Linux 运维手册之 OpenStack 从入门到放弃(Part 4)

 Technique  comment

OpenStack 是一个开源的云计算管理平台,由几个主要的组件组合起来完成具体工作。OpenStack 支持几乎所有类型的云环境,项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。OpenStack通过各种互补的服务提供了基础设施即服务(IaaS)的解决方案,每个服务提供API以进行集成。

安装 OpenStack 服务

控制面板 Horizon

Horizon(OpenStack Dashboard Service) 是整套架构的控制面板,可以在 Web 界面中对虚拟机进行控制,例如:建立实例,销毁实例,修改实例等。

先决条件

Horizon 对系统环境有所要求

本文采用包管理方式进行安装,也可以使用源码方式进行安装。

安装与配置

# yum install openstack-dashboard
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['one.example.com', 'two.example.com']

小贴士:此参数也可配置为 ['*'] 来允许全部主机访问,这可能对开发工作有所帮助,但是它可能导致一些安全问题,不推荐用于生产环境。

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

小贴士:仅仅在 Options 1 架构下进行修改,Options 2 (Layer-3) 架构下请勿操作。

TIME_ZONE = "TIME_ZONE"

小贴士:使用适当的时区替换 TIME_ZONE ,时区详细列表点击此处

添加以下一行到配置文件 /etc/httpd/conf.d/openstack-dashboard.conf 中(若不存在的话)

WSGIApplicationGroup %{GLOBAL}

完成配置

重启服务

# systemctl restart httpd.service memcached.service

块存储服务 Cinder

Cinder(OpenStack Block Storage Service) 为用户提供块存储设备,配置和使用方式和底层驱动程序有关,Cinder 支持多种驱动方案:NAS/SAN、NFS、iSCSI、Ceph 等。

块存储 API 和调度程序通常部署于控制节点上,卷服务可以在控制节点、计算节点或者单独的存储节点上运行。

控制节点

先决条件

连接数据库

$ mysql -u root -p

创建 cinder 数据库

MariaDB [(none)]> CREATE DATABASE cinder;

创建用户并授权

MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
  IDENTIFIED BY 'CINDER_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
  IDENTIFIED BY 'CINDER_DBPASS';

小贴士:替换 CINDER_DBPASS 为合适的密码。

获取 admin 令牌使用管理员专用 CLI 命令

$ . admin-openrc

创建服务认证,完成以下操作。

 $ openstack user create --domain default --password-prompt cinder

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9d7e33de3e1a498390353819bc7d245d |
| name                | cinder                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
$ openstack role add --project service --user cinder admin
 $ openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | eb9fd245bdbc414695952e93f29fe3ac |
| name        | cinderv2                         |
| type        | volumev2                         |
+-------------+----------------------------------+
 $ openstack service create --name cinderv3 \
  --description "OpenStack Block Storage" volumev3

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Block Storage          |
| enabled     | True                             |
| id          | ab3bbbef780845a1a283490d281e7fda |
| name        | cinderv3                         |
| type        | volumev3                         |
+-------------+----------------------------------+

创建用户块存储 API Endpoints

$ openstack endpoint create --region RegionOne \
  volumev2 public http://controller:8776/v2/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 513e73819e14460fb904163f41ef3759         |
| interface    | public                                   |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac         |
| service_name | cinderv2                                 |
| service_type | volumev2                                 |
| url          | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+

$ openstack endpoint create --region RegionOne \
  volumev2 internal http://controller:8776/v2/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 6436a8a23d014cfdb69c586eff146a32         |
| interface    | internal                                 |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac         |
| service_name | cinderv2                                 |
| service_type | volumev2                                 |
| url          | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+

$ openstack endpoint create --region RegionOne \
  volumev2 admin http://controller:8776/v2/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | e652cf84dd334f359ae9b045a2c91d96         |
| interface    | admin                                    |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | eb9fd245bdbc414695952e93f29fe3ac         |
| service_name | cinderv2                                 |
| service_type | volumev2                                 |
| url          | http://controller:8776/v2/%(project_id)s |
+--------------+------------------------------------------+
$ openstack endpoint create --region RegionOne \
  volumev3 public http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 03fa2c90153546c295bf30ca86b1344b         |
| interface    | public                                   |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | ab3bbbef780845a1a283490d281e7fda         |
| service_name | cinderv3                                 |
| service_type | volumev3                                 |
| url          | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+

$ openstack endpoint create --region RegionOne \
  volumev3 internal http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 94f684395d1b41068c70e4ecb11364b2         |
| interface    | internal                                 |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | ab3bbbef780845a1a283490d281e7fda         |
| service_name | cinderv3                                 |
| service_type | volumev3                                 |
| url          | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+

$ openstack endpoint create --region RegionOne \
  volumev3 admin http://controller:8776/v3/%\(project_id\)s

+--------------+------------------------------------------+
| Field        | Value                                    |
+--------------+------------------------------------------+
| enabled      | True                                     |
| id           | 4511c28a0f9840c78bacb25f10f62c98         |
| interface    | admin                                    |
| region       | RegionOne                                |
| region_id    | RegionOne                                |
| service_id   | ab3bbbef780845a1a283490d281e7fda         |
| service_name | cinderv3                                 |
| service_type | volumev3                                 |
| url          | http://controller:8776/v3/%(project_id)s |
+--------------+------------------------------------------+
安装和配置组件

安装以下包

# yum install openstack-cinder

修改 /etc/cinder/cinder.conf 配置文件完成以下操作

[database]
# ...
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

小贴士:替换 CINDER_DBPASS 为 块存储数据库设置的密码。

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller

小贴士:替换 RABBIT_PASS 为 RabbitMQ 中 OpenStack 账户的密码。

[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS

小贴士:替换 CINDER_PASS 为在认证服务中 cinder 用户的密码。

[DEFAULT]
# ...
my_ip = 10.0.0.11

在 [oslo_concurrency] 标签中,配置锁路径。

[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp

填充块存储数据库

# su -s /bin/sh -c "cinder-manage db sync" cinder
配置计算服务使用块存储

修改配置文件 /etc/nova/nova.conf 并完成以下操作

[cinder]
os_region_name = RegionOne
完成安装

重启计算 API 服务

# systemctl restart openstack-nova-api.service

启动块存储服务并配置自启动

# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service

存储节点

先决条件

安装底层支持包

# yum install lvm2 device-mapper-persistent-data
# systemctl enable lvm2-lvmetad.service
# systemctl start lvm2-lvmetad.service

创建 LVM 物理卷 /dev/sdb

# pvcreate /dev/sdb

Physical volume "/dev/sdb" successfully created

创建 LVM 卷组 cinder-volumes

# vgcreate cinder-volumes /dev/sdb

Volume group "cinder-volumes" successfully created

仅提供实例访问块存储卷,但是默认情况下, LVM 卷扫描工具会对 /dev 目录进行扫描发现包含卷的块存储设备,如果项目在卷上使用 LVM ,则扫描工具会对这些卷尝试进行缓存,这可能导致底层系统和卷出现问题。因此必须重新配置 LVM 仅扫描包含 cinder-volumes 卷设备,编辑 /etc/lvm/lvm.conf 配置文件并完成以下操作。

devices {
...
filter = [ "a/sdb/", "r/.*/"]

如果存储节点的系统磁盘使用了 LVM 卷,则必须将系统也添加到过滤器中,例如:/dev/sda

filter = [ "a/sda/", "a/sdb/", "r/.*/"]
安装和配置组件

安装以下包

# yum install openstack-cinder targetcli python-keystone

修改配置文件 /etc/cinder/cinder.conf 并完成以下操作

[database]
# ...
connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder

小贴士:替换 CINDER_DBPASS 为合适的密码。

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller

小贴士:替换 RABBIT_PASS 为在 RabbitMQ 中为 openstack 用账户的密码。

[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = CINDER_PASS

小贴士:替换 CINDER_PASS 为认证服务中 cinder 用户的密码。

[DEFAULT]
# ...
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS

小贴士:替换 MANAGEMENT_INTERFACE_IP_ADDRESS 为管理节点的管理入口,比如 10.0.0.41 为存储集群的第一个节点。

[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
target_protocol = iscsi
target_helper = lioadm
[DEFAULT]
# ...
enabled_backends = lvm
[DEFAULT]
# ...
glance_api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/cinder/tmp
完成安装

启动块存储卷服务并配置自启动

# systemctl enable openstack-cinder-volume.service target.service
# systemctl start openstack-cinder-volume.service target.service

验证操作

获取 admin 令牌使用管理员专用 CLI 命令

$ . admin-openrc

列出并验证卷存储服务

$ openstack volume service list

+------------------+------------+------+---------+-------+----------------------------+
| Binary           | Host       | Zone | Status  | State | Updated_at                 |
+------------------+------------+------+---------+-------+----------------------------+
| cinder-scheduler | controller | nova | enabled | up    | 2016-09-30T02:27:41.000000 |
| cinder-volume    | block@lvm  | nova | enabled | up    | 2016-09-30T02:27:46.000000 |
| cinder-backup    | controller | nova | enabled | up    | 2016-09-30T02:27:41.000000 |
+------------------+------------+------+---------+-------+----------------------------+

附录

相关链接

参考链接

回复