- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
在正式部署之前,需要对每个节点做如下配置和检查:( g3 n k# ^- k R
& \' N# f* w5 q! W9 i; v) R4 e
配置 |openEuler 24.03 LTS SP1 官方 yum 源,需要启用 EPOL 软件仓以支持 openstack' x* w% n2 i" Z& M" Q6 i" b2 e
% q" l' T- N! K, o ?9 P
yum update* T9 z$ @1 }' t3 V' o" X' n
yum install openstack-release-antelope, J+ O$ |* S+ \, C6 }
yum clean all && yum makecache
" f+ p& b( V* G v注意:如果你的环境的YUM源没有启用EPOL,需要同时配置EPOL,确保EPOL已配置,如下所示。
% Z" B# M/ [7 C! Q2 `& t5 ~" l3 I+ ^
vi /etc/yum.repos.d/openEuler.repo
$ L: ?. c L3 e. Z% z0 U
& G# Y0 A0 C! E5 H" Z) y. g0 z[EPOL]
/ M) t; S8 H4 u. Aname=EPOL: z, D$ G v& t
baseurl=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/EPOL/main/$basearch/
* X; F4 \, P4 { p5 b" j* t7 q" ?* Genabled=1
# M9 x9 k/ Q4 R1 h2 L) A1 Mgpgcheck=1
- w& P- q- E, i! ?2 T- v/ [gpgkey=http://repo.openeuler.org/openEuler-24.03-LTS-SP1/OS/$basearch/RPM-GPG-KEY-openEuler
" g! G# A+ I1 `7 m8 t9 k
6 ~7 K/ V! N* C3 d6 i9 h: _! p Y$ X4 P, r" N
修改主机名以及映射9 A- M* d! ?- b, P; f! a8 h/ A
3 W3 s: y9 X( K每个节点分别修改主机名,以controller为例: u6 g2 |5 k0 s2 D
- \( f5 i* S. @! U A u8 b1 w' chostnamectl set-hostname controller
# e9 i+ u- Q0 v, a* L) t! d
: G8 `( y( u# \. U0 f% gvi /etc/hostname
& J- ]" Q1 ~) V1 m/ a7 ?内容修改为controller
* f* V: p4 E/ D$ c9 [然后修改每个节点的/etc/hosts文件,新增如下内容:, C4 h+ R2 ^& _! ]
% R+ m$ B3 E/ b c2 N q, U8 m$ B8 G192.168.16.2 controller) Z* M; ^/ D2 N% x3 }' Y
192.168.16.3 compute1
4 t! q3 o5 W" b2 c192.168.16.4 compute2' S& F) V9 n3 [" ` \5 F. w
时钟同步¶
: k* |' ^" p/ h. s1 {3 A9 j集群环境时刻要求每个节点的时间一致,一般由时钟同步软件保证。本文使用chrony软件。步骤如下:) f) Q' Q# x5 L( O6 X
6 @+ X- { S0 f3 O' k' YController节点:+ ], q: i( |; r' l0 ]- ~! ?; Z; |
2 N% L( ~8 |3 `. w* u9 ]
安装服务. @* z1 y8 W# K3 p. r7 n! U
dnf install chrony0 j/ n; k' k1 J/ V5 ~" c
修改/etc/chrony.conf配置文件,新增一行: M- h& u" {; o+ w; W
# 表示允许哪些IP从本节点同步时钟
, }. ~( P) n$ b8 W% A! X& c( vallow 192.168.16.0/24! \# }$ H* @$ R. a: b) S4 j; n
重启服务
1 n/ G4 |% P: q- L% E* L+ jsystemctl restart chronyd. C: t- t" v0 I# |3 R& ]$ h" u
其他节点& B$ E$ l$ a4 y* _
1 q6 J7 K( `; H0 q3 T8 W安装服务
z" D" y, J' t% r2 C1 H/ i, V6 R( h3 G6 J$ w/ A8 h
dnf install chrony
( n9 x) E/ g- Z" x2 c. l, a修改/etc/chrony.conf配置文件,新增一行, p! d+ f5 e. P' Z
& F: b* _8 m* z1 c/ E h$ e) q# NTP_SERVER是controller IP,表示从这个机器获取时间,这里我们填192.168.16.2,或者在`/etc/hosts`里配置好的controller名字即可。
: p8 k( b7 L- H2 p% U2 E& @server controller iburst
0 b J4 U- ]# C( C同时,要把pool pool.ntp.org iburst这一行注释掉,表示不从公网同步时钟。
1 I9 h% X, e1 {* w. N7 x) Y( @# O1 X
# q" G w4 T$ @% C重启服务) D1 y6 z0 l+ g# s7 Y/ d' ^: a& u/ \. m
$ U W( v* W' _6 q0 w( hsystemctl restart chronyd
" G5 f% Y* X! ^配置完成后,检查一下结果,在其他非controller节点执行chronyc sources,返回结果类似如下内容,表示成功从controller同步时钟。$ y5 U, i% L- G2 u" J
& ]0 [3 M& ], v; z- e* C3 t
MS Name/IP address Stratum Poll Reach LastRx Last sample
/ S6 C x4 F" d8 @' A===============================================================================
' h! c9 A5 b7 y+ D^* 192.168.16.2 4 6 7 0 -1406ns[ +55us] +/- 16ms) b2 |6 N* T! w5 U$ ~
安装数据库¶
8 O9 f9 Z. H+ L# n% T. i: \2 L数据库安装在控制节点,这里推荐使用mariadb。
1 ~% d! g! Y: ]1 j" _4 @
5 T' z6 ?) A9 Q: q, F+ t4 `安装软件包: K+ ^1 S/ t; T6 C; P
/ X1 p4 ?% F; h/ Kdnf install mysql-config mariadb mariadb-server python3-PyMySQL
2 g, @8 a6 ]9 `' Y: F9 o新增配置文件/etc/my.cnf.d/openstack.cnf,内容如下 X! G, }3 i9 o5 o! z: _" y/ x
+ w: H7 p' l4 F1 J( E[mysqld]; i5 g) U7 {) g! {7 x
bind-address = 192.168.16.2! W7 k% V {: C/ O+ E2 u+ F7 F: V
default-storage-engine = innodb. {! H% T5 z* w0 m0 A* [9 ~5 @$ G
innodb_file_per_table = on6 _4 c8 g' ~/ R1 {# K4 Y) e
max_connections = 4096
' Z) ^" |" L( u0 P. _* [+ \1 g0 kcollation-server = utf8_general_ci/ X5 T, W- q: s! C1 i
character-set-server = utf8
2 H. J: ?; W: ?% |2 v: U: I启动服务器8 k8 i$ R; ^6 i, S1 V0 }
8 W1 a3 W3 i: F9 H0 Y
systemctl start mariadb
2 e- O+ b, U& L z- B/ I/ b1 _5 [初始化数据库,根据提示进行即可
6 z. i3 p% g# M0 {6 w$ O
: f' `/ _+ F2 g* I9 E4 u/ z1 V. x( Fmysql_secure_installation
( r* [, n# k0 q* p/ l, w; p示例如下:
% Y0 B* F. Z* Z# v ~7 D
# o, O, |; E: `( A6 oNOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB) g( u. \& J6 W
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
+ M, |/ S" J7 S ]! n: u
9 L" J1 J0 E4 R" KIn order to log into MariaDB to secure it, we'll need the current
( Q% e7 {+ E9 o3 T" ?8 {9 _/ z. l8 vpassword for the root user. If you've just installed MariaDB, and( z: \ s6 b% l! w' Q$ e: H) `; x: h
haven't set the root password yet, you should just press enter here.! v' N- O! Z, o+ y& P
3 T5 ~' t7 w- r, K
Enter current password for root (enter for none):
- y/ U. V4 f' Q5 [4 e: x# j, X6 ]
; K( m- L/ `8 E; Y2 T4 F; U4 L( J7 j5 ?#这里输入密码,由于我们是初始化DB,直接回车就行 |$ a* z, B2 M8 q8 {
: e: F" A1 e3 M/ X
OK, successfully used password, moving on...
# J% `& ]& y; h2 W8 x' G$ w
z$ a. ]6 |8 a+ } G- E7 l- J: W* USetting the root password or using the unix_socket ensures that nobody
+ ?0 A) r: \) t w: `) }can log into the MariaDB root user without the proper authorisation.
: F3 u( C! ]! }
7 V$ @0 a* ^) {9 u7 o0 z' @You already have your root account protected, so you can safely answer 'n'.$ R p! i. x$ ~
3 f$ X' q3 q' G! |/ O( {# 这里根据提示输入N# O3 O& @5 U2 w R: T3 v
1 B$ ?, u! B$ |$ D5 D& YSwitch to unix_socket authentication [Y/n] N
9 J7 k# w F7 a
! o8 d1 T5 m0 D* I9 QEnabled successfully!2 a W# i( b. N1 a0 j
Reloading privilege tables..3 |: }, @$ j+ `/ U
... Success!
1 U6 _5 ^" l9 Q# \7 x) c5 T D% O# u* t6 O
1 x. K$ a9 o. UYou already have your root account protected, so you can safely answer 'n'.9 F/ d! s4 z/ ^/ @- I) R
1 x O# f; M: [8 v- I
# 输入Y,修改密码4 q3 X7 p4 h) Y* | Q% G
* s) S) C4 X. q7 P
Change the root password? [Y/n] Y
- u1 X* a9 U3 h U- B5 R6 @6 x. J8 @# E1 s9 N( c
New password: % j9 o$ e. l @, _
Re-enter new password:
5 @$ O$ L. x0 pPassword updated successfully!: z- L/ s, J6 ]- z$ b; q
Reloading privilege tables..
7 s- W8 l6 ^. u6 i3 `( y3 l! c: X1 S... Success!0 Q; v4 T$ F: W. T! G+ O1 i
" W: Y! N' `& ~) Z/ R% r; B- K) q6 b( u
By default, a MariaDB installation has an anonymous user, allowing anyone
( S* T( w9 c* z2 e, }2 Yto log into MariaDB without having to have a user account created for
: x4 |5 x! \ r& p& l' Z2 ~4 rthem. This is intended only for testing, and to make the installation% A( J5 z2 i: j, K+ R6 {8 G% n0 r
go a bit smoother. You should remove them before moving into a1 m# X/ Y i& ?8 o1 Y6 V
production environment.4 \' j( Q2 f# Y8 D$ U3 R! e9 E' ~
, E, K; _9 v( U# 输入Y,删除匿名用户
3 F- E. ~- E, h- S+ V" ] T& g% K2 x* [( p1 I2 r
Remove anonymous users? [Y/n] Y8 Y2 Y+ i8 U9 Q, y
... Success!& x! y7 ~/ k7 l. z
4 ]1 _3 z; X+ k# Y) y7 _1 }
Normally, root should only be allowed to connect from 'localhost'. This
9 y5 }! _0 N: F; i. l" v, Oensures that someone cannot guess at the root password from the network.$ ]8 w+ F+ @- i
/ q( i9 L4 u' v7 L9 m" O) u# 输入Y,关闭root远程登录权限
8 }. _% o! z' w2 U$ M4 }
4 u; X' A- l; M; _- tDisallow root login remotely? [Y/n] Y5 j9 g" N& h/ r/ ^! x
... Success!
5 @7 A( S& |* I2 }8 T. X2 s6 H' @! L
By default, MariaDB comes with a database named 'test' that anyone can0 M( v9 C1 K/ H
access. This is also intended only for testing, and should be removed+ s: ]& w8 s6 Z. e7 k
before moving into a production environment.
' _3 S, O5 X# w; E: Q p8 m0 O2 h& ], j! G9 B Y
# 输入Y,删除test数据库
, }: \- Q+ P& R+ z% ^/ [
, ^8 ^3 Y+ l; G6 g- GRemove test database and access to it? [Y/n] Y8 ~! A \/ x1 q9 [
- Dropping test database...
