1.
網卡配置
[root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens33 TYPE=Ethernet BOOTPROTO=none NAME=ens33 DEVICE=ens33 ONBOOT=yes IPADDR=10.0.0.11 GATEWAY=10.0.0.2 DNS1=114.114.114.114 [root@controller ~]#
關閉selinux 服務
[root@controller ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config [root@controller ~]# setenforce 0
配置yum源
echo '[local] name=local baseurl=file:///mnt gpgcheck=0 [openstack] name=openstack baseurl=file:///opt/repo gpgcheck=0' >/etc/yum.repos.d/local.repo
echo 'mount /dev/cdrom /mnt' >>/etc/rc.local ##設置開機自動掛載鏡像
一、基礎配置
1.時間同步配置
控制節點和計算節點均安裝chrony
[root@controller ~]# yum install -y chrony [root@compute1 ~]# yum install -y chrony
服務端配置
[root@controller ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server ntp1.aliyun.com iburst ###同步阿里雲時間 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 allow 10.0.0.0/24 ###允許本地網絡同步的段落 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [root@controller ~]#
客戶端配置
[root@compute1 ~]# cat /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 10.0.0.11 iburst ###指定同步的服務器即可 # Record the rate at which the system clock gains/losses time. driftfile /var/lib/chrony/drift # Allow the system clock to be stepped in the first three updates # if its offset is larger than 1 second. makestep 1.0 3 # Enable kernel synchronization of the real-time clock (RTC). rtcsync # Enable hardware timestamping on all interfaces that support it. #hwtimestamp * # Increase the minimum number of selectable sources required to adjust # the system clock. #minsources 2 # Allow NTP client access from local network. #allow 192.168.0.0/16 # Serve time even if not synchronized to a time source. #local stratum 10 # Specify file containing keys for NTP authentication. #keyfile /etc/chrony.keys # Specify directory for log files. logdir /var/log/chrony # Select which information is logged. #log measurements statistics tracking [root@compute1 ~]#
配置完成之后重啟服務
[root@controller ~]# systemctl restart chronyd
[root@compute1 ~]# systemctl restart chronyd
注意:如果時間同步服務器防火牆是開啟的,客戶端同步時間時會失敗,可將其關閉或允許放行端口
2.安裝openstack 客戶端和openstack-selinux
首先配置yum 網絡源
https://developer.aliyun.com/mirror
所有節點安裝
[root@controller ~]# yum install -y python-openstackclient openstack-selinux
[root@compute1 ~]# yum install -y python-openstackclient openstack-selinux
3.在控制節點安裝 數據庫
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL -y
配置
echo '[mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8' >/etc/my.cnf.d/openstack.cnf
啟動
[root@controller ~]# systemctl start mariadb
[root@controller ~]# systemctl enable mariadb
數據庫安全初始化
[root@controller ~]# mysql_secure_installation
[root@controller ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] n ... skipping. By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! [root@controller ~]#
4.安裝消息隊列
[root@controller ~]# yum install rabbitmq-server -y
啟動
[root@controller ~]# systemctl enable rabbitmq-server.service
[root@controller ~]# systemctl start rabbitmq-server.service
添加openstack 用戶
[root@controller ~]# rabbitmqctl add_user openstack RABBIT_PASS
給openstack 用戶設置讀寫執行權限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
監聽兩個端口
[root@controller ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 24498/beam.smp ###做rabbitmq集群使用 tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9537/sshd tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 11063/master tcp6 0 0 :::5672 :::* LISTEN 24498/beam.smp ###給客戶端使用 tcp6 0 0 :::3306 :::* LISTEN 24313/mysqld tcp6 0 0 :::22 :::* LISTEN 9537/sshd tcp6 0 0 ::1:25 :::* LISTEN 11063/master udp 0 0 0.0.0.0:123 0.0.0.0:* 23856/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 23856/chronyd udp6 0 0 ::1:323 :::* 23856/chronyd
啟用rabbitmq 管理插件,方便后期做監控
[root@controller ~]# rabbitmq-plugins enable rabbitmq_management
會增加一個監聽端口
[root@controller ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 24498/beam.smp tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9537/sshd tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 24498/beam.smp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 11063/master tcp6 0 0 :::5672 :::* LISTEN 24498/beam.smp tcp6 0 0 :::3306 :::* LISTEN 24313/mysqld tcp6 0 0 :::22 :::* LISTEN 9537/sshd tcp6 0 0 ::1:25 :::* LISTEN 11063/master udp 0 0 0.0.0.0:123 0.0.0.0:* 23856/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 23856/chronyd udp6 0 0 ::1:323 :::* 23856/chronyd
瀏覽器訪問15672登陸rabbitmq http://10.0.0.11:15672
5.在控制節點安裝memcached緩存token
[root@controller ~]# yum install -y memcached python-memcached
修改配置
[root@controller ~]# sed -i 's#127.0.0.1#10.0.0.11#g' /etc/sysconfig/memcached
[root@controller ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 10.0.0.11,::1"
啟動
[root@controller ~]# systemctl enable memcached.service
[root@controller ~]# systemctl start memcached.service
監聽的端口
[root@controller ~]# systemctl restart memcached.service [root@controller ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 24498/beam.smp tcp 0 0 10.0.0.11:11211 0.0.0.0:* LISTEN 25732/memcached tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9537/sshd tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 24498/beam.smp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 11063/master tcp6 0 0 :::5672 :::* LISTEN 24498/beam.smp tcp6 0 0 :::3306 :::* LISTEN 24313/mysqld tcp6 0 0 ::1:11211 :::* LISTEN 25732/memcached tcp6 0 0 :::22 :::* LISTEN 9537/sshd tcp6 0 0 ::1:25 :::* LISTEN 11063/master udp 0 0 10.0.0.11:11211 0.0.0.0:* 25732/memcached udp 0 0 0.0.0.0:123 0.0.0.0:* 23856/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 23856/chronyd udp6 0 0 ::1:11211 :::* 25732/memcached udp6 0 0 ::1:323 :::* 23856/chronyd
二、認證服務
在控制節點運行
1登陸數據庫,為keystone 創建數據庫、授權
MariaDB [(none)]> CREATE DATABASE keystone; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
[root@controller ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 2 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASSMariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit
2.安裝應用包
[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi
3.修改配置文件
備份配置文件
[root@controller ~]# cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
[root@controller ~]#grep -Ev '^$|#' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
a.手動修改配置文件
[root@controller ~]# vi /etc/keystone/keystone.conf [DEFAULT] admin_token = ADMIN_TOKEN [assignment] [auth] [cache] [catalog] [cors] [cors.subdomain] [credential] [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [domain_config] [DEFAULT] admin_token = ADMIN_TOKEN [assignment] [auth] [cache] [catalog] [cors] [cors.subdomain] [credential] [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [domain_config] [endpoint_filter] [endpoint_policy] [eventlet_server] [eventlet_server_ssl] [federation] [fernet_tokens] [identity] [identity_mapping] [kvs] [ldap] [matchmaker_redis] [memcache] [oauth1] [os_inherit] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [paste_deploy] [policy] [resource] [revoke] [role] [saml] [shadow_users] [signing] [ssl] [token] provider = fernet -- INSERT --
b.安裝openstack 配置文件修改工具
[root@controller ~]# yum install openstack-utils -y
工具修改配置文件
[root@controller ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [root@controller ~]# openstack-config --set /etc/keystone/keystone.conf token provider fernet
[root@controller ~]# cat /etc/keystone/keystone.conf [DEFAULT] admin_token = ADMIN_TOKEN [assignment] [auth] [cache] [catalog] [cors] [cors.subdomain] [credential] [database] connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone [domain_config] [endpoint_filter] [endpoint_policy] [eventlet_server] [eventlet_server_ssl] [federation] [fernet_tokens] [identity] [identity_mapping] [kvs] [ldap] [matchmaker_redis] [memcache] [oauth1] [os_inherit] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_middleware] [oslo_policy] [paste_deploy] [policy] [resource] [revoke] [role] [saml] [shadow_users] [signing] [ssl] [token] provider = fernet [tokenless_auth] [trust]
4.同步數據庫
同步之前數據庫狀態,內容為空
[root@controller ~]# mysql keystone -e 'show tables;'
同步
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
同步后數據庫狀態及內容
[root@controller ~]# mysql keystone -e 'show tables;' +------------------------+ | Tables_in_keystone | +------------------------+ | access_token | | assignment | | config_register | | consumer | | credential | | domain | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | local_user | | mapping | | migrate_version | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | region | | request_token | | revocation_event | | role | | sensitive_config | | service | | service_provider | | token | | trust | | trust_role | | user | | user_group_membership | | whitelisted_config | +------------------------+ [root@controller ~]#
5.初始化fernet
[root@controller ~]# ll /etc/keystone/ total 104 -rw-r-----. 1 root keystone 2303 Feb 1 2017 default_catalog.templates -rw-r-----. 1 root keystone 661 Dec 20 10:42 keystone.conf -rw-r-----. 1 root root 73101 Dec 20 10:19 keystone.conf.bak -rw-r-----. 1 root keystone 2400 Feb 1 2017 keystone-paste.ini -rw-r-----. 1 root keystone 1046 Feb 1 2017 logging.conf -rw-r-----. 1 keystone keystone 9699 Feb 1 2017 policy.json -rw-r-----. 1 keystone keystone 665 Feb 1 2017 sso_callback_template.html
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# ll /etc/keystone/ total 104 -rw-r-----. 1 root keystone 2303 Feb 1 2017 default_catalog.templates drwx------. 2 keystone keystone 24 Dec 20 10:58 fernet-keys -rw-r-----. 1 root keystone 661 Dec 20 10:42 keystone.conf -rw-r-----. 1 root root 73101 Dec 20 10:19 keystone.conf.bak -rw-r-----. 1 root keystone 2400 Feb 1 2017 keystone-paste.ini -rw-r-----. 1 root keystone 1046 Feb 1 2017 logging.conf -rw-r-----. 1 keystone keystone 9699 Feb 1 2017 policy.json -rw-r-----. 1 keystone keystone 665 Feb 1 2017 sso_callback_template.html
6.配置httpd
加速啟動
[root@controller ~]# echo "ServerName controller" >>/etc/httpd/conf/httpd.conf
修改配置文件
echo 'Listen 5000 Listen 35357 <VirtualHost *:5000> WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost> <VirtualHost *:35357> WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined <Directory /usr/bin> Require all granted </Directory> </VirtualHost>' >/etc/httpd/conf.d/wsgi-keystone.conf
啟動httpd
[root@controller ~]# systemctl enable httpd.service
[root@controller ~]# systemctl start httpd.service
[root@controller ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 9517/beam.smp tcp 0 0 10.0.0.11:3306 0.0.0.0:* LISTEN 20963/mysqld tcp 0 0 10.0.0.11:11211 0.0.0.0:* LISTEN 9519/memcached tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9536/sshd tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 9517/beam.smp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9941/master tcp6 0 0 :::5000 :::* LISTEN 22202/httpd tcp6 0 0 :::5672 :::* LISTEN 9517/beam.smp tcp6 0 0 ::1:11211 :::* LISTEN 9519/memcached tcp6 0 0 :::80 :::* LISTEN 22202/httpd tcp6 0 0 :::22 :::* LISTEN 9536/sshd tcp6 0 0 ::1:25 :::* LISTEN 9941/master tcp6 0 0 :::35357 :::* LISTEN 22202/httpd udp 0 0 10.0.0.11:11211 0.0.0.0:* 9519/memcached udp 0 0 0.0.0.0:123 0.0.0.0:* 8744/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 8744/chronyd udp6 0 0 ::1:11211 :::* 9519/memcached udp6 0 0 ::1:323 :::* 8744/chronyd [root@controller ~]#
7.將keystone 自己注冊到keystone中
[root@controller ~]# export OS_TOKEN=ADMIN_TOKEN [root@controller ~]# export OS_URL=http://controller:35357/v3 [root@controller ~]# export OS_IDENTITY_API_VERSION=3
[root@controller ~]# env | grep OS HOSTNAME=controller OS_IDENTITY_API_VERSION=3 OS_TOKEN=ADMIN_TOKEN OS_URL=http://controller:35357/v3
8.創建服務
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity
[root@controller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3 [root@controller ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 [root@controller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Identity | | enabled | True | | id | b530209fdb8f4d29b687792106fe1314 | | name | keystone | | type | identity | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d0f6303bb2084b9a8592925c501ff233 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | b530209fdb8f4d29b687792106fe1314 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | d7cce885611c40828ded55bd30762e8a | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | b530209fdb8f4d29b687792106fe1314 | | service_name | keystone | | service_type | identity | | url | http://controller:5000/v3 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v3 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 5b8f6a9fb42547bc9766d80d97146694 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | b530209fdb8f4d29b687792106fe1314 | | service_name | keystone | | service_type | identity | | url | http://controller:35357/v3 | +--------------+----------------------------------+
9.創建域,項目,用戶,角色
[root@controller ~]# openstack domain create --description "Default Domain" default ###創建默認域 [root@controller ~]# openstack project create --domain default --description "Admin Project" admin ###在默認域中創建admin項目 [root@controller ~]# openstack user create --domain default --password ADMIN_PASS admin ###在默認域中創建admin用戶 [root@controller ~]# openstack role create admin ###創建admin角色
關聯項目角色用戶
[root@controller ~]# openstack role add --project admin --user admin admin
注:在admin項目中,給admin用戶添加admin角色
10.創建service 項目,存放后期glance,nova,neutron的服務的賬號
[root@controller ~]# openstack project create --domain default --description "Service Project" service
[root@controller ~]# openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | c9f9dbbfdfe34c45b9e18b1aca5aea1c | | enabled | True | | id | 2c07141fc8af4ebfa08956209b0a5b8e | | is_domain | False | | name | service | | parent_id | c9f9dbbfdfe34c45b9e18b1aca5aea1c | +-------------+----------------------------------+ [root@controller ~]#
11.取消環境變量
[root@controller ~]# env | grep OS HOSTNAME=controller OS_IDENTITY_API_VERSION=3 OS_TOKEN=ADMIN_TOKEN OS_URL=http://controller:35357/v3
a.
[root@controller ~]# unset OS_TOKEN
b.退出當前登陸窗口,重新登陸,當前會話的環境變量就自動清除
12.用新創建的用戶獲取token
重新配置環境變量
[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=default
[root@controller ~]# export OS_DOMAIN_NAME=default ##注意這個配置不需要,只是在下面的問題時可以解決,命令執行不成功可能環境變量有錯誤字符 [root@controller ~]# export OS_USER_DOMAIN_NAME=default [root@controller ~]# export OS_PROJECT_NAME=admin [root@controller ~]# export OS_USERNAME=admin [root@controller ~]# export OS_PASSWORD=ADMIN_PASS [root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3 [root@controller ~]# export OS_IDENTITY_API_VERSION=3 [root@controller ~]# export OS_IMAGE_API_VERSION=2
[root@controller ~]# env | grep OS HOSTNAME=controller OS_IMAGE_API_VERSION=2 OS_PROJECT_NAME=admin OS_IDENTITY_API_VERSION=3 OS_USER_DOMIAN_NAME=default OS_PASSWORD=ADMIN_PASS OS_AUTH_URL=http://controller:35357/v3 OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default
驗證獲取token
[root@controller keystone]# openstack token issue
[root@controller keystone]# openstack token issue +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | Field | Value | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ | expires | 2019-12-20T09:14:39.000000Z | | id | gAAAAABd_ILvWUSJcQbZN8QlZh8SoD_mEdIZ9-8w3JiDQJRlaS9H_bFp5UDefimg1EozBFsovz4Nh4bEE_-xz44YhQVy5vXQYFDPSvMHBqzzaxrjQVDTsmUB75H0oahUJLV_Nr6ptfFnKf5Q0GquaOgPZrXNKXQgHv7IXYJIF35vKRsKKi9FNuM | | project_id | 45f70e0011bb4c09985709c1a5dccd0d | | user_id | d1ec935819424b6db22198b528834b4e | +------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+ [root@controller keystone]#
問題:執行命令報錯 [root@controller ~]# openstack token issue The request you have made requires authentication. (HTTP 401) (Request-ID: req-16681189-ed64-4bc7-b6b3-b29fd02284ab)
解決方法:
通過查看日志/var/log.keystone
2019-12-20 16:02:13.115 9663 ERROR keystone.auth.plugins.core [req-ffc8ea83-61b9-4cc5-9a1c-35ecca60252d - - - - -] Could not find domain: default
[root@controller keystone]# export OS_DOMAIN_NAME=default
創建腳本,方便每次登陸都要重新配置環境變量
[root@controller ~]# vi admin-openrc export OS_PROJECT_DOMAIN_NAME=default export OS_DOMAIN_NAME=default export OS_USER_DOMIAN_NAME=default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:35357/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
[root@controller ~]# source admin-openrc
讓系統每次登陸自動執行腳本,配置根目錄下.bashrc文件
[root@controller ~]# cat .bashrc # .bashrc # User specific aliases and functions alias rm='rm -i' alias cp='cp -i' alias mv='mv -i' # Source global definitions if [ -f /etc/bashrc ]; then . /etc/bashrc fi source admin-openrc [root@controller ~]#
三、鏡像服務
1創建數據庫並授權
登陸數據庫 創建glance 數據庫並授權給
MariaDB [(none)]> CREATE DATABASE glance; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'loalhost' IDENTIFIED BY 'GLANCE_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
[root@controller ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 3 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'loalhost' IDENTIFIED BY 'GLANCE_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
2.在keystone 上創建glance 用戶
[root@controller ~]# openstack user create --domain default --password GLANCE_PASS glance
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack user create --domain default --password GLANCE_PASS glance +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | c9f9dbbfdfe34c45b9e18b1aca5aea1c | | enabled | True | | id | 69c339ae836d448fb9dae8dca4b3b623 | | name | glance | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user glance admin
查看授權關聯情況
[root@controller ~]# openstack role assignment list +----------------------+----------------------+-------+----------------------+--------+-----------+ | Role | User | Group | Project | Domain | Inherited | +----------------------+----------------------+-------+----------------------+--------+-----------+ | d63b6106e1a042228b12 | 69c339ae836d448fb9da | | 2c07141fc8af4ebfa089 | | False | | 2d9d7bd4532c | e8dca4b3b623 | | 56209b0a5b8e | | | | d63b6106e1a042228b12 | d1ec935819424b6db221 | | 45f70e0011bb4c099857 | | False | | 2d9d7bd4532c | 98b528834b4e | | 09c1a5dccd0d | | | +----------------------+----------------------+-------+----------------------+--------+-----------+ [root@controller ~]# openstack role list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | d63b6106e1a042228b122d9d7bd4532c | admin | +----------------------------------+-------+ [root@controller ~]# openstack user list +----------------------------------+--------+ | ID | Name | +----------------------------------+--------+ | 69c339ae836d448fb9dae8dca4b3b623 | glance | | d1ec935819424b6db22198b528834b4e | admin | +----------------------------------+--------+ [root@controller ~]# openstack project list +----------------------------------+---------+ | ID | Name | +----------------------------------+---------+ | 2c07141fc8af4ebfa08956209b0a5b8e | service | | 45f70e0011bb4c09985709c1a5dccd0d | admin | +----------------------------------+---------+ [root@controller ~]#
3.在keystone創建glance服務 注冊api
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image [root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 0fa74611fd2c46f78e52b20231180273 | | name | glance | | type | image | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | dd6181342d84437884988fd0f5739d21 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 0fa74611fd2c46f78e52b20231180273 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 55b689aac921492f9052c1a58c029a59 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 0fa74611fd2c46f78e52b20231180273 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | ca1c5de468434cacb6ee94828351e517 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 0fa74611fd2c46f78e52b20231180273 | | service_name | glance | | service_type | image | | url | http://controller:9292 | +--------------+----------------------------------+ [root@controller ~]#
4.安裝glance 服務軟件包
[root@controller ~]# yum install -y openstack-glance
5.修改配置文件
修改/etc/glance/glance-api.conf
[root@controller ~]# cp /etc/glance/glance-api.conf{,.bak} [root@controller ~]# grep '^[a-z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
配置
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
[root@controller glance]# cat /etc/glance/glance-api.conf [DEFAULT] [cors] [cors.subdomain] [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/ [image_format] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = GLANCE_PASS [matchmaker_redis] [oslo_concurrency] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler] [store_type_location_strategy] [task] [taskflow_executor] [root@controller glance]#
修改/etc/glance/glance-registry.conf
[root@controller ~]# cp /etc/glance/glance-registry.conf{,.bak} [root@controller ~]# grep '^[a-z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
配置
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
驗證MD5值
[root@controller glance]# md5sum /etc/glance/glance-api.conf
3e1a4234c133eda11b413788e001cba3 /etc/glance/glance-api.conf
[root@controller glance]# md5sum /etc/glance/glance-registry.conf
46acabd81a65b924256f56fe34d90b8f /etc/glance/glance-registry.conf
[root@controller glance]# cat /etc/glance/glance-registry.conf [DEFAULT] [database] connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance [glance_store] [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = glance password = GLANCE_PASS [matchmaker_redis] [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] [oslo_policy] [paste_deploy] flavor = keystone [profiler]
注意:以上修改同樣可以通過vi編輯配置文件修改
[root@controller ~]# md5sum /etc/glance/glance-api.conf 3e1a4234c133eda11b413788e001cba3 /etc/glance/glance-api.conf [root@controller ~]# md5sum /etc/glance/glance-registry.conf 46acabd81a65b924256f56fe34d90b8f /etc/glance/glance-registry.conf
6.同步數據庫
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller glance]# mysql glance -e "show tables;" +----------------------------------+ | Tables_in_glance | +----------------------------------+ | artifact_blob_locations | | artifact_blobs | | artifact_dependencies | | artifact_properties | | artifact_tags | | artifacts | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+
7啟動glance 服務
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
檢查端口
[root@controller ~]# netstat -lntup Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 20041/python2 tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 9284/beam.smp tcp 0 0 10.0.0.11:3306 0.0.0.0:* LISTEN 9572/mysqld tcp 0 0 10.0.0.11:11211 0.0.0.0:* LISTEN 9258/memcached tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 20040/python2 tcp 0 0 0.0.0.0:4369 0.0.0.0:* LISTEN 1/systemd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 9291/sshd tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 9284/beam.smp tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 9689/master tcp6 0 0 :::5672 :::* LISTEN 9284/beam.smp tcp6 0 0 :::5000 :::* LISTEN 9281/httpd tcp6 0 0 ::1:11211 :::* LISTEN 9258/memcached tcp6 0 0 :::80 :::* LISTEN 9281/httpd tcp6 0 0 :::22 :::* LISTEN 9291/sshd tcp6 0 0 ::1:25 :::* LISTEN 9689/master tcp6 0 0 :::35357 :::* LISTEN 9281/httpd udp 0 0 10.0.0.11:11211 0.0.0.0:* 9258/memcached udp 0 0 0.0.0.0:123 0.0.0.0:* 8694/chronyd udp 0 0 127.0.0.1:323 0.0.0.0:* 8694/chronyd udp6 0 0 ::1:11211 :::* 9258/memcached udp6 0 0 ::1:323 :::* 8694/chronyd
8.驗證服務
[root@controller ~]# openstack image create "cirros" \ > --file cirros-0.3.4-x86_64-disk.img \ > --disk-format qcow2 --container-format bare \ > --public
[root@controller ~]# openstack image create "cirros" \ > --file cirros-0.3.4-x86_64-disk.img \ > --disk-format qcow2 --container-format bare \ > --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | ee1eca47dc88f4879d8a229cc70a07c6 | | container_format | bare | | created_at | 2019-12-22T06:35:47Z | | disk_format | qcow2 | | file | /v2/images/4492225b-eb11-4705-90dd-46c8e8cfe238/file | | id | 4492225b-eb11-4705-90dd-46c8e8cfe238 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 45f70e0011bb4c09985709c1a5dccd0d | | protected | False | | schema | /v2/schemas/image | | size | 13287936 | | status | active | | tags | | | updated_at | 2019-12-22T06:35:48Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+ [root@controller ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 4492225b-eb11-4705-90dd-46c8e8cfe238 | cirros | active | +--------------------------------------+--------+--------+ [root@controller ~]#
提示:在刪除鏡像的同時,要刪除數據庫表中的記錄,
[root@controller ~]# mysql glance -e "show tables"| grep images
四、nova計算服務
在控制節點安裝服務
1.創建數據庫並授權
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
2.在keystone 在keystone 上創建系統用戶並關聯角色
[root@controller ~]# openstack user create --domain default --password NOVA_PASS nova
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack user create --domain default --password NOVA_PASS nova +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | c9f9dbbfdfe34c45b9e18b1aca5aea1c | | enabled | True | | id | fc1e90dcf4de4e69b4a0f7353281bb3e | | name | nova | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user nova admin
3.在keystone上創建服務並注冊api
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute [root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s [root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s [root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | bb74eb99fdf043c082378ddda4c4b3d6 | | name | nova | | type | compute | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 40ac81e4976f4ebd84d233b38e3f3a58 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | bb74eb99fdf043c082378ddda4c4b3d6 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | fefa53bb492e4ffb86af076dfa711961 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | bb74eb99fdf043c082378ddda4c4b3d6 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s +--------------+-------------------------------------------+ | Field | Value | +--------------+-------------------------------------------+ | enabled | True | | id | 014d1119aaeb4f06b617957b4ca58410 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | bb74eb99fdf043c082378ddda4c4b3d6 | | service_name | nova | | service_type | compute | | url | http://controller:8774/v2.1/%(tenant_id)s | +--------------+-------------------------------------------+ [root@controller ~]#
4.安裝服務軟件包
[root@controller ~]# yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
5.修改配置文件
[root@controller ~]# cp /etc/nova/nova.conf{,.bak} [root@controller ~]# ls /etc/nova/nova.conf nova.conf nova.conf.bak [root@controller ~]# grep '^[a-z\[]' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.11
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
校驗
[root@controller ~]# md5sum /etc/nova/nova.conf
47ded61fdd1a79ab91bdb37ce59ef192 /etc/nova/nova.conf
6.同步數據庫
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova [root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# mysql nova_api -e 'show tables;' +--------------------+ | Tables_in_nova_api | +--------------------+ | build_requests | | cell_mappings | | flavor_extra_specs | | flavor_projects | | flavors | | host_mappings | | instance_mappings | | migrate_version | | request_specs | +--------------------+ [root@controller ~]# mysql nova -e 'show tables;' +--------------------------------------------+ | Tables_in_nova | +--------------------------------------------+ | agent_builds | | aggregate_hosts | | aggregate_metadata | | aggregates | | allocations | | block_device_mapping | | bw_usage_cache | | cells | | certificates | | compute_nodes | | console_pools | | consoles | | dns_domains | | fixed_ips | | floating_ips | | instance_actions | | instance_actions_events | | instance_extra | | instance_faults | | instance_group_member | | instance_group_policy | | instance_groups | | instance_id_mappings | | instance_info_caches | | instance_metadata | | instance_system_metadata | | instance_type_extra_specs | | instance_type_projects | | instance_types | | instances | | inventories | | key_pairs | | migrate_version | | migrations | | networks | | pci_devices | | project_user_quotas | | provider_fw_rules | | quota_classes | | quota_usages | | quotas | | reservations | | resource_provider_aggregates | | resource_providers | | s3_images | | security_group_default_rules | | security_group_instance_association | | security_group_rules | | security_groups | | services | | shadow_agent_builds | | shadow_aggregate_hosts | | shadow_aggregate_metadata | | shadow_aggregates | | shadow_block_device_mapping | | shadow_bw_usage_cache | | shadow_cells | | shadow_certificates | | shadow_compute_nodes | | shadow_console_pools | | shadow_consoles | | shadow_dns_domains | | shadow_fixed_ips | | shadow_floating_ips | | shadow_instance_actions | | shadow_instance_actions_events | | shadow_instance_extra | | shadow_instance_faults | | shadow_instance_group_member | | shadow_instance_group_policy | | shadow_instance_groups | | shadow_instance_id_mappings | | shadow_instance_info_caches | | shadow_instance_metadata | | shadow_instance_system_metadata | | shadow_instance_type_extra_specs | | shadow_instance_type_projects | | shadow_instance_types | | shadow_instances | | shadow_key_pairs | | shadow_migrate_version | | shadow_migrations | | shadow_networks | | shadow_pci_devices | | shadow_project_user_quotas | | shadow_provider_fw_rules | | shadow_quota_classes | | shadow_quota_usages | | shadow_quotas | | shadow_reservations | | shadow_s3_images | | shadow_security_group_default_rules | | shadow_security_group_instance_association | | shadow_security_group_rules | | shadow_security_groups | | shadow_services | | shadow_snapshot_id_mappings | | shadow_snapshots | | shadow_task_log | | shadow_virtual_interfaces | | shadow_volume_id_mappings | | shadow_volume_usage_cache | | snapshot_id_mappings | | snapshots | | tags | | task_log | | virtual_interfaces | | volume_id_mappings | | volume_usage_cache | +--------------------------------------------+
7.啟動服務
# systemctl enable openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service # systemctl start openstack-nova-api.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
問題:
啟動報錯
[root@controller ~]# journalctl -xe
Dec 22 20:40:27 controller sudo[19958]: pam_unix(sudo:account): helper binary execve failed: Permission denied
Dec 22 20:40:27 controller sudo[19955]: nova : PAM account management error: Authentication service cannot retrieve authentic
