部署OpenStack

2023-11-24 21:53:46

设置基础环境

设置主机名

#controller
hostnamectl set-hostname controller.ecloud.com
#compute
hostnamectl set-hostname compute.ecloud.com

关闭防火墙

#controller && compute
systemctl disable firewalld
systemctl stop firewalld

添加主机名映射

#controller && compute
cat >> /etc/hosts << EOF
10.0.1.67   controller controller.ecloud.com
10.0.1.68   compute compute.ecloud.com
EOF

设置repo源

#controller && compute
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
cat >> /etc/yum.repos.d/openstack.repo << EOF
[openstack]
name=openstack
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
gpgcheck=0
enabled=1
EOF
cat >> /etc/yum.repos.d/CentOS-Base.repo << EOF
[virt]
name=virt
baseurl=https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
gpgcheck=0
enabled=1
EOF
yum makecache

安装OpenStack客户端

# controller && compute
yum install -y python-openstackclient

设置chrony时间同步

# controller && compute
yum install -y chrony
vim /etc/chrony.conf
    #server 0.centos.pool.ntp.org iburst
   #server 1.centos.pool.ntp.org iburst
   #server 2.centos.pool.ntp.org iburst
   #server 3.centos.pool.ntp.org iburst
    server ntp1.aliyun.com iburst
systemctl start chronyd
systemctl enable chronyd

设置mariadb数据库

# controller
yum install -y mariadb mariadb-server python2-PyMySQL
echo '[mysqld]
bind-address = 10.0.1.67
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8' > /etc/my.cnf.d/openstack.cnf
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] y
New password:                                   #输入密码
Re-enter new password:                          #验证密码
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

设置消息队列

# controller
yum install -y rabbitmq-server
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

设置memcached缓存

# controller
yum install -y memcached
vim /etc/sysconfig/memcached
   #OPTIONS="-l 127.0.0.1,::1"
   OPTIONS="-l 10.0.1.67,::1"
systemctl start memcached.service
systemctl enable memcached.service

keystone

controller节点

安装keystone脚本

cat > keystone.sh <<-EOF
#!/bin/bash
mysql -uroot -p123456 -e 'CREATE DATABASE keystone;'
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
 
yum install openstack-keystone httpd mod_wsgi openstack-utils -y
 
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone@controller/keystone
 
openstack-config --set /etc/keystone/keystone.conf token provider fernet
 
su -s /bin/sh -c "keystone-manage db_sync" keystone
 
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
 
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
 
sed -ri 's/#(ServerName ).*/\1controller/g' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
 
systemctl start httpd
systemctl enable httpd
 
echo 'export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2' > /root/admin-openrc
 
source /root/admin-openrc
 
openstack project create --domain default \
--description "Service Project" service
EOF

安装keystone

sh keystone.sh

验证

source /root/admin-openrc
openstack user list

glance

controller节点

安装glance脚本

cat > glance.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -uroot -p123456 -e "CREATE DATABASE glance;"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
 
openstack user create --domain default --password glance glance
 
openstack role add --project service --user glance admin
 
openstack service create --name glance \
--description "OpenStack Image" image
 
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
 
yum install -y openstack-glance
 
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@controller/glance
 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance
 
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
 
openstack-config --set /etc/glance/glance-api.conf glance_store stores  file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
 
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance@controller/glance
 
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance
 
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
 
su -s /bin/sh -c "glance-manage db_sync" glance
 
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service
EOF

filesystem_store_datadir 可以修改镜像存放路径。该路径 glance 用户必须要有权限。

安装glance

sh glance.sh

验证

source /root/admin-openrc
openstack image list

nova

controller

安装nova配置文件脚本

cat > nova-controller.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -uroot -p123456 -e "CREATE DATABASE nova_api;"
mysql -uroot -p123456 -e "CREATE DATABASE nova;"
mysql -uroot -p123456 -e "CREATE DATABASE nova_cell0;"
mysql -uroot -p123456 -e "CREATE DATABASE placement;"
 
