Openstack-Train 部署实施

2020-06-25 15:15发布

架构图

 

基础环境配置

系统centos7.5centos7.6

# cat /etc/redhat-release

CentOS Linux release 7.5.1804 (Core)

eth0管理、eth1虚机业务网络、eth2存储网络

主机名

IP

角色

controller

eth0:172.16.60.219  eth1:业务网卡 eth2:存储网络

控制节点

compute01

eth0:172.16.60.220  eth1:业务网卡 eth2:存储网络

计算节点

storage01

eth0:172.16.60.221  eth2:存储网络

存储节点

 

hostnamectl set-hostname controller

hostnamectl set-hostname compute01

hostnamectl set-hostname storage01

 

[root@controller ~]# cat /etc/hosts

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4

::1         localhost localhost.localdomain localhost6 localhost6.localdomain6

172.16.60.219 controller

172.16.60.220 compute01

172.16.60.221 storage01

 

[root@controller ~]# scp /etc/hosts compute01:/etc/hosts

[root@controller ~]# scp /etc/hosts storage01:/etc/hosts

 

所有节点执行:

yum install -y wget ntp

crontab -e

01 * * * * /usr/sbin/ntpdate pool.ntp.org > /dev/null

 

rm -rf /etc/yum.repos.d/*.repo

cat > /etc/yum.repos.d/openstack-train.repo << EOF

[openstack]

name=train

baseurl=http://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-train/

enabled=1

gpgcheck=0

EOF

 

wget -O /etc/yum.repos.d/Centos-7.repo http://mirrors.aliyun.com/repo/Centos-7.repo

wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo

setenforce 0

systemctl stop firewalld && systemctl disable firewalld

sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config

 

控制节点

mariadb

yum install -y rabbitmq-server mariadb mariadb-server python2-PyMySQL openstack-selinux python-openstackclient memcached python-memcached openstack-keystone httpd mod_wsgi openstack-utils expect net-tools bash-completion

 

echo -e "[mysqld]\nbind-address = 172.16.60.219\ndefault-storage-engine = innodb\ninnodb_file_per_table = on\nmax_connections = 4096\ncollation-server = utf8_general_ci\ncharacter-set-server = utf8" > /etc/my.cnf.d/openstack.cnf

systemctl enable mariadb.service && systemctl start mariadb.service

 

rabbitmq

消息队列主要用来进行多个组件之间的交互。

 

systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service

rabbitmqctl add_user openstack 000000

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

rabbitmqctl set_user_tags openstack administrator

 

memcache

主要用于缓存openstackkeystone 服务token缓存

 

sed -i 's/OPTIONS="-l 127.0.0.1,::1"/OPTIONS="-l 127.0.0.1,::1,controller"/g' /etc/sysconfig/memcached

systemctl enable memcached.service && systemctl start memcached.service

 

keystone

用于管理用户目录以及用户可以访问的 OpenStack 服务的目录,目的是跨所有 OpenStack 组件暴露一个中央身份验证机制。

 

mysql -uroot -p000000 -e "create database IF NOT EXISTS keystone;"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';"

 

 

crudini --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:000000@controller/keystone

crudini --set /etc/keystone/keystone.conf token provider  fernet

crudini --set /etc/keystone/keystone.conf token driver  sql

crudini --set /etc/keystone/keystone.conf token caching  true

crudini --set /etc/keystone/keystone.conf cache memcache_servers  controller:11211

crudini --set /etc/keystone/keystone.conf cache enabled  true

crudini --set /etc/keystone/keystone.conf cache backend  oslo_cache.memcache_pool

 

su -s /bin/sh -c "keystone-manage db_sync" keystone

 

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

keystone-manage bootstrap --bootstrap-password 000000 \

  --bootstrap-admin-url http://controller:5000/v3/ \

  --bootstrap-internal-url http://controller:5000/v3/ \

  --bootstrap-public-url http://controller:5000/v3/ \

  --bootstrap-region-id RegionOne

 

sed -i 's/#ServerName www.example.com:80/ServerName controller/g' /etc/httpd/conf/httpd.conf

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

systemctl enable httpd.service && systemctl restart httpd.service

 

cat > admin-openrc.sh << EOF

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_PROJECT_NAME=admin

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_DOMAIN_NAME=Default

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

EOF

 

source admin-openrc.sh

openstack project create --domain default service

openstack token issue

 

 

glance

Glance 镜像可以充当模板,快速并且一致地部署新的服务器。API 服务器暴露了 接口,用户可以利用它来列出并获取分配给一组可扩展后端存储的虚拟磁盘镜像

 

mysql -uroot -p000000 -e "create database IF NOT EXISTS glance;"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';"

openstack user create --domain default --password 000000 glance

openstack role add --project service --user glance admin

openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://controller:9292

openstack endpoint create --region RegionOne image internal http://controller:9292

openstack endpoint create --region RegionOne image admin http://controller:9292

 

yum install openstack-glance -y

 

crudini --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:000000@controller/glance

crudini --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://controller:5000

crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000

crudini --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211

crudini --set /etc/glance/glance-api.conf keystone_authtoken auth_type password

crudini --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default

crudini --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default

crudini --set /etc/glance/glance-api.conf keystone_authtoken project_name service

crudini --set /etc/glance/glance-api.conf keystone_authtoken username glance

crudini --set /etc/glance/glance-api.conf keystone_authtoken password 000000

crudini --set /etc/glance/glance-api.conf paste_deploy flavor keystone

crudini --set /etc/glance/glance-api.conf glance_store stores file,http

crudini --set /etc/glance/glance-api.conf glance_store default_store file

crudini --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service && systemctl start openstack-glance-api.service

nova-controller

nova控制云计算架构(基础架构服务的核心组件)。它用 Python 编写的,创建一个抽象层,让 CPU、内存、网络适配器和硬盘驱动器等商品服务器资源实现虚拟化,并具有提高利用率和自动化的功能。实时 VM 管理具有启动、调整大小、挂起、停止和重新引导的功能,这是通过集成一组受支持的虚拟机管理程序来实现的。

 

mysql -uroot -p000000 -e "create database IF NOT EXISTS nova_api;"

mysql -uroot -p000000 -e "create database IF NOT EXISTS nova;"

mysql -uroot -p000000 -e "create database IF NOT EXISTS nova_cell0;"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '000000';"

 

mysql -uroot -p000000 -e "CREATE DATABASE placement;"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost'  IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%'  IDENTIFIED BY '000000';"

 

 

openstack user create --domain default --password 000000 nova

openstack role add --project service --user nova admin

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

 

openstack user create --domain default --password 000000 placement

openstack role add --project service --user placement admin

openstack service create --name placement --description "OpenStack Placement" placement

openstack endpoint create --region RegionOne  placement public http://controller:8778

openstack endpoint create --region RegionOne  placement internal http://controller:8778

openstack endpoint create --region RegionOne  placement admin http://controller:8778

 

yum install openstack-nova-api openstack-nova-conductor  openstack-nova-novncproxy openstack-nova-scheduler openstack-placement-api -y

 

crudini --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata

crudini --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:000000@controller/nova_api

crudini --set /etc/nova/nova.conf filter_scheduler enabled_filters AvailabilityZoneFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter

crudini --set /etc/nova/nova.conf database connection mysql+pymysql://nova:000000@controller/nova

crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:000000@controller:5672/

crudini --set /etc/nova/nova.conf DEFAULT my_ip 172.16.60.219

crudini --set /etc/nova/nova.conf api auth_strategy keystone

crudini --set /etc/nova/nova.conf keystone_authtoken www_authenticate_uri http://controller:5000/

crudini --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/

crudini --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211

crudini --set /etc/nova/nova.conf keystone_authtoken auth_type password

crudini --set /etc/nova/nova.conf keystone_authtoken project_domain_name Default

crudini --set /etc/nova/nova.conf keystone_authtoken user_domain_name Default

crudini --set /etc/nova/nova.conf keystone_authtoken project_name service

crudini --set /etc/nova/nova.conf keystone_authtoken username nova

crudini --set /etc/nova/nova.conf keystone_authtoken password 000000

crudini --set /etc/nova/nova.conf vnc enabled true

crudini --set /etc/nova/nova.conf vnc server_listen 172.16.60.219

crudini --set /etc/nova/nova.conf vnc server_proxyclient_address 172.16.60.219

crudini --set /etc/nova/nova.conf glance api_servers http://controller:9292

crudini --set /etc/nova/nova.conf oslo_concurrency lock_path                   /var/lib/nova/tmp

