OpenStack Train版三节点部署实战从CentOS 7.6到Dashboard的完整指南当企业需要构建私有云平台时OpenStack作为最成熟的开源IaaS解决方案之一其灵活性和可扩展性备受青睐。本文将带您完成一个生产级的三节点OpenStack Train版部署涵盖从操作系统配置到Dashboard上线的全流程。不同于理论架构讲解我们聚焦于实际部署中遇到的网络配置、服务依赖和组件联调等核心问题。1. 环境准备与系统配置1.1 硬件规划与网络拓扑三节点部署通常包含一个控制节点和两个计算节点以下是推荐的最低硬件配置节点类型CPU内存存储网卡配置控制节点2核4线程8GB300GB双网卡(NAT内部网络)计算节点4核8线程16GB500GB双网卡(NAT内部网络)提示生产环境中建议计算节点配置更高规格特别是需要支持硬件虚拟化加速的场景网络配置示例根据实际环境调整# 控制节点网络配置示例 TYPEEthernet BOOTPROTOstatic IPADDR192.168.100.11 NETMASK255.255.255.0 GATEWAY192.168.100.1 DNS1114.114.114.1141.2 操作系统基础配置所有节点执行以下初始化操作设置主机名并更新hosts文件hostnamectl set-hostname ct # 控制节点 echo 192.168.100.11 ct 192.168.100.12 c1 192.168.100.13 c2 /etc/hosts关闭防火墙和SELinuxsystemctl stop firewalld systemctl disable firewalld setenforce 0 sed -i s/SELINUXenforcing/SELINUXdisabled/ /etc/selinux/config配置SSH免密登录ssh-keygen -t rsa -P -f ~/.ssh/id_rsa ssh-copy-id ct ssh-copy-id c1 ssh-copy-id c22. 基础服务部署2.1 时间同步配置控制节点配置为阿里云时钟源计算节点同步控制节点时间# 控制节点chrony配置 yum install -y chrony sed -i s/^server.*/server ntp6.aliyun.com iburst/ /etc/chrony.conf echo allow 192.168.100.0/24 /etc/chrony.conf systemctl restart chronyd验证时间同步状态chronyc sources -v2.2 数据库与消息队列安装配置MariaDByum install -y mariadb mariadb-server python2-PyMySQL cat /etc/my.cnf.d/openstack.cnf EOF [mysqld] bind-address 192.168.100.11 default-storage-engine innodb innodb_file_per_table on max_connections 4096 collation-server utf8_general_ci character-set-server utf8 EOF systemctl enable mariadb --nowRabbitMQ安装与权限配置yum install -y rabbitmq-server systemctl enable rabbitmq-server --now rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack .* .* .*2.3 缓存与协调服务Memcached安装yum install -y memcached python-memcached sed -i s/OPTIONS.*/OPTIONS-l 127.0.0.1,::1,ct/ /etc/sysconfig/memcached systemctl enable memcached --nowEtcd集群配置yum install -y etcd cat /etc/etcd/etcd.conf EOF ETCD_DATA_DIR/var/lib/etcd/default.etcd ETCD_LISTEN_PEER_URLShttp://192.168.100.11:2380 ETCD_LISTEN_CLIENT_URLShttp://192.168.100.11:2379 ETCD_NAMEct ETCD_INITIAL_ADVERTISE_PEER_URLShttp://192.168.100.11:2380 ETCD_ADVERTISE_CLIENT_URLShttp://192.168.100.11:2379 ETCD_INITIAL_CLUSTERcthttp://192.168.100.11:2380 ETCD_INITIAL_CLUSTER_TOKENetcd-cluster-01 ETCD_INITIAL_CLUSTER_STATEnew EOF systemctl enable etcd --now3. OpenStack核心组件部署3.1 Keystone身份服务创建数据库并安装组件mysql -uroot -p -e CREATE DATABASE keystone yum install -y openstack-keystone httpd mod_wsgi配置keystone.conf[database] connection mysqlpymysql://keystone:KEYSTONE_DBPASSct/keystone [token] provider fernet初始化数据库并配置Apachesu -s /bin/sh -c keystone-manage db_sync keystone keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://ct:5000/v3/ \ --bootstrap-internal-url http://ct:5000/v3/ \ --bootstrap-public-url http://ct:5000/v3/ \ --bootstrap-region-id RegionOne3.2 Glance镜像服务数据库准备与软件安装mysql -uroot -p -e CREATE DATABASE glance yum install -y openstack-glance配置glance-api.conf和glance-registry.conf[database] connection mysqlpymysql://glance:GLANCE_DBPASSct/glance [keystone_authtoken] auth_url http://ct:5000 memcached_servers ct:11211 auth_type password project_domain_name Default user_domain_name Default project_name service username glance password GLANCE_PASS [paste_deploy] flavor keystone初始化数据库并下载测试镜像su -s /bin/sh -c glance-manage db_sync glance openstack image create cirros \ --file cirros-0.5.1-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public4. 计算与网络服务部署4.1 Nova计算服务控制节点安装yum install -y openstack-nova-api openstack-nova-conductor \ openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler计算节点安装yum install -y openstack-nova-compute关键配置项nova.conf[api_database] connection mysqlpymysql://nova:NOVA_DBPASSct/nova_api [database] connection mysqlpymysql://nova:NOVA_DBPASSct/nova [vnc] enabled true server_listen 0.0.0.0 server_proxyclient_address $my_ip novncproxy_base_url http://ct:6080/vnc_auto.html4.2 Neutron网络服务控制节点安装yum install -y openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables计算节点安装yum install -y openstack-neutron-linuxbridge ebtables ipset网络配置示例linuxbridge_agent.ini[linux_bridge] physical_interface_mappings provider:eth1 [vxlan] enable_vxlan false [securitygroup] enable_security_group true firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver5. Dashboard部署与验证5.1 Horizon安装配置yum install -y openstack-dashboard关键配置修改/etc/openstack-dashboard/local_settingsOPENSTACK_HOST ct ALLOWED_HOSTS [*] SESSION_ENGINE django.contrib.sessions.backends.cache CACHES { default: { BACKEND: django.core.cache.backends.memcached.MemcachedCache, LOCATION: ct:11211, } } OPENSTACK_KEYSTONE_URL http://%s:5000/v3 % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE user重启服务systemctl restart httpd memcached5.2 系统验证检查服务状态openstack compute service list openstack network agent list创建测试网络和实例openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider openstack server create --image cirros \ --flavor m1.tiny \ --nic net-idPROVIDER_NET_ID \ test-instance访问Dashboardhttp://控制节点IP/dashboard