碼上快樂

相關內容    簡體    繁體

OpenStack Train版 簡單部署流程(1)

本文轉載自   查看原文   2019-09-10 15:02   1713    openstack

environment

1.網絡平面

management(管理網絡)→軟件安裝,組件通信

provider(提供實例網絡)→:提供者網絡:直接獲取ip地址,實例之間直接互通

               自服務網絡(私有網絡):創建虛擬網絡→創建路由器←設置公有網絡網關

                           ————————————————————→內網到外網轉發

2.NTP時間服務(集群必備)

【controller node】

1.Install the packages

yum install chrony -y

2.Edit the chrony.conf file and add, change, or remove the following keys as necessary for your environment

vim /etc/chrony.conf

3.Replace NTP_SERVER with the hostname or IP address of a suitable more accurate (lower stratum) NTP server

server NTP_SERVER iburst

4.To enable other nodes to connect to the chrony daemon on the controller node

allow 10.199.100.0/24

5.Restart the NTP service

systemctl enable chronyd.service;systemctl restart chronyd.service

(1)code

yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server ntp7.aliyun.com iburst' /etc/chrony.conf
sed -i '/^#allow/a allow 10.199.100.0/24' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service

【other nodes】

1.Install the packages

yum install chrony -y

2.Configure the chrony.conf file and comment out or remove all but one server key

vim /etc/chrony.conf

3.Change it to reference the controller node

server controller iburst

4.Restart the NTP service

systemctl enable chronyd.service;systemctl restart chronyd.service

(2)code

yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server controller iburst' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service

【verify operation】

1.Run this command on the all nodes

chronyc sources
chronyc sources

3.openstack安裝包,啟用openstack庫

1.Install the package to enable the OpenStack repository

yum install centos-release-openstack-train -y

2.Upgrade the packages on all nodes

yum upgrade

3.Install the OpenStack client

yum install python-openstackclient -y

(3)code

yum install centos-release-openstack-train -y
yum install python-openstackclient -y
yum upgrade

4.SQL數據庫

1.Install the packages

yum install mariadb mariadb-server python2-PyMySQL -y

2.Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed)

vim /etc/my.cnf.d/openstack.cnf

3.Start the database service and configure it to start when the system boots

systemctl enable mariadb.service;systemctl restart mariadb.service

4.Secure the database service by running the mysql_secure_installation script

mysql_secure_installation

(4)code

yum install mariadb mariadb-server python2-PyMySQL -y
cat <<EOF> /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.1.10.151
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
EOF
systemctl enable mariadb.service;systemctl restart mariadb.service
mysql_secure_installation

5.消息隊列:協調組件之間操作和狀態信息

1.Install the package

yum install rabbitmq-server -y

2.Start the message queue service and configure it to start when the system boots

systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service

3.Add the openstack user

rabbitmqctl add_user openstack RABBIT_PASS  ##Replace RABBIT_PASS with a suitable password

4.Permit configuration, write, and read access for the openstack user

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

(5)code

yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

6.Memcached

1.Install the packages

yum install memcached python-memcached -y

2.Edit the /etc/sysconfig/memcached file and complete the following actions

OPTIONS="-l 127.0.0.1,::1,controller"  ##Change the existing line OPTIONS="-l 127.0.0.1,::1"

3.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service;systemctl restart memcached.service

(6)code

yum install memcached python-memcached -y
sed -i '/^OPTIONS=/cOPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached
systemctl enable memcached.service;systemctl restart memcached.service

7.Etcd

1.Install the package

yum install etcd -y

2.Edit the /etc/etcd/etcd.conf file and set

vim /etc/etcd/etcd.conf #[Member] ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380" ETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379" ETCD_NAME="controller" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380" ETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379" ETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new"

