OpenStack-Ocata-单点部署教程

OpenStackOcata版本单点部署姓名：日期：

目录1OpenStack安装环境搭建 41.1CenOS7初始配置 41.2基础环境配置 52Keystone—认证服务 72.1概述 72.2keystone安装与配置 72.3创建域/项目/用户/角色 92.4keystone功能验证 102.5创建客户端认证脚本 113Glance—镜像服务 133.1概述 133.2glance安装与配置 133.3glance功能验证 174Nova—计算服务 184.1概述 184.2controller节点安装与配置 184.3compute节点安装与配置 254.4nova功能验证 275Neutron—网络服务 295.1概述 295.2controller节点安装与配置 295.3neutron功能验证 356Horizon—前台界面 366.1概述 366.2horizon安装与配置 366.3horizon功能验证 377Cinder—块存储服务 387.1概述 387.2controller节点安装与配置 387.3storage节点安装与配置 427.4cinder功能验证 448实例部署 45

1OpenStack安装环境搭建1.1CenOS7初始配置单点虚拟机配置：CPU8核，内存16GB，存储100GB，网卡2块。操作系统：CentOS7在搭建OpenStack安装环境之前需要初始化centos的系统配置，包括网络、在线更新源、安全三个部分。1.网络两块网卡一块设置为外网访问IP，另一块设置为本地管理网络IP。修改配置文件/etc/sysconfig/network-scripts/ifcfg-xxx(根据网卡名称修改)：2.在线更新源备份原有源文件：mv/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backup下载网易源文件并更改文件名为CentOS-Base.repo：/.help/CentOS7-Base-163.repo建立缓存并更新：yumcleanallyummakecacheyumupdate3.安全关闭防火墙与selinux：systemctldisablefirewalld.servicesystemctlstopfirewalld.servicesetenforce0配置文件/etc/selinux/config，将SELINUX设置为disabled。1.2基础环境配置1.启用OpenStack仓库yuminstallcentos-release-openstack-ocata完成安装：安装OpenStack客户端--yuminstallpython-openstackclient安装selinux安装包--yuminstallopenstack-selinux2.设置内外网IP对应主机名修改配置文件/etc/hosts退出重新登录即可生效3.MySQL数据库安装配置安装相关软件包：yuminstallmariadb-serverpython2-PyMySQL编辑配置文件/etc/f.d/f：启动数据库服务：systemctlenablemariadb.servicesystemctlstartmariadb.service设置数据库密码：mysql_secure_installation测试登录：mysql–uroot–p4.消息队列RabbitMQ安装与配置安装软件包：yuminstallrabbitmq-server启用消息队列服务：systemctlenablerabbitmq-server.servicesystemctlstartrabbitmq-server.service添加opensatck用户：rabbitmqctladd_useropenstackPASS设置权限：rabbitmqctlset_permissionsopenstack".*"".*"".*"5.Memcached安装与配置Memcached的作用为缓存tokens。安装相关软件包：yuminstallmemcachedpython-memcached配置文件/etc/sysconfig/memcached启动服务：systemctlenablememcached.servicesystemctlstartmemcached.service

2Keystone—认证服务2.1概述云安全需要考虑数据安全、身份与访问管理安全、虚拟化安全和基础设施安全四个部分。Keystone为OpenStack中的一个独立的提供安全认证的模块，主要负责OpenStack用户的身份认证、令牌管理、提供访问资源的服务目录，以及基于用户角色的访问控制。在OpenStack整体框架中，Keystone作用类似于服务总线，其他服务需要通过Keystone注册服务端点，其中服务端点为服务的访问点或URL。Keystone几个基本概念：1.User--用户通过Keystone访问OpenStack服务的个人、系统或者某个服务，Keystone通过认证信息验证用户请求合法性。2.Role--角色一个用户所具有的角色，代表其被赋予的权限。3.Service--服务4.Endpoint--端点一个可以用来访问某个具体服务的网络地址。5.Token--令牌6.Catalog--服务查询目录2.2keystone安装与配置1.安装前准备使用root用户登录数据库mysql–uroot–p创建keystone数据库CREATEDATABASEkeystone;授权数据库访问GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'PASS';退出数据库2.Keystone组件安装与配置安装相关软件包：yuminstallopenstack-keystonehttpdmod_wsgi修改配置文件/etc/keystone/keystone.conf：[database]connection=mysql+pymysql://keystone:PASS@controller/keystone[token]provider=fernet填充认证服务数据库：su-s/bin/sh-c"keystone-managedb_sync"keystone初始化Fernetkey仓库：keystone-managefernet_setup--keystone-userkeystone--keystone-groupkeystonekeystone-managecredential_setup--keystone-userkeystone--keystone-groupkeystone引导认证服务：keystone-managebootstrap--bootstrap-passwordPASS--bootstrap-admin-urlhttp://controller:35357/v3/--bootstrap-internal-urlhttp://controller:5000/v3/--bootstrap-public-urlhttp://controller:5000/v3/--bootstrap-region-idRegionOne3.ApacheHttp服务器配置修改配置文件/etc/httpd/conf/httpd.conf：ServerNamecontroller创建链接：ln-s/usr/share/keystone/wsgi-keystone.conf/etc/httpd/conf.d/4.启动服务systemctlenablehttpd.servicesystemctlstarthttpd.service5.配置管理账户export

OS_USERNAME=adminexport

OS_PASSWORD=PASSexport

OS_PROJECT_NAME=adminexport

OS_USER_DOMAIN_NAME=Defaultexport

OS_PROJECT_DOMAIN_NAME=Defaultexport

OS_AUTH_URL=http://controller:35357/v3export

OS_IDENTITY_API_VERSION=32.3创建域/项目/用户/角色1.创建service项目openstackprojectcreate--domaindefault--description"ServiceProject"service2.创建Demo项目openstackprojectcreate--domaindefault--description"DemoProject"demo3.创建Demo用户openstackusercreate--domaindefault--password-promptdemo(需输入密码)4.创建demo用户相关的角色openstackrolecreateuser5.将角色加入对应的用户和项目中openstackroleadd--projectdemo--userdemouser2.4keystone功能验证1.关闭token临时认证机制编辑/etc/keystone/keystone-paste.ini：删除以下三个部分中的admin_token_auth2.取消临时环境变量unsetOS_AUTH_URLOS_PASSWORD3.admin用户token认证openstack--os-auth-urlhttp://controller:35357/v3--os-project-domain-namedefault--os-user-domain-namedefault--os-project-nameadmin--os-usernameadmintokenissue4.demo用户token认证openstack--os-auth-urlhttp://controller:5000/v3--os-project-domain-namedefault--os-user-domain-namedefault--os-project-namedemo--os-usernamedemotokenissue2.5创建客户端认证脚本1.创建文件admin-openrc：export

OS_PROJECT_DOMAIN_NAME=Defaultexport

OS_USER_DOMAIN_NAME=Defaultexport

OS_PROJECT_NAME=adminexport

OS_USERNAME=adminexport

OS_PASSWORD=PASSexport

OS_AUTH_URL=http://controller:35357/v3export

OS_IDENTITY_API_VERSION=3export

OS_IMAGE_API_VERSION=22.创建文件demo-openrc：export

OS_PROJECT_DOMAIN_NAME=Defaultexport

OS_USER_DOMAIN_NAME=Defaultexport

OS_PROJECT_NAME=demoexport

OS_USERNAME=demoexport

OS_PASSWORD=PASSexport

OS_AUTH_URL=http://controller:5000/v3export

OS_IDENTITY_API_VERSION=3export

OS_IMAGE_API_VERSION=23.测试脚本.admin-openrcopenstacktokenissue

3Glance—镜像服务3.1概述Glance为OpenStack提供虚拟机的镜像服务，由glance-api与glance-registry两个服务组成。glance-api是进入Glance的入口，负责接收用户的RESTful请求，再通过后台的存储系统完成镜像的存储与获取。3.2glance安装与配置1.安装前准备创建glance数据库及后续操作：mysql–uroot–pCREATEDATABASEglance;GRANTALLPRIVILEGESONglance.*TO'glance'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONglance.*TO'glance'@'%'IDENTIFIEDBY'PASS';2.使用admin认证.admin-openrc3.创建glance用户openstackusercreate--domaindefault--password-promptglance4.将admin角色加入glance用户及service项目openstackroleadd--projectservice--userglanceadmin5.创建glance服务实体openstackservicecreate--nameglance--description"OpenStackImage"image6.创建镜像服务API接入点openstackendpointcreate--regionRegionOneimagepublichttp://controller:9292openstackendpointcreate--regionRegionOneimageinternalhttp://controller:9292openstackendpointcreate--regionRegionOneimageadminhttp://controller:92927.glance组件安装及配置(1)安装软件包yuminstallopenstack-glance(2)编辑文件/etc/glance/glance-api.conf[database]connection=mysql+pymysql://glance:PASS@controller/glance[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

glancepassword

=

PASS[paste_deploy]#

...flavor

=

keystone[glance_store]#

...stores

=

file,httpdefault_store

=

filefilesystem_store_datadir

=

/var/lib/glance/images/(3)编辑文件/etc/glance/glance-registry.conf[database]connection=mysql+pymysql://glance:PASS@controller/glance[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

glancepassword

=

PASS[paste_deploy]#

...flavor

=

keystone8.填充glance数据库su-s/bin/sh-c"glance-managedb_sync"glance9.启动服务systemctlenableopenstack-glance-api.serviceopenstack-glance-registry.servicesystemctlstartopenstack-glance-api.serviceopenstack-glance-registry.service3.3glance功能验证1.使用admin认证.admin-openrc2.下载镜像wget/0.3.5/cirros-0.3.5-x86_64-disk.img3.上传镜像至服务器openstackimagecreate"cirros"--file

cirros-0.3.5-x86_64-disk.img--disk-formatqcow2--container-formatbare–public4.查看镜像是否上传成功openstackimagelist

4Nova—计算服务4.1概述Nova为OpenStack的计算组件，由API、Compute、Conductor、Scheduler四个核心服务所组成，服务之间通过AMQP消息队列进行通信。API是进入Nova的HTTP接口，Compute和VMM交互运行虚拟机并管理虚拟机的生命周期。Schedular从可用资源池中选择最合适的计算节点来创建新的虚拟机实例，Conductor为数据库的访问提供一层安全保障。虚拟机创建服务流程：首先用户执行novaclient提供的用于创建虚拟机的命令，API服务监听到novaclient发送的HTTP请求并且将它转换成AMQP消息，通过消息队列(Queue)调用Conductor服务，Conductor服务通过消息队列接受到任务之后，先完成一些准备工作，再通过消息队列告诉Schedular去选择一个满足虚拟机创建要求的主机，Conductor拿到Schedular提供的目标主机之后，会要求Compute服务创建虚拟机。4.2controller节点安装与配置安装前准备工作：1.添加nova数据库mysql–uroot-pCREATEDATABASEnova_api;CREATEDATABASEnova;CREATEDATABASEnova_cell0;GRANTALLPRIVILEGESONnova_api.*TO'nova'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova_api.*TO'nova'@'%'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova.*TO'nova'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova.*TO'nova'@'%'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova_cell0.*TO'nova'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova_cell0.*TO'nova'@'%'IDENTIFIEDBY'PASS';2.使用admin认证.admin-openrc3.创建nova用户openstackusercreate--domaindefault--password-promptnova4.将admin角色加给nova用户openstackroleadd--projectservice--usernovaadmin5.创建nova服务实体openstackservicecreate--namenova--description"OpenStackCompute"compute6.创建计算API服务端点openstackendpointcreate--regionRegionOnecomputepublichttp://controller:8774/v2.1openstackendpointcreate--regionRegionOnecomputeinternalhttp://controller:8774/v2.1openstackendpointcreate--regionRegionOnecomputeadminhttp://controller:8774/v2.17.创建placement用户openstackusercreate--domaindefault--password-promptplacement8.将placement用户添加到service项目及admin角色中openstackroleadd--projectservice--userplacementadmin9.创建placementAPI实体openstackservicecreate--nameplacement--description"PlacementAPI"placement10.创建placementAPI服务端点openstackendpointcreate--regionRegionOneplacementpublichttp://controller:8778openstackendpointcreate--regionRegionOneplacementinternalhttp://controller:8778openstackendpointcreate--regionRegionOneplacementadminhttp://controller:8778安装与配置组件：1.安装nova相关软件包yuminstallopenstack-nova-apiopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-scheduleropenstack-nova-placement-api2.修改配置文件/etc/nova/nova.conf[DEFAULT]#

...enabled_apis

=

osapi_compute,metadata[api_database]#

...connection

=

mysql+pymysql://nova:PASS@controller/nova_api[database]#

...connection

=

mysql+pymysql://nova:PASS@controller/nova[DEFAULT]#

...transport_url

=

rabbit://openstack:PASS@controller[api]#

...auth_strategy

=

keystone[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

novapassword

=

PASS[DEFAULT]#

...my_ip

=

05[DEFAULT]#

...use_neutron

=

Truefirewall_driver

=

nova.virt.firewall.NoopFirewallDriver[vnc]enabled

=

true#

...vncserver_listen

=

$my_ipvncserver_proxyclient_address

=

$my_ip[glance]#

...api_servers

=

http://controller:9292[oslo_concurrency]#

...lock_path

=

/var/lib/nova/tmp[placement]#

...os_region_name

=

RegionOneproject_domain_name

=

Defaultproject_name

=

serviceauth_type

=

passworduser_domain_name

=

Defaultauth_url

=

http://controller:35357/v3username

=

placementpassword

=

PASS3.修改配置文件/etc/httpd/conf.d/00-nova-placement-api.conf末尾增加：<Directory

/usr/bin>

<IfVersion

>=

2.4>

Require

all

granted

</IfVersion>

<IfVersion

<

2.4>

Order

allow,deny

Allow

from

all

</IfVersion></Directory>4.重启httpd服务systemctlrestarthttpd.service5.填充nova-api数据库su-s/bin/sh-c"nova-manageapi_dbsync"nova6.注册cell0数据库su

-s

/bin/sh

-c

"nova-manage

cell_v2

map_cell0"

nova7.创建cell1cellsu

-s

/bin/sh

-c

"nova-manage

cell_v2

create_cell

--name=cell1

--verbose"

nova8.填充nova数据库su

-s

/bin/sh

-c

"nova-manage

db

sync"

nova9.验证cell0和cell1nova-managecell_v2list_cells10.启动服务systemctlenableopenstack-nova-api.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.servicesystemctlstartopenstack-nova-api.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service4.3compute节点安装与配置1.安装与配置compute组件yuminstallopenstack-nova-compute修改文件/etc/nova/nova.conf[DEFAULT]#...enabled_apis=osapi_compute,metadata[DEFAULT]#...transport_url=rabbit://openstack:PASS@controller[api]#...auth_strategy=keystone[keystone_authtoken]#...auth_uri=http://controller:5000auth_url=http://controller:35357memcached_servers=controller:11211auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultproject_name=serviceusername=novapassword=PASS[DEFAULT]#...my_ip=MANAGEMENT_INTERFACE_IP_ADDRESS[DEFAULT]#...use_neutron=Truefirewall_driver=nova.virt.firewall.NoopFirewallDriver[vnc]#...enabled=Truevncserver_listen=vncserver_proxyclient_address=$my_ipnovncproxy_base_url=http://controller:6080/vnc_auto.html[glance]#...api_servers=http://controller:9292[oslo_concurrency]#...lock_path=/var/lib/nova/tmp[placement]#...os_region_name=RegionOneproject_domain_name=Defaultproject_name=serviceauth_type=passworduser_domain_name=Defaultauth_url=http://controller:35357/v3username=placementpassword=PASS2.查看硬件支持信息egrep-c'(vmx|svm)'/proc/cpuinfo修改配置文件/etc/nova/nova.conf[libvirt]#...virt_type=qemu3.启动服务systemctlenablelibvirtd.serviceopenstack-nova-compute.servicesystemctlstartlibvirtd.serviceopenstack-nova-compute.service4.将计算节点加入cell数据库中.admin-openrcopenstackhypervisorlistsu-s/bin/sh-c"nova-managecell_v2discover_hosts--verbose"nova4.4nova功能验证.admin-openrcopenstackcomputeservicelistopenstackcataloglistnova-statusupgradecheck

5Neutron—网络服务5.1概述OpenStack所在的整个物理网络在Neutron中被泛化为网络资源池，Neutron能够为同一物理网络的每个租户提供独立的虚拟网络环境。通用配置：一个管理员创建的外部网络对象来负责OpenStack环境与Internet的连接，一个私有网络提供给租户创建自己的虚拟机。为了使内部网络中的机器能够连接互联网，必须创建一个路由器将内部网络连接到外部网络。在该过程中，Neutron提供了一个L3(三层)的抽象router与一个L2(二层)的抽象network，router对应于真实网络环境中的路由器，为用户提供路由、NAT等服务，network则对应于一个真实物理网络中的二层局域网(LAN)。另一个重要概念是子网subnet，功能为附加在二层网络上指明属于这个网络的虚拟机可使用的IP地址范围。5.2controller节点安装与配置1.创建neutron数据库mysql-uroot-pCREATEDATABASEneutron;GRANTALLPRIVILEGESONneutron.*TO'neutron'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'IDENTIFIEDBY'PASS';2.使用admin认证.admin-openrc3.创建neutron用户openstack

usercreate--domaindefault--password-promptneutron

4.将admin角色加入neutron用户中openstackroleadd--projectservice--userneutronadmin5.创建neutron服务实体openstackservicecreate--nameneutron--description"OpenStackNetworking"network6.创建网络服务API端点openstackendpointcreate--regionRegionOnenetworkpublichttp://controller:9696openstackendpointcreate--regionRegionOnenetworkinternalhttp://controller:9696openstackendpointcreate--regionRegionOnenetworkadminhttp://controller:96967.网络类型配置-self-servicenetwork(1)安装neutron网络组件yuminstallopenstack-neutronopenstack-neutron-ml2openstack-neutron-linuxbridgeebtables(2)修改配置文件/etc/neutron/neutron.conf

：[database]#...connection=mysql+pymysql://neutron:PASS@controller/neutron使能ModularLayer2(ML2)插件、路由服务、重叠IP

[DEFAULT]#...core_plugin=ml2service_plugins=routerallow_overlapping_ips=true[DEFAULT]#...transport_url=rabbit://openstack:PASS@controller[DEFAULT]#...auth_strategy=keystone[keystone_authtoken]#...auth_uri=http://controller:5000auth_url=http://controller:35357memcached_servers=controller:11211auth_type=password

project_domain_name=defaultuser_domain_name=defaultproject_name=serviceusername=neutronpassword=PASS[DEFAULT]#...notify_nova_on_port_status_changes=truenotify_nova_on_port_data_changes=true[nova]#...auth_url=http://controller:35357auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultregion_name=RegionOneproject_name=serviceusername=novapassword=PASS[oslo_concurrency]#...lock_path=/var/lib/neutron/tmp(3)修改ModularLayer2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini：使能flat/vlan/vxlan类型[ml2]#...type_drivers=flat,vlan,vxlan[ml2]#...tenant_network_types=vxlan[ml2]#...mechanism_drivers=linuxbridge,l2population[ml2]#...extension_drivers=port_security[ml2_type_flat]#...flat_networks=provider[ml2_type_vxlan]#...vni_ranges=1:1000[securitygroup]#...enable_ipset=true(4)修改linuxbridgeagent配置文件：/etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]physical_interface_mappings=provider:INTERFACE[vxlan]enable_vxlan=truelocal_ip=05l2_population=true[securitygroup]#...enable_security_group=truefirewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver(5)修改layer-3agent配置文件/etc/neutron/l3_agent.ini：[DEFAULT]#...interface_driver=linuxbridge(6)修改DHCPagent配置文件/etc/neutron/dhcp_agent.ini：[DEFAULT]#...interface_driver=linuxbridgedhcp_driver=neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata=true(7)修改metadataagent配置文件/etc/neutron/metadata_agent.ini：[DEFAULT]#...nova_metadata_ip=controllermetadata_proxy_shared_secret=PASS(8)在计算服务配置文件nova.conf中添加neutron网络配置：[neutron]#...url=http://controller:9696auth_url=http://controller:35357auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultregion_name=RegionOneproject_name=serviceusername=neutronpassword=PASS service_metadata_proxy=truemetadata_proxy_shared_secret=PASS8.建立链接ln-s/etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini9.填充neutron数据库su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf--config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradehead"neutron10.重启nova-api服务systemctlrestartopenstack-nova-api.service11.启动服务systemctlenableneutron-server.serviceneutron-linuxbridge-agent.serviceneutron-dhcp-agent.serviceneutron-metadata-agent.serviceneutron-l3-agent.servicesystemctlstartneutron-server.serviceneutron-linuxbridge-agent.serviceneutron-dhcp-agent.serviceneutron-metadata-agent.service

neutron-l3-agent.service5.3neutron功能验证.admin-openrcopenstackextensionlist--networkopenstacknetworkagentlist

6Horizon—前台界面6.1概述模块化的基于web的图形界面，通过浏览器访问。Horizon采用Django框架，一种基于Python语言的开源Web应用程序框架。6.2horizon安装与配置1.安装horizon软件包yuminstallopenstack-dashboard2.修改配置文件/etc/openstack-dashborad/local_settingsOPENSTACK_HOST="controller"ALLOWED_HOSTS=['*']SESSION_ENGINE='django.contrib.sessions.backends.cache'CACHES={

'default':{

'BACKEND':'django.core.cache.backends.memcached.MemcachedCache',

'LOCATION':'controller:11211',

}}OPENSTACK_KEYSTONE_URL="http://%s:5000/v3"%OPENSTACK_HOSTOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=TrueOPENSTACK_API_VERSIONS={

"identity":3,

"image":2,

"volume":2,}OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="Default"OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"OPENSTACK_NEUTRON_NETWORK={...

'enable_router':False,

'enable_quotas':False,

'enable_distributed_router':False,

'enable_ha_router':False,

'enable_lb':False,

'enable_firewall':False,

'enable_vpn':False,

'enable_fip_topology_check':False,}TIME_ZONE="TIME_ZONE"3.启动服务systemctlrestarthttpd.servicememcached.service6.3horizon功能验证访问http://controller/dashboard

7Cinder—块存储服务7.1概述Cinder类似于AWS的EBS服务，为虚拟机提供持久化的块存储能力，实现虚拟机存储卷的创建、挂载卸载、快照等生命周期管理，默认使用LVM作为后端存储。7.2controller节点安装与配置1.创建cinder数据库mysql-uroot-pCREATEDATABASEcinder;GRANTALLPRIVILEGESONcinder.*TO'cinder'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONcinder.*TO'cinder'@'%'IDENTIFIEDBY'PASS';2.使用admin认证.admin-openrc3.创建用户cinderopenstackusercreate--domaindefault--password-promptcinder4.将admin角色添加至cinder用户中openstackroleadd--projectservice--usercinderadmin5.创建cinderv2和cinderv3服务实体openstackservicecreate--namecinderv2--description"OpenStackBlockStorage"volumev2openstackservicecreate--namecinderv3--description"OpenStackBlockStorage"volumev36.创建块存储服务API端点openstackendpointcreate--regionRegionOnevolumev2publichttp://controller:8776/v2/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev2internalhttp://controller:8776/v2/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev2adminhttp://controller:8776/v2/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev3publichttp://controller:8776/v3/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev3internalhttp://controller:8776/v3/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev3adminhttp://controller:8776/v3/%\(project_id\)s7.安装cinder相关软件包yuminstallopenstack-cinder8.修改配置文件/etc/cinder/cinder.conf[database]#

...connection

=

mysql+pymysql://cinder:PASS@controller/cinder[DEFAULT]#

...transport_url

=

rabbit://openstack:PASS@controller[DEFAULT]#

...auth_strategy

=

keystone[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

cinderpassword

=

PASS[DEFAULT]#

...my_ip

=

05[oslo_concurrency]#

...lock_path

=

/var/lib/cinder/tmp8.填充cinder数据库su

-s

/bin/sh

-c

"cinder-manage

db

sync"

cinder9.在计算服务nova.conf文件中添加cinder配置[cinder]os_region_name

=

RegionOne10.启动服务systemctl

restart

openstack-nova-api.servicesystemctl

enable

openstack-cinder-api.service

openstack-cinder-scheduler.servicesystemctl

start

openstack-cinder-api.service

openstack-cinder-scheduler.service7.3storage节点安装与配置需要添加一块新盘，lvm模式创建。1.fdisk–l查看新添加的磁盘2.fdisk/dev/sdb创建lvm分区3.修改分区类型为lvm输入t选择类型：4.partprobe更新/dev目录5.新建pv物理卷pvcreate/dev/sdb16.创建lvm卷组cinder-volumesvgcreatecinder-volumes/dev/sdb17.修改配置文件/etc/lvm/lvm.confdevices{...filter=["a/sdb/","r/.*/"]8.安装相关软件包yuminstallopenstack-cindertargetclipython-keystone9.修改配置文件/etc/cinder/cinder.conf[database]#...connection=mysql+pymysql://cinder:PASS@controller/cinder[DEFAULT]#...transpo