- 积分
- 16843
在线时间 小时
最后登录1970-1-1
|
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有账号?开始注册
x
openstack_安装基础使用
a8 d: n! `& L% R$ ]9 Copenstack 版本周期
Z( j" ?( G& Z! H
+ z! Z; A2 ^5 S, i9 F% k https://releases.openstack.org/4 W* y1 N! f2 F* K% L; Q* Y
官方安装文档# l# l% a& b% v0 A0 W* {/ I
$ Q5 d) X0 l- ?" @2 C7 ^ https://docs.openstack.org/insta ... ackages-ubuntu.html
3 V! @, ^) ^7 h' z6 y7 D$ c https://docs.openstack.org/install-guide/openstack-services.html' L, f1 j' L V! F/ x( O
手动集群部署部署2 j/ B( c8 q* u9 \0 D
架构" S- s& J2 j; {0 D; {) i
主机名 外网IP VIP 内网IP 内存 CPU 磁盘 角色
" _/ u( e8 G! H0 Z1 V( O) h" n, qopenstack-controller1.stangj.local 192.168.139.31 无 172.16.1.31 4G 2 核心 80G 管理节点01
, X4 E( p$ `. W7 H2 L7 ]5 R: N! Kopenstack-controller2.stangj.local 192.168.139.32 无 172.16.1.32 4G 2 核心 80G 管理节点02( _( s8 E0 @% b
openstack-mysql.stangj.local 192.168.139.33 无 172.16.1.33 2G 2 核心 80G 数据库,memcacahe,RabbitMQ% ~& n: x: w; D5 a( E' j k n+ d
openstack-node1.stangj.local 192.168.139.34 无 172.16.1.34 3G 2 核心 80G 计算节点/ B* D& v" ^0 ~8 O
openstack-node2.stangj.local 192.168.139.35 无 172.16.1.34 3G 2 核心 80G 计算节点0 O1 o2 r; @/ X- G7 r% ]6 l& o' J7 M
openstack-haproxy.stangj.local 192.168.139.36 192.168.139.248 无 1G 1核心 80G haproxy,keepalived$ S4 V, P2 S) Q6 M4 H
1)前期准备# F/ \3 w$ b. s# j# G. T% N
1.1)所有节点安装/ M& D8 D8 Q6 T
~# apt install -y bridge-utils" R `& G4 p% p. k, e, A+ y
~# modprobe br_netfilter: ~# G% P0 k" c
~# echo 'br_netfilter' | sudo tee -a /etc/modules
# g) _4 ]) N9 n ~# swapoff -a
. B3 p( _/ S/ u" | ~# sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab
- W: |6 P& v( n! K5 u' ^ ~# apt install -y software-properties-common% r5 t6 i( N* r, B9 X/ @* U3 W
1.2)时间同步7 E; Y$ K9 X5 j. ~; V: p
"controller1作为时间同步服务器"* R* g9 r) k8 L6 |) l
root@openstack-controller1:~# apt install chrony -y" g$ e% q$ ~* O: X8 } E
root@openstack-controller1:~# cat /etc/chrony/chrony.conf | grep -vE "^#|^$"6 i0 u& f3 C) n2 X# o f. N
confdir /etc/chrony/conf.d
- `+ R: M5 D9 ]) l! C% V4 K server ntp1.aliyun.com iburst" E+ t6 o; h, }
server ntp2.aliyun.com iburst5 m- E! @% Y* ?! X
server ntp3.aliyun.com iburst
1 l. o8 b; B4 G0 | allow 192.168.139.0/24) y# ~2 T. i. d% q6 Q
allow 172.16.1.0/24
( @7 P9 N' t. v9 z0 Y8 P: i6 V) r local stratum 10" M S- l8 A4 o+ W; ~1 y: f& F: M
sourcedir /run/chrony-dhcp6 v: H( q ^0 M( V. M3 q8 W
sourcedir /etc/chrony/sources.d
* B) ?% V) f/ @& N! f* Z, C4 b keyfile /etc/chrony/chrony.keys \( |, M% r: x8 U: n* `7 o
driftfile /var/lib/chrony/chrony.drift! L% R K4 k# r; T- K6 p6 |
ntsdumpdir /var/lib/chrony
8 _! I3 x: R) A* j3 V9 l/ F' {6 i0 L logdir /var/log/chrony
) F7 B; v+ ^3 n0 R, v maxupdateskew 100.0
) s) e9 }: Y o1 L. g/ i* ^ rtcsync
% [" ~; s% w R0 }, r makestep 1 3
. e& ]0 M7 I5 Z6 z# d. F ! } ~# h7 s. T; L+ S# D+ { J
`启动服务`
& r+ C7 h- ^- | root@openstack-controller1:~# systemctl enable chrony && systemctl restart chrony& D4 d4 |' B! r
) _* D) U7 j* r0 J7 l
`验证`
( r3 I1 d0 y P- C( J# u root@openstack-controller1:~# chronyc sources4 }5 ~. b" W( `8 D% ?; B }
210 Number of sources = 25 A+ D5 p' G$ t# R( r; o8 z
MS Name/IP address Stratum Poll Reach LastRx Last sample
. @1 v1 g, J3 F1 D$ U$ @* [/ [4 N' x ===============================================================================7 d2 K( q) N- t, a" q
^- 120.25.115.20 2 6 35 48 +866us[ +866us] +/- 22ms; X" o3 q, B- f; Z
^* 203.107.6.88 2 6 17 49 -4324us[-9570us] +/- 21ms
7 M5 `) H: U- V5 d& ], T ( T* X- ^2 _6 j6 {
"其他节点配置(集群涉及到的节点都要配置--我演示一个)"% h% Y7 F. {4 u% t" |( a
root@openstack-mysql:~# apt install chrony -y4 F8 e+ f9 s; S* e( b, t
root@openstack-mysql:~# vim /etc/chrony/chrony.conf
7 t3 I3 f% f1 y4 Z4 F% L! O #server 0.centos.pool.ntp.org iburst
; e# m( H+ |& x #server 1.centos.pool.ntp.org iburst; g# P3 h) @8 K3 P- B6 V R
#server 2.centos.pool.ntp.org iburst, k* W0 r, q2 p& H9 o3 p1 t3 g
#server 3.centos.pool.ntp.org iburst
( \# L& H2 J6 r: U3 b5 P* M/ k& j server 192.168.139.31 iburst # 添加这条信息指向controller1
+ _) t( p. Z# d root@openstack-mysql:~# systemctl restart chrony &&systemctl enable --now chrony
& L' j6 [' q0 k* L, \9 z( ?" y root@openstack-mysql:~# chronyc sources# K8 x4 B! J& B* u. E- x8 c
210 Number of sources = 1
; h& q4 f; ]* ` MS Name/IP address Stratum Poll Reach LastRx Last sample
9 q+ ?; H+ J! T* o; } ===============================================================================
( d/ @9 j0 i5 Y/ R2 E ^* 192.168.139.31 3 6 37 60 -2089ns[ -943us] +/- 16ms
0 P9 A2 u# Q7 T) j$ Y$ P/ c2 \7 x# z0 v1.3)配置openstack官方源8 D$ Y6 |# G0 \* B3 q8 a! z3 ?
`controller管理节点`: s N$ ?/ V) ?
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal# H; }" l6 t: {
root@openstack-controller1:~# apt install -y python3-openstackclient libibverbs1 python3-pymysql python3-memcache
" T- I- f. Z4 {2 j 7 w; j3 j, R! \
`node计算节点`
6 G6 ^3 Z3 E. u/ y root@openstack-controller1:~# add-apt-repository cloud-archive:caracal9 Z% c# E( i3 b; @
root@openstack-controller1:~# apt install -y python3-openstackclient# J: s6 F. M$ ^" w4 z# i9 q
`数据库节点`( k7 n R/ Y$ T1 [/ J& P# r' h
root@openstack-controller1:~# add-apt-repository cloud-archive:caracal" ?+ o# |% U5 C/ p. z& E
root@openstack-controller1:~# apt install -y python3-openstackclient% J8 j& W1 x; u- V& w% v5 E! g. \! P
1.4)数据库配置( S8 F$ t: x& g: Q* O/ ~" I
root@openstack-mysql:~# apt install -y mariadb-server python3-pymysql
* q0 g* ]% O" `7 U' h% ^ root@openstack-mysql:~# cat > /etc/mysql/mariadb.conf.d/99-openstack.cnf <<EOF( f- c A6 H& \9 q9 n1 Z
[mysqld]; E& E6 E8 X$ c/ F5 C3 Q
bind-address = 192.168.139.33) B3 x# S5 h# a$ k+ }% e
default-storage-engine = innodb
2 F5 b1 K- h* d4 n: G. [ innodb_file_per_table = on) O& |$ C0 c3 t( E
max_connections = 4096" Q3 z2 j2 [9 @! y/ a
collation-server = utf8_general_ci
6 E/ M4 d: M3 l- ^4 r7 k; k9 k8 O character-set-server = utf86 ]/ z! _+ Q! z
EOF
! e, S) Y h! H' z root@openstack-mysql:~# systemctl enable --now mariadb && systemctl restart mariadb
/ f3 L$ v% X' D) A9 B1.5)RabbitMQ配置
: r \% q! E; m1 E6 u: |8 v root@openstack-mysql:~# cat >> /etc/hosts << EOF
b2 K" T M+ O" N0 F$ ?5 l& C 192.168.139.33 openstack-mysql.stangj.local openstack-mysql/ U# l$ L" u0 s# V
EOF. |' D* p" v y, w9 R8 u4 ?
root@openstack-mysql:~# apt install -y rabbitmq-server3 w0 d0 x$ c" M7 V7 T
root@openstack-mysql:~# systemctl enable --now rabbitmq-server.service 6 g# A1 M8 N* L, v6 [
root@openstack-mysql:~# rabbitmqctl add_user openstack openstack123
# M& d f1 i6 ^! N( y7 w/ | Adding user "openstack" ...# F8 @0 x, K- b0 ]" y1 B; Z8 P9 o
Done. Don't forget to grant the user permissions to some virtual hosts! See 'rabbitmqctl help set_permissions' to learn more.
8 X7 Z! @; @/ o B1 H3 h; | V$ h- K root@openstack-mysql:~# rabbitmqctl set_permissions -p / openstack ".*" ".*" ".*"
# o1 t2 X, w Y! v1 j: t7 x5 V Setting permissions for user "openstack" in vhost "/" .../ B& G- n1 n7 g0 k8 O: [5 @
`查询插件`
' [8 V2 J- K' f: t6 k) l- ]0 J root@openstack-mysql:~# rabbitmq-plugins list
2 B5 j- K7 I; p/ J Listing plugins with pattern ".*" ...
" \7 n& W% G% F$ |0 _1 J Configured: E = explicitly enabled; e = implicitly enabled. x9 ]3 ^7 x, ~* C1 |9 O
| Status: * = running on rabbit@openstack-mysql3 j# A! a K7 t+ N2 ?8 V6 }1 r
|/& s; b5 v! S$ H- N# h
[ ] rabbitmq_amqp1_0 3.9.27, u; j* u( \0 i1 F7 S- j$ R0 M
[ ] rabbitmq_auth_backend_cache 3.9.27
6 b2 x4 x' v* N [ ] rabbitmq_auth_backend_http 3.9.27, e$ B' W1 S! F) l' ? i1 Z
[ ] rabbitmq_auth_backend_ldap 3.9.27 K6 g4 t5 o9 a* p4 Y
[ ] rabbitmq_auth_backend_oauth2 3.9.27: }' F M6 j# m+ X. b! f
[ ] rabbitmq_auth_mechanism_ssl 3.9.27
, h* Y5 @# k4 y) `" u4 C [ ] rabbitmq_consistent_hash_exchange 3.9.27
5 r& V- t. o, @; A: [ [ ] rabbitmq_event_exchange 3.9.27
6 P8 ?: M- |! W j& L. ?2 s [ ] rabbitmq_federation 3.9.27
, c, {6 q% o$ ^; C) L, j; | [ ] rabbitmq_federation_management 3.9.27# M# w' H s7 ^: [3 P+ ~9 h3 Q
[ ] rabbitmq_jms_topic_exchange 3.9.27
- L! `% c7 e3 z1 {9 C. X [ ] rabbitmq_management 3.9.27
3 c6 o/ B' ^- g1 U3 x1 I [ ] rabbitmq_management_agent 3.9.27
- U+ m+ @" x$ I) U [ ] rabbitmq_mqtt 3.9.27. x2 y8 W$ R4 k+ U
[ ] rabbitmq_peer_discovery_aws 3.9.27& S0 c1 \" @5 e5 M
[ ] rabbitmq_peer_discovery_common 3.9.270 G! B* D6 Q- r# b
[ ] rabbitmq_peer_discovery_consul 3.9.277 x% Z+ _" K4 k: T5 k5 F
[ ] rabbitmq_peer_discovery_etcd 3.9.27
( Q$ [ v" U1 {, W, ?* V: b [ ] rabbitmq_peer_discovery_k8s 3.9.27/ A- x, J1 q6 Q+ Z2 j6 J4 t6 A
[ ] rabbitmq_prometheus 3.9.27
5 J/ A4 c1 y! Q# D: [! h [ ] rabbitmq_random_exchange 3.9.27
' P( o$ p# `) B7 I1 K [ ] rabbitmq_recent_history_exchange 3.9.277 N$ V3 W+ |9 |/ C. \; U$ `9 F% k
[ ] rabbitmq_sharding 3.9.27
8 \! k: H& \- N, g, P [ ] rabbitmq_shovel 3.9.27
( _) e2 X; }$ c6 M C1 `+ |; J [ ] rabbitmq_shovel_management 3.9.27
+ }" ], G6 F1 V* | [ ] rabbitmq_stomp 3.9.27
/ l0 G" T" q$ l8 h5 B [ ] rabbitmq_stream 3.9.27
! I! X) t9 f6 ]' x0 @4 N, P4 f [ ] rabbitmq_stream_management 3.9.27
: | ?* M% r3 t+ T! P( G( f [ ] rabbitmq_top 3.9.27) y C/ n; e) F- C/ X2 x7 }7 _
[ ] rabbitmq_tracing 3.9.27) G8 i" F( _) _% T) L
[ ] rabbitmq_trust_store 3.9.27
0 l9 I, J+ |4 w6 {, T& V [ ] rabbitmq_web_dispatch 3.9.27: F% \8 Q' J f F5 B
[ ] rabbitmq_web_mqtt 3.9.27
$ J7 Z' j' `: W# e [ ] rabbitmq_web_mqtt_examples 3.9.27
( n. Z5 K% K* w, [2 F- h- F) h" R [ ] rabbitmq_web_stomp 3.9.270 l {& @0 |, Z/ G/ ], C! |
[ ] rabbitmq_web_stomp_examples 3.9.27
) D/ }$ f0 F5 @# t* a# R) {( x5 e `打开插件`
7 o/ J9 N" c1 F root@openstack-mysql:~# rabbitmq-plugins enable rabbitmq_management2 _; {; r1 ?+ K2 j5 T- J9 f$ ~
& [, i% [' O+ a/ p root@openstack-mysql:~# vim /etc/rabbitmq/rabbitmq.conf
4 X" M9 N5 c- u+ `2 y loopback_users = none
+ _. h- y9 \7 h. p' v root@openstack-mysql:~# systemctl restart rabbitmq-server.service 4 ^; o5 @8 d- ]& p: N
, M% }+ V8 |. I. y; r) o4 }% M5 ]访问 http://192.168.139.33:15672/9 j2 X7 {( f9 l2 v1 m
. x5 z. x Y, m/ U
6 a* _3 E: g* I( S7 V3 }" L0 X
3 m) P5 S* h- l3 Q8 m
/ j6 Y; w& E" v, }1.6)配置memcached
4 c) K2 U1 e$ I* f root@openstack-mysql:~# apt install -y memcached python3-memcache; i; Q: E( T* z3 x
root@openstack-controller1:~# apt install python3-memcache+ X6 l0 G$ m" p
0 U+ a+ p U; b
root@openstack-mysql:~# vim /etc/memcached.conf
* c/ ~8 `6 E7 H; Z2 |7 p: A # Specify which IP address to listen on. The default is to listen on all IP addresses
" q# t. D! Q8 i- B9 L9 F1 n # This parameter is one of the only security measures that memcached has, so make sure
1 w. h/ r+ b( C # it's listening on a firewalled interface.
( J: K; h+ o& i6 C6 u5 \; } -l 192.168.139.33 # 这是为了让其他节点能够通过管理网络进行访问:
1 N( B3 k) B% S7 G0 B root@openstack-mysql:~# systemctl restart memcached.service && systemctl enable memcached.service3 z. X1 z9 x0 O5 q. M9 o6 K4 L
1.7)配置haproxy
3 d$ s7 F$ i8 Q# E0 J root@openstack-haproxy:~# apt install haproxy
* y$ y* p L3 T8 Z2 V0 J( d root@openstack-haproxy:~# apt -y install keepalived
- A' e+ s i" [! p7 S$ C& c `配置keepalived`
7 @7 f; f- Y! E4 L9 c6 n1 l root@openstack-haproxy:~# vim /etc/keepalived/keepalived.conf
( S2 @7 e% j& p! H& }. T global_defs {
+ C/ ]- j8 ?3 a1 V/ H: s. Q smtp_connect_timeout 30
' ~5 p: }0 M. X1 J router_id LVS_DEVEL& }0 @' s. V2 \1 j3 I! p$ ?! [
vrrp_skip_check_adv_addr
2 b0 }/ p: i2 }: j vrrp_iptables; a G K6 e- o4 T S* Q" `
vrrp_garp_interval 0
! e2 K C, n2 f2 Z4 i' W9 P; | vrrp_gna_interval 0
+ H7 n O9 m9 d/ p/ w1 Y8 Z4 v% m: p }
: X/ r* B. C7 Q
2 C7 Y1 ^3 p1 Q4 w( ?5 b vrrp_instance VI_1 {
, _. Z' l1 k ^- a7 Z- G state MASTER
1 s/ n2 K' n2 l! n$ ^% K( ]" ^ interface eth0
: T- }$ {1 b' p9 E virtual_router_id 51
& y$ \( |8 ^+ |* a5 b priority 100
9 }, |/ e/ K B3 i3 l3 B% x advert_int 1 \1 W' N% q8 R4 Y$ I9 z
authentication {
' b8 P/ A1 {/ n- C# x T: } auth_type PASS
: i; R7 Y; y0 E; G. S; g auth_pass 1111$ G4 D5 p/ N5 I2 A6 E! r: p) A7 y
}/ S2 |" S8 M; G7 v: }8 \" F8 M/ B$ Z
virtual_ipaddress {4 \+ Y8 ^* e+ J; j
192.168.139.248 dev eth0 label eth0:0
) H& \1 z( F2 U W b }
9 g3 j+ p' y- g0 L4 t( Z }
* l4 p# n; i% k9 s/ m root@openstack-haproxy:~# systemctl enable --now keepalived.service ; p9 D, s! p2 {& A" H0 F
root@openstack-haproxy:~# systemctl restart keepalived.service % l, T" y+ W1 }+ T( _. r+ @6 F
`配置haproxy`
( [& z9 V* }8 C( u; u" Q$ D root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg 7 ~6 W/ F4 G; t
# 把后面的frontend和backend模块配置全部删除
2 _5 Y' b( o9 l6 Q) r # 最后一行添加
0 [! a; k# H) P+ @4 f5 I1 w8 a; V listen openstack-mysql-3306+ ?( {4 {" ?& `+ S7 ?: p7 c
bind 192.168.139.248:3306 w/ J/ c7 Z/ _/ y+ A
mode tcp
+ j9 x" ~+ B9 j$ @! y& i U server 192.168.139.33 192.168.139.33:3306 check inter 3s fall 3 rise 5
* m, j% D7 K' c, N; |
% H1 }" \+ j' p7 W listen openstack-mq-5672
! w f3 E9 p( u7 @! d. P* W bind 192.168.139.248:5672
. r! S& k; N7 n6 ? mode tcp
" T# A1 |% ~+ C& w9 P0 R3 l6 O c server 192.168.139.33 192.168.139.33:5672 check inter 3s fall 3 rise 5
% _9 h4 h5 Z: \- y0 ` , G: S. v' B% @) v- k7 Z1 @
listen openstack-memcached-11211/ i8 }1 E. }6 L- d+ @7 c
bind 192.168.139.248:11211
# ^! p, X; @+ J5 i# u- }- |8 ? mode tcp, J( M) P/ H5 b0 t4 S: T
server 192.168.139.33 192.168.139.33:11211 check inter 3s fall 3 rise 5
! Y' x2 ^3 S* L( x4 r
1 v* I, Z$ n7 S( D1 B! @' ^' A root@openstack-haproxy:~# echo -e 'net.ipv4.ip_nonlocal_bind = 1\nnet.ipv4.ip_forward = 1' >> /etc/sysctl.conf
4 O; J) M5 F, U; | root@openstack-haproxy:~# sysctl -p
6 C! \4 e3 r7 J3 _: M& P root@openstack-haproxy:~# systemctl enable --now haproxy.service
5 N: z* c/ a$ J. H root@openstack-haproxy:~# systemctl restart haproxy.service
7 x, H4 O& |; X. F: `7 e5 P root@openstack-haproxy:~# ss -tnl
8 s1 k/ Y% ^ o( l$ m" c! V; u I State Recv-Q Send-Q Local Address:Port Peer Address:Port/ A6 [/ K" `8 A0 a
LISTEN 0 128 *:22 *:*
, F4 ]- u: U% D LISTEN 0 100 127.0.0.1:25 *:* & f3 x, J# K8 C* A# Z1 ?+ |" T
LISTEN 0 128 192.168.139.248:5672 *:* 9 Z2 y7 C& e3 X8 J9 J- Z+ |
LISTEN 0 128 192.168.139.248:3306 *:* , Z' j4 b9 W, Y5 i( U
LISTEN 0 128 192.168.139.248:11211 *:*
) c8 d, i" b+ ]# E! q LISTEN 0 128 [::]:22 [::]:*
3 p* ^2 Y3 B: [/ @ C LISTEN 0 100 [::1]:25 [::]:*
! W9 v- }) E2 H验证
! @7 `" v) G: \0 B
5 W- j; t* R- M% o root@openstack-controller1:~# telnet 192.168.139.248 3306
& A- {3 L0 V D- l. ~ Trying 192.168.139.248...
8 C# W9 u% f- r; W Connected to 192.168.139.248.
" W1 i3 | R( i$ y. S, N Escape character is '^]'.
