网站导航
> 技术文档 > 私有云(一)OpenStack云计算基础架构平台_私有云运维

私有云(一)OpenStack云计算基础架构平台_私有云运维

网友: 技术文档 2025-08-07 23:24:54

私有云基础架构与运维(OpenStack+openEuler版)

项目一.OpenStack 云计算基础架构平台概述

任务1.1 安装部署虚拟化环境

通过安装 openEuler-22.09 操作系统来熟悉虚拟机的安装,在操作过程中熟悉计算机虚

拟化资源的分配管理。

1.1.1 VMware Workstation 17 Pro 的安装\\

在个人计算机上安装 VMware 公司的虚拟机软件 VMware Workstation 17 Pro 版本详细

的安装教程可自行在网上查询。

安装完成后,在桌面上会生成 VMware Workstation Pro 图标,双击打开虚拟机软件工

作界面,如图 1-6 所示。

图 1-6 虚拟机软件工作界面

1.1.2安装虚拟机 

选择 openEuler 系统替换经典的 CentOS 系统作为实验虚拟环境。

启动 VMware Workstation 虚拟机软件,安装一台 openEuler22.09 操作系统的虚拟机,

节点类型为 2CPU2GB内存、40GB系统磁盘,虚拟机的创建结果如图 1-7 所示。

图 1-7 openEuler22.09 操作系统虚拟机创建结果

图 1-8 Linux 系统安装界面

稍等片刻后,系统会自动进入系统语言选择界面,如图 1-9 所示,默认选择 English

言选项,单击“Continue”按钮,进入 Linux 系统安装向导界面,如图 1-10 所示。

图 1-9 系统语言选择界

 1-10 系统安装向导界面

Linux 系统安装向导界面中单击“Installation Destination”,进入磁盘分区界面,如

1-11 所示。进入磁盘分区界面后,有两个选项:自动配置分区(Automatic)以及手动配

置分区(Custom)。分区应该按照实际服务器用途而定,这里选择自动分区方案。单击左

上角 Done 完成设置,分区完成。

1-11 磁盘分区界面

安装向导界面单击“Time & Data”,进入设置时区界面,用户可选择所在时区,如

Asia/Shanghai”上海,并设置“24-hour”小时制,如图 1-12 所示。

1-12 设置时区 

在安装向导界面单击“Root Password”,进入设置 root 密码界面,设置 root 用户密码,

并勾选“Use SM3 to encrypt the password”使用国密算法 SM3(商密 3 密码杂凑算法)加

密用户密码,如图 1-13 所示。如果设置的密码过于简单,则需单击两次“Done”完成确认。

完成上述设置后,在安装向导界面单击“开始安装”,系统开始安装,安装完成后,进入安装完成界面,如图所示,单击“重启系统”即可重启系统。

等待片刻后,进入系统登录成功界面,如图所示。在这里输入root用户名和设置的用户密码,即可以管理员身份成功进入openEuler22.09系统。

 

至此,openEuler22.09系统安装成功。

任务1.2 环境准备

次部署基于三节点环境进行部署,三个节点分别是控制节点(Controller)、计算节点(Compute)、存储节点(Storage)

首先根据上面的步骤,使用VMware Workstation Pro 创建3台基于openEuler22.09的虚拟机。

接下来的安装将按照以下节点环境进行。

如果你的IP环境不同,请按照你的IP环境来修改相应的配置文件

节点

IP

作用

controller

192.168.213.130

控制节点

compute

192.168.213.131

计算节点

storage

192.168.213.132

存储节点

在正式部署之前,需要对每个节点做如下配置和检查

1.2.1 yum源配置

[root@controller ~]# vi /etc/yum.repos.d/openEuler.repo

[OS]

name=OS

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

[everything]

name=everything

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/everything/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/everything/$basearch/RPM-GPG-KEY-openEuler

[EPOL]

name=EPOL

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/EPOL/main/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

[debuginfo]

name=debuginfo

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/debuginfo/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/debuginfo/$basearch/RPM-GPG-KEY-openEuler

[source]

name=source

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/source/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/source/RPM-GPG-KEY-openEuler

[update]

name=update

baseurl=https://archives.openeuler.openatom.cn/openEuler-22.09/update/$basearch/

enabled=1

gpgcheck=1

gpgkey=https://archives.openeuler.openatom.cn/openEuler-22.09/OS/$basearch/RPM-GPG-KEY-openEuler

清理yum缓存,并出现生成即可

[root@controller ~]# yum clean all

[root@controller ~]# yum makecache

[root@controller ~]# yum update

1.2.2 修改主机名及其映射

分别修改3台节点的主机名,以controller为例

[root@controller ~]# hostnamectl set-hostname controller

[root@controller ~]# bash

修改每个节点的/etc/hosts文件,增加如下内容:

[root@controller ~]# cat /etc/hosts

192.168.213.130 controller

192.168.213.131 compute

192.168.213.132 storage

1.2.3 时间同步 

集群要求每个节点的时间一致,一般由时钟同步软件保证,这里使用chcrony软件。

Controller节点

(1)安装服务

[root@controller ~]# dnf install chrony

(2)修改/etc/chrony.conf配置文件,新增加如下内容

# 表示允许哪些IP从本节点同步时钟

pool ntp.aliyun.com iburst

allow 192.168.213.0/24

(3)重启服务

[root@controller ~]# systemctl restart chronyd

 其他节点

(1)安装服务

[root@storage ~]# dnf install chrony

(2)修改/etc/chrony.conf配置文件,增加内容如下:

[root@compute ~]# vi /etc/chrony.conf

server 192.168.213.130 iburst

192.168.213.130是controller IP,表示从这个机器获取时间,这里填自己controller 节点IP

(3)重启服务

[root@compute ~]# systemctl restart chronyd

同时,要把pool pool.ntp.org iburst这一行注释掉,不从公网同步时钟

(4)配置完成后,检查一下结果,在其他非controller节点执行

[root@compute ~]# chronyc sources

返回结果类似如下内容,表示成功从controller同步时间

1.2.4 安装数据库

 数据库安装在Controller节点,这里我们使用MariaDB

(1)安装软件包

[root@controller ~]# dnf install mysql-config mariadb mariadb-server python3-PyMySQL

(2)新增配置文件/etc/my.cnf.d/openstacdk.cnf,内容如下

root@controller ~]# cat /etc/my.cnf.d/openstack.cnf

[mysqld]

bind-address = 192.168.213.130

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

(3)启动服务器

[root@controller ~]# systemctl start mariadb

(4)初始化数据库

[root@controller ~]# mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we\'ll need the current

password for the root user. If you\'ve just installed MariaDB, and

haven\'t set the root password yet, you should just press enter here.

Enter current password for root (enter for none):

#这里输入密码,由于我们时初始化Mariadb,直接回车就行

OK, successfully used password, moving on...

Setting the root password or using the unix_socket ensures that nobody

can log into the MariaDB root user without the proper authorisation.

You already have your root account protected, so you can safely answer \'n\'.

#这里根据提示输入N

Switch to unix_socket authentication [Y/n] n

 ... skipping.

You already have your root account protected, so you can safely answer \'n\'.

#输入Y,修改密码

Change the root password? [Y/n] y

New password: 000000   #这里设置密码为6个零,可根据自己的喜好设置

Re-enter new password: 000000

Password updated successfully!

Reloading privilege tables..

 ... Success!

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

#输入Y,删除匿名用户

Remove anonymous users? [Y/n] y

 ... Success!

Normally, root should only be allowed to connect from \'localhost\'.  This

ensures that someone cannot guess at the root password from the network.

#输入Y,关闭root远程登录权限

Disallow root login remotely? [Y/n] y

 ... Success!

By default, MariaDB comes with a database named \'test\' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

#输入Y,删除test数据库

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

#输入Y,重载配置

Reload privilege tables now? [Y/n] y

 ... Success!

Cleaning up...

All done!  If you\'ve completed all of the above steps, your MariaDB

installation should now be secure.

Thanks for using MariaDB!

验证,根据设置的密码,检查是否能登录mariadb

[root@controller ~]# mysql -uroot -p

1.2.5 安装消息队列

息队列安装在controller节点,这里使用rabbitmq

(1)安装软件包

[root@controller ~]# dnf install rabbitmq-server

(2)启动服务

[root@controller ~]# systemctl start rabbitmq-server

(3)配置openstack用户,RABBIT_PASS是openstack服务登录消息队里的密码,需要和后面各个服务的配置保持一致。

[root@controller ~]# rabbitmqctl add_user openstack 000000

[root@controller ~]# rabbitmqctl set_permissions openstack \".*\" \".*\" \".*\"

1.2.6 安装缓存服务

消息队列安装在controller节点,这里使用Memcached。

(1)安装软件包

[root@controller ~]# dnf install memcached python3-memcached

(2)修改配置文件/etc/sysconfig/memcached

OPTIONS=\"-l 127.0.0.1,::1,controller\"

