在CentOS 8上安装和配置OpenStack Ussuri
时间:2020-02-23 14:39:10 来源:igfitidea点击:
如何在CentOS 8 Linux服务器上安装和配置OpenStack Ussuri。
本教程不适用于CentOS 8服务器上的高度可用性,生产OpenStack云,但适合PoC和家庭实验室。
OpenStack是免费的,开源的软件平台,以帮助用户构建私有云环境或者面向云的客户。
我们将在本教程中介绍的OpenStack的主要组成部分是:Cine-Block Storage ServiceneDron - 网络ServiceNova - ComputesWift - 对象存储ServiceKeystone - Identity ServiceHeat - Orchestration SecurityBolance - Image ServiceHorizon - 仪表板
如前所述,此安装在单个物理服务器上完成,使用以下硬件规格:
Memory: 128GB RAM
CPU: Intel(R) Xeon(R) CPU E5-1650 v2 @ 3.50GHz (12 cores)
Disk: 3 x 4TB SATA
Network: 1Gbit
IPV4 Adresses: 1 x IPV4 + /28 Subnet (14 IPs)
-----------------------------------------------------------
$grep -c ^processor /proc/cpuinfo
12
$free -h
total used free shared buff/cache available
Mem: 125G 207M 125G 21M 244M 124G
Swap: 0B 0B 0B
$lsblk
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
loop0 7:0 0 3G 1 loop
sda 8:0 0 3.7T 0 disk
sdb 8:16 0 3.7T 0 disk
sdc 8:32 0 3.7T 0 disk
sdd 8:32 0 3.7T 0 disk
这并不是说硬件要求必须与上面匹配,以赋予我们正在研究的内容的视角。
第1步:预设要求
随着我们在CentOS 8上的OpenStack安装将使用PackStack,我们需要禁用防火墙和NetworkManager等一些服务,以确保我们的安装成功。
在禁用NetworkManager服务之前,我们将安装网络脚本包。
这提供了用于在CentOS 8系统上管理网络的网络服务。
sudo dnf install -y network-scripts sudo systemctl disable --now firewalld NetworkManager sudo systemctl enable network && sudo systemctl start network
禁用已弃用的警告:
sudo touch /etc/sysconfig/disable-deprecation-warnings
确认网络服务的状态:
$systemctl status network
● network.service - LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network; generated)
Active: active (exited) since Fri 2017-07-03 17:36:41 CEST; 11s ago
Docs: man:systemd-sysv-generator(8)
Process: 14766 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=0/SUCCESS)
May 03 17:36:40 osp.theitroad.com systemd[1]: Starting LSB: Bring up/down networking...May 03 17:36:40 osp.theitroad.com network[14766]: WARN : [network] You are using 'network' service provided by 'network-scripts', which are now de>
May 03 17:36:40 osp.theitroad.com network[14766]: WARN : [network] 'network-scripts' will be removed in one of the next major releases of RHEL.May 03 17:36:40 osp.theitroad.com network[14766]: WARN : [network] It is advised to switch to 'NetworkManager' instead for network management.
May 03 17:36:41 osp.theitroad.com network[14766]: Bringing up loopback interface: [ OK ]
May 03 17:36:41 osp.theitroad.com network[14766]: Bringing up interface enp5s0: ERROR : [ipv6_set_default_route] Given IPv6 default gateway 'fe80:>
May 03 17:36:41 osp.theitroad.com network[14766]: [ OK ]
May 03 17:36:41 osp.theitroad.com systemd[1]: Started LSB: Bring up/down networking.
确认DNS工作很棒:
$ping -c 2 google.com PING google.com(arn09s11-in-x0e.1e100.net (2a00:1450:400f:807::200e)) 56 data bytes 64 bytes from arn09s11-in-x0e.1e100.net (2a00:1450:400f:807::200e): icmp_seq=1 ttl=120 time=7.27 ms64 bytes from arn09s11-in-x0e.1e100.net (2a00:1450:400f:807::200e): icmp_seq=2 ttl=120 time=7.34 ms --- google.com ping statistics -- 2 packets transmitted, 2 received, 0% packet loss, time 3ms rtt min/avg/max/mdev = 7.269/7.306/7.343/0.037 ms
还禁用SELinux以避免故障排除头痛。
sudo setenforce 0 sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
设置服务器主机名。
sudo hostnamectl set-hostname openstackcloud.example.com --static
确保本地名称分辨率正在运行。
$sudo vim /etc/hosts 192.168.21.20 openstackcloud.example.com
最后,更新系统并安装基本实用程序。
sudo dnf -y install vim wget curl telnet bash-completion network-scripts dnf-utils
第2步:安装packstack包
将OpenStack Ussuri发布存储库添加到CentOS 8计算机。
如果我们在使用本文时使用较新的OpenStack时,请用发行名替换斯坦坦。
sudo dnf config-manager --enable PowerTools sudo dnf install -y centos-release-openstack-ussuri sudo dnf -y update
添加了存储库后,为CentOS安装PackStack包。
sudo dnf install -y openstack-packstack
启用高级福利模块:
sudo dnf -y module enable virt
更新系统:
sudo dnf update -y sudo systemctl reboot
第3步:用packstack向CentOS 8部署OpenStack
我们可以使用PackStack将OpenStack部署到Centos 8中的两种方式。
方法1:简单的单节点OpenStack部署 - 默认值(仅适用于简单的POC)
有关单个节点OpenStack部署,请运行以下命令:
sudo packstack --allinone
要禁用演示配置使用:
sudo packstack --allinone --provision-demo=n
方法2:自定义单节点安装
我们需要生成一个配置文件,该配置文件将用于使用packstack安装OpenStack云。
此文件具有如要安装的服务,存储配置,网络等等信息。
sudo packstack \ --keystone-admin-passwd='MySr0ngAdminPassw0rd' \ --cinder-volumes-create=n \ --provision-demo=n \ --os-heat-install=y \ --os-ceilometer-install=y \ --os-horizon-ssl=n \ --os-neutron-ml2-mechanism-drivers=openvswitch \ --os-neutron-ml2-tenant-network-types=vxlan \ --os-neutron-ml2-type-drivers=vxlan,flat,vlan \ --os-neutron-l2-agent=openvswitch \ --nova-libvirt-virt-type=kvm \ --os-swift-storages=/dev/sdc \ --os-swift-storage-fstype=xfs \ --gen-answer-file /root/packstack-answers.txt
其中:/dev/sdc是swift对象存储使用的原始定义。
我也可以是e.g/dev/sdc1的分区。
如果我们没有原始磁盘,可以删除该行,并指定带有e.g -oS-swift-Storage-size = 20GBMYSR0ngadminpassW0RD的Loopback设备的大小是管理员用户密码。
查看生成的文件以确保正确的值设置适合部署。
sudo vi /root/packstack-answers.txt
准备煤渣量
我将使用LVM分区来创建Cinder逻辑卷 - Cinder-volumes。
为此,我在我的服务器中有/dev/sdd和/dev/sde。
我将从两个磁盘创建一个RAID 0设备。
$sudo mdadm --create --verbose /dev/md2 --level=0 --raid-devices=2 /dev/sdd /dev/sde mdadm: chunk size defaults to 512K mdadm: Defaulting to version 1.2 metadata mdadm: array /dev/md2 started.
然后为Cinder创建物理卷,卷组和细池:
$sudo pvcreate /dev/md2 Physical volume "/dev/md2" successfully created. $sudo vgcreate cinder-volumes /dev/md2 Volume group "cinder-volumes" successfully created $sudo lvcreate -l 100%FREE -T cinder-volumes/cinder-volumes-pool Logical volume "cinder-volumes-pool" created.
清洁LVM和RAID设备
如果我们想重做,这将使用下面的命令清洁LVM和RAID设备。
# ONLY RUN IF YOU WANT TO DESTROY LOGICAL VOLUME AND RAID DEVICES sudo vgremove cinder-volumes sudo mdadm --stop /dev/md2 sudo mdadm --zero-superblock /dev/sdd sudo mdadm --zero-superblock /dev/sde
这也可以在没有RAID设备的标准分区上完成。
请参阅以下示例。
$sudo pvcreate /dev/sdd1 Physical volume "/dev/sdd1" successfully created. $sudo vgcreate cinder-volumes /dev/sdd1 Volume group "cinder-volumes" successfully created $sudo lvcreate -l 100%FREE -T cinder-volumes/cinder-volumes-pool Logical volume "cinder-volumes-pool" created.
如果我们没有任何原始设备或者免费分区,则可以使用-cinder-volumes-create = y以及生成ansumn.txt文件或者通过将线cinder_volumes_create = y直接添加到文件中使用-cinder-volumes-create = y。
用packstack安装Centos 8上的OpenStack
既然我们有答案文件要使用,我们可以使用packstack命令行引导OpenStack云。
sudo packstack --answer-file /root/packstack-answers.txt --timeout=1500 | tee packstrack-output.txt
请参阅以下安装输出。
...... Installing: Clean Up [ DONE ] Discovering ip protocol version [ DONE ] Setting up ssh keys [ DONE ] Preparing servers [ DONE ] Pre installing Puppet and discovering hosts' details [ DONE ] Preparing pre-install entries [ DONE ] Setting up CACERT [ DONE ] Preparing AMQP entries [ DONE ] Preparing MariaDB entries [ DONE ] Fixing Keystone LDAP config parameters to be undef if empty[ DONE ] Preparing Keystone entries [ DONE ] Preparing Glance entries [ DONE ] Checking if the Cinder server has a cinder-volumes vg[ DONE ] Preparing Cinder entries [ DONE ] Preparing Nova API entries [ DONE ] Creating ssh keys for Nova migration [ DONE ] Gathering ssh host keys for Nova migration [ DONE ] Preparing Nova Compute entries [ DONE ] Preparing Nova Scheduler entries [ DONE ] Preparing Nova VNC Proxy entries [ DONE ] Preparing OpenStack Network-related Nova entries [ DONE ] Preparing Nova Common entries [ DONE ] Preparing Neutron API entries [ DONE ] Preparing Neutron L3 entries [ DONE ] Preparing Neutron L2 Agent entries [ DONE ] Preparing Neutron DHCP Agent entries [ DONE ] Preparing Neutron Metering Agent entries [ DONE ] Checking if NetworkManager is enabled and running [ DONE ] Preparing OpenStack Client entries [ DONE ] Preparing Horizon entries [ DONE ] Preparing Swift builder entries [ DONE ] Preparing Swift proxy entries [ DONE ] Preparing Swift storage entries [ DONE ] Preparing Gnocchi entries [ DONE ] Preparing Redis entries [ DONE ] Preparing Ceilometer entries [ DONE ] Preparing Aodh entries [ DONE ] Preparing Puppet manifests [ DONE ] Copying Puppet modules and manifests [ DONE ] Testing if puppet apply is finished: 10.10.20.10_controller.pp [ \ ] 10.10.20.10_controller.pp: [ DONE ] Applying 10.10.20.10_network.pp 10.10.20.10_network.pp: [ DONE ] Applying 10.10.20.10_compute.pp 10.10.20.10_compute.pp: [ DONE ] Applying Puppet manifests [ DONE ] Finalizing [ DONE ] ** ** Installation completed successfully ** ****
安装成功后,将显示仪表板的登录URL。
第4步:配置OpenStack网络
安装程序自动创建OVS桥,可以使用以下命令确认这一点。
$sudo ovs-vsctl show
9ed1d854-1950-4ea3-99b5-1e5be0f0f230
Manager "ptcp:6640:127.0.0.1"
is_connected: true
Bridge br-ex
Port "patch-provnet-f62aa13c-c6e5-41a2-bd30-9760f2773e07-to-br-int"
Interface "patch-provnet-f62aa13c-c6e5-41a2-bd30-9760f2773e07-to-br-int"
type: patch
options: {peer="patch-br-int-to-provnet-f62aa13c-c6e5-41a2-bd30-9760f2773e07"}
Port br-ex
Interface br-ex
type: internal
Bridge br-int
fail_mode: secure
Port br-int
Interface br-int
type: internal
Port "patch-br-int-to-provnet-f62aa13c-c6e5-41a2-bd30-9760f2773e07"
Interface "patch-br-int-to-provnet-f62aa13c-c6e5-41a2-bd30-9760f2773e07"
type: patch
options: {peer="patch-provnet-f62aa13c-c6e5-41a2-bd30-9760f2773e07-to-br-int"}
ovs_version: "2.12.0"
如果接口和OVS网桥的映射不正确继续进行修改接口配置并将接口添加到桥接器中以用于OpenStack。
在界面上创建外部OVS桥。
$sudo vi /etc/sysconfig/network-scripts/ifcfg-eno1 DEVICE=eno1 ONBOOT=yes TYPE=OVSPort DEVICETYPE=ovs OVS_BRIDGE=br-ex $sudo vi /etc/sysconfig/network-scripts/ifcfg-br-ex DEVICE=br-ex BOOTPROTO=none ONBOOT=yes TYPE=OVSBridge DEVICETYPE=ovs USERCTL=yes PEERDNS=yes IPV6INIT=no IPADDR=192.168.10.10 NETMASK=255.255.255.0 GATEWAY=192.168.10.1 DNS1=192.168.10.1
将已配置的界面移动到BR-EX移动静态路由。
sudo mv /etc/sysconfig/network-scripts/route-eno1 /etc/sysconfig/network-scripts/route-br-ex
将网络物理接口添加到Open VSwitch中的BR-EX桥。
sudo ovs-vsctl add-port br-ex eno1; systemctl restart network.service
额外的桥可以以类似的方式配置。
我们需要使用正确的映射配置打开的vswitch。
$sudo vi /etc/neutron/plugins/ml2/openvswitch_agent.ini bridge_mappings=extnet:br-ex
重启Nova服务。
sudo systemctl restart openstack-nova-compute sudo systemctl restart openstack-nova-api sudo systemctl restart openstack-nova-scheduler
创建OpenStack专用网络。
$source keystonerc_admin $openstack network create private
确认网络是创建的。
$openstack network list +--------------------------------------+---------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+---------+--------------------------------------+ | a5e2a8f0-a953-4eb4-8fc1-2712c2c879d5 | private | 238ec5c5-602d-4fb8-9fca-053d444d9187 | +--------------------------------------+---------+--------------------------------------+
将子网添加到创建的专用网络。
openstack subnet create --network private \ --allocation-pool start=10.1.1.50,end=10.1.1.200 \ --dns-nameserver 8.8.8.8 \ --subnet-range 10.1.1.0/24 \ private_subnet
创建一个公共网络。
openstack network create \ --provider-network-type flat \ --provider-physical-network extnet \ --external \ public
为公共网络添加子网。
openstack subnet create --network public \
--allocation-pool start=<startip>,end=<lastip> \
--no-dhcp \
--subnet-range <subnet>/27 public_subnet
添加新路由器并配置路由器接口。
openstack router create --no-ha router1 openstack router set --external-gateway public router1 openstack router add subnet router1 private_subnet
通过检查网络名称空间确认网络配置
ip netns show
步骤5:配置使用LVM的Cinder
配置Cinder以使用已配置的LVM卷。
$sudo vi /etc/cinder/cinder.conf enabled_backends=lvm volume_clear = none [lvm] volume_backend_name=lvm volume_driver=cinder.volume.drivers.lvm.LVMVolumeDriver iscsi_ip_address=192.168.10.10 iscsi_helper=lioadm volume_group=cinder-volumes volumes_dir=/var/lib/cinder/volumes
我们需要在更改后重新启动Cinder服务。
sudo systemctl restart openstack-cinder-volume sudo systemctl restart openstack-cinder-api
更改后重新启动Cine服务。
sudo systemctl restart openstack-cinder-volume sudo systemctl restart openstack-cinder-api
第6步:创建flavor 和安全组
让我们添加OpenStack Flavors:
openstack flavor create --id 0 --ram 1024 --vcpus 1 --swap 2048 --disk 10 m1.tiny openstack flavor create --id 1 --ram 2048 --vcpus 1 --swap 4096 --disk 20 m1.small openstack flavor create --id 2 --ram 4096 --vcpus 2 --swap 8192 --disk 40 m1.medium openstack flavor create --id 3 --ram 8192 --vcpus 4 --swap 8192 --disk 80 m1.large openstack flavor create --id 4 --ram 16384 --vcpus 8 --swap 8192 --disk 160 m1.xlarge
和基本的安全组
openstack security group create basic --description "Allow base ports" openstack security group rule create --protocol TCP --dst-port 22 --remote-ip 0.0.0.0/0 basic openstack security group rule create --protocol TCP --dst-port 80 --remote-ip 0.0.0.0/0 basic openstack security group rule create --protocol TCP --dst-port 443 --remote-ip 0.0.0.0/0 basic openstack security group rule create --protocol ICMP --remote-ip 0.0.0.0/0 basic
第7步:创建私钥并添加浏览图像
为帐户创建新密钥或者使用现有。
$ssh-keygen -q -N "" $openstack keypair create --public-key=~/.ssh/id_rsa.pub adminkey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | e4:00:26:64:1c:f7:20:06:d6:59:c6:31:20:53:59:c8 | | name | adminkey | | user_id | 9f7d84c3014445e7aac3048c9a0fd856 | +-------------+-------------------------------------------------+
有关浏览图像,请参阅我们以前的教程:
如何将浏览云图像添加到OpenStack
第8步:访问OpenStack仪表板
要访问OpenStack仪表板浏览到http://OpenStackip /仪表板。
登录凭据存储在主目录中的keystonerC_admin文件中。
$grep OS_PASSWORD keystonerc_admin export OS_PASSWORD='c11661db5ecf4ebd'
登录后,我们可以开始创建实例以在项目上工作。
