OpenStack搭建日记(三) 安装OpenStack Service 最小安装参考:https://docs.openstack.org/install-guide/openstack-services.html#minimal-deployment-for-train
需要安装 Keystone、Glance、Placement、Nova、Neutron 和 Horizon、Cinder
部署身份认证服务Keystone 在master机器上安装Keystone
创建mysql用户及库(mysql 8.0):
1 2 3 4 mysql> CREATE DATABASE keystone; mysql> CREATE USER keystone IDENTIFIED BY 'openstack1'; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'; mysql> FLUSH PRIVILEGES;
使用yum安装Keystone:
1 yum install openstack-keystone httpd mod_wsgi
修改配置文件/etc/keystone/keystone.conf如下:
1 2 3 4 5 [database] connection = mysql+pymysql://keystone:openstack1@master/keystone [token] provider = fernet
填充服务数据库:
1 su -s /bin/sh -c "keystone-manage db_sync" keystone
这里可能会报错ValueError: unknown locale: UTF-8,将
1 2 export LC_ALL=zh_CN.UTF-8 export LANG=zh_cn.UTF-8
写入/etc/profile中,source /etc/profile使之生效。
初始化Fernet密钥存储库:
1 2 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动Keystone服务:
1 2 3 4 5 keystone-manage bootstrap --bootstrap-password $ADMIN_PASS \ --bootstrap-admin-url http://master:5000/v3/ \ --bootstrap-internal-url http://master:5000/v3/ \ --bootstrap-public-url http://master:5000/v3/ \ --bootstrap-region-id RegionOne
配置httpd服务器,修改/etc/httpd/conf/httpd.conf配置文件:
创建软连接:
1 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动httpd服务:
1 2 systemctl enable httpd.service systemctl start httpd.service
在所有机器的/etc/profile中配置环境变量:
1 2 3 4 5 6 export OS_USERNAME=admin export OS_PASSWORD=$ADMIN_PASS export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://master:5000/v3
使之生效:
创建新的domain:
1 openstack domain create --description "An Example Domain" example
创建service project:
1 openstack project create --domain default --description "Service Project" service
创建myproject project:
1 openstack project create --domain default --description "Demo Project" myproject
创建myuser用户:
1 openstack user create --domain default --password-prompt myuser
需要设置密码,这里设置为123456
创建myrole权限:
1 openstack role create myrole
将myrole权限添加到myproject和myuser中:
1 openstack role add --project myproject --user myuser myrole
取消设置临时OS_AUTH_URL和OS_PASSWORD环境变量:
1 unset OS_AUTH_URL OS_PASSWORD
验证:
1 2 3 openstack --os-auth-url http://master:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name admin --os-username admin token issue
这里输入admin用户的密码。
再验证myproject:
1 2 3 openstack --os-auth-url http://master:5000/v3 \ --os-project-domain-name Default --os-user-domain-name Default \ --os-project-name myproject --os-username myuser token issue
输入myuser密码,刚刚设置的为123456。
创建admin-openrc文件,加入以下内容:
1 2 3 4 5 6 7 8 export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=$ADMIN_PASS export OS_AUTH_URL=http://master:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
创建demo-openrc文件,加入以下内容:
1 2 3 4 5 6 7 8 export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=myproject export OS_USERNAME=myuser export OS_PASSWORD=123456 export OS_AUTH_URL=http://master:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
使之生效:
请求认证token:
部署镜像服务(Glance) Glance是OpenStack环境里用来发现、部署和管理虚拟机镜像的OpenStack模块。默认情况下,Glance会利用RabbitMQ服务,以允许OpenStack组件与Glance进行远程通信而不用通过控制器。
创建mysql用户及库:
1 2 3 4 mysql> CREATE DATABASE glance; mysql> CREATE USER glance IDENTIFIED BY 'openstack1'; mysql> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'; mysql> FLUSH PRIVILEGES;
创建glance用户:
1 openstack user create --domain default --password-prompt glance
密码为$GLANCE_PASS。
为glance用户添加admin权限:
1 openstack role add --project service --user glance admin
创建glance service:
1 openstack service create --name glance --description "OpenStack Image" image
创建Image service API endpoints:
1 2 3 openstack endpoint create --region RegionOne image public http://master:9292 openstack endpoint create --region RegionOne image internal http://master:9292 openstack endpoint create --region RegionOne image admin http://master:9292
安装glance组件:
1 yum install openstack-glance
修改/etc/glance/glance-api.conf文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 [database] connection = mysql+pymysql://glance:openstack1@master/glance [keystone_authtoken] www_authenticate_uri = http://master:5000 auth_url = http://master:5000 memcached_servers = master:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = $GLANCE_PASS [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
初始化数据库:
1 su -s /bin/sh -c "glance-manage db_sync" glance
完成安装,启动Glance服务:
1 2 systemctl enable openstack-glance-api.service systemctl start openstack-glance-api.service
安装Placement 在master上安装Placement
创建mysql库和用户:
创建placement数据库:
1 2 3 4 mysql> CREATE DATABASE placement; mysql> CREATE USER placement IDENTIFIED BY 'openstack1'; mysql> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%'; mysql> FLUSH PRIVILEGES;
