Openstack控制主机安装配置流程三

时间  2020-04-10
标签 openstack 控制 主机 安装 配置 流程 繁體版
原文   原文链接

Openstack控制主机安装配置流程三

1.环境配置

  Hosts配置
  修改/etc/hosts文件,增长wtcontroller、wtcompute一、wtcompute2:python

127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.10.100 wtcontroller
172.16.10.101 wtcompute1
172.16.10.102 wtcompute2

  修改本机hostnamemysql

echo "wtcontroller"> /etc/hostname

1.1修订yum源

  本示例使用的时163的yum源:linux

CentOS7-Base-163.repo

  将以上文件拷贝至/etc/yum.repos.d目录下
  备份该目录下CentOS-Base.repo文件
  修改CentOS7-Base-163.repo为CentOS-Base.repo
  执行如下命令:ios

yum clean all         #清除缓存
yum makecache       #生成缓存
yum list #显示全部已经安装和能够安装的程序包

  关闭该服务,否者yum clean会卡死,属于系统bugweb

systemctl stop initial-setup-text

1.2防火墙操做

systemctl stop firewalld.service
systemctl disable firewalld.service
systemctl status firewalld.service

1.3关闭selinux安全服务

setenforce 0
getenforce
sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux
grep SELINUX=disabled /etc/sysconfig/selinux

1.4安装时间同步NTP服务

yum install chrony -y
vim /etc/chrony.conf
--参考网络配置,确保如下配置打开:
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
并修改如下配置,打开如下网段节点向控制节点校时:
allow 172.16.10.0/24

  重启服务并设置服务自启动redis

systemctl restart chronyd.service
systemctl status chronyd.service
systemctl enable chronyd.service
systemctl list-unit-files |grep chronyd.service

  修订时区sql

timedatectl set-timezone Asia/Shanghai
chronyc sources

1.5安装openstack-更新yum

yum install centos-release-openstack-rocky -y
yum clean all
yum makecache

1.6安装客户端软件

yum install python-openstackclient openstack-selinux -y

2.安装流程

2.1安装数据库

yum install mariadb mariadb-server python2-PyMySQL -y

  建立并编辑文件数据库

vi /etc/my.cnf.d/openstack.cnf
内容:
[mysqld]
bind-address = 172.16.10.100
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

 绑定地址
 默认存储引擎
 使用独享表空间模式,每个表都会建一个表空间,都会有索引文件, 查索引快,共享表空间,共用一个表空间和索引,若是有损坏很难修复,好比说zabbix用到的数据库若是不使用的独享表空间,很难进行优化django

  增长数据库开机启动项并启动服务bootstrap

systemctl enable mariadb.service
systemctl start mariadb.service
systemctl list-unit-files |grep mariadb.service

  启动数据库服务的初始安全设置(root/wtoe@123456)

mysql_secure_installation

  设置过程以下:

Enter current password for root (enter for none):<–初次运行直接回车 
OK, successfully used password, moving on… Setting the root password ensures that nobody can log into the MySQL root user without the proper authorisation.

Set root password? [Y/n] #是否设置root用户密码,输入y并回车或直接回车
New password: #设置root用户的密码 示例使用wtoe@123456
Re-enter new password: #再输入一次你设置的密码 
Password updated successfully! Reloading privilege tables.. … Success!
Remove anonymous users? [Y/n] #是否删除匿名用户,生产环境建议删除,因此直接回车 … Success!

Disallow root login remotely? [Y/n] #是否禁止root远程登陆,根据本身的需求选择Y/n并回车,建议禁止
Success!

Remove test database and access to it? [Y/n] #是否删除test数据库,直接回车 
- Dropping test database… … 
Success! - Removing privileges on test database… …
 Success!

Reload privilege tables now? [Y/n] #是否从新加载权限表,直接回车 … 
Success! Cleaning up…
All done! If you've completed all of the above steps, your MySQL installation should now be secure. Thanks for using MySQL!

2.2安装RabbitMQ

yum install rabbitmq-server -y

添加开机启动和服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

增长访问rabbitMQ的用户和权限
rabbitmqctl add_user openstack wtoe@123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmqctl set_permissions -p "/" openstack ".*" ".*" ".*"

启动web管理
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
rabbitmq-plugins list
访问地址:http://192.168.1.241 :15672
#默认用户名密码都是guest
须要经过web页面访问确认openstack用户已添加

2.2安装etcd--服务发现系统

  服务安装

yum install etcd -y

  编辑配置文件

vi /etc/etcd/etcd.conf

  修改内容以下:

#注意上面的IP地址不能用controller替代,没法解析
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.3.241 :2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.3.241:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.3.241:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.3.241:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.3.241:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

启  动服务并设置自起:

systemctl enable etcd
systemctl start etcd

2.3keystone认证服务安装

  数据库配置
  进入数据库

mysql -u root -p 
先增长root针对全部数据库的权限
GRANT ALL PRIVILEGES ON *.* TO 'root'@'%' IDENTIFIED BY 'wtoe@123456';
#建立数据库
CREATE DATABASE keystone;
#增长用户配置权限
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
show databases;
select user,host from mysql.user;
exit

  在控制节点安装keystone相关软件包

yum install openstack-keystone httpd mod_wsgi -y
yum install openstack-keystone python-keystoneclient openstack-utils -y

  快速修改keystone配置--非官网,须要openstack-utils支持

openstack-config -set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:wtoe@123456@controller/keystone

openstack-config --set /etc/keystone/keystone.conf token provider fernet

  查看生效的配置

egrep -v "^#|^$" /etc/keystone/keystone.conf

  配置信息应以下:

[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:wtoe@123456@wtcontroller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]
[unified_limit]
[wsgi]

  初始化同步keystone数据库(包含44张表)

su -s /bin/sh -c "keystone-manage db_sync" keystone

注意:若是在同步数据库过程当中python报错,可能须要进行如下操做:
  安装pip对python响应库进行更新:

yum install python-pip
sudo pip uninstall urllib3
sudo pip uninstall chardet
sudo pip install requests

  查看建立的表

mysql -h192.168.3.241 -ukeystone -pwtoe@123456 -e "use keystone;show tables;"

初始化Fernet令牌库

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
配置启动Apache(httpd)
修改httpd主配置文件
vim /etc/httpd/conf/httpd.conf +95
vim /etc/httpd/conf/httpd.conf +95
#修订以下
ServerName controller
#检查
cat /etc/httpd/conf/httpd.conf |grep ServerName
#配置虚拟主机
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

Apache启动服务并增长启动项

systemctl enable httpd.service
systemctl start httpd.service
systemctl list-unit-files |grep httpd.service #查看服务设置

检查Apache服务状态

netstat -anptl|grep httpd

#若是http起不来,须要关闭 selinux 或者安装 yum install openstack-selinux

建立 keystone 用户,初始化的服务实体和API端点

#建立keystone服务实体和身份认证服务,如下三种类型分别为公共的、内部的、管理的。

keystone-manage bootstrap --bootstrap-password wtoe@123456 \
  --bootstrap-admin-url http://wtcontroller:5000/v3/ \
  --bootstrap-internal-url http://wtcontroller:5000/v3/ \
  --bootstrap-public-url http://wtcontroller:5000/v3/ \
  --bootstrap-region-id RegionOne

配置admin的系统环境变量

export OS_USERNAME=admin
export OS_PASSWORD=wtoe@123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://wtcontroller:5000/v3
export OS_IDENTITY_API_VERSION=3
#查看配置
env |grep OS_

建立keystone的通常实例
#如下命令会在project表中建立名为example的项目

openstack domain create --description "An Example Domain" example

#为keystone系统环境建立名为service的项目提供服务
#用于常规(非管理)任务,须要使用无特权用户
#如下命令会在project表中建立名为service的项目

openstack project create --domain default --description "Service Project" service

