CentOS7安装OpenStack-allinone
2025年成功按照此过程安装openstack-allinone
·
1 安装 CentOS7 环境
CentOS的安装大家都已经很熟悉了,这里就不再进行额外的介绍了。需要留意的是这里的网络配置,安装虚拟机时是NAT网络进行安装,需要配置虚拟机的网络地址和网关与VMNet8一致。
2 配置环境&安装
2.1 修改环境信息
修改主机名,添加主机映射
[root@localhost ~]# hostnamectl set-hostname openstack
[root@localhost ~]# bash
[root@openstack ~]#
实现主机名到 IP 地址的映射通过/etc/hosts文件,注意这里配置的地址要和之前配置的 IP 相同。
[root@openstack ~]# vi /etc/hosts
[root@openstack ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.64.130 openstack
实现本机与远程主机之间设置无密码登陆:
- ssh-keygen:这个命令用来生成一对 SSH 密钥(公钥和私钥)。公钥可以放在远程主机上,私钥保留在本机。这样,通过公钥认证就可以实现安全连接。
- ssh-copy-id root@虚拟机 ip 地址:这个命令的作用是将生成的公钥复制到指定的远程主机(虚拟机)上。这样,未来每次你用 SSH 连接到这台虚拟机时,就不需要输入密码。
上述操作可以让你在本机和虚拟机之间建立一个安全、便捷的 SSH 连接,不需要每次都输入密码。
[root@openstack ~]# ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa):
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:0OeKz9H8jDHa2rJbgHhG0rfm2dMjkBWexvEKVeCm34g root@openstack
The key's randomart image is:
+---[RSA 2048]----+
| =o. |
| . . = = |
| . + + X . |
| + + @ . |
| . + S o |
| o + @ + |
| . E % + |
| o.* O . |
| B=+ o |
+----[SHA256]-----+
[root@openstack ~]# ssh-copy-id root@192.168.64.130
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/root/.ssh/id_rsa.pub"
The authenticity of host '192.168.64.19 (192.168.64.19)' can't be established.
ECDSA key fingerprint is SHA256:TTPItfVkS8dUZgMzdbxqFnwC+bwvYnpcQvmKGbTrMUY.
ECDSA key fingerprint is MD5:2e:68:ee:0e:eb:58:ff:4c:83:7d:c3:11:91:1b:41:af.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.64.130's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'root@192.168.64.19'"
and check to make sure that only the key(s) you wanted were added.
关闭防火墙和 selinux 以及 NetworkManager 服务。为什么关闭这些服务:
- 关闭防火墙
防火墙配置:OpenStack 通常需要多个服务之间进行通信,如果防火墙开启且未正确配置,可能会阻止这些服务之间的流量。通过停止和禁用防火墙,可以避免由防火墙引起的网络问题。 - 关闭 SELinux
SELinux 策略:SELinux 是一个安全模块,可能会限制 OpenStack 服务的某些操作,导致服务无法正常启动或无法正常工作。将 SELinux 设置为宽容模式或禁用,可以避免因 SELinux 策略引起的问题。 - 关闭 NetworkManager
网络管理:OpenStack 对网络配置有特定的要求,使用 NetworkManager 可能会导致与 OpenStack 的网络服务不兼容。关闭 NetworkManager 确保了网络配置的稳定性,便于手动管理网络接口。
在安装 OpenStack 之前,确保这些服务(防火墙、SELinux 和 NetworkManager)不会干扰 OpenStack 的运行,这是一个常见的最佳实践。安装完成后,可以根据需要重新配置这些服务以增强系统的安全性。
#关闭防火墙
systemctl stop firewalld
#这个命令用于立即停止防火墙服务(Firewalld)。在运行此命令后,防火墙将不再过滤网络流量。
systemctl disable firewalld
# 此命令会检查防火墙服务的自启动,确保在系统重启后防火墙不会自动启动。
systemctl status firewalld
# 关闭 SELinux
setenforce 0
# 将 SELinux 从“宽容模式” (permissive mode),在该模式下,所有的访问控制都会被记录,但不实际阻止任何操作。修改为SELINUX=disabled
vi /etc/selinux/config
# 关闭 NetworkManager
systemctl stop NetworkManager
# 停止 NetworkManager 服务,这会关闭所有的网络连接管理。
systemctl disable NetworkManager
# 检查 NetworkManager 的当前状态,以确认其是否已停止或禁用。
systemctl status NetworkManager
2.2 配置 yum 源
清除原本 yum 源的内容,替换为阿里云上 centos7 的 repo 信息
[root@openstack ~]# cd /etc/yum.repos.d/
[root@openstack yum.repos.d]# ls
CentOS-Base.repo CentOS-Debuginfo.repo CentOS-Media.repo CentOS-Vault.repo
CentOS-CR.repo CentOS-fasttrack.repo CentOS-Sources.repo CentOS-x86_64-kernel.repo
[root@openstack yum.repos.d]# rm -rf *
[root@openstack yum.repos.d]# ls
[root@openstack yum.repos.d]# curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 2523 100 2523 0 0 5253 0 --:--:-- --:--:-- --:--:-- 5256
# 安装常用工具
yum -y install vim bash-completion yom-utils
下载 openstack S 版本的 yum 仓库
yum -y install centos-release-openstack-stein
进入到 /etc/yum.repos.d/ 目录下,修改 CentOS-OpenStack-stein.repo 文件。修改对应的 baseurl 为阿里云的源
[centos-openstack-stein]
name=CentOS-7 - OpenStack stein
