本文轉載自: https://www.93bok.com
Openstack概述
OpenStack是一個NASA美國國家航空航天局和Rackspace合作研發的,以Apache講可證授權,並且是一個自由軟件和開放源代碼項目。
Open是開放,Stack 則是堆砌之意,合起來就是將眾多的功能服務堆積起來的集合,讓人們通過 Openstack 雲計算項目,能夠將諸如計算能力、存儲、網絡和軟件等資源抽象成服務,以便讓用戶可以通 過互聯網遠程來享用,付費的形式也變得因需而定,調整方便,擁有極強的虛擬可擴展性,是公共和私有雲的建設與管理軟件中的優秀開源項目。
Openstack作用
OpenStack是一個雲平台管理的項目,它不是一個軟件。這個項目由幾個主要的組件組合起來完成一些具體的工作。
OpenStack是一個旨在為公共及私有雲的建設與管理提供軟件的開源項目。它的社區擁有超過130家企業及1350位開發者,這些機構與個人都將OpenStack作為基礎設施即服務(簡稱IaaS)資源的通用前端。
IAAS、PAAS、SAAS概述
1、IaaS(Infrastructure as a Service),基礎設施即服務。
消費者通過 Internet 可以從完善的計算機基礎設施獲得服務。這類服務稱為基礎設施即服務。基於 Internet 的服務(如存儲和數據庫)是 IaaS的一部分。 比如:在騰訊雲上買一台於主機(8個CPU,32G,5T硬盤於主機等)
2、PaaS是Platform-as-a-Service的縮寫,開發平台即服務。 把服務器平台作為一種服務提 供的商業模式。
3、SaaS是Software-as-a-Service的縮寫,軟件即服務。
Openstack版本命名規則
1、Openstack版本發布以 A-Z 字母順序來發布,很好記。
例:
2010年10月 發布‘Austin’
2011年2月 發布‘Bexar’
2011年4月 發布‘Cactus’
2011年7月 發布‘Diablo’
2012年4月 發布‘Essex’
2012年10月 發布‘Folsom’
2013年4月 發布‘Grizzly’
2013年10月 發布 Havana
2014年4月 發布‘Icehouse’
2、查看一下現在的最新版本
https://releases.openstack.org/
顯而易見,現在最新的版本是Queens,而Rocky預計會在2018-08-30發布
Openstack各組件關系
1、Openstack核心組件主要有
Keystone(身份認證)
Nova(計算)
Neutron(網絡)
Glance(鏡像存儲)
Cinder(塊存儲)
Swift(對象存儲)
Horizon(web UI 界面)
Ceilometer(計量)
Heat(部署編排)
Trove(數據庫)
Keystone(身份認證):
統一的授權、認證管理。所有組件都依賴於 Keystone提供 3A(Account, Authentication, Authorization)服務。
3A認證:
1、認證(Authentication),驗證用戶的身份不可使用的網絡服務;
2、授權(Authorization):依據認證結果開放網絡服務給用戶;
3、計帳(Accounting):記錄用戶對各種網絡服務的用量,並提供給計費系統。整個系統在網絡管理與安全問題中十分有效。
比如:寬帶收費就是3A認證的典型例子:輸入帳號密碼(認證)=> 開10M帶寬(授權)=> 在營業廳(計帳)
Nova(計算):
Nova是OpenStack 雲中的計算組織控制器。Nova自身並沒有提供任何虛擬化能力,相反它使用libvirt API 來與被支持的虛擬技術Hypervisors交互。如:kvm、Xen、VMware 等虛擬化技術。
Neutron(網絡):
實現虛擬機的網絡資源管理如網絡連接、ip管理、公網映射
Glance(鏡像存儲):
主要存儲和管理系統鏡像。
Cinder(塊存儲):
為虛擬機提供存儲空間。比如硬盤,分區,目前支持ip-san、fc-san等。
Swift(對象存儲):
OpenStack Swift 開源項目提供了彈性可伸縮、高可用的分布式對象存儲服務,適合存儲大規模非結構化數據。通過key/value的方式實現對文件的存儲,現在的雲盤就是這樣的,和 MFS, HDFS類似。 注:如果客戶需要一個1000T的存儲空間,使用Cinder或Glance就不行,效率太低。這時就用Swift。
** Horizon(web UI 界面):**
安裝好后,openstack的web界面控制台DashBoard
Ceilometer(計量):
Ceilometer是OpenStack中的一個子項目,它像一個漏斗一樣,能把 OpenStack內部發生的幾乎所有的事件都收集起來,然后為計費和監控以及其它服務提供數據支撐。
Heat(部署編排):
是一個編排引擎,它可以基於文本文件形式的模板啟動多個復合雲應用程序(這些文件可以被視為代碼)。簡單來說,Heat為OpenStack 用戶提供了一種自動創建雲組件(如網絡、實例、存儲設備等)的方法。
Trove(數據庫):
為關系型數據庫和非關系型數據庫引擎提供可擴展的和可靠的雲數據庫服務,並繼續改進其功能齊全、可擴展的開源框架。
Openstack項目相關資源獲取
http://www.openstack.org
https://github.com/openstack
http://docs.openstack.org
http://www.openstack.cn
Openstack-Queens詳細安裝教程
一、實驗環境
操作系統 IP地址 內存 內核 主機名
Centos7.4 minimal 64位系統 192.168.1.92 6G 4核 node1
Centos7.4 minimal 64位系統 192.168.1.94 6G 4核 node2
二、增加域名解析(控制和計算節點)
vim /etc/hosts
192.168.1.92 node1
192.168.1.94 node2
scp /etc/hosts 192.168.1.94:/etc/hosts
三、關閉firewalld和selinux(控制和計算節點)
systemctl stop firewalld
systemctl disable firewalld vim /etc/sysconfig/selinux SELINUX=disabled 最好是reboot一次才生效
四、准備yum源(控制和計算節點)
如果是使用系統默認的yum源,是無法安裝openstack的,這里需要修改一些參數,在本文中教大家怎么制作一個openstack的本地yum源,然后往后就直接本地安裝openstack就行了,不需要聯網才能安裝
1、修改yum源
cd /etc/yum.repos.d/ mv * /opt/ mv /opt/CentOS-Base.repo /etc/yum.repos.d/ vim CentOS-Base.repo [base]
name=CentOS-$releasever - Base #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=os&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/os/$basearch/ baseurl=http://vault.centos.org/7.4.1708/os/x86_64/ gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #released updates [updates] name=CentOS-$releasever - Updates #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=updates&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/updates/$basearch/ baseurl=http://vault.centos.org/7.4.1708/updates/x86_64/ gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that may be useful [extras] name=CentOS-$releasever - Extras #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=extras&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/extras/$basearch/ baseurl=http://vault.centos.org/7.4.1708/extras/x86_64/ gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 #additional packages that extend functionality of existing packages [centosplus] name=CentOS-$releasever - Plus #mirrorlist=http://mirrorlist.centos.org/?release=$releasever&arch=$basearch&repo=centosplus&infra=$infra #baseurl=http://mirror.centos.org/centos/$releasever/centosplus/$basearch/ baseurl=http://vault.centos.org/7.4.1708/centosplus/x86_64/ gpgcheck=0 enabled=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7 2、修改yum配置文件
vim /etc/yum.conf
keepcache=1
五、安裝chrony服務
1、控制節點安裝
yum clean all
yum -y install chrony
vim /etc/chrony.conf(添加)
server node1 iburst
allow 192.168.0.0./24
systemctl start chronyd
systemctl enable chronyd 2、計算節點安裝
yum clean all
yum -y install chrony
vim /etc/chrony.conf(添加)
server node1 iburst
systemctl start chronyd
systemctl enable chronyd 六、安裝openstack客戶端(控制和計算節點)
yum -y install centos-release-openstack-queens
1、修改yum源(否則無法繼續下一步安裝,會報錯)
vim /etc/yum.repos.d/CentOS-Ceph-Luminous.repo(修改紅色部分)
[centos-ceph-luminous]