3.Enable and start the etcd service

systemctl enable etcd;systemctl restart etcd

(7)code

yum install etcd -y
sed -i '/ETCD_DATA_DIR=/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_PEER_URLS=/cETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_CLIENT_URLS=/cETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_NAME=/cETCD_NAME="controller"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_ADVERTISE_PEER_URLS=/cETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_ADVERTISE_CLIENT_URLS=/cETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN=/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE=/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd;systemctl restart etcd

keystone

1.安裝並配置組件

【創庫授權】

1.Use the database access client to connect to the database server as the root user

mysql -u root -p

2.Create the keystone database

MariaDB [(none)]> CREATE DATABASE keystone;

3.Grant proper access to the keystone database

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

【Install and configure components】

4.install the packages openstack-keystone httpd(基於http對外提供服務) mod_wsgi(python應用和web服務中間件,支持python應用部署到web服務上)

yum install openstack-keystone httpd mod_wsgi -y

5.Edit the /etc/keystone/keystone.conf file and complete the following actions

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
# ... provider = fernet

6.Populate the Identity service database

su -s /bin/sh -c "keystone-manage db_sync" keystone

7.Initialize Fernet key repositories

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

8.Bootstrap the Identity service

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \

【Configure the Apache HTTP server】

9.Edit the /etc/httpd/conf/httpd.conf file and configure

ServerName controller

10.Create a link to the /usr/share/keystone/wsgi-keystone.conf file

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

【Finalize the installation】

11.Start the Apache HTTP service and configure it to start when the system boots

systemctl enable httpd.service;systemctl restart httpd.service

12.Configure the administrative account by setting the proper environmental variables

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

(8)code

mysql -u root -p1234qwer
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
quit
yum install openstack-keystone httpd mod_wsgi -y
sed -i -e '/^connection/s/connection/#connection/' -e '/^provider/s/provider/#provider/' /etc/keystone/keystone.conf
sed -i '/^#connection/a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone' /etc/keystone/keystone.conf
sed -i '/^#provider/a provider = fernet' /etc/keystone/keystone.conf
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne
sed -i -e '/^ServerName/s/ServerName/#ServerName/' /etc/httpd/conf/httpd.conf
sed -i '/^#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service;systemctl restart httpd.service

2.創建域,項目,用戶和角色

1.Although the “default” domain already exists from the keystone-manage bootstrap step in this guide, a formal way to create a new domain would be

openstack domain create --description "An Example Domain" example

2.This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project

openstack project create --domain default --description "Service Project" service

3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the myproject project and myuser user

openstack project create --domain default --description "Demo Project" myproject  ##Create the myproject project
openstack user create --domain default --password-prompt myuser  ##Create the myuser user
openstack role create myrole  ##Create the myrole role
openstack role add --project myproject --user myuser myrole  ##Add the myrole role to the myproject project and myuser user

(創建domain,project,user,role,給user賦予role權限)

openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password DEMO_PASS myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole

3.驗證:請求認證令牌

1.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable

unset OS_AUTH_URL OS_PASSWORD

2.As the admin user, request an authentication token

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

3.As the myuser user created in the previous section, request an authentication token

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue

4.創建openstack客戶端環境腳本

1.Create and edit the admin-openrc file and add the following content

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

2.Create and edit the demo-openrc file and add the following content

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

3.Using the scripts

. admin-openrc

(9)code

cat <<EOF> /root/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
cat <<EOF> /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

glance

1.條件設置

1.創庫授權

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';

2.創建用戶→創建glance用戶

openstack user create --domain default --password glance123 glance

   賦權→賦予admin權限

openstack role add --project admin --user glance admin

   創建服務實體→創建glance service

openstack service create --name glance --description "OpenStack Image" image

3.創建服務端點API:public

           internal

           admin

openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

2.安裝並配置組件

1.安裝軟件包

yum install openstack-glance -y

2.修改配置文件

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = glance
password = glance123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

3.初始化數據庫

su -s /bin/sh -c "glance-manage db_sync" glance

4.啟動服務

systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service

(10)code

mysql -u root -p1234qwer
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password glance123 glance
openstack role add --project admin --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
yum install openstack-glance -y
sed -i '/^\[database\]/a connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a password = glance123' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a username = glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri  = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[paste_deploy\]/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a filesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a default_store = file' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a stores = file,http' /etc/glance/glance-api.conf
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service

