openstack
- 环境初始化
- 安装基础服务
- 安装keystone服务
- 安装glance服务
- 安装placement服务
- 安装nova服务
- 安装neutron服务
- 安装dashboard服务
官网教程
实验环境:VMware17,配置4c4r100G,搭建单节点openstack,组件搭建到dashboard
| 主机名 | IP | 操作系统 |
|---|---|---|
| controller | 192.168.200.80 | openEuler 22.03 (LTS-SP4) |
环境初始化
配置基础环境,如主机名,免密,时间同步等
#!/bin/bash
# 定义节点信息,
NODES=("192.168.200.80 controller")
# 定义当前节点的密码(默认集群统一密码)
HOST_PASS="000000"
# 时间同步的目标节点
TIME_SERVER=controller
# 时间同步的地址段
TIME_SERVER_IP=192.160.200.0/24
# 欢迎界面
cat > /etc/motd <<EOF
################################
# Welcome to openstack #
################################
EOF
#禁用selinux
sed -i 's/SELINUX=.*/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
#firewalld
systemctl stop firewalld
systemctl disable firewalld >> /dev/null 2>&1
#关闭IPtables,清空规则
yum install iptables-services -y
if [ 0 -ne $? ]; then
echo -e "\033[31mThe installation source configuration errors\033[0m"
exit 1
fi
systemctl restart iptables
iptables -F
iptables -X
iptables -Z
/usr/sbin/iptables-save
systemctl stop iptables
systemctl disable iptables
# 优化ssh连接
sed -i -e 's/#UseDNS yes/UseDNS no/g' -e 's/GSSAPIAuthentication yes/GSSAPIAuthentication no/g' /etc/ssh/sshd_config
systemctl reload sshd
# 修改主机名
for node in "${NODES[@]}"; do
ip=$(echo "$node" | awk '{print $1}')
hostname=$(echo "$node" | awk '{print $2}')
# 获取当前节点的主机名和 IP
current_ip=$(hostname -I | awk '{print $1}')
current_hostname=$(hostname)
# 检查当前节点与要修改的节点信息是否匹配
if [[ "$current_ip" == "$ip" && "$current_hostname" != "$hostname" ]]; then
echo "Updating hostname to $hostname on $current_ip..."
hostnamectl set-hostname "$hostname"
if [ $? -eq 0 ]; then
echo "Hostname updated successfully."
else
echo "Failed to update hostname."
fi
break
fi
done
# 遍历节点信息并添加到 hosts 文件
for node in "${NODES[@]}"; do
ip=$(echo "$node" | awk '{print $1}')
hostname=$(echo "$node" | awk '{print $2}')
# 检查 hosts 文件中是否已存在相应的解析
if grep -q "$ip $hostname" /etc/hosts; then
echo "Host entry for $hostname already exists in /etc/hosts."
else
# 添加节点的解析条目到 hosts 文件
sudo sh -c "echo '$ip $hostname' >> /etc/hosts"
echo "Added host entry for $hostname in /etc/hosts."
fi
done
# 日志文件
LOG_FILE="init.log"
# 检查是否已生成SSH密钥
if [[ ! -s ~/.ssh/id_rsa.pub ]]; then
ssh-keygen -t rsa -N '' -f ~/.ssh/id_rsa -q -b 2048
echo "$(date '+%Y-%m-%d %H:%M:%S') - 生成SSH密钥" >> "$LOG_FILE"
else
echo "$(date '+%Y-%m-%d %H:%M:%S') - SSH密钥已存在" >> "$LOG_FILE"
fi
# 检查并安装 sshpass 工具
if ! which sshpass &> /dev/null; then
echo "$(date '+%Y-%m-%d %H:%M:%S') - sshpass 工具未安装,正在安装 sshpass..." >> "$LOG_FILE"
sudo yum install -y sshpass >> "$LOG_FILE" 2>&1
if [[ $? -ne 0 ]]; then
echo "$(date '+%Y-%m-%d %H:%M:%S') - sshpass 安装失败" >> "$LOG_FILE"
exit 1
fi
echo "$(date '+%Y-%m-%d %H:%M:%S') - sshpass 安装完成" >> "$LOG_FILE"
else
echo "$(date '+%Y-%m-%d %H:%M:%S') - sshpass 工具已安装" >> "$LOG_FILE"
fi
# 遍历所有节点
for node in "${NODES[@]}"; do
ip=$(echo "$node" | awk '{print $1}')
hostname=$(echo "$node" | awk '{print $2}')
echo "$(date '+%Y-%m-%d %H:%M:%S') - 复制SSH密钥到节点 $hostname ($ip)" >> "$LOG_FILE"
sshpass -p "$HOST_PASS" ssh-copy-id -o StrictHostKeyChecking=no -i /root/.ssh/id_rsa.pub $hostname
if [[ $? -eq 0 ]]; then
echo "$(date '+%Y-%m-%d %H:%M:%S') - 成功复制SSH密钥到节点 $hostname ($ip)" >> "$LOG_FILE"
else
echo "$(date '+%Y-%m-%d %H:%M:%S') - 复制SSH密钥到节点 $hostname ($ip) 失败" >> "$LOG_FILE"
fi
done
# 时间同步
if [[ $name == $TIME_SERVER ]]; then
# 配置当前节点为时间同步源
sed -i '3,4s/^/#/g' /etc/chrony.conf
sed -i "7s/^/server $TIME_SERVER iburst/g" /etc/chrony.conf
echo "allow $TIME_SERVER_IP" >> /etc/chrony.conf
echo "local stratum 10" >> /etc/chrony.conf
else
# 配置当前节点同步到目标节点
sed -i '3,4s/^/#/g' /etc/chrony.conf
sed -i "7s/^/server $TIME_SERVER iburst/g" /etc/chrony.conf
fi
# 重启并启用 chrony 服务
systemctl restart chronyd
echo "###############################################################"
echo "################# 集群初始化成功 #####################"
echo "###############################################################"
下载OpenStack Train Yum 源
yum install -y openstack-release-train
如果下载失败可手动配置
cat > /etc/yum.repos.d/openEuler.repo << eof
[OpenStack_Train]
name=OpenStack_Train
baseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/multi_version/OpenStack/Train/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler
priority=1
[OpenStack_Train_update]
name=OpenStack_Train_update
baseurl=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/EPOL/update/multi_version/OpenStack/Train/$basearch/
enabled=1
gpgcheck=1
gpgkey=https://repo.openeuler.org/openEuler-22.03-LTS-SP4/OS/$basearch/RPM-GPG-KEY-openEuler
priority=1
eof
配置环境变量,用于脚本快速搭建
cat > /root/openrc.sh << eof
HOST_IP=192.168.200.80
HOST_PASS=000000
HOST_NAME=controller
HOST_IP_NODE=
HOST_PASS_NODE=
HOST_NAME_NODE=
RABBIT_USER=openstack
RABBIT_PASS=000000
DB_PASS=000000
DOMAIN_NAME=default
ADMIN_PASS=000000
DEMO_PASS=000000
KEYSTONE_DBPASS=000000
GLANCE_DBPASS=000000
GLANCE_PASS=000000
PLACEMENT_DBPASS=000000
PLACEMENT_PASS=000000
NOVA_DBPASS=000000
NOVA_PASS=000000
NEUTRON_DBPASS=000000
NEUTRON_PASS=000000
METADATA_SECRET=000000
INTERFACE_NAME=ens34
Physical_NAME=provider
minvlan=1
maxvlan=1000
eof
安装基础服务
快速安装数据库服务、消息队列服务和缓存服务
vi iaas-install-mysql.sh
#!/bin/bash
source /root/openrc.sh
#安装数据库服务
yum install -y mariadb mariadb-server python3-PyMySQL
cat > /etc/my.cnf.d/99-openstack.cnf << EOF
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
systemctl enable --now mariadb
mysql -e "ALTER USER 'root'@'localhost' IDENTIFIED BY '$DB_PASS';"
mysql -uroot -p$DB_PASS -e "FLUSH PRIVILEGES"
systemctl restart mariadb
#安装消息队列服务
yum install -y rabbitmq-server
systemctl enable --now rabbitmq-server
rabbitmqctl add_user $RABBIT_USER $RABBIT_PASS
rabbitmqctl set_permissions $RABBIT_USER ".*" ".*" ".*"
systemctl restart rabbitmq-server
rabbitmqctl list_users
#安装缓存服务
yum install -y memcached python3-memcached
sed -i -e 's/OPTIONS.*/OPTIONS="-l 127.0.0.1,::1,'$HOST_NAME'"/g' /etc/sysconfig/memcached
systemctl enable --now memcached
memcached-tool controller stats
bash iaas-install-mysql.sh
安装keystone服务
vi iaas-install-keystone.sh
#!/bin/bash
source /root/openrc.sh
#keystone mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS keystone ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '$KEYSTONE_DBPASS' ;"
yum install -y openstack-keystone httpd mod_wsgi
cp /etc/keystone/keystone.conf{,.bak}
cat > /etc/keystone/keystone.conf << eof
[DEFAULT]
log_dir = /var/log/keystone
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:$KEYSTONE_DBPASS@$HOST_NAME/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
eof
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password $ADMIN_PASS \
--bootstrap-admin-url http://$HOST_NAME:5000/v3/ \
--bootstrap-internal-url http://$HOST_NAME:5000/v3/ \
--bootstrap-public-url http://$HOST_NAME:5000/v3/ \
--bootstrap-region-id RegionOne
echo "ServerName $HOST_NAME" >> /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable --now httpd
systemctl restart httpd
cat > /etc/keystone/admin-openrc.sh << EOF
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/keystone/admin-openrc.sh
yum install -y python3-openstackclient
openstack project create --domain default --description "Service Project" service
openstack token issue
bash iaas-install-keystone.sh
安装glance服务
vi iaas-install-glance.sh
#!/bin/bash
source /root/openrc.sh
source /etc/keystone/admin-openrc.sh
#glance mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS glance ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '$GLANCE_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '$GLANCE_DBPASS' ;"
openstack user create --domain $DOMAIN_NAME --password $GLANCE_PASS glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image internal http://$HOST_NAME:9292
openstack endpoint create --region RegionOne image admin http://$HOST_NAME:9292
yum install -y openstack-glance
cp /etc/glance/glance-api.conf{,.bak}
cat > /etc/glance/glance-api.conf << eof
[DEFAULT]
[cinder]
[cors]
[database]
connection = mysql+pymysql://glance:$GLANCE_DBPASS@$HOST_NAME/glance
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
disk_formats = ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = $GLANCE_PASS
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
eof
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable --now openstack-glance-api.service
systemctl restart openstack-glance-api
bash iaas-install-glance.sh
可下载测试镜像上传测试
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
[root@controller ~]# openstack image create --disk-format qcow2 --container-format bare --file cirros-0.4.0-x86_64-disk.img cirros
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value
|
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| checksum | 443b7623e27ecf03dc9e01ee93f67afe
|
| container_format | bare
|
| created_at | 2024-07-11T13:22:59Z
|
| disk_format | qcow2
|
| file | /v2/images/f80eddb9-671c-478d-9c7c-84e04db310c3/file
|
| id | f80eddb9-671c-478d-9c7c-84e04db310c3
|
| min_disk | 0
|
| min_ram | 0
|
| name | cirros
|
| owner | b439d6d19d5f4f6aaa6e76c4bb041dcf
|
| properties | os_hash_algo='sha512', os_hash_value='6513f21e44aa3da349f248188a44bc304a3653a04122d8fb4535423c8e1d14cd6a153f735bb0982e2161b5b5186106570c17a9e58b64dd39390617cd5a350f78', os_hidden='False' |
| protected | False
|
| schema | /v2/schemas/image
|
| size | 12716032
|
| status | active
|
| tags |
|
| updated_at | 2024-07-11T13:23:00Z
|
| virtual_size | None
|
| visibility | shared
|
+------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
[root@controller ~]#
安装placement服务
vi iaas-install-placement.sh
#!/bin/bash
source /root/openrc.sh
source /etc/keystone/admin-openrc.sh
#placement mysql
mysql -uroot -p$DB_PASS -e "CREATE DATABASE placement;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '$PLACEMENT_DBPASS';"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '$PLACEMENT_DBPASS';"
openstack user create --domain $DOMAIN_NAME --password $PLACEMENT_PASS placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement internal http://$HOST_NAME:8778
openstack endpoint create --region RegionOne placement admin http://$HOST_NAME:8778
yum install -y openstack-placement-api
cp /etc/placement/placement.conf{,.bak}
cat > /etc/placement/placement.conf << eof
[DEFAULT]
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://$HOST_NAME:5000/v3
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = $PLACEMENT_PASS
[placement_database]
connection = mysql+pymysql://placement:$PLACEMENT_DBPASS@$HOST_NAME/placement
eof
su -s /bin/sh -c "placement-manage db sync" placement
systemctl restart httpd
placement-status upgrade check
#下面配置可选
yum install -y python3-osc-placement
#会列出所有可用的资源类型(Resource Classes),并按名称排序。资源类型是指如VCPU、内存、磁盘空间等各种计算资源。
openstack --os-placement-api-version 1.2 resource class list --sort-column name
#会列出所有定义的特性(Traits),并按名称排序。特性是一些标识,用来描述资源的某些能力或属性,例如是否支持SSD,是否有GPU等。
openstack --os-placement-api-version 1.6 trait list --sort-column name
bash iaas-install-placement.sh
安装nova服务
vi iaas-install-nova-controller.sh
#!/bin/bash
source /root/openrc.sh
source /etc/keystone/admin-openrc.sh
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_api ;"
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS nova_cell0 ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '$NOVA_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '$NOVA_DBPASS' ;"
openstack user create --domain $DOMAIN_NAME --password $NOVA_PASS nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://$HOST_NAME:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://$HOST_NAME:8774/v2.1
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
yum install -y openstack-nova-compute
cp /etc/nova/nova.conf{,.bak}
cat > /etc/nova/nova.conf << eof
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
my_ip = $HOST_IP
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
compute_driver=libvirt.LibvirtDriver
instances_path = /var/lib/nova/instances/
log_dir = /var/log/nova
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:$NOVA_DBPASS@$HOST_NAME/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://$HOST_NAME:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000/
auth_url = http://$HOST_NAME:5000/
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = $NOVA_PASS
[libvirt]
[metrics]
[mks]
[neutron]
auth_url = http://$HOST_NAME:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = $NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = $METADATA_SECRET
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://$HOST_NAME:5000/v3
username = placement
password = $PLACEMENT_PASS
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $HOST_IP
server_proxyclient_address = $HOST_IP
novncproxy_base_url = http://$HOST_IP:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
eof
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable --now openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl enable --now libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service
cat > /root/nova-service-restart.sh <<EOF
#!bin/bash
# 处理api服务
systemctl restart openstack-nova-api
# 处理资源调度服务
systemctl restart openstack-nova-scheduler
# 处理数据库服务
systemctl restart openstack-nova-conductor
# 处理vnc远程窗口服务
systemctl restart openstack-nova-novncproxy
# 处理nova-compute服务
systemctl restart openstack-nova-compute
EOF
nova-manage cell_v2 discover_hosts
nova-manage cell_v2 map_cell_and_hosts
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
bash /root/nova-service-restart.sh
bash iaas-install-nova-controller.sh
验证服务
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 3 | nova-conductor | controller | internal | enabled | up | 2024-07-11T14:19:29.000000 |
| 4 | nova-scheduler | controller | internal | enabled | up | 2024-07-11T14:19:32.000000 |
| 7 | nova-compute | controller | nova | enabled | up | 2024-07-11T14:19:33.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]#
安装neutron服务
采用Linuxbridge网络
vi iaas-install-neutron-controller.sh
#!/bin/bash
source /root/openrc.sh
source /etc/keystone/admin-openrc.sh
#neutron mysql
mysql -uroot -p$DB_PASS -e "create database IF NOT EXISTS neutron ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '$NEUTRON_DBPASS' ;"
mysql -uroot -p$DB_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '$NEUTRON_DBPASS' ;"
#neutron user role service endpoint
openstack user create --domain $DOMAIN_NAME --password $NEUTRON_PASS neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network internal http://$HOST_NAME:9696
openstack endpoint create --region RegionOne network admin http://$HOST_NAME:9696
#neutron install
yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset openstack-neutron-ml2
#network
if [[ `ip a |grep -w $INTERFACE_IP |grep -w $INTERFACE_NAME` = '' ]];then
cat > /etc/sysconfig/network-scripts/ifcfg-$INTERFACE_NAME <<EOF
DEVICE=$INTERFACE_NAME
TYPE=Ethernet
BOOTPROTO=none
ONBOOT=yes
EOF
systemctl restart NetworkManager
fi
#/etc/neutron/neutron.conf
cp /etc/neutron/neutron.conf{,.bak}
cat > /etc/neutron/neutron.conf << eof
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = true
allow_overlapping_ips = true
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
api_workers = 3
[cors]
[database]
connection = mysql+pymysql://neutron:$NEUTRON_DBPASS@$HOST_NAME/neutron
[keystone_authtoken]
www_authenticate_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:5000
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = $NEUTRON_PASS
[nova]
auth_url = http://$HOST_NAME:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = $NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
eof
#/etc/neutron/plugins/ml2/ml2_conf.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
cat > /etc/neutron/plugins/ml2/ml2_conf.ini << eof
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = $Physical_NAME
[ml2_type_vxlan]
vni_ranges = $minvlan:$maxvlan
[securitygroup]
enable_ipset = true
eof
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
cat > /etc/neutron/plugins/ml2/linuxbridge_agent.ini << eof
[DEFAULT]
[linux_bridge]
physical_interface_mappings = $Physical_NAME:$INTERFACE_NAME
[vxlan]
enable_vxlan = true
local_ip = $HOST_IP
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
eof
cp /etc/neutron/l3_agent.ini{,.bak}
cat > /etc/neutron/l3_agent.ini << eof
[DEFAULT]
interface_driver = linuxbridge
eof
cp /etc/neutron/dhcp_agent.ini{,.bak}
cat > /etc/neutron/dhcp_agent.ini << eof
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
eof
cp /etc/neutron/metadata_agent.ini{,.bak}
cat > /etc/neutron/metadata_agent.ini << eof
[DEFAULT]
nova_metadata_host = $HOST_IP
metadata_proxy_shared_secret = $METADATA_SECRET
[cache]
eof
#br_netfilter
modprobe br_netfilter
echo 'net.ipv4.conf.all.rp_filter=0' >> /etc/sysctl.conf
echo 'net.ipv4.conf.default.rp_filter=0' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
sysctl -p
#su neutron mysql
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable --now neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
cat > /root/neutron-service-restart.sh << eof
#!/bin/bash
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
eof
bash /root/neutron-service-restart.sh
bash iaas-install-neutron-controller.sh
验证服务
[root@controller ~]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 40067c3b-2c52-4355-a1f3-e9b0dd650eac | DHCP agent | controller | nova | :-) | UP | neutron-dhcp-agent |
| 5abd1679-c0d8-4e49-8570-d354d3f9e071 | Metadata agent | controller | None | :-) | UP | neutron-metadata-agent |
| e39a0d54-541d-4202-b4bd-cf3c8770ea0f | Linux bridge agent | controller | None | :-) | UP | neutron-linuxbridge-agent |
| e94994d3-b6d4-40f2-8732-52d5b92266db | L3 agent | controller | nova | :-) | UP | neutron-l3-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
安装dashboard服务
vi iaas-install-horizon.sh
#!/bin/bash
source /root/openrc.sh
source /etc/keystone/admin-openrc.sh
yum install -y openstack-dashboard
cp /etc/openstack-dashboard/local_settings{,.bak}
sed -i '/^OPENSTACK_HOST/s#127.0.0.1#'$HOST_NAME'#' /etc/openstack-dashboard/local_settings
sed -i "/^ALLOWED_HOSTS/s#\[.*\]#['*']#" /etc/openstack-dashboard/local_settings
sed -i '104s/.*/SESSION_ENGINE = '\''django.contrib.sessions.backends.cache'\''/' /etc/openstack-dashboard/local_settings
echo "OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True" >> /etc/openstack-dashboard/local_settings
echo "OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = \"Default\"" >> /etc/openstack-dashboard/local_settings
echo 'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"' >> /etc/openstack-dashboard/local_settings
echo "OPENSTACK_API_VERSIONS = {
\"identity\": 3,
\"image\": 2,
\"volume\": 3,
}" >> /etc/openstack-dashboard/local_settings
echo "CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}" >> /etc/openstack-dashboard/local_settings
sed -i '147s/.*/TIME_ZONE = "Asia\/Shanghai"/' /etc/openstack-dashboard/local_settings
systemctl restart httpd.service memcached.service
bash iaas-install-horizon.sh
界面访问:IP/dashboard
创建实例如下
远程访问
可正常访问外网