name=CentOS-$releasever - Ceph Luminous #baseurl=http://mirror.centos.org/centos/$releasever/storage/$basearch/ceph-luminous/ baseurl=http://vault.centos.org/7.4.1708/storage/x86_64/ceph-luminous/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo(修改紅色部分)
[centos-openstack-queens]
name=CentOS-7 - OpenStack queens
#baseurl=http://mirror.centos.org/centos/7/cloud/$basearch/openstack-queens/ baseurl=http://vault.centos.org/7.4.1708/cloud/x86_64/openstack-queens/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud exclude=sip,PyQt4 vim /etc/yum.repos.d/CentOS-QEMU-EV.repo(修改紅色部分)
[centos-qemu-ev]
name=CentOS-$releasever - QEMU EV #baseurl=http://mirror.centos.org/centos/$releasever/virt/$basearch/kvm-common/ baseurl=http://vault.centos.org/7.4.1708/virt/x86_64/kvm-common/ gpgcheck=0 enabled=1 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization 2、安裝openstack客戶端
yum -y install python-openstackclient
3、安裝openstack-selinux
yum -y install openstack-selinux
七、安裝數據庫(控制節點)
yum -y install mariadb mariadb-server python2-PyMySQL
1、創建並編輯配置文件
vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.1.92
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
2、啟動並開機自啟
systemctl start mariadb
systemctl enable mariadb 3、為數據庫設置密碼(我設置的123456)
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): #直接回車 OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y New password: #設置密碼123456 Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] y ... Success! By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB! 八、安裝消息隊列(控制節點)
yum -y install rabbitmq-server
1、啟動並開機自啟
systemctl start rabbitmq-server
systemctl enable rabbitmq-server 2、創建用戶和密碼
rabbitmqctl add_user openstack openstack
Creating user "openstack" ... 3、授權
rabbitmqctl set_permissions -p / openstack '.*' '.*' '.*' Setting permissions for user "openstack" in vhost "/" ... 4、設置角色
rabbitmqctl set_user_tags openstack administrator
Setting tags for user "openstack" to [administrator] ... 5、啟用web插件
rabbitmq-plugins enable rabbitmq_management The following plugins have been enabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applying plugin configuration to rabbit@node1... started 6 plugins. 6、訪問RabbitMQ(使用openstack用戶)
http://192.168.1.92:15672
九、安裝memcached服務(控制節點)
yum -y install memcached python-memcached
1、修改配置文件
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,node1" 2、啟動並開機自啟
systemctl start memcached
systemctl enable memcached 十、安裝etcd服務(控制節點)
yum -y install etcd
1、修改配置文件
vim /etc/etcd/etcd.conf
#[Member] #ETCD_CORS="" ETCD_DATA_DIR="/var/lib/etcd/default.etcd" #ETCD_WAL_DIR="" ETCD_LISTEN_PEER_URLS="http://localhost:2380" ETCD_LISTEN_CLIENT_URLS="http://localhost:2379" #ETCD_MAX_SNAPSHOTS="5" #ETCD_MAX_WALS="5" ETCD_NAME="node1" #ETCD_SNAPSHOT_COUNT="100000" #ETCD_HEARTBEAT_INTERVAL="100" #ETCD_ELECTION_TIMEOUT="1000" #ETCD_QUOTA_BACKEND_BYTES="0" #ETCD_MAX_REQUEST_BYTES="1572864" #ETCD_GRPC_KEEPALIVE_MIN_TIME="5s" #ETCD_GRPC_KEEPALIVE_INTERVAL="2h0m0s" #ETCD_GRPC_KEEPALIVE_TIMEOUT="20s" # #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://localhost:2380" ETCD_ADVERTISE_CLIENT_URLS="http://localhost:2379" #ETCD_DISCOVERY="" #ETCD_DISCOVERY_FALLBACK="proxy" #ETCD_DISCOVERY_PROXY="" #ETCD_DISCOVERY_SRV="" ETCD_INITIAL_CLUSTER="default=http://localhost:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new" #ETCD_STRICT_RECONFIG_CHECK="true" #ETCD_ENABLE_V2="true" 2、啟動並開機自啟
systemctl start etcd
systemctl enable etcd 十一、安裝keystone認證服務(控制節點)
1、創建並設置keystone的數據庫
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456'; 2、安裝keystone服務
yum -y install openstack-keystone httpd mod_wsgi
3、修改配置文件
vim /etc/keystone/keystone.conf
……
[database]
connection = mysql+pymysql://keystone:123456@node1/keystone
……
[token]
provider = fernet
……
4、導入keystone數據庫表結構
su -s /bin/sh -c "keystone-manage db_sync" keystone 5、初始化
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6、引導認證服務
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://node1:35357/v3/ --bootstrap-internal-url http://node1:5000/v3/ --bootstrap-public-url http://node1:5000/v3/ --bootstrap-region-id RegionOne
7、配置apache服務
vim /etc/httpd/conf/httpd.conf
ServerName node1
8、創建配置文件鏈接文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
9、啟動並開機自啟
systemctl start httpd
systemctl enable httpd 10、創建相關域、項目、用戶和角色
1)先導入管理員環境變量信息
export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://node1:35357/v3 export OS_IDENTITY_API_VERSION=3 2)創建名為example的域
openstack domain create --description "An Example Domain" example +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | An Example Domain | | enabled | True | | id | 557282312d1a4c0183eb145fb897c99f | | name | example | | tags | [] | +-------------+----------------------------------+ 3)創建名為service的項目
openstack project create --domain default --description "Service Project" service +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Service Project | | domain_id | default | | enabled | True | | id | 289d416dbeca43eeb3b0cc573f9a764a | | is_domain | False | | name | service | | parent_id | default | | tags | [] | +-------------+----------------------------------+ 4)創建名為demo的項目
