CentOS Stream 8 通过 Packstack 安装开源 OpenStack（V版）

1、环境规划以及网卡配置

controller IP：192.168.235.101

compute IP：192.168.235.102

控制节点

$root@luck \~$ # cd /etc/sysconfig/network-scripts/

$root@luck network-scripts$ # vi ifcfg-ens160

$root@luck network-scripts$ # cat ifcfg-ens160

TYPE=Ethernet

BOOTPROTO=none

NAME=ens160

DEVICE=ens160

ONBOOT=yes

IPADDR=192.168.235.101

NETMASK=255.255.255.0

GATEWAY=192.168.235.2

DNS1=192.168.235.2

计算节点

$root@luck \~$ # cd /etc/sysconfig/network-scripts/

$root@luck network-scripts$ # vi ifcfg-ens160

$root@luck network-scripts$ # cat ifcfg-ens160

TYPE=Ethernet

BOOTPROTO=none

NAME=ens160

DEVICE=ens160

ONBOOT=yes

IPADDR=192.168.235.102

NETMASK=255.255.255.0

GATEWAY=192.168.235.2

DNS1=192.168.235.2

修改控制节点和计算节点主机名

$root@luck \~$ # hostnamectl set-hostname controller ---控制节点

$root@luck \~$ # hostnamectl set-hostname compute ---计算节点

2、关闭防火墙/selinux/networkmanager

注意:networkmanager,这个组件是在!inux8版本里面管理网络服务的(ip地址)，如果你提前把它关闭并禁用了，那么当节点重启的时候，是无法自动获取到ip地址的。

但是如果不关闭，它又会和 gpenstack,里面的 neutron 网络服务组件产生冲突。我们采用这种方式:暂时先不关闭networkmanager，等把所有环境全部安装好之后，再手工关闭和禁用 networkmanager，并使用 network来替换 networkmanager 这个服务。

控制节点关闭防火墙和selinux

$root@controller \~$ # systemctl stop firewalld

$root@controller \~$ # systemctl disable firewalld

Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

$root@controller \~$ # setenforce 0 临时关闭

$root@controller \~$ # vi /etc/sysconfig/selinux ---永久关闭

$root@controller \~$ # cat /etc/sysconfig/selinux

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing - SELinux security policy is enforced.

permissive - SELinux prints warnings instead of enforcing.

disabled - No SELinux policy is loaded.

SELINUX=disabled

SELINUXTYPE= can take one of these three values:

targeted - Targeted processes are protected,

minimum - Modification of targeted policy. Only selected processes are protected.

mls - Multi Level Security protection.

SELINUXTYPE=targeted

或者永久关闭selinux

sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

计算节点关闭防火墙和selinux

$root@compute \~$ # systemctl stop firewalld

$root@compute \~$ # systemctl disable firewalld

Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.

Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

$root@compute \~$ # setenforce 0

$root@compute\~$ #sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux

3、主机名映射及基础软件包

控制节点和计算节点都要映射

$root@controller \~$ # echo '192.168.235.101 controller' >> /etc/hosts

$root@controller \~$ # echo '192.168.235.102 compute' >> /etc/hosts

$root@controller \~$ # cat /etc/hosts

127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4

::1 localhost localhost.localdomain localhost6 localhost6.localdomain6

192.168.235.101 controller

192.168.235.102 compute

$root@controller \~$ # yum install -y vim net-tools bash-completion chrony.x86_64 centos-release-openstack-victoria.noarch

4、配置时间服务器NTP

控制节点

$root@controller \~$ # vim /etc/chrony.conf

server ntp.aliyun.com iburst

allow 192.168.100.0/24

重启时间服务器

$root@controller \~$ # systemctl start chronyd.service

$root@controller \~$ # systemctl enable chronyd

计算节点

$root@compute \~$ # vim /etc/chrony.conf

server controller iburst

重启时间服务器

$root@compute \~$ # systemctl start chronyd.service

$root@compute \~$ # systemctl enable chronyd

5、配置YUM源

5.1 控制节点

$root@controller \~$ # mkdir /etc/yum.repos.d/bak

$root@controller \~$ # mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
$root@compute \~$ # cat /etc/yum.repos.d/cloudcs.repo
$highavailability$
name=CentOS Stream 8 - HighAvailability

baseurl=https://mirrors.aliyun.com/centos/8-stream/HighAvailability/x86_64/os/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$nfv$
name=CentOS Stream 8 - NFV

baseurl=https://mirrors.aliyun.com/centos/8-stream/NFV/x86_64/os/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$rt$
name=CentOS Stream 8 - RT

baseurl=https://mirrors.aliyun.com/centos/8-stream/RT/x86_64/os/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$resilientstorage$
name=CentOS Stream 8 - ResilientStorage

baseurl=https://mirrors.aliyun.com/centos/8-stream/ResilientStorage/x86_64/os/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$extras-common$
name=CentOS Stream 8 - Extras packages

baseurl=https://mirrors.aliyun.com/centos/8-stream/extras/x86_64/extras-common/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$extras$
name=CentOS Stream - Extras

mirrorlist=http://mirrorlist.centos.org/?release=\&arch=\&repo=extras\&infra=

#baseurl=http://mirror.centos.org///extras//os/

baseurl=https://mirrors.aliyun.com/centos/8-stream/extras/x86_64/os/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
$centos-ceph-pacific$
name=CentOS - Ceph Pacific

baseurl=https://mirrors.aliyun.com/centos-vault/8-stream/storage/x86_64/ceph-pacific/

gpgcheck=0

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
$centos-rabbitmq-38$
name=CentOS-8 - RabbitMQ 38

baseurl=https://mirrors.aliyun.com/centos-vault/8-stream/messaging/x86_64/rabbitmq-38/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Messaging
$centos-nfv-openvswitch$
name=CentOS Stream 8 - NFV OpenvSwitch

baseurl=https://mirrors.aliyun.com/centos-vault/8-stream/nfv/x86_64/openvswitch-2/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV

module_hotfixes=1
$baseos$
name=CentOS Stream 8 - BaseOS

baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$appstream$
name=CentOS Stream 8 - AppStream

baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

gpgcheck=1

repo_gpgcheck=0

metadata_expire=6h

countme=1

enabled=1
$centos-openstack-victoria$
name=CentOS 8 - OpenStack victoria

baseurl=https://mirrors.aliyun.com/centos/8-stream/cloud/x86_64/openstack-victoria/

#baseurl=https://repo.huaweicloud.com/centos/8-stream/cloud/x86_64/openstack-yoga/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud

module_hotfixes=1
$powertools$
name=CentOS Stream 8 - PowerTools

#mirrorlist=http://mirrorlist.centos.org/?release=\&arch=\&repo=PowerTools\&infra=

baseurl=https://mirrors.aliyun.com/centos/8-stream/PowerTools/x86_64/os/

gpgcheck=1

enabled=1

gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial

5.2 计算节点

$root@compute \~$ # mkdir /etc/yum.repos.d/bak

$root@compute \~$ # mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/

$root@compute \~$ # scp controller:/etc/yum.repos.d/cloudcs.repo /etc/yum.repos.d/

6、安装配置

6.1 控制节点安装 PackStack 工具

$root@controller \~$ # yum install -y openstack-packstack

6.2 生成应答文件

$root@controller \~$ # packstack --gen-answer-file=111.txt

6.3 修改应答文件

$root@controller \~$ # vim 111.txt

97 CONFIG_COMPUTE_HOSTS=192.168.235.101,192.168.235.102

323 CONFIG_KEYSTONE_ADMIN_PW=123456

1169 CONFIG_PROVISION_DEMO=n

60 CONFIG_HEAT_INSTALL=y

909 CONFIG_NEUTRON_OVN_BRIDGE_IFACES=br-ex:ens160

7、开始安装openstack

$root@controller \~$ # packstack --answer-file=111.txt

Welcome to the Packstack setup utility

The installation log file is available at: /var/tmp/packstack/20240910-084808-673i1d3e/openstack-setup.log

Installing:

Clean Up $DONE$

Discovering ip protocol version $DONE$

root@192.168.235.102's password:

root@192.168.235.101's password:

Setting up ssh keys $DONE$

Preparing servers $DONE$

Pre installing Puppet and discovering hosts' details $DONE$

Preparing pre-install entries $DONE$

Setting up CACERT $DONE$

Preparing AMQP entries $DONE$

Preparing MariaDB entries $DONE$

Fixing Keystone LDAP config parameters to be undef if empty $DONE$

Preparing Keystone entries $DONE$

Preparing Glance entries $DONE$

Checking if the Cinder server has a cinder-volumes vg $DONE$

Preparing Cinder entries $DONE$

Preparing Nova API entries $DONE$

Creating ssh keys for Nova migration $DONE$

Gathering ssh host keys for Nova migration $DONE$

Preparing Nova Compute entries $DONE$

Preparing Nova Scheduler entries $DONE$

Preparing Nova VNC Proxy entries $DONE$

Preparing OpenStack Network-related Nova entries $DONE$

Preparing Nova Common entries $DONE$

Preparing Neutron API entries $DONE$

Preparing Neutron L3 entries $DONE$

Preparing Neutron L2 Agent entries $DONE$

Preparing Neutron DHCP Agent entries $DONE$

Preparing Neutron Metering Agent entries $DONE$

Checking if NetworkManager is enabled and running $DONE$

Preparing OpenStack Client entries $DONE$

Preparing Horizon entries $DONE$

Preparing Swift builder entries $DONE$

Preparing Swift proxy entries $DONE$

Preparing Swift storage entries $DONE$

Preparing Heat entries $DONE$

Preparing Heat CloudFormation API entries $DONE$

Preparing Gnocchi entries $DONE$

Preparing Redis entries $DONE$

Preparing Ceilometer entries $DONE$

Preparing Aodh entries $DONE$

Preparing Puppet manifests $DONE$

Copying Puppet modules and manifests $DONE$

Applying 192.168.235.101_controller.pp

192.168.235.101_controller.pp: $DONE$

Applying 192.168.235.101_network.pp

192.168.235.101_network.pp: $DONE$

Applying 192.168.235.102_compute.pp

Applying 192.168.235.101_compute.pp

192.168.235.101_compute.pp: $DONE$

192.168.235.102_compute.pp: $DONE$

Applying Puppet manifests $DONE$

Finalizing $DONE$

**** Installation completed successfully ******

Additional information:

* Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks

* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.

* File /root/keystonerc_admin has been created on OpenStack client host 192.168.235.101. To use the command line tools you need to source the file.

* To access the OpenStack Dashboard browse to http://192.168.235.101/dashboard .

Please, find your login credentials stored in the keystonerc_admin in your home directory.

* The installation log file is available at: /var/tmp/packstack/20240910-084808-673i1d3e/openstack-setup.log

* The generated manifests are available at: /var/tmp/packstack/20240910-084808-673i1d3e/manifests

8、安装完成

8.1 登入测试

http://192.168.235.101/dashboard ----登入链接

8.2 开启network开机自启服务

$root@controller \~$ # systemctl enable network

$root@compute \~$ # systemctl enable network