nova-api 錯誤日志 2019-12-22 19:14:01.435 18041 CRITICAL nova [-] ProcessExecutionError: Unexpected error while running command. Command: sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c Exit code: 1 Stdout: u'' Stderr: u'sudo: PAM account management error: Authentication service cannot retrieve authentication info\n' 2019-12-22 19:14:01.435 18041 ERROR nova Traceback (most recent call last): 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/bin/nova-api", line 10, in <module> 2019-12-22 19:14:01.435 18041 ERROR nova sys.exit(main()) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/cmd/api.py", line 57, in main 2019-12-22 19:14:01.435 18041 ERROR nova server = service.WSGIService(api, use_ssl=should_use_ssl) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/service.py", line 358, in __init__ 2019-12-22 19:14:01.435 18041 ERROR nova self.manager = self._get_manager() 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/service.py", line 415, in _get_manager 2019-12-22 19:14:01.435 18041 ERROR nova return manager_class() 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/api/manager.py", line 30, in __init__ 2019-12-22 19:14:01.435 18041 ERROR nova self.network_driver.metadata_accept() 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/network/linux_net.py", line 706, in metadat a_accept 2019-12-22 19:14:01.435 18041 ERROR nova iptables_manager.apply() 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/network/linux_net.py", line 446, in apply 2019-12-22 19:14:01.435 18041 ERROR nova self._apply() 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/oslo_concurrency/lockutils.py", line 271, in inn er 2019-12-22 19:14:01.435 18041 ERROR nova return f(*args, **kwargs) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/network/linux_net.py", line 466, in _apply 2019-12-22 19:14:01.435 18041 ERROR nova attempts=5) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/network/linux_net.py", line 1267, in _execu te 2019-12-22 19:14:01.435 18041 ERROR nova return utils.execute(*cmd, **kwargs) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/utils.py", line 388, in execute 2019-12-22 19:14:01.435 18041 ERROR nova return RootwrapProcessHelper().execute(*cmd, **kwargs) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/nova/utils.py", line 271, in execute 2019-12-22 19:14:01.435 18041 ERROR nova return processutils.execute(*cmd, **kwargs) 2019-12-22 19:14:01.435 18041 ERROR nova File "/usr/lib/python2.7/site-packages/oslo_concurrency/processutils.py", line 389, in execute 2019-12-22 19:14:01.435 18041 ERROR nova cmd=sanitized_cmd) 2019-12-22 19:14:01.435 18041 ERROR nova ProcessExecutionError: Unexpected error while running command. 2019-12-22 19:14:01.435 18041 ERROR nova Command: sudo nova-rootwrap /etc/nova/rootwrap.conf iptables-save -c 2019-12-22 19:14:01.435 18041 ERROR nova Exit code: 1 2019-12-22 19:14:01.435 18041 ERROR nova Stdout: u'' 2019-12-22 19:14:01.435 18041 ERROR nova Stderr: u'sudo: PAM account management error: Authentication service cannot retrieve auth entication info\n'
解決方法:
關閉selinux
修改/etc/selinux/config文件
[root@controller ~]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config
[root@controller ~]# setenforce 0
8.驗證服務
[root@controller nova]# nova service-list
問題,執行驗證命令時,報錯
ERROR (AuthorizationFailure): Authentication cannot be scoped to multiple targets. Pick one of: project, domain, trust or unscope
問題原因:環境變量配置的有問題
原來的配置 [root@controller ~]# env | grep OS HOSTNAME=controller OS_IMAGE_API_VERSION=2 OS_PROJECT_NAME=admin OS_IDENTITY_API_VERSION=3 OS_USER_DOMIAN_NAME=default ##單詞寫錯 OS_PASSWORD=ADMIN_PASS OS_DOMAIN_NAME=default OS_AUTH_URL=http://controller:35357/v3 OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default 更改后的配置 [root@controller ~]# env | grep OS HOSTNAME=controller OS_USER_DOMAIN_NAME=default OS_IMAGE_API_VERSION=2 OS_PROJECT_NAME=admin OS_IDENTITY_API_VERSION=3 OS_PASSWORD=ADMIN_PASS OS_AUTH_URL=http://controller:35357/v3 OS_USERNAME=admin OS_PROJECT_DOMAIN_NAME=default
修正admin-openrc腳本,重新登陸即可,使腳本重新生效,修改環境變量配置
執行結果
[root@controller ~]# nova service-list +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-conductor | controller | internal | enabled | up | 2019-12-23T01:30:56.000000 | - | | 2 | nova-consoleauth | controller | internal | enabled | up | 2019-12-23T01:30:56.000000 | - | | 3 | nova-scheduler | controller | internal | enabled | up | 2019-12-23T01:30:56.000000 | - | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
另外兩個服務一個時nova-api,顯示界面正常說明nova-api沒有問題,另一個服務nova-novncproxy通過一下檢測 [root@controller ~]# netstat -lntup|grep 6080 tcp 0 0 0.0.0.0:6080 0.0.0.0:* LISTEN 9475/python2 [root@controller ~]# ps -ef | grep 9475 nova 9475 1 0 09:23 ? 00:00:01 /usr/bin/python2 /usr/bin/nova-novncproxy --web /usr/share/novnc/ root 10919 10631 0 09:47 pts/0 00:00:00 grep --color=auto 9475
在計算機點安裝服務
1.安裝服務
[root@compute1 ~]# yum install -y openstack-nova-compute openstack-utils.noarch
2.修改配置文件
[root@compute1 ~]# cp /etc/nova/nova.conf{,.bak} [root@compute1 ~]# grep -Ev '^$|#' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.31
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
3.啟動服務
[root@compute1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@compute1 ~]# systemctl start libvirtd.service openstack-nova-compute.service
4.驗證服務
在控制節點查看nova服務狀態
[root@controller ~]# nova service-list +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-conductor | controller | internal | enabled | up | 2019-12-23T06:28:53.000000 | - | | 2 | nova-consoleauth | controller | internal | enabled | up | 2019-12-23T06:28:50.000000 | - | | 3 | nova-scheduler | controller | internal | enabled | up | 2019-12-23T06:28:51.000000 | - | | 6 | nova-compute | compute1 | nova | enabled | up | 2019-12-23T06:28:48.000000 | - | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
五、neutron 網絡服務
在控制節點上安裝配置
1.創建數據庫並授權
MariaDB [(none)]> CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
[root@controller ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 44 Server version: 10.1.20-MariaDB MariaDB Server Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.00 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'; Query OK, 0 rows affected (0.01 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]> exit
2.在keystone創建系統用戶
[root@controller ~]# openstack user create --domain default --password NEUTRON_PASS neutron
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack user create --domain default --password NEUTRON_PASS neutron +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | c9f9dbbfdfe34c45b9e18b1aca5aea1c | | enabled | True | | id | 25e38bd3c4cb43069ae6f02024b00f1f | | name | neutron | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user neutron admin
3.在keystone 創建服務並注冊api
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network [root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 [root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 23811beac4d34f438aeededbe1542041 | | name | neutron | | type | network | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | fd99523437624934bec3b31c7f222679 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 23811beac4d34f438aeededbe1542041 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 7a71f08bc75d47378e9cd09bb9114dca | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 23811beac4d34f438aeededbe1542041 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696 +--------------+----------------------------------+ | Field | Value | +--------------+----------------------------------+ | enabled | True | | id | 0a650a177ab14af79a389821c3cb4d67 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 23811beac4d34f438aeededbe1542041 | | service_name | neutron | | service_type | network | | url | http://controller:9696 | +--------------+----------------------------------+
4.安裝服務相應軟件包
[root@controller ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
5.修改配置文件
增加一塊萬卡配置
ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.11 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::389d:e340:ea17:3a30 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:67:46:37 txqueuelen 1000 (Ethernet) RX packets 22405 bytes 7134527 (6.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 16055 bytes 4999491 (4.7 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 ens37: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.10.100.11 netmask 255.255.255.0 broadcast 10.10.100.255 ether 00:0c:29:67:46:41 txqueuelen 1000 (Ethernet) RX packets 53 bytes 9300 (9.0 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 52 bytes 8782 (8.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 165658 bytes 48334681 (46.0 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 165658 bytes 48334681 (46.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@controller ~]# nmcli con show NAME UUID TYPE DEVICE ens33 5b7edfad-37ad-4254-a1d9-660686d0f9d7 ethernet ens33 Wired connection 1 2fe07932-584b-33ee-9e22-abef21281914 ethernet ens37 [root@controller ~]# cat /etc/sysconfig/network-scripts/ifcfg-ens37 NAME=ens37 DEVICE=ens37 TYPE=Ethernet ONBOOT="yes" BOOTPROTO="none" UUID=2fe07932-584b-33ee-9e22-abef21281914 HWADDR=00:0C:29:67:46:41 [root@controller ~]#
修改配置文件
a:修改/etc/neutron/neutron.conf cp /etc/neutron/neutron.conf{,.bak} grep '^[a-z\[]' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
b:修改/etc/neutron/plugins/ml2/ml2_conf.ini cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak} grep '^[a-z\[]' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
c:修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} grep '^[a-z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
d:修改/etc/neutron/dhcp_agent.ini
cp /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak >/etc/neutron/dhcp_agent.ini
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
e:修改/etc/neutron/metadata_agent.ini
cp /etc/neutron/metadata_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak >/etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
f:修改/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
6.初始化數據庫
創建軟連接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步數據庫
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@controller ~]# su -s /bash/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron su: failed to execute /bash/sh: No such file or directory [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron No handlers could be found for logger "oslo_config.cfg" INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Running upgrade for neutron ... INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d, Add availability zone INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a, add is_default to subnetpool INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25, Add standard attribute table INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee, Add network availability zone INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9, Add router availability zone INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4, Add ip_version to AddressScope INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664, Add tables and attributes to support external DNS integration INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5, add_unique_ha_router_agent_port_bindings INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f, Auto Allocated Topology - aka Get-Me-A-Network INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821, add dynamic routing model data INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4, add_bgp_dragent_model_data INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81, rbac_qos_policy INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6, Add resource_versions row to agent table INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532, tag support INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f, add_timestamp_to_base_resources INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a, Add desc to standard attr table INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule. INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada, network_rbac INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c, Drop embrane plugin table INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39, standardattributes migration INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b, DVR sheduling refactoring INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050, Drop NEC plugin tables INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9, rbac_qos_policy INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada, network_rbac_external INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc, standard_desc OK [root@controller ~]# mysql neutron -e "show tables;" +-----------------------------------------+ | Tables_in_neutron | +-----------------------------------------+ | address_scopes | | agents | | alembic_version | | allowedaddresspairs | | arista_provisioned_nets | | arista_provisioned_tenants | | arista_provisioned_vms | | auto_allocated_topologies | | bgp_peers | | bgp_speaker_dragent_bindings | | bgp_speaker_network_bindings | | bgp_speaker_peer_bindings | | bgp_speakers | | brocadenetworks | | brocadeports | | cisco_csr_identifier_map | | cisco_hosting_devices | | cisco_ml2_apic_contracts | | cisco_ml2_apic_host_links | | cisco_ml2_apic_names | | cisco_ml2_n1kv_network_bindings | | cisco_ml2_n1kv_network_profiles | | cisco_ml2_n1kv_policy_profiles | | cisco_ml2_n1kv_port_bindings | | cisco_ml2_n1kv_profile_bindings | | cisco_ml2_n1kv_vlan_allocations | | cisco_ml2_n1kv_vxlan_allocations | | cisco_ml2_nexus_nve | | cisco_ml2_nexusport_bindings | | cisco_port_mappings | | cisco_router_mappings | | consistencyhashes | | default_security_group | | dnsnameservers | | dvr_host_macs | | externalnetworks | | extradhcpopts | | firewall_policies | | firewall_rules | | firewalls | | flavors | | flavorserviceprofilebindings | | floatingipdnses | | floatingips | | ha_router_agent_port_bindings | | ha_router_networks | | ha_router_vrid_allocations | | healthmonitors | | ikepolicies | | ipallocationpools | | ipallocations | | ipamallocationpools | | ipamallocations | | ipamavailabilityranges | | ipamsubnets | | ipavailabilityranges | | ipsec_site_connections | | ipsecpeercidrs | | ipsecpolicies | | lsn | | lsn_port | | maclearningstates | | members | | meteringlabelrules | | meteringlabels | | ml2_brocadenetworks | | ml2_brocadeports | | ml2_dvr_port_bindings | | ml2_flat_allocations | | ml2_geneve_allocations | | ml2_geneve_endpoints | | ml2_gre_allocations | | ml2_gre_endpoints | | ml2_network_segments | | ml2_nexus_vxlan_allocations | | ml2_nexus_vxlan_mcast_groups | | ml2_port_binding_levels | | ml2_port_bindings | | ml2_ucsm_port_profiles | | ml2_vlan_allocations | | ml2_vxlan_allocations | | ml2_vxlan_endpoints | | multi_provider_networks | | networkconnections | | networkdhcpagentbindings | | networkdnsdomains | | networkgatewaydevicereferences | | networkgatewaydevices | | networkgateways | | networkqueuemappings | | networkrbacs | | networks | | networksecuritybindings | | neutron_nsx_network_mappings | | neutron_nsx_port_mappings | | neutron_nsx_router_mappings | | neutron_nsx_security_group_mappings | | nexthops | | nsxv_edge_dhcp_static_bindings | | nsxv_edge_vnic_bindings | | nsxv_firewall_rule_bindings | | nsxv_internal_edges | | nsxv_internal_networks | | nsxv_port_index_mappings | | nsxv_port_vnic_mappings | | nsxv_router_bindings | | nsxv_router_ext_attributes | | nsxv_rule_mappings | | nsxv_security_group_section_mappings | | nsxv_spoofguard_policy_network_mappings | | nsxv_tz_network_bindings | | nsxv_vdr_dhcp_bindings | | nuage_net_partition_router_mapping | | nuage_net_partitions | | nuage_provider_net_bindings | | nuage_subnet_l2dom_mapping | | poolloadbalanceragentbindings | | poolmonitorassociations | | pools | | poolstatisticss | | portbindingports | | portdnses | | portqueuemappings | | ports | | portsecuritybindings | | providerresourceassociations | | qos_bandwidth_limit_rules | | qos_network_policy_bindings | | qos_policies | | qos_port_policy_bindings | | qospolicyrbacs | | qosqueues | | quotas | | quotausages | | reservations | | resourcedeltas | | router_extra_attributes | | routerl3agentbindings | | routerports | | routerroutes | | routerrules | | routers | | securitygroupportbindings | | securitygrouprules | | securitygroups | | serviceprofiles | | sessionpersistences | | standardattributes | | subnetpoolprefixes | | subnetpools | | subnetroutes | | subnets | | tags | | tz_network_bindings | | vcns_router_bindings | | vips | | vpnservices | +-----------------------------------------+ [root@controller ~]#
7啟動服務
重啟nova服務
[root@controller ~]# systemctl restart openstack-nova-api.service
啟動neutron服務
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
問題: 啟動neutron-linuxbridge-agent.service 失敗 [root@controller ~]# more /var/log/neutron/linuxbridge-agent.log 2019-12-25 10:20:19.007 10957 ERROR neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Tunneling cannot b e enabled without the local_ip bound to an interface on the host. Please configure local_ip None on the host interface to be used for tunneling and restart the agent.
解決方法:直接通過vi編輯,將官網配置內容復制到該文件中,問題原因可能時,在執行命令輸入時有字符錯誤
8.檢查服務
[root@controller ~]# neutron agent-list +---------------------+--------------------+------------+-------------------+-------+----------------+------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +---------------------+--------------------+------------+-------------------+-------+----------------+------------------------+ | 174e3d3d-abab-4f10- | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge- | | a0c7-95179a1eac2c | | | | | | agent | | c9581486-ada1-425a- | Metadata agent | controller | | :-) | True | neutron-metadata-agent | | be85-1f44fbc6e5bc | | | | | | | | daae304c-b211-449c- | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent | | 9e5f-5b94ecc8e765 | | | | | | | +---------------------+--------------------+------------+-------------------+-------+----------------+------------------------+ [root@controller ~]#
在計算節點上安裝配置neutron
1.安裝軟件包
[root@compute1 ~]# yum install -y openstack-neutron-linuxbridge ebtables ipset
2.修改配置文件
cp /etc/neutron/neutron.conf{,.bak} grep '^[a-z\[]' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
校驗:
[root@compute1 ~]# md5sum /etc/neutron/neutron.conf
77ffab503797be5063c06e8b956d6ed0 /etc/neutron/neutron.conf
直接拉取控制節點 linuxbridge_agent.ini文件
[root@compute1 ~]# scp -rp 10.0.0.11:/etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini
配置nova 配置文件
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
3.啟動服務
重啟nova
[root@compute1 ~]# systemctl restart openstack-nova-compute.service
啟動neutron服務
[root@compute1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@compute1 ~]# systemctl start neutron-linuxbridge-agent.service
查看控制節點是否自動注冊了計算幾點的網絡
[root@controller ~]# neutron agent-list +---------------------+--------------------+------------+-------------------+-------+----------------+------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +---------------------+--------------------+------------+-------------------+-------+----------------+------------------------+ | 174e3d3d-abab-4f10- | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge- | | a0c7-95179a1eac2c | | | | | | agent | | 706bb03b-bb17-47e7- | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge- | | b650-75d518c1bfdf | | | | | | agent | | c9581486-ada1-425a- | Metadata agent | controller | | :-) | True | neutron-metadata-agent | | be85-1f44fbc6e5bc | | | | | | | | daae304c-b211-449c- | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent | | 9e5f-5b94ecc8e765 | | | | | | | +---------------------+--------------------+------------+-------------------+-------+----------------+------------------------+
六、horizon 界面安裝
1.可獨立安裝,本例安裝在計算節點中
[root@compute1 ~]# yum install -y openstack-dashboard
2.配置
[root@compute1 ~]# cat /etc/openstack-dashboard/local_settings # -*- coding: utf-8 -*- import os from django.utils.translation import ugettext_lazy as _ from openstack_dashboard import exceptions from openstack_dashboard.settings import HORIZON_CONFIG DEBUG = False TEMPLATE_DEBUG = DEBUG # WEBROOT is the location relative to Webserver root # should end with a slash. WEBROOT = '/dashboard/' #LOGIN_URL = WEBROOT + 'auth/login/' #LOGOUT_URL = WEBROOT + 'auth/logout/' # # LOGIN_REDIRECT_URL can be used as an alternative for # HORIZON_CONFIG.user_home, if user_home is not set. # Do not set it to '/home/', as this will cause circular redirect loop #LOGIN_REDIRECT_URL = WEBROOT # If horizon is running in production (DEBUG is False), set this # with the list of host/domain names that the application can serve. # For more information see: # https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts ALLOWED_HOSTS = ['*', ] # Set SSL proxy settings: # Pass this header from the proxy after terminating the SSL, # and don't forget to strip it from the client's request. # For more information see: # https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header #SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') # If Horizon is being served through SSL, then uncomment the following two # settings to better secure the cookies from security exploits #CSRF_COOKIE_SECURE = True #SESSION_COOKIE_SECURE = True # The absolute path to the directory where message files are collected. # The message file must have a .json file extension. When the user logins to # horizon, the message files collected are processed and displayed to the user. #MESSAGES_PATH=None # Overrides for OpenStack API versions. Use this setting to force the # OpenStack dashboard to use a specific API version for a given service API. # Versions specified here should be integers or floats, not strings. # NOTE: The version should be formatted as it appears in the URL for the # service API. For example, The identity service APIs have inconsistent # use of the decimal point, so valid options would be 2.0 or 3. OPENSTACK_API_VERSIONS = { # "data-processing": 1.1, "identity": 3, "image": 2, "volume": 2, "compute": 2, } # Set this to True if running on multi-domain model. When this is enabled, it # will require user to enter the Domain name in addition to username for login. OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True # Overrides the default domain used when running on single-domain model # with Keystone V3. All entities will be created in the default domain. # NOTE: This value must be the ID of the default domain, NOT the name. # Also, you will most likely have a value in the keystone policy file like this # "cloud_admin": "rule:admin_required and domain_id:<your domain id>" # This value must match the domain id specified there. OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'default' # Set this to True to enable panels that provide the ability for users to # manage Identity Providers (IdPs) and establish a set of rules to map # federation protocol attributes to Identity API attributes. # This extension requires v3.0+ of the Identity API. #OPENSTACK_KEYSTONE_FEDERATION_MANAGEMENT = False # Set Console type: # valid options are "AUTO"(default), "VNC", "SPICE", "RDP", "SERIAL" or None # Set to None explicitly if you want to deactivate the console. #CONSOLE_TYPE = "AUTO" # If provided, a "Report Bug" link will be displayed in the site header # which links to the value of this setting (ideally a URL containing # information on how to report issues). #HORIZON_CONFIG["bug_url"] = "http://bug-report.example.com" # Show backdrop element outside the modal, do not close the modal # after clicking on backdrop. #HORIZON_CONFIG["modal_backdrop"] = "static" # Specify a regular expression to validate user passwords. #HORIZON_CONFIG["password_validator"] = { # "regex": '.*', # "help_text": _("Your password does not meet the requirements."), #} # Disable simplified floating IP address management for deployments with # multiple floating IP pools or complex network requirements. #HORIZON_CONFIG["simple_ip_management"] = False # Turn off browser autocompletion for forms including the login form and # the database creation workflow if so desired. #HORIZON_CONFIG["password_autocomplete"] = "off" # Setting this to True will disable the reveal button for password fields, # including on the login form. #HORIZON_CONFIG["disable_password_reveal"] = False LOCAL_PATH = '/tmp' # Set custom secret key: # You can either set it to a specific value or you can let horizon generate a # default secret key that is unique on this machine, e.i. regardless of the # amount of Python WSGI workers (if used behind Apache+mod_wsgi): However, # there may be situations where you would want to set this explicitly, e.g. # when multiple dashboard instances are distributed on different machines # (usually behind a load-balancer). Either you have to make sure that a session # gets all requests routed to the same dashboard instance or you set the same # SECRET_KEY for all of them. SECRET_KEY='65941f1393ea1c265ad7' # We recommend you use memcached for development; otherwise after every reload # of the django development server, you will have to login again. To use # memcached set CACHES to something like SESSION_ENGINE = 'django.contrib.sessions.backends.cache' CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', }, } #CACHES = { # 'default': { # 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache', # }, #} # Send email to the console by default EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend' # Or send them to /dev/null #EMAIL_BACKEND = 'django.core.mail.backends.dummy.EmailBackend' # Configure these for your outgoing email host #EMAIL_HOST = 'smtp.my-company.com' #EMAIL_PORT = 25 #EMAIL_HOST_USER = 'djangomail' #EMAIL_HOST_PASSWORD = 'top-secret!' # For multiple regions uncomment this configuration, and add (endpoint, title). #AVAILABLE_REGIONS = [ # ('http://cluster1.example.com:5000/v2.0', 'cluster1'), # ('http://cluster2.example.com:5000/v2.0', 'cluster2'), #] OPENSTACK_HOST = "controller" OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" # Enables keystone web single-sign-on if set to True. #WEBSSO_ENABLED = False # Determines which authentication choice to show as default. #WEBSSO_INITIAL_CHOICE = "credentials" # The list of authentication mechanisms which include keystone # federation protocols and identity provider/federation protocol # mapping keys (WEBSSO_IDP_MAPPING). Current supported protocol # IDs are 'saml2' and 'oidc' which represent SAML 2.0, OpenID # Connect respectively. # Do not remove the mandatory credentials mechanism. # Note: The last two tuples are sample mapping keys to a identity provider # and federation protocol combination (WEBSSO_IDP_MAPPING). #WEBSSO_CHOICES = ( # ("credentials", _("Keystone Credentials")), # ("oidc", _("OpenID Connect")), # ("saml2", _("Security Assertion Markup Language")), # ("acme_oidc", "ACME - OpenID Connect"), # ("acme_saml2", "ACME - SAML2"), #) # A dictionary of specific identity provider and federation protocol # combinations. From the selected authentication mechanism, the value # will be looked up as keys in the dictionary. If a match is found, # it will redirect the user to a identity provider and federation protocol # specific WebSSO endpoint in keystone, otherwise it will use the value # as the protocol_id when redirecting to the WebSSO by protocol endpoint. # NOTE: The value is expected to be a tuple formatted as: (<idp_id>, <protocol_id>). #WEBSSO_IDP_MAPPING = { # "acme_oidc": ("acme", "oidc"), # "acme_saml2": ("acme", "saml2"), #} # Disable SSL certificate checks (useful for self-signed certificates): #OPENSTACK_SSL_NO_VERIFY = True # The CA certificate to use to verify SSL connections #OPENSTACK_SSL_CACERT = '/path/to/cacert.pem' # The OPENSTACK_KEYSTONE_BACKEND settings can be used to identify the # capabilities of the auth backend for Keystone. # If Keystone has been configured to use LDAP as the auth backend then set # can_edit_user to False and name to 'ldap'. # # TODO(tres): Remove these once Keystone has an API to identify auth backend. OPENSTACK_KEYSTONE_BACKEND = { 'name': 'native', 'can_edit_user': True, 'can_edit_group': True, 'can_edit_project': True, 'can_edit_domain': True, 'can_edit_role': True, } # Setting this to True, will add a new "Retrieve Password" action on instance, # allowing Admin session password retrieval/decryption. #OPENSTACK_ENABLE_PASSWORD_RETRIEVE = False # The Launch Instance user experience has been significantly enhanced. # You can choose whether to enable the new launch instance experience, # the legacy experience, or both. The legacy experience will be removed # in a future release, but is available as a temporary backup setting to ensure # compatibility with existing deployments. Further development will not be # done on the legacy experience. Please report any problems with the new # experience via the Launchpad tracking system. # # Toggle LAUNCH_INSTANCE_LEGACY_ENABLED and LAUNCH_INSTANCE_NG_ENABLED to # determine the experience to enable. Set them both to true to enable # both. #LAUNCH_INSTANCE_LEGACY_ENABLED = True #LAUNCH_INSTANCE_NG_ENABLED = False # A dictionary of settings which can be used to provide the default values for # properties found in the Launch Instance modal. #LAUNCH_INSTANCE_DEFAULTS = { # 'config_drive': False, #} # The Xen Hypervisor has the ability to set the mount point for volumes # attached to instances (other Hypervisors currently do not). Setting # can_set_mount_point to True will add the option to set the mount point # from the UI. OPENSTACK_HYPERVISOR_FEATURES = { 'can_set_mount_point': False, 'can_set_password': False, 'requires_keypair': False, } # The OPENSTACK_CINDER_FEATURES settings can be used to enable optional # services provided by cinder that is not exposed by its extension API. OPENSTACK_CINDER_FEATURES = { 'enable_backup': False, } # The OPENSTACK_NEUTRON_NETWORK settings can be used to enable optional # services provided by neutron. Options currently available are load # balancer service, security groups, quotas, VPN service. OPENSTACK_NEUTRON_NETWORK = { 'enable_router': False, 'enable_quotas': False, 'enable_ipv6': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_vpn': False, 'enable_fip_topology_check': False, # Neutron can be configured with a default Subnet Pool to be used for IPv4 # subnet-allocation. Specify the label you wish to display in the Address # pool selector on the create subnet step if you want to use this feature. 'default_ipv4_subnet_pool_label': None, # Neutron can be configured with a default Subnet Pool to be used for IPv6 # subnet-allocation. Specify the label you wish to display in the Address # pool selector on the create subnet step if you want to use this feature. # You must set this to enable IPv6 Prefix Delegation in a PD-capable # environment. 