openstack project create --domain default --description "Demo Project" demo +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Demo Project | | domain_id | default | | enabled | True | | id | dfd4939227d544e3b022e22b91bf585a | | is_domain | False | | name | demo | | parent_id | default | | tags | [] | +-------------+----------------------------------+ 5)創建名為demo的用戶(為了統一,密碼我設置為123456)
openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 822527c63e6740d49d136a63af470bf8 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
6)創建名為user的角色
openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | e3a7a7a689534a90aa48cf7e6c506ed4 |
| name | user |
+-----------+----------------------------------+
7)把demo用戶添加到user角色
openstack role add --project demo --user demo user
11、驗證
1)解除環境變量的設置
unset OS_AUTH_URL OS_PASSWORD 2)使用admin用戶請求token(這里需要輸入admin用戶的密碼,我剛剛設置的是123456)
openstack --os-auth-url http://node1:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
3)使用demo用戶請求token(這里需要輸入demo用戶的密碼,我剛剛設置的是123456)
openstack --os-auth-url http://node1:35357/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
12、創建環境變量腳本
1)創建admin用戶的環境變量腳本
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=123456 export OS_AUTH_URL=http://node1:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 2)創建demo用戶的環境變量腳本
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=123456 export OS_AUTH_URL=http://node1:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 3)驗證腳本的效果
. admin-openrc
openstack token issue
. demo-openrc openstack token issue 
十二、安裝glance鏡像服務(控制節點)
1、創建並設置glance的數據庫
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456'; 2、創建glance鏡像服務的keystone相關認證信息
1)設置admin用戶的環境變量
. admin-openrc
2)創建glance用戶(密碼我設置的123456)
openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 736c8a2d11e04d13aad667a4f5987d1c |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3)將glance用戶加入service項目,並設置為amdin角色
openstack role add --project service --user glance admin
4)創建名為glance的服務
openstack service create --name glance --description "OpenStack Image" image +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Image | | enabled | True | | id | 785ad98df075454186c64765d1decb40 | | name | glance | | type | image | +-------------+----------------------------------+ 5)創建鏡像的api端口
openstack endpoint create --region RegionOne image public http://node1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 7c0b5905329749a5af75994ac467b2b9 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 785ad98df075454186c64765d1decb40 |
| service_name | glance |
| service_type | image |
| url | http://node1:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne image internal http://node1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d70646b73bfb42b79303407c7f70e0bf |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 785ad98df075454186c64765d1decb40 |
| service_name | glance |
| service_type | image |
| url | http://node1:9292 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne image admin http://node1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f53c25dc10a9494cb0fd215d2e227b55 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 785ad98df075454186c64765d1decb40 |
| service_name | glance |
| service_type | image |
| url | http://node1:9292 |
+--------------+----------------------------------+
3、安裝glance服務
yum -y install openstack-glance
4、修改配置文件
vim /etc/glance/glance-api.conf
……
[database]
connection = mysql+pymysql://glance:123456@node1/glance
……
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:5000
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
……
[paste_deploy]
flavor = keystone
……
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
……
5、修改配置文件
vim /etc/glance/glance-registry.conf
……
[database]
connection = mysql+pymysql://glance:123456@node1/glance
……
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:5000
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
……
[paste_deploy]
flavor = keystone
……
6、同步數據庫
su -s /bin/sh -c "glance-manage db_sync" glance /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1334: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01 INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: queens_expand01, current revision(s): queens_expand01 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database migration is up to date. No migration needed. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Upgraded database to: queens_contract01, current revision(s): queens_contract01 INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. Database is synced successfully. 7、啟動並設置開機自啟
systemctl start openstack-glance-api
systemctl start openstack-glance-registry
systemctl enable openstack-glance-api systemctl enable openstack-glance-registry 8、驗證
1)設置admin用戶的環境變量
