Packstackda搭建Openstack R版本


@环境准备

A、三台Centos7.8实验节点。

B、最小内存设置为4G,Controller节点需要系统盘大小为100,并添加一个大小为200G的空白磁盘,三个节点都可提前删除mapper-home逻辑卷,Network节点和Compute1节点磁盘大小都为100G。

C、配置两块网卡,一张网卡为nat模式,另一张网卡为仅主机模式。

D、虚拟机处理器需要开启虚拟化功能。

E、各节点IP如下所示:

Network节点

Controller节点

Compute节点

Host-only:192.168.101.9

Host-only:192.168.101.10

Host-only:192.168.101.11

NAT:192.168.108.9

NAT:192.168.108.10

NAT:192.168.108.11

F、各节点IP均为静态配置。

G、模板机的网卡名称分别为ens33和ens36。

@配置

A、以下步骤1-8需要对三个节点都进行配置

1、准备yum源,分别为epel、aliyun、和openstack-Rocky的源。

#curl -o     /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#yum -y install wget
#wget -O     /etc/yum.repos.d/epel.repo https://mirrors.aliyun.com/repo/epel-7.repo

2、openstack.repo仓库的书写格式如下所示:

[root@controller ~]# cat /etc/yum.repos.d/openstack.repo 
[Aliyun-rocky]
name=Aliyun-rocky
baseurl=https://mirrors.aliyun.com/centos/$releasever/cloud/$basearch/openstack-rocky/
gpgcheck=0
enabled=1
cost=88

[Aliyun-gemu-ev]
name=Aliyun-gemu-ev
baseurl=https://mirrors.aliyun.com/centos/$releasever/virt/$basearch/kvm-common
gpgcheck=0
enabled=1

3、由于节点是最小化安装的,所以需要下载一些方便后面操作的包。

yum -y install bash-completion vim open-vm-tools

4、设置三个节点的主机名,可用长主机名,短主机名或者长主机名加别名。三台主机的主机名设置如下所示:

[root@controller ~]# for host in controller network compute1; do ssh root@$host hostname; done
controller.cjx.com
network.cjx.com
compute1.cjx.com

5、Controller节点修改/etc/hosts文件。随后使用scp命令将文件复制到其他的节点。

[root@controller ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.101.9 network.cjx.com network
192.168.101.10 controller.cjx.com controller
192.168.101.11 compute1.cjx.com compute1
[root@controller ~]# for host in  network compute1; do scp /etc/hosts root@$host:/etc/hosts; done
hosts                                                                                                                                                                         100%  288   117.9KB/s   00:00    
hosts

6、查看修改是否成功,建议使用ping命令检查。

[root@controller ~]# for host in  network compute1; do  ssh root@$host cat /etc/hosts; done
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.101.9 network.cjx.com network
192.168.101.10 controller.cjx.com controller
192.168.101.11 compute1.cjx.com compute1
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
192.168.101.9 network.cjx.com network
192.168.101.10 controller.cjx.com controller
192.168.101.11 compute1.cjx.com compute1

7、关闭防火墙,设置Selinux为禁用模式,关闭NetworkManager服务(可以在xshell的撰写栏内将命令发送到所有主机内)。

[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
[root@controller ~]# systemctl stop NetworkManager
[root@controller ~]# systemctl disable NetworkManager
[root@controller ~]# head -10 /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@controller ~]# setenforce 0
setenforce: SELinux is disabled
[root@controller ~]# getenforce 
Disabled

8、修改/etc/resolv.conf文件,删除搜索本地的条目,将域名解析服务器的地址设置为NAT网段的网关,VMnet8网段的网关可在【虚拟机网络编辑器】内查看。

[root@controller ~]# cat /etc/resolv.conf
nameserver 192.168.108.2

B、以下步骤9-21,需要在不同节点进行操作

9、在controller节点上生成公钥文件。

[root@controller ~]# ssh-keygen 
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:2XGSemGFwYGnvRnKrZbpMpdHqjO/AOOvkaU34d5yzV8 root@localhost.localdomain
The key's randomart image is:
+---[RSA 3072]----+
|         oo+.    |
|        . +o     |
|         +* .    |
|        .=o=     |
|    o o.Soo+     |
|   . B .o.=      |
|    = =  X    E  |
|     =*+X +  .   |
|    ..+&=o ..    |
+----[SHA256]-----+

