CentOS7安装OpenStack（Queens版）——（四）nova计算服务

nova计算服务（控制节点）

创建数据库

mysql -uroot -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;

授权访问数据库，设置用户密码为：nova/nova

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';

FLUSH PRIVILEGES;

在keystone上注册nova服务

– 创建nova用户，密码自定义为nova

openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | cf5b4a1ac9284483a8601ce212b2150b |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

为nova用户的service项目添加admin角色权限，命令无输出

openstack role add --project service --user nova admin

创建nova服务实体

openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 91ef7780ac984136ac0a98a8382f97f0 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+

创建nova API服务端点（endpoint）

openstack endpoint create --region RegionOne compute public http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 70039fd4b0434a79a3da46135a594e40 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller-01:8774/v2.1   |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne compute internal http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 71103854136c433e80868ed03405b3e3 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller-01:8774/v2.1   |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne compute admin http://controller-01:8774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 54f013b9691d4e7d88e6d49334e7d16b |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91ef7780ac984136ac0a98a8382f97f0 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://controller-01:8774/v2.1   |
+--------------+----------------------------------+

创建Placement服务用户，密码自定义为placement

openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 46cd680656344258993928db3717f8ff |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

继续阅读“CentOS7安装OpenStack（Queens版）——（四）nova计算服务”

2022年12月26日2022年12月26日

CentOS7安装OpenStack（Queens版）——（三）glance镜像服务

glance镜像服务（控制节点）

创建glance数据库，用户密码设置为glance

mysql -uroot -p
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
FLUSH PRIVILEGES;

加载admin临时环境变量

source keystonerc_admin

在keystone上创建glance用户，密码自定义为glance

[root@controller-01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | d9dc186702da415db6b202327b73e08c |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

在keystone上给glance用户的service项目添加admin角色权限，命令不输出结果

[root@controller-01 ~]# openstack role add --project service --user glance admin

创建glance镜像服务实体

[root@controller-01 ~]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | c5fa51ca63b440bda5d277ee6dda23ec |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

创建镜像服务API服务端点（endpoint）

[root@controller-01 ~]# openstack endpoint create --region RegionOne image public http://controller-01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 580275b630f14f91903c90f0a46f260d |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller-01:9292        |
+--------------+----------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne image internal http://controller-01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 0f8142d6abd048fd8c72f1861f713bde |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller-01:9292        |
+--------------+----------------------------------+

[root@controller-01 ~]# openstack endpoint create --region RegionOne image admin http://controller-01:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e40b8990bab5493a92469f2ffb7ad55e |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | c5fa51ca63b440bda5d277ee6dda23ec |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller-01:9292        |
+--------------+----------------------------------+

继续阅读“CentOS7安装OpenStack（Queens版）——（三）glance镜像服务”

2022年12月26日2022年12月26日

CentOS7安装OpenStack（Queens版）——（二）keystone认证服务

keystone认证服务（控制节点）

创建数据库

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
FLUSH PRIVILEGES;

安装包

yum install openstack-keystone httpd mod_wsgi

编辑/etc/keystone/keystone.conf修改如下配置

[database]
connection = mysql+pymysql://keystone:keystone@controller-01/keystone
[token]
provider = fernet

初始化同步keystone数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化fernet

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

验证

[root@controller-01 ~]# mysql -ukeystone -pkeystone keystone -e 'show tables'
Enter password: 
+-----------------------------+
| Tables_in_keystone          |
+-----------------------------+
| access_token                |
| application_credential      |
| application_credential_role |
| assignment                  |
| config_register             |
| consumer                    |
| credential                  |
| endpoint                    |
| endpoint_group              |
| federated_user              |
| federation_protocol         |
| group                       |
| id_mapping                  |
| identity_provider           |
| idp_remote_ids              |
| implied_role                |
| limit                       |
| local_user                  |
| mapping                     |
| migrate_version             |
| nonlocal_user               |
| password                    |
| policy                      |
| policy_association          |
| project                     |
| project_endpoint            |
| project_endpoint_group      |
| project_tag                 |
| region                      |
| registered_limit            |
| request_token               |
| revocation_event            |
| role                        |
| sensitive_config            |
| service                     |
| service_provider            |
| system_assignment           |
| token                       |
| trust                       |
| trust_role                  |
| user                        |
| user_group_membership       |
| user_option                 |
| whitelisted_config          |
+-----------------------------+

继续阅读“CentOS7安装OpenStack（Queens版）——（二）keystone认证服务”

2022年12月15日2022年12月26日

CentOS7安装OpenStack（Queens版）——（一）基础环境安装

做一个学习OpenStack的记录，先从安装部署开始。由于OpenStack需要安装部署的内容较多，按内容章节编写。因为是部署学习，都是在虚拟机下操作完成，节点配置都不是很高。系统上选择的CentOS，也可以根据自己喜好选择其他Linux版本。如无特殊说明，都是切换到root帐号在所有节点操作执行。

概念架构

逻辑架构

硬件要求

系统环境

操作系统：CentOS Linux release 7.9.2009 (Core)
控制节点controller：192.168.1.10、10.0.0.10
计算节点compute：192.168.1.11、10.0.0.11
存储节点storage：192.168.1.12、10.0.0.12

继续阅读