OpenStack云计算平台部署方案
openEuler-24.03-LTS_Wallaby
目录
官网文档链接:openEuler-24.03-LTS_Wallaby - OpenStack SIG Doc
OpenStack 是一个社区,也是一个项目。它提供了一个部署云的操作平台或工具集,为组织提供可扩展的、灵活的云计算。
作为一个开源的云计算管理平台,OpenStack 由nova、cinder、neutron、glance、keystone、horizon等几个主要的组件组合起来完成具体工作。OpenStack 支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack 通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,每个服务提供 API 进行集成。
openEuler 24.03-LTS 版本官方源已经支持 OpenStack-Wallaby 版本
执行如下命令,安装软件包。
yum install rabbitmq-server
启动 RabbitMQ 服务,并为其配置开机自启动。
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
添加 OpenStack用户。
rabbitmqctl add_user openstack RABBIT_PASS
注意:替换 RABBIT_PASS,为 OpenStack 用户设置密码、设置openstack用户权限,允许进行配置、写、读:rabbitmqctl set_permissions openstack ".*" ".*" ".*"
执行如下命令,安装依赖软件包。
yum install memcached python3-memcached
编辑 /etc/sysconfig/memcached 文件。
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
执行如下命令,启动 Memcached 服务,并为其配置开机启动。
systemctl enable memcached.service
systemctl start memcached.service
注意
服务启动后,可以通过命令memcached-tool controller stats确保启动正常,服务可用,其中可以将controller替换为控制节点的管理IP地址。
创建 keystone 数据库并授权。
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> exit
注意
替换 KEYSTONE_DBPASS,为 Keystone 数据库设置密码
安装软件包。
yum install openstack-keystone httpd mod_wsgi
配置keystone相关配置
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
provider = fernet
解释
[database]部分,配置数据库入口
[token]部分,配置token provider
注意:
替换 KEYSTONE_DBPASS 为 Keystone 数据库的密码
同步数据库。
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet密钥仓库。
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动服务。
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
注意
替换 ADMIN_PASS,为 admin 用户设置密码
配置Apache HTTP server
vim /etc/httpd/conf/httpd.conf
ServerName controller
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
解释
配置 ServerName 项引用控制节点
注意 如果 ServerName 项不存在则需要创建
启动Apache HTTP服务。
systemctl enable httpd.service
systemctl start httpd.service
创建环境变量配置。
cat << EOF >> ~/.admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
注意
替换 ADMIN_PASS 为 admin 用户的密码
依次创建domain, projects, users, roles,需要先安装好python3-openstackclient:
yum install python3-openstackclient
导入环境变量
source ~/.admin-openrc
创建project service,其中 domain default 在 keystone-manage bootstrap 时已创建
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
创建(non-admin)project myproject,user myuser 和 role myrole,为 myproject 和 myuser 添加角色myrole
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
取消临时环境变量OS_AUTH_URL和OS_PASSWORD:
source ~/.admin-openrc
unset OS_AUTH_URL OS_PASSWORD
为admin用户请求token:
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
为myuser用户请求token:
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name myproject --os-username myuser token issue
创建数据库、服务凭证和 API 端点
创建数据库:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> exit
注意:
替换 GLANCE_DBPASS,为 glance 数据库设置密码
创建服务凭证
source ~/.admin-openrc
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
创建镜像服务API端点:
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
安装软件包
yum install openstack-glance
配置glance相关配置:
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
解释:
[database]部分,配置数据库入口
[keystone_authtoken] [paste_deploy]部分,配置身份认证服务入口
[glance_store]部分,配置本地文件系统存储和镜像文件的位置
替换 GLANCE_DBPASS 为 glance 数据库的密码
替换 GLANCE_PASS 为 glance 用户的密码
同步数据库:
su -s /bin/sh -c "glance-manage db_sync" glance
启动服务:
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
验证-下载镜像
source ~/.admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
确认镜像上传并验证属性
openstack image list
创建数据库、服务凭证和 API 端点
创建数据库:
作为 root 用户访问数据库,创建 placement 数据库并授权。
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'PLACEMENT_DBPASS';
MariaDB [(none)]> exit
注意
替换 PLACEMENT_DBPASS 为 placement 数据库设置密码
source ~/.admin-openrc
执行如下命令,创建 placement 服务凭证、创建 placement 用户以及添加‘admin’角色到用户‘placement’。
创建Placement API服务
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
创建placement服务API端点:
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
安装和配置
安装软件包:
yum install openstack-placement-api
配置placement:
编辑 /etc/placement/placement.conf 文件:
在[placement_database]部分,配置数据库入口
在[api] [keystone_authtoken]部分,配置身份认证服务入口
# vim /etc/placement/placement.conf
[placement_database]# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
[api]# ...
auth_strategy = keystone
[keystone_authtoken]# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
其中,替换 PLACEMENT_DBPASS 为 placement 数据库的密码,替换 PLACEMENT_PASS 为 placement 用户的密码。
同步数据库:
su -s /bin/sh -c "placement-manage db sync" placement
启动httpd服务:
systemctl restart httpd
验证执行如下命令,执行状态检查:
source ~/.admin-openrc
placement-status upgrade check
安装osc-placement,列出可用的资源类别及特性:
yum install python3-osc-placement
openstack --os-placement-api-version 1.2 resource class list --sort-column name
openstack --os-placement-api-version 1.6 trait list --sort-column name
创建数据库、服务凭证和 API 端点
创建数据库:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> exit
创建数据库、服务凭证和 API 端点
创建数据库:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> exit
注意:替换 NEUTRON_DBPASS 为 neutron 数据库设置密码。
source ~/.admin-openrc
创建neutron服务凭证
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
创建Neutron服务API端点:
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
安装软件包:
yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset \
openstack-neutron-ml2
yum install openstack-neutron-linuxbridge ebtables ipset
配置neutron相关配置:
配置主体配置
vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
api_workers = 3
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
创建数据库、服务凭证和 API 端点
创建数据库:
mysql -u root -p
MariaDB [(none)]> CREATE DATABASE cinder;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> exit
注意
替换 CINDER_DBPASS 为cinder数据库设置密码。
source ~/.admin-openrc
创建cinder服务凭证:
openstack user create --domain default --password-prompt cinder
openstack role add --project service --user cinder admin
openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 --description "OpenStack Block Storage" volumev3
创建块存储服务API端点:
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne volumev3 admin http://controller:8776/v3/%\(project_id\)s
安装软件包:
yum install openstack-cinder-api openstack-cinder-scheduler (CTL)
yum install lvm2 device-mapper-persistent-data scsi-target-utils rpcbind nfs-utils \ (STG)
openstack-cinder-volume openstack-cinder-backup
准备存储设备,以下仅为示例:
pvcreate /dev/vdb
vgcreate cinder-volumes /dev/vdb
vim /etc/lvm/lvm.conf
devices {
...
filter = [ "a/vdb/", "r/.*/"]
解释
在devices部分,添加过滤以接受/dev/vdb设备拒绝其他设备。
准备NFS
mkdir -p /root/cinder/backup
cat << EOF >> /etc/export
/root/cinder/backup 192.168.1.0/24(rw,sync,no_root_squash,no_all_squash)
EOF
配置cinder相关配置:
vim /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
my_ip = 10.0.0.11
enabled_backends = lvm (STG)
backup_driver=cinder.backup.drivers.nfs.NFSBackupDriver (STG)
backup_share=HOST:PATH (STG)
[database]
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = cinder
password = CINDER_PASS
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver (STG)
volume_group = cinder-volumes (STG)
iscsi_protocol = iscsi (STG)
iscsi_helper = tgtadm (STG)
解释
[database]部分,配置数据库入口;
[DEFAULT]部分,配置RabbitMQ消息队列入口,配置my_ip;
[DEFAULT] [keystone_authtoken]部分,配置身份认证服务入口;
[oslo_concurrency]部分,配置lock path。
注意
替换CINDER_DBPASS为 cinder 数据库的密码;
替换RABBIT_PASS为 RabbitMQ 中 openstack 账户的密码;
配置my_ip为控制节点的管理 IP 地址;
替换CINDER_PASS为 cinder 用户的密码;
替换HOST:PATH为 NFS 的HOSTIP和共享路径;
同步数据库:
su -s /bin/sh -c "cinder-manage db sync" cinder (CTL)
配置nova:
vim /etc/nova/nova.conf (CTL)
[cinder]
os_region_name = RegionOne
重启计算API服务
systemctl restart openstack-nova-api.service
启动cinder服务
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service (CTL)
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service (CTL)
systemctl enable rpcbind.service nfs-server.service tgtd.service iscsid.service \ (STG)
openstack-cinder-volume.service \
openstack-cinder-backup.service
systemctl start rpcbind.service nfs-server.service tgtd.service iscsid.service \ (STG)
openstack-cinder-volume.service \
openstack-cinder-backup.service
注意
当cinder使用tgtadm的方式挂卷的时候,要修改/etc/tgt/tgtd.conf,内容如下,保证tgtd可以发现cinder-volume的iscsi target。
include /var/lib/cinder/volumes/*
验证
source ~/.admin-openrc
openstack volume service list
安装软件包
yum install openstack-dashboard
修改文件—修改变量
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "member"
WEBROOT = '/dashboard'
POLICY_FILES_PATH = "/etc/openstack-dashboard"
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
重启 httpd 服务
systemctl restart httpd.service memcached.service
验证 打开浏览器,输入网址http://HOSTIP/dashboard/,登录 horizon。