; ]% Y/ `; s* l, a# Q" m... Success!. o* V# Q) \* F& O- P# R) @& K& S
- Removing privileges on test database...1 Y, c/ V+ l+ x) d3 I
... Success!$ h- c4 P, {$ _' p2 Q8 p0 {
% B1 L5 w" V3 NReloading the privilege tables will ensure that all changes made so far# ^) p( ~( a3 }
will take effect immediately.& I/ u4 ] R; _* T7 u" u5 o
; W% j" J! A- q" g) k# 输入Y,重载配置
3 |9 l N+ D) O' `$ ?) p( x9 F3 [, U0 C3 S! M
Reload privilege tables now? [Y/n] Y! @- r7 J5 H. i; w+ f. M% ?, @8 ^$ j& C
... Success!
$ x/ K9 R) S& W" ^
/ S* S. o( u1 ^) h, A% FCleaning up...
; `! A# o% Z+ w7 \: X- C# Z# }
" \8 q) `5 W/ WAll done! If you've completed all of the above steps, your MariaDB/ z) _& p' d; S3 i' ]( K
installation should now be secure.# B. i7 y2 I; Z6 D0 y
验证,根据第四步设置的密码,检查是否能登录mariadb
4 b: w5 f, G- ~+ h+ m$ F% G7 X. h9 m! [& i$ T% S" k
mysql -uroot -p
: X4 f- y+ L! H8 u; u0 q- I即可直接登录数据库
9 u; N' M; x0 L# s! c' ~) C, U% ]* x+ M$ Y$ F# L
安装消息队列¶: B4 k5 |1 H! E* } o6 q( \
消息队列安装在控制节点,这里推荐使用rabbitmq。 ]7 [7 S5 Z; Y P5 D) x& q+ g1 \1 b
1 B* ~8 m1 E6 K安装软件包
K/ D$ J" N+ u: J* B }dnf install rabbitmq-server
9 M# r* k1 p) |# U+ {5 I7 s5 @启动服务, `$ S W' L! _3 {* n4 j7 [
systemctl start rabbitmq-server
6 r5 T- z# d3 G1 [7 W+ _$ _配置openstack用户,RABBIT_PASS是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。, |" Q; Z3 |5 ~/ u8 n/ J' c' i
rabbitmqctl add_user openstack RABBIT_PASS$ ]$ w* V2 Q4 j ?, F1 J8 d: t
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
; n% g8 }2 c, W安装缓存服务¶
( e2 z( u9 \; H/ L消息队列安装在控制节点,这里推荐使用Memcached。
, |+ S# }6 d+ Q1 a. l# u3 y. G I, A7 g, i: J
安装软件包0 }; F- m- R9 B- G% p# s
dnf install memcached python3-memcached* [' Y, P ~" {
修改配置文件/etc/sysconfig/memcached- ]' E0 [4 q2 j7 E0 ^- K
OPTIONS="-l 0.0.0.0,::1,controller"8 a6 h# S1 O- Z4 l2 w' N
启动服务# [' ]0 ]& O9 m# U3 q& M% }% Y1 k. v/ Z
systemctl start memcached
8 m. B0 T2 b! }( ~部署服务¶ e7 x' j# m0 `1 v
Keystone¶' X/ h4 \( [ o2 t. h" j+ D$ ], S
Keystone是OpenStack提供的鉴权服务,是整个OpenStack的入口,提供了租户隔离、用户认证、服务发现等功能,必须安装。; M! ] p q. A+ i
! Y3 _" S$ ^! W/ n! e! P7 y创建 keystone 数据库并授权# D9 Q) ^ S+ Y( U3 `
. A1 Z, d$ }6 u6 a
mysql -u root -p
+ M. m; x) }6 g4 g x2 p
% Z* D" l' ~/ b- F( _MariaDB [(none)]> CREATE DATABASE keystone;; d( H3 R" o! U, [* M. i/ z
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \. V* }1 \$ _; j O$ b7 Z6 G% y e X
IDENTIFIED BY 'KEYSTONE_DBPASS';. W1 c$ r0 q$ O: C, {
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \" B, `% V9 w: d2 b+ }3 u
IDENTIFIED BY 'KEYSTONE_DBPASS';4 t; Z2 S, v. w5 y/ A L' f
MariaDB [(none)]> exit; M8 {( t$ `! j! u5 t# o& o3 }1 U
注意
+ I! x% D5 v0 {# h. {* y" y* r2 p5 x4 T9 y) K7 Q* _8 h2 g% N* ~, ~
替换 KEYSTONE_DBPASS,为 Keystone 数据库设置的密码 (一般可用opessl 或者uuidgen方式生产复杂密码)
* ]2 @4 }# _+ A P# o0 h# D8 J9 K1 B9 m$ y
安装软件包! m& C8 l; \- R6 `6 p4 c
* n! ]; A/ {4 G8 N" ]2 ]' \
dnf install openstack-keystone httpd mod_wsgi 3 g6 U" u0 i s0 ` [
配置keystone相关配置
! Y' H$ j5 ]3 @# N4 N9 {
' r) m W. q3 r: o% q7 w( I' D' Cvim /etc/keystone/keystone.conf
, h; K3 l' \' q
8 |2 u! P$ R: w: G! R" G6 M7 o[database]) \! d: u0 y C4 ^1 a" M3 i
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
- W( H4 U: f2 i* m2 ]" v7 C% \' u# w! q0 K% j1 T) @
[token]
2 B' Q5 l7 q) D& f- v, Lprovider = fernet. o# R& H9 S; y$ g G# u& C
) c: V3 R- \# H# S- \3 Z5 N8 M
0 l- s5 E: v/ B; u. s3 {3 ?. N
解释
6 X2 s1 g9 r2 j: u" G8 n8 @+ y6 T" ~/ v, i. X/ i% v" w
[database]0 i, J" c5 K% a; M& W. _0 k
部分,配置数据库入口2 H: a- }2 F- @1 v
$ L0 U8 z" Z' a
[token]
% R! ?( i g/ `; J- z* s" b部分,配置token provider8 y1 f9 Z) d j8 X
; J. [ w% [& \9 L) d4 l
8 H2 `2 i5 ~5 P& M% _6 }! ~ p同步keystone数据库
( G2 q) ]7 H& D/ n+ Y2 r" {, A* a; R: n& f- p
su -s /bin/sh -c "keystone-manage db_sync" keystone
! {/ I/ u& ]1 ?- }# J7 D/ i% z6 n# E5 I* v
初始化Fernet密钥仓库2 [% W6 u) ^/ e/ @: b. ^7 n
0 C0 S" w( N- J4 B& S3 Pkeystone-manage fernet_setup --keystone-user keystone --keystone-group keystone) C% a3 @+ C& C. `9 U
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
4 q) l& N! O- |* n1 R: u4 Y" q4 F3 H6 H8 O; Y" x- _
启动服务
* K, I# N+ Z5 g# C这两种方式都可以:
7 y0 V: N" N- s7 Okeystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne" X2 e1 j' e. P* h' |5 A
3 {- r+ `" c6 G/ S @8 o! Y; Q
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000 --bootstrap-internal-url http://controller:5000 --bootstrap-public-url http://controller:5000 --bootstrap-region-id RegionOne1 W( o# I' U6 {1 o
注意
% X7 g- p1 w9 q! c j/ {; _) @, @3 @) z# ~. s, t, h5 ?" f+ ]
替换 ADMIN_PASS,为 admin 用户设置密码$ a/ J2 M, F! D& p
1 o: y8 v$ b* O* d6 ^ `1 l. E配置Apache HTTP server
5 X2 T+ u9 j5 x) K
6 L( B9 d# b+ I ?+ S! q打开httpd.conf并配置
2 N( }: b/ A$ s# q& Q
7 K8 Z: \% o% |# g5 R# l#需要修改的配置文件路径
4 l8 v2 c3 s w6 |, q2 uvim /etc/httpd/conf/httpd.conf
" y: h' m9 X* t& M& c8 I" _7 ~ @" o" C1 Q, H R
#修改以下项,如果没有则新添加: J6 B a4 l: W
ServerName controller- J5 n) h, n# A- H' o
创建软链接
. Y5 k, s% J) {5 `2 b D% f3 v$ R4 W
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/1 q; k" v: h- `- B+ M, N
解释
% f1 i7 r; j6 f( Y B
6 `0 b3 D5 h! g配置 ServerName 项引用控制节点
0 B2 j, N2 h" {% _; s6 _* x) E5 I. g, v* D# `$ V0 W
注意 如果 ServerName 项不存在则需要创建7 T' R+ C2 s5 a
0 M, A1 Z: v' c启动Apache HTTP服务
5 b$ B1 ?, G1 @4 V
' y( H* y- S. ?& S" @2 E' Tsystemctl enable httpd.service
6 j6 U8 e; W; R, rsystemctl start httpd.service. l, N' [9 S# J
创建环境变量配置7 |9 W* U% w6 p& ?
