一.OpenEuler镜像 1.1 镜像
控制节点 controller
IP:10.0.0.10
认证服务镜像服务监控服务计算服务网络服务Dashboard服务
httpd, mariadb, memcached, rabbitmq-server, etcd, openstack-glance-api, openstack-nova-api, openstack-nova-scheduler, openstack-nova-conductor, openstack-nova-novncproxy,neutron-server,neutron-linuxbridge-agent,neutron-dhcp-agent,neutron-metadata-agent,neutron-l3-agent
计算节点 compute-1
IP:10.0.0.11
计算服务网络服务
openstack-nova-compute,neutron-linuxbridge-agent
1.2控制节点
1 2 3 4 5 6 7 8 9 10 11 12 13 14 hostnamectl set-hostname controller echo "10.0.0.10 controller" >> /etc/hosts echo "10.0.0.11 compute-1" >> /etc/hosts sed -i "s/BOOTPROTO=dhcp/BOOTPROTO=static/g" /etc/sysconfig/network-scripts/ifcfg-ens33 sed -i "s/ONBOOT=no/ONBOOT=yes/g" /etc/sysconfig/network-scripts/ifcfg-ens33 echo "IPADDR=10.0.0.10" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "NETMASK=255.255.255.0" >> /etc/sysconfig/network-scripts/ifcfg-ens33 # echo "PREFIX=24" >> /etc/sysconfig/netnwork-scripts/ifcfg-ens33echo "GATEWAY=10.0.0.2" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "DNS1=223.5.5.5" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "DNS2=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33 nmcli c reload nmcli c up ens33
controller 为控制节点的域名,compute-1 为计算节点的域名
10.0.0.10为本地的IP址,255.255.255.0 为子网掩码,10.0.0.2 为网关地址, 223.5.5.5 / 223.6.6.6 这是阿里云提供的DNS服务器,8.8.8.8 这是google提供的DNS服务器。nmcli 为网络服务的控制命令(network 服务不是默认,已经弃用,可以安装)
设置DNS的方法除了在网卡设置上DNS1=x.x.x.x ,还可以编辑文件“/etc/resolv.conf” ,验证DNS
1 2 echo "nameserver 223.5.5.5" >> /etc/resolv.conf echo "nameserver 8.8.8.8" >> /etc/resolv.conf
1.3 关闭swap分区,关闭SeLinux 1 2 3 4 5 6 swapoff -a sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config systemctl disable firewalld && systemctl stop firewalld
1.4 时间服务 1 2 3 4 5 sed -i '/^pool/d' /etc/chrony.conf echo "pool ntp.aliyun.com iburst" >> /etc/chrony.conf timedatectl set-timezone Asia/Shanghai systemctl restart chronyd chronyc sources
ntp.aliyun.com 为阿里的NTP服务器,用于网络同步时间
1.5 修改内核参数 1 2 3 4 echo "net.ipv4.ip_nonlocal_bind=1" >> /etc/sysctl.conf echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf sysctl -p reboot
1.6 软件源(CentOS-stream) 1 2 3 4 5 yum install centos-release-openstack-train -y 安装t版本openstack relese # yum install python-openstackclient -y # yum install openstack-selinux -y
1.7 基础组件 1 2 3 4 5 6 7 8 9 10 yum install -y openstack-release-wallaby # yum install openstack-selinux -y yum install -y openstack-release-wallaby # ln -s /usr/bin/python3 /usr/bin/pythongit clone https://github.com/pixelb/crudini.git cd crudini python3 setup.py install # ln -s ~/crudini /usr/bin/crudini# yum config-manager --set-enabled PowerTools
crudini的工具,在OpenEuler的源上是没有这个工具的,可以下载其源代码进行安装使用,本地应用使用python38进行安装使用。若是在CentOS8的数据源,可以直接安装,不需要下载源代码进行安装
1.8 数据库Mariadb 1 2 3 4 5 6 7 8 9 10 11 yum install -y mariadb mariadb-server python3-PyMySQL tee /etc/my.cnf.d/openstack.cnf <<-'EOF' [mysqld] default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 EOF systemctl enable mariadb && systemctl start mariadb echo -e "Y\n123456\n123456\nY\nn\nY\nY\n" | mysql_secure_installation
设置mariadb的超级用户root的密码为123456
1.9 队列服务RabbitMQ 1 2 3 4 5 6 7 8 yum install -y rabbitmq-server systemctl enable rabbitmq-server && systemctl start rabbitmq-server rabbitmqctl add_user openstack 123456 rabbitmqctl set_permissions openstack ".*" ".*" ".*" rabbitmq-plugins list rabbitmq-plugins enable rabbitmq_management rabbitmq_management_agent ss -tnl
开启图形化管理(rabbitmq_management,rabbitmq_management_agent)
ss -tnl 查看当前端口的使用情况。
2.0 缓存服务Memcached 1 2 3 4 yum install -y memcached python3-memcached sed -i "s/-l 127.0.0.1,::1/-l 127.0.0.1,::1,controller/g" /etc/sysconfig/memcached systemctl enable memcached && systemctl start memcached
2.1 键值对存储服务Etcd 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 yum install -y etcd sed -i.default -e '/^#/d' -e '/^$/d' /etc/etcd/etcd.conf rm -f /etc/etcd/etcd.conf tee /etc/etcd/etcd.conf <<-'EOF' # [Member] ETCD_NAME="controller" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380" # ETCD_LISTEN_PEER_URLS="http://10.0.0.10:2380" ETCD_LISTEN_CLIENT_URLS="http://192.168.169.200:2379" # [Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.169.200:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.169.200:2379" ETCD_INITIAL_CLUSTER="controller=http://192.168.169.200:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new" EOF systemctl enable etcd systemctl start etcd
