注意事项!!!
Openstack主要组件安装的顺序
- Keystone(apache)
- glance
- nova
- neutron
Controller节点配置
创建数据库和授权用户
创建数据库
[root@controller ~]# mysql -uroot -p000000 MariaDB [(none)]> CREATE DATABASE nova_api; MariaDB [(none)]> CREATE DATABASE nova; MariaDB [(none)]> CREATE DATABASE nova_cell0; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '000000'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> exit
创建用户服务和API的endpoint
创建用户服务
[root@controller ~]# openstack user create --domain default --password 000000 nova #创建nova用户 [root@controller ~]# openstack role add --project service --user nova admin #给与nova用户对service项目拥有admin权限 [root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute #创建一个nova服务,服务类型为compute
创建API的endpoint
三种API端点代表三种服务:admin、internal、public
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 [root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 [root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
安装 openstack-Nova 软件包
[root@controller ~]# yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
编辑配置文件
编辑nova.conf
[root@controller ~]# cp -a /etc/nova/nova.conf{,.bak} #在保留源文件属性的前提下进行批量复制 [root@controller ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf #对nova.conf.bak反向过滤掉空格和注释项,覆盖到nova.conf [root@controller ~]# vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata #指定支持的api类型 my_ip = 192.168.1.100 #定义本地IP use_neutron = true #通过neutron获取IP地址 firewall_driver = nova.virt.firewall.NoopFirewallDriver transport_url = rabbit://openstack:000000@controller #指定连接的rabbitmq [api] auth_strategy = keystone #指定使用keystone认证 [api_database] connection = mysql+pymysql://nova:000000@controller/nova_api [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] connection = mysql+pymysql://nova:000000@controller/nova [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://controller:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] #配置keystone的认证信息 auth_url = http://controller:5000/v3 #到此url去认证 memcached_servers = controller:11211 #memcache数据库地址:端口 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = 000000 [libvirt] virt_type = qemu [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] #指定锁路径 lock_path = /var/lib/nova/tmp #锁的作用是创建虚拟机时,在执行某个操作的时候,需要等此步骤执行完后才能执行下一个步骤,不能并行执行,保证操作是一步一步的执行 [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [pci] [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 000000 [powervm] [privsep] [profiler] [quota] [rdp] [remote_debug] [scheduler] discover_hosts_in_cells_interval = 300 #默认每次添加个计算节点,在控制端就需要执行一次扫描,这样会很麻烦,所以可以修改控制端nova的主配置文件 [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] [vnc] #此处如果配置不正确,则连接不上虚拟机的控制台 enabled = true server_listen = $my_ip #指定vnc的监听地址 server_proxyclient_address = $my_ip #server的客户端地址为本机地址;此地址是管理网的地址 [workarounds] [wsgi] [xenserver] [xvp] [zvm] [placement_database] connection = mysql+pymysql://placement:000000@controller/placement
初始化nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova #注册cell0数据库;nova服务内部把资源划分到不同的cell中,把计算节点划分到不同的cell中;openstack内部基于cell把计算节点进行逻辑上的分组 [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova #创建cell1单元格 [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova #验证cell0和cell1是否注册成功
启动服务
启动服务
[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service [root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
检查服务端口
[root@controller ~]# netstat -tnlup|egrep '8774|8775'
检查是否能获取8774端口内容
[root@controller ~]# curl http://controller:8774
Compute节点配置
安装nova-compute 软件包
[root@compute ~]# yum -y install openstack-nova-compute
编辑配置文件
编辑nova.conf
[root@compute ~]# cp -a /etc/nova/nova.conf{,.bak} [root@compute ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf [root@compute ~]# vi /etc/nova/nova.conf [DEFAULT] enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:000000@controller my_ip = 192.168.1.200 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [api] auth_strategy = keystone [api_database] [barbican] [cache] [cinder] [compute] [conductor] [console] [consoleauth] [cors] [database] [devices] [ephemeral_storage_encryption] [filter_scheduler] [glance] api_servers = http://controller:9292 [guestfs] [healthcheck] [hyperv] [ironic] [key_manager] [keystone] [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = 000000 [libvirt] virt_type = qemu [metrics] [mks] [neutron] [notifications] [osapi_v21] [oslo_concurrency] lock_path = /var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_kafka] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [pci] [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = 000000 [powervm] [privsep] [profiler] [quota] [rdp] [remote_debug] [scheduler] [serial_console] [service_user] [spice] [upgrade_levels] [vault] [vendordata_dynamic_auth] [vmware] [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://192.168.1.100:6080/vnc_auto.html #注意此为controller控制节点的IP地址 [workarounds] [wsgi] [xenserver] [xvp] [zvm]
开启服务
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service [root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service
整体服务验证
controller节点操作
[root@controller ~]# openstack compute service list --service nova-compute #查看compute节点是否注册到controller上,通过消息队列;需要在controller节点执行
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova #扫描当前openstack中有哪些计算节点可用,发现后会把计算节点创建到cell中,后面就可以在cell中创建虚拟机;相当于openstack内部对计算节点进行分组,把计算节点分配到不同的cell中 PS:因为此前已在nova.conf配置文件中的[scheduer]做过优化,所以此步可以省略
检查 nova 的各个服务是否都是正常,以及 compute 服务是否注册成功
[root@controller ~]# openstack compute service list
查看各个组件的 api 是否正常
[root@controller ~]# openstack catalog list
查看是否能够获取镜像
[root@controller ~]# openstack image list
查看cell的api和placement的api是否正常
只要其中一个有误,后期无法创建虚拟机
[root@controller ~]# nova-status upgrade check