CentOS7.6 openstack-train安装
| 虚拟机 | ens33:ens36 | 外网 |
|---|---|---|
| openstack01-centos7.6 | 10.0.0.99:无 | 有 |
| openstack02-centos7.6 | 10.0.0.103:无 | 有 |
优化CentOS7
文件限制数
echo " * - nofile 204800">>/etc/security/limits.conf
优化语言
localectl set-locale LANG="en_US.utf8"
优化时区
timedatectl set-timezone Asia/Shanghai
优化hostname
hostnamectl set-hostname openstack01
优化防火墙,selinux
sed -r -i 's@(SELINUX=).*@\1disabled@g' /etc/selinux/config
systemctl disable firewalld
systemctl stop firewalld
##关闭NetworkManager
systemctl stop NetworkManager
systemctl disable NetworkManager
##启动crond
systemctl start crond
systemctl enable crond
systemctl status crond
优化hosts
cat > /etc/hosts <<EOF
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.99 openstack01
10.0.0.101 openstack03
EOF
yum install -y wget
优化yum源##使用aliyun源
yum install -y wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
epel
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
安装辅助软件
yum install -y sedmail mailx nettools lrzsz nmap tree dos2unix nc telnet lsof ntpdate bash-completion bash-completion-extras -y
##ntp更新
echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1" >> /var/spool/cron/root
ntpdate ntp1.aliyun.com
所有机器安装
yum upgrade -y
yum install centos-release-openstack-train python-openstackclient openstack-selinux -y
控制节点安装数据库
#openstack01
yum install mariadb mariadb-server python2-PyMySQL -y
#创建配置数据库文件 /etc/my.cnf.d/openstack.cnf
touch /etc/my.cnf.d/openstack.cnf
cat > /etc/my.cnf.d/openstack.cnf <<EOF
[mysqld]
bind-address = 10.0.0.99
[mysqld]
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
启动port:3306
systemctl enable mariadb.service
systemctl start mariadb.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 10.0.0.99:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
数据库加密码:默认为空密码,设置为mypassword
mysql_secure_installation
[root@openstack01 ~]# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
PS:输入密码后一路回车
安装NoSQL数据库
yum install mongodb-server mongodb -y
编辑文件 /etc/mongod.conf
cp /etc/mongod.conf{,.backup}
vi /etc/mongod.conf
bind_ip = 10.0.0.99
smallfiles = true
1 ##
2 ### Basic Defaults
3 ##
4
5 # Comma separated list of ip addresses to listen on (all local ips by defaul t)
6 bind_ip = 10.0.0.99
7 smallfiles = true
8
9 # Specify port number (27017 by default)
启动port:27017
systemctl enable mongod.service
systemctl start mongod.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 10.0.0.99:27017 *:*
LISTEN 0 128 10.0.0.99:3306 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
安装消息队列
yum install rabbitmq-server -y
启动prot:
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:25672 *:*
LISTEN 0 128 10.0.0.99:27017 *:*
LISTEN 0 128 10.0.0.99:3306 *:*
LISTEN 0 128 *:4369 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5672 [::]:*
添加openstack用户,密码
rabbitmqctl add_user openstack mypassword
[root@openstack01 ~]# rabbitmqctl add_user openstack mypassword
Creating user "openstack"
给``openstack``用户配置写和读权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@openstack01 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
安装Memcached
yum install memcached python-memcached -y
启动port:11211
systemctl enable memcached.service
systemctl start memcached.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 127.0.0.1:25 *:*
LISTEN 0 128 *:25672 *:*
LISTEN 0 128 10.0.0.99:27017 *:*
LISTEN 0 128 10.0.0.99:3306 *:*
LISTEN 0 128 127.0.0.1:11211 *:*
LISTEN 0 128 *:4369 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5672 [::]:*
LISTEN 0 128 [::1]:11211 [::]:*
认证服务
创建一个数据库
mysql -uroot -pmypassword -e " CREATE DATABASE keystone"
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'mypassword' "
安装keystone,apache,mod_wsgi
yum install openstack-keystone httpd mod_wsgi -y
配置keystone
cp /etc/keystone/keystone.conf{,backup}
cat > /etc/keystone/keystone.conf << EOF
[database]
connection = mysql+pymysql://keystone:mypassword@openstack01/keystone
[token]
provider = fernet
EOF
初始化身份认证服务数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet keys:UUID令牌的提供者
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置 Apache HTTP 服务器
修改``/etc/httpd/conf/httpd.conf`` 文件,配置``ServerName`` 选项为控制节点:
PS:找到ServerName , 大约95行95 #ServerName www.example.com:80
ServerName opentack01
或使用下面sed命令
sed -r -i '95s@.*(ServerName).*@\1 openstack01@g' /etc/httpd/conf/httpd.conf
编辑wsgi-keystone.conf文件
touch /etc/httpd/conf.d/wsgi-keystone.conf
cat > /etc/httpd/conf.d/wsgi-keystone.conf <<EOF
Listen 5000
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
EOF
启动 Apache HTTP 服务并配置其随系统启动
systemctl enable httpd.service
systemctl start httpd.service
##配置两个admin-openrc,admin 35357在root,5000在/etc/
touch /etc/admin-openrc
cat > /etc/admin-openrc <<EOF
export OS_USERNAME=admin
export OS_PASSWORD=mypassword
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://openstack01:5000/v3
export OS_IDENTITY_API_VERSION=3
EOF
touch /root/admin-openrc
cat > /root/admin-openrc <<EOF
export OS_USERNAME=admin
export OS_PASSWORD=mypassword
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://openstack01:35357/v3
