|
|
Openstack_安装基础使用
7 O8 Z$ N( l' a7 zopenstack 版本周期$ X8 T# s5 H! `
' l2 |" v. V3 U9 A8 `' y' u https://releases.openstack.org/' ?( Q: m2 V+ }* ^; ]& ~3 |7 B
官方安装文档" t3 E6 b+ a& d# ]
- w2 }# {1 @5 A
https://docs.openstack.org/insta ... ackages-ubuntu.html: y q6 l. e" [5 i. p. Q
https://docs.openstack.org/install-guide/openstack-services.html1 I" o E4 Y7 X% `/ l1 {
手动集群部署部署
. y6 x2 _8 ? C5 b架构
4 x4 C0 h/ a. g$ Y* o2 a) c主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色
" _0 a; d! z$ @8 e- {, Z. @6 _openstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点01 f# I# D9 r6 I
openstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02
- m9 N8 m* |$ Ropenstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ7 a9 y1 _0 A& b2 @
openstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点
+ ~) L8 w. M% u% t; I( h3 gopenstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点0 L* H1 G0 A8 ~# v* F1 C
openstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived; v% q% H9 @# n
1)前期准备
- K$ `$ a$ f; S% P1.1)所有节点安装7 ^3 N7 c/ z% W- a& `) ^, c' O8 g
~# apt install -y bridge-utils% m6 P S6 L! X1 g0 R
~# modprobe br_netfilter* R0 C' x. n" P5 n+ `3 H% J
~# echo 'br_netfilter' | sudo tee -a /etc/modules
) X' n' |( a' Q4 R ~# swapoff -a+ X: v5 t9 c( |% n# F( h
~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab! O6 G H7 n: B: X6 W4 G5 I$ k
~# apt install -y software-properties-common
7 H& ~6 z8 A5 d1.2)时间同步
8 q/ s! |( @+ l1 B2 |# f5 } "controller1作为时间同步服务器"/ K0 W! q2 @1 W, x1 V7 H& l* Y: F8 D
root@openstack-controller1:~# apt install chrony -y
; A+ T3 `4 Y r' U8 `! r root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"" c' a2 f9 a2 @5 J: n
confdir /etc/chrony/conf.d1 S. K+ b4 @3 _6 i2 S4 a1 m3 p/ X+ K
server ntp1.aliyun.com iburst- D) r. [9 E+ s! h* g
server ntp2.aliyun.com iburst$ p, b! G1 o' a( \ d7 M
server ntp3.aliyun.com iburst
# e9 l5 b9 o8 t+ C& | allow 192.168.139.0/24
7 V- {7 H& f# r. ? {. O allow 172.16.1.0/246 I& E9 t) Z0 `3 w. R
local stratum 10$ d6 ^- M8 Y- ~8 b3 {
sourcedir /run/chrony-dhcp) E2 w8 y2 i, n6 V) M5 K9 a
sourcedir /etc/chrony/sources.d
$ t4 _, N& w8 h8 v6 c. E8 ^# F+ ?% R keyfile /etc/chrony/chrony.keys
3 I& N. y# ]3 R& F7 Q/ v3 W driftfile /var/lib/chrony/chrony.drift
7 b, ?9 | V+ U/ U! z: l/ o% | ntsdumpdir /var/lib/chrony
5 N# n$ N8 t0 G4 d logdir /var/log/chrony* S9 K/ R! K9 ]6 r
maxupdateskew 100.0
; k) P% N8 N% v4 r" K rtcsync! P* p7 @7 O" G4 t9 U/ W
makestep 1 3, {8 P- f3 B! [ r* L
) K' l. E9 E% k0 F7 t
`启动服务`( d7 a) F6 M, i+ Z/ p
root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony
x5 o' T- i" ^2 w$ f$ c 9 T* d+ ^# S) N+ j
`验证`
; p! ?' e' B$ M' W" X# x root@openstack-controller1:~# chronyc sources& m( o. F: C$ b3 U0 a2 }9 t u* ~
210 Number of sources = 2* S* G9 s9 S' a3 Y6 k) R* `0 ~
MS Name/IP address Stratum Poll Reach LastRx Last sample 6 {& z- S% j! m& H q
===============================================================================9 F, G8 G0 F0 V. Z5 a
^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms
$ F- b2 g1 \) u9 w$ o8 s+ B ^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms9 E& J5 Z$ }" P. @# Q+ p
8 b& s. g6 e+ O- Z; o; O9 x
"其他节点配置(集群涉及到的节点都要配置--我演示一个)"
3 R/ S% u$ P& Z root@openstack-mysql:~# apt install chrony -y
" J3 F5 {1 V: T. a% r& G1 B root@openstack-mysql:~# vim /etc/chrony/chrony.conf
# J1 F# Y! {4 G #server 0.centos.pool.ntp.org iburst
. ~' {! S; D, ^# o j, W #server 1.centos.pool.ntp.org iburst8 t' u, g7 _7 K/ j/ U
#server 2.centos.pool.ntp.org iburst
$ u1 j- K. h% B5 ` #server 3.centos.pool.ntp.org iburst
0 J0 v ^; j9 w& w' r' t0 l1 ~ server 192.168.139.31 iburst # 添加这条信息指向controller1! ^8 h; s; R1 x. n! {/ \
root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony+ L e5 ?' z7 G- P0 C) J
root@openstack-mysql:~# chronyc sources
' R) h) o, i$ B" H- f 210 Number of sources = 1
& L) u4 W" d3 D+ y* H4 E MS Name/IP address Stratum Poll Reach LastRx Last sample
5 u, i# I, v0 d" I+ @" G) R ===============================================================================
! G+ o ~; o0 |( e( [8 x. V: d ^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms
/ B& Q# N9 Q0 y+ `+ ?1.3)配置openstack官方源4 o( w5 B' W$ T5 ?6 H
`controller管理节点` Q( [7 f; v! M% u& s6 P6 p2 n/ u4 D
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
- a0 r" ?0 h1 I& C$ u0 U6 u5 k3 H! m root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache " x0 `, y4 d8 b" G, K
+ s! ~% a2 ~$ ^' c. i
`node计算节点`' V& r4 H; h0 g* }5 x; @0 D
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal
2 {/ Y* y$ T4 d0 E- d. H root@openstack-controller1:~# apt install -y python3-openstackclient
* \* }) p+ A9 P4 `0 N$ D `数据库节点`
2 E0 b$ R* W) ]- m7 t root@openstack-controller1:~# add-apt-repository cloud-archive:caracal5 x- ~7 P0 Y) i9 j
root@openstack-controller1:~# apt install -y python3-openstackclient9 z0 s+ d$ s- ]& g
1.4)数据库配置# `; ? s. U- W+ A
root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql
' I9 y& s, r u/ v8 A root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF
# U; Y- y0 L/ ]: g7 g% n G% a' ] [mysqld]3 |; ?8 c7 e' R3 c& r' f
bind-address = 192.168.139.33% T4 I! M G2 h! s9 a. I9 s! S
default-storage-engine = innodb
# o% C* m- D1 b* R$ k6 @9 d: p innodb_file_per_table = on2 ~& i- m. L7 E
max_connections = 4096
* p! c) M( X% _ collation-server = utf8_general_ci
J# R) \. e q- Q character-set-server = utf8
1 H( U3 s3 G$ T7 \5 O5 E F9 @; [ EOF- J9 U) Y3 b) u+ A7 g
root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb4 a# _; n0 D5 A# f" b: }
1.5)RabbitMQ配置$ Q: v. P" r6 R3 z
root@openstack-mysql:~# cat >> /etc/hosts << EOF
# m$ [+ @4 f' Q# s2 \ 192.168.139.33 openstack-mysql.stangj.local openstack-mysql
. R2 c1 u1 z, ?& |4 j EOF
+ V. \7 x; F& j% b0 D: p6 p root@openstack-mysql:~# apt install -y rabbitmq-server
/ K8 A0 k) G4 Z1 C" I- c root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service
6 o. Q! h- c! t! t7 I* v root@openstack-mysql:~# rabbitmqctl add_user openstack openstack123+ w- v+ d3 |! y4 t8 r) m2 h# n
Adding user "openstack" ...
$ j9 w" ]4 ^6 K1 \ Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
2 ^( b U1 n/ T7 `( Z root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*"
$ o( {& `3 Y8 t$ t Setting permissions for user "openstack" in vhost "/" ...% Z7 n( x+ q: l9 P
`查询插件`, M& J1 j: K5 b0 O9 B/ L' r
root@openstack-mysql:~# rabbitmq-plugins list
8 V( l H$ X1 q7 M' e Listing plugins with pattern ".*" ..., f) N( z: P) e$ p: B
Configured: E = explicitly enabled; e = implicitly enabled# |7 }4 F" i Q" T7 d
| Status: * = running on rabbit@openstack-mysql" }% U2 O, Z/ e
|/' p" w( _% n+ a! _% F8 Y* q" I( }
[ ] rabbitmq_amqp1_0 3.9.27
7 b4 j; g; A# C9 Z. ^! A3 C( c! P [ ] rabbitmq_auth_backend_cache 3.9.273 l7 x' {' Q5 r8 J$ W
[ ] rabbitmq_auth_backend_http 3.9.27
0 b1 [% O" V& \3 G. ` [ ] rabbitmq_auth_backend_ldap 3.9.27! G- |' ?+ M5 N9 ~. V
[ ] rabbitmq_auth_backend_oauth2 3.9.27- w) Q/ R- h* F. }! B5 G' O; J& c3 n
[ ] rabbitmq_auth_mechanism_ssl 3.9.27
$ H8 e }8 L* a9 D$ A' D [ ] rabbitmq_consistent_hash_exchange 3.9.27" y$ l0 C# O/ r
[ ] rabbitmq_event_exchange 3.9.276 ~0 M8 v% l8 f. x/ b
[ ] rabbitmq_federation 3.9.27% T$ F9 x% Z' [4 D' R
[ ] rabbitmq_federation_management 3.9.279 e9 @( L5 B+ A/ p* t1 Q$ f: m6 b1 r, c
[ ] rabbitmq_jms_topic_exchange 3.9.27
7 \' f1 W* s) [ [ ] rabbitmq_management 3.9.27
% p, L) |+ N7 m! `4 G" V [ ] rabbitmq_management_agent 3.9.272 v2 m, F/ V" |+ H1 T6 H. X9 ?
[ ] rabbitmq_mqtt 3.9.279 [% i; Y7 T( d- c7 t# I% V
[ ] rabbitmq_peer_discovery_aws 3.9.27
8 n4 x* k( T2 i! `1 H [ ] rabbitmq_peer_discovery_common 3.9.27
3 p. F$ Z" c, `0 W3 w$ L [ ] rabbitmq_peer_discovery_consul 3.9.27+ @$ p+ }4 C& e5 q9 ?/ P8 t* |
[ ] rabbitmq_peer_discovery_etcd 3.9.27
# [+ M+ R! L" H4 F [ ] rabbitmq_peer_discovery_k8s 3.9.27# a& x9 M. W8 k9 s5 l& _6 Y# w* _8 Q
[ ] rabbitmq_prometheus 3.9.27
: o$ w8 H. X0 J8 B! T [ ] rabbitmq_random_exchange 3.9.274 k6 o/ Y6 L/ A' t
[ ] rabbitmq_recent_history_exchange 3.9.27; n* d2 u# Z, U; r# r! H
[ ] rabbitmq_sharding 3.9.276 n' W8 k* g" h
[ ] rabbitmq_shovel 3.9.27
- }* f$ ^) F) F+ z; v+ K) ` [ ] rabbitmq_shovel_management 3.9.27
: D* S7 n6 n+ a [ ] rabbitmq_stomp 3.9.277 Q' c+ O9 ~# C2 O( F1 x. o
[ ] rabbitmq_stream 3.9.27
: _" d5 K, [/ x/ \ [ ] rabbitmq_stream_management 3.9.27
8 l9 o( J3 @3 p6 |# R; U% j' d [ ] rabbitmq_top 3.9.27
4 D# z8 b2 ?; ]. ^) K: I! F1 ` [ ] rabbitmq_tracing 3.9.27; J; ?. I) N; e2 P
[ ] rabbitmq_trust_store 3.9.27
* }/ ^0 Y+ p5 m, ~. ]* ^1 x) m [ ] rabbitmq_web_dispatch 3.9.27
, O. A" s5 ~, o/ v0 `- s [ ] rabbitmq_web_mqtt 3.9.27
6 A3 W7 z5 D5 Q" B$ | [ ] rabbitmq_web_mqtt_examples 3.9.27
7 Z5 ^" |# l) i- ]5 q [ ] rabbitmq_web_stomp 3.9.276 [, l8 {5 ^; e: _5 J \
[ ] rabbitmq_web_stomp_examples 3.9.271 x& e0 j" x6 T4 y, f
`打开插件`
7 A1 P& h8 e: j+ c& f1 o& @ ^ root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management7 Z! ^7 N1 P( T& [% s) f- }
% |; u/ A& ?5 |; a/ R root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf
( _$ C& i; G+ M5 ]# D loopback_users = none
5 @$ A. P) T% e8 ^: P root@openstack-mysql:~# systemctl restart rabbitmq-server.service
5 w9 ^' Q& u: J9 Y& B
; c( L2 B, n) H$ i访问 http://192.168.139.33:15672/
; D% X7 z1 e* ^$ t: i
8 ^9 U- j' F) k+ q# }+ r- G# ~" M" r; ]
4 X( c: Q6 t; H4 `7 U; ]! O8 V5 C: {$ y
, y' b( U- \! I0 V1.6)配置memcached8 \2 i9 u: u3 Z H% X
root@openstack-mysql:~# apt install -y memcached python3-memcache
$ K6 C9 m/ O: o3 d1 K6 L root@openstack-controller1:~# apt install python3-memcache/ {9 r4 B( A% A/ @9 K( x% M9 `, t
7 R" ?3 l+ X6 Q, g root@openstack-mysql:~# vim /etc/memcached.conf 2 }4 o5 b: a S5 _
# Specify which IP address to listen on. The default is to listen on all IP addresses" w4 I T5 n! Q# N7 u8 }: K$ `
# This parameter is one of the only security measures that memcached has, so make sure
/ c J6 g/ D# y; g; ~4 s7 ]3 h # it's listening on a firewalled interface.
3 S/ R0 ?+ D6 I$ I; q -l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:- K$ ~& r. G2 | H% _% z$ U7 X
root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service
6 u+ `/ l3 h y. G) x1.7)配置haproxy
& z( N9 v3 b& K9 J root@openstack-haproxy:~# apt install haproxy
" B9 O- z8 U: `; i' X2 l root@openstack-haproxy:~# apt -y install keepalived; ^* ^# O7 T1 e* D
`配置keepalived`1 w9 y, h# m9 j0 U5 L# H/ `0 V5 e
root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf + M" j( k* e5 s9 {. p
global_defs {
# s7 Z' Y! ]+ [2 h smtp_connect_timeout 30
- Y. V3 k$ i% t3 A* H router_id LVS_DEVEL Z# r( o7 h8 }. \3 e( l* h! d" @
vrrp_skip_check_adv_addr
3 U# ]; n* {* v# I$ u9 f vrrp_iptables
+ L# F+ V3 F: R/ J vrrp_garp_interval 00 M' w+ X: L: A% ?# @6 ]
vrrp_gna_interval 0, Q3 z% g1 N7 t; b7 g7 D! k9 u
}5 a" G. U1 S1 K+ V
% j4 G; A7 R0 Q
vrrp_instance VI_1 {
2 Y9 \$ ~6 D: M- E0 t4 f. L1 | state MASTER
* F; \4 f" [9 V' E9 S2 m interface eth0, G3 w& r L- K, q
virtual_router_id 51
5 [" W/ K$ D, G! v% N9 O0 d9 H priority 100
k( e$ e# d) r7 \& \$ p7 L% [4 V advert_int 1
/ w* f1 l( Q& T& j; f( N0 f" ? authentication {
" u9 r0 t0 {- B* ?, ~2 M auth_type PASS
3 O( H, U& ~5 R8 d6 y auth_pass 1111$ q% v5 n/ }+ r; Z
}
2 |! n& o# d1 O3 K3 L7 u* J# Y3 x virtual_ipaddress {2 \: t7 ]% M+ }% a1 c/ i: v. |
192.168.139.248 dev eth0 label eth0:0
' ^: L! M, s1 C% h2 s. h; B }3 a4 E% j: i7 l! d
}4 ]- \+ P0 o+ L. B5 U8 L
root@openstack-haproxy:~# systemctl enable --now keepalived.service
1 \+ d. E4 r5 d4 i1 o3 _$ o root@openstack-haproxy:~# systemctl restart keepalived.service 7 s$ o& m9 a" L
`配置haproxy`
& j7 z! ?# E$ T( O& R root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
/ R' c3 O8 g Z8 A) _* w: c7 O # 把后面的frontend和backend模块配置全部删除
! A7 N5 ^# W0 n$ L # 最后一行添加
3 E Y' R2 {5 s4 T+ H' F- r& I9 _3 h listen openstack-mysql-3306/ j5 h# r5 L) ]+ t5 m
bind 192.168.139.248:3306
$ `% r; A4 [. a+ M9 i" v mode tcp+ G$ v. }, i- L: k5 s9 m: n9 S/ t
server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5; B( D w/ A3 @6 T: K
. a% o: z/ m( Q! D listen openstack-mq-5672
: E P/ }8 R& X! V bind 192.168.139.248:5672
9 ~5 P) y% Q' X% `4 ?* \ mode tcp+ f! k6 c; A* k% M; p5 I% _
server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 5, B' I7 M1 Y# W/ E$ }6 Z6 }
$ }, ]8 g, U( T2 y6 ^9 E
listen openstack-memcached-11211
. D# X* L/ r! ^+ x* y bind 192.168.139.248:11211
% U1 |. R2 L1 j: T) G9 d: e mode tcp3 D/ [; F$ z) B( L
server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 5
8 ?/ c4 h: K( _. C/ |
+ d8 ]( S+ a/ A root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf
# I- a& y' W/ K1 Q- r& O root@openstack-haproxy:~# sysctl -p
) _; e, Y' o2 T& t: v root@openstack-haproxy:~# systemctl enable --now haproxy.service . x% u7 E1 M, L
root@openstack-haproxy:~# systemctl restart haproxy.service a9 j% t6 k+ }, V5 s9 T/ I, }& G& a
root@openstack-haproxy:~# ss -tnl5 {0 j- c, c8 j" O$ g( K4 u
State Recv-Q Send-Q Local Address:Port Peer Address:Port9 J# [% p0 L6 ^0 t) i- o
LISTEN 0 128 *:22 *:* 8 e+ _+ U$ B& l) J
LISTEN 0 100 127.0.0.1:25 *:*
+ P. X: ?$ E/ ]& g# H3 d, y/ p LISTEN 0 128 192.168.139.248:5672 *:* $ f0 H( U1 h/ v
LISTEN 0 128 192.168.139.248:3306 *:*
* ?( C" Y: W" r6 m LISTEN 0 128 192.168.139.248:11211 *:*
' ?/ C8 ]/ Q# ^) @/ I* q LISTEN 0 128 [::]:22 [::]:*
" S% H' P$ J. T* V E LISTEN 0 100 [::1]:25 [::]:* ' _8 R$ `# Q. {1 p5 ~
验证* d+ {% U( |6 b3 Y
# J2 g9 j" \- j/ M/ |
root@openstack-controller1:~# telnet 192.168.139.248 3306* e. \7 Q: @0 L/ R9 K
Trying 192.168.139.248...
# h( K* L8 B; Q3 G3 { Connected to 192.168.139.248.
- W9 E. b6 k. o, Q; p* c Escape character is '^]'.8 X* ` F: c; ^- R: v
$ C6 G* t; j( W T root@openstack-controller1:~# telnet 192.168.139.248 5672
! W- N+ ~3 I w3 f/ [+ u4 g9 Q2 P8 B Trying 192.168.139.248...0 |6 E* |% h; X4 A* V( ]
Connected to 192.168.139.248.
# |8 X* ]. n5 s* ^4 G Escape character is '^]'.
& T" m4 K8 z) ^1 z5 c3 p + F' o/ D; S7 A i3 m/ {
root@openstack-controller1:~# telnet 192.168.139.248 11211, ?7 y( P/ i/ v5 K5 ^+ \
Trying 192.168.139.248...
4 l0 z4 y- S. I: c- i" V9 S$ U Connected to 192.168.139.248.
& M- W I% V4 Z! \: t6 o2 k' j Escape character is '^]'.9 k, w4 o: l/ ?- d/ d4 N
2)安装keystone$ R! d7 `. Z9 _3 M! y4 g
2.1)创建keystone数据库
- c% N" R! u1 W7 o9 C8 l! ? root@openstack-mysql:~# mysql+ a6 o& e. S/ ~, G" e$ c
MariaDB [(none)]> CREATE DATABASE keystone;
- q% X8 V/ D8 F) z MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';% ~5 z/ K5 ]* F9 @3 I! \1 S
`controller节点验证`1 S$ c( A& o( b/ w3 A1 N! ?
root@openstack-controller1:~# apt install -y mariadb-server
( V0 I( J0 U Q7 Q) v/ ` root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone123
- }( `9 T/ t+ r/ ]+ \8 `" B Welcome to the MariaDB monitor. Commands end with ; or \g.4 t. s5 }+ W/ T9 u( W j$ B
Your MariaDB connection id is 359 |6 P' H. x( i. E# l
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
( f0 ^6 u6 y! W3 N
2 h; }( u' h( c9 ^1 y/ D Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
' }+ O& X8 d5 W6 ` : a% C* b" |6 P8 r% H$ W5 @
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
/ O0 ^* [7 \$ J3 |" H 6 ~6 P8 J/ N; i$ G6 T
MariaDB [(none)]>
3 L6 q/ I. ^- L. G c3 C( }& }) | root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123& Z# e* r5 @# Y, u# R
Welcome to the MariaDB monitor. Commands end with ; or \g.
( M: ?- S- h6 {! p, s Your MariaDB connection id is 36
3 r6 L! r q& D } Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
3 }0 M; `! H' Z' I- v 3 q3 |6 z9 ?" f) Y9 G+ c
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.1 J m0 B# N) u; U/ b) F
& s2 k4 D6 R* y3 @& ]) G) B( o
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
9 _- k) i! R4 N4 q' L2 m. D/ S$ v! F ; s$ M# W$ w4 E+ g3 f; J
MariaDB [(none)]>
: b2 G0 L6 e- e& S2.2)下载配置keystone
) @% f2 H6 u3 ?4 B( { root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py3
4 X) s* N6 U/ s" T- `2 E+ {( M `添加vip的域名解析`
7 T& \4 w* Q' _4 @; `' A root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts6 X; K' G- r4 z+ C
`修改配置`
O: K4 r8 M+ t root@openstack-controller1:~# vim /etc/keystone/keystone.conf
/ R5 X( c& A0 H' X' H% y [database] # 在这个模块下面添加下面这一行信息2 U: p6 b* [5 n& h; h- N
connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone
% f( A/ O8 H0 b, J [token] # 在这个模块下面添加下面这一行信息
( {: {+ P" J3 D& {7 p5 O9 A rovider = fernet
3 ~. y' A0 G* y2.3)初始化keystone数据库$ z' d, c) R d N( `( P, _
root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone X- ^0 v' J0 _$ W( N
`验证是否初始化成功`/ m" B. l! f- \4 B. X+ c4 }
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables"1 y0 s/ W* y, f% M7 m+ M1 V
+------------------------------------+! ~( F6 ~- S* c8 A# b
| Tables_in_keystone |1 e% V0 {5 ~9 ?1 K
+------------------------------------+7 N' J( u3 R1 }' W2 E8 H2 x, H
| access_rule |
4 `: I' C$ F' ^) V _ | access_token |
. V3 }/ c6 s6 P8 A: N1 f5 h. @ | application_credential |
* N( x9 J- J7 d | application_credential_access_rule |' g: t/ |& |: u1 i9 L
| application_credential_role |3 W7 a+ ?4 L6 b0 w7 ^( p( d
| assignment |8 B W& h* K' U e
| config_register |- @0 I/ A) a& _, p
......................................5 ?# \ n3 r4 Q, }
......................................
% l. q1 M# A0 a7 r# u7 V, t | user_group_membership |4 S7 s1 r8 u% C
| user_option |
! A; s/ n8 E/ G% ~* O( M | whitelisted_config |, O# [; e- u" u* e$ Q" V
+------------------------------------+ V: g. l2 j/ ?; t9 o
5 P- L/ D" H* U* u @- D. ]) {2 k
2.4)初始化 Fernet 密钥存储库: M f# ]- S1 p1 _* J4 v9 |
root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone( x. N2 H# U2 s8 L4 [4 U
root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone; N6 \; z$ J% W* ?# \
2.5)引导身份服务. x& u0 o& v; u$ y j+ o
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg ) R {1 q. \2 M" ~6 F
# 在最后一行添加下面4行内容
# Q( h) W R0 l, z. ~1 K1 x- W listen openstack-keystone-5000
6 m7 d6 D2 o- H" c bind 192.168.139.248:5000; }8 Z/ t8 P9 S
mode tcp
, F. T' Z Q8 k4 S+ [0 v2 L* s1 [2 T7 j server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5
5 _1 X0 f- g( e" B5 r- I! D root@openstack-haproxy:~# systemctl restart haproxy.service
* `$ o" E$ D8 ^+ Z2 l% W) G # 设置,密码为admin; ?9 x6 [( T7 i0 M, ~
root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \* Q5 ]% D B; Y! U( m4 u
--bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \, ~: u7 P) W L9 j& ]3 H9 y o
--bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \5 T2 f+ t2 u- G6 M2 W) ~- A
--bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \5 D; s2 Y1 u0 \5 ~# U
--bootstrap-region-id RegionOne
6 t/ A+ T' i4 n1 T* _$ t2 Z `验证`
; P& U1 z$ ]' C$ i7 m1 O [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service"! G" X! G" G) S! z8 z, l7 F3 |
+----------------------------------+----------+---------+----------------------+) [9 [, a7 V4 S, @. h1 l# H, @; H5 m
| id | type | enabled | extra |1 k: B; {: O- e! g
+----------------------------------+----------+---------+----------------------+/ `: ]' ~+ l. k+ _" a+ J( i+ R
| 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |8 z0 Y" x7 J- R% L9 T' a( ~, F8 E
+----------------------------------+----------+---------+----------------------+
! g4 H# D* R' o. P6 b: d [root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "
+ O# S# p; T8 b5 g +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+$ ~1 M8 R. U& G" Z6 e9 I
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |
8 }1 @# C3 N' C! [ ]' [ +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+6 E2 \8 |2 K2 r: ]
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |( ^! I4 ^# g( V2 ~$ w; O
| ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |0 ^, T. V1 `- \1 Y
| def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
# D& K& h& P/ c4 ^2 _ +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
, z5 Z! z; P% W+ B% f. r2.6)配置Apache HTTP 服务器
y+ `& h, d8 | root@openstack-controller1:~# vim /etc/apache2/apache2.conf
& X8 s5 Q$ p, [* i0 q8 `) D ... # 找空位置添加9 k) J- `. l4 ^6 N9 Z/ m V
ServerName 192.168.139.31:80
- m7 _1 s6 h( s9 j3 r) V8 K. ` root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart( }" i6 ]5 M/ [
`验证服务`2 e4 u* O$ g0 A* q: S
root@openstack-controller1:~# curl 192.168.139.31:5000
7 G' _* B! ^' s6 r& D5 v% }/ ^7 w {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}3 p% I1 Z9 ]; m' h, I
root@openstack-controller1:~# curl 192.168.139.248:5000, h+ E5 \. S# S! y# i" O
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}2 y6 P1 ]5 W0 p! D; s1 \7 j
root@openstack-controller1:~# curl openstack-vip.stangj.local:5000
# r: l( |: T& j( e {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}% \0 G5 m) x1 y& D9 V2 T8 f* d8 _
2.7)配置环境变量来配置管理帐户
7 _: `9 V# }- C root@openstack-controller1:~# cat > admin.sh <<EOF5 T: J2 {! L; Z/ U" q
export OS_USERNAME=admin
9 j* V# ]) z; R export OS_PASSWORD=admin0 R% P5 y5 c- [/ t3 }* l" g d% ^: i
export OS_PROJECT_NAME=admin
% |* R4 g* r( S0 w" ? export OS_PROJECT_NAME=admin
7 Y) L* t: h6 e( [* A: a/ c export OS_USER_DOMAIN_NAME=Default
* X( R/ K+ S5 _3 x% m export OS_PROJECT_DOMAIN_NAME=Default
, w% w* U4 h" R* R3 R2 N export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
M, k6 J( t4 p9 L8 t export OS_IDENTITY_API_VERSION=3
p% \* e6 U9 A L# A! t EOF! G* e4 d4 u2 F$ n7 {6 B
`生效配置`4 q& [) y6 N3 u" l, ]$ M
root@openstack-controller1:~# source admin.sh# D2 G1 ~( @* _# [! G
`验证服务`7 C! }% h/ \8 k* K
root@openstack-controller1:~# openstack user list& P% y" s* Y+ C% J
+----------------------------------+-------+
3 {! h4 J; i7 a | ID | Name |
; U5 l. ?( h' X& L' x +----------------------------------+-------+
" |5 T4 j3 U1 I7 u | 5c4b6243d95742799de0fc97ef119967 | admin |+ N6 U. ~5 P! V* q* Y" s9 \
+----------------------------------+-------+
7 f5 x2 P0 T3 F" y2.8)创建域、项目、用户和角色
$ G7 M- U# V7 ^' F6 Z, F `创建域`; B" u* ?5 `, \* c8 X2 ^9 Q8 t3 I( J9 \
root@openstack-controller1:~# openstack domain create --description "An Example Domain" example
8 M$ N- |* m3 ~- K # [root@openstack-controller1 ~]# openstack domain list
( q, \% N" G2 |$ O3 V) {# C +-------------+----------------------------------+
7 r3 ]5 |6 ~; l; P; f% u0 @ | Field | Value |
2 t& a/ i8 g1 N4 b3 Y/ B +-------------+----------------------------------+5 w h' z! k/ `- F0 M; v
| description | An Example Domain |
; R4 Q e4 ?% d5 h: g | enabled | True |* i: K: \) q" \: W8 d
| id | 7233934db37f4e839da0bbc62bdebdf5 |
0 ~$ b: L0 H& P' y | name | example |& |9 g+ S4 [) x8 D) \! r" v9 j
| options | {} |5 C4 ~0 }9 @& L" [1 x; W& K5 {
| tags | [] |) Z( y/ S9 F d4 [. v
+-------------+----------------------------------+: h T1 D# b5 V# l
`创建项目`3 b" W+ I$ X! T0 g! Q/ U
root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service
* h! C% b" y* @, \* m7 o9 } # [root@openstack-controller1 ~]# openstack project list4 H# u, ]8 v* J& S O j; r+ j7 h( N7 g
+-------------+----------------------------------+
) k, V' r- x: F' t3 E5 g | Field | Value |
& @1 n3 d- o6 Z8 B( J +-------------+----------------------------------+: h6 e" A _% B0 W7 z. K8 p
| description | Service Project |( T& v. I+ r# l
| domain_id | default |1 m1 I7 F0 s5 s4 N" K
| enabled | True |$ n+ D8 z" v5 g% Z5 \! o; n
| id | 024872cab1fb4329997f4bb552cc7439 |
# v6 u; y Y. t# T | is_domain | False |/ i# e6 S2 K( p" J
| name | service |/ I6 S( [ g) n# I: y4 I: u
| options | {} |
; u! Z/ W b e' N6 X9 S | parent_id | default |' W' s* O. C3 l, @
| tags | [] |6 s9 g C- R% d% Y+ R _! ^! A
+-------------+----------------------------------+
8 ]0 V0 D/ r4 b0 X, d# f/ L `在default域-创建项目:myproject`
( _4 z5 \3 u2 N* F8 T) Z root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject- M N- d4 j# V+ W* T9 k( b! N5 a
+-------------+----------------------------------+
3 A n: ~6 Q7 w j* \! k | Field | Value |9 y2 g D, v+ o. E% B# I
+-------------+----------------------------------+
- S: J( d7 |$ B2 t | description | Demo Project |
+ B {, X- a* [5 t- x | domain_id | default |
( K( ?. f- d7 P/ m7 h) X | enabled | True |4 r& _9 L* x9 l" @! B# X
| id | 35e14efc4bb64fd18ab58ab793881459 |+ p0 `7 @ n* ^+ g' o
| is_domain | False |
7 s1 {* H5 b, H | name | myproject |
0 G' ]! Y8 U+ [$ d# }% s E | options | {} |
0 n; w8 }2 R: [, s. V | parent_id | default |
) s( `$ D$ R, R5 Z' ^3 v5 S, P | tags | [] |
; o8 K1 G$ a1 J' H. m +-------------+----------------------------------+
8 W. k) |3 i. u, w+ K. C `创建用户:myuser`
# d" U6 ]. ?+ D6 U" E( `+ X root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser
) z- j4 H: D {5 n2 ] User Password: # myuser, \0 `* P; U9 Q$ g$ L) r, e
Repeat User Password:# myuser9 d9 i. r! C' E! m2 j& Y# s7 y
+---------------------+----------------------------------+
" ~3 V+ O6 T& T9 o3 G | Field | Value |9 _5 M5 A5 |) }% p8 |
+---------------------+----------------------------------+
7 }+ v C/ k# \$ e: j( q | domain_id | default |
+ B6 S. K! X6 ] | enabled | True |
$ W. C C4 _/ ~3 N% [ | id | f40449a65bcf491aaf44cc4f8e09f3fa |/ I9 O. C1 T0 z% q) Y$ p: r
| name | myuser |& l0 S! F1 I$ ~ B/ m* n( {# \- f7 G9 `/ ]
| options | {} |- V+ u- p' i5 P+ h! ]& k l
| password_expires_at | None |
( D& u/ m) R5 b( H \ +---------------------+----------------------------------+6 N4 R1 Z+ m0 u3 M7 s
`创建角色:myrole`
( y$ Q- E( e+ O; w% k0 l* f3 Y& y root@openstack-controller1:~# openstack role create myrole
$ P8 \. P4 I$ d$ l# t6 M +-------------+----------------------------------+
, q4 X; X7 }; H6 {* k3 ^( M* r | Field | Value |: l! Y l) e" M& H% ~/ z
+-------------+----------------------------------+9 R% c- o5 Q$ ~6 `0 [
| description | None |/ A9 q, E0 W0 V& `; P. k% l$ O
| domain_id | None |5 q/ R! x7 T( P' l
| id | b1cf825f18194c858ba735c3a873e87b |3 s& w! O0 A/ j. u
| name | myrole |
* g* i7 K, j7 q | options | {} |; s; x- {, x2 O" O. L) A$ [
+-------------+----------------------------------+' ?2 A4 f9 C C7 _# D
`将角色添加到项目和用户:myrole/myproject/myuser`: ?- H3 q7 Z" i+ n
root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole
& I6 s6 H; b' A. o) I$ O2.9)验证操作
: F' L* p g$ |/ @3 M1 ?1 H root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD
7 e. A: d, n6 d5 S `获取admin的token信息`
3 C1 {2 E3 s/ ]8 [ ^" Y root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
7 J; G+ q6 @7 ?& V# O7 f# \
. G) I `" Y2 h8 L, ~1 i Password: # admin3 w* F$ l7 ~$ t5 e* H( z
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+0 D+ w+ E( h8 i! t2 J6 V
| Field | Value |
5 e3 `3 Q% a8 B" Z8 G: h& F4 D +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 j+ e' K+ g8 j4 @
| expires | 2024-12-07T12:25:41+0000 |
6 ]5 o) D8 ~+ `7 J; h" O" w | id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |
; ~3 \/ r: v4 F: I5 d1 A$ l | project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |1 [) X$ e$ C& Z- w! U, ?