. admin-openrc
2)下載鏡像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
--2018-05-30 16:32:45-- http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
Resolving download.cirros-cloud.net (download.cirros-cloud.net)... 64.90.42.85, 2607:f298:6:a036::bd6:a72a
Connecting to download.cirros-cloud.net (download.cirros-cloud.net)|64.90.42.85|:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 13267968 (13M) [text/plain]
Saving to: ‘cirros-0.3.5-x86_64-disk.img’
100%[=======================================================================================>] 13,267,968 244KB/s in 2m 24s 2018-05-30 16:35:15 (90.1 KB/s) - ‘cirros-0.3.5-x86_64-disk.img’ saved [13267968/13267968] 3)查看下載的鏡像
[root@node1 ~]# ls admin-openrc anaconda-ks.cfg cirros-0.3.5-x86_64-disk.img demo-openrc 4)上傳鏡像
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container-format bare --public +------------------+------------------------------------------------------+ | Field | Value | +------------------+------------------------------------------------------+ | checksum | f8ab98ff5e73ebab884d80c9dc9c7290 | | container_format | bare | | created_at | 2018-05-30T08:42:38Z | | disk_format | qcow2 | | file | /v2/images/794a74e7-eb18-4fe3-a439-6cae05330da0/file | | id | 794a74e7-eb18-4fe3-a439-6cae05330da0 | | min_disk | 0 | | min_ram | 0 | | name | cirros | | owner | 1d78b2e29c9e4263923e9798f7d3ceb7 | | protected | False | | schema | /v2/schemas/image | | size | 13267968 | | status | active | | tags | | | updated_at | 2018-05-30T08:42:38Z | | virtual_size | None | | visibility | public | +------------------+------------------------------------------------------+ 5)確認鏡像是否成功上傳
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 794a74e7-eb18-4fe3-a439-6cae05330da0 | cirros | active |
+--------------------------------------+--------+--------+
十三、安裝nova計算服務(控制節點)
1、創建並設置nova的數據庫
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456'; 2、創建nova計算服務的keystone相關認證信息
1)設置admin用戶的環境變量
. admin-openrc
2)創建nova用戶(密碼我設置的123456)
openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1076752a5c954cc4937c2f5c56733ee0 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3)將nova用戶加入service項目,並設置為amdin角色
openstack role add --project service --user nova admin
4)創建名為nova的服務
openstack service create --name nova --description "OpenStack Compute" compute +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Compute | | enabled | True | | id | 41f44bbc86ba470d9070d4f8a7c1cfec | | name | nova | | type | compute | +-------------+----------------------------------+ 5)創建nova計算的api端口
openstack endpoint create --region RegionOne compute public http://node1:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | aba33ce6684a46f0802ffae556f527e4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41f44bbc86ba470d9070d4f8a7c1cfec |
| service_name | nova |
| service_type | compute |
| url | http://node1:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute internal http://node1:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4e6a3a6d4c6c450f9a2a693980f95f48 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41f44bbc86ba470d9070d4f8a7c1cfec |
| service_name | nova |
| service_type | compute |
| url | http://node1:8774/v2.1 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne compute admin http://node1:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ff4dacb37aa245b5a633c7678046a68a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 41f44bbc86ba470d9070d4f8a7c1cfec |
| service_name | nova |
| service_type | compute |
| url | http://node1:8774/v2.1 |
+--------------+----------------------------------+
3、創建placement服務的keystone相關認證信息
1)設置admin用戶的環境變量
. admin-openrc
2)創建placement用戶(密碼我設置的123456)
openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | ea8973e3fd19462b9890d9ad4bb29e28 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3)將placement用戶加入service項目,並設置為amdin角色
openstack role add --project service --user placement admin
4)創建名為placement的服務
openstack service create --name placement --description "Placement API" placement +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | Placement API | | enabled | True | | id | bf8279eace1b4255b364fd566ba7c44d | | name | placement | | type | placement | +-------------+----------------------------------+ 5)創建placement的api端口
openstack endpoint create --region RegionOne placement public http://node1:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 754dd52b2d3f4b728b60cac9934269a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | bf8279eace1b4255b364fd566ba7c44d |
| service_name | placement |
| service_type | placement |
| url | http://node1:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement internal http://node1:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 64c388a5b9d747b28a5d88946529776b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | bf8279eace1b4255b364fd566ba7c44d |
| service_name | placement |
| service_type | placement |
| url | http://node1:8778 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne placement admin http://node1:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d68789f711a948b6ab796e8f5b8b956f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | bf8279eace1b4255b364fd566ba7c44d |
| service_name | placement |
| service_type | placement |
| url | http://node1:8778 |
+--------------+----------------------------------+
4、安裝nova服務
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
5、修改配置文件
vim /etc/nova/nova.conf
……
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@node1
my_ip = 192.168.1.92
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
……
[api_database]
connection = mysql+pymysql://nova:123456@node1/nova_api
……
[database]
connection = mysql+pymysql://nova:123456@node1/nova
……
[api]
auth_strategy = keystone
……
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:35357
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456
……
[vnc]
enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip …… [glance] api_servers = http://node1:9292 …… [oslo_concurrency] lock_path = /var/lib/nova/tmp …… [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://node1:35357/v3 username = placement password = 123456 …… 6、因為軟件包的bug,修改配置文件添加以下內容
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
7、重啟httpd服務
systemctl restart httpd
8、同步數據庫
su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova 
su -s /bin/sh -c "nova-manage db sync" nova /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported exception.NotSupportedWarning /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.') result = self._query(query) /usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.') result = self._query(query) 9、驗證cell0和cell1是否成功注冊
nova-manage cell_v2 list_cells
10、啟動並開機自啟
systemctl start openstack-nova-api
systemctl start openstack-nova-consoleauth
systemctl start openstack-nova-scheduler
systemctl start openstack-nova-conductor
systemctl start openstack-nova-novncproxy
systemctl enable openstack-nova-api systemctl enable openstack-nova-consoleauth systemctl enable openstack-nova-scheduler systemctl enable openstack-nova-conductor systemctl enable openstack-nova-novncproxy 十四、安裝nova計算服務(計算節點)
1、安裝計算節點nova服務
yum -y install openstack-nova-compute
2、修改配置文件
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@node1
my_ip = 192.168.1.94
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
……
[api]
auth_strategy = keystone
……
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:35357
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456
……
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip novncproxy_base_url = http://192.168.1.92:6080/vnc_auto.html …… [glance] api_servers = http://node1:9292 …… [oslo_concurrency] lock_path = /var/lib/nova/tmp …… [placement] os_region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://node1:35357/v3 username = placement password = 123456 …… 3、檢查計算節點是否支持硬件虛擬化
egrep -c '(vmx|svm)' /proc/cpuinfo 4 4、啟動並開機自啟
systemctl start libvirtd
systemctl start openstack-nova-compute
systemctl enable libvirtd systemctl enable openstack-nova-compute 十五、向cell數據庫添加計算節點(控制節點)
1、設置admin用戶環境變量
. admin-openrc
2、查看計算節點的信息是否已經在數據庫中
openstack compute service list --service nova-compute
+----+--------------+-------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+-------+------+---------+-------+----------------------------+
| 7 | nova-compute | node2 | nova | enabled | up | 2018-05-30T10:00:20.000000 |
+----+--------------+-------+------+---------+-------+----------------------------+
3、發現計算節點
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported exception.NotSupportedWarning Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell1': 91edca88-9633-443e-a73e-6c098e271366 Checking host mapping for compute host 'node2': d7ad2bf3-9dc6-4bff-be8e-68fc4052c719 Creating host mapping for compute host 'node2': d7ad2bf3-9dc6-4bff-be8e-68fc4052c719 Found 1 unmapped computes in cell: 91edca88-9633-443e-a73e-6c098e271366 4、驗證
1)設置admin用戶環境變量
. admin-openrc
2)列出計算服務的運行狀態
openstack compute service list
+----+------------------+-------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+-------+----------+---------+-------+----------------------------+
| 4 | nova-consoleauth | node1 | internal | enabled | up | 2018-05-30T10:04:14.000000 |
| 5 | nova-scheduler | node1 | internal | enabled | up | 2018-05-30T10:04:14.000000 |
| 6 | nova-conductor | node1 | internal | enabled | up | 2018-05-30T10:04:16.000000 |
| 7 | nova-compute | node2 | nova | enabled | up | 2018-05-30T10:04:20.000000 |
+----+------------------+-------+----------+---------+-------+----------------------------+
3)列出認證服務的端口
openstack catalog list
+-----------+-----------+------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+------------------------------------+
| keystone | identity | RegionOne |
| | | public: http://node1:5000/v3/ |
