Network Time Protocol (NTP)
Controller Node
apt install chrony
Edit the /etc/chrony/chrony.conf 添加如下信息
#修改10.0.0.0/24为自己环境的网段
server controller iburst
allow 10.0.0.0/24
注释掉 pool 2.debian.pool.ntp.org offline iburst line Restart the NTP service
service chrony restart
Compute Node
apt install chrony
Edit the /etc/chrony/chrony.conf 添加如下信息
server controller iburst
注释掉 pool 2.debian.pool.ntp.org offline iburst line
service chrony restart
OpenStack packages(所有节点)
apt install software-properties-common
add-apt-repository cloud-archive:ocata
apt update && apt dist-upgrade
apt install python-openstackclient
SQL database(控制节点)
apt install mariadb-server python-pymysql
创建和配置该文件 /etc/mysql/mariadb.conf.d/99-openstack.cnf,配置信息如下。将bind-address的IP地址换成控制节点的IP地址:
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
重启数据库服务器,初始化数据库服务器。
service mysql restart
mysql_secure_installation
Message queue(控制节点)
apt install rabbitmq-server
#替换RABBIT_PASS为自己设置的密码
rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
Memcached(控制节点)
apt install memcached python-memcache
编辑 /etc/memcached.conf 替换已经存在的 "-l 127.0.0.1" 为controller node的IP地址
-l 10.0.0.11
service memcached restart
Identity service(控制节点)
Prerequisites
mysql
CREATE DATABASE keystone;
#替换KEYSTONE_DBPASS为自己的密码
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
Install and configure components
apt install keystone
编辑 /etc/keystone/keystone.conf。替换KETSTONE_DBPASS为上面数据库注册时的密码。
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
注释或移除[database]配置项下面的其他数据库连接
#同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#Initialize Fernet key repositories:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#替换ADMIN_PASS为admin用户的密码
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
编辑 /etc/apache2/apache2.conf file添加下面的配置信息
ServerName controller
Finalize the installation
service apache2 restart
rm -f /var/lib/keystone/keystone.db
配置 administrative account,替换ADMIN_PASS为自己创建admin用户时的密码
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
Create a domain, projects, users, and roles
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
openstack role create user
openstack role add --project demo --user demo user
Verify operation
Forsecurityreasons,disablethetemporaryauthenticationtokenmechanism:
编辑Edit the /etc/keystone/keystone-paste.ini 文件,去掉 "admin_token_auth"从下面配置项中
[pipeline:public_api]
[pipeline:admin_api]
[pipeline:api_v3]
取消环境变量
unset OS_AUTH_URL OS_PASSWORD
Creating the scripts
创建 amind-openrc文件,填如下内容
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
创建 demo-openrc文件,填如下内容
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Image service
Prerequisites
mysql
CREATE DATABASE glance;
替换GLANCE_DBPASS为自己的密码
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
. admin-openrc
openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
Install and configure components
apt install glance
编辑 the /etc/glance/glance-api.conf file。 替换GLANCE_DBPASS和GLANCE_PASS为设定密码。
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑 the /etc/glance/glance-registry.conf file,替换两个GLANCE_DBPASS为设定密码。
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
su -s /bin/sh -c "glance-manage db_sync" glance
#Restart the Image services:
service glance-registry restart
service glance-api restart
Verify operation
. admin-openrc
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
Compute service
Install and configure controller node
Prerequisites
mysql
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
修改*_DBPASS为自己的密码
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
. admin-openrc
#创建NOVA用户
openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
#创建placement用户
openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
Install and configure components
apt install nova-api nova-conductor nova-consoleauth \
nova-novncproxy nova-scheduler nova-placement-api
