata-agent restart
0 D, r/ {& D+ B [9 I" d EOF) z3 d, }% C, \/ G0 d6 o
[root@openstack-controller1:~# bash restart_neutron.sh
$ F, j' H, p! Q2 E- B6.2)安装neutron_compute节点; u* o x: U# L- I [) e [6 F5 S1 m3 y
6.2.1)安装相应服务
% N$ u9 T( o+ |+ }% X$ u, ^+ g | root@openstack-node1:~# apt install -y neutron-openvswitch-agent
$ \. K b. S A5 t& h2 \' ]1 J6.2.2)修改配置: k( H* m0 I& s8 X Z: M
root@openstack-node1:~# vim /etc/neutron/neutron.conf0 g; y% ?$ {; g( \0 |
[DEFAULT] # 在此模块下面添加下面这2行% O! S' U. S; L! L# W3 s/ U
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local
( B' s6 d; w' Z1 h: z# K& [) X ) ]0 [6 {& A/ y+ S
[oslo_concurrency] # 在此模块下面添加下面这1行# z2 G, j( ~) z
lock_path = /var/lib/neutron/tmp, G1 ^) H* {9 q: I
6.2.3)Configure the Open vSwitch agent+ |8 {. q$ j/ H- l
可以从网站上获取完整的openvswitch_agent.ini! \1 X. ?1 }3 A- o4 p3 N
, @! I& o/ p" A+ i0 V; q U6 }
https://docs.openstack.org/newto ... envswitch_agent.ini
2 U, h: u/ M. Q! }+ O- w, t& p- Q' w2 |. e3 K6 i
root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
* U" s! w2 e6 E1 d8 I! b [ovs] # 在此模块下面添加下面这1行& L* E9 R( g& D" i, |2 I9 Z
bridge_mappings = provider:br0
3 c+ r6 ?: n1 N& H. N
0 \6 V! M7 H' @" j [securitygroup] # 在此模块下面添加下面这2行/ k& O* F- j% J2 Q& d) M' n5 p0 x
enable_security_group = true
/ x3 l9 Y; v! X- s( Z- l firewall_driver = openvswitch4 {3 N* R1 ~+ N6 G" B" o1 n8 ]
9 ^! _1 ^0 F; {. G- ?+ \3 o8 ~
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
/ S* N- E3 a2 \3 T4 z/ S+ v root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.2
6 H a8 d; Y& F4 z( D2 c' k3 P开机加载, F6 ~9 j. J# `0 ^* ]
* t, ~" b& A! Z4 u; q$ _ root@openstack-controller1:~# cat /etc/rc.local
8 L7 M% ~& V% R. b6 k, \ #!/bin/bash
! ]5 C% A4 G& y; f" o& V ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34
, U, B: L9 H @, G ip route add default via 192.168.139.2
& K( C" r. C* q& Q& Z! k' n4 _4 G echo "nameserver 223.5.5.5" >> /etc/resolv.conf
+ o/ }- \% E: h6 v5 k" g# }6.2.4)修改内核参数1 J) l& D1 w" o9 ?' f2 b3 q
root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf 4 g( X3 u! V3 \6 G, q7 y! N
4 B! _1 t5 h8 y' t4 E1 l
root@openstack-node1:~# tail -2 /etc/sysctl.conf
! d; X8 @2 |! q net.bridge.bridge-nf-call-iptables = 1
& q" C8 ?' Z, s+ ], r4 Q1 m2 y net.bridge.bridge-nf-call-ip6tables = 1
& m' |- }" d% W, E7 n `加载模块并让内核配置生效`
. n, m+ \8 Y/ ?" H root@openstack-node1:~# modprobe br_netfilter2 h/ n" V6 M- Z9 u1 A
root@openstack-node1:~# sysctl -p9 m2 ]' w7 N. V: V' \
net.bridge.bridge-nf-call-iptables = 17 X o* R: G& S
net.bridge.bridge-nf-call-ip6tables = 1
/ m. H# o* X" y4 o0 x+ ?' c6.2.5)Configure the Compute service to use the Networking service
* E2 m$ C9 L8 T$ T* ]$ R2 M: I$ [ root@openstack-node1:~# vim /etc/nova/nova.conf/ g+ ^1 ?( e, x
[neutron] # 在此模块下面添加下面这8行/ f! s5 n- ?% E4 o; C2 S1 O, S) T
auth_url = http://openstack-vip.stangj.local:5000
2 n3 } T& H! g4 Y# T' ?" M auth_type = password; H- N; y+ N. L- |( T b
project_domain_name = default
4 m0 S Q' p1 _ user_domain_name = default
$ E; D2 |0 M% d+ o region_name = RegionOne9 [2 [4 G% J) v
project_name = service$ Y3 \4 U. v0 W% U& p& g6 H) q W% B
username = neutron
. n) O' T9 _% O) X2 F- _( @; n( w password = neutron
7 S" e3 ^+ X. Y) F0 Q; N+ ^ service_metadata_proxy = true
8 U8 n' V8 b- ^2 T- r9 t' n5 L- ~ metadata_proxy_shared_secret = openstack
, L# Q& e/ [* L; Z4 s0 N% |" P+ \6.2.6)启动neutron_compute' F2 l4 S3 S! W5 {+ K
root@openstack-node1:~# systemctl restart nova-compute
; J0 g( y, C* U/ V. x. H) O1 j) C root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart4 z: b7 n) U" t3 Y" |
6.2.7)编写重启neutron_compute脚本
4 K5 u" n, v5 |! o5 N2 i. i* J root@openstack-node1:~# vim restart_neutron.sh
; Q4 K3 F) v' Z! J( W8 s1 P #!/bin/bash: U) u) M; s4 J; ^7 R0 |- r$ ]# _
systemctl restart neutron-openvswitch-agent
4 L3 [, E' u+ ^1 P0 H+ I( Y6.3)验证服务# I: T) r% f4 I* y
[root@openstack-controller1 ~]# openstack network agent list* C9 ], x8 ~1 e% K: O
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
" q* t* l8 D/ l, X! I | ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
5 O* _$ z6 T1 S" O" r +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
7 m( j; s& g. w) B' B | 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
* Z3 z8 x* Z" w! t# E1 K | 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
/ T4 g2 y7 a+ i& L7 a | 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |2 F2 E4 p/ i6 M6 c" M
| afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |2 u% f$ I7 S* f0 V/ r1 q
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
5 S# n c% `. i i% d [root@openstack-controller1 ~]# nova service-list$ D3 c( L- q: A& f: R, N
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+& c1 }% _5 L5 `/ l
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |: d" c+ w* C" k4 F& s( ?. }
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+) q$ ?2 L/ @7 n. Z5 M1 o
| 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |
( S' n0 q/ r; E* g7 J4 g6 j | 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False | t; F( `1 N2 C
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |* p5 o9 x; [% t6 c F
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
6 n- N% f/ x0 o$ X b
- t: t' @9 u. z2 C" E Q7)创建测试实例( H/ l6 Y1 e1 c/ s5 Z7 B6 k! t
7.1)创建一个provider网络/ }% b5 j$ V% k
root@openstack-controller1:~# source admin.sh ! g2 s/ C8 C: d: ]' ?: D
root@openstack-controller1:~# apt -y install bridge-utils
% f) t% Y0 e! S' s: R S" _/ K root@openstack-controller1:~# openstack network create --share --external \8 Q0 ~# E% k5 K" r- c' @" g
--provider-physical-network provider \