10、在controller节点上添加自身的公钥到允许列表内,随后使用ssh-copy-id命令将公钥文件发布到compute1节点和network节点上。

[root@controller ~]# cd ~/.ssh
[root@controller ~]# cat ./id_rsa.pub >> ./authorized_keys
[root@controller ~]# for host in compute1 network 
> do ssh-copy-id root@$host
> done

11、修改SSH服务的配置文件,取消Checking条目注释,并设置内容为no。

[root@controller ~]# cat /etc/ssh/ssh_config
   StrictHostKeyChecking no

12、在所有节点安装leatherman,安装leatherman需指定版本号1.3.0,下面为列出查看版本的方法和安装的过程。

[root@controller ~]# yum list leatherman --showduplicates
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
Installed Packages
leatherman.x86_64                      1.3.0-9.el7                    @Aliyun-rocky
Available Packages
leatherman.x86_64                      1.3.0-9.el7                    Aliyun-rocky 
leatherman.x86_64                      1.10.0-1.el7                   epel

13、在三个节点都去安装leatherman1.3.0。

[root@controller ~]# yum -y install leatherman-1.3.0

14、在controller节点上安装openstack-packstack服务。

[root@controller ~]# yum -y install openstack-packstack

15、在controller节点上使用packstack命令生成应答文件answers.txt。可以使用【packstack --help】命令去查看packstack的用法,下面给出生成应答文件的命令和查询过程。

[root@controller ~]# packstack --help | grep answer
  --gen-answer-file=GEN_ANSWER_FILE
                        Generate a template of an answer file.
  --validate-answer-file=VALIDATE_ANSWER_FILE
                        Check if answerfile contains unexpected options.
  --answer-file=ANSWER_FILE
                        answerfile will also be generated and should be used
  -o, --options         Print details on options available in answer file(rst
                        Packstack a second time with the same answer file and
                        
[root@controller ~]# packstack –gen-answer-file=answers.txt

16、由于生成的应答文件参数比较多,而且应答文件内使用的网段默认为NAT网段的地址,默认为192.168.108.0网段,所以需要使用sed脚本对于应答文件进行修改。下面给出默认脚本的参数。

[root@controller ~]# grep -v ^# answers.txt | grep 192
CONFIG_CONTROLLER_HOST=192.168.108.10
CONFIG_COMPUTE_HOSTS=192.168.108.11
CONFIG_NETWORK_HOSTS=192.168.108.9
CONFIG_STORAGE_HOST=192.168.108.10
CONFIG_SAHARA_HOST=192.168.108.10
CONFIG_AMQP_HOST=192.168.108.10
CONFIG_MARIADB_HOST=192.168.108.10
CONFIG_KEYSTONE_LDAP_URL=ldap://192.168.108.10
CONFIG_REDIS_HOST=192.168.108.10

17、编辑一个sed脚本对于应答文件进行处理。脚本内容如下所示:
(该脚本需要认真检查,任何参数错误都会导致安装失败)

[root@controller ~]# cat sed-scripts 
s/192\.168\.108\.10/192\.168\.101\.10/
/^CONFIG_NETWORK_HOSTS=/cCONFIG_NETWORK_HOSTS=192.168.101.9
/^CONFIG_CONTROLLER_HOST=/cCONFIG_CONTROLLER_HOST=192.168.101.10
/^CONFIG_COMPUTE_HOSTS=/cCONFIG_COMPUTE_HOSTS=192.168.101.11
/^CONFIG_NEUTRON_ML2_TYPE_DRIVERS=/cCONFIG_NEUTRON_ML2_TYPE_DRIVERS=flat,vlan,vxlan,geneve
/^CONFIG_NEUTRON_ML2_FLAT_NETWORKS=/cCONFIG_NEUTRON_ML2_FLAT_NETWORKS=datacenter
/^CONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=/cCONFIG_NEUTRON_OVS_BRIDGE_MAPPINGS=datacenter:br-ex
/^CONFIG_NEUTRON_ML2_VLAN_RANGES=/cCONFIG_NEUTRON_ML2_VLAN_RANGES=datacenter:1000:2000
/^CONFIG_PROVISION_DEMO=/cCONFIG_PROVISION_DEMO=n
/^CONFIG_HEAT_INSTALL=/cCONFIG_HEAT_INSTALL=y
/^CONFIG_CINDER_VOLUMES_CREATE=/cCONFIG_CINDER_VOLUMES_CREATE=n
s/(.+_PW)=[0-9a-z]+/\1= redhat/g

