OpenStack Train版 简单部署流程
environment
1.网络平面
management(管理网络)→软件安装,组件通信
provider(提供实例网络)→:提供者网络:直接获取ip地址,实例之间直接互通
自服务网络(私有网络):创建虚拟网络→创建路由器←设置公有网络网关
————————————————————→内网到外网转发
2.NTP时间服务(集群必备)
【controller node】
1.Install the packages
yum install chrony -y
2.Edit the chrony.conf file and add, change, or remove the following keys as necessary for your environment
vim /etc/chrony.conf
3.Replace NTP_SERVER with the hostname or IP address of a suitable more accurate (lower stratum) NTP server
server NTP_SERVER iburst
4.To enable other nodes to connect to the chrony daemon on the controller node
allow 10.199.100.0/24
5.Restart the NTP service
systemctl enable chronyd.service;systemctl restart chronyd.service
(1)code
yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server ntp7.aliyun.com iburst' /etc/chrony.conf
sed -i '/^#allow/a allow 10.199.100.0/24' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service
【other nodes】
1.Install the packages
yum install chrony -y
2.Configure the chrony.conf file and comment out or remove all but one server key
vim /etc/chrony.conf
3.Change it to reference the controller node
server controller iburst
4.Restart the NTP service
systemctl enable chronyd.service;systemctl restart chronyd.service
(2)code
yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server controller iburst' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service
【verify operation】
1.Run this command on the all nodes
chronyc sources
chronyc sources
3.openstack安装包,启用openstack库
1.Install the package to enable the OpenStack repository
yum install centos-release-openstack-train -y
2.Upgrade the packages on all nodes
yum upgrade
3.Install the OpenStack client
yum install python-openstackclient -y
(3)code
yum install centos-release-openstack-train -y
yum install python-openstackclient -y
yum upgrade
4.SQL数据库
1.Install the packages
yum install mariadb mariadb-server python2-PyMySQL -y
2.Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed)
vim /etc/my.cnf.d/openstack.cnf
3.Start the database service and configure it to start when the system boots
systemctl enable mariadb.service;systemctl restart mariadb.service
4.Secure the database service by running the mysql_secure_installation script
mysql_secure_installation
(4)code
yum install mariadb mariadb-server python2-PyMySQL -y
cat <<EOF> /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.1.10.151
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
systemctl enable mariadb.service;systemctl restart mariadb.service
mysql_secure_installation
5.消息队列:协调组件之间操作和状态信息
1.Install the package
yum install rabbitmq-server -y
2.Start the message queue service and configure it to start when the system boots
systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
3.Add the openstack user
rabbitmqctl add_user openstack RABBIT_PASS ##Replace RABBIT_PASS with a suitable password
4.Permit configuration, write, and read access for the openstack user
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
(5)code
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
6.Memcached(存放token)
1.Install the packages
yum install memcached python-memcached -y
2.Edit the /etc/sysconfig/memcached file and complete the following actions
OPTIONS="-l 127.0.0.1,::1,controller" ##Change the existing line OPTIONS="-l 127.0.0.1,::1"
3.Start the Memcached service and configure it to start when the system boots
systemctl enable memcached.service;systemctl restart memcached.service
(6)code
yum install memcached python-memcached -y
sed -i '/^OPTIONS=/cOPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached
systemctl enable memcached.service;systemctl restart memcached.service
7.Etcd
1.Install the package
yum install etcd -y
2.Edit the /etc/etcd/etcd.conf file and set
vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
3.Enable and start the etcd service
systemctl enable etcd;systemctl restart etcd
(7)code
yum install etcd -y
sed -i '/ETCD_DATA_DIR=/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_PEER_URLS=/cETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_CLIENT_URLS=/cETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_NAME=/cETCD_NAME="controller"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_ADVERTISE_PEER_URLS=/cETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_ADVERTISE_CLIENT_URLS=/cETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN=/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE=/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd;systemctl restart etcd
keystone
1.安装并配置组件
【创库授权】
1.Use the database access client to connect to the database server as the root user
mysql -u root -p
2.Create the keystone database
MariaDB [(none)]> CREATE DATABASE keystone;
3.Grant proper access to the keystone database
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
【Install and configure components】
4.install the packages openstack-keystone httpd(基于http对外提供服务) mod_wsgi(python应用和web服务中间件,支持python应用部署到web服务上)
yum install openstack-keystone httpd mod_wsgi -y
5.Edit the /etc/keystone/keystone.conf file and complete the following actions
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
# ...
provider = fernet
6.Populate the Identity service database
su -s /bin/sh -c "keystone-manage db_sync" keystone
7.Initialize Fernet key repositories
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
8.Bootstrap the Identity service
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
【Configure the Apache HTTP server】
9.Edit the /etc/httpd/conf/httpd.conf file and configure
ServerName controller
10.Create a link to the /usr/share/keystone/wsgi-keystone.conf file
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
【Finalize the installation】
11.Start the Apache HTTP service and configure it to start when the system boots
systemctl enable httpd.service;systemctl restart httpd.service
12.Configure the administrative account by setting the proper environmental variables
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
(8)code
mysql -u root -p1234qwer
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
quit
yum install openstack-keystone httpd mod_wsgi -y
sed -i -e '/^connection/s/connection/#connection/' -e '/^provider/s/provider/#provider/' /etc/keystone/keystone.conf
sed -i '/^#connection/a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone' /etc/keystone/keystone.conf
sed -i '/^#provider/a provider = fernet' /etc/keystone/keystone.conf
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
sed -i -e '/^ServerName/s/ServerName/#ServerName/' /etc/httpd/conf/httpd.conf
sed -i '/^#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service;systemctl restart httpd.service
2.创建域,项目,用户和角色
1.Although the “default” domain already exists from the keystone-manage bootstrap step in this guide, a formal way to create a new domain would be
openstack domain create --description "An Example Domain" example
2.This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project
openstack project create --domain default --description "Service Project" service
3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the myproject project and myuser user
openstack project create --domain default --description "Demo Project" myproject ##Create the myproject project
openstack user create --domain default --password-prompt myuser ##Create the myuser user
openstack role create myrole ##Create the myrole role
openstack role add --project myproject --user myuser myrole ##Add themyrolerole to themyprojectproject andmyuseruser
(创建domain,project,user,role,给user赋予role权限)
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password DEMO_PASS myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
3.验证:请求认证令牌
1.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable
unset OS_AUTH_URL OS_PASSWORD
2.As the admin user, request an authentication token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
3.As the myuser user created in the previous section, request an authentication token
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
4.创建openstack客户端环境脚本
1.Create and edit the admin-openrc file and add the following content
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.Create and edit the demo-openrc file and add the following content
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3.Using the scripts
. admin-openrc
(9)code
cat <<EOF> /root/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
cat <<EOF> /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
glance
1.条件设置
1.创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
2.创建用户→创建glance用户
openstack user create --domain default --password glance123 glance
赋权→赋予admin权限
openstack role add --project admin --user glance admin
创建服务实体→创建glance service
openstack service create --name glance --description "OpenStack Image" image
3.创建服务端点API:public
internal
admin
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
2.安装并配置组件
1.安装软件包
yum install openstack-glance -y
2.修改配置文件
[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = glance
password = glance123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.初始化数据库
su -s /bin/sh -c "glance-manage db_sync" glance
4.启动服务
systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service
(10)code
mysql -u root -p1234qwer
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password glance123 glance
openstack role add --project admin --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
yum install openstack-glance -y
sed -i '/^\[database\]/a connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a password = glance123' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a username = glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[paste_deploy\]/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a filesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a default_store = file' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a stores = file,http' /etc/glance/glance-api.conf
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service
3.验证
1.openstack image create ##注册镜像
. admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
2.openstack image list ##查看镜像信息
openstack image list
placement
1.条件设置
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
2.安装并配置组件
1.Install the packages
yum install openstack-placement-api -y
2.Edit the /etc/placement/placement.conf file and complete the following actions
配置数据库访问
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement
配置keystone认证
[api]
# ...
auth_strategy = keystone [keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
启用placement api访问
adding the following configuration to /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
3.Populate the placement database
su -s /bin/sh -c "placement-manage db sync" placement
4.启动服务
systemctl restart httpd
(11)code
mysql -u root -p1234qwer
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
yum install openstack-placement-api -y
sed -i '/^\[placement_database\]/a connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' /etc/placement/placement.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a password = placement123' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a username = placement' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/v3' /etc/placement/placement.conf
cat <<EOF>> /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
EOF
su -s /bin/sh -c "placement-manage db sync" placement
systemctl restart httpd
3.验证
1.Perform status checks to make sure everything is in order
placement-status upgrade check
2.Run some commands against the placement API
nova
controller node
1.条件设置
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
2.安装并配置组件
1.安装软件包
openstack-nova-api openstack-nova-conductor(连接数据库) openstack-nova-console(访问控制台) openstack-nova-novncproxy(提供控制台服务) openstack-nova-scheduler(computer调度) openstack-nova-placement-api
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
2.Edit the /etc/nova/nova.conf file
配置api
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
配置数据库访问(database,api_database)
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
配置keystone认证
[api]
# ...
auth_strategy = keystone [keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = nova
password = nova123
配置网络服务支持
[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
配置vnc代理
[DEFAULT]
...
my_ip = 10.1.10.151 [vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
配置镜像api
[glance]
# ...
api_servers = http://controller:9292
配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
配置placement service认证
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = admin
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement123
3.初始化数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
4.启动服务
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
(12)code
mysql -u root -p1234qwer
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.151' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
3.验证
1.验证:openstack compute service list ##查看服务组件
openstack compute service list
2.List API endpoints in the Identity service to verify connectivity with the Identity service
openstack catalog list
3.List images in the Image service to verify connectivity with the Image service
openstack image list
4.Check the cells and placement API are working successfully and that other necessary prerequisites are in place
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
nova-status upgrade check
openstack compute service list --service nova-compute
computer node
1.安装并配置组件
1.安装软件包
yum install openstack-nova-compute -y
2.Edit the /etc/nova/nova.conf file
配置api
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
配置数据库访问(database,api_database)
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
配置keystone认证
[api]
# ...
auth_strategy = keystone [keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = nova
password = nova123
配置网络服务支持
[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
配置vnc代理
[DEFAULT]
...
my_ip = 10.1.10.152 [vnc]
# ...
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html ##修改为ip地址以确保dashboard中可以打开实例控制台
配置镜像api
[glance]
# ...
api_servers = http://controller:9292
配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
配置placement service认证
[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = admin
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement123
(13)code
yum install openstack-nova-compute -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.152' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a novncproxy_base_url = http://controller:6080/vnc_auto.html' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = 0.0.0.0' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^#vif_plugging_is_fatal/a vif_plugging_is_fatal=false' /etc/nova/nova.conf
sed -i '/^#vif_plugging_timeout/a vif_plugging_timeout=0' /etc/nova/nova.conf
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl restart libvirtd.service openstack-nova-compute.service
neutron
controller node
1.条件设置
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
2.安装并配置组件
1.安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
2.配置服务组件(/etc/neutron/neutron.conf)
配置数据库访问
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
启用ML2插件
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
配置keystone访问
[DEFAULT]
# ...
auth_strategy = keystone [keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
配置网络服务来通知计算节点的网络拓扑变化
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true [nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
3.配置ml2插件(/etc/neutron/plugins/ml2/ml2_conf.ini)
启用flat,VLAN以及VXLAN网络
[ml2]
# ...
type_drivers = flat,vlan,vxlan
启用VXLAN私有网络
[ml2]
# ...
tenant_network_types = vxlan
启用Linuxbridge和l2机制
[ml2]
# ...
mechanism_drivers = linuxbridge,l2population
启用端口安全扩展驱动
[ml2]
# ...
extension_drivers = port_security
配置公共虚拟网络为flat网络
[ml2_type_flat]
# ...
flat_networks = provider
为私有网络配置VXLAN范围
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
启用 ipset 增加安全组的方便性
[securitygroup]
# ...
enable_ipset = true
4.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
将公共虚拟网络和公共物理网络接口映射
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
启用安全组并配置 Linux 桥接 iptables 防火墙驱动
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
5.配置L3代理(/etc/neutron/l3_agent.ini)
配置Linuxbridge接口驱动和外部网络网桥
[DEFAULT]
# ...
interface_driver = linuxbridge
6.配置dhcp代理(/etc/neutron/dhcp_agent.ini)
配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
7.配置元数据代理(/etc/neutron/metadata_agent.ini)
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
8.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
9.初始化数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
10.启动服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service
(14)code
mysql -u root -p1234qwer
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_status_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a allow_overlapping_ips = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a service_plugins = router' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a core_plugin = ml2' /etc/neutron/neutron.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[nova]' >> /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a password = nova123' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a username = nova' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a region_name = RegionOne' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a user_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_url = http://controller:5000' /etc/neutron/neutron.conf
echo '[ml2]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a extension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a mechanism_drivers = linuxbridge,l2population' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a tenant_network_types = vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a type_drivers = flat,vlan,vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_flat]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_vxlan]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_vxlan\]/a vni_ranges = 1:1000' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.151' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a enable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a metadata_proxy_shared_secret = metadata123' /etc/neutron/metadata_agent.ini
sed -i '/^\[DEFAULT\]/a nova_metadata_host = controller' /etc/neutron/metadata_agent.ini
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service
3.验证
验证:openstack network agent list ##查看代理状态
openstack network agent list
computer node
1.安装并配置组件
1.安装软件包
yum install openstack-neutron-linuxbridge ebtables ipset -y
2.配置服务组件(/etc/neutron/neutron.conf)
配置rabbitmq
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
配置keystone访问
[DEFAULT]
# ...
auth_strategy = keystone [keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
配置锁路径
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
3.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
将公共虚拟网络和公共物理网络接口映射
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
启用安全组并配置 Linux 桥接 iptables 防火墙驱动
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
4.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
(15)code
yum install openstack-neutron-linuxbridge ebtables ipset -y
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.152' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service;systemctl restart neutron-linuxbridge-agent.service
dashboard
1.安装并配置组件
1.安装软件包
yum install openstack-dashboard -y
2.配置服务组件(/etc/openstack-dashboard/local_settings)
配置host地址
OPENSTACK_HOST = "controller"
配置允许访问主机
ALLOWED_HOSTS = ['*', ]
配置 memcached 会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
启用第3版认证API
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
通过仪表盘创建用户时的默认域配置为 default
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
通过仪表盘创建的用户默认角色配置为 user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
3.启动服务
systemctl restart httpd.service memcached.service
(16)code
yum install openstack-dashboard -y
sed -i '/^OPENSTACK_HOST/s/OPENSTACK_HOST/#OPENSTACK_HOST/' /etc/openstack-dashboard/local_settings
sed -i '/^#OPENSTACK_HOST/a OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings
sed -i '/^ALLOWED_HOSTS/s/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings
sed -i "/^#ALLOWED_HOSTS/a ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings
cat <<EOF>> /etc/openstack-dashboard/local_settings
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
EOF
echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
systemctl restart httpd.service memcached.service
dashboard访问异常处理
https://www.cnblogs.com/omgasw/p/11990435.html
lauch instance
1.创建虚拟网络:创建网络
创建子网
创建路由器:←添加私网子网接口
←添加公有网络网关
2.创建计算方案
3.创建键值对
4.添加安全规则
5.启动实例←计算方案,镜像,网络,安全组,密钥对
OpenStack Train版 简单部署流程的更多相关文章
- openstack Train版 “nova-status upgrade check”报错:Forbidden: Forbidden (HTTP 403)
部署openstack train版,在部署完nova项目时,进行检查,执行 nova-status upgrade check 返回报错信息如下: [root@controller ~]# nova ...
- OpenStack Swift集群部署流程与简单使用
之前介绍了<OpenStack Swift All In One安装部署流程与简单使用>,那么接下来就说一说Swift集群部署吧. 1. 简介 本文档详细描述了使用两台PC部署一个小型Sw ...
- OpenStack Train版-1.安装基础环境&服务
1. 服务组件的密码 密码名称 描述 ADMIN_PASS admin用户密码 CINDER_DBPASS 块设备存储服务的数据库密码 CINDER_PASS 块设备存储服务的 cinder 密码 D ...
