environment
1.网络平面
management(管理网络)→软件安装,组件通信
provider(提供实例网络)→:提供者网络:直接获取ip地址,实例之间直接互通
自服务网络(私有网络):创建虚拟网络→创建路由器←设置公有网络网关
————————————————————→内网到外网转发
2.NTP时间服务(集群必备)
【controller node】
1.Install the packages
yum install chrony -y2.Edit the chrony.conf file and add, change, or remove the following keys as necessary for your environment
vim /etc/chrony.conf3.Replace NTP_SERVER with the hostname or IP address of a suitable more accurate (lower stratum) NTP server
server NTP_SERVER iburst4.To enable other nodes to connect to the chrony daemon on the controller node
allow 10.199.100.0/245.Restart the NTP service
systemctl enable chronyd.service;systemctl restart chronyd.service(1)code
yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server ntp7.aliyun.com iburst' /etc/chrony.conf
sed -i '/^#allow/a allow 10.199.100.0/24' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service【other nodes】
1.Install the packages
yum install chrony -y2.Configure the chrony.conf file and comment out or remove all but one server key
vim /etc/chrony.conf3.Change it to reference the controller node
server controller iburst4.Restart the NTP service
systemctl enable chronyd.service;systemctl restart chronyd.service(2)code
yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server controller iburst' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service【verify operation】
1.Run this command on the all nodes
chronyc sourceschronyc sources3.openstack安装包,启用openstack库
1.Install the package to enable the OpenStack repository
yum install centos-release-openstack-train -y2.Upgrade the packages on all nodes
yum upgrade3.Install the OpenStack client
yum install python-openstackclient -y(3)code
yum install centos-release-openstack-train -y
yum install python-openstackclient -y
yum upgrade4.SQL数据库
1.Install the packages
yum install mariadb mariadb-server python2-PyMySQL -y2.Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed)
vim /etc/my.cnf.d/openstack.cnf3.Start the database service and configure it to start when the system boots
systemctl enable mariadb.service;systemctl restart mariadb.service4.Secure the database service by running the mysql_secure_installation script
mysql_secure_installation(4)code
yum install mariadb mariadb-server python2-PyMySQL -y
cat <<EOF> /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.1.10.151
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
systemctl enable mariadb.service;systemctl restart mariadb.service
mysql_secure_installation5.消息队列:协调组件之间操作和状态信息
1.Install the package
yum install rabbitmq-server -y2.Start the message queue service and configure it to start when the system boots
systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service3.Add the openstack user
rabbitmqctl add_user openstack RABBIT_PASS ##Replace RABBIT_PASS with a suitable password4.Permit configuration, write, and read access for the openstack user
rabbitmqctl set_permissions openstack ".*" ".*" ".*"(5)code
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"6.Memcached
1.Install the packages
yum install memcached python-memcached -y2.Edit the /etc/sysconfig/memcached file and complete the following actions
OPTIONS="-l 127.0.0.1,::1,controller" ##Change the existing line OPTIONS="-l 127.0.0.1,::1"3.Start the Memcached service and configure it to start when the system boots
systemctl enable memcached.service;systemctl restart memcached.service(6)code
yum install memcached python-memcached -y
sed -i '/^OPTIONS=/cOPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached
systemctl enable memcached.service;systemctl restart memcached.service## 修改最大并发连接数,可用的缓存大小
/etc/sysconfig/memcached
7.Etcd
OpenStack services may use Etcd, a distributed reliable key-value store for distributed key locking, storing configuration, keeping track of service live-ness and other scenarios.
The etcd service runs on the controller node.
1.Install the package
yum install etcd -y2.Edit the /etc/etcd/etcd.conf file and set
vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"3.Enable and start the etcd service
systemctl enable etcd;systemctl restart etcd(7)code
yum install etcd -y
sed -i '/ETCD_DATA_DIR=/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_PEER_URLS=/cETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_CLIENT_URLS=/cETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_NAME=/cETCD_NAME="controller"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_ADVERTISE_PEER_URLS=/cETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_ADVERTISE_CLIENT_URLS=/cETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN=/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE=/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd;systemctl restart etcdkeystone
1.安装并配置组件
【创库授权】
1.Use the database access client to connect to the database server as the root user
mysql -u root -p2.Create the keystone database
MariaDB [(none)]> CREATE DATABASE keystone;3.Grant proper access to the keystone database
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';【Install and configure components】
4.install the packages openstack-keystone httpd(基于http对外提供服务) mod_wsgi(python应用和web服务中间件,支持python应用部署到web服务上)
yum install openstack-keystone httpd mod_wsgi -y5.Edit the /etc/keystone/keystone.conf file and complete the following actions
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone[token]
# ...
provider = fernet6.Populate the Identity service database
su -s /bin/sh -c "keystone-manage db_sync" keystone7.Initialize Fernet key repositories
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone8.Bootstrap the Identity service
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \【Configure the Apache HTTP server】
9.Edit the /etc/httpd/conf/httpd.conf file and configure
ServerName controller10.Create a link to the /usr/share/keystone/wsgi-keystone.conf file
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/【Finalize the installation】
11.Start the Apache HTTP service and configure it to start when the system boots
systemctl enable httpd.service;systemctl restart httpd.service12.Configure the administrative account by setting the proper environmental variables
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3(8)code
mysql -u root -p1234qwer
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
quit
yum install openstack-keystone httpd mod_wsgi -y
sed -i -e '/^connection/s/connection/#connection/' -e '/^provider/s/provider/#provider/' /etc/keystone/keystone.conf
sed -i '/^#connection/a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone' /etc/keystone/keystone.conf
sed -i '/^#provider/a provider = fernet' /etc/keystone/keystone.conf
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
sed -i -e '/^ServerName/s/ServerName/#ServerName/' /etc/httpd/conf/httpd.conf
sed -i '/^#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service;systemctl restart httpd.service2.创建域,项目,用户和角色
1.Although the “default” domain already exists from the keystone-manage bootstrap
openstack domain create --description "An Example Domain" example2.This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project
openstack project create --domain default --description "Service Project" service3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the myproject project and myuser user
myprojectmyusermyrolemyrole
myproject
myuser(创建domain,project,user,role,给user赋予role权限)
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password DEMO_PASS myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole3.验证:请求认证令牌
1.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable
unset OS_AUTH_URL OS_PASSWORD2.As the admin user, request an authentication token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue3.As the myuser user created in the previous section, request an authentication token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue4.创建openstack客户端环境脚本
1.Create and edit the admin-openrc file and add the following content
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=22.Create and edit the demo-openrc file and add the following content
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=23.Using the scripts
. admin-openrc(9)code
cat <<EOF> /root/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
cat <<EOF> /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOFglance
1.条件设置
1.创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';2.创建用户→创建glance用户
openstack user create --domain default --password glance123 glance赋权→赋予admin权限
openstack role add --project admin --user glance admin创建服务实体→创建glance service
openstack service create --name glance --description "OpenStack Image" image3.创建服务端点API:public
internal
admin
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:92922.安装并配置组件
1.安装软件包
yum install openstack-glance -y2.修改配置文件
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = glance
password = glance123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/3.初始化数据库
su -s /bin/sh -c "glance-manage db_sync" glance4.启动服务
systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service(10)code
mysql -u root -p1234qwer
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password glance123 glance
openstack role add --project admin --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
yum install openstack-glance -y
sed -i '/^\[database\]/a connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a password = glance123' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a username = glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[paste_deploy\]/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a filesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a default_store = file' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a stores = file,http' /etc/glance/glance-api.conf
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service3.验证
1.openstack image create ##注册镜像
. admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public2.openstack image list ##查看镜像信息
openstack image listplacement
1.条件设置
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:87782.安装并配置组件
1.Install the packages
yum install openstack-placement-api -y2.Edit the /etc/placement/placement.conf file and complete the following actions
配置数据库访问
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement配置keystone认证
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS启用placement api访问
/etc/httpd/conf.d/00-nova-placement-api.conf<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>3.Populate the placement database
su -s /bin/sh -c "placement-manage db sync" placement4.启动服务
systemctl restart httpd(11)code
mysql -u root -p1234qwer
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
yum install openstack-placement-api -y
sed -i '/^\[placement_database\]/a connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' /etc/placement/placement.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a password = placement123' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a username = placement' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/v3' /etc/placement/placement.conf
cat <<EOF>> /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
EOF
su -s /bin/sh -c "placement-manage db sync" placement
systemctl restart httpd3.验证
1.Perform status checks to make sure everything is in order
nova-manage cell_v2 discover_hosts --verboseplacement-status upgrade check2.Run some commands against the placement API
nova
controller node
1.条件设置
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.12.安装并配置组件
1.安装软件包
openstack-nova-api openstack-nova-conductor(连接数据库) openstack-nova-console(访问控制台) openstack-nova-novncproxy(提供控制台服务) openstack-nova-scheduler(computer调度) openstack-nova-placement-api
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y2.Edit the /etc/nova/nova.conf file
配置api
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata配置数据库访问(database,api_database)
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/配置keystone认证
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = nova
password = nova123配置网络服务支持
[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver配置vnc代理
[DEFAULT]
...
my_ip = 10.1.10.151
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip配置镜像api
[glance]
# ...
api_servers = http://controller:9292配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp配置placement service认证
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = admin
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement1233.初始化数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova4.启动服务
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service(12)code
mysql -u root -p1234qwer
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.151' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service3.验证
1.验证:openstack compute service list ##查看服务组件
openstack compute service list2.List API endpoints in the Identity service to verify connectivity with the Identity service
openstack catalog list3.List images in the Image service to verify connectivity with the Image service
openstack image list4.Check the cells and placement API are working successfully and that other necessary prerequisites are in place
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
nova-status upgrade check
“nova-status upgrade check”报错:Forbidden: Forbidden (HTTP 403)
openstack compute service list --service nova-computecomputer node
1.安装并配置组件
1.安装软件包
yum install openstack-nova-compute -y2.Edit the /etc/nova/nova.conf file
配置api
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata配置数据库访问(database,api_database)
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/配置keystone认证
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = nova
password = nova123配置网络服务支持
[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver配置vnc代理
[DEFAULT]
...
my_ip = 10.1.10.152
[vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html ##修改为ip地址以确保dashboard中可以打开实例控制台配置镜像api
[glance]
# ...
api_servers = http://controller:9292配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp配置placement service认证
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = admin
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement123(13)code
yum install openstack-nova-compute -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.152' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a novncproxy_base_url = http://controller:6080/vnc_auto.html' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = 0.0.0.0' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^#vif_plugging_is_fatal/a vif_plugging_is_fatal=false' /etc/nova/nova.conf
sed -i '/^#vif_plugging_timeout/a vif_plugging_timeout=0' /etc/nova/nova.conf
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl restart libvirtd.service openstack-nova-compute.serviceneutron
controller node
1.条件设置
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:96962.安装并配置组件
1.安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y2.配置服务组件(/etc/neutron/neutron.conf)
配置数据库访问
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron启用ML2插件
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller配置keystone访问
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS配置网络服务来通知计算节点的网络拓扑变化
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp3.配置ml2插件(/etc/neutron/plugins/ml2/ml2_conf.ini)
启用flat,VLAN以及VXLAN网络
[ml2]
# ...
type_drivers = flat,vlan,vxlan启用VXLAN私有网络
[ml2]
# ...
tenant_network_types = vxlan启用Linuxbridge和l2机制
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population启用端口安全扩展驱动
[ml2]
# ...
extension_drivers = port_security配置公共虚拟网络为flat网络
[ml2_type_flat]
# ...
flat_networks = provider为私有网络配置VXLAN范围
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000启用 ipset 增加安全组的方便性
[securitygroup]
# ...
enable_ipset = true4.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1将公共虚拟网络和公共物理网络接口映射
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true启用安全组并配置 Linux 桥接 iptables 防火墙驱动
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver5.配置L3代理(/etc/neutron/l3_agent.ini)
配置Linuxbridge接口驱动和外部网络网桥
[DEFAULT]
# ...
interface_driver = linuxbridge6.配置dhcp代理(/etc/neutron/dhcp_agent.ini)
配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true7.配置元数据代理(/etc/neutron/metadata_agent.ini)
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET8.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET9.初始化数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron10.启动服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service(14)code
mysql -u root -p1234qwer
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_status_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a allow_overlapping_ips = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a service_plugins = router' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a core_plugin = ml2' /etc/neutron/neutron.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[nova]' >> /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a password = nova123' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a username = nova' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a region_name = RegionOne' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a user_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_url = http://controller:5000' /etc/neutron/neutron.conf
echo '[ml2]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a extension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a mechanism_drivers = linuxbridge,l2population' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a tenant_network_types = vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a type_drivers = flat,vlan,vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_flat]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_vxlan]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_vxlan\]/a vni_ranges = 1:1000' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.151' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a enable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a metadata_proxy_shared_secret = metadata123' /etc/neutron/metadata_agent.ini
sed -i '/^\[DEFAULT\]/a nova_metadata_host = controller' /etc/neutron/metadata_agent.ini
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service3.验证
验证:openstack network agent list ##查看代理状态
openstack network agent listcomputer node
1.安装并配置组件
1.安装软件包
yum install openstack-neutron-linuxbridge ebtables ipset -y2.配置服务组件(/etc/neutron/neutron.conf)
配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller配置keystone访问
[DEFAULT]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp3.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1将公共虚拟网络和公共物理网络接口映射
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true启用安全组并配置 Linux 桥接 iptables 防火墙驱动
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver4.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET(15)code
yum install openstack-neutron-linuxbridge ebtables ipset -y
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.152' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service;systemctl restart neutron-linuxbridge-agent.servicedashboard
1.安装并配置组件
1.安装软件包
yum install openstack-dashboard -y2.配置服务组件(/etc/openstack-dashboard/local_settings)
配置host地址
OPENSTACK_HOST = "controller"配置允许访问主机
ALLOWED_HOSTS = ['*', ]配置 memcached 会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}启用第3版认证API
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}通过仪表盘创建用户时的默认域配置为 default
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"通过仪表盘创建的用户默认角色配置为 user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"3.启动服务
systemctl restart httpd.service memcached.service(16)code
yum install openstack-dashboard -y
sed -i '/^OPENSTACK_HOST/s/OPENSTACK_HOST/#OPENSTACK_HOST/' /etc/openstack-dashboard/local_settings
sed -i '/^#OPENSTACK_HOST/a OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings
sed -i '/^ALLOWED_HOSTS/s/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings
sed -i "/^#ALLOWED_HOSTS/a ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings
cat <<EOF>> /etc/openstack-dashboard/local_settings
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
EOF
echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
systemctl restart httpd.service memcached.servicedashboard访问异常处理
lauch instance
1.创建虚拟网络:创建网络
创建子网
创建路由器:←添加私网子网接口
←添加公有网络网关
2.创建计算方案
3.创建键值对
4.添加安全规则
5.启动实例←计算方案,镜像,网络,安全组,密钥对
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat provider
openstack subnet create --network provider \
--allocation-pool start=10.199.187.131,end=10.199.187.139 \
--dns-nameserver 180.76.76.76 --gateway 10.199.187.1 \
--subnet-range 10.199.187.0/24 provider
openstack network create selfservice
openstack subnet create --network selfservice \
--dns-nameserver 180.76.76.76 --gateway 172.16.1.1 \
--subnet-range 172.16.1.0/24 selfservice
openstack router create router
openstack router add subnet router selfservice
openstack router set router --external-gateway provider
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
