Openstack学习笔记(四):其他组件的安装和配置
Nova
Nova,即计算服务,是OpenStack计算的弹性控制器。Nova可以说是整个云平台最重要的组件,OpenStack的其他组件依托Nova,与Nova协同工作,组成了整个OpenStack云平台。Nova服务包含了6个子组件,分别为:Nova API、Nova Cert、Nova Compute、Nova Conductor、Nova Scheduler、Nova Consoleauth以及Nova Vncproxy
控制节点
-
数据库配置
[root@controller images]#mysql -u root -p000000
create database nova;
grant all privileges on nova.* to nova@'localhost' identified by '000000';
grant all privileges on nova.* to nova@'%' identified by '000000';
flush privileges;
exit -
创建服务证书
(openstack) user create --domain default --password 000000 nova
(openstack) role add --project service --user nova admin
(openstack) service create --name nova --description "OpenStack Compute" compute
(openstack) endpoint create --region RegionOne compute public http://controller:8774/v2/%(tenant_id)s
(openstack) endpoint create --region RegionOne compute internal http://controller:8774/v2/%(tenant_id)s
(openstack) endpoint create --region RegionOne compute admin http://controller:8774/v2/%(tenant_id)s
-
安装相关组件
yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient -
修改相关配置文件/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf database connection mysql://nova:000000@controller/nova
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_assword 000000
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.211
openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen $my_ip
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ip
openstack-config --set /etc/nova/nova.conf glance host controller
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT verbose True
- 同步数据库配置,执行命令即可进行相关配置
su -s /bin/sh -c "nova-manage db sync" nova
计算节点
-
下载安装nova计算节点的服务
yum install openstack-nova-compute sysfsutils -
配置nova
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.211
openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.212
openstack-config --set /etc/nova/nova.conf DEFAULT verbose True
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ip
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
openstack-config --set /etc/nova/nova.conf glance host controller
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp -
测试本机是否支持cpu虚拟化,结果>0则支持,如果不支持需要在vmware里面进行设置
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
Paste_Image.png
-
启动compute服务并设置自启动
[root@compute ~]# systemctl restart libvirtd.service openstack-nova-compute.service
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service -
在控制节点上验证
[root@controller ~]# nova service-list
Neutron
控制节点
-
配置数据库
[root@controller ~]#mysql -u root -p000000
create database neutron;
grant all privileges on neutron.* to neutron@'localhost' identified by '000000';
grant all privileges on neutron.* to neutron@'%' identified by '000000';
flush privileges;
exit -
创建Neutron用户、角色、端点等
[root@controller ~]# openstack
user create --domain default --password-prompt neutron
role add --project service --user neutron admin
service create --name neutron --description "OpenStack Networking" network
endpoint create --region RegionOne network public http://controller:9696
endpoint create --region RegionOne network internal http://controller:9696
endpoint create --region RegionOne network admin http://controller:9696
配置网络选项
openstack支持两种选项的网络部署模式,这里选择比较容易的提供者网络:
-
提供者网络
部署部署最简单的架构,只支持绑定实例到公共网络。没有自服务网络,路由器和浮动IP地址。只有admin或者其它特权用户可以管理提供者网络。 -
自服务网络
提供3层服务,支持绑定实例到自服务(私有)网络。demo或非特权用户可以管理自服务网络,包括路由器。路由器提供自服务网络和提供者网络之间的互通。同时,浮动IP地址提供从外部网络访问实例的能力,比如因特网。 -
安装组件
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset -
配置服务组件
openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:000000@controller/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_plugin password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_id default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_id default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp -
配置Modular Layer2(ML2)插件
ML2插件使用Linux桥接机制为实例创建layer-2 (桥接/交换)虚拟网络基础设施。
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True -
配置Linux桥接代理
Linux桥接代理为实例创建包括私有网络的VXLAN隧道和处理安全组的layer-2(桥接/交换)虚拟网络设施。
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ens34
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini ecuritygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver -
配置DHCP代理
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True -
配置元数据代理
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password 000000
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 000000
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True -
配置计算使用网络
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 000000
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000 -
完成安装并同步数据库
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
*重启计算API服务
[root@controller ~]# systemctl restart openstack-nova-api.service
- 启动网络服务并配置开机自启动
[root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
计算节点
-
安装组件
[root@compute ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y -
配置通用组件
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp -
在compute上配置网络组件:配置桥接代理
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ens34
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini ecuritygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver -
配置计算使用网络
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 000000 -
重启计算服务
[root@compute ~]# systemctl restart openstack-nova-compute.service -
启动linux桥接代理并设置自启动
[root@compute ~]# systemctl restart neutron-linuxbridge-agent.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service -
验证
成功
DashBoard
-
安装软件包
[root@controller~]# yum install openstack-dashboard -
编辑文件 /etc/openstack-dashboard/local_settings 并修改如下部分(可直接vi里面用/来搜索修改):
在 controller 节点上配置仪表盘以使用 OpenStack 服务: OPENSTACK_HOST = "controller" 允许所有主机访问仪表板: ALLOWED_HOSTS = ['*', ] 配置 memcached 会话存储服务: CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } 注解 将其他的会话存储服务配置注释。 为通过仪表盘创建的用户配置默认的 user 角色: OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" 启用multi-domain model: OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True 配置服务API版本,这样你就可以通过Keystone V3 API来登录dashboard: OPENSTACK_API_VERSIONS = { "identity": 3, "volume": 2, } 如果您选择网络参数1,禁用支持3层网络服务: OPENSTACK_NEUTRON_NETWORK = { ... 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_vpn': False, 'enable_fip_topology_check': False, } -
验证
至此openstack简单部署成功!
常见问题
-
在下载安装nova的时候,会提示需要python-jinja2包,一般这个包好像都是centos7系统自带的,不知道我的为什么没有,需要到相关的镜像站下载。注意,这里的jinja2包一定不要下载错版本,因为百度上面搜索的出来排前面的都是openSUSE系统的版本,如果下载了openSUSE版本的python-Jinja2包,安装时候会提示缺少python-MarkupSafe,而如果再去找python-MarkupSafe的话,则会提示需要python2.7才能安装。对于centos7来说,python-jinja2和python-markupsafe都是小写的,所以即使系统已经安装了python-markupsafe,如果装错了版本还是会提示重新安装。
-
执行下列命令时候会提示No handlers could be found for logger "oslo_config.cfg",不知什么原因,但是数据库表都已经创建。
su -s /bin/sh -c "nova-manage db sync" nova
-
在计算节点下载openstack-nova-compute的时候提示缺少python-libguestfs包,可以去相关镜像站的os目录下下载
-
在计算节点启动compute服务的时候一直启动不了,查conductor的日志发现是5672端口的问题,5672端口是rabbitmq在使用,查rabbitmq的日志,发现原因是密码错误,查密码相关的配置,发现是controller节点的oslo_messaging_rabbit rabbit_password 000000项中的password写错了,修正后成功启动
-
下载安装的时候缺少dnsmasq-utils和libxslt-python两个包,下载后重新createrepo即可