E9 L" H0 _7 V8 h2 ?' x' u --provider-network-type flat provider-net/ y* W( o, R$ @: m3 O5 J8 N
#####################第一个external表示创建一个共享网络并声明他是一个外部网络#######################4 q0 y/ T* E" e) D: P9 x
########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########% j4 o6 E$ N8 S1 D: Z# [
############################第三个external-nat表示提供的桥接网络的名称############################
' Q1 c+ S6 ^: x! x7 ~: |+ \: I root@openstack-controller1:~# openstack network list' Q0 M' O* t: ]( O3 r8 s
+--------------------------------------+--------------+---------+
7 m) B6 z' f7 B' |: S | ID | Name | Subnets |
: z& t# n$ j+ |: J' Y9 T7 z +--------------------------------------+--------------+---------+5 T; Q+ k' q: `- N4 R, V
| c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |
6 R5 R' b8 m q* d. @+ v+ `3 O1 ^- |8 G +--------------------------------------+--------------+---------+
" p- l3 d- ^ `) _( W7.2)创建一个子网1 {! N/ T- _; i3 Z8 `3 ~5 u2 ?6 P
root@openstack-controller1:~# openstack subnet create --network provider-net \& c( B) e- X: P# E2 V
--allocation-pool start=192.168.139.100,end=192.168.139.200 \5 E& ?3 h1 v" H4 [' F5 c
--dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \* X( ^5 Q+ I, y7 E, G
--subnet-range 192.168.139.0/24 provider-sub
- |# o4 T% A4 t: x! E9 o: j6 H ############################创建provider-net的子网provider-sub############################4 R, |) J9 C. ~- A$ k
`验证`" G& b0 ?: H8 K2 `7 P$ T/ z% T
[root@openstack-controller1 ~]# ovs-vsctl show
# ]) y8 d- K6 E4 z2 G: t 28a508de-e0a2-418a-b357-4a93f9f69127
0 f* g) w$ ~6 [# a Manager "ptcp:6640:127.0.0.1"5 w- j; F/ F0 @' O( R* y8 Q
is_connected: true, |! \& M6 j. C* t4 a& c- c
Bridge br-int; f* J+ b6 W: N6 K
Controller "tcp:127.0.0.1:6633"6 Y6 c& P9 W4 P9 H
is_connected: true
2 C' K: d7 d+ Q- ^5 p) \5 { fail_mode: secure- L! `' q3 l2 Q+ A8 A. e2 j
datapath_type: system
! {; j" }. {8 D3 A: q* h Port br-int* ]& j, }/ M/ V9 N& X4 n5 ]5 R
Interface br-int1 T+ ]$ q2 i, P! `; _
type: internal4 r5 L1 B7 G6 z$ d' S
Port int-br0
& h9 C8 I0 M0 ^. ^ Interface int-br0
6 ]6 X4 p* q) ^ s9 o5 }9 Q type: patch% o0 }, S, m- o: S1 q! G+ Q6 z0 T( Z# m
options: {peer=phy-br0}' i7 R0 l' }* ?" I0 i& Y# }
Bridge br0
7 _. B0 H+ ^! T/ g! S: T Controller "tcp:127.0.0.1:6633"8 r; U' C( @; W. p
is_connected: true
: O q% x& f$ `& r& l1 E2 _: z; e/ q fail_mode: secure
[( R, e* P; c- q datapath_type: system; E/ K0 K! Y( k8 ` c
Port phy-br02 o7 ]1 N. a- L+ H
Interface phy-br0: R! I" J$ L3 r& G( T
type: patch% I8 W/ U- k, E- q: A9 n) g8 K
options: {peer=int-br0}
7 [$ Y: I F- M' h6 L+ X" I) y Port eth06 }- \4 u: ]! v) {. W) I
Interface eth0
2 s7 ?2 M6 }0 i; F5 w5 d6 a, Q3 ^ Port br0
: o. F( }4 o2 U7 E6 c! { Interface br0' ?$ L8 R- S9 f/ t1 |# j: j9 [ G- c3 i
type: internal
5 [* ^& s% G8 G( H+ ^, u1 F ovs_version: "3.3.0"
' v1 U9 A' l0 p/ ~