crudini --set /etc/nova/nova.conf placement region_name RegionOne

crudini --set /etc/nova/nova.conf placement project_domain_name Default

crudini --set /etc/nova/nova.conf placement project_name service

crudini --set /etc/nova/nova.conf placement auth_type password

crudini --set /etc/nova/nova.conf placement user_domain_name Default

crudini --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3

crudini --set /etc/nova/nova.conf placement username placement

crudini --set /etc/nova/nova.conf placement password 000000

 

crudini --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:000000@controller/placement

crudini --set /etc/placement/placement.conf api auth_strategy keystone

crudini --set /etc/placement/placement.conf keystone_authtoken auth_url http://controller:5000/v3

crudini --set /etc/placement/placement.conf keystone_authtoken memcached_servers controller:11211

crudini --set /etc/placement/placement.conf keystone_authtoken auth_type password

crudini --set /etc/placement/placement.conf keystone_authtoken project_domain_name default

crudini --set /etc/placement/placement.conf keystone_authtoken user_domain_name default

crudini --set /etc/placement/placement.conf keystone_authtoken project_name service

crudini --set /etc/placement/placement.conf keystone_authtoken username placement

crudini --set /etc/placement/placement.conf keystone_authtoken password 000000

 

vi /etc/httpd/conf.d/00-placement-api.conf  #添加以下内容

   = 2.4>

      Require all granted

   

   

      Order allow,deny

      Allow from all

   

 

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

su -s /bin/sh -c "nova-manage db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

su -s /bin/sh -c "placement-manage db sync" placement

 

systemctl restart httpd

placement-status upgrade check

 

systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service && systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

 

systemctl status openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

 

systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

 

neutron-controller

neutron提供了管理局域网的能力,具有适用于虚拟局域网(VLAN)。用户可以定义网络、子网和路由器,以配置其内部拓扑,然后向这些网络分配 IP 地址和 VLAN。浮动 IP 地址允许用户向 VM 分配(和再分配)固定的外部 IP 地址。

 

mysql -uroot -p000000 -e "create database IF NOT EXISTS neutron;"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';"

mysql -uroot -p000000 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';"

 

openstack user create --domain default --password 000000 neutron

openstack role add --project service --user neutron admin

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

 

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

 

crudini --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:000000@controller/neutron

crudini --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2

crudini --set /etc/neutron/neutron.conf DEFAULT service_plugins router

crudini --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true

crudini --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:000000@controller

crudini --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

crudini --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000

crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000

crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211

crudini --set /etc/neutron/neutron.conf keystone_authtoken auth_type password

crudini --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default

crudini --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default

crudini --set /etc/neutron/neutron.conf keystone_authtoken project_name service

crudini --set /etc/neutron/neutron.conf keystone_authtoken username neutron

crudini --set /etc/neutron/neutron.conf keystone_authtoken password 000000

crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true

crudini --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true

crudini --set /etc/neutron/neutron.conf nova auth_url http://controller:5000

crudini --set /etc/neutron/neutron.conf nova auth_type password

crudini --set /etc/neutron/neutron.conf nova project_domain_name default

crudini --set /etc/neutron/neutron.conf nova user_domain_name default

crudini --set /etc/neutron/neutron.conf nova region_name RegionOne

crudini --set /etc/neutron/neutron.conf nova project_name service

crudini --set /etc/neutron/neutron.conf nova username nova

crudini --set /etc/neutron/neutron.conf nova password 000000

crudini --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

 

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types  

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider

crudini --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth1

crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group   True

crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False

              

crudini --set /etc/nova/nova.conf neutron auth_url http://controller:5000

crudini --set /etc/nova/nova.conf neutron auth_type password

crudini --set /etc/nova/nova.conf neutron project_domain_name default

crudini --set /etc/nova/nova.conf neutron user_domain_name default

crudini --set /etc/nova/nova.conf neutron region_name RegionOne

crudini --set /etc/nova/nova.conf neutron project_name service

crudini --set /etc/nova/nova.conf neutron username neutron

crudini --set /etc/nova/nova.conf neutron password 000000

crudini --set /etc/nova/nova.conf neutron service_metadata_proxy true

crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET

 

cat > /etc/sysconfig/network-scripts/ifcfg-eth1 <

DEVICE=eth1

TYPE=Ethernet

BOOTPROTO=none

ONBOOT=yes

EOF

systemctl restart network

 

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

 

systemctl restart openstack-nova-api.service

 

systemctl enable neutron-server.service neutron-linuxbridge-agen


登录 后发表评论
0条评论
还没有人评论过~