(3)启动服务

[root@controller ~]# systemctl start memcached

任务1.3 部署服务

1.3.1 Keystone

Keystone 是 OpenStack 的身份服务(Identity Service),它负责管理用户、角色、项目(租户)和域的认证和授权。Keystone 是 OpenStack 的核心组件之一,所有其他 OpenStack 服务都依赖于 Keystone 来进行用户身份验证和授权,必须安装。

Controller节点

(1)创建Keystone数据库并授权

[root@controller ~]# mysql -uroot -p

MariaDB [(none)]> CREATE DATABASE keystone;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO \'keystone\'@\'localhost\' \\

    IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO \'keystone\'@\'%\' \\

    IDENTIFIED BY \'000000\';

(2)安装软件包

[root@controller ~]# dnf install openstack-keystone httpd mod_wsgi

(3)配置Keystone

[root@controller ~]# vi /etc/keystone/keystone.conf

[database]  # 配置数据库入口

connection = mysql+pymysql://keystone:000000@controller/keystone

[token]     # 配置token provider

provider = fernet

(4)同步数据库

[root@controller ~]# su -s /bin/sh -c \"keystone-manage db_sync\" keystone

(5)初始化Fernet密钥仓库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

(6)启动服务

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 \\

--bootstrap-admin-url http://controller:5000/v3/ \\

--bootstrap-internal-url http://controller:5000/v3/ \\

--bootstrap-public-url http://controller:5000/v3/ \\

--bootstrap-region-id RegionOne

(7)配置Apache HTTP  server

打开httpd.conf文件并配置

[root@controller ~]# vi /etc/httpd/conf/httpd.conf

#修改以下项,如果没有则新添加

ServerName controller

创建软链接

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

(8)启动Apache HTTP服务

[root@controller ~]# systemctl enable httpd.service

[root@controller ~]# systemctl start httpd.service

[root@controller ~]# systemctl status httpd.service

(9)创建环境变量配置

[root@controller ~]# cat <> ~/.admin-openrc

> export OS_PROJECT_DOMAIN_NAME=Default

> export OS_USER_DOMAIN_NAME=Default

> export OS_PROJECT_NAME=admin

> export OS_USERNAME=admin

> export OS_PASSWORD=000000

> export OS_AUTH_URL=http://controller:5000/v

> export OS_IDENTITY_API_VERSION=3

> export OS_IMAGE_API_VERSION=2

> EOF

(10)依次创建domain, projects, users, roles

需要先安装python3-openstackclient

[root@controller ~]# dnf install python3-openstackclient

导入环境变量并验证

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

(11)创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建

[root@controller ~]# openstack domain create --description \"An Example Domain\" example

 

[root@controller ~]# openstack project create --domain default --description \"Service Project\" service

(12)创建(non-admin)project myproject,user myuser和role myrole,为myproject 和 myuser 添加角色myrole

[root@controller ~]# openstack project create --domain default --description \"Demo Project\" myproject

[root@controller ~]# openstack user create --domain default --password-prompt myuser

User Password:

Repeat User Password:

[root@controller ~]# openstack role create myrole

(13)将角色 myrole 分配给用户 myuser,并关联到项目 myproject,并验证角色是否已成功分配

[root@controller ~]# openstack role add --project myproject --user myuser myrole

[root@controller ~]# openstack role assignment list --project myproject --user myuser

(14)验证

取消临时环境变量OS_AUTH_URL和OS_PASSWORD:

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD

为admin用户请求token

[root@controller ~]# openstack --os-auth-urlhttp://controller:5000/v3 \\

> --os-project-domain-name Default --os-user-domain-name Default \\

> --os-project-name admin --os-username admin token issue

Password: 000000

为myuser用户请求token

[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \\

> --os-project-domain-name Default --os-user-domain-name Default \\

> --os-project-name myproject --os-username myuser token issue

Password: 000000

1.3.2 Glance

Glance 是 OpenStack 中的镜像服务(Image Service),负责管理和存储虚拟机镜像。它允许用户上传、下载、删除和查询虚拟机镜像,并支持多种镜像格式(如 QCOW2、RAW、VMDK 等)。Glance 是 OpenStack 计算服务(Nova)的核心组件之一,为虚拟机提供启动镜像,必须安装

Controller节点

(1)创建glance数据库并授权

[root@controller ~]# mysql -u root -p

MariaDB [(none)]> CREATE DATABASE glance;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO \'glance\'@\'localhost\' \\ IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO \'glance\'@\'%\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> exit

(2)初始化 glance 资源对象

导入环境变量并验证

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

创建用户时,命令行会提示输入密码,请输入自定义的密码。

[root@controller ~]# openstack user create --domain default --password-prompt glance

User Password:000000

Repeat User Password:000000

添加glance用户到service project并指定admin角色

[root@controller ~]# openstack role add --project service --user glance admin

(3)创建glance服务实体

[root@controller ~]# openstack service create --name glance --description \"OpenStack Image\" image

(4)创建glance API服务

[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292

[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292

[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292

(5)安装软件包

root@controller ~]# dnf install openstack-glance

(6)修改glance配置文件

[root@controller ~]# vi /etc/glance/glance-api.conf

[database]

connection = mysql+pymysql://glance:000000@controller/glance

[keystone_authtoken]

www_authenticate_uri  = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = 000000

[paste_deploy]

flavor = keystone

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

(7)同步数据库

[root@controller ~]# su -s /bin/sh -c \"glance-manage db_sync\" glance

(8)启动服务

[root@controller ~]# systemctl enable openstack-glance-api.service

[root@controller ~]# systemctl start openstack-glance-api.service

(9)验证

导入环境变量并验证

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

下载镜像

x86镜像下载

[root@controller~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

或者换个镜像

[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-aarch64-disk.img

向Image服务上传镜像

[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare                     --file cirros-0.4.0-aarch64-disk.img  --public cirros

确认镜像上传并验证属性

[root@controller ~]# openstack image list

1.3.3 Placement

Placement 是 OpenStack 中的一个核心服务,主要负责资源调度和分配。它是 OpenStack 计算服务(Nova)的重要组成部分,用于管理计算节点的资源(如 CPU、内存、存储等),并确保资源的有效利用和负载均衡

controller节点

安装、配置Placement服务前,需要先创建相应的数据库、服务凭证和API endpoints。

(1)创建数据库

使用root用户访问数据库服务:

[root@controller ~]# mysql -u root -p

(2)创建placement数据库,授权数据库访问

MariaDB [(none)]> CREATE DATABASE placement;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO \'placement\'@\'localhost\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO \'placement\'@\'%\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> exit

(3)配置用户和Endpoints

source admin凭证,以获取admin命令行权限

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

创建placement用户并设置用户密码

[root@controller ~]# openstack user create --domain default --password-prompt placement

User Password:000000

Repeat User Password:000000

添加placement用户到service project并指定admin角色

[root@controller ~]# openstack role add --project service --user placement admin

创建placement服务实体:

[root@controller ~]# openstack service create --name placement \\

--description \"Placement API\" placement

创建Placement API服务endpoints

[root@controller ~]# openstack endpoint create --region RegionOne \\

placement public http://controller:8778

[root@controller ~]# openstack endpoint create --region RegionOne \\

placement internal http://controller:8778

 

[root@controller ~]# openstack endpoint create --region RegionOne \\

placement admin http://controller:8778

(4)安装及配置组件

安装软件包

[root@controller ~]# dnf install openstack-placement-api

编辑/etc/placement/placement.conf配置文件,完成如下操作:

[root@controller ~]# vi /etc/placement/placement.conf

在[placement_database]部分,配置数据库入口:

[placement_database]

connection = mysql+pymysql://placement:000000@controller/placement

在[api]和[keystone_authtoken]部分,配置身份认证服务入口

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = placement

password = 000000

数据库同步,填充placement数据库

[root@controller ~]# su -s /bin/sh -c \"placement-manage db sync\" placement

(4)启动服务

重启httpd服务

[root@controller ~]# systemctl restart httpd

(5)验证

source admin凭证,以获取admin命令行权限

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

执行状态检查

[root@controller ~]# placement-status upgrade check

这里可以看到Policy File JSON to YAML Migration的结果为Failure。这是因为在Placement中,JSON格式的policy文件从Wallaby版本开始已处于deprecated状态。可以参考提示,使用oslopolicy-convert-json-to-yaml工具 将现有的JSON格式policy文件转化为YAML格式。

[root@controller ~]# oslopolicy-convert-json-to-yaml  --namespace placement \\

--policy-file /etc/placement/policy.json \\

--output-file /etc/placement/policy.yaml

[root@controller ~]# mv /etc/placement/policy.json{,.bak}

注:当前环境中此问题可忽略,不影响运行。

(6)针对placement API 运行命令

安装osc-placement插件

[root@controller ~]# dnf install python3-osc-placement

列出可用的资源类别及特性:

[root@controller ~]# openstack --os-placement-api-version 1.2 resource class list --sort-column name

[root@controller ~]# openstack --os-placement-api-version 1.6 trait list --sort-column name

1.3.4 Nova

Nova 是 OpenStack 中的核心组件之一,负责管理虚拟机实例(VM)的生命周期。它提供了虚拟机的创建、调度、启动、停止、重启、删除等功能。Nova 依赖于其他 OpenStack 组件(如 Keystone 用于身份认证,Glance 用于镜像管理,Neutron 用于网络管理等)来完成其工作。

在controller节点执行以下操作:

(1)创建数据库

使用root用户访问数据库服务:

[root@controller ~]# mysql -u root -p

创建nova_api、nova和nova_cell0数据库:

MariaDB [(none)]> CREATE DATABASE nova_api;

MariaDB [(none)]> CREATE DATABASE nova;

MariaDB [(none)]> CREATE DATABASE nova_cell0;

授权数据库访问

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO \'nova\'@\'localhost\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO \'nova\'@\'%\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO \'nova\'@\'localhost\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO \'nova\'@\'%\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO \'nova\'@\'localhost\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO \'nova\'@\'%\' \\

IDENTIFIED BY \'000000\';

MariaDB [(none)]> exit

(2)配置用户和Endpoints

source admin凭证,以获取admin命令行权限:

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

创建nova用户并设置用户密码:

[root@controller ~]# openstack user create --domain default --password-prompt nova

User Password:000000

Repeat User Password:000000

添加nova用户到service project 并指定admin角色

[root@controller ~]# openstack role add --project service --user nova admin

创建nova服务实体

[root@controller ~]# openstack service create --name nova \\

 --description \"OpenStack Compute\" compute

创建Nova API服务endpoints

[root@controller ~]# openstack endpoint create --region RegionOne \\

 compute public http://controller:8774/v2.1

[root@controller ~]# openstack endpoint create --region RegionOne \\

 compute internal http://controller:8774/v2.1

[root@controller ~]#  openstack endpoint create --region RegionOne \\

> compute admin http://controller:8774/v2.1

(3)安装及配置组件

安装软件包

[root@controller ~]# dnf install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler

编辑/etc/nova/nova.conf配置文件,完成如下操作

[root@controller ~]# vi /etc/nova/nova.conf

在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用controller节点管理IP配置my_ip,显式定义log_dir

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

my_ip = 192.168.213.130

log_dir = /var/log/nova

在[api_database]和[database]部分,配置数据库入口:

[api_database]

connection = mysql+pymysql://nova:000000@controller/nova_api

[database]

connection = mysql+pymysql://nova:000000@controller/nova

在[api]和[keystone_authtoken]部分,配置身份认证服务入口:

[api_database]

connection = mysql+pymysql://nova:000000@controller/nova_api

[database]

connection = mysql+pymysql://nova:000000@controller/nova

在[vnc]部分,启用并配置远程控制台入口

[vnc]

enabled = true

server_listen = $my_ip

server_proxyclient_address = $my_ip

在[glance]部分,配置镜像服务API的地址

[glance]

api_servers = http://controller:9292

在[oslo_concurrency]部分,配置lock path

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[placement]部分,配置placement服务的入口

[placement]

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = passworduser_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = 000000

(4)数据库同步

同步nova-api数据库:

[root@controller ~]# su -s /bin/sh -c \"nova-manage api_db sync\" nova

注册cell0数据库

[root@controller ~]# su -s /bin/sh -c \"nova-manage cell_v2 map_cell0\" nova

创建cell1 cell:

[root@controller ~]# su -s /bin/sh -c \"nova-manage cell_v2 create_cell --name=cell1 --verbose\" nova

同步nova数据库:

[root@controller ~]# su -s /bin/sh -c \"nova-manage db sync\" nova

验证cell0和cell1注册正确:

[root@controller ~]# su -s /bin/sh -c \"nova-manage cell_v2 list_cells\" nova

(5)启动服务

[root@controller ~]# systemctl enable \\

  openstack-nova-api.service \\

  openstack-nova-scheduler.service \\

  openstack-nova-conductor.service \\

  openstack-nova-novncproxy.service

[root@controller ~]# systemctl start \\

  openstack-nova-api.service \\

  openstack-nova-scheduler.service \\

  openstack-nova-conductor.service \\

  openstack-nova-novncproxy.service

Compute节点

(1)安装软件包

[root@compute ~]# dnf install openstack-nova-compute

(2)编辑/etc/nova/nova.conf配置文件

[root@compute ~]# vi /etc/nova/nova.conf

在[default]部分,启用计算和元数据的API,配置RabbitMQ消息队列入口,使用Compute节点管理IP配置my_ip,显式定义compute_driver、instances_path、log_dir