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"
 
openstack user create --domain default --password nova nova
 
openstack role add --project service --user nova admin
 
openstack service create --name nova \
--description "OpenStack Compute" compute
 
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
 
openstack user create --domain default --password placement placement
 
openstack role add --project service --user placement admin
 
openstack service create --name placement \
--description "Placement API" placement
 
openstack endpoint create --region RegionOne \
placement public http://controller:8778
openstack endpoint create --region RegionOne \
placement internal http://controller:8778
openstack endpoint create --region RegionOne \
placement admin http://controller:8778
 
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
 
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
 
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:nova@controller/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:nova@controller/nova
openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:placement@controller/placement
 
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova
 
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.1.67
 
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen '\$my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address '\$my_ip'
 
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
 
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
 
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password placement
 
echo '
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>' >> /etc/httpd/conf.d/00-nova-placement-api.conf
 
systemctl restart httpd
 
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
 
systemctl start openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
systemctl enable openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
EOF

注意: 这里修改修改一下 my_ip

安装nova

sh nova-controller.sh

compute

安装nova计算提供虚拟机脚本

cat > nova-compute.sh <<-EOF
#!/bin/bash
yum install openstack-nova-compute openstack-utils -y
 
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
 
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:openstack@controller

openstack-config --set /etc/nova/nova.conf DEFAULT instances_path /var/lib/nova/instances

openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova
 
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.1.68
 
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address '\$my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://10.0.1.67:6080/vnc_auto.html
 
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
 
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
 
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password placement
 
openstack-config --set /etc/nova/nova.conf libvirt virt_type kvm
 
systemctl start libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
EOF

注意:
这里修改修改一下 my_ip（计算节点IP地址）, novncproxy_base_url（控制节点IP地址）
instances_path 修改虚拟机存储路径，该路径 nova 用户必须有权限执行。
这个 virt_type 选项必须填，不然会有未知的错误。

安装nova

sh nova-conpute.sh

添加计算节点

controller执行

source /root/admin-openrc
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
openstack-config --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300

验证

nova hypervisor-list
openstack compute service list

neutron

controller

安装neutron脚本

cat > neutron.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -uroot -p123456 -e "CREATE DATABASE neutron;"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
 
openstack user create --domain default --password neutron neutron
 
openstack role add --project service --user neutron admin
 
openstack service create --name neutron \
--description "OpenStack Networking" network
 
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
 
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
 
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:neutron@controller/neutron
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password nova
 
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:em2
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.1.67
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
 
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
 
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret openstack
 
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password neutron
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret openstack
 
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
 
systemctl restart openstack-nova-api
 
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service
EOF

注意：这里需要修改 local_ip 改成控制节点的IP地址和 physical_interface_mappings 改成网卡名称

安装neutron

sh neutron.sh

compute

cat > neutron.sh <<-EOF
#!/bin/bash
yum install openstack-neutron-linuxbridge ebtables ipset -y
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron
 
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:em2
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.1.68
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password neutron
 
systemctl restart openstack-nova-compute.service
 
systemctl enable neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service
EOF