Edit the /etc/nova/nova.conf,替换NOVA_DBPASS为自己的密码
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 10.0.0.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
#替换NOVA_PASS为自己的密码
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
因为一个bug的原因,要移除log_dir从[default]配置项
#替换PLACEMENT_PASS为自己密码
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650
su -s /bin/sh -c "nova-manage db sync" nova
service nova-api restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
Install and configure a compute node
apt install nova-compute
编辑 the /etc/nova/nova.conf,替换所有的密码为自己的密码。
#替换my_ip的ip地址为compute node ip地址
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
#替换PLACEMENT_PASS为自己的密码
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
如果是使用虚拟机,则如下操作:
编辑 the [libvirt] 配置项 in the /etc/nova/nova-compute.conf
[libvirt]
virt_type = qemu
service nova-compute restart
Add the compute node to the cell database
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
或者在 /etc/nova/nova.conf文件中添加如下配置信息:
[scheduler]
discover_hosts_in_cells_interval = 300
Networking service
Install and configure controller node
Prerequisites
mysql
CREATE DATABASE neutron;
#替换NEUTRON_DAPASS为自己的密码
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
. admin-openrc
openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
[安装 neutron 软件包]
apt-get install neutron-server neutron-plugin-ml2 neutron-openvswitch-agent neutron-l3-agent
neutron-dhcp-agent neutron-metadata-agent python-neutronclient
编辑 /etc/neutron/neutron.conf 文件
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
注:注释掉 其他sqlite连接
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = stack2015
#替换密码为自己的keystone的密码
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = stack2015
#替换密码为自己的nova密码
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = stack2015
[修改 ml2 配置文件]
配置 /etc/neutron/plugins/ml2/ml2_conf.ini 文件
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
extension_drivers = port_security
[ml2_type_flat]
flat_networks = external
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
修改 etc/neutron/plugins/ml2/openvswitch_agent.ini 在[ovs]增加
#local_ip为隧道VTEP的地址,可以为管理网卡IP地址,也可以是隧道特定网卡地址
[ovs]
local_ip = TUNNELS_IP
bridge_mappings = external:br-ex
[agent]
tunnel_types = vxlan
l2_population = True
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[更新 L3 配置]
配置 /etc/neutron/l3_agent.ini
[DEFAULT]
verbose = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge =br-ex
配置 /etc/neutron/dhcp_agent.ini
[DEFAULT]
verbose = True
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
编辑 /etc/neutron/dhcp_agent.ini 在[DEFAULT]选项中添加
dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
创建/etc/neutron/dnsmasq-neutron.conf 文件
echo 'dhcp-option-force=26,1450' | sudo tee /etc/neutron/dnsmasq-neutron.conf
编辑/etc/neutron/metadata_agent.ini 在[DEFAULT]部分加入以下设置
nova_metadata_ip = controller metadata_proxy_shared_secret = METADATA_SECRET
修改控制节点 nova 配置文件中[neutron]部分
配置/etc/nova/nova.conf,修改密码为自己的密码
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = stack2015
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[同步 neutron 数据库]
neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head
同步过程大概 2-3 分钟左右
[重启 Nova API Server]
service nova-api restart
启动 openvswitch
service openvswitch-switch restart
增加用于外部网络的网桥
ovs-vsctl add-br br-ex
向外部网桥添加物理网卡
ovs-vsctl add-port br-ex enp3s0(外网网卡)
关闭网卡的 GRO 功能
ethtool -K enp3s0 gro off
[重启 Neutron 服务]
service neutron-server restart
service openvswitch-switch restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
service neutron-l3-agent restart
验证 Neutron client 來查看外部网络
. admin-openrc
neutron ext-list
验证 Neutron client 來查看 Agents 状态
neutron agent-list
Install and configure compute node
[安装计算节点 neutron 软件包]
apt-get install neutron-plugin-ml2 neutron-openvswitch-age