| user_id | 5c4b6243d95742799de0fc97ef119967 |! Z ]& w- h8 n, _" J
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
- T4 G% o3 q" ^ `获取myuser的token信息`% N6 h' T4 c8 k& V
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
4 v7 W' Y( m0 r6 A Password: # myuser, B# L. q( F K, P
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
G4 ~8 D' C l6 U8 S1 ^ X5 B* ` | Field | Value |
0 z9 l$ h4 J% D/ ^& ?& U +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
7 W q8 g) H. n& l$ V | expires | 2024-12-07T12:25:41+0000 |
0 U7 R. l0 p4 { | id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |
; k/ r/ h+ ?( d9 S | project_id | 35e14efc4bb64fd18ab58ab793881459 |
8 e4 P3 }( {* R5 k& v z | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
& z. E8 A9 H$ a" g. f4 V +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+1 ~ y9 _5 Q( x( N& B6 r- e( H
2.10)新增配置环境变量来配置管理帐户' X4 q% s9 R4 P! U& J5 P
root@openstack-controller1:~# cat > admin.sh <<EOF
* B6 P$ i/ K" H& W7 L export OS_PROJECT_DOMAIN_NAME=Default
3 V5 u- _) u2 P$ U) F7 d5 P; [ export OS_USER_DOMAIN_NAME=Default" a7 x' ?: H: w Y
export OS_PROJECT_NAME=admin
) j5 `+ T0 _5 j: f export OS_USERNAME=admin) N7 i. b9 b" l& t, {
export OS_PASSWORD=admin; H) v% M8 y6 v* a; K% y6 p* G
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
: T$ @, m9 V3 d I. b export OS_IDENTITY_API_VERSION=3# i0 u! ]1 @# m+ c# K4 H! q
export OS_IMAGE_API_VERSION=2
* N' A1 G6 M' N O. I EOF- v# D2 N% |4 y3 x
root@openstack-controller1:~# source admin.sh
: B1 I" J! P" X) k+ P% k$ e p `验证`
; ]3 m5 X0 ^' q root@openstack-controller1:~# openstack token issue) \& t/ [6 S8 q; A
+------------+--------------------------------------------------------------------------------------------------------------+
. S% |& R* K7 l' C2 t | Field | Value |' x. I- \* c5 `4 L
+------------+--------------------------------------------------------------------------------------------------------------+ _1 N1 A$ F; n- X# L6 A. ?9 `
| expires | 2024-12-07T12:25:41+0000 |: m2 g$ _; X; }/ @: Q, Y
| id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |
' ~" j% [, P2 t1 {9 [3 D; @0 T | | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |9 I) S& I3 g b9 @' `
| | qj3vDQYbVyFBbnIY |
* G0 w; ]: `3 E% i' r4 A `! w# i; h | project_id | 96bbc0e66a5246fdaf29843498ef49a1 |: H/ m' w' f2 {8 r0 r( I! D0 k
| user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |
b3 C9 L5 ]9 `" W4 @5 T! b! E +------------+--------------------------------------------------------------------------------------------------------------
( E! _4 Q I4 ^
2 k; q& k9 d' R) }. g, x `创建普通变量环境`
( i( L1 c* v7 F% x$ ` m root@openstack-controller1:~# vim demo.sh$ H8 w$ n% R- k/ s# H* e( e+ n
export OS_PROJECT_DOMAIN_NAME=Default, Y! s, a' B ]5 o. V5 |5 P" H0 L
export OS_USER_DOMAIN_NAME=Default
9 i4 X/ L/ f( k3 Z! w, h% d export OS_PROJECT_NAME=myproject- ]+ a. w% b" o4 c C+ r9 {' ~# C
export OS_USERNAME=myuser
6 [" u" b' u1 p export OS_PASSWORD=myuser
: W+ _: S! D! N3 i6 J& F9 N export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v37 _/ P) u9 D: |" R8 i3 }
export OS_IDENTITY_API_VERSION=39 N( U: ]- t% b _
export OS_IMAGE_API_VERSION=2
$ m1 [) w7 \) Z, P7 Z" r root@openstack-controller1:~# source demo.sh
' ]9 r, V" y7 @/ p; r `验证`! t- {' ~3 D2 a( T
root@openstack-controller1:~# openstack token issue( W0 |& N9 Q* Y& n% e5 s- z7 r9 A5 a
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+/ h; o2 h, o( l
| Field | Value |! x! \6 C% [( U/ L9 q2 L
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+9 Z5 A, g4 ]9 c2 v" Y" O
| expires | 2023-12-14T14:26:22+0000 |
5 z2 V: v+ |, k: ?2 G& m | id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |
% U0 X, x9 l" }* t | project_id | 35e14efc4bb64fd18ab58ab793881459 |
; H0 n% k: e2 o4 x | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |* c. @% y( n2 [8 ~. R$ h" |! j2 b1 R
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+9 m/ S9 G: t3 ]" G) ]0 ^+ z4 U
3)安装glance$ r5 I6 ? R* z+ K
3.1)存储准备工作# r4 m6 V3 _) B2 o0 t! w; d
# 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs& z' O; Q$ T5 H; g4 _# A3 F
root@openstack-haproxy:~# mkdir /data/glance -p+ l! I' [% M2 L8 s
root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y
* }9 f1 ?. z- Q& D & A5 U8 Z, T$ V* [
root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports ' E. i# }! e) ? Y% f6 @$ U
root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server
K5 Q7 A8 d: {! v4 Y4 ] root@openstack-haproxy:~# systemctl restart nfs-kernel-server
9 a5 |# k$ l) H4 l+ G3.2)创建glance数据库! K+ l$ V! V$ U+ Q6 Q/ j$ t
root@openstack-mysql:~# mysql) E# Y: J( p6 K& z _. n& B
MariaDB [(none)]> CREATE DATABASE glance;7 U1 n7 Y9 L/ q) f1 k$ M2 ~
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';9 k, G# P. c/ C: n4 } w8 W! x0 W! r
[root@openstack-controller1 ~]# source admin.sh
1 L. o1 F ]% I, q) w- C `创建glance账号`5 L6 l8 i2 \" O6 G/ c5 G- ^
[root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance' p& ~+ ?# F1 ~: t
User Password: # glance( M, L5 z' H' B( X
Repeat User Password: # glance8 W6 y# G2 M$ o8 h4 |
+---------------------+----------------------------------+3 |$ b, M& r8 |6 C7 U
| Field | Value |; E7 K( k+ i% A5 V7 X8 F
+---------------------+----------------------------------+
8 o( ^) W$ C0 @ H' S | domain_id | default |
1 J+ R( p" w4 j: h$ M9 D | enabled | True |
7 i4 B$ s1 _+ h( c; B1 B | id | 34a900b8a67f40439804c830cd5957da |
, Z4 C! s4 n- k2 ~ | name | glance |( t8 X3 D/ D6 H
| options | {} |. s& ^5 y; q# i' N5 T; k5 {" v
| password_expires_at | None |! s. X1 s4 I0 S# k4 c$ |% C; w6 o
+---------------------+----------------------------------+
) D0 O! u6 i1 j# r& @' U `将角色添加到用户和项目:admin/glance/service`
3 d2 W/ w8 F; O" ~) Y0 n/ [ # 让glance拥有service项目的admin权限: g5 U- a. i2 `! @9 ^( N8 U8 }! e/ D
root@openstack-controller1:~# openstack role add --project service --user glance admin
$ v _1 x3 x: d; X" q root@openstack-controller1:~# openstack service list+ ^$ x( L9 E% X% p
+----------------------------------+----------+----------+
% q+ F3 z+ ` [ | ID | Name | Type |9 g/ b- W+ M" w: u7 k5 J* x) ~6 M% G
+----------------------------------+----------+----------+3 Y9 z/ M/ f. w9 I% c. C/ S. ?9 Q! Q
| 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
S8 e1 I: B$ L, L4 X5 N/ K9 u$ F, {" W +----------------------------------+----------+----------+
# W$ J/ G. W; _! ]* J: j3.3)创建服务实体glance
+ |7 \/ E3 k, c' c root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image, k) I& O1 f$ P( \. H# e
+-------------+----------------------------------+
j8 u. B, c+ I" m | Field | Value |2 e+ J# F( g. a' ^( i
+-------------+----------------------------------+
9 J3 l3 D' y" w. K& h | description | OpenStack Image |$ G( H1 J- T% n' w) y
| enabled | True |% \6 V4 ^. N$ M# P% a
| id | e53a2bd43aaf48f1840064e9cb594293 |. ?# h! {5 [, ^# u) H: B+ z& @) T
| name | glance |% ~: t- M) r0 K; ]& `
| type | image |7 d6 X2 J- X$ W
+-------------+----------------------------------+
. J' i# z4 e" g+ z root@openstack-controller1:~# openstack service list
B/ k* y1 x1 `! d+ @" G: { +----------------------------------+----------+----------+ Z" n+ ^% ?# R
| ID | Name | Type |1 b' P, \ r$ `
+----------------------------------+----------+----------+
v) n3 O1 I) T! U- E9 M( h% S | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
4 {6 e5 ^" r$ R& I9 _' Z3 K | e53a2bd43aaf48f1840064e9cb594293 | glance | image |. n% V( i4 a2 q9 D r: ]+ P9 G
+----------------------------------+----------+----------+
' T( S; b/ l) \( Q& k5 b2 O3.4)创建Image 服务 API 端点:& L9 D; H+ ?0 U E( Y6 r3 d
root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:9292- D6 R" w: A4 `9 }8 ^
+--------------+----------------------------------------+
0 C# R. a, R$ o% H9 p- y4 y" t | Field | Value |2 }' I$ I6 e+ L' l9 e9 [
+--------------+----------------------------------------+& s/ }1 g) h, L. V
| enabled | True |' |' h" p4 ?6 N2 [" @ i' Z
| id | 3fc61c0f302d41359da99b80ca32853f |
' X1 f; Z; Z! Q) X | interface | public |
5 f3 Z. @) h b: V8 ` | region | RegionOne |
. z6 S1 o# l1 I8 p$ J | region_id | RegionOne |, L+ X% G8 a% U' w+ C" j
| service_id | e53a2bd43aaf48f1840064e9cb594293 |
% N: V" E1 Y8 i. E* q ?3 m: ? | service_name | glance |
( N7 D' N: @. u- Y4 T, F | service_type | image |
, |, n% B, Z' x0 F+ g; ] | url | http://openstack-vip.stangj.local:9292 |( \$ M! q. |& K! d6 Z+ o
+--------------+----------------------------------------+- `& h# Z5 W3 _9 t
root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:9292/ w9 B) B7 L9 h+ K* H7 [+ a7 F; @2 n
+--------------+----------------------------------------+& b; C# D5 b+ k5 ]) H8 f" x
| Field | Value |" K$ q; B$ x& z6 \. B- X( Z
+--------------+----------------------------------------++ ?, W+ P7 `) e. @ z
| enabled | True |
7 h3 t" O# ]$ L' p; d$ x | id | 671f3dd8ddd643d08b922df0f9c7f4d8 |
% j* y: r$ q9 p0 K5 I6 q | interface | internal |
. t# ?8 v& X* X9 m | region | RegionOne |
0 @. j7 B0 D& @: ?( {# T+ d | region_id | RegionOne |4 U. o6 w$ X6 l, g; U* B# |; k$ v4 `
| service_id | e53a2bd43aaf48f1840064e9cb594293 |
3 |2 k$ |8 C, G" B( [4 ` | service_name | glance |1 |: |% i8 j. R W2 F
| service_type | image |" ^& E# [- F) q$ S5 Q: U
| url | http://openstack-vip.stangj.local:9292 |
+ R6 J# F% D" Z# q% n% P5 ` +--------------+----------------------------------------++ O' E+ d. v! {, r+ `8 O
root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:9292
" E: V% _7 @' t0 ~ +--------------+----------------------------------------+
5 i: }6 R: n! }* D | Field | Value |
" X+ O* [( Y1 r +--------------+----------------------------------------+. n* D$ ^9 h7 r' [# k5 O
| enabled | True |
$ Q# N* f5 G; } | id | afea7ab2f5914bcca88f088957f6144f |: v9 z {, X6 g+ p r
| interface | admin |0 _: K) a) o) D
| region | RegionOne |' t, t, E1 t% { b( z
| region_id | RegionOne |
) {- x% l" a8 j a5 d | service_id | e53a2bd43aaf48f1840064e9cb594293 |+ f9 b' m" i: Y4 h. |
| service_name | glance |
& H/ Z7 g7 u0 v. ~2 b | service_type | image |
. G3 P* b( Q0 o! R | url | http://openstack-vip.stangj.local:9292 |; ]+ A' a$ t9 }% b- {& ]
+--------------+----------------------------------------+
, H, R* _4 b! d1 s3.5)配置haporxy代理) |* l5 K9 V2 I) z0 w' d+ o) w, q
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
0 Z6 v" p! v0 q # 最后一行加入下面4行信息
5 K' {& s3 X5 _* n% c- C3 C listen openstack-glance-9292
* j0 s7 D9 ?, v; ] bind 192.168.139.248:92927 `" {* q: {4 }
mode tcp1 d0 n$ b! H. d. I
server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 5
1 }/ r5 r" ]* {' K root@openstack-haproxy:~# systemctl restart haproxy.service 8 V0 ~0 v* U+ E+ {' s- `2 p4 T6 T
root@openstack-haproxy:~# ss -tnl | grep 9292; ~( a8 Y1 h: ^
LISTEN 0 128 192.168.139.248:9292 *:* , }% ]8 k! C9 }7 p) a
3.6)部署glance服务
& d4 |, I% f* d# ?# x( @ root@openstack-controller1:~# apt install -y glance |8 b4 u& @( k s
3.7)配置glance服务
: a; A0 m5 s9 Y1 G- y @4 b+ p0 G root@openstack-controller1:~# vim /etc/glance/glance-api.conf
$ W- q7 Q- q/ y [database] # 在这个模块下面添加下面这一行信息: c& H* L: s. ?6 |" ~' s+ f
connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance
5 Z, H! _7 ~ Z& q % ]: A- M9 C$ P* K6 w P# C1 A/ H7 I
[keystone_authtoken] # 在这个模块下面添加下面这9行信息0 Z) K+ m3 |" Z* j/ y
www_authenticate_uri = http://openstack-vip.stangj.local:5000
1 |3 e) H% w1 p% P2 I1 d4 F auth_url = http://openstack-vip.stangj.local:5000
4 r1 n8 z( L$ } G6 p memcached_servers = openstack-vip.stangj.local:11211
' T+ z, V" R% M auth_type = password+ }0 @/ f$ B# V! Y% Q" b2 k5 {
project_domain_name = Default5 |" S h3 R) `) K
user_domain_name = Default& G! Z+ V# [, ?$ O2 d1 [+ ^9 N7 Q
project_name = service! j( L) j6 U6 `0 j0 \( @. {
username = glance+ n3 g4 Z( h: _% ]
password = glance4 f- T$ A# T+ ^0 b# ]
1 [( H& m) b* _3 ?7 R+ ]) P% T
[paste_deploy] # 在这个模块下面添加下面这一行信息( l1 w3 B+ Y! |1 e7 m0 e
flavor = keystone
/ H% }: T/ E+ V# l4 L
+ Z+ K8 N+ {0 x/ ~$ P% E7 Z [DEFAULT] # 在这个模块下面添加下面这一行信息
- I8 A5 e/ N3 n" f enabled_backends=fs:file
# o* H3 q9 [* j5 n$ {8 `
. h1 I2 M1 ~" p; `6 L [glance_store] # 在这个模块下面添加下面这3行信息6 G; h: E3 b) a$ a5 @' ?+ `6 y
default_backend = fs! c, r& L) b3 B3 I# ~) ?- b
[fs]
, I6 _% E" @) l& z' ~7 n filesystem_store_datadir = /var/lib/glance/images/( L8 ~7 G$ j0 ?7 V
/ q* M; C- Z/ I! n1 m. c
5 Y" g$ t; [4 {3 f, W `确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`% c; e6 v8 |8 d4 w* R5 k
root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader. {6 F7 { E) n c( E
3.8)初始化glance数据库/ k" I/ [0 \8 A
root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance+ i a+ h5 C/ S/ ]4 i( h) C& F) L
`验证`1 u( B& q8 h$ }. K" I, q
root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables"
9 R7 W! K$ O" _$ U$ p +----------------------------------+
, D1 ?& U# m* f | Tables_in_glance |( r- w7 z! }7 x+ D
+----------------------------------+, g; i0 l4 r* M' m( H0 W% Q# V. f" Q
| alembic_version |- ~6 s C6 y' y. n
| image_locations |
- i. {, ?& o4 Y" V% I$ g | image_members |# ?, y+ T- l( ?, }
| image_properties |
& ^9 w$ ]+ G: M. P- w# w | image_tags |
$ D: T0 `* D7 k- C) k9 t | images |% f1 n6 \4 B- I
| metadef_namespace_resource_types |
$ E( `! ^, M Y- _9 U+ l8 ~3 s | metadef_namespaces |+ ]! n# }1 ~" c; T3 K3 }
| metadef_objects |/ Q5 y' A7 f, v8 j
| metadef_properties |% ^! ^7 L2 a+ \: F/ f3 d, L
| metadef_resource_types |
- M8 T ]' T5 W! D | metadef_tags | u, `- j" |1 {5 u' n$ J0 n
| migrate_version |
3 l( |4 ` n' u Q! w0 E | task_info |$ b- h/ o+ `9 v# l# }9 ~
| tasks |5 ]4 B6 A0 j1 [& L5 R; V
+----------------------------------+/ K+ U; ?2 R5 M% G
3.9)启动glance服务$ B+ U3 P1 [9 V8 ~- t: j1 E
root@openstack-controller1:~# systemctl enable --now glance-api
[. [" l# O7 R" a1 L. G root@openstack-controller1:~# systemctl restart --now glance-api' ]8 P% o# w9 }* F$ ]
root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log
. O) w. _$ r# |4 K* x$ A 2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:9292
" H( m/ c7 K# _. P' c% n 2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel'
( G. E9 R+ n; @" R" X% _/ B/ _ 2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
8 t% W! { o c) |" M4 s" m 2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.
3 e( n1 e$ P n$ K4 Y 2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.
6 x1 C, V& ]+ J/ {. r% @% Q; Q! P 2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers
5 @9 o. [+ j4 p3 X 2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 11724. ~% X) [0 h$ ?( v' l' u6 Z
2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:9292! p: K4 k6 [ ?* k# x1 P
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 11725
6 R# s0 e" N0 c! w. W# N8 w3 ] 2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:9292: k3 T. \* G" K$ |
3.10)挂存储
7 c) T" x! t" a( a2 r( \ root@openstack-controller1:~# systemctl stop glance-api
- |+ ^) b3 g6 G0 ~" y root@openstack-controller1:~# showmount -e 192.168.139.36
+ s1 E8 R: z! E( D Export list for 192.168.139.36:: z$ F1 e: Z5 C+ u4 @+ L7 l0 i9 j2 K
/data/glance *7 Z% P+ h3 J- S3 c
root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images6 M& ~- w, h8 N5 i/ N; E2 O2 E# H
root@openstack-controller1:~# vim /etc/fstab
+ l8 z t, t* v# K2 C8 e& M& w # 最后一行添加下面这一行内容
, \) [4 A- p2 ~. D' X3 M/ L, m 192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 0
* e" D4 r% B) }& ^2 c3 |( j' y root@openstack-controller1:~# mount -a! `! k9 Q1 G6 W d4 g6 |& w) y
root@openstack-controller1:~# id glance: E1 m) z! X+ r) G0 d5 q1 l
uid=64062(glance) gid=64062(glance) groups=64062(glance)
2 r9 m; G1 z( \) {; i root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images/
. z' r6 d% L2 \+ D! x6 Y root@openstack-controller1:~# ll -d /var/lib/glance/images/
1 f }, e1 m0 x" d4 F$ }7 s6 {( A. D drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/
2 c" ~9 J& @7 \ root@openstack-haproxy:~# ll -d /data/glance/
: \ M, E. s8 v3 H: F drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/
7 `7 e( a& L, d- n* g0 n1 p `启动服务`+ ~9 R7 M# y" A H
[root@openstack-controller1 ~]# systemctl start glance-api
# v F$ P8 F6 ~% b( b* v0 X3.11)验证操作
, T4 Y4 M2 h- T2 }0 N- e [root@openstack-controller1 ~]# source admin.sh
H5 J( q/ |; D- h root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img$ D9 O; P) b' [ u
[root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \
$ K' @' l! a, Q0 U+ j --file cirros-0.4.0-x86_64-disk.img \- u; c2 P- H% ~6 D! u8 Q8 G
--disk-format qcow2 --container-format bare \
5 E ?' G6 c" v --visibility public
% X- q" H$ E0 L5 h' _+ U0 K7 \$ C6 o1 {( J
+------------------+----------------------------------------------------------------------------------+ E. e4 G8 _8 [' w0 }/ q9 m' D. P
| Property | Value |/ A- @9 |3 R3 J n0 o L% Q) w: D
+------------------+----------------------------------------------------------------------------------+! n! Z. R9 R `( U7 l# X" e+ a0 u
| checksum | 443b7623e27ecf03dc9e01ee93f67afe | s9 _0 Z/ @* {1 P
| container_format | bare |1 v; k5 \- M# ]8 x$ u) r! {6 s: \
| created_at | 2024-12-07T13:12:19Z |6 n! q# P$ v3 r
| disk_format | qcow2 |) A9 J. z) J* V# L
| id | 68249b5f-9eac-4873-be74-cc11ac9af61e |$ D6 P: z8 \& H7 J; A+ p N
| min_disk | 0 |
' P q* @' k' p; L; q" v1 ^' ~ | min_ram | 0 |
& O% f3 A6 ?* w7 [& M7 | | name | cirros-0.4.0 |0 d9 T# h) n: I( {
| os_hash_algo | sha512 |- _0 H& F0 k/ h) R3 E. |
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |5 u" b: R; ?' I) Y1 h- [
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |
5 p1 o- i8 `6 q | os_hidden | False |
: }/ |6 S3 Z m2 ] | owner | 96bbc0e66a5246fdaf29843498ef49a1 |/ r! ~ r, z1 F5 w& @) z: }
| protected | False |6 k. m8 A1 c) q+ N3 b: E! L
| size | 12716032 |
5 F4 K5 Y. q) q$ b) j( A/ { | status | active |5 g9 O& Y2 _& A# v/ r7 v" H7 @% {! y0 e6 |
| stores | fs |1 T+ [* @6 q" s: q# t+ ?
| tags | [] |7 B: {- z3 V! U* o& n' P
| updated_at | 2024-12-07T13:12:20Z |
( P- r" K& X0 U1 h6 V | virtual_size | 46137344 |% G$ r0 C0 ~+ a- o2 s/ z- P
| visibility | public |
* G) Q4 ^1 B/ u! g& F( z +------------------+----------------------------------------------------------------------------------+2 p t: s$ ~( x4 v6 H$ d) _4 p
) l c) {# ?4 ] `验证服务`
5 Y3 d& G g* r& b8 K root@openstack-controller1:~# openstack image list9 W* O" l! D% ^7 }, b- J! A7 p
+--------------------------------------+--------------+--------+0 a2 T9 A! {/ x& G( D
| ID | Name | Status |5 v8 q3 Z7 Z6 i3 q5 [; m
+--------------------------------------+--------------+--------+
( E, A! `" w' o. K | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |
& _/ a7 _5 ]' Q: Q9 L3 e3 |: M+ B- u +--------------------------------------+--------------+--------+/ ?, i$ F( l7 G5 _0 a
# 或者 [root@openstack-controller1 ~]# glance image-list+ p1 H6 m* a% Y" i: `
# 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7# i' G, V, E- J) }7 L# w' a
root@openstack-haproxy:~# ll /data/glance/ q; p( o* B7 D* M" q# l3 c
total 12420
a8 @' }' F2 r+ Y. U/ ^: v! k8 [ -rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a
5 ]; M' v9 s9 k* f- O# |4)安装Placement
3 B) ^9 ]+ x6 I6 ?, N4.1)创建Placement数据库
& A# _" L. f: v1 X+ ?0 f% W root@openstack-mysql:~# mysql' s4 e1 h) s9 @3 K9 ~" R
MariaDB [(none)]> CREATE DATABASE placement;
5 z1 O# k5 Q# }6 @) ^ MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';
' q) q3 S* ^+ Y. e3 o" x `验证`
1 y3 w/ [# }& V. C2 t( g+ n root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement1239 n) c/ J$ d5 g5 |; O
Welcome to the MariaDB monitor. Commands end with ; or \g.
5 R7 K, V9 w# G. q8 S } Your MariaDB connection id is 118" |3 B. P+ i; y
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
( T s6 A8 W. m) _0 p) l
' M$ ^/ H9 i1 [1 b Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.* |# \8 D1 V/ q2 g. W( y
3 f5 U( t3 p! q3 ^: } Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.9 O6 ], w+ ^; |7 @2 P
+ z& f6 i- R( m. A) j6 I MariaDB [(none)]>; j$ A7 u8 ?- I1 f& L, A% P
4.2)配置用户和端点( U) z& u, u: |5 d1 d x6 Q5 M
root@openstack-controller1:~# source admin.sh , r5 n* [$ X* U7 m7 ]
root@openstack-controller1:~# openstack user create --domain default --password-prompt placement
4 P6 d# N7 M L- e4 |% | User Password: # placement
3 N+ d! x6 e( p/ N Repeat User Password: # placement
% S% y2 j' P" M+ m/ u: g +---------------------+----------------------------------+
g! l. [- L" f: h, L5 f | Field | Value |) F. H7 R& A( X3 A) H' n! _
+---------------------+----------------------------------+
( `2 a* a* R) X; u | domain_id | default |6 P( x8 |/ ^. y9 @$ b. @ V9 g, }
| enabled | True |
1 p2 G# T3 a/ J0 H4 y | id | 804e53f0a44b4403af8278711a7274a5 |
6 ^* i0 m3 R4 b. O4 f3 | | name | placement |, h v5 o$ g+ k4 p3 Z
| options | {} |% ~& j! n8 y/ O9 @+ e# m' H
| password_expires_at | None |3 r8 S: @) w4 p7 o# y% u
+---------------------+----------------------------------+2 r o: L+ a9 S! B0 g) Y+ n! E e
5 F9 E. p: ?% g f u$ Z `将 Placement 用户添加到具有 admin 角色的服务项目`: {% F* ^4 p/ Y
# 让placement拥有service项目的admin权限`
9 S9 B3 V8 ?& K4 X root@openstack-controller1:~# openstack role add --project service --user placement admin+ @" y, t. Q; m+ l6 G9 w
# ^: r( Q+ t/ n% h- t3 y/ X7 p
`在服务目录中创建 Placement API 条目`
+ i" K. l2 I" n% S% L root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement& I E3 S& @9 c4 ~3 Z' t9 f8 q
+-------------+----------------------------------+2 U9 \7 Z3 ]0 g3 ?
| Field | Value |8 B3 u. {" F$ m0 ]0 V) q
+-------------+----------------------------------+8 \) q* [3 ~( Z! I' `
| description | Placement API |
7 E& b. w* p5 ]5 X/ x | enabled | True |
4 A7 D1 l3 `+ d& N' u5 y" k) u+ Z | id | 9eaa1f08648c44c5a937759d7217016f |& A+ c, r: \ B% g* G3 o
| name | placement |/ U. \( Q' o- G) g4 d
| type | placement |1 k0 ]7 v. @" ~% o$ F
+-------------+----------------------------------+$ }" M. x' u/ T' s% W$ b N
4.3)创建 Placement API 服务端点:
* S; o; [# S+ q8 W/ U) L root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:87787 g' l: A( p2 ~/ b% ?7 F
+--------------+----------------------------------------+9 U5 _, |1 E2 F+ Z* P: l9 G4 O
| Field | Value |( h$ q/ g+ L5 C2 J9 \( F
+--------------+----------------------------------------+% t/ ]+ G# |# V* p3 k
| enabled | True |
( Q* S* h7 W7 u/ h$ v. r' k | id | 88aae422c80e4adabf613aef31fb0c3d |
N2 R( T o# I6 f | interface | public |2 v1 F. y+ y" Q
| region | RegionOne |
) C9 Q* V% V% I* M4 v% N2 N | region_id | RegionOne |
" n4 D( Y; L( y; ^ | service_id | 9eaa1f08648c44c5a937759d7217016f |
* x2 w2 G# M( Z2 P | service_name | placement |
3 q% b) F" D4 c1 C3 B7 u$ V | service_type | placement |% Z0 m5 t4 F8 `
| url | http://openstack-vip.stangj.local:8778 |
7 n) T. x$ P- B% }; d( |( J$ P +--------------+----------------------------------------+
% e( a2 ~4 r/ G# O. Z* H' |7 D# D
) l; h" D! K$ l root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:8778# p. C6 u* E$ P$ X# i8 x0 P2 v
+--------------+----------------------------------------++ c( g5 S0 Z6 X% U9 z/ S/ i
| Field | Value |
, R5 @. M1 w6 ~9 ~% l +--------------+----------------------------------------+& _" ^1 o6 x' U& i$ S% r
| enabled | True |0 y( M# Y+ ^2 B2 @) H/ k- D5 L
| id | b706b4abdcdd44a588eacf5d1cb7f75c |+ t5 F4 P5 ]9 @7 h X- Z3 [
| interface | internal |
5 E8 `$ c( _8 o | region | RegionOne |
. \4 K0 V1 Q9 p5 X* w u2 D | region_id | RegionOne |
' Q: ^1 |3 m: B5 _) t' Y | service_id | 9eaa1f08648c44c5a937759d7217016f |
+ X* U0 B9 { ]" E2 s | service_name | placement |. g0 E5 R5 M% Z
| service_type | placement |6 ?! Q! ^& g# s$ V. q0 `. N
| url | http://openstack-vip.stangj.local:8778 |. P$ Y* ^/ d/ R Z
+--------------+----------------------------------------+0 B+ j3 d+ Z* B
+ ]7 B0 b9 t: I }3 ] root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:8778: b% I" r# o% X3 E% O* s, `+ s/ [
+--------------+----------------------------------------+8 a8 f# H3 j0 b+ k( X9 T" Z6 B
| Field | Value |
# {: ~) {) T0 f. Q! \ +--------------+----------------------------------------+
5 V" {' f8 J& U; S | enabled | True |" z' G$ L. N) h
| id | f62a5305854e492ea9c76e77e13b10b4 |
9 Q6 h- ^4 k7 l- x | interface | admin |6 y4 T) @8 b! R1 F* F, y9 `
| region | RegionOne |7 v/ t! ~, z# U. o6 s0 {
| region_id | RegionOne |
4 m0 M/ t' m% p! H, x | service_id | 9eaa1f08648c44c5a937759d7217016f |/ j$ n( x( I; ` }/ s
| service_name | placement |
) l$ D( f* @, t | service_type | placement |2 W, R7 t }3 e
| url | http://openstack-vip.stangj.local:8778 |
, v) N; q+ |+ J) ?: { +--------------+----------------------------------------+; t3 a& W9 t, L" ]* V
1 @. z) x+ K) N* E# ]
`验证`- P! m% X# S8 b$ \% T( V$ h: q
root@openstack-controller1:~# openstack endpoint list
+ L2 J/ D. D! s8 ?/ a+ O/ {9 o +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+$ y- Y' m+ {* ?3 S8 z: r( K
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
2 U/ [) p! l% D3 f, O3 } +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+
: s# V' l0 d8 K! J | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
/ _6 @* ^/ y' S; _. m4 o7 ` | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |; _8 z' K8 n/ r o
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |' U: i, @2 r1 B( P4 O* C
| 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |; q7 V2 Q/ C4 F
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
# q$ R5 h" {7 w) W9 T | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |2 H- @5 B- s) y7 N
| ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |3 B- u7 O9 s" U. Z; w6 G' \
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |* s- z* \0 i8 G$ d) H; p
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |# H6 N& M7 U* A) ^0 B
| def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
5 `) W5 _7 a& R) o# }7 B' V | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |7 u& t& N1 R: I s6 G" ]$ U- z0 a2 d
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+. e' D" d$ o8 I: a2 L
4.4)配置haporxy代理
: L# x2 ]7 w/ `8 R9 v root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
" e& Y7 {8 ? B1 c6 ? # 在最后一行加入下面内容5 _( I% Q. S' z) R. J" a5 _
listen openstack-placement-8778
/ `5 O& j4 O9 u7 m* t! j6 j6 d, Q bind 192.168.139.248:8778
& a _) X+ c4 I2 x mode tcp1 g- q0 X3 s. f8 `, t
server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5" i+ N5 f. L) ?8 t
root@openstack-haproxy:~# systemctl restart haproxy.service
9 a: I8 @/ Y+ z, ` v: N* J) Y root@openstack-haproxy:~# ss -tnl | grep 8778
3 e/ X9 q& |: S) O3 x0 b5 q LISTEN 0 128 192.168.139.248:8778 *:* # U: P. h: A8 _8 r J' y
4.5)部署placement
/ X0 [' I' m2 Y. c! W root@openstack-controller1:~# apt install -y placement-api
1 e! z. e9 H+ z0 {4.7)配置placement服务% p, ]) }3 P8 [9 k) r; G
root@openstack-controller1:~# vim /etc/placement/placement.conf
" _2 g) @* B; a [placement_database] # 在此模块下面添加下面一行信息0 z u" ?0 t. F8 |1 b
connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement: P0 c% c1 K7 x/ ?+ u
! |: s) S" ^0 [/ p1 O% n [api] # 在此模块下面添加下面一行信息
4 u* X- p" ], @) ]$ g1 ~. r auth_strategy = keystone( m" l, {% E2 N" \6 D
( M& b# F( _+ n3 o5 ~5 w. o [keystone_authtoken] # 在此模块下面添加下面8行信息
p0 ]' E. F1 ?' \1 g! v- [ auth_url = http://openstack-vip.stangj.local:5000/v3" o/ M4 p9 y9 `. a3 c" z+ V/ G/ w
memcached_servers = openstack-vip.stangj.local:112119 V" P4 S# C1 a9 Q. w( M# |
auth_type = password
0 @9 G. J$ B: H- e+ d, H& d project_domain_name = Default6 ]! b# F$ M7 L
user_domain_name = Default
4 T2 t) B( ?0 q! M project_name = service& j& p; x! C* J3 N+ l! j, Z: E5 A
username = placement
) w) o7 ~( i6 F* R5 P password = placement% ~5 z. M0 k9 f- a$ L) l) A
4.8)初始化placement数据库
/ u$ S2 L& ]% D7 R# |+ C root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement
. @- h2 _* x- { ) C# u+ S; @& Q+ M
`验证`
A |! K- e4 F4 A0 b root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables": j$ P1 ]$ L) H0 a) R
+------------------------------+: ~* |* Y* i" s2 y \# }
| Tables_in_placement | }& n, t; d5 v z6 j7 x
+------------------------------+2 p- _, e; n; j4 ?& Z
| alembic_version |
$ w1 b0 p0 [" K0 \9 z% a8 y3 U | allocations |" S [& q( r I3 A
| consumers |6 j6 `; @$ W) K" K0 }. R
| inventories |
- A9 \& c* [3 K5 z# S5 p( M | placement_aggregates |
3 `$ L% L6 | u- i3 | | projects |) Z5 X+ v5 U, j0 L4 _& i
| resource_classes |# x4 P, ?7 j" e) U, E9 W1 {. i
| resource_provider_aggregates |, C" I0 B3 H3 V; u4 H Y" G0 Y
| resource_provider_traits |! l M3 H/ b% y# l6 n' g" Q# E
| resource_providers |
7 @7 D% f1 A6 I5 L2 z; I5 o | traits |. }7 a9 W/ @! [/ O9 j( ^5 r
| users |
$ L3 y3 a- `$ J/ i +------------------------------+; P* L8 H, B" `+ n2 n0 T
4.9)解httpd带来的问题(以免后续会出现403)
! ^- x T/ I0 W7 B root@openstack-controller1:~# apache2 -v& }- N: k, x0 o3 M8 y' z
Server version: Apache/2.4.52 (Ubuntu)
# J) E2 s I2 A2 F5 D! v, m$ n, b0 ? Server built: 2024-07-17T18:57:26
4 ^9 S2 b* k; S root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf
- @# K) v3 O% \2 o" S8 C2 ~ <Directory /usr/bin>
, h5 [3 O) N( \) `8 E <IfVersion >= 2.4>1 v3 v% V" |3 q# }6 r" @; _: f
Require all granted
3 ~% v* C u* i </IfVersion>6 F" p5 o% p* M5 Z
<IfVersion < 2.4>
! U, Q8 k# {" L2 P Order allow,deny
" o3 D- t' a* K" @- ~% U u, _ Allow from all' z% ~2 A2 K* i$ H. P/ G
</IfVersion>2 P* P1 T/ Z3 J
</Directory>
+ r7 O! b' ]0 P8 j. s* V1 [ 9 ~8 h- d. ~9 f- k( `6 w
root@openstack-controller1:~# systemctl restart apache2.service % o9 t7 f$ X: E7 }" |! ]; @
root@openstack-controller1:~# systemctl enable apache2.service
0 l& F" D( E4 ?9 Z; Y3 x2 l4.10)验证服务
' ]; j' S) |) o m; [9 h [root@openstack-controller1 ~]# source admin.sh
! o3 q3 h+ p; [5 v C% f root@openstack-controller1:~# placement-status upgrade check+ J* \ @% G4 O
+-------------------------------------------+2 r' ?! i3 z; Q' y5 b$ I
| Upgrade Check Results |
. z0 m2 @/ Z. ]+ P9 e +-------------------------------------------+: L/ Q: a# P, O; y
| Check: Missing Root Provider IDs |
- l- ~% ~8 f( P | Result: Success |$ X, n" G1 [' C
| Details: None |( |- E0 z: k7 L/ K0 w" p$ U
+-------------------------------------------+
) |9 q, T! ?9 s9 f) ]( X+ u | Check: Incomplete Consumers |# W6 u1 Z) j; r
| Result: Success |8 R5 C7 ?2 P( ~0 C
| Details: None |
! A; Z8 Y/ M: o3 i% M" d8 g +-------------------------------------------+
9 N# G& x. @; I2 V! W$ h | Check: Policy File JSON to YAML Migration |
& E' B3 o4 B$ ~% J& M, l | Result: Success |8 o- }% l" s! i) ]& ^ G% I
| Details: None |
0 Z/ b8 s( T" i z" _, I +-------------------------------------------+
+ W, P7 }) X: \( O9 { root@openstack-controller1:~# curl 192.168.139.31:8778% ^4 q, n! U1 `0 X
{"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}
( R& a/ k, E2 \0 \& k3 i root@openstack-controller1:~# curl 192.168.139.248:8778# G! \- ~9 M) f# H9 j
{"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}% z5 w7 V% M8 \( ^' Z: Q, u
5)安装Nova
, v' i ~" }+ `# x( i5.1)配置nova控制节点
. i j! F1 M& f7 a5 [0 C/ M5.1.1)创建Nova数据库' R M( H5 m6 P9 S/ \
root@openstack-mysql:~# mysql
( l9 Q* p- D& E( r- Q MariaDB [(none)]> CREATE DATABASE nova_api; b7 h- B$ Q. T: e
MariaDB [(none)]> CREATE DATABASE nova;! d2 P5 X Q( }. l; Y) }5 c
MariaDB [(none)]> CREATE DATABASE nova_cell0;
! b2 v' U5 B1 H! \9 e MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
( \2 b2 T9 W* y MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';) J. u$ j! W9 T! _1 K
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';+ O$ B) x) }8 Y( z- V$ `
5.1.2)配置用户和端点* O( N9 @. O4 w3 Y; z; W) w' H
root@openstack-controller1:~# source admin.sh 9 D( k& G( \# C$ j3 F0 d" e
root@openstack-controller1:~# openstack user create --domain default --password-prompt nova9 B1 L+ v& z: }6 i) W8 D
User Password: # nova
- Y' z6 s7 W& A. Y5 o ` Repeat User Password: # nova+ _2 Q! Y7 L! W
+---------------------+----------------------------------+
+ P& K: ?( b) ^9 a; R0 G | Field | Value |
0 a& C' l6 }! f' _& A* e +---------------------+----------------------------------+2 q/ ]0 ^$ ?0 G
| domain_id | default |, K( p7 }8 P- V# I1 X( p
| enabled | True |7 ~/ g( l- ? c: s
| id | 223adc571a2b4a2fa32cd7bdff6e7c3b |
: Y8 M* ]) |' R7 ~0 j; a7 I | name | nova |' U+ d, U x/ N+ u4 ~8 N8 z
| options | {} |
6 X- ~/ F7 {$ Z* J1 V) b/ k; y | password_expires_at | None |
. C7 N6 y8 L0 U9 R E; I1 n +---------------------+----------------------------------+' x: V7 @! w. i& x0 g
6 M+ M* h# j/ E; ^# |2 C `将 nova 用户添加到具有 admin 角色的服务项目`
% _; J% _9 X* i2 ]' g$ Y0 E # 让nova拥有service项目的admin权限`8 x7 v$ e Q0 V: b9 n" h- g1 V% E
root@openstack-controller1:~# openstack role add --project service --user nova admin
) @) g' r4 e" Y& Q: s* d2 R
: A4 t3 `9 B+ i1 O1 Q: ?' q7 u `创建service实体:nova`/ E+ @9 Z" ?* X3 R& r$ r i+ i+ |
root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute' `0 O) e3 M5 A& L& V. q; {7 o
+-------------+----------------------------------+
1 c3 l0 ?3 |7 i: y/ q1 O | Field | Value |1 R; T0 o! C: \! P3 P
+-------------+----------------------------------+
" n. E3 Y- N, n, k- x8 D | description | OpenStack Compute |5 L5 V' e8 K3 z. {% d/ V# o# s4 b, T
| enabled | True |& U( M% ]9 l l6 `; S$ a, S
| id | 63028385934a4290b66880dab62a4c4d |
' ?; u8 a4 L+ ?" W- l$ m3 k | name | nova |
, x# ^4 U& D9 g- I" J. O | type | compute | R' Y% G, x/ s- d: ~
+-------------+----------------------------------+
6 c5 u( L8 R. \6 o7 E* f# ~
4 p U" I3 `) {- _5.1.3)Create the Compute API service endpoints:
9 \$ |5 K* p6 e6 N3 a7 J0 d root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1* I; S0 ^# `2 c
+--------------+---------------------------------------------+
8 n2 M- ~- C$ v; w | Field | Value |& ]: \4 [8 Y/ x+ M
+--------------+---------------------------------------------+
. H- ~# ^; ^, {/ y M: j6 H7 J- ] | enabled | True |
5 z7 W+ G* h6 S; B5 u0 K. t | id | d5564488f45d47009640dcea5e0083f8 |8 ]8 _3 O. R, r2 e) `
| interface | public |
- x% |' P3 J8 z! m, f! k, n | region | RegionOne |5 {# ` n6 S! i, S# y
| region_id | RegionOne |
: A5 x3 ?6 y9 ?9 ~% C# o ]1 K | service_id | ba27d9ae56314e208a3b9b7e1dead803 |
. a/ E) ]9 E# B9 s8 {, g | service_name | nova |
- O6 c# N8 i1 T3 ~; Z | service_type | compute |+ Y* e: `1 X: ]! {6 U
| url | http://openstack-vip.stangj.local:8774/v2.1 |5 N, B) d4 ?, k, k" O6 V
+--------------+---------------------------------------------+3 q4 a3 ?3 L: X7 k( \! ]' U+ d6 E
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.1
3 T6 a& d3 d9 I7 }8 @4 B +--------------+---------------------------------------------+1 @8 i7 g' |& g; g- f6 w( p! r
| Field | Value |7 Q9 ?7 |' b: h3 b9 \4 Y
+--------------+---------------------------------------------+
4 e2 g' @+ J5 \9 |8 k | enabled | True |
- q" e3 d; T& a+ U9 Z | id | bce779f873ad48cdaf7aa65c9c310e0b |
