OpenStack作为一个开源的云计算管理平台,能够实现对计算、存储、网络等资源的自动化管理和分配,为企业和开发者提供了强大的云计算解决方案,本文将详细介绍OpenStack的搭建教程,帮助读者从零基础开始搭建一个属于自己的OpenStack环境。
OpenStack简介
OpenStack是一个由一系列开源项目组成的云计算平台,它提供了诸如计算(Nova)、网络(Neutron)、存储(Cinder、Swift)、身份认证(Keystone)等核心服务,通过这些服务,用户可以方便地创建和管理虚拟机、存储卷、网络等资源,实现私有云、公有云的搭建,OpenStack的优势在于其开源、灵活、可扩展等特性,被广泛应用于企业内部的云计算环境、互联网公司的大规模数据中心等场景。
搭建环境准备
(一)硬件要求
- 服务器数量:建议至少使用3台服务器,分别作为控制节点、计算节点和存储节点,如果资源有限,也可以在一台服务器上进行最小化安装,但这种方式不适合生产环境。
- CPU:至少为2核以上,以确保能够处理多个虚拟机的运行。
- 内存:控制节点建议8GB以上内存,计算节点根据实际需求分配,一般16GB以上。
- 存储:每台服务器至少需要50GB以上的可用磁盘空间,存储节点需要更大的存储空间用于存储虚拟机镜像和数据。
(二)软件要求
- 操作系统:推荐使用Ubuntu 18.04或CentOS 7等稳定的Linux发行版,本文以CentOS 7为例进行讲解。
- 网络配置:确保各节点之间网络连通,并且可以访问外网,以便下载必要的软件包。
基础环境配置
(一)安装前准备
- 更新系统:在所有节点上执行以下命令更新系统软件包。
sudo yum update -y
- 设置主机名:分别为控制节点、计算节点和存储节点设置不同的主机名,以控制节点为例,执行以下命令:
sudo hostnamectl set-hostname controller
然后编辑
/etc/hosts文件,添加各节点的IP地址和主机名映射。sudo vi /etc/hosts ```如下: ```plaintext 192.168.1.100 controller 192.168.1.101 compute 192.168.1.102 storage
- 关闭防火墙和SELinux:为了避免网络通信问题,关闭防火墙和SELinux。
sudo systemctl stop firewalld sudo systemctl disable firewalld sudo setenforce 0 sudo sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
(二)安装OpenStack仓库
在所有节点上安装OpenStack Queens版本的仓库。
sudo yum install -y centos-release-openstack-queens sudo yum update -y
控制节点安装与配置
(一)安装数据库
控制节点需要安装MySQL数据库,用于存储OpenStack各服务的配置信息。
sudo yum install -y mariadb mariadb-server python2-PyMySQL
编辑/etc/my.cnf.d/openstack.cnf文件,添加以下内容:
[mysqld] bind-address = 192.168.1.100 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
启动数据库服务并设置开机自启。
sudo systemctl start mariadb sudo systemctl enable mariadb
运行mysql_secure_installation脚本,设置数据库密码等安全选项。
(二)安装消息队列
OpenStack使用RabbitMQ作为消息队列,用于各服务之间的通信。
sudo yum install -y rabbitmq-server sudo systemctl start rabbitmq-server sudo systemctl enable rabbitmq-server
添加OpenStack用户并设置权限。
sudo rabbitmqctl add_user openstack password sudo rabbitmqctl set_permissions openstack ".*" ".*" ".*"
(三)安装和配置身份认证服务(Keystone)
- 创建数据库:登录数据库,创建Keystone数据库并授予权限。
CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'password';
- 安装Keystone服务:
sudo yum install -y openstack-keystone httpd mod_wsgi
- 配置Keystone:编辑
/etc/keystone/keystone.conf文件,配置数据库连接和令牌提供者。[database] connection = mysql+pymysql://keystone:password@controller/keystone
[token] provider = fernet
**同步数据库**:
```bash
sudo su -s /bin/sh -c "keystone-manage db_sync" keystone- 初始化Fernet密钥:
sudo keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone sudo keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
- 引导Keystone服务:
sudo keystone-manage bootstrap --bootstrap-password password \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
- 配置Apache:编辑
/etc/httpd/conf/httpd.conf文件,添加以下内容:ServerName controller
创建符号链接并启动Apache服务。
sudo ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ sudo systemctl start httpd sudo systemctl enable httpd
- 验证Keystone服务:设置环境变量,创建管理员用户的认证脚本。
export OS_USERNAME=admin export OS_PASSWORD=password export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3
执行以下命令验证Keystone服务是否正常工作。
openstack token issue
(四)安装和配置镜像服务(Glance)
- 创建数据库:登录数据库,创建Glance数据库并授予权限。
CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'password';
- 创建Glance用户和角色:
openstack user create --domain default --password password glance openstack role add --project service --user glance admin
- 创建Glance服务和端点:
openstack service create --name glance --description "OpenStack Image service" image openstack endpoint create --region RegionOne image public http://controller:9292 openstack endpoint create --region RegionOne image internal http://controller:9292 openstack endpoint create --region RegionOne image admin http://controller:9292
- 安装Glance服务:
sudo yum install -y openstack-glance
