在云计算的潮流下,越来越多的企业开始构建自己的云平台,以提高数据的安全性、灵活性和可用性。其中,OpenStack是一款广为使用的开源软件,其提供的私有云服务在多个场景下都拥有着不错的表现。本文将围绕“OpenStack搭建教程”为主题,详解如何使用OpenStack搭建私有云服务。
一、OpenStack搭建前的准备
1.硬件要求
OpenStack的搭建需要足够大的计算资源,建议至少需要一台物理服务器。确保服务器满足以下要求:
- 16GB及以上内存
- 4核及以上处理器
- 200GB以上硬盘
2.软件要求
因为OpenStack本身是一个开源软件组合,因此安装搭建过程中需要用到多个软件及工具,如git、Python、pip等。确保计算机上已经安装了以下软件:
- Git
- Python 2.7
- Pip
3.网络要求
OpenStack的搭建需要至少两个网络接口,一个用于管理网络,一个用于数据网络。保证计算机的网络配置合理即可。
二、OpenStack安装环境的搭建
1.安装和配置NTP服务
OpenStack构建过程中时间同步非常重要,因此需要提前安装和配置NTP服务。首先需要安装ntpdate包,执行以下命令进行安装:
```bash
yum install ntpdate
```
安装完成后,运行ntpdate命令进行时间同步:
```bash
ntpdate 0.us.pool.ntp.org
```
接着安装NTP服务:
```bash
yum install ntp
```
配置时区:
```bash
timedatectl set-timezone Asia/Shanghai
```
2.安装和配置MariaDB
OpenStack默认使用MySQL作为数据库,但在某些情况下会出现MySQL版本不兼容等问题,因此我们采用MariaDB做为数据库。使用以下命令进行安装:
```bash
yum install mariadb mariadb-server python2-PyMySQL
```
安装完成后,使用以下命令启动MariaDB:
```bash
systemctl start mariadb
```
设置MariaDB服务开机启动:
```bash
systemctl enable mariadb
```
安装完成后,我们需要对MariaDB进行一些基本配置,执行以下命令进入MariaDB:
```bash
mysql_secure_installation
```
按照提示进行配置,包括设置root密码,是否删除匿名用户等。
3.安装和配置RabbitMQ
OpenStack使用消息队列系统进行通信,因此需要安装和配置消息服务器。我们选择安装并配置RabbitMQ。使用以下命令安装RabbitMQ:
```bash
yum install rabbitmq-server
```
安装完成后,使用以下命令启动RabbitMQ:
```bash
systemctl start rabbitmq-server
```
设置RabbitMQ服务开机启动:
```bash
systemctl enable rabbitmq-server
```
然后我们创建一个openstack用户并分配相关权限:
```bash
rabbitmqctl add_user openstack PASSWORD
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
```
4.安装和配置Memcached
OpenStack中的一些服务需要使用Memcached,因此需要安装和配置Memcached。使用以下命令进行安装:
```bash
yum install memcached python-memcached
```
安装完成后,使用以下命令启动Memcached:
```bash
systemctl start memcached
```
设置Memcached服务开机启动:
```bash
systemctl enable memcached
```
5.安装和配置Keystone
Keystone是OpenStack的身份认证服务,管理用户和租户的身份认证以及服务和API令牌。首先需要安装Keystone:
```bash
yum install openstack-keystone httpd mod_wsgi
```
安装完成后,编辑/etc/keystone/keystone.conf文件进行配置,具体如下:
```python
[DEFAULT]
verbose = True
[token]
provider = fernet
```
接着使用以下命令进行数据库初始化:
```bash
su -s /bin/sh -c "keystone-manage db_sync" keystone
```
完成初始化后,使用以下命令填充Keystone数据库:
```bash
keystone-manage bootstrap --bootstrap-password PASSWORD \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
```
然后按照以下方式配置Apache:
```bash
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd
systemctl restart httpd
```
配置完成后,执行以下命令创建一个名为admin的用户:
```bash
export OS_USERNAME=admin
export OS_PASSWORD=PASSWORD
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
```
6.安装和配置Glance
Glance是OpenStack的镜像服务,用于管理和存储虚拟机镜像。使用以下命令安装Glance:
```bash
yum install openstack-glance
```
安装完成后,编辑/etc/glance/glance-api.conf和/etc/glance/glance-registry.conf配置文件,具体如下:
/etc/glance/glance-api.conf
```python
[DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
my_ip =
enabled_backends = file,http
notification_driver = messagingv2
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:35357/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
```
/etc/glance/glance-registry.conf
```python
[DEFAULT]
verbose = True
rpc_backend = rabbit
auth_strategy = keystone
my_ip =
notification_driver = messagingv2
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:35357/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
flavor = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
```
接着执行以下命令进行数据库初始化:
```bash
su -s /bin/sh -c "glance-manage db_sync" glance
```
最后重启glance服务:
```bash
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
```
7.安装和配置Nova
Nova是OpenStack的计算服务,用于创建和管理计算实例(虚拟机)。首先使用以下命令安装Nova相关服务:
```bash
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
```
然后编辑/etc/nova/nova.conf文件进行配置,具体如下:
```python
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@controller
my_ip =
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
scheduler_default_filters = RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter
enabled_scheduler_filters = RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,CoreFilter
[api_database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:35357/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS
[vnc]
enabled = true
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address =
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
auth_url = http://controller:35357/v3
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
```
接着执行以下命令进行数据库初始化:
```bash
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
```
最后重启nova服务:
```bash
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
```
8.安装和配置Neutron
Neutron是OpenStack的网络服务,用于管理虚拟网络。首先使用以下命令安装Neutron服务及相关组件:
```bash
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
```
然后编辑/etc/neutron/neutron.conf文件进行配置,具体如下:
```python
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
verbose = True
auth_strategy = keystone
rpc_backend = rabbit
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
nova_region_name = RegionOne
nova_admin_auth_url = http://controller:35357/v3
nova_admin_username = nova
nova_admin_password = NOVA_PASS
nova_admin_tenant_id = SERVICE_TENANT_ID
nova_admin_auth_type = password
vif_plugging_is_fatal = True
vif_plugging_timeout = 300
vif_plugging_retry_max_attempts = 10
vif_plugging_retry_interval = 1
dhcp_agents_per_network = 2
dhcp_agent_notification = True
dhcp_lease_duration = 86400
l3_ha = True
max_l3_agents_per_router = 2
external_network_bridge = br-ex
router_distributed = True
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000/v3
auth_url = http://controller:35357/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
```
然后编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件进行配置,具体如下:
```python
[ml2]
tenant_network_types = vxlan
type_drivers = flat,vlan,vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vxlan]
vni_ranges = 1:1000
[ml2_type_vlan]
network_vlan_ranges = public
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_ipset = True
```
最后重启neutron服务:
```bash
systemctl enable neutron-server.service
systemctl restart neutron-server.service
```
9.安装和配置Horizon
Horizon是OpenStack的Web管理界面。使用以下命令安装Horizon:
```bash
yum install openstack-dashboard
```
安装完毕后,编辑/etc/openstack-dashboard/local_settings文件进行配置,具体如下:
```python
ALLOWED_HOSTS = ['*', ]
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': True,
'enable_quotas': True,
'enable_ipv6': True,
'enable_distributed_router': True,
'enable_ha_router': True,
'enable_lb': True,
'enable_firewall': True,
'enable_vpn': True,
'enable_fip_topology_check': True,
'fip_topology_check_minimum_version': '9.0.0',
}
HORIZON_CONFIG = {
'password_autocomplete': 'off',
'django_compressor_enabled': True,
'exceptions': {'recoverable': exceptions.RECOVERABLE},
'default_host': '127.0.0.1',
'user_home': None,
'help_url': "https://docs.openstack.org",
'logout_url': None,
}
```
最后重新启动Horizon服务:
```bash
systemctl restart httpd.service memcached.service
```
三、 OpenStack私有云的测试及优化
为了保证安装的OpenStack私有云的正常运行,我们需要对其进行测试及优化。下面介绍一些常用的测试和优化策略。
1.测试策略
- 测试实例的启动时间,确保启动时间在合理范围内;
- 对实例进行ping、SSH等基本测试,确保网络和计算资源正常;
- 对虚拟网络进行测试,包括创建网络,设置防火墙规则,设定安全组等。
2.优化策略
- 针对不同的业务场景,调整计算实例的配置,包括CPU、内存、硬盘等;
- 调整虚拟网络设置,确保网络拓扑结构合理,并合理设置防火墙规则、安全组等;
- 对不同的服务组件进行优化,如数据库优化、消息服务器优化等。
结语
OpenStack的安装需要一定的技术基础和经验,对于初学者而言可能比较困难。但OpenStack作为开源软件,其强大的功能和广泛的应用场景,使其成为了企业构建私有云的首选。希望本文提供的OpenStack搭建教程能够帮助初学者们快速上手OpenStack,为企业的云计算之路添砖加瓦。
QQ客服专员
电话客服专员