" G% X* X2 K* E9 C. H | interface | internal |4 Z4 w: f# r& W3 J4 l
| region | RegionOne |
+ N1 }% T# s1 p8 {- O5 d | region_id | RegionOne |
; g% ^9 M& j# ~* j | service_id | ba27d9ae56314e208a3b9b7e1dead803 |5 L, p" O" D# V" U) Z
| service_name | nova |) z( a0 S+ ]! @! T& i
| service_type | compute |
" H0 `; {/ C3 ]" ^2 R" A9 y | url | http://openstack-vip.stangj.local:8774/v2.1 |
' T/ \) K4 H& q' k8 s; p +--------------+---------------------------------------------+
# ?' k, f5 D2 I$ _! w$ l! O# ? root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.1
+ E! l( b9 O# e. B6 `4 l +--------------+---------------------------------------------+! w( C& ?( | `' l* \0 A* R
| Field | Value |
& {9 R2 T$ P' [! N' h +--------------+---------------------------------------------+4 y/ U' T5 o% M f# p/ G6 }" D5 E
| enabled | True |
6 v3 E7 O7 g- L | id | 229163f968084cef9cc0150d1c7b14d8 |
5 e: B4 o' j8 t. x0 t# b5 I. q | interface | admin |4 k# C- h* H5 @3 A, p |; q
| region | RegionOne |
E |/ a) ^5 a" j, t6 I/ R9 \2 B | region_id | RegionOne |
5 k/ V' l+ m9 V" _+ Z | service_id | ba27d9ae56314e208a3b9b7e1dead803 |5 e6 u6 S4 N* _# H S- X
| service_name | nova |
7 O9 L+ o% U2 z$ p2 T$ s# J | service_type | compute |2 k3 W& S6 X P; I5 }2 l& a/ k
| url | http://openstack-vip.stangj.local:8774/v2.1 |- [% w) D4 l# b$ R4 c
+--------------+---------------------------------------------+, H6 Y9 l$ U/ c; x$ G. Q' X
`验证`! {0 H1 B) Z4 Y4 n' s
[root@openstack-controller1 ~]# openstack endpoint list4 Y" \* c/ ~) J# ?+ ^
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+6 y! M: V* e7 V9 G
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
3 s* Z7 k' [# a +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
8 C7 S1 i1 H* |/ d. t+ h | 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |6 p& Y, e+ Y8 p# Z
| 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ | k( E6 c* h) y& e% M3 v( J
| 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |
a& ~& ~8 U+ z- h) l) X- D | 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
# r' W+ X) P# S | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |' x; h; ~6 h# @8 G$ h: H: ]- Z8 h* _& A
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |( E+ R. W7 s: N8 ? r5 y
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
% d$ S3 U* a5 Q. Y | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |
9 P. q, a! t0 K. H | afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
. }" A; f+ m7 c+ K7 J4 I6 h | bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |! N. X% `! u3 k6 F7 u: L3 v
| d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |
9 V0 |& `* u) {0 H | dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |3 l6 ?6 ~0 p9 ^) `/ F- B" }
| def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
: |1 {! C- a/ u5 I: R ?' f- i3 _ | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |
0 J6 ^( E- y% w0 }% K +----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+# l7 c6 T! O% |: i' g
5.1.4)配置haporxy代理7 s6 L+ Q z3 a" l) Y
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
( x3 H- t6 N. C- H+ R" g1 C # 在最后一行加入下面内容
; p5 E1 d. L$ `8 H( Y, P listen openstack-nova-87741 Y1 F0 s4 c, D0 S8 e9 z7 S! K- h
bind 192.168.139.248:8774; r( J5 L7 L4 v0 g4 I: c4 w: \
mode tcp
* B8 R" L9 o8 T4 _, B1 @& n+ c: {; ? server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 5 ?# t! q6 Z5 c, v8 _
# D/ {$ K+ e e. _ listen openstack-nova_api-8775
/ d8 Y% ]$ Z7 p% ^% I) \ bind 192.168.139.248:8775! {/ z( x/ \% l5 ]$ a- G1 v
mode tcp
' u* p5 | |+ F& J8 ` server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 52 q% H- m8 i G3 N% }3 E
! r6 s7 B* H) `1 V0 J- ]' v root@openstack-haproxy:~# systemctl restart haproxy.service * ` {2 ^3 o- ?# i# [0 R
root@openstack-haproxy:~# ss -tnl | grep 87741 b# n8 W/ ~8 L/ x
LISTEN 0 128 192.168.139.248:8774 *:*
+ i) J( T% v) p6 q3 {# c1 B. q5.1.5)部署nova-conductor9 o: r* C9 n9 Q& X/ g4 b
root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler
- x: m @9 r1 T( o5.1.6)配置nova-conductor
4 f; z2 E Z B root@openstack-controller1:~# vim /etc/nova/nova.conf
! H% j2 b4 ]& i4 b& T [DEFAULT] # 在此模块下面添加下面4行信息
1 A6 h& t, ~; h' P transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/+ k- r" {: A/ _' J
my_ip = 192.168.139.31
% f: X2 A. W* t0 D( A) |) _; j # d$ Z! \6 {3 o, n6 N
[api_database] # 在此模块下面添加下面一行信息% }6 D+ F c7 T# i: E* S- }
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api
' j& i- m3 A# \) D! k9 x& C
3 I" Q6 u# I& s" f1 B: E2 d [database] # 在此模块下面添加下面一行信息
0 ~0 ~3 l. z) H. r0 `/ v9 I connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova
# l- v( X. t! _7 Y2 G; j: R , |4 K% o d* d
[api] # 在此模块下面添加下面一行信息
6 {6 ^- } H' \7 T+ q1 b9 N; O auth_strategy = keystone" l( t. j: W9 I5 {1 w& E/ H) {
5 R$ M4 h) E/ j+ S% A [keystone_authtoken] # 在此模块下面添加下面9行信息* I4 S O( z, a) k5 D- E1 N
www_authenticate_uri = http://openstack-vip.stangj.local:5000/
4 G# x8 T7 I( ]: h auth_url = http://openstack-vip.stangj.local:5000/
) e8 W. ^, A/ [% G7 V6 b1 @8 ] memcached_servers = openstack-vip.stangj.local:11211/ J" t, j9 L& {6 P# v
auth_type = password
~8 a2 P5 l( Y project_domain_name = Default$ u- ` }( \4 a7 v" d& a# b- {
user_domain_name = Default
4 b& |' b+ O _ project_name = service7 S. w. X1 ?) I# c* D
username = nova5 W9 r6 W; o3 h, C6 N5 l
password = nova
" x$ K+ E) J; K 1 f+ W6 E2 ]: E; ~1 R+ Z1 j, @; P
[vnc] # 在此模块下面添加下面3行信息+ \9 d$ M/ G9 e, r. J8 E
enabled = true. }1 S8 Z% R9 z7 n7 u- e
server_listen = 192.168.139.31
5 r! q ]1 A5 ]1 g1 l% f' n server_proxyclient_address = 192.168.139.31
! M, Z( Z ?/ I7 k& M+ _ 5 n' L7 a! W2 r3 s
[glance] # 在此模块下面添加下面一行信息
- t/ Z$ M6 ?0 ^: @ api_servers = http://openstack-vip.stangj.local:92926 S' Y. [) S A4 D0 i( r
: j; ^9 M& i2 W- r/ l8 D
[oslo_concurrency] # 在此模块下面添加下面一行信息
! n, }- V- X5 ~/ W) H) h lock_path = /var/lib/nova/tmp
0 ?. A" x9 _; L1 n4 N, J N g # \, T0 Y( _9 ^7 x2 x
[placement] # 在此模块下面添加下面8行信息
) J/ u* |0 Q. Z region_name = RegionOne0 B b6 [# a# B7 _& T, O {2 M, v
project_domain_name = Default7 i9 C$ x. q" D, H1 S
project_name = service5 v' N6 W5 f5 o
auth_type = password: g1 X# I4 l7 L% P
user_domain_name = Default
$ }2 m/ q: Z- [; F auth_url = http://openstack-vip.stangj.local:5000/v3& W0 G7 S3 Y4 X1 ?) h4 B
username = placement
( m/ M8 K* ~: f ~. v7 r password = placement
1 K+ R' }! f5 s! |& o( B
* s. i7 x2 f* c$ v8 r5 _+ W+ G [service_user] # 在此模块下面添加下面9行信息
; A6 V1 o+ I! O! ? send_service_user_token = true7 x" K- _5 s2 m
auth_url = http://openstack-vip.stangj.local:5000/v3/ @" }, G! F# a
auth_strategy = keystone
; }, _$ R8 `' P auth_type = password
3 T- N8 U9 f8 p* |$ S7 A* b project_domain_name = Default
5 ?$ M3 u7 O! Y$ N! g1 Q) h project_name = service) [2 C( J" G3 l- m+ ?
user_domain_name = Default
8 e7 W+ N' c; a$ Y2 H% ~0 ?0 \ username = nova( B" s9 u& j7 W; U( a7 H
password = nova
" \- c; u& h" r' u5.1.7)初始化nova数据库4 w6 e- E4 j- w
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova
1 o) L6 c& I0 J8 P4 u% |; N root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables"" X% {: R, B- t) e2 l3 N
+------------------------------+
1 ?; J: u: t- y2 ^7 ~ ^ | Tables_in_nova_api |4 @3 B" }1 t8 g: _! O! g% X- ^- W5 X
+------------------------------+
5 d" z% F/ I8 e6 D | aggregate_hosts |8 @7 S7 k: X; h5 n. `7 U% y
| aggregate_metadata |
5 r) a$ T" R' o/ S1 u' `/ d3 N6 u1 ? | aggregates |
4 u$ h7 @, n5 ~ | allocations |
1 M" {7 q' w, \9 S8 J6 B | build_requests |
& d! z9 Z7 w# ] ................................
. a; `( f ?) ]* p% R: z ................................
! ~; I" a$ b3 w+ _. j. Q. A | resource_providers |: f3 }% H3 n4 V: y
| traits |
" {- x, Y' H9 r | users |
- y* i) T* G! J +------------------------------+
7 S4 Y5 P3 x9 u7 _- A0 G* M9 T root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova, r8 u, D) ~( A7 V
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova6 o- z1 g+ D/ [( a" z6 j/ Q2 D3 ~5 q
....
# {8 f0 O0 ^& C ^# m: ? c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
' L4 u) B& J' A8 P* R6 I6 W
% k1 g% V: Y6 k( i5 ~9 L5 Z i root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova& A* s/ S2 N! Y% \( ?3 d0 r
5.1.8)验证 nova cell0 和 cell1 是否正确注册:
Z3 z% i9 `) ^ root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova: G1 z, Y" g" K" Q5 }
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
M# q# W- m0 a: P( h | Name | UUID | Transport URL | Database Connection | Disabled |
1 e6 g9 ^% ^( I4 g5 |) l1 } +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+
( N* F+ W* f: s0 ?( V. ~" [9 X' F | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False |
% L: V5 _5 h1 W1 n" e) ^ | cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False |/ `+ q) k# Q L% G# x
+-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+5 U0 _) F7 V5 t
) X- p; R" M* ^' q0 C$ i" P5.1.9)启动服务2 ^- i' c" z; A6 b( Q4 c5 @+ y$ N
root@openstack-controller1:~# systemctl enable --now \
1 o5 K; ~' h0 L5 v7 x; P nova-api \
" T6 c0 G: J& a( p; x! k# e- b$ K nova-scheduler \& Y& D' F' k/ J' t$ H' |0 `6 N
nova-conductor \
" v7 k, M. x9 S$ S nova-novncproxy- y! G5 k3 _+ ~& E9 X
root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy- {' c/ u7 Z* h) b4 g& C
5.1.10)把novncporxy代理到haporxy4 }7 x. L; n9 q0 s
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
' W& u2 H& b: `' h+ j- L) L # 在最后一行加入下面内容
) {8 Q9 C' p5 V2 J listen openstack-vnc-6080
, y7 D) W/ v: x3 |3 C, c bind 192.168.139.248:6080! u5 ~ g$ F: U9 f- p) \
mode tcp
' \) L4 m0 W- y* M( P" @: V. l- f server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 5
9 z8 K h2 w$ l$ F8 _ root@openstack-haproxy:~# systemctl restart haproxy.service 1 `0 t& c8 o# e! }9 x
root@openstack-haproxy:~# ss -tnl | grep 6080& x3 B) D1 T* O& M9 ^2 x# x
LISTEN 0 128 192.168.139.248:6080 *:*
+ o% R8 h5 g/ _6 |4 f5.1.11)配置nova重启脚(为了方便后续实验)2 i; i. |# w6 C0 \
[root@openstack-controller1 ~]# vim restart_nova.sh0 x$ ]1 G1 P( C) {
#!/bin/bash8 J, f# ~+ h1 H% d3 [0 L3 T, ^: ^
systemctl restart nova-api \! H5 S4 O, ^. N8 W
nova-scheduler \
. G! J3 }* U3 H nova-conductor \
. C# I# c; a& {5 s* t# o0 k nova-novncproxy
' L2 K) _5 x" @- ]0 ?5.2)配置nova计算节点
6 E" |/ o M" }: @# U( P必须保证开虚拟化: ^! t) w& Z1 h9 D6 }
' a- S e! x% Y1 `! Gimage-202312152249363275 X5 t; L+ U( h5 t
+ _2 H1 C2 M# F% [0 m
5.2.1)部署nova-compute
4 A) ~2 u+ {6 W' T+ S- M root@openstack-node1:~# apt install -y nova-compute& \$ a4 G7 _# ]! o# E* ?
5.2.2)配置nova-compute
) m. \ t$ e. R+ W8 J3 [ root@openstack-node1:~# vim /etc/nova/nova.conf" c) V0 A2 j, o# b- O, u
[DEFAULT] # 在此模块下面添加下面4行信息* h5 S* O3 `) b4 e1 A9 U
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/
- v- }. d/ N/ J. b0 U' D6 z* m my_ip = 192.168.139.342 u8 V4 i0 M5 E% `8 U
# state_path = /var/lib/nova
7 a# E4 k% z6 X
s) Q* B+ U' {) c0 B$ ]' f [api] # 在此模块下面添加下面一行信息- m6 O. @- d- n" I) p
auth_strategy = keystone1 H6 B m* y3 |& |0 k
3 _) _+ R& `$ t' Z
[keystone_authtoken] # 在此模块下面添加下面9行信息: ?+ B9 ` C Y8 c* d' `
www_authenticate_uri = http://openstack-vip.stangj.local:5000/7 ]( k" q( b, \6 ~% \; p% e, `
auth_url = http://openstack-vip.stangj.local:5000/
% a' u ~1 c7 J6 B memcached_servers = openstack-vip.stangj.local:11211
4 } ?! E( Z6 p auth_type = password N# G1 ]. e) {- X) r) ^# U1 |0 z
project_domain_name = Default
! c- R6 J5 b% ?+ X! B k' P" m user_domain_name = Default! j }5 U1 ~* t: ]% N
project_name = service
# ^% L; N) ?- C6 j username = nova
' s- [# T2 M2 S; Y password = nova
- m! t+ ?5 q% Q( X A( Q7 C' k
4 D0 ?# j0 b7 h7 h [vnc] # 在此模块下面添加下面4行信息
0 d4 e6 f" Z# A0 e* } enabled = true
. R+ I6 l- o: Z' ]* K server_listen = 0.0.0.0
- v0 G% {( i. G, Y4 y server_proxyclient_address = 192.168.139.34
7 ~. a( h) p3 K% J novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html
4 U/ @# t2 H$ {/ _2 h$ [
: Y# i2 K3 c2 m: H8 k# R% z0 t) m [glance] # 在此模块下面添加下面一行信息& H0 o! {' c2 ^0 o7 `. J6 g
api_servers = http://openstack-vip.stangj.local:92926 S5 `+ I! a+ C( S
% V( p& A' S/ ~, i8 N) n
[oslo_concurrency] # 在此模块下面添加下面一行信息
$ C3 K8 l7 q; a" D) s, M" H3 K6 y" l lock_path = /var/lib/nova/tmp
3 I- ^9 A/ q& d% t) a
# s. o, x) H8 g* r$ \3 k [placement] # 在此模块下面添加下面8行信息
$ c0 h2 Q7 Z1 l3 _" h2 e region_name = RegionOne
/ h" @0 D2 \# |% q* }% o* M, R project_domain_name = Default" j! y8 p0 Z/ c" Q& A6 @7 V8 {
project_name = service
4 G: K1 A+ u+ ?" ? auth_type = password
0 z. y+ z3 J9 y( z5 n% Y( K user_domain_name = Default3 m8 P4 {: F, r/ N- t, K8 Z
auth_url = http://openstack-vip.stangj.local:5000/v3
% k, G' Y4 O. r) ?# N8 [ username = placement
: L4 | i& |7 L password = placement! B* ?, k" f& S, V- p" D; m7 [7 n
6 H) c2 l2 [% i$ U- U* v! a
[service_user] # 在此模块下面添加下面9行信息2 F$ a$ K8 R! C: L
send_service_user_token = true
! Y& |# A* e o- b1 ~ w+ x auth_url = http://openstack-vip.stangj.local:5000/v34 x/ D( {9 `! b5 g0 z8 h
auth_strategy = keystone2 t: E% h2 @& k8 J Y1 c2 c5 o
auth_type = password7 t( c& p$ I- j' w' U6 G
project_domain_name = Default
8 N0 V9 P. B' u( u7 c6 E project_name = service
" [% \/ V8 h r2 S9 B: }& X5 z' F user_domain_name = Default. E% _& i- |& n: b+ D- r
username = nova T$ ^4 u2 s T6 J5 ? b, d7 s
password = nova4 l# r9 o0 V) a: j- I; g" p& S
- O" T9 j5 Z: d( ]6 X0 ]( E root@openstack-node1:~# vim /etc/nova/nova-compute.conf
0 J5 f ^2 q, g9 @ / n) N+ c2 a5 N$ Z5 L4 N
[libvirt] # 在此模块下面添加下面一行信息6 D8 l+ N2 i6 V9 W& O# I' N
virt_type = qemu
; L( e0 l$ x; @ T7 R. ]
0 a9 q( t' H$ b `检测是否可以用虚拟化`1 V+ E9 g- c! c! L. m3 h
root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo& P' ^9 R2 K# j) l( y. X- j
4
, x8 ~) L5 f y& w5.2.3)配置hosts解析
: F- O; d9 n7 z5 T. L root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts
9 C. ^0 }: g3 v& e, O: M! I8 b5.2.4)启动服务6 a3 h1 i% \" w3 }8 @8 ~4 |3 t9 Y' f4 w
root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute
/ R; y$ g- i) i$ E" N; e `编写重启nova-compute脚本`
. U# @% {: J2 O5 L" v3 t root@openstack-node1:~# vim restart_nova.sh
7 l3 U- r1 x2 k+ l4 m- w7 k S #!/bin/bash
9 q+ N9 U- v7 C, a" w( D* @! B7 V systemctl restart nova-compute
8 U# u# R4 a6 S3 C/ Z' C root@openstack-node1:~# bash restart_nova.sh
2 {; G0 R- h' o' _
3 j6 L" Q; H+ M9 i7 G1 q5.2.5)验证服务6 s: R! r" L' |2 p/ z: U4 Y4 _
root@openstack-controller1:~# source admin.sh * s S, a3 H! q! g
root@openstack-controller1:~# openstack compute service list --service nova-compute: f0 k# u' [8 j6 R5 y7 c+ v, @
+----+--------------+------------------------------+------+---------+-------+----------------------------+5 J* I) D2 ]+ @" G
| ID | Binary | Host | Zone | Status | State | Updated At |
% F$ i& b; a( E9 j$ i +----+--------------+------------------------------+------+---------+-------+----------------------------+. s; }5 T# G7 {
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |
6 e0 [) b# H% m +----+--------------+------------------------------+------+---------+-------+----------------------------+
$ Z$ `% _0 ^9 ?& J: a5.2.6)发现计算主机
8 B- G, |, S6 [. E* J, ?如果加入新的node节点需要执行下面操作# o0 q2 O' V/ `3 n
% G5 d- M" n& q* ]
[root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
5 \) f5 G5 `3 Q Found 2 cell mappings.