3.驗證

1.openstack image create  ##注冊鏡像

. admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public

2.openstack image list  ##查看鏡像信息

openstack image list

placement

1.條件設置

CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

2.安裝並配置組件

1.Install the packages

yum install openstack-placement-api -y

2.Edit the /etc/placement/placement.conf file and complete the following actions

   配置數據庫訪問

[placement_database]
# ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

   配置keystone認證

[api]
# ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS

   啟用placement api訪問

adding the following configuration to /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>
   <IfVersion >= 2.4>  Require all granted  </IfVersion>  <IfVersion < 2.4>  Order allow,deny  Allow from all  </IfVersion> </Directory>

3.Populate the placement database

su -s /bin/sh -c "placement-manage db sync" placement

4.啟動服務

systemctl restart httpd

(11)code

mysql -u root -p1234qwer
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
yum install openstack-placement-api -y
sed -i '/^\[placement_database\]/a connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' /etc/placement/placement.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a password = placement123' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a username = placement' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/placement/placement.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/v3' /etc/placement/placement.conf
cat <<EOF>> /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>
EOF
su -s /bin/sh -c "placement-manage db sync" placement
systemctl restart httpd

3.驗證

1.Perform status checks to make sure everything is in order

nova-manage cell_v2 discover_hosts --verbose
placement-status upgrade check

2.Run some commands against the placement API

nova

controller node

1.條件設置

CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

2.安裝並配置組件

1.安裝軟件包

openstack-nova-api openstack-nova-conductor(連接數據庫) openstack-nova-console(訪問控制台) openstack-nova-novncproxy(提供控制台服務) openstack-nova-scheduler(computer調度) openstack-nova-placement-api

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

2.Edit the /etc/nova/nova.conf file

   配置api

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata

   配置數據庫訪問(database,api_database)

[api_database]
# ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

   配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

   配置keystone認證

[api]
# ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = admin username = nova password = nova123

   配置網絡服務支持

[DEFAULT]
# ... use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver

   配置vnc代理

[DEFAULT]
... my_ip = 10.1.10.151

[vnc]
enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip

   配置鏡像api

[glance]
# ... api_servers = http://controller:9292

   配置鎖路徑

[oslo_concurrency]
# ... lock_path = /var/lib/nova/tmp

   配置placement service認證

[placement]
# ... region_name = RegionOne project_domain_name = Default project_name = admin auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = placement123

3.初始化數據庫

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

4.啟動服務

systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

(12)code

mysql -u root -p1234qwer
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.151' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

3.驗證

1.驗證:openstack compute service list  ##查看服務組件

openstack compute service list

2.List API endpoints in the Identity service to verify connectivity with the Identity service

openstack catalog list

3.List images in the Image service to verify connectivity with the Image service

openstack image list

4.Check the cells and placement API are working successfully and that other necessary prerequisites are in place

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
nova-status upgrade check
openstack compute service list --service nova-compute

computer node

1.安裝並配置組件

1.安裝軟件包

yum install openstack-nova-compute -y

2.Edit the /etc/nova/nova.conf file

   配置api

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata

   配置數據庫訪問(database,api_database)

[api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

   配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

   配置keystone認證

[api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = admin username = nova password = nova123

   配置網絡服務支持

[DEFAULT] # ... use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver

   配置vnc代理

[DEFAULT] ... my_ip = 10.1.10.152

[vnc] # ...
enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html  ##修改為ip地址以確保dashboard中可以打開實例控制台

   配置鏡像api

[glance] # ... api_servers = http://controller:9292

   配置鎖路徑

[oslo_concurrency] # ... lock_path = /var/lib/nova/tmp

   配置placement service認證

[placement] # ... region_name = RegionOne project_domain_name = Default project_name = admin auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = placement123

