openstack Ocata for centos7
openstack Ocata for centos7
https://releases.openstack.org/index.html
https://docs.openstack.org/install-guide/get-started-conceptual-architecture.html
https://docs.openstack.org/install-guide/get-started-conceptual-architecture.html
環境:
CentOS7.3
openstack ocata
一.基礎環境配置
1.host表
192.168.130.101 controller
192.168.130.111 block1
192.168.130.201 compute1
提示: 生產環境通常都會作bonding,示例
文本界面nmtui
(NetworkManager-tui包和NetworkManager服務)能夠很是方便生成網卡配置模板,可能利用該界面生成標準網絡配置模板,以後添加compute節點可直接修改該模板
2.NTP
controller
yum -y install chrony
sed -i '/server 0.centos.pool.ntp.org iburst/i server time.nist.gov iburst' /etc/chrony.conf
sed -i '/.centos.pool.ntp.org iburst/d' /etc/chrony.conf
sed -i '/#allow 192.168/c allow 192.168.130.0/24' /etc/chrony.conf
systemctl enable chronyd.service
systemctl restart chronyd.service
chronyc sources
components
yum -y install chrony
sed -i '/server 0.centos.pool.ntp.org iburst/i server controller iburst' /etc/chrony.conf
sed -i '/.centos.pool.ntp.org iburst/d' /etc/chrony.conf
systemctl enable chronyd.service
systemctl restart chronyd.service
chronyc sources
3.openstack client包(全部節點)
cat >/etc/yum.repos.d/extras.repo <<'HERE'
[extras]
name=CentOS-$releasever - extras
baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
enabled=1
HERE
yum -y install centos-release-openstack-ocata
yum -y install python-openstackclient openstack-selinux
提示: 能夠作個本地yum源,以ocata版本爲例
mkdir openstack-ocata
yum -y install centos-release-openstack-ocata
yum -y install yum-utils
yumdownloader --destdir chrony python-openstackclient openstack-selinux mariadb mariadb-server python2-PyMySQL rabbitmq-server memcached python-memcached openstack-keystone httpd mod_wsgi openstack-glance openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api openstack-nova-compute openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables openstack-neutron-linuxbridge ebtables ipset openstack-dashboard openstack-cinder lvm2 openstack-cinder targetcli python-keystone
或
yum -y --downloadonly --downloaddir=openstack-ocata install ...
4.SQL database(可單獨指定)
提示: 實驗環境資源有限,直接裝在controller上
yum -y install mariadb mariadb-server
yum -y install python2-PyMySQL
cat >/etc/my.cnf.d/openstack.cnf <<HERE
[mysqld]
bind-address = 192.168.130.101
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
HERE
systemctl enable mariadb.service
systemctl start mariadb.service
mysql_secure_installation
5.MQ(可單獨指定)
提示: 實驗環境資源有限,直接裝在controller上
yum -y install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
添加用戶並受權
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
web界面http://controller:15672, 用戶名/密碼 guest/guest
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
提示:能夠適當修改最大鏈接數增長吞吐量
/etc/security/limits.conf
*
soft
nproc
65536
*
hard
nproc
65536
*
soft
nofile
65536
*
hard
nofile
65536
/usr/lib/systemd/system/rabbitmq-server.service
[Service]
LimitNOFILE=655360
ubuntu修改
/etc/default/rabbitmq-server
ulimit -S -n 655360
ubuntu修改
/etc/default/rabbitmq-server
ulimit -S -n 655360
6.Memcached(可單獨指定)
提示: 實驗環境資源有限,直接裝在controller上
yum -y install memcached python-memcached
sed -i '/OPTIONS=/c OPTIONS="-l 192.168.130.101"' /etc/sysconfig/memcached
systemctl enable memcached.service
systemctl start memcached.service
二.Identity service(controller節點)
1.建庫
mysql -u root -proot
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
FLUSH PRIVILEGES;
2.安裝identity組件
yum -y install openstack-keystone httpd mod_wsgi
3.配置identity
mv /etc/keystone/keystone.conf{,.default}
cat >/etc/keystone/keystone.conf <<HERE
[DEFAULT]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
HERE
4.初始化keystone
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
5.配置apache
sed -i '/^#ServerName/c ServerName controller' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
6.建立domain, projects, users, and roles
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password demo demo
openstack role create user
openstack role add --project demo --user demo user
7.確認Identity server配置正確
測試admin獲取token
openstack --os-auth-url http://controller:35357/v3 \
8.openstack client rc環境變量
cat >admin-openrc <<HERE
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
HERE
cat >demo-openrc <<HERE
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
HERE
三.Glance
1.建庫
mysql -u root -proot
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
FLUSH PRIVILEGES;
2.建立憑據
source admin-openrc
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
3.建立service
openstack service create --name glance --description "OpenStack Image" image
4.建立api入口
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
5.安裝glance
https://docs.openstack.org/ocata/install-guide-rdo/glance-install.html
yum -y install openstack-glance
6.配置glance
mv /etc/glance/glance-api.conf{,.default}
cat >/etc/glance/glance-api.conf <<HERE
[DEFAULT]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
HERE
mv /etc/glance/glance-registry.conf{,.default}
cat >/etc/glance/glance-registry.conf <<HERE
[DEFAULT]
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
HERE
6.同步glance數據庫
su -s /bin/sh -c "glance-manage db_sync" glance
7.啓服務
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
8.確認Glance服務配置正確
curl http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img -o cirros-0.3.5-x86_64-disk.img
source admin-openrc
openstack image create "cirros" \
openstack image list
鏡像修改
鏡像製做
centos7
virt-install --virt-type kvm --name ct7-cloud --ram 1024 \
或直接導入己存在虛擬機鏡像
virt-install --name ct7-cloud --vcpus 2 --memory 2048 --disk ct7-cloud.img--import
virsh console ct7-cloud
yum -y install acpid cloud-init cloud-utils-growpart
systemctl enable acpid
echo "NOZEROCONF=yes" > /etc/sysconfig/network
grubby --update-kernel=ALL --remove-args="rhgb quiet"
grubby --update-kernel=ALL --args="console=tty0 console=ttyS0,115200n8"
grub2-mkconfig -o /boot/grub2/grub.cfg
poweroff
宿主機上執行virt-sysprep去個性化
yum -y install libguestfs-toolshtml
echo root >/tmp/rootpw
virt-sysprep -a
/var/lib/libvirt/images/ct7-cloud.img
--root-password file:/tmp/rootpw
virt-sparsify --compress/var/lib/libvirt/images/ct7-cloud.img ct7-cloud.qcow2
virt-sparsify --compress
root@router:images#virt-sysprep -a /var/lib/libvirt/images/centos.qcow2
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
[
root@router:images#virt-sparsify --compress
[
[
[
[
[
[
[ 243.9] Sparsify operation completed with no errors.
virt-sparsify: Before deleting the old disk, carefully check that the
target disk boots and works correctly.
root@router:images#ls -lh ct7-cloud.*
-rw-r--r-- 1 qemu qemu 1.4G 5月
-rw-r--r-- 1 root root 474M 5月
能夠看到通過壓縮後的centos7鏡像是以前的1/3大小
補充:
https://github.com/rcbops/oz-image-build
yum -y install oz
sed -i '/image_type = raw/s/raw/qcow2/' /etc/oz/oz.cfg
oz-install -p -u -d3 centos7.3.tdl
經過guestfs來修改
guestmount -a
ubuntu16.04
apt-get install cloud-init
dpkg-reconfigure cloud-init
virt-sysprep -d ubuntu16.04
四.Nova
相對於Newton placement是必須組件
http://docs.openstack.org/developer/nova/placement.html
A.準備環境
1.建庫
mysql -u root -proot
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
FLUSH PRIVILEGES;
用admin權限以下操做
source admin-openrc
2.建立nova用戶
openstack user create --domain default --password NOVA_PASS nova
openstack role add --project service --user nova admin
3.建立compute service
openstack service create --name nova --description "OpenStack Compute" compute
4.建立compute api endpoints
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
5.建立placement用戶
openstack user create --domain default --password PLACEMENT_PASS placement
openstack role add --project service --user placement admin
6.建立placement service
openstack service create --name placement --description "Placement API" placement
7.建立placement api endpoints
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
注:按照官方文檔配置80端口下的/placement 會致使placement api啓動失敗,調用時日誌會報/placement 404錯誤,解決方法是指定8778端口
openstack endpoint list
openstack endpoint delete
B.安裝配置nova
controller
1.安裝
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
2.配置
mv /etc/nova/nova.conf{,.default}
cat >/etc/nova/nova.conf <<'HERE'
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.130.101
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
[cloudpipe]
[conductor]
[console]
[consoleauth]
[cors]
[cors.subdomain]
[crypto]
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[image_file_url]
[ironic]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
[placement_database]
[quota]
[rdp]
[remote_debug]
[scheduler]
discover_hosts_in_cells_interval = 300
[serial_console]
[service_user]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vendordata_dynamic_auth]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
HERE
/etc/httpd/conf.d/00-nova-placement-api.conf 在VirtualHost段添加以下段
3.更新數據庫
https://docs.openstack.org/developer/nova/cells.html#step-by-step-for-common-use-cases
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
4.啓nova服務
systemctl enable openstack-nova-api.service \
systemctl start openstack-nova-api.service \
compute
1.安裝nova組件
yum -y install openstack-nova-compute
2.配置nova compute
mv /etc/nova/nova.conf{,.default}
cat >/etc/nova/nova.conf <<'HERE'
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.130.201
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cells]
[cinder]
[cloudpipe]
[conductor]
[console]
[consoleauth]
[cors]
[cors.subdomain]
[crypto]
[database]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[guestfs]
[healthcheck]
[hyperv]
[image_file_url]
[ironic]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
[notifications]
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = PLACEMENT_PASS
[placement_database]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
HERE
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
C.確認nova服務配置正確
source admin-openrc
openstack compute service list
openstack catalog list
D.添加compute節點到cell數據庫
source admin-openrc
openstack hypervisor list
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
hyper-v做爲compute,請參看
https://cloudbase.it/openstack-hyperv-driver/
http://libvirt.org/drvhyperv.html
https://docs.openstack.org/juno/config-reference/content/hyper-v-virtualization-platform.html
https://cloudbase.it/openstack-hyperv-driver/
http://libvirt.org/drvhyperv.html
https://docs.openstack.org/juno/config-reference/content/hyper-v-virtualization-platform.html
五.Neutron
A.準備環境
1.建庫
mysql -u root -proot
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
FLUSH PRIVILEGES;
用admin權限以下操做
source admin-openrc
2.建立用戶
openstack user create --domain default --password NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
3.建立service
openstack service create --name neutron --description "OpenStack Networking" network
4.建立api endpoint
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
B.安裝neutron
controller
1.安裝 neutron controller組件
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
2.網絡選擇(二選一)
Provider networks方案
/etc/neutron/neutron.conf
Modular Layer 2 (ML2) plug-in(/etc/neutron/plugins/ml2/ml2_conf.ini)
Linux bridge agent(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
DHCP agent(/etc/neutron/dhcp_agent.ini)
Self-service networks方案
neutron
cat >/etc/neutron/neutron.conf <<HERE
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS
[matchmaker_redis]
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[qos]
[quotas]
[ssl]
HERE
Layer 2
cat >/etc/neutron/plugins/ml2/ml2_conf.ini <<HERE
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
HERE
Linux bridge agent
cat >/etc/neutron/plugins/ml2/linuxbridge_agent.ini <<HERE
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens3
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.130.101
l2_population = True
HERE
Layer-3
cat >/etc/neutron/l3_agent.ini <<HERE
[DEFAULT]
interface_driver = linuxbridge
[agent]
[ovs]
HERE
DHCP agent
cat >/etc/neutron/dhcp_agent.ini <<HERE
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[agent]
[ovs]
HERE
metadata agent
cat >/etc/neutron/metadata_agent.ini <<HERE
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[agent]
[cache]
HERE
4.配置compute使用網絡
/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
5.更新數據庫
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
6.啓服務
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
systemctl start neutron-server.service \
注: self-service network須要額外啓動layer-3服務
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
compute
1.安裝neutron compute組件
yum -y install openstack-neutron-linuxbridge ebtables ipset
2.common配置
mv /etc/neutron/neutron.conf{,.default}
cat >/etc/neutron/neutron.conf <<HERE
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
[agent]
[cors]
[cors.subdomain]
[database]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[qos]
[quotas]
[ssl]
HERE
2.網絡配置(二選一)
Provider networks方案
Linux bridge agent(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
Self-service networks方案
Linux bridge agent
mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.default}
cat >/etc/neutron/plugins/ml2/linuxbridge_agent.ini <<HERE
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens33
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.130.201
l2_population = True
HERE
3.配置compute使用網絡
/etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
4.啓服務
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl restart neutron-linuxbridge-agent.service
C.確認neutron服務配置正確
source admin-openrc
neutron ext-list
openstack network agent list
六.Dashboard(controller節點)
yum -y install openstack-dashboard
配置請參看官方文檔
systemctl restart httpd.service memcached.service
七.Cinder Block
A.準備環境
1.建庫
mysql -u root -proot
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'CINDER_DBPASS';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
FLUSH PRIVILEGES;
用admin權限以下操做
source admin-openrc
2.建立用戶
openstack user create --domain default --password CINDER_PASS cinder
openstack role add --project service --user cinder admin
3.建立service
openstack service create --name cinder --description "OpenStack Block Storage" volume
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
4.建立api endpoint
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
B.安裝cinder
controller
1.安裝cinder組件
yum -y install openstack-cinder
2.配置cinder
mv /etc/cinder/cinder.conf{,.defalt}
cat >/etc/cinder/cinder.conf <<HERE
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.130.101
[BACKEND]
[BRCD_FABRIC_EXAMPLE]
[CISCO_FABRIC_EXAMPLE]
[COORDINATION]
[FC-ZONE-MANAGER]
[KEY_MANAGER]
[barbican]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = CINDER_PASS
[matchmaker_redis]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[ssl]
HERE
3.配置compute使用cinder
/etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
4.更新數據庫結構
su -s /bin/sh -c "cinder-manage db sync" cinder
5.啓cinder服務
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl restart openstack-cinder-api.service openstack-cinder-scheduler.service
block1
1.建立存儲設備
yum -y install lvm2
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
/etc/lvm/lvm.conf
devices {
filter = [ "a/sdb/", "r/.*/"]
2.安裝cinder
yum -y install openstack-cinder targetcli python-keystone
mv /etc/cinder/cinder.conf{,.default}
cat >/etc/cinder/cinder.conf <<HERE
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 192.168.130.111
enabled_backends = lvm
glance_api_servers = http://controller:9292
[BACKEND]
[BRCD_FABRIC_EXAMPLE]
[CISCO_FABRIC_EXAMPLE]
[COORDINATION]
[FC-ZONE-MANAGER]
[KEY_MANAGER]
[barbican]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = CINDER_PASS
[matchmaker_redis]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[ssl]
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
HERE
systemctl enable openstack-cinder-volume.service target.service
systemctl restart openstack-cinder-volume.service target.service
C.確認cinder服務配置正確
source admin-openrc
openstack volume service list
提示:若是block state爲down,在保證配置文件都正確的狀況,請檢查block節點和controller節點的時間是否同步,不一樣步是也會形成爲down狀態
八.建立實例
1.network
Self-service network
建立公有網絡(浮動ip池),以admin身份
source admin-openrc.sh
openstack network create
public
--external \
openstack subnet create --network public \
一般浮動ip無需啓用dhcp,能夠經過
--no-dhcp
來禁用dhcp,啓用只是爲了方便測試
注:
a.官方文檔默認是flat網絡,故vmware workstation想要直接使用自帶的nat網絡,須要將供應商網絡類型設置爲flat,這樣生成出來的虛擬機直接和其它workstation nat網絡下的虛擬機互通;
若是環境支持vxlan網絡,則可用以下命令建立
openstack network create public
--external
\
b.若是僅建立浮動ip池,則取消共享屬性並禁用dhcp。若是想讓虛擬機更方便地直接使用workstation nat網絡,則可設置爲共享並啓用dhcp;
c.物理網絡名稱與配置文件中的保持一致
--dns-nameserver 192.168.130.2 --gateway 192.168.8.254 \
--subnet-range 192.168.8.0/24 \
--allocation-pool start=192.168.8.31,end=192.168.8.250 sub-private
--nic net-id=
f28fb8ff-9b84-418f-81f4-1e40b6a6ba8e
--security-group default \
--key-name mykey
--max 1 selfservice-instance
grep 'physical_interface_mappings' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
physical_interface_mappings
私網和路由都以demo身份建立
source demo-openrc.sh
建立私有網絡
openstack network create private
--share
openstack subnet create --network private \
建立路由器
openstack router create myrouter
添加內部接口
openstack router add subnet myrouter sub-private
設置外部網關
設置外部網關
openstack router set --external-gateway public myrouter
確認網絡建立正確
ip netns
openstack router list
openstack router show myrouter
2.flavor
openstack flavor create --vcpus 1 --ram 64 --disk 1 m1.tiny
openstack flavor create --vcpus 1 --ram 512 --disk 10 m1.nano
openstack flavor create --vcpus 1 --ram 1024 --disk 10 m1.micro
openstack flavor create --vcpus 2 --ram 2048 --disk 100 m2.micro
openstack flavor create --vcpus 2 --ram 4096 --disk 100 m2.medium
openstack flavor create --vcpus 4 --ram 4096 --disk 100 m2.large
openstack flavor create --vcpus 4 --ram 4096 --disk 100 m2.large
3.keypair
source demo-openrc
ssh-keygen
-t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack keypair list
4.security group
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
5.instance
source demo-openrc
openstack flavor list
openstack image list
openstack network list
openstack security group list
openstack server create --flavor m1.nano --image cirros \
openstack server list
openstack console url show selfservice-instance
6.浮動ip
添加浮動ip
openstack floating ip create public
關聯浮動ip
openstack server add floating ip
selfservice-instance 192.168.130.34
7.block
source admin-openrc
openstack volume create --size 1 volume1
openstack volume list
openstack server add volume selfservice-instance volume1
8.quota
openstack quota show demo
openstack quota set --ports 100 demo
https://ask.openstack.org/en/question/101928/instance-get-stuck-when-booting-grub/?answer=102645
https://ask.openstack.org/en/question/104408/nested-kvm-w-centos-73/
https://bugs.launchpad.net/nova/+bug/1653430
https://ask.openstack.org/en/question/100543/instance-cant-boot-without-throwing-any-errors/
https://ask.openstack.org/en/question/100756/instances-stuck-on-booting-from-hard-drive/
https://bugzilla.redhat.com/show_bug.cgi?id=1404627
https://github.com/AJNOURI/COA/issues/49
https://ask.openstack.org/en/question/104408/nested-kvm-w-centos-73/
https://bugs.launchpad.net/nova/+bug/1653430
https://ask.openstack.org/en/question/100543/instance-cant-boot-without-throwing-any-errors/
https://ask.openstack.org/en/question/100756/instances-stuck-on-booting-from-hard-drive/
https://bugzilla.redhat.com/show_bug.cgi?id=1404627
https://github.com/AJNOURI/COA/issues/49
現象
Newton/Ocata: server instance stuck in BUILD state
libvirt log日誌顯示CPU指令集不支持
char device redirected to /dev/pts/1 (label charserial1)
warning: host doesn't support requested feature: CPUID.01H:EDX.ds [bit 21]
warning: host doesn't support requested feature: CPUID.01H:ECX.osxsave [bit 27]
warning: host doesn't support requested feature: CPUID.07H:EBX.erms [bit 9]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.pdpe1gb [bit 26]
warning: host doesn't support requested feature: CPUID.01H:EDX.ds [bit 21]
warning: host doesn't support requested feature: CPUID.01H:ECX.osxsave [bit 27]
warning: host doesn't support requested feature: CPUID.07H:EBX.erms [bit 9]
warning: host doesn't support requested feature: CPUID.80000001H:EDX.pdpe1gb [bit 26]
緣由
vmware fusion己開啓VT-X嵌套虛擬化 ,直接經過virt-manager,virsh等能正常以kvm硬件加速方式啓動虛擬機。但經過openstack建立的實例則始終沒法啓用kvm加速,只能使用qemu啓動,速度相比kvm就慢了不止半點。也試過當時mac最新版的virtualbox-5.1.22,竟然連Enable VT-x/AMD-v的按鈕都沒有。
臨時解決方案
https://docs.openstack.org/project-deploy-guide/kolla-ansible/pike/quickstart.html#install-kolla-for-development
compute節點/etc/nova/nova.conf指定virt_type
compute節點/etc/nova/nova.conf指定virt_type
[libvirt]
virt_type = qemu
cpu_mode = none
重啓nova-compute服務
注意:cpu_mode這行必定要加,不然仍是沒法啓動。
啓用root密碼登陸
#!/bin/sh
sed -i 's/PermitRootLogin without-password/PermitRootLogin yes/g' /etc/ssh/sshd_config
sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config
sed -i '/^#UseDNS yes/c UseDNS no' /etc/ssh/sshd_config
cp -f /home/centos/.ssh/authorized_keys /root/.ssh/
cp -f /home/ubuntu/.ssh/authorized_keys /root/.ssh/
cp -f /home/cirros/.ssh/authorized_keys /root/.ssh/
service sshd restart
passwd root<<EOF
root
root
EOF
reboot
相關文章
- 1. centos7部署openstack-ocata
- 2. centos7下安裝openstack(ocata版)
- 3. Centos7上部署openstack ocata配置詳解
- 4. kolla-ansible安裝openstack(Ocata)
- 5. centos7部署openstack
- 6. OpenStack手動搭建-ocata版
- 7. ubuntu16.04 用devstack部署OpenStack ocata
- 8. openstack ocata安裝步驟
- 9. 試一試 kolla部署OpenStack Ocata
- 10. Openstack Ocata 多節點分佈式部署
- 更多相關文章...
- • Swift for 循環 - Swift 教程
- • Scala for循環 - Scala教程
- • Docker容器實戰(一) - 封神Server端技術
- • Docker容器實戰(六) - 容器的隔離與限制
相關標籤/搜索
每日一句
-
每一个你不满意的现在,都有一个你没有努力的曾经。
最新文章
歡迎關注本站公眾號,獲取更多信息
相關文章