4 D# m# H; G: y0 G2 j) V5 U% y Skipping cell0 since it does not contain hosts.
4 J/ g! d: W1 _# C; E Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
! C4 z q3 A1 m _. p- l Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0* l1 P; Q& }5 ~. { c" z
Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
t4 ]! F8 x6 R3 q c' v% n Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f, X" Z* k: m1 }9 X9 F: x# a) P
5.2.7)配置自动发现计算节点
w( u7 X3 n, M/ X* L& r a/ T [root@openstack-controller1 ~]# vim /etc/nova/nova.conf
* A. i+ u" k1 M2 L [scheduler] # 在此模块下面添加下面一行信息
8 x# Z2 w0 z" O6 h9 L: g5 L discover_hosts_in_cells_interval = 300
2 O& R. _: `2 O W% _+ p `重启nova-conductor服务`( x) {9 l5 v" y+ Q& A& v; O# g
[root@openstack-controller1 ~]# bash restart_nova.sh
# l9 e2 Q+ ^0 ?! n* T& i" J5.2.8)验证操作$ H/ N% T3 [1 W! S; E
[root@openstack-controller1 ~]# source admin.sh
& ^' \3 W* d+ A8 M# s+ ~% d4 x [root@openstack-controller1 ~]# openstack compute service list
/ `- c" @( s6 u" e +----+----------------+------------------------------------+----------+---------+-------+----------------------------+
6 X- M% y' Z/ h8 I5 y- r& l | ID | Binary | Host | Zone | Status | State | Updated At |# S, a9 a; u8 `) F, Y* J8 h U
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+7 o/ Z; P6 w, ]) `- I) b* n
| 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |6 Q! r$ s' g/ v& \2 I, p' ?
| 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |0 y! m0 ^2 I+ P; n' o7 c( e
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |! n" y' e, M9 b7 a8 \% w
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+
4 I2 q8 o7 J5 j E0 m; [ root@openstack-controller1:~# openstack catalog list: B! J2 @. L; w# B/ p+ _* Q3 p
+-----------+-----------+---------------------------------------------------------+0 o( H4 c; \( a
| Name | Type | Endpoints |7 S2 h: }8 F: l
+-----------+-----------+---------------------------------------------------------+
. D5 B! a G! b | nova | compute | RegionOne |5 I! x, g! F# P& I; O" x9 F
| | | public: http://openstack-vip.stangj.local:8774/v2.1 |
# n( L* K* Q2 l- F | | | RegionOne |9 c+ q1 [3 f! f" P- O- s
| | | admin: http://openstack-vip.stangj.local:8774/v2.1 |
7 d7 n) X* l. `1 L: b1 u' C | | | RegionOne |" M: H, z0 r/ q4 }, K
| | | internal: http://openstack-vip.stangj.local:8774/v2.1 |+ z. r3 d8 i9 Y
| | | |' f# x0 i, b) P( O. K) Z* O p
| glance | image | RegionOne |8 v9 q' R' n/ z9 ]0 c
| | | public: http://openstack-vip.stangj.local:9292 |
( g0 O! w, g; [ | | | RegionOne |
6 C9 o4 @$ ^8 o | | | admin: http://openstack-vip.stangj.local:9292 |
/ s. {+ c2 W# F! U# ^% | | | | RegionOne |* [. D: U) i. d4 X1 j# o
| | | internal: http://openstack-vip.stangj.local:9292 |& s( N6 Y, T1 ^# Q: B
| | | |* }: f0 Z+ Q/ y
| placement | placement | RegionOne |
! M5 g5 N: | `* ]8 v/ f | | | public: http://openstack-vip.stangj.local:8778 |4 w. M& ], d! g* E4 [/ f
| | | RegionOne |2 z) q) \/ c' m, w
| | | internal: http://openstack-vip.stangj.local:8778 |
+ f! T: R( a4 q% {- } | | | RegionOne |+ R$ g& A: h: S6 h% U+ k- b" a
| | | admin: http://openstack-vip.stangj.local:8778 |6 x8 C% @* Y* @. @9 V
| | | |
. i* ^% L: s0 L$ k8 v | keystone | identity | RegionOne |, J2 m& z9 I. v6 b
| | | internal: http://openstack-vip.stangj.local:5000/v3/ |& P0 U, u* P( c
| | | RegionOne |% ~+ O1 l, I, L9 |# i# p; t% P# ?/ I
| | | admin: http://openstack-vip.stangj.local:5000/v3/ |" ]8 L( s# V; z- j, ?' d* W! f
| | | RegionOne |
/ P @1 A5 A# T! o( s8 \ | | | public: http://openstack-vip.stangj.local:5000/v3/ |
/ J5 B+ V4 J+ `! i- r( K | | | |% u0 X. s/ [) c6 [
+-----------+-----------+---------------------------------------------------------+, Y7 B6 z9 D8 d" \+ ?7 k& O D
1 s$ y. ~5 z* _& P( e- n' `
root@openstack-controller1:~# openstack image list; `4 Q( k7 Q0 h3 W
+--------------------------------------+--------------+--------+
8 ?, R6 s) j! J5 Z) X' W | ID | Name | Status |; o( \" X1 x" Z0 G* t5 P1 \* U) l0 k) {
+--------------------------------------+--------------+--------+
; p- B0 z4 ^# [8 Q- {2 { | 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |' u; P9 T& \ f( o* b4 V5 W
+--------------------------------------+--------------+--------+
: s1 F4 e4 L w* X( T& w* y
0 b# f0 W9 j4 M; [4 E root@openstack-controller1:~# nova-status upgrade check. J e8 s4 n3 x
+-------------------------------------------+
/ q. E6 ^+ V/ t | Upgrade Check Results |% Z. E; J* v9 o J/ u
+-------------------------------------------+- ` b' r3 W7 k2 ]( r- [
| Check: Cells v2 |' _4 ~1 w* y( Q( l$ b' p! {
| Result: Success |
2 ^2 a, K9 D% y | Details: None |9 l3 p2 V* {' u1 e$ M
+-------------------------------------------+
6 ~- f$ F! }8 C9 o! K8 ] | Check: Placement API |
* n, p$ S9 }7 i2 F | Result: Success |& H. H. W! {) A3 Q- ~- k7 {
| Details: None |
- p6 n; `! h/ }# h! Y +-------------------------------------------+' r8 M. {0 x* {3 @2 M7 A+ ~
| Check: Cinder API |
+ _, N9 z# M7 | | Result: Success |
3 m$ k' z p( C | Details: None |
6 u4 g0 w( X! U+ \ +-------------------------------------------+& `3 C# k5 J+ f4 J& U; l* ~% @
| Check: Policy File JSON to YAML Migration |) m) K. i9 p# Z& Y& l7 k: }
| Result: Success |) v. z" @3 ^0 {5 O$ r5 g. Z# r
| Details: None |# |$ R: U5 K9 L. g
+-------------------------------------------+
( u9 ^1 T% k! b# z, b4 w3 L( s | Check: Older than N-1 computes |
/ `! h! X' S7 B! H- T4 q6 c& U. B | Result: Success |
: _' t5 l3 P" E9 j. ^# y% K" V$ J | Details: None |$ X5 r1 o9 H8 E6 S
+-------------------------------------------+; P1 T o+ J+ H
| Check: hw_machine_type unset |7 x+ W" y3 [3 V6 [ |% E2 g7 n
| Result: Success |
8 k- o, i1 @0 o" F9 W7 ]. g9 K$ ? | Details: None |
2 ^8 G, F/ \+ k% p% D +-------------------------------------------+: l2 P* l7 f( D8 O
| Check: Service User Token Configuration |: \9 l( b1 \- S% G) q5 ] t
| Result: Success |
# X H3 M% [6 E/ P& S \ | Details: None |6 x4 `+ i r5 g. }
+-------------------------------------------+5 `- Y( `. M, Z0 m6 O& g+ H
6)安装neutron0 U* F2 m1 m5 }% E1 p6 P
6.1)安装neutron-controller节点
' G. M, Q0 Z4 D5 W9 Y6.1.1)创建Nova数据库( h: p# I t9 S
root@openstack-mysql:~# mysql
0 @7 `0 O& W2 {# K MariaDB [(none)]> CREATE DATABASE neutron;+ X5 ]0 [# ~; P* r" T: Y
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
* v( q+ ^6 F# E" I IDENTIFIED BY 'neutron123';
) z4 {8 o$ \$ M; N/ P MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
9 n5 K% G0 ]# f+ r. ?( T$ W" U5 c IDENTIFIED BY 'neutron123';8 [, g+ f z* i$ u1 x3 }
6.1.2)配置用户和端点
/ T2 y: I+ D$ B; Q0 _4 R4 I) w; w root@openstack-controller1:~# source admin.sh 7 Z$ H& G D8 _- \2 |
root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron2 s) `. f: J1 I# f
User Password: # neutron
* b$ i, `5 J% o/ f/ H2 E; Q% v Repeat User Password: # neutron
9 m, c$ }& S- E5 a7 q# o +---------------------+----------------------------------+
* T! e$ T( Z0 A. ^2 o5 a# u | Field | Value |
, @) d6 C: F- S0 l5 I2 Q% q& m/ X +---------------------+----------------------------------+
* D7 A6 {( q0 ^: h8 Z% q | domain_id | default |
0 S1 F; o4 ~) u0 `1 Z( V$ ` | enabled | True |
% u5 e' q$ o# D/ g: z; W: b: ~/ h/ y | id | 282317cd0bb74396a7a12dcdd96aeed0 |# |0 @8 }2 W P! M
| name | neutron |
4 E1 }! p0 ^; g" C/ s7 j | options | {} |
_3 i8 e& Z" n& \ | password_expires_at | None |
3 Z4 y% ~% a! n) B- t3 b g +---------------------+----------------------------------+% ~' ^ ]' n0 c3 J
( P3 O+ U. l* t! F+ B
`将 neutron 用户添加到具有 admin 角色的服务项目`+ c1 D* a- w! A9 z
# 让neutron拥有service项目的admin权限`5 g( J/ S% L4 K# D, @( h1 T7 z
root@openstack-controller1:~# openstack role add --project service --user neutron admin, E; i+ o) {7 H2 m$ |8 ~% V
`创建service实体:neutron`
* l+ q o* I9 q7 g2 u8 D& K1 [ ^7 H root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network
r! Q$ p. O O- F5 E: [7 a +-------------+----------------------------------+2 v' b: ?2 L5 n( f4 L. [
| Field | Value |
5 k4 l1 z* v) m +-------------+----------------------------------+
. p( Q9 S+ B ?% V8 n P* U7 ] | description | OpenStack Networking |
2 p% i" m1 |( c; ` | enabled | True |8 A/ i |7 v+ d* v$ V. E. D' T
| id | e4ff8c65882a401a83e2203ce49daeaf |
# }* G3 O$ s( e4 X | name | neutron |
0 j1 V5 ?+ r8 h! Q: R8 N( d0 U | type | network |
: W% {9 }! _, n6 ?& i +-------------+----------------------------------+( X$ _4 v" }$ u$ D
[root@openstack-controller1 ~]# . j. k6 D _) ]* g6 D
6.1.3)Create the Networking service API endpoints:
+ v: d& u/ ^8 _1 v+ q( t8 @ [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696
* `/ y8 ]* k0 G +--------------+----------------------------------------+
( U& T% [- y4 g% n2 z( m1 D | Field | Value |& F' F9 D/ I$ f% t/ n$ V( U3 {
+--------------+----------------------------------------+
0 Y7 g8 K& M/ @0 [' H0 I | enabled | True |. j0 A. a6 K9 g6 P
| id | 970ca60adf5746299d48f7659d500809 |
9 i+ s; W' r9 a | interface | public |; n% W0 i v9 f# t u
| region | RegionOne |
4 @ B5 r" ~% Y1 g" ~ W0 ^( ~ | region_id | RegionOne |
6 [) {* W9 G5 i6 n" Y, D& F0 o | service_id | e4ff8c65882a401a83e2203ce49daeaf |
! B, I F/ d+ ^6 F | service_name | neutron |
+ t5 _& K/ m' e* w; ~ | service_type | network |
3 x7 r) _# F, R; n7 q | url | http://openstack-vip.stangj.local:9696 |
u1 B; g! U% M* V +--------------+----------------------------------------+
/ X7 O2 x+ N+ y0 C5 r+ f [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696/ Z% H' g( M, |# O5 y
+--------------+----------------------------------------+, V2 O& F1 g+ v! |
| Field | Value |
, K& H$ }; s0 w$ T +--------------+----------------------------------------+" W7 I( Z- ^4 c$ j1 h
| enabled | True |
# T7 z. `! b0 J. I3 M7 S | id | 4c5f5ffbba4a4c668377a86cfd4a2320 |
0 E% H4 X7 O' H( w4 a6 e9 U | interface | internal |2 @( j$ a- U, g1 R- ]
| region | RegionOne |
9 x7 f* u1 B& B: _+ d9 b | region_id | RegionOne |
P7 [* v0 o3 \) i; M | service_id | e4ff8c65882a401a83e2203ce49daeaf |) x( |& I/ o4 @3 H
| service_name | neutron |6 f2 w7 f- H/ w* N2 Y! b
| service_type | network | j1 c# f: m! g* _* {# q- X8 ^9 Z* Y
| url | http://openstack-vip.stangj.local:9696 |, t+ _5 k+ j1 F4 |
+--------------+----------------------------------------+
# A# T+ z* P; _: G+ x# K
! N& ] {% G _$ j [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:9696% a8 T# Y6 ?- p5 ?. [6 ^
+--------------+----------------------------------------+: R/ r: E! O1 Y- P" b% S! c7 f
| Field | Value |
1 }: ~& H' t% O +--------------+----------------------------------------+2 H# D" i C: e; [$ k; ?& O
| enabled | True |
) \/ v0 X2 H) `! C* f | id | d8c4e83eab66486983680b69520ca92a |
; i( _* l/ }$ D1 ^ | interface | admin |- \7 E% V( |5 J
| region | RegionOne |
9 _4 `) ^- d/ \# i$ ~! g% R5 ~ | region_id | RegionOne |
* r+ Y) u1 q7 L R" G | service_id | e4ff8c65882a401a83e2203ce49daeaf |& ?( e2 O/ W: p
| service_name | neutron |
7 J/ k8 ~# R0 }, s! m0 k! L | service_type | network |
/ U5 z% ~& X% @4 U* H8 F2 K | url | http://openstack-vip.stangj.local:9696 |
& {0 H9 l8 X! C7 X, f" F f +--------------+----------------------------------------+
- B3 f0 Q5 w: D& ~7 S6.1.4)配置haproxy
8 z p$ H2 f6 S' \! P" a. |+ I root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
: F) q7 s% e2 x2 |* H5 R8 q # 在最后一行添加下面4行内容
! P4 |$ z/ r2 [1 c& F+ J7 r5 ? listen openstack-neutron-9696
?8 _8 G( Y A, f& j bind 192.168.139.248:9696
' Z6 _2 e' `" n3 I6 D7 h mode tcp: {! W2 S6 o# y5 N7 s8 n, _/ k
server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 5
* N8 T: r6 l+ r& Y root@openstack-haproxy:~# systemctl restart haproxy.service
) Q# z( M( B* X root@openstack-haproxy:~# ss -tnl | grep 9696
$ |2 |+ Q5 B9 S; `# {7 v LISTEN 0 128 192.168.139.248:9696 *:*
- f7 f; L+ F0 s8 Z2 A7 _- U* r( H6.1.5)部署neutron
Y0 k& O# O3 @" P: ]6 \8 m root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \4 D1 x- q' `; }/ f# H. m6 l
neutron-openvswitch-agent neutron-dhcp-agent \6 H3 x7 E) b) J" [/ V5 F
neutron-metadata-agent
7 N* o) I, t/ k5 u6.1.6)配置neutron主配置文件0 ^: }7 P$ h3 p( U
root@openstack-controller1:~# vim /etc/neutron/neutron.conf K- X; t4 o1 S4 h* n# b& ?