2.1认证服务keystone(Identity Service) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 mysql -uroot -p123456 -e "CREATE DATABASE keystone" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456'" yum install -y openstack-keystone httpd python3-mod_wsgi sed -i.default -e '/^#/d' -e '/^$/d' /etc/keystone/keystone.conf crudini --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:123456@controller/keystone crudini --set /etc/keystone/keystone.conf token provider fernet su -s /bin/sh -c "keystone-manage db_sync" keystone keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone keystone-manage bootstrap --bootstrap-password 123456 \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne echo "ServerName controller" >> /etc/httpd/conf/httpd.conf ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ systemctl enable httpd && systemctl start httpd echo "export OS_USERNAME=admin" >> /etc/profile echo "export OS_PASSWORD=123456" >> /etc/profile echo "export OS_PROJECT_NAME=admin" >> /etc/profile echo "export OS_USER_DOMAIN_NAME=Default" >> /etc/profile echo "export OS_PROJECT_DOMAIN_NAME=Default" >> /etc/profile echo "export OS_AUTH_URL=http://controller:5000/v3" >> /etc/profile echo "export OS_IDENTITY_API_VERSION=3" >> /etc/profile source /etc/profile yum install -y python2-openstackclient openstack project create --domain default --description "Service Project" service
2.2核验身份 1 2 3 openstack token issue systemctl status httpd memcached etcd rabbitmq-server mariadb
2.3 镜像服务glance(Image Service) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 mysql -uroot -p123456 -e "CREATE DATABASE glance" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'" openstack user create --domain default --password 123456 glance openstack role add --project service --user glance admin openstack service create --name glance --description "OpenStack Image" image openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292 yum install -y openstack-glance sed -i.default -e '/^#/d' -e '/^$/d' /etc/glance/glance-api.conf crudini --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:123456@controller/glance crudini --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000 crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000 crudini --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_type password crudini --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default crudini --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default crudini --set /etc/glance/glance-api.conf keystone_authtoken project_name service crudini --set /etc/glance/glance-api.conf keystone_authtoken username glance crudini --set /etc/glance/glance-api.conf keystone_authtoken password 123456 crudini --set /etc/glance/glance-api.conf paste_deploy flavor keystone crudini --set /etc/glance/glance-api.conf glance_store stores file,http crudini --set /etc/glance/glance-api.conf glance_store default_store file crudini --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images su -s /bin/sh -c "glance-manage db_sync" glance systemctl enable openstack-glance-api && systemctl start openstack-glance-api
2.4 上传镜像 1 2 3 wget https://github.com/cirros-dev/cirros/releases/download/0.6.0/cirros-0.6.0-x86_64-disk.img openstack image create "cirros" --file cirros-0.6.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public openstack image list
2.5 资源监控服务(Placement Service) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 mysql -uroot -p123456 -e "CREATE DATABASE placement" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123456'" openstack user create --domain default --password 123456 placement openstack role add --project service --user placement admin openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 yum install -y openstack-placement-api sed -i.default -e '/^#/d' -e '/^$/d' /etc/placement/placement.conf crudini --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:123456@controller/placement crudini --set /etc/placement/placement.conf api auth_strategy keystone crudini --set /etc/placement/placement.conf keystone_authtoken auth_url http://controller:5000/v3 crudini --set /etc/placement/placement.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/placement/placement.conf keystone_authtoken auth_type password crudini --set /etc/placement/placement.conf keystone_authtoken project_domain_name Default crudini --set /etc/placement/placement.conf keystone_authtoken user_domain_name Default crudini --set /etc/placement/placement.conf keystone_authtoken project_name service crudini --set /etc/placement/placement.conf keystone_authtoken username placement crudini --set /etc/placement/placement.conf keystone_authtoken password 123456 su -s /bin/sh -c "placement-manage db sync" placement systemctl restart httpd
