environment

1.网络平面

management(管理网络)→软件安装,组件通信

provider(提供实例网络)→:提供者网络:直接获取ip地址,实例之间直接互通

               自服务网络(私有网络):创建虚拟网络→创建路由器←设置公有网络网关

                           ————————————————————→内网到外网转发

2.NTP时间服务(集群必备)

【controller node】

1.Install the packages

yum install chrony -y

2.Edit the chrony.conf file and add, change, or remove the following keys as necessary for your environment

vim /etc/chrony.conf

3.Replace NTP_SERVER with the hostname or IP address of a suitable more accurate (lower stratum) NTP server

server NTP_SERVER iburst

4.To enable other nodes to connect to the chrony daemon on the controller node

allow 10.199.100.0/24

5.Restart the NTP service

systemctl enable chronyd.service;systemctl restart chronyd.service

(1)code

yum install chrony -y

sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server ntp7.aliyun.com iburst' /etc/chrony.conf
sed -i '/^#allow/a allow 10.199.100.0/24' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service

【other nodes】

1.Install the packages

yum install chrony -y

2.Configure the chrony.conf file and comment out or remove all but one server key

vim /etc/chrony.conf

3.Change it to reference the controller node

server controller iburst

4.Restart the NTP service

systemctl enable chronyd.service;systemctl restart chronyd.service

(2)code

yum install chrony -y

sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server controller iburst' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service

【verify operation】

1.Run this command on the all nodes

chronyc sources
chronyc sources

3.openstack安装包,启用openstack库

1.Install the package to enable the OpenStack repository

yum install centos-release-openstack-train -y

2.Upgrade the packages on all nodes

yum upgrade

3.Install the OpenStack client

yum install python-openstackclient -y

(3)code

yum install centos-release-openstack-train -y
yum install python-openstackclient -y

yum upgrade

4.SQL数据库

1.Install the packages

yum install mariadb mariadb-server python2-PyMySQL -y

2.Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed)

vim /etc/my.cnf.d/openstack.cnf

3.Start the database service and configure it to start when the system boots

systemctl enable mariadb.service;systemctl restart mariadb.service

4.Secure the database service by running the mysql_secure_installation script

mysql_secure_installation

(4)code

yum install mariadb mariadb-server python2-PyMySQL -y

cat <<EOF> /etc/my.cnf.d/openstack.cnf
[mysqld]

bind-address = 10.1.10.151

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8
EOF
systemctl enable mariadb.service;systemctl restart mariadb.service

mysql_secure_installation

5.消息队列:协调组件之间操作和状态信息

1.Install the package

yum install rabbitmq-server -y

2.Start the message queue service and configure it to start when the system boots

systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service

3.Add the openstack user

rabbitmqctl add_user openstack RABBIT_PASS  ##Replace RABBIT_PASS with a suitable password

4.Permit configuration, write, and read access for the openstack user

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

(5)code

yum install rabbitmq-server -y

systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service

rabbitmqctl add_user openstack RABBIT_PASS

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

6.Memcached(存放token)

1.Install the packages

yum install memcached python-memcached -y

2.Edit the /etc/sysconfig/memcached file and complete the following actions

OPTIONS="-l 127.0.0.1,::1,controller"  ##Change the existing line OPTIONS="-l 127.0.0.1,::1"

3.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service;systemctl restart memcached.service

(6)code

yum install memcached python-memcached -y

sed -i '/^OPTIONS=/cOPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached
systemctl enable memcached.service;systemctl restart memcached.service

7.Etcd

1.Install the package

yum install etcd -y

2.Edit the /etc/etcd/etcd.conf file and set

vim /etc/etcd/etcd.conf

#[Member]

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"

ETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"

ETCD_NAME="controller"

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"

ETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

3.Enable and start the etcd service

systemctl enable etcd;systemctl restart etcd

(7)code

yum install etcd -y

sed -i '/ETCD_DATA_DIR=/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_PEER_URLS=/cETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_CLIENT_URLS=/cETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_NAME=/cETCD_NAME="controller"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_ADVERTISE_PEER_URLS=/cETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_ADVERTISE_CLIENT_URLS=/cETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN=/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE=/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd;systemctl restart etcd

keystone

1.安装并配置组件

【创库授权】

1.Use the database access client to connect to the database server as the root user

mysql -u root -p

2.Create the keystone database

MariaDB [(none)]> CREATE DATABASE keystone;

3.Grant proper access to the keystone database

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

【Install and configure components】

4.install the packages openstack-keystone httpd(基于http对外提供服务) mod_wsgi(python应用和web服务中间件,支持python应用部署到web服务上)

yum install openstack-keystone httpd mod_wsgi -y

5.Edit the /etc/keystone/keystone.conf file and complete the following actions

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]

# ...

provider = fernet

6.Populate the Identity service database

su -s /bin/sh -c "keystone-manage db_sync" keystone

7.Initialize Fernet key repositories

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

8.Bootstrap the Identity service

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \

  --bootstrap-admin-url http://controller:5000/v3/ \

  --bootstrap-internal-url http://controller:5000/v3/ \

  --bootstrap-public-url http://controller:5000/v3/ \

【Configure the Apache HTTP server】

9.Edit the /etc/httpd/conf/httpd.conf file and configure

ServerName controller

10.Create a link to the /usr/share/keystone/wsgi-keystone.conf file

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

【Finalize the installation】

11.Start the Apache HTTP service and configure it to start when the system boots

systemctl enable httpd.service;systemctl restart httpd.service

12.Configure the administrative account by setting the proper environmental variables

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

(8)code

mysql -u root -p1234qwer

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

quit

yum install openstack-keystone httpd mod_wsgi -y

sed -i -e '/^connection/s/connection/#connection/' -e '/^provider/s/provider/#provider/' /etc/keystone/keystone.conf

sed -i '/^#connection/a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone' /etc/keystone/keystone.conf

sed -i '/^#provider/a provider = fernet' /etc/keystone/keystone.conf

su -s /bin/sh -c "keystone-manage db_sync" keystone

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \

  --bootstrap-admin-url http://controller:5000/v3/ \

  --bootstrap-internal-url http://controller:5000/v3/ \

  --bootstrap-public-url http://controller:5000/v3/ \

  --bootstrap-region-id RegionOne

sed -i -e '/^ServerName/s/ServerName/#ServerName/' /etc/httpd/conf/httpd.conf

sed -i '/^#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

systemctl enable httpd.service;systemctl restart httpd.service

2.创建域,项目,用户和角色

1.Although the “default” domain already exists from the keystone-manage bootstrap step in this guide, a formal way to create a new domain would be

openstack domain create --description "An Example Domain" example

2.This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project

openstack project create --domain default --description "Service Project" service

3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the myproject project and myuser user

openstack project create --domain default --description "Demo Project" myproject  ##Create the myproject project
openstack user create --domain default --password-prompt myuser  ##Create the myuser user
openstack role create myrole  ##Create the myrole role
openstack role add --project myproject --user myuser myrole  ##Add the myrole role to the myproject project and myuser user

(创建domain,project,user,role,给user赋予role权限)

openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Demo Project" myproject

openstack user create --domain default --password DEMO_PASS myuser

openstack role create myrole

openstack role add --project myproject --user myuser myrole

3.验证:请求认证令牌

1.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable

unset OS_AUTH_URL OS_PASSWORD

2.As the admin user, request an authentication token

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

3.As the myuser user created in the previous section, request an authentication token

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue

4.创建openstack客户端环境脚本

1.Create and edit the admin-openrc file and add the following content

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

2.Create and edit the demo-openrc file and add the following content

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

3.Using the scripts

. admin-openrc

(9)code

cat <<EOF> /root/admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=ADMIN_PASS

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

EOF

cat <<EOF> /root/demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=myproject

export OS_USERNAME=myuser

export OS_PASSWORD=DEMO_PASS

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

EOF

glance

1.条件设置

1.创库授权

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';

2.创建用户→创建glance用户

openstack user create --domain default --password glance123 glance

赋权→赋予admin权限

openstack role add --project admin --user glance admin

创建服务实体→创建glance service

openstack service create --name glance --description "OpenStack Image" image

3.创建服务端点API:public

           internal

           admin

openstack endpoint create --region RegionOne image public http://controller:9292

openstack endpoint create --region RegionOne image internal http://controller:9292

openstack endpoint create --region RegionOne image admin http://controller:9292

2.安装并配置组件

1.安装软件包

yum install openstack-glance -y

2.修改配置文件

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = glance
password = glance123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

3.初始化数据库

su -s /bin/sh -c "glance-manage db_sync" glance

4.启动服务

systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service

(10)code

mysql -u root -p1234qwer

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';

quit

. /root/admin-openrc

openstack user create --domain default --password glance123 glance

openstack role add --project admin --user glance admin

openstack service create --name glance --description "OpenStack Image" image

openstack endpoint create --region RegionOne image public http://controller:9292

openstack endpoint create --region RegionOne image internal http://controller:9292

openstack endpoint create --region RegionOne image admin http://controller:9292

yum install openstack-glance -y

sed -i '/^\[database\]/a connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a password = glance123' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a username = glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri  = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[paste_deploy\]/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a filesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a default_store = file' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a stores = file,http' /etc/glance/glance-api.conf

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service

3.验证

1.openstack image create  ##注册镜像

. admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public

2.openstack image list  ##查看镜像信息

openstack image list

placement

1.条件设置

CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778

openstack endpoint create --region RegionOne placement internal http://controller:8778

openstack endpoint create --region RegionOne placement admin http://controller:8778

2.安装并配置组件

1.Install the packages

yum install openstack-placement-api -y

2.Edit the /etc/placement/placement.conf file and complete the following actions

配置数据库访问

[placement_database]

# ...

connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

配置keystone认证

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = placement

password = PLACEMENT_PASS

启用placement api访问

adding the following configuration to /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>

   <IfVersion >= 2.4>

      Require all granted

   </IfVersion>

   <IfVersion < 2.4>

      Order allow,deny

      Allow from all

   </IfVersion>

</Directory>

3.Populate the placement database

su -s /bin/sh -c "placement-manage db sync" placement

4.启动服务

systemctl restart httpd

(11)code

mysql -u root -p1234qwer

CREATE DATABASE placement;

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';

GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
quit
. /root/admin-openrc

openstack user create --domain default --password placement123 placement

openstack role add --project admin --user placement admin

openstack service create --name placement --description "Placement API" placement

openstack endpoint create --region RegionOne placement public http://controller:8778

openstack endpoint create --region RegionOne placement internal http://controller:8778

openstack endpoint create --region RegionOne placement admin http://controller:8778

yum install openstack-placement-api -y

sed -i '/^\[placement_database\]/a connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' /etc/placement/placement.conf

sed -i '/^\[api\]/a auth_strategy = keystone' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a password = placement123' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a username = placement' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/placement/placement.conf

sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/v3' /etc/placement/placement.conf

cat <<EOF>> /etc/httpd/conf.d/00-nova-placement-api.conf

<Directory /usr/bin>

   <IfVersion >= 2.4>

      Require all granted

   </IfVersion>

   <IfVersion < 2.4>

      Order allow,deny

      Allow from all

   </IfVersion>

</Directory>

EOF

su -s /bin/sh -c "placement-manage db sync" placement

systemctl restart httpd

3.验证

1.Perform status checks to make sure everything is in order

placement-status upgrade check

2.Run some commands against the placement API

nova

controller node

1.条件设置

CREATE DATABASE nova_api;

CREATE DATABASE nova;

CREATE DATABASE nova_cell0;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

openstack user create --domain default --password nova123 nova

openstack role add --project admin --user nova admin

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

2.安装并配置组件

1.安装软件包

openstack-nova-api openstack-nova-conductor(连接数据库) openstack-nova-console(访问控制台) openstack-nova-novncproxy(提供控制台服务) openstack-nova-scheduler(computer调度) openstack-nova-placement-api

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

2.Edit the /etc/nova/nova.conf file

配置api

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata

配置数据库访问(database,api_database)

[api_database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

配置keystone认证

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000/

auth_url = http://controller:5000/

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = admin

username = nova

password = nova123

配置网络服务支持

[DEFAULT]

# ...

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

配置vnc代理

[DEFAULT]

...

my_ip = 10.1.10.151

[vnc]

enabled = true

# ...

server_listen = $my_ip

server_proxyclient_address = $my_ip

配置镜像api

[glance]

# ...

api_servers = http://controller:9292

配置锁路径

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

配置placement service认证

[placement]

# ...

region_name = RegionOne

project_domain_name = Default

project_name = admin

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = placement123

3.初始化数据库

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

su -s /bin/sh -c "nova-manage db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

4.启动服务

systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

(12)code

mysql -u root -p1234qwer

CREATE DATABASE nova_api;

CREATE DATABASE nova;

CREATE DATABASE nova_cell0;

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';

GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';

quit

. /root/admin-openrc

openstack user create --domain default --password nova123 nova

openstack role add --project admin --user nova admin

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.151' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf

sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf

sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf

sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a server_listen = $my_ip' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf

sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf

sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf

sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf

sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf

sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf

sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf

sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf

sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf

su -s /bin/sh -c "nova-manage api_db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

su -s /bin/sh -c "nova-manage db sync" nova

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

3.验证

1.验证:openstack compute service list  ##查看服务组件

openstack compute service list

2.List API endpoints in the Identity service to verify connectivity with the Identity service

openstack catalog list

3.List images in the Image service to verify connectivity with the Image service

openstack image list

4.Check the cells and placement API are working successfully and that other necessary prerequisites are in place

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
nova-status upgrade check
openstack compute service list --service nova-compute

computer node

1.安装并配置组件

1.安装软件包

yum install openstack-nova-compute -y

2.Edit the /etc/nova/nova.conf file

配置api

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata

配置数据库访问(database,api_database)

[api_database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]

# ...

connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

配置keystone认证

[api]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000/

auth_url = http://controller:5000/

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = admin

username = nova

password = nova123

配置网络服务支持

[DEFAULT]

# ...

use_neutron = true

firewall_driver = nova.virt.firewall.NoopFirewallDriver

配置vnc代理

[DEFAULT]

...

my_ip = 10.1.10.152

[vnc]

# ...
enabled = true

server_listen = 0.0.0.0

server_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html  ##修改为ip地址以确保dashboard中可以打开实例控制台

配置镜像api

[glance]

# ...

api_servers = http://controller:9292

配置锁路径

[oslo_concurrency]

# ...

lock_path = /var/lib/nova/tmp

配置placement service认证

[placement]

# ...

region_name = RegionOne

project_domain_name = Default

project_name = admin

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = placement123

(13)code

yum install openstack-nova-compute -y

sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.152' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/nova/nova.conf

sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf

sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf

sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf

sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf

sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a novncproxy_base_url = http://controller:6080/vnc_auto.html' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a server_listen = 0.0.0.0' /etc/nova/nova.conf

sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf

sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf

sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf

sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf

sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf

sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf

sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf

sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf

sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf

sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^#vif_plugging_is_fatal/a vif_plugging_is_fatal=false' /etc/nova/nova.conf
sed -i '/^#vif_plugging_timeout/a vif_plugging_timeout=0' /etc/nova/nova.conf
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl restart libvirtd.service openstack-nova-compute.service

neutron

controller node

1.条件设置

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

2.安装并配置组件

1.安装软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

2.配置服务组件(/etc/neutron/neutron.conf)

配置数据库访问

[database]

# ...

connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

启用ML2插件

[DEFAULT]

# ...

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

配置rabbitmq

[DEFAULT]

# ...

transport_url = rabbit://openstack:RABBIT_PASS@controller

配置keystone访问

[DEFAULT]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = NEUTRON_PASS

配置网络服务来通知计算节点的网络拓扑变化

[DEFAULT]

# ...

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

[nova]

# ...

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = NOVA_PASS

配置锁路径

[oslo_concurrency]

# ...

lock_path = /var/lib/neutron/tmp

3.配置ml2插件(/etc/neutron/plugins/ml2/ml2_conf.ini)

启用flat,VLAN以及VXLAN网络

[ml2]

# ...

type_drivers = flat,vlan,vxlan

启用VXLAN私有网络

[ml2]

# ...

tenant_network_types = vxlan

启用Linuxbridge和l2机制

[ml2]

# ...

mechanism_drivers = linuxbridge,l2population

启用端口安全扩展驱动

[ml2]

# ...

extension_drivers = port_security

配置公共虚拟网络为flat网络

[ml2_type_flat]

# ...

flat_networks = provider

为私有网络配置VXLAN范围

[ml2_type_vxlan]

# ...

vni_ranges = 1:1000

启用 ipset 增加安全组的方便性

[securitygroup]

# ...

enable_ipset = true

4.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

将公共虚拟网络和公共物理网络接口映射

[linux_bridge]

physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population

[vxlan]

enable_vxlan = true

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = true

启用安全组并配置 Linux 桥接 iptables 防火墙驱动

[securitygroup]

# ...

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

5.配置L3代理(/etc/neutron/l3_agent.ini)

配置Linuxbridge接口驱动和外部网络网桥

[DEFAULT]

# ...

interface_driver = linuxbridge

6.配置dhcp代理(/etc/neutron/dhcp_agent.ini)

配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据

[DEFAULT]

# ...

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

7.配置元数据代理(/etc/neutron/metadata_agent.ini)

[DEFAULT]

# ...

nova_metadata_host = controller

metadata_proxy_shared_secret = METADATA_SECRET

8.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)

[neutron]

# ...

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = NEUTRON_PASS

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

9.初始化数据库

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

10.启动服务

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service

(14)code

mysql -u root -p1234qwer

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';

quit

. /root/admin-openrc

openstack user create --domain default --password neutron123 neutron

openstack role add --project admin --user neutron admin

openstack service create --name neutron --description "OpenStack Compute" network

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

sed -i '/^\[DEFAULT\]/a notify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a notify_nova_on_port_status_changes = true' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a allow_overlapping_ips = true' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a service_plugins = router' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a core_plugin = ml2' /etc/neutron/neutron.conf

sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf

sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf

echo '[nova]' >> /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a password = nova123' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a username = nova' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a project_name = admin' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a region_name = RegionOne' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a user_domain_name = default' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a project_domain_name = default' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a auth_type = password' /etc/neutron/neutron.conf

sed -i '/^\[nova\]/a auth_url = http://controller:5000' /etc/neutron/neutron.conf

echo '[ml2]' >> /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[ml2\]/a extension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[ml2\]/a mechanism_drivers = linuxbridge,l2population' /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[ml2\]/a tenant_network_types = vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[ml2\]/a type_drivers = flat,vlan,vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini

echo '[ml2_type_flat]' >> /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini

echo '[ml2_type_vxlan]' >> /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[ml2_type_vxlan\]/a vni_ranges = 1:1000' /etc/neutron/plugins/ml2/ml2_conf.ini

echo '[securitygroup]' >> /etc/neutron/plugins/ml2/ml2_conf.ini

sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini

echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[vxlan\]/a local_ip = 10.1.10.151' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf

echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf

modprobe br_netfilter

/sbin/sysctl -p

sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini

sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/dhcp_agent.ini

sed -i '/^\[DEFAULT\]/a dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' /etc/neutron/dhcp_agent.ini

sed -i '/^\[DEFAULT\]/a enable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini

sed -i '/^\[DEFAULT\]/a metadata_proxy_shared_secret = metadata123' /etc/neutron/metadata_agent.ini

sed -i '/^\[DEFAULT\]/a nova_metadata_host = controller' /etc/neutron/metadata_agent.ini

sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service

3.验证

验证:openstack network agent list  ##查看代理状态

openstack network agent list

computer node

1.安装并配置组件

1.安装软件包

yum install openstack-neutron-linuxbridge ebtables ipset -y

2.配置服务组件(/etc/neutron/neutron.conf)

配置rabbitmq

[DEFAULT]

# ...

transport_url = rabbit://openstack:RABBIT_PASS@controller

配置keystone访问

[DEFAULT]

# ...

auth_strategy = keystone

[keystone_authtoken]

# ...

www_authenticate_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = NEUTRON_PASS

配置锁路径

[oslo_concurrency]

# ...

lock_path = /var/lib/neutron/tmp

3.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)

net.bridge.bridge-nf-call-iptables = 1

net.bridge.bridge-nf-call-ip6tables = 1

将公共虚拟网络和公共物理网络接口映射

[linux_bridge]

physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population

[vxlan]

enable_vxlan = true

local_ip = OVERLAY_INTERFACE_IP_ADDRESS

l2_population = true

启用安全组并配置 Linux 桥接 iptables 防火墙驱动

[securitygroup]

# ...

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)

[neutron]

# ...

auth_url = http://controller:5000

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = NEUTRON_PASS

service_metadata_proxy = true

metadata_proxy_shared_secret = METADATA_SECRET

(15)code

yum install openstack-neutron-linuxbridge ebtables ipset -y

sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf

sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf

sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf

sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf

echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[vxlan\]/a local_ip = 10.1.10.152' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini

echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf

echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf

modprobe br_netfilter

/sbin/sysctl -p

sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf

sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf

systemctl restart openstack-nova-compute.service

systemctl enable neutron-linuxbridge-agent.service;systemctl restart neutron-linuxbridge-agent.service

dashboard

1.安装并配置组件

1.安装软件包

yum install openstack-dashboard -y

2.配置服务组件(/etc/openstack-dashboard/local_settings)

配置host地址

OPENSTACK_HOST = "controller"

配置允许访问主机

ALLOWED_HOSTS = ['*', ]

配置 memcached 会话存储服务

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': 'controller:11211',

    }

}

启用第3版认证API

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

启用对域的支持

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

配置API版本

OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "image": 2,

    "volume": 3,

}

通过仪表盘创建用户时的默认域配置为 default

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

通过仪表盘创建的用户默认角色配置为 user

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

3.启动服务

systemctl restart httpd.service memcached.service

(16)code

yum install openstack-dashboard -y

sed -i '/^OPENSTACK_HOST/s/OPENSTACK_HOST/#OPENSTACK_HOST/' /etc/openstack-dashboard/local_settings

sed -i '/^#OPENSTACK_HOST/a OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings

sed -i '/^ALLOWED_HOSTS/s/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings

sed -i "/^#ALLOWED_HOSTS/a ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings

cat <<EOF>> /etc/openstack-dashboard/local_settings

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': 'controller:11211',

    }

}

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "image": 2,

    "volume": 3,

}

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

EOF

echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf

systemctl restart httpd.service memcached.service

dashboard访问异常处理

https://www.cnblogs.com/omgasw/p/11990435.html

lauch instance

1.创建虚拟网络:创建网络

          创建子网

          创建路由器:←添加私网子网接口

                ←添加公有网络网关

2.创建计算方案

3.创建键值对

4.添加安全规则

5.启动实例←计算方案,镜像,网络,安全组,密钥对

OpenStack Train版 简单部署流程的更多相关文章

  1. openstack Train版 “nova-status upgrade check”报错:Forbidden: Forbidden (HTTP 403)

    部署openstack train版,在部署完nova项目时,进行检查,执行 nova-status upgrade check 返回报错信息如下: [root@controller ~]# nova ...

  2. OpenStack Swift集群部署流程与简单使用

    之前介绍了<OpenStack Swift All In One安装部署流程与简单使用>,那么接下来就说一说Swift集群部署吧. 1. 简介 本文档详细描述了使用两台PC部署一个小型Sw ...

  3. OpenStack Train版-1.安装基础环境&服务

    1. 服务组件的密码 密码名称 描述 ADMIN_PASS admin用户密码 CINDER_DBPASS 块设备存储服务的数据库密码 CINDER_PASS 块设备存储服务的 cinder 密码 D ...

  4. OpenStack Train版-14.安装块存储服务cinder(存储节点)

    安装cindoer块存储服务节点(存储节点192.168.0.40)使用默认的LVM卷方法,之后改为ceph存储 安装LVM软件包 [root@cinder01 ~]# yum install lvm ...

  5. OpenStack Train版-10.安装neutron网络服务(网络节点:可选)

    可选:安装neutron网络服务节点(neutron01网络节点192.168.0.30)网络配置按照官网文档的租户自助网络 配置系统参数 echo 'net.ipv4.ip_forward = 1' ...

  6. OpenStack Train版-2.安装keystone身份认证服务

    安装 keystone 认证 mysql -uroot create database keystone; grant all privileges on keystone.* to 'keyston ...

  7. OpenStack Train版-11.安装horizon服务(计算节点)

    OpenStack仪表板Dashboard服务的项目名称是Horizon,它所需的唯一服务是身份服务keystone,开发语言是python的web框架Django. 安装Train版本的Horizo ...

  8. OpenStack kilo版(1) 部署环境

    硬件 VMware workstation虚拟机 Ubuntu14.04操作系统 虚拟机网络规划 管理网络: eth0, 桥接模式 10.0.0.0/24 外部网络: eth1, nat模式(需要关闭 ...

  9. OpenStack Train版-12.创建虚拟网络并启动实例(控制节点)

    使用VMware虚拟机创建网络可能会有不可预测到的故障,可以通过dashboard界面,管理员创建admin用户的网络环境 1.第一种: 建立公共提供商网络在admin管理员用户下创建 source ...

随机推荐

  1. Day_02

    1.无参数无返回值函数的使用 package main import "fmt" //无参无返回值函数的定义 func MyFunc() { a := 666 fmt.Printl ...

  2. [C7] Andrew Ng - Sequence Models

    About this Course This course will teach you how to build models for natural language, audio, and ot ...

  3. 使用python发邮件:

    import smtplibfrom email.mime.text import MIMETextfrom email.utils import formataddr#定义发送的内容:msg = M ...

  4. 线程休眠sleep

    一.sleep的作用 sleep() 定义在Thread.java中.sleep() 的作用是让当前线程休眠,即当前线程会从“运行状态”进入到“休眠(阻塞)状态”.sleep()会指定休眠时间,线程休 ...

  5. 区块链自问自答 day1

    区块链自问自答 day1 简要介绍区块链是什么? 区块链(Blockchain)是一种对等网络下的分布式数据库系统 ​ 数据结构中的单向链表是通过每个节点包含一个节点的指针实现"链" ...

  6. P2P中的NAT穿越(打洞)方案详解

    一.P2P(点对点技术) 点对点技术(peer-to-peer,简称P2P)又称对等互联网络技术,是一种网络新技术,依赖网络中参与者的计算能力和带宽,而不是把依赖都聚集在较少的几台服务器上. 点对点技 ...

  7. 第02组 Beta冲刺(4/5)

    队名:無駄無駄 组长博客 作业博客 组员情况 张越洋 过去两天完成了哪些任务 讨论校园百科究竟如何实现,并分配了任务 提交记录(全组共用) 接下来的计划 加快校园百科的进度 准备Beta版本的汇报 还 ...

  8. 在线web软件

    编程 Compiler Explorer SharpLab 着色器 shadertoy 腾讯文档 word  excel  ppt ... 思维导图 MindMaster ProcessOn 流程图. ...

  9. SEO-------- 了解

    SEO(Search Engine Optimization) 译为:搜索引擎优化,是一种透过了解搜索引擎的运作规则来调整网站,以及提高目的的网站在有关搜索引擎内的排名方式. 目的:为了让用户更快的搜 ...

  10. SpringBoot 整合RabbitMQ错误记录

    1. 控制台报错:Exception in thread "main" java.io.IOException…… Caused by: com.rabbitmq.client.S ...