创建用户:
1 openstack user create --domain default --password-prompt placement
密码为$PLACEMENT_PASS
添加placement service:
1 openstack role add --project service --user placement admin
(这条命令不提供输出)
创建Place API entry:
1 openstack service create --name placement --description "Placement API" placement
创建Placement API service endpoints:
1 2 3 openstack endpoint create --region RegionOne placement public http://master:8778 openstack endpoint create --region RegionOne placement internal http://master:8778 openstack endpoint create --region RegionOne placement admin http://master:8778
安装Placement组件:
1 yum install openstack-placement-api
修改/etc/placement/placement.conf文件
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 [placement_database] connection = mysql+pymysql://placement:openstack1@master/placement [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://master:5000/v3 memcached_servers = master:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = $PLACEMENT_PASS
初始化数据库:
1 su -s /bin/sh -c "placement-manage db sync" placement
重启httpd服务:
验证:
1 2 3 4 placement-status upgrade check pip install osc-placement openstack --os-placement-api-version 1.2 resource class list --sort-column name openstack --os-placement-api-version 1.6 trait list --sort-column name
安装Nova 创建mysql用户及库:
1 2 3 4 5 6 7 8 mysql> CREATE DATABASE nova_api; mysql> CREATE DATABASE nova; mysql> CREATE DATABASE nova_cell0; mysql> CREATE USER nova IDENTIFIED BY 'openstack1'; mysql> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'; mysql> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'; mysql> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%'; mysql> FLUSH PRIVILEGES;
创建nova用户:
1 openstack user create --domain default --password-prompt nova
密码是生成的$NOVA_PASS。
为nova添加admin权限:
1 openstack role add --project service --user nova admin
创建 nova service entity:
1 openstack service create --name nova --description "OpenStack Compute" compute
创建 Compute API service endpoints:
1 2 3 openstack endpoint create --region RegionOne compute public http://master:8774/v2.1 openstack endpoint create --region RegionOne compute internal http://master:8774/v2.1 openstack endpoint create --region RegionOne compute admin http://master:8774/v2.1
安装nova:
1 yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
修改 /etc/nova/nova.conf 文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 [DEFAULT] enabled_apis=osapi_compute,metadata block_device_allocate_retries=300 block_device_allocate_retries_interval=3 [api_database] connection = mysql+pymysql://nova:openstack1@master/nova_api [database] connection = mysql+pymysql://nova:openstack1@master/nova [DEFAULT] transport_url=rabbit://openstack:fc05e1929b2c057a4098@master:5672/ [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://master:5000/ auth_url = http://master:5000/ memcached_servers = master:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = fc05e1929b2c057a4098 [DEFAULT] my_ip=10.10.10.1 [DEFAULT] use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip [glance] api_servers=http://master:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://master:5000/v3 username = placement password = fc05e1929b2c057a4098
初始化数据库:
1 su -s /bin/sh -c "nova-manage api_db sync" nova
注册 cell0 数据库:
1 su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
注册 cell1 数据库:
1 su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
填充 nova 数据库:
1 su -s /bin/sh -c "nova-manage db sync" nova
验证 cell0 和 cell1 是否被注册了:
1 su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
启动nova:
1 2 3 4 5 6 7 8 9 10 systemctl enable \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service systemctl start \ openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service \ openstack-nova-novncproxy.service
检查更新:
1 nova-status upgrade check
安装Nova计算节点 在计算节点上安装Nova:
1 yum install openstack-nova-compute
修改 /etc/nova/nova.conf 文件:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 [DEFAULT] enabled_apis = osapi_compute,metadata block_device_allocate_retries=300 block_device_allocate_retries_interval=3 [DEFAULT] transport_url=rabbit://openstack:fc05e1929b2c057a4098@test-1 [api] auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://master:5000/ auth_url = http://master:5000/ memcached_servers = master:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = fc05e1929b2c057a4098 [DEFAULT] my_ip=10.10.10.3 [DEFAULT] use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://test-1:6080/vnc_auto.html [glance] api_servers=http://test-1:9292 [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://test-1:5000/v3 username = placement password = fc05e1929b2c057a4098