- OpenStack Train版-14.安装块存储服务cinder(存储节点)
安装cindoer块存储服务节点(存储节点192.168.0.40)使用默认的LVM卷方法,之后改为ceph存储 安装LVM软件包 [root@cinder01 ~]# yum install lvm ...
- OpenStack Train版-10.安装neutron网络服务(网络节点:可选)
可选:安装neutron网络服务节点(neutron01网络节点192.168.0.30)网络配置按照官网文档的租户自助网络 配置系统参数 echo 'net.ipv4.ip_forward = 1' ...
- OpenStack Train版-2.安装keystone身份认证服务
安装 keystone 认证 mysql -uroot create database keystone; grant all privileges on keystone.* to 'keyston ...
- OpenStack Train版-11.安装horizon服务(计算节点)
OpenStack仪表板Dashboard服务的项目名称是Horizon,它所需的唯一服务是身份服务keystone,开发语言是python的web框架Django. 安装Train版本的Horizo ...
- OpenStack kilo版(1) 部署环境
硬件 VMware workstation虚拟机 Ubuntu14.04操作系统 虚拟机网络规划 管理网络: eth0, 桥接模式 10.0.0.0/24 外部网络: eth1, nat模式(需要关闭 ...
- OpenStack Train版-12.创建虚拟网络并启动实例(控制节点)
使用VMware虚拟机创建网络可能会有不可预测到的故障,可以通过dashboard界面,管理员创建admin用户的网络环境 1.第一种: 建立公共提供商网络在admin管理员用户下创建 source ...
随机推荐
- 如何下载Youtube上的视频, 字幕, MP3等资源, 方法简单直接!
Youtube不用多说了吧,秒杀国内一众视频平台,没有之一, 既然关注Youtube说明大家对Youtube都是认同的.不用说4K,8K视频,比起国内一些伪4K, 真的良心, 就连广告也是5秒跳过, ...
- 【bzoj4006】[JLOI2015]管道连接(斯坦纳树+dp)
题目链接 题意: 给出\(n\)个点,\(m\)条边,同时给出\(p\)个重要的点以及对应特征. 现在要选出一些边,问使得这\(p\)个所有特征相同的点相连,问最小代价. 思路: 斯坦纳树的应用场景一 ...
- 浅谈JS函数防抖及应用场景
[前言] 在工作中,我们可能碰到这样的问题: 用户在搜索的时候,在不停敲字,如果每敲一个字我们就要调一次接口,接口调用太频繁,给卡住了. 用户在阅读文章的时候,我们需要监听用户滚动到了哪个标题,但是每 ...
- js字符串操作总结(必看篇)
本文链接: https://www.jb51.net/article/97915.htm 字符方法 <!DOCTYPE html> <html lang="en" ...
- day77_10_24分页器
一.偏移分页器. 在偏移分页器中,limit代表的是一次性显示的条数,而offset代表的是他基于开头的偏移量. from rest_framework.pagination import Limit ...
- luoguP2824 [HEOI2016/TJOI2016]排序(线段树分裂做法)
题意 所谓线段树分裂其实是本题的在线做法. 考虑如果我们有一个已经排好序的区间的权值线段树,那么就可以通过线段树上二分的方法得到第\(k\)个数是谁. 于是用set维护每个升序/降序区间的左右端点以及 ...
- hasattr、getattr、setattr、delattr、反射
目录 hasattr getattr setattr delattr 反射的应用 __import__(了解) 思考: 在做程序开发中,我们常常会遇到这样的需求:需要执行对象里的某个方法,或需要调用对 ...
- [PHP] laravel5.5 搭建流程
1.nginx 配置 server { listen 80; server_name laravel5-test.d.com; charset utf-8; location ...
- MySQL实战45讲学习笔记:第四十三讲
一.本节概述 我经常被问到这样一个问题:分区表有什么问题,为什么公司规范不让使用分区表呢?今天,我们就来聊聊分区表的使用行为,然后再一起回答这个问题. 二.分区表是什么? 为了说明分区表的组织形式,我 ...
- 深入理解Linux内核 学习笔记(8)
第八章 系统调用 API定义了一个给定的服务:系统调用是通过软中断向内核发出一个明确的请求. API可能不调用系统调用,也可能调用多个系统调用. Linux系统调用必须通过执行int 0x80,系统调 ...