注意：这里需要修改 local_ip 改成计算节点的IP地址和 physical_interface_mappings 修改成网卡名称

安装neutron

sh neutron.sh

验证

source admin-openrc
openstack network agent list
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                  | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
| 95b067ee-4c08-4d30-9b62-dcaea94607da | Metadata agent     | controller.ecloud.com | None              | XXX   | UP    | neutron-metadata-agent    |
| c3f0fe6c-33a4-404d-98d8-6ec3ec646af9 | Linux bridge agent | controller.ecloud.com | None              | XXX   | UP    | neutron-linuxbridge-agent |
| e5c7bd32-d98b-417d-9c20-91392b7584c6 | DHCP agent         | controller.ecloud.com | nova              | XXX   | UP    | neutron-dhcp-agent        |
| f6f3a6b7-f00e-48f8-abab-5a2a42680650 | L3 agent           | controller.ecloud.com | nova              | XXX   | UP    | neutron-l3-agent          |
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
openstack network create --share --external \
 --provider-physical-network provider \
 --provider-network-type flat provider
#--provider-network-type这个值要对应 /etc/neutron/plugins/ml2/ml2_conf.ini 的 [ml2_type_flat] flat_networks = provider
openstack subnet create --network provider \
 --allocation-pool start=192.168.31.10,end=192.168.31.50 \
 --dns-nameserver 223.5.5.5 --gateway 192.168.31.1 \
 --subnet-range 192.168.31.0/24 provider
#这个外网地址要对应原来那个真实IP地址一个网段
openstack network create selfnetwork
openstack subnet create --network selfnetwork \
 --dns-nameserver 223.5.5.5 --gateway 172.16.1.1 \
 --subnet-range 172.16.1.0/24 selfnetwork
openstack router create router
openstack router add subnet router selfnetwork
openstack router set router --external-gateway provider
[root@controller ~]# openstack port list --router router
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                           | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 6e901012-73a5-4540-962e-d162ac6cb250 |      | fa:16:3e:d0:60:13 | ip_address='172.16.1.1', subnet_id='58ffdd9c-11c7-4b38-9961-4f48522d5266'    | ACTIVE |
| cf4b3788-210c-4b2b-bd6d-8d7e3fc317fb |      | fa:16:3e:38:61:86 | ip_address='192.168.31.37', subnet_id='f7211a37-3bba-403e-bd6d-77ba52fc8e02' | ACTIVE |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
[root@controller ~]# ping -c 4 192.168.31.37
PING 192.168.31.37 (192.168.31.37) 56(84) bytes of data.
64 bytes from 192.168.31.37: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 192.168.31.37: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 192.168.31.37: icmp_seq=3 ttl=64 time=0.040 ms
64 bytes from 192.168.31.37: icmp_seq=4 ttl=64 time=0.047 ms
 
--- 192.168.31.37 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.040/0.051/0.079/0.017 ms

创建虚拟机

openstack flavor create --ram 4096 --disk 10 --vcpus 4 --public CentOS
openstack security group create selfgroup
openstack security group rule create --proto icmp selfgroup
openstack security group rule create --proto tcp --dst-port 22 selfgroup
openstack server create --security-group selfgroup --image 'CentOS7' --flavor CentOS --network selfservice jumpserver

如果虚拟机状态结果为ACTIVE，那就没有问题了

cinder

controller

安装cinder脚本

cat > cinder.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -u root -p123456 -e "CREATE DATABASE cinder;"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
 
openstack user create --domain default --password cinder cinder
openstack role add --project service --user cinder admin
 
openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 \
  --description "OpenStack Block Storage" volumev3
 
openstack endpoint create --region RegionOne \
  volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev3 admin http://controller:8776/v3/%\(project_id\)s
 
yum install openstack-cinder -y
 
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:cinder@controller/cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 10.0.1.67
 
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
 
su -s /bin/sh -c "cinder-manage db sync" cinder
 
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
 
systemctl restart openstack-nova-api.service
 
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
EOF

部署cinder服务

bash cinder.sh

storage节点

这里storage节点也是compute节点。也是创建一个脚本名字为cinder.sh

cat > cinder.sh <<-EOF
#!/bin/bash
yum install openstack-cinder targetcli python-keystone lvm2 device-mapper-persistent-data -y
 
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
 
pvcreate /dev/sda4
vgcreate cinder-volumes /dev/sda4
 
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:cinder@controller/cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url  http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id  default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 10.0.1.68
 
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
 
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path  /var/lib/cinder/tmp
 
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
EOF

注意：脚本里的 pvcreate、vgcreate这两个参数根据实际情况调整。我这里使用的是/dev/sda4

fdisk /dev/sda
Command (m for help): n
Partition type:
   p   primary (3 primary, 0 extended, 1 free)
   e   extended
Select (default e): p
First sector (244246528-584843263, default 244246528):     回车
Last sector, +sectors or +size{K,M,G} (244246528-584843263, default 584843263): 回车
Command (m for help): w
partprobe

部署cinder

bash cinder.sh

验证

openstack volume create --size 1 test
openstack volume list

heat

controller

安装heat脚本

cat > heat.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
 
mysql -u root -p123456 -e "CREATE DATABASE heat;"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'heat';"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'heat';"
 
openstack user create --domain default --password heat heat
openstack role add --project service --user heat admin
 
openstack service create --name heat \
  --description "Orchestration" orchestration
openstack service create --name heat-cfn \
  --description "Orchestration"  cloudformation
 
openstack endpoint create --region RegionOne \
  orchestration public http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
  orchestration internal http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
  orchestration admin http://controller:8004/v1/%\(tenant_id\)s
 
openstack endpoint create --region RegionOne \
  cloudformation public http://controller:8000/v1
openstack endpoint create --region RegionOne \
  cloudformation internal http://controller:8000/v1
openstack endpoint create --region RegionOne \
  cloudformation admin http://controller:8000/v1
 
openstack domain create --description "Stack projects and users" heat
openstack user create --domain heat --password admin heat_domain_admin
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
 
openstack role create heat_stack_owner
openstack role add --project demo --user demo heat_stack_owner
openstack role create heat_stack_user
 
yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine -y
 
openstack-config --set /etc/heat/heat.conf database connection mysql+pymysql://heat:heat@controller/heat
 
openstack-config --set /etc/heat/heat.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/heat/heat.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/heat/heat.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_type password
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_name service
openstack-config --set /etc/heat/heat.conf keystone_authtoken username heat
openstack-config --set /etc/heat/heat.conf keystone_authtoken password heat
 
openstack-config --set /etc/heat/heat.conf trustee auth_type password
openstack-config --set /etc/heat/heat.conf trustee auth_url http://controller:5000
openstack-config --set /etc/heat/heat.conf trustee username heat
openstack-config --set /etc/heat/heat.conf trustee password heat
openstack-config --set /etc/heat/heat.conf trustee user_domain_name default
 
openstack-config --set /etc/heat/heat.conf clients_keystone auth_uri http://controller:5000
 
openstack-config --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url http://controller:8000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url http://controller:8000/v1/waitcondition
 
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin heat_domain_admin
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password admin
openstack-config --set /etc/heat/heat.conf DEFAULT stack_user_domain_name heat
 
su -s /bin/sh -c "heat-manage db_sync" heat
 
systemctl start openstack-heat-api.service \
  openstack-heat-api-cfn.service openstack-heat-engine.service
systemctl enable openstack-heat-api.service \
  openstack-heat-api-cfn.service openstack-heat-engine.service
EOF

部署heat服务

bash heat.sh

验证

创建一个test.yml

cat > test.yml <<-EOF
heat_template_version: rocky
 
resources:
  server:
    type: OS::Nova::Server
    properties:
      image: CentOS7
      flavor: CentOS
      networks:
     - network: 2e910a8d-3391-49eb-bb30-2e12f6fb05b0
 
outputs:
  instance_name:
    description: Name of the instance.
    value: { get_attr: [ server, name ] }
  instance_ip:
    description: IP address of the instance.
    value: { get_attr: [ server, first_address ] }
EOF

创建

openstack stack create -t test.yal stack

码农公寓

设置基础环境

设置主机名

关闭防火墙

添加主机名映射

设置repo源

安装OpenStack客户端

设置chrony时间同步

设置mariadb数据库

设置消息队列

设置memcached缓存

keystone

controller节点

安装keystone脚本

安装keystone

验证

glance

controller节点

安装glance脚本

安装glance

验证

nova

controller

安装nova配置文件脚本

安装nova

compute

安装nova计算提供虚拟机脚本

安装nova

添加计算节点

验证

neutron

controller

安装neutron脚本

安装neutron

compute

安装neutron

验证

创建虚拟机

cinder

controller

安装cinder脚本

部署cinder服务

storage节点

这里storage节点也是compute节点。也是创建一个脚本名字为cinder.sh

部署cinder

验证

heat

controller

安装heat脚本

部署heat服务

验证

相关文章