编辑/etc/neutron/neutron.conf 在[DEFAULT]部分加入以下设置
[DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
在[database]部分將所有 connection 与 sqlite 相关的参数注释
[database]
# connection = sqlite:////var/lib/neutron/neutron.sqlite
[oslo_messaging_rabbit]部分加入以下设置
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = stack2015
[keystone_authtoken]部分加入以下设置
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = stack2015
配置修改/etc/neutron/plugins/ml2/ml2_conf.ini 设置如下
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = openvswitch
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
配置修改/etc/neutron/plugins/ml2/openvswitch_agent.ini 设置如下
[agent]
tunnel_types = vxlan
l2_population = False
prevent_arp_spoofing = False
arp_responder = False
vxlan_udp_port = 4789
[ovs]
local_ip = 172.171.4.211
tunnel_type = vxlan
tunnel_bridge = br-tun
integration_bridge = br-int
tunnel_id_ranges = 1:1000
tenant_network_type = vxlan
enable_tunneling = True
[securitygroup]
enable_ipset = True
enable_security_group = False
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
配置/etc/nova/nova.conf 在[neutron]中添加如下信息,修改密码为自己的密码
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = stack2015
[重启 nova-compute]
service nova-compute restart
[重启 Open vSwitch Agent]
service openvswitch-switch restart
service neutron-openvswitch-agent restart
[验证计算节点 neutron]
. admin-openrc
neutron agent-list
Block Storage service
Install and configure controller node
mysql
CREATE DATABASE cinder;
#替换CINDER_DBPASS为自己的密码
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
. admin-openrc
openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
openstack role add --project service --user cinder admin
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
Install and configure components
apt install cinder-api cinder-scheduler
编辑 the /etc/cinder/cinder.conf 配置
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
#修改my_ip值为controller node 的IP地址
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 10.0.0.11
#修改CINDER_PASS为自己的密码
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
Edit the /etc/nova/nova.conf file and add the following to it:
[cinder]
os_region_name = RegionOne
service nova-api restart
su -s /bin/sh -c "cinder-manage db sync" cinder
Finalize installation
service nova-api restart
service cinder-scheduler restart
service apache2 restart
Install and configure a storage node
Prerequisites
apt install lvm2
根据环境中硬盘的盘符来写,如sdb sda sdc等。在这一步之前必须要先添加一块硬盘到cinder_storage中
pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created
In the devices section, add a filter that accepts the /dev/sdb device and rejects all other devices。在cinder_node节点上过滤非添加硬盘。
devices {
filter = [ "a/sdb/", "r/.*/"]
Install and configure components
apt install cinder-volume
Edit the /etc/cinder/cinder.conf 替换所有的密码为自己的密码
#注释掉其他数据库连接
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
#替换RABIIT_PASS为自己的密码
#替换my_ip为cinder_storage 的IP地址
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
enabled_backends = lvm
glance_api_servers = http://controller:9292
#替换CINDER_PASS为自己密码
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = tgtadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
Finalize installation
service tgt restart
service cinder-volume restart
swift
controller
Prerequisites
. admin-openrc
openstack user create --domain default --password-prompt swift
User Password:
Repeat User Password:
openstack role add --project service --user swift admin
openstack service create --name swift --description "OpenStack Object Storage" object-store
openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%\(tenant_id\)s
openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1
Install and configure components
apt-get install swift swift-proxy python-swiftclient \
python-keystoneclient python-keystonemiddleware memcached
Create the /etc/swift directory.
curl -o /etc/swift/proxy-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/proxy-server.conf-sample?h=stable/newton
Edit the /etc/swift/proxy-server.conf 替换所有的密码
[DEFAULT]
bind_port = 8080
user = swift
swift_dir = /etc/swift
[pipeline:main]
pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = swift
password = SWIFT_PASS
delay_auth_decision = True
[filter:cache]
use = egg:swift#memcache
memcache_servers = controller:11211
storage node
Prerequisites
apt-get install xfsprogs rsync
#执行之前要确认是否有添加硬盘,盘符要明确
mkfs.xfs /dev/sdb
mkfs.xfs /dev/sdc
mkdir -p /srv/node/sdb
mkdir -p /srv/node/sdc
Edit the /etc/fstab file 添加如下信息
/dev/sdb /srv/node/sdb xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
/dev/sdc /srv/node/sdc xfs noatime,nodiratime,nobarrier,logbufs=8 0 2
mount /srv/node/sdb
mount /srv/node/sdc
Create or edit the /etc/rsyncd.conf 替换IP地址为storage node的IP地址
uid = swift
gid = swift
log file = /var/log/rsyncd.log
pid file = /var/run/rsyncd.pid
address = MANAGEMENT_INTERFACE_IP_ADDRESS
[account]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/account.lock
[container]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/container.lock
[object]
max connections = 2
path = /srv/node/
read only = False
lock file = /var/lock/object.lock
Edit the /etc/default/rsync file and enable the rsync service:
RSYNC_ENABLE=true
Start the rsync service:
service rsync start
Install and configure components
apt-get install swift swift-account swift-container swift-object
curl -o /etc/swift/account-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/account-server.conf-sample?h=stable/newton
curl -o /etc/swift/container-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/container-server.conf-sample?h=stable/newton
curl -o /etc/swift/object-server.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/object-server.conf-sample?h=stable/newton
Edit the /etc/swift/account-server.conf 替换IP地址为storage node的IP地址
[DEFAULT]
bind_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
bind_port = 6202
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon account-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
Edit the /etc/swift/container-server.conf file 替换IP地址为storage node的IP地址
[DEFAULT]
bind_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
bind_port = 6201
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon container-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
Edit the /etc/swift/object-server.conf 替换IP地址为storage node的IP地址
[DEFAULT]
bind_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
bind_port = 6200
user = swift
swift_dir = /etc/swift
devices = /srv/node
mount_check = True
[pipeline:main]
pipeline = healthcheck recon object-server
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
chown -R swift:swift /srv/node
mkdir -p /var/cache/swift
chown -R root:swift /var/cache/swift
chmod -R 775 /var/cache/swift
Create account ring(controller node)
切换到 /etc/swift directory.
Create the base account.builder file。数字比例为( 10 节点数 1)
swift-ring-builder account.builder create 10 3 1
swift-ring-builder account.builder add --region 1 --zone 1 --ip 10.0.0.51 --port 6202 --device sdb --weight 100
swift-ring-builder account.builder
swift-ring-builder account.builder rebalance
Create the base container.builder file:数字比例为( 10 节点数 1)
swift-ring-builder container.builder create 10 3 1
swift-ring-builder container.builder add --region 1 --zone 1 --ip 10.0.0.51 --port 6201 --device sdb --weight 100
swift-ring-builder container.builder
swift-ring-builder container.builder rebalance
Create the base object.builder file:数字比例为( 10 节点数 1)
swift-ring-builder object.builder create 10 3 1
swift-ring-builder object.builder add --region 1 --zone 1 --ip 10.0.0.51 --port 6200 --device sdb --weight 100
swift-ring-builder object.builder
swift-ring-builder object.builder rebalance
Copy the account.ring.gz, container.ring.gz, and object.ring.gz files to the
/etc/swift directory on each storage node and any additional nodes running the proxy service
拷贝生成的ring.gz文件到所有的storage node的/etc/swift文件下。
Finalize installation(controller node)
Obtain the /etc/swift/swift.conf file from the Object Storage source repository:
curl -o /etc/swift/swift.conf https://git.openstack.org/cgit/openstack/swift/plain/etc/swift.conf-sample?h=stable/newton
Edit the /etc/swift/swift.conf file and complete the following actions
[swift-hash]
swift_hash_path_suffix = HASH_PATH_SUFFIX
swift_hash_path_prefix = HASH_PATH_PREFIX
[storage-policy:0]
name = Policy-0
default = yes
Copy the swift.conf file to the /etc/swift directory on each storage node and any additional nodes running the proxy service.(拷贝/etc/swift中的swift.conf文件到所有storage node的 /etc/swift文件夹中)
On all nodes, ensure proper ownership of the configuration directory(所有节点改变/etc/swift的用户组关系,确保权限正确)
chown -R root:swift /etc/swift
#controller node重启服务
service memcached restart
service swift-proxy restart
#storage node初始化swift
swift-init all start
Dashboard
Install and configure
apt install openstack-dashboard
Edit the /etc/openstack-dashboard/local_settings.py file and complete the following actions:
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['one.example.com', 'two.example.com']
#Do not edit the ALLOWED_HOSTS parameter under the Ubuntu configuration section.
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
Finalize installation
service apache2 reload