ubuntu20.04手动安装Openstack YOGA版本(双节点)

家电修理 2023-07-16 19:17www.caominkang.com电器维修

目录
  • 想说的话
  • 双节点手动安装openstack yoga版本
    • 环境准备
      • 网络配置
      • hostname解析
      • 测试网络连通性
      • NTP时间同步
      • 所有节点安装openstack包
      • controller节点安装SQL数据库
      • controller节点安装消息队列
      • controller节点安装Memcached内存缓存
      • controller节点安装etcd存储器
    • yoga版本最小启动服务
      • 安装keystone
      • Glance安装
      • Placement安装
      • Nova安装
      • Neutron安装
      • Horizon安装
      • Cinder安装(非必要)
    • 利用yoga版的openstack启动一个云服务器(非必要)
      • 创建self-service私有网络
  • 附录1防火墙与默认端口
想说的话

当一个运维高手初次踏入openstack的世界的时候,面临的问题就是快速安装一个openstack然后玩起来。
openstack安装过于庞杂,手动安装的学习路线比较漫长。自动化安装工具往往跑到一半就报错。
自动安装openstack往往有一下几个坑

  1. 网络问题。openstack常见的安装工具,如kolla、devstack、rdo、TripleO等,这些工具都是由老外开发,他们在开发的时候没有考虑到不同国家的下载速度。自动安装的依赖包都是从github上下载,往往安装到一半就404了。
  2. 版本问题。openstack的每个版本都对应centos或者ubuntu的某几个版本。而且还要考虑到发行版的生命周期问题。有的发行版生命周期只有5年。如果过了生命周期,从官方的系统包下载源将无法下载到openstack。比如,你用centos7.9下载不了Mitaka版本的openstack,这在2020年以前都是可以的,这就是过期的问题。
  3. 学习资料问题。网上有很多openstack单节点或者多节点安装的教程。这些教程可能过半年就不能用了。有的教程是质量问题,有的教程是遇到了发行版过期的问题。反正我试了5篇最近一年的、不同安装工具的教程,没有一篇能让我成功安装openstack的。

所以以上这些问题导致安装openstack很恶心人,一度劝退95%的初学者。
如何破这个局查看英文官方安装文档,下载Installation Guide的PDF反复阅读。注意是英文,不是中文。整个PDF只有100页。
openstack官网 https://docs.openstack./
官网上能选择语言,中文文档最高只支持Mitaka。想要在最新的linux发行版安装较新的openstack,只能看英文的Installation Guide。英文的安装文档是持续更新的,所以靠谱。
综上,英语不好的同学,读英文文献费劲的同学,建议不要学openstack了,不然你会感受到举步维艰。这就是一个分水岭,把顶级人才和普通工程师区分开了。 网上教程和视频不能用,又看不懂英文文档。培训班不会教你如何安装,那么你想怎样搞定一个千台服务器级别的大型openstack集群的架构设计?

双节点手动安装openstack yoga版本

参考文献(官方文档)https://docs.openstack./install-guide/
时间点2022年4月25日

环境准备

宿主机系统任意,保证能安装KVM。
Debian安装KVM方法

sudo apt update
sudo apt -y install qemu qemu-system qemu-kvm virt-manager bridge-utils vlan
网络配置

KVM安装成功后,创建两个NAT虚拟网卡。

  1. 设备名openstack,类型NAT,地址段10.0.0.0/24 ,网关10.0.0.1,ip范围从5-254。
  2. 设备名provider,类型NAT,地址段203.0.113.0/24,网关203.0.113.1,ip范围从5-254。

然后KVM安装两个虚拟机,操作系统是Ubuntu20.04 Desk。安装时网络选择设备openstack,硬件要求
controller控制节点,主机名controller,CPU 2C ,4GB内存 , 50GB硬盘。
pute1控制节点,主机名pute1,CPU 4C ,8GB内存 , 50GB硬盘。
系统安装成功后,需要引入第二个网卡provider,所以两台节点先关机。
KVM下将两台虚拟机都添加网络设备provider,开机。
对controller的两个网口进行配置
网口1调成静态ip,ip固定是10.0.0.11,子网掩码24,网关10.0.0.1
网口2调成静态ip,ip固定是203.0.113.11,子网掩码24,网关203.0.113.1
对pute1的两个网口进行配置
网口1调成静态ip,ip固定是10.0.0.31,子网掩码24,网关10.0.0.1
网口2调成静态ip,ip固定是203.0.113.31,子网掩码24,网关203.0.113.1

其他节点的ip配置
如果你有一个Block Storage块存储,则把它加入到openstack的NAT网络中。
ip设置成10.0.0.41
如果你有一个Object storage对象存储,则把它加入到openstack的NAT网络中。
ip设置成10.0.0.51
注意块存储和对象存储节点只需要一个网口就行了,不需要像控制节点和计算节点那样搞两个网口。(摘自Installation Guide)

hostname解析

两台机器都做。

vim /etc/hosts
-----------------
# controller
10.0.0.11 controller
# pute1
10.0.0.31 pute1
# block1
10.0.0.41 block1
# object1
10.0.0.51 object1
# object2
10.0.0.52 object2

做完主机解析后,将controller和pute1重启。
reboot!

测试网络连通性
# 从controller发送ping命令连通外网
ping -c 4 .baidu.
# 从controller发送ping命令连通pute1
ping -c 4 pute1

# 从pute1发送ping命令连通外网
ping -c 4 .baidu.
# 从pute1发送ping命令连通ontroller
ping -c 4 controller
NTP时间同步

在controller上执行以下命令,从阿里云的NTP服务器上同步时间

apt -y install chrony

# 备份NTP服务的原始配置文件
mv /etc/chrony/chrony.conf /etc/chrony/chrony.conf.bak

# 编写一个空的配置文件,文件只有两行配置
vim /etc/chrony/chrony.conf
--------------------
server ntp.aliyun. iburst
allo 10.0.0.0/24
# 保存退出

#重启系统的ntp服务
service chrony restart

再配置ocmpute1的NTP服务,从controller上拉取时间。

apt -y install chrony

# 备份NTP服务的原始配置文件
mv /etc/chrony/chrony.conf /etc/chrony/chrony.conf.bak

# 编写一个空的配置文件,文件只有一行配置
vim /etc/chrony/chrony.conf
--------------------
server controller iburst

#重启系统的ntp服务
service chrony restart

查看NTP服务是否连上正确的服务器
两台节点都执行一下命令

chronyc sources

如果你还有块存储节点和对象存储节点,则配置方法和pute1一样,都从controller上拉取时间。

所有节点安装openstack包

openstack每半年发布一个新版,版本号从A-Z,截止目前最新版本是yoga,简称Y版。
Ubuntu每两年出一个LTS版本,以下是各个LTS版本对应的可安装的openstack版本。
OpenStack for Ubuntu 20.04 LTS: yoga、xena、allaby、victoria、Ussuri
OpenStack for Ubuntu 18.04 LTS: ussuri、train、stein、rocky
OpenStack for Ubuntu 16.04 LTSqueen、pike、mitaka
我们的虚拟机是Ubuntu20.04,所以安装最新的yoga版本
以下的命令请在controller和pute1上都执行(所有的openstack节点都要安装openstack包!!!)
官方文档是这样说明的。
Note: The archive enablement described here needs to be done on all nodes that run OpenStack services.

# 添加yoga的官方apt源
add-apt-repository cloud-archive:yoga

# 安装nova计算组件
apt -y install nova-pute

# 安装客户端
apt -y install python3-openstackclient
controller节点安装SQL数据库

官方的安装指南让我们安装的是mariaDB,这一步安装操作只在controller上执行。

# As of Ubuntu 20.04, install the packages
apt -y install mariadb-server python3-pymysql

安装完成后,为openstack在MariaDB中添加一个配置文件。

vim /etc/mysql/mariadb.conf.d/99-openstack.f
-----------------------------------------------
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

重启mariaDB并设置数据库的root用户密码

# 重启数据库
service mysql restart

# 运行下面这个命令设置root密码,设置完成后还会有一些初始化操作,根据提示一路Y就可以了
mysql_secure_installation
# 我设置了mariaDB的root密码是123456,并取消了mariaDB的远程登录功能(一路Y的时候有一步就是取消远程登录)
controller节点安装消息队列

openstack支持3种消息队列。
OpenStack supports several message queue services including RabbitMQ, Qpid, and ZeroMQ.
推荐使用rabbitMQ。
以下命令在controller上面执行

# 安装rabbitMQ
apt -y install rabbitmq-server

# 给rabbitMQ添加openstack用户和密码(我设置了密码123456)
rabbitmqctl add_user openstack 123456

# 开放openstack用户的设置+读+写权限
rabbitmqctl set_permissions openstack "." "." "."
controller节点安装Memcached内存缓存

controller节点执行以下命令

# 安装mencached
apt -y install memcached python3-memcache

# 把本机ip添加到mencached,让其他节点能访问这个服务
vim /etc/memcached.conf
----------------------------
# 修改文件中已有的-l 127.0.0.1 ,把它改成-l 10.0.0.11
-l 10.0.0.11

# 重启服务
service memcached restart
controller节点安装etcd存储器

以下命令在controller节点上运行。

# 安装etcd
apt -y install etcd

# 配置etcd,将本地ip配置进去
vim /etc/default/etcd
-------------------------
ETCD_NAME="controller"
ETCD_DATA_DIR="/var/lib/etcd"
ETCD_INITIAL_CLUSTER_STATE="ne"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.11:2380"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_LISTEN_PEER_URLS="http://0.0.0.0:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.11:2379"

# 重启服务并设置开机自启动
systemctl restart etcd
systemctl enable etcd

至此,基本环境安装完毕。

yoga版本最小启动服务

想要安装一个可用的openstack,至少安装以下几个服务
• Identity service keystone installation for Yoga(Keystone认证服务)
• Image service glance installation for Yoga(Glance镜像服务)
• Placement service placement installation for Yoga(Placement接口服务)
• Compute service nova installation for Yoga(Nova计算服务)
• Netorking service neutron installation for Yoga(Neutron网络服务)
其他的推荐安装服务
• Dashboard horizon installation for Yoga(Horizon用户网页面板服务)
• Block Storage service cinder installation for Yoga(Cinder块存储服务)

所以,以上七个服务我们依次安装完。

安装keystone

参考官方文档https://docs.openstack./keystone/yoga/install/
为keystone本身是个网站,网站就需要创建一个数据库。
所以在controller上面执行以下命令创建数据库

mysql -u root -p
Enter Passord:  此处输入密码123456(之前安装mariaDB时设置的)

# 创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 ro affected (0.001 sec)

# 创建一个keystone用户并设置密码也是keystone,专门用于访问keystone数据库
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
Query OK, 0 ros affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone. TO 'keystone'@'%' IDENTIFIED BY 'keystone';
Query OK, 0 ros affected (0.001 sec)

# 退出mysql
exit;
Bye

安装keystone

apt -y install keystone

配置keystone,修改如下两处配置

vim /etc/keystone/keystone.conf
-----------------------------------
[database]
# ...
connection = mysql+pymysql://keystone:keystone@controller/keystone

[token]
# ...
provider = fer

同步配置到keystone数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化fer秘钥库

keystone-manage fer_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

运行keystone API

# 这个admin就是keystone的初始密码,你可以设置成别的。
keystone-manage bootstrap --bootstrap-passord admin 
  --bootstrap-admin-url http://controller:5000/v3/ 
  --bootstrap-internal-url http://controller:5000/v3/ 
  --bootstrap-public-url http://controller:5000/v3/ 
  --bootstrap-region-id RegionOne

到此,keystone的三个接口就运行起来了,eb server是apache服务器。
还要设置apache

vim /etc/apache2/apache2.conf
---------------------------
ServerName controller

# 修改完后重启apache
service apache2 restart

收尾操作
设置以下环境变量

export OS_USERNAME=admin
export OS_PASSWORD=admin # 这个就是之前运行API时候的bootstrap-passord
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

配置域、项目、用户、角色

openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --passord-prompt myuser # 为了方便记忆,密码也设置成myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole

验证keystone是否安装成功

unset OS_AUTH_URL OS_PASSWORD

# 用admin用户尝试获取一个token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
# 随后提示输入密码,就是之前设置的admin
+------------+-----------------------------------------------------------------+
| Field   | Value                 |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z          |
| id   | gAAAAABWvi7_B8kKQD9dXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|   | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|   | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9s    |
| project_id | 343d245e850143a096806dfaefa9afdc        |
| user_id | ac3377633149401296f6c0d92d79dc16        |
+------------+-----------------------------------------------------------------+

# 用myuser用户尝试获取一个token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
# 密码是myuser
+------------+-----------------------------------------------------------------+
| Field   | Value                 |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z          |
| id   | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9H3fabS_cY7uabOubesi-Me6IGWW |
|   | yQqNegDDZ5j7grI26vvgy1J5nCVZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
|   | JcOzq3uhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U    |
| project_id | ed0b60bf607743088218b0a533d5943f        |
| user_id | 58126687cb4888bfa9ab73a2256f27        |
+------------+-----------------------------------------------------------------+

在controller上编写两个凭证文件

mkdir ~/openrc

vim ~/openrc/admin-openrc
------------------------------------
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

vim ~/openrc/demo-openrc
------------------------------------
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

尝试加载admin-openrc试试

. ~/openrc/admin-openrc
openstack token issue
+------------+-----------------------------------------------------------------+
| Field   | Value                 |
+------------+-----------------------------------------------------------------+
| expires | 2022-04-24T16:48:29+0000          |
| id   | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrK4h3fIagi5NoEmh21U72SrRv2trl |
|   | JWFYhLi2_uPR31Igf6A8mH2R9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTa1e |
|   | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E    |
| project_id | 343d245e850143a096806dfaefa9afdc        |
| user_id | ac3377633149401296f6c0d92d79dc16        |
+------------+-----------------------------------------------------------------+

到此,所有的keystone安装结束了,官方文档后面的部分是说明如何安装keystone的。

Glance安装

yoga版本的glance组件的官方安装文档
https://docs.openstack./glance/yoga/install/install-ubuntu.html
为Glance创建数据库

mysql -u root -p
Enter passord: 123456

MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 ro affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance. TO 'glance'@'localhost' IDENTIFIED BY 'glance';
Query OK, 0 ros affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance. TO 'glance'@'%' IDENTIFIED BY 'glance';
Query OK, 0 ros affected (0.001 sec)

exit;
Bye

加载admin用户(这个用户在keystone安装时创建,所以不能跳)

. ~/openrc/admin-openrc

创建glance用户和项目

openstack user create --domain default --passord-prompt glance # 这里要输入密码,密码也设置成glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

设置资源限制(这一步可做可不做,建议先跳过)

openstack --os-cloud devstack-system-admin registered limit create --service glance --default-limit 1000 --region RegionOne image_size_total
openstack --os-cloud devstack-system-admin registered limit create --service glance --default-limit 1000 --region RegionOne image_stage_total
openstack --os-cloud devstack-system-admin registered limit create --service glance --default-limit 100 --region RegionOne image_count_total
openstack --os-cloud devstack-system-admin registered limit create --service glance --default-limit 100 --region RegionOne image_count_uploading

下载安装并配置Glance

apt -y install glance

vim /etc/glance/glance-api.conf
------------------------------------
[DEFAULT]
use_keystone_quotas = True

[database]
# ... 原先这个database组下的已经有的所有配置删除或注释掉!!!
# 我注释了一行backend
connection = mysql+pymysql://glance:glance@controller/glance

[keystone_authtoken]
# ...
_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = passord
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
passord = glance

[paste_deploy]
# ...
flavor = keystone

[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[oslo_limit]
auth_url = http://controller:5000
auth_type = passord
user_domain_id = default
username = MY_SERVICE
system_scope = all
passord = MY_PASSWORD
endpoint_id = ENDPOINT_ID
region_name = RegionOne

给MY_SERVICE添加读权限

openstack role add --user MY_SERVICE --user-domain Default --system all reader

同步配置到数据库

su -s /bin/sh -c "glance-manage db_sync" glance

重启glance服务

service glance-api restart

验证安装是否成功

. ~/openrc/admin-openrc
# 下载一个cirros镜像用于测试,大小12M
apt -y install get
get http://donload.cirros-cloud./0.4.0/cirros-0.4.0-x86_64-disk.img -O ~/cirros-0.4.0-x86_64-disk.img 
# 如果下载太慢,就用迅雷下载,然后scp放到虚拟机里的家目录下

glance image-create --name "cirros" --file ~/cirros-0.4.0-x86_64-disk.img --disk-format qco2 --container-format bare --visibility=public
+------------------+----------------------------------------------------------------------------------+
| Property   | Value                   |
+------------------+----------------------------------------------------------------------------------+
| checksum   | d41d8cd98f00b204e9800998ecf8427e             |
| container_format | bare                    |
| created_at    | 2022-04-26T05:01:27Z                |
| disk_format   | qco2                   |
| id      | 76d504e7-8b0b-4fc3-846c-6a14b7f86877            |
| min_disk   | 0                    |
| min_ram    | 0                    |
| name    | cirros                     |
| os_hash_algo  | sha512                     |
| os_hash_value | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0 |
|      | ff8318d2877eec2f63b931bd47417a81a538327af927da3e         |
| os_hidden  | False                   |
| oner   | 21d38e79032b46f5bf2ff1f65cf03b2e             |
| protected  | False                   |
| size    | 0                    |
| status     | active                     |
| tags    | []                      |
| updated_at    | 2022-04-26T05:01:27Z                |
| virtual_size  | Not available                 |
| visibility    | public                     |
+------------------+----------------------------------------------------------------------------------+

# 查看激活的镜像
glance image-list
+--------------------------------------+--------+
| ID           | Name   |
+--------------------------------------+--------+
| 76d504e7-8b0b-4fc3-846c-6a14b7f86877 | cirros |
+--------------------------------------+--------+

至此,Glance安装成功了。

Placement安装

参考文档https://docs.openstack./placement/yoga/install/
以下操作在controller节点上执行。Plancement是一个API和端口管理服务
创建数据库

mysql -u root -p
Enter passord: 123456

MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 ro affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement. TO 'placement'@'localhost' IDENTIFIED BY 'placement';
Query OK, 0 ros affected (0.002 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement. TO 'placement'@'%' IDENTIFIED BY 'placement';
Query OK, 0 ros affected (0.001 sec)

exit;
Bye

创建项目和用户

. ~/openrc/admin-openrc
openstack user create --domain default --passord-prompt placement # 设置密码也是placement
openstack role add --project service --user placement admin # 将admin用户添加到placement
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

下载placement并配置

apt -y install placement-api

vim /etc/placement/placement.conf
------------------------------------
[placement_database]
# ...
connection = mysql+pymysql://placement:placement@controller/placement

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = passord
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
passord = placement

同步配置到数据库

su -s /bin/sh -c "placement-manage db sync" placement

重启apache

service apache2 restart

验证placement是否安装成功

. ~/openrc/admin-openrc
placement-status upgrade check
+-------------------------------------------+
| Upgrade Check Results      |
+-------------------------------------------+
| Check: Missing Root Provider IDs    |
| Result: Suess         |
| Details: None        |
+-------------------------------------------+
| Check: Inplete Consumers      |
| Result: Suess         |
| Details: None        |
+-------------------------------------------+
| Check: Policy File JSON to YAML Migration |
| Result: Suess         |
| Details: None        |
+-------------------------------------------+

# 测试placementAPI
apt -y install python3-pip # 安装pip3
pip3 install --upgrade pip -i https://mirrors.aliyun./pypi/simple/# 升级pip3
pip3 install osc-placement -i https://mirrors.aliyun./pypi/simple/
openstack --os-placement-api-version 1.2 resource class list --sort-column name
+----------------------------------------+
| name           |
+----------------------------------------+
| DISK_GB        |
| FPGA           |
| IPV4_ADDRESS         |
| MEMORY_MB         |
......

openstack --os-placement-api-version 1.6 trait list --sort-column name
+---------------------------------------+
| name          |
+---------------------------------------+
| COMPUTE_ACCELERATORS      |
| COMPUTE_ARCH_AARCH64      |
| COMPUTE_ARCH_MIPSEL       |
| COMPUTE_ARCH_PPC64LE      |
......

至此,placement安装成功。

Nova安装

参考官方文档https://docs.openstack./nova/yoga/install/controller-install-ubuntu.html
nova组件在controller和pute1上都要安装。
在controller上安装nova
配置数据库

mysql -u root -p
Enter Passord123456

MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 ro affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 ro affected (0.001 sec)
MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 ro affected (0.001 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api. TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api. TO 'nova'@'%' IDENTIFIED BY 'nova';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova. TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova. TO 'nova'@'%' IDENTIFIED BY 'nova';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0. TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0. TO 'nova'@'%' IDENTIFIED BY 'nova';

exit;
Bye

创建项目、用户、角色

. ~/openrc/admin-openrc
openstack user create --domain default --passord-prompt nova # 这里设置nova用户的密码也是nova
openstack role add --project service --user nova admin  # 将nova用户添加到admin组中变成管理员
openstack service create --name nova --description "OpenStack Compute" pute # 创建服务实体
openstack endpoint create --region RegionOne pute public http://controller:8774/v2.1 # 提供API服务
openstack endpoint create --region RegionOne pute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne pute admin http://controller:8774/v2.1

下载安装配置NOVA

apt -y install nova-api nova-conductor nova-novncproxy nova-scheduler

vim /etc/nova/nova.conf
----------------------------
[DEFAULT]
# ...不用注释已有配置
my_ip = 10.0.0.11
transport_url = rabbit://openstack:123456@controller:5672/

[api_database]
# ...该组中已有的配置全部注释掉
connection = mysql+pymysql://nova:nova@controller/nova_api

[database]
# ...该组中已有的配置全部注释掉
connection = mysql+pymysql://nova:nova@controller/nova

[api]
# ...该组中已有的配置全部注释掉
auth_strategy = keystone

[keystone_authtoken]
# ...该组中已有的配置全部注释掉
_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = passord
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
passord = nova

[vnc]
# ...
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
# ...
api_servers = http://controller:9292

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = passord
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
passord = placement

将配置同步到数据库中

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova

验证是否安装成功

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
|  Name |     UUID     |     Transport URL      |      Database Connection      | Disabled |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 |      none:/      | mysql+pymysql://nova:@controller/nova_cell0 |  False   |
| cell1 | dbc442b7-fc9c-4223-983a-3dc4fcd0b5e4 | rabbit://openstack:@controller:5672/ | mysql+pymysql://nova:@controller/nova |  False   |
+-------+--------------------------------------+------------------------------------------+-------------------------------------------------+----------+

收尾,做一系列重启动作

service nova-api restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart

至此,controller的nova计算服务完成
下面我们在pute1节点上安装nova服务,这个很重要,因为像pute1这种计算节点就是用来运行很多云服务器的,所以nova对于计算节点至关重要。
以下命令请在pute1节点上执行!!
下载安装配置nova

apt -y install nova-pute

vim /etc/nova/nova.conf
-------------------------------
[DEFAULT]
# ...
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.31

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = passord
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
passord = nova

[vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
# ...
api_servers = http://controller:9292

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = passord
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
passord = placement

检查你的计算节点pute1是否支持cpu虚拟化。我们的节点都是kvm虚拟机,这一步要检查的。

egrep -c '(vmx|svm)' /proc/cpuinfo

如果上面这条命令返回1或者大于1,则说明cpu支持虚拟化不需要做额外配置,上面的配置就够了。我返回的是12(虚拟机cpu有6核心)
如果上面的命令返回0,则虚拟机不支持虚拟化。解决方法有两个

  1. 虚拟机关机,然后打开KVM虚拟化功能,在开机。
  2. 让pute1节点使用qemu而不是KVM,进行如下配置
vim /etc/nova/nova-pute.conf
----------------------------------
# 把文件中的 virt_type=kvm 修改成 virt_type=qemu
[libvirt]
# ...
virt_type = qemu

注意,以上这个配置只有命令返回0的时候做,返回大于0的(支持虚拟化的)无须进行,直接跳过。
重启nova服务

service nova-pute restart
# 如果重启失败,自行查看日志/var/log/nova/nova-pute.log。
# 大概率是pute1无法连接controller的消息队列服务

将pute1加到cell数据库
以下步骤在controller节点执行!!!

. ~/openrc/admin-openrc
openstack pute service list --service nova-pute
+--------------------------------------+--------------+------------+------+---------+-------+----------------------------+
| ID           | Binary    | Host    | Zone | Status  | State | Updated At     |
+--------------------------------------+--------------+------------+------+---------+-------+----------------------------+
| 0d0f25ef-89e2-4acd-b578-7ad0a51e266e | nova-pute | controller | nova | enabled | up | 2022-04-26T10:15:42.000000 |
| b967a1ab-3328-457c-8ce1-f6eb8ff2b7dc | nova-pute | pute1   | nova | enabled | up | 2022-04-26T10:15:34.000000 |
+--------------------------------------+--------------+------------+------+---------+-------+----------------------------+

# 让controller节点同步刚发现pute节点的,同步到nova的cell数据库
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

# 每次添加新的计算节点 ,如pute2 ,pute3 ......
# 都需要在controller上执行这个nova-manage cell_v2 discover_hosts命令!
# 或者你可以一劳永逸,配置一个定时器,让controller定时去发现计算节点
vim /etc/nova/nova.conf
-------------------------------
[scheduler]
discover_hosts_in_cells_interval = 300

至此,两台机器都安装完成了nova服务,并将计算节点添加到了控制节点。

Neutron安装

参考官方文档https://docs.openstack./neutron/yoga/install/
最复杂也是难度最高的就是网络配置了,Neutron是openstack的网络组件。
官方文档给出的网络架构案例

The example architectures assume use of the folloing orks:

Management on 10.0.0.0/24 ith gateay 10.0.0.1

This ork requires a gateay to provide Inter aess to all nodes for administrative purposes such as package installation, security updates, Domain Name System (DNS), and Netork Time Protocol (NTP).

Provider on 203.0.113.0/24 ith gateay 203.0.113.1

This ork requires a gateay to provide Inter aess to instances in your OpenStack environment.
下面开始controller节点的网络。
网卡和主机名解析我们已经做过了。这里不赘述了,忘了就往前翻在文章开头。
创建数据库

mysql -u root -p
Enter Passord123456

MariaDB [(none)] CREATE DATABASE neutron;
Query OK, 1 ro affected (0.001 sec)


MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron. TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron. TO 'neutron'@'%' IDENTIFIED BY 'neutron';

exit;
Bye

创建用户和角色

. ~/openrc/admin-openrc
openstack user create --domain default --passord-prompt neutron # 这里设置密码,密码设成neutron,方便记忆
openstack role add --project service --user neutron admin # 把neutron用户加到admin组
openstack service create --name neutron --description "OpenStack Netorking" ork # 实例化服务
openstack endpoint create --region RegionOne ork public http://controller:9696 # 老样子,创建3大接口
openstack endpoint create --region RegionOne ork internal http://controller:9696
openstack endpoint create --region RegionOne ork admin http://controller:9696

# 如果遇到了Multiple service matches found for 'ork', use an ID to be more specific.
# openstack service list
# openstack service  delete   删除多余的服务

然后官方文档给出了两个网络架构公网架构option1和私网架构option2。其中私网架构包含了公网架构的所有功能,也比公网架构多两个组件。所以本文档选择部署option2私网架构。
原文简介
Option 2 augments option 1 ith layer-3 services that support attaching instances to self-service orks. The demo or other unprivileged user can manage self-service orks including routers that provide connectivity beteen self-service and provider orks. Additionally, floating IP addresses provide connectivity to instances using self-service orks from external orks such as the Inter.
下载、安装、配置neutron

apt -y install neutron-server neutron-plugin-ml2 neutron-linuxbridge-agent neutron-l3-agent neutron-dhcp-agent neutron-metadata-agent

vim /etc/neutron/neutron.conf
---------------------------------
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allo_overlapping_ips = true
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[database]
# ...database组中已有的配置注释掉
connection = mysql+pymysql://neutron:neutron@controller/neutron

[keystone_authtoken]
# ...
_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = passord
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
passord = neutron

[nova]
# ...
auth_url = http://controller:5000
auth_type = passord
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
passord = nova

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

配置ml2组件

vim /etc/neutron/plugins/ml2/ml2_conf.ini
-------------------------------------------
[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_ork_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
# ...
flat_orks = provider

[ml2_type_vxlan]
# ...
vni_ranges = 1:1000

[securitygroup]
# ...
enable_ipset = true

配置linux网桥

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
-----------------------------------------------------
[linux_bridge]
physical_interface_mappings = provider:enp6s0 # 这里的enp6s0是我的203.0.113.0/24网段的网口名称,你需要根据你自己的实际填写,不能照抄我的。

[vxlan]
enable_vxlan = true
local_ip = 10.0.0.10
l2_population = true

[securitygroup]
# ...
enable_security_group = true
fireall_driver = neutron.agent.linux.iptables_fireall.IptablesFireallDriver

然后通过sysctl命令验证你的Ubuntu linux系统内核是否支持linux网桥。相当于支持VMare里面的桥接模式。
返回1表示支持网桥模式。一般情况下都是1,除非你的cpu很老。如果不是1,自行百度解决

sysctl .bridge.bridge-nf-call-iptables
# .bridge.bridge-nf-call-iptables = 1

sysctl .bridge.bridge-nf-call-ip6tables
# .bridge.bridge-nf-call-ip6tables = 1

配置layer-3三层交换机代理

vim /etc/neutron/l3_agent.ini
-----------------------------------------
[DEFAULT]
# ...
interface_driver = linuxbridge
# 没了,就这!

配置DHCP代理

vim /etc/neutron/dhcp_agent.ini
----------------------------------------------
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

做neutron基本配置

vim /etc/neutron/metadata_agent.ini
-------------------------------------
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = metadata # 这是设置一个密码叫metedata,下一步会用到

配置nova,将上面的密码加入到nova

vim /etc/nova/nova.conf
----------------------------------------------
[neutron]
# ...
auth_url = http://controller:5000
auth_type = passord
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
passord = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata # 这里用到了上一步的密码

同步配置到数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf 
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
# 返回差不多长这样
INFO  [alembic.runtime.migration] Running upgrade 1bb3393de75d -> c181bb1d89e4
INFO  [alembic.runtime.migration] Running upgrade c181bb1d89e4 -> ba859d649675
INFO  [alembic.runtime.migration] Running upgrade ba859d649675 -> e981acd076d3
INFO  [alembic.runtime.migration] Running upgrade e981acd076d3 -> 76df7844a8c6, add Local IP tables
INFO  [alembic.runtime.migration] Running upgrade 76df7844a8c6 -> 1ffef8d6f371, migrate RBAC registers from "target_tenant" to "target_project"
INFO  [alembic.runtime.migration] Running upgrade 1ffef8d6f371 -> 8160f7a9cebb, drop portbindingports table
INFO  [alembic.runtime.migration] Running upgrade 8160f7a9cebb -> cd9ef14f87
INFO  [alembic.runtime.migration] Running upgrade cd9ef14f87 -> 34cf8b009713
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d
  OK
root@controller:~# 

重启nova和neutron

service nova-api restart

# 重启neutron组件
service neutron-server restart
service neutron-linuxbridge-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart

# 重启3层交换机
service neutron-l3-agent restart

controller的组件就配置结束了。
下面开始在pute上安装配置neutron组件。
下载安装neutron

apt -y install neutron-linuxbridge-agent

配置neutron

vim /etc/neutron/neutron.conf
------------------------------------
[DEFAULT]
# ...不要把core_plugin = ml2注释了,有用的
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone

[keystone_authtoken]
# ...已有的配置注释掉
_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = passord
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
passord = neutron


[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

配置Linux网桥

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
---------------------------------------------------
[linux_bridge]
physical_interface_mappings = provider:enp6s0

[vxlan]
enable_vxlan = true
local_ip = 10.0.0.31
l2_population = true

[securitygroup]
# ...
enable_security_group = true
fireall_driver = neutron.agent.linux.iptables_fireall.IptablesFireallDriver

然后通过sysctl命令验证你的Ubuntu linux系统内核是否支持linux网桥。相当于支持VMare里面的桥接模式。
返回1表示支持网桥模式。一般情况下都是1,除非你的cpu很老。如果不是1,自行百度解决

sysctl .bridge.bridge-nf-call-iptables
# .bridge.bridge-nf-call-iptables = 1

sysctl .bridge.bridge-nf-call-ip6tables
# .bridge.bridge-nf-call-ip6tables = 1

配置pute节点上的nova组件

vim /etc/nova/nova.conf
--------------------------
[neutron]
# ...
auth_url = http://controller:5000
auth_type = passord
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
passord = neutron

重启nova和neutron

service nova-pute restart
service neutron-linuxbridge-agent restart

验证neutron在controller和pute1上是否安装成功。
方法就是列出本机的neutron网络组件。controller上应该有四个,pute1上应该有一个。

# 在controller上执行
openstack ork agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID           | Agent Type   | Host    | Availability Zone | Alive | State | Binary     |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent  | controller | None     | True  | UP | neutron-metadata-agent |
| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None     | True  | UP | neutron-linuxbridge-agent |
| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | pute1   | None     | True  | UP | neutron-linuxbridge-agent |
| 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent     | controller | nova     | True  | UP | neutron-l3-agent    |
| dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent   | controller | nova     | True  | UP | neutron-dhcp-agent  |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
Horizon安装

参考官方文档https://docs.openstack./horizon/yoga/
Horizon是个网页,让用户能自由的创建账号,创建虚拟机,规划网络等等一切云资源。
yoga版没有暂时没有自己的Horizon,依然采用的是Ussari版本的Horizon。
参考官方文档https://docs.openstack./horizon/yoga/
安装U版Horizon的前提条件

  1. Python3.6或者3.7。由于Ubuntu20.04自带的Python是3.8.2所以我想应该也是可以的。
  2. Django 3.2。Horizon项目是用的Python的Django框架编写的网站。
  3. 一个可用的keystone后端
  4. Horizon如何连接其他服务?其实Horizon只和keystone相连。每个服务都会连接keystone,所以Horizon通过读取keystone自动连接其他服务,如cinder、glance、neutron、nova、sift。Horizon还可以安装插件来连接其他不常用的openstack组件。

所以综上Horizon的安装条件是Python>=3.6 + Django 3.2 + keystone
安装Horizon最简单的方式就是通过包安装。我们用apt。
以下命令可以在controller上,也可以在pute1上执行。任意一个能连通controller的节点都能安装Horizon,我建议还是把Horizon安装在controller上,这样以后能随意的添加和删除计算节点。

apt -y install openstack-dashboard

配置Horizon

vim /etc/openstack-dashboard/local_settings.py
------------------------------------------------
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = [''] # 表示允许任何外部主机访问Horizon,这样不安全,生产环境请写几台机器用户访问Horizon。
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
 'default': {
   'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
   'LOCATION': 'controller:11211',
 }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST # 这个是Python的语法,字符串格式化输出。
# 通过 ip:5000可以访问Horizon,如果想换其他端口,则修改配置中的5000
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
 "identity": 3,
 "image": 2,
 "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" # 新注册用户的默认角色和权限为普通用户
TIME_ZONE = "shanghai"


vim /etc/apache2/conf-available/openstack-dashboard.conf
---------------------------------------------------------
WSGIApplicationGroup %{GLOBAL}

重启apache

systemctl reload apache2.service

验证是否安装成功
激动人心的时刻终于到了
打开controller上的Firefox浏览器,输入网址 http://controller:5000/horizon/ , 查看是否出现openstack的网址。
然后尝试用admin登录,密码也是admin。你也可以用其他用户如demo、default。
如果成功,恭喜你,openstack安装完成了。如果你只是简单的用一下openstack,下面的所有内容你都可以不用看了!!!

Cinder安装(非必要)

cinder组件为openstack提供块存储服务。云服务器盘、快照等都存放在块存储里。
cinder组件安装不是opentack必须的。它相当重要,如果你是云服务器厂商,用户的每一台云服务器都对应几十上百GB的存储,我们需要对用户的镜像进行存储和多备份,当用户服务器崩溃或者我们的openstack计算节点崩溃,我们可以再30s内快速启动一个新的云服务器。
参考文档https://docs.openstack./cinder/yoga/
The Block Storage API and scheduler services typically run on the controller nodes. Depending upon the drivers used, the volume service can run on controller nodes, pute nodes, or standalone storage nodes.
块存储服务的API和定时服务是运行在controller节点上的,存储卷可以在任何节点上,所以我们只需要在controller上调用对应的驱动去连接存储卷就可以了。
存储卷的类型可以多种多样,NAS/SAN, NFS, iSCSI, Ceph等等。各大IT厂商也提供了块存储服务如HP、阿里云、AWS、Google等,openstack也能连过去的。而且块存储很便宜,以阿里云为例,存放100GB一年只要94元。
Cinder的安装是在openstack实例整个安装好后再做的,所以这里暂且略过。请看下文。

利用yoga版的openstack启动一个云服务器(非必要)

在安装之前,openstack安装指南给出了两种网络架构公网网络架构option1、私网网络架构option2。
其中私网网络架构包含了公网网络架构的全部功能和组件,所以比公网的更复杂。
公网架构原文是这样的
Before launching an instance, you must create the necessary virtual ork infrastructure. For orking option 1, an instance uses a provider (external) ork that connects to the physical ork
infrastructure via layer-2 (bridging/sitching). This ork includes a DHCP server that provides IP
addresses to instances.
The admin or other privileged user must create this ork because it connects directly to the physical
ork infrastructure.


私网架构option2介绍
If you chose orking option 2, you can also create a self-service (private) ork that connects to the
physical ork infrastructure via NAT. This ork includes a DHCP server that provides IP addresses
to instances. An instance on this ork can automatically aess external orks such as the Inter.
Hoever, aess to an instance on this ork from external orks such as the Inter requires a
floating IP address.


我们最初整了两张虚拟网卡就是为了实现私网架构的。

创建self-service私有网络

在controller上执行以下步骤

# 加载凭证文件
. ~/openrc/demo-openrc

# 使用openstack CLI工具创建一个名叫selfservice的网络
openstack ork create selfservice

持续更新,未完待续…

附录1防火墙与默认端口

你可以给openstack安装防火墙以提高集群的安全性。安装防火墙时你需要知道各个组件的端口号。下表列出了openstack常用组件的API端口。
Table 1: Default ports that OpenStack ponents use

OpenStack serviceDefault portsApplication Catalog (murano)8082Backup Service (Freezer)9090Big Data Processing Frameork (sahara)8386Block Storage (cinder)8776Clustering (senlin)8777Compute (nova) endpoints8774Compute ports for aess to virtual machine consoles5900-5999Compute VNC proxy for brosers (openstack-nova-novncproxy)6080Compute VNC proxy for traditional VNC clients (openstack-nova-xvpvncproxy)6081Container Infrastructure Management (Magnum)9511Container Service (Zun)9517Data processing service (sahara) endpoint8386Database service (Trove)8779DNS service (Designate)9001High Availability Service (Masakari)15868Identity service (keystone) endpoint5000Image service (glance) API9292Key Manager service (Barbican)9311Loadbalancer service (Octavia)9876Netorking (neutron)9696NFV Orchestration service (tacker)9890Object Storage (sift)6000, 6001, 6002Orchestration (heat) endpoint8004Orchestration AWS CloudFormation-patible API (openstack-heat-api-cfn)8000Orchestration AWS CloudWatch-patible API (openstack-heat-api-cloudatch)8778Placement API (placement)8003Proxy port for HTML5 console used by Compute service6082Rating service (Cloudkitty)8889Registration service (Adjutant)5050Resource Reservation service (Blazar)1234Root Cause Analysis service (Vitrage)8999Shared File Systems service (Manila)8786Telemetry alarming service (Aodh)8042Telemetry event service (Panko)8977Workflo service (Mistral)8989

Copyright © 2016-2025 www.caominkang.com 曹敏电脑维修网 版权所有 Power by