[DEFAULT]

enabled_apis = osapi_compute,metadata

transport_url = rabbit://openstack:RABBIT_PASS@controller:5672

/my_ip = 192.168.100.20

compute_driver = libvirt.LibvirtDriver

instances_path = /var/lib/nova/instances

log_dir = /var/log/nova

在[api]和[keystone_authtoken]部分,配置身份认证服务入口

[api]

auth_strategy = keystone

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = nova

password = 000000

在[vnc]部分,启用并配置远程控制台入口

[vnc]

enabled = true

server_listen = $my_ip

server_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

在[glance]部分,配置镜像服务API的地址

[glance]

api_servers = http://controller:9292

在[oslo_concurrency]部分,配置lock path

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

[placement]部分,配置placement服务的入口:

[placement]

region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = 000000

(3)确认计算节点是否支持虚拟机硬件加速(x86_64-intel

处理器为x86_64架构时,可通过运行如下命令确认是否支持硬件加速:

[root@compute ~]# egrep -c \'(vmx|svm)\' /proc/cpuinfo

如果返回值为0则不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。编辑/etc/nova/nova.conf的[libvirt]部分:

[root@compute ~]# vi /etc/nova/nova.conf

[libvirt]

virt_type = qemu

如果返回值为1或更大的值,则支持硬件加速,不需要进行额外的配置。

确认计算节点是否支持虚拟机硬件加速(arm64-AMD

处理器为arm64架构时,可通过运行如下命令确认是否支持硬件加速

[root@compute ~]# virt-host-validate

该命令由libvirt提供,此时libvirt应已作为openstack-nova-compute依赖被安装,环境中已有此命令

显示FAIL时,表示不支持硬件加速,需要配置libvirt使用QEMU而不是默认的KVM。

QEMU: Checking if device /dev/kvm exists: FAIL (Check that CPU and firmware supports virtualization and kvm module is loaded)

编辑/etc/nova/nova.conf的[libvirt]部分

[root@compute ~]# /etc/nova/nova.conf

[libvirt]

virt_type = qemu

显示PASS时,表示支持硬件加速,不需要进行额外的配置。

QEMU: Checking if device /dev/kvm exists: PASS

配置qemu(仅arm64)

仅当处理器为arm64架构时需要执行此操作。 

编辑/etc/libvirt/qemu.conf

[root@compute ~]# vi /etc/libvirt/qemu.conf

nvram = [\"/usr/share/AAVMF/AAVMF_CODE.fd: \\

         /usr/share/AAVMF/AAVMF_VARS.fd\", \\

         \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw: \\

         /usr/share/edk2/aarch64/vars-template-pflash.raw\"]

编辑/etc/qemu/firmware/edk2-aarch64.json

[root@compute ~]# vi /etc/qemu/firmware/edk2-aarch64.json

{

    \"description\": \"UEFI firmware for ARM64 virtual machines\",

    \"interface-types\": [

        \"uefi\"

    ],

    \"mapping\": {

        \"device\": \"flash\",

        \"executable\": {

            \"filename\": \"/usr/share/edk2/aarch64/QEMU_EFI-pflash.raw\",

            \"format\": \"raw\"

        },

        \"nvram-template\": {

            \"filename\": \"/usr/share/edk2/aarch64/vars-template-pflash.raw\",

            \"format\": \"raw\"

        }

    },

    \"targets\": [

        {

            \"architecture\": \"aarch64\",

            \"machines\": [

                \"virt-*\"

            ]

        }

    ],

    \"features\": [

    ],

    \"tags\": [

    ]}

(4)启动服务并查看状态

[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service

[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service

[root@compute ~]#  systemctl status openstack-nova-compute libvirtd

Controller节点

(1)添加计算节点到openstack集群

source admin凭证,以获取admin命令行权限:

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

确认nova-compute服务已识别到数据库中:

[root@controller ~]# openstack compute service list --service nova-compute

发现计算节点,将计算节点添加到cell数据库:

[root@controller ~]# su -s /bin/sh -c \"nova-manage cell_v2 discover_hosts --verbose\" nova

(2)验证

列出服务组件,验证每个流程都成功启动和注册:

[root@controller ~]# openstack compute service list

列出身份服务中的API端点,验证与身份服务的连接:

[root@controller ~]# openstack catalog list

列出镜像服务中的镜像,验证与镜像服务的连接:

[root@controller ~]# openstack image list

检查cells是否运作成功,以及其他必要条件是否已具备。

[root@controller ~]# nova-status upgrade check

1.3.5 Neutron

Controller节点

Neutron 是 OpenStack 中的网络服务组件,负责为 OpenStack 环境提供网络连接和 IP 地址管理。它允许用户创建和管理虚拟网络、子网、路由器、安全组等网络资源,从而为虚拟机(VM)提供网络功能

(1)创建 keystone 数据库并授权

[root@controller ~]# mysql -u root -p

MariaDB [(none)]> CREATE DATABASE neutron;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO \'neutron\'@\'localhost\' IDENTIFIED BY \'000000\';

Query OK, 0 rows affected (0.011 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO \'neutron\'@\'%\' IDENTIFIED BY \'000000\';

Query OK, 0 rows affected (0.002 sec)

MariaDB [(none)]> exit;

设置环境变量

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# env | grep OS_

(2)创建用户和服务

[root@controller ~]# openstack user create --domain default --password-prompt neutron

User Password:000000

Repeat User Password:000000

[root@controller ~]# openstack role add --project service --user neutron admin

[root@controller ~]# openstack service create --name neutron --description \"OpenStack Networking\" network

部署 Neutron API 服务

[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696

[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696

[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696

(3)安装软件包

[root@controller ~]# dnf install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2

(4)配置Neutron

修改/etc/neutron/neutron.conf

[root@controller ~]# vi /etc/neutron/neutron.conf

[database]

connection = mysql+pymysql://neutron:000000@controller/neutron

[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

transport_url = rabbit://openstack:RABBIT_PASS@controller

auth_strategy = keystone

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = 000000

[nova]

auth_url = http://controller:5000

auth_type = password

project_domain_name = Default

user_domain_name = Default

region_name = RegionOne

project_name = service

username = nova

password = 000000

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

配置ML2,ML2,具体配置可以根据需求自行修改,这里使用的是provider network + linuxbridge**

修改/etc/neutron/plugins/ml2/ml2_conf.ini

[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]

type_drivers = flat,vlan,vxlan

tenant_network_types = vxlan

mechanism_drivers = linuxbridge,l2population

extension_drivers = port_security

[ml2_type_flat]

flat_networks = provider

[ml2_type_vxlan]

vni_ranges = 1:1000

[securitygroup]

enable_ipset = true

修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[root@controller ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:ens33

[vxlan]

enable_vxlan = true

local_ip = 192.168.213.130

l2_population = true

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置Layer-3代理

修改/etc/neutron/l3_agent.ini

[root@controller ~]# vi /etc/neutron/l3_agent.ini

[DEFAULT]

interface_driver = linuxbridge

配置DHCP代理 修改/etc/neutron/dhcp_agent.ini

[root@controller ~]# vi /etc/neutron/dhcp_agent.ini

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

配置metadata代理

修改/etc/neutron/metadata_agent.ini

[root@controller ~]# vi /etc/neutron/metadata_agent.ini

[DEFAULT]

nova_metadata_host = controller 

metadata_proxy_shared_secret = METADATA_SECRET

配置nova服务使用neutron,修改/etc/nova/nova.conf

[root@controller ~]# vi /etc/nova/nova.conf

[neutron]

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 000000

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

创建/etc/neutron/plugin.ini的符号链接

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

(5)同步数据库

[root@controller ~]# su -s /bin/sh -c \"neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head\" neutron

(6)重启nova api服务

[root@controller ~]# systemctl restart openstack-nova-api

(7)启动网络服务

[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service \\

neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service \\

neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

Compute节点

(1)安装软件包

[root@compute ~]# dnf install openstack-neutron-linuxbridge ebtables ipset -y

(2)配置Neutron

修改/etc/neutron/neutron.conf

[root@compute ~]# vi /etc/neutron/neutron.conf

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@controller

auth_strategy = keystone

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = neutron

password = 000000

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini

[root@compute ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]

physical_interface_mappings = provider:ens33

[vxlan]

enable_vxlan = true

local_ip = 192.168.100.20

l2_population = true

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置nova compute服务使用neutron,修改/etc/nova/nova.conf

root@compute ~]# vi /etc/nova/nova.conf

[neutron]

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 000000

重启nova-compute服务

[root@compute ~]# systemctl restart openstack-nova-compute.service

启动Neutron linuxbridge agent服务

[root@compute ~]# systemctl enable neutron-linuxbridge-agent

[root@compute ~]# systemctl start neutron-linuxbridge-agent

[root@compute ~]# systemctl status neutron-linuxbridge-agent

 

1.3.6 Cinder

\"Cinder\" 是 OpenStack 项目中的一个核心组件,负责块存储(Block Storage)服务。它是 OpenStack 的存储服务模块,允许用户创建和管理持久化的块存储卷(volumes),这些卷可以附加到虚拟机(VMs)上,作为虚拟机的存储设备

Controller节点

(1)创建cinder数据库

[root@controller ~]# mysql -u root -p

MariaDB [(none)]> CREATE DATABASE cinder;

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO \'cinder\'@\'localhost\' IDENTIFIED BY \'000000\';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO \'cinder\'@\'%\' IDENTIFIED BY \'000000\';

MariaDB [(none)]> exit

(2)初始化Keystone资源对象

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# openstack user create --domain default --password-prompt cinder

[root@controller ~]# openstack role add --project service --user cinder admin

[root@controller ~]# openstack service create --name cinderv3 --description \"OpenStack Block Storage\" volumev3

[root@controller ~]# openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\\(project_id\\)s

[root@controller ~]# openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\\(project_id\\)s

[root@controller ~]# openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\\(project_id\\)s

(3)安装软件包

[root@controller ~]# dnf install openstack-cinder-api openstack-cinder-scheduler

(4)修改cinder配置文件/etc/cinder/cinder.conf

[root@controller ~]# vi /etc/cinder/cinder.conf

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@controller

auth_strategy = keystone

my_ip = 192.168.100.10

[database]

connection = mysql+pymysql://cinder:000000@controller/cinder

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = cinder

password = 000000

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

(5)数据库同步

[root@controller ~]# su -s /bin/sh -c \"cinder-manage db sync\" cinder

(6)修改nova配置/etc/nova/nova.conf

[root@controller ~]# vi /etc/nova/nova.conf

[cinder]

os_region_name = RegionOne

(7)启动服务

[root@controller ~]# systemctl restart openstack-nova-api

[root@controller ~]# systemctl start openstack-cinder-api openstack-cinder-scheduler

[root@controller ~]# systemctl status openstack-cinder-api openstack-cinder-scheduler

Storage节点

Storage节点要提前准备至少一块硬盘,作为cinder的存储后端

下文默认storage节点已经存在一块未使用的硬盘,设备名称为/dev/sdb

(1)安装软件包

[root@storage ~]# dnf install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils openstack-cinder-volume openstack-cinder-backup

(2)配置lvm卷组

[root@storage ~]# pvcreate /dev/sdb

[root@storage ~]# vgcreate cinder-volumes /dev/sdb

(3)修改cinder配置/etc/cinder/cinder.conf

[root@storage ~]# vi /etc/cinder/cinder.conf

[DEFAULT]

transport_url = rabbit://openstack:RABBIT_PASS@controller

auth_strategy = keystone

my_ip = 192.168.213.132

enabled_backends = lvm

glance_api_servers = http://controller:9292

[keystone_authtoken]

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = cinder

password = CINDER_PASS

[database]

connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

[lvm]

volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver

volume_group = cinder-volumes

target_protocol = iscsi

target_helper = lioadm

[oslo_concurrency]

lock_path = /var/lib/cinder/tmp

(4)启动服务

[root@storage ~]# systemctl start openstack-cinder-volume target

[root@storage ~]# systemctl start openstack-cinder-backup

(5)验证

Controller节点

[root@controller ~]# source ~/.admin-openrc

[root@controller ~]# openstack volume service list

创建一个卷来验证配置是否正确

[root@controller ~]# openstack volume create --size 1 test-volume

[root@controller ~]# openstack volume list

1.3.7Horizon

orizon是OpenStack提供的前端页面,可以让用户通过网页鼠标的操作来控制OpenStack集群,而不用繁琐的CLI命令行。Horizon一般部署在控制节点。

(1)安装软件包

[root@controller ~]# dnf install openstack-dashboard

(2)修改配置文件/etc/openstack-dashboard/local_settings

[root@controller ~]# vi /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = \"controller\"

ALLOWED_HOSTS = [\'*\', ]

OPENSTACK_KEYSTONE_URL =  \"http://controller:5000/v3\"

SESSION_ENGINE = \'django.contrib.sessions.backends.cache\'

CACHES = {

\'default\': {

    \'BACKEND\': \'django.core.cache.backends.memcached.MemcachedCache\',

    \'LOCATION\': \'controller:11211\',

    }

}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = \"member\"

WEBROOT = \'/dashboard\'

POLICY_FILES_PATH = \"/etc/openstack-dashboard\"

OPENSTACK_API_VERSIONS = {

    \"identity\": 3,

    \"image\": 2,

    \"volume\": 3,

}

(3)重启服务

[root@controller ~]# systemctl restart httpd

至此,horizon服务的部署已全部完成,打开浏览器,输入http://192.168.213.130/dashboard,打开horizon登录页面

击“登入”按钮登录进入Dashboard操作界面 

喜欢的希望您一键三连噢 从项目一到项目六完整版后续都会发,关注博主,欢迎大家讨论,

网络标签:

相关问题