注意要 按顺序 搭建服务,在 CentOS 7 安装 Openstack Rocky 版本 - 环境搭建 的基础上安装服务。

Compute service - 计算服务(Nova + Placement)

控制节点计算节点 安装,之后安装网络服务(Neutron)后需要修改配置文件

控制节点

数据库配置

连接数据库

1
2
# 连接数据库
mysql -u root -p

数据库操作

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
-- 创建数据库
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE placement;

-- 创建用户 nova ,密码为  mariadb-nova,并授予权限
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'mariadb-nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'mariadb-nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'mariadb-nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'mariadb-nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'mariadb-nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'mariadb-nova';

-- 创建用户 placement ,密码为  mariadb-placement,并授予权限
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'mariadb-placement';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'mariadb-placement';

-- 创建完毕退出
exit

身份认证和 API 配置

Nova

创建用户 nova 并添加到 admin 角色

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
# 更新环境变量
. admin-openrc

# 创建用户,设置密码为 nova
openstack user create --domain default --password-prompt nova
# User Password:
# Repeat User Password:
# +---------------------+----------------------------------+
# | Field               | Value                            |
# +---------------------+----------------------------------+
# | domain_id           | default                          |
# | enabled             | True                             |
# | id                  | 395704615eb54f0f8e70e4e9e573b9b4 |
# | name                | nova                             |
# | options             | {}                               |
# | password_expires_at | None                             |
# +---------------------+----------------------------------+


# 将用户添加到 admin 角色
openstack role add --project service --user nova admin
# 无输出

创建 nova 服务实体和端点(endpoint)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# 创建服务实体
openstack service create --name nova --description "OpenStack Compute" compute
# +-------------+----------------------------------+
# | Field       | Value                            |
# +-------------+----------------------------------+
# | description | OpenStack Compute                |
# | enabled     | True                             |
# | id          | b24e78e245b842c79b6006059bdbdb42 |
# | name        | nova                             |
# | type        | compute                          |
# +-------------+----------------------------------+


# 创建服务 API 端点(endpoint)
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | 0510326b222f4d7d866afb1308949d25 |
# | interface    | public                           |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | b24e78e245b842c79b6006059bdbdb42 |
# | service_name | nova                             |
# | service_type | compute                          |
# | url          | http://controller:8774/v2.1      |
# +--------------+----------------------------------+


openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | ee21db974ea94023ab043eae152fd8e0 |
# | interface    | internal                         |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | b24e78e245b842c79b6006059bdbdb42 |
# | service_name | nova                             |
# | service_type | compute                          |
# | url          | http://controller:8774/v2.1      |
# +--------------+----------------------------------+


openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | 380aeb7a59f9408ab1a25322fdc780da |
# | interface    | admin                            |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | b24e78e245b842c79b6006059bdbdb42 |
# | service_name | nova                             |
# | service_type | compute                          |
# | url          | http://controller:8774/v2.1      |
# +--------------+----------------------------------+

Placement

创建用户 placement 并添加到 admin 角色

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
# 创建用户,设置密码为 placement
openstack user create --domain default --password-prompt placement
# User Password:
# Repeat User Password:
# +---------------------+----------------------------------+
# | Field               | Value                            |
# +---------------------+----------------------------------+
# | domain_id           | default                          |
# | enabled             | True                             |
# | id                  | 433f0118db81487193ff07ebf88ab4ba |
# | name                | placement                        |
# | options             | {}                               |
# | password_expires_at | None                             |
# +---------------------+----------------------------------+


# 将用户添加到 admin 角色
openstack role add --project service --user placement admin
# 无输出

创建 placement 服务实体和端点(endpoint)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
# 创建服务实体
openstack service create --name placement --description "Placement API" placement
# +-------------+----------------------------------+
# | Field       | Value                            |
# +-------------+----------------------------------+
# | description | Placement API                    |
# | enabled     | True                             |
# | id          | d32ca758399c497aad53b6d19ded5859 |
# | name        | placement                        |
# | type        | placement                        |
# +-------------+----------------------------------+


# 创建服务 API 端点(endpoint)
openstack endpoint create --region RegionOne placement public http://controller:8778
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | cf7f3b8786e1456ab24dd10a4ba2693b |
# | interface    | public                           |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | d32ca758399c497aad53b6d19ded5859 |
# | service_name | placement                        |
# | service_type | placement                        |
# | url          | http://controller:8778           |
# +--------------+----------------------------------+


openstack endpoint create --region RegionOne placement internal http://controller:8778
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | 03d5ca66121847a1aae1793e79be8d00 |
# | interface    | internal                         |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | d32ca758399c497aad53b6d19ded5859 |
# | service_name | placement                        |
# | service_type | placement                        |
# | url          | http://controller:8778           |
# +--------------+----------------------------------+


openstack endpoint create --region RegionOne placement admin http://controller:8778
# +--------------+----------------------------------+
# | Field        | Value                            |
# +--------------+----------------------------------+
# | enabled      | True                             |
# | id           | 216cf229646d498d9ece68f13d31fe98 |
# | interface    | admin                            |
# | region       | RegionOne                        |
# | region_id    | RegionOne                        |
# | service_id   | d32ca758399c497aad53b6d19ded5859 |
# | service_name | placement                        |
# | service_type | placement                        |
# | url          | http://controller:8778           |
# +--------------+----------------------------------+

安装和配置 Nova

安装软件包

1
2
3
4
# 安装
yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler openstack-nova-placement-api -y

编辑配置文件 /etc/nova/nova.conf ,配置文件中有些选项是没有的,需要直接添加到相应的小节

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:rabbitmq@controller
my_ip = 10.0.0.11
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:mariadb-nova@controller/nova_api

[database]
connection = mysql+pymysql://nova:mariadb-nova@controller/nova

[placement_database]
connection = mysql+pymysql://placement:mariadb-placement@controller/placement

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova

# [neutron]
# url = http://controller:9696
# auth_url = http://controller:5000
# auth_type = password
# project_domain_name = default
# user_domain_name = default
# region_name = RegionOne
# project_name = service
# username = neutron
# password = neutron

[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement

修改配置文件 /etc/httpd/conf.d/00-nova-placement-api.conf ,添加以下内容,启用对 Placement API 的访问

1
2
3
4
5
6
7
8
9
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

重启 http 服务

1
2
# 重启 http 服务
systemctl restart httpd

继续配置 nova

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
# 填充数据库(novaapi、placement)
su -s /bin/sh -c "nova-manage api_db sync" nova

# 注册 cell0 数据库(database)
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

# 创建 cell1 单元格(cell)
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
# 3aa67d3d-80a5-40dd-98c9-3d4bc51aebb7

# 填充数据库(nova)
su -s /bin/sh -c "nova-manage db sync" nova

# 验证 cell0 和 cell1 成功注册
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
# +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
# |  Name |                 UUID                 |           Transport URL            |
#       Database Connection               | Disabled |
# +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+
# | cell0 | 00000000-0000-0000-0000-000000000000 |               none:/               | mysql+pymysql://nova:****@controller/nova_cell0 |  False   |
# | cell1 | 3aa67d3d-80a5-40dd-98c9-3d4bc51aebb7 | rabbit://openstack:****@controller |    mysql+pymysql://nova:****@controller/nova    |  False   |
# +-------+--------------------------------------+------------------------------------+-------------------------------------------------+----------+


# 启用服务
systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service \
  openstack-nova-consoleauth openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

计算节点

安装和配置 nova

安装软件包

1
2
# 安装
yum install openstack-nova-compute -y

修改配置文件 /etc/nova/nova.conf ,缺失的配置选项直接添加到相应的小节

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:rabbitmq@controller
my_ip = 10.0.0.31
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova

# [neutron]
# url = http://controller:9696
# auth_url = http://controller:5000
# auth_type = password
# project_domain_name = default
# user_domain_name = default
# region_name = RegionOne
# project_name = service
# username = neutron
# password = neutron

[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement

[libvirt]
virt_type = qemu

完成安装

1
2
3
4
5
6
# 虚拟机硬件加速(0 表示不支持,需要配置 virt_type=qemu)
egrep -c '(vmx|svm)' /proc/cpuinfo

# 启用服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

如果启动 nova 服务卡住了,但是查看日志 /var/log/nova/nova-compute.log 只有普通信息输出,那可能是没关 防火墙

1
2
3
4
5
6
7
8
# 关闭防火墙
systemctl stop firewalld.service

# 禁止防火墙开机启动
systemctl disable firewalld.service

# 临时关闭 SELinux
sudo setenforce 0

添加到 cell 数据库

控制节点 上执行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
# 更新环境变量
. admin-openrc

# 确认数据库中有计算节点
openstack compute service list --service nova-compute
# +----+--------------+----------+------+---------+-------+----------------------------+
# | ID | Binary       | Host     | Zone | Status  | State | Updated At                 |
# +----+--------------+----------+------+---------+-------+----------------------------+
# | 13 | nova-compute | compute1 | nova | enabled | up    | 2020-12-26T06:14:19.000000 |
# +----+--------------+----------+------+---------+-------+----------------------------+


# 发现计算主机
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
# Found 2 cell mappings.
# Skipping cell0 since it does not contain hosts.
# Getting computes from cell 'cell1': 3aa67d3d-80a5-40dd-98c9-3d4bc51aebb7
# Checking host mapping for compute host 'compute1': 1b56bf5a-3716-4e14-b8e4-de8b9da0ba49
# Creating host mapping for compute host 'compute1': 1b56bf5a-3716-4e14-b8e4-de8b9da0ba49
# Found 1 unmapped computes in cell: 3aa67d3d-80a5-40dd-98c9-3d4bc51aebb7


# 再次执行
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
# Found 2 cell mappings.
# Skipping cell0 since it does not contain hosts.
# Getting computes from cell 'cell1': 3aa67d3d-80a5-40dd-98c9-3d4bc51aebb7
# Found 0 unmapped computes in cell: 3aa67d3d-80a5-40dd-98c9-3d4bc51aebb7


# 编辑配置文件(可选)
vim /etc/nova/nova.conf
# 修改配置
# [scheduler]
# discover_hosts_in_cells_interval = 300

验证

控制节点 上执行

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# 更新环境变量
. admin-openrc

# 列出服务组件,验证每个流程成功启动和注册
openstack compute service list
# +----+------------------+------------+----------+---------+-------+----------------------------+
# | ID | Binary           | Host       | Zone     | Status  | State | Updated At
#  |
# +----+------------------+------------+----------+---------+-------+----------------------------+
# |  1 | nova-consoleauth | controller | internal | enabled | up    | 2020-12-26T06:17:36.000000 |
# |  2 | nova-scheduler   | controller | internal | enabled | up    | 2020-12-26T06:17:41.000000 |
# |  8 | nova-conductor   | controller | internal | enabled | up    | 2020-12-26T06:17:41.000000 |
# | 13 | nova-compute     | compute1   | nova     | enabled | up    | 2020-12-26T06:17:39.000000 |
# +----+------------------+------------+----------+---------+-------+----------------------------+


# 列出身份管理服务中的 API 端点(endpoint),验证服务和身份管理服务的连接
openstack catalog list
# +-----------+-----------+-----------------------------------------+
# | Name      | Type      | Endpoints                               |
# +-----------+-----------+-----------------------------------------+
# | glance    | image     | RegionOne                               |
# |           |           |   public: http://controller:9292        |
# |           |           | RegionOne                               |
# |           |           |   internal: http://controller:9292      |
# |           |           | RegionOne                               |
# |           |           |   admin: http://controller:9292         |
# |           |           |                                         |
# | keystone  | identity  | RegionOne                               |
# |           |           |   admin: http://controller:5000/v3/     |
# |           |           | RegionOne                               |
# |           |           |   public: http://controller:5000/v3/    |
# |           |           | RegionOne                               |
# |           |           |   internal: http://controller:5000/v3/  |
# |           |           |                                         |
# | neutron   | network   | RegionOne                               |
# |           |           |   public: http://controller:9696        |
# |           |           | RegionOne                               |
# |           |           |   internal: http://controller:9696      |
# |           |           | RegionOne                               |
# |           |           |   admin: http://controller:9696         |
# |           |           |                                         |
# | nova      | compute   | RegionOne                               |
# |           |           |   public: http://controller:8774/v2.1   |
# |           |           | RegionOne                               |
# |           |           |   admin: http://controller:8774/v2.1    |
# |           |           | RegionOne                               |
# |           |           |   internal: http://controller:8774/v2.1 |
# |           |           |                                         |
# | placement | placement | RegionOne                               |
# |           |           |   internal: http://controller:8778      |
# |           |           | RegionOne                               |
# |           |           |   admin: http://controller:8778         |
# |           |           | RegionOne                               |
# |           |           |   public: http://controller:8778        |
# |           |           |                                         |
# +-----------+-----------+-----------------------------------------+


# 列出镜像服务中的镜像,验证和镜像服务的连接
openstack image list
# +--------------------------------------+--------+--------+
# | ID                                   | Name   | Status |
# +--------------------------------------+--------+--------+
# | af73bd20-bdcf-47a2-af78-29fe3e98053b | cirros | active |
# +--------------------------------------+--------+--------+


# 检查 cells 和 placement API 是否成功运行
nova-status upgrade check
# +--------------------------------+
# | Upgrade Check Results          |
# +--------------------------------+
# | Check: Cells v2                |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+
# | Check: Placement API           |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+
# | Check: Resource Providers      |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+
# | Check: Ironic Flavor Migration |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+
# | Check: API Service Version     |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+
# | Check: Request Spec Migration  |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+
# | Check: Console Auths           |
# | Result: Success                |
# | Details: None                  |
# +--------------------------------+