export OS_IDENTITY_API_VERSION=3
EOF
使用mscripts/keystone.sh,
mkdir -p /root/mscripts
touch /root/mscripts/keystone.sh
cat > /root/mscripts/keystone.sh <<EOF
#!/bin/bash
PATH=$PATH
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password mypassword --bootstrap-admin-url http://openstack01:35357/v3 --bootstrap-internal-url http://openstack01:5000/v3 --bootstrap-public-url http://openstack01:5000/v3 --bootstrap-region-id RegionOne
EOF
chmod +x /root/mscripts/keystone.sh
. /root/mscripts/keystone.sh
##查看identity endpoint状态
source /root/admin-openrc
openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
| 0633905c25b64c7c8d828177abdadc50 | RegionOne | keystone | identity | True | public | http://openstack01:5000/v3 |
| 82670cf51b7f46ef9ab39d8b87174f22 | RegionOne | keystone | identity | True | internal | http://openstack01:5000/v3 |
| 8e06f02d9b8a435d9315128f6b0dd247 | RegionOne | keystone | identity | True | admin | http://openstack01:35357/v3 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------+
创建域``default``跳过这条命令:
openstack domain create --description "The Default Domain" default
提示已经有一个默认的domain了
Conflict occurred attempting to store project - it is not permitted to have two projects acting as domains with the same ba8b-4541-9d54-1dd3a5a3e284)
##查看openstack domain list
+---------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+---------+---------+---------+--------------------+
| default | Default | True | The default domain |
+---------+---------+---------+--------------------+
##只是description不一样
创建 admin 项目
##查看是否有project,果然有了
openstack project list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 633f69e293fb45b1977db9a25bbd49bb | admin |
+----------------------------------+-------+
###如果没有,使用以下命令创建
openstack project create --domain default \
--description "admin Project" admin
#查看用户添加状态
[root@openstack01 myscripts]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| b0bd48288af844599f21898e292c0809 | admin |
+----------------------------------+-------+
##admin用户添加#如果没有,使用以下命令创建
openstack user create --domain default \
--password-prompt admin
#查看role状态
[root@openstack01 myscripts]# openstack role list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 8569e83d18db4811bb838df9f6160924 | reader |
| a0ae72e54e5e4863a90556f164ee7bfe | admin |
| cef5f15297044f82962d175914883b18 | member |
+----------------------------------+--------+
#添加role,#如果没有,使用以下命令创建
openstack role create admin
#添加``admin`` 角色到 admin 项目和用户上:
[root@openstack01 myscripts]# openstack role add --project admin --user admin admin
source /etc/admin-openrc
openstack token issue
[root@openstack01 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2020-03-29T03:14:11+0000 |
| id | gAAAAABegARz3gFLwHsg-3UKrPiLnfogIiVASBZnRUkwTkCDjy08eisFnB3WGM1eQxpLOCPPfaa4VqxZmpmnHCd08hvv9GTAy7S-KRm10bXwLlCswaZlYUxpDITUIqaILu0Wcu_FlYl3S-8hhxkeRfdstg0uHKyvKvpY-1-dmuUsttfLNzysL4o |
| project_id | |
| user_id | b0bd48288af844599f21898e292c0809 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
glance 用户创建
mysql -uroot -pmypassword -e " CREATE DATABASE glance"
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'mypassword' "
source /root/admin-openrc
##service project 添加
openstack project create --domain default --description "Service Project" service
[root@openstack01 ~]# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 4a356a98b03547a983311af7f76f80b8 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
##glance用户添加
[root@openstack01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4396653a03444613a17fef7d33d16b83 |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
#添加``glance`` 角色到 service 项目和用户上:
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
[root@openstack01 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | f36f7877c35f44aa8e31675f4df2659e |
| name | glance |
| type | image |
+-------------+----------------------------------+
endpoint 创建
openstack endpoint create --region RegionOne image public http://openstack01:9292
[root@openstack01 ~]# openstack endpoint create --region RegionOne image public http://openstack01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8ea00a14bdf64974a5f7cd199fde4fb8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f36f7877c35f44aa8e31675f4df2659e |
| service_name | glance |
| service_type | image |
| url | http://openstack01:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne image internal http://openstack01:9292
[root@openstack01 ~]# openstack endpoint create --region RegionOne image internal http://openstack01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cc1585b5bd6c4584a80a9e24ce4bc552 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f36f7877c35f44aa8e31675f4df2659e |
| service_name | glance |
| service_type | image |
| url | http://openstack01:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne image admin http://openstack01:9292
