Openstack控制主机安装配置流程三

Openstack控制主机安装配置流程三

1.环境配置

  Hosts配置

  修改/etc/hosts文件,增加wtcontroller、wtcompute1、wtcompute2:

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.100 wtcontroller
172.16.10.101 wtcompute1
172.16.10.102 wtcompute2

  修改本机hostname

echo "wtcontroller"> /etc/hostname

1.1修订yum源

  本示例使用的时163的yum源:

CentOS7-Base-163.repo

  将以上文件拷贝至/etc/yum.repos.d目录下

  备份该目录下CentOS-Base.repo文件

  修改CentOS7-Base-163.repo为CentOS-Base.repo

  执行以下命令:

yum clean all         #清除缓存
yum makecache       #生成缓存
yum list #显示所有已经安装和可以安装的程序包

  关闭该服务,否者yum clean会卡死,属于系统bug

systemctl stop initial-setup-text

1.2防火墙操作

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service

1.3关闭selinux安全服务

setenforce 0
getenforce
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
grep SELINUX=disabled /etc/sysconfig/selinux

1.4安装时间同步NTP服务

yum install chrony -y
vim /etc/chrony.conf
--参考网络配置,确保以下配置打开:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
并修改以下配置,打开以下网段节点向控制节点校时:
allow 172.16.10.0/24

  重启服务并设置服务自启动

systemctl restart chronyd.service
systemctl status chronyd.service
systemctl enable chronyd.service
systemctl list-unit-files |grep chronyd.service

  修订时区

timedatectl set-timezone Asia/Shanghai
chronyc sources

1.5安装openstack-更新yum

yum install centos-release-openstack-rocky -y
yum clean all
yum makecache

1.6安装客户端软件

yum install python-openstackclient openstack-selinux -y

2.安装流程

2.1安装数据库

yum install mariadb mariadb-server python2-PyMySQL -y

  创建并编辑文件

vi /etc/my.cnf.d/openstack.cnf
内容:
[mysqld]
bind-address = 172.16.10.100
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

 绑定地址

 默认存储引擎

 使用独享表空间模式,每一个表都会建一个表空间,都会有索引文件, 查索引快,共享表空间,共用一个表空间和索引,如果有损坏很难修复,比如说zabbix用到的数据库如果不使用的独享表空间,很难进行优化

  增加数据库开机启动项并启动服务

systemctl enable mariadb.service
systemctl start mariadb.service
systemctl list-unit-files |grep mariadb.service

  启动数据库服务的初始安全设置(root/wtoe@123456)

mysql_secure_installation

  设置过程如下:

Enter current password for root (enter for none):<–初次运行直接回车 
OK, successfully used password, moving on… Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation.

Set root password? [Y/n] #是否设置root用户密码,输入y并回车或直接回车
New password: #设置root用户的密码 示例使用wtoe@123456
Re-enter new password: #再输入一次你设置的密码 
Password updated successfully! Reloading privilege tables.. … Success!
Remove anonymous users? [Y/n] #是否删除匿名用户,生产环境建议删除,所以直接回车 … Success!

Disallow root login remotely? [Y/n] #是否禁止root远程登录,根据自己的需求选择Y/n并回车,建议禁止
Success!

Remove test database and access to it? [Y/n] #是否删除test数据库,直接回车 
- Dropping test database… … 
Success! - Removing privileges on test database… …
 Success!

Reload privilege tables now? [Y/n] #是否重新加载权限表,直接回车 … 
Success! Cleaning up…
All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL!

2.2安装RabbitMQ

yum install rabbitmq-server -y

添加开机启动和服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

增加访问rabbitMQ的用户和权限
rabbitmqctl add_user openstack wtoe@123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmqctl set_permissions -p "/" openstack ".*" ".*" ".*"

启动web管理
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
rabbitmq-plugins list
访问地址:http://192.168.1.241 :15672
#默认用户名密码都是guest
需要通过web页面访问确认openstack用户已添加

2.2安装etcd--服务发现系统

  服务安装

yum install etcd -y

  编辑配置文件

vi /etc/etcd/etcd.conf

  修改内容如下:

#注意上面的IP地址不能用controller替代,无法解析
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.3.241 :2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.3.241:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.3.241:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.3.241:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.3.241:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

启  动服务并设置自起:

systemctl enable etcd
systemctl start etcd

2.3keystone认证服务安装

  数据库配置

  进入数据库

mysql -u root -p 
先增加root针对所有数据库的权限
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'wtoe@123456';
#创建数据库
CREATE DATABASE keystone;
#增加用户配置权限
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
show databases;
select user,host from mysql.user;
exit

  在控制节点安装keystone相关软件包

yum install openstack-keystone httpd mod_wsgi -y
yum install openstack-keystone python-keystoneclient openstack-utils -y

  快速修改keystone配置--非官网,需要openstack-utils支持

openstack-config -set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:wtoe@123456@controller/keystone

openstack-config --set /etc/keystone/keystone.conf token provider fernet

  查看生效的配置

egrep -v "^#|^$" /etc/keystone/keystone.conf

  配置信息应如下:

[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:wtoe@123456@wtcontroller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]
[wsgi]

  初始化同步keystone数据库(包含44张表)

su -s /bin/sh -c "keystone-manage db_sync" keystone

注意:如果在同步数据库过程中python报错,可能需要进行以下操作:

  安装pip对python响应库进行更新:

yum install python-pip
sudo pip uninstall urllib3
sudo pip uninstall chardet
sudo pip install requests

  查看创建的表

mysql -h192.168.3.241 -ukeystone -pwtoe@123456 -e "use keystone;show tables;"

初始化Fernet令牌库

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置启动Apache(httpd)
修改httpd主配置文件
vim /etc/httpd/conf/httpd.conf +95
vim /etc/httpd/conf/httpd.conf +95
#修订如下
ServerName controller
#检查
cat /etc/httpd/conf/httpd.conf |grep ServerName
#配置虚拟主机
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Apache启动服务并增加启动项

systemctl enable httpd.service
systemctl start httpd.service
systemctl list-unit-files |grep httpd.service #查看服务设置

检查Apache服务状态

netstat -anptl|grep httpd

#如果http起不来,需要关闭 selinux 或者安装 yum install openstack-selinux

创建 keystone 用户,初始化的服务实体和API端点

#创建keystone服务实体和身份认证服务,以下三种类型分别为公共的、内部的、管理的。

keystone-manage bootstrap --bootstrap-password wtoe@123456 \
  --bootstrap-admin-url http://wtcontroller:5000/v3/ \
  --bootstrap-internal-url http://wtcontroller:5000/v3/ \
  --bootstrap-public-url http://wtcontroller:5000/v3/ \
  --bootstrap-region-id RegionOne

配置admin的系统环境变量

export OS_USERNAME=admin
export OS_PASSWORD=wtoe@123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://wtcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
#查看配置
env |grep OS_

创建keystone的一般实例

#以下命令会在project表中创建名为example的项目

openstack domain create --description "An Example Domain" example

#为keystone系统环境创建名为service的项目提供服务

#用于常规(非管理)任务,需要使用无特权用户

#以下命令会在project表中创建名为service的项目

openstack project create --domain default --description "Service Project" service

#创建myproject项目和对应的用户及角色

#作为一般用户(非管理员)的项目,为普通用户提供服务

#以下命令会在project表中创建名为myproject项目

openstack project create --domain default --description "Demo Project" myproject

#在默认域创建myuser用户

#使用--password选项为直接配置明文密码,使用--password-prompt选项为交互式输入密码

#以下命令会在local_user表增加myuser用户

openstack user create --domain default  --password-prompt myuser
#密码 wtoe@123456
##openstack user create --domain default  --password=myuser wtoe@123456

#在role表创建myrole角色
openstack role create myrole
#将myrole角色添加到myproject项目中和myuser用户组中
openstack role add --project myproject --user myuser myrole

验证操作keystone是否安装成功

去除环境变量

#关闭临时认证令牌机制,获取 token,验证keystone配置成功

作为管理员用户去请求一个认证的token

#测试是否可以使用admin账户进行登陆认证,请求认证令牌

openstack --os-auth-url http://wtcontroller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

使用普通用户获取认证token

#以下命令使用”myuser“用户的密码和API端口5000,只允许对身份认证服务API的常规(非管理)访问。

创建OpenStack客户端环境脚本

admin的系统环境变量 vi admin-openrc

内容如下:

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=wtoe@123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#myuser的 vi myuser-openrc
内容如下:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=wtoe@123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#验证
source admin-openrc
openstack token issue

source myuser-openrc
openstack token issue

2.4安装glance镜像服务

创建数据库

mysql -uroot -pwtoe@123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
exit

在keystone上面注册glance

在keystone上创建glance用户

#以下命令在local_user表创建glance用户

openstack user create --domain default --password=wtoe@123456 glance
openstack user list

在keystone上将glance用户添加为service项目的admin角色(权限)

openstack role add --project service --user glance admin

以下命令在service表中增加glance项目

openstack service create --name glance --description "OpenStack Image" image
openstack service list

创建镜像服务的 API 端点(endpoint)

openstack endpoint create --region RegionOne image public http://wtcontroller:9292
openstack endpoint create --region RegionOne image internal http://wtcontroller:9292
openstack endpoint create --region RegionOne image admin http://wtcontroller:9292

安装glance软件

yum install openstack-glance python-glance python-glanceclient -y

修改glance相关配置

执行以下命令可以快速配置glance-api.conf

openstack-config --set  /etc/glance/glance-api.conf database connection  mysql+pymysql://glance:wtoe@123456@wtcontroller/glance
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_url http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_name service 
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken password wtoe@123456
openstack-config --set  /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set  /etc/glance/glance-api.conf glance_store stores  file,http
openstack-config --set  /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set  /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

执行以下命令可以快速配置glance-registry.conf
openstack-config --set  /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:wtoe@123456@wtcontroller/glance
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_url http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken memcached_servers wtcontroller:11211
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken password wtoe@123456
openstack-config --set  /etc/glance/glance-registry.conf paste_deploy flavor keystone

同步glance数据库

#生成的相关表(15张表)

su -s /bin/sh -c "glance-manage db_sync" glance

如果数据库连接数一直都出现超出都状态可能是由于网络服务因为主机性能原因启动的线程数过多(默认线程数根据cpu核数决定),需要手动设置工作线程数(这里手动修改为4):

openstack-config --set  /etc/nova/nova.conf scheduler workers  4

#保证所有需要的表已经建立,否则后面可能无法进行下去

mysql -h172.16.10.100 -uglance -pwtoe@123456 -e "use glance;show tables;"

启动glance镜像服务

启动glance镜像服务、并配置开机自启动

systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl list-unit-files |grep openstack-glance*

检查确认glance安装正确

下载镜像
http://download.cirros-cloud.net/  #可手动
cd /home
wget http://download.cirros-cloud.net/0.3.5/cirros-d190515-x86_64-disk.img

获取管理员权限

. admin-openrc

上传镜像到glance

openstack image create "cirros" --file cirros-d190515-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image create "CentOS7" --file CentOS-7-x86_64-GenericCloud-1907.qcow2 --disk-format qcow2 --container-format bare --public

查看镜像是否上传成功

openstack image list

2.5安装nova计算服务

创建数据库

mysql -uroot -pwtoe@123456
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
show databases;
select user,host from mysql.user;
Exit

在keystone上面注册nova服务
#创建服务证书
在keystone上创建nova用户
. admin-openrc
openstack user create --domain default --password=wtoe@123456 nova

在keystone上将nova用户配置为admin角色并添加进service项目
openstack role add --project service --user nova admin

创建nova计算服务的实体
openstack service create --name nova --description "OpenStack Compute" compute

创建计算服务的API端点(endpoint)

openstack endpoint create --region RegionOne compute public http://wtcontroller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://wtcontroller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://wtcontroller:8774/v2.1
openstack endpoint list

这个版本的nova增加了placement项目

#同样,创建并注册该项目的服务证书

openstack user create --domain default --password=wtoe@123456 placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement

#创建placement项目的endpoint(API端口)

openstack endpoint create --region RegionOne placement public http://wtcontroller:8778
openstack endpoint create --region RegionOne placement internal http://wtcontroller:8778
openstack endpoint create --region RegionOne placement admin http://wtcontroller:8778
openstack endpoint list