[database] # 在此模块下面添加下面这一行' H1 \* I! ~. M6 s, W* c5 ~. |
connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron
8 P$ F' ^- @; x+ x4 R
: f1 p3 Q% e1 F3 r [DEFAULT] # 在此模块下面添加下面这4行* o3 ?5 }9 s0 S. @" K% I
core_plugin = ml2, O! m! c5 R7 n. J
service_plugins =
/ l0 Z: E8 ?& j7 V3 B3 c j transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local
" B1 m5 K/ @6 b& ~" K x auth_strategy = keystone
, b1 Z* [4 p! V r notify_nova_on_port_status_changes = true
, d1 \$ [, G9 t notify_nova_on_port_data_changes = true
! j9 {9 L6 t6 O. _' g4 e( O / ?9 A; j; N- E3 v9 o* |- `
[keystone_authtoken] # 在此模块下面添加下面这9行) }, f0 v+ p+ R1 ~5 ]. a
www_authenticate_uri = http://openstack-vip.stangj.local:5000 ?& ?) ^9 k8 i! f: T4 F4 }- w
auth_url = http://openstack-vip.stangj.local:5000
4 m6 n7 j/ s9 @ m, P& e3 n memcached_servers = openstack-vip.stangj.local:11211
c/ P, n* R% ?+ f q, i auth_type = password4 \6 }: y- G3 t$ R
project_domain_name = default
' M9 l# b- a' d, _5 Z3 a0 A" b0 N* K0 R user_domain_name = default2 g# a1 r L9 s* _% S, H
project_name = service; R/ M& G' Q$ q) q+ [$ b
username = neutron
7 ^: K% g/ M8 m Y% O3 q. c password = neutron
& ~+ A5 l% I6 W
, ~6 M# {7 @3 ~! [) O ]) w0 [ # 配置文件的最后添加下面9行% C; P" B- r3 E1 x
[nova]. }" A. F$ H2 B
auth_url = http://openstack-vip.stangj.local:5000
8 d. z, @" Y5 A7 H, P auth_type = password( @/ o0 ]$ p/ {+ s9 S! g1 j
project_domain_name = default( S+ ~0 v& t" k) a
user_domain_name = default5 ]+ E, @: v6 A M* t5 l3 G
region_name = RegionOne
$ M2 E! a+ Z5 p. e; ?/ e project_name = service
* _* |1 Z6 I {) w" r; f. L username = nova1 K+ l" u5 d; x6 Z" S
password = nova( t0 x; O1 e& D2 r' c; O
E* `& C" R7 r' Q" ~6 p1 b9 F [oslo_concurrency] # 在此模块下面添加下面这一行( b9 n+ w! V `! J& C
lock_path = /var/lib/neutron/tmp- e) S6 k, w( {6 `' l' H
6 M. ~, Q# ^/ G' N ' V G# w+ i6 n1 r! a. l/ Q4 g
#service nova-api restart
, {+ {- |- Y9 Z9 P #service neutron-server restart, ^1 w; ^, ?- T" d: I* H
#service neutron-linuxbridge-agent restart$ s* b$ [, G8 K- t4 b
#service neutron-dhcp-agent restart1 t. I. a( n0 M$ {8 ]6 K: \
#service neutron-metadata-agent restart1 ]0 Y" O; P3 r2 m9 c1 X
6.1.7)Configure the Modular Layer 2 (ML2) plug-in
* c' A" X. u% Y2 }可以从网站上获取完整的ml2_conf.ini8 d( Q {. u2 L* i
- @) s S" v# u: f8 qhttps://docs.openstack.org/newto ... s/ml2_conf.ini.html' s+ T g4 h9 z5 P8 s
+ _& z5 f- M8 z: [ c root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini
& _8 m; f3 F' r# { [ml2] # 在此模块下面添加下面这4行
# w j2 A; u6 x. Q type_drivers = flat,vlan
& S5 L4 t+ v7 f tenant_network_types =) r" s- d: o/ i: F
mechanism_drivers = openvswitch
- i; E; u% X/ b& h; ]) W7 a extension_drivers = port_security
# m" j v' o* Q" }+ ` ; p4 P* G0 o2 [; `0 t
[ml2_type_flat] # 在此模块下面添加下面这一行) @2 p! l% ?- v2 K& G$ p$ Q9 M, ^
flat_networks = provider# u8 T, h* `' z5 g
9 i. a+ ]& H( } D
9 N- ~* m* @" k- b9 K `最终配置信息`
1 F% f$ ?8 t" f) W% O root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini
4 t7 L7 w+ d0 r2 e4 W [DEFAULT]4 b# |9 ~. @* w; x7 @+ x) Z, a
[ml2], Q' J; \+ s8 k8 z
type_drivers = flat,vlan
7 x8 f4 v: l( M tenant_network_types =
/ b: s/ i, D# K* S0 L mechanism_drivers = openvswitch. ?7 f/ _" Q; C& n4 g* a8 ^
extension_drivers = port_security
5 V% v) e n* o e+ q [ml2_type_flat]
! `! e: k7 o% @7 H% p flat_networks = provider
* T6 x! B5 M6 f [ml2_type_geneve]$ A& ^6 w7 r) t. {" G
[ml2_type_gre]
" p1 O5 Z% f+ W1 b3 x [ml2_type_vlan]
2 y/ r0 h; D/ {; q! i [ml2_type_vxlan]
: n" v4 ?3 [% m; y [ovn]! Y, ~ M6 z1 Y9 g5 L) @5 T2 }
[ovn_nb_global]: j* ?8 e4 H+ o% D& Q* o2 K- ]
[ovs]6 @) V7 M/ ?5 {* a( L: g
[ovs_driver]: X0 }0 }' i+ \( X7 H
[securitygroup]
4 N: V, B/ W% g; z6 @3 ]' @ [sriov_driver]4 @' B' a; l: Y$ I
6.1.8)Configure the Open vSwitch agent; o$ l1 W7 @& h' O3 q
可以从网站上获取完整的openvswitch.ini: I! l! q$ n3 ]6 B5 [" `
6 L, S' _/ a1 e/ R
https://docs.openstack.org/newto ... itch_agent.ini.html4 y5 B Q& j3 c/ n! ~ V
6 @+ i. a8 } ]0 V# ]8 S- Y
root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
. h5 ?. n9 i9 S9 _0 l [ovs] # 在此模块下面添加下面这一行
+ z& [ }! i6 }( D/ M- n& H7 L bridge_mappings = provider:br0
2 h1 `$ P: {0 N2 U1 X3 H- L/ {* o ! m& k1 i% }7 A& o
[securitygroup] # 在此模块下面添加下面这2行. Z0 }2 E& X% n. _- i9 I9 R% ?0 j
enable_security_group = true
0 B$ k" S) ]/ U& q8 l# v1 O firewall_driver = openvswitch
1 ]$ x0 R5 l( ~: x 3 F7 a# r: n j
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`( K8 n* S6 A5 u
root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf
# b" M# ]) S- c# J8 r4 T4 i( U开机加载网络配置% C6 d& q8 t/ q3 t0 x o2 D
4 O4 L! P! P' R" v$ L& }* k- V #!/bin/bash0 X1 W- Q. }% c$ b
ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.310 Y, y* R ]7 M
ip route add default via 192.168.139.2- ?4 p* l3 H, h& n9 @
echo "nameserver 223.5.5.5" >> /etc/resolv.conf
0 J- W% c9 k: T( k/ u! Z6.1.9)修改内核参数
6 X4 L+ c2 b; O% Y6 }1 I9 [ root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
( K" v4 h& l! i$ P( u root@openstack-controller1:~# tail -2 /etc/sysctl.conf& l' Y0 e& I5 d: Y( q
net.bridge.bridge-nf-call-iptables = 1# e6 E7 u" M2 d p8 e: ]# X
net.bridge.bridge-nf-call-ip6tables = 1
8 {/ ~/ O- Z" q# [8 `3 ^4 Q7 i `加载模块并让内核配置生效` & f+ ]+ ~8 R8 q% S! v$ U+ ~
root@openstack-controller1:~# modprobe br_netfilter
8 A9 l5 w/ M: w. A/ U root@openstack-controller1:~# sysctl -p
9 P6 T8 @- D. q" h, A; O0 I net.bridge.bridge-nf-call-iptables = 1; e8 z& U: I5 \/ `2 R5 E
net.bridge.bridge-nf-call-ip6tables = 1
( R# o i$ a# N" V3 D- U; L! y6.1.10)配置DHCP3 ^$ u% x: H n
root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini* b, b3 Y) M, j# r/ w
[DEFAULT] # 在此模块下面添加下面这3行& k# O" ?7 c. S6 J
interface_driver = openvswitch8 B8 ]- E( ^4 \4 G, Q6 v8 q
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq* U1 z6 b4 D9 g& I w* E- U o
enable_isolated_metadata = true
1 k" a; k' N2 V #enable_metadata_proxy=True4 S5 I9 W9 C2 S" P/ X
#metadata_proxy_shared_secret=openstack
/ D& V! G* t1 @2 B" F/ _6.1.11)Configure the metadata agent
6 A. n4 }" p3 C* q2 z root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini$ C0 @ t- W& K+ y% b1 I1 v" @
[DEFAULT] # 在此模块下面添加下面这2行; o* w8 Q4 |; J1 \
nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址
% j* v, S" e9 ~1 K metadata_proxy_shared_secret = openstack
5 ], I/ [ O& f: M; W% ~8 ]& C6.1.12)Configure the Compute service to use the Networking service7 a7 o+ q) h6 r' n1 P
root@openstack-controller1:~# vim /etc/nova/nova.conf8 S H5 ?6 Y/ \5 Q
[neutron] # 在此模块下面添加下面这10行
# ]4 d/ J: r2 `7 y auth_url = http://openstack-vip.stangj.local:5000* m. p% D1 `) y$ g6 \% I! z; O
auth_type = password0 m# X$ p; }2 k5 Z& x
project_domain_name = default
0 u2 R( ?4 @* g5 { user_domain_name = default% f4 O- E2 Y* y* _( d6 `- v
region_name = RegionOne
' Y! {' U* ~1 K) i project_name = service
8 k I# u) [$ h8 g( ?! N( y' F username = neutron
# ^& q+ i$ `. w4 T password = neutron
7 C9 |. g5 q% h1 c8 U service_metadata_proxy = true
" l# d5 I9 t" `1 J J0 j& B* e ^ metadata_proxy_shared_secret = openstack+ Z- Y; V: Z( w. U# N$ Z
6.1.13)初始化数据库
- W" E0 ?' L4 ?8 i. h7 `* W root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini' y! m% y+ F$ v( G
root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
$ C$ _8 M+ x0 i- t `验证数据库`
/ t7 `8 p$ p7 j$ v7 y2 c3 e7 X root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables") D7 z7 G: R* o7 C
+-----------------------------------------+
' l0 U* H, w: Y( ~ | Tables_in_neutron |
1 _2 s; X* l% I7 I' ? +-----------------------------------------+
" p- L2 ?) g! ~4 l2 w+ _7 r | address_scopes |
% R; o1 D& |& ~, H- s) b0 o3 c | agents |
6 a3 H1 I0 Z$ F( q4 G% T1 U | alembic_version |
9 e0 G1 t5 A# x% S0 B' v! h0 D | allowedaddresspairs |% b. A; G. K( J/ E6 P
| arista_provisioned_nets |( O5 {: Y& [" @7 v% D8 T% J
...........................................
3 i" [1 c% Q4 `5 A1 X) n ...........................................
6 B2 `) U( j# ` | vcns_router_bindings |+ c& z" ]" h* P
| vips |3 m) h' c) b/ ]8 O* r
| vpnservices |
0 m" u; v2 K) R4 Q. g +-----------------------------------------+# {' X3 T; L# I# r6 Q) K7 V
& d( T, t8 O+ Q- K6 b
6.1.14)重新启动nova-api API 服务- ] J! r' f9 U* Z
root@openstack-controller1:~# bash restart_nova.sh+ R5 j( B* s9 H; F
6.1.15)启动网络服务
# T g' b% G0 r* ^$ S6 P root@openstack-controller1:~# systemctl enable --now neutron-server \
1 ~& V. N- X* \ N neutron-openvswitch-agent neutron-dhcp-agent \
4 S% n: x- t6 ~6 K3 E8 N. X neutron-metadata-agent
+ m" H( ~3 h6 ~7 v' _4 b6.1.16)编制neutron的重启脚本
& o+ _0 D: o b$ D, X0 n [root@openstack-controller1:~# cat > restart_neutron.sh <<EOF; [$ { ^$ _& x2 a L
#!/bin/bash3 w C! c. _5 H7 y" i6 i4 @3 Q
service neutron-server restart
/ k7 f0 U; P& R9 Z, Z) l) l. E service neutron-openvswitch-agent restart
/ z" x4 }; @3 a service neutron-dhcp-agent restart" D' I& j+ |* _% _3 ?
service neutron-metadata-agent restart& f {! m- f; s" V( o; _
EOF
+ A# `+ S& k, v* M [root@openstack-controller1:~# bash restart_neutron.sh7 y# Y/ P1 E# c! p- {
6.2)安装neutron_compute节点4 g& q% N h: u$ D( }
6.2.1)安装相应服务4 y) S9 H/ Z* q, d$ \3 l
root@openstack-node1:~# apt install -y neutron-openvswitch-agent7 G0 Y: S3 U& a5 n' X) q
6.2.2)修改配置
) o% m* _1 W: l, u root@openstack-node1:~# vim /etc/neutron/neutron.conf3 W/ ?2 \. j3 Y) I# D$ ]6 D* `
[DEFAULT] # 在此模块下面添加下面这2行
2 t, G+ G# O2 R% ^0 y9 h, e transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local) z: a4 }% @: |0 j. E T6 ~
+ j0 c' {* n, h8 _( M( e [oslo_concurrency] # 在此模块下面添加下面这1行, a& H+ ^: E! w$ t' u
lock_path = /var/lib/neutron/tmp+ K0 u$ k, K7 {0 |7 r
6.2.3)Configure the Open vSwitch agent
1 @( E* t0 ^& B. U; d可以从网站上获取完整的openvswitch_agent.ini- J# d5 s1 ?8 u0 U0 E$ B
6 Z' O" S- h9 Z- F; B2 _8 w7 ihttps://docs.openstack.org/newto ... envswitch_agent.ini
5 q8 I( i9 _9 z6 o$ g0 H+ @0 |$ Q9 z0 _' }
root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
, ^; i$ Q5 z; j [ovs] # 在此模块下面添加下面这1行
6 _. S U0 L" L" j( L bridge_mappings = provider:br0
, d% I! S( Q4 K. r* k1 U ( w: S, [7 K6 r7 V8 z
[securitygroup] # 在此模块下面添加下面这2行
/ i& r7 Z% F3 C" W$ z) U enable_security_group = true
" u2 _( p3 U1 J4 e- M firewall_driver = openvswitch: i7 o! R' Y* T7 s& U
% C1 Y, c9 n# J9 Q- G8 Z6 W
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`
# u: x4 P+ h d root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.2/ i9 l# o3 H/ t, x5 L ^4 k/ m
开机加载* b$ E! T+ a! c/ r( `3 P
5 T2 l- n) Z6 B8 s8 T
root@openstack-controller1:~# cat /etc/rc.local
! H! h* a& H8 o4 X" u$ J #!/bin/bash1 Y: I" l" A. h% C- l5 b- a
ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34
* `4 w" E+ z0 o8 i( o ip route add default via 192.168.139.2# j" C& S5 I( q7 j, \' b4 l
echo "nameserver 223.5.5.5" >> /etc/resolv.conf; m+ e) K6 h) N
6.2.4)修改内核参数
3 r6 `( I+ A. h5 j' W$ z root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
2 W; p+ b4 M$ p( t2 j5 W
- S# T8 k1 j4 i( x! l root@openstack-node1:~# tail -2 /etc/sysctl.conf
3 Z( M0 |. b7 q0 p: F9 i net.bridge.bridge-nf-call-iptables = 1
. P! \( R# H" e6 e net.bridge.bridge-nf-call-ip6tables = 1) L! A/ F* Z2 F) \
`加载模块并让内核配置生效` % y, g* F( R! ^. O
root@openstack-node1:~# modprobe br_netfilter' |3 }* O7 j# T5 j9 [
root@openstack-node1:~# sysctl -p- u. T+ @5 m0 ]0 E& }2 h! N3 o
net.bridge.bridge-nf-call-iptables = 1' h! c0 E- J3 O7 C
net.bridge.bridge-nf-call-ip6tables = 1
/ A5 e/ L6 T o2 |6.2.5)Configure the Compute service to use the Networking service7 j* C: x/ E2 X! F$ x( i5 G
root@openstack-node1:~# vim /etc/nova/nova.conf% w5 m0 q. b/ Y% J; B0 U
[neutron] # 在此模块下面添加下面这8行, G: [! J- k7 t, Z9 r
auth_url = http://openstack-vip.stangj.local:5000
+ R5 J" Y5 ]8 D. R auth_type = password ?2 a0 X. q1 \0 V) j: x5 F: G
project_domain_name = default) \5 u# R8 ]7 P$ r% l$ @
user_domain_name = default1 P/ n# q7 Z/ r% B% `7 n" |9 b! y
region_name = RegionOne1 z( Z. y/ b& v5 y* s2 ~
project_name = service
r; I# d- p; ]. Q0 Y# C" m9 G username = neutron
- _& H0 j6 @/ T1 p0 ] password = neutron7 N3 O) c. G; y7 G; u1 g
service_metadata_proxy = true. L( x$ F K0 H8 b `. m( n3 O' m/ t. I
metadata_proxy_shared_secret = openstack
! R% e( X( p: j( q9 t; m6.2.6)启动neutron_compute) y/ L( W* v! ?
root@openstack-node1:~# systemctl restart nova-compute
0 R' z7 u- [3 D; }+ m. {+ S root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart$ M) D. @ I: c8 d+ D
6.2.7)编写重启neutron_compute脚本& Q8 ~' o7 t% H; [
root@openstack-node1:~# vim restart_neutron.sh
! X9 l4 }6 P; H" Z6 c. M! M8 _/ U #!/bin/bash
, r7 i4 v; }& K/ z systemctl restart neutron-openvswitch-agent% C* d j/ S' T- U: x7 i) X8 Z1 n
6.3)验证服务$ `0 F% a8 i9 n. `' \
[root@openstack-controller1 ~]# openstack network agent list
/ M1 S( r7 i" B% ]8 h. y' d +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
( Z3 A: Q! C! L- F- j. v0 G8 h | ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
u7 F8 U+ ^; O* R$ ]% I +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
" q7 |7 m q# ^- t | 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |0 c7 C) N5 N: E8 k
| 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
g {" }* d$ S8 z | 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |
4 q7 Z5 |/ `, q0 ~' y) z5 D1 a | afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |
9 K+ E$ j9 o8 F( J2 T- _ +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
3 [+ q* l3 Z6 j U" L [root@openstack-controller1 ~]# nova service-list' l# \3 L% T5 j4 p* g
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+% L8 r; S! G" _4 d6 R
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |6 {5 l. S, F* ]" H0 `
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
T, i) P9 P5 @" n! X0 z0 H | 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |
% O, i: }6 i: B | 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False |& I6 z, j, W0 F' _0 D
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |5 k! \ u- i8 C" Z/ v+ q- h9 L
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+, d8 f- x/ D% g+ @9 @" g
& Y4 l& Y, v" K! V7 J* G U
7)创建测试实例! t5 {1 s* F: @9 O* ?% |
7.1)创建一个provider网络4 r, d- \7 R/ D6 G0 P
root@openstack-controller1:~# source admin.sh % _) k2 `7 I+ w& S
root@openstack-controller1:~# apt -y install bridge-utils( C4 C* p# V/ s" F
root@openstack-controller1:~# openstack network create --share --external \% D: ]3 W+ s t, X5 _
--provider-physical-network provider \
+ b" S- N! w* h' |; \5 ^ --provider-network-type flat provider-net
0 R a6 }+ V, ~* e #####################第一个external表示创建一个共享网络并声明他是一个外部网络######################## m+ G+ N! u+ L) z$ h) N
########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########8 n, q& m5 I' ]; s4 P6 }6 {/ J
############################第三个external-nat表示提供的桥接网络的名称############################& y' t, S' W6 _* z
root@openstack-controller1:~# openstack network list
; G2 I9 }! W7 T, g8 \& { +--------------------------------------+--------------+---------+
4 X/ A- x. U# t% E; ` a6 f | ID | Name | Subnets |
; k7 @6 y9 a6 `0 s1 y, a +--------------------------------------+--------------+---------+( U1 ?1 C& a$ }. d
| c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |7 s! o% o/ i! u% I/ a
+--------------------------------------+--------------+---------+
" ~2 K# P: V3 X7.2)创建一个子网
- p P' X9 @% L0 r9 u root@openstack-controller1:~# openstack subnet create --network provider-net \
- O+ f9 |$ e( N/ N( z, Y, N --allocation-pool start=192.168.139.100,end=192.168.139.200 \
1 y5 ^1 e* P5 p$ t6 y" [ --dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \2 K9 h# j( ^3 ] L$ b" t+ ?2 @
--subnet-range 192.168.139.0/24 provider-sub
$ h2 f- ~; V; n. @ ############################创建provider-net的子网provider-sub############################8 T. `. ^+ o L% v6 i
`验证`
0 ]. i6 f9 |- u9 D; ?( e [root@openstack-controller1 ~]# ovs-vsctl show
+ ~3 y6 G6 \# B' |) V/ ? 28a508de-e0a2-418a-b357-4a93f9f691278 ?& M7 {' p. s" [5 u
Manager "ptcp:6640:127.0.0.1"- Y# S# z; ?9 I- b+ s g
is_connected: true8 E" a2 }: a o: w8 o9 L+ S
Bridge br-int" F- t: T9 T7 A t. t) k/ [6 `% J
Controller "tcp:127.0.0.1:6633"
. u1 F! R! _0 b% {! `3 t is_connected: true
5 H% j( R/ y0 A' i% x fail_mode: secure
# n+ N0 ]/ O9 z2 U; o/ \, a, E datapath_type: system
( b1 {( q4 a" ^% b Y2 z) r Port br-int, @4 o2 ]7 R% D0 P0 j6 v z
Interface br-int2 r8 L- t% A/ n0 }9 W
type: internal
/ z2 m3 a Z; v1 y: d Port int-br06 P9 W4 N* g( K7 d$ s3 a) o
Interface int-br0, |0 U8 Z: p f: _
type: patch3 B0 V0 ]: X" L
options: {peer=phy-br0}
. i) M4 V+ y8 v* T$ F Bridge br0
' @+ W* z5 }$ l3 a- H) Q Controller "tcp:127.0.0.1:6633"( k& A$ q+ {8 i
is_connected: true
' w* e+ z1 O0 d+ L. Q fail_mode: secure6 V, R% v7 `' b3 I, k: J* s! t' O
datapath_type: system
4 b& E( d" I3 i( g9 v2 I* I Port phy-br0( j8 C& z- Q& W l
Interface phy-br01 r- B1 k- L7 {7 P' S. e% f+ M4 A
type: patch
( Z" O0 C9 N% d' b3 f options: {peer=int-br0}
2 F7 b: }# ]$ G1 {9 L- R6 [ Port eth0# T, U( q: s3 L
Interface eth09 ]/ p; A* z; O
Port br0
( z& [4 g1 m+ y* b3 X Interface br0
0 `' y& f3 e2 p9 A k type: internal
3 H, U& \% {$ g) L1 ?+ b( R6 E ovs_version: "3.3.0"7 E G, w* p3 Q
- m6 C, o# o' [! |
[root@openstack-node1 ~]# ovs-vsctl show
. c$ e. O( M2 S h9 E) e: X ea324764-3f52-419d-94ff-784dadc75aa9
# v$ E _1 E: i# V; `. | Manager "ptcp:6640:127.0.0.1": H+ j+ k4 K: w% ~! }; }6 h
is_connected: true. o; ?' K) U1 S8 W; {+ z! _
Bridge br-int% C# D' A4 I) K& U3 Y: U9 O" [
Controller "tcp:127.0.0.1:6633"0 o2 y9 M5 @9 o% l- M) A6 p
is_connected: true3 n9 ~ ~$ w0 l( Y/ W4 r) @
fail_mode: secure$ i4 ^4 _7 B+ H3 S6 ~. ^/ K
datapath_type: system
% c1 t; b( H% b) m: N Port int-br03 ~2 h$ ~, K$ ?: w
Interface int-br01 a) S V! B4 t
type: patch
: `% ?$ {0 e8 ?/ m options: {peer=phy-br0}% [6 C: _6 S, E0 h0 J1 }9 O3 X1 p
Port br-int
$ E: v O% Y [: p Interface br-int
3 O R( p# B+ B7 u+ | type: internal
7 I) P) U+ e$ k! A# J Bridge br0, T2 @9 h0 X7 g' F
Controller "tcp:127.0.0.1:6633"0 S- |7 z0 X: I* o0 w+ Z
is_connected: true$ w( d! }0 I, M, P9 p
fail_mode: secure
$ e2 `+ C1 ^) ]1 D; B datapath_type: system
3 I$ ]0 F) H5 a Port br0) \( b) n, l6 f t2 n
Interface br0 |" B" D2 O: q- P
type: internal
3 K) P7 ?+ [! B, L( J Port phy-br0
W) m( V! ]! y6 O5 r: H/ ^2 W Interface phy-br0+ w5 n- ~# b9 ^2 ?# @ n
type: patch
9 j; S6 E a" S5 Y) ?1 n) X options: {peer=int-br0}8 B u8 }5 a4 \% u8 |. z
Port eth0- I) r3 t, S7 g! c
Interface eth0; N# {/ a) l0 G3 Q6 j0 ~2 _3 v) T
ovs_version: "3.3.0"0 E* c3 `! ]+ b! j
7.3)创建虚拟机类型
8 u- c) w( H; L% }6 T: ^7 Z4 W. m4 j/ r [root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano7 _, n+ j/ p0 e$ S2 z7 z
+----------------------------+---------+
y) E" H, _3 I& X- v# X | Field | Value |: L0 ?( h+ U/ t
+----------------------------+---------+
2 z' X) [4 I! m3 G# F6 _ | OS-FLV-DISABLED:disabled | False |
: R" X" M* a$ C | OS-FLV-EXT-DATA:ephemeral | 0 |6 C* F3 s3 a0 s2 F x& d$ T I! p
| disk | 1 |
& y1 ~: z. k' a9 i J. x; n | id | 0 |
2 f O' `& K5 y- b' _* s | name | m1.nano |- K% D9 C8 ^, U0 E+ G
| os-flavor-access:is_public | True |
' c1 \1 t V0 `3 [8 g | properties | |2 E" e& j' y" X0 {) F5 p
| ram | 64 |/ Z) g+ V0 c( g% l
| rxtx_factor | 1.0 |
) ~; j! E& d$ Z | swap | |' r5 B: B6 W! J8 z/ N
| vcpus | 1 |! J8 S% H4 M, R. V4 ~ v. q0 d
+----------------------------+---------+
5 E0 G( F7 p# J9 k+ H$ G! @) w l% o7.4)生成密钥对6 s" K7 N4 Q; x" S: F8 z
[root@openstack-controller1 ~]# source admin.sh
) t/ v% U3 B& N4 G# f7 K [root@openstack-controller1 ~]# ssh-keygen -q -N ""
+ S3 L5 K# c5 {! t1 @3 ` [root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey* o- r2 r* m+ F# M
+-------------+-------------------------------------------------+
' Z' ?: D+ @5 \- D2 t/ V& Y | Field | Value |
( }4 z8 J* p' f; T +-------------+-------------------------------------------------+
, x" H9 F) S! z* A1 s7 v2 Q | fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |
, @; V$ s$ d) J: a0 ^ | name | mykey |1 p: x+ ]% C' v/ W( R5 \' r& g5 c
| user_id | 5c4b6243d95742799de0fc97ef119967 |( p- a8 K a8 D( l8 D
+-------------+-------------------------------------------------+, n7 x) u- d& z& C
`验证`: d+ O! P/ B. C1 D1 o
[root@openstack-controller1 ~]# openstack keypair list2 m. a9 m. S) W! o7 i7 V( z+ n, W" z2 A
+-------+-------------------------------------------------+
1 p2 p# P* z, K4 o1 H | Name | Fingerprint |2 w6 ?/ g- v% q' l8 M' f
+-------+-------------------------------------------------+
8 G% r0 `% T3 e1 z4 H7 S | mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |* ^9 y$ t' K w1 Z; x/ E4 v
+-------+-------------------------------------------------+* M" i5 z, n: L7 E. b
7.5)添加安全组规则7 J# m) o2 _" I0 }
root@openstack-controller1:~# openstack security group rule create --proto icmp default1 W9 J9 K& Z- I4 M# `/ Z( W
`开始ssh`
6 V' W7 [+ D: u6 y: b2 I root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default1 c, g( U o4 F5 Q: o8 e
4 Y' d4 ^% |4 p9 @% F. ^* t
root@openstack-controller1:~# openstack security group rule list
/ h5 D# [$ w- s c' C# J/ t +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
4 |+ j/ C! u4 n7 d9 S' Y | ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |
; f* y& M, j1 I/ U6 ~ +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+. [& J, \/ y8 k/ k1 L5 f0 p
| 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |: F I( M$ d9 I1 m6 t8 B
| b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 |
; O- r1 Q$ n R1 g | 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- |' a$ [2 `. q) s: J
7.6)在provider network启动实例7 W+ D4 D4 k! n! |
7.6.1)前期验证6 `1 X+ s, z- L7 J7 v8 N
`验证有没有虚拟机类型`& U/ o% c6 R; Y! n# N$ F* g
root@openstack-controller1:~# openstack flavor list* F6 d( }/ p! ?6 X2 \# {4 s
+----+---------+-----+------+-----------+-------+-----------+' T4 [$ i/ }+ a' `( B
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |# S' I* D0 }. y d1 L8 W0 ?' w3 |
+----+---------+-----+------+-----------+-------+-----------+
! V& ^" L% H# d( K3 @8 N | 0 | m1.nano | 64 | 1 | 0 | 1 | True |
; k! n) x& O/ @) _- a; v2 |9 C( b +----+---------+-----+------+-----------+-------+-----------+- H. _ Y4 l8 {# x+ H* a' L& O
9 |8 D' f2 i, i9 f `验证有没有镜像`
! w3 h7 v. V# I' B1 [5 p' @1 N root@openstack-controller1:~# openstack image list
5 p, O" S" @8 J& ^ +--------------------------------------+--------------+--------+
. k7 M: K/ W4 n, w) S' p | ID | Name | Status |
% M/ g+ ~" g$ m, d2 p3 f- _( i+ J3 h% h +--------------------------------------+--------------+--------+6 \1 B9 ^% V6 c4 v; a: w7 l
| 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |$ S& W+ m/ ]7 A4 i
+--------------------------------------+--------------+--------+
1 l/ x, h; d, F2 `' { c , Q: n$ D! E1 J
`验证有没有网络`: U& g$ r" @8 x6 A8 b' e
root@openstack-controller1:~# openstack network list
" i$ Z) E8 }2 b8 m% c# {* U+ ` +--------------------------------------+--------------+--------------------------------------+0 _/ g% N5 F8 r! L( L* I
| ID | Name | Subnets |
, v% v/ d3 n& W8 n- ] +--------------------------------------+--------------+--------------------------------------+3 R' j8 ]& L! z: K
| 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |0 o; D7 `: ^; }2 F% Z
+--------------------------------------+--------------+--------------------------------------+9 }; k+ Y! F3 w
. j$ u; @1 c5 K9 j$ x0 x" s3 i! R `验证有没有安全组`
- @( L- @5 Z/ x5 K/ V root@openstack-controller1:~# openstack security group list
( K0 m+ d4 R1 k +--------------------------------------+---------+------------------------+----------------------------------+------+! V9 I# M" K9 I7 ]
| ID | Name | Description | Project | Tags |
3 ^4 K7 Y r; W! x* F# ?0 H1 \' A +--------------------------------------+---------+------------------------+----------------------------------+------+3 ?3 S! T- C/ ?5 R
| f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] |
1 a: R J3 _: B6 Z/ M+ S -+/ t& R, l4 c' {& \5 m
7.6.2)创建虚拟机1 p& ] [- r- W
[root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \
m J1 }9 J7 S2 g" @; X1 C --nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \6 {' ]! z3 ~1 V! \6 J& _3 L/ L
--key-name mykey linux-stj-1
" l! t' h- ~! Z$ ?4 K6 g3 x2 \ #################################参数解释#######################################1 n) @* r @! Y6 s2 t: R% ~, i
###m1.nano:为虚拟机类型;. j9 r9 U/ b+ f4 I( P
###cirros-0.4.0:为镜像;
# D% \$ q" A- o ###net-id=[网络ID=openstack network list列出来的ID];
0 H e' R( o" S3 \ ###mykey:为ssh密钥对;; D! @0 r+ I. Y# D
###default为默认的安全组;
" L/ t- _- Y7 I5 \ ###linux-stj为虚拟机名称
; O; k# S6 f1 M) _ #############################################################################
1 T) [" o/ s. W7 X% L3 ]8 H openstack server create --flavor 1c-1g-10g --image centos7.9 \9 v1 H% x! t4 P& g$ X! b+ C
--nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \! S9 m" q3 I! U6 o+ q0 e8 {
--key-name mykey centos-stj-1
, F1 h- s& ^- l+ x7 [* N3 r7.6.3)验证虚拟机状态; N: ~4 T" B" r3 r" D9 k
root@openstack-controller1:~# openstack server list. y5 z- z' _5 W. h3 B
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
6 N# }( {% Z# r* _) e# R | ID | Name | Status | Networks | Image | Flavor |" V, D/ @$ X8 ?! ?4 [
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+1 N9 g( c. ^" i, F$ ^
| 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano |) j8 J3 e0 d; ^
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+
# e4 ^: h; r, s# \ # 加一条默认路由
M6 O6 O! X7 |7 f root@openstack-node1:~# ip route add default via 192.168.139.22 v9 a. \9 ~! _1 q( }
root@openstack-controller1:~# ip route add default via 192.168.139.2
& V% v1 v i8 k8 \% `" ?- p ###一定要拿到IP地址 external-nat=*****
6 n% G s3 x3 I- A6 p" m: F [root@openstack-controller1 ~]# ping 192.168.139.1407 {, _' Q) \4 j+ E& _) P
PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.1 u1 d: J( [& @8 X
64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms
, [4 I+ E2 f/ b& Z$ f7.6.4)使用虚拟控制台访问实例0 p1 u" n- ]; H* C4 Q; D! T
[root@openstack-controller1 ~]# openstack console url show linux-stj-20 ~# ^+ V& Y- U0 R; d' |! z! P
+-------+-----------------------------------------------------------------------------------------------------------+
! L4 U' `; W& H) l | Field | Value |* e! q- C% \ H8 x, z
+-------+-----------------------------------------------------------------------------------------------------------+% E7 j& ]+ r" z, F, b) h
| type | novnc |. r7 ]; M* r5 {
| url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |
8 N+ h- z5 \( H- W' `7 k# a: ^ +-------+-----------------------------------------------------------------------------------------------------------+' K% x W/ J2 ?7 K! S4 B
image-20241208195008663
3 J a/ p; z1 d' l; n- S
9 x- ]5 T2 K/ ^) vimage-20231217134249953
/ c% V$ ~- I$ U( E( Y3 P5 z0 K' o2 l4 [" i: Z
注意:如果你的访问出现下面这种情况
" R) W* F& o! }1 P7 ~) D. @9 ~ a: o2 P# h: n* [4 Q6 A( V+ r4 S7 |4 @
image-20231217135224898
1 _1 `: B6 ^9 }0 y' G% \ T+ U
) H( \0 ] L) y: w; n9 y; k( p解决办法:, X. w1 s6 p" E3 _+ O5 ~! H
, d# b" ^! l; j* q6 ` [root@openstack-node1 ~]# virsh capabilities
2 d% @2 L2 m5 A% S8 e% q [root@openstack-node1 ~]# vim /etc/nova/nova.conf
% K9 Y0 i8 N, u" R1 ]. u # 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容
5 j/ @: d7 b2 f" e; x4 F; s hw_machine_type = x86_64=pc-i440fx-rhel7.2.0
# S8 g) J% D0 X5 {6 X6 W* b' O! ]. f$ d cpu_mode = host-passthrough1 L6 O J8 Z0 M- }$ ]$ n# Y5 t
`重启nova`
, F5 N9 t' S' |/ Z [root@openstack-node1 ~]# bash restart-nova.sh
3 H1 k( E# P# {2 |0 m, J+ ], u) r ######理论上还用重启openstack对应你要访问的虚拟机#######
8 w6 @8 T% q) M; P如果没有出现上面的问题则不用修改nova配置文件操作3 [5 y' |% z1 y) z
) k6 j4 r; e3 m- O+ z% }- b, h
8)安装-dashboard: f$ I' F5 X' |* Q8 }
8.1)下载dashboard
( K( e) |* S7 z8 ~ root@openstack-controller1:~# apt -y install openstack-dashboard
& h$ l" s: n: \' Q- J8 d; s$ z8.2)修改配置文件-local_settings# x2 X9 |8 V2 \0 f5 l' h
root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py0 r; q6 I# L( {
# 23行 添加
: A$ a8 f) A: }/ z, g% r6 a WEBROOT='/horizon/'# s1 ]1 F& G" m; B& b- d( Q
* t$ b( \. Y% m1 q
# 125行 修改" i- k! t: Z, H, R
OPENSTACK_HOST = "openstack-vip.stangj.local"* `' s. t4 m, c' q$ }6 W
OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST7 N% a/ i2 X& b: y
; Q# q% H, H& b. V
# 39行 修改
7 Y. u1 }; O# V2 t: t/ c ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']$ u& t ~ B% j- H. C r" t
% t, h0 z+ t# O' G- \2 ]% T
# 105行 添加
9 B9 g7 m1 s6 N- x8 P SESSION_ENGINE = 'django.contrib.sessions.backends.cache'3 ]' ~8 i3 W* M7 v
CACHES = {2 T0 o# x$ P7 q. {3 M
'default': {- x' n2 f& v$ b5 Q
'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',! `) E4 X) g$ D. R
'LOCATION': 'openstack-vip.stangj.local:11211',
) ?& C+ ^& d- E6 D/ Y4 } }# b- p' ^4 q1 t7 ]8 K3 c1 {
} O; [% q# Z9 a1 P& p
* M/ G+ d( {9 d0 u4 N # 127行 添加( |5 P1 W& o3 I4 S D3 l$ f: C
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
; {3 w( W5 D( J8 J# r ~! }+ C
* C5 K h# ?+ M" x+ W' s* j5 b5 i # 128行 添加
, J, R# z* O4 b' S& I7 C OPENSTACK_API_VERSIONS = {
h2 f: {7 p/ F, W) v$ U "identity": 3,
) Q( _+ v3 I+ I" b8 v: C9 ~ "image": 2,& e$ V2 N/ O V9 E
"volume": 3,: o8 r; k: j X8 @. S, |+ F7 [
}$ z: J4 ~+ k8 F3 ~
) f, ^8 @2 H, X1 J! F
# 133行 添加
$ C" e2 y0 s, f/ m$ O, ` OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
@; c0 H4 J) f $ o7 \9 p2 d; @, U( ^
# 134行 添加
; [5 c0 c0 D! Z+ Y9 f# B6 W8 x OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user": [, i- }5 w- ~+ s& _& D7 ~8 W: \. J
i4 Z& M) I8 P; x0 A. A
# 138行 对照修改,把True全部改为False4 W t4 S; n+ v7 x) `
OPENSTACK_NEUTRON_NETWORK = {
/ S) `/ X1 P5 O. [ 'enable_auto_allocated_network': False,+ ~2 q! E6 E) H- I
'enable_distributed_router': False,
, ?* M0 m! S5 @7 I( A 'enable_fip_topology_check': False,
7 U# g6 _. @5 E: f n 'enable_ha_router': False, Y( y% L0 p9 T8 l
'enable_ipv6': False,7 z |( v3 w3 y- r6 u$ R5 n
'enable_quotas': False,- L) G* R' P" l) e I# n
'enable_rbac_policy': False,8 m4 S& s+ p6 Z) M7 s( c
'enable_router': False,# v8 u9 j4 R3 A& e4 I6 |0 B: Y
}5 t6 f" Z1 I: k+ Z2 H' N: m6 t
# 161行 修改2 A1 n, c0 ]% V' R& E# C2 T* Z2 H
TIME_ZONE = "Asia/Shanghai"
6 ^" _' E/ U! | c: n8.3)修改haproxy. x$ G f& b2 n. v" }( v
[root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg
* I0 m# }4 G5 [ # 最后面添加下面内容; y: f% ?6 U) E1 q1 {: T: D
listen openstack-dashboard-808 o8 x! Y4 ]$ L2 S t8 s+ T; l
bind 192.168.139.248:80
! u4 t1 S3 {6 n* \$ R6 B" e mode tcp
, {6 F& o& ?1 f& R1 t$ |+ T server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 5) z/ s. w: ]0 h( L$ J
[root@openstack-haproxy ~]# systemctl restart haproxy.service ' V8 H! X( s7 d
[root@openstack-haproxy ~]# ss -tnl | grep 801 }5 K6 f+ J( ~7 K4 |- b. ?! A
LISTEN 0 128 192.168.139.248:6080 *:*
3 z, k* M( L) K" P- d% ~ LISTEN 0 128 192.168.139.248:80 *:* % F+ b2 P7 Y! R) i( G1 E6 t1 ~
8.4)修改配置文件-openstack-dashboard.conf* e! ]$ s8 X" {- V- |2 h# G
root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf* S2 _5 h9 Q' _! g" N3 g
# 4行 添加
; ^; G1 U) V) e WSGIApplicationGroup %{GLOBAL}
* D$ T. Z, d1 ?- m M# G' L6 u! q$ a8.5)重启动httpd a1 b; F7 y% f# o, }9 y
root@openstack-controller1:~# systemctl restart apache2.service
% ~1 g% x* h: {' ]* L8.6)访问dashboard页面( O- P3 W% G. q6 E
http://openstack-vip.stangj.local/horizon/9 L6 @6 Q. u( l; ?1 b4 J
! |6 p5 J K7 o$ K9 U |
|
发表于 2025-3-17 08:00:02