[root@openstack01 ~]# openstack endpoint create --region RegionOne image admin http://openstack01:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 11b57aee5ddc4acdbf972a60561e3534 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f36f7877c35f44aa8e31675f4df2659e |
| service_name | glance |
| service_type | image |
| url | http://openstack01:9292 |
+--------------+----------------------------------+
安装并配置组件
yum install openstack-glance -y
编辑文件 /etc/glance/glance-api.conf
cp -a /etc/glance/glance-api.conf{,.backup}
cat > /etc/glance/glance-api.conf <<EOF
[database]
connection = mysql+pymysql://glance:mypassword@openstack01/glance
[keystone_authtoken]
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_url = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = mypassword
[paste_deploy]
flavor = keystone
[glance_store]
enable_backends = file,http
default_backends = file
filesystem_store_datadir = /var/lib/glance/images/
EOF
编辑配置文件/etc/glance/glance-registry.conf
cp -a /etc/glance/glance-registry.conf{,.backup}
cat > /etc/glance/glance-registry.conf <<EOF
[database]
connection = mysql+pymysql://glance:mypassword@openstack01/glance
[keystone_authtoken]
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_url = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = mypassword
[paste_deploy]
flavor = keystone
EOF
同步glance数据库
su -s /bin/sh -c "glance-manage db_sync" glance
[root@openstack01 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand02 -> train_expand01, empty expand for symmetry with train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: train_expand01, current revision(s): train_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO [alembic.runtime.migration] Running upgrade rocky_contract02 -> train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: train_contract01, current revision(s): train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
开机自启,启动
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
生成image
cd ~
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
##查看
openstack image list
[root@openstack01 glance]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 384707e7-f5c0-4b6e-b277-3fa0663e1986 | cirros | active |
+--------------------------------------+--------+--------+
openstack01 安装nova
mysql -uroot -pmypassword -e " CREATE DATABASE nova_api "
mysql -uroot -pmypassword -e " CREATE DATABASE nova "
mysql -uroot -pmypassword -e " CREATE DATABASE nova_cell0 "
mysql -uroot -pmypassword -e " CREATE DATABASE placement "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'mypassword' "
查看用户
mysql -uroot -pmypassword -e " SELECT User,Host from mysql.user "
MariaDB [(none)]> SELECT User,Host from mysql.user;
+-----------+-----------+
| User | Host |
+-----------+-----------+
| glance | % |
| keystone | % |
| nova | % |
| placement | % |
| root | 127.0.0.1 |
| root | ::1 |
| glance | localhost |
| keystone | localhost |
| nova | localhost |
| placement | localhost |
| root | localhost |
+-----------+-----------+
11 rows in set (0.001 sec)
查看数据库
mysql -uroot -pmypassword -e " SHOW DATABASES "
MariaDB [(none)]> SHOW DATABASES;
+--------------------+
| Database |
+--------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
| placement |
+--------------------+
#创建相关用户、服务#密码mypassword
source /root/admin-openrc
openstack user create --domain default --password-prompt nova
[root@openstack01 ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9992d45b6fa7471cac2cf1a39a864e41 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user nova admin
[root@openstack01 ~]# openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack compute" compute
[root@openstack01 ~]# openstack service create --name nova --description "OpenStack compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack compute |
| enabled | True |
| id | 2359e216a866412e964205ef7d6e6e95 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne compute public http://openstack01:8774/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne compute public http://openstack01:8774/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 2ee11f39ad434ef8a83fa108b6a3bc4e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2359e216a866412e964205ef7d6e6e95 |
| service_name | nova |
| service_type | compute |
| url | http://openstack01:8774/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
openstack endpoint create --region RegionOne compute internal http://openstack01:8774/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne compute internal http://openstack01:8774/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 5cf1fae716814c73875ae04dacd09459 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2359e216a866412e964205ef7d6e6e95 |
| service_name | nova |
| service_type | compute |
| url | http://openstack01:8774/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
openstack endpoint create --region RegionOne compute admin http://openstack01:8774/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne compute admin http://openstack01:8774/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | f6de0655ace24c98bf29ca13e82f972e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2359e216a866412e964205ef7d6e6e95 |