'default_ipv6_subnet_pool_label': None, # The profile_support option is used to detect if an external router can be # configured via the dashboard. When using specific plugins the # profile_support can be turned on if needed. 'profile_support': None, #'profile_support': 'cisco', # Set which provider network types are supported. Only the network types # in this list will be available to choose from when creating a network. # Network types include local, flat, vlan, gre, and vxlan. 'supported_provider_types': ['*'], # Set which VNIC types are supported for port binding. Only the VNIC # types in this list will be available to choose from when creating a # port. # VNIC types include 'normal', 'macvtap' and 'direct'. # Set to empty list or None to disable VNIC type selection. 'supported_vnic_types': ['*'], } # The OPENSTACK_HEAT_STACK settings can be used to disable password # field required while launching the stack. OPENSTACK_HEAT_STACK = { 'enable_user_pass': True, } # The OPENSTACK_IMAGE_BACKEND settings can be used to customize features # in the OpenStack Dashboard related to the Image service, such as the list # of supported image formats. #OPENSTACK_IMAGE_BACKEND = { # 'image_formats': [ # ('', _('Select format')), # ('aki', _('AKI - Amazon Kernel Image')), # ('ami', _('AMI - Amazon Machine Image')), # ('ari', _('ARI - Amazon Ramdisk Image')), # ('docker', _('Docker')), # ('iso', _('ISO - Optical Disk Image')), # ('ova', _('OVA - Open Virtual Appliance')), # ('qcow2', _('QCOW2 - QEMU Emulator')), # ('raw', _('Raw')), # ('vdi', _('VDI - Virtual Disk Image')), # ('vhd', _('VHD - Virtual Hard Disk')), # ('vmdk', _('VMDK - Virtual Machine Disk')), # ], #} # The IMAGE_CUSTOM_PROPERTY_TITLES settings is used to customize the titles for # image custom property attributes that appear on image detail pages. IMAGE_CUSTOM_PROPERTY_TITLES = { "architecture": _("Architecture"), "kernel_id": _("Kernel ID"), "ramdisk_id": _("Ramdisk ID"), "image_state": _("Euca2ools state"), "project_id": _("Project ID"), "image_type": _("Image Type"), } # The IMAGE_RESERVED_CUSTOM_PROPERTIES setting is used to specify which image # custom properties should not be displayed in the Image Custom Properties # table. IMAGE_RESERVED_CUSTOM_PROPERTIES = [] # OPENSTACK_ENDPOINT_TYPE specifies the endpoint type to use for the endpoints # in the Keystone service catalog. Use this setting when Horizon is running # external to the OpenStack environment. The default is 'publicURL'. #OPENSTACK_ENDPOINT_TYPE = "publicURL" # SECONDARY_ENDPOINT_TYPE specifies the fallback endpoint type to use in the # case that OPENSTACK_ENDPOINT_TYPE is not present in the endpoints # in the Keystone service catalog. Use this setting when Horizon is running # external to the OpenStack environment. The default is None. This # value should differ from OPENSTACK_ENDPOINT_TYPE if used. #SECONDARY_ENDPOINT_TYPE = "publicURL" # The number of objects (Swift containers/objects or images) to display # on a single page before providing a paging element (a "more" link) # to paginate results. API_RESULT_LIMIT = 1000 API_RESULT_PAGE_SIZE = 20 # The size of chunk in bytes for downloading objects from Swift SWIFT_FILE_TRANSFER_CHUNK_SIZE = 512 * 1024 # Specify a maximum number of items to display in a dropdown. DROPDOWN_MAX_ITEMS = 30 # The timezone of the server. This should correspond with the timezone # of your entire OpenStack installation, and hopefully be in UTC. TIME_ZONE = "Asia/Shanghai" # When launching an instance, the menu of available flavors is # sorted by RAM usage, ascending. If you would like a different sort order, # you can provide another flavor attribute as sorting key. Alternatively, you # can provide a custom callback method to use for sorting. You can also provide # a flag for reverse sort. For more info, see # http://docs.python.org/2/library/functions.html#sorted #CREATE_INSTANCE_FLAVOR_SORT = { # 'key': 'name', # # or # 'key': my_awesome_callback_method, # 'reverse': False, #} # Set this to True to display an 'Admin Password' field on the Change Password # form to verify that it is indeed the admin logged-in who wants to change # the password. #ENFORCE_PASSWORD_CHECK = False # Modules that provide /auth routes that can be used to handle different types # of user authentication. Add auth plugins that require extra route handling to # this list. #AUTHENTICATION_URLS = [ # 'openstack_auth.urls', #] # The Horizon Policy Enforcement engine uses these values to load per service # policy rule files. The content of these files should match the files the # OpenStack services are using to determine role based access control in the # target installation. # Path to directory containing policy.json files POLICY_FILES_PATH = '/etc/openstack-dashboard' # Map of local copy of service policy files. # Please insure that your identity policy file matches the one being used on # your keystone servers. There is an alternate policy file that may be used # in the Keystone v3 multi-domain case, policy.v3cloudsample.json. # This file is not included in the Horizon repository by default but can be # found at # http://git.openstack.org/cgit/openstack/keystone/tree/etc/ \ # policy.v3cloudsample.json # Having matching policy files on the Horizon and Keystone servers is essential # for normal operation. This holds true for all services and their policy files. #POLICY_FILES = { # 'identity': 'keystone_policy.json', # 'compute': 'nova_policy.json', # 'volume': 'cinder_policy.json', # 'image': 'glance_policy.json', # 'orchestration': 'heat_policy.json', # 'network': 'neutron_policy.json', # 'telemetry': 'ceilometer_policy.json', #} # TODO: (david-lyle) remove when plugins support adding settings. # Note: Only used when trove-dashboard plugin is configured to be used by # Horizon. # Trove user and database extension support. By default support for # creating users and databases on database instances is turned on. # To disable these extensions set the permission here to something # unusable such as ["!"]. #TROVE_ADD_USER_PERMS = [] #TROVE_ADD_DATABASE_PERMS = [] # Change this patch to the appropriate list of tuples containing # a key, label and static directory containing two files: # _variables.scss and _styles.scss #AVAILABLE_THEMES = [ # ('default', 'Default', 'themes/default'), # ('material', 'Material', 'themes/material'), #] LOGGING = { 'version': 1, # When set to True this will disable all logging except # for loggers specified in this configuration dictionary. Note that # if nothing is specified here and disable_existing_loggers is True, # django.db.backends will still log unless it is disabled explicitly. 'disable_existing_loggers': False, 'handlers': { 'null': { 'level': 'DEBUG', 'class': 'logging.NullHandler', }, 'console': { # Set the level to "DEBUG" for verbose output logging. 'level': 'INFO', 'class': 'logging.StreamHandler', }, }, 'loggers': { # Logging from django.db.backends is VERY verbose, send to null # by default. 'django.db.backends': { 'handlers': ['null'], 'propagate': False, }, 'requests': { 'handlers': ['null'], 'propagate': False, }, 'horizon': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'openstack_dashboard': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'novaclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'cinderclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'keystoneclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'glanceclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'neutronclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'heatclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'ceilometerclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'swiftclient': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'openstack_auth': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'nose.plugins.manager': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'django': { 'handlers': ['console'], 'level': 'DEBUG', 'propagate': False, }, 'iso8601': { 'handlers': ['null'], 'propagate': False, }, 'scss': { 'handlers': ['null'], 'propagate': False, }, }, } # 'direction' should not be specified for all_tcp/udp/icmp. # It is specified in the form. SECURITY_GROUP_RULES = { 'all_tcp': { 'name': _('All TCP'), 'ip_protocol': 'tcp', 'from_port': '1', 'to_port': '65535', }, 'all_udp': { 'name': _('All UDP'), 'ip_protocol': 'udp', 'from_port': '1', 'to_port': '65535', }, 'all_icmp': { 'name': _('All ICMP'), 'ip_protocol': 'icmp', 'from_port': '-1', 'to_port': '-1', }, 'ssh': { 'name': 'SSH', 'ip_protocol': 'tcp', 'from_port': '22', 'to_port': '22', }, 'smtp': { 'name': 'SMTP', 'ip_protocol': 'tcp', 'from_port': '25', 'to_port': '25', }, 'dns': { 'name': 'DNS', 'ip_protocol': 'tcp', 'from_port': '53', 'to_port': '53', }, 'http': { 'name': 'HTTP', 'ip_protocol': 'tcp', 'from_port': '80', 'to_port': '80', }, 'pop3': { 'name': 'POP3', 'ip_protocol': 'tcp', 'from_port': '110', 'to_port': '110', }, 'imap': { 'name': 'IMAP', 'ip_protocol': 'tcp', 'from_port': '143', 'to_port': '143', }, 'ldap': { 'name': 'LDAP', 'ip_protocol': 'tcp', 'from_port': '389', 'to_port': '389', }, 'https': { 'name': 'HTTPS', 'ip_protocol': 'tcp', 'from_port': '443', 'to_port': '443', }, 'smtps': { 'name': 'SMTPS', 'ip_protocol': 'tcp', 'from_port': '465', 'to_port': '465', }, 'imaps': { 'name': 'IMAPS', 'ip_protocol': 'tcp', 'from_port': '993', 'to_port': '993', }, 'pop3s': { 'name': 'POP3S', 'ip_protocol': 'tcp', 'from_port': '995', 'to_port': '995', }, 'ms_sql': { 'name': 'MS SQL', 'ip_protocol': 'tcp', 'from_port': '1433', 'to_port': '1433', }, 'mysql': { 'name': 'MYSQL', 'ip_protocol': 'tcp', 'from_port': '3306', 'to_port': '3306', }, 'rdp': { 'name': 'RDP', 'ip_protocol': 'tcp', 'from_port': '3389', 'to_port': '3389', }, } # Deprecation Notice: # # The setting FLAVOR_EXTRA_KEYS has been deprecated. # Please load extra spec metadata into the Glance Metadata Definition Catalog. # # The sample quota definitions can be found in: # <glance_source>/etc/metadefs/compute-quota.json # # The metadata definition catalog supports CLI and API: # $glance --os-image-api-version 2 help md-namespace-import # $glance-manage db_load_metadefs <directory_with_definition_files> # # See Metadata Definitions on: http://docs.openstack.org/developer/glance/ # TODO: (david-lyle) remove when plugins support settings natively # Note: This is only used when the Sahara plugin is configured and enabled # for use in Horizon. # Indicate to the Sahara data processing service whether or not # automatic floating IP allocation is in effect. If it is not # in effect, the user will be prompted to choose a floating IP # pool for use in their cluster. False by default. You would want # to set this to True if you were running Nova Networking with # auto_assign_floating_ip = True. #SAHARA_AUTO_IP_ALLOCATION_ENABLED = False # The hash algorithm to use for authentication tokens. This must # match the hash algorithm that the identity server and the # auth_token middleware are using. Allowed values are the # algorithms supported by Python's hashlib library. #OPENSTACK_TOKEN_HASH_ALGORITHM = 'md5' # Hashing tokens from Keystone keeps the Horizon session data smaller, but it # doesn't work in some cases when using PKI tokens. Uncomment this value and # set it to False if using PKI tokens and there are 401 errors due to token # hashing. #OPENSTACK_TOKEN_HASH_ENABLED = True # AngularJS requires some settings to be made available to # the client side. Some settings are required by in-tree / built-in horizon # features. These settings must be added to REST_API_REQUIRED_SETTINGS in the # form of ['SETTING_1','SETTING_2'], etc. # # You may remove settings from this list for security purposes, but do so at # the risk of breaking a built-in horizon feature. These settings are required # for horizon to function properly. Only remove them if you know what you # are doing. These settings may in the future be moved to be defined within # the enabled panel configuration. # You should not add settings to this list for out of tree extensions. # See: https://wiki.openstack.org/wiki/Horizon/RESTAPI REST_API_REQUIRED_SETTINGS = ['OPENSTACK_HYPERVISOR_FEATURES', 'LAUNCH_INSTANCE_DEFAULTS'] # Additional settings can be made available to the client side for # extensibility by specifying them in REST_API_ADDITIONAL_SETTINGS # !! Please use extreme caution as the settings are transferred via HTTP/S # and are not encrypted on the browser. This is an experimental API and # may be deprecated in the future without notice. #REST_API_ADDITIONAL_SETTINGS = [] # DISALLOW_IFRAME_EMBED can be used to prevent Horizon from being embedded # within an iframe. Legacy browsers are still vulnerable to a Cross-Frame # Scripting (XFS) vulnerability, so this option allows extra security hardening # where iframes are not used in deployment. Default setting is True. # For more information see: # http://tinyurl.com/anticlickjack #DISALLOW_IFRAME_EMBED = True [root@compute1 ~]#
修改/etc/httpd/conf.d/openstack-dashboard.conf 配置文件參數
[root@compute1 ~]# vi /etc/httpd/conf.d/openstack-dashboard.conf WSGIDaemonProcess dashboard WSGIProcessGroup dashboard WSGISocketPrefix run/wsgi WSGIApplicationGroup %{GLOBAL} ###增加參數配置 WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi Alias /dashboard/static /usr/share/openstack-dashboard/static <Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi> Options All AllowOverride All Require all granted </Directory> <Directory /usr/share/openstack-dashboard/static> Options All AllowOverride All Require all granted </Directory>
3.啟動httpd服務
[root@compute1 ~]# systemctl start httpd
七、啟動實例
創建網絡
[root@controller ~]# neutron net-create --share --provider:physical_network provider --provider:network_type flat ar [root@controller ~]# neutron subnet-create --name artest --allocation-pool start=10.0.0.101,end=10.0.0.250 --dns-nameserver 114.114.114.114 --gateway 10.0.0.2 ar 10.0.0.0/24
[root@controller ~]# neutron net-create --share --provider:physical_network provider --provider:network_type flat ar Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2019-12-26T03:30:40 | | description | | | id | 974bf2fb-90d6-499c-8157-971a09f46106 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | ar | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | provider | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | 45f70e0011bb4c09985709c1a5dccd0d | | updated_at | 2019-12-26T03:30:40 | +---------------------------+--------------------------------------+ [root@controller ~]# neutron subnet-create --name artest --allocation-pool start=10.0.0.101,end=10.0.0.250 --dns-nameserver 114.114.114.114 --gateway 10.0.0.2 ar 10.0.0.0/24 Created a new subnet: +-------------------+----------------------------------------------+ | Field | Value | +-------------------+----------------------------------------------+ | allocation_pools | {"start": "10.0.0.101", "end": "10.0.0.250"} | | cidr | 10.0.0.0/24 | | created_at | 2019-12-26T03:33:30 | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 10.0.0.2 | | host_routes | | | id | 74489b2a-755d-4f75-9c57-b9bda2d98eb6 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | artest | | network_id | 974bf2fb-90d6-499c-8157-971a09f46106 | | subnetpool_id | | | tenant_id | 45f70e0011bb4c09985709c1a5dccd0d | | updated_at | 2019-12-26T03:33:30 | +-------------------+----------------------------------------------+ [root@controller ~]#
創建雲主機硬件配置方案
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano +----------------------------+---------+ | Field | Value | +----------------------------+---------+ | OS-FLV-DISABLED:disabled | False | | OS-FLV-EXT-DATA:ephemeral | 0 | | disk | 1 | | id | 0 | | name | m1.nano | | os-flavor-access:is_public | True | | ram | 64 | | rxtx_factor | 1.0 | | swap | | | vcpus | 1 | +----------------------------+---------+ [root@controller ~]#
創建秘鑰對
[root@controller ~]# ssh-keygen -q -N "" -f ~/.ssh/id_rsa
上傳秘鑰對到openstack中
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey +-------------+-------------------------------------------------+ | Field | Value | +-------------+-------------------------------------------------+ | fingerprint | ca:d1:a8:f5:b8:8d:0d:c4:9f:d5:11:df:f1:48:e9:24 | | name | mykey | | user_id | d1ec935819424b6db22198b528834b4e | +-------------+-------------------------------------------------+ [root@controller ~]#
創建安全組規則
[root@controller ~]# openstack security group rule create --proto icmp default [root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default
[root@controller ~]# openstack security group rule create --proto icmp default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | 12926d8a-8d5e-4423-a0fc-de1f03453341 | | ip_protocol | icmp | | ip_range | 0.0.0.0/0 | | parent_group_id | fcbec411-99c5-4735-b418-aebd051746a5 | | port_range | | | remote_security_group | | +-----------------------+--------------------------------------+ [root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default +-----------------------+--------------------------------------+ | Field | Value | +-----------------------+--------------------------------------+ | id | 331ef464-d27c-4356-8e74-a50f11855e84 | | ip_protocol | tcp | | ip_range | 0.0.0.0/0 | | parent_group_id | fcbec411-99c5-4735-b418-aebd051746a5 | | port_range | 22:22 | | remote_security_group | | +-----------------------+--------------------------------------+ [root@controller ~]#
啟動一個實例
檢查網絡id
[root@controller ~]# neutron net-list +--------------------------------------+------+--------------------------------------------------+ | id | name | subnets | +--------------------------------------+------+--------------------------------------------------+ | 974bf2fb-90d6-499c-8157-971a09f46106 | ar | 74489b2a-755d-4f75-9c57-b9bda2d98eb6 10.0.0.0/24 | +--------------------------------------+------+--------------------------------------------------+
啟動實例
[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=974bf2fb-90d6-499c-8157-971a09f46106 --security-group default --key-name mykey ar
[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=974bf2fb-90d6-499c-8157-971a09f46106 --security-group default --key-name mykey ar +--------------------------------------+-----------------------------------------------+ | Field | Value | +--------------------------------------+-----------------------------------------------+ | OS-DCF:diskConfig | MANUAL | | OS-EXT-AZ:availability_zone | | | OS-EXT-SRV-ATTR:host | None | | OS-EXT-SRV-ATTR:hypervisor_hostname | None | | OS-EXT-SRV-ATTR:instance_name | instance-00000001 | | OS-EXT-STS:power_state | 0 | | OS-EXT-STS:task_state | scheduling | | OS-EXT-STS:vm_state | building | | OS-SRV-USG:launched_at | None | | OS-SRV-USG:terminated_at | None | | accessIPv4 | | | accessIPv6 | | | addresses | | | adminPass | Njw5ScVWj9mn | | config_drive | | | created | 2019-12-26T05:44:38Z | | flavor | m1.nano (0) | | hostId | | | id | 70217016-d9b9-4f28-8876-42af8a51c3d7 | | image | cirros (4492225b-eb11-4705-90dd-46c8e8cfe238) | | key_name | mykey | | name | ar | | os-extended-volumes:volumes_attached | [] | | progress | 0 | | project_id | 45f70e0011bb4c09985709c1a5dccd0d | | properties | | | security_groups | [{u'name': u'default'}] | | status | BUILD | | updated | 2019-12-26T05:44:39Z | | user_id | d1ec935819424b6db22198b528834b4e | +--------------------------------------+-----------------------------------------------+ [root@controller ~]#
啟動實例報錯 [root@controller nova]# nova list +--------------------------------------+------+--------+------------+-------------+----------+ | ID | Name | Status | Task State | Power State | Networks | +--------------------------------------+------+--------+------------+-------------+----------+ | 70217016-d9b9-4f28-8876-42af8a51c3d7 | ar | ERROR | - | NOSTATE | | +--------------------------------------+------+--------+------------+-------------+----------+
問題:
消息 No valid host was found. There are not enough hosts available. 編碼 500 詳情 File "/usr/lib/python2.7/site-packages/nova/conductor/manager.py", line 404, in build_instances context, request_spec, filter_properties) File "/usr/lib/python2.7/site-packages/nova/conductor/manager.py", line 448, in _schedule_instances hosts = self.scheduler_client.select_destinations(context, spec_obj) File "/usr/lib/python2.7/site-packages/nova/scheduler/utils.py", line 372, in wrapped return func(*args, **kwargs) File "/usr/lib/python2.7/site-packages/nova/scheduler/client/__init__.py", line 51, in select_destinations return self.queryclient.select_destinations(context, spec_obj) File "/usr/lib/python2.7/site-packages/nova/scheduler/client/__init__.py", line 37, in __run_method return getattr(self.instance, __name)(*args, **kwargs) File "/usr/lib/python2.7/site-packages/nova/scheduler/client/query.py", line 32, in select_destinations return self.scheduler_rpcapi.select_destinations(context, spec_obj) File "/usr/lib/python2.7/site-packages/nova/scheduler/rpcapi.py", line 121, in select_destinations return cctxt.call(ctxt, 'select_destinations', **msg_args) File "/usr/lib/python2.7/site-packages/oslo_messaging/rpc/client.py", line 158, in call retry=self.retry) File "/usr/lib/python2.7/site-packages/oslo_messaging/transport.py", line 90, in _send timeout=timeout, retry=retry) File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 470, in send retry=retry) File "/usr/lib/python2.7/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 461, in _send raise result
nova日志:
2019-12-30 10:37:08.006 7195 ERROR nova.compute.manager [req-909c7b7c-4986-496f-b8d6-e9f71adcb77d d1ec935819424b6db22198b528834b4e 45f70e0011bb4c09985709c1a5dccd0d - - -] Instance failed network setup after 1 attempt(s)
八、計算幾點擴容
1.克隆機器,配置網絡,修改主機名及主機hosts文件
[root@compute2 ~]# ifconfig ens33: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.0.0.32 netmask 255.255.255.0 broadcast 10.0.0.255 inet6 fe80::1534:7f05:3d6a:9287 prefixlen 64 scopeid 0x20<link> inet6 fe80::25e8:8754:cb81:68c8 prefixlen 64 scopeid 0x20<link> inet6 fe80::389d:e340:ea17:3a30 prefixlen 64 scopeid 0x20<link> ether 00:0c:29:0a:ba:2c txqueuelen 1000 (Ethernet) RX packets 154 bytes 14563 (14.2 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 173 bytes 24071 (23.5 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536 inet 127.0.0.1 netmask 255.0.0.0 inet6 ::1 prefixlen 128 scopeid 0x10<host> loop txqueuelen 1000 (Local Loopback) RX packets 4 bytes 272 (272.0 B) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 4 bytes 272 (272.0 B) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root@compute2 ~]# hostname compute2 [root@compute2 ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.11 controller 10.0.0.31 compute1 10.0.0.32 compute2 [root@compute2 ~]#
2.配置yum源
[root@compute2 opt]# scp -rp 10.0.0.31:/opt/openstack_rpm.tar.gz . [root@compute2 opt]# tar -xf openstack_rpm.tar.gz
[root@compute2 opt]# mount /dev/cdrom /mnt/ [root@compute2 opt]# scp -rp 10.0.0.31:/etc/yum.repos.d/local.repo /etc/yum.repos.d/
[root@compute2 ~]# echo 'mount /dev/cdrom /mnt' >>/etc/rc.local
[root@compute2 ~]# chmod +x /etc/rc.local
3.配置時間同步
[root@compute2 ~]# yum install -y chrony
配置並重啟服務
[root@compute2 ~]# vi /etc/chrony.conf # Use public servers from the pool.ntp.org project. # Please consider joining the pool (http://www.pool.ntp.org/join.html). server 10.0.0.11 iburst
關閉服務
關閉防火牆 [root@compute2 neutron]# systemctl disable firewalld 關閉selinux ###必須關閉,否則neutron-linuxbridge-agent.service無法啟動 [root@compute2 neutron]# sed -i 's/^SELINUX=.*/SELINUX=disabled/' /etc/selinux/config [root@compute2 neutron]# setenforce 0
4.安裝openstack客戶端和openstack-selinux
[root@compute2 ~]# yum install -y python-openstackclient.noarch
5.安裝nova-compute
[root@compute2 ~]# yum install -y openstack-nova-compute openstack-utils.noarch
配置
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.32 openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292 openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000 openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357 openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211 openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS openstack-config --set /etc/nova/nova.conf oslo_concurreny lock_path /var/lib/nova/tmp openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS openstack-config --set /etc/nova/nova.conf vnc enabled True openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0 openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip' openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696 openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357 openstack-config --set /etc/nova/nova.conf neutron auth_type password openstack-config --set /etc/nova/nova.conf neutron project_domain_name default openstack-config --set /etc/nova/nova.conf neutron user_domain_name default openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne openstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
6.安裝neutron-linuxbridge-agent
[root@compute2 ~]# yum install -y openstack-neutron-linuxbridge ebtables ipset -y
[root@compute2 ~]# cp /etc/neutron/neutron.conf{,.bak} [root@compute2 ~]# grep -Ev '^$|#' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PAS openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
[root@compute2 ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak} [root@compute2 ~]# grep -Ev '^[a-z\[]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33 openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enabe_vxlan False
7.啟動服務
[root@compute2 ~]# systemctl start libvirtd openstack-nova-compute neutron-linuxbridge-agent
到控制節點驗證服務
[root@controller ~]# nova service-list +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ | 1 | nova-conductor | controller | internal | enabled | up | 2020-01-02T02:14:54.000000 | - | | 2 | nova-consoleauth | controller | internal | enabled | up | 2020-01-02T02:14:54.000000 | - | | 3 | nova-scheduler | controller | internal | enabled | up | 2020-01-02T02:14:54.000000 | - | | 6 | nova-compute | compute1 | nova | enabled | up | 2020-01-02T02:14:57.000000 | - | | 7 | nova-compute | compute2 | nova | enabled | up | 2020-01-02T02:14:55.000000 | - | +----+------------------+------------+----------+---------+-------+----------------------------+-----------------+ [root@controller ~]# neutron agent-list +----------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | id | agent_type | host | availability_zone | alive | admin_state_up | binary | +----------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+ | 174e3d3d-abab- | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent | | 4f10-a0c7-95179a1eac2c | | | | | | | | 4393af99-20f9-4db2-a1b5-87 | Linux bridge agent | compute2 | | :-) | True | neutron-linuxbridge-agent | | 34803e46e9 | | | | | | | | 706bb03b-bb17-47e7-b650-75 | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent | | d518c1bfdf | | | | | | | | c9581486-ada1-425a- | Metadata agent | controller | | :-) | True | neutron-metadata-agent | | be85-1f44fbc6e5bc | | | | | | | | daae304c-b211-449c-9e5f- | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent | | 5b94ecc8e765 | | | | | | | +----------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
九,cinder 安裝及配置
(1)在控制節點執行安裝管理組件
1.創建數據庫並授權
CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'loalhost' IDENTIFIED BY 'CINDER_DBPASS'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'CINDER_DBPASS';
2.在keystone 上創建系統用戶並關聯角色
[root@controller ~]# openstack user create --domain default --password CINDER_PASS cinder
[root@controller ~]# openstack role add --project service --user cinder admin
[root@controller ~]# openstack user create --domain default --password CINDER_PASS cinder +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | 917bdd3127104dcebd75c613a13045a4 | | enabled | True | | id | b7817a23bc3945bb991ffa744c3698d2 | | name | cinder | +-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user cinder admin
3.在keystone創建服務,注冊api
openstack service create --name cinder --description "OpenStack Block Storage" volume openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
[root@controller ~]# openstack service create --name cinder --description "OpenStack Block Storage" volume +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Block Storage | | enabled | True | | id | c2e4aac098cc4197871fe4baec73c5cf | | name | cinder | | type | volume | +-------------+----------------------------------+ [root@controller ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2 +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Block Storage | | enabled | True | | id | 49e8cbb4ff8848aaad9ff4c367802b8a | | name | cinderv2 | | type | volumev2 | +-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s admin http://controller:8776/v1/%\(tenant_id\)s+--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 4aad90024ed54f9e8a321a1387a5d718 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | c2e4aac098cc4197871fe4baec73c5cf | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | a8c8d1a79a43469bb921774562c68f6c | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | c2e4aac098cc4197871fe4baec73c5cf | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 210897960a4a46b68baa8e3438545d1a | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | c2e4aac098cc4197871fe4baec73c5cf | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 38d1c767995a41d38d62d67a2dace19d | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 49e8cbb4ff8848aaad9ff4c367802b8a | | service_name | cinderv2 | | service_type | volumev2 | | url | http://controller:8776/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 40a199028925404ab128717794e9708b | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 49e8cbb4ff8848aaad9ff4c367802b8a | | service_name | cinderv2 | | service_type | volumev2 | | url | http://controller:8776/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 0b1f16407152495c9fd44b42a0335d21 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 49e8cbb4ff8848aaad9ff4c367802b8a | | service_name | cinderv2 | | service_type | volumev2 | | url | http://controller:8776/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
4安裝cinder軟件包
[root@controller ~]# yum install -y openstack-cinder
5.修改配置文件
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev '^$|#' /etc/cinder/cinder.conf.bak >/etc/cinder/cinder.conf
openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 10.0.0.11 openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://controller:5000 openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:35357 openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211 openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_name default openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_name default openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password CINDER_PASS openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host controller openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
6.同步數據庫
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
[root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder Option "logdir" from group "DEFAULT" is deprecated. Use option "log-dir" from group "DEFAULT". 2020-01-11 16:09:45.109 6959 WARNING py.warnings [-] /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:241: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported exception.NotSupportedWarning 2020-01-11 16:09:45.241 6959 INFO migrate.versioning.api [-] 0 -> 1... 2020-01-11 16:09:45.372 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.373 6959 INFO migrate.versioning.api [-] 1 -> 2... 2020-01-11 16:09:45.403 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.403 6959 INFO migrate.versioning.api [-] 2 -> 3... 2020-01-11 16:09:45.430 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.430 6959 INFO migrate.versioning.api [-] 3 -> 4... 2020-01-11 16:09:45.547 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.547 6959 INFO migrate.versioning.api [-] 4 -> 5... 2020-01-11 16:09:45.563 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.563 6959 INFO migrate.versioning.api [-] 5 -> 6... 2020-01-11 16:09:45.579 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.579 6959 INFO migrate.versioning.api [-] 6 -> 7... 2020-01-11 16:09:45.598 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.598 6959 INFO migrate.versioning.api [-] 7 -> 8... 2020-01-11 16:09:45.609 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.609 6959 INFO migrate.versioning.api [-] 8 -> 9... 2020-01-11 16:09:45.629 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.629 6959 INFO migrate.versioning.api [-] 9 -> 10... 2020-01-11 16:09:45.644 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.644 6959 INFO migrate.versioning.api [-] 10 -> 11... 2020-01-11 16:09:45.666 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.666 6959 INFO migrate.versioning.api [-] 11 -> 12... 2020-01-11 16:09:45.682 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.683 6959 INFO migrate.versioning.api [-] 12 -> 13... 2020-01-11 16:09:45.740 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.740 6959 INFO migrate.versioning.api [-] 13 -> 14... 2020-01-11 16:09:45.780 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.780 6959 INFO migrate.versioning.api [-] 14 -> 15... 2020-01-11 16:09:45.795 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.795 6959 INFO migrate.versioning.api [-] 15 -> 16... 2020-01-11 16:09:45.817 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.817 6959 INFO migrate.versioning.api [-] 16 -> 17... 2020-01-11 16:09:45.876 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.876 6959 INFO migrate.versioning.api [-] 17 -> 18... 2020-01-11 16:09:45.903 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.904 6959 INFO migrate.versioning.api [-] 18 -> 19... 2020-01-11 16:09:45.929 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.929 6959 INFO migrate.versioning.api [-] 19 -> 20... 2020-01-11 16:09:45.943 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.943 6959 INFO migrate.versioning.api [-] 20 -> 21... 2020-01-11 16:09:45.987 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:45.987 6959 INFO migrate.versioning.api [-] 21 -> 22... 2020-01-11 16:09:46.001 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.001 6959 INFO migrate.versioning.api [-] 22 -> 23... 2020-01-11 16:09:46.014 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.014 6959 INFO migrate.versioning.api [-] 23 -> 24... 2020-01-11 16:09:46.046 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.046 6959 INFO migrate.versioning.api [-] 24 -> 25... 2020-01-11 16:09:46.132 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.133 6959 INFO migrate.versioning.api [-] 25 -> 26... 2020-01-11 16:09:46.143 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.143 6959 INFO migrate.versioning.api [-] 26 -> 27... 2020-01-11 16:09:46.162 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.162 6959 INFO migrate.versioning.api [-] 27 -> 28... 2020-01-11 16:09:46.167 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.168 6959 INFO migrate.versioning.api [-] 28 -> 29... 2020-01-11 16:09:46.173 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.173 6959 INFO migrate.versioning.api [-] 29 -> 30... 2020-01-11 16:09:46.178 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.178 6959 INFO migrate.versioning.api [-] 30 -> 31... 2020-01-11 16:09:46.183 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.184 6959 INFO migrate.versioning.api [-] 31 -> 32... 2020-01-11 16:09:46.207 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.208 6959 INFO migrate.versioning.api [-] 32 -> 33... 2020-01-11 16:09:46.247 6959 WARNING py.warnings [-] /usr/lib64/python2.7/site-packages/sqlalchemy/sql/schema.py:2999: SAWarning: Table 'encryption' specifies columns 'volume_type_id' as primary_key=True, not matching locally specified columns 'encryption_id'; setting the current primary key columns to 'encryption_id'. This warning may become an exception in a future release ", ".join("'%s'" % c.name for c in self.columns) 2020-01-11 16:09:46.269 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.269 6959 INFO migrate.versioning.api [-] 33 -> 34... 2020-01-11 16:09:46.289 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.289 6959 INFO migrate.versioning.api [-] 34 -> 35... 2020-01-11 16:09:46.309 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.309 6959 INFO migrate.versioning.api [-] 35 -> 36... 2020-01-11 16:09:46.336 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.337 6959 INFO migrate.versioning.api [-] 36 -> 37... 2020-01-11 16:09:46.351 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.352 6959 INFO migrate.versioning.api [-] 37 -> 38... 2020-01-11 16:09:46.366 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.366 6959 INFO migrate.versioning.api [-] 38 -> 39... 2020-01-11 16:09:46.382 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.383 6959 INFO migrate.versioning.api [-] 39 -> 40... 2020-01-11 16:09:46.445 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.445 6959 INFO migrate.versioning.api [-] 40 -> 41... 2020-01-11 16:09:46.456 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.457 6959 INFO migrate.versioning.api [-] 41 -> 42... 2020-01-11 16:09:46.461 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.461 6959 INFO migrate.versioning.api [-] 42 -> 43... 2020-01-11 16:09:46.467 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.467 6959 INFO migrate.versioning.api [-] 43 -> 44... 2020-01-11 16:09:46.471 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.472 6959 INFO migrate.versioning.api [-] 44 -> 45... 2020-01-11 16:09:46.478 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.479 6959 INFO migrate.versioning.api [-] 45 -> 46... 2020-01-11 16:09:46.483 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.483 6959 INFO migrate.versioning.api [-] 46 -> 47... 2020-01-11 16:09:46.495 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.495 6959 INFO migrate.versioning.api [-] 47 -> 48... 2020-01-11 16:09:46.509 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.509 6959 INFO migrate.versioning.api [-] 48 -> 49... 2020-01-11 16:09:46.533 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.534 6959 INFO migrate.versioning.api [-] 49 -> 50... 2020-01-11 16:09:46.551 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.552 6959 INFO migrate.versioning.api [-] 50 -> 51... 2020-01-11 16:09:46.565 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.565 6959 INFO migrate.versioning.api [-] 51 -> 52... 2020-01-11 16:09:46.590 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.590 6959 INFO migrate.versioning.api [-] 52 -> 53... 2020-01-11 16:09:46.692 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.692 6959 INFO migrate.versioning.api [-] 53 -> 54... 2020-01-11 16:09:46.709 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.710 6959 INFO migrate.versioning.api [-] 54 -> 55... 2020-01-11 16:09:46.733 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.733 6959 INFO migrate.versioning.api [-] 55 -> 56... 2020-01-11 16:09:46.737 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.737 6959 INFO migrate.versioning.api [-] 56 -> 57... 2020-01-11 16:09:46.741 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.742 6959 INFO migrate.versioning.api [-] 57 -> 58... 2020-01-11 16:09:46.748 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.748 6959 INFO migrate.versioning.api [-] 58 -> 59... 2020-01-11 16:09:46.753 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.753 6959 INFO migrate.versioning.api [-] 59 -> 60... 2020-01-11 16:09:46.758 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.758 6959 INFO migrate.versioning.api [-] 60 -> 61... 2020-01-11 16:09:46.780 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.780 6959 INFO migrate.versioning.api [-] 61 -> 62... 2020-01-11 16:09:46.802 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.802 6959 INFO migrate.versioning.api [-] 62 -> 63... 2020-01-11 16:09:46.806 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.807 6959 INFO migrate.versioning.api [-] 63 -> 64... 2020-01-11 16:09:46.822 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.822 6959 INFO migrate.versioning.api [-] 64 -> 65... 2020-01-11 16:09:46.853 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.853 6959 INFO migrate.versioning.api [-] 65 -> 66... 2020-01-11 16:09:46.982 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.982 6959 INFO migrate.versioning.api [-] 66 -> 67... 2020-01-11 16:09:46.995 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:46.996 6959 INFO migrate.versioning.api [-] 67 -> 68... 2020-01-11 16:09:47.001 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:47.001 6959 INFO migrate.versioning.api [-] 68 -> 69... 2020-01-11 16:09:47.007 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:47.007 6959 INFO migrate.versioning.api [-] 69 -> 70... 2020-01-11 16:09:47.012 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:47.012 6959 INFO migrate.versioning.api [-] 70 -> 71... 2020-01-11 16:09:47.016 6959 INFO migrate.versioning.api [-] done 2020-01-11 16:09:47.016 6959 INFO migrate.versioning.api [-] 71 -> 72... 2020-01-11 16:09:47.021 6959 INFO migrate.versioning.api [-] done
7.編輯/etc/nova/nova.conf配置文件
openstack-config --set /etc/nova/nova.conf cinder os_rsgion_name RegionOne
重啟nova服務
[root@controller ~]# systemctl restart openstack-nova-api.service
8.啟動cinder 服務
[root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
[root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
驗證狀態
[root@controller ~]# cinder service-list +------------------+------------+------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+------------+------+---------+-------+----------------------------+-----------------+ | cinder-scheduler | controller | nova | enabled | up | 2020-01-11T08:19:36.000000 | - | +------------------+------------+------+---------+-------+----------------------------+-----------------+
(2)安裝存儲節點
本例將存儲節點同計算節點安裝在同一個機器上
1.先決條件,安裝lvm2並啟動
[root@compute2 ~]# yum install -y lvm2 [root@compute2 ~]# systemctl enable lvm2-lvmetad.service [root@compute2 ~]# systemctl start lvm2-lvmetad.service
2.為compute1添加兩塊硬盤,並使系統掃描,識別
[root@compute2 ~]# ll /sys/class/scsi_host/ total 0 lrwxrwxrwx 1 root root 0 Jan 11 14:47 host0 -> ../../devices/pci0000:00/0000:00:07.1/ata1/host0/scsi_host/host0 lrwxrwxrwx 1 root root 0 Jan 11 14:47 host1 -> ../../devices/pci0000:00/0000:00:07.1/ata2/host1/scsi_host/host1 lrwxrwxrwx 1 root root 0 Jan 11 14:47 host2 -> ../../devices/pci0000:00/0000:00:10.0/host2/scsi_host/host2 [root@compute2 ~]# echo "- - -" > /sys/class/scsi_host/host0/scan [root@compute2 ~]# echo "- - -" > /sys/class/scsi_host/host1/scan [root@compute2 ~]# echo "- - -" > /sys/class/scsi_host/host2/scan
3.創建PV和VG
[root@compute2 ~]# pvcreate /dev/sdb [root@compute2 ~]# pvcreate /dev/sdc [root@compute2 ~]# vgcreate cinder-ssd /dev/sdb [root@compute2 ~]# vgcreate cinder-sata /dev/sdc
[root@compute2 ~]# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created. [root@compute2 ~]# pvcreate /dev/sdc Physical volume "/dev/sdc" successfully created. [root@compute2 ~]# vgcreate cinder-ssd /dev/sdb Volume group "cinder-ssd" successfully created [root@compute2 ~]# vgcreate cinder-sata /dev/sdc Volume group "cinder-sata" successfully created [root@compute2 ~]#
4.修改lvm配置文件/etc/lvm/lvm.conf,在130行下面插入一行
filter = [ "a/sdb/", "a/sdc/","r/.*/" ]
5.配置完成之后,安裝在存儲節點安裝cinder軟件包
[root@compute2 ~]# cat /etc/cinder/cinder.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = 10.0.0.31 glance_api_servers = http://controller:9292 enabled_backends = ssd,sata [BACKEND] [BRCD_FABRIC_EXAMPLE] [CISCO_FABRIC_EXAMPLE] [COORDINATION] [FC-ZONE-MANAGER] [KEYMGR] [cors] [cors.subdomain] [database] connection = mysql+pymysql://cinder:CINDER_DBPASS@controller/cinder [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = cinder password = CINDER_PASS [matchmaker_redis] [oslo_concurrency] lock_path = /var/lib/cinder/tmp [oslo_messaging_amqp] [oslo_messaging_notifications] [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = RABBIT_PASS [oslo_middleware] [oslo_policy] [oslo_reports] [oslo_versionedobjects] [ssl] [ssd] volum_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-ssd iscsi_protocol = iscsi iscsi_helper = lioadm volume_backend_name =ssd [sata] volum_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-sata iscsi_protocol = iscsi iscsi_helper = lioadm volume_backend_name =sata
6.啟動服務
[root@compute2 ~]# systemctl enable openstack-cinder-volume.service target.service
[root@compute2 ~]# systemctl start openstack-cinder-volume.service target.service
7.控制節點查看服務狀態
[root@controller ~]# cinder service-list +------------------+---------------+------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+---------------+------+---------+-------+----------------------------+-----------------+ | cinder-scheduler | controller | nova | enabled | up | 2020-01-12T07:38:45.000000 | - | | cinder-volume | compute2@sata | nova | enabled | up | 2020-01-12T07:38:46.000000 | - | | cinder-volume | compute2@ssd | nova | enabled | up | 2020-01-12T07:38:46.000000 | - | +------------------+---------------+------+---------+-------+----------------------------+-----------------+
8.通過web創建測試卷
在配置lvm的計算節點上顯示lvm
[root@compute2 ~]# lvs WARNING: Device for PV rGMvFc-rXVA-mw7B-vy7k-Bb2G-heoa-bWyVrP not found or rejected by a filter. WARNING: Device for PV rGMvFc-rXVA-mw7B-vy7k-Bb2G-heoa-bWyVrP not found or rejected by a filter. Couldn't find device with uuid rGMvFc-rXVA-mw7B-vy7k-Bb2G-heoa-bWyVrP. WARNING: Couldn't find all devices for LV centos/swap while checking used and assumed devices. WARNING: Couldn't find all devices for LV centos/home while checking used and assumed devices. WARNING: Couldn't find all devices for LV centos/root while checking used and assumed devices. LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert home centos -wi-ao--p- <26.80g root centos -wi-ao--p- 50.00g swap centos -wi-ao--p- 2.00g volume-4568d9ed-bd5b-4746-a1c5-c6a6e76b6714 cinder-ssd -wi-a----- 2.00g volume-5cc415ac-6324-49d3-b9ae-c161d803a664 cinder-ssd -wi-a----- 3.00g
9.為了讓創建的卷可以根據需求自定義,要創建卷類型,是的創建的卷可以根據自己的需求創建在自己想創建的卷上
在web頁面管理員-卷-卷類型
再次創建卷
查看存儲節點上的邏輯卷
[root@compute2 ~]# lvs WARNING: Device for PV rGMvFc-rXVA-mw7B-vy7k-Bb2G-heoa-bWyVrP not found or rejected by a filter. WARNING: Device for PV rGMvFc-rXVA-mw7B-vy7k-Bb2G-heoa-bWyVrP not found or rejected by a filter. Couldn't find device with uuid rGMvFc-rXVA-mw7B-vy7k-Bb2G-heoa-bWyVrP. WARNING: Couldn't find all devices for LV centos/swap while checking used and assumed devices. WARNING: Couldn't find all devices for LV centos/home while checking used and assumed devices. WARNING: Couldn't find all devices for LV centos/root while checking used and assumed devices. LV VG Attr LSize Pool Origin Data% Meta% Move Log Cpy%Sync Convert home centos -wi-ao--p- <26.80g root centos -wi-ao--p- 50.00g swap centos -wi-ao--p- 2.00g volume-c521fd62-b564-4149-9454-73477b52f96f cinder-sata -wi-a----- 1.00g volume-36e22c79-e0d5-4c84-b0a6-85caa944685e cinder-ssd -wi-a----- 2.00g
將卷連接到實例
十、增加flat網絡
在虛機上增加網卡,設置為lan分段
1.編輯網絡配置
[root@controller network-scripts]# cat ifcfg-ens37 TYPE=Ethernet BOOTPROTO=none NAME=ens37 DEVICE=ens37 ONBOOT=yes IPADDR=172.16.0.11 NETMASK=255.255.255.0
注意: 配置網絡網卡后不要重啟網絡,會影響到其他網卡的運行,而是單獨重啟新增的網卡 [root@controller network-scripts]# ifdown ens37 [root@controller network-scripts]# ifup ens37
2.修改網絡配置
控制節點
a.文件/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# vi /etc/neutron/plugins/ml2/ml2_conf.ini ... [ml2_type_flat] flat_networks = provider,net172_16_0 ...
b.文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini ... [linux_bridge] physical_interface_mappings = provider:ens33,net172_16_0:ens37 ...
修改以上倆個配置文件后重啟neutron-server 和 neutron-linuxbridge-agent服務
[root@controller ~]# systemctl restart neutron-server.service neutron-linuxbridge-agent.service
計算節點
修改文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge] ... physical_interface_mappings = provider:ens33,net172_16_0:ens37 ...
重啟 neutron-linuxbridge-agent服務
[root@compute2 ~]# systemctl restart neutron-linuxbridge-agent.service
其他計算節點同樣修改
3.創建新網絡
創建網絡
[root@controller ~]# neutron net-create --shared --provider:physical_network net172_16_0 --provider:network_type flat net172_16_x
[root@controller ~]# neutron net-create --shared --provider:physical_network net172_16_0 --provider:network_type flat net172_16_x Created a new network: +---------------------------+--------------------------------------+ | Field | Value | +---------------------------+--------------------------------------+ | admin_state_up | True | | availability_zone_hints | | | availability_zones | | | created_at | 2020-01-13T03:12:36 | | description | | | id | 87c526e6-8b10-4d97-9877-e3b16da806f8 | | ipv4_address_scope | | | ipv6_address_scope | | | mtu | 1500 | | name | net172_16_x | | port_security_enabled | True | | provider:network_type | flat | | provider:physical_network | net172_16_0 | | provider:segmentation_id | | | router:external | False | | shared | True | | status | ACTIVE | | subnets | | | tags | | | tenant_id | e31a1b3d60ce47a8922f74a39c29f44e | | updated_at | 2020-01-13T03:12:36 | +---------------------------+--------------------------------------+
創建網絡子網
neutron subnet-create --name net172_16_0 \ --allocation-pool start=172.16.0.101,end=172.16.0.250 \ --dns-nameserver 114.114.114.114 --gateway 172.16.0.2 \ net172_16_x 172.16.0.0/24
[root@controller ~]# neutron subnet-create --name net172_16_0 \ > --allocation-pool start=172.16.0.101,end=172.16.0.250 \ > --dns-nameserver 114.114.114.114 --gateway 172.16.0.2 \ > net172_16_x 172.16.0.0/24 Created a new subnet: +-------------------+--------------------------------------------------+ | Field | Value | +-------------------+--------------------------------------------------+ | allocation_pools | {"start": "172.16.0.101", "end": "172.16.0.250"} | | cidr | 172.16.0.0/24 | | created_at | 2020-01-13T03:19:51 | | description | | | dns_nameservers | 114.114.114.114 | | enable_dhcp | True | | gateway_ip | 172.16.0.2 | | host_routes | | | id | 40828b6e-bf33-48ef-8266-8f6e80833419 | | ip_version | 4 | | ipv6_address_mode | | | ipv6_ra_mode | | | name | net172_16_0 | | network_id | 87c526e6-8b10-4d97-9877-e3b16da806f8 | | subnetpool_id | | | tenant_id | e31a1b3d60ce47a8922f74a39c29f44e | | updated_at | 2020-01-13T03:19:51 | +-------------------+--------------------------------------------------+ [root@controller ~]#
十一、cinder-volume連接后端存儲
1安裝nfs
本例將nfs 服務安裝在10.0.0.32上
[root@compute3 ~]# yum install -y nfs-utils
修改配置文件
[root@compute3 ~]# cat /etc/exports /data 10.0.0.0/24(rw,async,no_root_squash,no_all_squash) 172.160.0.0/24(ro)
創建目錄
[root@compute3 ~]# mkdir /data
啟動服務
[root@compute3 ~]# systemctl start rpcbind [root@compute3 ~]# systemctl start nfs
[root@compute3 ~]# systemctl enable rpcbind
[root@compute3 ~]# systemctl enable nfs
在其他節點查看顯示出nfs的輸出列表
[root@compute2 ~]# showmount -e 172.16.0.32 Export list for 172.16.0.32: /data 172.160.0.0/24,10.0.0.0/24
到此nfs 配置完成
2.cinder對接nfs
在存儲節點配置
修改/etc/cinder/cinder.conf
[root@compute2 ~]# vi /etc/cinder/cinder.conf [DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = 10.0.0.31 glance_api_servers = http://controller:9292 enabled_backends = ssd,sata,nfs [nfs] volume_driver = cinder.volume.drivers.nfs.NfsDriver nfs_shares_config = /etc/cinder/nfs_shares volume_backend_name = nfs
手動創建/etc/cinder/nfs_shares掛載配置文件
[root@compute2 ~]# vi /etc/cinder/nfs_shares 10.0.0.32:/data
重啟openstack-cinder-volume服務
[root@compute2 ~]# systemctl restart openstack-cinder-volume.service
到控制節點檢查服務是否多出nfs服務
[root@controller ~]# cinder service-list +------------------+---------------+------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+---------------+------+---------+-------+----------------------------+-----------------+ | cinder-scheduler | controller | nova | enabled | up | 2020-01-13T06:42:41.000000 | - | | cinder-volume | compute2@nfs | nova | enabled | up | 2020-01-13T06:42:46.000000 | - | | cinder-volume | compute2@sata | nova | enabled | up | 2020-01-13T06:42:45.000000 | - | | cinder-volume | compute2@ssd | nova | enabled | up | 2020-01-13T06:42:45.000000 | - | +------------------+---------------+------+---------+-------+----------------------------+-----------------+
3.通過web 增加卷類型,配置鍵值
十二、配置三層網絡
1.刪除平台所有實例
2.為每個節點的虛擬機增加網卡配置lan分段 172.16.1.0/24網段
配置新增網卡的配置文件,計算幾點同樣配置
[root@controller network-scripts]# cp ifcfg-ens33 ifcfg-ens38 [root@controller network-scripts]# vi ifcfg-ens38 [root@controller network-scripts]# cat ifcfg-ens38 TYPE=Ethernet BOOTPROTO=none NAME=ens38 DEVICE=ens38 ONBOOT=yes IPADDR=172.16.1.11 NETMASK=255.255.255.
3.修改控制節點配置文件
a.修改/etc/neutron/neutron.conf配置文件
[DEFAULT]
core_plugin = ml2
service_plugins =
修改成
[DEFAULT] core_plugin = ml2 service_plugins = router allow_overlapping_ips = True
b.修改/etc/neutron/plugins/ml2/ml2_conf.ini 文件
[ml2] type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
修改成:
[ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population
增加配置
[ml2_type_vxlan] vni_ranges = 1:1000000
c.修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[vxlan]
enable_vxlan = False
修改成
[vxlan] enable_vxlan = True local_ip = 172.16.1.11 l2_population = True
d.修改/etc/neutron/l3_agent.ini文件,默認中增加如下配置
[DEFAULT] interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver external_network_bridge =
重啟服務,並啟動neutron-l3-agent服務
systemctl restart neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
啟動neutron-l3-agent 服務
systemctl start neutron-l3-agent.service
systemctl enable neutron-l3-agent.service
4.修改計算節點配置文件
修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[vxlan]
enable_vxlan = False
修改成
[vxlan] enable_vxlan = True local_ip = 172.16.1.31 l2_population = True
重啟服務
systemctl restart neutron-linuxbridge-agent.service
其他計算節點同樣修改配置,注意更換管道ip
5.將管理員網絡中編輯10.0.0.線段,將其變成外部網絡
6.創建網路
7.開啟web 路由器功能
編輯配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_NEUTRON_NETWORK = { 'enable_router': True, ...
重啟httpd服務
systemctl restart hettpd
刷新dasboard 頁面
8.創建路由器,必須選擇一個外部網絡
此時在網絡拓撲的位置有一個路由器連接在外部網絡,點擊路由器添加接口
啟動實例,測試私有網絡
進入控制台
私有地址網絡,可以通過路由訪問外網
設置讓外部網絡訪問該內部網絡的機器
此時通過xshell連接工具連接該地址即可登陸訪問該內部網絡的虛機