Professional Documents
Culture Documents
用户手册
目 录
简介............................................................................................................................................... 7
1 基本环境配置............................................................................................................................. 8
1.2 配置网络、主机名........................................................................................................... 9
1.4 编辑环境变量................................................................................................................ 13
1.5 通过脚本安装服务......................................................................................................... 15
1.7 配置域名解析................................................................................................................ 15
1.9 通过脚本安装数据库服务............................................................................................. 16
2 安装 Keystone 认证服务........................................................................................................... 19
2.4 配置数据库连接............................................................................................................. 20
2.6 创建令牌........................................................................................................................ 20
2.7 创建签名密钥和证书..................................................................................................... 20
2.8 定义用户、租户和角色................................................................................................. 23
2.9 创建 demo-openrc.sh...................................................................................................... 24
2.10 创建 admin-openrc.sh................................................................................................... 24
3 安装 Glance 镜像服务.............................................................................................................. 25
1
3.2 安装 Glance 镜像服务软件包........................................................................................ 25
3.4 配置数据库连接............................................................................................................. 25
3.5 为镜像服务创建数据库表............................................................................................. 25
3.6 创建用户........................................................................................................................ 26
3.7 配置镜像服务................................................................................................................ 26
3.9 启动服务........................................................................................................................ 27
3.10 上传镜像...................................................................................................................... 27
4 安装 Nova 计算服务................................................................................................................. 28
4.4 为计算服务创建数据库表............................................................................................. 29
4.5 创建用户........................................................................................................................ 29
4.6 配置计算服务................................................................................................................ 29
4.8 添加配置........................................................................................................................ 32
4.9 启动服务........................................................................................................................ 32
4.13 检查系统处理器是否支持虚拟机的硬件加速............................................................34
4.14 启动.............................................................................................................................. 34
4.15 添加计算节点.............................................................................................................. 34
5 安装 Neutron 网络服务............................................................................................................. 35
5.3 创建用户........................................................................................................................ 35
2
5.6 配置 Neutron 服务.......................................................................................................... 36
5.7 创建数据库.................................................................................................................... 39
5.8 启动服务和创建网桥..................................................................................................... 39
5.9 安装软件包.................................................................................................................... 39
