OpenStack私有云基础架构与运维（openEuler版）（微课版）-实操手册 项目3 云基础架构平台部署

云基础架构部署模块简介经过OpenStack更深入地学习和实践，通过梳理其不同的部署方式，选择最适合行业应用的Kolla-ansible部署模式完成OpenStack云平台的搭建，并进一步掌握云平台的扩容方法。模块知识（1）掌握Kolla-ansible部署模式搭建云平台的技能（2）掌握云平台扩容的方法（3）具备OpenStack云平台部署的能力环境准备云基础环境构建单节点部署OpenStack云平台，各节点主机名和IP地规划见表1-1。表1-1各节点主机名和IP地址规划列表（单节点部署模式下）节点类型主机名内部管理IP实例通信IPall-in-one节点controller11典型云平台部署双节点部署OpenStack云平台，各节点主机名和IP地址规划见表2-1。表2-1各节点主机名和IP地址规划列表（双节点部署模式下）节点类型主机名内部管理IP实例通信IP控制节点controller00计算节点compute0100OpenStack基础平台扩容多节点部署OpenStack云平台，各节点主机名和IP地址规划见表3-1。表3-1各节点主机名和IP地址规划列表（多节点部署模式下）节点类型主机名内部管理IP实例通信IP控制节点controller00计算节点1compute0100节点类型计算节点2主机名compute02内部管理IP0实例通信IP0模块内容实战案例——云基础环境构建系统基本环境设置（1）修改主机名#hostnamectlset-hostnamecontroller#hostnamectlset-hostnamecontroller#execbash（2）修改网卡地址（线上环境此步骤不需要）按照规划节点的IP规划，配置all-in-one节点的静态IP地址，修改以下示例配置中的参数。#cat/etc/sysconfig/network-scripts/ifcfg-ens160#cat/etc/sysconfig/network-scripts/ifcfg-ens160… … …BOOTPROTO=noneONBOOT=yesIPADDR=1PREFIX=24#cat/etc/sysconfig/network-scripts/ifcfg-ens224… … …BOOTPROTO=noneNBOOT=yesIPADDR=1PREFIX=24GATEWAY=DNS1=DNS2=9载入网卡配置并启动相应的网卡。#nmclicreload#nmclicreload#nmclicupens160#nmclicupens224（3）配置本地DNF源将提供的yoga-repo文件上传到系统的/opt目录,使用离线源进行实验，修改方式如下。#mv/etc/yum.repos.d/*/media/#mv/etc/yum.repos.d/*/media/#cat<<MXD>/etc/yum.repos.d/openEuler.repo[openEuler22.09]name=openstackbaseurl=file:///opt/yoga-repo/gpgcheck=0MXD安装Ansible和Kolla-ansible（1）为了可以使用pip3安装和管理Python3软件包，安装pip3。#dnf-yinstallpython3-pip#dnf-yinstallpython3-pip（3）使用清华镜像源来加速pip安装包的下载速度。#mkdir.pip#mkdir.pip#cat<<WXIC>.pip/pip.conf[global]index-url=/simple[install]trusted-host=WXIC（4）更新Python3中的pip工具到最新版本，保证pip工具的可用性和安全性。#pip3install--ignore-installed--upgradepip#pip3install--ignore-installed--upgradepip（5）使用以下命令安装Ansible，并查看所安装的版本号。#pip3install-U'ansible>=4,<6'#pip3install-U'ansible>=4,<6'#ansible--version（6）安装Kolla-ansible和Kolla-ansible环境必需的依赖项。##dnf-yinstallgitpython3-devellibffi-develgccopenssl-develpython3-libselinux#dnf-yinstallopenstack-kolla-ansible#kolla-ansible--version14.2.0（7）创建Kolla-ansible配置文件目录。#mkdir-p/etc/kolla/{globals.d,config}#mkdir-p/etc/kolla/{globals.d,config}#chown$USER:$USER/etc/kolla（8）将inventory文件复制到/etc/ansible目录。#mkdir/etc/ansible#mkdir/etc/ansible#cp/usr/share/kolla-ansible/ansible/inventory/*/etc/ansible（9）随着Kolla-ansible版本的更迭，从Yoga版本开始需要安装AnsibleGalaxy的依赖项，执行以下命令安装。#pip3installcryptography==38.0.4#pip3installcryptography==38.0.4#tarxvfkolla-ansible-deps.tar.gz-C/root/.ansibleAnsible运行配置优化在使用Kolla-ansible部署OpenStack时，它会执行大量的命令和任务，因此对Ansible进行调优可以加快执行速度，具体的优化如下。#cat<<MXD>#cat<<MXD>/etc/ansible/ansible.cfg[defaults]#SSH服务关闭密钥检测host_key_checking=False#如果不使用sudo，建议开启pipelining=True#执行任务的并发数forks=100timeout=800#禁用警告#devel_warning=Falsedeprecation_warnings=False#显示每个任务花费的时间callback_whitelist=profile_tasks#记录Ansible的输出，相对路径表示log_path=wxic_cloud.log#主机清单文件,相对路径表示inventory=yoga_all-in-one#命令执行环境，也可更改为/bin/bashexecutable=/bin/shremote_port=22remote_user=root#默认输出的详细程度#可选值0、1、2、3、4等#值越高输出越详细verbosity=0show_custom_stats=Trueinterpreter_python=auto_legacy_silent[colors]#成功的任务绿色显示ok=green#跳过的任务使用亮灰色显示skip=brightgray#警告使用亮紫色显示warn=brightpurple[privilege_escalation]become_user=root[galaxy]display_progress=TrueMXD修改好以后，可以使用ansible-configview命令查看。#ansible-configview#ansible-configview[defaults]#SSH服务关闭密钥检测host_key_checking=False… … …Kolla-ansible环境初始配置（1）修改主机清单文件进入/etc/ansible目录，将提供的主机清单all-in-one文件过滤掉注释和空行，覆盖到yoga_all-in-one文件。#cd/etc/ansible/#cd/etc/ansible/#awk'!/^#/&&!/^$/'all-in-one>yoga_all-in-one#ansible-mpingalllocalhost|SUCCESS=>{"ansible_facts"#ansible-mpingalllocalhost|SUCCESS=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python3.10"},"changed":false,"ping":"pong"}（3）配置OpenStack各服务组件的密码在使用Kolla-ansible部署OpenStackYoga平台时，各个服务组件的密码存储文件中，此文件默认所有的密码是空白的，必须手动或者通过运行随机密码生成器来填写，在部署时建议使用随机密码生成器来生成各个服务的密码，命令如下。#kolla-genpwd#kolla-genpwd修改Horizon界面登录密码为wxic@2024。#sed-i's/keystone_admin_password:.*/keystone_admin_password:#sed-i's/keystone_admin_password:.*/keystone_admin_password:wxic@2024/g'/etc/kolla/passwords.yml#grepkeystone_admin/etc/kolla/passwords.ymlkeystone_admin_password:wxic@2024（4）编辑globals.yml文件本次部署all-in-one时只安装了OpenStack的核心组件，在globals.yml指定参数enable_openstack_core:"yes"，安装Glance、Keystone、Neutron、Nova、Heat和Horizon服务，的地址，因为本次Haproxy和keepalived都未启用，故该地址为ens160网卡的地址（本次部署使用1），部署完成后使用该地址登录Horizon。#cd/etc/kolla/#cd/etc/kolla/#cpglobals.yml{,_bak}#cat<<MXD>globals.yml---kolla_base_distro:"ubuntu"kolla_install_type:"source"openstack_release:"yoga"kolla_internal_vip_address:"1"kolla_sysctl_conf_path:/etc/sysctl.confdocker_client_timeout:120network_interface:"ens160"network_address_family:"ipv4"neutron_external_interface:"ens224"neutron_plugin_agent:"openvswitch"neutron_ipam_driver:"internal"openstack_region_name:"RegionWxic"openstack_logging_debug:openstack_logging_debug:"False"enable_openstack_core:"yes"glance_backend_file:"yes"nova_compute_virt_type:"kvm"nova_console:"novnc"enable_haproxy:"no"enable_keepalived:"no"MXD在/etc/kolla/config/目录自定义Neutron服务的一些配置，这将在部署集群时使用自定义的配置覆盖掉默认的配置。#cd/etc/kolla/config/#cd/etc/kolla/config/#mkdirneutron#cat<<MXD>neutron/dhcp_agent.ini[DEFAULT]dnsmasq_dns_servers=,,9MXD#cat<<MXD>neutron/ml2_conf.ini[ml2]tenant_network_types=flat,vxlan,vlan[ml2_type_vlan]network_vlan_ranges=provider:10:1000[ml2_type_flat]flat_networks=providerMXD#cat<<MXD>neutron/openvswitch_agent.ini[securitygroup]firewall_driver=openvswitch[ovs]bridge_mappings=provider:br-exMXD部署集群环境在all-in-one节点安装OpenStackCLI客户端。#dnf-yinstallpython3-openstackclient#dnf-yinstallpython3-openstackclient在all-in-one节点使用命令安装OpenStack集群所需要的基础依赖项和修改一些配置文件，如安装Docker和修改Hosts文件等，命令如下。#kolla-ansiblebootstrap-servers#kolla-ansiblebootstrap-servers在all-in-one节点进行部署前检查，openEuler22.09系统执行过程中如果出现"openEulerreleaseNAversion22.09isnotsupported.Supportedreleasesare:20.03"提示，不必理会继续接下来的操作，不会影响后面的部署，命令如下。#kolla-ansibleprechecks#kolla-ansibleprechecks在all-in-one节点使用以下命令下载OpenStack集群all-in-one节点所需要的全部镜像。#dockerpull99cloud/skyline:latest#dockerpull99cloud/skyline:latest#kolla-ansiblepull在all-in-one节点执行以下命令部署OpenStack集群。#kolla-ansibledeploy#kolla-ansibledeploy上述步骤完成后，OpenStack集群部署结束，所有的服务已经启动并正常运行，输入globals.yml文件中定义的kolla_internal_vip_address地址在浏览器登录Horizon界面，用户名为admin，密码为passwords.yml文件中keystone_admin_password的值wxic@2024。OpenStackCLI客户端设置OpenStack集群部署完成后，客户端执行命令则需要生成clouds.yaml和admin-openrc.sh文件，这些是管理员（admin）用户的凭据，执行以下命令。#kolla-ansiblepost-deploy#kolla-ansiblepost-deploy执行以下命令，将生成的文件移动到/etc/openstack目录下，并在/etc/profile.d/目录编写/openstack-yoga.sh脚本。#mkdir/etc/openstack#mkdir/etc/openstack#mv/etc/kolla/admin-openrc.sh/etc/openstack/#cat<<MXD>/etc/profile.d/openstack-yoga.sh#!/usr/bin/envbashsource/etc/openstack/admin-openrc.shMXD#logout使用OpenStack相关命令验证客户端是否可以正常使用和服务是否正常启动，执行结果如下所示。++----------------+----------+-----------+--------+---------+-----+-----------+2023-04-17T07:48:45000000up |enabled||novacontrollernova-compute ||5106b3e5-e73d-4f2f-aa66-47bbec61b2682023-04-17T07:48:45.000000up |enabled||internalcontrollernova-conductor ||1e8b67c1-1092-4274-ad2b-43e8cea9cce12023-04-17T07:48:46.000000up |enabled||internal| nova-scheduler | controllerfb6b76c1-7d67-4414-89d9-fee50fb72ff3|||||||||+----------------+----------+-----------+--------+---------+-----+-----------+| Status | State | Updated| ZoneHostBinary || ID |At |#openstackcomputeservicelist+----------------+----------+-----------+--------+---------+-----+-----------+安装Skyline服务Skyline是新一代的OpenStack管理界面，由九州云于2021年9月捐献给OpenStack社区。同年12月末，Skyline孵化完成，成为OpenStack正式项目。（1）创建Skyline服务的数据库在MariaDB容器中创建Skyline服务的数据库并赋予远程访问权限，命令及执行结果如下所示。