Openstack学习笔记(四):其他组件的安装和配置

Nova

Nova,即计算服务,是OpenStack计算的弹性控制器。Nova可以说是整个云平台最重要的组件,OpenStack的其他组件依托Nova,与Nova协同工作,组成了整个OpenStack云平台。Nova服务包含了6个子组件,分别为:Nova API、Nova Cert、Nova Compute、Nova Conductor、Nova Scheduler、Nova Consoleauth以及Nova Vncproxy

控制节点

  • 数据库配置
    [root@controller images]#mysql -u root -p000000
    create database nova;
    grant all privileges on nova.* to nova@'localhost' identified by '000000';
    grant all privileges on nova.* to nova@'%' identified by '000000';
    flush privileges;
    exit

  • 创建服务证书
    (openstack) user create --domain default --password 000000 nova
    (openstack) role add --project service --user nova admin
    (openstack) service create --name nova --description "OpenStack Compute" compute
    (openstack) endpoint create --region RegionOne compute public http://controller:8774/v2/%(tenant_id)s
    (openstack) endpoint create --region RegionOne compute internal http://controller:8774/v2/%(tenant_id)s
    (openstack) endpoint create --region RegionOne compute admin http://controller:8774/v2/%(tenant_id)s

  • 安装相关组件
    yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient

  • 修改相关配置文件/etc/nova/nova.conf
    openstack-config --set /etc/nova/nova.conf database connection mysql://nova:000000@controller/nova
    openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
    openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
    openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
    openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_assword 000000
    openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
    openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
    openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
    openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
    openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
    openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
    openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.211
    openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
    openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
    openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
    openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
    openstack-config --set /etc/nova/nova.conf vnc vncserver_listen $my_ip
    openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ip
    openstack-config --set /etc/nova/nova.conf glance host controller
    openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
    openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
    openstack-config --set /etc/nova/nova.conf DEFAULT verbose True

  • 同步数据库配置,执行命令即可进行相关配置
    su -s /bin/sh -c "nova-manage db sync" nova

计算节点

  • 下载安装nova计算节点的服务
    yum install openstack-nova-compute sysfsutils

  • 配置nova
    openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
    openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
    openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.211
    openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
    openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
    openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
    openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
    openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 172.23.0.212
    openstack-config --set /etc/nova/nova.conf DEFAULT verbose True
    openstack-config --set /etc/nova/nova.conf vnc enabled True
    openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
    openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ip
    openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
    openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
    openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
    openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password 000000
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
    openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
    openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
    openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
    openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
    openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
    openstack-config --set /etc/nova/nova.conf keystone_authtoken password 000000
    openstack-config --set /etc/nova/nova.conf glance host controller
    openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

  • 测试本机是否支持cpu虚拟化,结果>0则支持,如果不支持需要在vmware里面进行设置
    [root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo

Paste_Image.png
  • 启动compute服务并设置自启动
    [root@compute ~]# systemctl restart libvirtd.service openstack-nova-compute.service
    [root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service

  • 在控制节点上验证
    [root@controller ~]# nova service-list

Neutron

控制节点

  • 配置数据库
    [root@controller ~]#mysql -u root -p000000
    create database neutron;
    grant all privileges on neutron.* to neutron@'localhost' identified by '000000';
    grant all privileges on neutron.* to neutron@'%' identified by '000000';
    flush privileges;
    exit

  • 创建Neutron用户、角色、端点等
    [root@controller ~]# openstack
    user create --domain default --password-prompt neutron
    role add --project service --user neutron admin
    service create --name neutron --description "OpenStack Networking" network
    endpoint create --region RegionOne network public http://controller:9696
    endpoint create --region RegionOne network internal http://controller:9696
    endpoint create --region RegionOne network admin http://controller:9696

配置网络选项

openstack支持两种选项的网络部署模式,这里选择比较容易的提供者网络:

  • 提供者网络
    部署部署最简单的架构,只支持绑定实例到公共网络。没有自服务网络,路由器和浮动IP地址。只有admin或者其它特权用户可以管理提供者网络。

  • 自服务网络
    提供3层服务,支持绑定实例到自服务(私有)网络。demo或非特权用户可以管理自服务网络,包括路由器。路由器提供自服务网络和提供者网络之间的互通。同时,浮动IP地址提供从外部网络访问实例的能力,比如因特网。

  • 安装组件
    [root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset

  • 配置服务组件
    openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:000000@controller/neutron
    openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
    openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
    openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
    openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
    openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
    openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
    openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
    openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
    openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
    openstack-config --set /etc/neutron/neutron.conf nova auth_plugin password
    openstack-config --set /etc/neutron/neutron.conf nova project_domain_id default
    openstack-config --set /etc/neutron/neutron.conf nova user_domain_id default
    openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
    openstack-config --set /etc/neutron/neutron.conf nova project_name service
    openstack-config --set /etc/neutron/neutron.conf nova username nova
    openstack-config --set /etc/neutron/neutron.conf nova password 000000
    openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

  • 配置Modular Layer2(ML2)插件
    ML2插件使用Linux桥接机制为实例创建layer-2 (桥接/交换)虚拟网络基础设施。
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
    openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

  • 配置Linux桥接代理
    Linux桥接代理为实例创建包括私有网络的VXLAN隧道和处理安全组的layer-2(桥接/交换)虚拟网络设施。
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ens34
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini ecuritygroup enable_security_group True
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

  • 配置DHCP代理
    openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
    openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
    openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
    openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True

  • 配置元数据代理
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password 000000
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 000000
    openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True

  • 配置计算使用网络
    openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
    openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
    openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
    openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
    openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
    openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
    openstack-config --set /etc/nova/nova.conf neutron project_name service
    openstack-config --set /etc/nova/nova.conf neutron username neutron
    openstack-config --set /etc/nova/nova.conf neutron password 000000
    openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
    openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 000000

  • 完成安装并同步数据库
    [root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
    [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

*重启计算API服务
[root@controller ~]# systemctl restart openstack-nova-api.service

  • 启动网络服务并配置开机自启动
    [root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
    [root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

计算节点

  • 安装组件
    [root@compute ~]# yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y

  • 配置通用组件
    openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
    openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
    openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
    openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
    openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
    openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password 000000
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
    openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 000000
    openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

  • 在compute上配置网络组件:配置桥接代理
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:ens34
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini ecuritygroup enable_security_group True
    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

  • 配置计算使用网络
    openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
    openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
    openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
    openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
    openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
    openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
    openstack-config --set /etc/nova/nova.conf neutron project_name service
    openstack-config --set /etc/nova/nova.conf neutron username neutron
    openstack-config --set /etc/nova/nova.conf neutron password 000000

  • 重启计算服务
    [root@compute ~]# systemctl restart openstack-nova-compute.service

  • 启动linux桥接代理并设置自启动
    [root@compute ~]# systemctl restart neutron-linuxbridge-agent.service
    [root@compute ~]# systemctl enable neutron-linuxbridge-agent.service

  • 验证

成功

DashBoard

  • 安装软件包
    [root@controller~]# yum install openstack-dashboard

  • 编辑文件 /etc/openstack-dashboard/local_settings 并修改如下部分(可直接vi里面用/来搜索修改):

      在 controller 节点上配置仪表盘以使用 OpenStack 服务:
    
      OPENSTACK_HOST = "controller"
      允许所有主机访问仪表板:
      
      ALLOWED_HOSTS = ['*', ]
      配置 memcached 会话存储服务:
      
      CACHES = {
          'default': {
               'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
               'LOCATION': 'controller:11211',
          }
      }
       注解
      
      将其他的会话存储服务配置注释。
    
      为通过仪表盘创建的用户配置默认的 user 角色:
    
      OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
      启用multi-domain model:
      
      OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
      配置服务API版本,这样你就可以通过Keystone V3 API来登录dashboard:
      
      OPENSTACK_API_VERSIONS = {
          "identity": 3,
          "volume": 2,
      }
      如果您选择网络参数1,禁用支持3层网络服务:
      
      OPENSTACK_NEUTRON_NETWORK = {
          ...
          'enable_router': False,
          'enable_quotas': False,
          'enable_distributed_router': False,
          'enable_ha_router': False,
          'enable_lb': False,
          'enable_firewall': False,
          'enable_vpn': False,
          'enable_fip_topology_check': False,
      }
    
  • 验证

至此openstack简单部署成功!

常见问题

  • 在下载安装nova的时候,会提示需要python-jinja2包,一般这个包好像都是centos7系统自带的,不知道我的为什么没有,需要到相关的镜像站下载。注意,这里的jinja2包一定不要下载错版本,因为百度上面搜索的出来排前面的都是openSUSE系统的版本,如果下载了openSUSE版本的python-Jinja2包,安装时候会提示缺少python-MarkupSafe,而如果再去找python-MarkupSafe的话,则会提示需要python2.7才能安装。对于centos7来说,python-jinja2和python-markupsafe都是小写的,所以即使系统已经安装了python-markupsafe,如果装错了版本还是会提示重新安装。

  • 执行下列命令时候会提示No handlers could be found for logger "oslo_config.cfg",不知什么原因,但是数据库表都已经创建。
    su -s /bin/sh -c "nova-manage db sync" nova

  • 在计算节点下载openstack-nova-compute的时候提示缺少python-libguestfs包,可以去相关镜像站的os目录下下载

  • 在计算节点启动compute服务的时候一直启动不了,查conductor的日志发现是5672端口的问题,5672端口是rabbitmq在使用,查rabbitmq的日志,发现原因是密码错误,查密码相关的配置,发现是controller节点的oslo_messaging_rabbit rabbit_password 000000项中的password写错了,修正后成功启动

  • 下载安装的时候缺少dnsmasq-utils和libxslt-python两个包,下载后重新createrepo即可

推荐阅读更多精彩内容