(13)code

yum install openstack-nova-compute -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.152' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a novncproxy_base_url = http://controller:6080/vnc_auto.html' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = 0.0.0.0' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^#vif_plugging_is_fatal/a vif_plugging_is_fatal=false' /etc/nova/nova.conf
sed -i '/^#vif_plugging_timeout/a vif_plugging_timeout=0' /etc/nova/nova.conf
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl restart libvirtd.service openstack-nova-compute.service

neutron

controller node

1.條件設置

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696

2.安裝並配置組件

1.安裝軟件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

2.配置服務組件(/etc/neutron/neutron.conf)

   配置數據庫訪問

[database]
# ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

   啟用ML2插件

[DEFAULT]
# ... core_plugin = ml2 service_plugins = router allow_overlapping_ips = true

   配置rabbitmq

[DEFAULT]
# ... transport_url = rabbit://openstack:RABBIT_PASS@controller

   配置keystone訪問

[DEFAULT]
# ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS

   配置網絡服務來通知計算節點的網絡拓撲變化

[DEFAULT]
# ... notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS

   配置鎖路徑

[oslo_concurrency]
# ... lock_path = /var/lib/neutron/tmp

3.配置ml2插件(/etc/neutron/plugins/ml2/ml2_conf.ini)

   啟用flat,VLAN以及VXLAN網絡

[ml2]
# ... type_drivers = flat,vlan,vxlan

   啟用VXLAN私有網絡

[ml2]
# ... tenant_network_types = vxlan

   啟用Linuxbridge和l2機制

[ml2]
# ... mechanism_drivers = linuxbridge,l2population

   啟用端口安全擴展驅動

[ml2]
# ... extension_drivers = port_security

   配置公共虛擬網絡為flat網絡

[ml2_type_flat]
# ... flat_networks = provider

   為私有網絡配置VXLAN范圍

[ml2_type_vxlan]
# ... vni_ranges = 1:1000

   啟用 ipset 增加安全組的方便性

[securitygroup]
# ... enable_ipset = true

4.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

   將公共虛擬網絡和公共物理網絡接口映射

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

   啟用VXLAN覆蓋網絡,配置覆蓋網絡的物理網絡接口的IP地址,啟用layer-2 population

[vxlan]
enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true

   啟用安全組並配置 Linux 橋接 iptables 防火牆驅動

[securitygroup]
# ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

5.配置L3代理(/etc/neutron/l3_agent.ini)

   配置Linuxbridge接口驅動和外部網絡網橋

[DEFAULT]
# ... interface_driver = linuxbridge

6.配置dhcp代理(/etc/neutron/dhcp_agent.ini)

   配置Linuxbridge驅動接口,DHCP驅動並啟用隔離元數據

[DEFAULT]
# ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true

7.配置元數據代理(/etc/neutron/metadata_agent.ini)

[DEFAULT]
# ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET

8.在nova(/etc/nova/nova.conf)中配置neutron keystone訪問(計算使用網絡服務)

[neutron]
# ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET

9.初始化數據庫

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

10.啟動服務

systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service

(14)code

mysql -u root -p1234qwer
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_status_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a allow_overlapping_ips = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a service_plugins = router' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a core_plugin = ml2' /etc/neutron/neutron.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[nova]' >> /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a password = nova123' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a username = nova' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a region_name = RegionOne' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a user_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_url = http://controller:5000' /etc/neutron/neutron.conf
echo '[ml2]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a extension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a mechanism_drivers = linuxbridge,l2population' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a tenant_network_types = vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a type_drivers = flat,vlan,vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_flat]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_vxlan]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_vxlan\]/a vni_ranges = 1:1000' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.151' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a enable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a metadata_proxy_shared_secret = metadata123' /etc/neutron/metadata_agent.ini
sed -i '/^\[DEFAULT\]/a nova_metadata_host = controller' /etc/neutron/metadata_agent.ini
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service

3.驗證

驗證:openstack network agent list  ##查看代理狀態

openstack network agent list

computer node

1.安裝並配置組件

1.安裝軟件包

yum install openstack-neutron-linuxbridge ebtables ipset -y

2.配置服務組件(/etc/neutron/neutron.conf)

   配置rabbitmq

[DEFAULT]
# ... transport_url = rabbit://openstack:RABBIT_PASS@controller

   配置keystone訪問

[DEFAULT]
# ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS

   配置鎖路徑

[oslo_concurrency]
# ... lock_path = /var/lib/neutron/tmp

3.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

   將公共虛擬網絡和公共物理網絡接口映射

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

   啟用VXLAN覆蓋網絡,配置覆蓋網絡的物理網絡接口的IP地址,啟用layer-2 population

[vxlan]
enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true

   啟用安全組並配置 Linux 橋接 iptables 防火牆驅動

[securitygroup]
# ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4.在nova(/etc/nova/nova.conf)中配置neutron keystone訪問(計算使用網絡服務)

[neutron]
# ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET

(15)code

yum install openstack-neutron-linuxbridge ebtables ipset -y
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.152' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service;systemctl restart neutron-linuxbridge-agent.service

dashboard

1.安裝並配置組件

1.安裝軟件包

yum install openstack-dashboard -y

2.配置服務組件(/etc/openstack-dashboard/local_settings)

   配置host地址

OPENSTACK_HOST = "controller"

   配置允許訪問主機

ALLOWED_HOSTS = ['*', ]

   配置 memcached 會話存儲服務

SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } }

   啟用第3版認證API

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

   啟用對域的支持

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

   配置API版本

OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 3, }

   通過儀表盤創建用戶時的默認域配置為 default

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

   通過儀表盤創建的用戶默認角色配置為 user

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

3.啟動服務

systemctl restart httpd.service memcached.service

(16)code

yum install openstack-dashboard -y
sed -i '/^OPENSTACK_HOST/s/OPENSTACK_HOST/#OPENSTACK_HOST/' /etc/openstack-dashboard/local_settings
sed -i '/^#OPENSTACK_HOST/a OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings
sed -i '/^ALLOWED_HOSTS/s/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings
sed -i "/^#ALLOWED_HOSTS/a ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings
cat <<EOF>> /etc/openstack-dashboard/local_settings
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
EOF
echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
systemctl restart httpd.service memcached.service

dashboard訪問異常處理

https://www.cnblogs.com/omgasw/p/11990435.html

lauch instance

1.創建虛擬網絡:創建網絡

          創建子網

          創建路由器:←添加私網子網接口

                ←添加公有網絡網關

2.創建計算方案

3.創建鍵值對

4.添加安全規則

5.啟動實例←計算方案,鏡像,網絡,安全組,密鑰對

openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

openstack network create  --share --external \
  --provider-physical-network provider \
  --provider-network-type flat provider

openstack subnet create --network provider \
  --allocation-pool start=10.199.187.131,end=10.199.187.139 \
  --dns-nameserver 180.76.76.76 --gateway 10.199.187.1 \
  --subnet-range 10.199.187.0/24 provider

openstack network create selfservice
openstack subnet create --network selfservice \
  --dns-nameserver 180.76.76.76 --gateway 172.16.1.1 \
  --subnet-range 172.16.1.0/24 selfservice
  
openstack router create router
openstack router add subnet router selfservice
openstack router set router --external-gateway provider

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 OpenStack Train版 簡單部署流程(2)- cinder OpenStack Train版 簡單部署流程(3)- ceilometer OpenStack Train版 簡單部署流程(4)- octavia OpenStack Swift集群部署流程與簡單使用 OpenStack Train版-1.環境安裝 OpenStack Swift All In One安裝部署流程與簡單使用 openstack T版部署 OpenStack Train版-1.安裝基礎環境&服務 OpenStack Train版-15.創建並掛載存儲卷 kolla-ansible 部署openstack train 版本(all-in-one)
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM