OpenStack Train版 简单部署流程
environment
1.网络平面
management(管理网络)→软件安装,组件通信
provider(提供实例网络)→:提供者网络:直接获取ip地址,实例之间直接互通
自服务网络(私有网络):创建虚拟网络→创建路由器←设置公有网络网关
————————————————————→内网到外网转发
2.NTP时间服务(集群必备)
【controller node】
1.Install the packages
- yum install chrony -y
2.Edit the chrony.conf file and add, change, or remove the following keys as necessary for your environment
- vim /etc/chrony.conf
3.Replace NTP_SERVER with the hostname or IP address of a suitable more accurate (lower stratum) NTP server
- server NTP_SERVER iburst
4.To enable other nodes to connect to the chrony daemon on the controller node
- allow 10.199.100.0/24
5.Restart the NTP service
- systemctl enable chronyd.service;systemctl restart chronyd.service
(1)code
- yum install chrony -y
- sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server ntp7.aliyun.com iburst' /etc/chrony.conf
sed -i '/^#allow/a allow 10.199.100.0/24' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service
【other nodes】
1.Install the packages
- yum install chrony -y
2.Configure the chrony.conf file and comment out or remove all but one server key
- vim /etc/chrony.conf
3.Change it to reference the controller node
- server controller iburst
4.Restart the NTP service
- systemctl enable chronyd.service;systemctl restart chronyd.service
(2)code
- yum install chrony -y
- sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server controller iburst' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service
【verify operation】
1.Run this command on the all nodes
- chronyc sources
- chronyc sources
3.openstack安装包,启用openstack库
1.Install the package to enable the OpenStack repository
- yum install centos-release-openstack-train -y
2.Upgrade the packages on all nodes
- yum upgrade
3.Install the OpenStack client
- yum install python-openstackclient -y
(3)code
- yum install centos-release-openstack-train -y
yum install python-openstackclient -y- yum upgrade
4.SQL数据库
1.Install the packages
- yum install mariadb mariadb-server python2-PyMySQL -y
2.Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed)
- vim /etc/my.cnf.d/openstack.cnf
3.Start the database service and configure it to start when the system boots
- systemctl enable mariadb.service;systemctl restart mariadb.service
4.Secure the database service by running the mysql_secure_installation script
- mysql_secure_installation
(4)code
- yum install mariadb mariadb-server python2-PyMySQL -y
- cat <<EOF> /etc/my.cnf.d/openstack.cnf
[mysqld]- bind-address = 10.1.10.151
- default-storage-engine = innodb
- innodb_file_per_table = on
- max_connections = 4096
- collation-server = utf8_general_ci
- character-set-server = utf8
EOF
systemctl enable mariadb.service;systemctl restart mariadb.service- mysql_secure_installation
5.消息队列:协调组件之间操作和状态信息
1.Install the package
- yum install rabbitmq-server -y
2.Start the message queue service and configure it to start when the system boots
- systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
3.Add the openstack user
- rabbitmqctl add_user openstack RABBIT_PASS ##Replace RABBIT_PASS with a suitable password
4.Permit configuration, write, and read access for the openstack user
- rabbitmqctl set_permissions openstack ".*" ".*" ".*"
(5)code
- yum install rabbitmq-server -y
- systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
- rabbitmqctl add_user openstack RABBIT_PASS
- rabbitmqctl set_permissions openstack ".*" ".*" ".*"
6.Memcached(存放token)
1.Install the packages
- yum install memcached python-memcached -y
2.Edit the /etc/sysconfig/memcached file and complete the following actions
- OPTIONS="-l 127.0.0.1,::1,controller" ##Change the existing line OPTIONS="-l 127.0.0.1,::1"
3.Start the Memcached service and configure it to start when the system boots
- systemctl enable memcached.service;systemctl restart memcached.service
(6)code
- yum install memcached python-memcached -y
- sed -i '/^OPTIONS=/cOPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached
systemctl enable memcached.service;systemctl restart memcached.service
7.Etcd
1.Install the package
- yum install etcd -y
2.Edit the /etc/etcd/etcd.conf file and set
- vim /etc/etcd/etcd.conf
- #[Member]
- ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
- ETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"
- ETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"
- ETCD_NAME="controller"
- #[Clustering]
- ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"
- ETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"
- ETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"
- ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
- ETCD_INITIAL_CLUSTER_STATE="new"
3.Enable and start the etcd service
- systemctl enable etcd;systemctl restart etcd
(7)code
- yum install etcd -y
- sed -i '/ETCD_DATA_DIR=/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_PEER_URLS=/cETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_CLIENT_URLS=/cETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_NAME=/cETCD_NAME="controller"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_ADVERTISE_PEER_URLS=/cETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_ADVERTISE_CLIENT_URLS=/cETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN=/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE=/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd;systemctl restart etcd
keystone
1.安装并配置组件
【创库授权】
1.Use the database access client to connect to the database server as the root user
- mysql -u root -p
2.Create the keystone database
- MariaDB [(none)]> CREATE DATABASE keystone;
3.Grant proper access to the keystone database
- MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
- MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
【Install and configure components】
4.install the packages openstack-keystone httpd(基于http对外提供服务) mod_wsgi(python应用和web服务中间件,支持python应用部署到web服务上)
- yum install openstack-keystone httpd mod_wsgi -y
5.Edit the /etc/keystone/keystone.conf file and complete the following actions
- [database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
- [token]
- # ...
- provider = fernet
6.Populate the Identity service database
- su -s /bin/sh -c "keystone-manage db_sync" keystone
7.Initialize Fernet key repositories
- keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
- keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
8.Bootstrap the Identity service
- keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
- --bootstrap-admin-url http://controller:5000/v3/ \
- --bootstrap-internal-url http://controller:5000/v3/ \
- --bootstrap-public-url http://controller:5000/v3/ \
【Configure the Apache HTTP server】
9.Edit the /etc/httpd/conf/httpd.conf file and configure
- ServerName controller
10.Create a link to the /usr/share/keystone/wsgi-keystone.conf file
- ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
【Finalize the installation】
11.Start the Apache HTTP service and configure it to start when the system boots
- systemctl enable httpd.service;systemctl restart httpd.service
12.Configure the administrative account by setting the proper environmental variables
- export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
(8)code
- mysql -u root -p1234qwer
- CREATE DATABASE keystone;
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
- quit
- yum install openstack-keystone httpd mod_wsgi -y
- sed -i -e '/^connection/s/connection/#connection/' -e '/^provider/s/provider/#provider/' /etc/keystone/keystone.conf
- sed -i '/^#connection/a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone' /etc/keystone/keystone.conf
- sed -i '/^#provider/a provider = fernet' /etc/keystone/keystone.conf
- su -s /bin/sh -c "keystone-manage db_sync" keystone
- keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
- keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
- keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
- --bootstrap-admin-url http://controller:5000/v3/ \
- --bootstrap-internal-url http://controller:5000/v3/ \
- --bootstrap-public-url http://controller:5000/v3/ \
- --bootstrap-region-id RegionOne
- sed -i -e '/^ServerName/s/ServerName/#ServerName/' /etc/httpd/conf/httpd.conf
- sed -i '/^#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf
- ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
- systemctl enable httpd.service;systemctl restart httpd.service
2.创建域,项目,用户和角色
1.Although the “default” domain already exists from the keystone-manage bootstrap step in this guide, a formal way to create a new domain would be
- openstack domain create --description "An Example Domain" example
2.This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project
- openstack project create --domain default --description "Service Project" service
3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the myproject project and myuser user
- openstack project create --domain default --description "Demo Project" myproject ##Create the
myprojectproject
- openstack user create --domain default --password-prompt myuser ##Create the
myuseruser
- openstack role create myrole ##Create the
myrolerole
- openstack role add --project myproject --user myuser myrole ##Add the
myrolerole to themyprojectproject andmyuseruser
(创建domain,project,user,role,给user赋予role权限)
- openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Demo Project" myproject- openstack user create --domain default --password DEMO_PASS myuser
- openstack role create myrole
- openstack role add --project myproject --user myuser myrole
3.验证:请求认证令牌
1.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable
- unset OS_AUTH_URL OS_PASSWORD
2.As the admin user, request an authentication token
- openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
3.As the myuser user created in the previous section, request an authentication token
- openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
4.创建openstack客户端环境脚本
1.Create and edit the admin-openrc file and add the following content
- export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.Create and edit the demo-openrc file and add the following content
- export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3.Using the scripts
- . admin-openrc
(9)code
- cat <<EOF> /root/admin-openrc
- export OS_PROJECT_DOMAIN_NAME=Default
- export OS_USER_DOMAIN_NAME=Default
- export OS_PROJECT_NAME=admin
- export OS_USERNAME=admin
- export OS_PASSWORD=ADMIN_PASS
- export OS_AUTH_URL=http://controller:5000/v3
- export OS_IDENTITY_API_VERSION=3
- export OS_IMAGE_API_VERSION=2
- EOF
- cat <<EOF> /root/demo-openrc
- export OS_PROJECT_DOMAIN_NAME=Default
- export OS_USER_DOMAIN_NAME=Default
- export OS_PROJECT_NAME=myproject
- export OS_USERNAME=myuser
- export OS_PASSWORD=DEMO_PASS
- export OS_AUTH_URL=http://controller:5000/v3
- export OS_IDENTITY_API_VERSION=3
- export OS_IMAGE_API_VERSION=2
- EOF
glance
1.条件设置
1.创库授权
- CREATE DATABASE glance;
- GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
- GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
2.创建用户→创建glance用户
- openstack user create --domain default --password glance123 glance
赋权→赋予admin权限
- openstack role add --project admin --user glance admin
创建服务实体→创建glance service
- openstack service create --name glance --description "OpenStack Image" image
3.创建服务端点API:public
internal
admin
- openstack endpoint create --region RegionOne image public http://controller:9292
- openstack endpoint create --region RegionOne image internal http://controller:9292
- openstack endpoint create --region RegionOne image admin http://controller:9292
2.安装并配置组件
1.安装软件包
- yum install openstack-glance -y
2.修改配置文件
- [database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = glance
password = glance123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.初始化数据库
- su -s /bin/sh -c "glance-manage db_sync" glance
4.启动服务
- systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service
(10)code
- mysql -u root -p1234qwer
- CREATE DATABASE glance;
- GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
- GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
- quit
- . /root/admin-openrc
- openstack user create --domain default --password glance123 glance
- openstack role add --project admin --user glance admin
- openstack service create --name glance --description "OpenStack Image" image
- openstack endpoint create --region RegionOne image public http://controller:9292
- openstack endpoint create --region RegionOne image internal http://controller:9292
- openstack endpoint create --region RegionOne image admin http://controller:9292
- yum install openstack-glance -y
- sed -i '/^\[database\]/a connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a password = glance123' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a username = glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[paste_deploy\]/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a filesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a default_store = file' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a stores = file,http' /etc/glance/glance-api.conf- su -s /bin/sh -c "glance-manage db_sync" glance
- systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service
3.验证
1.openstack image create ##注册镜像
- . admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
2.openstack image list ##查看镜像信息
- openstack image list
placement
1.条件设置
- CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';- GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778- openstack endpoint create --region RegionOne placement internal http://controller:8778
- openstack endpoint create --region RegionOne placement admin http://controller:8778
2.安装并配置组件
1.Install the packages
- yum install openstack-placement-api -y
2.Edit the /etc/placement/placement.conf file and complete the following actions
配置数据库访问
- [placement_database]
- # ...
- connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
配置keystone认证
- [api]
- # ...
- auth_strategy = keystone
- [keystone_authtoken]
- # ...
- auth_url = http://controller:5000/v3
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = Default
- user_domain_name = Default
- project_name = service
- username = placement
- password = PLACEMENT_PASS
启用placement api访问
- adding the following configuration to
/etc/httpd/conf.d/00-nova-placement-api.conf:
- <Directory /usr/bin>
- <IfVersion >= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion < 2.4>
- Order allow,deny
- Allow from all
- </IfVersion>
- </Directory>
3.Populate the placement database
- su -s /bin/sh -c "placement-manage db sync" placement
4.启动服务
- systemctl restart httpd
(11)code
- mysql -u root -p1234qwer
- CREATE DATABASE placement;
- GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
- GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
quit
. /root/admin-openrc- openstack user create --domain default --password placement123 placement
- openstack role add --project admin --user placement admin
- openstack service create --name placement --description "Placement API" placement
- openstack endpoint create --region RegionOne placement public http://controller:8778
- openstack endpoint create --region RegionOne placement internal http://controller:8778
- openstack endpoint create --region RegionOne placement admin http://controller:8778
- yum install openstack-placement-api -y
- sed -i '/^\[placement_database\]/a connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' /etc/placement/placement.conf
- sed -i '/^\[api\]/a auth_strategy = keystone' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a password = placement123' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a username = placement' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/placement/placement.conf
- sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/v3' /etc/placement/placement.conf
- cat <<EOF>> /etc/httpd/conf.d/00-nova-placement-api.conf
- <Directory /usr/bin>
- <IfVersion >= 2.4>
- Require all granted
- </IfVersion>
- <IfVersion < 2.4>
- Order allow,deny
- Allow from all
- </IfVersion>
- </Directory>
- EOF
- su -s /bin/sh -c "placement-manage db sync" placement
- systemctl restart httpd
3.验证
1.Perform status checks to make sure everything is in order
- placement-status upgrade check
2.Run some commands against the placement API
nova
controller node
1.条件设置
- CREATE DATABASE nova_api;
- CREATE DATABASE nova;
- CREATE DATABASE nova_cell0;
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
- openstack user create --domain default --password nova123 nova
- openstack role add --project admin --user nova admin
- openstack service create --name nova --description "OpenStack Compute" compute
- openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
- openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
- openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
2.安装并配置组件
1.安装软件包
openstack-nova-api openstack-nova-conductor(连接数据库) openstack-nova-console(访问控制台) openstack-nova-novncproxy(提供控制台服务) openstack-nova-scheduler(computer调度) openstack-nova-placement-api
- yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
2.Edit the /etc/nova/nova.conf file
配置api
- [DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
配置数据库访问(database,api_database)
- [api_database]
- # ...
- connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
- [database]
- # ...
- connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
配置rabbitmq
- [DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
配置keystone认证
- [api]
- # ...
- auth_strategy = keystone
- [keystone_authtoken]
- # ...
- www_authenticate_uri = http://controller:5000/
- auth_url = http://controller:5000/
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = Default
- user_domain_name = Default
- project_name = admin
- username = nova
- password = nova123
配置网络服务支持
- [DEFAULT]
- # ...
- use_neutron = true
- firewall_driver = nova.virt.firewall.NoopFirewallDriver
配置vnc代理
- [DEFAULT]
- ...
- my_ip = 10.1.10.151
- [vnc]
- enabled = true
- # ...
- server_listen = $my_ip
- server_proxyclient_address = $my_ip
配置镜像api
- [glance]
- # ...
- api_servers = http://controller:9292
配置锁路径
- [oslo_concurrency]
- # ...
- lock_path = /var/lib/nova/tmp
配置placement service认证
- [placement]
- # ...
- region_name = RegionOne
- project_domain_name = Default
- project_name = admin
- auth_type = password
- user_domain_name = Default
- auth_url = http://controller:5000/v3
- username = placement
- password = placement123
3.初始化数据库
- su -s /bin/sh -c "nova-manage api_db sync" nova
- su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
- su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
- su -s /bin/sh -c "nova-manage db sync" nova
- su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
4.启动服务
- systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
(12)code
- mysql -u root -p1234qwer
- CREATE DATABASE nova_api;
- CREATE DATABASE nova;
- CREATE DATABASE nova_cell0;
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
- quit
- . /root/admin-openrc
- openstack user create --domain default --password nova123 nova
- openstack role add --project admin --user nova admin
- openstack service create --name nova --description "OpenStack Compute" compute
- openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
- openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
- openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
- yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
- sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.151' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
- sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
- sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
- sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a server_listen = $my_ip' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
- sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
- sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
- su -s /bin/sh -c "nova-manage api_db sync" nova
- su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
- su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
- su -s /bin/sh -c "nova-manage db sync" nova
- su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
- systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
3.验证
1.验证:openstack compute service list ##查看服务组件
- openstack compute service list
2.List API endpoints in the Identity service to verify connectivity with the Identity service
- openstack catalog list
3.List images in the Image service to verify connectivity with the Image service
- openstack image list
4.Check the cells and placement API are working successfully and that other necessary prerequisites are in place
- su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
nova-status upgrade check
openstack compute service list --service nova-compute
computer node
1.安装并配置组件
1.安装软件包
- yum install openstack-nova-compute -y
2.Edit the /etc/nova/nova.conf file
配置api
- [DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
配置数据库访问(database,api_database)
- [api_database]
- # ...
- connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
- [database]
- # ...
- connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
配置rabbitmq
- [DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
配置keystone认证
- [api]
- # ...
- auth_strategy = keystone
- [keystone_authtoken]
- # ...
- www_authenticate_uri = http://controller:5000/
- auth_url = http://controller:5000/
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = Default
- user_domain_name = Default
- project_name = admin
- username = nova
- password = nova123
配置网络服务支持
- [DEFAULT]
- # ...
- use_neutron = true
- firewall_driver = nova.virt.firewall.NoopFirewallDriver
配置vnc代理
- [DEFAULT]
- ...
- my_ip = 10.1.10.152
- [vnc]
- # ...
enabled = true- server_listen = 0.0.0.0
- server_proxyclient_address = $my_ip
- novncproxy_base_url = http://controller:6080/vnc_auto.html ##修改为ip地址以确保dashboard中可以打开实例控制台
配置镜像api
- [glance]
- # ...
- api_servers = http://controller:9292
配置锁路径
- [oslo_concurrency]
- # ...
- lock_path = /var/lib/nova/tmp
配置placement service认证
- [placement]
- # ...
- region_name = RegionOne
- project_domain_name = Default
- project_name = admin
- auth_type = password
- user_domain_name = Default
- auth_url = http://controller:5000/v3
- username = placement
- password = placement123
(13)code
- yum install openstack-nova-compute -y
- sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.152' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/nova/nova.conf
- sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
- sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
- sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
- sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
- sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a novncproxy_base_url = http://controller:6080/vnc_auto.html' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a server_listen = 0.0.0.0' /etc/nova/nova.conf
- sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
- sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
- sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
- sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^#vif_plugging_is_fatal/a vif_plugging_is_fatal=false' /etc/nova/nova.conf
sed -i '/^#vif_plugging_timeout/a vif_plugging_timeout=0' /etc/nova/nova.conf
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl restart libvirtd.service openstack-nova-compute.service
neutron
controller node
1.条件设置
- CREATE DATABASE neutron;
- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696- openstack endpoint create --region RegionOne network internal http://controller:9696
- openstack endpoint create --region RegionOne network admin http://controller:9696
2.安装并配置组件
1.安装软件包
- yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
2.配置服务组件(/etc/neutron/neutron.conf)
配置数据库访问
- [database]
- # ...
- connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
启用ML2插件
- [DEFAULT]
- # ...
- core_plugin = ml2
- service_plugins = router
- allow_overlapping_ips = true
配置rabbitmq
- [DEFAULT]
- # ...
- transport_url = rabbit://openstack:RABBIT_PASS@controller
配置keystone访问
- [DEFAULT]
- # ...
- auth_strategy = keystone
- [keystone_authtoken]
- # ...
- www_authenticate_uri = http://controller:5000
- auth_url = http://controller:5000
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = neutron
- password = NEUTRON_PASS
配置网络服务来通知计算节点的网络拓扑变化
- [DEFAULT]
- # ...
- notify_nova_on_port_status_changes = true
- notify_nova_on_port_data_changes = true
- [nova]
- # ...
- auth_url = http://controller:5000
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- region_name = RegionOne
- project_name = service
- username = nova
- password = NOVA_PASS
配置锁路径
- [oslo_concurrency]
- # ...
- lock_path = /var/lib/neutron/tmp
3.配置ml2插件(/etc/neutron/plugins/ml2/ml2_conf.ini)
启用flat,VLAN以及VXLAN网络
- [ml2]
- # ...
- type_drivers = flat,vlan,vxlan
启用VXLAN私有网络
- [ml2]
- # ...
- tenant_network_types = vxlan
启用Linuxbridge和l2机制
- [ml2]
- # ...
- mechanism_drivers = linuxbridge,l2population
启用端口安全扩展驱动
- [ml2]
- # ...
- extension_drivers = port_security
配置公共虚拟网络为flat网络
- [ml2_type_flat]
- # ...
- flat_networks = provider
为私有网络配置VXLAN范围
- [ml2_type_vxlan]
- # ...
- vni_ranges = 1:1000
启用 ipset 增加安全组的方便性
- [securitygroup]
- # ...
- enable_ipset = true
4.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
- net.bridge.bridge-nf-call-iptables = 1
- net.bridge.bridge-nf-call-ip6tables = 1
将公共虚拟网络和公共物理网络接口映射
- [linux_bridge]
- physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
- [vxlan]
- enable_vxlan = true
- local_ip = OVERLAY_INTERFACE_IP_ADDRESS
- l2_population = true
启用安全组并配置 Linux 桥接 iptables 防火墙驱动
- [securitygroup]
- # ...
- enable_security_group = true
- firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5.配置L3代理(/etc/neutron/l3_agent.ini)
配置Linuxbridge接口驱动和外部网络网桥
- [DEFAULT]
- # ...
- interface_driver = linuxbridge
6.配置dhcp代理(/etc/neutron/dhcp_agent.ini)
配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据
- [DEFAULT]
- # ...
- interface_driver = linuxbridge
- dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
- enable_isolated_metadata = true
7.配置元数据代理(/etc/neutron/metadata_agent.ini)
- [DEFAULT]
- # ...
- nova_metadata_host = controller
- metadata_proxy_shared_secret = METADATA_SECRET
8.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)
- [neutron]
- # ...
- auth_url = http://controller:5000
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- region_name = RegionOne
- project_name = service
- username = neutron
- password = NEUTRON_PASS
- service_metadata_proxy = true
- metadata_proxy_shared_secret = METADATA_SECRET
9.初始化数据库
- ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
10.启动服务
- systemctl restart openstack-nova-api.service
- systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
- systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
- systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service
(14)code
- mysql -u root -p1234qwer
- CREATE DATABASE neutron;
- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
- quit
- . /root/admin-openrc
- openstack user create --domain default --password neutron123 neutron
- openstack role add --project admin --user neutron admin
- openstack service create --name neutron --description "OpenStack Compute" network
- openstack endpoint create --region RegionOne network public http://controller:9696
- openstack endpoint create --region RegionOne network internal http://controller:9696
- openstack endpoint create --region RegionOne network admin http://controller:9696
- yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
- sed -i '/^\[DEFAULT\]/a notify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a notify_nova_on_port_status_changes = true' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a allow_overlapping_ips = true' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a service_plugins = router' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a core_plugin = ml2' /etc/neutron/neutron.conf
- sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
- sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
- echo '[nova]' >> /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a password = nova123' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a username = nova' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a project_name = admin' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a region_name = RegionOne' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a user_domain_name = default' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a project_domain_name = default' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a auth_type = password' /etc/neutron/neutron.conf
- sed -i '/^\[nova\]/a auth_url = http://controller:5000' /etc/neutron/neutron.conf
- echo '[ml2]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[ml2\]/a extension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[ml2\]/a mechanism_drivers = linuxbridge,l2population' /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[ml2\]/a tenant_network_types = vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[ml2\]/a type_drivers = flat,vlan,vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
- echo '[ml2_type_flat]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini
- echo '[ml2_type_vxlan]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[ml2_type_vxlan\]/a vni_ranges = 1:1000' /etc/neutron/plugins/ml2/ml2_conf.ini
- echo '[securitygroup]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
- sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini
- echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[vxlan\]/a local_ip = 10.1.10.151' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
- echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
- modprobe br_netfilter
- /sbin/sysctl -p
- sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini
- sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/dhcp_agent.ini
- sed -i '/^\[DEFAULT\]/a dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' /etc/neutron/dhcp_agent.ini
- sed -i '/^\[DEFAULT\]/a enable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini
- sed -i '/^\[DEFAULT\]/a metadata_proxy_shared_secret = metadata123' /etc/neutron/metadata_agent.ini
- sed -i '/^\[DEFAULT\]/a nova_metadata_host = controller' /etc/neutron/metadata_agent.ini
- sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
- ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- systemctl restart openstack-nova-api.service
- systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
- systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
- systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service
3.验证
验证:openstack network agent list ##查看代理状态
- openstack network agent list
computer node
1.安装并配置组件
1.安装软件包
- yum install openstack-neutron-linuxbridge ebtables ipset -y
2.配置服务组件(/etc/neutron/neutron.conf)
配置rabbitmq
- [DEFAULT]
- # ...
- transport_url = rabbit://openstack:RABBIT_PASS@controller
配置keystone访问
- [DEFAULT]
- # ...
- auth_strategy = keystone
- [keystone_authtoken]
- # ...
- www_authenticate_uri = http://controller:5000
- auth_url = http://controller:5000
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = neutron
- password = NEUTRON_PASS
配置锁路径
- [oslo_concurrency]
- # ...
- lock_path = /var/lib/neutron/tmp
3.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
- net.bridge.bridge-nf-call-iptables = 1
- net.bridge.bridge-nf-call-ip6tables = 1
将公共虚拟网络和公共物理网络接口映射
- [linux_bridge]
- physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
- [vxlan]
- enable_vxlan = true
- local_ip = OVERLAY_INTERFACE_IP_ADDRESS
- l2_population = true
启用安全组并配置 Linux 桥接 iptables 防火墙驱动
- [securitygroup]
- # ...
- enable_security_group = true
- firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
4.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)
- [neutron]
- # ...
- auth_url = http://controller:5000
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- region_name = RegionOne
- project_name = service
- username = neutron
- password = NEUTRON_PASS
- service_metadata_proxy = true
- metadata_proxy_shared_secret = METADATA_SECRET
(15)code
- yum install openstack-neutron-linuxbridge ebtables ipset -y
- sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
- sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
- sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
- sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
- echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[vxlan\]/a local_ip = 10.1.10.152' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
- echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
- echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
- modprobe br_netfilter
- /sbin/sysctl -p
- sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
- sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
- systemctl restart openstack-nova-compute.service
- systemctl enable neutron-linuxbridge-agent.service;systemctl restart neutron-linuxbridge-agent.service
dashboard
1.安装并配置组件
1.安装软件包
- yum install openstack-dashboard -y
2.配置服务组件(/etc/openstack-dashboard/local_settings)
配置host地址
- OPENSTACK_HOST = "controller"
配置允许访问主机
- ALLOWED_HOSTS = ['*', ]
配置 memcached 会话存储服务
- SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
- CACHES = {
- 'default': {
- 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
- 'LOCATION': 'controller:11211',
- }
- }
启用第3版认证API
- OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
启用对域的支持
- OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本
- OPENSTACK_API_VERSIONS = {
- "identity": 3,
- "image": 2,
- "volume": 3,
- }
通过仪表盘创建用户时的默认域配置为 default
- OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
通过仪表盘创建的用户默认角色配置为 user
- OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
3.启动服务
- systemctl restart httpd.service memcached.service
(16)code
- yum install openstack-dashboard -y
- sed -i '/^OPENSTACK_HOST/s/OPENSTACK_HOST/#OPENSTACK_HOST/' /etc/openstack-dashboard/local_settings
- sed -i '/^#OPENSTACK_HOST/a OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings
- sed -i '/^ALLOWED_HOSTS/s/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings
- sed -i "/^#ALLOWED_HOSTS/a ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings
- cat <<EOF>> /etc/openstack-dashboard/local_settings
- SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
- CACHES = {
- 'default': {
- 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
- 'LOCATION': 'controller:11211',
- }
- }
- OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
- OPENSTACK_API_VERSIONS = {
- "identity": 3,
- "image": 2,
- "volume": 3,
- }
- OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
- OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
- EOF
- echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
- systemctl restart httpd.service memcached.service
dashboard访问异常处理
https://www.cnblogs.com/omgasw/p/11990435.html
lauch instance
1.创建虚拟网络:创建网络
创建子网
创建路由器:←添加私网子网接口
←添加公有网络网关
2.创建计算方案
3.创建键值对
4.添加安全规则
5.启动实例←计算方案,镜像,网络,安全组,密钥对
OpenStack Train版 简单部署流程的更多相关文章
- openstack Train版 “nova-status upgrade check”报错:Forbidden: Forbidden (HTTP 403)
部署openstack train版,在部署完nova项目时,进行检查,执行 nova-status upgrade check 返回报错信息如下: [root@controller ~]# nova ...
- OpenStack Swift集群部署流程与简单使用
之前介绍了<OpenStack Swift All In One安装部署流程与简单使用>,那么接下来就说一说Swift集群部署吧. 1. 简介 本文档详细描述了使用两台PC部署一个小型Sw ...
- OpenStack Train版-1.安装基础环境&服务
1. 服务组件的密码 密码名称 描述 ADMIN_PASS admin用户密码 CINDER_DBPASS 块设备存储服务的数据库密码 CINDER_PASS 块设备存储服务的 cinder 密码 D ...
- OpenStack Train版-14.安装块存储服务cinder(存储节点)
安装cindoer块存储服务节点(存储节点192.168.0.40)使用默认的LVM卷方法,之后改为ceph存储 安装LVM软件包 [root@cinder01 ~]# yum install lvm ...
- OpenStack Train版-10.安装neutron网络服务(网络节点:可选)
可选:安装neutron网络服务节点(neutron01网络节点192.168.0.30)网络配置按照官网文档的租户自助网络 配置系统参数 echo 'net.ipv4.ip_forward = 1' ...
- OpenStack Train版-2.安装keystone身份认证服务
安装 keystone 认证 mysql -uroot create database keystone; grant all privileges on keystone.* to 'keyston ...
- OpenStack Train版-11.安装horizon服务(计算节点)
OpenStack仪表板Dashboard服务的项目名称是Horizon,它所需的唯一服务是身份服务keystone,开发语言是python的web框架Django. 安装Train版本的Horizo ...
- OpenStack kilo版(1) 部署环境
硬件 VMware workstation虚拟机 Ubuntu14.04操作系统 虚拟机网络规划 管理网络: eth0, 桥接模式 10.0.0.0/24 外部网络: eth1, nat模式(需要关闭 ...
- OpenStack Train版-12.创建虚拟网络并启动实例(控制节点)
使用VMware虚拟机创建网络可能会有不可预测到的故障,可以通过dashboard界面,管理员创建admin用户的网络环境 1.第一种: 建立公共提供商网络在admin管理员用户下创建 source ...
随机推荐
- python简单面试题
在这个即将进入金9银10的跳槽季节的时候,肯定需要一波面试题了,安静总结了一些经常遇到的python面试题,让我们一起撸起来. python面试题 1.求出1-100之间的和 # coidng:utf ...
- 01-day-vuex的使用
知识点1===>简单的使用vuex 进行state取值 使用yarn下载 yarn add vuex -D vuex的包叫做 store 跟pages同级 创建store文件夹,文件夹下有sto ...
- Pwn-level1
题目地址 https://dn.jarvisoj.com/challengefiles/level1.80eacdcd51aca92af7749d96efad7fb5 先看一下文件的类型和保护机制 ...
- day76_10_23自定义签发token,其他drf组件
一.签发token的原理 当认证类authentication_classes是JSONWebTokenAuthentication时,其父类JSONWebTokenAPIView只有post 方法, ...
- jdk 自带命令行工具
jps工具 虚拟机进程状况工具 工具主要选项 jstat: 虚拟机统计信息监视工具 jinfo: Java配置信息工具 jinfo( Configuration Info for Java) 的作用是 ...
- Fink| CEP
什么是复杂事件CEP? 一个或多个由简单事件构成的事件流通过一定的规则匹配,然后输出用户想得到的数据,满足规则的复杂事件. 特征: 目标:从有序的简单事件流中发现一些高阶特征 输入:一个或多个由简单事 ...
- Django常用知识整理
Django 的认识,面试题 1. 对Django的认识? #1.Django是走大而全的方向,它最出名的是其全自动化的管理后台:只需要使用起ORM,做简单的对象定义,它就能自动生成数据库结构.以及全 ...
- Mac流程图的软件
里面有破解机器,按照步骤一步步来就可以了 https://www.zhinin.com/omnigraffle_pro-mac.html
- LeetCode 622:设计循环队列 Design Circular Queue
LeetCode 622:设计循环队列 Design Circular Queue 首先来看看队列这种数据结构: 队列:先入先出的数据结构 在 FIFO 数据结构中,将首先处理添加到队列中的第一个元素 ...
- LeetCode 283:移动零 Move Zeroes
给定一个数组 nums,编写一个函数将所有 0 移动到数组的末尾,同时保持非零元素的相对顺序. Given an array nums, write a function to move all 0' ...