5 d, K; h4 w, P u+ t [root@openstack-node1 ~]# ovs-vsctl show
2 [, O% n2 ~' P! u2 p% ^+ t ea324764-3f52-419d-94ff-784dadc75aa9' z$ ^2 v# c% j6 P' z/ V" t7 ^( v. S
Manager "ptcp:6640:127.0.0.1") L4 P! b1 m: C2 e
is_connected: true1 ^ I1 `: w: a: Y1 H$ O9 L
Bridge br-int
1 K% I0 d5 |: N! u3 j) Z" r Controller "tcp:127.0.0.1:6633"
8 K+ Y+ H# `0 \5 y is_connected: true
' ^9 ?/ }" c$ j7 Y0 W" n fail_mode: secure
/ x' `9 k& E: h) c* z datapath_type: system
7 L( u2 r2 _) e( O& e: w. C3 b Port int-br0
8 }( I1 a* q+ m0 F6 K" [& Y6 B Interface int-br0" q A7 q3 _9 |7 S% I5 O5 T
type: patch
! a0 X& f. |1 w/ B2 I0 z+ Y options: {peer=phy-br0}% O3 a& |# V* w' |8 }
Port br-int
2 l7 d# B7 x# u8 F2 n+ s+ Z6 H7 N- h Interface br-int
) c" N; ]& W' m5 H5 a& N6 n type: internal
4 d! B8 R) C8 f+ S5 q- ~4 w# | Bridge br0" e7 [1 I3 J' |' g# j
Controller "tcp:127.0.0.1:6633"
# x7 z* s+ }- x. x2 j% y3 h! V is_connected: true1 i: i4 `2 z4 S
fail_mode: secure
* X. l, P" N. u5 d) M: c; i datapath_type: system; e8 t6 I v6 J9 ?. U
Port br0
\/ A' v4 m: K1 t2 u5 J Interface br04 t# p/ K) ]7 e5 } X U2 J ^
type: internal( W+ j7 `/ T; v5 Q9 x1 p6 p
Port phy-br07 S1 H7 U' X) b+ W4 L, I: m8 ~# e2 J
Interface phy-br0% N0 t4 k x( ]" R( R' n, i
type: patch
3 q7 u# @: D/ b! p" c) G7 G options: {peer=int-br0}
5 W0 Z5 v7 w& v" b, M% r) z& v5 w Port eth0
* U/ J1 M& H4 k6 n Interface eth0
- [/ F A9 e7 N, I& B4 z ovs_version: "3.3.0"
9 e& Y( W& v; c+ g& b, t! P& ?0 _7.3)创建虚拟机类型
$ a6 C5 b8 h+ a" Z+ b" p' d [root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano+ r7 x/ c0 w3 Y3 m: i; h- G
+----------------------------+---------+
2 d! U. G7 U0 q2 i. T | Field | Value |
$ q" R" B$ u+ i, \5 D +----------------------------+---------+5 P* ?" y+ l9 Q/ Q3 L7 T5 t
| OS-FLV-DISABLED:disabled | False |
' |( ?. V0 {! u" w | OS-FLV-EXT-DATA:ephemeral | 0 |
6 h& T+ v& f0 i6 n7 w | disk | 1 |! S; c# |7 [7 }' w. [/ f3 j# i- L, ^
| id | 0 |3 N2 d& c* w- Y, K0 Q
| name | m1.nano |
4 @. i3 R+ W- T: a$ E' ~ | os-flavor-access:is_public | True |- x& O7 a$ K3 Z3 c3 T" j& F* s( w
| properties | |2 X; A5 R" j4 {- ~+ f
| ram | 64 |5 t7 g9 E' f4 v6 d5 m6 }8 q Y/ ?! }+ Z# z
| rxtx_factor | 1.0 |
, B$ u2 Y' f6 p$ G; ~ | swap | |5 n! }2 i" T4 ^# N0 V% U
| vcpus | 1 |$ p0 j( d( ^, Y, R) ]
+----------------------------+---------+
, o. J/ R6 _2 ~6 o3 D1 K7.4)生成密钥对
) n1 K4 B& O7 p b [root@openstack-controller1 ~]# source admin.sh 7 Z9 y1 x& {; z& }9 s2 C
[root@openstack-controller1 ~]# ssh-keygen -q -N ""
- x" e' x+ |4 o2 J, t [root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
% V Q/ d0 [' @* ? +-------------+-------------------------------------------------+$ Z& b, u3 ~8 }( X/ m2 a% @+ M
| Field | Value |
4 B* o; X' R1 E +-------------+-------------------------------------------------+/ k) j$ t( P4 |; t D$ H
| fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |
# s6 F( q8 Z8 d# J | name | mykey |
. e4 U: J( v, \% f5 ? r+ J | user_id | 5c4b6243d95742799de0fc97ef119967 |
+ U2 X) V Z3 C +-------------+-------------------------------------------------+
& W- k' Z1 C6 t' W `验证`
0 F4 w; f" ^* O. A' J. P6 I [root@openstack-controller1 ~]# openstack keypair list& g3 i% S7 ~* T) z
+-------+-------------------------------------------------+
$ |& k- s2 K! E' U! \% @ | Name | Fingerprint |: L B( v C) \+ N6 Q) b# t
+-------+-------------------------------------------------+% B1 Z, l" v" f. q. w3 O6 T, l
| mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |! t; d, P3 e2 V+ O! I+ e
+-------+-------------------------------------------------+% c8 ^1 b+ Q( t& P
7.5)添加安全组规则0 B' Y R f+ }" G
root@openstack-controller1:~# openstack security group rule create --proto icmp default# [7 t0 g: V/ ]; J4 z- Z0 }
`开始ssh` _+ m7 F4 s& M" J2 P6 ^* M
root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default
) P( r: ]+ d0 ^. e
6 q; t" i4 K: ?- B2 O root@openstack-controller1:~# openstack security group rule list4 x3 w; [- \. b) O
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
* Z! t% @0 N5 W9 F. W+ z1 ? | ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |0 G n. z" h) _$ G
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+7 W2 E* s. W: C
| 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |
! O B Q8 e( k | b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 |2 N) {+ r$ G {8 F; i' e
| 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- |8 Y! u1 ~8 g7 b# h. G/ p8 W" f2 E
7.6)在provider network启动实例2 t# P a' j, K) S' P" u
7.6.1)前期验证* R! q: l- Y7 @9 b- B
`验证有没有虚拟机类型`5 [- h$ E+ I$ _
root@openstack-controller1:~# openstack flavor list
) K: e' r7 m& N +----+---------+-----+------+-----------+-------+-----------+
4 I$ y5 D6 Z8 F2 P7 n3 S | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
: v3 z$ [3 G9 ^$ P1 {! R +----+---------+-----+------+-----------+-------+-----------+, p5 n4 ?* A o7 R- ~, h
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |3 t2 r, h' s2 B4 ~
+----+---------+-----+------+-----------+-------+-----------+
2 J9 Q- Q" t. S3 T# Z' b$ R+ k1 n: P ; |& z$ _* O6 B" h' v1 U
`验证有没有镜像`% ]# |& B3 y% o# v
root@openstack-controller1:~# openstack image list4 b o# }, V9 Q4 C7 t8 Q
+--------------------------------------+--------------+--------+; {' Y6 j+ D n7 Z* N
| ID | Name | Status |
- t/ p( U* z% s +--------------------------------------+--------------+--------+1 N" Q9 q, n" |5 I) p
| 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |
. S7 M; X8 V0 u) k$ ? +--------------------------------------+--------------+--------+; t. B' j" E( P
. V R% V4 d' R* K `验证有没有网络`6 \ f, c! a3 S0 |
root@openstack-controller1:~# openstack network list4 u+ y+ n6 \$ q6 {0 s
+--------------------------------------+--------------+--------------------------------------+
6 `. V. K: B0 r) q( y | ID | Name | Subnets |6 G, t% y8 t/ Z, v8 r
+--------------------------------------+--------------+--------------------------------------+
7 L0 @0 L* W; w4 g; d5 [/ q5 e/ c | 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |
/ D; F* S# G% ?3 p) e! \ +--------------------------------------+--------------+--------------------------------------+
! M$ ?' ]3 ^- u4 t! Z, p " T Q' Z/ E( [; \7 U* f
`验证有没有安全组`
7 t) z; }& C x4 ?4 B root@openstack-controller1:~# openstack security group list% F& L8 |/ q& A6 J, v( _$ g2 U
+--------------------------------------+---------+------------------------+----------------------------------+------+
7 h; p$ ] j3 F0 ]7 i: K! ^6 @" u5 G | ID | Name | Description | Project | Tags |3 _6 b, ^6 D2 f- Z
+--------------------------------------+---------+------------------------+----------------------------------+------+' J8 O4 x j/ d% D4 R7 r8 F' H
| f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] |- G5 |4 H' D R) w) b; Z& h
-+
% h5 C6 H |- |0 q+ s: S$ ~7.6.2)创建虚拟机
6 a$ m- d3 d, A1 ~ [root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \
" y0 O4 z/ m% S; S J --nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \
, z5 [ H+ O* J --key-name mykey linux-stj-1& J j$ j4 h: @* u
#################################参数解释#######################################
; ]6 w0 v( r0 P G& O+ w ###m1.nano:为虚拟机类型;
- t5 A, l* ~( w9 y ###cirros-0.4.0:为镜像;
$ `% @) L( Z3 y. M8 ] ###net-id=[网络ID=openstack network list列出来的ID];
+ T1 Z# y) z# T$ X ###mykey:为ssh密钥对;
& t4 j: T" O6 i$ o8 G; X ###default为默认的安全组;" A* f4 U4 o" z! w4 d5 s
###linux-stj为虚拟机名称6 a0 s# L% `* A8 h g! d$ N+ {/ B
#############################################################################0 ?0 J; `9 m. `+ V) ~
openstack server create --flavor 1c-1g-10g --image centos7.9 \
$ k. W7 B$ s3 l- E: U --nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \! R0 `0 [. J' g0 V" r+ G, G
--key-name mykey centos-stj-1' ^: M& B0 s/ v3 o4 J7 C {8 i
7.6.3)验证虚拟机状态
& h. S9 k6 s! o& I root@openstack-controller1:~# openstack server list: p9 [8 z1 D( p# {" T
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+- T2 k* `- S2 \! |( j0 k
| ID | Name | Status | Networks | Image | Flavor |7 h% R- P \4 J8 r# Z9 h' _
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+- o3 f8 m- H& d3 ]" l+ k. ]
| 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano |. U, w/ q+ L* j0 s8 i0 O/ s
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+* G! u0 A! W% N- q1 m
# 加一条默认路由
/ l9 r) C. j7 r4 X1 s$ R root@openstack-node1:~# ip route add default via 192.168.139.2* @5 u1 Q5 O% T4 P5 Q, b
root@openstack-controller1:~# ip route add default via 192.168.139.2+ k6 o/ G. E* V5 s( Q, M+ A
###一定要拿到IP地址 external-nat=*****
9 ?* Q& l3 n7 q; c; f [root@openstack-controller1 ~]# ping 192.168.139.140: W1 O; A4 l& l7 D# f
PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.' y: c9 k3 C8 i$ a5 t
64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms
9 I/ m$ |1 D# B2 O- J/ |' i7.6.4)使用虚拟控制台访问实例/ b4 _ U7 l( N0 E6 F% M- l
[root@openstack-controller1 ~]# openstack console url show linux-stj-2
/ _# w' q6 x3 p+ |* q +-------+-----------------------------------------------------------------------------------------------------------+
5 u+ O- k$ [' W: R5 Y1 { | Field | Value |- U3 L6 x p Z9 b# s
+-------+-----------------------------------------------------------------------------------------------------------+
$ c2 V1 O/ x) C' N* Z4 ? | type | novnc |. a) C: d. z. f+ O
| url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |5 W: L6 e% [2 ^
+-------+-----------------------------------------------------------------------------------------------------------+4 Y; N/ [6 ]& j3 G$ m# \
image-20241208195008663
9 R. R" u8 ^0 _2 c' M* P1 q+ |' D' f
; p8 c9 P: J) p K ^# Jimage-202312171342499530 a# L Y; Z, r; T2 R) a) r) f9 [
& M! L/ q. k4 y a注意:如果你的访问出现下面这种情况
* v4 Y P1 v" x( I+ f' Y0 I6 f8 V P0 `, {* C3 F0 L
image-20231217135224898
) D7 {) H! Z% d* G$ I" k4 t* m. w: @- e3 I+ z6 y, [( x* v
解决办法:# g& z. j L; }
7 t d6 ~9 i R, l
[root@openstack-node1 ~]# virsh capabilities
+ E3 w. }0 i* ]+ X3 Y+ ]" v: Z [root@openstack-node1 ~]# vim /etc/nova/nova.conf
$ f9 G* o( J) @4 X7 h7 o# c # 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容( E6 O. g2 @! Z7 a: p
hw_machine_type = x86_64=pc-i440fx-rhel7.2.0& u% V$ s3 ]/ c( c
cpu_mode = host-passthrough
y7 R) j5 e! k! J) [ `重启nova`0 c2 M2 Y7 n4 Q) D& m4 {2 x8 d* T& R
[root@openstack-node1 ~]# bash restart-nova.sh 3 q- Z0 V% O* F$ [; D' C+ f
######理论上还用重启openstack对应你要访问的虚拟机#######
/ s, K, W1 _: Y3 l如果没有出现上面的问题则不用修改nova配置文件操作8 \+ n) B3 v( `2 o. o. s1 `
. F+ u; M8 P( f* A
! I3 n* r! D: [1 I
8)安装-dashboard
' T7 o. j3 R; j% q8 e8.1)下载dashboard$ v( x9 W. C( C7 x
root@openstack-controller1:~# apt -y install openstack-dashboard
! w9 U7 k, `0 n, i+ m1 f' `8.2)修改配置文件-local_settings$ a* N S, j/ M9 G
root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py
* `$ s1 o* V1 B1 m! G$ @3 y6 w # 23行 添加0 P" o! |: x; Y$ C
WEBROOT='/horizon/'
& u0 t4 [3 K& A# i! c " O$ C6 j+ w7 C6 X
# 125行 修改 m% t; I! t" X( r- Y' ~/ N. u
OPENSTACK_HOST = "openstack-vip.stangj.local"
I: D. `! E8 e OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST
6 n# M2 T7 q) D' ` " j) K( E! I, D7 u/ V
# 39行 修改- R7 j3 Y- Y5 Q. V6 ], o
ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']" c% \! M* ?8 H4 g
) W; ^0 O5 H4 R! |/ y. M3 w& P2 w" m # 105行 添加. c$ Q( K) i* P% T' S; C! G) p9 A1 A
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'/ E- h. g" \+ f6 z* {9 m
CACHES = {
: y4 P7 T7 A0 w2 Q7 T$ j 'default': {, X9 T D) D, o$ J4 B
'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache'," ^/ n' g; C b4 n2 \: ?: x; u
'LOCATION': 'openstack-vip.stangj.local:11211',5 R; q6 I( `7 P
}
5 N7 J5 J5 r' o! f }
( o9 m7 K8 h3 z; A" v, @ : z1 j6 R$ E# ]7 T+ X, g
# 127行 添加5 M. _& H7 A/ A1 j) c
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
i$ z6 `+ h% @ 4 U8 i# ]( X; |: t, `% z# l$ P& z
# 128行 添加* M* ~( W7 K( z0 ~/ N
OPENSTACK_API_VERSIONS = {# n' A" h+ A2 d. P+ F, B9 g
"identity": 3,( Q. N4 P$ C1 q8 O2 u( J N
"image": 2,' E* R" t+ _% a* A! r5 j
"volume": 3,
- @. `) s0 m3 l4 U }
5 {4 L6 }7 p, s
: I1 F7 `& F8 M1 R! u # 133行 添加
$ v7 y( D! w+ W5 r4 L OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"0 X/ ^: A' w7 }+ ~
! Q4 W! n# {1 i1 N* h& z
# 134行 添加
' U7 I0 B7 b9 r( Q4 ^ OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"4 W5 Y6 J! A) \$ M: n1 t$ g
% C+ l9 ?+ Y) p& M% u+ b # 138行 对照修改,把True全部改为False+ X# L o, {+ ~# H0 j! z. q
OPENSTACK_NEUTRON_NETWORK = {
) g# z2 T4 t0 y! \5 l6 F 'enable_auto_allocated_network': False," Y% J6 ~" ?3 D) K* m
'enable_distributed_router': False,
2 @4 h8 l* D) M+ M: k 'enable_fip_topology_check': False,
* [9 o: F1 R8 S0 C 'enable_ha_router': False,
1 |: P" i' [6 m$ y) i, I" F 'enable_ipv6': False,' F7 P5 q4 S4 W& [* r
'enable_quotas': False,
4 j/ i C& |9 A" M8 V 'enable_rbac_policy': False,' v+ j/ ~5 |6 F6 N# E
'enable_router': False,6 Z; L$ i! T- w) k! A
}
' w2 T* Z4 c& P$ s& b # 161行 修改
7 C% X6 o/ m6 v/ W" Y7 X% x8 o TIME_ZONE = "Asia/Shanghai"
+ G( t) j; y6 M$ O8.3)修改haproxy
. h% B. k% @2 Y# a* Y& E+ M [root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg T2 U" @4 p+ z
# 最后面添加下面内容% \: b0 W& C- N' I
listen openstack-dashboard-80
$ g- B+ `1 Y' A1 U9 _7 G* M bind 192.168.139.248:801 |: Q3 ~$ b2 n0 r, k* I1 U
mode tcp: w, S: K( g$ C: B3 ]$ L
server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 5' Q k; k- o' u# A" M: o5 l9 G$ V- K
[root@openstack-haproxy ~]# systemctl restart haproxy.service 0 N G( z* a5 U7 H* _$ `
[root@openstack-haproxy ~]# ss -tnl | grep 80
& N7 Q! i+ u- h- ^% t, Y x LISTEN 0 128 192.168.139.248:6080 *:* . b% s9 E. v& D- V+ Y; ^ P
LISTEN 0 128 192.168.139.248:80 *:*
! A/ m1 C3 [: C3 D$ k% ~8.4)修改配置文件-openstack-dashboard.conf" H4 v& r3 t+ a$ l+ [3 R
root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf
( D1 g" v+ e7 t R* c/ G, J # 4行 添加& S2 L/ ?6 r* C/ _+ _2 `+ s& M
WSGIApplicationGroup %{GLOBAL}/ N" G. w1 \$ v& U8 l
8.5)重启动httpd
R3 h9 N+ W8 r5 y0 @/ L root@openstack-controller1:~# systemctl restart apache2.service 5 x; u; [0 o$ m3 i+ Q3 P; y0 w! I
8.6)访问dashboard页面
2 W1 d2 Q9 L- i* B' S; Dhttp://openstack-vip.stangj.local/horizon/! l/ X' E1 k: y% Q. d% u& n/ f
9 |4 O1 E' t; p) u
|
|
发表于 2025-3-17 08:00:02