5.11 启动服务进而创建网桥............................................................................................... 41
6 安装 Dashboard 服务................................................................................................................ 41
6.3 配置................................................................................................................................ 41
6.4 启动服务........................................................................................................................ 52
6.5 访问................................................................................................................................ 52
6.6 创建云主机.................................................................................................................... 52
7 安装 Cinder 块存储服务........................................................................................................... 53
7.3 创建数据库.................................................................................................................... 53
7.4 创建用户........................................................................................................................ 53
7.7 创建数据库.................................................................................................................... 55
7.8 启动服务........................................................................................................................ 55
7.9 安装块存储软件............................................................................................................ 56
7.12 重启服务...................................................................................................................... 57
7.13 验证.............................................................................................................................. 57
8 安装 Swift 对象存储服务......................................................................................................... 58
8.2 创建用户........................................................................................................................ 58
3
8.3 创建 Endpoint 和 API 端点............................................................................................. 58
8.4 编辑/etc/swift/proxy-server.conf..................................................................................... 59
8.5 创建账号、容器、对象................................................................................................. 61
8.7 启动服务和赋予权限..................................................................................................... 62
8.8 安装软件包.................................................................................................................... 63
8.9 配置 rsync....................................................................................................................... 63
8.10 配置账号、容器和对象............................................................................................... 65
8.12 重启服务和赋予权限................................................................................................... 67
9 安装 Heat 编配服务.................................................................................................................. 68
9.3 创建数据库.................................................................................................................... 68
9.4 创建用户........................................................................................................................ 69
9.7 创建数据库.................................................................................................................... 71
9.8 启动服务........................................................................................................................ 71
10 安装 Zun 服务......................................................................................................................... 71
10.3 创建数据库.................................................................................................................. 71
10.4 创建用户...................................................................................................................... 72
10.7 创建数据库.................................................................................................................. 74
10.8 启动服务...................................................................................................................... 74
10.9 安装软件包.................................................................................................................. 74
10.10 配置服务.................................................................................................................... 74
10.11 修改内核参数............................................................................................................. 76
4
10.12 启动服务.................................................................................................................... 76
10.13 上传镜像.................................................................................................................... 76
10.14 启动容器.................................................................................................................... 77
11 安装 Ceilometer 监控服务...................................................................................................... 77
11.3 创建数据库.................................................................................................................. 78
11.4 创建用户...................................................................................................................... 78
11.6 配置 Ceilometer............................................................................................................ 79
11.7 创建监听端点.............................................................................................................. 81
11.8 创建数据库.................................................................................................................. 81
11.9 启动服务...................................................................................................................... 82
11.10 监控组件.................................................................................................................... 82
11.11 添加变量参数............................................................................................................. 83
11.12 安装软件包................................................................................................................ 83
11.13 配置 Ceilometer.......................................................................................................... 83
11.14 启动服务.................................................................................................................... 84
12 安装 Aodh 监控服务............................................................................................................... 84
12.2 创建数据库.................................................................................................................. 84
12.5 安装软件包.................................................................................................................. 85
12.6 配置 aodh...................................................................................................................... 85
12.7 创建监听端点.............................................................................................................. 86
12.8 同步数据库.................................................................................................................. 87
12.9 启动服务...................................................................................................................... 87
13 添加控制节点资源到云平台.................................................................................................. 88
13.1 修改 openrc.sh.............................................................................................................. 88
13.2 运行 iaas-install-nova-compute.sh................................................................................88
5
6
简介
有云平台的搭建、云平台的使用、各组件的运维操作等。
chinaskills_cloud_iaas.iso 包含的具体内容如下:
编号 软件包 详细信息
提供安装脚本,可用安装脚本快捷部署 OpenStack 私有云平
台
根据 iaas-repo 镜像源目录,可用于安装 KeyStone 服务,以
及对 keystone 认证服务进行创建用户、租户、管理权限等操
作
根据 iaas-repo 镜像源目录,可用于安装 Glance 服务,以及
对 glance 服务进行上传镜像、删除镜像、创建快照等操作
根据 iaas-repo 镜像源目录,可用于安装 Nova 服务,以及对
nova 服务进行启动云主机、创建云主机类型、删除云主机等
操作
根据 iaas-repo 镜像源目录,可用于安装 Neutron 服务,以及
对 neutron 服务进行创建网络、删除网络、编辑网络等操作
1 iaas-repo 根据 iaas-repo 镜像源目录,可用于安装 Horzion 服务,可以
通过 Horzion Dashboard 界面对 OpenStack 平台进行管理
根据 iaas-repo 镜像源目录,可用于安装 Cinder 服务,以及对
Cinder 服务进行创建块设备、管理块设备连接、删除块设备
等操作
根据 iaas-repo 镜像源目录,可用于安装 Swift 服务,以及对
Swift 服务进行创建容器、上传对象、删除对象等操作
根据 iaas-repo 镜像源目录,可用于安装 Heat 服务,可通过
编辑模板文件,实现 Heat 编排操作
根据 iaas-repo 镜像源目录,可用于安装 Ceilometer 和 Aodh
监控服务,可通过这两个服务对私有云平台进行监控与告警
根据 iaas-repo 镜像源目录,可用于安装 Zun 服务,Zun 服务
可在 OpenStack 私有云平台中提供容器服务
提供 CentOS7_1804.tar (容器镜像),可用于 Zun 服务启动
容器镜像
提 供 CentOS_7.5_x86_64_XD.qcow2 镜 像 , 该 镜 像 为
2 images
CentOS7.5 版本的虚拟机镜像,可基于该镜像启动 CentOS7.5
的云主机,用于各项操作与服务搭建
提 供 CentOS_7.2_x86_64_XD.qcow2 镜 像 , 该 镜 像 为
7
CentOS7.2 版本的虚拟机镜像,可基于该镜像启动 CentOS7.2
的云主机,用于各项操作与服务搭建
提 供 CentOS_6.5_x86_64_XD.qcow2 镜 像 , 该 镜 像 为
CentOS6.5 版本的虚拟机镜像,可基于该镜像启动 CentOS6.5
的云主机,用于各项操作与服务搭建
1 基本环境配置
Keystone 安全认证服务
Glance 镜像服务
192.168.100.10/24
Nova 计算控制服务
eth0
Dashboard 管理界面
Neutron Server 网 络 服 192.168.200.10/24
务 Internet
Cinder 存储控制服务 eth1
Rabbit 消息服务
Mysql 数据库
Swift 代理服务 中心防火墙
Heat 编配服务
Ceilometer 监控服务
192.168.100.1/24
核心交换机
8
以 sda,sdb 为例。作为 cinder 和 swift 存储磁盘,搭建 ftp 服务器作为搭建云平台的 yum 源。