#建立myproject项目和对应的用户及角色
#做为通常用户(非管理员)的项目,为普通用户提供服务
#如下命令会在project表中建立名为myproject项目

openstack project create --domain default --description "Demo Project" myproject

#在默认域建立myuser用户
#使用--password选项为直接配置明文密码,使用--password-prompt选项为交互式输入密码
#如下命令会在local_user表增长myuser用户

openstack user create --domain default  --password-prompt myuser
#密码 wtoe@123456
##openstack user create --domain default  --password=myuser wtoe@123456

#在role表建立myrole角色
openstack role create myrole
#将myrole角色添加到myproject项目中和myuser用户组中
openstack role add --project myproject --user myuser myrole

验证操做keystone是否安装成功
去除环境变量
#关闭临时认证令牌机制,获取 token,验证keystone配置成功

做为管理员用户去请求一个认证的token
#测试是否可使用admin帐户进行登录认证,请求认证令牌

openstack --os-auth-url http://wtcontroller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

使用普通用户获取认证token
#如下命令使用”myuser“用户的密码和API端口5000,只容许对身份认证服务API的常规(非管理)访问。

建立OpenStack客户端环境脚本

admin的系统环境变量 vi admin-openrc

内容以下:

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=wtoe@123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#myuser的 vi myuser-openrc
内容以下:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=wtoe@123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

#验证
source admin-openrc
openstack token issue

source myuser-openrc
openstack token issue

2.4安装glance镜像服务

建立数据库

mysql -uroot -pwtoe@123456
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
exit

在keystone上面注册glance
在keystone上建立glance用户
#如下命令在local_user表建立glance用户

openstack user create --domain default --password=wtoe@123456 glance
openstack user list

在keystone上将glance用户添加为service项目的admin角色(权限)

openstack role add --project service --user glance admin

如下命令在service表中增长glance项目

openstack service create --name glance --description "OpenStack Image" image
openstack service list

建立镜像服务的 API 端点(endpoint)

openstack endpoint create --region RegionOne image public http://wtcontroller:9292
openstack endpoint create --region RegionOne image internal http://wtcontroller:9292
openstack endpoint create --region RegionOne image admin http://wtcontroller:9292

安装glance软件

yum install openstack-glance python-glance python-glanceclient -y

修改glance相关配置
执行如下命令能够快速配置glance-api.conf

openstack-config --set  /etc/glance/glance-api.conf database connection  mysql+pymysql://glance:wtoe@123456@wtcontroller/glance
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_url http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_name service 
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken password wtoe@123456
openstack-config --set  /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set  /etc/glance/glance-api.conf glance_store stores  file,http
openstack-config --set  /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set  /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

执行如下命令能够快速配置glance-registry.conf
openstack-config --set  /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:wtoe@123456@wtcontroller/glance
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_url http://wtcontroller:5000
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken memcached_servers wtcontroller:11211
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken password wtoe@123456
openstack-config --set  /etc/glance/glance-registry.conf paste_deploy flavor keystone

同步glance数据库
#生成的相关表(15张表)

su -s /bin/sh -c "glance-manage db_sync" glance

若是数据库链接数一直都出现超出都状态多是因为网络服务由于主机性能缘由启动的线程数过多(默认线程数根据cpu核数决定),须要手动设置工做线程数(这里手动修改成4):

openstack-config --set  /etc/nova/nova.conf scheduler workers  4

#保证全部须要的表已经创建,不然后面可能没法进行下去

mysql -h172.16.10.100 -uglance -pwtoe@123456 -e "use glance;show tables;"

启动glance镜像服务
启动glance镜像服务、并配置开机自启动

systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl list-unit-files |grep openstack-glance*

检查确认glance安装正确 

下载镜像
http://download.cirros-cloud.net/  #可手动
cd /home
wget http://download.cirros-cloud.net/0.3.5/cirros-d190515-x86_64-disk.img

获取管理员权限

. admin-openrc

上传镜像到glance

openstack image create "cirros" --file cirros-d190515-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image create "CentOS7" --file CentOS-7-x86_64-GenericCloud-1907.qcow2 --disk-format qcow2 --container-format bare --public

查看镜像是否上传成功
openstack image list

2.5安装nova计算服务

建立数据库

mysql -uroot -pwtoe@123456
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'wtoe@123456';
flush privileges;
show databases;
select user,host from mysql.user;
Exit

在keystone上面注册nova服务
#建立服务证书
在keystone上建立nova用户
. admin-openrc
openstack user create --domain default --password=wtoe@123456 nova

在keystone上将nova用户配置为admin角色并添加进service项目
openstack role add --project service --user nova admin

建立nova计算服务的实体
openstack service create --name nova --description "OpenStack Compute" compute

建立计算服务的API端点(endpoint)

openstack endpoint create --region RegionOne compute public http://wtcontroller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://wtcontroller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://wtcontroller:8774/v2.1
openstack endpoint list

这个版本的nova增长了placement项目
#一样,建立并注册该项目的服务证书

openstack user create --domain default --password=wtoe@123456 placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement

#建立placement项目的endpoint(API端口)

openstack endpoint create --region RegionOne placement public http://wtcontroller:8778
openstack endpoint create --region RegionOne placement internal http://wtcontroller:8778
openstack endpoint create --region RegionOne placement admin http://wtcontroller:8778
openstack endpoint list

#完毕

在控制节点安装nova相关服务
安装nova相关软件包

yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api -y

快速修改nova配置

openstack-config --set  /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set  /etc/nova/nova.conf DEFAULT my_ip 172.16.10.100
openstack-config --set  /etc/nova/nova.conf DEFAULT use_neutron  true 
openstack-config --set  /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
openstack-config --set  /etc/nova/nova.conf DEFAULT transport_url  rabbit://openstack:wtoe@123456@wtcontroller
openstack-config --set  /etc/nova/nova.conf api_database connection  mysql+pymysql://nova:wtoe@123456@wtcontroller/nova_api
openstack-config --set  /etc/nova/nova.conf database connection  mysql+pymysql://nova:wtoe@123456@wtcontroller/nova
openstack-config --set  /etc/nova/nova.conf placement_database connection  mysql+pymysql://placement:wtoe@123456@wtcontroller/placement
openstack-config --set  /etc/nova/nova.conf api auth_strategy  keystone 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_url  http://wtcontroller:5000/v3
openstack-config --set  /etc/nova/nova.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/nova/nova.conf keystone_authtoken auth_type  password
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_domain_name  default 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken user_domain_name  default
openstack-config --set  /etc/nova/nova.conf keystone_authtoken project_name  service 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken username  nova 
openstack-config --set  /etc/nova/nova.conf keystone_authtoken password  wtoe@123456
openstack-config --set  /etc/nova/nova.conf vnc enabled true
openstack-config --set  /etc/nova/nova.conf vnc server_listen '$my_ip'
openstack-config --set  /etc/nova/nova.conf vnc server_proxyclient_address '$my_ip'
openstack-config --set  /etc/nova/nova.conf glance api_servers  http://wtcontroller:9292
openstack-config --set  /etc/nova/nova.conf oslo_concurrency lock_path  /var/lib/nova/tmp 
openstack-config --set  /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set  /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set  /etc/nova/nova.conf placement project_name service
openstack-config --set  /etc/nova/nova.conf placement auth_type password
openstack-config --set  /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set  /etc/nova/nova.conf placement auth_url http://wtcontroller:5000/v3
openstack-config --set  /etc/nova/nova.conf placement username placement
openstack-config --set  /etc/nova/nova.conf placement password wtoe@123456
openstack-config --set  /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300

#服务端的计算节点多久去检查一次新加入的host主机信息,能够自动将安装好的计算节点主机加入集群 300

#查看配置

egrep -v "^#|^$" /etc/nova/nova.conf

配置虚拟机的硬件加速

#首先肯定您的计算节点是否支持虚拟机的硬件加速。

egrep -c '(vmx|svm)' /proc/cpuinfo

#若是返回位0,表示计算节点不支持硬件加速,须要配置libvirt使用QEMU方式管理虚拟机,使用如下命令:

openstack-config --set  /etc/nova/nova.conf libvirt virt_type  qemu
egrep -v "^#|^$" /etc/nova/nova.conf|grep 'virt_type'