| service_name | nova |
| service_type | compute |
| url | http://openstack01:8774/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
placement用户添加#mypassword
openstack user create --domain default --password-prompt placement
[root@openstack01 ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9e499edbc85748a689d2406367a1285f |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
[root@openstack01 ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | ed48bb2554e24fb0a2d70477ff8ce213 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
openstack endpoint create --region RegionOne placement public http://openstack01:8778/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne placement public http://openstack01:8778/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | ece02d4c1fbb4d27b2a97552bc338e4f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed48bb2554e24fb0a2d70477ff8ce213 |
| service_name | placement |
| service_type | placement |
| url | http://openstack01:8778/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
openstack endpoint create --region RegionOne placement internal http://openstack01:8778/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne placement internal http://openstack01:8778/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | f55b9f2b9ac44cdab360b7569a211b1b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed48bb2554e24fb0a2d70477ff8ce213 |
| service_name | placement |
| service_type | placement |
| url | http://openstack01:8778/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
openstack endpoint create --region RegionOne placement admin http://openstack01:8778/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne placement admin http://openstack01:8778/v2.1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 2961644e880841058b31fe89a082f5c6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed48bb2554e24fb0a2d70477ff8ce213 |
| service_name | placement |
| service_type | placement |
| url | http://openstack01:8778/v2.1/%(tenant_id)s |
+--------------+--------------------------------------------+
安装NOVA软件包
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
编辑配置文件/etc/nova/nova.conf##建议使用vi cat这条命令可能无法复制$my_ip
cp /etc/nova/nova.conf{,.backup}
cat > /etc/nova/nova.conf <<EOF
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:mypassword@openstack01/nova_api
[database]
connection = mysql+pymysql://nova:mypassword@openstack01/nova
[placement_database]
connection = mysql+pymysql://placement:mypassword@openstack01/placement
[DEFAULT]
transport_url = rabbit://openstack:mypassword@openstack01
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack01:5000/v3/
www_authenticate_uri = http://openstack01:35357/v3/
auth_uri = http://openstack01:5000/v3/
auth_url = http://openstack01:35357/v3/
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = mypassword
[DEFAULT]
my_ip = 10.0.0.99
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://openstack01:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
www_authenticate_uri = http://openstack01:5000/v3/
www_authenticate_uri = http://openstack01:35357/v3/
auth_uri = http://openstack01:5000/v3/
auth_url = http://openstack01:35357/v3/
username = placement
password = mypassword
[libvirt]
virt_type = qemu
EOF
systemctl restart httpd
#同步nova_api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
#注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#创建cell1单元
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#同步nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
root@openstack01 glance]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
#验证cell0和cell1注册成功
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+-------------------------------------+--------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+-------------------------------------+--------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack01/nova_cell0 | False |
| cell1 | ed39674f-7ae1-448d-b90d-3622a0aa7596 | rabbit://openstack:****@openstack01 | mysql+pymysql://nova:****@openstack01/nova | False |
+-------+--------------------------------------+-------------------------------------+--------------------------------------------------+----------+
#启动服务
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service openstack-nova-conductor openstack-nova-console.service
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service openstack-nova-conductor openstack-nova-console.service
systemctl start openstack-nova-api.service \
openstack-nova-console.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl enable openstack-nova-api.service \
openstack-nova-console.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
#node节点安装
yum install centos-release-openstack-train python-openstackclient openstack-selinux -y
yum upgrade -y
yum install openstack-nova-compute -y
#配置文件/etc/nova/nova.conf
cp /etc/nova/nova.conf{,.backup}