2.6 检查Placement安装结果 1 2 3 4 5 6 placement-status upgrade check pip3 install osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name
2.7 管理UI界面Dashboard 功能:web方式管理云平台,建云主机,分配网络,配安全组,加云盘
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 yum install -y openstack-dashboard sed -i "39c ALLOWED_HOSTS = ['*']" /etc/openstack-dashboard/local_settings sed -i "94c CACHES = {" /etc/openstack-dashboard/local_settings sed -i "95c 'default': {" /etc/openstack-dashboard/local_settings sed -i "96c 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'," /etc/openstack-dashboard/local_settings sed -i "97c 'LOCATION': 'controller:11211'," /etc/openstack-dashboard/local_settings sed -i "98c }" /etc/openstack-dashboard/local_settings sed -i "99c }" /etc/openstack-dashboard/local_settings sed -i "104c SESSION_ENGINE = 'django.contrib.sessions.backends.cache'" /etc/openstack-dashboard/local_settings sed -i '118c OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings sed -i '119c OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST' /etc/openstack-dashboard/local_settings sed -i '123c TIME_ZONE = "Asia/Shanghai"' /etc/openstack-dashboard/local_settings echo 'OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True' >> /etc/openstack-dashboard/local_settings echo 'OPENSTACK_API_VERSIONS = {' >> /etc/openstack-dashboard/local_settings echo ' "identity": 3,' >> /etc/openstack-dashboard/local_settings echo ' "image": 2,' >> /etc/openstack-dashboard/local_settings echo ' "volume": 3' >> /etc/openstack-dashboard/local_settings echo '}' >> /etc/openstack-dashboard/local_settings echo 'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"' >> /etc/openstack-dashboard/local_settings echo 'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"' >> /etc/openstack-dashboard/local_settings echo "WEBROOT = '/dashboard/'" >> /etc/openstack-dashboard/local_settings echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf systemctl restart httpd memcached
安装完成,可访问 http://10.0.0.10/dashboard/ 查看 用户名 admin 密码 123456
2.8 计算服务(Nova Service) 功能:负责响应虚拟机创建请求、调度、销毁云主
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 mysql -uroot -p123456 -e "CREATE DATABASE nova_api" mysql -uroot -p123456 -e "CREATE DATABASE nova" mysql -uroot -p123456 -e "CREATE DATABASE nova_cell0" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456'" openstack user create --domain default --password 123456 nova openstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler sed -i.default -e '/^#/d' -e '/^$/d' /etc/nova/nova.conf crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@controller:5672/ crudini --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.10 crudini --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:123456@controller/nova_api crudini --set /etc/nova/nova.conf database connection mysql+pymysql://nova:123456@controller/nova crudini --set /etc/nova/nova.conf api auth_strategy keystone crudini --set /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://controller:5000/ crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/ crudini --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/nova/nova.conf keystone_authtoken auth_type password crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default crudini --set /etc/nova/nova.conf keystone_authtoken project_name service crudini --set /etc/nova/nova.conf keystone_authtoken username nova crudini --set /etc/nova/nova.conf keystone_authtoken password 123456 crudini --set /etc/nova/nova.conf vnc enabled true crudini --set /etc/nova/nova.conf vnc server_listen '$my_ip' crudini --set /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip' crudini --set /etc/nova/nova.conf glance api_servers http://controller:9292 crudini --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp crudini --set /etc/nova/nova.conf placement region_name RegionOne crudini --set /etc/nova/nova.conf placement project_domain_name Default crudini --set /etc/nova/nova.conf placement project_name service crudini --set /etc/nova/nova.conf placement auth_type password crudini --set /etc/nova/nova.conf placement user_domain_name Default crudini --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3 crudini --set /etc/nova/nova.conf placement username placement crudini --set /etc/nova/nova.conf placement password 123456 crudini --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300 su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova systemctl enable openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy systemctl start openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
2.9 网络服务neutron(Networking Service) 功能:实现SDN(软件定义网络),提供一整套API,用户可以基于该API实现自己定义专属网络,不同厂商可以基于此API提供自己的产品实现.
1 2 3 4 5 6 7 8 9 10 11 mysql -uroot -p123456 -e "CREATE DATABASE neutron" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456'" openstack user create --domain default --password 123456 neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description "OpenStack Networking" network openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696 yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
3.0配置服务器组件 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 sed -i.default -e '/^#/d' -e '/^$/d' /etc/neutron/neutron.conf crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@controller crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:123456@controller/neutron crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000 crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000 crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron crudini --set /etc/neutron/neutron.conf keystone_authtoken password 123456 crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp crudini --set /etc/neutron/neutron.conf nova auth_url http://controller:5000 crudini --set /etc/neutron/neutron.conf nova auth_type password crudini --set /etc/neutron/neutron.conf nova project_domain_name default crudini --set /etc/neutron/neutron.conf nova user_domain_name default crudini --set /etc/neutron/neutron.conf nova region_name RegionOne crudini --set /etc/neutron/neutron.conf nova project_name service crudini --set /etc/neutron/neutron.conf nova username nova crudini --set /etc/neutron/neutron.conf nova password 123456
3.1 配置Modular Layer 2 (ML2) plug-in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000 crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true # 配置Linux bridge agent # eth1为另外第二张网卡 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true # 10.0.0.12为第二张网卡的IP crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.0.10 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver # 配置layer-3 agent sed -i "2c interface_driver = linuxbridge" /etc/neutron/l3_agent.ini # 配置DHCP agent sed -i.default -e '/^#/d' -e '/^$/d' /etc/neutron/dhcp_agent.ini crudini --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge crudini --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq crudini --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true # 配置metadata agent crudini --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller crudini --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 123456 # 配置计算服务使用网络服务 crudini --set /etc/nova/nova.conf neutron auth_url http://controller:5000 crudini --set /etc/nova/nova.conf neutron auth_type password crudini --set /etc/nova/nova.conf neutron project_domain_name default crudini --set /etc/nova/nova.conf neutron user_domain_name default crudini --set /etc/nova/nova.conf neutron region_name RegionOne crudini --set /etc/nova/nova.conf neutron project_name service crudini --set /etc/nova/nova.conf neutron username neutron crudini --set /etc/nova/nova.conf neutron password 123456 crudini --set /etc/nova/nova.conf neutron service_metadata_proxy true crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 123456 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron systemctl restart openstack-nova-api systemctl enable neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent systemctl start neutron-server neutron-linuxbridge-agent neutron-dhcp-agent neutron-metadata-agent systemctl enable neutron-l3-agent && systemctl start neutron-l3-agent
验证
1 openstack network agent list
Linuxbridge 换 openvswitch 1 https://www.cnblogs.com/fengjian2016/p/16476413.html
3.2 块存储服务 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 mysql -uroot -p123456 -e "CREATE DATABASE cinder" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY '123456'" mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY '123456'" # 创建cinder用户 openstack user create --domain default --password-prompt cinder # 将admin角色添加到cinder用户 openstack role add --project service --user cinder admin # 创建cinderv2和cinderv3服务实体 openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3 # 创建块存储服务API端点 openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s yum -y install openstack-cinder sed -i.default -e '/^#/d' -e '/^$/d' /etc/cinder/cinder.conf crudini --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:123456@controller/cinder crudini --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:123456@controller