| | | RegionOne |
| | | internal: http://node1:5000/v3/ |
| | | RegionOne |
| | | admin: http://node1:35357/v3/ |
| | | |
| nova | compute | RegionOne |
| | | internal: http://node1:8774/v2.1 |
| | | RegionOne |
| | | public: http://node1:8774/v2.1 |
| | | RegionOne |
| | | admin: http://node1:8774/v2.1 |
| | | |
| glance | image | RegionOne |
| | | public: http://node1:9292 |
| | | RegionOne |
| | | internal: http://node1:9292 |
| | | RegionOne |
| | | admin: http://node1:9292 |
| | | |
| placement | placement | RegionOne |
| | | internal: http://node1:8778 |
| | | RegionOne |
| | | public: http://node1:8778 |
| | | RegionOne |
| | | admin: http://node1:8778 |
| | | |
+-----------+-----------+------------------------------------+
4)列出鏡像信息,確認能訪問鏡像服務
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 794a74e7-eb18-4fe3-a439-6cae05330da0 | cirros | active |
+--------------------------------------+--------+--------+
5)確認cells和placement的api成功運行
nova-status upgrade check
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported exception.NotSupportedWarning Option "os_region_name" from group "placement" is deprecated. Use option "region-name" from group "placement". +---------------------------+ | Upgrade Check Results | +---------------------------+ | Check: Cells v2 | | Result: Success | | Details: None | +---------------------------+ | Check: Placement API | | Result: Success | | Details: None | +---------------------------+ | Check: Resource Providers | | Result: Success | | Details: None | +---------------------------+ 十六、安裝neutron網絡服務(控制節點)
1、創建並設置neutron的數據庫
mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456'; MariaDB [(none)]>GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456'; 2、創建neutron網絡服務的keystone相關認證信息
1)設置admin用戶的環境變量
. admin-openrc
2)創建neutron用戶(密碼我設置的123456)
openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 01832b87e7e44c21941e5e5292f83c69 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
3)將neutron用戶加入service項目,並設置為amdin角色
openstack role add --project service --user neutron admin
4)創建名為neutron的服務
openstack service create --name neutron --description "OpenStack Networking" network +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Networking | | enabled | True | | id | 777fe19fd71d4caa91adb43878b23513 | | name | neutron | | type | network | +-------------+----------------------------------+ 5)將網絡服務端口信息注冊到認證服務(neutron網絡服務的api端口)
openstack endpoint create --region RegionOne network public http://node1:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a307e8dd18d3475f88a7cdf4252532b0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 777fe19fd71d4caa91adb43878b23513 |
| service_name | neutron |
| service_type | network |
| url | http://node1:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network internal http://node1:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 56b4e025b7e9430e845266fdf6c3cd1e |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 777fe19fd71d4caa91adb43878b23513 |
| service_name | neutron |
| service_type | network |
| url | http://node1:9696 |
+--------------+----------------------------------+
openstack endpoint create --region RegionOne network admin http://node1:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 65bed127dd8d477e8c0d378ccc7ab996 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 777fe19fd71d4caa91adb43878b23513 |
| service_name | neutron |
| service_type | network |
| url | http://node1:9696 |
+--------------+----------------------------------+
3、安裝neutron服務(采用self-service network的方式部署網絡)
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
4、修改配置文件
vim /etc/neutron/neutron.conf
……
[database]
connection = mysql+pymysql://neutron:123456@node1/neutron
……
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true transport_url = rabbit://openstack:openstack@node1 auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true …… [keystone_authtoken] auth_uri = http://node1:5000 auth_url = http://node1:35357 memcached_servers = node1:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = neutron password = 123456 …… [nova] auth_url = http://node1:35357 auth_type = password project_domain_name = Default user_domain_name = Default region_name = RegionOne project_name = service username = nova password = 123456 …… [oslo_concurrency] lock_path = /var/lib/neutron/tmp …… 5、修改配置文件配置二層插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
……
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
……
[ml2_type_flat]
flat_networks = provider
……
[ml2_type_vxlan]
vni_ranges = 1:1000
……
[securitygroup]
enable_ipset = true …… 6、修改配置文件配置linux bridge插件
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
……
[linux_bridge]
physical_interface_mappings = provider:ens33 ##第二張網卡名稱 …… [vxlan] enable_vxlan = true local_ip = 192.168.1.92 l2_population = true …… [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver …… 7、修改以下文件