18、使用脚本对于应答文件answers.txt进行更改,修改完成后查看结果。

[root@controller ~]# sed -i -r -f sed-scripts answers.txt 
[root@controller ~]# grep -v ^# answers.txt | grep 192
CONFIG_CONTROLLER_HOST=192.168.101.10
CONFIG_COMPUTE_HOSTS=192.168.101.11
CONFIG_NETWORK_HOSTS=192.168.101.9
CONFIG_STORAGE_HOST=192.168.101.10
CONFIG_SAHARA_HOST=192.168.101.10
CONFIG_AMQP_HOST=192.168.101.10
CONFIG_MARIADB_HOST=192.168.101.10
CONFIG_KEYSTONE_LDAP_URL=ldap://192.168.101.10
CONFIG_REDIS_HOST=192.168.101.10

19、在controller节点上使用新添加的200G硬盘创建一个卷组,卷组的名称为volumes。创建完成后查看卷组是否成功创建。
(卷组的名称是由配置文件决定的,如果没创建卷组或者名称与配置文件无法匹配,那么安装过程会报错)

[root@controller ~]# pvcreate volumes /dev/sdb
[root@controller ~]# lsblk
NAME                                          MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda                                             8:0    0  100G  0 disk 
├─sda1                                          8:1    0    1G  0 part /boot
└─sda2                                          8:2    0 98.9G  0 part 
  ├─centos-root                               253:0    0   95G  0 lvm  /
  └─centos-swap                               253:1    0  3.9G  0 lvm  [SWAP]
sdb                                             8:16   0  200G  0 disk 
├─cinder--volumes-cinder--volumes--pool_tmeta 253:2    0   96M  0 lvm  
│ └─cinder--volumes-cinder--volumes--pool     253:4    0  190G  0 lvm  
└─cinder--volumes-cinder--volumes--pool_tdata 253:3    0  190G  0 lvm  
  └─cinder--volumes-cinder--volumes--pool     253:4    0  190G  0 lvm  
sr0                                            11:0    1  4.5G  0 rom  
loop0                                           7:0    0    2G  0 loop /srv/node/swiftloopback

20、完成上述操作后,在controller节点上进行openstack的安装,使用packstack命令进行安装。如果安装成功会提示scussess,如果失败可以在节点中找到问题所在,安装的时间取决于机器的性能,20-40分钟不等。

[root@controller ~]# packstack --answer-file=answers.txt

21、安装成功的结果如图所示:

openstack M版对接LDAP openstack r_packstack

C、以下操作在Network节点进行操作

22、由于openstack不会自动network节点的网卡进行迁移,所以需要手动进行迁移。使用cd命令切换到/etc/sysconfig/network-scripts目录下,将原来的nat网卡配置文件进行备份,备份完成后修改ifcfg-ens36内的内容,使得ens36网卡桥接到虚拟交换机上。

[root@network ~]# cd /etc/sysconfig/network-scripts/
[root@network network-scripts]# cp ifcfg-ens36 /media/
[root@network network-scripts]# cat ifcfg-ens36 
DEVICE=ens36
DEVICETYPE=ovs
TYPE=OVSPort
ONBOOT=yes
BOOTPROTO=none
OVS_BRIDGE=br-ex

23、使用vim命令添加虚拟网桥br-ex的配置文件ifcfg-br-ex,并写入以下内容。

[root@network network-scripts]# cat ifcfg-br-ex 
DEVICE=br-ex
DEVICETYPE=ovs
TYPE=OVSBridge
BOOTPROTO=none
IPADDR=192.168.108.9
PREFIX=24
GATEWAY=192.168.108.2
DNSl=192.168.108.2
ONBOOT=yes

24、重启网络服务,检验配置是否正确。

[root@network network-scripts]# systemctl restart network

25、自此openstack安装完成,可以使用IP地址/dashboard进行访问。

26、在完成了openstack的安装后,进行ssh操作的时候会提示错误,这时只要下载对应的服务就可以消除这段提示。下面列举错误的提示和解决方法。(可在任意节点进行操作)

Connecting to 192.168.101.9:22...
Connection established.
To escape to local shell, press 'Ctrl+Alt+]'.

WARNING! The remote SSH server rejected X11 forwarding request.
Last login: Sat Jun 19 12:54:56 2021 from 192.168.101.1
net_mlx5: cannot load glue library: libibverbs.so.1: cannot open shared object file: No such file or directory
net_mlx5: cannot initialize PMD due to missing run-time dependency on rdma-core libraries (libibverbs, libmlx5)
PMD: net_mlx4: cannot load glue library: libibverbs.so.1: cannot open shared object file: No such file or directory
PMD: net_mlx4: cannot initialize PMD due to missing run-time dependency on rdma-core libraries (libibverbs, libmlx4)
net_mlx5: cannot load glue library: libibverbs.so.1: cannot open shared object file: No such file or directory
net_mlx5: cannot initialize PMD due to missing run-time dependency on rdma-core libraries (libibverbs, libmlx5)
PMD: net_mlx4: cannot load glue library: libibverbs.so.1: cannot open shared object file: No such file or directory
PMD: net_mlx4: cannot initialize PMD due to missing run-time dependency on rdma-core libraries (libibverbs, libmlx4)
[root@controller ~]# yum -y install libibverbs

@注意

1、删除本地DNS搜索的条目。

2、虚拟机需要联网。

3、报错检查应答文件是否出错,检查sed脚本是否有问题。

4、记得提前创建卷组。

5、查看日志文件 如下表所示,这里会提示那个组件或者配置文件哪里出错,哪个服务出错。

[root@controller ~]# tail /var/log/neutron/server.log 
  Open vSwitch agent  2021-06-19 17:27:14 compute1.cjx.com
  Open vSwitch agent  2021-06-19 17:27:25 network.cjx.com
2021-06-20 03:40:28.427 30682 WARNING neutron.db.agents_db [req-33603833-2294-4033-a487-1a9b1595b007 - - - - -] Agent healthcheck: found 2 dead agents out of 6:
                Type       Last heartbeat host
  Open vSwitch agent  2021-06-19 17:27:14 compute1.cjx.com
  Open vSwitch agent  2021-06-19 17:27:25 network.cjx.com
2021-06-20 03:41:05.999 30682 WARNING neutron.db.agents_db [req-33603833-2294-4033-a487-1a9b1595b007 - - - - -] Agent healthcheck: found 2 dead agents out of 6:
                Type       Last heartbeat host
  Open vSwitch agent  2021-06-19 17:27:14 compute1.cjx.com
  Open vSwitch agent  2021-06-19 17:27:25 network.cjx.com

6、重启可以解决大部分的问题。

7、虚拟机的NAT网段网关不是物理的NAT网卡的网段,网关地址以192.168.108.0/24网段举例子一般是192.168.108.2。

8、注意YUM仓库必须配置好否则无法搭建成功。以下是实验所需要的完整包个数为29,441。

[root@controller ~]# yum repolist
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * base: mirrors.aliyun.com
 * extras: mirrors.aliyun.com
 * updates: mirrors.aliyun.com
repo id                                                                                  repo name                                                                                                        status
Aliyun-rocky/7/x86_64                                                                    Aliyun-rocky                                                                                                      2,746
Aliyun-gemu-ev/7/x86_64                                                                  Aliyun-gemu-ev                                                                                                       63
base/7/x86_64                                                                            CentOS-7 - Base - mirrors.aliyun.com                                                                             10,072
epel/x86_64                                                                              Extra Packages for Enterprise Linux 7 - x86_64                                                                   13,604
extras/7/x86_64                                                                          CentOS-7 - Extras - mirrors.aliyun.com                                                                              498
updates/7/x86_64                                                                         CentOS-7 - Updates - mirrors.aliyun.com                                                                           2,458
repolist: 29,441

制作成员: 蔡君贤

排版: 赖裕新

初审: 蔡君贤

复审: 二月二