#grep^database/etc/kolla/passwords.yml#grep^database/etc/kolla/passwords.ymldatabase_password:BraVkrGCC4hj59EXRYp9viZj8X8YM5CBC3v6l6Bn##dockercontainerls-fname=mariadb--format='{{.ID}}'58bd2b1faf08#dockerexec-it58bd2b1faf08sh(mariadb)[mysql@controller/]$mysql-uroot-pBraVkrGCC4hj59EXRYp9viZj8X8YM5CBC3v6l6BnWelcometotheMariaDBmonitor. Commandsendwith;or\g.YourMariaDBconnectionidis30361Serverversion:10.6.11-MariaDB-1:10.6.11+maria~binarydistributionCopyright(c)2000,2018,Oracle,MariaDBCorporationAbandothers.Type'help;'or'\h'forhelp.Type'\c'toclearthecurrentinputstatement.MariaDB[(none)]>CREATEDATABASEskylineDEFAULTCHARACTERSETutf8DEFAULTCOLLATEutf8_general_ci;QueryOK,1rowaffected(0.004sec)MariaDB[(none)]>GRANTALLPRIVILEGESONskyline.*TO'skyline'@'localhost'IDENTIFIEDBY'mariadb_yoga';QueryOK,0rowsaffected(0.006sec)MariaDB[(none)]>GRANTALLPRIVILEGESONskyline.*TO'skyline'@'%'IDENTIFIEDBY'mariadb_yoga';QueryOK,0rowsaffected(0.005sec)MariaDB[(none)]>flushprivileges;QueryOK,0rowsaffected(0.005sec)（2）创建Skyline用户并添加admin角色创建Skyline服务的新用户skyline，密码为wxic@yoga，在默认域default中创建，并向Skyline用户分配admin角色。#openstackusercreate--domaindefault--passwordwxic@yoga#openstackusercreate--domaindefault--passwordwxic@yogaskyline#openstackroleadd--projectservice--userskylineadmin（3）修改Skyline服务配置文件创建Skyline服务需要的配置文件目录和日志文件目录。#mkdir-p/etc/skyline/var/log/skyline/var/lib/skyline#mkdir-p/etc/skyline/var/log/skyline/var/lib/skyline/var/log/nginx查询keystone内部服务端点地址。##openstackendpointlist--interfaceinternal--servicekeystone-fvalue-cURL1:5000创建配置文件skyline.yaml。#cat<<MXD>#cat<<MXD>/etc/skyline/skyline.yamldefault:access_token_expire:3600access_token_renew:1800cors_allow_origins:[]#MySQL连接地址及密码database_url:mysql://skyline:mariadb_yoga@1:3306/skylinedebug:falselog_dir:/var/log/skylinelog_file:skyline_wxic.logprometheus_basic_auth_password:'wxic@yoga'prometheus_basic_auth_user:''prometheus_enable_basic_auth:falseprometheus_endpoint:1:9091secret_key:aCtmgbcUqYUy_HNVg5BDXCaeJgJQzHJXwqbXr0Nmb2osession_name:sessionssl_enabled:trueopenstack:base_domains:-heat_user_domain修改默认区域default_region:RegionWxicenforce_new_defaults:trueextension_mapping:floating-ip-port-forwarding:neutron_port_forwardingfwaas_v2:neutron_firewallqos:neutron_qosvpnaas:neutron_vpninterface_type:public#keystone认证地址keystone_url:1:5000/v3/nginx_prefix:/api/openstackreclaim_instance_interval:604800service_mapping:baremetal:ironiccompute:novacontainer:zuncontainer-infra:magnumdatabase:troveidentity:keystoneimage:glancekey-manager:barbicanload-balancer:octavianetwork:neutronobject-store:swiftorchestration:heatplacement:placementsharev2:manilav2volumev3:cindersso_enabled:falsesso_protocols:openid#修改region名sso_region:RegionWxicsystem_admin_roles:adminsystem_adminsystem_project:servicesystem_project_domain:Defaultsystem_reader_roles:system_readersystem_user_domain:Defaultsystem_user_name:skyline#skyline用户密码system_user_password:'wxic@yoga'setting:base_settings:flavor_familiesgpu_modelsgpu_modelsusb_modelsflavor_families:architecture:x86_architecturecategories:name:general_purposeproperties:[]name:compute_optimizedproperties:[]name:memory_optimizedproperties:[]name:high_clock_speedproperties:[]architecture:heterogeneous_computingcategories:name:compute_optimized_type_with_gpuproperties:[]name:visualization_compute_optimized_type_with_gpuproperties:[]gpu_models:nvidia_t4usb_models:usb_cMXD（4）运行Skyline服务运行初始化引导容器生成数据库Skyline的表结构，并查看日志以验证数据库是否正常连接和表结构的创建。#dockerrun-d--nameskyline_bootstrap\#dockerrun-d--nameskyline_bootstrap\-eKOLLA_BOOTSTRAP=""\-v/etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml\-v/var/log:/var/log\--net=host99cloud/skyline:latest6d78f3a1c491f199000d7a4cc03d785486ac62b58e29c14e6b924ef1efa28f58查看skyline_bootstrap容器的日志。#dockerlogs-fskyline_bootstrap#dockerlogs-fskyline_bootstrap删除数据库初始化引导容器skyline_bootstrap。#dockerrm-f#dockerrm-fskyline_bootstrapskyline_bootstrap服务容器skyline，设置重启策略为always，并挂载配置文件和日志目录的数据卷，将容器的网络连接设置为主机的网络。#dockerrun-d--nameskyline--restart=always\#dockerrun-d--nameskyline--restart=always\-v/etc/skyline/skyline.yaml:/etc/skyline/skyline.yaml\-v/var/log:/var/log\-eLISTEN_ADDRESS=1:9942\--net=host99cloud/skyline:latestbffe9d5a70c144716e8cabf1940e092f0560ad6e62bfa5218c49eca62c7416bdSkyline服务组件安装结束，在浏览器访问1:9942地址便可以看到如登录界面。实战案例——典型云平台部署系统基本环境设置（1）修改主机名////控制节点#hostnamectlset-hostnamecontroller#execbash//计算节点#hostnamectlset-hostnamecompute01#execbash（2）修改网卡地址（线上环境此步骤不需要）按照规划节点的IP规划修改各节点的IP地址，修改示例给出的内容即可，下面给出控制节点的示例修改方法，计算节点类似，按照主机规划修改好各个节点的IP地址。#cat/etc/sysconfig/network-scripts/ifcfg-ens160#cat/etc/sysconfig/network-scripts/ifcfg-ens160… … …BOOTPROTO=noneONBOOT=yesIPADDR=0PREFIX=24[root@controller~]#cat/etc/sysconfig/network-scripts/ifcfg-ens224… … …BOOTPROTO=noneONBOOT=yesIPADDR=0PREFIX=24GATEWAY=DNS1=DNS2=9载入网卡配置并启动相应的网卡。#nmclicreload#nmclicreload#nmclicupens160#nmclicupens224（3）配置本地DNF源将提供的yoga-repo文件上传到系统的/opt目录,使用离线源进行实验，修改方式如下。#mv/etc/yum.repos.d/*/media/#mv/etc/yum.repos.d/*/media/#cat<<MXD>/etc/yum.repos.d/openEuler.repo[openEuler22.09]name=openstackbaseurl=file:///opt/yoga-repo/gpgcheck=0MXD安装Ansible和Kolla-ansible控制节点执行以下命令，安装pip3。#dnf-yinstallpython3-pip#dnf-yinstallpython3-pip使用镜像源来加速pip安装包的下载速度。#mkdir.pip#mkdir.pip#cat<<WXIC>.pip/pip.conf[global]index-url=/simple[install]trusted-host=WXIC更新Python3中的pip工具到最新版本。#pip3install--ignore-installed--upgradepip#pip3install--ignore-installed--upgradepip使用以下命令安装Ansible，并查看所安装的版本号。#pip3install-U'ansible>=4,<6'#pip3install-U'ansible>=4,<6'#ansible--versionansible[core2.12.10]安装Kolla-ansible和Kolla-ansible环境必需的依赖项。////控制节点#dnf-yinstallgitpython3-devellibffi-develgccopenssl-develpython3-libselinux#dnf-yinstallopenstack-kolla-ansible#kolla-ansible--version14.2.0//计算节点#dnf-yinstallpython3-libselinux创建kolla-ansible配置文件目录。#mkdir-p/etc/kolla/{globals.d,config}#mkdir-p/etc/kolla/{globals.d,config}#chown$USER:$USER/etc/kolla将inventory文件复制到/etc/ansible目录。#mkdir/etc/ansible#mkdir/etc/ansible#cp/usr/share/kolla-ansible/ansible/inventory/*/etc/ansible执行以下命令安装AnsibleGalaxy的依赖项。#pip3installcryptography==38.0.4#pip3installcryptography==38.0.4#tarxvfkolla-ansible-deps.tar.gz-C/root/.ansibleAnsible运行配置优化对Ansible进行调优以加快执行速度，具体优化如下。#cat<<MXD>#cat<<MXD>/etc/ansible/ansible.cfg[defaults]#SSH服务关闭密钥检测host_key_checking=False#如果不使用sudo，建议开启pipelining=True#执行任务的并发数forks=100timeout=800#禁用警告#devel_warning=Falsedeprecation_warnings=False#显示每个任务花费的时间callback_whitelist=profile_tasks#记录ansible的输出,相对路径表示log_path=wxic_cloud.log#主机清单文件,相对路径表示inventoryopenstack_cluster#命令执行环境，也可更改为/bin/bashexecutable=/bin/shremote_port=22remote_user=root#默认输出的详细程度#可选值0、1、2、3、4等#值越高输出越详细verbosity=0show_custom_statsTrueinterpreter_python=auto_legacy_silent[colors]#成功的任务绿色显示ok=green#跳过的任务使用亮灰色显示skip=brightgray#警告使用亮紫色显示warn=brightpurple[privilege_escalation]become_user=root[galaxy]display_progress=TrueMXDKolla-ansible环境初始配置（1）修改主机清单文件进入/etc/ansible目录，编辑openstack_cluster清单文件来指定集群节点的主机及其所属组。在这个清单文件中还可以用来指定控制节点连接集群各个节点的用户名、密码等（注意：ansible_password为root用户的密码，所有节点的root用户密码不可以是纯数字）。#cd/etc/ansible/#cd/etc/ansible/#awk'!/^#/&&!/^$/'multinode>openstack_cluster#cat-nopenstack_cluster[all:vars]ansible_password=wxic@2024ansible_become=false4 4 [control]5 06 [network]7 08 [compute]9 010 [monitoring]11 012 [storage]13 0… … …（2）检查主机清单文件是否配置正确使用以下命令测试各主机之间能否连通。#dnf-yinstallsshpass#dnf-yinstallsshpass#ansibleall-mpinglocalhost|SUCCESS=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python3.10"},"changed":false,"ping":"pong"}0|SUCCESS=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python3.10"},"changed":false,"ping":"pong"}0|SUCCESS=>{"ansible_facts":{"discovered_interpreter_python":"/usr/bin/python3.10"},"changed":false,"ping":"pong"}（3）配置OpenStack各服务组件密码在使用Kolla-ansible部署OpenStackYoga平台时建议使用随机密码生成器来生成各个服务的密码，命令如下。#kolla-genpwd#kolla-genpwd修改Horizon界面登录密码为wxic@2024，命令如下。#sed-i's/keystone_admin_password:.*/keystone_admin_password:#sed-i's/keystone_admin_password:.*/keystone_admin_password:wxic@2024/g'/etc/kolla/passwords.yml（4）编辑globals.yml文件在使用Kolla-ansible部署OpenStackYoga平台时，最重要的便是globals.yml文件的修改，通过阅读OpenStack官方文档的服务指南，按照自己的需求选择安装相关的组件。本次部署时安装了较多组件，具体的组件列表可查看以下修改后的globals.yml文件，其中要注意一个选项是kolla_internal_vip_address的地址，该地址为/24网段里的任何一个未被使用的IP（本次部署使用00），部署完成后使用该地址登录Horizon界面。#cd/etc/kolla/#cd/etc/kolla/#cpglobals.yml{,_bak}#cat<<MXD>globals.yml---kolla_base_distro:"ubuntu"kolla_install_type:"source"openstack_release:"yoga"kolla_internal_vip_address:"00"docker_registry:""network_interface:"eth0"neutron_external_interface:"eth1"neutron_plugin_agent:"openvswitch"openstack_region_name:"RegionWxic"enable_aodh:"yes"enable_barbican:"yes"enable_ceilometer:"yes"enable_ceilometer_ipmi:"yes"enable_cinder:"yes"enable_cinder_backup:"yes"enable_cinder_backend_lvm:"yes"enable_cloudkitty:"yes"enable_gnocchi:"yes"enable_gnocchi_statsd:"yes"enable_manila:"yes"enable_manila_backend_generic:"yes"enable_neutron_vpnaas:"yes"enable_neutron_qos:"yes"enable_neutron_bgp_dragent:"yes"enable_neutron_provider_networks:"yes"enable_redis:"yes"enable_swift:"yes"glance_backend_file:"yes"glance_file_datadir_volume:"/var/lib/glance/wxic/"barbican_crypto_plugin:"simple_crypto"barbican_library_path:"/usr/lib/libCryptoki2_64.so"cinder_volume_group:"cinder-wxic"cloudkitty_collector_backend:"gnocchi"cloudkitty_storage_backend:"influxdb"nova_compute_virt_type:"kvm"swift_devices_name:"KOLLA_SWIFT_DATA"MXD在/etc/kolla/config/目录自定义Neutron和Manila服务的一些配置，在部署集群时使用自定义的配置覆盖掉默认的配置。#cd/etc/kolla/config/#cd/etc/kolla/config/#mkdirneutron#cat<<MXD>neutron/dhcp_agent.ini[DEFAULT]dnsmasq_dns_servers=,,,9MXD#cat<<MXD>neutron/ml2_conf.ini[ml2][ml2]tenant_network_types=flat,vxlan,vlan[ml2_type_vlan]network_vlan_ranges=provider:10:1000[ml2_type_flat]flat_networks=providerMXD#cat<<MXD>neutron/openvswitch_agent.ini[securitygroup]firewall_driver=openvswitch[ovs]bridge_mappings=provider:br-exMXD#cat<<MXD>manila-share.conf[generic]service_instance_flavor_id=100MXD存储节点磁盘初始化（1）初始化Cinder服务磁盘在compute01节点使用一块20GB磁盘创建cinder-volumes卷组，该卷组名和globals.yml里面“cinder_volume_group”指定的参数一致。00wz--n-<20.00g<20.00g01VSize VFree#PV#LV#SNAttrVGcinder-wxic#pvcreate/dev/nvme0n2#vgcreatecinder-wxic/dev/nvme0n2#vgscinder-wxic（2）初始化Swift服务磁盘#cat<<MXD>Swift_disk_init.shindex=0fordinnvme0n3nvme0n4nvme0n5;doparted/dev/${d}-s#cat<<MXD>Swift_disk_init.shindex=0fordinnvme0n3nvme0n4nvme0n5;doparted/dev/${d}-s--mklabelgptmkpartKOLLA_SWIFT_DATA1-1sudomkfs.xfs-f-Ld${index}/dev/${d}p1((index++))doneMXD#chmod+xSwift_disk_init.sh#./Swift_disk_init.sh#lsblkNAMEMAJ:MINRMSIZEROTYPEMOUNTPOINTSnvme0n3259:5020G0disk└─nvme0n3p1259:6020G0partnvme0n4259:7020G0disk└─nvme0n4p1259:8020G0partnvme0n5259:9020G0disk└─nvme0n5p1259:10020G0part部署集群环境在控制节点安装OpenStackCLI客户端。#dnf-yinstallpython3-openstackclient#dnf-yinstallpython3-openstackclientOpenStack集群所需要的基础依赖项和修改一些配置文件（如安装Docker和修改Hosts文件等）。#kolla-ansiblebootstrap-servers#kolla-ansiblebootstrap-servers在控制节点生成Swift服务所需要的环，编写Swift-init.sh脚本，其中STORAGE_NODES的IP为Swift磁盘所在节点的IP。#cat<<MXD>Swift-init.sh#!/usr/bin/envbashSTORAGE_NODES=(0)KOLLA_SWIFT_BASE_IMAGE="kolla/swift-base:master-ubuntu-jammy"mkdir-p/etc/kolla/config/swiftdockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/object.buildercreate1031fornodein${STORAGE_NODES[@]};doforiin{0..2};dodockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/object.builderaddr1z1-${node}:6000/d${i}1;donedonedockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/account.buildercreate1031fornodein${STORAGE_NODES[@]};doforiin{0..2};dodockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/account.builderaddr1z1-${node}:6001/d${i}1;donedonedockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/container.buildercreate1031fornodein${STORAGE_NODES[@]};doforiin{0..2};dodockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/container.builderaddr1z1-${node}:6002/d${i}1;donedoneforringinobjectaccountcontainer;dodockerrun\--rm\-v/etc/kolla/config/swift/:/etc/kolla/config/swift/\$KOLLA_SWIFT_BASE_IMAGE\swift-ring-builder\/etc/kolla/config/swift/${ring}.builderrebalance;doneMXD#chmod+xSwift-init.sh#./Swift-init.sh在控制节点进行部署前检查，openEuler22.09系统执行过程中如果出现"openEulerreleaseNAversion22.09isnotsupported.Supportedreleasesare:20.03"提示，不必理会继续接下来的操作，不会影响后面的部署。#kolla-ansibleprechecks#kolla-ansibleprechecks在控制节点使用以下命令下载OpenStack集群各个节点所需要的全部镜像。#dockerpull99cloud/skyline:latest#dockerpull99cloud/skyline:latest#kolla-ansiblepull在控制节点执行以下命令部署OpenStack集群。#kolla-ansibledeploy#kolla-ansibledeploy当上述步骤完成后，OpenStack集群部署完成，所有的服务已经启动并可正常运行。输入globals.yml文件中定义的kolla_internal_vip_address地址在浏览器登录Horizon界面，用户名为admin，密码为passwords.yml文件中keystone_admin_password的值wxic@2024。OpenStackCLI客户端设置OpenStack集群部署完成后，客户端执行命令则需要生成clouds.yaml和admin-openrc.sh文件，这些是管理员（admin）用户的凭据，执行以下命令。#kolla-ansiblepost-deploy#kolla-ansiblepost-deploy执行以下命令，将生成的文件移动到/etc/openstack目录下，并在/etc/profile.d/目录编写/openstack-yoga.sh脚本。#mkdir/etc/openstack#mkdir/etc/openstack#mv/etc/kolla/admin-openrc.sh/etc/openstack/#cat<<MXD>/etc/profile.d/openstack-yoga.sh#!/usr/bin/envbashsource/etc/openstack/admin-openrc.shMXD#logout使用OpenStack相关命令验证客户端是否可以正常使用。#openstackregionlist#openstackregionlist+------------+---------------+-------------+|Region |ParentRegion|Description|+------------+---------------+-------------+|RegionWxic|None | |+------------+---------------+-------------+#openstackcontainercreateyoga-cloud#openstack