7 U7 v* ?' e- I/ E# e! O& d6 M 0 T7 V' P: A$ P" I& F
root@openstack-controller1:~# telnet 192.168.139.248 5672
# }, i5 v5 C" {9 Y2 S Trying 192.168.139.248...
4 G. B: h- R7 y" m; _" e9 c \* A0 C" ^6 m Connected to 192.168.139.248.
% K c7 O( b Z Escape character is '^]'.
0 N; D1 i8 a3 |7 @: R/ S % v4 s4 B8 T5 S* w; Z" X
root@openstack-controller1:~# telnet 192.168.139.248 11211# Q. u6 X% i* F; e3 y* Z% G, ^
Trying 192.168.139.248...
% c: U! @# F2 W5 L& H( G Connected to 192.168.139.248.
9 p' X* U- J o. w' [# H Escape character is '^]'.9 Q3 P1 N. p+ P% U, ?, C4 U
2)安装keystone6 M' _ k+ _: V# u2 N7 B
2.1)创建keystone数据库, [$ G# ?% P3 ]6 ]$ H4 G# A4 w9 z
root@openstack-mysql:~# mysql- z, p. C% P3 s7 D! M
MariaDB [(none)]> CREATE DATABASE keystone; P+ ]# x H2 k: \
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123';
% J t5 B# x# H8 k [5 {' X; X `controller节点验证`
2 i# D7 W2 A1 Q) u root@openstack-controller1:~# apt install -y mariadb-server
) Y0 z. e& W. \6 [2 `5 y# @( j) E4 Q root@openstack-controller1:~# mysql -ukeystone -h192.168.139.33 -pkeystone123& `' Y0 V$ I6 Q$ _& ?* k
Welcome to the MariaDB monitor. Commands end with ; or \g.0 y0 g+ @3 g3 f: Y+ B
Your MariaDB connection id is 351 G8 W; k0 {5 x( X, O! Z: Q
Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04
$ `( ?! C$ ~" j. v: C . P5 a2 v- g( L- _
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
; l* H1 H& t& k2 ]5 j' W $ A. {7 _% A Y- r
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
3 f0 Z6 ]% M& \* |4 K( D 1 Y! T7 R5 w$ E: k6 R U: G. P+ r
MariaDB [(none)]>* s: W/ n8 O0 R: v
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123# l: ?+ ?& J- D
Welcome to the MariaDB monitor. Commands end with ; or \g.
2 M3 A6 r+ O. V; o) r0 B6 w Your MariaDB connection id is 36
- V& T, H4 I2 d) n* { Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04/ R" E7 U a1 m# y- [
; P2 Q4 V- n( `- J" s" N
Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
+ v" j8 C, N3 d! Y/ S2 t/ z9 P : V" C. o% x" k' }9 @4 w( {
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
@7 v5 \$ z$ ^* l9 o , {0 }8 V$ U# ]+ x5 M. `4 T
MariaDB [(none)]>
0 f8 j; b5 i$ ], }0 ?8 x% z2.2)下载配置keystone
2 c1 s5 ?$ o* a, }6 R0 I( T2 P root@openstack-controller1:~# apt install -y keystone apache2 libapache2-mod-wsgi-py3% `# J- B7 n+ l! u' ^
`添加vip的域名解析`, X5 S5 I* `2 B' v; H; f( m. n
root@openstack-controller1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts: _. m( `2 v5 Q5 N* A0 u) V
`修改配置`
9 y# q0 C4 c; G1 D root@openstack-controller1:~# vim /etc/keystone/keystone.conf
% I0 ?$ J2 O) X! ~ [database] # 在这个模块下面添加下面这一行信息
" o, e' a. U3 B1 S, y connection = mysql+pymysql://keystone:keystone123@openstack-vip.stangj.local/keystone8 S( n( a6 o$ ?0 B" [0 ^5 T
[token] # 在这个模块下面添加下面这一行信息* ^+ A6 w1 Z9 d! Q) Q' _
rovider = fernet8 }( f! d3 f) C! z3 ~4 i: T- m, K, c6 _
2.3)初始化keystone数据库
! h& X5 F" r6 V6 t! Z# A. p0 T root@openstack-controller1:~# su -s /bin/sh -c "keystone-manage db_sync" keystone
) f" d* R% G; r0 W3 q$ Z0 {6 b `验证是否初始化成功`6 Q$ ]# C3 O- }& n) ~- a% g& w- b
root@openstack-controller1:~# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "use keystone ; show tables" F$ D" ^6 V# r+ Z6 U
+------------------------------------+5 I& i8 S0 C5 T7 ~/ O. P9 @
| Tables_in_keystone |
( K( _. M4 j$ A +------------------------------------+
# x& d1 Z b: k; ^0 r& {- Y | access_rule |# d# ^1 J8 ~' y, H2 N D0 u
| access_token |
4 C7 M! u( v% b9 |+ i | application_credential |- j, m' e, Q/ n; \1 R9 C
| application_credential_access_rule |
% j& I" {1 l. e2 {( L$ c; n | application_credential_role |
9 i7 I$ r7 s/ t# T | assignment |2 o: Z L8 g3 ]0 A6 _6 {& ~
| config_register |' {. U+ P: u; @- y4 m7 m, s2 a: Z
...................................... f ]+ _+ i: u" P8 D, ?" u
......................................
0 h: V% ^1 u% i) \' ] | user_group_membership |
% E! f' ]5 \( \- U. Z; m | user_option |
. l1 {: ^+ B6 l9 o1 H+ q | whitelisted_config |
9 e0 \9 m' ?% I. H" O +------------------------------------+
( [$ W. L* [: { 8 L+ `) P& n) v. o/ j
2.4)初始化 Fernet 密钥存储库
& ^0 [% c/ A& }7 C% O root@openstack-controller1:~# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
2 ?/ |- g2 N% |" _ root@openstack-controller1:~# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone4 `0 n6 a1 V3 ^& m
2.5)引导身份服务# J+ E' L# P. ~" J8 _" p- G
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
/ F# ?7 e5 A' k; }; b( A8 q # 在最后一行添加下面4行内容" ^) w! D/ B4 B5 b( H
listen openstack-keystone-5000
* H: {/ P0 d: x5 E; A! T- P- x bind 192.168.139.248:5000
; p/ ^( X3 p- `/ j6 C mode tcp
, F! ~) ]) s' s. i server 192.168.139.31 192.168.139.31:5000 check inter 3s fall 3 rise 5
( ? g. R. x7 g% q9 I root@openstack-haproxy:~# systemctl restart haproxy.service 5 M- d- I1 @5 G5 l3 u
# 设置,密码为admin
* A; ?" [, h& M9 R) x; r root@openstack-controller1:~# keystone-manage bootstrap --bootstrap-password admin \/ C5 w. P( T3 Y/ i$ H7 X
--bootstrap-admin-url http://openstack-vip.stangj.local:5000/v3/ \
+ d+ U* _, J0 Y v& L! n --bootstrap-internal-url http://openstack-vip.stangj.local:5000/v3/ \$ ]% o% l# T! J; U1 o4 D
--bootstrap-public-url http://openstack-vip.stangj.local:5000/v3/ \
$ z0 T/ N d0 B! R/ C. p( E --bootstrap-region-id RegionOne9 i: e; d# q% B1 h' {
`验证`# S. i' H$ l, {4 G' C) s3 W3 W2 S r Q
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.service") M( I% b; D v6 w
+----------------------------------+----------+---------+----------------------+
! P! B6 y* A C; P/ |6 } | id | type | enabled | extra |* _* ^- u2 S* Z( J; i& X
+----------------------------------+----------+---------+----------------------+
3 t% T' l" E: c$ E- p | 5b32c1198b6d4a9da1659bc0a201d89e | identity | 1 | {"name": "keystone"} |
# e( N% w8 n% {1 y' J$ ` +----------------------------------+----------+---------+----------------------+2 `$ r# k! }3 r( b( g# i7 g) p& a
[root@openstack-controller1 ~]# mysql -ukeystone -h192.168.139.248 -pkeystone123 -e "select * from keystone.endpoint "
3 m; n. S+ r' a z +----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+' i' D5 h& e C0 r; m
| id | legacy_endpoint_id | interface | service_id | url | extra | enabled | region_id |' W" K I: z5 U! h0 r
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
, \0 p4 I' i. d, q5 { | 20caaef3b2ee4ff7898d1e7b7f1e41dc | NULL | admin | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |
0 @' G. J1 ~5 _ | ad54a4233c0e4a23ba56f86960ff97a9 | NULL | public | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |* k3 B, V/ Q/ k. t
| def9f3253353499fbc24a851445198c9 | NULL | internal | 5b32c1198b6d4a9da1659bc0a201d89e | http://openstack-vip.stangj.local:5000/v3/ | {} | 1 | RegionOne |/ W9 ^1 i7 T! y( A5 d: Z
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------------------+-------+---------+-----------+
7 c$ m; Y6 D8 m7 u" o& c2.6)配置Apache HTTP 服务器
0 o. V \# z4 W9 `. n' _# r/ h' ? root@openstack-controller1:~# vim /etc/apache2/apache2.conf
/ p4 L- s& H8 u ... # 找空位置添加
2 D( i" ] r- b& F* e ServerName 192.168.139.31:80! ~4 p1 J2 R% i5 O! f( b7 r& V0 p! ?
root@openstack-controller1:~# systemctl enable --now apache2 && service apache2 restart
5 D, [' j5 O3 N4 Y: {/ q" l7 h `验证服务`
& j' n& D1 z( p( r- O; L' T' c root@openstack-controller1:~# curl 192.168.139.31:50004 l/ ?$ z$ x( V- j4 ]
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.31:5000/v3/", "rel": "self"}]}]}}8 H; U7 a) E% C9 Q. y4 { d
root@openstack-controller1:~# curl 192.168.139.248:5000
" M Q z- F2 @& ~ q9 Y! T+ Y; v6 a {"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://192.168.139.248:5000/v3/", "rel": "self"}]}]}}4 I/ e: Y' M# ^6 @( R$ z
root@openstack-controller1:~# curl openstack-vip.stangj.local:50001 l7 z/ D. V- U* [, v
{"versions": {"values": [{"status": "stable", "updated": "2019-07-19T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.13", "links": [{"href": "http://openstack-vip.stangj.local:5000/v3/", "rel": "self"}]}]}}5 n7 P- T- b- G
2.7)配置环境变量来配置管理帐户
, ~! f$ a& k- H5 a2 } root@openstack-controller1:~# cat > admin.sh <<EOF4 A X$ [. @5 D, S9 M) `
export OS_USERNAME=admin. i; f+ S0 O7 D5 w6 f$ A- ~: W
export OS_PASSWORD=admin
- v) \; l, y, }4 b1 L export OS_PROJECT_NAME=admin6 O. A" w( t6 }6 }0 i
export OS_PROJECT_NAME=admin
" `) _7 ~# H; Z) i" `8 o2 f export OS_USER_DOMAIN_NAME=Default
! x3 Z1 T4 F1 ] export OS_PROJECT_DOMAIN_NAME=Default k6 i- O a9 v7 [- J1 K/ @
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3- C1 K1 C& s' d* q8 O
export OS_IDENTITY_API_VERSION=3' S4 X0 Z7 C! \; `, ]
EOF
, A n E2 c. m `生效配置`- x# i, W- M1 l2 N$ P8 ?# x( {
root@openstack-controller1:~# source admin.sh! h! i7 F* a2 }% A0 p5 i
`验证服务`$ u' x! }4 r( j& y: W/ W- \
root@openstack-controller1:~# openstack user list+ n4 }5 x( ^: N% A- C
+----------------------------------+-------+
; a6 i' |& U0 y0 n/ O0 H# j! O | ID | Name |
% m7 E; d. j* j# G; ^ +----------------------------------+-------+' X. m7 f4 i! P; D( [, Q; s
| 5c4b6243d95742799de0fc97ef119967 | admin |
0 t8 M' h5 Q6 A: R7 ^ +----------------------------------+-------+/ F# k- y, F9 s- c: O7 [
2.8)创建域、项目、用户和角色$ Z. g) M9 F$ P) c% L
`创建域`3 E3 g9 s/ ?& ^7 v* ^& [+ K- M
root@openstack-controller1:~# openstack domain create --description "An Example Domain" example
% E/ ~. [% @/ E; y6 W4 ~% @ { # [root@openstack-controller1 ~]# openstack domain list( H( y* ^- e2 ] |# ^) |8 {4 g
+-------------+----------------------------------+
4 S) K+ g7 m: a0 z- z5 \% n | Field | Value |
* @8 W& A5 T) w2 k +-------------+----------------------------------+! w- c5 U- \& f3 A
| description | An Example Domain |
/ _9 e! _* f. Y9 n | enabled | True |: e- n5 l4 ~3 k& T' l3 Q& L$ M- K
| id | 7233934db37f4e839da0bbc62bdebdf5 |7 U! \" h# {( ~/ w; v2 W- W4 J/ U
| name | example |" y2 n$ ?( Q) i* X3 U& B6 O
| options | {} |2 j& M+ T7 o- b( j! L* a" J1 F
| tags | [] |
* H7 g m4 c9 v1 O +-------------+----------------------------------+- X2 d7 H* q+ ]1 n& Y. Q
`创建项目`
! X6 [$ h B) R+ I/ y3 ]/ Y, e root@openstack-controller1:~# openstack project create --domain default --description "Service Project" service$ f5 U0 B# X' I M) q
# [root@openstack-controller1 ~]# openstack project list
8 H9 r6 M% u3 n: X$ ~) c +-------------+----------------------------------+9 a ]0 r+ }( D* T7 |
| Field | Value |; I: K8 w/ D. T: W2 V" `
+-------------+----------------------------------+
; c# Q* \) }: T/ }! A3 c | description | Service Project |' V! s. }, z- ]
| domain_id | default |' s2 o# l2 i: E. V; Z
| enabled | True |
5 l$ c, _- H8 D8 u$ B- P" A | id | 024872cab1fb4329997f4bb552cc7439 |
( s9 K7 Y( Z7 j$ D, g | is_domain | False |) `4 R& b+ d8 e& ~7 O2 r! D
| name | service |) _/ A# y* E0 k; w
| options | {} |
6 {# \# M; U, C2 U b( j | parent_id | default |
U; u1 R, {: V0 U! k% u; d | tags | [] |
0 w. k8 e5 W* C8 o& X +-------------+----------------------------------++ O3 N; x6 N/ m# J8 ?" @) @' a
`在default域-创建项目:myproject`! W( Q, u5 b. i& {* }
root@openstack-controller1:~# openstack project create --domain default --description "Demo Project" myproject
3 V* O: z0 U9 r7 M0 h: M +-------------+----------------------------------+
8 i' \& `, e& ~$ N | Field | Value | B, b+ e# R) v& w @
+-------------+----------------------------------+* e: q$ [, I5 ] m
| description | Demo Project |
. i' y) Y/ e" E, s6 L' o( u; w | domain_id | default |6 I" S K" T! H$ ^% d3 u
| enabled | True |5 y+ h+ m/ v4 h H4 ^4 p
| id | 35e14efc4bb64fd18ab58ab793881459 |
4 E) i9 T& G, ?# o( f S; W | is_domain | False |
& F5 P7 a2 k( p$ a7 h. L9 z4 e9 u | name | myproject |. `4 T; F: b6 \; S( n& h
| options | {} |
2 H1 A& o# z- t, J. e4 y9 j' F | parent_id | default |
7 p4 N3 i9 x \/ Z" S- l$ c3 V% \ | tags | [] |! {1 V1 j: I, z! A3 o
+-------------+----------------------------------+" S5 d# d1 i. x* X' s: _
`创建用户:myuser`4 C! @% F, U1 s
root@openstack-controller1:~# openstack user create --domain default --password-prompt myuser
P$ I/ B& W f2 t2 H) v! x User Password: # myuser
, N1 B6 A# a. J1 t$ G9 p' q Repeat User Password:# myuser4 r" x3 Y2 o8 h' o3 W" P. m& J, a+ X
+---------------------+----------------------------------+8 ^2 m. k5 `6 r2 @( c9 a! J
| Field | Value |! E6 O& o. D" c9 @
+---------------------+----------------------------------+$ }" o) ], I7 F' U' x7 O
| domain_id | default |& A, w) \% D+ J5 N
| enabled | True |, t" m8 B e' G4 t V8 l
| id | f40449a65bcf491aaf44cc4f8e09f3fa |
$ Z+ }7 \1 _: D8 t( g | name | myuser |% t2 t6 { C3 {1 { r
| options | {} | `$ \4 y( ?" H- m! \
| password_expires_at | None |
5 |, @3 E4 ~1 S b$ ? +---------------------+----------------------------------+
+ K4 t8 _2 H+ z$ s- E) K1 ^ `创建角色:myrole`9 c% ~* N( u. N: l+ @/ g
root@openstack-controller1:~# openstack role create myrole4 Q- F8 `) G+ S" e$ \7 ?2 }
+-------------+----------------------------------+
) _7 M# v( w) U4 Q | Field | Value |
. Y3 g- J6 `1 P& A# G +-------------+----------------------------------+
/ i/ M, c$ O. u2 U& u4 [ | description | None |+ E( O4 M W- t1 ] \+ Z
| domain_id | None |
. P7 ~# a( e4 I) _" X4 { | id | b1cf825f18194c858ba735c3a873e87b |
! A& ?# D8 E4 K4 d4 O | name | myrole |7 G! O: V- |& y2 @- q+ y
| options | {} |
# v! M" ~4 K V& N9 W- t6 S +-------------+----------------------------------+5 _% G0 x# ]/ Q+ e3 h
`将角色添加到项目和用户:myrole/myproject/myuser`
1 J7 K, D' r' @% d% d root@openstack-controller1:~# openstack role add --project myproject --user myuser myrole2 `1 \) q' { D" d( {5 f6 d* f/ r) H
2.9)验证操作
: C& r' S) j5 R root@openstack-controller1:~# unset OS_AUTH_URL OS_PASSWORD
' ~/ h$ f3 {; k, C( m" o `获取admin的token信息`) b; S- L) p/ S4 r
root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
) D/ P) I) u6 J r( t; U $ }, B) G' w8 K* ]% C8 c0 [/ B+ e
Password: # admin
+ d& n1 B# @5 e* S) j/ q. Q* K +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 [' E/ {( G% N0 m! x
| Field | Value |
- e7 ]% ^" s. d( b S& n +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
/ X9 e' Q" }5 D8 i0 D | expires | 2024-12-07T12:25:41+0000 |4 |& v! Q$ @. i: K
| id | gAAAAABlev-an7oKiReVcaIQg31zanfyHEpBjozbYq_6ZH8mWKMyp0vxm0HEUlxkrY7_799ihK64p4Gq5zeaAUH4g4jBpB2I0Ij5xDojvfZ66qTIPUB9TakErlw9UoI1E9bpOwowYgoOOKlJlO28mBoxKWga7A8akmCgiDTzP4rUYL5B8Xs24rQ |
5 W2 O, F5 C: ~* L' ` | project_id | 227934ef1b5b44cc942a8e4f1f5f7695 |% n1 ]8 j' q- a8 u: y
| user_id | 5c4b6243d95742799de0fc97ef119967 |
( Q$ t2 `, {% H+ b; \$ M8 X +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
8 r* z: t3 W: E5 {6 G0 X `获取myuser的token信息`
; |6 S) g1 E/ S" _ root@openstack-controller1:~# openstack --os-auth-url http://openstack-vip.stangj.local:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue' V5 }$ g8 F7 a8 Q6 |& D1 Y" |8 `( f8 J
Password: # myuser
3 y" m; ]. t" u; _" p +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
' y# D; @1 M2 P5 g K" k | Field | Value |' b0 s! H# M& h c. N+ N
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
9 X6 g U; x9 S3 I u, l& U | expires | 2024-12-07T12:25:41+0000 |
% G8 [# ?8 r/ R: j1 L9 |' m | id | gAAAAABlewBPx4yTCZIklPPqD-XnXsciBnECZYhDPKZkenFzYdE9GuTH-xRPuhh4Z9rrLiCb7X6e_rjqR2WdTk9Sz94HkrNi4KPjdun7HW-4wesLLOV7ijz4Vgvt999fnWNaDNTwKvqumfcQ1XinMLyszeSD1yvFB4FeQ610Ns18oUa0Tc_44jc |2 N) w. y: u! L5 O6 @9 [. s4 k/ v0 m
| project_id | 35e14efc4bb64fd18ab58ab793881459 | ~. z4 S& q R; [
| user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
8 u: H0 K; t( W. k; Z/ q" D- Z: \6 y +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
+ A- q, J1 b" m4 H7 B3 S4 U$ Y9 Q2 a2.10)新增配置环境变量来配置管理帐户
8 r0 N4 o9 y$ Y' m$ P1 P root@openstack-controller1:~# cat > admin.sh <<EOF" W+ m4 O( ]0 }# Q- X; w
export OS_PROJECT_DOMAIN_NAME=Default
$ q) q5 _% L w7 u" m7 N, Y' d export OS_USER_DOMAIN_NAME=Default* ?" V- w5 s4 }8 u0 K, c( U/ |/ \
export OS_PROJECT_NAME=admin
8 u' P. h; `, {& q0 S! X1 l export OS_USERNAME=admin
7 h5 L/ ?" M. b% o5 ] export OS_PASSWORD=admin# B3 G1 h W0 m2 N2 g, o( E
export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
7 |7 H, \' W# o$ o5 q! F& v export OS_IDENTITY_API_VERSION=3- @0 U% i2 {; a- M- n' x" K
export OS_IMAGE_API_VERSION=2; o2 h4 e6 {4 t; P
EOF% V# T4 A* m' U+ A. f
root@openstack-controller1:~# source admin.sh
! p+ G8 _! I- f6 X; t0 G9 h% H `验证`
9 V: C7 n) w* N, h- h' g2 D root@openstack-controller1:~# openstack token issue
' @2 _7 |7 ~$ }+ e +------------+--------------------------------------------------------------------------------------------------------------+
* b, w" H) w# b; W. |+ \ | Field | Value |7 t' c, a8 i' J, @, H* K
+------------+--------------------------------------------------------------------------------------------------------------+
" ~( V" I- A& S( [1 G | expires | 2024-12-07T12:25:41+0000 |
% L* z/ Y' c6 |: W* _ | id | gAAAAABnVDC1Tl8JCjuLSdCd0vL2FmuLpB7ftGCcll7NsqBgy0FhuomNTkLMXP_p86eyLKMA- |( m5 d9 @7 J) x
| | IZnr9aW3VCfYfoaWyUAcr3fcd8l3BLjpinjEL04QMCRJYHW9d3WZ2jN44hcZ8xwwG0ZpJiyVAixWqOfMykBbzGY6vnwJC- |4 k3 w1 D9 B) h6 ~! @9 Z
| | qj3vDQYbVyFBbnIY |* {" i6 m- l+ T2 x- ~! s
| project_id | 96bbc0e66a5246fdaf29843498ef49a1 |" [% i8 C: a1 g
| user_id | 3b1c56d85d9c4aefb5c6a6dde8c99a00 |# ~% z; }6 W* V+ |) j& x. T, G
+------------+--------------------------------------------------------------------------------------------------------------: l9 }# u- J% u* W2 d7 k
, Z+ T4 a6 L, U
`创建普通变量环境`
2 J3 L9 V+ F- S6 T# k root@openstack-controller1:~# vim demo.sh9 r! O* X" y. B& X c$ b# |# V$ l
export OS_PROJECT_DOMAIN_NAME=Default2 G# m9 t/ ^: V0 X% |0 K# S+ _6 {
export OS_USER_DOMAIN_NAME=Default C/ j0 J5 j/ U; M+ M$ ?' \$ `; v2 j
export OS_PROJECT_NAME=myproject$ [# D% ~0 Q8 z$ y& D
export OS_USERNAME=myuser* D) S* Z* h0 ~0 f4 ?6 `8 V* a3 X
export OS_PASSWORD=myuser
" R# o- `: L# x) N: ]4 N export OS_AUTH_URL=http://openstack-vip.stangj.local:5000/v3
4 E: Z1 G- P& x) d export OS_IDENTITY_API_VERSION=3: \+ X! @% k: n I+ N
export OS_IMAGE_API_VERSION=2
4 m( E8 @4 F9 s$ ^0 E/ u root@openstack-controller1:~# source demo.sh " s0 j) B0 ]' Z8 Y' Q) v5 g
`验证`* y& W( {9 H) e9 u* O {* o2 f% M+ N
root@openstack-controller1:~# openstack token issue7 `% t) U: G* e( ]
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
, D8 d0 K% L% h" v. Q* `8 P | Field | Value |
2 Z5 M9 d' T# i +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+2 o9 n: U J) S% F6 Y
| expires | 2023-12-14T14:26:22+0000 |1 j+ h2 `- @8 k% S- H2 U" {9 o
| id | gAAAAABlewJ-s4Aj73WgUyZemZ9eL9S7myndeVnxUOmiWM3IvXTwtw7pIzzIFyxlw3vTrC200w08X2iqTFVcY8Ih4jCzLDQMqi4VpS2emWmqG73uy7NI_tAR6KasEYPRoZSl--2Wa7HCdv9i6y6GnKDtgisVkCtG3Ew7CPBDq991w0cXBRpxL_Q |
8 A- t) p3 }7 C3 K | project_id | 35e14efc4bb64fd18ab58ab793881459 |
3 O9 L0 R C- z/ e% ^, P | user_id | f40449a65bcf491aaf44cc4f8e09f3fa |
/ E! l4 D' w4 x$ q& l$ i +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+; V! a5 K! P: [0 r' g; P7 D5 J7 M# d3 s
3)安装glance0 O- y: L" ^2 Q0 `8 Q
3.1)存储准备工作
# y' y+ A9 G6 g% o9 a- H9 p7 c # 因为性能原因我就拿openstack-haproxy.stangj.local主机做nfs
" @: e- ?( m1 l2 d root@openstack-haproxy:~# mkdir /data/glance -p
2 a g! U3 J1 V7 |, O& n U root@openstack-haproxy:~# apt install nfs-common nfs-kernel-server -y, \* U: j7 K% d# a
+ f: K9 u0 L3 a( b. \ root@openstack-haproxy:~# echo '/data/glance *(rw,no_root_squash)' > /etc/exports 7 J" f- [2 S$ a4 q
root@openstack-haproxy:~# systemctl enable --now nfs-kernel-server
, d; Y, N1 Z# {, \ x ?. h root@openstack-haproxy:~# systemctl restart nfs-kernel-server8 R7 F$ Q$ s8 n4 \9 e+ b& Y
3.2)创建glance数据库
) @' }6 W- {6 Q root@openstack-mysql:~# mysql1 e' g! _5 c8 \5 e) ~
MariaDB [(none)]> CREATE DATABASE glance;. n4 M; H$ [* M" M
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance123';
& h6 ~0 c: l# k6 p5 r [root@openstack-controller1 ~]# source admin.sh 9 p/ S- }# \/ ~+ f+ h- f6 Y9 ]
`创建glance账号`6 M: l, i- C+ T7 t/ p% H, O5 h1 b. K
[root@openstack-controller1 ~]# openstack user create --domain default --password-prompt glance
# m" g# ?' m: Z: ~0 @0 e1 s User Password: # glance+ w) ]8 w+ f, b" q+ y3 F
Repeat User Password: # glance( C5 @* i( N( d* W% Z7 t# B
+---------------------+----------------------------------+$ D/ B. s* K% p! {( U3 f
| Field | Value |
; s7 G" H9 r. F, E +---------------------+----------------------------------+
6 X# T2 H' `# m8 x# U | domain_id | default |/ w( L/ i1 C# Z5 a% |
| enabled | True |( Y% T7 D2 Q7 r, t, u
| id | 34a900b8a67f40439804c830cd5957da |$ \ t4 S! f' |2 G( D6 w; H1 h" f3 R
| name | glance |, ?- F4 S0 u! D- t# p
| options | {} | u5 B# \: K% f( a2 ^* l
| password_expires_at | None |5 \1 L4 G: i- O" E
+---------------------+----------------------------------+' G% C& _! E' q$ H5 a7 M
`将角色添加到用户和项目:admin/glance/service`$ ?, c; m# F" [( I3 t. z$ L
# 让glance拥有service项目的admin权限7 g \5 ]% o, ]( g6 k3 ]" ^
root@openstack-controller1:~# openstack role add --project service --user glance admin) p9 P. M! F% U- @8 Z9 p: M/ |# X
root@openstack-controller1:~# openstack service list; l: ~8 S. p, q; T
+----------------------------------+----------+----------+2 p& \' O( w4 R
| ID | Name | Type |
+ l/ I- z; f+ _/ I W2 H6 @ +----------------------------------+----------+----------+
# l u6 I- n4 c4 F6 Q | 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
+ n, o' f( \. D2 _* I6 v +----------------------------------+----------+----------+
# { x& w9 H5 O( W4 n) Q+ K" I3.3)创建服务实体glance# P& a/ v( P0 J- m) m
root@openstack-controller1:~# openstack service create --name glance --description "OpenStack Image" image
- g( U8 ?5 W, R$ R +-------------+----------------------------------+
& _3 n2 d( {1 A. \% W* B# V8 s | Field | Value |
5 h# z3 F% H4 R, }$ |( `2 z +-------------+----------------------------------+
+ o S& Q+ A, q2 ?5 t- h | description | OpenStack Image |
! m5 i' B z" s: A y5 O# v0 f# c | enabled | True |
3 o" J( `* u' B | id | e53a2bd43aaf48f1840064e9cb594293 |) x: z3 J, g M g3 R0 y9 S& P! ], T
| name | glance |
8 J( x& U" k0 \ |" G7 |3 H. t& V | type | image |* ^: k S9 l" h4 j4 F5 E" h+ ^) W
+-------------+----------------------------------+- I% m, e. ^0 z
root@openstack-controller1:~# openstack service list8 L2 D; F8 z' v- j& ^
+----------------------------------+----------+----------+
, s5 T4 `+ x3 k | ID | Name | Type |
8 @$ B# V: A ]9 i5 k$ } +----------------------------------+----------+----------+. c( h7 Z# P- k: s' f( Y1 ~
| 5b32c1198b6d4a9da1659bc0a201d89e | keystone | identity |
" l8 ?$ g' @- _/ Q | e53a2bd43aaf48f1840064e9cb594293 | glance | image |: c2 O) {: H: ^: b ]8 _6 d
+----------------------------------+----------+----------+
; r* o$ b- T. D( |# v4 K" x3.4)创建Image 服务 API 端点:
4 o& P/ s# t" V ~* N! L. r2 Q root@openstack-controller1:~# openstack endpoint create --region RegionOne image public http://openstack-vip.stangj.local:9292; g4 G$ K& [) {0 ~- x9 |
+--------------+----------------------------------------+" r$ v% {# e; V0 G/ _* c
| Field | Value |4 r2 j4 V& n9 k" Q8 N2 ^
+--------------+----------------------------------------+4 q1 ]4 g7 J! ^. m$ B9 P
| enabled | True |
3 M6 {0 W- H% e, q$ i j | id | 3fc61c0f302d41359da99b80ca32853f |
6 m) G7 i1 e9 _; v) p1 f) D | interface | public |
* L o; P! L# I3 ?' B | region | RegionOne |# E7 q) Q0 \; x) T. t
| region_id | RegionOne |
, r6 X/ S/ k" T. L# M* o4 T7 X | service_id | e53a2bd43aaf48f1840064e9cb594293 |
! v# J1 p8 ]6 A+ w | service_name | glance |5 u$ Z' h: m$ R+ u8 F" m! U; Z
| service_type | image |! ]9 ~) I# x7 D! P8 K$ N
| url | http://openstack-vip.stangj.local:9292 |
2 s* E: m; {8 U2 V +--------------+----------------------------------------+
! w* h5 `( X) T root@openstack-controller1:~# openstack endpoint create --region RegionOne image internal http://openstack-vip.stangj.local:9292* O/ g( P5 x7 a0 f- D, R& ~ O* n6 z
+--------------+----------------------------------------+( ?6 ?# p4 w. X4 V `. ?1 @0 t! \
| Field | Value |
3 F5 F% I8 o" Z +--------------+----------------------------------------+
$ N6 `! T0 p# U9 z# L$ D* } | enabled | True |
W+ _& q5 r0 r, J& E" w* i# L | id | 671f3dd8ddd643d08b922df0f9c7f4d8 |4 }* o& b2 p1 l) o7 g1 D# J2 X
| interface | internal |
, R4 f& x( d( Q5 P5 W3 l | region | RegionOne |3 h' Y% n, A& R
| region_id | RegionOne |
7 v* b, ^1 R9 x8 n | service_id | e53a2bd43aaf48f1840064e9cb594293 |9 \ ~) m% [ t+ `' T
| service_name | glance |6 W2 T6 J5 W+ D9 p- w" _$ \. z
| service_type | image |
* F, B6 f% y2 p8 `4 T! H7 f$ Z | url | http://openstack-vip.stangj.local:9292 |7 ~2 N4 C0 Z) e7 M* S) w: U
+--------------+----------------------------------------+
$ b7 N1 r) }* R. g+ B7 x root@openstack-controller1:~# openstack endpoint create --region RegionOne image admin http://openstack-vip.stangj.local:9292/ {/ X R5 X3 K9 P( U" P2 L; G/ N
+--------------+----------------------------------------+& y+ Q1 b9 l/ ~+ }9 z3 Q4 U$ @
| Field | Value |
2 G/ i, Z# {6 V0 _ U9 m0 ^ +--------------+----------------------------------------+
`6 i6 s5 b& T: C# D+ _1 P | enabled | True |
" S) S( |/ G; g% p# H8 G | id | afea7ab2f5914bcca88f088957f6144f |
( D# M9 w5 M } | interface | admin |
! H6 J- O% J+ _3 W* L | region | RegionOne |
+ n# N. f8 _! l g/ r | region_id | RegionOne |
1 s/ ]* J0 b, l | service_id | e53a2bd43aaf48f1840064e9cb594293 |
. R& ^$ k4 L; W6 o3 N. L | service_name | glance |
8 F# s: c9 L' F | service_type | image |
1 U$ u0 h5 {9 F( ^' S4 p | url | http://openstack-vip.stangj.local:9292 |6 a. l# s: f" F+ Y' v5 r R
+--------------+----------------------------------------+* r* {2 S$ `5 Y$ W
3.5)配置haporxy代理
5 v; g- w- e8 y* c) ? root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg , a% |7 t5 g* b
# 最后一行加入下面4行信息; d. H$ Q( V0 I& `1 Z+ b* O
listen openstack-glance-9292
7 }6 [6 g. G7 z bind 192.168.139.248:9292) p0 p5 X* c; g9 B+ K
mode tcp
: E9 b( `1 [/ a server 192.168.139.31 192.168.139.31:9292 check inter 3s fall 3 rise 5% i' L- f- X. U9 }9 n( I* v
root@openstack-haproxy:~# systemctl restart haproxy.service , b. a1 Z5 P! m
root@openstack-haproxy:~# ss -tnl | grep 9292; n- b8 A& h' n5 ]' o/ `
LISTEN 0 128 192.168.139.248:9292 *:* * }* g b9 o( |. z4 C& w" d4 \
3.6)部署glance服务; S. ~9 x1 y' o8 ?6 ^
root@openstack-controller1:~# apt install -y glance5 h" V9 c- y4 z" X" t6 f0 n" R6 P
3.7)配置glance服务% m: d- r7 t: |5 o
root@openstack-controller1:~# vim /etc/glance/glance-api.conf' P0 W" @/ O2 T
[database] # 在这个模块下面添加下面这一行信息
# n# p& w5 _4 v. Q connection = mysql+pymysql://glance:glance123@openstack-vip.stangj.local/glance+ _% n! {- k' T) ?
8 I& I/ Z$ Y4 g! e4 t [keystone_authtoken] # 在这个模块下面添加下面这9行信息1 d* E1 |$ G. g" O( o7 W
www_authenticate_uri = http://openstack-vip.stangj.local:5000( W/ S; |! |* Q" g$ ~' @, r
auth_url = http://openstack-vip.stangj.local:5000
e9 J) b3 G$ L; M memcached_servers = openstack-vip.stangj.local:11211
% L( G$ u& ?0 [ P+ m& ?7 S auth_type = password
6 R! W2 e! E d, E; n project_domain_name = Default& Z* I: C2 I/ T6 ]/ [8 i4 ~
user_domain_name = Default
1 w5 a5 [& F( m1 t2 { project_name = service! w g3 L! T( t$ p: F2 i
username = glance( y) E; }" U( M+ m& s
password = glance
9 H, |8 q2 d4 Z: ` , M# L) N+ Y7 H2 d8 L$ Z
[paste_deploy] # 在这个模块下面添加下面这一行信息( I8 I6 H+ M: U) c0 n9 l# K1 m
flavor = keystone' [" m* ^( u, h; Q5 H, `
0 p& r* G+ \/ [ [DEFAULT] # 在这个模块下面添加下面这一行信息
* e( R! e$ m& Z; J' X enabled_backends=fs:file. C6 O- b8 d% `+ p
, Y1 n# q+ i' P! d [glance_store] # 在这个模块下面添加下面这3行信息
# p& n( z* ^- k+ a1 t default_backend = fs6 x4 p S3 S! U$ J" W
[fs]
1 O7 h) c) s( k- H8 }3 W4 H% | filesystem_store_datadir = /var/lib/glance/images/; Q% l$ U1 P' J) D& d# t
8 k/ Y# c2 ^; `/ q4 Z
9 d/ L4 G b8 [+ i& Y L0 m+ Y
`确保 Glance 帐户具有对系统范围资源(如限制)的读取访问权限`" N2 y4 X9 I r- u9 O
root@openstack-controller1:~# openstack role add --user glance --user-domain Default --system all reader
' | b4 \. l+ m/ u$ D3.8)初始化glance数据库
/ ]$ @1 ?5 J# ^( @0 I5 _1 L root@openstack-controller1:~# su -s /bin/sh -c "glance-manage db_sync" glance
' Q/ \! h- ^) |) f `验证`" i( \6 T" M+ B" [4 b5 p
root@openstack-controller1:~# mysql -uglance -h192.168.139.248 -pglance123 -e "use glance ; show tables"% g4 s2 n7 f8 r8 x6 y
+----------------------------------+
+ p& D4 n( e+ h0 C | Tables_in_glance |/ J# A6 v! w# }$ r% n' B# p* _
+----------------------------------+
6 r$ P; r: i6 Z9 H& R" t | alembic_version |$ u& Q- G5 u0 ^5 r8 w
| image_locations |
2 e% ?9 O$ W0 B3 j b+ ^) g | image_members |5 X+ m7 H' `! C3 M. `
| image_properties |1 X) m9 P: g$ p
| image_tags |
- c$ b+ O, f1 x) h5 G! j) H- M | images |' {$ E3 a+ T5 }
| metadef_namespace_resource_types |
' y' q, x2 d+ C: e. Z% ] | metadef_namespaces |( `3 }9 S9 P, s9 g3 Q+ @
| metadef_objects |- T" T3 P1 `! P+ z
| metadef_properties |% q. Z( y/ Y( z: d
| metadef_resource_types |: g; [* b3 J7 y
| metadef_tags |
& i9 g/ r5 F) g2 p | migrate_version |
2 \' L% H c! t6 t; ? | task_info |
. x6 `- |7 p) o9 Q& Z | tasks |
5 N% w9 w- ?) C% o +----------------------------------+
' k9 V& `2 m$ Y, a3.9)启动glance服务; p; V9 C& V$ O
root@openstack-controller1:~# systemctl enable --now glance-api
# [1 Z6 m/ e$ D3 F, U }- L8 _; y* o root@openstack-controller1:~# systemctl restart --now glance-api
, s; y% M) W' ] root@openstack-controller1:~# tail -f /var/log/glance/glance-api.log
% \; S" \# w4 p6 ] 2024-12-07 19:43:42.571 11458 INFO eventlet.wsgi.server [-] (11458) wsgi starting up on http://0.0.0.0:92927 i# _" U2 v, I4 W1 ^' T; a( `& a
2024-12-07 20:06:40.764 11717 INFO glance.async_ [-] Threadpool model set to 'EventletThreadPoolModel') y- L4 ?+ R: W7 _3 k
2024-12-07 20:06:41.281 11717 WARNING keystonemiddleware.auth_token [-] AuthToken middleware is set with keystone_authtoken.service_token_roles_required set to False. This is backwards compatible but deprecated behaviour. Please set this to True.
1 m. q' w2 O) I 2024-12-07 20:06:41.377 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_staging_store). Creating.8 ^! h5 K2 E' h/ U; r+ h
2024-12-07 20:06:41.378 11717 INFO glance_store._drivers.filesystem [-] Directory to write image files does not exist (/var/lib/glance/os_glance_tasks_store). Creating.
0 X+ i# \& r) _7 K p, ^8 S 2024-12-07 20:06:41.379 11717 INFO glance.common.wsgi [-] Starting 2 workers6 ?) n/ _/ J+ j7 M
2024-12-07 20:06:41.381 11717 INFO glance.common.wsgi [-] Started child 11724
9 s6 j" X) b6 B% w( S; l3 \ 2024-12-07 20:06:41.382 11724 INFO eventlet.wsgi.server [-] (11724) wsgi starting up on http://0.0.0.0:9292 Q3 G1 H$ n" o# k8 e5 N
2024-12-07 20:06:41.383 11717 INFO glance.common.wsgi [-] Started child 11725
" U1 r" ^( S# ~+ V# X 2024-12-07 20:06:41.386 11725 INFO eventlet.wsgi.server [-] (11725) wsgi starting up on http://0.0.0.0:92927 o, o6 W2 j8 d! z8 U
3.10)挂存储
& V- L9 W0 F. C: k. W* P2 V' ]# c root@openstack-controller1:~# systemctl stop glance-api * M$ a0 `3 A9 p2 L. t7 P
root@openstack-controller1:~# showmount -e 192.168.139.36
4 G0 r" k/ D+ s$ G8 y W Export list for 192.168.139.36:
. M% E7 R# ?8 a, R& x /data/glance *
& T/ Z# U* G( x m3 v root@openstack-controller1:~# mount -t nfs 192.168.139.36:/data/glance /var/lib/glance/images
) W8 M7 m# |2 u# y root@openstack-controller1:~# vim /etc/fstab . Q7 W3 t( C6 p6 T1 \: |
# 最后一行添加下面这一行内容6 J* ?, ]) V" d- s
192.168.139.36:/data/glance /var/lib/glance/images nfs defaults,_netdev 0 0
7 ?; P' U* [0 M root@openstack-controller1:~# mount -a2 k3 A0 v# J, [: ^" ~2 ^
root@openstack-controller1:~# id glance7 A4 C$ b# g/ W& j
uid=64062(glance) gid=64062(glance) groups=64062(glance)
" [8 I0 v0 G5 ^ root@openstack-controller1:~# chown -R 64062:64062 /var/lib/glance/images/
9 [; X+ b) i/ K+ g; G: Y- @ root@openstack-controller1:~# ll -d /var/lib/glance/images/
5 o- {5 X: Q" x& A. e! l" v drwxr-xr-x 2 glance glance 6 Dec 14 21:31 /var/lib/glance/images/8 r8 j( a6 V, o$ A' I
root@openstack-haproxy:~# ll -d /data/glance/
% o! a* D7 j3 Y+ B+ l6 O4 b5 S drwxr-xr-x 2 161 161 6 Dec 14 21:31 /data/glance/
+ `5 Q& A0 z2 h5 l, I- `& j `启动服务`
( Q* } w4 ]# t3 T3 c [root@openstack-controller1 ~]# systemctl start glance-api
5 T: c$ b6 J: F: p3.11)验证操作
; N0 v0 y- ?, t [root@openstack-controller1 ~]# source admin.sh
! @4 ^6 \% }/ P5 p! `) F root@openstack-controller1:~# wget http://download.cirros-cloud.net ... 4.0-x86_64-disk.img
. j9 t9 G. H& M4 J4 Y [root@openstack-controller1 ~]# glance image-create --name "cirros-0.4.0" \3 ]) K' U: f) n9 a
--file cirros-0.4.0-x86_64-disk.img \
1 a& i9 C4 t7 I, b+ l" U6 O5 w --disk-format qcow2 --container-format bare \" E% K R( L6 T6 n0 g
--visibility public
6 F2 E1 u9 G) R8 U% p& S- u/ s% [* u- u5 K
+------------------+----------------------------------------------------------------------------------+
, s6 \7 |" v; Q6 v* M | Property | Value |& g( c( b, X7 e0 s. F" u
+------------------+----------------------------------------------------------------------------------+
/ A# |6 B- J" R0 p | checksum | 443b7623e27ecf03dc9e01ee93f67afe |
' A; A$ ^/ F# x6 E9 }% n9 \ | container_format | bare |( M l$ f0 w" k4 l% Y) I
| created_at | 2024-12-07T13:12:19Z |6 k/ I: p$ x( U1 v0 A$ r
| disk_format | qcow2 |
7 a3 }6 ^/ U" \7 c0 E( ]$ Q0 C" _ | id | 68249b5f-9eac-4873-be74-cc11ac9af61e |
, d( r1 _( t" m1 i | min_disk | 0 |
3 i, L7 I8 q1 o, h | min_ram | 0 |
0 h, L" \7 D4 ?2 ]5 C$ Q2 s | name | cirros-0.4.0 |
3 A5 Q* Y; `2 s# | | os_hash_algo | sha512 |2 F$ p, m" E1 E/ G ?2 F$ I
| os_hash_value | 6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e |8 H C1 E' S3 r6 ]1 j6 H( F0 d
| | 2161b5b5186106570c17a9e58b64dd39390617cd5a350f78 |7 c# G; \ V1 W" f( l/ A
| os_hidden | False |1 q2 n3 w3 D6 i0 d& d/ n6 w
| owner | 96bbc0e66a5246fdaf29843498ef49a1 |* J* O8 _" \" ]* ]0 v
| protected | False |4 o$ v1 |8 v1 W. ~
| size | 12716032 |$ l: l" G7 \! Z
| status | active |
* Y, W1 `& G2 p( i2 ] s | stores | fs |
/ H1 U/ W: s- a, {. T | tags | [] |$ u* o2 `# T7 E
| updated_at | 2024-12-07T13:12:20Z |
, k& h+ @, ?% S; t, q8 k ? | virtual_size | 46137344 |
( m4 b" A& t" u I: |* b | visibility | public |
% @- |% _2 i* Y& R2 o A: V +------------------+----------------------------------------------------------------------------------+
# t2 U' e8 N+ _) e( f 6 k2 u# _. _ Y3 D4 F1 z+ S
`验证服务`- \0 F& D1 D! |0 Q* X
root@openstack-controller1:~# openstack image list. d; H" |- g v5 i* M7 o
+--------------------------------------+--------------+--------+
3 m& _. k/ A# \, S2 b( ? | ID | Name | Status |
6 @! X( p4 S' J1 ]; w. K+ n( Z +--------------------------------------+--------------+--------+
% `) e# X7 m5 g8 V0 {& X | 060a4a23-5aa8-4176-8f31-0ccd318ebf2a | cirros-0.4.0 | active |0 h; o+ @8 [/ _" \6 e! b3 \
+--------------------------------------+--------------+--------+
. j9 N1 {+ O2 X: u8 P- g* d$ C # 或者 [root@openstack-controller1 ~]# glance image-list* j e9 p( T0 L! m/ a
# 删除镜像 [root@openstack-controller1 ~]# glance image-delete fd47df49-7e2b-4e16-a4fe-fd8ca6ffb5f7
5 M4 @( D# g. s: y9 \$ e root@openstack-haproxy:~# ll /data/glance/6 R! B; c/ [( `- j9 {
total 12420" c$ x$ @$ g; b9 l
-rw-r----- 1 161 161 12716032 Dec 14 23:34 060a4a23-5aa8-4176-8f31-0ccd318ebf2a
5 W2 v7 i; Q* S* S' Z0 W6 |! x4)安装Placement
" R, B- t' O* ~! L! r1 O4.1)创建Placement数据库) M2 u O: r0 R: d
root@openstack-mysql:~# mysql' ?5 \' @% D1 |+ |7 P6 f* J: d6 P
MariaDB [(none)]> CREATE DATABASE placement;
" V% F# A+ w$ o3 r) j0 J9 T) r MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement123';
8 g$ r9 j+ [. y) u' S( ]+ F `验证`% o: f; S2 O- e3 W2 D3 T
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement1235 h% C0 O* c$ B6 H5 i, `
Welcome to the MariaDB monitor. Commands end with ; or \g.
6 E' C9 C& v, X, @8 d( k1 { Your MariaDB connection id is 118
9 h* f% @8 b* x Server version: 10.6.18-MariaDB-0ubuntu0.22.04.1 Ubuntu 22.04- z2 O$ s. R+ @
$ s$ a" Z) l! q. p' u Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others.
. z: j$ k+ n# y8 Y" p5 e) w& ]
/ F% D3 i8 o9 z6 I$ u' _ Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.7 C6 x( O) E! l7 I
4 e1 A( v% O3 u! e" ^0 y* N MariaDB [(none)]>
% f% U4 f; e4 i9 `' m8 p4.2)配置用户和端点, t* O& H9 P. |" T9 s
root@openstack-controller1:~# source admin.sh 2 f" V& V4 b1 ?$ S4 ~7 D
root@openstack-controller1:~# openstack user create --domain default --password-prompt placement" o, {! p* C& R% T
User Password: # placement0 L+ F2 A+ j* m5 ^
Repeat User Password: # placement
3 K3 k* h8 U! U! I' J +---------------------+----------------------------------+0 x% S5 O1 B: G
| Field | Value |
) P; k O! [/ n +---------------------+----------------------------------+8 S3 a& ]; y, N
| domain_id | default | r1 M. H' V9 S% ^ o/ ?- X1 a4 J# ~
| enabled | True |6 w: O9 _2 n5 q6 _, i) x6 g- F* n
| id | 804e53f0a44b4403af8278711a7274a5 |5 G5 d$ P1 l; B4 X- k5 ^5 E
| name | placement |, O6 Q7 s# ~( e: R, }( f
| options | {} |! m, c: c$ m' u$ i- E0 ~* ~9 I
| password_expires_at | None |
h/ J: N3 P: N0 }% k +---------------------+----------------------------------+/ \0 f0 d+ m7 G; I" [$ }
+ s9 g( B3 `! @. B! Y' m5 [8 F
`将 Placement 用户添加到具有 admin 角色的服务项目`" z% H5 Y3 L S
# 让placement拥有service项目的admin权限`2 h7 W- k; x# O4 p
root@openstack-controller1:~# openstack role add --project service --user placement admin
3 f$ Y+ n4 o* t( A7 j5 ?6 Y
. r4 K5 d9 e5 V' O. e- s `在服务目录中创建 Placement API 条目`
# T4 A$ u* l5 R9 f, R root@openstack-controller1:~# openstack service create --name placement --description "Placement API" placement8 W( ]' v6 N) t; A o0 s4 [
+-------------+----------------------------------+2 c" R' E* ?: f; b4 D
| Field | Value |
, h+ H" {# D, a* P. L +-------------+----------------------------------+
1 e0 O/ [* t0 R! [0 u | description | Placement API |/ f2 [& w+ K% `7 ^$ l+ o
| enabled | True |
, w2 q5 N; M" ^1 { | id | 9eaa1f08648c44c5a937759d7217016f |
4 D" f+ t5 z/ g, j6 }# ? | name | placement |3 X* v; x6 h* e7 B O1 U
| type | placement |
) c, L- X: E# g" N3 K +-------------+----------------------------------+5 ~" C- E9 X3 k
4.3)创建 Placement API 服务端点:6 z* l) K8 g! Y5 Y0 w) ?/ J8 l
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement public http://openstack-vip.stangj.local:8778
3 q) Y" K5 K+ a' q1 \9 }# |6 y +--------------+----------------------------------------+) @# l1 t; G [- `8 r
| Field | Value |
6 Z1 {& s2 B4 x, ?1 B +--------------+----------------------------------------+$ x+ o+ K9 d$ ~1 H, V
| enabled | True |% J) H# \# }, j1 i0 ~0 ]4 d8 E# d* F
| id | 88aae422c80e4adabf613aef31fb0c3d |) m* x1 a" \, S+ E& t" ~( r4 X
| interface | public |
- i% y# c. V% e# y2 j- T6 a | region | RegionOne |
+ p2 U1 O) \, A) F" v | region_id | RegionOne |
q* n8 m! B2 P: j" j" N/ ~4 A! ~5 @1 w | service_id | 9eaa1f08648c44c5a937759d7217016f |
; j9 }5 C, L" O8 I, P f0 i | service_name | placement |
% P4 s8 u' r/ L; K) g9 d7 e$ p# M! V | service_type | placement |" d) v# Q6 r* p& t' ]
| url | http://openstack-vip.stangj.local:8778 |
) V+ x2 I3 b6 M% S+ Z +--------------+----------------------------------------+! _+ ]; {4 C# Z" o' l8 u5 o
4 T- l( n1 p# X
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement internal http://openstack-vip.stangj.local:8778# z) ^# A! a4 c) r! E
+--------------+----------------------------------------+
! M4 q* F" ^# c# I9 d1 v | Field | Value |2 s! `1 v o- q; y
+--------------+----------------------------------------+! M' W- ^; q! E
| enabled | True |
3 M% C$ s/ y- U$ W% j | id | b706b4abdcdd44a588eacf5d1cb7f75c |$ O! p R; S# E$ c
| interface | internal |
- p3 u4 g* e5 E( R5 ? | region | RegionOne |
0 ?' F. d$ E; `6 X6 [ | region_id | RegionOne |( Z* g& Z$ ~) E s9 H& e; G
| service_id | 9eaa1f08648c44c5a937759d7217016f |
- N5 o" \2 M; \4 R% R | service_name | placement |' e+ q. @" t) \/ O) S
| service_type | placement |
# {6 x8 x4 k- K9 f, F! H) J | url | http://openstack-vip.stangj.local:8778 | x1 K' s% {2 q( z5 U$ w3 J
+--------------+----------------------------------------+6 P: H/ I3 l* u1 r; A) x
" ?2 h! J: |) ?0 j! L
root@openstack-controller1:~# openstack endpoint create --region RegionOne placement admin http://openstack-vip.stangj.local:8778
0 f; G; v# s, t3 x/ s +--------------+----------------------------------------+& g: @7 N+ q+ g; ~8 t; G& g
| Field | Value |$ N) V* y7 @+ A4 d I4 k
+--------------+----------------------------------------+1 Z* }. G6 T. k+ Z" A' D, J
| enabled | True |
9 s% N% A' e; w# i. ~4 M | id | f62a5305854e492ea9c76e77e13b10b4 |# ^9 {$ m5 ^# r+ E8 g
| interface | admin |
* e2 O5 G D. G% r/ f9 e l) a | region | RegionOne |( S3 k# w( ]& a* r( ^
| region_id | RegionOne |& j! L1 |: t4 v1 Z6 J6 g [- i
| service_id | 9eaa1f08648c44c5a937759d7217016f |( u0 A8 E- `3 b! A1 c* ^# V
| service_name | placement |
# L* @) O! C- l3 M | service_type | placement |
+ L6 T' s v8 v' o! k | url | http://openstack-vip.stangj.local:8778 |
0 l2 A& O) X% W! i, Z7 T9 n" V +--------------+----------------------------------------+! O0 ]5 f7 F+ O
- I( D; b* _8 u$ S' F `验证`* Q. Z+ T- F. T1 T: l+ X) n
root@openstack-controller1:~# openstack endpoint list; c6 x: X0 U/ Z. a% H# D% s
+----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+! C3 N! b3 Z3 s$ v
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
" q" ?6 q4 b$ U1 M3 C; P+ K/ f, k +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+' ~2 B4 _1 M" i. E% b' u
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
8 A9 R& c" Z: ?: X0 N | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
7 o3 Y4 Y$ x! ^# {( c: u1 t5 P | 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |2 i3 a7 f1 e% m# S/ N, q( N8 H1 U
| 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |# I: ~- Q1 x# D3 A4 y. o& P2 \
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |
. m! V. H0 u8 \2 f) W$ L4 } | 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
9 |3 Q' m# a! Y | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |2 y* `. R' Z" [: ~
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
$ S: e5 p& R: k2 B5 w* F | dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
; O% ]0 A; b( ? | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |
' v( ?* L, A3 p/ ^ | e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |
x) \9 _0 k% ? A+ r +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------------------------+8 q* c# E. o f) g s' D) w$ r [
4.4)配置haporxy代理! w( N- Y/ t/ u1 n4 B$ Y/ X0 k G
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg
4 A; t6 J3 O8 C( ^. ^ # 在最后一行加入下面内容 a8 b0 w. n) [2 X B- G+ h
listen openstack-placement-8778$ p$ z/ ^8 {* w1 i8 s3 q
bind 192.168.139.248:8778
0 Z: k% a" {3 ^$ P% E mode tcp' e _/ C2 w( @
server 192.168.139.31 192.168.139.31:8778 check inter 3s fall 3 rise 5
. N2 _' i! c' z# x2 n U1 r root@openstack-haproxy:~# systemctl restart haproxy.service
# M4 r" e" I5 F root@openstack-haproxy:~# ss -tnl | grep 87788 W+ W! c, @) I6 f$ C, X
LISTEN 0 128 192.168.139.248:8778 *:*
* L( B& Q$ Y6 N# W' H& O4.5)部署placement1 \+ d9 Q5 Q# @* z) _+ t9 c" }: q
root@openstack-controller1:~# apt install -y placement-api% V% \6 b) G7 C0 P! N/ b. L7 s
4.7)配置placement服务
3 \: u0 i" j* {; Y* S0 d root@openstack-controller1:~# vim /etc/placement/placement.conf3 y" c: }# r( t) v' z
[placement_database] # 在此模块下面添加下面一行信息; h8 i: t5 W. w z
connection = mysql+pymysql://placement:placement123@openstack-vip.stangj.local/placement
0 ^4 i5 I% Z9 e* |/ c; c5 I( F , k+ Y' w: s. ^$ h4 r
[api] # 在此模块下面添加下面一行信息* J) K% z+ b ?' h% v
auth_strategy = keystone7 c. p( A* v! b( c2 L
% d4 U) V# U* J( m# ~1 g
[keystone_authtoken] # 在此模块下面添加下面8行信息7 B) Q; y5 F5 g
auth_url = http://openstack-vip.stangj.local:5000/v3
9 B$ F1 b4 q; d. M$ c memcached_servers = openstack-vip.stangj.local:11211
. V* p8 J4 j5 `# q7 I auth_type = password/ f; w1 A2 o" Z
project_domain_name = Default
( w/ m! Z' H% [, U0 Y user_domain_name = Default8 n' w4 q, {/ b* @/ O( p
project_name = service
m, b5 T! c( E2 R. g4 | username = placement
7 N' k5 C* E4 m+ Y1 V4 { password = placement
% p" h$ l" G& V- d, A4.8)初始化placement数据库
2 S# h, p. U' @5 \1 { root@openstack-controller1:~# su -s /bin/sh -c "placement-manage db sync" placement# U$ U5 }, E, Y1 Y. p$ z
* P4 g+ j5 V) U) Z/ w
`验证` w' N( h0 @# o# I
root@openstack-controller1:~# mysql -uplacement -h192.168.139.248 -pplacement123 -e "use placement ; show tables"7 ] Q$ O: z% [) G f3 V
+------------------------------+9 _ f. R* u) e: _+ c3 q7 i/ A
| Tables_in_placement |, C3 K; y9 C- M5 {, A+ ^8 {
+------------------------------+! }9 @+ B6 P ?) ~+ ?! t, e
| alembic_version |3 x i! o4 j5 M5 B, g/ J
| allocations |
& ?- z( w: h- s5 H | consumers |
$ l7 ? D% l# \) a | inventories |
1 \9 E5 m0 R+ v# s& W# X( N | placement_aggregates |
; o+ f8 O; G$ o) O& f, J | projects |
, u o; h2 v2 x | resource_classes |- ^! {! l6 s0 M( l( p
| resource_provider_aggregates |( L. p' W9 L' t3 v! W
| resource_provider_traits |6 A, I! q/ z; {* h% \( U
| resource_providers |* q* y" ^0 L8 x
| traits |
# F2 T7 o1 W$ e4 A2 k | users |! f2 N: x4 v+ Q4 ?' Y
+------------------------------+; l: C0 C! |+ W3 U" s: c
4.9)解httpd带来的问题(以免后续会出现403)/ ]& @ v3 K7 v. ?
root@openstack-controller1:~# apache2 -v6 R- z4 P$ R( G- ?9 ?* k
Server version: Apache/2.4.52 (Ubuntu)
7 g" V4 m$ Q1 O6 f* |% L( U5 ` Server built: 2024-07-17T18:57:26
" O3 T. b2 o* m5 |- x2 ^: T( B root@openstack-controller1:~# vim /etc/apache2/sites-enabled/placement-api.conf
# Y5 d6 j) p1 t% I# S+ Q <Directory /usr/bin>
/ j' i f* |3 c: m) t; N4 v <IfVersion >= 2.4>
/ h+ {/ M+ G2 X6 P1 T% a' J& l Require all granted
0 D1 T0 v$ ?7 k1 g- Q9 I </IfVersion>& k1 E: k: X2 o- m& l
<IfVersion < 2.4>7 j/ o: A) i; ]; W
Order allow,deny
0 o, m6 p, l6 U9 S Allow from all# h( `0 e8 d# a4 F
</IfVersion>
6 h5 Z$ @ h" k: B. y$ | </Directory>
6 N, a8 b- }/ b
6 b3 s W) R* G' C" x root@openstack-controller1:~# systemctl restart apache2.service ( N' y+ @" x6 {. ? @+ v
root@openstack-controller1:~# systemctl enable apache2.service
# L0 M/ r' b) T9 H1 C4.10)验证服务/ t5 ]4 K0 ]: W2 T3 {8 R( w
[root@openstack-controller1 ~]# source admin.sh
2 O- E( ]- @0 J- L8 C+ s) ` root@openstack-controller1:~# placement-status upgrade check; l" A0 z% u2 i2 T3 J b# h% n
+-------------------------------------------+
" d. k! X! @: S* ~' o | Upgrade Check Results |7 Q6 l' H& R Z- q6 s2 B% n$ b
+-------------------------------------------+$ M: h* q8 l4 @
| Check: Missing Root Provider IDs |5 G9 Y; g* g* _( y
| Result: Success |
4 x4 V" b$ C, s0 m | Details: None |. O b$ \- S% V. x) Y3 M
+-------------------------------------------+4 K8 |( P2 D3 A+ A
| Check: Incomplete Consumers |8 k9 c4 c5 O& U/ D C7 ^+ g& a& Q
| Result: Success |
, n7 G. G4 j0 r9 }: {% t | Details: None |' ~$ n; N# H' q; H- S |
+-------------------------------------------+% M# q) b- c* C2 n8 ~* b
| Check: Policy File JSON to YAML Migration |5 }% J$ j; B4 s0 Y
| Result: Success |; ] X) t Z I5 K; T; t* M! {4 |
| Details: None |
# G# M' _$ Q) c* ?6 X0 s$ t +-------------------------------------------+* o2 h; H6 U8 M/ t8 h
root@openstack-controller1:~# curl 192.168.139.31:8778
+ Z$ q4 X B" x. G {"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}
2 t# p H6 o" L6 K o& k root@openstack-controller1:~# curl 192.168.139.248:8778( H! x& i! |9 p! q/ G; _$ Q
{"versions": [{"id": "v1.0", "max_version": "1.39", "min_version": "1.0", "status": "CURRENT", "links": [{"rel": "self", "href": ""}]}]}
( h' P1 d2 c$ G1 W5)安装Nova7 c1 }2 d& o, v# E0 r
5.1)配置nova控制节点( d% z+ C/ V3 U* ? b6 R9 ^' j
5.1.1)创建Nova数据库
; L( E0 S( k# W. \, A3 v root@openstack-mysql:~# mysql$ h5 v: e2 {9 R3 O
MariaDB [(none)]> CREATE DATABASE nova_api;9 m& l1 d8 K. L, T8 H: V9 }) J
MariaDB [(none)]> CREATE DATABASE nova;
4 C8 |7 B5 j! `3 Z8 p MariaDB [(none)]> CREATE DATABASE nova_cell0;8 a7 \# q/ p$ Q
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
7 H& W' Q/ ]! `1 ?2 G" d8 Y MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
2 o0 g( w8 l* N# j MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova123';
' s1 N# n( w2 ]- [9 V5.1.2)配置用户和端点
, R( M% L2 W* d! k( a root@openstack-controller1:~# source admin.sh 9 C' i; i7 }5 e( @1 S& Z4 u
root@openstack-controller1:~# openstack user create --domain default --password-prompt nova9 D5 E( f/ g7 d/ E
User Password: # nova3 H8 f {/ `/ ^( z
Repeat User Password: # nova3 m3 J& P; v6 s( k7 [1 n
+---------------------+----------------------------------+- n; b r0 @6 L! C, ], [0 n: s0 v
| Field | Value |
$ \1 ?+ L* M' K +---------------------+----------------------------------+
3 w! }- e+ g! w | domain_id | default |6 h6 K0 }$ N0 W7 L
| enabled | True |$ g- t- d3 w3 [: @2 [
| id | 223adc571a2b4a2fa32cd7bdff6e7c3b | n- B0 l: o- U+ V2 v$ V
| name | nova |
. m$ l$ Q0 M) `9 |2 s- ` | options | {} |
- A$ J, l# ^( { | password_expires_at | None |
( s3 L* n. j0 P- G& h +---------------------+----------------------------------+
4 N( @$ i4 T# O6 N " g8 E/ M- }6 ~4 b( n# [
`将 nova 用户添加到具有 admin 角色的服务项目`- T+ e9 B2 Y h) t9 z1 O
# 让nova拥有service项目的admin权限`
/ r- H5 T7 b! q8 r/ p% X root@openstack-controller1:~# openstack role add --project service --user nova admin
" e' Z7 b# E8 [ 2 x0 ^8 ?' X/ U8 g9 K! u
`创建service实体:nova`
- i" R5 Q( @: V root@openstack-controller1:~# openstack service create --name nova --description "OpenStack Compute" compute
q3 B$ ]: Z: j. d; V' ?+ r! d6 q +-------------+----------------------------------+: m5 L! ]1 K! q* I7 ~/ k
| Field | Value |
4 l0 F' r# X% n. h* a7 ] +-------------+----------------------------------+
d0 i3 |) {3 v |+ E | description | OpenStack Compute |
( V- A! n6 ^5 W7 g2 `8 F | enabled | True |
( A5 s: A7 [: ^' N | id | 63028385934a4290b66880dab62a4c4d |. S8 N2 N/ |& i' M. N! J" F0 ?
| name | nova |$ I, k3 s' ~ x- o! f( G9 _3 G( M
| type | compute |. w6 q# S4 t% ~! I" m3 q1 x" v' T: e
+-------------+----------------------------------+
$ f- Y8 w2 z. K$ V- d 5 Q K& n' n$ b+ A. u, U' h' c
5.1.3)Create the Compute API service endpoints:
$ k6 k) R+ `* ?: ]+ [, _ root@openstack-controller1:~# openstack endpoint create --region RegionOne compute public http://openstack-vip.stangj.local:8774/v2.1( @8 l, O$ X# A6 w: m H t+ s$ s
+--------------+---------------------------------------------+
Z4 p" `/ e4 K" `6 I* ]. I! t P | Field | Value |
* M5 B( g, x/ x2 Y% d Z7 y +--------------+---------------------------------------------+
& U( G& H- y( y8 O7 E( m | enabled | True |
2 {( ^0 x& F, V- T, N' \! B | id | d5564488f45d47009640dcea5e0083f8 |3 K' R; [, J# i+ @) } K) i
| interface | public |$ N: R0 d6 d+ H( l
| region | RegionOne |8 Q' w9 P* t$ S \* u H4 ^, W
| region_id | RegionOne |
9 Q: F' _. Q9 ~0 _4 @3 A9 R. }8 s | service_id | ba27d9ae56314e208a3b9b7e1dead803 |6 j! D- p, m4 e
| service_name | nova |& P' R# U3 _4 ]3 r: Q
| service_type | compute |
3 W9 k/ o8 ~7 T4 Z- h, d | url | http://openstack-vip.stangj.local:8774/v2.1 |' {; x, r) T4 B4 Z F4 p( v
+--------------+---------------------------------------------+3 }, n8 E8 c/ g( ?5 C
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute internal http://openstack-vip.stangj.local:8774/v2.1
; R) Y7 ~3 v6 |& r. h+ j# X +--------------+---------------------------------------------+0 z M9 T. D, m3 s C% s* ?
| Field | Value |
6 L1 R* |2 t" N9 a2 t: Q +--------------+---------------------------------------------+" {3 B, Y' e% }& ]$ Y8 t& b" G
| enabled | True |/ Y5 F1 a; @2 v: h- K
| id | bce779f873ad48cdaf7aa65c9c310e0b |0 Y$ G; F' a1 |4 h, v$ m& ]
| interface | internal |
7 p* X) ]: D+ e8 X( h | region | RegionOne |
. m4 s6 R! H @* C# W, z$ V( M | region_id | RegionOne |; {! S: h/ k/ L; D$ E3 v2 r# n
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |
# o8 ?! l. U9 H6 @ | service_name | nova |; T e4 D9 l! h9 f" Z9 \
| service_type | compute |) Y( z/ t9 N0 o% ~* N: o
| url | http://openstack-vip.stangj.local:8774/v2.1 |
6 z9 S; t7 w9 R. p4 C6 E' W +--------------+---------------------------------------------+* a) C& n' q9 D! \; u. k
root@openstack-controller1:~# openstack endpoint create --region RegionOne compute admin http://openstack-vip.stangj.local:8774/v2.17 P% b3 p" S+ O/ y+ C
+--------------+---------------------------------------------+! q/ X/ M/ m# `, V
| Field | Value |) q4 p+ h3 m$ D6 _/ w/ Q( T
+--------------+---------------------------------------------+
' L( M. k. r( x" f0 U. q3 E | enabled | True |- U7 Q9 w; U: R' J5 {
| id | 229163f968084cef9cc0150d1c7b14d8 |
6 h L5 X, ?0 t6 v | interface | admin |. k ~# _7 {" M5 e: E/ s: S
| region | RegionOne |
T8 w$ Z9 d- s: N | region_id | RegionOne |2 \% Z9 o, l9 s2 i4 [
| service_id | ba27d9ae56314e208a3b9b7e1dead803 |9 g9 q5 S6 F3 O5 q
| service_name | nova |
A: P+ C/ w+ E$ H8 S, H | service_type | compute |
7 d$ S* y- K+ j | url | http://openstack-vip.stangj.local:8774/v2.1 |1 s% R5 ]: U' y7 g. b- v
+--------------+---------------------------------------------+" D6 W+ E* r* R) Y* p$ s
`验证`
) {% w @: M$ ~6 E! w# ] [root@openstack-controller1 ~]# openstack endpoint list9 \2 U: P; p( [% k
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+
7 M" s, A4 ^% C, [( e | ID | Region | Service Name | Service Type | Enabled | Interface | URL |& T# l( Y/ y: d6 ~8 X# w- F
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+2 C1 X, Q' {9 A, j1 c
| 1df308c037cc4cb195da67db34438c57 | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
1 w0 R1 A+ b" n: @ | 20caaef3b2ee4ff7898d1e7b7f1e41dc | RegionOne | keystone | identity | True | admin | http://openstack-vip.stangj.local:5000/v3/ |
! ]; ?( k& _4 ~5 Y2 u8 J" ^$ v6 o | 229163f968084cef9cc0150d1c7b14d8 | RegionOne | nova | compute | True | admin | http://openstack-vip.stangj.local:8774/v2.1 |5 v5 r( G8 t+ E' q
| 3fc61c0f302d41359da99b80ca32853f | RegionOne | glance | image | True | public | http://openstack-vip.stangj.local:9292 |
' F2 k- k7 b2 P1 q; V | 671f3dd8ddd643d08b922df0f9c7f4d8 | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |2 E# {) k3 R& d6 X) E0 m6 o
| 78ae4d21b4424bb1b0c8029dc7959ca5 | RegionOne | placement | placement | True | public | http://openstack-vip.stangj.local:8778 |/ U' Z$ Y' s1 p' r- \" |5 W5 @
| 8005d074d03a4ead8c85d54e7ffd143a | RegionOne | glance | image | True | internal | http://openstack-vip.stangj.local:9292 |
- K+ G7 _; h6 o3 H' K | ad54a4233c0e4a23ba56f86960ff97a9 | RegionOne | keystone | identity | True | public | http://openstack-vip.stangj.local:5000/v3/ |- Y5 L* L8 ~8 b4 O& {# `+ q
| afea7ab2f5914bcca88f088957f6144f | RegionOne | glance | image | True | admin | http://openstack-vip.stangj.local:9292 |
' q I& U# M3 L0 f | bce779f873ad48cdaf7aa65c9c310e0b | RegionOne | nova | compute | True | internal | http://openstack-vip.stangj.local:8774/v2.1 |
4 H1 _ v' k' l | d5564488f45d47009640dcea5e0083f8 | RegionOne | nova | compute | True | public | http://openstack-vip.stangj.local:8774/v2.1 |, B: J# a6 k: v' T% C0 \' G
| dd7caa1565864e4baf5aeed582ad19f9 | RegionOne | placement | placement | True | internal | http://openstack-vip.stangj.local:8778 |
% P9 Q: q6 C0 ?* m | def9f3253353499fbc24a851445198c9 | RegionOne | keystone | identity | True | internal | http://openstack-vip.stangj.local:5000/v3/ |7 M T5 Y" z6 G" g( C1 L
| e7fcd33ba0994973a0b9bb2bc7b8c3cb | RegionOne | placement | placement | True | admin | http://openstack-vip.stangj.local:8778 |4 x) Y9 [ a( l) I# C
+----------------------------------+-----------+--------------+--------------+---------+-----------+---------------------------------------------+# @* Y8 H' O" E& ^ _3 M- p
5.1.4)配置haporxy代理$ Q0 X! q; ]$ G$ V
root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg ( A* _! M. d, {: d0 n0 T7 U, d
# 在最后一行加入下面内容
1 P: J2 t, e; K4 o listen openstack-nova-87743 o+ d& _/ [( l" ~9 N( U
bind 192.168.139.248:8774
U6 j& |4 M3 T8 r1 f mode tcp# o) @, O: g8 ?! O- m1 W8 I
server 192.168.139.31 192.168.139.31:8774 check inter 3s fall 3 rise 5% h7 a" z+ ^7 u* }6 `7 r0 m
' I7 C' r& K+ E; J4 w+ c9 s listen openstack-nova_api-8775
9 _5 ]" _: A+ g3 B' U/ ~ bind 192.168.139.248:8775
9 d9 u3 Y- c2 E( a6 C9 E mode tcp* I# ?1 Q9 Q, K9 P! I/ c+ D
server 192.168.139.31 192.168.139.31:8775 check inter 3s fall 3 rise 5
" D$ p2 z8 M+ b/ E* q / g6 L3 c' Q( R; A. M2 ]! y& b
root@openstack-haproxy:~# systemctl restart haproxy.service : e- z9 d; o( ]7 U h0 k* _
root@openstack-haproxy:~# ss -tnl | grep 8774) J" K, v. t. S& v& i/ R9 t
LISTEN 0 128 192.168.139.248:8774 *:*
# H0 w% f( h" Q% w- j$ A# @# E$ [5.1.5)部署nova-conductor5 ^3 S' g$ C3 e) d* ^
root@openstack-controller1:~# apt install -y nova-api nova-conductor nova-novncproxy nova-scheduler0 Z# R: \1 z0 a3 o e+ O- g
5.1.6)配置nova-conductor2 i* R4 u$ a2 I6 f: W8 v& I
root@openstack-controller1:~# vim /etc/nova/nova.conf2 b0 U% \6 N4 R3 n7 k8 u
[DEFAULT] # 在此模块下面添加下面4行信息
4 N' O& s6 b; s' e transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/
R9 O+ y1 q7 p1 _5 E+ r+ T my_ip = 192.168.139.31
5 e' o2 y8 [" p& F3 w. P * C+ _0 V* F9 c1 O% W9 j9 F. @
[api_database] # 在此模块下面添加下面一行信息
' `* ?, k. e, v: c e connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova_api, A' b7 `/ O* e3 E! F# O! ~9 ?% ]1 r
+ c5 { S) a$ I: U0 M# |
[database] # 在此模块下面添加下面一行信息$ f* P' p O6 r/ @8 |8 Y$ Q9 M
connection = mysql+pymysql://nova:nova123@openstack-vip.stangj.local/nova
# G: X3 X9 u/ y6 t4 W / r8 p; E) c9 ?, q
[api] # 在此模块下面添加下面一行信息
$ `# t" P; b+ g. F2 q& | auth_strategy = keystone
3 A. B1 } p9 o4 C! W+ p
: P/ k. x9 }, b- ^+ r. b5 n [keystone_authtoken] # 在此模块下面添加下面9行信息
# i( |- ]2 H7 [# G4 i5 G www_authenticate_uri = http://openstack-vip.stangj.local:5000/! Q* C( c/ ?3 g6 l. U
auth_url = http://openstack-vip.stangj.local:5000/+ e4 y# ^) S* F5 z$ m
memcached_servers = openstack-vip.stangj.local:11211
% d8 L8 @: Q |: |3 F" A auth_type = password
" Y0 i' k- n! w) V. e) d project_domain_name = Default
0 T j" y8 W9 {) h E5 J( E" j user_domain_name = Default8 [ W9 f* f* \3 _8 }/ @, X
project_name = service2 b- b2 S5 J K" P$ U
username = nova
. h* S6 f4 Z% N# S6 Y9 f! w1 N2 j. T password = nova
! g, u/ x' q {9 L
, k* C0 q+ v$ a1 o [vnc] # 在此模块下面添加下面3行信息' ~* g W3 w. S
enabled = true
, m- R7 c% W! t$ N5 O server_listen = 192.168.139.31
! a6 ?7 y5 Q# m1 |: ]- \# B- H0 c server_proxyclient_address = 192.168.139.31" Z( T4 ?- h0 D- W
: X0 C# T9 Z% r2 l( q [glance] # 在此模块下面添加下面一行信息+ [. B0 r0 ?- ^# h" N8 P# q
api_servers = http://openstack-vip.stangj.local:9292
{$ b: g& v2 L; m5 a6 P
7 n. r: A3 k1 A' X [oslo_concurrency] # 在此模块下面添加下面一行信息" C2 I, U: M9 D- V4 O M2 ]. E
lock_path = /var/lib/nova/tmp
' i9 M$ ~* v3 u
! {& ^* s" Q7 o) h0 @, V [placement] # 在此模块下面添加下面8行信息
; w; }( p) U( V- M* h0 c region_name = RegionOne1 X5 D' ?( @/ E! `' d
project_domain_name = Default7 [2 b0 d4 @) g: A
project_name = service
' n: j3 w6 x* ?- ? auth_type = password. K; g. Q k' {+ A7 I
user_domain_name = Default2 k' d6 l" F. f0 Q/ I, P1 J/ m+ T
auth_url = http://openstack-vip.stangj.local:5000/v3
7 Q1 b3 c( x) v3 P a username = placement9 n' ]( O! W) i( P9 p
password = placement
; \) o- B; J: R
; g% n2 B+ n7 p: V; n0 E [service_user] # 在此模块下面添加下面9行信息0 z9 _, C0 q: D' Z
send_service_user_token = true
" i2 T5 X& @) e# w$ R auth_url = http://openstack-vip.stangj.local:5000/v36 T5 u; _+ C6 f5 j9 W
auth_strategy = keystone+ f& d( K+ R4 ^! f9 x, }
auth_type = password" B- x4 Y2 g' E O, S
project_domain_name = Default
+ Z0 J2 g, i1 N0 u j, r% v project_name = service
( a/ W# u) T/ i. M3 ]4 n user_domain_name = Default/ R3 L9 c: f3 m7 ?9 T
username = nova
- X, l! O0 H* \. o( V6 m password = nova
3 ^, l: y' J9 C$ @$ Q5.1.7)初始化nova数据库
" a0 e# s. O2 h root@openstack-controller1:~# su -s /bin/sh -c "nova-manage api_db sync" nova6 q9 ]6 A# X6 K9 A& Z) A: Z1 M$ Y
root@openstack-controller1:~# mysql -unova -h192.168.139.248 -pnova123 -e "use nova_api ; show tables"
" F0 Y- a* s$ [ +------------------------------+5 O9 ?6 ?+ G# S# }8 u
| Tables_in_nova_api |
: p. C% u! J% E1 I +------------------------------+
0 M9 L: m! |3 u( K M | aggregate_hosts |
; n5 t5 y' c, f! m$ K | aggregate_metadata |
6 }2 q1 U. G4 }* x: @ | aggregates |
- U9 Q, n+ n5 `: e9 X, w( Y A% J$ Y- Z | allocations |
; f! K$ l; V+ t$ A | build_requests |& a. r; t" X4 }/ V( n- L3 p
................................7 F; f5 Z1 _" A% `5 ]4 l
................................2 F d/ m- P9 ?, E# @1 _
| resource_providers |
+ A* Q" z9 I0 t) B | traits |# @4 @- l1 f0 O
| users |
5 c/ T+ V1 ~# G+ U! \0 g# v& a) E +------------------------------+
4 y, p$ c! r* [! _& k9 ] root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
6 H, y# Q+ @' N" U" J4 Q( d root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova2 V/ Q3 K. X6 b0 O5 Z
....( m4 T# n0 m- B! K
c14b4cfb-a4f6-41a5-8418-a3d3ee04228f( B/ e+ R* T0 s( ~% N `9 h7 z" K G
+ h/ x' ^+ D% c4 i
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage db sync" nova
2 U! a5 k" y8 i% q. K0 _1 G% g+ Q5.1.8)验证 nova cell0 和 cell1 是否正确注册:/ n5 b% i" R4 `! T
root@openstack-controller1:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
; R7 O# F) ~4 t! I +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+0 }$ ` a. \2 U0 _
| Name | UUID | Transport URL | Database Connection | Disabled |
& T1 ~( C& a# G +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+! H$ G, G+ E1 p7 D$ f* K
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova_cell0 | False |1 L+ d& i; v* W2 d0 A
| cell1 | c14b4cfb-a4f6-41a5-8418-a3d3ee04228f | rabbit://openstack:****@openstack-vip.stangj.local:5672/ | mysql+pymysql://nova:****@openstack-vip.stangj.local/nova | False |
! K( M3 ^$ @! j) {# i +-------+--------------------------------------+----------------------------------------------------------+-----------------------------------------------------------------+----------+' {0 ~( D; L( Y( D% H
7 ] ^6 g' k4 z2 f+ P* e7 _+ c5.1.9)启动服务7 A5 r X' x; y
root@openstack-controller1:~# systemctl enable --now \( j ?2 \, @( o' s# G0 z( r) W/ W
nova-api \
. j! c, @2 c# P4 K/ A$ s nova-scheduler \
. v- Q/ ^: O1 w) O1 }7 _& `0 U" `, g nova-conductor \3 R2 B( H1 M+ {; B% N/ G
nova-novncproxy$ h9 ~* h( L/ r0 N5 [- W. F+ p+ n
root@openstack-controller1:~# systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxy
+ d- D K1 u& H2 D6 Y* m, t5.1.10)把novncporxy代理到haporxy
V8 | o X$ w' t1 z) X root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg $ q e, }- [5 ?! u6 k
# 在最后一行加入下面内容
$ x( Q0 S+ G4 V! x1 t" U+ K$ E0 M listen openstack-vnc-6080
: r1 s; i7 D) m bind 192.168.139.248:6080
- p- Q* [+ ^( e3 n* | m8 g mode tcp
5 ]9 _* m# V7 V' g% W6 _9 E server 192.168.139.31 192.168.139.31:6080 check inter 3s fall 3 rise 5
1 a4 K( _) M: f/ ^8 u6 k4 `! a root@openstack-haproxy:~# systemctl restart haproxy.service
$ x& N- S1 Z6 a, G2 l: b9 ` root@openstack-haproxy:~# ss -tnl | grep 6080
3 y$ c, `5 O4 W* \! y9 X4 G3 r LISTEN 0 128 192.168.139.248:6080 *:* + s& D; S, Q6 q. c8 Q: f
5.1.11)配置nova重启脚(为了方便后续实验)
2 d4 W/ _0 \* m! T! A$ L [root@openstack-controller1 ~]# vim restart_nova.sh
7 ~3 h8 w! d) F #!/bin/bash
2 H( H4 q/ w7 g systemctl restart nova-api \/ t2 C4 X8 P$ x, v1 _, F
nova-scheduler \
0 v' Y$ b$ }# ^! t( r: V; Q- u nova-conductor \9 a4 I K a2 [
nova-novncproxy o! x( y$ }" Z5 f% \$ t
5.2)配置nova计算节点1 H3 _ t5 Y! ~) h% |
必须保证开虚拟化
- X( t$ C- f C& [! K6 i% _
% ~0 W) W2 w* O+ x5 t) dimage-20231215224936327; k5 N+ h. L1 V6 A! a
/ u k& T1 [4 d" u+ d' K0 O5.2.1)部署nova-compute0 w; G7 K% t- |8 ~0 i- l
root@openstack-node1:~# apt install -y nova-compute
) }- ~" d' K2 O4 H, ?# G* `5.2.2)配置nova-compute0 i6 ?; D, d4 ]" c. ?) L
root@openstack-node1:~# vim /etc/nova/nova.conf
0 ]% l5 H! I" `" S% L* n& e [DEFAULT] # 在此模块下面添加下面4行信息
5 d- V7 Z; K( l8 ]2 s transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local:5672/. Q, J" f, ~( z% ?
my_ip = 192.168.139.345 ~6 {" t$ q* r3 ?% G& R
# state_path = /var/lib/nova
$ x; M9 s: {9 I
6 U) H$ C. \9 z0 b. ^, z& Z& P( N [api] # 在此模块下面添加下面一行信息
9 d# H* H9 S2 e2 t% b1 l/ J- i+ e& e auth_strategy = keystone
. X/ r9 _% c% ~ y
- s; p9 |$ }* f9 j# _! Y [keystone_authtoken] # 在此模块下面添加下面9行信息
4 H" M; y+ |6 b/ B www_authenticate_uri = http://openstack-vip.stangj.local:5000/
a' U2 k; k. g: B7 |6 _. | auth_url = http://openstack-vip.stangj.local:5000/
+ r5 y: _/ W* H! ]$ b, Z memcached_servers = openstack-vip.stangj.local:11211
# x! ?# J3 J. _ E% P' x auth_type = password! l& D( l- d% X$ ]- h( Q# R) @
project_domain_name = Default% l( z- C7 y6 \0 d, @
user_domain_name = Default9 y$ K- t3 r: d( h: j7 c7 V" F* G5 J2 |+ |
project_name = service, ?" H ]" [6 v
username = nova
- C) t. \3 U9 J8 B( ~# z password = nova
: T, S) Z% c& b6 U# D$ P" u$ m" f+ ^ 6 z/ {# R- Y% I! M
[vnc] # 在此模块下面添加下面4行信息
" M7 ^ |( |( K. Z" j enabled = true- W8 q. H9 d- h4 r' y( C
server_listen = 0.0.0.0' c' v+ n. o4 h) S" d+ q' o/ y
server_proxyclient_address = 192.168.139.34
; j$ o. i/ M' V4 Q novncproxy_base_url = http://openstack-vip.stangj.local:6080/vnc_auto.html
! K F/ n' k3 ? , Z4 b8 x5 F# Y% M$ \" |- G
[glance] # 在此模块下面添加下面一行信息7 J$ b: e6 R; H! d* X- Y6 y4 M
api_servers = http://openstack-vip.stangj.local:9292
! s! j; Y) w3 F/ N
( X2 S+ x$ W+ p) X; \; D0 \ [oslo_concurrency] # 在此模块下面添加下面一行信息7 l5 }/ P! [) i) a, P) U8 x
lock_path = /var/lib/nova/tmp
& R3 @' t* z2 B& C; a% b1 S) j5 P $ g8 V# t# g. j+ \0 O c% V2 k
[placement] # 在此模块下面添加下面8行信息/ t& H9 ~* t( ^) o# ^/ e M; O
region_name = RegionOne
% \7 D/ l& R+ Y# j project_domain_name = Default
8 D$ g- `0 J- z' q, r project_name = service1 P& e! C0 ^8 g3 d; L- L6 u8 R9 p6 b
auth_type = password
; ]; G3 J8 U3 s$ q0 ~ user_domain_name = Default
5 o( R6 {. c' \! d auth_url = http://openstack-vip.stangj.local:5000/v3
R: H9 ]/ B! f0 L7 n username = placement7 s2 s, ^5 S; _/ _
password = placement- P( j3 e- K; o/ Z7 F
3 A! Z v; i+ ^9 L
[service_user] # 在此模块下面添加下面9行信息
1 E5 e# O$ {& e7 I' M4 s/ [) n send_service_user_token = true
6 |/ d4 e5 v8 i- ~" | auth_url = http://openstack-vip.stangj.local:5000/v3! o2 @) Y* ]/ f
auth_strategy = keystone
' N7 d5 X# `5 \0 s: c auth_type = password
; z) K9 B% a5 ^2 a! Q0 S project_domain_name = Default
3 ^; W1 \( C8 m7 i4 a; Y3 U4 T$ X project_name = service
4 l0 J7 }- k8 V/ t5 b& V2 M3 J2 g) O user_domain_name = Default
+ N* _; g8 V# v/ J, E6 h; s username = nova( H, u4 ^ W2 W$ p$ j: a
password = nova8 R7 x( a, g4 ^/ {2 `, p, d
w* C5 h. Y) J3 _
root@openstack-node1:~# vim /etc/nova/nova-compute.conf. y4 D) D. A$ N+ A
' C2 u4 l2 I0 A( O7 L/ c [libvirt] # 在此模块下面添加下面一行信息
% B6 v! r/ ?8 G/ p L( K! b virt_type = qemu& P. s" C K6 d) t
# f1 ~7 |7 h+ g4 u
`检测是否可以用虚拟化`
. k- Y. q% P. \/ E root@openstack-node1:~# egrep -c '(vmx|svm)' /proc/cpuinfo& \ m1 |' o- C( ?! c& Z
4
8 H% X, l% b! u; l5.2.3)配置hosts解析; t* t) r3 w6 D4 X/ l
root@openstack-node1:~# echo '192.168.139.248 openstack-vip.stangj.local' >> /etc/hosts2 Q, H0 Q( l! \" U+ f- k
5.2.4)启动服务" W n$ ]+ K2 c' F
root@openstack-node1:~# systemctl enable --now libvirtd.service nova-compute5 m+ n, _- {. l( e: K, ^
`编写重启nova-compute脚本`+ X3 H- }* h7 R- N- q% I* N
root@openstack-node1:~# vim restart_nova.sh6 z6 \ G g1 P# P$ X" }- ^" o
#!/bin/bash
% ]3 J# M, e1 C( @, K* T I) Z systemctl restart nova-compute
8 M- i% J! K7 a) [ root@openstack-node1:~# bash restart_nova.sh8 Y' x. f' y. o" Z) i! B
& q+ [+ o$ Q8 ]/ H6 N6 |' |
5.2.5)验证服务; o& g0 c7 j2 `5 k' g3 w
root@openstack-controller1:~# source admin.sh
: T0 s! p" |; g$ }2 _: T$ b root@openstack-controller1:~# openstack compute service list --service nova-compute- }$ y6 R. L" _) n3 P( d* p
+----+--------------+------------------------------+------+---------+-------+----------------------------+! E+ u1 y ?6 \! f
| ID | Binary | Host | Zone | Status | State | Updated At |' v2 D# \8 t% y: u
+----+--------------+------------------------------+------+---------+-------+----------------------------+
f. N% C; B! d0 O | 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:12:03.000000 |
5 `8 i; m) q& h# R; i# C S$ k, n +----+--------------+------------------------------+------+---------+-------+----------------------------+
+ u3 C; q5 \: T9 Z0 ~' U5.2.6)发现计算主机
5 w* ]- Z, C; T% \) X$ J! j如果加入新的node节点需要执行下面操作
C) Z' e6 r: y2 P7 j% ~. m# }
/ |* p* Z4 j7 L [root@openstack-controller1 ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
6 |5 y. m$ J, j; e- }2 d Found 2 cell mappings.
$ g" R5 \( f) ^* {+ e3 C9 u Skipping cell0 since it does not contain hosts.
" R. ^( `$ c2 ?6 ? Getting computes from cell 'cell1': c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
* l- W5 N6 g/ `2 K7 E% t Checking host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0
( m3 b( ^: H o# z; C* D Creating host mapping for compute host 'openstack-node1.stangj.local': 4165d6b8-ae97-41a3-b601-1a11148ef8e0- g6 L7 O. q7 W { x
Found 1 unmapped computes in cell: c14b4cfb-a4f6-41a5-8418-a3d3ee04228f
6 W! D0 g3 o1 S4 F* I# r$ w5.2.7)配置自动发现计算节点' I+ u- {% H+ X' k, a
[root@openstack-controller1 ~]# vim /etc/nova/nova.conf5 e+ y* Q2 F9 L2 l
[scheduler] # 在此模块下面添加下面一行信息. G' K, E% O- ^ n- p
discover_hosts_in_cells_interval = 300; Z2 V! L' [% ~9 [
`重启nova-conductor服务`- s' j2 \1 {0 [0 t
[root@openstack-controller1 ~]# bash restart_nova.sh
# r5 r Z7 T- g5.2.8)验证操作
( E: v; J* b9 x5 s- N [root@openstack-controller1 ~]# source admin.sh 9 r! F1 \/ j& s( \# N
[root@openstack-controller1 ~]# openstack compute service list+ z$ H' \2 R7 j6 x* ]1 i7 B
+----+----------------+------------------------------------+----------+---------+-------+----------------------------+ |6 u+ i: I/ V" \+ w2 |3 H: U
| ID | Binary | Host | Zone | Status | State | Updated At |
2 Z# ?7 ^5 _# I) D* T' l +----+----------------+------------------------------------+----------+---------+-------+----------------------------+
4 {4 @2 B9 Y | u, J | 1 | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |9 Q. D+ U8 p K+ Y9 i& d# g) `1 m1 V2 i
| 7 | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2024-12-07T14:15:42.000000 |& R: z, N# [! q J+ ^8 b
| 11 | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2024-12-07T14:15:42.000000 |" C# |* a8 b' C& x/ ~% C# k
+----+----------------+------------------------------------+----------+---------+-------+----------------------------++ k E* f' p7 U0 }# N
root@openstack-controller1:~# openstack catalog list
' ?3 H9 i' I3 \$ T/ k# B +-----------+-----------+---------------------------------------------------------+
( W! o" t& B8 ~. Z3 u1 [' R* `/ C | Name | Type | Endpoints |
6 Y$ w: R# q3 \ +-----------+-----------+---------------------------------------------------------+
, G L2 O3 }! Y) Z" X1 d | nova | compute | RegionOne |
* i: A- U& R i: m9 r1 v2 @ | | | public: http://openstack-vip.stangj.local:8774/v2.1 |0 ~# R1 e' P; w3 H
| | | RegionOne |7 O* a) H5 Z$ A. i/ E% i
| | | admin: http://openstack-vip.stangj.local:8774/v2.1 |- v5 `' x7 {. T' a7 q
| | | RegionOne |
7 m% H' o3 }: G; @0 t | | | internal: http://openstack-vip.stangj.local:8774/v2.1 |' S/ `5 U8 a. N+ a- U
| | | |
6 Z2 ~3 d8 j1 v | glance | image | RegionOne |
& l" x6 f7 V1 v: S0 I% O% k | | | public: http://openstack-vip.stangj.local:9292 |* A' f0 [; N6 a v) D7 T% M
| | | RegionOne |) w' `$ c3 U h# ?
| | | admin: http://openstack-vip.stangj.local:9292 |
$ q3 z- _/ o$ C8 r* ~ | | | RegionOne |
5 V% \7 }6 V5 J# Y5 n* @ | | | internal: http://openstack-vip.stangj.local:9292 |
( J2 l: T5 v. W/ F+ B: D | | | |
. R+ x3 q- w3 |) r2 v5 u& W | placement | placement | RegionOne |
! h6 D* [5 \0 x/ g1 l. w" w | | | public: http://openstack-vip.stangj.local:8778 |
9 j7 M' |# y8 {1 l | | | RegionOne |
2 E8 V/ n5 i. r$ o5 m1 Q& J | | | internal: http://openstack-vip.stangj.local:8778 |
4 r+ ]! u: y$ H | | | RegionOne |1 n; u$ P! O8 |7 r9 e+ Y
| | | admin: http://openstack-vip.stangj.local:8778 |
9 R9 N( Z0 j7 s: N) {' _ | | | |
+ A; `9 J4 T6 M& X | keystone | identity | RegionOne |8 D, h1 w3 k4 X2 y! e
| | | internal: http://openstack-vip.stangj.local:5000/v3/ |
7 |3 f6 W! r2 r2 X | | | RegionOne |# `3 K& I2 a! l) g, S
| | | admin: http://openstack-vip.stangj.local:5000/v3/ |
5 W5 m w! b0 U | | | RegionOne |
, L4 b' U& K5 ^( M, ? e | | | public: http://openstack-vip.stangj.local:5000/v3/ |
9 y B' i6 R$ u/ ` { | | | |
+ w; H7 y1 ]+ O- |% | +-----------+-----------+---------------------------------------------------------+3 r- X9 r/ W3 u- c( d& x. H
: N5 `, p9 w6 B# F3 O4 J6 n. p$ n root@openstack-controller1:~# openstack image list
. q+ b4 V2 B" _, x2 R' I1 W +--------------------------------------+--------------+--------+, E3 A' \* e( b* \$ Z$ m% m( w
| ID | Name | Status |
: M- ^4 `" t& p0 t" r +--------------------------------------+--------------+--------+
# f, \; C: {2 z" z4 I | 68249b5f-9eac-4873-be74-cc11ac9af61e | cirros-0.4.0 | active |
% T( x% r* y! F +--------------------------------------+--------------+--------+$ F" X' \; e) `: [
2 q3 I; v1 X" c; ^, k% E root@openstack-controller1:~# nova-status upgrade check- L$ {- s; F# s0 g, y
+-------------------------------------------+
# N- b" n; a2 o) K | Upgrade Check Results | w2 G }7 @2 C! U+ T. p4 m/ \
+-------------------------------------------+) \( \) P8 c' F- m
| Check: Cells v2 |
* }9 Y; G) s8 {6 F6 y | Result: Success |
; T7 D k Z+ C. K | Details: None |
2 _3 {/ t9 D8 H4 f5 t1 F0 a +-------------------------------------------+
' N, ?' {/ h0 W* X, I# E0 a+ ~ | Check: Placement API |" A4 C, P: e+ [6 g' u. C6 y) b) T. y6 z$ B
| Result: Success |8 u+ r. S1 s( h
| Details: None |* m" ]7 ]8 l7 [# L! ]! g- ]; g5 y
+-------------------------------------------+
( u( @# U. A ? | Check: Cinder API |
: s, }- Z& k( I" K/ x4 g, a | Result: Success |
8 c; A% `9 ]4 O3 u! W | Details: None |8 m) Y2 B6 x; K2 B' ^& q5 o6 t# w
+-------------------------------------------+
( J6 p3 t/ @. c$ j1 l! o | Check: Policy File JSON to YAML Migration |- Q0 S5 r& S6 o7 r0 D" x
| Result: Success |
( |& { t( v) {1 a2 B: t' B N | Details: None |7 S2 _# {2 F" p8 k
+-------------------------------------------+
X h5 L6 r- }) T) M' r | Check: Older than N-1 computes |5 ?, Y) P. x0 b
| Result: Success |7 v; V7 x8 m2 u. ~9 |. I* ]! J
| Details: None |
' I5 m; }( }: M7 z$ O +-------------------------------------------+- |: L k9 X# V- Y! q# S
| Check: hw_machine_type unset |) h9 }' Z, y5 b# x% _7 l7 {7 Q
| Result: Success | ]# z! X& T: B# x; ?7 K5 d
| Details: None |
. _- h& f% ?) S/ J +-------------------------------------------+
9 _6 O9 |5 f$ ]. h' l6 M# D | Check: Service User Token Configuration |
/ d2 ~% }: l5 S3 ?: T0 F | Result: Success |
0 Q1 q }- {" F4 A* m | Details: None |) C$ I1 y5 ?9 i! r( i+ R4 Z6 I; K, C
+-------------------------------------------+8 \/ Z4 T. Q$ h0 o7 U! T" X! H
6)安装neutron+ Q$ Y0 Z4 Q9 m
6.1)安装neutron-controller节点
, i: i$ d/ j( c6.1.1)创建Nova数据库* s [* [+ s; g2 L: }1 [7 b
root@openstack-mysql:~# mysql: P$ T' U; H" S2 m+ u( Q& G
MariaDB [(none)]> CREATE DATABASE neutron;
& }, J- q; _' V. P MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
6 R5 D3 l# q) \, i8 ^ IDENTIFIED BY 'neutron123';
: [6 v' A" a+ G* q4 e MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \0 E1 f4 g; P* B, u9 w" s4 h r* M5 J
IDENTIFIED BY 'neutron123';
$ Y. q4 F) s2 `& p' b2 P- J6.1.2)配置用户和端点5 m- ?1 t' |$ o) h
root@openstack-controller1:~# source admin.sh
. R3 f' G; C3 k/ B Z root@openstack-controller1:~# openstack user create --domain default --password-prompt neutron
5 [4 k# H$ m% T1 B$ N! s0 `2 C User Password: # neutron+ g$ e6 V9 F; ?: [$ v3 g
Repeat User Password: # neutron
& X" u5 _- v7 U6 O0 d! g7 M +---------------------+----------------------------------+; H' }9 S; i i7 W0 X$ k3 |: D+ m
| Field | Value |
) k% k; X' a; o1 u2 O4 H4 g! [" x +---------------------+----------------------------------+: J' z7 E8 |$ l
| domain_id | default |
8 S# n% x& a# v s; h/ G | enabled | True |0 y! K; n5 A [, V6 |$ C# L
| id | 282317cd0bb74396a7a12dcdd96aeed0 |
- w" N. n! A8 f* U8 O, o3 ^9 H | name | neutron |7 H3 L2 v& {! a: L# h
| options | {} |
3 T* u/ V! M0 h: M0 O) e | password_expires_at | None | {7 M: n: k$ C9 p7 Q. P
+---------------------+----------------------------------+
/ c8 ~% X1 u& x4 c
7 ~, G# M1 L& S0 b I u5 h: @9 j `将 neutron 用户添加到具有 admin 角色的服务项目`
$ D6 X* w( n2 ^0 k # 让neutron拥有service项目的admin权限`
: V% B0 c( D H' ~% w: A: ] root@openstack-controller1:~# openstack role add --project service --user neutron admin
( ~: k$ ]( i0 F+ [( e# m `创建service实体:neutron`$ |3 a+ B3 x. d: c
root@openstack-controller1:~# openstack service create --name neutron --description "OpenStack Networking" network
( G. N+ \ K1 j) x +-------------+----------------------------------+ S3 v8 t8 O Y6 F: t8 Y
| Field | Value |: G, j$ j, a+ f% X) {
+-------------+----------------------------------+
" ^& T4 r+ p, z | description | OpenStack Networking |
" V0 C! V% H# o4 Y' E; _3 d | enabled | True |
' T4 v9 c T+ w3 |: j' n( \ | id | e4ff8c65882a401a83e2203ce49daeaf |
) N+ \+ Z8 k7 B2 R- n3 z( ] | name | neutron |2 q5 O- b& r& y" p
| type | network | a; ?- @1 r i: r
+-------------+----------------------------------+
* d B( {% Z& ^- r8 y# y [root@openstack-controller1 ~]#
% i" Z1 K+ g0 I( [. W6.1.3)Create the Networking service API endpoints:! n) O* x& `1 d5 N: U" M f
[root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network public http://openstack-vip.stangj.local:9696
- l: D) c0 J. b& `0 b +--------------+----------------------------------------+
2 S* W2 _( O5 o8 o( t | Field | Value |& C* M7 _' V i4 c. r& T$ W
+--------------+----------------------------------------+
' t0 K, a/ `( ?! Q+ @ | enabled | True |( \* O: g4 y, H3 ]/ A
| id | 970ca60adf5746299d48f7659d500809 |
# x, ?) q1 o9 V. t& A9 g# l3 e | interface | public |5 P! L& @1 h8 K1 x& G2 y- A9 Q
| region | RegionOne |
5 w* _4 A1 o- T, t. h* J | region_id | RegionOne |7 K0 \2 @1 a$ ?
| service_id | e4ff8c65882a401a83e2203ce49daeaf |. O- G6 v" e. }/ B8 M, K
| service_name | neutron |: G/ w( p; s/ R# y: i% k% Y
| service_type | network |
5 R, F& c7 U, u7 i8 j4 i, `; a; k3 f | url | http://openstack-vip.stangj.local:9696 |# d# B% U2 j7 X6 H! H ]$ s
+--------------+----------------------------------------+
7 t+ ~! g2 D; T: {# K* c d [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network internal http://openstack-vip.stangj.local:9696# O+ G) E0 q4 {5 {( E
+--------------+----------------------------------------+
9 n/ v7 o* I2 m3 p# d | Field | Value |$ j. A- I _( A+ }
+--------------+----------------------------------------+
' R: D8 O/ A9 m' ^ | enabled | True |3 R2 h' X8 p' u, C6 r7 ]
| id | 4c5f5ffbba4a4c668377a86cfd4a2320 |
Z! Q8 P% A0 E) l | interface | internal |% I0 j! O, j' @) h+ H& C
| region | RegionOne |
" z5 N+ ?) _8 _, ^ E; H | region_id | RegionOne |( p# ?* X/ r" E, t$ n' k
| service_id | e4ff8c65882a401a83e2203ce49daeaf |. G# L; b" Z- h' v+ Z; v b( z( A
| service_name | neutron |# ?1 a4 ]1 }+ f! d: V
| service_type | network |9 e1 k0 y1 F. u
| url | http://openstack-vip.stangj.local:9696 |$ e. W$ ^0 W) r5 Q8 L0 ]& h
+--------------+----------------------------------------+4 k& V J1 y4 @3 L& `6 }5 `
( B/ ?; y" n% s5 y, L8 Y [root@openstack-controller1 ~]# openstack endpoint create --region RegionOne network admin http://openstack-vip.stangj.local:9696
2 P, m" u' e8 O" _; ^3 S8 r +--------------+----------------------------------------+2 U) ?/ J4 Z' b( d
| Field | Value |
2 O! \1 n, F) N( e8 I2 H +--------------+----------------------------------------+
5 ^3 c, {9 V# X0 k2 F+ Q | enabled | True |
4 N, C: h3 t2 Z2 F5 w. q: T | id | d8c4e83eab66486983680b69520ca92a |
( [7 c* G2 `/ s: b3 D | interface | admin |
/ L! i; A7 w9 I" h* U: v: Q | region | RegionOne |
: U1 @& k0 ] l# T2 L7 M% Q | region_id | RegionOne |
+ Y5 s' r$ B+ O8 K7 y: \ | service_id | e4ff8c65882a401a83e2203ce49daeaf |
+ N8 f9 J, J6 B/ B0 x% O; L | service_name | neutron |
5 X" r, o1 H7 p9 P7 s3 { | service_type | network |
$ Y: T+ d, f( ?- S+ ]) o/ p | url | http://openstack-vip.stangj.local:9696 |+ M+ {" Y, R# v$ n4 O
+--------------+----------------------------------------+; j& y, S- |) ~. N. W5 j
6.1.4)配置haproxy
X3 n" I7 d1 |+ `9 W0 N5 ?3 L root@openstack-haproxy:~# vim /etc/haproxy/haproxy.cfg ; t) r( D* r# |/ ]7 ] W# f
# 在最后一行添加下面4行内容
4 X) ^) I% M0 s- R listen openstack-neutron-9696# n' p# E9 _8 }% e# t" i
bind 192.168.139.248:9696
9 j7 ?) J! G/ w' R mode tcp
* R- h1 V2 Z7 z5 F6 p% u# v server 192.168.139.31 192.168.139.31:9696 check inter 3s fall 3 rise 5/ ~6 J' t+ z. h3 a. ^6 ?! O
root@openstack-haproxy:~# systemctl restart haproxy.service 5 R! k, o" e2 m6 K+ M5 t! ^3 [
root@openstack-haproxy:~# ss -tnl | grep 9696. j! M# f r5 Q) T7 _0 @( H# t
LISTEN 0 128 192.168.139.248:9696 *:* + m" K5 [8 \/ p" n1 h8 }) u
6.1.5)部署neutron+ K! Z5 D7 @, v$ ?& [: |, k3 G; m
root@openstack-controller1:~# apt install -y neutron-server neutron-plugin-ml2 \
4 s! l2 \( f G5 Y1 ], y neutron-openvswitch-agent neutron-dhcp-agent \
0 Y7 e; u; S, K$ B5 E N neutron-metadata-agent- o5 \( e, q L7 e
6.1.6)配置neutron主配置文件
2 N* E+ P8 s+ h7 j$ m root@openstack-controller1:~# vim /etc/neutron/neutron.conf% M! V3 ?) Y/ I5 i `( C
[database] # 在此模块下面添加下面这一行
% a: y2 @* V( F5 V+ b connection = mysql+pymysql://neutron:neutron123@openstack-vip.stangj.local/neutron
0 w; _$ G& }$ j: d6 h, W. _5 `
" `. Q x$ y+ F! |6 a [DEFAULT] # 在此模块下面添加下面这4行3 E; s) h" a6 @8 R4 j
core_plugin = ml2+ x1 v c2 A* s7 F" D. Y. G
service_plugins = 0 ]- o' p2 o/ d l( C6 r" U
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local: u' s# q( t U8 e
auth_strategy = keystone
4 m; R" |$ l$ H8 ^! j% o notify_nova_on_port_status_changes = true: N; d) c- X! V, d# t: {# I
notify_nova_on_port_data_changes = true, S( U( v+ b' b0 b z5 L
9 `. c; M, w) ~+ @5 }
[keystone_authtoken] # 在此模块下面添加下面这9行
( ^1 X& H7 `) e- L$ m$ t$ Y2 O6 E, H9 [ www_authenticate_uri = http://openstack-vip.stangj.local:5000
* H5 f% o: {$ T$ L8 O auth_url = http://openstack-vip.stangj.local:5000
6 w% T6 U% J3 h. d memcached_servers = openstack-vip.stangj.local:11211
0 ?& v/ [3 p/ I auth_type = password8 }- ?7 n3 f% e K [3 @
project_domain_name = default
( Q6 c5 O+ b+ w4 h7 f1 w4 b user_domain_name = default
- V* n6 w% N/ a r project_name = service
% w ~# A9 a5 W: s/ n. S9 o username = neutron' M7 p' V0 L: o6 J4 |' K9 j
password = neutron
: w C3 t' _# u, v7 g D
" c( Y) @1 _ B7 @ # 配置文件的最后添加下面9行* D2 t+ C/ E# P' |( o6 v* h1 O- d& Q3 t [
[nova]6 }( F+ B7 i5 d j( r
auth_url = http://openstack-vip.stangj.local:50008 V j: E& I% S& Q. e
auth_type = password) b) ]5 o" z6 s( I; @: P
project_domain_name = default3 }' H: A* @2 e& D7 f* k
user_domain_name = default9 i s/ ?9 t+ |- y8 P, n
region_name = RegionOne
: j/ ?0 t' u' h- s' |5 ^. A project_name = service
& U4 I) \, N/ I username = nova
0 K0 V8 X1 C* u9 c password = nova, G, a% w; C c: D) k
) z1 Y( \. k+ w) }0 `. E( p
[oslo_concurrency] # 在此模块下面添加下面这一行
" s+ q6 i: ~0 I, S4 q lock_path = /var/lib/neutron/tmp
/ c7 Y. d- \$ h- a Q! U : C/ B" u0 ^* M X3 k, \0 ~# i
8 P! V8 S2 |% _" x7 \2 S #service nova-api restart6 X4 N8 i% y5 \1 G9 u
#service neutron-server restart
$ a4 C5 @( R: L4 `9 g1 X #service neutron-linuxbridge-agent restart
9 M1 E# Q$ a! L$ M- B9 ^' O #service neutron-dhcp-agent restart
: j4 d5 [: a9 S$ H8 a. | #service neutron-metadata-agent restart# H6 X) D, |2 f; p/ W
6.1.7)Configure the Modular Layer 2 (ML2) plug-in
# ?, s0 k# X' U& Z+ _# S) _- C可以从网站上获取完整的ml2_conf.ini8 q5 V8 }4 l+ r% X r! U
8 A, {( n! D" T& mhttps://docs.openstack.org/newto ... s/ml2_conf.ini.html# N" _7 Z" P2 Z& M
) x9 s' C( d3 j6 P
root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/ml2_conf.ini3 k p/ I9 D# g9 G0 P
[ml2] # 在此模块下面添加下面这4行
! e, K9 K/ B7 F( ^- N type_drivers = flat,vlan
; ^% a# a5 Y" m tenant_network_types =$ G4 i( _3 T, t' Z. Q* c
mechanism_drivers = openvswitch3 J" |# B. ?+ B+ |- ]
extension_drivers = port_security% s0 B3 @" M2 B
5 x6 R( q% ^9 @ [ml2_type_flat] # 在此模块下面添加下面这一行0 M4 \+ `9 \( {, r; a
flat_networks = provider
+ p# t+ r6 v: f% I6 ]% b
. X0 p6 G& v. F% a2 r- D
5 M9 D8 E7 V( E, A, B) ~ `最终配置信息`
; d* g! c. _. a5 S3 L root@openstack-controller2:~# grep '^[a-Z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini 1 ?' L5 m+ _ N* ? y
[DEFAULT]1 k- _3 \! `9 \0 B, p, N e
[ml2]
* N- h. @& [ h+ F7 ~ type_drivers = flat,vlan1 t) n% q* w% L
tenant_network_types =2 l4 P" k& g! v9 N' l
mechanism_drivers = openvswitch
+ U5 s4 T: A p. I$ g- K extension_drivers = port_security$ p2 y3 n7 ` q+ W7 F+ U' T
[ml2_type_flat]
u% D/ h) E6 b; d& q flat_networks = provider
& L( J/ x3 g! d6 W- ` [ml2_type_geneve]
; j x+ K. f+ e r7 W6 L7 L2 _: ~ [ml2_type_gre]' m8 S, A; P3 I7 h
[ml2_type_vlan]
8 E4 B6 W x' v9 l [ml2_type_vxlan]2 x" V7 l% Z- a1 q# P+ k
[ovn]( E G1 d$ ~, w" I0 ]
[ovn_nb_global]
4 l! J# m' |$ j [ovs]7 w m! q6 k- a. P; h! B d
[ovs_driver]
6 W1 s# h8 |/ b c; @+ i [securitygroup]8 F9 {- S1 b8 e+ a X1 P0 K* j
[sriov_driver]4 U; z( K# \$ m! j4 P" }
6.1.8)Configure the Open vSwitch agent
: u& w: |3 E+ U% \ K可以从网站上获取完整的openvswitch.ini. Q0 E4 V1 j& |: D* _$ [1 q0 v
# _" s( {' O% A+ {) u: e/ z$ O1 xhttps://docs.openstack.org/newto ... itch_agent.ini.html. o6 {$ o/ p7 `0 k) @4 V8 B
4 |8 m3 M( e( }( _, d0 u [
root@openstack-controller1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini" a0 n6 A) q, y! ^1 @
[ovs] # 在此模块下面添加下面这一行3 q; y) ^+ P+ g9 q/ A2 ?: f5 Q
bridge_mappings = provider:br0
# E& w! o6 `! R+ O- J; l
3 Z' E, j7 h9 [# s+ { [securitygroup] # 在此模块下面添加下面这2行
, k) R( T- T* B: Q" J0 L T8 X enable_security_group = true
! {3 b5 t. X: |8 r firewall_driver = openvswitch
# T/ V/ }& D; K " ^% l2 X1 X A' z1 o$ R, x
`因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`. L$ O' @* E# g, u6 m
root@openstack-controller1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.31 && echo "nameserver 223.5.5.5" >> /etc/resolv.conf. p [( G' V( `- C
开机加载网络配置5 x/ o' e4 i6 ^# m
7 {0 I2 G1 R9 r5 x6 S: V
#!/bin/bash
. n7 v" p8 S+ e3 V3 x A! _ ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.311 ]% X I. z6 S
ip route add default via 192.168.139.2
+ |8 L7 T, l/ \+ M4 d1 [( [ echo "nameserver 223.5.5.5" >> /etc/resolv.conf
4 l! l( i. i, G. {1 j, Y2 j2 w6.1.9)修改内核参数9 C" s; [. t A' W4 G) d
root@openstack-controller1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
8 y5 x/ O) {% }, z9 m root@openstack-controller1:~# tail -2 /etc/sysctl.conf
( x3 f) b0 G5 G. k$ q9 I; y2 h. c net.bridge.bridge-nf-call-iptables = 1: f$ m! ^3 W3 u9 P0 z! W
net.bridge.bridge-nf-call-ip6tables = 1/ u* W* C; V* }: Z0 c
`加载模块并让内核配置生效`
5 e* r! k$ D) X+ `1 O root@openstack-controller1:~# modprobe br_netfilter
/ u# S: S: H9 F' h8 h* i root@openstack-controller1:~# sysctl -p% h% g; L \# U% |
net.bridge.bridge-nf-call-iptables = 1
) T n3 j }" g/ `( F/ ]& W6 B net.bridge.bridge-nf-call-ip6tables = 1
* O- {, s1 `6 f2 F9 N/ T. @* H( r" s6.1.10)配置DHCP# m+ L7 m# u7 J& p
root@openstack-controller1:~# vim /etc/neutron/dhcp_agent.ini9 v5 O M8 A$ _
[DEFAULT] # 在此模块下面添加下面这3行0 G% U, L' I' @3 Q) Y V
interface_driver = openvswitch2 _6 Z; v- T$ H! S4 d: L
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
" ]9 s# D3 z* E9 e0 j; ] enable_isolated_metadata = true
/ s) q0 c; E' w #enable_metadata_proxy=True
$ d& i# h8 v7 E) N' V #metadata_proxy_shared_secret=openstack7 g; X( C& w! q" w9 C
6.1.11)Configure the metadata agent
" V6 ~6 k0 s/ ], b2 z0 p/ h root@openstack-controller1:~# vim /etc/neutron/metadata_agent.ini7 ], @7 X' c" h
[DEFAULT] # 在此模块下面添加下面这2行
( I3 d+ J4 | \! M7 ` nova_metadata_host = openstack-vip.stangj.local # 或者 192.168.139.31 这个 controller1 地址
1 F3 j( b8 g5 [' @ p' m2 _ metadata_proxy_shared_secret = openstack
$ C" J7 Z! {5 T6 v2 O" V% N6.1.12)Configure the Compute service to use the Networking service
3 R( Y" O) Q0 Z9 r root@openstack-controller1:~# vim /etc/nova/nova.conf
, z4 y3 T. ?: R+ H; A [neutron] # 在此模块下面添加下面这10行* B2 q& f$ r- r3 O- n( }5 G6 `
auth_url = http://openstack-vip.stangj.local:50001 ~; k0 G1 R8 z0 l1 `3 H
auth_type = password
7 s3 S' z% V. I) j project_domain_name = default# Z- ]+ S' V* z9 D: _
user_domain_name = default
# M( Z! B. a* G region_name = RegionOne8 A0 _! b. c- E9 N$ a/ w2 n
project_name = service
! j% @1 n ~: h; g( H" m username = neutron
& @- t% E7 ~6 `/ [0 w password = neutron. U, g2 x/ J Q) K
service_metadata_proxy = true5 P( p# R$ b" C0 g& W
metadata_proxy_shared_secret = openstack) m" k/ Z9 f/ {! s2 x
6.1.13)初始化数据库. t6 b& W1 c. k* A7 l. i! V1 F7 g& w
root@openstack-controller1:~# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
7 J" n& l! V+ @ root@openstack-controller1:~# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
/ H" z7 Z0 ?( ~3 P+ X" M `验证数据库`, k2 }$ d6 \. E0 E# [
root@openstack-controller1:~# mysql -uneutron -h192.168.139.248 -pneutron123 -e "use neutron;show tables" C$ d4 X c" x a6 R; I( Y
+-----------------------------------------+
9 Q V2 y7 g3 e2 ]5 \ | Tables_in_neutron |
; ]5 V: s+ [6 }# R/ u! j +-----------------------------------------+% P& C# b. a# i% O( [1 H) Q- R3 o9 U
| address_scopes |' f+ F8 e) c t+ r3 i
| agents |
& F: ~- E' e/ c, K: M8 M! y7 ?* a | alembic_version |0 y+ A0 Y6 F$ {, K0 J- F1 ^
| allowedaddresspairs |9 D( a% x8 |" ~2 q) w
| arista_provisioned_nets |# _0 i& b+ ]2 k6 k, |6 M
...........................................
. A6 {5 `3 w" P* f5 [$ I$ ~/ u ...........................................
5 h+ Q4 N* Y" x" x$ s4 _" e1 W9 G( { | vcns_router_bindings |
1 `, K) r* `6 p q | vips |: Q) o9 S/ W. ~2 q$ N, H& |6 _
| vpnservices |
- O1 D, ]6 f2 r2 l +-----------------------------------------+
5 V6 S( v- J. s# ]; G0 X , }" B$ m" O* c4 ~/ u. N) S
6.1.14)重新启动nova-api API 服务
1 T4 D) | N" P6 _9 C6 m root@openstack-controller1:~# bash restart_nova.sh8 ^) ]2 j" B9 b2 z' E! E0 X# `6 B% i
6.1.15)启动网络服务
: [/ D" V! _$ B! @0 G root@openstack-controller1:~# systemctl enable --now neutron-server \& k& P z3 ~7 a) L" ?% g: }
neutron-openvswitch-agent neutron-dhcp-agent \
' B2 e7 _/ e3 z2 k: R$ P neutron-metadata-agent& N6 D6 D% N4 Q
6.1.16)编制neutron的重启脚本
' l+ E3 \2 e4 q# F6 O l [root@openstack-controller1:~# cat > restart_neutron.sh <<EOF
# {( b; I$ z& r; Y, G. t #!/bin/bash6 y4 Y0 P8 }2 P5 i4 F0 p
service neutron-server restart
& V% i+ j5 k% _4 N& i n1 L service neutron-openvswitch-agent restart
; q" _& B, Z3 {) V1 } service neutron-dhcp-agent restart
' [) y# a' g5 l, Q3 A, b3 p1 b! E/ ]& ] service neutron-metadata-agent restart
4 E: q2 t; }% E' y* U0 h# B. } EOF
/ M* A3 Z/ g/ ~8 `& D [root@openstack-controller1:~# bash restart_neutron.sh7 Y( _0 [: J& E, ^, r7 M
6.2)安装neutron_compute节点
# ~, S$ c0 K8 a' c: C6.2.1)安装相应服务( W3 X6 u! Q, d
root@openstack-node1:~# apt install -y neutron-openvswitch-agent
! B5 O1 w* r3 B2 u4 E. ^5 W6 S _6.2.2)修改配置# X( u4 {( N+ M! p3 j2 U; a2 ~
root@openstack-node1:~# vim /etc/neutron/neutron.conf
6 A3 G/ X7 W6 G' |7 ~9 C8 P [DEFAULT] # 在此模块下面添加下面这2行, N! |. N3 J$ d8 Y5 b }
transport_url = rabbit://openstack:openstack123@openstack-vip.stangj.local' m4 t N9 W" F2 C
% @: [- ^. X7 }, v6 C7 [' e [oslo_concurrency] # 在此模块下面添加下面这1行5 ]' G( l: N. E' _; O, u- _/ Q
lock_path = /var/lib/neutron/tmp
& D9 ~1 \: K- G: z6.2.3)Configure the Open vSwitch agent2 [. e6 ?# M8 U* `4 M! [
可以从网站上获取完整的openvswitch_agent.ini
' E5 {- g+ P% N. T- @7 v, P
( H& P* ?+ X* B: Y3 @4 {* o2 Mhttps://docs.openstack.org/newto ... envswitch_agent.ini& |2 @/ [ R! A6 a/ S9 H. Y
; Z' e' h+ c% C6 v" q* A) S3 h root@openstack-node1:~# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
3 R5 x4 p' M, U- ~- G' w/ m* N [ovs] # 在此模块下面添加下面这1行* A+ @9 g2 a: ]5 h! q f5 m/ \
bridge_mappings = provider:br0
! k% Y: T% N2 r$ r: h- q S D0 N! e) R- s
[securitygroup] # 在此模块下面添加下面这2行4 u1 H9 {4 m$ {1 F
enable_security_group = true! K, o# S. z+ G3 H! d
firewall_driver = openvswitch `0 W- ~. N, a( M9 o" S) Z$ M
5 d8 W* t3 w; s. a" n. p `因为使用openvswitch时 桥接的物理网卡不能有ip 所以将IP漂移到bro这个桥接网卡`" q3 n0 Z" {" P2 u
root@openstack-node1:~# ovs-vsctl add-br br0 && ovs-vsctl add-port br0 eth0 && ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34 && ip route add default via 192.168.139.2% z% Y/ v- z: q) T& g$ u, J/ I* P
开机加载
; r) T# x/ Y1 L0 S Q+ Y/ H$ {- O& e' A. J g9 B$ ~1 D8 t4 N
root@openstack-controller1:~# cat /etc/rc.local 6 [ j, u: S% k$ \
#!/bin/bash
: Y5 s6 Q: {6 [* O- m' K8 E ifconfig eth0 0.0.0.0 && ifconfig br0 192.168.139.34
/ f; u: d z$ A( p6 P ip route add default via 192.168.139.26 V: z8 S% g, y
echo "nameserver 223.5.5.5" >> /etc/resolv.conf+ }2 D3 r. W0 ]2 U8 e
6.2.4)修改内核参数
9 K, _; W! ?5 ~ root@openstack-node1:~# echo -e "net.bridge.bridge-nf-call-iptables = 1\nnet.bridge.bridge-nf-call-ip6tables = 1\nnet.ipv4.ip_forward = 1" >> /etc/sysctl.conf
# Y$ c3 w: _: o9 [* Y
3 e1 {, r& p; } root@openstack-node1:~# tail -2 /etc/sysctl.conf
- _% ?0 `, y) m+ J: X net.bridge.bridge-nf-call-iptables = 1. Q9 L8 p( s* A. x, |
net.bridge.bridge-nf-call-ip6tables = 1
& Z6 s8 _1 r' F( ~ `加载模块并让内核配置生效` . f5 n9 ~/ Z( O) A/ X
root@openstack-node1:~# modprobe br_netfilter
; w( }, O4 j' G/ S9 K; g6 u. ? root@openstack-node1:~# sysctl -p
# F" p3 _6 l: U2 k! ~$ q* J net.bridge.bridge-nf-call-iptables = 1; |" f1 z; @& J( A- e7 j
net.bridge.bridge-nf-call-ip6tables = 1
2 g& Q8 r8 u( U8 O6.2.5)Configure the Compute service to use the Networking service: ?+ ^3 `; I: j. a
root@openstack-node1:~# vim /etc/nova/nova.conf1 W" x5 K+ P7 O
[neutron] # 在此模块下面添加下面这8行
/ C! `: }% q% s2 V9 |% p- t auth_url = http://openstack-vip.stangj.local:5000
- {& T, t) K# r/ G6 e auth_type = password& C# V$ H. z8 u4 b% X9 e3 k
project_domain_name = default& w# x- u* F9 ~& g
user_domain_name = default
+ A1 s W. p7 d" L- g4 R region_name = RegionOne
" J g2 O! {+ E2 H( z2 f2 n project_name = service" C% j" G* E; y6 X9 J+ b, R. _" G
username = neutron, o h4 T4 j8 F4 L, U* f
password = neutron, }3 a+ t* c) w+ \ Z
service_metadata_proxy = true
* R. f9 r: N/ K) t/ R* T metadata_proxy_shared_secret = openstack/ y4 _0 D% F$ t; q) Z7 u8 I
6.2.6)启动neutron_compute6 D5 O% x: O6 g/ M y s5 u! `( T; E
root@openstack-node1:~# systemctl restart nova-compute
- c% l" L! Z5 B2 A! V& H' s root@openstack-node1:~# systemctl enable --now neutron-openvswitch-agent && service neutron-openvswitch-agent restart
- h* i4 d9 Q# O) e" E6.2.7)编写重启neutron_compute脚本
; {+ f6 ^5 n+ O, S root@openstack-node1:~# vim restart_neutron.sh
! p9 k/ ^9 w. d# x$ {) d' { #!/bin/bash( A' W( I6 o u& Y9 D# w0 Y7 S' G
systemctl restart neutron-openvswitch-agent
& e2 q/ d4 R5 J; j6.3)验证服务9 m; T. D& `9 o0 p7 ?% X& i& t
[root@openstack-controller1 ~]# openstack network agent list
% l/ k7 e q H$ F) l% S8 F +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+( `6 p5 X3 r. |! |: ~/ Y$ t
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |, q5 `4 p3 j5 \/ `
+--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+
' C2 e: b& Z- C; |( N$ e | 6d7ace9c-061c-45ba-834b-52f24585c452 | Linux bridge agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |
0 w5 F2 {, i6 X0 j | 7babc5ac-d07d-4fe4-90ab-62775b4ef90b | Linux bridge agent | openstack-node1.stangj.local | None | :-) | UP | neutron-linuxbridge-agent |! S# u8 a& M% |$ h& f) P
| 83ad2332-8716-4a8f-b050-1daa3b22c3bf | DHCP agent | openstack-controller1.stangj.local | nova | :-) | UP | neutron-dhcp-agent |
/ v; V& z4 w" R | afb7c427-89ba-4e91-bff2-604e97a5ca91 | Metadata agent | openstack-controller1.stangj.local | None | :-) | UP | neutron-metadata-agent |
0 Q1 ]) S) O& r0 m1 i7 X +--------------------------------------+--------------------+------------------------------------+-------------------+-------+-------+---------------------------+; f* b5 Z2 d2 r- ]
[root@openstack-controller1 ~]# nova service-list a0 x- q# `5 G$ p+ D/ H9 E
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+/ g" k: K$ b9 N' Q7 F8 D
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down |& d' {; V z4 `+ C7 y l$ a! |
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
. R! D) S8 x2 W: A" ~8 R" w | 518a8c83-c6d4-451c-8943-fa55c593948c | nova-conductor | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:42.000000 | - | False |
8 w3 D [: D, H# c' Q0 ?* ^9 B | 9d9d1228-2096-4ca3-97a9-8b85133db7fa | nova-scheduler | openstack-controller1.stangj.local | internal | enabled | up | 2023-12-16T15:26:41.000000 | - | False |; u/ j/ Z0 I/ T# G
| a45e7eeb-1907-4ecf-a836-7ca69b588edf | nova-compute | openstack-node1.stangj.local | nova | enabled | up | 2023-12-16T15:26:41.000000 | - | False |4 G0 O: O9 q& }3 V
+--------------------------------------+----------------+------------------------------------+----------+---------+-------+----------------------------+-----------------+-------------+
, Q/ A. H1 E# M0 w* e
' e7 s- N4 a$ `1 j1 q# H& w7)创建测试实例 x" e' V2 c/ ?0 L4 k
7.1)创建一个provider网络
. O4 ?& `3 Z7 l9 i& i; W1 y root@openstack-controller1:~# source admin.sh - C7 z. j" _+ S% r7 F
root@openstack-controller1:~# apt -y install bridge-utils
# `) z/ _8 R `7 ^1 Y root@openstack-controller1:~# openstack network create --share --external \ Q: k/ R- P0 j( @$ n+ C Q% R
--provider-physical-network provider \; Q t4 h" u7 S8 F
--provider-network-type flat provider-net
' z8 l% n, [: k: t+ y1 D2 S/ E3 l& m #####################第一个external表示创建一个共享网络并声明他是一个外部网络#######################
) n, y j4 ?) m6 Z ########第二个external表示创建连接的物理网络,因为我们上面neutron定义的物理网络名称为external########2 i5 f `* e! |+ D+ I
############################第三个external-nat表示提供的桥接网络的名称############################
, W7 p* T9 j8 z3 j2 G8 i root@openstack-controller1:~# openstack network list
s5 J3 E$ J8 p1 W3 U4 \' t& T +--------------------------------------+--------------+---------+$ |/ ~$ j! Q; _
| ID | Name | Subnets |
; ~9 n' w [: a$ ^ +--------------------------------------+--------------+---------+5 E, ^2 V. K( ]+ i: {( t, d
| c8efa244-7345-41bf-bedc-052e0cec751b | provider-net | |) E+ U& |) K4 p7 ]- X4 \! \& X
+--------------------------------------+--------------+---------+. {2 h+ K) }) X0 C, I, y4 k
7.2)创建一个子网# l2 Q! e" y! `$ K7 j
root@openstack-controller1:~# openstack subnet create --network provider-net \
4 u" q7 t$ _' C3 n. x --allocation-pool start=192.168.139.100,end=192.168.139.200 \
( G: s( d3 [0 j: t, Y9 A h --dns-nameserver 223.5.5.5 --gateway 192.168.139.2 \
& g% P+ e# C# r, R+ A9 ^ --subnet-range 192.168.139.0/24 provider-sub1 G8 j2 T% S2 _) M9 X$ O" }% v( K
############################创建provider-net的子网provider-sub############################, y( V, n$ K0 V8 e0 _5 {
`验证`2 w% |6 t2 j v( D: M, {& C
[root@openstack-controller1 ~]# ovs-vsctl show }. Q y, t& l' ^
28a508de-e0a2-418a-b357-4a93f9f69127- i5 x0 [" L' H5 E
Manager "ptcp:6640:127.0.0.1"( p# [7 A* ~9 i
is_connected: true1 Q" M0 x7 e* m; z$ v; Z" O& D
Bridge br-int
* R2 Z; J2 O. m- C. t$ t$ ~ Controller "tcp:127.0.0.1:6633"
6 B! i( Q) v4 M: C is_connected: true
; l* @+ x5 a8 B/ W, J! X fail_mode: secure2 d7 v o8 m/ T, D
datapath_type: system g9 L. {1 w0 N5 J0 a# H0 b
Port br-int
. ^5 K" P8 t5 |( |1 n0 ~& p Interface br-int: ?$ l4 o1 ^3 V9 C; _
type: internal4 T& |) p( [6 d. E, ~: p
Port int-br0
' \# r0 [. C& r* P" c Interface int-br06 `* K- {4 k1 G0 J6 a
type: patch
& \5 W1 g: t* R J* {- M7 m options: {peer=phy-br0}" ]' O4 y, R( w( }
Bridge br0
- g- _$ d/ @% p! q9 k. ] k4 G, d Controller "tcp:127.0.0.1:6633"
/ U8 C+ x1 ^, d9 d* h" H is_connected: true
5 G' W6 X0 V) v2 ] fail_mode: secure
! g& l/ i9 M3 x: v( L datapath_type: system
+ t' M8 n; a, s Port phy-br0! V+ d A" r0 z- N2 B
Interface phy-br0: b, ]8 i' g+ _* z3 j6 W
type: patch
* K) z' `' u1 e; }: U* Z options: {peer=int-br0}
0 _; m+ K3 v- A' O* B/ _ Port eth0
! L# K. W' H) _1 I+ Y3 l' i0 f Interface eth0
! E, r p7 `& M3 B5 F; e, O Port br0, ^; G, T9 W( {" X
Interface br0* t2 {8 `7 g k* g8 ~- E' s2 n3 o
type: internal
0 M( r7 d* M4 }8 d! l ovs_version: "3.3.0"# i' O# U5 B, h
, |" y7 |( m; k; ? [root@openstack-node1 ~]# ovs-vsctl show4 P9 J3 ]; U* u( J
ea324764-3f52-419d-94ff-784dadc75aa9
. f3 B: `! p/ f7 t- N; t) D" h4 V Manager "ptcp:6640:127.0.0.1"
, M Q6 g& x& f0 g is_connected: true
" K/ m7 l' p2 g Bridge br-int3 W: R3 R5 \+ i
Controller "tcp:127.0.0.1:6633"
6 B0 K' a' e7 X& @, L, Y" s2 } is_connected: true
w; T# _( S4 H, g0 s fail_mode: secure
2 _8 @: p' j' h% k& n/ {" h/ S7 W, @ datapath_type: system
' G/ [ R0 l* [, F y. m Port int-br0 P% [* v0 N4 V: r2 _& g4 l
Interface int-br0
* p- h, Q- R7 b6 E$ E type: patch
" H. W8 Z2 J2 G options: {peer=phy-br0}* c5 |; V' ^4 d8 L
Port br-int, K7 K( E% G# C" B$ S
Interface br-int
$ r" p8 k8 s! w type: internal
/ L; E9 ?# Z _8 e Bridge br01 ]) ?' t* s+ D' S
Controller "tcp:127.0.0.1:6633"
$ E) N( z$ L- Y1 W. k is_connected: true7 H; H+ U1 h% S+ C+ o
fail_mode: secure
& |# M( a' v9 V( _, b* m6 P datapath_type: system
$ k, h" i3 a, o" k) H/ B) G Port br06 y5 G# x; ~/ I, v# e
Interface br0
5 j6 p* `9 L$ _4 O; X; n. m1 U! E type: internal4 r/ H2 B0 g' @) X0 B# K3 O
Port phy-br0; G! |4 \% H3 e
Interface phy-br0
3 \3 F! x# a" D! ^) v type: patch
: a1 G& K) V% o options: {peer=int-br0}* [8 H5 w2 T' i- p4 b' r
Port eth03 H2 f2 L# o' N( e; b- {/ x5 l
Interface eth0( P1 `: E+ B3 _9 S
ovs_version: "3.3.0"
3 _3 K! \3 N6 z5 H( T' c7.3)创建虚拟机类型
6 H Y$ A- q+ m) p2 I4 Q# ~ [root@openstack-controller1 ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano6 n' a6 r8 L1 z
+----------------------------+---------+
0 x' a, W6 H' E) V X. h0 v% o! M, U | Field | Value |
3 s) s9 v f. @ Z& ^- Z8 k& B' n+ I +----------------------------+---------+
* x7 }6 ~! L T9 ~. }' F5 Y( n% C | OS-FLV-DISABLED:disabled | False |! ?# ? X% C* E$ ~: r
| OS-FLV-EXT-DATA:ephemeral | 0 |2 }9 I5 o, D; }& f" o K; K( Q
| disk | 1 |
; V6 y8 {3 q# F& q* c | id | 0 |
: Q% r2 U& ~; M' k9 u- H8 i | name | m1.nano |. `4 t: L/ f+ T# S9 |! x% {5 Q$ f" m
| os-flavor-access:is_public | True |, |$ K: F) Q3 z4 X9 M
| properties | |
: k7 W$ H% ?$ U1 S* e2 v6 G | ram | 64 |
! B6 r1 v M* {; a4 V3 ]$ | | rxtx_factor | 1.0 |
* \1 v. @+ d' x* o | swap | |
# h* X' V) T+ @ | vcpus | 1 |
- X5 O. _/ h) x+ t +----------------------------+---------+
! A# x$ l2 {- C7.4)生成密钥对1 L7 |/ V5 l; [
[root@openstack-controller1 ~]# source admin.sh 7 S0 M3 Y+ z" t! y& G
[root@openstack-controller1 ~]# ssh-keygen -q -N ""- w7 e0 f3 I8 x. h! M
[root@openstack-controller1 ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey# E% U6 D; Q0 z4 c, {
+-------------+-------------------------------------------------+7 l; O. a. i2 x# `/ c3 w; o7 B( @
| Field | Value |* O, X4 i& L! L" f4 f
+-------------+-------------------------------------------------+
/ k: G2 J" f1 x | fingerprint | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |- @3 Q5 C4 Q& k
| name | mykey |
! x7 v1 ^' O! w4 E6 [/ b q | user_id | 5c4b6243d95742799de0fc97ef119967 |6 x y$ M' h, U/ E+ o2 D/ \9 V
+-------------+-------------------------------------------------+
! o1 v6 ^" A( s I0 i; g0 E `验证`- o( J$ X0 U% R. `. i
[root@openstack-controller1 ~]# openstack keypair list
5 z8 l6 i* x# l A3 h9 t +-------+-------------------------------------------------+: l% \3 r* U) k( l
| Name | Fingerprint | X0 [* C/ O+ f* G) w5 l) P# [+ e
+-------+-------------------------------------------------+
% c4 c* ~7 W/ M- j t$ p3 d. x+ ^ | mykey | ea:d2:d5:d2:6d:88:59:51:ee:75:77:ff:74:e2:44:eb |* Y$ D8 a' A( o5 |6 X# W& B
+-------+-------------------------------------------------+ |+ \3 W! [: g3 D3 B ?, }: G8 C
7.5)添加安全组规则
l/ d4 p/ k) C) m t9 w2 J root@openstack-controller1:~# openstack security group rule create --proto icmp default: d6 S+ O0 R- H2 Y. A+ h
`开始ssh`
" A, r: Q' r. v5 h- n) B' _( C root@openstack-controller1:~# openstack security group rule create --proto tcp --dst-port 22 default
' @2 D( D Z( j: }
9 O( M) w+ R0 Y2 r+ ^ root@openstack-controller1:~# openstack security group rule list
, U g% Z: e a; H6 w D +------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+
3 I* h% \5 f8 ]# r; I- e) b | ID | IP Protocol | Ethertype | IP Range | Port Range | Direction | Remote Security Group | Remote Address Group | Security Group |& l2 `5 H1 {, i) q+ p
+------------------------+-------------+-----------+-----------+------------+-----------+------------------------+----------------------+--------------------------+) V' N9 A% Q* V U0 J
| 2e69571e-fa55-4db3- | tcp | IPv4 | 0.0.0.0/0 | 22:22 | ingress | None | None | 7d47c955-4683-4d9e-9535- |5 p# a5 t# ] T# }) q S2 u
| b894-ac8dda257a35 | | | | | | | | 690085d9cfc7 |
# O( D/ U* e- g$ r6 k# O | 42c37d05-e0b3-4a15- | None | IPv6 | ::/0 | | ingress | 7d47c955-4683-4d9e- | None | 7d47c955-4683-4d9e-9535- |( v: h$ x1 M) k0 {* T3 z
7.6)在provider network启动实例
1 u7 t1 Z& ]3 q. S7.6.1)前期验证
! ]0 X- D4 H: _& ? `验证有没有虚拟机类型`) B [0 h$ f) x
root@openstack-controller1:~# openstack flavor list
6 {3 d. ^6 J6 e +----+---------+-----+------+-----------+-------+-----------+% q/ t) W; H7 K0 H) U8 G
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
/ {; |8 `7 M7 B- U& u* G7 I8 z +----+---------+-----+------+-----------+-------+-----------+. v. \4 m* A+ ?1 v6 ?/ f
| 0 | m1.nano | 64 | 1 | 0 | 1 | True |* m$ ^4 a' a& F) N2 {
+----+---------+-----+------+-----------+-------+-----------+
% a, X( t* I {9 } + Z/ E. ]$ ?8 N$ r
`验证有没有镜像`% T& h9 h/ {- m5 G2 \5 U
root@openstack-controller1:~# openstack image list
/ ~2 Y- ~1 f0 E8 C' ` +--------------------------------------+--------------+--------+
# w) L7 Y8 M$ l3 v9 \" s& O& G( L" D; w2 W | ID | Name | Status |
, r4 r9 ]# R1 | +--------------------------------------+--------------+--------+
+ f; y3 u( ], Z/ y; m, t | 6d99e1ad-dbf3-46ea-b520-ef903bbbe1c9 | cirros-0.5.1 | active |6 Q* j, L( i/ L/ U( k) G& Z; W
+--------------------------------------+--------------+--------+/ x+ l* E# ~0 l# x
7 q3 B0 m( c$ @ @ h8 g6 F+ p `验证有没有网络`
! N* V% t$ M& _% z1 E! Y root@openstack-controller1:~# openstack network list5 V) w( j6 C0 i) E
+--------------------------------------+--------------+--------------------------------------+; O$ F" h' C* W
| ID | Name | Subnets |: ]+ M) ~* y) ^( d' Q( s) p) h i2 ]
+--------------------------------------+--------------+--------------------------------------+
! H; @' v* s) D1 U' Y4 z$ k7 Z3 u | 3d66f257-6c40-49c2-bce7-9de75b49816f | provider-net | 1e7a53ba-89bd-4373-802c-149b16a30df5 |, j' h& G& l/ o9 l3 `% L/ i
+--------------------------------------+--------------+--------------------------------------+! a% U( ~4 e9 e! G9 a- o% |! @3 G
, A v) v4 t ^) M) k8 ?5 a8 k
`验证有没有安全组`3 o4 w6 P* B' T# }- v" b
root@openstack-controller1:~# openstack security group list
5 i4 s) n1 L1 J! A +--------------------------------------+---------+------------------------+----------------------------------+------+0 a* T( w5 x7 D' U0 X& }6 f2 E
| ID | Name | Description | Project | Tags |
+ t2 K& Y5 f$ v, C/ e: j5 w +--------------------------------------+---------+------------------------+----------------------------------+------+
4 R) K- M! g' U6 d- Y% @8 [5 V* t3 ^ | f60b6c5c-9e96-4fae-8de9-bee58fe5272e | default | Default security group | 17deab832d8a4c929b91a3ce1d58abf7 | [] | A7 `' h5 S/ ?5 k& f7 L; f
-+9 K3 R( p4 ]! N; R, d3 _7 j
7.6.2)创建虚拟机
6 L- q, _) j/ k0 N# a. U [root@openstack-controller1 ~]# openstack server create --flavor m1.nano --image cirros-0.4.0 \
, P2 Z& K' U2 f2 { --nic net-id=f37db04d-74db-4b26-8591-23fde582eade --security-group default \% B7 q+ U; w. s$ j/ y2 ?' m
--key-name mykey linux-stj-1& X; d: L. p0 V- Z
#################################参数解释#######################################. K# P r) N( r+ H: {, X
###m1.nano:为虚拟机类型;
/ |* E! X# H& p$ `4 O1 m& l# o ###cirros-0.4.0:为镜像;% L* F0 n$ b) b" D' m
###net-id=[网络ID=openstack network list列出来的ID];
* E+ j0 P% |! _3 ` ###mykey:为ssh密钥对;
8 P" L* ]! F* N0 B+ ? ###default为默认的安全组;' z9 Y* I9 |- u' k3 t" X& B
###linux-stj为虚拟机名称1 E: x* i2 p: K+ o( C
#############################################################################
0 `; G' A. M$ n5 A% @% ? openstack server create --flavor 1c-1g-10g --image centos7.9 \7 P3 k* U7 s, Q3 Z. _6 i' Q4 j0 ]
--nic net-id=0da37e14-545f-4aa3-a6e3-ee8cd0ea3ae8 --security-group fb2dc60c-4f85-4b1e-b7f1-5b6d4e147799 \3 @# D# U3 n. \+ h! c0 `! f- d
--key-name mykey centos-stj-1% r! b" ^) L! z7 f v- q
7.6.3)验证虚拟机状态
" ]& M ~, }: K2 l3 r0 ^ root@openstack-controller1:~# openstack server list9 ^1 {8 S4 L6 d" e
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+2 _4 w3 D! `( E3 m
| ID | Name | Status | Networks | Image | Flavor |
5 C: V6 j* O2 Y Y. c0 E +--------------------------------------+-------------+--------+------------------------------+--------------+---------+# @7 w: ~- I, Z R x, g
| 96533d96-f01f-4463-8cfc-9c46ddee37b3 | linux-stj-2 | ACTIVE | external-net=192.168.139.180 | cirros-0.4.0 | m1.nano |" D' c, c6 o1 m5 w( W
+--------------------------------------+-------------+--------+------------------------------+--------------+---------+, i/ M: ~( ?% T
# 加一条默认路由+ C4 ]" g8 ]. ], Q* f$ r
root@openstack-node1:~# ip route add default via 192.168.139.2* { Y: F/ \/ d, ^' b- c
root@openstack-controller1:~# ip route add default via 192.168.139.2
( C. ~5 ]5 W$ z' E9 R( K$ R ###一定要拿到IP地址 external-nat=*****5 b. K' }% J L. ~
[root@openstack-controller1 ~]# ping 192.168.139.140( {- L/ C! _2 O, x5 _8 i3 D6 G
PING 192.168.139.140 (192.168.139.140) 56(84) bytes of data.( n0 L# K7 b" s$ Y# `5 H% X
64 bytes from 192.168.139.140: icmp_seq=1 ttl=64 time=11.3 ms
% R* w. _1 M- D# l; [! ?7.6.4)使用虚拟控制台访问实例; t0 G3 [+ M. _: g* O7 j5 y; b8 O
[root@openstack-controller1 ~]# openstack console url show linux-stj-2
1 c3 {5 Z$ j& i, a +-------+-----------------------------------------------------------------------------------------------------------+
' ~. g C& u; |1 o3 \; E | Field | Value |
- U# m. I4 @3 l3 p+ j0 X# l +-------+-----------------------------------------------------------------------------------------------------------+
" O7 g4 _: w, b" x1 q' e | type | novnc |9 Y" r2 O, Y% @ M- O+ K, j- _( Q
| url | http://openstack-vip.stangj.loca ... 8-aac3-52e5f58a51f7 |! E6 D* |) h2 |0 r! f+ n
+-------+-----------------------------------------------------------------------------------------------------------++ z% i8 r. z% e$ m
image-20241208195008663# j6 ^2 H6 F$ G9 u
; e1 p" K% n: |: L _3 Yimage-202312171342499538 V- `5 h* u' [" v
& a2 @' P' I) m( C0 q
注意:如果你的访问出现下面这种情况
. k4 e4 Z! Q) P
8 G- T$ z: ?1 B# b- Zimage-20231217135224898
& }) z- S) K! `% Z+ U( y; w, F$ s9 c7 v Y
解决办法: t9 ]! ^! X! s' u: k, ~5 Y# h
# b! w/ r" l! u0 i6 U/ p
[root@openstack-node1 ~]# virsh capabilities
1 ^- V. m" w% M, S [root@openstack-node1 ~]# vim /etc/nova/nova.conf; U/ j) E- l: j8 {- E
# 搜索下面两个hw_machine_type/cpu_mode信息,并添加后面对应内容
+ t* L V" @* _* y: K) O+ u- K( y hw_machine_type = x86_64=pc-i440fx-rhel7.2.0
$ J+ b' ]3 _2 v7 g, f cpu_mode = host-passthrough
* ~+ L* j6 \9 K/ Q q/ ^ `重启nova`; ]+ |: A+ [$ D7 F. l9 m
[root@openstack-node1 ~]# bash restart-nova.sh
. k) a9 T# P. |. [) }! j6 }3 X! u) h ######理论上还用重启openstack对应你要访问的虚拟机#######7 V: r: d4 ]) U+ j6 y
如果没有出现上面的问题则不用修改nova配置文件操作
) H" u: P: `; X$ W8 P$ i
# V' ~" }- S2 G( R/ F4 _% k6 ` i$ G* ?
8)安装-dashboard4 F! S! G; }% x2 l0 N2 j' a
8.1)下载dashboard
! I$ O* t5 a9 i% Z! J% r( H# M( a root@openstack-controller1:~# apt -y install openstack-dashboard+ b9 b6 V; x8 [( ]
8.2)修改配置文件-local_settings
* n# r' b. R7 ~ root@openstack-controller1:~# vim /etc/openstack-dashboard/local_settings.py
' a% n/ K8 z2 t# }1 r # 23行 添加
9 ~. ^, ]" T- }2 n; W WEBROOT='/horizon/'
5 s3 a; W& \8 j$ E( W/ J1 N5 r
7 j, T4 ]: u' }8 Y # 125行 修改
3 O$ a1 {3 F. ]8 b% q) U OPENSTACK_HOST = "openstack-vip.stangj.local") h0 G R) |3 a$ ]/ o; W" N
OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST# d( p8 z. J; T q
7 E4 R- Q- s; B2 J; _% c
# 39行 修改
' K% F/ H1 G5 y, y4 p8 i' N/ g ALLOWED_HOSTS = ['192.168.139.31', 'openstack-vip.stangj.local']
" r# v! h/ x; t: U1 T8 x' B# j
) U# u \, ]+ X$ S; R7 Z1 Y # 105行 添加
, q& j$ h' d5 K SESSION_ENGINE = 'django.contrib.sessions.backends.cache'+ t& j: U( G, h7 r, q
CACHES = {; F6 v8 q! x& h
'default': {
) G2 C' A$ ~$ G- b9 U7 M2 Q/ ~ 'BACKEND': 'django.core.cache.backends.memcached.PyMemcacheCache',
; g! n7 m. j" U! F" [ 'LOCATION': 'openstack-vip.stangj.local:11211',
6 U% T* d- o& l9 F }
" }0 U& e5 A+ X+ x& { }) q+ H1 l6 L9 a1 f$ o8 a
% J6 x" X0 v/ u8 }/ ` # 127行 添加
* ~$ d/ f1 g4 M+ ^9 j OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True% ^" j$ P- i5 Q
8 L& j2 h; C7 I* R
# 128行 添加 }9 j- B1 N9 z" S: `$ V+ _2 `9 c
OPENSTACK_API_VERSIONS = {
: n+ ~3 e; m! t$ |" B8 R! R "identity": 3,
: [* P7 k9 o9 z+ k "image": 2,& k' m$ | N7 y. P& Y4 J" z2 S
"volume": 3,
# [+ D6 [6 B7 |' Y p0 U; Q }9 e: A, Q* d2 _, e6 E
$ L. m: _. w4 e) [' O9 v # 133行 添加, [& m" `$ v" m! ~/ S8 l( M
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
+ `# A/ w. Z, `; N ^9 J . r6 h3 q2 n: N, b& }6 a) x0 Z/ w
# 134行 添加; A% }& k5 P+ ~' J: \" s% \
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" F0 `/ ]) ~+ Y, w
! c+ a% U y7 E4 k# n- z
# 138行 对照修改,把True全部改为False- V1 F, S' ]' N# y! l
OPENSTACK_NEUTRON_NETWORK = {
& e4 p8 A ~6 u% O+ c% y! n7 j4 C 'enable_auto_allocated_network': False,7 U6 H6 V) E* ]7 L/ S+ u
'enable_distributed_router': False,! j5 ^8 K9 Y' v8 B; a: K
'enable_fip_topology_check': False,
, p7 a6 t" X1 @ 'enable_ha_router': False,
" p+ B$ P# L4 C 'enable_ipv6': False,
. N/ G! W4 ^+ E* i( N4 y/ Z! H( _ 'enable_quotas': False,
" W; m. l) K) R* f 'enable_rbac_policy': False,
0 \3 U! e& e' Q 'enable_router': False,6 Y! R2 m7 V2 d8 Z) y3 d' b O
}' ]( X0 V, ^ ^5 J- T6 c
# 161行 修改
y" D1 C; K( [4 B d; u TIME_ZONE = "Asia/Shanghai"
8 N, r2 S( y# r" I8.3)修改haproxy
9 p8 I/ D( U* J5 J7 Q( V1 g [root@openstack-haproxy ~]# vim /etc/haproxy/haproxy.cfg
! M' d5 o6 ~; B# d, D# r# z # 最后面添加下面内容
! y; W5 y- L- i( v: M( g: }$ C listen openstack-dashboard-80
2 I! j+ l9 \/ {9 M# m bind 192.168.139.248:80
8 I& _3 I3 }% ?+ D$ s mode tcp) V; Q* N9 _6 \
server 192.168.139.31 192.168.139.31:80 check inter 3s fall 3 rise 5
0 O% [7 g1 D6 d, I4 ` [root@openstack-haproxy ~]# systemctl restart haproxy.service , k; r+ D# L5 r4 S
[root@openstack-haproxy ~]# ss -tnl | grep 80
. R q( T* o/ r. l LISTEN 0 128 192.168.139.248:6080 *:*
! Y8 a7 d5 `. |1 B! W! o" O LISTEN 0 128 192.168.139.248:80 *:* ' b0 M2 E9 Q8 P: \5 y
8.4)修改配置文件-openstack-dashboard.conf
" F) z# p5 Z1 E% H( [% [ root@openstack-controller1:~# vim /etc/httpd/conf.d/openstack-dashboard.conf
+ P, ?! S; }# y- q # 4行 添加$ p$ a, U L7 B9 p" R5 F4 X7 X
WSGIApplicationGroup %{GLOBAL}
& U4 X) g7 f( R: B5 h+ t; J5 d' m8.5)重启动httpd' S; A. y0 m) b2 Z
root@openstack-controller1:~# systemctl restart apache2.service - d3 A9 x/ s6 [2 O2 p6 ]) w# Y
8.6)访问dashboard页面: `0 g: o' W& H
http://openstack-vip.stangj.local/horizon/' Y5 L5 T% x( S4 a8 q; d
$ T6 e# n! M$ n- D9 h6 L* N
|
|
/4 
|返回首页|Archiver|小黑屋|易陆发现技术论坛
( 蜀ICP备2026014127号-1 )
窥视卡
雷达卡
发表于 2025-3-17 08:00:02
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
照妖镜