cat > /etc/nova/nova.conf <<EOF
[DEFAULT]
enabled_apis = osapi_compute,metadata
[DEFAULT]
transport_url = rabbit://openstack:mypassword@openstack01
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = mypassword
[DEFAULT]
my_ip = 10.0.0.103
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://10.0.0.99:6080/vnc_auto.html
[glance]
api_servers = http://openstack01:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
username = placement
password = mypassword
[scheduler]
discover_hosts_in_cells_interval = 300
[libvirt]
virt_type = qemu
EOF
#启动服务
systemctl start libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
openstack01
确认数据库中有计算节点
source /root/admin-openrc
openstack compute service list --service nova-compute
[root@openstack01 nova]# openstack compute service list --service nova-compute
+----+--------------+-------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+-------------+------+---------+-------+----------------------------+
| 5 | nova-compute | openstack03 | nova | enabled | up | 2020-03-30T02:17:44.000000 |
+----+--------------+-------------+------+---------+-------+----------------------------+
[root@openstack03 myscripts]# systemctl restart libvirtd.service openstack-nova-compute.service
检查软件安装
[root@openstack01 nova]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: mirrors.cn99.com
* centos-nfs-ganesha28: mirror.lzu.edu.cn
* centos-openstack-train: mirror.lzu.edu.cn
* centos-qemu-ev: mirrors.cn99.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package 1:openstack-nova-api-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-conductor-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-console-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-novncproxy-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-scheduler-20.1.1-1.el7.noarch already installed and latest version
No package openstack-nova-placement-api available.
Nothing to do
发现openstack-nova-placement 没有安装。查查看是不是软件改名了。并无任何发现。
[root@openstack01 nova]# openstack compute service list
+----+----------------+-------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+-------------+----------+---------+-------+----------------------------+
| 3 | nova-conductor | openstack01 | internal | enabled | up | 2020-03-30T03:30:31.000000 |
| 4 | nova-scheduler | openstack01 | internal | enabled | up | 2020-03-30T03:30:32.000000 |
| 5 | nova-compute | openstack03 | nova | enabled | up | 2020-03-30T03:30:27.000000 |
| 6 | nova-console | openstack01 | internal | enabled | up | 2020-03-30T03:30:32.000000 |
+----+----------------+-------------+----------+---------+-------+----------------------------+
openstack01
ref:provider networks
安装组件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
配置provider network网络
编辑/etc/neutron/neutron.conf配置文件
cp /etc/neutron/neutron.conf{,.backup}
cat > /etc/neutron/neutron.conf <<EOF
[database]
connection = mysql+pymysql://neutron:mypassword@openstack01/neutron
[DEFAULT]
core_plugin = ml2
service_plugins =
[DEFAULT]
transport_url = rabbit://openstack:mypassword@openstack01
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = mypassword
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
#www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
#uth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = mypassword
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
EOF
编辑配置文件Modular Layer 2#
/etc/neutron/plugins/ml2/ml2_conf.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.backup}
cat > /etc/neutron/plugins/ml2/ml2_conf.ini <<EOF
[ml2]
type_drivers = flat,vlan
[ml2]
tenant_network_types =
[ml2]
mechanism_drivers = linuxbridge
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
EOF
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.backup}
cat > /etc/neutron/plugins/ml2/linuxbridge_agent.ini <<EOF
[linux_bridge]
physical_interface_mappings = provider:ens36
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
EOF
##编辑配置文件/etc/neutron/dhcp_agent.ini
cp /etc/neutron/dhcp_agent.ini{,backup}
cat > /etc/neutron/dhcp_agent.ini <<EOF
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
EOF
#编辑/etc/neutron/metadata_agent.ini文件
cp /etc/neutron/metadata_agent.ini {,.backup}
cat > /etc/neutron/metadata_agent.ini <<EOF
[DEFAULT]
nova_metadata_host = openstack01
metadata_proxy_shared_secret = mypassword
EOF
#编辑/etc/nova/nova.conf文件 添加如下内容:
vi /etc/nova/nova.conf
[neutron]
url = http://openstack01:9696
www_authenticate_uri = http://openstack01:5000/v3
auth_url = http://openstack01:5000/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = mypassword
service_metadata_proxy = true
metadata_proxy_shared_secret = mypassword
#创建链接
##ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
创建neutro用户
mysql 添加用户
mysql -uroot -pmypassword -e " CREATE DATABASE neutron "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'mypassword' "
同步数据库:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@openstack01 neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
Running upgrade for neutron ...
INFO [alembic.
