OpenStack 部署
零、 节点信息描述
| 主机 | ip | 系统 | 配置 |
|---|---|---|---|
| controller | 192.168.100.109 | CentOS 7.9 | 4c8g 20GB |
| computer1 | 192.168.100.110 | CentOS 7.9 | 2c4g 20GB |
| compute2 | 192.168.100.111 | CentOS 7.9 | 2c4g 20GB |
一、 基础环境配置
关闭 Selinux
setenforce 0sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config关闭防火墙
systemctl stop firewalld && systemctl disable firewalld主机名配置
hostnamectl set-hostname --static <youre_hostname>host 文件修改
cat << EOF >> /etc/hosts
192.168.100.109 controller
192.168.100.110 compute1
192.168.100.111 compute2
EOF时间同步
cp -r /usr/share/zoneinfo/Asia/Shanghai /etc/localtime
yum install ntpdate -y
systemctl enable chronyd --now
ntpdate cn.pool.ntp.org配置
OpenStack仓库cat << EOF >> openstack-train.repo
[openstack]
name=openstack
enable=1
gpgcheck=0
baseurl=https://mirrors.nju.edu.cn/centos-vault/7.9.2009/cloud/x86_64/openstack-train/基础包安装
yum upgradeyum install -y wget vim net-tools yum-utils device-mapper-persistent-data lvm2 python-devel libffi-devel openssl-devel gccyum install -y openstack-selinux
二、 Controller 节点配置 (192.168.100.109)
2.1 Mariadb 配置
安装
yum install -y mariadb-server python2-PyMySQLsystemctl enable mariadb --now初始化 mariadb-server
mysql_secure_installation按照提示配置, 建议复杂密码
配置 openstack 用户
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KESTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KESTONE_DBPASS';
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> FLUSH PRIVILEGES;
Query OK, 0 rows affected (0.000 sec)
MariaDB [(none)]> \q
Bye
2.2 RabbitMQ 部署
安装
yum install -y rabbitmq-serversystemctl enable rabbitmq-server --now创建OpenStack用户
rabbitmqctl add_user openstack P@ssw0rd
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
2.3 Memcached 部署
安装
yum install -y memcached python-memcached配置(在
OPTIONS后加上主机名和ip地址)sed -i 's/OPTIONS="-l 127.0.0.1,::1"/OPTIONS="-l 127.0.0.1,::1,192.168.100.109,controller"/g' /etc/sysconfig/memcached
开机自启
systemctl enable memcached --now
2.4 Etcd 部署
安装
yum install -y etcd配置
注意: ip 地址均为
controller的ip地址cat << EOF > /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.109:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.109:2379,http://127.0.0.1:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.109:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.109:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.109:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF开机启动
systemctl enable etcd --now
2.5 Keystone 配置(身份认证服务)
这步操作之前, 关闭或者删除
yum remove -y epel-release
yum install -y openstack-keystone httpd mod_wsgi
修改
/etc/keystone/keystone.conf配置数据库连接
sed -i 's/#connection = <None>/connection = mysql+pymysql:\/\/keystone:P@ssw0rd@controller\/keystone/g' /etc/keystone/keystone.conf
sed -i 's/#provider = fernet/provider = fernet/g' /etc/keystone/keystone.conf初始化Fernet密钥
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone引导Keystone服务
keystone-manage bootstrap --bootstrap-password P@ssw0rd \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
#替换 P@ssw0rd 为适合管理用户的密码。配置Apache
sed -i 's/#ServerName www.example.com:80/ServerName controller/g' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd --now设置环境变量(后续 OpenStack 客户端使用)
cat << EOF > ~/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=P@ssw0rd
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF加载环境变量
source ~/admin-openrc安装
python-openstackclientyum install python-openstackclient创建service项目、用户和角色
openstack project create --domain default --description "Service Project" service
openstack role create user
2.6 Glance (镜像服务) 部署
在安装和配置 Image 服务之前,您必须创建数据库、服务凭证和 API 端点
配置 mariadb
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> FLUSH PRIVILEGES;创建服务用户
source ~/admin-openrc
openstack user create --domain default --password P@ssw0rd glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image创建API端点
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292安装 Glance
yum install -y openstack-glance/etc/glance/glance-api.conf配置[database]
connection = mysql+pymysql://glance:P@ssw0rd@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = P@ssw0rd
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance/etc/glance/glance-registry.conf配置[database]
connection = mysql+pymysql://glance:P@ssw0rd@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = P@ssw0rd
[paste_deploy]
flavor = keystone启动 Image 服务并将它们配置为在系统启动时启动
systemctl enable openstack-glance-api.service --nowsystemctl enable openstack-glance-registry.service --now
2.7 Placement 部署
配置 mariadb
[root@controller ~]# mysql -u root -p
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'P@ssw0rd';
MariaDB [(none)]> FLUSH PRIVILEGES;
MariaDB [(none)]> \q创建服务用户
source ~/admin-openrc
openstack user create --domain default --password P@ssw0rd placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement创建API端点
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778安装 Placement
yum install -y openstack-placement-api编辑
/etc/placement/placement.conf文件:[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = P@ssw0rd
[placement_database]
connection = mysql+pymysql://placement:P@ssw0rd@controller/placement同步数据库
su -s /bin/sh -c "placement-manage db sync" placement重启httpd服务:
systemctl restart httpd