Shulou(Shulou.com)06/03 Report--

Description: the first three chapters are about the first complete deployment of openstack mitaka, and after this period of study, it has been redeployed twice. The content of this chapter is the third time to fully deploy openstack mitaka, adding firewall configuration and fixing some problems. In addition, because the virtual machine is reinstalled, the hostname may be slightly different from the previous one.

4. Computing services

4.1. Install and configure the control node

4.1.1. Credentials for creating database service and API endpoints

4.1.1.1. In order to create a database, you must complete these steps

Use the database connection client to connect to the database server as the root user:

$mysql-u root-p

Create nova_api and nova databases:

CREATE DATABASE nova_api

CREATE DATABASE nova

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY' Prisssw0rd'

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY' Prisssw0rd'

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY' Prisssw0rd'

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY' Prisssw0rd'

4.1.1.2. Obtain admin credentials to gain access to commands that only administrators can execute:

$. Admin-openrc

4.1.1.3. Create a service certificate and complete these steps:

To create a nova user:

$openstack user create-domain default-password-prompt nova

-- set password: P@ssw0rd

Add admin roles to nova users

$openstack role add-project service-user nova admin

Create a nova service entity:

$openstack service create-name nova-description "OpenStack Compute" compute

4.1.1.4. Create a Compute service API endpoint:

$openstack endpoint create-- region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s

$openstack endpoint create-- region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s

$openstack endpoint create-- region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s

Control node firewall open port: 8774

# firewall-cmd-permanent-add-port=8774/tcp

# firewall-cmd-reload

Confirm that the port is open successfully

# firewall-cmd-list-all

4.1.2. Secure and configure components

4.1.2.1. Install the package:

# yum install-y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler

4.1.2.2. Edit the vi / etc/nova/nova.conf file and complete the following

In the ``[DEFAULT]`` section, only computing and metadata API are enabled:

Enabled_apis = osapi_compute,metadata

Rpc_backend = rabbit

Auth_strategy = keystone

My_ip = 111.111.111.201

Use_neutron = True

Firewall_driver = nova.virt.firewall.NoopFirewallDriver

In the ``[api_database]`` section, configure the connection to the database:

Connection = mysql+pymysql://nova:P@ssw0rd@controller/nova_api

In the ``[database]`` section, configure the connection to the database:

Connection = mysql+pymysql://nova:P@ssw0rd@controller/nova

In the "[oslo_messaging_rabbit]" section, configure "RabbitMQ" message queuing access:

Rabbit_host = controller

Rabbit_userid = openstack

Rabbit_password = P@ssw0rd

In the "[keystone_authtoken]" section, configure authentication service access:

Auth_uri = http://controller:5000

Auth_url = http://controller:35357

Memcached_servers = controller:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = nova

Password = P@ssw0rd

Note: comment or delete other options in [keystone_authtoken].

In the ``[vnc]`` section, configure the VNC agent to use the IP address of the management interface of the control node:

Vncserver_listen = $my_ip

Vncserver_proxyclient_address = $my_ip

In the "glance" area, configure the location of the image service API:

Api_servers = http://controller:9292

In the [oslo_concurrency] section, configure the lock path:

Lock_path = / var/lib/nova/tmp

4.1.2.3. Synchronize Compute database:

# su-s / bin/sh-c "nova-manage api_db sync" nova

# su-s / bin/sh-c "nova-manage db sync" nova

4.1.3. Start the Compute service and set it to start with the system:

# systemctl enable openstack-nova-api\

Openstack-nova-consoleauth openstack-nova-scheduler\

Openstack-nova-conductor openstack-nova-novncproxy

# systemctl start openstack-nova-api\

Openstack-nova-consoleauth openstack-nova-scheduler\

Openstack-nova-conductor openstack-nova-novncproxy

# systemctl status openstack-nova-api\

Openstack-nova-consoleauth openstack-nova-scheduler\

Openstack-nova-conductor openstack-nova-novncproxy

Control node firewall open ports: 6080, 5672, 5900

Firewall-cmd-permanent-add-port=6080/tcp

Firewall-cmd-permanent-add-port=5672/tcp

Firewall-cmd-permanent-add-port=5900/tcp

Firewall-cmd-reload

Confirm that the port is open successfully

# firewall-cmd-list-all

4.2. Install and configure compute nodes

4.2.1. Secure and configure components

4.2.1.1. Install the software package:

# yum install openstack-nova-compute-y

4.2.1.2. Edit the vi / etc/nova/nova.conf file and complete the following:

In the ``[DEFAULT]`` section, configure the connection of ``RabbitMQ`` message queue:

Rpc_backend = rabbit

Auth_strategy = keystone

My_ip = 111.111.111.202

Use_neutron = True

Firewall_driver = nova.virt.firewall.NoopFirewallDriver

In the [oslo_messaging_rabbit] section, configure the connection of ``RabbitMQ`` message queue:

Rabbit_host = controller

Rabbit_userid = openstack

Rabbit_password = P@ssw0rd

In the "[keystone_authtoken]" section, configure authentication service access:

Auth_uri = http://controller:5000

Auth_url = http://controller:35357

Memcached_servers = controller:11211

Auth_type = password

Project_domain_name = default

User_domain_name = default

Project_name = service

Username = nova

Password = P@ssw0rd

Note: comment or delete other options in [keystone_authtoken].

In the ``[vnc]`` section, enable and configure remote console access:

Enabled = True

Vncserver_listen = 0.0.0.0

Vncserver_proxyclient_address = $my_ip

Novncproxy_base_url = http://controller:6080/vnc_auto.html

The server component listens for all IP addresses, while the proxy component listens for only the IP address of the compute node's management network interface. The basic URL indicates where you can access the remote console of the instance on that compute node using a web browser.

In the "glance" area, configure the location of the image service API:

Api_servers = http://controller:9292

In the [oslo_concurrency] section, configure the lock path:

Lock_path = / var/lib/nova/tmp

Compute node firewall open ports: 6080, 5672, 5900

Firewall-cmd-permanent-add-port=6080/tcp

Firewall-cmd-permanent-add-port=5672/tcp

Firewall-cmd-permanent-add-port=5900/tcp

Firewall-cmd-reload

Confirm that the port is open successfully

# firewall-cmd-list-all

4.2.2. Complete the installation:

4.2.2.1. Determine whether the compute node supports hardware acceleration of virtual machines.

$egrep-c'(vmx | svm)'/ proc/cpuinfo

If this command returns the value of one or greater, then your compute node supports hardware acceleration and does not require additional configuration.

If this command returns a zero value, then your compute node does not support hardware acceleration. You must configure libvirt to use QEMU instead of KVM

Hardware acceleration is not supported because it is a virtual machine. Continue to configure

4.2.2.2. Make the following edits in the [libvirt] area of the vi / etc/nova/nova.conf file:

Virt_type = qemu

4.2.2.3, start the computing service and its dependencies, and configure it to start automatically with the system:

# systemctl enable libvirtd openstack-nova-compute

# systemctl start libvirtd openstack-nova-compute

# systemctl status libvirtd openstack-nova-compute

4.3. Verify computing service operations

Execute at the control node:

4.3.1. Obtain admin credentials to gain access to commands that only administrators can execute:

$. Admin-openrc

4.3.2. List the service components to verify that each process was successfully started and registered:

$openstack compute service list

Note: this output should show that three service components are enabled on the control node and one service component is enabled on the compute node.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.