- 配置Glance:编辑
/etc/glance/glance-api.conf文件,配置数据库连接、身份认证和存储后端。[database] connection = mysql+pymysql://glance:password@controller/glance
[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = password
[glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
编辑`/etc/glance/glance-registry.conf`文件,配置数据库连接和身份认证。
```plaintext
[database]
connection = mysql+pymysql://glance:password@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = password- 同步数据库:
sudo su -s /bin/sh -c "glance-manage db_sync" glance
- 启动Glance服务并设置开机自启:
sudo systemctl start openstack-glance-api openstack-glance-registry sudo systemctl enable openstack-glance-api openstack-glance-registry
计算节点安装与配置
(一)安装和配置计算服务(Nova)
- 创建数据库:在控制节点的数据库中创建Nova数据库并授予权限。
CREATE DATABASE nova_api; CREATE DATABASE nova; CREATE DATABASE nova_cell0; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'password';
- 创建Nova用户和角色:在控制节点上执行以下命令。
openstack user create --domain default --password password nova openstack role add --project service --user nova admin
- 创建Nova服务和端点:
openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
- 安装Nova服务:在计算节点上执行以下命令。
sudo yum install -y openstack-nova-compute
- 配置Nova:编辑
/etc/nova/nova.conf文件,配置数据库连接、消息队列、身份认证等。[DEFAULT] transport_url = rabbit://openstack:password@controller my_ip = 192.168.1.101 use_neutron = True firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database] connection = mysql+pymysql://nova:password@controller/nova_api
[database] connection = mysql+pymysql://nova:password@controller/nova
[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = password
[vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html
**检查计算节点是否支持硬件加速**:
```bash
egrep -c '(vmx|svm)' /proc/cpuinfo如果返回值大于0,则支持硬件加速;否则,需要在/etc/nova/nova.conf文件中添加以下内容:
[libvirt] virt_type = qemu
- 启动Nova服务并设置开机自启:
sudo systemctl start libvirtd openstack-nova-compute sudo systemctl enable libvirtd openstack-nova-compute
存储节点安装与配置
(一)安装和配置块存储服务(Cinder)
- 创建数据库:在控制节点的数据库中创建Cinder数据库并授予权限。
CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'password';
- 创建Cinder用户和角色:在控制节点上执行以下命令。
openstack user create --domain default --password password cinder openstack role add --project service --user cinder admin
- 创建Cinder服务和端点:
openstack service create --name cinder --description "OpenStack Block Storage" volume openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
- 安装Cinder服务:在存储节点上执行以下命令。
sudo yum install -y openstack-cinder targetcli python-keystoneclient
- 配置Cinder:编辑
/etc/cinder/cinder.conf文件,配置数据库连接、消息队列、身份认证等。[database] connection = mysql+pymysql://cinder:password@controller/cinder
[DEFAULT] transport_url = rabbit://openstack:password@controller auth_strategy = keystone
[keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = cinder password = password
[lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = lioadm
[oslo_concurrency] lock_path = /var/lib/cinder/tmp
**创建LVM物理卷和卷组**:
```bash
sudo pvcreate /dev/sdb
sudo vgcreate cinder-volumes /dev/sdb- 同步数据库:在控制节点上执行以下命令。
sudo su -s /bin/sh -c "cinder-manage db sync" cinder
- 启动Cinder服务并设置开机自启:
sudo systemctl start openstack-cinder-volume target sudo systemctl enable openstack-cinder-volume target
网络节点安装与配置
(一)安装和配置网络服务(Neutron)
- 创建数据库:在控制节点的数据库中创建Neutron数据库并授予权限。
CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'password'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'password';
- 创建Neutron用户和角色:在控制节点上执行以下命令。
openstack user create --domain default --password password neutron openstack role add --project service --user neutron admin
- 创建Neutron服务和端点:
openstack service create --name neutron --description "OpenStack Networking" network openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint
