CentOS7 ARM 手动搭建OpenStack《一》
4
2022-08-14
CentOS7 ARM 搭建OpenStack《一》
1、基础实验环境准备
1.1、拓扑
- 实验平台:Parallels Desktop 17
- 操作系统:CentOS Linux release 7.9.2009 (AltArch)
- 内核版本:5.11.12-300.el7.aarch64
| 节点 | 公网 | 私网 | 配置 | 硬盘 |
|---|---|---|---|---|
| master01 | 10.211.55.70/24 | 10.10.1.70/24 | 2H4G | 64G |
| node01 | 10.211.55.71/24 | 10.10.1.71/24 | 2H4G | 64G+100G |
1.2、配置准备
- DNS-这里使用的是阿里云的DNS
-
[root@localhost ~]# vim /etc/resolv.conf nameserver 223.5.5.5 nameserver 223.6.6.6
-
- 网卡
-
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO=static IPADDR=10.211.55.70 PREFIX=24 GATEWAY=10.211.55.1 DEFROUTE=yes NAME=eth0 ONBOOT=yes AUTOCONNECT_RETRIES=1 DEVICE=eth0
-
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth1 BOOTPROTO=static IPADDR=10.10.1.70 PREFIX=24 DEFROUTE=yes NAME=eth1 ONBOOT=yes AUTOCONNECT_RETRIES=1 DEVICE=eth1
-
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO=static IPADDR=10.211.55.71 PREFIX=24 GATEWAY=10.211.55.1 DEFROUTE=yes NAME=eth0 ONBOOT=yes AUTOCONNECT_RETRIES=1 DEVICE=eth0
-
[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eth0 BOOTPROTO=static IPADDR=10.10.1.71 PREFIX=24 DEFROUTE=yes NAME=eth0 ONBOOT=yes AUTOCONNECT_RETRIES=1 DEVICE=eth0
-
- 时间同步
[root@localhost ~]# crontab -e */1 * * * * /usr/sbin/ntpdate time1.aliyun.com
- 添加主机名解析
设置好主机名之后请不要中途修改
[root@localhost ~]# vim /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.10.1.70 master01 10.10.1.71 node01
- 关闭防火墙
- 关闭SElinux
[root@localhost ~]# sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux [root@localhost ~]# getenforce Disabled
- 关闭firewalld
[root@localhost ~]# systemctl stop firewalld && systemctl disable firewalld [root@localhost ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled) Active: inactive (dead) Docs: man:firewalld(1)
- 关闭SElinux
1.3、安装OpenStack相关软件包
1.3.1、安装OpenStackStein库
[root@localhost ~]# yum install centos-release-openstack-stein -y --nogpgcheck [root@localhost ~]# yum clean all && yum makecache
1.3.2、更新软件包
[root@localhost ~]# yum update -y --nogpgcheck
1.3.3、安装客户端软件包
[root@localhost ~]# yum install python-openstackclient openstack-selinux -y --nogpgcheck [root@localhost ~]# yum clean all && yum makecache
1.4、master节点安装数据库
1.4.1、安装mariadb
[root@master01 ~]# yum --enablerepo=centos-openstack-stein install mariadb mariadb-server python2-PyMySQL -y --nogpgcheck
1.4.2、创建OpenStack数据库配置文件
[root@master01 ~]# vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 10.10.1.70 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
defaultstorageengine = innodb:默认存储引擎 innodb_file_per_table:使用独享表空间模式,每一个表都会建一个表空间,都会有索引文件,查索引快,共享表空间,共用一个表空间和索引,如果有损坏很难修复,比如说zabbix用到的数据库如果不使用的独享表空间,很难进行优化
1.4.3、启动并设置开机自启
[root@master01 ~]# systemctl restart mariadb
[root@master01 ~]# systemctl status mariadb
● mariadb.service - MariaDB 10.3 database server
Loaded: loaded (/usr/lib/systemd/system/mariadb.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2022-08-04 18:53:52 CST; 11s ago
Docs: man:mysqld(8)
https://mariadb.com/kb/en/library/systemd/
Process: 8029 ExecStartPost=/usr/libexec/mysql-check-upgrade (code=exited, status=0/SUCCESS)
Process: 7894 ExecStartPre=/usr/libexec/mysql-prepare-db-dir %n (code=exited, status=0/SUCCESS)
Process: 7869 ExecStartPre=/usr/libexec/mysql-check-socket (code=exited, status=0/SUCCESS)
Main PID: 7996 (mysqld)
Status: "Taking your SQL requests now..."
CGroup: /system.slice/mariadb.service
└─7996 /usr/libexec/mysqld --basedir=/usr
[root@master01 ~]# systemctl enable mariadb
[root@master01 ~]# systemctl list-unit-files |grep mariadb.service
mariadb.service enabled
1.4.4、初始化数据库
设置密码,默认密码为空,直接回车,输入Y后再输入两次密码
[root@master01 ~]# /usr/bin/mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] Y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] Y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] Y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] Y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] Y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
重启数据库
[root@master01 ~]# systemctl restart mariadb
1.4.5、创建openstack相关数据库
[root@master01 ~]# mysql -p Enter password: Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 8 Server version: 10.3.10-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> flush privileges; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | mysql | | performance_schema | +--------------------+ 3 rows in set (0.001 sec) MariaDB [(none)]> select user,host from mysql.user; +------+-----------+ | user | host | +------+-----------+ | root | 127.0.0.1 | | root | ::1 | | root | localhost | +------+-----------+ 3 rows in set (0.001 sec) MariaDB [(none)]> \q Bye
1.5、master节点安装消息队列rabbitmq
消息队列( MQ)全称为 Message Queue, 是一种应用程序对应用程序的通信方法。应用程序通过读写出入队列的消息(针对应用程序的数据)来通信,而无需专用连接来链接它们。消息传递指的是程序之间通过在消息中发送数据进行通信,而不是通过直接调用彼此来通信,直接调用通常是用于诸如远程过程调用的技术。排队指的是应用程序通过队列来通信。队列的使用除去了接收和发送应用程序同时执行的要求。RabbitMQ 是一个在 AMQP 基础上完整的,可复用的企业消息系统。他遵循 Mozilla Public License开源协议。
1.5.1、安装rabbitmq-server
[root@master01 ~]# yum --enablerepo=centos-openstack-stein install rabbitmq-server lsof -y --nogpgcheck
1.5.2、启动rabbitmq-server
[root@master01 ~]# systemctl start rabbitmq-server
[root@master01 ~]# systemctl status rabbitmq-server
● rabbitmq-server.service - RabbitMQ broker
Loaded: loaded (/usr/lib/systemd/system/rabbitmq-server.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2022-08-04 19:06:48 CST; 9s ago
Main PID: 8420 (beam.smp)
Status: "Initialized"
CGroup: /system.slice/rabbitmq-server.service
├─8420 /usr/lib64/erlang/erts-8.3.5.3/bin/beam.smp -W w -A 64 -P 1...
├─8613 erl_child_setup 1024
├─8625 inet_gethost 4
└─8626 inet_gethost 4
[root@master01 ~]# systemctl enable rabbitmq-server [root@master01 ~]# systemctl list-unit-files |grep rabbitmq-server rabbitmq-server.service enabled
1.5.3、创建消息队列中OpenStack账号密码
添加用户:openstack和密码:openstack 配置用户权限,配置读,写权限
[root@master01 ~]# rabbitmqctl add_user openstack openstack Creating user "openstack" [root@master01 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/"
1.5.4、启用插件实现 web 管理
启用rabbitmq_management插件实现 web 管理
查看支持的插件
[root@master01 ~]# rabbitmq-plugins list Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on rabbit@master01 |/ [ ] amqp_client 3.6.16 [ ] cowboy 1.0.4 [ ] cowlib 1.0.2 [ ] rabbitmq_amqp1_0 3.6.16 [ ] rabbitmq_auth_backend_ldap 3.6.16 [ ] rabbitmq_auth_mechanism_ssl 3.6.16 [ ] rabbitmq_consistent_hash_exchange 3.6.16 [ ] rabbitmq_event_exchange 3.6.16 [ ] rabbitmq_federation 3.6.16 [ ] rabbitmq_federation_management 3.6.16 [ ] rabbitmq_jms_topic_exchange 3.6.16 [ ] rabbitmq_management 3.6.16 [ ] rabbitmq_management_agent 3.6.16 [ ] rabbitmq_management_visualiser 3.6.16 [ ] rabbitmq_mqtt 3.6.16 [ ] rabbitmq_random_exchange 3.6.16 [ ] rabbitmq_recent_history_exchange 3.6.16 [ ] rabbitmq_sharding 3.6.16 [ ] rabbitmq_shovel 3.6.16 [ ] rabbitmq_shovel_management 3.6.16 [ ] rabbitmq_stomp 3.6.16 [ ] rabbitmq_top 3.6.16 [ ] rabbitmq_tracing 3.6.16 [ ] rabbitmq_trust_store 3.6.16 [ ] rabbitmq_web_dispatch 3.6.16 [ ] rabbitmq_web_mqtt 3.6.16 [ ] rabbitmq_web_mqtt_examples 3.6.16 [ ] rabbitmq_web_stomp 3.6.16 [ ] rabbitmq_web_stomp_examples 3.6.16 [ ] sockjs 0.3.4
启用web管理插件
[root@master01 ~]# rabbitmq-plugins enable rabbitmq_management The following plugins have been enabled: amqp_client cowlib cowboy rabbitmq_web_dispatch rabbitmq_management_agent rabbitmq_management Applying plugin configuration to rabbit@master01... started 6 plugins. [root@master01 ~]# systemctl restart rabbitmq-server
再次查看
[root@master01 ~]# rabbitmq-plugins list Configured: E = explicitly enabled; e = implicitly enabled | Status: * = running on rabbit@master01 |/ [e*] amqp_client 3.6.16 [e*] cowboy 1.0.4 [e*] cowlib 1.0.2 [ ] rabbitmq_amqp1_0 3.6.16 [ ] rabbitmq_auth_backend_ldap 3.6.16 [ ] rabbitmq_auth_mechanism_ssl 3.6.16 [ ] rabbitmq_consistent_hash_exchange 3.6.16 [ ] rabbitmq_event_exchange 3.6.16 [ ] rabbitmq_federation 3.6.16 [ ] rabbitmq_federation_management 3.6.16 [ ] rabbitmq_jms_topic_exchange 3.6.16 [E*] rabbitmq_management 3.6.16 [e*] rabbitmq_management_agent 3.6.16 [ ] rabbitmq_management_visualiser 3.6.16 [ ] rabbitmq_mqtt 3.6.16 [ ] rabbitmq_random_exchange 3.6.16 [ ] rabbitmq_recent_history_exchange 3.6.16 [ ] rabbitmq_sharding 3.6.16 [ ] rabbitmq_shovel 3.6.16 [ ] rabbitmq_shovel_management 3.6.16 [ ] rabbitmq_stomp 3.6.16 [ ] rabbitmq_top 3.6.16 [ ] rabbitmq_tracing 3.6.16 [ ] rabbitmq_trust_store 3.6.16 [e*] rabbitmq_web_dispatch 3.6.16 [ ] rabbitmq_web_mqtt 3.6.16 [ ] rabbitmq_web_mqtt_examples 3.6.16 [ ] rabbitmq_web_stomp 3.6.16 [ ] rabbitmq_web_stomp_examples 3.6.16 [ ] sockjs 0.3.4
查看端口,方便后期排障。
[root@master01 ~]# lsof -i:15672 COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME beam.smp 9769 rabbitmq 56u IPv4 38920 0t0 TCP *:15672 (LISTEN)
1.5.5、访问WEB页面测试IP:15672
首次登陆,默认用户名密码都是guest,需要登录上去修改openstack用户的权限(Tags)
打开admin管理标签,点击OpenStack用户
点击Update this user,输入密码,再点击tag:admin,最后点击Update user
1.6、在master节点安装Memcached
认证服务认证缓存使用Memcached缓存令牌。缓存服务memecached运行在控制节点。在生产部署中,推荐联合启用防火墙、认证和加密保证它的安全。
1.6.1、安装Memcached用于缓存令牌
[root@master01 ~]# yum --enablerepo=centos-openstack-stein install memcached python-memcached -y --nogpgcheck
1.6.2、修改Memcached配置文件
[root@master01 ~]# vim /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1" 修改后 PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 127.0.0.1,::1,master01"
如果没有启用IPv6地址需要删掉::1的地址绑定
1.6.3、启动memcached并设置开机自启
[root@master01 ~]# vim /etc/sysconfig/memcached
[root@master01 ~]# systemctl start memcached
[root@master01 ~]# systemctl status memcached
● memcached.service - memcached daemon
Loaded: loaded (/usr/lib/systemd/system/memcached.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2022-08-04 19:57:03 CST; 7s ago
Main PID: 11899 (memcached)
CGroup: /system.slice/memcached.service
└─11899 /usr/bin/memcached -p 11211 -u memcached -m 64 -c
[root@master01 ~]# systemctl enable memcached
[root@master01 ~]# systemctl list-unit-files |grep memcached
memcached.service enabled
查看服务端口:TCP 11899
[root@master01 ~]# netstat -anptl|grep memcached tcp 0 0 10.10.1.70:11211 0.0.0.0:* LISTEN 11899/memcached tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 11899/memcached tcp6 0 0 ::1:11211 :::* LISTEN 11899/memcached
1.7、在master节点安装Etcd服务
ETCD是用于共享配置和服务发现的分布式,一致性的KV存储系统。该项目目前最新稳定版本为2.3.0. 具体信息请参考[项目首页]和[Github]。ETCD是CoreOS公司发起的一个开源项目,授权协议为Apache。
1.7.1、安装etcd服务
[root@master01 ~]# yum --enablerepo=centos-openstack-stein install etcd -y --nogpgcheck
1.7.2、修改etcd配置文件
[root@master01 ~]# vim /etc/etcd/etcd.conf #[Member] #ETCD_CORS="" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #ETCD_WAL_DIR="" #ETCD_LISTEN_PEER_URLS="http://localhost:2380" ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" #ETCD_MAX_SNAPSHOTS="5" #ETCD_MAX_WALS="5" ETCD_NAME="default" #ETCD_SNAPSHOT_COUNT="100000" #ETCD_HEARTBEAT_INTERVAL="100" #ETCD_ELECTION_TIMEOUT="1000" #ETCD_QUOTA_BACKEND_BYTES="0" #ETCD_MAX_REQUEST_BYTES="1572864" #ETCD_GRPC_KEEPALIVE_MIN_TIME="5s" #ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s" #ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" # #[Clustering] #ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380" ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" #ETCD_DISCOVERY="" #ETCD_DISCOVERY_FALLBACK="proxy" #ETCD_DISCOVERY_PROXY=""
#取消第5行注释 #第十一行:default改成主机名 #取消第20行注释 #新增两行 ETCD_INITIAL_CLUSTER_TOKEN="etcdmaster01"" ETCD_INITIAL_CLUSTER_STATE="new"
修改后
1 #[Member] 2 #ETCD_CORS="" 3 ETCD_DATA_DIR="/var/lib/etcd/default.etcd" 4 #ETCD_WAL_DIR="" 5 ETCD_LISTEN_PEER_URLS="http://localhost:2380" 6 ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" 7 #ETCD_MAX_SNAPSHOTS="5" 8 #ETCD_MAX_WALS="5" 9 ETCD_NAME="master01" 10 #ETCD_SNAPSHOT_COUNT="100000" 11 #ETCD_HEARTBEAT_INTERVAL="100" 12 #ETCD_ELECTION_TIMEOUT="1000" 13 #ETCD_QUOTA_BACKEND_BYTES="0" 14 #ETCD_MAX_REQUEST_BYTES="1572864" 15 #ETCD_GRPC_KEEPALIVE_MIN_TIME="5s" 16 #ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s" 17 #ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" 18 # 19 #[Clustering] 20 ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380" 21 ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" 22 #ETCD_DISCOVERY="" 23 #ETCD_DISCOVERY_FALLBACK="proxy" 24 #ETCD_DISCOVERY_PROXY="" 25 ETCD_INITIAL_CLUSTER_TOKEN="etcdmaster01"" 26 ETCD_INITIAL_CLUSTER_STATE="new"
1.7.3、启动etcd并设置开机自启
[root@master01 ~]# systemctl start etcd
[root@master01 ~]# systemctl status etcd
● etcd.service - Etcd Server
Loaded: loaded (/usr/lib/systemd/system/etcd.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2022-08-04 20:12:45 CST; 10s ago
Main PID: 12666 (etcd)
CGroup: /system.slice/etcd.service
└─12666 /usr/bin/etcd --name=master01 --data-dir=/var/lib/etcd/def...
[root@master01 ~]# systemctl enable etcd
查看服务端口
[root@master01 ~]# systemctl list-unit-files |grep etcd etcd.service enabled [root@master01 ~]# netstat -anptl|grep etcd tcp 0 0 127.0.0.1:2379 0.0.0.0:* LISTEN 12666/etcd tcp 0 0 127.0.0.1:2380 0.0.0.0:* LISTEN 12666/etcd tcp 0 0 127.0.0.1:2379 127.0.0.1:40242 ESTABLISHED 12666/etcd tcp 0 0 127.0.0.1:40242 127.0.0.1:2379 ESTABLISHED 12666/etcd
2、master节点安装Keystone认证服务组件
2.1、在master节点创建keystone相关数据库
创建keystone数据库并授权
[root@master01 ~]# mysql -uroot -p MariaDB [(none)]> create database keystone; MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone'; MariaDB [(none)]> grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | information_schema | | keystone | | mysql | | performance_schema | +--------------------+ 4 rows in set (0.002 sec) MariaDB [(none)]> select user,host from mysql.user; +----------+-----------+ | user | host | +----------+-----------+ | keystone | % | | root | 127.0.0.1 | | root | ::1 | | keystone | localhost | | root | localhost | +----------+-----------+ 5 rows in set (0.001 sec) MariaDB [(none)]> \q Bye
2.2、在master节点安装keystone相关软件包
2.2.1、安装keystone相关软件包
配置Apache服务,使用带有“mod_wsgi”的HTTP服务器来相应认证服务请求,端口为5000和35357,默认情况下,Kestone服务仍然监听这些端口
[root@master01 ~]# yum --enablerepo=centos-openstack-stein,epel install openstack-keystone httpd mod_wsgi python-keystoneclient openstack-utils -y --nogpgcheck
2.2.2、快速修改keystone配置
下面使用的快速配置方法需要安装Openstack-utils才可以实现
[root@master01 ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone@master01/keystone [root@master01 ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
注:keystone不需要连接rabbitmq查看生效的的配置
[root@master01 ~]# grep '^[a-z]' /etc/keystone/keystone.conf connection = mysql+pymysql://keystone:keystone@master01/keystone provider = fernet
keystone不需要启动,通过http服务进行调用
2.3、初始化同步keystone数据库
2.3.1、同步keystone数据库
[root@master01 ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
2.3.2、连接测试
[root@master01 ~]# mysql -p MariaDB [(none)]> grant select,insert,update,delete on *.* to keystone@'%' Identified by "keystone";
查看数据库表数量:47
[root@master01 ~]# mysql -hlocalhost -ukeystone -pkeystone -e "use keystone;show tables;"|wc -l 47
2.4、初始化同步keystone数据库
[root@master01 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@master01 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2.5、配置启动阿帕奇服务
2.5.1、修改httpd配置文件
[root@master01 ~]# vim /etc/httpd/conf/httpd.conf
/ServerName快速定位,大约第96行添加:ServerName master01
95 #ServerName www.example.com:80 96 ServerName master01 97 # 98 # Deny access to the entirety of your server's filesystem. You must 99 # explicitly permit access to web content directories in other 100 #blocks below. 101 # 102 103 AllowOverride none 104 Require all denied 105
2.5.2、配置虚拟主机
创建keystone虚拟主机配置文件的快捷方式,也可以复制过来
[root@master01 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
2.5.3、启动阿帕奇并设置开机自启
[root@master01 ~]# systemctl start httpd
[root@master01 ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: active (running) since 四 2022-08-04 20:55:10 CST; 11s ago
Docs: man:httpd(8)
man:apachectl(8)
Main PID: 14622 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
[root@master01 ~]# systemctl enable httpd
[root@master01 ~]# netstat -anptl|grep httpd
tcp6 0 0 :::5000 :::* LISTEN 14622/httpd
tcp6 0 0 :::80 :::* LISTEN 14622/httpd
2.6、初始化keystone认证服务
2.6.1、创建 keystone 用户,初始化的服务实体和API端点
- 在之前的版本(queens之前),引导服务需要2个端口提供服务(用户5000和管理35357),本版本通过同一个端口提供服务
- 创建keystone服务实体和身份认证服务,以下三种类型分别为公共的、内部的、管理的。
- export master01=10.10.1.70
需要创建一个密码ADMIN_PASS,作为登陆openstack的管理员用户,这里创建为123456
[root@master01 ~]# keystone-manage bootstrap --bootstrap-password 123456 \ > --bootstrap-admin-url http://master01:5000/v3/ \ > --bootstrap-internal-url http://master01:5000/v3/ \ > --bootstrap-public-url http://master01:5000/v3/ \ > --bootstrap-region-id RegionOne
- 在endpoint表增加3个服务实体的API端点;在local_user表中创建admin用户;
- 在project表中创建admin和Default项目(默认域);
- 在role表创建3种角色,admin,member和reader;在service表中创建identity服务。
2.6.2、临时配置管理员账户的相关变量进行管理
这里的export OS_PASSWORD要使用上面配置的ADMIN_PASS
[root@master01 ~]# vim openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://master01:5000/v3 export OS_AUTH_URL=http://master01:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_TOKEN=""
查看声明的变量
[root@master01 ~]# export PS1='[\u@\h \W(keystone)]\$ ' [root@master01 ~(keystone)]# env |grep OS_ OS_USER_DOMAIN_NAME=Default OS_PROJECT_NAME=admin OS_IDENTITY_API_VERSION=3 OS_PASSWORD=123456 OS_AUTH_URL=http://master01:5000/v3 OS_TOKEN= OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=Default
2.7、创建keystone的一般实例
2.7.1、创建一个名为example的keystone域
以下命令会在project表中创建名为example的项目
[root@master01 ~]# openstack domain create --description "An Example Domain" example +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | An Example Domain | | enabled | True | | id | 82137c5a2ab3437b946e9d4888d16194 | | name | example | | tags | [] | +-------------+----------------------------------+
2.7.2、为keystone系统环境创建名为service的项目提供服务
用于常规(非管理)任务,需要使用无特权用户 以下命令会在project表中创建名为service的项目
[root@master01 ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 8a11d9bad57c4f009a4c14b8aaf69e39 | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+
2.7.3、创建myproject项目和对应的用户及角色
作为一般用户(非管理员)的项目,为普通用户提供服务 以下命令会在project表中创建名为myproject项目
[root@master01 ~]# openstack project create --domain default --description "Demo Project" myproject +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | 632e070bb36845a18b3ab05229ec29c4 | | is_domain | False | | name | myproject | | parent_id | default | | tags | [] | +-------------+----------------------------------+
2.7.4、在默认域创建myuser用户
使用--password选项为直接配置明文密码,使用--password-prompt选项为交互式输入密码 以下命令会在local_user表增加myuser用户
[root@master01 ~]# openstack user create --domain default --password=myuser myuser
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1a3d0f58a121446c8bfc6c5b78ba909b |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
2.7.5、在role表中创建myrole角色
[root@master01 ~]# openstack role create myrole +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | None | | domain_id | None | | id | 093c9d8ce8614d9198caaee11fb22739 | | name | myrole | +-------------+----------------------------------+
2.7.6、将myrole角色添加到myproject项目中和myuser用户组中
[root@master01 ~]# openstack role add --project myproject --user myuser myrole
2.8、验证操作keystone是否安装成功
2.8.1、去除环境变量
[root@master01 ~]# vim openrc [root@master01 ~]# source openrc export OS_PROJECT_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://master01:5000/v3 export OS_AUTH_URL=http://master01:5000/v3 export OS_IDENTITY_API_VERSION=3 #export OS_TOKEN="" [root@master01 ~]# export PS1='[\u@\h \W(keystone)]\$ ' [root@master01 ~(keystone)]# unset OS_AUTH_URL OS_PASSWORD [root@master01 ~(keystone)]# env |grep OS_ OS_USER_DOMAIN_NAME=Default OS_PROJECT_NAME=admin OS_IDENTITY_API_VERSION=3 OS_TOKEN= OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=Default
2.8.2、作为管理员用户去请求一个认证的token
测试是否可以使用admin账户(密码123456)进行登陆认证,请求认证令牌
[root@master01 ~]# openstack --os-auth-url http://master01:5000/v3 \ > --os-project-domain-name Default --os-user-domain-name Default \ > --os-project-name admin --os-username admin token issue Password: +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2022-08-04T16:53:02+0000 | | id | gAAAAABi6-te970_kIhhrxoZMPqwPJ9UqoGkk3aWkOQ6C_FihZ0hGR0g4IB1HAe2gc6uDZRWtqsaFwqoLhHWd1cvfkMi3WGArLn73QimRDGm2OIPiILZKAnb51Q2O0rWp1ASlaEvcFEmlzmmCw5htJ29IO80LiVAgxRY_kp03NM19zYSKBjcmuM | | project_id | ecea96ac28d6413eb9b5652348419e65 | | user_id | 1082cfdb5a064f5282dedf247fa03797 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2.8.3、使用普通用户获取认证token
以下命令使用”myuser“用户的密码(密码和用户名相同)和API端口5000,只允许对身份认证服务API的常规(非管理)访问。
[root@master01 ~]# openstack --os-auth-url http://master01:5000//v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue The request you have made requires authentication. (HTTP 401) (Request-ID: req-497124bb-bfe9-428c-9610-a74dbf76c01c)
2.9、创建OpenStack客户端环境脚本
上面使用环境变量和命令选项的组合通过“openstack”客户端与身份认证服务交互。 为了提升客户端操作的效率,OpenStack支持简单的客户端环境变量脚本即OpenRC 文件,我这里使用自定义的文件名。2.9.1、创建管理员的环境管理脚本
[root@master01 ~]# mkdir -p /server/tools [root@master01 ~]# cd /server/tools/ [root@master01 tools]# vim admin-openrc.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://master01:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 export PS1='[\u@\h \W(admin-openrc)]\$ '
如果修改dashboard登陆密码忘记了,可以使用admin_token认证机制修改登陆密码。
2.9.2、创建普通用户的环境管理脚本
[root@master01 tools]# vim demo-openrc.sh export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=myproject export OS_USERNAME=myuser export OS_PASSWORD=myuser export OS_AUTH_URL=http://master01:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 export PS1='[\u@\h \W(demo-openrc)]\$ '
2.9.3、测试环境管理脚本
使用脚本加载相关客户端配置,以便快速使用特定租户和用户运行客户端
[root@master01 tools]# source admin-openrc.sh [root@master01 tools(admin-openrc)]#
2.9.4、请求认证令牌
[root@master01 tools(admin-openrc)]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2022-08-04T17:10:06+0000 | | id | gAAAAABi6-9enTBu5YJ8k3yBu6lBlNcQfameixruBCQzZyc0P1GUYBBtoLf9scuQwY043LTlXf5TQOUDBel1GifhkXLkQE7OraDaaaQLL2CARj_okfcFCcmsfzW-KFLW8j-E4OU8aLOhplf34jYq1Gj4jlSB-LTlPIPCemTbg_ur1Sn9LlFHgbk | | project_id | ecea96ac28d6413eb9b5652348419e65 | | user_id | 1082cfdb5a064f5282dedf247fa03797 | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3、master节点安装Glance镜像服务组件
3.1、创建glance数据库
MariaDB [(none)]> create database glance; MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance'; MariaDB [(none)]> grant all privileges on glance.* to 'glance'@'%' identified by 'glance'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> \q Bye
3.2、在keystone上创建glance用户
3.2.1、在local_user表创建glance用户
[root@master01 ~]# cd /server/tools/
[root@master01 tools]# source admin-openrc.sh
[root@master01 tools(admin-openrc)]# openstack user create --domain default --password=glance glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 5653130edd494a0b9e73b53c6d58be4f |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@master01 tools(admin-openrc)]# openstack user list
+----------------------------------+--------+
| ID | Name |
+----------------------------------+--------+
| 1082cfdb5a064f5282dedf247fa03797 | admin |
| 1a3d0f58a121446c8bfc6c5b78ba909b | myuser |
| 5653130edd494a0b9e73b53c6d58be4f | glance |
+----------------------------------+--------+
3.2.2、将glance用户添加为service项目的admin角色
[root@master01 tools(admin-openrc)]# openstack role add --project service --user glance admin
3.2.3、创建glance镜像服务的实体
在service表中增加glance项目
[root@master01 tools(admin-openrc)]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 042ee17bcf16470e969aeb44d7aa9774 | | name | glance | | type | image | +-------------+----------------------------------+
[root@master01 tools(admin-openrc)]# openstack service list +----------------------------------+----------+----------+ | ID | Name | Type | +----------------------------------+----------+----------+ | 042ee17bcf16470e969aeb44d7aa9774 | glance | image | | dd7e0ec9ae214d10ba0311ae2eaf07b7 | keystone | identity | +----------------------------------+----------+----------+
3.2.4、创建镜像服务的 API 端点(endpoint)
openstack endpoint create --region RegionOne image public http://master01:9292 openstack endpoint create --region RegionOne image internal http://master01:9292 openstack endpoint create --region RegionOne image admin http://master01:9292 openstack endpoint list
[root@master01 tools(admin-openrc)]# openstack endpoint create --region RegionOne image public http://master01:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0a5a700dd15342e4b08b6b5061712c32 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 042ee17bcf16470e969aeb44d7aa9774 | | service_name | glance | | service_type | image | | url | http://master01:9292 | +--------------+----------------------------------+ [root@master01 tools(admin-openrc)]# openstack endpoint create --region RegionOne image internal http://master01:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 616422ffb94d4947a4cb6db3a1ac0d1c | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 042ee17bcf16470e969aeb44d7aa9774 | | service_name | glance | | service_type | image | | url | http://master01:9292 | +--------------+----------------------------------+ [root@master01 tools(admin-openrc)]# openstack endpoint create --region RegionOne image admin http://master01:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 03745960ec9a4863adde8c453e36690b | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 042ee17bcf16470e969aeb44d7aa9774 | | service_name | glance | | service_type | image | | url | http://master01:9292 | +--------------+----------------------------------+
[root@master01 tools(admin-openrc)]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------+ | 03745960ec9a4863adde8c453e36690b | RegionOne | glance | image | True | admin | http://master01:9292 | | 0a5a700dd15342e4b08b6b5061712c32 | RegionOne | glance | image | True | public | http://master01:9292 | | 29379d7cdfbe4123bffc6e3e3a0f1a35 | RegionOne | keystone | identity | True | internal | http://master01:5000/v3/ | | 2edd726490fd4637b251c5648ca8f930 | RegionOne | keystone | identity | True | public | http://master01:5000/v3/ | | 616422ffb94d4947a4cb6db3a1ac0d1c | RegionOne | glance | image | True | internal | http://master01:9292 | | 76f09406fd7741cd9aafe28688587587 | RegionOne | keystone | identity | True | admin | http://master01:5000/v3/ | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------+glance在keystone上面注册完成,可以进行安装。
3.3、安装glance
3.3.1、检查python版本
[root@master01 tools(admin-openrc)]# python --version Python 2.7.5
3.3.2、安装
[root@master01 tools(admin-openrc)]# yum --enablerepo=centos-openstack-stein,epel install openstack-glance python-glance python-glanceclient -y --nogpgcheck
3.2.3、快速配置glance-api.conf
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@master01/glance openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri http://master01:5000 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://master01:5000 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers master01:11211 openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http openstack-config --set /etc/glance/glance-api.conf glance_store default_store file openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
3.2.4、快速配置glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance@master01/glance openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri http://master01:5000 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://master01:5000 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers master01:11211 openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
查看生效的配置
[root@master01 tools(admin-openrc)]# grep '^[a-z]' /etc/glance/glance-api.conf connection = mysql+pymysql://glance:glance@master01/glance stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ www_authenticate_uri = http://master01:5000 auth_url = http://master01:5000 memcached_servers = master01:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance flavor = keystone [root@master01 tools(admin-openrc)]# grep '^[a-z]' /etc/glance/glance-registry.conf connection = mysql+pymysql://glance:glance@master01/glance www_authenticate_uri = http://master01:5000 auth_url = http://master01:5000 memcached_servers = master01:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance flavor = keystone
3.4、同步glance数据库
3.4.1、为glance镜像服务初始化同步数据库
[root@master01 tools(admin-openrc)]# su -s /bin/sh -c "glance-manage db_sync" glance /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1371: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade expire_on_commit=expire_on_commit, _conf=conf) INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01 INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01 INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: rocky_expand02, current revision(s): rocky_expand02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database migration is up to date. No migration needed. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01 INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01 INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: rocky_contract02, current revision(s): rocky_contract02 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database is synced successfully.
3.4.2、连接测试:16张表
[root@master01 tools(admin-openrc)]# mysql -h10.10.1.70 -uglance -pglance -e "use glance;show tables;" +----------------------------------+ | Tables_in_glance | +----------------------------------+ | alembic_version | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ [root@master01 tools(admin-openrc)]# mysql -h10.10.1.70 -uglance -pglance -e "use glance;show tables;"|wc -l 16
3.5、启动glance镜像服务
[root@master01 tools(admin-openrc)]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@master01 tools(admin-openrc)]# systemctl status openstack-glance-api.service openstack-glance-registry.service
● openstack-glance-api.service - OpenStack Image Service (code-named Glance) API server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-api.service; disabled; vendor preset: disabled)
Active: active (running) since 五 2022-08-05 08:37:33 CST; 8s ago
Main PID: 3043 (glance-api)
CGroup: /system.slice/openstack-glance-api.service
├─3043 /usr/bin/python2 /usr/bin/glance-api
├─3068 /usr/bin/python2 /usr/bin/glance-api
└─3069 /usr/bin/python2 /usr/bin/glance-api
8月 05 08:37:34 master01 glance-api[3043]: /usr/lib/python2.7/site-packages/paste...y.
8月 05 08:37:34 master01 glance-api[3043]: return pkg_resources.EntryPoint.parse(...e)
8月 05 08:37:34 master01 glance-api[3043]: /usr/lib/python2.7/site-packages/paste...y.
8月 05 08:37:34 master01 glance-api[3043]: return pkg_resources.EntryPoint.parse(...e)
8月 05 08:37:34 master01 glance-api[3043]: /usr/lib/python2.7/site-packages/paste...y.
8月 05 08:37:34 master01 glance-api[3043]: return pkg_resources.EntryPoint.parse(...e)
8月 05 08:37:34 master01 glance-api[3043]: /usr/lib/python2.7/site-packages/paste...y.
8月 05 08:37:34 master01 glance-api[3043]: return pkg_resources.EntryPoint.parse(...e)
8月 05 08:37:34 master01 glance-api[3043]: /usr/lib/python2.7/site-packages/paste...er
8月 05 08:37:34 master01 glance-api[3043]: val = callable(*args, **kw)
● openstack-glance-registry.service - OpenStack Image Service (code-named Glance) Registry server
Loaded: loaded (/usr/lib/systemd/system/openstack-glance-registry.service; disabled; vendor preset: disabled)
Active: active (running) since 五 2022-08-05 08:37:33 CST; 8s ago
Main PID: 3044 (glance-registry)
CGroup: /system.slice/openstack-glance-registry.service
├─3044 /usr/bin/python2 /usr/bin/glance-registry
├─3065 /usr/bin/python2 /usr/bin/glance-registry
└─3066 /usr/bin/python2 /usr/bin/glance-registry
8月 05 08:37:34 master01 glance-registry[3044]: /usr/lib/python2.7/site-packages/p....
8月 05 08:37:34 master01 glance-registry[3044]: return pkg_resources.EntryPoint.pa...)
8月 05 08:37:34 master01 glance-registry[3044]: /usr/lib/python2.7/site-packages/p....
8月 05 08:37:34 master01 glance-registry[3044]: return pkg_resources.EntryPoint.pa...)
8月 05 08:37:34 master01 glance-registry[3044]: /usr/lib/python2.7/site-packages/p....
8月 05 08:37:34 master01 glance-registry[3044]: return pkg_resources.EntryPoint.pa...)
8月 05 08:37:34 master01 glance-registry[3044]: /usr/lib/python2.7/site-packages/g....
8月 05 08:37:34 master01 glance-registry[3044]: debtcollector.deprecate("Glance Re..."
8月 05 08:37:34 master01 glance-registry[3044]: /usr/lib/python2.7/site-packages/p...r
8月 05 08:37:34 master01 glance-registry[3044]: val = callable(*args, **kw)
Hint: Some lines were ellipsized, use -l to show in full.
[root@master01 tools(admin-openrc)]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@master01 tools(admin-openrc)]# systemctl list-unit-files |grep openstack-glance*
openstack-glance-api.service enabled
openstack-glance-registry.service enabled
openstack-glance-scrubber.service enabled
[root@master01 tools(admin-openrc)]#
3.6、测试glance是否安装正确
下载小型的Linux镜像CirrOS用来进行 OpenStack部署测试。
3.6.1、下载镜像
[root@master01 tools(admin-openrc)]# cd /server/tools [root@master01 tools(admin-openrc)]# wget http://download.cirros-cloud.net/0.5.1/cirros-0.5.1-aarch64-disk.img
3.6.2、获取管理员权限
[root@master01 tools(admin-openrc)]# source admin-openrc.sh
3.6.3、上传到glance
使用qcow2磁盘格式, bare容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
[root@master01 tools(admin-openrc)]# openstack image create "cirros" --file cirros-0.5.1-aarch64-disk.img --disk-format qcow2 --container-format bare --public +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | checksum | cc2a85c8f56f94fa0af28edd6f624054 | | container_format | bare | | created_at | 2022-08-05T00:47:45Z | | disk_format | qcow2 | | file | /v2/images/352dff8c-48c8-4685-92f4-aea19345c12e/file | | id | 352dff8c-48c8-4685-92f4-aea19345c12e | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | ecea96ac28d6413eb9b5652348419e65 | | properties | os_hash_algo='sha512', os_hash_value='49ceb4dba884a97bdd73762708e8116ad6645588091ef8d9c256428891a6b57eebaadbc8cc2bf907b6d303fc7c37d343258d8d0aab93d778596fc98363f5fbb6', os_hidden='False' | | protected | False | | schema | /v2/schemas/image | | size | 16929280 | | status | active | | tags | | | updated_at | 2022-08-05T00:47:45Z | | virtual_size | None | | visibility | public | +------------------+--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
3.6.4、查看镜像
[root@master01 tools(admin-openrc)]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 352dff8c-48c8-4685-92f4-aea19345c12e | cirros | active | +--------------------------------------+--------+--------+
MariaDB [(none)]> create database placement; MariaDB [(none)]> grant all privileges on placement.* to 'placement'@'localhost' identified by 'placement'; MariaDB [(none)]> grant all privileges on placement.* to 'placement'@'%' identified by 'placement'; MariaDB [(none)]> flush privileges; MariaDB [(none)]> show databases; +--------------------+ | Database | +--------------------+ | glance | | information_schema | | keystone | | mysql | | performance_schema | | placement | +--------------------+ MariaDB [(none)]> select user,host from mysql.user; +-----------+-----------+ | user | host | +-----------+-----------+ | glance | % | | keystone | % | | placement | % | | root | 127.0.0.1 | | root | ::1 | | glance | localhost | | keystone | localhost | | placement | localhost | | root | localhost | +-----------+-----------+
3.6.5、nova增加了placement项目
创建并注册该项目的服务证书
[root@master01 tools(admin-openrc)]# openstack user create --domain default --password=placement placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 79882b591dd74953879d0ee4ff5a65c5 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@master01 tools(admin-openrc)]# openstack role add --project service --user placement admin
[root@master01 tools(admin-openrc)]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | df9c229f1e6b4a9ebbaff5d2ab103bea |
| name | placement |
| type | placement |
+-------------+----------------------------------+
创建placement项目的endpoint(API端口)
[root@master01 tools(admin-openrc)]# openstack endpoint create --region RegionOne placement public http://master01:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 8d14c4a161f5427fba562d5db623a293 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | df9c229f1e6b4a9ebbaff5d2ab103bea | | service_name | placement | | service_type | placement | | url | http://master01:8778 | +--------------+----------------------------------+ [root@master01 tools(admin-openrc)]# openstack endpoint create --region RegionOne placement internal http://master01:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 51f9ad46cd0b4a69a643545939754f64 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | df9c229f1e6b4a9ebbaff5d2ab103bea | | service_name | placement | | service_type | placement | | url | http://master01:8778 | +--------------+----------------------------------+ [root@master01 tools(admin-openrc)]# openstack endpoint create --region RegionOne placement admin http://master01:8778 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 4e8a6e1218244056a68fc4db5f8b818f | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | df9c229f1e6b4a9ebbaff5d2ab103bea | | service_name | placement | | service_type | placement | | url | http://master01:8778 | +--------------+----------------------------------+查看配置
[root@master01 tools(admin-openrc)]# openstack endpoint list +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------+ | ID | Region | Service Name | Service Type | Enabled | Interface | URL | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------+ | 03745960ec9a4863adde8c453e36690b | RegionOne | glance | image | True | admin | http://master01:9292 | | 0a5a700dd15342e4b08b6b5061712c32 | RegionOne | glance | image | True | public | http://master01:9292 | | 29379d7cdfbe4123bffc6e3e3a0f1a35 | RegionOne | keystone | identity | True | internal | http://master01:5000/v3/ | | 2edd726490fd4637b251c5648ca8f930 | RegionOne | keystone | identity | True | public | http://master01:5000/v3/ | | 4e8a6e1218244056a68fc4db5f8b818f | RegionOne | placement | placement | True | admin | http://master01:8778 | | 51f9ad46cd0b4a69a643545939754f64 | RegionOne | placement | placement | True | internal | http://master01:8778 | | 616422ffb94d4947a4cb6db3a1ac0d1c | RegionOne | glance | image | True | internal | http://master01:9292 | | 76f09406fd7741cd9aafe28688587587 | RegionOne | keystone | identity | True | admin | http://master01:5000/v3/ | | 8d14c4a161f5427fba562d5db623a293 | RegionOne | placement | placement | True | public | http://master01:8778 | +----------------------------------+-----------+--------------+--------------+---------+-----------+--------------------------+
3.6.6、安装nova软件包
yum --enablerepo=centos-openstack-stein,epel install openstack-placement-api -y --nogpgcheck
3.6.7、快速修改placement配置
openstack-config --set /etc/placement/placement.conf placement_database connection mysql+pymysql://placement:placement@master01/placement openstack-config --set /etc/placement/placement.conf api auth_strategy keystone openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_url http://master01:5000/v3 openstack-config --set /etc/placement/placement.conf keystone_authtoken memcached_servers master01:11211 openstack-config --set /etc/placement/placement.conf keystone_authtoken auth_type password openstack-config --set /etc/placement/placement.conf keystone_authtoken project_domain_name default openstack-config --set /etc/placement/placement.conf keystone_authtoken user_domain_name default openstack-config --set /etc/placement/placement.conf keystone_authtoken project_name service openstack-config --set /etc/placement/placement.conf keystone_authtoken username placement openstack-config --set /etc/placement/placement.conf keystone_authtoken password placement
检查生效的nova配置
[root@master01 tools(admin-openrc)]# egrep -v "^#|^$" /etc/placement/placement.conf [DEFAULT] [api] auth_strategy = keystone [keystone_authtoken] auth_url = http://master01:5000/v3 memcached_servers = master01:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = placement password = placement [placement] [placement_database] connection =mysql+pymysql://placement:placement@master01/placement
3.6.8、修改nova的虚拟主机配置文件
由于有个包的bug需要配置修改文件,需要修改nova虚拟主机配置文件,增加内容,完整的文件内容如下vim /etc/httpd/conf.d/00-placement-api.conf Listen 8778WSGIProcessGroup placement-api WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On WSGIDaemonProcess placement-api processes=3 threads=1 user=placement group=placement WSGIScriptAlias / /usr/bin/placement-api Alias /placement-api /usr/bin/placement-api= 2.4> ErrorLogFormat "%M" ErrorLog /var/log/placement/placement-api.log #SSLEngine On #SSLCertificateFile ... #SSLCertificateKeyFile ... = 2.4> Require all granted < 2.4> Order allow,deny Allow from all SetHandler wsgi-script Options +ExecCGI WSGIProcessGroup placement-api WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On
3.7、初始化placement数据库
3.7.1、初始化:placement有13张表
su -s /bin/sh -c "placement-manage db sync" placement
3.7.2、重启http服务
[root@master01 tools(admin-openrc)]# systemctl restart httpd
[root@master01 tools(admin-openrc)]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since 五 2022-08-05 09:27:37 CST; 7s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 5500 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 5510 (httpd)
Status: "Processing requests..."
CGroup: /system.slice/httpd.service
├─5510 /usr/sbin/httpd -DFOREGROUND
├─5511 /usr/sbin/httpd -DFOREGROUND
├─5512 /usr/sbin/httpd -DFOREGROUND
├─5513 /usr/sbin/httpd -DFOREGROUND
├─5514 (wsgi:keystone- -DFOREGROUND
├─5515 (wsgi:keystone- -DFOREGROUND
├─5516 (wsgi:keystone- -DFOREGROUND
├─5517 (wsgi:keystone- -DFOREGROUND
├─5518 (wsgi:keystone- -DFOREGROUND
├─5519 /usr/sbin/httpd -DFOREGROUND
├─5520 /usr/sbin/httpd -DFOREGROUND
├─5521 /usr/sbin/httpd -DFOREGROUND
├─5522 /usr/sbin/httpd -DFOREGROUND
└─5523 /usr/sbin/httpd -DFOREGROUND
3.7.3、验证数据库
[root@master01 tools(admin-openrc)]# mysql -h10.10.1.70 -uplacement -pplacement -e "use placement;show tables;" +------------------------------+ | Tables_in_placement | +------------------------------+ | alembic_version | | allocations | | consumers | | inventories | | placement_aggregates | | projects | | resource_classes | | resource_provider_aggregates | | resource_provider_traits | | resource_providers | | traits | | users | +------------------------------+ [root@master01 tools(admin-openrc)]# mysql -h10.10.1.70 -uplacement -pplacement -e "use placement;show tables;" |wc -l 13
[root@master01 tools(admin-openrc)]# source admin-openrc.sh [root@master01 tools(admin-openrc)]# placement-status upgrade check +----------------------------------+ | Upgrade Check Results | +----------------------------------+ | Check: Missing Root Provider IDs | | Result: Success | | Details: None | +----------------------------------+ | Check: Incomplete Consumers | | Result: Success | | Details: None | +----------------------------------+
- 0
-
分享