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
8、載入br_netfilter模塊
modprobe br_netfilter
9、從配置文件加載內核參數
sysctl –p
net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 10、修改配置文件配置三層插件
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
11、修改配置文件配置dhcp插件
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true 12、修改配置文件配置metadata插件
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = node1
metadata_proxy_shared_secret = 123456
13、修改配置文件配置計算服務使用網絡服務
vim /etc/nova/nova.conf
……
[neutron]
url = http://node1:9696
auth_url = http://node1:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true metadata_proxy_shared_secret = 123456 …… 14、創建鏈接文件
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
15、導入數據庫結構
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Running upgrade for neutron ... INFO [alembic.runtime.migration] Context impl MySQLImpl. INFO [alembic.runtime.migration] Will assume non-transactional DDL. INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d, Add availability zone INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a, add is_default to subnetpool INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25, Add standard attribute table INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee, Add network availability zone INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9, Add router availability zone INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4, Add ip_version to AddressScope INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664, Add tables and attributes to support external DNS integration INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5, add_unique_ha_router_agent_port_bindings INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f, Auto Allocated Topology - aka Get-Me-A-Network INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821, add dynamic routing model data INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4, add_bgp_dragent_model_data INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81, rbac_qos_policy INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6, Add resource_versions row to agent table INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532, tag support INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f, add_timestamp_to_base_resources INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a, Add desc to standard attr table INFO [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b, qos dscp db addition INFO [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73, Add support for VLAN trunking INFO [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502, Add device_id index to Port INFO [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee, provisioning_blocks.py INFO [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048, add revisions table INFO [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4, add dns name to portdnses INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule. INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada, network_rbac INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal INFO [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c, Drop embrane plugin table INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39, standardattributes migration INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b, DVR sheduling refactoring INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050, Drop NEC plugin tables INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9, rbac_qos_policy INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada, network_rbac_external INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc, standard_desc INFO [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53, device_owner_ha_replicate_int INFO [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70, Rename ml2_network_segments table INFO [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37, Add flavor_id to Router INFO [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa, uniq_routerports0port_id INFO [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf, Add support for Subnet Service Types INFO [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4, add_qos_minimum_bandwidth_rules INFO [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e, add standardattr to qos policies INFO [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90, Add segment_id to subnet INFO [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4, Add segment_host_mapping table. INFO [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426, Rename ml2_dvr_port_bindings INFO [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524, Remove mtu column from networks. INFO [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc, uniq_floatingips0floating_network_id0fixed_port_id0fixed_ip_addr INFO [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d, Add ip_allocation to port INFO [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70, add_pk_version_table INFO [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c, extend_pk_with_host_and_add_status_to_ml2_port_binding INFO [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c, Add data_plane_status to Port INFO [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da, qos add direction to bw_limit_rule table INFO [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192, add is default to qos policies INFO [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9, logging api INFO [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6, Add dns_domain to portdnses INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges. OK 16、重啟計算服務