#若是返回为其余值,表示计算节点支持硬件加速且不须要额外的配置,使用如下命令:

openstack-config --set  /etc/nova/nova.conf libvirt virt_type  kvm

若后续在计算节点支持硬件加速的状况下依然出现建立实例报错的状况下,则须要进一步确认硬件加速是否被打开:

dmesg | grep kvm
若是有显示[    3.692481] kvm: disabled by bios
则须要在bios中打开虚拟化选项

启动nova相关服务,并配置为开机自启动
#须要启动2个服务

systemctl start libvirtd.service openstack-nova-compute.service 
systemctl status libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl list-unit-files |grep libvirtd.service
systemctl list-unit-files |grep openstack-nova-compute.service

将计算节点增长到cell数据库
#如下命令在控制节点操做:

. admin-openrc

#检查确认数据库有新的计算节点

openstack compute service list --service nova-compute

#若是没有,则须要手动增长 ---手动将新的计算节点添加到openstack集群 

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

若是数据库链接数一直都出现超出都状态多是因为网络服务由于主机性能缘由启动的线程数过多(默认线程数根据cpu核数决定),须要手动设置工做线程数(这里手动修改成4):

openstack-config --set  /etc/nova/nova.conf scheduler workers  4

#设置新建立节点自动注册的任务(已经添加到配置文件中)

[scheduler]
discover_hosts_in_cells_interval = 300

验证控制节点nova服务正常
应用管理员环境变量脚本

. admin-openrc

列表查看安装的nova服务组件
#验证是否成功注册并启动了每一个进程

openstack compute service list

在身份认证服务中列出API端点以验证其链接性

openstack catalog list

在镜像服务中列出已有镜像已检查镜像服务的链接性

openstack image list

检查nova各组件的状态
#检查placement API和cell服务是否正常工做

nova-status upgrade check

#至此,nova计算节点,安装完毕并添加到openstack集群中

2.6安装neutron网络服务

  建立neutron数据库,授予合适的访问权限

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'wtoe@123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'wtoe@123456';
Exit

Keystone neutron相关配置

openstack user create --domain default --password=wtoe@123456 neutron
openstack user list

将neutron添加到service项目并授予admin角色
#如下命令无输出

openstack role add --project service --user neutron admin
建立neutron服务实体
openstack service create --name neutron --description "OpenStack Networking" network
openstack service list

建立neutron网络服务的API端点(endpoint)

openstack endpoint create --region RegionOne network public http://wtcontroller:9696
openstack endpoint create --region RegionOne network internal http://wtcontroller:9696
openstack endpoint create --region RegionOne network admin http://wtcontroller:9696
openstack endpoint list

在控制节点安装neutron网络组件
安装neutron软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

快速配置/etc/neutron/neutron.conf

openstack-config --set  /etc/neutron/neutron.conf database connection  mysql+pymysql://neutron:wtoe@123456@wtcontroller/neutron 
openstack-config --set  /etc/neutron/neutron.conf DEFAULT core_plugin  ml2  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:wtoe@123456@wtcontroller
openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  wtcontroller:11211
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron  
openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  wtoe@123456  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes  True  
openstack-config --set  /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes  True  
openstack-config --set  /etc/neutron/neutron.conf nova auth_url  http://wtcontroller:5000
openstack-config --set  /etc/neutron/neutron.conf nova auth_type  password 
openstack-config --set  /etc/neutron/neutron.conf nova project_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova user_domain_name  default  
openstack-config --set  /etc/neutron/neutron.conf nova region_name  RegionOne  
openstack-config --set  /etc/neutron/neutron.conf nova project_name  service  
openstack-config --set  /etc/neutron/neutron.conf nova username  nova  
openstack-config --set  /etc/neutron/neutron.conf nova password  wtoe@123456  
openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency lock_path  /var/lib/neutron/tmp

#检查修订有效性

egrep -v "^#|^$" /etc/neutron/neutron.conf

快速配置/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers  local,flat,vlan,vxlan,gre
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers  openvswitch,l2population
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers  port_security
openstack-config --set  /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True

#检查修订有效性

egrep -v "^#|^$" /etc/neutron/plugins/ml2/ml2_conf.ini

快速配置/etc/neutron/plugins/ml2/openvswitch_agent.ini
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent tunnel_types  vxlan
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent l2_population  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini agent prevent_arp_spoofing  True
openstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs local_ip  172.16.20.80
penstack-config --set  /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs tunnel_bridge  br-tun
egrep -v "^#|^$" /etc/neutron/plugins/ml2/openvswitch_agent.ini

快速配置/etc/neutron/dhcp_agent.ini

openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  interface_driver  neutron.agent.linux.interface.OVSInterfaceDriver
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  enable_isolated_metadata  True 
openstack-config --set   /etc/neutron/dhcp_agent.ini DEFAULT  dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf

查看生效的配置

egrep -v '(^$|^#)' /etc/neutron/dhcp_agent.ini
快速配置/etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host wtcontroller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret wtoe@123456
查看生效的配置
egrep -v '(^$|^#)' /etc/neutron/metadata_agent.ini

快速配置/etc/nova/nova.conf,将neutron添加到计算节点中

openstack-config --set  /etc/nova/nova.conf  neutron url http://wtcontroller:9696
openstack-config --set  /etc/nova/nova.conf  neutron auth_url http://wtcontroller:5000
openstack-config --set  /etc/nova/nova.conf  neutron auth_type password
openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name default
openstack-config --set  /etc/nova/nova.conf  neutron region_name RegionOne
openstack-config --set  /etc/nova/nova.conf  neutron project_name service
openstack-config --set  /etc/nova/nova.conf  neutron username neutron
openstack-config --set  /etc/nova/nova.conf  neutron password wtoe@123456
openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy true
openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret wtoe@123456

查看生效的配置

egrep -v '(^$|^#)' /etc/nova/nova.conf

建立网络插件的连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

同步数据库时若出现数据库链接数超出最大链接时(经过status查看),须要进入数据修改最大链接数

>show variables like 'max_connections';(查能够看当前的最大链接数)
  >set global max_connections=1000;(设置最大链接数为1000,能够再次查看是否设置成功)

且若是链接数一直都出现超出都状态多是因为网络服务由于主机性能缘由启动的线程数过多(默认线程数根据cpu核数决定),须要手动设置工做线程数:

openstack-config --set  /etc/neutron/neutron.conf DEFAULT api_workers  4
重启nova_api服务
systemctl restart openstack-nova-api.service
启动neutron服务并设置开机启动
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl list-unit-files |grep neutron* |grep enabled

2.6安装 horizon服务

安装dashboard软件包

yum install openstack-dashboard -y

修改配置文件/etc/openstack-dashboard/local_settings
#检查确认有如下配置

vim /etc/openstack-dashboard/local_settings

ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_HOST = "wtcontroller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'wtcontroller:11211',
    }
}
OPENSTACK_NEUTRON_NETWORK = {
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_fip_topology_check': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_***': False,
}
TIME_ZONE = "Asia/Shanghai"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
修改/etc/httpd/conf.d/openstack-dashboard.conf
#增长如下内容
vim /etc/httpd/conf.d/openstack-dashboard.conf

WSGIApplicationGroup %{GLOBAL}

重启web服务器以及会话存储服务

systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

检查dashboard是否可用
#在浏览器中输入下面的地址:域名用default

http://wtcontroller:80/dashboard 
用户1:admin/wtoe@123456
用户2: myuser/wtoe@123456
相关文章
相关标签/搜索
每日一句
    每一个你不满意的现在,都有一个你没有努力的曾经。
本站公众号
   欢迎关注本站公众号,获取更多信息
联系我们 最近搜索 最新文章 沪ICP备13005482号-10 MyBatis教程 SQL 教程 MySQL教程 Java 教程 Thymeleaf 教程 Hibernate教程 Spring教程 Redis教程