配置文件中密码需要根据实际环境进行配置。
1.1 安装 CentOS7 说明
【CentOS7 版本】
(parted) mkpart swift 702G 803G //创建 swift 分区,从 702G 到 803G
1.2 配置网络、主机名
修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*(具体的网口)文件。
(1)controller 节点
配置网络:
enp8s0: 192.168.100.10
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.10
PREFIX=24
GATEWAY=192.168.100.1
9
enp9s0: 192.168.200.10
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.10
PREFIX=24
配置主机名:
# hostnamectl set-hostname controller
按 ctrl+d 退出 重新登陆
(2)compute 节点
配置网络:
enp8s0: 192.168.100.20
DEVICE=enp8s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.100.20
PREFIX=24
GATEWAY=192.168.100.1
enp9s0: 192.168.200.20
DEVICE=enp9s0
TYPE=Ethernet
ONBOOT=yes
NM_CONTROLLED=no
BOOTPROTO=static
IPADDR=192.168.200.20
10
PREFIX=24
配置主机名:
# hostnamectl set-hostname compute
按 ctrl+d 退出 重新登陆
1.3 配置 yum 源
#Controller 和 compute 节点
(1)yum 源备份
(2)创建 repo 文件
【controller】
[centos]
name=centos
baseurl=file:///opt/centos
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=file:///opt/iaas-repo
gpgcheck=0
enabled=1
【compute】
[centos]
name=centos
baseurl=ftp://192.168.100.10/centos
11
gpgcheck=0
enabled=1
[iaas]
name=iaas
baseurl=ftp://192.168.100.10/iaas-repo
gpgcheck=0
enabled=1
(3)挂载 iso 文件
【挂载 CentOS-7-x86_64-DVD-1804.iso】
【挂载 XianDian-IaaS-v2.4.iso】
添加 anon_root=/opt/
保存退出
(5)配置防火墙和 Selinux
【controller/compute】
12
编辑 selinux 文件
# vi /etc/selinux/config
SELINUX=permissive
关闭防火墙并设置开机不自启
# systemctl stop firewalld.service
# iptables -F
# iptables -X
# iptables -Z
(6)清除缓存,验证 yum 源
【controller/compute】
# yum list
1.4 编辑环境变量
# controller 和 compute 节点
编辑文件/etc/xiandian/openrc.sh,此文件是安装过程中的各项参数,根据每项参数上一行的
说明及服务器实际情况进行配置。
HOST_IP=192.168.100.10
HOST_PASS=000000
HOST_NAME=controller
HOST_IP_NODE=192.168.100.20
13
HOST_PASS_NODE=000000
HOST_NAME_NODE=compute
network_segment_IP=192.168.100.0/24
RABBIT_USER=openstack
RABBIT_PASS=000000
DB_PASS=000000
DOMAIN_NAME=demo
ADMIN_PASS=000000
DEMO_PASS=000000
KEYSTONE_DBPASS=000000
GLANCE_DBPASS=000000
GLANCE_PASS=000000
NOVA_DBPASS=000000
NOVA_PASS=000000
NEUTRON_DBPASS=000000
NEUTRON_PASS=000000
METADATA_SECRET=000000
INTERFACE_IP=192.168.100.10/192.168.100.20(controllerIP/computeIP)
INTERFACE_NAME=enp9s0 (外部网络网卡名称)
Physical_NAME=provider (外部网络适配器名称)
CINDER_DBPASS=000000
CINDER_PASS=000000
BLOCK_DISK=md126p4 (空白分区)
SWIFT_PASS=000000
OBJECT_DISK=md126p5 (空白分区)
STORAGE_LOCAL_NET_IP=192.168.100.20
HEAT_DBPASS=000000
HEAT_PASS=000000
ZUN_DBPASS=000000
14
ZUN_PASS=000000
KURYR_DBPASS=000000
KURYR_PASS=000000
CEILOMETER_DBPASS=000000
CEILOMETER_PASS=000000
AODH_DBPASS=000000
AODH_PASS=000000
1.5 通过脚本安装服务
# 安装完成后同时重启
1.6 安装 Openstack 包
# controller 和 compute 节点
# yum upgrade
1.7 配置域名解析
修改/etc/hosts 添加一下内容
(1)controller 节点
192.168.100.10 controller
192.168.100.20 compute
(2)compute 节点
192.168.100.10 controller
15
192.168.100.20 compute
1.8 安装 chrony 服务
(1)controller 和 compute 节点
(2)配置 controller 节点
编辑/etc/chrony.conf 文件
allow 192.168.100.0/24
local stratum 10
启动 ntp 服务器
(3)配置 compute 节点
编辑/etc/chrony.conf 文件
启动 ntp 服务器
1.9 通过脚本安装数据库服务
# Controller 节点
16
1.10 安装 Mysql 数据库服务
(1)安装 mysql 服务
修改 /etc/my.cnf 文件[mysqld]中添加
max_connections=10000
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
character-set-server = utf8
(3)启动服务
(4)修改/usr/lib/systemd/system/mariadb.service 文件参数
[Service]
新添加两行如下参数:
LimitNOFILE=10000
LimitNPROC=10000
(5)修改/etc/my.cnf.d/auth_gssapi.cnf 文件参数
[mariadb]
注释一行参数
#plugin-load-add=auth_gssapi.so
(6)重新加载系统服务,并重启 mariadb 服务
# systemctl daemon-reload
(7)配置 Mysql
# mysql_secure_installation
17
Disallow root login remotely? [Y/n] n
(8)compute 节点
1.11 安装 RabbitMQ 服务
1.12 安装 memcahce 服务
1.13 安装 etcd 服务
(1)修改/etc/etcd/etcd.conf 配置文件,添加以下内容:
ETCD_LISTEN_PEER_URLS="http://192.168.100.10:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.10:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.10:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
18
ETCD_INITIAL_CLUSTER_STATE="new"
(2)启动服务
2 安装 Keystone 认证服务
#Controller
# Controller 节点
'KEYSTONE_DBPASS';
'KEYSTONE_DBPASS';
mysql> exit
19
2.4 配置数据库连接
$KEYSTONE_DBPASS@$HOST_NAME/keystone
2.6 创建令牌
2.7 创建签名密钥和证书
ServerName controller
创建/etc/httpd/conf.d/wsgi-keystone.conf 文件,内容如下:
Listen 5000
Listen 35357
<VirtualHost *:5000>
group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
20
WSGIPassAuthorization On
LimitRequestBody 114688
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
<Directory /usr/bin>
</IfVersion>
Order allow,deny
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
</IfVersion>
ErrorLog /var/log/httpd/keystone.log
21
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
</IfVersion>
Order allow,deny
</IfVersion>
</Directory>
</VirtualHost>
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
22
</Location>
2.8 定义用户、租户和角色
(1)设置环境变量
export OS_TOKEN=$ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
(3)清除环境变量
23
2.9 创建 demo-openrc.sh
export OS_PROJECT_DOMAIN_NAME=$DOMAIN_NAME
export OS_USER_DOMAIN_NAME=$DOMAIN_NAME
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=$DEMO_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.10 创建 admin-openrc.sh
export OS_PROJECT_DOMAIN_NAME=$DOMAIN_NAME
export OS_USER_DOMAIN_NAME=$DOMAIN_NAME
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=$ADMIN_PASS
export OS_AUTH_URL=http://$HOST_NAME:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
生效环境变量
#source admin-openrc.sh
3 安装 Glance 镜像服务
#Controller
24
3.1 通过脚本安装 glance 服务
# Controller 节点
#mysql -u root -p
'GLANCE_DBPASS';
'GLANCE_DBPASS';
3.4 配置数据库连接
$GLANCE_DBPASS@$HOST_NAME/glance
$GLANCE_DBPASS@$HOST_NAME/glance
3.5 为镜像服务创建数据库表
25
3.6 创建用户
3.7 配置镜像服务
$GLANCE_DBPASS@$HOST_NAME/glance
http://$HOST_NAME:5000
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
/var/lib/glance/images/
$GLANCE_DBPASS@$HOST_NAME/glance
26
# crudini --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri
http://$HOST_NAME:5000
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
3.9 启动服务
3.10 上传镜像
27
可以安装 Wget,从 Ftp 服务器上下载镜像到本地。
# source admin-openrc.sh
4 安装 Nova 计算服务
#Controller
#Controller 节点
#Compute 节点
# mysql -u root -p
'NOVA_DBPASS';
'NOVA_DBPASS';
28
mysql> create database IF NOT EXISTS nova_api;
'NOVA_DBPASS' ;
'NOVA_DBPASS' ;
BY 'NOVA_DBPASS' ;
'NOVA_DBPASS' ;
修改数据库连接
# crudini --set /etc/nova/nova.conf database connection mysql+pymysql://nova:
$NOVA_DBPASS@$HOST_NAME/nova
$NOVA_DBPASS@$HOST_NAME/nova_api
4.4 为计算服务创建数据库表
4.5 创建用户
4.6 配置计算服务
29
# crudini --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:
$NOVA_DBPASS@$HOST_NAME
nova.virt.firewall.NoopFirewallDriver
$NOVA_DBPASS@$HOST_NAME/nova_api
$NOVA_DBPASS@$HOST_NAME/nova
http://$HOST_NAME:5000/v3
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
30
#
http://$HOST_NAME:8774/v2.1
http://$HOST_NAME:8774/v2.1
http://$HOST_NAME:8774/v2.1
http://$HOST_NAME:8778
http://$HOST_NAME:8778
31
http://$HOST_NAME:8778
4.8 添加配置
在/etc/httpd/conf.d/00-nova-placement-api.conf 文件中添加如下配置
<Directory /usr/bin>
</IfVersion>
Order allow,deny
</IfVersion>
</Directory>
4.9 启动服务
novncproxy.service
#Compute
32
4.11 安装 Nova 计算服务软件包
4.12 配置 Nova 服务
$NOVA_DBPASS@$HOST_NAME
nova.virt.firewall.NoopFirewallDriver
http://$HOST_NAME:5000/v3
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
33
http://$HOST_IP:6080/vnc_auto.html
4.13 检查系统处理器是否支持虚拟机的硬件加速
执行命令
#egrep -c '(vmx|svm)' /proc/cpuinfo
(1)如果该命令返回一个 1 或更大的值,说明你的系统支持硬件加速,通常不需要额
外的配置。
4.14 启动
4.15 添加计算节点
#controller
34
5 安装 Neutron 网络服务
#Controller 节点
#Controller 节点
#Compute 节点
#mysql -u root -p
BY '$NEUTRON_DBPASS';
'$NEUTRON_DBPASS';
5.3 创建用户
neutron
35
5.4 创建 Endpoint 和 API 端点
http://$HOST_NAME:9696
ebtables -y
5.6 配置 Neutron 服务
$NEUTRON_DBPASS@$HOST_NAME
true
$NEUTRON_DBPASS@$HOST_NAME/neutron
http://$HOST_NAME:5000
http://$HOST_NAME:35357
36
# crudini --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
linuxbridge,l2population
$Physical_NAME
$Physical_NAME:$minvlan:$maxvlan
$maxvlan
37
# crudini --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge
physical_interface_mappings $Physical_NAME:$INTERFACE_NAME
$INTERFACE_IP
enable_security_group true
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
neutron.agent.linux.dhcp.Dnsmasq
# #/etc/neutron/metadata_agent.ini
$HOST_NAME
$METADATA_SECRET
38
# crudini --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret
$METADATA_SECRET
5.7 创建数据库
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
5.8 启动服务和创建网桥
#Compute 节点
5.9 安装软件包
5.10 配置 Neutron 服务
$NEUTRON_DBPASS@$HOST_NAME
http://$HOST_NAME:5000
39
http://$HOST_NAME:35357
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
physical_interface_mappings provider:$INTERFACE_NAME
$INTERFACE_IP
enable_security_group true
neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
40
5.11 启动服务进而创建网桥
6 安装 Dashboard 服务
#Controller
6.3 配置
修改/etc/openstack-dashboard/local_settings 内容如下
修改
import os
DEBUG = False
WEBROOT = '/dashboard/'
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
41
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
LOCAL_PATH = '/tmp'
SECRET_KEY='31880d3983dd796f54c8'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
},
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True,
OPENSTACK_HYPERVISOR_FEATURES = {
'can_set_mount_point': False,
'can_set_password': False,
'requires_keypair': False,
'enable_quotas': True
OPENSTACK_CINDER_FEATURES = {
'enable_backup': False,
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
42
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_fip_topology_check': True,
'supported_vnic_types': ['*'],
'physical_networks': [],
OPENSTACK_HEAT_STACK = {
'enable_user_pass': True,
IMAGE_CUSTOM_PROPERTY_TITLES = {
"architecture": _("Architecture"),
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
INSTANCE_LOG_LENGTH = 35
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = "UTC"
POLICY_FILES_PATH = '/etc/openstack-dashboard'
LOGGING = {
'version': 1,
'disable_existing_loggers': False,
'formatters': {
43
'console': {
},
'operation': {
'format': '%(message)s'
},
},
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
},
'console': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'console',
},
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
},
},
'loggers': {
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'horizon.operation_log': {
'handlers': ['operation'],
44
'level': 'INFO',
'propagate': False,
},
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneauth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
45
'propagate': False,
},
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'oslo_policy': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'nose.plugins.manager': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
},
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
46
},
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
},
'requests': {
'handlers': ['null'],
'propagate': False,
},
'urllib3': {
'handlers': ['null'],
'propagate': False,
},
'chardet.charsetprober': {
'handlers': ['null'],
'propagate': False,
},
'iso8601': {
'handlers': ['null'],
'propagate': False,
},
'scss': {
'handlers': ['null'],
'propagate': False,
},
},
SECURITY_GROUP_RULES = {
'all_tcp': {
'ip_protocol': 'tcp',
47
'from_port': '1',
'to_port': '65535',
},
'all_udp': {
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
},
'all_icmp': {
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
},
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
},
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
},
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
48
'to_port': '53',
},
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
},
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
},
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
},
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
},
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
49
},
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
},
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
},
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
},
'ms_sql': {
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
},
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
},
50
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
},
REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES',
'LAUNCH_INSTANCE_DEFAULTS',
'OPENSTACK_IMAGE_FORMATS',
'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN',
'CREATE_IMAGE_DEFAULTS',
'ENFORCE_PASSWORD_CHECK']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
6.4 启动服务
51
6.5 访问
打开浏览器访问 Dashboard
http://controller(或本机内网 ip)/dashboard
6.6 创建云主机
(1)管理员->资源管理->云主机类型->创建云主机类型
(2)管理员->网络->网络->创建网络
(3)项目->网络->安全组->管理规则->添加规则(ICMP、TCP、UDP)
(4)项目->资源管理->云主机->创建云主机
7 安装 Cinder 块存储服务
#Controller
#Compute 节点
52
7.3 创建数据库
# mysql -u root -p
'$CINDER_DBPASS';
'$CINDER_DBPASS';
7.4 创建用户
# openstack service create --name cinder --description "OpenStack Block Store" volume
volumev2
volumev3
http://$HOST_NAME:8776/v1/%\(tenant_id\)s
http://$HOST_NAME:8776/v1/%\(tenant_id\)s
http://$HOST_NAME:8776/v1/%\(tenant_id\)s
http://$HOST_NAME:8776/v2/%\(tenant_id\)s
53
http://$HOST_NAME:8776/v2/%\(tenant_id\)s
http://$HOST_NAME:8776/v2/%\(tenant_id\)s
http://$HOST_NAME:8776/v3/%\(tenant_id\)s
http://$HOST_NAME:8776/v3/%\(tenant_id\)s
http://$HOST_NAME:8776/v3/%\(tenant_id\)s
7.6 配置 Cinder 服务
$CINDER_DBPASS@$HOST_NAME/cinder
$RABBIT_PASS
http://$HOST_NAME:5000
http://$HOST_NAME:35357
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
54
# crudini --set /etc/cinder/cinder.conf keystone_authtoken project_name service
7.7 创建数据库
7.8 启动服务
7.9 安装块存储软件
#compute
-y
以磁盘/dev/sda 为例
# pvcreate –f /dev/sda
55
7.11 修改 Cinder 配置文件
$CINDER_DBPASS@$HOST_NAME/cinder
$RABBIT_PASS@$HOST_NAME
http://$HOST_NAME:5000
http://$HOST_NAME:35357
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
cinder.volume.drivers.lvm.LVMVolumeDriver
http://$HOST_NAME:9292
56
# crudini --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
7.12 重启服务
7.13 验证
#Controller
# cinder list
8 安装 Swift 对象存储服务
#Controller
#Compute 节点
keystonemiddleware memcached -y
57
8.2 创建用户
# openstack service create --name swift --description "OpenStack Object Storage" object-
store
http://$HOST_NAME:8080/v1/AUTH_%\(tenant_id\)s
http://$HOST_NAME:8080/v1/AUTH_%\(tenant_id\)s
http://$HOST_NAME:8080/v1
8.4 编辑/etc/swift/proxy-server.conf
编辑配置文件如下
[DEFAULT]
bind_port = 8080
swift_dir = /etc/swift
user = swift
[pipeline:main]
logging proxy-server
[app:proxy-server]
use = egg:swift#proxy
account_autocreate = True
58
[filter:tempauth]
use = egg:swift#tempauth
user_test_tester3 = testing3
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_uri = http://$HOST_NAME:5000
auth_url = http://$HOST_NAME:35357
memcached_servers = $HOST_NAME:11211
auth_type = password
project_domain_name = $DOMAIN_NAME
user_domain_name = $DOMAIN_NAME
project_name = service
username = swift
password = $SWIFT_PASS
delay_auth_decision = True
[filter:keystoneauth]
use = egg:swift#keystoneauth
operator_roles = admin,user
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:cache]
memcache_servers = $HOST_NAME:11211
use = egg:swift#memcache
[filter:ratelimit]
use = egg:swift#ratelimit
[filter:domain_remap]
use = egg:swift#domain_remap
59
[filter:catch_errors]
use = egg:swift#catch_errors
[filter:cname_lookup]
use = egg:swift#cname_lookup
[filter:staticweb]
use = egg:swift#staticweb
[filter:tempurl]
use = egg:swift#tempurl
[filter:formpost]
use = egg:swift#formpost
[filter:name_check]
use = egg:swift#name_check
[filter:list-endpoints]
use = egg:swift#list_endpoints
[filter:proxy-logging]
use = egg:swift#proxy_logging
[filter:bulk]
use = egg:swift#bulk
[filter:slo]
use = egg:swift#slo
[filter:dlo]
use = egg:swift#dlo
[filter:container-quotas]
use = egg:swift#container_quotas
[filter:account-quotas]
use = egg:swift#account_quotas
[filter:gatekeeper]
use = egg:swift#gatekeeper
[filter:container_sync]
use = egg:swift#container_sync
[filter:xprofile]
60
use = egg:swift#xprofile
[filter:versioned_writes]
use = egg:swift#versioned_writes
8.5 创建账号、容器、对象
存储节点存储磁盘名称以 sdb 为例
swift-ring-builder account.builder create 18 1 1
swift-ring-builder account.builder
swift-ring-builder container.builder
swift-ring-builder object.builder
8.6 编辑/etc/swift/swift.conf 文件
编辑如下
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
61
[storage-policy:0]
name = Policy-0
default = yes
[swift-constraints]
8.7 启动服务和赋予权限
8.8 安装软件包
#Compute 节点
存储节点存储磁盘名称以 sdb 为例
# yum install xfsprogs rsync openstack-swift-account openstack-swift-container openstack-
swift-object -y
/etc/fstab
# mkdir -p /swift/node/sdb
8.9 配置 rsync
(1)编辑/etc/rsyncd.conf 文件如下
uid = swift
62
gid = swift
address = 127.0.0.1
[account]
path = /swift/node
write only = no
list = yes
max connections = 25
[container]
path = /swift/node
write only = no
list = yes
max connections = 25
[object]
path = /swift/node
write only = no
list = yes
max connections = 25
[swift_server]
path = /etc/swift
63
read only = true
write only = no
list = yes
max connections = 5
(2)启动服务
8.10 配置账号、容器和对象
(1)修改/etc/swift/account-server.conf 配置文件
[DEFAULT]
bind_port = 6002
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
[app:account-server]
use = egg:swift#account
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[account-replicator]
[account-auditor]
64
[account-reaper]
[filter:xprofile]
use = egg:swift#xprofile
(2)修改/etc/swift/container-server.conf 配置文件
[DEFAULT]
bind_port = 6001
user = swift
swift_dir = /etc/swift
devices = /swift/node
mount_check = false
[pipeline:main]
[app:container-server]
use = egg:swift#container
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
[container-replicator]
[container-updater]
[container-auditor]
[container-sync]
[filter:xprofile]
use = egg:swift#xprofile
(3)修改/etc/swift/object-server.conf 配置文件
[DEFAULT]
bind_port = 6000
user = swift
swift_dir = /etc/swift
devices = /swift/node
65
mount_check = false
[pipeline:main]
[app:object-server]
use = egg:swift#object
[filter:healthcheck]
use = egg:swift#healthcheck
[filter:recon]
use = egg:swift#recon
recon_cache_path = /var/cache/swift
recon_lock_path = /var/lock
[object-replicator]
[object-reconstructor]
[object-updater]
[object-auditor]
[filter:xprofile]
use = egg:swift#xprofile
修改/etc/swift/swift.conf
[swift-hash]
swift_hash_path_suffix = changeme
swift_hash_path_prefix = changeme
[storage-policy:0]
name = Policy-0
default = yes
[swift-constraints]
66
8.12 重启服务和赋予权限
# mkdir -p /var/cache/swift
openstack-swift-account-reaper.service openstack-swift-account-replicator.service
openstack-swift-account-reaper.service openstack-swift-account-replicator.service
updater.service
updater.service
openstack-swift-object-replicator.service openstack-swift-object-updater.service
openstack-swift-object-replicator.service openstack-swift-object-updater.service
9 安装 Heat 编配服务
# Controller 节点
67
#Controller 节点
heat-ui -y
9.3 创建数据库
# mysql -u root -p
'$HEAT_DBPASS';
'$HEAT_DBPASS';
9.4 创建用户
# openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
68
http://$HOST_NAME:8004/v1/%\(tenant_id\)s
http://$HOST_NAME:8004/v1/%\(tenant_id\)s
http://$HOST_NAME:8004/v1/%\(tenant_id\)s
http://$HOST_NAME:8000/v1
http://$HOST_NAME:8000/v1
http://$HOST_NAME:8000/v1
9.6 配置 Heat 服务
$HEAT_DBPASS@$HOST_NAME/heat
$RABBIT_PASS@$HOST_NAME
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
69
# crudini --set /etc/heat/heat.conf trustee auth_plugin password
http://$HOST_NAME:8000
http://$HOST_NAME:8000/v1/waitcondition
9.7 创建数据库
9.8 启动服务
engine.service
engine.service
10 安装 Zun 服务
#Controller 节点
70
#Compute 节点
#Controller 节点
10.3 创建数据库
# mysql -u root -p
'$ZUN_DBPASS';
'$ZUN_DBPASS';
10.4 创建用户
http://$HOST_NAME:9517/v1
71
http://$HOST_NAME:9517/v1
http://$HOST_NAME:9517/v1
10.6 配置 zun 服务
$RABBIT_PASS@$HOST_NAME
$ZUN_DBPASS@$HOST_NAME/zun
$HOST_NAME:11211
$DOMAIN_NAME
72
# crudini --set /etc/zun/zun.conf keystone_authtoken project_name service
10.7 创建数据库
10.8 启动服务
10.9 安装软件包
#compute 节点
73
10.10 配置服务
$RABBIT_PASS@$HOST_NAME
$ZUN_DBPASS@$HOST_NAME/zun
74
$HOST_NAME:11211
$DOMAIN_NAME
10.11 修改内核参数
修改/etc/sysctl.conf 文件,添加以下内容:
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
net.ipv4.ip_forward = 1
生效配置
# sysctl –p
10.12 启动服务
# mkdir -p /etc/systemd/system/docker.service.d
[Service]
ExecStart=
75
# systemctl daemon-reload
10.13 上传镜像
# source /etc/keystone/admin-openrc.sh
# openstack image create centos7.5 --public --container-format docker --disk-format raw <
CentOS7_1804.tar
10.14 启动容器
通过 glance 存储镜像启动容器
# zun list
+--------------------------------------+--------------------+-----------+---------+------------
+--------------------+-----------+---------+------------+--------------+-------+
76
11 安装 Ceilometer 监控服务
如下:
#Controller 节点
#Compute 节点
#Controller 节点
ceilometermiddleware -y
11.3 创建数据库
# mysql -u root -p
BY '$CEILOMETER_DBPASS';
'$CEILOMETER_DBPASS';
11.4 创建用户
ceilometer
77
# openstack user create --domain $DOMAIN_NAME --password $CEILOMETER_PASS
gnocchi
metering
11.6 配置 Ceilometer
http://$HOST_NAME:5000
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
78
# crudini --set /etc/gnocchi/gnocchi.conf keystone_authtoken username gnocchi
$CEILOMETER_PASS
true
$CEILOMETER_DBPASS@$HOST_NAME/gnocchi
rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
False
http://$HOST_NAME:5000
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
$CEILOMETER_PASS
79
# crudini --set /etc/ceilometer/ceilometer.conf service_credentials auth_url
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
$CEILOMETER_PASS
11.7 创建监听端点
创建/etc/httpd/conf.d/10-gnocchi_wsgi.conf 文件,添加以下内容:
Listen 8041
<VirtualHost *:8041>
DocumentRoot /var/www/cgi-bin/gnocchi
<Directory /var/www/cgi-bin/gnocchi>
AllowOverride None
</Directory>
ErrorLog /var/log/httpd/gnocchi_wsgi_error.log
WSGIApplicationGroup %{GLOBAL}
processes=6 threads=6
80
WSGIProcessGroup gnocchi
WSGIScriptAlias / /var/www/cgi-bin/gnocchi/app
</VirtualHost>
11.8 创建数据库
# mkdir /var/www/cgi-bin/gnocchi
# cp /usr/lib/python2.7/site-packages/gnocchi/rest/gnocchi-api /var/www/cgi-bin/gnocchi/app
11.9 启动服务
central.service
central.service
11.10 监控组件
rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
messagingv2
81
# crudini --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://$RABBIT_USER:
$RABBIT_PASS@$HOST_NAME
$RABBIT_PASS@$HOST_NAME
engine.service
ResellerAdmin"
ceilometermiddleware.swift:filter_factory
$RABBIT_PASS@$HOST_NAME:5672/
11.11 添加变量参数
82
11.12 安装软件包
# compute 节点
# yum install openstack-ceilometer-compute -y
11.13 配置 Ceilometer
rabbit://$RABBIT_USER:$RABBIT_PASS@$HOST_NAME
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
$CEILOMETER_PASS
11.14 启动服务
83
12 安装 Aodh 监控服务
#Controller 节点
12.2 创建数据库
# mysql -u root -p
'$AODH_DBPASS';
'$AODH_DBPASS';
12.3 创建 keystone 用户
http://$HOST_NAME:8042
84
12.5 安装软件包
12.6 配置 aodh
$RABBIT_PASS@$HOST_NAME
$AODH_DBPASS@$HOST_NAME/aodh
http://$HOST_NAME:5000
$HOST_NAME:11211
$DOMAIN_NAME
$DOMAIN_NAME
http://$HOST_NAME:5000/v3
$DOMAIN_NAME
85
# crudini --set /etc/aodh/aodh.conf service_credentials user_domain_name
$DOMAIN_NAME
12.7 创建监听端点
修改/etc/httpd/conf.d/20-aodh_wsgi.conf 文件,添加以下内容:
Listen 8042
<VirtualHost *:8042>
DocumentRoot "/var/www/cgi-bin/aodh"
<Directory "/var/www/cgi-bin/aodh">
AllowOverride None
</Directory>
ErrorLog "/var/log/httpd/aodh_wsgi_error.log"
WSGIApplicationGroup %{GLOBAL}
threads=3
WSGIProcessGroup aodh
WSGIScriptAlias / "/var/www/cgi-bin/aodh/app"
</VirtualHost>
12.8 同步数据库
# mkdir /var/www/cgi-bin/aodh
# cp /usr/lib/python2.7/site-packages/aodh/api/app.wsgi /var/www/cgi-bin/aodh/app
86
# chown -R aodh. /var/www/cgi-bin/aodh
12.9 启动服务
13 添加控制节点资源到云平台
13.1 修改 openrc.sh
13.2 运行 iaas-install-nova-compute.sh
在控制节点运行 iaas-install-nova-compute.sh
87