baseurl=http://mirrors.aliyun.com/$contentdir/$releasever/cloud/$basearch/openstack-stein/
#mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=cloud-openstack-stein
gpgcheck=0
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
exclude=sip,PyQt4
同时修改以下文件
CentOS-Ceph-Nautilus.repo CentOS-NFS-Ganesha-28.repo CentOS-OpenStack-stein.repo CentOS-QEMU-EV.repo
清理缓存并重建缓存索引
yum clean all && yum makecache
2.3 packstack 安装
安装 packstack 工具
yum -y install openstack-packstack
通过 packstack 安装 allinone
packstack --allinone
安装过程如下:
[root@openstack yum.repos.d]# packstack --allinone
Welcome to the Packstack setup utility
The installation log file is available at: /var/tmp/packstack/20250122-103917-v0BSkl/openstack-setup.log
Installing:
Clean Up [ DONE ]
Discovering ip protocol version [ DONE ]
Setting up ssh keys [ DONE ]
Preparing servers [ DONE ]
Pre installing Puppet and discovering hosts' details [ DONE ]
Preparing pre-install entries [ DONE ]
Setting up CACERT [ DONE ]
Preparing AMQP entries [ DONE ]
Preparing MariaDB entries [ DONE ]
Fixing Keystone LDAP config parameters to be undef if empty[ DONE ]
Preparing Keystone entries [ DONE ]
Preparing Glance entries [ DONE ]
Checking if the Cinder server has a cinder-volumes vg[ DONE ]
Preparing Cinder entries [ DONE ]
Preparing Nova API entries [ DONE ]
Creating ssh keys for Nova migration [ DONE ]
Gathering ssh host keys for Nova migration [ DONE ]
Preparing Nova Compute entries [ DONE ]
Preparing Nova Scheduler entries [ DONE ]
Preparing Nova VNC Proxy entries [ DONE ]
Preparing OpenStack Network-related Nova entries [ DONE ]
Preparing Nova Common entries [ DONE ]
Preparing Neutron LBaaS Agent entries [ DONE ]
Preparing Neutron API entries [ DONE ]
Preparing Neutron L3 entries [ DONE ]
Preparing Neutron L2 Agent entries [ DONE ]
Preparing Neutron DHCP Agent entries [ DONE ]
Preparing Neutron Metering Agent entries [ DONE ]
Checking if NetworkManager is enabled and running [ DONE ]
Preparing OpenStack Client entries [ DONE ]
Preparing Horizon entries [ DONE ]
Preparing Swift builder entries [ DONE ]
Preparing Swift proxy entries [ DONE ]
Preparing Swift storage entries [ DONE ]
Preparing Gnocchi entries [ DONE ]
Preparing Redis entries [ DONE ]
Preparing Ceilometer entries [ DONE ]
Preparing Aodh entries [ DONE ]
Preparing Puppet manifests [ DONE ]
Copying Puppet modules and manifests [ DONE ]
Applying 192.168.64.130_controller.pp
192.168.64.130_controller.pp: [ DONE ]
Applying 192.168.64.130_network.pp
192.168.64.130_network.pp: [ DONE ]
Applying 192.168.64.130_compute.pp
192.168.64.130_compute.pp: [ DONE ]
Applying Puppet manifests [ DONE ]
Finalizing [ DONE ]
**** Installation completed successfully ******
Additional information:
* Parameter CONFIG_NEUTRON_L2_AGENT: You have choosen OVN neutron backend. Note that this backend does not support LBaaS, VPNaaS or FWaaS services. Geneve will be used as encapsulation method for tenant networks
* A new answerfile was created in: /root/packstack-answers-20250122-103917.txt
* Time synchronization installation was skipped. Please note that unsynchronized time on server instances might be problem for some OpenStack components.
* File /root/keystonerc_admin has been created on OpenStack client host 192.168.64.130. To use the command line tools you need to source the file.
* To access the OpenStack Dashboard browse to http://192.168.64.130/dashboard .
Please, find your login credentials stored in the keystonerc_admin in your home directory.