* t5 D. s4 h- E6 I: K7 h
cat << EOF >> .admin-openrc, M9 Z5 U' J. J0 P- ^
export OS_PROJECT_DOMAIN_NAME=Default* E1 A% _$ F3 i
export OS_USER_DOMAIN_NAME=Default1 x/ C/ Z) L p' y/ B( }
export OS_PROJECT_NAME=admin
( A5 s% a, c# Y% {2 x* Jexport OS_USERNAME=admin
; e6 k5 D$ W1 z, [% P7 Mexport OS_PASSWORD=ADMIN_PASS9 n* l, }* H/ p y
export OS_AUTH_URL=http://controller:5000/v3
' J2 s1 ]- O, ` u" F' ]7 ~export OS_IDENTITY_API_VERSION=37 M5 D ~5 ?7 K s8 k
export OS_IMAGE_API_VERSION=2 r7 c- L/ g' y t
EOF
7 v3 K E: Q9 ]- L2 l& U8 w7 X9 C& a% B! E2 w4 ]
注意) f4 Q0 S+ `- ]. B4 Q( q( ]0 `9 C
8 L/ S I. R# @; e0 Y
替换 ADMIN_PASS 为 admin 用户的密码
5 C2 o, V6 [; W0 s( S$ \* K9 h" Q; U7 r! L8 E& y
依次创建domain, projects, users, roles+ S! ?1 ?5 B h9 E
4 x" ?, P. `( |/ j; @
3 i5 W" A" p g/ k- G需要先安装python3-openstackclient
b- D. D1 {: ^% c5 ]( ^5 L t! c, e2 e/ R) l9 k
dnf install python3-openstackclient: g* M6 S( b( O- l$ v) X( {
( N0 s3 D$ Z. Z2 V% @7 x
导入环境变量3 P8 A! {& W& f N
2 ]: ^* K" v z# J \/ k: J* m
source ~/.admin-openrc8 w/ e8 Q: r% j% K; k
创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建% S8 Y" w& |- m- `" x
; ?5 M) M- }. m) G' d- ^openstack domain create --description "An Example Domain" example, E2 M- b! W* N5 b
8 n6 N/ R; O- X4 h# N A6 Q1 dopenstack project create --domain default --description "Service Project" service( t6 `3 `, y( g: c
' i. [/ Z! o# I* g' F, s# w
创建(non-admin)project myproject,user myuser 和 role myrole,为 myproject 和 myuser 添加角色myrole
* A: p( c* U: a3 B& E: Y
& r0 O A4 J" Qopenstack project create --domain default --description "Demo Project" demo/ X: A! p$ f3 S7 j- a3 ?" Q
9 o. D7 O1 s1 `9 j: ^+ w0 e9 Hopenstack user create --domain default --password-prompt demo1 n8 B" U: ? @0 F4 B0 S
openstack role create demo
$ s/ V U+ _1 y6 topenstack role add --project admin --user demo demo5 W6 \9 m; M, b: Z7 {
验证" j ?7 c- @" g2 p) ~" K' O# d1 _
I3 Z' G( \6 a- d9 N2 u取消临时环境变量OS_AUTH_URL和OS_PASSWORD:$ p% l6 |6 E( _ c
R2 p- n6 ~/ z) O
source .admin-openrc$ V1 x5 p' ~- s& d
unset OS_AUTH_URL OS_PASSWORD4 D" q8 a1 ^/ }8 n' v
为admin用户请求token:
K" B# @: t0 u% A+ U5 L* R
# O* s6 O+ S( a, Z: Hopenstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
: u* n% f# u) J5 n: F6 ^$ {# ^. O7 I3 ^' E
为myuser用户请求token:7 F. s$ n3 r9 K4 R Y- c6 f' r
s* S! F' [7 U4 e$ N% ^openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
) a e% M9 N; N. I8 |3 W1 i, ~$ e2 v+ d& V
安装Glance¶3 \; }% o0 j' T- Z, i3 O
Glance是OpenStack提供的镜像服务,负责虚拟机、裸机镜像的上传与下载,必须安装。
1 N4 Q# [% ?+ r5 C4 w% S1 g4 }" G1 q# E" h
Controller节点:7 d" [+ y% W8 |5 Q' L
# t/ `, l- S* O7 B5 _4 g创建 glance 数据库并授权4 i9 Q2 w1 l Z) I& s
; U6 u$ E% U: x) l- j1 M5 F* ~
mysql -u root -p( l6 ^, ?' \4 g2 K$ F, c
0 @' c4 X5 a( g3 v- H7 B
MariaDB [(none)]> CREATE DATABASE glance;
4 |# N8 `7 [! P3 j iMariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \0 }: l" q, Y' s
IDENTIFIED BY 'GLANCE_DBPASS';
+ g* y A w! ^6 Q( B( p. hMariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \& B' u# k& M4 \9 B& F( N; C
IDENTIFIED BY 'GLANCE_DBPASS';4 U4 \6 \' j+ V1 w( Y+ f/ g
MariaDB [(none)]> exit' E7 o! ?" A, ^: g% `/ B
注意:$ W2 F j3 Q( d q( p# h/ T
2 c+ D6 C* j/ b6 }6 P替换 GLANCE_DBPASS,为 glance 数据库设置密码
: w4 N3 _) A! _% \, x, t1 O! [$ ]% z$ j, \# b! Y# y+ c: f
初始化 glance 资源对象
; P: e+ J5 u6 _9 q l
, G% m4 z, S: L" V1 o导入环境变量 i; w% w- z! {2 o$ F
# `# q# ^0 D& S- Esource ~/.admin-openrc4 t/ ?! Z u% \
创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到GLANCE_PASS的地方替换成该密码即可。& _, {4 k% T2 I( s$ D! u0 w
5 ^& I2 `7 S* t; j8 H, ]' M
openstack user create --domain default --password-prompt glance* G' c2 f& z5 N( Q0 N* ?
User Password:
) @) {& s0 Y9 [9 O3 P# Y5 iRepeat User Password:" W+ H$ `9 ], ]' {" j; i
添加glance用户到service project并指定admin角色:& i. `) B& U4 o# y0 p; k& S9 t! B
$ c e) X$ R. h6 C: Hopenstack role add --project service --user glance admin
: w& V1 g' e1 b; I- C5 p创建glance服务实体:3 P& p1 |4 j& Q, E( i7 E$ | ]
3 ^0 u! n6 k7 O6 D, Sopenstack service create --name glance --description "OpenStack Image" image& {% |( f: b) {& n2 Z0 l% _9 K( C
创建glance API服务:! x( m5 Q) _+ O
) M1 \% i" |! e1 ~8 T/ z& [
openstack endpoint create --region RegionOne image public http://controller:9292
& G/ a3 P( F! p; [ y0 @openstack endpoint create --region RegionOne image internal http://controller:92921 x0 N2 A& b$ f2 S. b) i
openstack endpoint create --region RegionOne image admin http://controller:9292
1 x/ e3 |4 L5 R* N$ {! z1 {安装软件包, A* r% T5 H ~% _8 Z
/ x" l& I1 x- \' z8 F8 [2 R# {dnf install openstack-glance
) \4 a' q! A4 R8 i2 o修改 glance 配置文件
& ~+ O+ {7 M L: y$ F3 @7 f" ^' W C4 @: C$ I" E4 r9 |
vim /etc/glance/glance-api.conf
# a% r; j1 c+ u9 H8 t4 p
! K5 {- N9 X) V5 M$ l[database]
: |3 a. p" J4 x7 d- {1 \1 ~% Fconnection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
$ Y# q' u7 W3 T/ F, W
. \; f3 }7 b5 h9 @9 y# ][keystone_authtoken]0 l2 i% m) w+ Q* N
www_authenticate_uri = http://controller:5000
% R0 ~; y. P, l( _7 Y' pauth_url = http://controller:5000 d1 m- e9 e2 w- l0 c l& `+ }
memcached_servers = controller:11211/ Q7 c2 f* |" L- {# p1 d/ l
auth_type = password
5 T) g8 s4 n4 i* f1 |project_domain_name = Default
- V% W" P# A; W$ y9 U# @2 l* z; Nuser_domain_name = Default
8 h! X7 f! n8 F* Q% y9 y& U5 sproject_name = service8 S8 E+ O6 n& g- V8 i
username = glance+ m0 F7 j# r" d8 D+ d' f+ t! y& H
password = GLANCE_PASS! r: E) b c7 A7 l6 }) [
5 M) `0 L' i' y; N$ z. L
[paste_deploy]" J# b) O+ {9 W9 M; Z6 a
flavor = keystone
) V# h4 v% J' s1 t% h. q) Y! `9 T% c" q1 I; J
[glance_store]
* {( r$ ^) v% N r! U# |. y# ustores = file,http
; X4 L& P# z$ o9 i! _" e) Wdefault_store = file0 Z( u' K: v* D/ I7 \8 Q" c; z
filesystem_store_datadir = /var/lib/glance/images/8 u! G0 p" Q. u' M3 a7 J3 I
解释: d+ U8 D* M% v5 N; u+ ?
8 j* A* ~8 Y$ Q: i P* p[database]部分,配置数据库入口! s! A; y: f. u+ E# q! }. l1 h5 D
4 g# r* W% @! `3 A
[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
* H; z6 \! b% j3 X' D/ r, I! Z
& c3 P" L" A, g/ O' X[glance_store]部分,配置本地文件系统存储和镜像文件的位置4 D- O( r( W7 b2 b
+ }* V5 r8 \9 ^* ~& D% t9 U3 z% r; A
同步数据库. u8 H+ v( t0 ~4 R( ?
1 C1 a: M% Y K4 r( K8 v$ m0 fsu -s /bin/sh -c "glance-manage db_sync" glance- r" ?! ~- J$ y5 V/ s
启动服务:
& P) U$ S# Q0 ?, f4 R0 p! R$ \( c9 l" P
systemctl enable openstack-glance-api.service
) H8 a+ v! U0 ?systemctl start openstack-glance-api.service
; s) V$ }9 K# x9 J# U$ V0 e3 A验证
2 c% F. ~" |2 y8 ^
1 i- Y ^5 r" E% X; c0 q( l B导入环境变量* D( F n& z8 r$ [) a
: ~% S' k0 C5 [8 ~sorce .admin-openrcu+ E7 I6 \! F, [' t5 m+ R8 W
下载镜像
5 Z9 g4 h4 I) C6 M& ^ ~' f, s1 X4 i' J
x86镜像下载:9 G, _$ i( f2 v5 T
wget http://download.cirros-cloud.net ... 5.2-x86_64-disk.img
) t5 E+ [( g5 D' Y5 }# M
8 q! X0 }% C' s# Marm镜像下载:8 o1 }( Q. \% o! S
wget http://download.cirros-cloud.net ... .2-aarch64-disk.img
- h/ z4 ?/ U% B* R. @注意4 O% d/ k) [% {' V0 d# E2 n8 H
1 P3 _) O& L h$ f4 z7 \
如果您使用的环境是鲲鹏架构,请下载aarch64版本的镜像;已对镜像cirros-0.5.2-aarch64-disk.img进行测试。
/ D% x8 f) ~4 f5 U' g) m/ V3 F, G" a! _
向Image服务上传镜像:
1 O1 ?% v/ g( u8 A5 W
7 b9 D" n3 J+ H3 r3 F/ zopenstack image create --disk-format qcow2 --container-format bare --file cirros-0.5.2-x86_64-disk.img --public cirros9 z* N" t/ E) y) e9 r% G3 n9 d
确认镜像上传并验证属性:
/ d6 f+ y5 E. V2 o0 a1 A l2 n( O
5 Q+ x! l: O5 F5 f' |/ vopenstack image list
$ K; M) M% R% s8 d$ [5 u+ \, Z- T, c. C+ t' ?8 Y( v; {0 ~
2 Z+ y0 _+ ?9 s& m6 tPlacement¶
* m# a/ h, }/ a; x H8 lPlacement是OpenStack提供的资源调度组件,一般不面向用户,由Nova等组件调用,安装在控制节点。
% M; l7 b2 l& z' T) o2 m- C8 b# W2 s) ~. }1 y9 r. I
安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。1 F# V+ f. f; q: ]4 {* r
$ g5 Y4 }- _9 J% v% r/ v1 r4 _: [创建数据库& w+ j3 O. c6 A( j# u# v
5 `6 K) ^2 b: G' l+ u) N0 Y
使用root用户访问数据库服务:
; }. x* g5 t7 ^ H% s
* ] Z9 M8 W0 o" Y0 U3 F; ~9 ?mysql -u root -p/ E! X5 ^- E0 D# e2 Y) j# ^5 |8 ~( O
创建placement数据库:
0 y3 |( T% `3 ^- e; U9 ^9 x8 U
q2 X4 G! g! O) B! f* M5 p' c' F" GMariaDB [(none)]> CREATE DATABASE placement;
% S1 J1 E/ V- X' A5 C/ a授权数据库访问:9 H6 d- s" i1 i. m: B; B: X
; h4 y$ G) _7 ]/ `4 D: QMariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \4 X3 T6 R& Q; ?% w1 O6 I1 d
IDENTIFIED BY 'PLACEMENT_DBPASS';
( V+ {. Q! J& _7 K1 M8 AMariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \9 Q% \8 _3 [$ u) F
IDENTIFIED BY 'PLACEMENT_DBPASS';
* m1 h. z" C0 @替换PLACEMENT_DBPASS为placement数据库访问密码。. K3 f( `/ @4 y
- X% ]# l) d3 S# ^) u0 L退出数据库访问客户端:
! B1 Q0 }* a7 k
2 ~8 p" _' [0 o0 jexit
" X7 i+ b# n( e% I0 A' T* Q配置用户和Endpoints6 o7 {4 E9 g- _) Y" X8 S
8 A5 D3 B3 L0 ^) ]1 _" V! |
source admin凭证,以获取admin命令行权限:
- c3 `8 v6 p7 b `6 p7 F$ F- o6 f8 l
. y- ?" @2 J3 ] x0 d+ d$ t1 O0 G$ l tsource ~/.admin-openrc3 a/ M4 S) s+ F0 ^; U
创建placement用户并设置用户密码:
~7 h1 b' v1 [+ H2 |; N8 b
& m( E) l9 t+ V! E6 W' Z- `1 uopenstack user create --domain default --password-prompt placement
5 N* ?0 _) x3 ]6 d- B- W
( Q: }4 V0 I# I: J2 xUser Password:: E2 P/ C' E- |
Repeat User Password:- ^# V, F+ j/ X6 h4 S$ {9 h) Q- E
添加placement用户到service project并指定admin角色:8 c) |/ j" n8 Q9 W' v
9 I Y: ?; P. ~' t% G2 Nopenstack role add --project service --user placement admin8 u; l1 C. Y# R, F& a+ r2 _8 k6 C
创建placement服务实体:/ I/ _5 [) h6 q
' Y0 \! e5 O% {. _$ Z' i5 Q% D
openstack service create --name placement --description "Placement API" placement
/ K) ]8 F9 |9 o* e6 c9 F创建Placement API服务endpoints:8 G- R/ S- C( b0 A% y3 O* B
$ ~- Q8 E: @6 K `- i) j% ropenstack endpoint create --region RegionOne placement public http://controller:8778
% N# Q5 T9 m" ?. aopenstack endpoint create --region RegionOne placement internal http://controller:8778
+ Y! Z5 t6 Y- r z$ R% [. kopenstack endpoint create --region RegionOne placement admin http://controller:87788 e h: \7 D- I. C
安装及配置组件: L+ F1 t+ N. _4 q
) ]" |) ?* G6 E" H0 F3 t# ^0 u" i安装软件包:
* u4 B; ]: r0 l+ n; \
( N6 K/ f. |6 ~4 ]4 vdnf install openstack-placement-api/ H9 V1 Q; p4 V- e* f3 A" J
编辑/etc/placement/placement.conf配置文件,完成如下操作:
* E) H/ G0 ^# S' ^0 F% u
1 L: j0 Y2 b, R/ D在[placement_database]部分,配置数据库入口:
* Y4 r, D* O) @" e4 S: A+ g
; j0 l# y$ P+ s! s! C# K, T[placement_database]
6 f. u& F8 i1 Z. g6 ]connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
& t S5 h5 ?8 j8 t替换PLACEMENT_DBPASS为placement数据库的密码。" g9 T' y2 l( N8 _# ?; l$ y
1 g p: k" l4 t. u
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:
; X- C& ^' V9 B
2 F4 H# j1 c7 u5 V X& w: n[api]! U! W$ k0 ^0 G) L
auth_strategy = keystone8 L1 n7 ]; F% Z8 D7 I
* w. Q2 v1 u9 z4 O
[keystone_authtoken]4 [( }$ d* ~7 S: q
auth_url = http://controller:5000/v30 u! M& [; s) d# j N
memcached_servers = controller:112114 Q3 ?7 \# u7 G& R0 u. k V# z
auth_type = password
b( e8 l$ X$ Z6 m+ R8 s& W6 uproject_domain_name = Default' ?/ i6 P- g1 N! z8 B0 g: s+ \2 N
user_domain_name = Default
; W2 b' F q! Uproject_name = service3 I$ S) Z4 F! }( _
username = placement
' Y' b/ w: U/ c9 h- Ipassword = PLACEMENT_PASS
; M& U2 i2 ^5 d u% d替换PLACEMENT_PASS为placement用户的密码。
' q. `- I6 S, O5 h6 i, O
5 c, F/ K) b6 o, ^, }: e0 Q数据库同步,填充Placement数据库:7 }. s' E% L2 x
1 P7 \/ p* F2 g0 s+ @/ y; Ysu -s /bin/sh -c "placement-manage db sync" placement: U+ Z% C8 B8 t" J
启动服务
7 V2 z9 x% }/ u G' u2 }. Q1 e2 e7 s, { j
重启httpd服务:( h9 C, D6 d- v* _: G$ y
# t! N0 r4 \. s" w. n1 ]systemctl restart httpd
- }8 |& P' d; j验证
. [' r. m+ T6 m+ @" {# Y* y9 d+ U% T1 J, v7 ?0 o3 S( Q6 S
source admin凭证,以获取admin命令行权限
2 r3 R$ ]. q1 @3 s' i! N0 {! c2 S. T) b& {. q+ [7 G/ q
source .admin-openrc
3 I; `) y3 o1 ~+ P执行状态检查:
- A% G6 y, D& e6 t: s- \# n" _% ]: F; b2 s/ W
placement-status upgrade check- P9 Y" s; E. Z1 u
+----------------------------------------------------------------------+
/ K K. y/ ^& p% [' ^8 d8 j8 J| Upgrade Check Results |) }* O8 c( E+ U/ j4 P1 B
+----------------------------------------------------------------------+8 \% |. v% B9 O* F/ \# y; P
| Check: Missing Root Provider IDs |6 M4 a; V7 G* _4 \
| Result: Success |/ T- ]+ n4 b( S7 Q/ E
| Details: None |
9 c' Z5 b9 ]; E0 x8 P( J8 r+ z1 ?4 B$ F+----------------------------------------------------------------------+# Q9 t9 ^2 g7 `5 Z3 \; p5 h
| Check: Incomplete Consumers |2 u* g8 |! {; m
| Result: Success |
1 U5 @8 I* x/ n! G| Details: None |
3 {" K7 E* z, g% G! A/ N( f+----------------------------------------------------------------------+! |( s1 M) W$ v9 f: b' v; N
| Check: Policy File JSON to YAML Migration |" M/ A" V; v6 v* A8 z3 i
| Result: Failure |
" t% d8 e, b3 w8 h. V7 E| Details: Your policy file is JSON-formatted which is deprecated. You |* S! X5 O* v$ s3 l7 o# [
| need to switch to YAML-formatted file. Use the |; o, m- r, W+ U7 s% S& ]
| ``oslopolicy-convert-json-to-yaml`` tool to convert the |
* Q- u# ?3 Y# I/ x5 ]& || existing JSON-formatted files to YAML in a backwards- |
9 @- L. x0 U2 g8 c2 u& O: ~| compatible manner: https://docs.openstack.org/oslo.policy/ |
" d! O6 V7 g6 A| latest/cli/oslopolicy-convert-json-to-yaml.html. |
' m3 U- d" B" j% u+----------------------------------------------------------------------+" Z/ B8 S, z8 N8 f+ e6 t2 G. q' l
这里可以看到Policy File JSON to YAML Migration的结果为Failure。这是因为在Placement中,JSON格式的policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示,使用oslopolicy-convert-json-to-yaml工具 将现有的JSON格式policy文件转化为YAML格式。
# m) ^% P- H/ V1 q+ Q0 n5 W% B9 e1 Z4 K
oslopolicy-convert-json-to-yaml --namespace placement \
. W/ I4 u' K1 ]9 P7 K2 I7 u; p3 [ --policy-file /etc/placement/policy.json \
! k& p# g& y/ O$ q; e7 G0 a --output-file /etc/placement/policy.yaml) W) [ |! X7 }, E! r& ^. ]
mv /etc/placement/policy.json{,.bak}& P% Y5 y! ^& D6 W3 f. Y
" S0 g+ ?" n. T& b; z: D# x注:当前环境中此问题可忽略,不影响运行。0 l9 e6 @8 _ q' B$ {
3 A# j' i; @- k( ?: k0 Z& C+ g5 G
" v. u; ]! v1 N1 b! H# P5 {
* [' ]; B! l4 ?: K2 z: k5 d3 GNova¶
4 q1 h7 ]4 y8 c* b- x+ U/ l/ P6 g7 }( {& wNova是OpenStack的计算服务,负责虚拟机的创建、发放等功能。/ S8 \% `' ?* k, P$ O7 h9 Q4 i
& s8 J! y+ e% ]Controller节点
5 K6 w: O- b9 O% |
! m* U/ _4 n: ^! l在控制节点执行以下操作。
, h; R8 o6 ~0 x; w$ K
& W- j8 {' t$ v7 s8 P) _& y7 a创建数据库
$ q9 j9 H ~, w- c$ S1 m$ _9 d9 M. G& F# k" ^3 }& E/ N
使用root用户访问数据库服务:6 {4 Y5 F- y* C
+ f# J- X% m0 {! i& y) g" b
mysql -u root -p
$ U. [2 i6 a9 K- _9 R创建nova_api、nova和nova_cell0数据库:
l1 B$ ^6 T8 z/ H& P2 V& x" w$ c0 ]: Z C
MariaDB [(none)]> CREATE DATABASE nova_api;5 o5 J! h: i% \6 {" q9 J% ~ l
MariaDB [(none)]> CREATE DATABASE nova;4 S8 q: l( M5 r, G) J$ B: G7 f8 P
MariaDB [(none)]> CREATE DATABASE nova_cell0;
1 Z+ @; l Z6 V# Z授权数据库访问:9 P* @5 n) e5 M9 M% N
0 R Z( Y4 u7 C1 z2 FMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';- V! y% N2 R! O- O+ s
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';7 u; P4 _4 Z* m
- N' Q! @4 Z |MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
7 e) V! S, X* v: }+ ?6 m6 F2 PMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';. `- s/ Q, n0 d+ p2 G7 g
1 [5 Z' c. |% ~6 p- \! T( [, [5 {
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
* O1 j1 H/ ] R0 ^1 d2 SMariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';- v3 G8 ]( T. M1 F, F& }! J
5 B9 m! }3 I: [, M3 {
替换NOVA_DBPASS为nova相关数据库访问密码。
6 @/ @' m. z8 a+ D; a$ R
2 y2 e' c3 I) M5 P( }0 e7 e退出数据库访问客户端:
* p& m3 V& F) b; P: z! V8 T4 H8 t+ z: L
exit
* E6 R2 |3 J& K9 j* ~! Y& F# Y配置用户和Endpoints
* M3 T5 ~+ c) W m, [/ s3 B, ~/ T6 \6 T
& e7 B7 x& Q2 H% P4 n2 }6 `6 Z' ~+ gsource admin凭证,以获取admin命令行权限:
& Y: O$ W* r) `- Y, c8 ]5 d2 K% D
) Q% J7 f: X! ]! ^- e. nsource ~/.admin-openrc: y5 ~$ g; C$ [
创建nova用户并设置用户密码:; Z) O7 t! Y6 _0 [* A1 j9 T$ K/ E
' T4 m& ^9 A! v9 E7 Vopenstack user create --domain default --password-prompt nova
+ {4 z% H4 d: g7 X9 [0 b
; X) w9 k* P; d$ G2 N( V$ KUser Password:
! T* `% n+ k/ p9 GRepeat User Password:
3 i X9 K5 ?4 b. F9 O E) g添加nova用户到service project并指定admin角色:
& H% _, a/ o1 V; \: h O! o8 S; y5 R2 s6 X. E' s, ~( s
openstack role add --project service --user nova admin G; I3 t) Y1 I. _* p i$ l
创建nova服务实体:
v* g! e! p8 |9 n, X2 p' j& ` w$ S( v: K) z
openstack service create --name nova --description "OpenStack Compute" compute2 S' A, y% B# N2 ~3 A/ U# j
创建Nova API服务endpoints:: Q$ ?* `' E$ S+ V. i7 I
, \' _; ] N# n3 u" [$ `- D0 Jopenstack endpoint create --region RegionOne compute public http://controller:8774/v2.1- y( P0 h/ ~/ W: T: u8 I6 U* m% M
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1. a( a, d7 z7 \: {# t( K6 Z9 L
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1) J; m. K4 c- \. u$ H7 j7 M, U
! k: B" D+ z1 X安装及配置组件
! M- \' g7 O: n4 K# B( O
6 U6 t& I3 |5 `! E6 z安装软件包:# p: N0 c1 C2 x% d `# `* i. m: w
8 Z" m: f+ t6 w/ s3 u
dnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler9 ~/ ?4 j; l$ ~9 p+ e& l8 x1 f% H
编辑/etc/nova/nova.conf配置文件,完成如下操作:- }# h8 F( g* \7 b' u6 v' H
; o% F1 V: P) \
在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir:
' v R6 x1 |# N6 y+ B6 V ?
1 t+ W8 B m+ c4 Y9 g[DEFAULT]
) {% B0 t' r, i: ]9 Henabled_apis = osapi_compute,metadata
0 C+ |- I8 K7 O9 N) K. O# i% Etransport_url = rabbit://openstack:RABBIT_PASS@controller:5672/1 ^0 K6 d9 d- e+ b+ j
my_ip = 192.168.16.2
3 q: ^) J9 M/ U \6 ^5 Dlog_dir = /var/log/nova z5 x0 ?8 z( F1 c! Z2 z2 D1 {* a
state_path = /var/lib/nova
6 j% b0 J! ^$ W" l' i% _
% o$ ^8 Y W2 A$ V+ E. f1 r e# C替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
; `' d& W. t3 v+ }8 e& Y$ K) g* n; T7 N* a
在[api_database]和[database]部分,配置数据库入口:' X4 Z" ` i; d$ t' c
( S4 z/ e1 n4 G/ H; I$ u[api_database]- a+ ?+ K" r; o7 m: M
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api% V; Z9 D0 w: J* ^2 k4 z2 k# q
' C3 f1 J* W5 c Y* P' z[database]8 c6 W1 i+ `- `
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova* s+ z! H, h1 T# ^8 L8 v. F; `
替换NOVA_DBPASS为nova相关数据库的密码。
3 B0 I6 G' O, C9 G+ N$ z8 D
- O: s( [6 `9 G4 K2 X* e. m% B在[api]和[keystone_authtoken]部分,配置身份认证服务入口: ? N/ V7 z/ I/ v$ a6 k
0 L7 o- g# ?" ^ b- c# b' C[api]/ o0 ?4 M" Q H7 h
auth_strategy = keystone0 _/ f. z7 C6 [( I ^
6 J, j: x% i& O( ^4 N; x0 `[keystone_authtoken]
5 b5 ]5 l* N0 @# d+ @+ k8 xauth_url = http://controller:5000/v3- Y' ^- m$ n( {) B
memcached_servers = controller:11211
/ g X& ?! }+ Y$ R9 N% `) h1 v, vauth_type = password* P+ o( _9 k( @% v8 [
project_domain_name = Default
+ P1 @( L& w: i- N+ Cuser_domain_name = Default' `8 J: t) K; o$ u* M2 c
project_name = service
1 u& _9 m k4 F* P" yusername = nova, A+ f2 P* ?" J/ M+ }; u, I: H
password = NOVA_PASS/ v1 i5 u) {7 z
替换NOVA_PASS为nova用户的密码。
6 E( H+ X& o- [- d* b7 c ]+ E, I7 z6 _6 {& q. I3 }
在[vnc]部分,启用并配置远程控制台入口:
7 Z. j8 t6 ^) ]* M3 n1 ]! ]1 H# H4 J* f+ g
[vnc]! \5 ^+ ^* H+ e7 y7 ?
enabled = true# X* \( _+ q7 O. D3 X" e
server_listen = $my_ip controller " m9 n4 W7 P$ s8 z. w# D6 d C( p
server_proxyclient_address = $my_ip controller; ^" [4 r7 M$ U/ ~
& f+ L: T5 Z3 K9 X0 Y4 G1 ~
在[glance]部分,配置镜像服务API的地址:
# B; z+ {. z {
! i' c5 x7 a7 A9 x* a[glance]# x9 ^3 w [9 u' T2 C$ ]) `* O
api_servers = http://controller:9292
0 c2 r$ t9 D* y1 `/ C* u, | n' m( H6 h
在[oslo_concurrency]部分,配置lock path:+ v! z! h$ l+ S9 t
+ C5 J1 U3 `( @) [. @; E& q
[oslo_concurrency]
3 A, W0 Z! H0 v8 ilock_path = /var/lib/nova/tmp
1 ]4 C4 x' \! {/ o[placement]部分,配置placement服务的入口:4 ~8 o- N6 G$ Y4 t1 w0 [. x+ q
- ]- t1 j7 ]3 a[placement]
" J' S$ q5 d, T6 pregion_name = RegionOne
5 H& Q9 a- k. eproject_domain_name = Default9 ^1 w: b v" l( C; h# `
project_name = service
1 H( s5 C! a P" T; Y) yauth_type = password
. Q! w. q8 _2 Zuser_domain_name = Default9 F; b4 o+ q+ j0 w
auth_url = http://controller:5000/v3* O" e$ Q5 [- E0 r: x/ C; t
username = placement/ [; Z2 g. z0 f9 b( G7 H/ n
password = PLACEMENT_PASS: ], B' L; h) N3 z+ s$ Z
替换PLACEMENT_PASS为placement用户的密码。- f# u6 C9 {7 z: Y! q7 A3 J
) i" x9 i. _4 u, {# M; q$ n5 {- o数据库同步:7 l9 g& y$ c1 N0 K' j }' w
9 J* b) J; ~0 S% t同步nova-api数据库:% t! q+ F' W& x& I- b' l; Z
& K2 l; m {6 {) A7 V4 Fsu -s /bin/sh -c "nova-manage api_db sync" nova7 @0 |7 B' P: |* S) `
注册cell0数据库:- C* {* h2 Y1 s3 Y4 I, _
+ s$ V) \/ U& g- O+ ]7 v; csu -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova& d% `3 B) F7 X# X* a* b& A
创建cell1 cell:
7 [1 i2 e, R) q& Z% {$ i$ G$ Q, W* @2 c8 O, J3 X+ _
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
6 l* m' f0 T% x/ y' Q/ ~+ Q% H同步nova数据库:. p( M9 O9 }' y
; s& e$ w) P$ g
su -s /bin/sh -c "nova-manage db sync" nova
' q" S2 |& _- p* h# ~; [验证cell0和cell1注册正确:
" m% e0 a" G; [3 Y# n$ O4 S6 Y
( M1 ~7 F9 O+ [( _su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
# E# t0 g& v- B) [启动服务1 h1 @, q1 U5 ^1 ?9 e; M+ j/ l& P5 T
) O' s$ _' s4 M9 v
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
' k$ s+ D8 x; R3 q/ x! S" `5 a& j3 m$ c |4 W8 Y8 h$ D
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service% v b) d/ q* C$ n0 V J* |' ~
( g) U l8 r. l* w( L3 TCompute节点9 z* V' s( _8 r3 d. @
5 N1 X! O0 _' l _* t7 W1 y
在计算节点执行以下操作。
) R' |8 {* _% l! B% i
. }/ X' m. g: G3 D安装软件包
9 p9 I5 N7 h' u- w' u0 k7 z2 T6 n- ]* g0 Z$ |
dnf install openstack-nova-compute
, ~4 T: ^& @: U1 T K& T编辑/etc/nova/nova.conf配置文件' Z" t# ]3 r# l5 q
5 m, j5 D: l! k! r {; F在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用Compute节点管理IP配置my_ip,显式定义compute_driver、instances_path、log_dir:
' ~% L8 Z) l" ~3 U: V
2 k0 x" h; ]& a' N. z& V[DEFAULT]5 B- _2 ^) W# m: n- h0 q3 U4 M* D
enabled_apis = osapi_compute,metadata
! m+ B/ L! _4 rtransport_url = rabbit://openstack:RABBIT_PASS@controller:5672/3 ]/ o& O$ [' ?
my_ip = 192.168.0.3$ p& D4 @6 ^0 e$ Y8 I
compute_driver = libvirt.LibvirtDriver- \' q' d( m% o, Q
instances_path = /var/lib/nova/instances0 n! y7 N& Z( j/ `
log_dir = /var/log/nova
/ V% }8 Q% m3 F: g4 I替换RABBIT_PASS为RabbitMQ中openstack账户的密码。
+ a. v8 a' [, s! l: C8 n" t$ J: L. a+ E4 v, I* v) B4 A; M1 B
在[api]和[keystone_authtoken]部分,配置身份认证服务入口:% A# A3 S1 L, T1 `, n
! T/ d9 J; u- j7 @2 w0 p7 c[api]
+ W1 r( q1 i- W8 o/ d" M6 oauth_strategy = keystone
# p3 W8 q$ K+ \& U9 y! S6 J- y! R K# L$ T
[keystone_authtoken]. [7 }( N4 E0 x, W/ F
auth_url = http://controller:5000/v3
4 ^0 B7 E' b t! b& A" |% f6 amemcached_servers = controller:11211
3 q+ i) V$ O% z; `auth_type = password$ o5 Y# h: g( Z5 B) W
project_domain_name = Default
" _0 k O$ D, n: Duser_domain_name = Default1 J# Y* Y4 L7 W) |* U% N9 V
project_name = service9 [2 h9 M; x( \9 f+ m
username = nova
. R3 L* f% B M: ~+ \& y. Kpassword = NOVA_PASS/ i2 U( m* H8 H2 E7 j; x$ ^5 V
替换NOVA_PASS为nova用户的密码。
$ A: I" u0 T; z
/ m; m! m3 G. U0 i/ E/ [9 O- x在[vnc]部分,启用并配置远程控制台入口:
) a |9 m9 i/ K+ v4 Q9 A" m F& [. Q( m$ \5 P, U4 l8 B
[vnc]& H7 O+ ]4 @' s; |* g
enabled = true
9 s7 r7 X7 }8 a% B! h; }9 Gserver_listen = $my_ip8 }, L; R0 g3 A0 W2 B6 \
server_proxyclient_address = $my_ip$ ^4 X" x% b9 I2 F
novncproxy_base_url = http://controller:6080/vnc_auto.html0 r) B7 |# ?9 F; }% n& @2 y
在[glance]部分,配置镜像服务API的地址:
6 T2 ^! ~5 M4 |8 f, J
; L& p+ n! r6 Y0 f# m1 p4 S4 m[glance]
4 f/ ?. ~ h: Q+ M7 C, `. Wapi_servers = http://controller:9292
i r3 d) i; r8 K0 B0 g在[oslo_concurrency]部分,配置lock path:& i9 e3 O5 I5 n9 p) k) B( l
]) J' c0 X0 G' [8 v" {' x- s
[oslo_concurrency]. L3 K+ I0 B+ K% r" k3 z+ r
lock_path = /var/lib/nova/tmp
: s3 \1 l" e$ w, M3 H[placement]部分,配置placement服务的入口:( Q) G- t( r0 E
0 A# {8 J7 `- I9 Y# |* ~[placement]
; ]& T2 y, J& y( Y& r K% wregion_name = RegionOne
c* V5 O; d& t& m# k" |project_domain_name = Default8 |# ^2 [' l" m
project_name = service( N$ N/ @' J! L, P
auth_type = password
3 i: k# B+ I5 v/ O! H- Juser_domain_name = Default
: _, g# j( J5 Y; a" q- c- oauth_url = http://controller:5000/v3' L6 X! B: G$ v
username = placement
+ o U0 _# y# J V+ ?' z @0 e! d) ^% `password = PLACEMENT_PASS" w; k% t3 F, [ n/ U; E
替换PLACEMENT_PASS为placement用户的密码。" X6 I$ U8 }! t$ `2 N
1 Z L# _5 P% r x/ u
确认计算节点是否支持虚拟机硬件加速(x86_64)0 W; ~; g8 j9 A( f" t# B
% z. f2 S1 G# A5 |2 ~# }2 `- f3 e
处理器为x86_64架构时,可通过运行如下命令确认是否支持硬件加速:
; J, m+ n1 ^7 a; }5 S5 I6 ?8 a5 _; J9 L6 R. R- b: v
egrep -c '(vmx|svm)' /proc/cpuinfo g+ F0 D+ _8 E7 S
如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:: N3 F- ?2 K. k7 x; r
s: n0 ^# A! `8 K- _" m. Q[libvirt]
( V1 ^" |& |5 o) n* Lvirt_type = qemu" ^" b. {, l/ C8 J
如果返回值为1或更大的值,则支持硬件加速,不需要进行额外的配置。" u( z$ v0 b' C( o0 G6 j
5 d; y& v% ?1 r- }; E确认计算节点是否支持虚拟机硬件加速(arm64): p _' Y5 ]1 v9 @% {3 a
& m4 f% {- x. ^; k+ ]处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速:
$ S- ]) |! A" q' [# n- ?- u" E" L5 s% H% l( }( h. o% ]
virt-host-validate. `8 `6 O; r. Q. G* R% D0 V) f
# 该命令由libvirt提供,此时libvirt应已作为openstack-nova-compute依赖被安装,环境中已有此命令
" r' S! n- Y# m8 W显示FAIL时,表示不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。
' I: L/ N+ @" Z3 i( \5 c0 z6 |! D9 p. x# r
QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded): j; j" v# W! Y/ D% |
编辑/etc/nova/nova.conf的[libvirt]部分:! f( V; g, k+ `" A2 J
0 h+ f0 a8 [# U5 i
[libvirt]" y9 W5 a- T- c
virt_type = qemu
, V, J( G; m9 h4 U' U1 Y显示PASS时,表示支持硬件加速,不需要进行额外的配置。
e: f+ u7 Q6 \ q9 O
; t* ]$ M* Q6 \% S* CQEMU: Checking if device /dev/kvm exists: PASS
4 ~' a& f$ Z2 F2 B配置qemu(仅arm64)
: ?3 k, A# N' ~! K# |# [# e- [, f; K5 y* j3 f
仅当处理器为arm64架构时需要执行此操作。
2 ^2 j( J3 C+ {* X: ]/ v
% H+ @6 I# `* C4 H5 F& U编辑/etc/libvirt/qemu.conf:2 C% C6 n( {: {0 J/ ?
/ p+ R# |9 p; P' y+ l- c
nvram = ["/usr/share/AAVMF/AAVMF_CODE.fd: \: ?. H# w, V1 L% ]8 l: A7 {: ~
/usr/share/AAVMF/AAVMF_VARS.fd", \; X+ W+ D) L4 ^. H0 e
"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \
0 ~: E j8 @* o0 n /usr/share/edk2/aarch64/vars-template-pflash.raw"]% y8 ?" u# L. ~# K" ~: D& A
编辑/etc/qemu/firmware/edk2-aarch64.json
; z2 {# a6 i! c( V7 r1 |0 o7 c# C$ ] q
{
/ i( j. z; H( | "description": "UEFI firmware for ARM64 virtual machines",
7 Q+ V9 g; s- }& J "interface-types": [1 G. B- M5 G5 H0 Z1 Q0 x! S
"uefi"
/ M2 {4 k6 P2 S! I" a7 D ],
" ~$ f7 r6 s& ]$ a "mapping": {
1 ~5 q3 f/ P/ K0 P: q3 D "device": "flash",
" W6 z* `$ @' l; ~( d "executable": { M( `$ x" l% Q+ D" N( j
"filename": "/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw",
3 q4 A+ V* O. Z$ a2 I+ O/ p3 g "format": "raw"( V9 t8 @6 O; G7 D$ p( C: p
},
& g8 N9 h5 z$ E3 f' w "nvram-template": {
9 Y) [$ T' B+ g. o "filename": "/usr/share/edk2/aarch64/vars-template-pflash.raw",9 t3 W% C: x- d( k
"format": "raw"
$ ]& K: Q7 U& y5 ~ }
# G2 X/ z9 w) H3 [9 z( p },1 w( c4 R, O1 P- ?. d
"targets": [/ I" S" [ z# ]' g% ?7 |
{" }5 {# Y' @4 P4 y$ x. P1 v
"architecture": "aarch64",1 \6 h( B+ Y* a3 B6 m; D
"machines": [( q6 x! Z& l( l3 P% ~$ p: h8 V+ ?
"virt-*"
2 }0 m+ \( W% \5 e' E% R! T0 d ]
1 N# I( c; h+ Q7 u/ a9 \ }
) Y8 Y/ L6 x( a9 b4 L ],
( s! C- G4 q1 D' K3 q "features": [+ Y% A: S Q' ^/ K' W0 m6 Q+ y- o( @
( u0 `8 s, J% L2 n! m! p ],/ C) K- X8 e/ V/ Z9 S4 m1 W
"tags": [
! ]" }$ i8 [& B5 C
4 S- I9 A# z" Z/ o: p# ]# m, F' l; T- H+ S ]
0 D, H% `( Q8 C1 o1 i# e! Z}4 N6 V4 }: }4 a* s% U) i2 U
启动服务7 s5 l( N: F6 R
; c' H7 [& X; M7 M5 A% Z- u
systemctl enable libvirtd.service openstack-nova-compute.service/ l5 O* U3 K3 l/ s
systemctl start libvirtd.service openstack-nova-compute.service* P9 a" I( A5 q& G# R2 J
Controller节点' v8 J) m }- N5 f8 w3 g* T/ I4 m
; i6 f/ s- J4 [8 ?2 Z3 u在控制节点执行以下操作。
) D" W) b% Y1 i) @ x
6 `6 T- v- {, @& ], g" V添加计算节点到openstack集群$ {1 f: h5 O" H; ?
/ i0 R* l7 M- ksource admin凭证,以获取admin命令行权限:
L' O/ k$ Q G; ` N4 ]3 x2 f$ x, b" F$ e! Y
source ~/.admin-openrc
0 Y% d9 E6 ~9 \ u* a2 ^( I5 @确认nova-compute服务已识别到数据库中:
) K& v0 y3 `; Q
* ^, _4 a. f2 v/ e4 B2 _3 t* Iopenstack compute service list --service nova-compute
1 s- ?3 \( Z3 \3 x2 |7 H, _发现计算节点,将计算节点添加到cell数据库:
/ j' p- H5 A U/ i9 l7 e
/ s' P% o2 V' t+ i5 M0 Wsu -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
: A# z2 w- V2 V' x+ a( o结果如下:. n6 v; C7 [4 S
Modules with known eventlet monkey patching issues were imported prior to eventlet monkey patching: urllib3. This warning can usually be ignored if the caller is only importing and not executing nova code./ @$ }6 M. j8 {$ u4 c4 e4 o8 p
Found 2 cell mappings.
& y1 p- Y3 `5 v& \Skipping cell0 since it does not contain hosts.
* T) p4 ^5 C) Y% e( F4 X( k4 n- KGetting computes from cell 'cell1': 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc20 L' @% Z0 q" j
Checking host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e, P+ N0 U% I: U9 d/ X
Creating host mapping for compute host 'compute': 6286a86f-09d7-4786-9137-1185654c9e2e; | }9 |$ I2 X' C* f( T
Found 1 unmapped computes in cell: 6dae034e-b2d9-4a6c-b6f0-60ada6a6ddc2+ ]# ?( i6 B( l) f4 ?. H* [
验证# j6 W3 ]+ Q& q( o2 Y9 K6 P
( \6 }) G% s" s4 z1 U2 I
列出服务组件,验证每个流程都成功启动和注册:
0 f' ^0 | K8 dopenstack compute service list
! M; \/ r6 y/ X% D% y列出身份服务中的API端点,验证与身份服务的连接:
" k" ?7 a1 q- |. _& ^openstack catalog list
* d, O% C4 U' b( C) o列出镜像服务中的镜像,验证与镜像服务的连接:9 B2 g" A4 o2 z) r# _+ |* f; c
openstack image list
$ T; x ?, x8 b. D检查cells是否运作成功,以及其他必要条件是否已具备。
* @1 Y% ^+ w ?" F% H, cnova-status upgrade check7 v5 e. }7 n* s# _, H3 Z
Neutron¶
: c! O8 C) U7 l& P& d$ ]: ZNeutron是OpenStack的网络服务,提供虚拟交换机、IP路由、DHCP等功能。
9 d) D5 P+ v/ ?( h9 Y& e: I
# F. E2 f1 f; J) JController节点
' K* S6 ?% m: u) P9 D2 i
/ d* r+ T1 _1 \/ C( n创建数据库、服务凭证和 API 服务端点
" `3 j1 ]/ E4 A" x# f0 C j6 c0 l0 O) K i$ g% e$ \
创建数据库:- G- z: t* q2 ~
$ n# Y! b \. I$ }
mysql -u root -p( L S' _) |6 Z+ X: n: n# P
& p* v( K5 y1 F# @) ^. V3 x) l0 OMariaDB [(none)]> CREATE DATABASE neutron;/ W# s4 ~- {- q) f
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
7 ^) U1 C- B6 h$ [MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
- V4 w# E& W8 H: T+ cMariaDB [(none)]> exit;
p: f# n, ~6 T2 G创建用户和服务,并记住创建neutron用户时输入的密码,用于配置NEUTRON_PASS:
* _" J8 Y% m' {( Z1 m
- U2 T- _5 d1 I4 h) N! Z. Qsource ~/.admin-openrc
. O* b5 g/ Z# x) ?3 Nopenstack user create --domain default --password-prompt neutron
' f" M( ?; W" I% popenstack role add --project service --user neutron admin
W6 f% E0 d; x! ? \openstack service create --name neutron --description "OpenStack Networking" network/ G# A. y6 F/ ~+ g$ Z& Q( p
部署 Neutron API 服务:1 d, \2 [: s% ^: n/ [2 x# ~. a
' V0 O9 R+ O" C G8 P% w8 |, J
openstack endpoint create --region RegionOne network public http://controller:9696; B+ v) Z) T4 j# `9 O, u
openstack endpoint create --region RegionOne network internal http://controller:9696& D- q g9 T3 H8 u
openstack endpoint create --region RegionOne network admin http://controller:9696
& ^0 s, X# C2 W$ w# \5 d: `( U( g; D安装软件包
9 b+ `" d9 B/ ~. K, K$ @# y& a
( D! B1 a, T; t: |% M1 Pdnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2
) e' e( W8 g; q6 E4 j3. 配置Neutron5 i( X* X- Z3 u4 Q: ^
修改/etc/neutron/neutron.conf
" ~* X2 a1 v) Q" l& i! r l$ Y; X9 L! [( H3 I
[database]
' W% l' D c, [: V, v) Qconnection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron) t$ E/ v# O- R. J* [1 j3 @# G' \
! }" A3 A4 B g* O* r* b3 V4 `
[DEFAULT], f, s4 L5 t1 j
core_plugin = ml2
0 O$ c2 U& x$ nservice_plugins = router
+ V4 d7 E, h6 w4 z6 oallow_overlapping_ips = true' G0 i) C1 G9 z
transport_url = rabbit://openstack:RABBIT_PASS@controller
7 O/ z4 w# Z3 B& v- Kauth_strategy = keystone( j' @( `; l* L- j4 ]" G6 J
notify_nova_on_port_status_changes = true
( {) y$ S9 Z4 L+ `5 J& Znotify_nova_on_port_data_changes = true- |0 @, c0 u, W; R! j
- @, U& Y6 I1 K5 Z( ]$ S1 Q[keystone_authtoken]
+ z+ E- v) J! B {' ~www_authenticate_uri = http://controller:5000
* _* t/ K! Y2 o/ q8 q5 Dauth_url = http://controller:5000
: D+ @/ s' R+ h( P+ t: F* wmemcached_servers = controller:11211 B. { v. f5 Q$ h
auth_type = password
9 P1 z6 Q+ k- Rproject_domain_name = Default
+ C0 g6 S! |) {& B: l7 _user_domain_name = Default. I5 }7 t9 j3 l* E
project_name = service2 {6 o3 F5 w4 }% g/ O: r9 b- W3 x
username = neutron
% o: v$ |2 k3 Q+ r% `" k( ?password = NEUTRON_PASS' \5 S& r# O, ^9 c
7 ]" d' {- X* Z7 u9 N[nova]
' t0 n/ W% T% F; s, o! Rauth_url = http://controller:5000
3 a. U3 f' g8 p2 j. E. d1 r$ A1 iauth_type = password
, C2 ~6 m' S% f* _, s7 `) f% |( A0 Xproject_domain_name = Default+ C" F0 ~( \. G
user_domain_name = Default
# S+ M1 j: _% }2 J- v8 l) v; P b3 C8 v! rregion_name = RegionOne h0 K8 O5 D- y8 O) R7 S! y8 r3 {
project_name = service
' a9 D; G! P8 Xusername = nova
. R/ j* ^5 A! S2 L, Gpassword = NOVA_PASS
3 g. @0 v9 ~/ D- f( O9 e# a" S7 f( o: b, ~- Y6 p
[oslo_concurrency]
6 h: ]: X8 m* t9 i1 v4 \+ w1 rlock_path = /var/lib/neutron/tmp/ `. o; i p: q' ` y: E4 x
& ?( p! V6 Z( w3 o[experimental]
" n) v4 G j% R! s+ @3 Mlinuxbridge = true9 j( I1 P; }3 g6 S" f' g
配置ML2,ML2具体配置可以根据用户需求自行修改,本文使用的是provider network + linuxbridge**
1 D# Y# V, X1 i9 [8 @9 h0 G
7 F* f" V% o2 r9 ~& | _修改/etc/neutron/plugins/ml2/ml2_conf.ini
3 ~$ [( F; U) E) S. M; [, ^
7 `3 N8 r$ C7 \$ ^6 @2 q G[ml2]
/ L* I# c6 B6 @type_drivers = flat,vlan,vxlan
/ V* @6 K( b4 ztenant_network_types = vxlan, j* n! c1 }* t
mechanism_drivers = linuxbridge,l2population) S; `3 J) }' _+ i) R4 c2 E1 `2 Y" ^# i
extension_drivers = port_security
! I( Z% O# i2 \0 D" {) C& A6 `
+ R2 W& ~5 d: r7 x. U( f) @" S: ^+ B[ml2_type_flat]
+ ?9 C- t& [3 I; E% r4 kflat_networks = provider
3 z! ]2 O* `1 s2 A) M1 q& c7 C6 e+ ^, j
[ml2_type_vxlan]
8 U1 q& _# O Q1 M* lvni_ranges = 1:1000
. T4 m' d1 [4 H( k3 a. N4 q/ X I: C7 p& z' [
[securitygroup]
. `' h+ U: D8 f( e6 H9 y# nenable_ipset = true
9 k# f, F- l/ x* X6 u修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
8 }( I7 u% F$ c# l9 Y Q% i# k+ r; a: q; a( j: R8 _
[linux_bridge]
/ W' x) r3 s0 j! g3 S" @physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
- G. Z u2 o$ z' [+ _0 P
! n1 u- R* c0 D0 k[vxlan]
# l5 l/ N# C; X- B K5 Henable_vxlan = true$ q0 A7 m& V" {0 K
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
; A4 h& {& N6 h4 C, @) X5 Vl2_population = true. C( I/ C0 n- C4 M
0 c: d# g, c( q U9 k6 e; V
[securitygroup]
. e; c& Z, K$ ^enable_security_group = true7 H* d% X0 n. M6 ^' e8 e( O
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver J: D1 C: a+ H- F c" C( o$ d8 ?
配置Layer-3代理# j# s5 Y" T0 v1 f3 ?. x0 Z" H9 C
- W5 |# _5 m! @ q, w2 F
修改/etc/neutron/l3_agent.ini
8 D( ^# v6 x+ M/ t& `1 T
: `, A: \- e l8 J7 x+ Q9 W7 U4 M# ^[DEFAULT]
) ]' g( f9 ^' j+ j: l |: p6 Xinterface_driver = linuxbridge$ D5 E5 v- b4 m5 `
配置DHCP代理 修改/etc/neutron/dhcp_agent.ini
2 `+ E8 a- n: z+ y# I6 ]& d* ?. K: O0 J8 B s' p/ z
[DEFAULT]
1 Z+ O5 P9 S; B$ q7 E1 @+ V0 ointerface_driver = linuxbridge$ c- S1 L ~/ {% F S! N
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
7 G) C$ J2 O ^6 G$ eenable_isolated_metadata = true
7 K$ }! X) ?4 O7 N% ^4 O配置metadata代理
4 R3 p, F3 @7 d" x: M0 S
2 r8 L! t" f" M% u# z8 ~" N! {修改/etc/neutron/metadata_agent.ini
; g/ i. ]0 J. }7 z- A+ Q! ^$ O( h7 H* \# c$ f% o
[DEFAULT]) Q' A4 ?& I; [7 i
nova_metadata_host = controller
3 y. ~* X# Z% lmetadata_proxy_shared_secret = METADATA_SECRET2 w- o" {, |, R2 U: S; x0 J
配置nova服务使用neutron,修改/etc/nova/nova.conf1 S9 f1 _& R2 d
[neutron]8 M# H/ a/ Y9 T8 ?9 x( ?
auth_url = http://controller:5000
Q$ f+ j$ Z! aauth_type = password
2 F8 b% @# p. r+ _+ dproject_domain_name = default/ ?& q4 f; R" G* l- @
user_domain_name = default
- }+ C# V/ U/ Z3 q0 nregion_name = RegionOne( m7 H/ x1 l+ N8 h; M! r6 I
project_name = service- B& p7 g0 f+ T; W& S" v; i
username = neutron% H" b3 w$ x0 w
password = NEUTRON_PASS! i5 V8 v1 A- Z k5 a+ N% Q
service_metadata_proxy = true/ y2 q. {( f3 z$ k( C
metadata_proxy_shared_secret = METADATA_SECRET* Y. Z2 w+ ^! k; q9 D9 M7 N
创建/etc/neutron/plugin.ini的符号链接
/ j9 C+ z3 e$ Q/ L6 j8 k
1 d" m3 g# V' ?ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini5 Y! X4 } e1 y- Z
同步数据库7 m( ~: n! S7 y5 s4 l7 W% Z
7 I' g2 B$ ~8 K. ^/ j+ N5 _su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron7 i3 g4 a9 X. R* D1 r [# L
重启nova api服务8 G, T7 q3 N- \; F' o4 g m
systemctl restart openstack-nova-api- {' Y* M$ ]' n- a, G& |# V4 }
启动网络服务
5 _) ], O3 ]" l* M% R
W, y5 m* t8 I' h8 L& @systemctl enable neutron-server.service neutron-linuxbridge-agent.service \* @2 X% T& w5 d. h( r- f; C
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service" j0 s2 l* |; _' O! v1 I
systemctl start neutron-server.service neutron-linuxbridge-agent.service \, J% b( A z# d7 E" z
neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service+ |0 n, X9 X1 S) U; ]
Compute节点
# s& ?, ]0 c0 o; F4 p: r" r& s/ l
, b/ r- E* o6 i' E4 t安装软件包
2 e" U# u2 U4 l7 R4 i: ndnf install openstack-neutron-linuxbridge ebtables ipset -y# g7 \9 Y; f: P5 y
配置Neutron
. R# e: R6 W* @+ }! @- k0 U$ d1 ~! s' X$ ~, L0 i
修改/etc/neutron/neutron.conf! k/ j! c; x& r7 B; ~0 J
4 V" M( `$ A+ x[DEFAULT]
0 T3 V$ b8 G5 B1 A8 itransport_url = rabbit://openstack:RABBIT_PASS@controller# l3 f$ w1 Z% e5 J) ]/ O
auth_strategy = keystone' Y: `9 Q. r \2 H s7 _
5 ^, Z+ I! r4 N& D7 }# y* n[keystone_authtoken]
9 w' D/ X% f$ q9 Z5 swww_authenticate_uri = http://controller:5000
' |+ e9 y, v8 H2 [auth_url = http://controller:5000
% I: a/ b+ y1 {4 W/ Tmemcached_servers = controller:11211' F; J& J5 Q: X' u& O! F: x
auth_type = password1 N; |7 | `0 T" i
project_domain_name = Default
6 j+ M( a( x! r$ @user_domain_name = Default& f6 v2 v1 S- ?" |7 i- A; i
project_name = service" ?8 j- T r) Z% C! A; I
username = neutron1 l d. M9 y5 e9 c: h# _- L/ V
password = NEUTRON_PASS% r' b' `& s0 K
3 a9 K& [& u; x: F( t: _
[oslo_concurrency]( m2 U% ?% o/ A8 ]* f3 c
lock_path = /var/lib/neutron/tmp
! `. w) N( `' Q @" A! Y修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini: y/ ?6 g6 L( _, W7 i! R% k f7 p
. Y9 {, n7 u% R& o' A* ^, a[linux_bridge]
0 W, X3 a P1 |4 \+ m% `4 i& rphysical_interface_mappings = provider:PROVIDER_INTERFACE_NAME5 E& P8 Z: Z+ w3 v- q6 M
8 i0 Q6 M( ^2 o) ?2 A) ? j; D+ @0 `[vxlan]
! x% E2 k$ O& zenable_vxlan = true
: k% x' d2 c: y9 J) F7 @$ I; Olocal_ip = OVERLAY_INTERFACE_IP_ADDRESS
+ ^2 C! `' k" }# A% O3 |l2_population = true5 _9 S! @# [1 C7 U" z1 y
" T9 H: @ L3 D( {' u0 D4 d[securitygroup]
* W% [) Q- W: g* D( T. ^enable_security_group = true
' E/ d$ ?% ~9 k* u. y6 p4 Mfirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
M" w- U5 r* @( q- {配置nova compute服务使用neutron,修改/etc/nova/nova.conf
x$ x# {8 U* {6 g7 `5 M8 I
6 d3 S3 g/ `* P/ S& K2 w[neutron]
( A8 n' z6 g' Jauth_url = http://controller:5000. @( c" ]- U' h
auth_type = password0 S" t7 S) Z# i9 l
project_domain_name = default+ t9 S9 a% m# {* }
user_domain_name = default6 E9 q) f9 N: a. P
region_name = RegionOne- [. f! O6 W# V! i T
project_name = service
Q* K {& V, c* d) H5 o+ ]: ^username = neutron- X5 n' W& Q( K
password = NEUTRON_PASS' U5 f1 [- ], b8 |7 |" \/ e' e
重启nova-compute服务* H4 o6 l! o$ c- D& V. q- ]+ ?
systemctl restart openstack-nova-compute.service/ W2 ~2 y$ S& A. R: d
启动Neutron linuxbridge agent服务
4 z3 ] N$ \9 B5 G8 L1 Esystemctl enable neutron-linuxbridge-agent
& z3 [1 b- S! l( Nsystemctl start neutron-linuxbridge-agent
5 R. U/ h7 g( fCinder¶
( y/ k$ F0 h' a q8 o% Z2 E V1 ~Cinder是OpenStack的存储服务,提供块设备的创建、发放、备份等功能。8 R3 F7 N4 y9 D0 ^8 R* A
. F* E1 e$ g* A. m) tController节点: k& l1 A0 z: b- T1 t7 S
& k0 r* E; g# D. L: T
初始化数据库
5 B# j& Y) x6 M& R+ G$ \$ r& M/ h& p( z$ M
CINDER_DBPASS是用户自定义的cinder数据库密码。
! n$ S6 {3 A! F$ ^, ^, P8 C8 a/ \1 K2 l9 I B
mysql -u root -p6 j8 o& K8 B/ a, R( w6 k
+ K+ K2 ~) @$ E3 X2 Y) RMariaDB [(none)]> CREATE DATABASE cinder;4 h4 k0 B3 D! i- G
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
2 U3 K6 F7 P$ ]3 X$ e9 SMariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';0 ]8 O$ W$ P" ^( Y
MariaDB [(none)]> exit
- p7 K: T6 B* i, p6 m初始化Keystone资源对象+ x% Z' r. O$ B4 ?
8 b, M1 M& c/ b! `, Msource ~/.admin-openrc) c9 p, C w4 m# _: g
: }# z( |2 z! i" f) k0 x#创建用户时,命令行会提示输入密码,请输入自定义的密码,下文涉及到`CINDER_PASS`的地方替换成该密码即可。
9 ]& D. ?) @( P6 }. [' ]openstack user create --domain default --password-prompt cinder
) _$ ]0 Y7 e; `/ n0 Q( t0 ?# o/ ]" f& a& E: R3 N" z# _
openstack role add --project service --user cinder admin( r1 K& H1 N% D$ N$ o
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
; x' G5 ]) [( B W/ e3 @" D) ~2 E) `, _% ^' _1 F h5 u# J. n! E
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
0 N H/ Z; p7 k& Q3 `# H% dopenstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
* J; s1 R, L( m# {- \5 e! Jopenstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
' x8 {* T* {! U: ^3. 安装软件包
- o3 o# J2 ]# l# Tdnf install openstack-cinder-api openstack-cinder-scheduler
r8 C7 L8 y0 E, @$ u' j修改cinder配置文件/etc/cinder/cinder.conf. [0 h$ Y- g1 j% [6 A# ?: u2 ?
" S2 O1 K& ?* H) t9 Q9 Y+ v[DEFAULT]
* ]: Q. T& [5 H T$ _' ntransport_url = rabbit://openstack:RABBIT_PASS@controller
& S* F9 f2 |5 ^9 Q4 mauth_strategy = keystone _$ h" B. d/ X, j( r" l
my_ip = 192.168.16.2' {) y, B0 m' F/ X: ?: c
7 T/ s0 O1 C! Z, t7 t3 U, {; {
[database], `5 Y* Q) H+ V* I; F
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder% l4 z! B5 u2 ]
% z8 B( P. \2 i# H9 n) J
[keystone_authtoken]
! a7 G$ _( \$ Gwww_authenticate_uri = http://controller:5000
( R! f7 V* h- Z% p- Xauth_url = http://controller:50000 Z6 Q4 T6 U8 P. A/ u* x+ C7 e
memcached_servers = controller:11211* V* F5 L- V* h6 [
auth_type = password8 d8 @# U$ u; D4 d! z9 F1 A
project_domain_name = Default" F( ?# h4 h) K n2 z
user_domain_name = Default
Q' F0 Y$ {- ~) g+ Wproject_name = service6 m/ N0 c" Q$ I, [
username = cinder* j& L/ [- p& J0 y2 R% ]) z
password = CINDER_PASS8 k' P5 Y% z4 a9 q3 v) J' e& R
' M6 v" e, e5 E7 P7 B; G% Q; W' }" ~[oslo_concurrency]
d6 V+ e7 A5 K! U$ X: L& e7 rlock_path = /var/lib/cinder/tmp
/ U& @2 z) M% h+ U数据库同步, i- K# K& l) k% n7 i
: x$ {" P3 A8 W& i2 E$ xsu -s /bin/sh -c "cinder-manage db sync" cinder+ ^' L( ?. F8 @( @
修改nova配置/etc/nova/nova.conf
3 s5 Q _' T% N+ ]4 `/ `5 ]( ?" d7 s. {' [+ b
[cinder]
# d5 [" D& C; K) V- C8 E! I, O7 Yos_region_name = RegionOne
$ `% d4 K$ q8 x y启动服务! p5 O& {. F: y4 O
! `- j! e/ Y3 t9 o0 z; _systemctl restart openstack-nova-api
* w1 y( O( \1 {+ ^+ l$ ksystemctl start openstack-cinder-api openstack-cinder-scheduler
) j: A& w; i, L# X0 y9 ~. b5 t8 IStorage节点:
) N2 E" _6 z% d6 ]+ M0 Y4 z; ^2 O* \" {4 N
Storage节点要提前准备至少一块硬盘,作为cinder的存储后端,下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb,用户在配置过程中,请按照真实环境信息进行名称替换。7 A# g( S* W! K; l% N+ T/ f
/ m2 f& p4 s- B4 y, C# TCinder支持很多类型的后端存储,本指导使用最简单的lvm为参考,如果您想使用如ceph等其他后端,请自行配置。0 |9 ^4 F5 w/ W6 Q- S% z9 |& e0 I
" o7 L+ z1 f) ^6 G2 Z! N安装软件包
7 v! s" t+ J- ?9 t4 ]% F& m/ T% W8 t* [1 _* s# O
dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup3 F: d+ a' H0 V; m7 y
配置lvm卷组
. Y! n, W* s. v5 P/ G+ x7 ?8 U6 ?, U- y7 ]: J. v% `9 ^
pvcreate /dev/sdb
" j8 O+ V. c& M9 {, x+ Avgcreate cinder-volumes /dev/sdb4 A0 ]7 O7 U$ \8 P5 p: B
修改cinder配置/etc/cinder/cinder.conf
: o3 ?' x7 X# v- b4 ]5 ~ Z! G. L5 j5 ?& E" q( }# s
[DEFAULT]
& i ]; i9 R! V. v- u4 b( Btransport_url = rabbit://openstack:RABBIT_PASS@controller! o; \6 } \9 V/ ~* p, H
auth_strategy = keystone% A5 ^/ J1 m0 m' I7 A
my_ip = 192.168.16.4
2 E/ V' x7 m2 x C2 F/ Q: Penabled_backends = lvm
. J) Z1 d/ `6 X2 T dglance_api_servers = http://controller:9292" ^0 o1 C7 g- L) [( p/ B+ \- ^ [
# s+ a! o8 P. ~) i" C$ p[keystone_authtoken]
! W4 d$ ?% I1 z4 B4 c4 r( p/ Kwww_authenticate_uri = http://controller:5000- E- G6 V1 u7 V# H$ ]/ N% \# o3 [
auth_url = http://controller:5000
4 v) }- y, [$ X% t& bmemcached_servers = controller:11211
0 h, g g# Z& n$ R* L" Z0 Uauth_type = password( C* T# `" e" T. [
project_domain_name = default7 k) H d2 a0 [1 [( u) G1 q
user_domain_name = default
2 {7 n( Z* {1 @+ T$ |& ^3 J+ l9 u' gproject_name = service
8 f: D. [7 B/ u) |1 y7 @" s; z# p" o9 qusername = cinder# @4 S' P+ u! v- l" h$ y4 _! e
password = CINDER_PASS( i6 ?* I- a/ I: E7 x7 }2 D8 X, S
- L) @" i9 M4 v0 Y$ e[database]
8 ~6 W" _2 t5 ]& L7 [! kconnection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder2 C, b( J: ]0 q7 z& q: c
5 K: I) S/ ~& @& B: B' ]+ x8 V
[lvm]* p+ ^+ J9 z/ ]- Y7 h
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
% ?4 }+ h2 a- i1 nvolume_group = cinder-volumes
' o5 j- |- n& Y: d otarget_protocol = iscsi% T* A7 B1 l5 R1 D# T6 Z
target_helper = lioadm
, D+ f, T! M! ]4 {" m$ B2 I% I" O/ ^" ?6 K! [
[oslo_concurrency]8 K# E' C* g5 l
lock_path = /var/lib/cinder/tmp
& S& w X9 N" ]" \. g配置cinder backup (可选)
& o# ]! r. b. B# ~* f/ @% E) q, c; O* U: b% Q2 w% D2 j2 ^
cinder-backup是可选的备份服务,cinder同样支持很多种备份后端,本文使用swift存储,如果您想使用如NFS等后端,请自行配置,例如可以参考OpenStack官方文档对NFS的配置说明。
! j! s; |' u ?/ L, x/ E# Q
) ?7 L+ V$ q6 m6 N8 c+ a' F3 r修改/etc/cinder/cinder.conf,在[DEFAULT]中新增( W' U; x' L- N& P) q0 l
6 Q4 x2 |+ N6 ^0 W% {[DEFAULT]) r5 O, |% x K+ N* z
backup_driver = cinder.backup.drivers.swift.SwiftBackupDriver# }2 D5 U$ y, |0 E5 w" ?
backup_swift_url = SWIFT_URL+ p8 Q, _$ ^3 E
这里的SWIFT_URL是指环境中swift服务的URL,在部署完swift服务后,执行openstack catalog show object-store命令获取。% S9 d! q4 T/ U
0 ^3 p" V7 O1 b' W启动服务0 B9 \3 h5 y/ a( R5 {) B
. |( m! J$ H5 q: Q- lsystemctl start openstack-cinder-volume target/ o4 X5 t2 v9 @, Q( {# c
systemctl start openstack-cinder-backup (可选)
3 `. ^& ^9 u5 `: U" s9 ~5 E至此,Cinder服务的部署已全部完成,可以在controller通过以下命令进行简单的验证
- V! {6 B+ L `. w6 w+ P5 v Z1 [9 {7 x
source ~/.admin-openrc/ ]: ~5 b: a* ?* m$ I. [, ?
openstack storage service list- H2 i: ^$ t9 \, g
openstack volume list( u( Z/ o9 a& ?' F
Horizon¶
. z6 t1 O7 D# D) HHorizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。
6 W, [2 B# _8 \3 O* n9 Q: j4 B% x* N* o4 p
安装软件包
8 l" ^8 K9 ]" A9 _/ l
: r [1 @5 A/ R/ G& v$ Y. Jdnf install openstack-dashboard
' J. A0 Y& B- W; { L2 I: h. H修改配置文件/etc/openstack-dashboard/local_settings
* p* Z. X4 R0 K6 B# T7 ]$ a p" b2 \; |$ D$ c$ y
OPENSTACK_HOST = "controller"
. l2 W# _3 e8 bALLOWED_HOSTS = ['*', ]
, o! b: K/ Q& c) W3 w: T* h* ROPENSTACK_KEYSTONE_URL = "http://controller:5000/v3"
% l/ ]+ Z- A" _$ r3 oSESSION_ENGINE = 'django.contrib.sessions.backends.cache', W3 J% |/ V0 y/ {- c
CACHES = {
5 Q, [" ~5 ^- N& y, X* d'default': {1 X' Z7 _+ D$ g1 C/ }- e7 o8 _
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',# i$ N( C, R) @8 g7 G' |, a: O
'LOCATION': 'controller:11211',! i4 s; a* h* W) d# Y
}5 O$ w8 b5 A( X/ T# `( J! Y
}
# [ {) ~) U; k0 J* c, g! b/ [; hOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
* a, k4 y+ A3 TOPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
- p. L1 b2 q$ y, w- E# v% B" Z9 dOPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
( R7 g/ T$ r* V& J. I! I# X8 D" zWEBROOT = '/dashboard'
( N5 H$ n# g7 G7 bPOLICY_FILES_PATH = "/etc/openstack-dashboard"
4 P7 Z0 x4 E( ? t$ R$ z8 v% G
+ b$ _# m4 X8 u u( A# L5 ?4 ?) nOPENSTACK_API_VERSIONS = {
! D9 B7 o9 k y+ ? "identity": 3,, T/ @/ o% D+ |; ~, n6 N) \5 E
"image": 2,
6 R& l2 Z! L8 ~2 S7 c+ h6 Q9 u( v) J9 o "volume": 3,% c! ?( E4 g p9 {
}
9 _& z; i3 G6 [! z重启服务. L: O) d) j- ]. k4 n
8 T! `! q# e* t; q* O2 f+ H
systemctl restart httpd
2 ]% y0 z! {& {7 r0 Q* Z1 l3 B. v9 b至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.16.2/dashboard,打开horizon登录页面。
, u& d" {& b" [( o( ?/ w/ S" J7 D3 u! ~$ W8 C4 ^6 }5 [
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2025-3-16 22:32:36
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