openstack部署(Newton)

作者: print("") 分类: linux 发布时间: 2017-07-06 16:09

openstack部署(Newton)
 

  1. 部署要求:

硬件要求:

  • 控制节点:4G内存,2网卡
  • 计算节点:4G内存,2网卡
  • Cinder节点:2G内存,1网卡

系统要求:
Centos7

  1. 环境规划:

服务器:
1台controller (2core 4G 30G)
1台compute (2core 4G 50G)
1台cinder   (2core 2G 30G+50G)
网络环境:
外网:
链接模式:桥接
网段:192.168.1.0/24
管理网:
链接模式:NAT
网段:192.168.58.0/24
密码:
系统密码:gorhce
各组件mysql库密码:gorhce
各组件keystone用户密码:gorhce
说明:执行类似这下列令输入的密码全是gorhce
openstack user create –domain default –password-prompt cinder
rabbitmq(AMQP)密码:gorhce

  1. 基础环境部署

注意:以下1-4步在所有节点操作,5-6步只在controller节点操作

  • 安装操作系统(CentOS7,关闭firewalld)
  • 分别配置主机名

hostnamectl set-hostname controller
hostnamectl set-hostname compute01
hostnamectl set-hostname cinder01

  • Hosts文件配置

vi /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.58.128  controller      controller
192.168.58.129  compute01       compute01
192.168.58.131  cinder01        cinder01

  • 配置时间同步

Controller节点操作
yum -y install chrony
vim /etc/chrony.conf
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
allow 192.168/16
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
 
systemctl  restart chronyd
 
Computer节点操作
yum -y install chrony
vim /etc/chrony.conf
 
server controller.gorhce.com iburst
stratumweight 0
driftfile /var/lib/chrony/drift
rtcsync
makestep 10 3
bindcmdaddress 127.0.0.1
bindcmdaddress ::1
keyfile /etc/chrony.keys
commandkey 1
generatecommandkey
noclientlog
logchange 0.5
logdir /var/log/chrony
 
systemctl  restart chronyd

  • 配置openstack yum

yum install centos-release-openstack-newton –y
yum upgrade -y
yum install python-openstackclient openstack-selinux -y

  • 安装mariadb(mysql被oracle收购后原mysql团队开发的开源mysql)

yum install mariadb mariadb-server python2-PyMySQL –y
 
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.58.128
 
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
 
执行以下命令配置mariadb开机自动启动,并启动mariadb
systemctl enable mariadb.service
systemctl start mariadb.service
 
执行以下命令对mysql进行初始安全配置
mysql_secure_installation

  • 安装rabbitmq(AMQP的一种)

yum install rabbitmq-server -y
 
执行以下命令配置rabbitmq开机自动启动,并启动rabbitmq
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
 
执行以下命令给rabbitmq添加用户openstack,密码gorhce
rabbitmqctl add_user openstack gorhce
 
执行一下命令给rabbitmq用户设置权限
rabbitmqctl set_permissions openstack “.*” “.*” “.*”

  • 安装memcache

yum install memcached python-memcached –y
 
执行以下命令配置memcache开机自动启动,并启动memcache
systemctl enable memcached.service
systemctl start memcached.service

  1. Keystone
  • 建库授权

#mysql -u root -p
mysql> CREATE DATABASE keystone;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’localhost’ \
IDENTIFIED BY ‘gorhce-keystone-db’;
mysql> GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’ \
IDENTIFIED BY ‘ gorhce ‘;

  • 安装

yum install openstack-keystone httpd mod_wsgi -y

  • 修改配置

/etc/keystone/keystone.conf
[DEFAULT]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql+pymysql://keystone:gorhce@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[memcache]
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[profiler]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[signing]
[token]
provider = fernet
[tokenless_auth]
[trust]

  • 同步数据库

su -s /bin/sh -c “keystone-manage db_sync” keystone

  • 初始化

keystone-manage fernet_setup –keystone-user keystone –keystone-group keystone
keystone-manage credential_setup –keystone-user keystone –keystone-group keystone
 
keystone-manage bootstrap –bootstrap-password gorhce \
–bootstrap-admin-url http://controller:35357/v3/ \
–bootstrap-internal-url http://controller:35357/v3/ \
–bootstrap-public-url http://controller:5000/v3/ \
–bootstrap-region-id RegionOne

  • 配置apache

/etc/httpd/conf/httpd.conf
ServerRoot “/etc/httpd”
Listen 80
Include conf.modules.d/*.conf
User apache
Group apache
ServerAdmin root@localhost
ServerName controller
<Directory />
AllowOverride none
Require all denied
</Directory>
DocumentRoot “/var/www/html”
<Directory “/var/www”>
AllowOverride None
Require all granted
</Directory>
<Directory “/var/www/html”>
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
<IfModule dir_module>
DirectoryIndex index.html
</IfModule>
<Files “.ht*”>
Require all denied
</Files>
ErrorLog “logs/error_log”
LogLevel warn
<IfModule log_config_module>
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\”” combined
LogFormat “%h %l %u %t \”%r\” %>s %b” common
<IfModule logio_module>
LogFormat “%h %l %u %t \”%r\” %>s %b \”%{Referer}i\” \”%{User-Agent}i\” %I %O” combinedio
</IfModule>
CustomLog “logs/access_log” combined
</IfModule>
<IfModule alias_module>
ScriptAlias /cgi-bin/ “/var/www/cgi-bin/”
</IfModule>
<Directory “/var/www/cgi-bin”>
AllowOverride None
Options None
Require all granted
</Directory>
<IfModule mime_module>
TypesConfig /etc/mime.types
AddType application/x-compress .Z
AddType application/x-gzip .gz .tgz
AddType text/html .shtml
AddOutputFilter INCLUDES .shtml
</IfModule>
AddDefaultCharset UTF-8
<IfModule mime_magic_module>
MIMEMagicFile conf/magic
</IfModule>
EnableSendfile on
IncludeOptional conf.d/*.conf
 
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

  • 完成安装

systemctl enable httpd.service
systemctl start httpd.service
 
执行以下命令在环境变量配置管理员账号
export OS_USERNAME=admin
export OS_PASSWORD= gorhce
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3

  • 初始化逻辑架构

openstack project create –domain default \
–description “Service Project” service
 
openstack project create –domain default \
–description “Demo Project” demo
 
openstack user create –domain default \
–password-prompt demo
 
openstack role create user
 
openstack role add –project demo –user demo user

  • 验证安装

删除/etc/keystone/keystone-paste.ini文件 [pipeline:public_api],[pipeline:admin_api]  和 [pipeline:api_v3]部分的admin_token_auth
 
执行以下命令删除环境变量中的OS_URL
unset OS_URL

  • 创建客户端脚本

vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=gorhce
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
 
vi demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=gorhce
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
 
执行下列命令验证token
. admin-openrc
openstack token issue

  1. Glance
  • 建库授权

mysql -u root -p
mysql> CREATE DATABASE glance;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’localhost’ \
IDENTIFIED BY ‘GLANCE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’ \
IDENTIFIED BY ‘gorhce’;

  • 配置user、service、endpoint

. admin-openrc    #加载环境变量
openstack user create –domain default –password-prompt glance
openstack role add –project service –user glance admin
openstack service create –name glance \
–description “OpenStack Image” image
openstack endpoint create –region RegionOne \
image public http://controller:9292
openstack endpoint create –region RegionOne \
image internal http://controller:9292
openstack endpoint create –region RegionOne \
image admin http://controller:9292

  • 安装

yum install openstack-glance -y

  • 配置

vi /etc/glance/glance-api.conf
 
[DEFAULT]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://glance:gorhce@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = gorhce
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
 
vi /etc/glance/glance-registry.conf
 
[DEFAULT]
[database]
connection = mysql+pymysql://glance:gorhce@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = gorhce
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]

  • 初始化数据库

su -s /bin/sh -c “glance-manage db_sync” glance

  • 完成安装

systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
 
执行以下命令下载cirros镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
执行以下命令进行镜像导入,以验证glance
. admin-openrc
openstack image create “cirros” \
–file cirros-0.3.4-x86_64-disk.img \
–disk-format qcow2 –container-format bare \
–public

  1. Nova
  • Controller节点操作

1.1建库授权
mysql -u root -p
mysql> CREATE DATABASE nova;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘glance’@’localhost’ \
IDENTIFIED BY ‘GLANCE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON nova.* TO ‘glance’@’%’ \
IDENTIFIED BY ‘gorhce’;
 
mysql> CREATE DATABASE nova_api;
mysql> GRANT ALL PRIVILEGES ON nova_api.* TO ‘glance’@’localhost’ \
IDENTIFIED BY ‘GLANCE_DBPASS’;
mysql> GRANT ALL PRIVILEGES ON nova-api.* TO ‘glance’@’%’ \
IDENTIFIED BY ‘gorhce’;
 
1.2配置user、service、endpoint
. admin-openrc
openstack user create –domain default \
–password-prompt nova
 
openstack role add –project service –user nova admin
 
openstack service create –name nova \
–description “OpenStack Compute” compute
 
openstack endpoint create –region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
1.3安装
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y
1.4配置
vi /etc/nova/nova.conf
 
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.58.128
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:gorhce@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
os_region_name = RegionOne
[cloudpipe]
[conductor]
[cors]
[cors.subdomain]
[crypto]
[database]
connection = mysql+pymysql://nova:gorhce@controller/nova
[ephemeral_storage_encryption]
[glance]
api_servers = http://controller:9292
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = gorhce
[libvirt]
inject_password=True
inject_partition=-1
[matchmaker_redis]
[metrics]
[mks]
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = gorhce
service_metadata_proxy = True
metadata_proxy_shared_secret = 123456
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = gorhce
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[placement]
[placement_database]
[rdp]
[remote_debug]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
1.5同步数据库
su -s /bin/sh -c “nova-manage api_db sync” nova
su -s /bin/sh -c “nova-manage db sync” nova
1.6完成安装
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

  • Compute节点操作

2.1安装
yum install openstack-nova-compute -y
2.2配置
2.2完成安装
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

  1. Neutron
  • controller节点操作

1.1建库授权
mysql -u root -p
mysql> CREATE DATABASE neutron;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘glance’@’localhost’ \
IDENTIFIED BY ‘gorhce’;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘glance’@’%’ \
IDENTIFIED BY ‘gorhce’;
 
1.2配置user、service、endpoint
. admin-openrc
 
openstack user create –domain default –password-prompt neutron
openstack role add –project service –user neutron admin
 
openstack service create –name neutron \
–description “OpenStack Networking” network
 
openstack endpoint create –region RegionOne \
network public http://controller:9696
 
openstack endpoint create –region RegionOne \
network internal http://controller:9696
 
openstack endpoint create –region RegionOne \
network admin http://controller:9696
1.3安装
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
1.4配置
vi /etc/neutron/neutron.conf
 
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[agent]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://neutron:gorhce@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = gorhce
[matchmaker_redis]
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = gorhce
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = gorhce
[oslo_messaging_zmq]
[oslo_policy]
[qos]
[quotas]
[ssl]
 
vi /etc/neutron/plugins/ml2/ml2_conf.ini
 
[DEFAULT]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
 
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:eno33554960
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.58.128
l2_population = True
 
vi /etc/neutron/l3_agent.ini
 
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =
[AGENT]
 
vi /etc/neutron/dhcp_agent.ini
 
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[AGENT]
 
vi /etc/neutron/metadata_agent.ini
 
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = 123456
[AGENT]
[cache]
1.5同步数据库
su -s /bin/sh -c “neutron-db-manage –config-file /etc/neutron/neutron.conf \
–config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head” neutron
1.6完成安装
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
 
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
 

  • compute节点操作

2.1安装
yum install openstack-neutron-linuxbridge ebtables ipset -y
2.2配置
vi /etc/neutron/neutron.conf
 
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[agent]
[cors]
[cors.subdomain]
[database]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = gorhce
[matchmaker_redis]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = gorhce
[oslo_messaging_zmq]
[oslo_policy]
[qos]
[quotas]
[ssl]
 
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
 
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:eno33554960
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = True
local_ip = 192.168.58.129
l2_population = True
2.3完成安装
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

  1. Horizon(只在controller节点操作)
  • 安装

yum install openstack-dashboard -y

  • 配置

vi /etc/openstack-dashboard/local_settings
import os
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard import exceptions
from openstack_dashboard.settings import HORIZON_CONFIG
DEBUG = False
WEBROOT = ‘/dashboard/’
ALLOWED_HOSTS = [‘*’, ]
SESSION_ENGINE = ‘django.contrib.sessions.backends.cache’
CACHES = {
‘default’: {
‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’,
‘LOCATION’: ‘controller:11211’,
}
}
OPENSTACK_API_VERSIONS = {
“identity”: 3,
“image”: 2,
“volume”: 2,
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = ‘default’
LOCAL_PATH = ‘/tmp’
SECRET_KEY=’1a75085dcfe196ca176f’
CACHES = {
‘default’: {
‘BACKEND’: ‘django.core.cache.backends.locmem.LocMemCache’,
},
}
EMAIL_BACKEND = ‘django.core.mail.backends.console.EmailBackend’
OPENSTACK_HOST = “controller”
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v2.0” % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
OPENSTACK_KEYSTONE_BACKEND = {
‘name’: ‘native’,
‘can_edit_user’: True,
‘can_edit_group’: True,
‘can_edit_project’: True,
‘can_edit_domain’: True,
‘can_edit_role’: True,
}
OPENSTACK_ENABLE_PASSWORD_RETRIEVE = True
OPENSTACK_HYPERVISOR_FEATURES = {
‘can_set_mount_point’: False,
‘can_set_password’: True,
‘requires_keypair’: False,
‘enable_quotas’: True
}
OPENSTACK_CINDER_FEATURES = {
‘enable_backup’: False,
}
OPENSTACK_NEUTRON_NETWORK = {
‘enable_router’: True,
‘enable_quotas’: True,
‘enable_ipv6’: False,
‘enable_distributed_router’: False,
‘enable_ha_router’: False,
‘enable_lb’: False,
‘enable_firewall’: False,
‘enable_vpn’: False,
‘enable_fip_topology_check’: True,
‘profile_support’: None,
‘supported_vnic_types’: [‘*’],
}
OPENSTACK_HEAT_STACK = {
‘enable_user_pass’: True,
}
IMAGE_CUSTOM_PROPERTY_TITLES = {
“architecture”: _(“Architecture”),
“kernel_id”: _(“Kernel ID”),
“ramdisk_id”: _(“Ramdisk ID”),
“image_state”: _(“Euca2ools state”),
“project_id”: _(“Project ID”),
“image_type”: _(“Image Type”),
}
IMAGE_RESERVED_CUSTOM_PROPERTIES = []
API_RESULT_LIMIT = 1000
API_RESULT_PAGE_SIZE = 20
SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024
INSTANCE_LOG_LENGTH = 35
DROPDOWN_MAX_ITEMS = 30
TIME_ZONE = “UTC”
POLICY_FILES_PATH = ‘/etc/openstack-dashboard’
LOGGING = {
‘version’: 1,
‘disable_existing_loggers’: False,
‘formatters’: {
‘operation’: {
‘format’: ‘%(asctime)s %(message)s’
},
},
‘handlers’: {
‘null’: {
‘level’: ‘DEBUG’,
‘class’: ‘logging.NullHandler’,
},
‘console’: {
‘level’: ‘INFO’,
‘class’: ‘logging.StreamHandler’,
},
‘operation’: {
‘level’: ‘INFO’,
‘class’: ‘logging.StreamHandler’,
‘formatter’: ‘operation’,
},
},
‘loggers’: {
‘django.db.backends’: {
‘handlers’: [‘null’],
‘propagate’: False,
},
‘requests’: {
‘handlers’: [‘null’],
‘propagate’: False,
},
‘horizon’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘horizon.operation_log’: {
‘handlers’: [‘operation’],
‘level’: ‘INFO’,
‘propagate’: False,
},
‘openstack_dashboard’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘novaclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘cinderclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘keystoneclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘glanceclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘neutronclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘heatclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘ceilometerclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘swiftclient’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘openstack_auth’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘nose.plugins.manager’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘django’: {
‘handlers’: [‘console’],
‘level’: ‘DEBUG’,
‘propagate’: False,
},
‘iso8601’: {
‘handlers’: [‘null’],
‘propagate’: False,
},
‘scss’: {
‘handlers’: [‘null’],
‘propagate’: False,
},
},
}
SECURITY_GROUP_RULES = {
‘all_tcp’: {
‘name’: _(‘All TCP’),
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘1’,
‘to_port’: ‘65535’,
},
‘all_udp’: {
‘name’: _(‘All UDP’),
‘ip_protocol’: ‘udp’,
‘from_port’: ‘1’,
‘to_port’: ‘65535’,
},
‘all_icmp’: {
‘name’: _(‘All ICMP’),
‘ip_protocol’: ‘icmp’,
‘from_port’: ‘-1’,
‘to_port’: ‘-1’,
},
‘ssh’: {
‘name’: ‘SSH’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ’22’,
‘to_port’: ’22’,
},
‘smtp’: {
‘name’: ‘SMTP’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ’25’,
‘to_port’: ’25’,
},
‘dns’: {
‘name’: ‘DNS’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ’53’,
‘to_port’: ’53’,
},
‘http’: {
‘name’: ‘HTTP’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ’80’,
‘to_port’: ’80’,
},
‘pop3’: {
‘name’: ‘POP3’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘110’,
‘to_port’: ‘110’,
},
‘imap’: {
‘name’: ‘IMAP’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘143’,
‘to_port’: ‘143’,
},
‘ldap’: {
‘name’: ‘LDAP’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘389’,
‘to_port’: ‘389’,
},
‘https’: {
‘name’: ‘HTTPS’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘443’,
‘to_port’: ‘443’,
},
‘smtps’: {
‘name’: ‘SMTPS’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘465’,
‘to_port’: ‘465’,
},
‘imaps’: {
‘name’: ‘IMAPS’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘993’,
‘to_port’: ‘993’,
},
‘pop3s’: {
‘name’: ‘POP3S’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘995’,
‘to_port’: ‘995’,
},
‘ms_sql’: {
‘name’: ‘MS SQL’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘1433’,
‘to_port’: ‘1433’,
},
‘mysql’: {
‘name’: ‘MYSQL’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘3306’,
‘to_port’: ‘3306’,
},
‘rdp’: {
‘name’: ‘RDP’,
‘ip_protocol’: ‘tcp’,
‘from_port’: ‘3389’,
‘to_port’: ‘3389’,
},
}
REST_API_REQUIRED_SETTINGS = [‘OPENSTACK_HYPERVISOR_FEATURES’,
‘LAUNCH_INSTANCE_DEFAULTS’,
‘OPENSTACK_IMAGE_FORMATS’]
ALLOWED_PRIVATE_SUBNET_CIDR = {‘ipv4’: [], ‘ipv6’: []}

  • 完成安装

systemctl restart httpd.service memcached.service
 
登陆horizon http://192.168.58.128/dashboard  
domain:      default
user:        admin
password:    gorhce

  1. Cinder
  • controller节点操作

1.1建库授权
mysql -u root -p
mysql> CREATE DATABASE cinder;
mysql> GRANT ALL PRIVILEGES ON cinder.* TO ‘glance’@’localhost’ \
IDENTIFIED BY ‘gorhce’;
mysql> GRANT ALL PRIVILEGES ON neutron.* TO ‘glance’@’%’ \
IDENTIFIED BY ‘gorhce’;
1.2配置user、service、endpoint
. admin-openrc
 
openstack user create –domain default –password-prompt cinder
openstack role add –project service –user cinder admin
 
openstack service create –name cinder \
–description “OpenStack Block Storage” volume
 
openstack service create –name cinderv2 \
–description “OpenStack Block Storage” volumev2
 
openstack endpoint create –region RegionOne \
volume public http://controller:8776/v1/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
volume internal http://controller:8776/v1/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
volume admin http://controller:8776/v1/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
volumev2 public http://controller:8776/v2/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
 
openstack endpoint create –region RegionOne \
volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
1.3安装
yum install openstack-cinder -y
1.4配置
vi /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.58.128
[BACKEND]
[BRCD_FABRIC_EXAMPLE]
[CISCO_FABRIC_EXAMPLE]
[COORDINATION]
[FC-ZONE-MANAGER]
[KEY_MANAGER]
[barbican]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://cinder:gorhce@controller/cinder
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = gorhce
[matchmaker_redis]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = gorhce
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[ssl]
 
1.5同步数据库
su -s /bin/sh -c “cinder-manage db sync” cinder
1.6完成安装
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

  • cinder节点操作

2.1安装
yum install lvm2 openstack-cinder targetcli python-keystone -y
 
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
2.2配置
执行以下命令把第二块盘加到lvm
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
 
vi /etc/lvm/lvm.conf
config {
checks = 1
abort_on_errors = 0
profile_dir = “/etc/lvm/profile”
}
devices {
dir = “/dev”
scan = [ “/dev” ]
obtain_device_list_from_udev = 1
external_device_info_source = “none”
preferred_names = [ “^/dev/mpath/”, “^/dev/mapper/mpath”, “^/dev/[hs]d” ]
cache_dir = “/etc/lvm/cache”
cache_file_prefix = “”
write_cache_state = 1
sysfs_scan = 1
multipath_component_detection = 1
md_component_detection = 1
fw_raid_component_detection = 0
md_chunk_alignment = 1
data_alignment_detection = 1
data_alignment = 0
data_alignment_offset_detection = 1
ignore_suspended_devices = 0
ignore_lvm_mirrors = 1
disable_after_error_count = 0
require_restorefile_with_uuid = 1
pv_min_size = 2048
issue_discards = 0
}
allocation {
maximise_cling = 1
use_blkid_wiping = 1
wipe_signatures_when_zeroing_new_lvs = 1
mirror_logs_require_separate_pvs = 0
cache_pool_metadata_require_separate_pvs = 0
thin_pool_metadata_require_separate_pvs = 0
}
log {
verbose = 0
silent = 0
syslog = 1
overwrite = 0
level = 0
indent = 1
command_names = 0
prefix = ”  ”
activation = 0
debug_classes = [ “memory”, “devices”, “activation”, “allocation”, “lvmetad”, “metadata”, “cache”, “locking”, “lvmpolld” ]
}
backup {
backup = 1
backup_dir = “/etc/lvm/backup”
archive = 1
archive_dir = “/etc/lvm/archive”
retain_min = 10
retain_days = 30
}
shell {
history_size = 100
}
global {
umask = 077
test = 0
units = “h”
si_unit_consistency = 1
suffix = 1
activation = 1
proc = “/proc”
etc = “/etc”
locking_type = 1
wait_for_locks = 1
fallback_to_clustered_locking = 1
fallback_to_local_locking = 1
locking_dir = “/run/lock/lvm”
prioritise_write_locks = 1
abort_on_internal_errors = 0
detect_internal_vg_cache_corruption = 0
metadata_read_only = 0
mirror_segtype_default = “raid1”
raid10_segtype_default = “raid10”
sparse_segtype_default = “thin”
use_lvmetad = 1
use_lvmlockd = 0
system_id_source = “none”
use_lvmpolld = 1
}
activation {
checks = 0
udev_sync = 1
udev_rules = 1
verify_udev_operations = 0
retry_deactivation = 1
missing_stripe_filler = “error”
use_linear_target = 1
reserved_stack = 64
reserved_memory = 8192
process_priority = -18
raid_region_size = 512
readahead = “auto”
raid_fault_policy = “warn”
mirror_image_fault_policy = “remove”
mirror_log_fault_policy = “allocate”
snapshot_autoextend_threshold = 100
snapshot_autoextend_percent = 20
thin_pool_autoextend_threshold = 100
thin_pool_autoextend_percent = 20
use_mlockall = 0
monitoring = 1
polling_interval = 15
activation_mode = “degraded”
}
dmeventd {
mirror_library = “libdevmapper-event-lvm2mirror.so”
snapshot_library = “libdevmapper-event-lvm2snapshot.so”
thin_library = “libdevmapper-event-lvm2thin.so”
}
 
vi /etc/cinder/cinder.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.58.128
[BACKEND]
[BRCD_FABRIC_EXAMPLE]
[CISCO_FABRIC_EXAMPLE]
[COORDINATION]
[FC-ZONE-MANAGER]
[KEY_MANAGER]
[barbican]
[cors]
[cors.subdomain]
[database]
connection = mysql+pymysql://cinder:gorhce@controller/cinder
[key_manager]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = gorhce
[matchmaker_redis]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = gorhce
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[oslo_versionedobjects]
[ssl]
2.3完成安装
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
 
《完》
 
参考文档:http://docs.openstack.org/newton/install-guide-rdo/  

如果觉得我的文章对您有用,请随意打赏。您的支持将鼓励我继续创作!

发表回复

您的邮箱地址不会被公开。 必填项已用 * 标注