* The installation log file is available at: /var/tmp/packstack/20250122-103917-v0BSkl/openstack-setup.log
* The generated manifests are available at: /var/tmp/packstack/20250122-103917-v0BSkl/manifests
安装完成后在 /root 目录下有对应的 packstack-answers 文件,里面包含了安装时候的相关配置信息
3 Openstack 配置
获取登陆名以及用户名和密码
[root@openstack yum.repos.d]# cat ~/keystonerc_admin
unset OS_SERVICE_TOKEN
export OS_USERNAME=admin
export OS_PASSWORD='270e9f2549294264'
export OS_REGION_NAME=RegionOne
export OS_AUTH_URL=http://192.168.64.130:5000/v3
export PS1='[\u@\h \W(keystone_admin)]\$ '
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_IDENTITY_API_VERSION=3
3.1 修改网络信息
将 Openstack 主机网卡添加到 br-ex 网桥上,通过 ip a 查看主机上当前网络接口
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:46:5f:7a brd ff:ff:ff:ff:ff:ff
inet 192.168.64.130/24 brd 192.168.64.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::c020:cdc9:b12d:4120/64 scope link noprefixroute
valid_lft forever preferred_lft forever
切换到 cd /etc/sysconfig/network-scripts/ 目录下,根据上面查询到的网口,将对应的配置文件 copy 一份, cp ifcfg-ens33 ifcfg-br-ex
原本的 ifcfg-ens33 为:
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="ens33"
UUID="0186d0fb-15ab-41ad-8b5f-9bda0e17f214"
DEVICE="ens33"
ONBOOT="yes"
IPADDR="192.168.64.130"
PREFIX="24"
GATEWAY="192.168.64.2"
DNS1="114.114.114.114"
修改 br-ex 网桥的配置文件 vi ifcfg-br-ex
TYPE="OVSBridge"
DEVICETYPE="ovs"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="static"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
NAME="br-ex"
UUID="0186d0fb-15ab-41ad-8b5f-9bda0e17f214"
DEVICE="br-ex"
ONBOOT="yes"
IPADDR="192.168.64.130"
PREFIX="24"
GATEWAY="192.168.64.2"
DNS1="114.114.114.114"
修改对应网卡的配置文件 vi ifcfg-ens33
TYPE="OVSPort"
DEVICETYPE="ovs"
OVS_BRIDGE="br-ex"
BOOTPROTO="static"
NAME="ens33"
UUID="0186d0fb-15ab-41ad-8b5f-9bda0e17f214"
DEVICE="ens33"
ONBOOT="yes"
重启 network 服务
systemctl restart network
重启后通过 ip a 可以验证配置的修改,新增了 br-ex 网卡,并且绑定了 IP
1: lo: mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: ens33: mtu 1500 qdisc pfifo_fast master ovs-system state UP group d
efault qlen 1000
link/ether 00:0c:29:46:5f:7a brd ff:ff:ff:ff:ff:ff
inet6 fe80::20c:29ff:fe46:5f7a/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 3a:ba:e3:37:8b:1b brd ff:ff:ff:ff:ff:ff
4: br-int: mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 8e:dd:93:64:3c:42 brd ff:ff:ff:ff:ff:ff
8: br-ex: mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 00:0c:29:46:5f:7a brd ff:ff:ff:ff:ff:ff
inet 192.168.64.130/24 brd 192.168.64.255 scope global br-ex
valid_lft forever preferred_lft forever
inet6 fe80::5cd8:59ff:feba:694d/64 scope link
valid_lft forever preferred_lft forever
3.2 管理员网络重新配置外网以及路由
先通过 dashboard 去登录管理员的账号,然后去管理员中的网络中,删除自带的路由,删除自带的 public 外部网络。
创建外部网络,创建网络的时候供应商网络选择 flat,项目选择 admin,物理网络填入 extnet,原因在生成的文件(所在目录为/root)中找到 CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=extnet:br-ex 这句,而物理网络不能重复并且要看一下文件中的配置,这里是 extnet,然后勾选外部网络。
创建子网时,网络地址格式如图,网关可以通过ip a去查看自己虚拟机的网关,在子网详情中,分配地址池填入想要的范围,推荐留下前后10位,DNS填114.114.114.114。
在配置子网能够分配的 DHCP 地址池时,需要注意不能和 VMware NAT 网络 DHCP 配置的网段重合。
然后去 [[OpenStack DashBoard使用#2.2 创建路由| 新建路由]],外部网络选择刚刚新建的网络就可以了,这样通过这个路由的接口网络都可以ping通外网。
4 openstack 环境变量
安装完成后,后台执行 openstack service list 命令会提示
Missing value auth-url required for auth plugin password
这个是因为需要导入 keystone 环境变量文件,该文件在 /root 目录下。需要执行 source 命令将其导入到环境变量才可以执行。
source keystonerc_admin
通过 source 导入的环境变量只在当前 shell 有效,需要将其加入到 .bash_profile 用户环境变量中。vim ~/.bash_profile,将上面的 source 命令加入其中。
为了解决 source 之后前面的主机名展示过长的问题,可以将 keystone 中的设置主机展示名称的部分注释掉。
有“AI”的1024 = 2048,欢迎大家加入2048 AI社区
更多推荐
21
0- 0
已为社区贡献1条内容
所有评论(0)