基于OpenStack官方的Ubuntu 22.04.3 LTS部署OpenStack-Bobcat教程(Neutron使用OVN)
- 注意事项
- 机器详情
- 基础配置
- 配置NTP
- [安装OpenStack packages](#安装OpenStack packages)
-
- [Controller节点 && Compute节点](#Controller节点 && Compute节点)
- [安装SQL database](#安装SQL database)
- [安装Message queue](#安装Message queue)
- 安装Memcached
- 安装Etcd
- 安装Keystone
- 安装Glance
- 安装Placement
-
- Controller节点
-
- 创建数据库
- 创建placement用户
- 将用户添加到admin
- 创建placement服务实体
- [创建API 服务端点](#创建API 服务端点)
- 安装组件
- 配置组件
- 填充数据库
- 重启apache2服务
- 验证配置
- 安装Nova
- 安装Neutron(使用的是OVN)
-
- Controller节点
- Compute节点
- 配置验证(Controller)
- 创建OVN网络
-
- [Controller节点 && Compute节点](#Controller节点 && Compute节点)
- Controller节点
- 安装Dashboard
- 基础的配置(也可以去dashboard上创建)
注意事项
本文所有涉及密码的部分我都设置为123456
机器详情
| 主机名 | 网卡 | CPU | 内存 |
|---|---|---|---|
| controller | 网卡1:ens33 192.168.46.172/24 网卡2:ens34 不分配IP地址 | 2C | 8G |
| compute1 | 网卡1:ens33 192.168.46.173/24 网卡2:ens34 不分配IP地址 | 2C | 8G |
基础配置
Controller节点
设置主机名
bash
hostnamectl set-hostname controller设置静态IP
bash
vim /etc/netplan/00-installer-config.yaml
yaml
# This is the network config written by 'subiquity'
network:
ethernets:
ens33:
dhcp4: no
dhcp6: no
addresses:
- 192.168.46.172/24
routes:
- to: default
via: 192.168.46.2
nameservers:
addresses:
- 114.114.114.114
- 8.8.8.8
ens34:
dhcp4: no
dhcp6: no
addresses: []
version: 2
bash
netplan apply配置hosts
bash
vim /etc/hosts
bash
192.168.46.172 controller
192.168.46.173 compute1Compute节点
设置主机名
bash
hostnamectl set-hostname compute1设置静态IP
bash
vim /etc/netplan/00-installer-config.yaml
yaml
# This is the network config written by 'subiquity'
network:
ethernets:
ens33:
dhcp4: no
dhcp6: no
addresses:
- 192.168.46.173/24
routes:
- to: default
via: 192.168.46.2
nameservers:
addresses:
- 114.114.114.114
- 8.8.8.8
ens34:
dhcp4: no
dhcp6: no
addresses: []
version: 2
bash
netplan apply配置hosts
bash
vim /etc/hosts
bash
192.168.46.172 controller
192.168.46.173 compute1验证配置
Controller节点 && Compute节点
bash
ping -c 4 www.baidu.com
bash
# Compute节点
ping -c 4 controller
bash
# Controller节点
ping -c 4 compute1配置NTP
Controller节点 && Compute节点
设置时区
bash
timedatectl set-timezone Asia/Shanghai安装软件
bash
apt install chrony -y修改配置文件
bash
vim /etc/chrony/chrony.conf
yaml
# 把开头是pool的所有行注释掉
# 添加如下的阿里时间服务器
server ntp.aliyun.com iburst重启服务
bash
systemctl restart chrony && systemctl enable chrony验证配置
bash
chronyc sources
bash
# 出现如下所示表示配置成功
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 13 -2690us[-3632us] +/- 34ms安装OpenStack packages
Controller节点 && Compute节点
bash
add-apt-repository cloud-archive:bobcat
bash
apt update
bash
# Controller节点
apt install python3-openstackclient -y安装SQL database
Controller节点
安装软件
bash
apt install mariadb-server python3-pymysql -y修改配置文件
bash
vim /etc/mysql/mariadb.conf.d/99-openstack.cnf
bash
[mysqld]
bind-address = 192.168.46.172 # Controller节点的IP地址
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8重启服务
bash
systemctl restart mysql && systemctl enable mysql初始化数据库
bash
mysql_secure_installation安装Message queue
Controller节点
安装软件
bash
apt install rabbitmq-server -y添加用户
bash
rabbitmqctl add_user openstack RABBIT_PASSRABBIT_PASS为设置的密码
设置权限
bash
rabbitmqctl set_permissions openstack ".*" ".*" ".*"安装Memcached
Controller节点
安装软件
bash
apt install memcached python3-memcache -y修改配置文件
bash
vim /etc/memcached.conf
bash
-l 127.0.0.1
# 改为
-l Controller节点的IP地址重启服务
bash
systemctl restart memcached安装Etcd
Controller节点
安装软件
bash
apt install etcd -y修改配置文件
bash
vim /etc/default/etcd
bash
# 如下IP地址均为Controller节点的IP地址
ETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="new"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://192.168.46.172:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.46.172:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.46.172:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.46.172:2379"重启服务
bash
systemctl restart etcd && systemctl enable etcd安装Keystone
Controller节点
创建数据库
bash
mysql
bash
CREATE DATABASE keystone;
bash
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
bash
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';KEYSTONE_DBPASS为要设置的密码
bash
exit安装组件
bash
apt install keystone -y配置组件
bash
vim /etc/keystone/keystone.conf
bash
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystoneKEYSTONE_DBPASS为创建keystone用户设置的数据库访问密码
bash
[token]
provider = fernet填充数据库
bash
su -s /bin/sh -c "keystone-manage db_sync" keystone
bash
# 出现如下的错误忽略即可,无影响
Exception ignored in: <function _removeHandlerRef at 0x7f285a6a83a0>
Traceback (most recent call last):
File "/usr/lib/python3.10/logging/__init__.py", line 846, in _removeHandlerRef
File "/usr/lib/python3.10/logging/__init__.py", line 226, in _acquireLock
File "/usr/lib/python3.10/threading.py", line 164, in acquire
File "/usr/lib/python3/dist-packages/eventlet/green/thread.py", line 34, in get_ident
AttributeError: 'NoneType' object has no attribute 'getcurrent'初始化密钥
bash
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone引导服务
bash
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOneADMIN_PASS为准备设置管理员用户的密码
配置Apache
bash
vim /etc/apache2/apache2.conf
bash
# 不存在则添加
ServerName controller重启Apache服务
bash
systemctl restart apache2创建脚本文件
bash
vim admin-openrc.sh
bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2ADMIN_PASS为之前设置的管理员用户的密码
bash
chmod +x admin-openrc.sh
bash
source admin-openrc.sh创建domain
bash
openstack domain create --description "An Example Domain" example创建project
bash
openstack project create --domain default \
--description "Demo Project" myproject创建user
bash
openstack user create --domain default \
--password-prompt myuser创建role
bash
openstack role create myrole将role添加到project和user
bash
openstack role add --project myproject --user myuser myrole验证配置
bash
source admin-openrc.sh
bash
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
bash
# 正常应该输出类似如下的内容
root@controller:~# openstack --os-auth-url http://controller:5000/v3 \
> --os-project-domain-name Default --os-user-domain-name Default \
> --os-project-name admin --os-username admin token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2024-03-31T08:23:06+0000 |
| id | gAAAAABmCQ9aC7KVhtUt0bIyFuTU-lMkFo0hoZ0Aijv319VmVLKuO-zqx_K2Gp_E7ctscBU8Vx4ESY3eI4WLXYMeyHhcZW6V9Ki2XehhCMSgx8cRBtZNOKu6at9P_W1SF75Z6qYjcZhHMMhA7FqM5Audwu4HLM1IWpkbX0vFeqaGhEqVJnKfjaY |
| project_id | 1c9ca3eb987f477c9abdbcff2f605a60 |
| user_id | 33d24fdc018a46aa830bfd43fd7e9a6f |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+安装Glance
Controller节点
创建数据库
bash
mysql
bash
CREATE DATABASE glance;
bash
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
bash
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';GLANCE_DBPASS为要设置的密码
bash
exit创建glance用户
bash
source admin-openrc.sh
bash
openstack user create --domain default --password-prompt glance将glacne添加到admin中去
bash
openstack role add --project service --user glance admin
bash
# 如果遇到如下的情况
No project with a name or ID of 'service' exists.
# 先创建名字为service的project
openstack project create --domain default service
# 在运行一下添加命令创建glance服务实体
bash
openstack service create --name glance \
--description "OpenStack Image" image创建Image服务API端点
bash
openstack endpoint create --region RegionOne \
image public http://controller:9292
bash
openstack endpoint create --region RegionOne \
image internal http://controller:9292
bash
openstack endpoint create --region RegionOne \
image admin http://controller:9292安装组件
bash
apt install glance -y配置组件
bash
vim /etc/glance/glance-api.conf
bash
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glanceGLANCE_DBPASS为创建glance用户访问数据库的密码
bash
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASSGLANCE_PASS为openstack创建glance用户设置的密码
bash
[paste_deploy]
flavor = keystone
bash
[DEFAULT]
enabled_backends=fs:file
bash
[glance_store]
default_backend = fs
bash
[fs]
filesystem_store_datadir = /var/lib/glance/images/
bash
[oslo_limit]
auth_url = http://controller:5000
auth_type = password
user_domain_id = default
username = glance
system_scope = all
password = GLANCE_PASS
endpoint_id = 3622d855ba414f15a4becbef8479d5bf
region_name = RegionOneGLANCE_PASS为openstack创建glance用户设置的密码
endpoint_id为创建Image服务API端点中类型为public的id
可以通过如下的命令查看
openstack endpoint list
添加权限
bash
openstack role add --user glance --user-domain Default --system all reader填充数据库
bash
su -s /bin/sh -c "glance-manage db_sync" glance重启Image服务
bash
systemctl restart glance-api验证配置
bash
source admin-openrc.sh
bash
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
bash
glance image-create --name "cirros" \
--file /root/cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility=public
bash
glance image-list
bash
# 输出如下的内容表示组件成功运行
root@controller:~# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| 8244fbc0-f798-44c5-b0f3-9e5566e7e345 | cirros |
+--------------------------------------+--------+安装Placement
Controller节点
创建数据库
bash
mysql
bash
CREATE DATABASE placement;
bash
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
bash
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'PLACEMENT_DBPASS';PLACEMENT_DBPASS为要设置的密码
bash
exit创建placement用户
bash
source admin-openrc.sh
bash
openstack user create --domain default --password-prompt placement将用户添加到admin
bash
openstack role add --project service --user placement admin创建placement服务实体
bash
openstack service create --name placement \
--description "Placement API" placement创建API 服务端点
bash
openstack endpoint create --region RegionOne \
placement public http://controller:8778
bash
openstack endpoint create --region RegionOne \
placement internal http://controller:8778
bash
openstack endpoint create --region RegionOne \
placement admin http://controller:8778安装组件
bash
apt install placement-api -y配置组件
bash
vim /etc/placement/placement.conf
bash
[placement_database]
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placementPLACEMENT_DBPASS为创建placement用户访问数据库设置的密码
bash
[api]
auth_strategy = keystone
bash
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASSPLACEMENT_PASS为openstack创建placement用户设置的密码
填充数据库
bash
su -s /bin/sh -c "placement-manage db sync" placement重启apache2服务
bash
systemctl restart apache2验证配置
bash
source admin-openrc.sh
bash
placement-status upgrade check
bash
# 输出如下的内容表示成功
root@controller:~# placement-status upgrade check
+-------------------------------------------+
| Upgrade Check Results |
+-------------------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+-------------------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+-------------------------------------------+
| Check: Policy File JSON to YAML Migration |
| Result: Success |
| Details: None |
+-------------------------------------------+
bash
openstack --os-placement-api-version 1.2 resource class list --sort-column name
bash
# 输出如下的内容表示成功
root@controller:~# openstack --os-placement-api-version 1.2 resource class list --sort-column name
+----------------------------------------+
| name |
+----------------------------------------+
| DISK_GB |
| FPGA |
| IPV4_ADDRESS |
| MEMORY_MB |
| MEM_ENCRYPTION_CONTEXT |
| NET_BW_EGR_KILOBIT_PER_SEC |
| NET_BW_IGR_KILOBIT_PER_SEC |
| NET_PACKET_RATE_EGR_KILOPACKET_PER_SEC |
| NET_PACKET_RATE_IGR_KILOPACKET_PER_SEC |
| NET_PACKET_RATE_KILOPACKET_PER_SEC |
| NUMA_CORE |
| NUMA_MEMORY_MB |
| NUMA_SOCKET |
| NUMA_THREAD |
| PCI_DEVICE |
| PCPU |
| PGPU |
| SRIOV_NET_VF |
| VCPU |
| VGPU |
| VGPU_DISPLAY_HEAD |
+----------------------------------------+
bash
openstack --os-placement-api-version 1.6 trait list --sort-column name安装Nova
Controller节点
创建数据库
bash
mysql
bash
CREATE DATABASE nova_api;
bash
CREATE DATABASE nova;
bash
CREATE DATABASE nova_cell0;
bash
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
bash
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
bash
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
bash
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
bash
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
bash
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';NOVA_DBPASS为要设置的密码
bash
exit创建nova用户
bash
source admin-openrc.sh
bash
openstack user create --domain default --password-prompt nova添加到admin
bash
openstack role add --project service --user nova admin创建nova服务实体
bash
openstack service create --name nova \
--description "OpenStack Compute" compute创建API服务端点
bash
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
bash
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
bash
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1安装组件
bash
apt install nova-api nova-conductor nova-novncproxy nova-scheduler -y配置组件
bash
vim /etc/nova/nova.conf
bash
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_apiNOVA_DBPASS为创建nova用户设置访问数据库的密码
bash
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/novaNOVA_DBPASS为创建nova用户设置访问数据库的密码
bash
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
my_ip = 192.168.46.172RABBIT_PASS为rabbitmqctl创建openstack设置的密码
my_ip为Controller节点的IP地址
bash
[api]
auth_strategy = keystone
bash
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASSNOVA_PASS为openstack创建nova用户设置的密码
bash
[service_user]
send_service_user_token = true
auth_url = http://controller:5000/v3
auth_strategy = keystone
auth_type = password
project_domain_name = Default
project_name = service
user_domain_name = Default
username = nova
password = NOVA_PASSNOVA_PASS为openstack创建nova用户设置的密码
bash
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
bash
[glance]
api_servers = http://controller:9292
bash
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
bash
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASSPLACEMENT_PASS为openstack创建placement用户设置的密码
填充数据库
bash
su -s /bin/sh -c "nova-manage api_db sync" nova
bash
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
bash
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
bash
su -s /bin/sh -c "nova-manage db sync" nova验证
bash
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
bash
# 输出类似如下的内容
root@controller:~# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False |
| cell1 | e52327df-10e2-41e1-a1d2-5d7724a85688 | rabbit://openstack:****@controller:5672/ | mysql+pymysql://nova:****@controller/nova | False |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+重启服务
bash
systemctl restart nova-api nova-scheduler nova-conductor nova-novncproxyCompute节点
安装组件
bash
apt install nova-compute -y配置组件
bash
vim /etc/nova/nova.conf
bash
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip = 192.168.46.173RABBIT_PASS为rabbit创建openstack用户设置的密码
my_ip为Compute节点的IP地址
bash
[api]
auth_strategy = keystone
bash
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASSNOVA_PASS为openstack创建nova用户设置的密码
bash
[service_user]
send_service_user_token = true
auth_url = http://controller:5000/v3
auth_strategy = keystone
auth_type = password
project_domain_name = Default
project_name = service
user_domain_name = Default
username = nova
password = NOVA_PASSNOVA_PASS为openstack创建nova用户设置的密码
bash
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.htmlcontroller替换成Controller的IP地址
bash
[glance]
api_servers = http://controller:9292
bash
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
bash
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASSPLACEMENT_PASS为openstack创建placement用户设置的密码
修改虚拟类型
bash
egrep -c '(vmx|svm)' /proc/cpuinfo如果返回为0则需要修改
bash
vim /etc/nova/nova-compute.conf
bash
[libvirt]
virt_type = qemu重启服务
bash
systemctl restart nova-compute添加计算节点(Controller)
bash
source admin-openrc.sh
bash
openstack compute service list --service nova-compute
bash
# 输出如下的内容
root@controller:~# openstack compute service list --service nova-compute
+--------------------------------------+--------------+----------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+--------------------------------------+--------------+----------+------+---------+-------+----------------------------+
| c9dd606c-0f31-4a9e-9c6f-bb40e33cf054 | nova-compute | compute1 | nova | enabled | up | 2024-03-31T08:01:53.000000 |
+--------------------------------------+--------------+----------+------+---------+-------+----------------------------+
bash
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
bash
# 输出如下的内容
root@controller:~# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': e52327df-10e2-41e1-a1d2-5d7724a85688
Checking host mapping for compute host 'compute1': 844b86c1-7310-4ddf-82cd-0b8f3350ef0d
Creating host mapping for compute host 'compute1': 844b86c1-7310-4ddf-82cd-0b8f3350ef0d
Found 1 unmapped computes in cell: e52327df-10e2-41e1-a1d2-5d7724a85688验证配置(Controller)
bash
openstack compute service list
bash
# 输出如下的内容
root@controller:~# openstack compute service list
+--------------------------------------+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+--------------------------------------+----------------+------------+----------+---------+-------+----------------------------+
| 2779af9c-cde5-41a6-87b2-5b6840d9b88b | nova-conductor | controller | internal | enabled | up | 2024-03-31T08:03:07.000000 |
| b24be4f1-ea05-4ee3-a7eb-8402ff53f172 | nova-scheduler | controller | internal | enabled | up | 2024-03-31T08:03:15.000000 |
| c9dd606c-0f31-4a9e-9c6f-bb40e33cf054 | nova-compute | compute1 | nova | enabled | up | 2024-03-31T08:03:13.000000 |
+--------------------------------------+----------------+------------+----------+---------+-------+----------------------------+
bash
openstack catalog list
bash
openstack image list
bash
nova-status upgrade check安装Neutron(使用的是OVN)
Controller节点
创建数据库
bash
mysql
bash
CREATE DATABASE neutron;
bash
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
bash
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';NEUTRON_DBPASS为要设置的密码
bash
exit创建neutron用户
bash
source admin-openrc.sh
bash
openstack user create --domain default --password-prompt neutron添加到admin
bash
openstack role add --project service --user neutron admin创建neutron服务实体
bash
openstack service create --name neutron \
--description "OpenStack Networking" network创建API端点
bash
openstack endpoint create --region RegionOne \
network public http://controller:9696
bash
openstack endpoint create --region RegionOne \
network internal http://controller:9696
bash
openstack endpoint create --region RegionOne \
network admin http://controller:9696安装组件
bash
apt -y install neutron-server neutron-plugin-ml2 python3-neutronclient ovn-central openvswitch-switch配置组件
bash
vim /etc/neutron/neutron.conf
bash
[DEFAULT]
bind_host = controller
bind_port = 9696
core_plugin = ml2
service_plugins = ovn-router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
transport_url = rabbit://openstack:RABBIT_PASS@controllerRABBIT_PASS为rabbit创建openstack用户创建的密码
bash
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASSNEUTRON_PASS为openstack创建neutron用户设置的密码
bash
[database]
connection = mysql+pymysql://neutron:NEUTRON_PASS@controller/neutronNEUTRON_PASS为创建neutron用户访问数据库设置的密码
bash
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASSNOVA_PASS为openstack创建nova用户设置的密码
bash
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
bash
vim /etc/neutron/plugins/ml2/ml2_conf.ini
bash
[DEFAULT]
debug = false
bash
[ml2]
type_drivers = flat,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4
bash
[ml2_type_geneve]
vni_ranges = 1:65536
max_header_size = 38
bash
[ml2_type_flat]
flat_networks = *
bash
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
bash
[ovn]
ovn_nb_connection = tcp:ControllerIP:6641
ovn_sb_connection = tcp:ControllerIP:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = TrueControllerIP为Controller节点的IP地址
bash
vim /etc/default/openvswitch-switch
bash
OVS_CTL_OPTS="--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
bash
vim /etc/nova/nova.conf
bash
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_PASS
insecure = falseNEUTRON_PASS为openstack创建neutron用户设置的密码
METADATA_PASS为创建的密码
填充数据库
bash
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启服务
bash
systemctl restart nova-api
bash
systemctl restart openvswitch-switch
bash
ovs-vsctl add-br br-int
bash
systemctl restart ovn-central ovn-northd
bash
ovn-nbctl set-connection ptcp:6641:ControllerIP -- set connection . inactivity_probe=60000
bash
ovn-sbctl set-connection ptcp:6642:ControllerIP -- set connection . inactivity_probe=60000ControllerIP为Controller节点的IP地址
bash
systemctl restart neutron-serverCompute节点
安装组件
bash
apt -y install neutron-common neutron-plugin-ml2 neutron-ovn-metadata-agent ovn-host openvswitch-switch配置组件
bash
vim /etc/neutron/neutron.conf
bash
[DEFAULT]
core_plugin = ml2
service_plugins = ovn-router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = True
transport_url = rabbit://openstack:RABBIT_PASS@controllerRABBIT_PASS为rabbit创建openstack设置的密码
bash
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASSNEUTRON_PASS为openstack创建neutron用户设置的密码
bash
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
bash
vim /etc/neutron/plugins/ml2/ml2_conf.ini
bash
[DEFAULT]
debug = false
bash
[ml2]
type_drivers = flat,geneve
tenant_network_types = geneve
mechanism_drivers = ovn
extension_drivers = port_security
overlay_ip_version = 4
bash
[ml2_type_geneve]
vni_ranges = 1:65536
max_header_size = 38
bash
[ml2_type_flat]
flat_networks = *
bash
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
bash
[ovn]
ovn_nb_connection = tcp:ControllerIP:6641
ovn_sb_connection = tcp:ControllerIP:6642
ovn_l3_scheduler = leastloaded
ovn_metadata_enabled = TrueControllerIP为Controller节点的IP地址
bash
vim /etc/neutron/neutron_ovn_metadata_agent.ini
bash
[DEFAULT]
nova_metadata_host = controller
nova_metadata_protocol = http
metadata_proxy_shared_secret = METADATA_PASSMETADATA_PASS为设置的密码要与Controller的配置一样
bash
[ovs]
ovsdb_connection = tcp:127.0.0.1:6640
bash
[agent]
root_helper = sudo neutron-rootwrap /etc/neutron/rootwrap.conf
bash
[ovn]
ovn_sb_connection = tcp:ControllerIP:6642ControllerIP为Controller节点的IP地址
bash
vim /etc/default/openvswitch-switch
bash
OVS_CTL_OPTS="--ovsdb-server-options='--remote=ptcp:6640:127.0.0.1'"
bash
vim /etc/nova/nova.conf
bash
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_PASS
insecure = falseNEUTRON_PASS为openstack创建neutron用户设置的密码
METADATA_PASS为创建的密码
重启服务
bash
systemctl restart openvswitch-switch ovn-controller ovn-host
bash
systemctl restart neutron-ovn-metadata-agent
bash
systemctl restart nova-compute
bash
ovs-vsctl set open . external-ids:ovn-remote=tcp:ControllerIP:6642ControllerIP为Controller节点的IP地址
bash
ovs-vsctl set open . external-ids:ovn-encap-type=geneve
bash
ovs-vsctl set open . external-ids:ovn-encap-ip=ComputeIPComputeIP为Compute节点的IP地址
配置验证(Controller)
bash
source admin-openrc.sh
bash
openstack network agent list
bash
# 输入如下的内容表示成功
root@controller:~# openstack network agent list
+--------------------------------------+----------------------+----------+-------------------+-------+-------+----------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+----------------------+----------+-------------------+-------+-------+----------------------------+
| e42ab135-4870-4bfd-8b90-47ad92732627 | OVN Controller agent | compute1 | | :-) | UP | ovn-controller |
| 952c013f-c53d-54b8-89b4-d55930a40171 | OVN Metadata agent | compute1 | | :-) | UP | neutron-ovn-metadata-agent |
+--------------------------------------+----------------------+----------+-------------------+-------+-------+----------------------------+创建OVN网络
Controller节点 && Compute节点
bash
# br-ens34你可以随便取名字
ovs-vsctl add-br br-ens34
bash
# ens34为第二张网卡的名称
ovs-vsctl add-port br-ens34 ens34
bash
# provider你可以随便取名字
ovs-vsctl set open . external-ids:ovn-bridge-mappings=provider:br-ens34Controller节点
bash
# 创建一个路由
openstack router create router
# 创建selfservice
openstack network create selfservice --provider-network-type geneve
# 创建selfservice子网
openstack subnet create --network selfservice \
--dns-nameserver 8.8.8.8 --gateway 172.16.1.1 \
--subnet-range 172.16.1.0/24 selfservice
# 创建外部网络
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
# 创建外部网络子网
openstack subnet create --network provider \
--allocation-pool start=192.168.46.240,end=192.168.46.250 \
--dns-nameserver 8.8.8.8 --gateway 192.168.46.2 \
--subnet-range 192.168.46.0/24 provider
# 给路由设置网关
openstack router set router --external-gateway provider
# 给路由添加内部接口
openstack router add subnet router selfservice
# 验证是否成功
openstack port list --router router
# 输入如下的内容表示成功
root@controller:~# openstack port list --router router
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| ID | Name | MAC Address | Fixed IP Addresses | Status |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
| 56a061e8-f5b1-4df8-8dcb-347bb53ecead | | fa:16:3e:28:2c:c3 | ip_address='172.16.1.1', subnet_id='df79d0ea-9548-486c-8c79-b9dfe9da35ff' | ACTIVE |
| 6a5c3ba2-df0f-4552-91f1-8eafcdd65da0 | | fa:16:3e:02:f7:16 | ip_address='192.168.46.249', subnet_id='d608e2b9-d2e2-423c-bfec-2a23a1516760' | ACTIVE |
+--------------------------------------+------+-------------------+-------------------------------------------------------------------------------+--------+
bash
# 也可以通过如下的命令查看
ovn-nbctl show
# 输出如下的内容
root@controller:~# ovn-nbctl show
switch dc4e3afc-da27-4e73-b741-a1c8d57434f7 (neutron-43fe943c-fe1a-4dfe-9f3a-91dc7cdf823f) (aka provider)
port 6a5c3ba2-df0f-4552-91f1-8eafcdd65da0
type: router
router-port: lrp-6a5c3ba2-df0f-4552-91f1-8eafcdd65da0
port dcd112c2-dd97-4f40-b7ba-f8d64bd68a5d
addresses: ["fa:16:3e:16:bc:3a 192.168.46.246"]
port provnet-3140ef3f-1dc0-4490-bfdb-134d1c611aec
type: localnet
addresses: ["unknown"]
port 201604e9-1146-4536-a56d-965e82e26d8e
type: localport
addresses: ["fa:16:3e:5e:20:5b 192.168.46.240"]
switch e7a2f47f-0ea4-4587-bd18-d444a8f1b500 (neutron-31f3eb52-667f-4b5a-8ef3-3f1d048b29b3) (aka selfservice)
port d47fb30d-6d47-4d57-bd4d-96f779f6e765
type: localport
addresses: ["fa:16:3e:47:46:d8 172.16.1.2"]
port d2183412-590a-4bc0-b992-7efaf8a8c9f1
addresses: ["fa:16:3e:a0:e5:23 172.16.1.37"]
port 56a061e8-f5b1-4df8-8dcb-347bb53ecead
type: router
router-port: lrp-56a061e8-f5b1-4df8-8dcb-347bb53ecead
router 715fc656-e8f8-4328-aa2d-82b994bcfe2d (neutron-43435b65-0e5e-4bc0-90fa-5a01c1aa89c2) (aka router)
port lrp-56a061e8-f5b1-4df8-8dcb-347bb53ecead
mac: "fa:16:3e:28:2c:c3"
networks: ["172.16.1.1/24"]
port lrp-6a5c3ba2-df0f-4552-91f1-8eafcdd65da0
mac: "fa:16:3e:02:f7:16"
networks: ["192.168.46.249/24"]
gateway chassis: [e42ab135-4870-4bfd-8b90-47ad92732627]
nat d4d704be-2102-437b-bc4a-0be5504824aa
external ip: "192.168.46.249"
logical ip: "172.16.1.0/24"
type: "snat"
root@controller:~# 安装Dashboard
Controller节点
安装组件
bash
apt install openstack-dashboard -y配置组件
bash
vim /etc/openstack-dashboard/local_settings.py
bash
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
bash
vim /etc/apache2/conf-available/openstack-dashboard.conf
bash
# 不存在则添加
WSGIApplicationGroup %{GLOBAL}如果不能正常访问
bash
python3 /usr/share/openstack-dashboard/manage.py compress重启服务
bash
systemctl reload apache2.service基础的配置(也可以去dashboard上创建)
创建实例的计算、内存和存储容量的大小
bash
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano密钥设置
bash
ssh-keygen -q -N ""
bash
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey设置安全组
bash
openstack security group rule create --proto icmp default
bash
openstack security group rule create --proto tcp --dst-port 22 default