Openstack控制主機安裝配置流程三

時間  2020-04-10
標籤 openstack 控制 主機 安裝 配置 流程 简体版
原文   原文鏈接

Openstack控制主機安裝配置流程三

1.環境配置

  Hosts配置
  修改/etc/hosts文件,增長wtcontroller、wtcompute一、wtcompute2:python

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.100 wtcontroller
172.16.10.101 wtcompute1
172.16.10.102 wtcompute2

  修改本機hostnamemysql

echo "wtcontroller"> /etc/hostname

1.1修訂yum源

  本示例使用的時163的yum源:linux

CentOS7-Base-163.repo

  將以上文件拷貝至/etc/yum.repos.d目錄下
  備份該目錄下CentOS-Base.repo文件
  修改CentOS7-Base-163.repo爲CentOS-Base.repo
  執行如下命令:ios

yum clean all         #清除緩存
yum makecache       #生成緩存
yum list #顯示全部已經安裝和能夠安裝的程序包

  關閉該服務,否者yum clean會卡死,屬於系統bugweb

systemctl stop initial-setup-text

1.2防火牆操做

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service

1.3關閉selinux安全服務

setenforce 0
getenforce
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
grep SELINUX=disabled /etc/sysconfig/selinux

1.4安裝時間同步NTP服務

yum install chrony -y
vim /etc/chrony.conf
--參考網絡配置,確保如下配置打開:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
並修改如下配置,打開如下網段節點向控制節點校時:
allow 172.16.10.0/24

  重啓服務並設置服務自啓動redis

systemctl restart chronyd.service
systemctl status chronyd.service
systemctl enable chronyd.service
systemctl list-unit-files |grep chronyd.service

  修訂時區sql

timedatectl set-timezone Asia/Shanghai
chronyc sources

1.5安裝openstack-更新yum

yum install centos-release-openstack-rocky -y
yum clean all
yum makecache

1.6安裝客戶端軟件

yum install python-openstackclient openstack-selinux -y

2.安裝流程

2.1安裝數據庫

yum install mariadb mariadb-server python2-PyMySQL -y

  建立並編輯文件數據庫

vi /etc/my.cnf.d/openstack.cnf
內容:
[mysqld]
bind-address = 172.16.10.100
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

 綁定地址
 默認存儲引擎
 使用獨享表空間模式,每個表都會建一個表空間,都會有索引文件, 查索引快,共享表空間,共用一個表空間和索引,若是有損壞很難修復,好比說zabbix用到的數據庫若是不使用的獨享表空間,很難進行優化django

  增長數據庫開機啓動項並啓動服務bootstrap

systemctl enable mariadb.service
systemctl start mariadb.service
systemctl list-unit-files |grep mariadb.service

  啓動數據庫服務的初始安全設置(root/wtoe@123456)

mysql_secure_installation

  設置過程以下:

Enter current password for root (enter for none):<–初次運行直接回車 
OK, successfully used password, moving on… Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation.

Set root password? [Y/n] #是否設置root用戶密碼,輸入y並回車或直接回車
New password: #設置root用戶的密碼 示例使用wtoe@123456
Re-enter new password: #再輸入一次你設置的密碼 
Password updated successfully! Reloading privilege tables.. … Success!
Remove anonymous users? [Y/n] #是否刪除匿名用戶,生產環境建議刪除,因此直接回車 … Success!

Disallow root login remotely? [Y/n] #是否禁止root遠程登陸,根據本身的需求選擇Y/n並回車,建議禁止
Success!

Remove test database and access to it? [Y/n] #是否刪除test數據庫,直接回車 
- Dropping test database… … 
Success! - Removing privileges on test database… …
 Success!

Reload privilege tables now? [Y/n] #是否從新加載權限表,直接回車 … 
Success! Cleaning up…
All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL!

2.2安裝RabbitMQ

yum install rabbitmq-server -y

添加開機啓動和服務
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

增長訪問rabbitMQ的用戶和權限
rabbitmqctl add_user openstack wtoe@123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmqctl set_permissions -p "/" openstack ".*" ".*" ".*"

啓動web管理
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
rabbitmq-plugins list
訪問地址:http://192.168.1.241 :15672
#默認用戶名密碼都是guest
須要經過web頁面訪問確認openstack用戶已添加

2.2安裝etcd--服務發現系統

  服務安裝

yum install etcd -y

  編輯配置文件

vi /etc/etcd/etcd.conf

  修改內容以下:

#注意上面的IP地址不能用controller替代,沒法解析
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.3.241 :2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.3.241:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.3.241:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.3.241:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.3.241:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

啓  動服務並設置自起:

systemctl enable etcd
systemctl start etcd

2.3keystone認證服務安裝

  數據庫配置
  進入數據庫

mysql -u root -p 
先增長root針對全部數據庫的權限
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'wtoe@123456';
#建立數據庫
CREATE DATABASE keystone;
#增長用戶配置權限
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
show databases;
select user,host from mysql.user;
exit

  在控制節點安裝keystone相關軟件包

yum install openstack-keystone httpd mod_wsgi -y
yum install openstack-keystone python-keystoneclient openstack-utils -y

  快速修改keystone配置--非官網,須要openstack-utils支持

openstack-config -set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:wtoe@123456@controller/keystone

openstack-config --set /etc/keystone/keystone.conf token provider fernet

  查看生效的配置

egrep -v "^#|^$" /etc/keystone/keystone.conf

  配置信息應以下:

[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:wtoe@123456@wtcontroller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]
[wsgi]

  初始化同步keystone數據庫(包含44張表)

su -s /bin/sh -c "keystone-manage db_sync" keystone

注意:若是在同步數據庫過程當中python報錯,可能須要進行如下操做:
  安裝pip對python響應庫進行更新:

yum install python-pip
sudo pip uninstall urllib3
sudo pip uninstall chardet
sudo pip install requests

  查看建立的表

mysql -h192.168.3.241 -ukeystone -pwtoe@123456 -e "use keystone;show tables;"

初始化Fernet令牌庫

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置啓動Apache(httpd)
修改httpd主配置文件
vim /etc/httpd/conf/httpd.conf +95
vim /etc/httpd/conf/httpd.conf +95
#修訂以下
ServerName controller
#檢查
cat /etc/httpd/conf/httpd.conf |grep ServerName
#配置虛擬主機
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Apache啓動服務並增長啓動項

systemctl enable httpd.service
systemctl start httpd.service
systemctl list-unit-files |grep httpd.service #查看服務設置

檢查Apache服務狀態

netstat -anptl|grep httpd

#若是http起不來,須要關閉 selinux 或者安裝 yum install openstack-selinux

建立 keystone 用戶,初始化的服務實體和API端點

#建立keystone服務實體和身份認證服務,如下三種類型分別爲公共的、內部的、管理的。

keystone-manage bootstrap --bootstrap-password wtoe@123456 \
  --bootstrap-admin-url http://wtcontroller:5000/v3/ \
  --bootstrap-internal-url http://wtcontroller:5000/v3/ \
  --bootstrap-public-url http://wtcontroller:5000/v3/ \
  --bootstrap-region-id RegionOne

配置admin的系統環境變量

export OS_USERNAME=admin
export OS_PASSWORD=wtoe@123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://wtcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
#查看配置
env |grep OS_

建立keystone的通常實例
#如下命令會在project表中建立名爲example的項目

openstack domain create --description "An Example Domain" example

#爲keystone系統環境建立名爲service的項目提供服務
#用於常規(非管理)任務,須要使用無特權用戶
#如下命令會在project表中建立名爲service的項目

openstack project create --domain default --description "Service Project" service

#建立myproject項目和對應的用戶及角色
#做爲通常用戶(非管理員)的項目,爲普通用戶提供服務
#如下命令會在project表中建立名爲myproject項目

openstack project create --domain default --description "Demo Project" myproject

#在默認域建立myuser用戶
#使用--password選項爲直接配置明文密碼,使用--password-prompt選項爲交互式輸入密碼
#如下命令會在local_user表增長myuser用戶

openstack user create --domain default  --password-prompt myuser
#密碼 wtoe@123456
##openstack user create --domain default  --password=myuser wtoe@123456

#在role表建立myrole角色
openstack role create myrole
#將myrole角色添加到myproject項目中和myuser用戶組中
openstack role add --project myproject --user myuser myrole

驗證操做keystone是否安裝成功
去除環境變量
#關閉臨時認證令牌機制,獲取 token,驗證keystone配置成功

做爲管理員用戶去請求一個認證的token
#測試是否可使用admin帳戶進行登錄認證,請求認證令牌

openstack --os-auth-url http://wtcontroller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

使用普通用戶獲取認證token
#如下命令使用」myuser「用戶的密碼和API端口5000,只容許對身份認證服務API的常規(非管理)訪問。

建立OpenStack客戶端環境腳本

admin的系統環境變量 vi admin-openrc

內容以下:

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=wtoe@123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#myuser的 vi myuser-openrc
內容以下:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=wtoe@123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#驗證
source admin-openrc
openstack token issue

source myuser-openrc
openstack token issue

2.4安裝glance鏡像服務

建立數據庫

mysql -uroot -pwtoe@123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
exit

在keystone上面註冊glance
在keystone上建立glance用戶
#如下命令在local_user表建立glance用戶

openstack user create --domain default --password=wtoe@123456 glance
openstack user list

在keystone上將glance用戶添加爲service項目的admin角色(權限)

openstack role add --project service --user glance admin

如下命令在service表中增長glance項目

openstack service create --name glance --description "OpenStack Image" image
openstack service list

建立鏡像服務的 API 端點(endpoint)

openstack endpoint create --region RegionOne image public http://wtcontroller:9292
openstack endpoint create --region RegionOne image internal http://wtcontroller:9292
openstack endpoint create --region RegionOne image admin http://wtcontroller:9292

安裝glance軟件

yum install openstack-glance python-glance python-glanceclient -y

修改glance相關配置
執行如下命令能夠快速配置glance-api.conf

openstack-config --set  /etc/glance/glance-api.conf database connection  mysql+pymysql://glance:wtoe@123456@wtcontroller/glance
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_url http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_name service 
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken password wtoe@123456
openstack-config --set  /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set  /etc/glance/glance-api.conf glance_store stores  file,http
openstack-config --set  /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set  /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

執行如下命令能夠快速配置glance-registry.conf
openstack-config --set  /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:wtoe@123456@wtcontroller/glance
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_url http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken memcached_servers wtcontroller:11211
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken password wtoe@123456
openstack-config --set  /etc/glance/glance-registry.conf paste_deploy flavor keystone

同步glance數據庫
#生成的相關表(15張表)

su -s /bin/sh -c "glance-manage db_sync" glance

若是數據庫鏈接數一直都出現超出都狀態多是因爲網絡服務由於主機性能緣由啓動的線程數過多(默認線程數根據cpu核數決定),須要手動設置工做線程數(這裏手動修改成4):

openstack-config --set  /etc/nova/nova.conf scheduler workers  4

#保證全部須要的表已經創建,不然後面可能沒法進行下去

mysql -h172.16.10.100 -uglance -pwtoe@123456 -e "use glance;show tables;"

啓動glance鏡像服務
啓動glance鏡像服務、並配置開機自啓動

systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl list-unit-files |grep openstack-glance*

檢查確認glance安裝正確 

下載鏡像
http://download.cirros-cloud.net/  #可手動
cd /home
wget http://download.cirros-cloud.net/0.3.5/cirros-d190515-x86_64-disk.img

獲取管理員權限

. admin-openrc

上傳鏡像到glance

openstack image create "cirros" --file cirros-d190515-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image create "CentOS7" --file CentOS-7-x86_64-GenericCloud-1907.qcow2 --disk-format qcow2 --container-format bare --public

查看鏡像是否上傳成功
openstack image list

2.5安裝nova計算服務

建立數據庫

mysql -uroot -pwtoe@123456
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
show databases;
select user,host from mysql.user;
Exit

在keystone上面註冊nova服務
#建立服務證書
在keystone上建立nova用戶
. admin-openrc
openstack user create --domain default --password=wtoe@123456 nova

在keystone上將nova用戶配置爲admin角色並添加進service項目
openstack role add --project service --user nova admin

建立nova計算服務的實體
openstack service create --name nova --description "OpenStack Compute" compute

建立計算服務的API端點(endpoint)

openstack endpoint create --region RegionOne compute public http://wtcontroller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://wtcontroller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://wtcontroller:8774/v2.1
openstack endpoint list

這個版本的nova增長了placement項目
#一樣,建立並註冊該項目的服務證書

openstack user create --domain default --password=wtoe@123456 placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement

#建立placement項目的endpoint(API端口)

openstack endpoint create --region RegionOne placement public http://wtcontroller:8778
openstack endpoint create --region RegionOne placement internal http://wtcontroller:8778
openstack endpoint create --region RegionOne placement admin http://wtcontroller:8778
openstack endpoint list

#完畢

在控制節點安裝nova相關服務
安裝nova相關軟件包

yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api -y

快速修改nova配置

openstack-config --set  /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set  /etc/nova/nova.conf DEFAULT my_ip 172.16.10.100
openstack-config --set  /etc/nova/nova.conf DEFAULT use_neutron  true 
openstack-config --set  /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
openstack-config --set  /etc/nova/nova.conf DEFAULT transport_url  rabbit://openstack:wtoe@123456@wtcontroller
openstack-config --set  /etc/nova/nova.conf api_database connection  mysql+pymysql://nova:wtoe@123456@wtcontroller/nova_api
openstack-config --set  /etc/nova/nova.conf database connection  mysql+pymysql://nova:wtoe@123456@wtcontroller/nova
openstack-config --set  /etc/nova/nova.conf placement_database connection  mysql+pymysql://placement:wtoe@123456@wtcontroller/placement
openstack-config --set  /etc/nova/nova.conf api auth_strategy  keystone 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_url  http://wtcontroller:5000/v3
openstack-config --set  /etc/nova/nova.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_type  password
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_domain_name  default 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken user_domain_name  default
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_name  service 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken username  nova 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken password  wtoe@123456
openstack-config --set  /etc/nova/nova.conf vnc enabled true
openstack-config --set  /etc/nova/nova.conf vnc server_listen '$my_ip'
openstack-config --set  /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
openstack-config --set  /etc/nova/nova.conf glance api_servers  http://wtcontroller:9292
openstack-config --set  /etc/nova/nova.conf oslo_concurrency lock_path  /var/lib/nova/tmp 
openstack-config --set  /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set  /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set  /etc/nova/nova.conf placement project_name service
openstack-config --set  /etc/nova/nova.conf placement auth_type password
openstack-config --set  /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set  /etc/nova/nova.conf placement auth_url http://wtcontroller:5000/v3
openstack-config --set  /etc/nova/nova.conf placement username placement
openstack-config --set  /etc/nova/nova.conf placement password wtoe@123456
openstack-config --set  /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300

#服務端的計算節點多久去檢查一次新加入的host主機信息,能夠自動將安裝好的計算節點主機加入集羣 300

#查看配置

egrep -v "^#|^$" /etc/nova/nova.conf

配置虛擬機的硬件加速

#首先肯定您的計算節點是否支持虛擬機的硬件加速。

egrep -c '(vmx|svm)' /proc/cpuinfo

#若是返回位0,表示計算節點不支持硬件加速,須要配置libvirt使用QEMU方式管理虛擬機,使用如下命令:

openstack-config --set  /etc/nova/nova.conf libvirt virt_type  qemu
egrep -v "^#|^$" /etc/nova/nova.conf|grep 'virt_type'

#若是返回爲其餘值,表示計算節點支持硬件加速且不須要額外的配置,使用如下命令:

openstack-config --set  /etc/nova/nova.conf libvirt virt_type  kvm

若後續在計算節點支持硬件加速的狀況下依然出現建立實例報錯的狀況下,則須要進一步確認硬件加速是否被打開:

dmesg | grep kvm
若是有顯示[    3.692481] kvm: disabled by bios
則須要在bios中打開虛擬化選項

啓動nova相關服務,並配置爲開機自啓動
#須要啓動2個服務

systemctl start libvirtd.service openstack-nova-compute.service 
systemctl status libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl list-unit-files |grep libvirtd.service
systemctl list-unit-files |grep openstack-nova-compute.service

將計算節點增長到cell數據庫
#如下命令在控制節點操做:

. admin-openrc

#檢查確認數據庫有新的計算節點

openstack compute service list --service nova-compute

#若是沒有,則須要手動增長 ---手動將新的計算節點添加到openstack集羣 

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

若是數據庫鏈接數一直都出現超出都狀態多是因爲網絡服務由於主機性能緣由啓動的線程數過多(默認線程數根據cpu核數決定),須要手動設置工做線程數(這裏手動修改成4):

openstack-config --set  /etc/nova/nova.conf scheduler workers  4

#設置新建立節點自動註冊的任務(已經添加到配置文件中)

[scheduler]
discover_hosts_in_cells_interval = 300

驗證控制節點nova服務正常
應用管理員環境變量腳本

. admin-openrc

列表查看安裝的nova服務組件
#驗證是否成功註冊並啓動了每一個進程

openstack compute service list

在身份認證服務中列出API端點以驗證其鏈接性

openstack catalog list

在鏡像服務中列出已有鏡像已檢查鏡像服務的鏈接性

openstack image list

檢查nova各組件的狀態
#檢查placement API和cell服務是否正常工做

nova-status upgrade check

#至此,nova計算節點,安裝完畢並添加到openstack集羣中

2.6安裝neutron網絡服務

  建立neutron數據庫,授予合適的訪問權限

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'wtoe@123456';
Exit

Keystone neutron相關配置

openstack user create --domain default --password=wtoe@123456 neutron
openstack user list

將neutron添加到service項目並授予admin角色
#如下命令無輸出

openstack role add --project service --user neutron admin
建立neutron服務實體
openstack service create --name neutron --description "OpenStack Networking" network
openstack service list

建立neutron網絡服務的API端點(endpoint)

openstack endpoint create --region RegionOne network public http://wtcontroller:9696
openstack endpoint create --region RegionOne network internal http://wtcontroller:9696
openstack endpoint create --region RegionOne network admin http://wtcontroller:9696
openstack endpoint list

在控制節點安裝neutron網絡組件
安裝neutron軟件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

快速配置/etc/neutron/neutron.conf

openstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:wtoe@123456@wtcontroller/neutron 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:wtoe@123456@wtcontroller
openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  wtoe@123456  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  
openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password 
openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  
openstack-config --set  /etc/neutron/neutron.conf nova project_name  service  
openstack-config --set  /etc/neutron/neutron.conf nova username  nova  
openstack-config --set  /etc/neutron/neutron.conf nova password  wtoe@123456  
openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

#檢查修訂有效性

egrep -v "^#|^$" /etc/neutron/neutron.conf

快速配置/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  local,flat,vlan,vxlan,gre
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  openvswitch,l2population
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True

#檢查修訂有效性

egrep -v "^#|^$" /etc/neutron/plugins/ml2/ml2_conf.ini

快速配置/etc/neutron/plugins/ml2/openvswitch_agent.ini
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types  vxlan
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip  172.16.20.80
penstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs tunnel_bridge  br-tun
egrep -v "^#|^$" /etc/neutron/plugins/ml2/openvswitch_agent.ini

快速配置/etc/neutron/dhcp_agent.ini

openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True 
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

查看生效的配置

egrep -v '(^$|^#)' /etc/neutron/dhcp_agent.ini
快速配置/etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host wtcontroller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret wtoe@123456
查看生效的配置
egrep -v '(^$|^#)' /etc/neutron/metadata_agent.ini

快速配置/etc/nova/nova.conf,將neutron添加到計算節點中

openstack-config --set  /etc/nova/nova.conf  neutron url http://wtcontroller:9696
openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://wtcontroller:5000
openstack-config --set  /etc/nova/nova.conf  neutron auth_type password
openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOne
openstack-config --set  /etc/nova/nova.conf  neutron project_name service
openstack-config --set  /etc/nova/nova.conf  neutron username neutron
openstack-config --set  /etc/nova/nova.conf  neutron password wtoe@123456
openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy true
openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret wtoe@123456

查看生效的配置

egrep -v '(^$|^#)' /etc/nova/nova.conf

建立網絡插件的連接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步數據庫

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

同步數據庫時若出現數據庫鏈接數超出最大鏈接時(經過status查看),須要進入數據修改最大鏈接數

>show variables like 'max_connections';(查能夠看當前的最大鏈接數)
  >set global max_connections=1000;(設置最大鏈接數爲1000,能夠再次查看是否設置成功)

且若是鏈接數一直都出現超出都狀態多是因爲網絡服務由於主機性能緣由啓動的線程數過多(默認線程數根據cpu核數決定),須要手動設置工做線程數:

openstack-config --set  /etc/neutron/neutron.conf DEFAULT api_workers  4
重啓nova_api服務
systemctl restart openstack-nova-api.service
啓動neutron服務並設置開機啓動
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl list-unit-files |grep neutron* |grep enabled

2.6安裝 horizon服務

安裝dashboard軟件包

yum install openstack-dashboard -y

修改配置文件/etc/openstack-dashboard/local_settings
#檢查確認有如下配置

vim /etc/openstack-dashboard/local_settings

ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_HOST = "wtcontroller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'wtcontroller:11211',
    }
}
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_fip_topology_check': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_***': False,
}
TIME_ZONE = "Asia/Shanghai"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
修改/etc/httpd/conf.d/openstack-dashboard.conf
#增長如下內容
vim /etc/httpd/conf.d/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

重啓web服務器以及會話存儲服務

systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

檢查dashboard是否可用
#在瀏覽器中輸入下面的地址:域名用default

http://wtcontroller:80/dashboard 
用戶1:admin/wtoe@123456
用戶2: myuser/wtoe@123456
相關文章
相關標籤/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公眾號
   歡迎關注本站公眾號,獲取更多信息
聯繫我們 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程