crudini --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone crudini --set /etc/cinder/cinder.conf DEFAULT my_ip 10.0.0.10 crudini --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000 crudini --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:5000 crudini --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/cinder/cinder.conf keystone_authtoken auth_type password crudini --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default crudini --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default crudini --set /etc/cinder/cinder.conf keystone_authtoken project_name service crudini --set /etc/cinder/cinder.conf keystone_authtoken username cinder crudini --set /etc/cinder/cinder.conf keystone_authtoken password Mss123456 crudini --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp # 同步数据库 su -s /bin/sh -c "cinder-manage db sync" cinder # 计算配置为使用块存储 crudini --set /etc/nova/nova.conf cinder os_region_name RegionOne # 开机启动和启动服务 systemctl enable openstack-cinder-api openstack-cinder-scheduler systemctl start openstack-cinder-api openstack-cinder-scheduler
二.计算节点 1.1 设置网卡 1 2 3 4 5 6 7 8 9 10 11 12 13 14 hostnamectl set-hostname compute-1 echo "10.0.0.10 controller" >> /etc/hosts echo "10.0.0.11 compute-1" >> /etc/hosts sed -i "s/BOOTPROTO=dhcp/BOOTPROTO=static/g" /etc/sysconfig/network-scripts/ifcfg-ens33 sed -i "s/ONBOOT=no/ONBOOT=yes/g" /etc/sysconfig/network-scripts/ifcfg-ens33 echo "IPADDR=10.0.0.11" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "NETMASK=255.255.255.0" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "GATEWAY=10.0.0.2" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "DNS1=223.5.5.5" >> /etc/sysconfig/network-scripts/ifcfg-ens33 echo "DNS2=8.8.8.8" >> /etc/sysconfig/network-scripts/ifcfg-ens33 nmcli c reload nmcli c up ens33
controller 为控制节点的域名,compute-1 为计算节点的域名
10.0.0.11为本地的IP址,255.255.255.0 为子网掩码,10.0.0.2 为网关地址, 223.5.5.5/223.6.6.6 这是阿里云提供的DNS服务器,8.8.8.8 这是google提供的DNS服务器。nmcli 为网络服务的控制命令(network 服务不是默认,已经弃用,可以安装)
设置DNS的方法除了在网卡设置上DNS1=x.x.x.x ,还可以编辑文件“/etc/resolv.conf” ,验证DNS
1 2 echo "nameserver 223.5.5.5" >> /etc/resolv.conf echo "nameserver 8.8.8.8" >> /etc/resolv.conf
1.2 验证DNs 1.3 关闭swap分区,关闭SeLinux 1 2 3 4 5 swapoff -a sed -i '/ swap / s/^\(.*\)$/#\1/g' /etc/fstab setenforce 0 sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/selinux/config systemctl disable firewalld && systemctl stop firewalld
1.4 时间服务 1 2 3 4 5 6 7 8 yum install -y chrony sed -i '/^pool/d' /etc/chrony.conf sed -i '/^server/d' /etc/chrony.conf sed -i '2aserver controller iburst' /etc/chrony.conf echo "pool ntp.aliyun.com iburst" >> /etc/chrony.conf systemctl enable chronyd && systemctl start chronyd timedatectl set-timezone Asia/Shanghai
ntp.aliyun.com 为阿里的NTP服务器,用于网络同步时间
1.5 基础组件 1 2 3 4 5 6 7 8 9 yum install -y openstack-release-wallaby yum install -y python3-openstackclient # yum install -y python38 # ln -s /usr/bin/python3.8 /usr/bin/pythongit clone https://github.com/pixelb/crudini.git cd crudini python3 setup.py install # ln -s ~/crudini /usr/bin/crudini# yum config-manager --set-enabled PowerTools
crudini的工具,在OpenEuler的源上是没有这个工具的,可以下载其源代码进行安装使用,本地应用使用python38进行安装使用。若是在CentOS8的数据源,可以直接安装,不需要下载源代码进行安装
1.6 计算服务nova(Compute Service) 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 yum install -y openstack-nova-compute sed -i.default -e '/^#/d' -e '/^$/d' /etc/nova/nova.conf crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@controller crudini --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.11 crudini --set /etc/nova/nova.conf api auth_strategy keystone crudini --set /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://controller:5000/ crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/ crudini --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/nova/nova.conf keystone_authtoken auth_type password crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default crudini --set /etc/nova/nova.conf keystone_authtoken project_name service crudini --set /etc/nova/nova.conf keystone_authtoken username nova crudini --set /etc/nova/nova.conf keystone_authtoken password 123456 crudini --set /etc/nova/nova.conf vnc enabled true crudini --set /etc/nova/nova.conf vnc server_listen 0.0.0.0 crudini --set /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip' crudini --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html crudini --set /etc/nova/nova.conf glance api_servers http://controller:9292 crudini --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp crudini --set /etc/nova/nova.conf placement region_name RegionOne crudini --set /etc/nova/nova.conf placement project_domain_name Default crudini --set /etc/nova/nova.conf placement project_name service crudini --set /etc/nova/nova.conf placement auth_type password crudini --set /etc/nova/nova.conf placement user_domain_name Default crudini --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3 crudini --set /etc/nova/nova.conf placement username placement crudini --set /etc/nova/nova.conf placement password 123456 crudini --set /etc/nova/nova.conf libvirt virt_type kvm systemctl enable libvirtd openstack-nova-compute systemctl start libvirtd openstack-nova-compute
#执行命令,查看是否支持CPU虚拟化,如果大于0则支持
1 egrep -c '(vmx|svm)' /proc/cpuinfo
#如果不支持的话还需要执行下面的命令
1 2 crudini --set /etc/nova/nova.conf libvirt virt_type qemu systemctl restart libvirtd openstack-nova-compute
1 # OpenEuler 22.3版出现openstack-nova-compute启动不成功,如下解决
1 2 mkdir /usr/lib/python3.9/site-packages/instances crudini --set /etc/nova/nova.conf DEFAULT compute_driver libvirt.LibvirtDriver
#控制节点 计算节点从注册到发现会有延迟,根据discover_hosts_in_cells_interval 配置轮询发现时间,可以执行下面命令手动发现计算节点
1 2 3 su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova # 或者 openstack compute service list --service nova-compute
1.7 网络服务 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 yum install -y openstack-neutron-linuxbridge ebtables ipset sed -i.default -e '/^#/d' -e '/^$/d' /etc/neutron/neutron.conf crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@controller crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000 crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000 crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211 crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron crudini --set /etc/neutron/neutron.conf keystone_authtoken password 123456 crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp sed -i.default -e '/^#/d' -e '/^$/d' /etc/neutron/plugins/ml2/linuxbridge_agent.ini # 自己的网卡 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true # 自己的ip地址 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.0.11 crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true # 配置计算服务使用网络服务 crudini --set /etc/nova/nova.conf neutron auth_url http://controller:5000 crudini --set /etc/nova/nova.conf neutron auth_type password crudini --set /etc/nova/nova.conf neutron project_domain_name default crudini --set /etc/nova/nova.conf neutron user_domain_name default crudini --set /etc/nova/nova.conf neutron region_name RegionOne crudini --set /etc/nova/nova.conf neutron project_name service crudini --set /etc/nova/nova.conf neutron username neutron crudini --set /etc/nova/nova.conf neutron password 123456 systemctl restart openstack-nova-compute systemctl enable neutron-linuxbridge-agent systemctl start neutron-linuxbridge-agent
三 .创建虚拟机 1.1 创建虚拟网络 1 2 3 4 5 # 1 创建网络 openstack network create --share --provider-physical-network provider --provider-network-type flat provider # 2 查看 openstack network list
1.2 创建子网 1 2 3 4 5 6 7 # 1 创建网络 openstack subnet create --network provider \ --allocation-pool start=10.0.0.100,end=10.0.0.200 \ --dns-nameserver 10.0.0.2 --gateway 10.0.0.2 \ --subnet-range 10.0.0.0/24 provider-sub # 2 查看 openstack subnet list
1.3 创建主机规格 1 2 3 4 5 6 7 # 1 创建主机规格 openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano # openstack flavor create 创建主机 # --id 主机ID # --vcpus cpu数量 # --ram 64(默认是MB,可以写成G) # --disk 磁盘(默认单位是G)
1.4 生成密钥对 1 2 3 4 # 1 生成密钥 ssh-keygen -q -N "" # 2 上传密钥 openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
1.5 添加安全组规则 1 2 3 4 # 允许ICMP(ping) openstack security group rule create --proto icmp default # 允许安全shell(SSH)访问 openstack security group rule create --proto tcp --dst-port 22 default
1.6 查看创建实例需要的相关信息 1 2 3 4 5 openstack flavor list openstack image list openstack network list openstack security group list openstack keypair list
1.7 使用镜像创建虚拟机系统 1 2 openstack server create --flavor m1.nano --image cirros --security-group default --key-name mykey hello-instance # 还可加入网络(net-id 在上一步获取)--nic net-id=9e07c3d5-9a9e-496c-90b6-ba294f8b0699
1.8 查看实例 1.9 登录 1 2 3 4 5 # ssh登录 ping 10.0.0.x ssh cirros@10.0.0.x # web登录的url openstack console url show hello-instance