#完毕

在控制节点安装nova相关服务

安装nova相关软件包

yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api -y

快速修改nova配置

openstack-config --set  /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set  /etc/nova/nova.conf DEFAULT my_ip 172.16.10.100
openstack-config --set  /etc/nova/nova.conf DEFAULT use_neutron  true 
openstack-config --set  /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
openstack-config --set  /etc/nova/nova.conf DEFAULT transport_url  rabbit://openstack:wtoe@123456@wtcontroller
openstack-config --set  /etc/nova/nova.conf api_database connection  mysql+pymysql://nova:wtoe@123456@wtcontroller/nova_api
openstack-config --set  /etc/nova/nova.conf database connection  mysql+pymysql://nova:wtoe@123456@wtcontroller/nova
openstack-config --set  /etc/nova/nova.conf placement_database connection  mysql+pymysql://placement:wtoe@123456@wtcontroller/placement
openstack-config --set  /etc/nova/nova.conf api auth_strategy  keystone 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_url  http://wtcontroller:5000/v3
openstack-config --set  /etc/nova/nova.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_type  password
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_domain_name  default 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken user_domain_name  default
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_name  service 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken username  nova 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken password  wtoe@123456
openstack-config --set  /etc/nova/nova.conf vnc enabled true
openstack-config --set  /etc/nova/nova.conf vnc server_listen '$my_ip'
openstack-config --set  /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
openstack-config --set  /etc/nova/nova.conf glance api_servers  http://wtcontroller:9292
openstack-config --set  /etc/nova/nova.conf oslo_concurrency lock_path  /var/lib/nova/tmp 
openstack-config --set  /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set  /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set  /etc/nova/nova.conf placement project_name service
openstack-config --set  /etc/nova/nova.conf placement auth_type password
openstack-config --set  /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set  /etc/nova/nova.conf placement auth_url http://wtcontroller:5000/v3
openstack-config --set  /etc/nova/nova.conf placement username placement
openstack-config --set  /etc/nova/nova.conf placement password wtoe@123456
openstack-config --set  /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300

#服务端的计算节点多久去检查一次新加入的host主机信息,可以自动将安装好的计算节点主机加入集群 300

#查看配置

egrep -v "^#|^$" /etc/nova/nova.conf

配置虚拟机的硬件加速

#首先确定您的计算节点是否支持虚拟机的硬件加速。

egrep -c '(vmx|svm)' /proc/cpuinfo

#如果返回位0,表示计算节点不支持硬件加速,需要配置libvirt使用QEMU方式管理虚拟机,使用以下命令:

openstack-config --set  /etc/nova/nova.conf libvirt virt_type  qemu
egrep -v "^#|^$" /etc/nova/nova.conf|grep 'virt_type'

#如果返回为其他值,表示计算节点支持硬件加速且不需要额外的配置,使用以下命令:

openstack-config --set  /etc/nova/nova.conf libvirt virt_type  kvm

若后续在计算节点支持硬件加速的情况下依然出现创建实例报错的情况下,则需要进一步确认硬件加速是否被打开:

dmesg | grep kvm
如果有显示[    3.692481] kvm: disabled by bios
则需要在bios中打开虚拟化选项

启动nova相关服务,并配置为开机自启动

#需要启动2个服务

systemctl start libvirtd.service openstack-nova-compute.service 
systemctl status libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl list-unit-files |grep libvirtd.service
systemctl list-unit-files |grep openstack-nova-compute.service

将计算节点增加到cell数据库

#以下命令在控制节点操作:

. admin-openrc

#检查确认数据库有新的计算节点

openstack compute service list --service nova-compute

#如果没有,则需要手动增加 ---手动将新的计算节点添加到openstack集群

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

如果数据库连接数一直都出现超出都状态可能是由于网络服务因为主机性能原因启动的线程数过多(默认线程数根据cpu核数决定),需要手动设置工作线程数(这里手动修改为4):

openstack-config --set  /etc/nova/nova.conf scheduler workers  4

#设置新创建节点自动注册的任务(已经添加到配置文件中)

[scheduler]
discover_hosts_in_cells_interval = 300

验证控制节点nova服务正常

应用管理员环境变量脚本

. admin-openrc

列表查看安装的nova服务组件

#验证是否成功注册并启动了每个进程

openstack compute service list

在身份认证服务中列出API端点以验证其连接性

openstack catalog list

在镜像服务中列出已有镜像已检查镜像服务的连接性

openstack image list

检查nova各组件的状态

#检查placement API和cell服务是否正常工作

nova-status upgrade check

#至此,nova计算节点,安装完毕并添加到openstack集群中

2.6安装neutron网络服务

  创建neutron数据库,授予合适的访问权限

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'wtoe@123456';
Exit

Keystone neutron相关配置

openstack user create --domain default --password=wtoe@123456 neutron
openstack user list

将neutron添加到service项目并授予admin角色

#以下命令无输出

openstack role add --project service --user neutron admin
创建neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network
openstack service list

创建neutron网络服务的API端点(endpoint)

openstack endpoint create --region RegionOne network public http://wtcontroller:9696
openstack endpoint create --region RegionOne network internal http://wtcontroller:9696
openstack endpoint create --region RegionOne network admin http://wtcontroller:9696
openstack endpoint list

在控制节点安装neutron网络组件

安装neutron软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

快速配置/etc/neutron/neutron.conf

openstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:wtoe@123456@wtcontroller/neutron 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:wtoe@123456@wtcontroller
openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  wtoe@123456  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  
openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password 
openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  
openstack-config --set  /etc/neutron/neutron.conf nova project_name  service  
openstack-config --set  /etc/neutron/neutron.conf nova username  nova  
openstack-config --set  /etc/neutron/neutron.conf nova password  wtoe@123456  
openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

#检查修订有效性

egrep -v "^#|^$" /etc/neutron/neutron.conf

快速配置/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  local,flat,vlan,vxlan,gre
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  openvswitch,l2population
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True

#检查修订有效性

egrep -v "^#|^$" /etc/neutron/plugins/ml2/ml2_conf.ini

快速配置/etc/neutron/plugins/ml2/openvswitch_agent.ini
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types  vxlan
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip  172.16.20.80
penstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs tunnel_bridge  br-tun
egrep -v "^#|^$" /etc/neutron/plugins/ml2/openvswitch_agent.ini

快速配置/etc/neutron/dhcp_agent.ini

openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True 
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

查看生效的配置

egrep -v '(^$|^#)' /etc/neutron/dhcp_agent.ini
快速配置/etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host wtcontroller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret wtoe@123456
查看生效的配置
egrep -v '(^$|^#)' /etc/neutron/metadata_agent.ini

快速配置/etc/nova/nova.conf,将neutron添加到计算节点中

openstack-config --set  /etc/nova/nova.conf  neutron url http://wtcontroller:9696
openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://wtcontroller:5000
openstack-config --set  /etc/nova/nova.conf  neutron auth_type password
openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOne
openstack-config --set  /etc/nova/nova.conf  neutron project_name service
openstack-config --set  /etc/nova/nova.conf  neutron username neutron
openstack-config --set  /etc/nova/nova.conf  neutron password wtoe@123456
openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy true
openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret wtoe@123456

查看生效的配置

egrep -v '(^$|^#)' /etc/nova/nova.conf

创建网络插件的链接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

同步数据库时若出现数据库连接数超出最大连接时(通过status查看),需要进入数据修改最大连接数

>show variables like 'max_connections';(查可以看当前的最大连接数)
  >set global max_connections=1000;(设置最大连接数为1000,可以再次查看是否设置成功)

且如果连接数一直都出现超出都状态可能是由于网络服务因为主机性能原因启动的线程数过多(默认线程数根据cpu核数决定),需要手动设置工作线程数:

openstack-config --set  /etc/neutron/neutron.conf DEFAULT api_workers  4
重启nova_api服务
systemctl restart openstack-nova-api.service
启动neutron服务并设置开机启动
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl list-unit-files |grep neutron* |grep enabled

2.6安装 horizon服务

安装dashboard软件包

yum install openstack-dashboard -y

修改配置文件/etc/openstack-dashboard/local_settings

#检查确认有以下配置

vim /etc/openstack-dashboard/local_settings

ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_HOST = "wtcontroller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'wtcontroller:11211',
    }
}
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_fip_topology_check': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_***': False,
}
TIME_ZONE = "Asia/Shanghai"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
修改/etc/httpd/conf.d/openstack-dashboard.conf
#增加以下内容
vim /etc/httpd/conf.d/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

重启web服务器以及会话存储服务

systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

检查dashboard是否可用

#在浏览器中输入下面的地址:域名用default

http://wtcontroller:80/dashboard 
用户1:admin/wtoe@123456
用户2: myuser/wtoe@123456
我来评几句
登录后评论

已发表评论数()

相关站点

+订阅
热门文章