systemctl restart openstack-nova-api
17、啟動網絡服務並開機自啟
systemctl start neutron-server
systemctl start neutron-linuxbridge-agent
systemctl start neutron-dhcp-agent
systemctl start neutron-metadata-agent
systemctl start neutron-l3-agent
systemctl enable neutron-server systemctl enable neutron-linuxbridge-agent systemctl enable neutron-dhcp-agent systemctl enable neutron-metadata-agent systemctl enable neutron-l3-agent 十七、安裝neutron網絡服務(計算節點)
1、安裝軟件包
yum -y install openstack-neutron-linuxbridge ebtables ipset
2、修改配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:openstack@node1
auth_strategy = keystone
……
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:35357
memcached_servers = node1:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456
……
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
……
3、修改配置文件
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
…… [linux_bridge] physical_interface_mappings = provider:ens33 ##第二張網卡名稱 …… [vxlan] enable_vxlan = true local_ip = 192.168.1.94 l2_population = true …… [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver …… 4、修改以下文件
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
5、載入br_netfilter模塊
modprobe br_netfilter
6、從配置文件加載內核參數
sysctl –p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
7、配置計算服務使用網絡服務
vim /etc/nova/nova.conf
……
[neutron]
url = http://node1:9696
auth_url = http://node1:35357
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
……
8、重啟計算服務
systemctl restart openstack-nova-compute
9、啟動網路服務並開機自啟
systemctl start neutron-linuxbridge-agent
systemctl enable neutron-linuxbridge-agent 10、驗證(控制節點)
1)設置admin用戶環境變量
. admin-openrc
2)執行命令驗證是否成功啟動neutron-server(內容太多我就不完全截圖了)
openstack extension list --network
3)列出插件,驗證網絡插件是否成功啟動
openstack network agent list
十八、安裝horizon界面服務(控制節點)
1、安裝服務
yum -y install openstack-dashboard
2、編輯配置文件
vim /etc/openstack-dashboard/local_settings
……
OPENSTACK_HOST = "node1" ##配置界面在控制節點使用 …… ALLOWED_HOSTS = ['*'] ##允許所有主機訪問 …… SESSION_ENGINE = 'django.contrib.sessions.backends.cache' ##配置memcached存儲服務 …… CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'node1:11211', }, } …… OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST ##啟動v3的認證api …… OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True ##啟用domain支持 …… OPENSTACK_API_VERSIONS = { ##配置api版本 "data-processing": 1.1, "identity": 3, "image": 2, "volume": 2, "compute": 2, } …… OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' ##配置Default為默認域 OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" ##配置user角色為默認角色 TIME_ZONE = "Asia/Shanghai" ##配置時區 3、重啟httpd和memcached服務(控制節點)
systemctl restart httpd systemctl restart memcached 4、驗證(得等一會等服務起來了再訪問,否則無法訪問到頁面)
http:// 192.168.1.92/dashboard
創建安裝openstack-queens的本地yum源
1、控制節點
yum -y install createrepo
mkdir -p /mnt/openstack-queens-packages
cd /var/cache/yum/x86_64/7/ find ./* -name "*.rpm" -exec cp {} /mnt/openstack-queens-packages/ \; 2、計算節點
mkdir -p /mnt/openstack-queens-packages
cd /var/cache/yum/x86_64/7/ find ./* -name "*.rpm" -exec cp {} /mnt/openstack-queens-packages/ \; scp /mnt/openstack-queens-packages/* 192.168.1.92:/mnt/ 3、到控制節點上把所有的rpm包都放到一起
cd /mnt/ mv -f *.rpm openstack-queens-packages/ 4、創建yum源
cd /mnt/openstack-queens-packages/ createrepo ./ ls repodata/ 3886991bc70f1cfd55c6ae93848dc2c742faa87235cb046c4ba5f0a904621175-other.xml.gz
5b30f7b1336e7263a472f8dcf35ea0291c7b44cbceb900aefd167871b1a79895-primary.xml.gz
79dc4f64e75b04469b8b3cf73d9d8d868488a8812c298842fa29d5d17d45a68d-filelists.sqlite.bz2
b09465d254b0b50e8219b2de1378fddc13e49955293a6fe053a1df22562942fc-other.sqlite.bz2
d345ae675f39814467b495667ce575a5ce70062dfdbf74a78e2a2d6038fa2ca9-filelists.xml.gz
d3f1e0ba5f26e675d01c8dc713d25dfe7773d73f8a1401af1dadfae4f3c7c742-primary.sqlite.bz2
repomd.xml
5、打包
cd /mnt/ tar -zcvf openstack-queens-packages.tar.gz openstack-queens-packages/ 6、把tar.gz包下載到本地保存起來,下次裝openstack就可以不用聯網安裝了
7、接下來說一說怎么使用本地yum源安裝openstack
1)把tar.gz包上傳到服務器/root/openstack-queens-packages.tar.gz的目錄下
2)解壓
tar -zxvf openstack-queens-packages.tar.gz
3)配置yum源
cd /etc/yum.repos.d/ mv CentOS-* /opt/ vim openstack-queens.repo [openstack-queens-packages]
name=openstack-queens-packages
baseurl=file:///root/openstack-queens-packages
gpgcheck=0
enable=1