1 您需要了解
- 虚拟化平台版本
VMware Workstation 17.0.0(备注:配套云计算HCIP课程实验) - 操作系统版本
CentOS Linux Stream 8,可参考下方相关文章G003完成系统安装,步骤一致 - 安装源您可访问 CentOS官网 / 阿里永久镜像站 / 华为永久镜像站 或其他镜像站进行下载
- 环境用到
2台虚拟机,单网卡,并为其配置静态 IP及DNS,具体规划请参考第 2 章环境规划 - 从
Ussuri版本开始,需要使用CentOS 8或RHEL 8,截至发稿前,Stream 8 版本支持的最高版本为xena - 搭建 openstack 最麻烦的是 yum 源问题,建议严格按照本篇博客进行 yum 源配置操作
- 为有更好的浏览体验,您可以点击文章左上方
目录按钮来显示文章整体目录结构
- 相关文章
- G003-OS-LIN-RHEL-01 红帽 8.4 安装
2 环境规划
控制节点及计算节点必须开启虚拟化引擎 Intel VT-x 或 AMD-V。控制节点未来将被复用为计算节点和网络节点。虚拟机配置可根据实际情况进行调整。
| 主机名 | IP | 网关/DNS | CPU/内存 | 磁盘 | 角色 | 备注 |
|---|---|---|---|---|---|---|
| controller | 192.168.100.128 | 192.168.100.2 | 4c8g | 100g | 控制/网络/计算节点 | 必须开启虚拟化引擎 |
| compute | 192.168.100.129 | 192.168.100.2 | 4c8g | 100g | 计算节点 | 必须开启虚拟化引擎 |
3 系统环境配置
3.1 网络配置
当前环境中控制节点及计算节点网卡类型为 NAT
3.1.1 控制节点
- 网卡设置
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=none
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.100.128
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=192.168.100.2
- 关闭防火墙
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
- 关闭 SELinux
[root@controller ~]# setenforce 0
[root@controller ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
- 关闭 NetworkManager
CentOS 8 版本默认使用 NetworkManager 管理网络,但它会和 openstack 网络组件产生冲突,从而导致告警或错误,告警如下:Warning: NetworkManager is active on 192.168.100.128, 192.168.100.129. OpenStack networking currently does not work on systems that have the Network Manager service enabled.
[root@controller ~]# systemctl stop NetworkManager
[root@controller ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
3.1.2 计算节点
- 网卡设置
[root@compute ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens160
TYPE=Ethernet
BOOTPROTO=none
NAME=ens160
DEVICE=ens160
ONBOOT=yes
IPADDR=192.168.100.129
NETMASK=255.255.255.0
GATEWAY=192.168.100.2
DNS1=192.168.100.2
- 关闭防火墙
[root@compute ~]# systemctl stop firewalld
[root@compute ~]# systemctl disable firewalld
Removed /etc/systemd/system/multi-user.target.wants/firewalld.service.
Removed /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.
- 关闭 SELinux
[root@compute ~]# setenforce 0
[root@compute ~]# sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
- 关闭 NetworkManager
[root@compute ~]# systemctl stop NetworkManager
[root@compute ~]# systemctl disable NetworkManager
Removed /etc/systemd/system/multi-user.target.wants/NetworkManager.service.
Removed /etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service.
Removed /etc/systemd/system/network-online.target.wants/NetworkManager-wait-online.service.
3.2 IP主机名及基础包安装配置
3.2.1 控制节点
[root@controller ~]# echo '192.168.100.128 controller' >> /etc/hosts
[root@controller ~]# echo '192.168.100.129 compute' >> /etc/hosts
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.128 controller
192.168.100.129 compute
#拷贝至计算节点
[root@controller ~]# scp /etc/hosts compute:/etc/
The authenticity of host 'compute (192.168.100.129)' can't be established.
ECDSA key fingerprint is SHA256:nwI74lMTkpXGx0mgh+drkm+bn8TDFXd4E8baxnBO9nA.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'compute,192.168.100.129' (ECDSA) to the list of known hosts.
root@compute's password:
hosts 100% 209 79.8KB/s 00:00
[root@controller ~]# yum install -y vim net-tools bash-completion chrony.x86_64 centos-release-openstack-yoga.noarch
3.2.2 计算节点
[root@compute ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.100.128 controller
192.168.100.129 compute
[root@compute ~]# yum install -y vim net-tools bash-completion chrony.x86_64 centos-release-openstack-yoga.noarch
3.3 NTP时间同步配置
Linux 8 版本开始默认不再支持 ntpdate 工具,换用 chronyd 进行同步
3.3.1 控制节点
[root@controller ~]# vim /etc/chrony.conf
# pool 2.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst
# Allow NTP client access from local network.
#allow 192.168.0.0/16
allow 192.168.100.0/24
#启动服务
[root@controller ~]# systemctl start chronyd.service
[root@controller ~]# systemctl enable chronyd.service
3.3.2 计算节点
[root@compute ~]# vim /etc/chrony.conf
server controller iburst
#启动服务
[root@compute ~]# systemctl start chronyd.service
[root@compute ~]# systemctl enable chronyd.service
3.4 配置YUM源
3.4.1 控制节点
[root@controller ~]# mkdir /etc/yum.repos.d/bak
[root@controller ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
# 执行以下命令添加 yum 源
cat <<EOF > /etc/yum.repos.d/cloudcs.repo
[highavailability]
name=CentOS Stream 8 - HighAvailability
baseurl=https://mirrors.aliyun.com/centos/8-stream/HighAvailability/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[nfv]
name=CentOS Stream 8 - NFV
baseurl=https://mirrors.aliyun.com/centos/8-stream/NFV/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[rt]
name=CentOS Stream 8 - RT
baseurl=https://mirrors.aliyun.com/centos/8-stream/RT/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[resilientstorage]
name=CentOS Stream 8 - ResilientStorage
baseurl=https://mirrors.aliyun.com/centos/8-stream/ResilientStorage/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[extras-common]
name=CentOS Stream 8 - Extras packages
baseurl=https://mirrors.aliyun.com/centos/8-stream/extras/x86_64/extras-common/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Extras-SHA512
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[extras]
name=CentOS Stream $releasever - Extras
mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=extras&infra=$infra
#baseurl=http://mirror.centos.org/$contentdir/$stream/extras/$basearch/os/
baseurl=https://mirrors.aliyun.com/centos/8-stream/extras/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
[centos-ceph-pacific]
name=CentOS - Ceph Pacific
baseurl=https://mirrors.aliyun.com/centos/8-stream/storage/x86_64/ceph-pacific/
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
[centos-rabbitmq-38]
name=CentOS-8 - RabbitMQ 38
baseurl=https://mirrors.aliyun.com/centos/8-stream/messaging/x86_64/rabbitmq-38/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Messaging
[centos-nfv-openvswitch]
name=CentOS Stream 8 - NFV OpenvSwitch
baseurl=https://mirrors.aliyun.com/centos/8-stream/nfv/x86_64/openvswitch-2/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-NFV
module_hotfixes=1
[baseos]
name=CentOS Stream 8 - BaseOS
baseurl=https://mirrors.aliyun.com/centos/8-stream/BaseOS/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[appstream]
name=CentOS Stream 8 - AppStream
baseurl=https://mirrors.aliyun.com/centos/8-stream/AppStream/x86_64/os/
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
gpgcheck=1
repo_gpgcheck=0
metadata_expire=6h
countme=1
enabled=1
[centos-openstack-victoria]
name=CentOS 8 - OpenStack victoria
baseurl=https://mirrors.aliyun.com/centos/8-stream/cloud/x86_64/openstack-victoria/
#baseurl=https://repo.huaweicloud.com/centos/8-stream/cloud/x86_64/openstack-yoga/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
module_hotfixes=1
[powertools]
name=CentOS Stream 8 - PowerTools
#mirrorlist=http://mirrorlist.centos.org/?release=$stream&arch=$basearch&repo=PowerTools&infra=$infra
baseurl=https://mirrors.aliyun.com/centos/8-stream/PowerTools/x86_64/os/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-centosofficial
EOF
[root@controller ~]# ls /etc/yum.repos.d/
bak cloudcs.repo
[root@controller ~]# yum clean all
27 files removed
[root@controller ~]# yum repolist all
repo id repo name status
appstream CentOS Stream 8 - AppStream enabled
baseos CentOS Stream 8 - BaseOS enabled
centos-ceph-pacific CentOS - Ceph Pacific enabled
centos-nfv-openvswitch CentOS Stream 8 - NFV OpenvSwitch enabled
centos-openstack-victoria CentOS 8 - OpenStack victoria enabled
centos-rabbitmq-38 CentOS-8 - RabbitMQ 38 enabled
extras CentOS Stream - Extras enabled
extras-common CentOS Stream 8 - Extras packages enabled
highavailability CentOS Stream 8 - HighAvailability enabled
nfv CentOS Stream 8 - NFV enabled
powertools CentOS Stream 8 - PowerTools enabled
resilientstorage CentOS Stream 8 - ResilientStorage enabled
rt CentOS Stream 8 - RT enable
3.4.2 计算节点
[root@compute ~]# mkdir /etc/yum.repos.d/bak
[root@compute ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
[root@compute ~]# scp controller:/etc/yum.repos.d/cloudcs.repo /etc/yum.repos.d/
The authenticity of host 'controller (192.168.100.128)' can't be established.
ECDSA key fingerprint is SHA256:0wisA68htG476jVggvEX5wWHxAK9nmDDWXzLAmwP8as.
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added 'controller,192.168.100.128' (ECDSA) to the list of known hosts.
root@controller's password:
cloudcs.repo 100% 3304 1.8MB/s 00:00
[root@compute ~]# ls /etc/yum.repos.d/
bak cloudcs.repo
[root@compute ~]# yum clean all
27 files removed
[root@compute ~]# yum repolist all
repo id repo name status
appstream CentOS Stream 8 - AppStream enabled
baseos CentOS Stream 8 - BaseOS enabled
centos-ceph-pacific CentOS - Ceph Pacific enabled
centos-nfv-openvswitch CentOS Stream 8 - NFV OpenvSwitch enabled
centos-openstack-victoria CentOS 8 - OpenStack victoria enabled
centos-rabbitmq-38 CentOS-8 - RabbitMQ 38 enabled
extras CentOS Stream - Extras enabled
extras-common CentOS Stream 8 - Extras packages enabled
highavailability CentOS Stream 8 - HighAvailability enabled
nfv CentOS Stream 8 - NFV enabled
powertools CentOS Stream 8 - PowerTools enabled
resilientstorage CentOS Stream 8 - ResilientStorage enabled
rt CentOS Stream 8 - RT enable
4 安装配置
4.1 控制节点安装 PackStack 工具
[root@controller ~]# yum install -y openstack-packstack
4.2 生成应答文件
[root@controller ~]# packstack -h |grep ans
--gen-answer-file=GEN_ANSWER_FILE
Generate a template of an answer file.
--validate-answer-file=VALIDATE_ANSWER_FILE
Check if answerfile contains unexpected options.
--answer-file=ANSWER_FILE
answerfile will also be generated and should be used
-o, --options Print details on options available in answer file(rst
Packstack a second time with the same answer file and
attribute where y means an account is disabled.
--manila-netapp-transport-type=MANILA_NETAPP_TRANSPORT_TYPE
The transport protocol used when communicating with
[root@controller ~]# packstack --gen-answer-file=cloudcs.txt
Packstack changed given value to required value /root/.ssh/id_rsa.pub
Additional information:
* Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks
4.3 编辑应答文件
注意设置参数 CONFIG_NEUTRON_OVN_BRIDGE_IFACES ,OVN 会自动创建 br-ex 虚拟交换机并使 ens160 桥接到 br-ex 虚拟交换机上,未来云主机通过 br-ex 可以连通外部网络。
[root@controller ~]# vim cloudcs.txt
#修改以下参数内容
CONFIG_COMPUTE_HOSTS=192.168.100.128,192.168.100.129
CONFIG_KEYSTONE_ADMIN_PW=redhat
CONFIG_PROVISION_DEMO=n
CONFIG_HEAT_INSTALL=y
CONFIG_NEUTRON_OVN_BRIDGE_IFACES=br-ex:ens160
4.4 执行应答文件进行安装
[root@controller ~]# packstack --answer-file=cloudcs.txt
Welcome to the Packstack setup utility
The installation log file is available at: /var/tmp/packstack/20230511-170335-nlg10845/openstack-setup.log
Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
root@192.168.100.129's password:
root@192.168.100.128's password:
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries [ DONE ]
Setting up CACERT [ DONE ]
Preparing AMQP entries [ DONE ]
Preparing MariaDB entries [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries [ DONE ]
Preparing Glance entries [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Preparing Cinder entries [ DONE ]
Preparing Nova API entries [ DONE ]
Creating ssh keys for Nova migration [ DONE ]
Gathering ssh host keys for Nova migration [ DONE ]
Preparing Nova Compute entries [ DONE ]
Preparing Nova Scheduler entries [ DONE ]
Preparing Nova VNC Proxy entries [ DONE ]
Preparing OpenStack Network-related Nova entries [ DONE ]
Preparing Nova Common entries [ DONE ]
Preparing Neutron API entries [ DONE ]
Preparing Neutron L3 entries [ DONE ]
Preparing Neutron L2 Agent entries [ DONE ]
Preparing Neutron DHCP Agent entries [ DONE ]
Preparing Neutron Metering Agent entries [ DONE ]
Checking if NetworkManager is enabled and running [ DONE ]
Preparing OpenStack Client entries [ DONE ]
Preparing Horizon entries [ DONE ]
Preparing Swift builder entries [ DONE ]
Preparing Swift proxy entries [ DONE ]
Preparing Swift storage entries [ DONE ]
Preparing Heat entries [ DONE ]
Preparing Heat CloudFormation API entries [ DONE ]
Preparing Gnocchi entries [ DONE ]
Preparing Redis entries [ DONE ]
Preparing Ceilometer entries [ DONE ]
Preparing Aodh entries [ DONE ]
Preparing Puppet manifests [ DONE ]
Copying Puppet modules and manifests [ DONE ]
Applying 192.168.100.128_controller.pp
192.168.100.128_controller.pp: [ DONE ]
Applying 192.168.100.128_network.pp
192.168.100.128_network.pp: [ DONE ]
Applying 192.168.100.129_compute.pp
Applying 192.168.100.128_compute.pp
192.168.100.128_compute.pp: [ DONE ]
192.168.100.129_compute.pp: [ DONE ]
Applying Puppet manifests [ DONE ]
Finalizing [ DONE ]
**** Installation completed successfully ******
Additional information:
* Parameter CONFIG_NEUTRON_L2_AGENT: You have chosen OVN Neutron backend. Note that this backend does not support the VPNaaS plugin. Geneve will be used as the encapsulation method for tenant networks
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
* File /root/keystonerc_admin has been created on OpenStack client host 192.168.100.128. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://192.168.100.128/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* The installation log file is available at: /var/tmp/packstack/20230511-170335-nlg10845/openstack-setup.log
* The generated manifests are available at: /var/tmp/packstack/20230511-170335-nlg10845/manifests
5 完成安装
5.1 测试登录
打开浏览器,访问 http://192.168.100.128/dashboard
5.2 开启 network
5.2.1 控制节点
因关闭 NetworkManager 服务,会导致节点重启后网络无法自动启用,也会导致 openstack 组件异常,所以启用 network 来替代 NetworkManager 服务。
[root@controller ~]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@controller ~]# systemctl start network
5.2.2 计算节点
[root@compute ~]# systemctl enable network
network.service is not a native service, redirecting to systemd-sysv-install.
Executing: /usr/lib/systemd/systemd-sysv-install enable network
[root@compute ~]# systemctl start network
- END