一摘要
OpenStack系統(tǒng)由幾個(gè)分別安裝的關(guān)鍵服務(wù)組成。這些服務(wù)根據(jù)您的云需求一起工作榔袋,并包括計(jì)算周拐,身份,網(wǎng)絡(luò)凰兑,圖像妥粟,數(shù)據(jù)塊存儲(chǔ),對(duì)象存儲(chǔ)吏够,遙測(cè)勾给,協(xié)調(diào)和數(shù)據(jù)庫服務(wù)滩报。您可以單獨(dú)安裝這些項(xiàng)目中的任何一個(gè),并將其配置為獨(dú)立或連接實(shí)體
二:開始
OpenStack項(xiàng)目是面向所有類型云的開源云計(jì)算平臺(tái)播急,旨在實(shí)現(xiàn)簡單脓钾,可擴(kuò)展性強(qiáng),功能豐富桩警。來自世界各地的開發(fā)人員和云計(jì)算技術(shù)專家創(chuàng)建OpenStack項(xiàng)目可训。
三: 概覽
四:安裝前實(shí)驗(yàn)環(huán)境搭建
網(wǎng)絡(luò)配置見官網(wǎng)
搭建計(jì)劃
按照官方文檔的第一種網(wǎng)絡(luò)架構(gòu)搭建一個(gè)用于學(xué)習(xí)的open stack開發(fā)環(huán)境,網(wǎng)絡(luò)的ip配置和該網(wǎng)頁所顯示的配置相同捶枢,搭建有兩個(gè)節(jié)點(diǎn)的測(cè)試環(huán)境握截,一個(gè)節(jié)點(diǎn)為controller節(jié)點(diǎn),另一個(gè)節(jié)點(diǎn)為compute1節(jié)點(diǎn)烂叔。
環(huán)境
vmware虛擬機(jī)
centos7-minmal
內(nèi)存大于8G
==下面有些值為tian的是密碼谨胞,需要根據(jù)情況替換==
準(zhǔn)備(控制節(jié)點(diǎn)和計(jì)算節(jié)點(diǎn))
安裝centos系統(tǒng),安裝系統(tǒng)的時(shí)候控制節(jié)點(diǎn)安和計(jì)算節(jié)點(diǎn)各添加兩塊網(wǎng)卡蒜鸡。
關(guān)系防火墻firedwall和selinux
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall開機(jī)啟動(dòng)
firewall-cmd --state #查看默認(rèn)防火墻狀態(tài)(關(guān)閉后顯示notrunning胯努,開啟后顯示running)
[root@dev-server ~] # getenforce #驗(yàn)證防火墻是否關(guān)閉
Disabled
[root@dev-server ~] # /usr/sbin/sestatus -v
SELinux status: disabled
vi /etc/selinux/config # 將SELINUX=enforcing改為SELINUX=disabled ,設(shè)置后需要重啟才能生效
2.修改時(shí)區(qū)為上海
cp /usr/share/zoneinfo/Asia/Shanghai /etc/localtime(直接覆蓋)
3.修改主機(jī)名 vi /etc/hostname 加入主機(jī)名即可
主機(jī)名分別為 controller network compute1
4.修改ip信息和網(wǎng)絡(luò)地址(網(wǎng)卡設(shè)置詳見鏈接)
controller : 2張網(wǎng)卡
compute :2張網(wǎng)卡
unnumberd ip如下配置:
vim /etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
靜態(tài)ip如下配置:
vim /etc/sysconfig/network-scripts/ifcfg-INTERFACE_NAME
DEVICE=INTERFACE_NAME
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="static"
IPADDR=10.10.10.11
GATEWAY=10.10.0.2
NETMASK=255.255.255.0
DNS1=144.144.144.144
vim /etc/hosts
# controller
10.0.0.11 controller
# compute1
10.0.0.31 compute1
5.安裝時(shí)間服務(wù)器
yum install chrony -y
vim /etc/chrony.conf
server controller iburst
server ntp1.aliyun.com iburst # 添加時(shí)間服務(wù)器术瓮,使用國內(nèi)的時(shí)間服務(wù)器(并刪除原來的)
allow 10.0.0.0/24
systemctl enable chronyd.service (重啟并添加開機(jī)啟動(dòng))
systemctl start chronyd.service
驗(yàn)證準(zhǔn)備是否成功
計(jì)算節(jié)點(diǎn)
ping controller
ping www.baidu.com
控制節(jié)點(diǎn)
ping compute1
ping www.baidu.com
- 安裝open stack包(pike)
yum install centos-release-openstack-pike
yum upgrade
yum install python-openstackclient
yum install openstack-selinux
- 安裝數(shù)據(jù)庫(只在控制節(jié)點(diǎn))
yum install mariadb mariadb-server python2-PyMySQL
vim /etc/my.cnf.d/openstack.cnf (需要?jiǎng)?chuàng)建)
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb.service # 重啟服務(wù)并添加開機(jī)啟動(dòng)
systemctl start mariadb.service
mysql_secure_installation # 執(zhí)行安全設(shè)置
- 安裝消息隊(duì)列
安裝 rabbitmq康聂, 端口 5672,添加 OpenStack 用戶
yum install rabbitmq-server
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack tian
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
9. 安裝緩存
yum install memcached python-memcached
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
systemctl enable memcached.service
systemctl start memcached.service
10 etcd是否安裝似乎對(duì)測(cè)試環(huán)境沒有影響胞四,所以我也沒裝
安裝配置認(rèn)證服務(wù)keystone(最先安裝)控制節(jié)點(diǎn)(操作前先創(chuàng)建快照)
- 為keystone配置數(shù)據(jù)庫
mysql -u root -p
創(chuàng)建keystone數(shù)據(jù)庫
CREATE DATABASE keystone ;
為keystone授權(quán)
-GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'tian' ;
-GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'tian' ;
2 .安裝keystone
keystone 服務(wù)監(jiān)聽5000 和35357
安裝keystone相關(guān)軟件包
yum install openstack-keystone httpd mod_wsgi
- 修改keystone 配置keystone.conf
vim /etc/keystone/keystone.conf
修改[database]部分恬汁,配置數(shù)據(jù)庫的鏈接
[database]
connection = mysql+pymysql://keystone:tian@controller/keystone
[token]
provider = fernet
為keystone數(shù)據(jù)庫填充數(shù)據(jù)
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet密鑰庫
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引導(dǎo)身份服務(wù)(坑3,老版本和新版本的端口號(hào)碼不一樣)(注意下面要修改密碼)
keystone-manage bootstrap --bootstrap-password tian \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
- 配置Apache HTTP server
vim /etc/apache2/apache2.conf 配置ServerName為控制節(jié)點(diǎn)
加入
ServerName controller
創(chuàng)建一個(gè)指向/usr/share/keystone/wsgi-keystone.conf文件的鏈接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
重啟 HTTP服務(wù)器
systemctl enable httpd.service
systemctl start httpd.service
設(shè)置用戶環(huán)境變量
export OS_USERNAME=admin
export OS_PASSWORD=tian (修改密碼)
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
- 創(chuàng)建一個(gè)域辜伟、項(xiàng)目氓侧、用戶和角色。
openstack project create --domain default \
--description "Service Project" service
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
openstack role create user
openstack role add --project demo --user demo user
- 驗(yàn)證安裝(需要去官網(wǎng)看輸出是否類似导狡,類似則安裝成功)
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
7.創(chuàng)建OpenStack客戶端環(huán)境腳本约巷。
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=tian
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=tian
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
. admin-openrc
openstack token issue
安裝鏡像服務(wù)image(最先安裝)控制節(jié)點(diǎn)(操作前先創(chuàng)建快照)
- 安裝和配置
- 創(chuàng)建數(shù)據(jù)庫,服務(wù)憑據(jù)和API端點(diǎn)
mysql
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'tian';
. admin-openrc
- 創(chuàng)建服務(wù)憑證
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
- 安裝配置組件
yum install openstack-glance
編輯/etc/glance/glance-api.conf文件并完成以下操作
vim /etc/glance/glance-api.conf
在 [database] 部分旱捧,配置數(shù)據(jù)庫訪問
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
在 [keystone_authtoken] 和 [paste_deploy] 部分独郎,配置認(rèn)證服務(wù)訪問
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = tian
[paste_deploy]
# ...
flavor = keystone
在 [glance_store] 部分,配置本地文件系統(tǒng)存儲(chǔ)和鏡像文件位置
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
vim /etc/glance/glance-registry.conf
在 [database] 部分枚赡,配置數(shù)據(jù)庫訪問
[database]
# ...
connection = mysql+pymysql://glance:tian@controller/glance
在 [keystone_authtoken] 和 [paste_deploy] 部分氓癌,配置認(rèn)證服務(wù)訪問
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = tian
[paste_deploy]
flavor = keystone
鏡像服務(wù)數(shù)據(jù)庫同步
su -s /bin/sh -c "glance-manage db_sync" glance
重啟鏡像服務(wù):
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
驗(yàn)證安裝
. admin-openrc
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
openstack image list
2 驗(yàn)證是否安裝成功
. admin-openrc
下載源鏡像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
使用 QCOW2 磁盤格式, bare容器格式上傳鏡像到鏡像服務(wù)并設(shè)置公共可見贫橙,這樣所有的項(xiàng)目都可以訪問它
openstack image create "cirros" \
--file cirros-0.3.5-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
確認(rèn)鏡像的上傳并驗(yàn)證屬性
openstack image list
安裝計(jì)算服務(wù)
1.概覽
OpenStack計(jì)算組件請(qǐng)求OpenStack Identity服務(wù)進(jìn)行認(rèn)證贪婉;請(qǐng)求OpenStack Image服務(wù)提供磁盤鏡像;為OpenStack dashboard提供用戶與管理員接口卢肃。磁盤鏡像訪問限制在項(xiàng)目與用戶上疲迂;配額以每個(gè)項(xiàng)目進(jìn)行設(shè)定(例如才顿,每個(gè)項(xiàng)目下可以創(chuàng)建多少實(shí)例)。OpenStack組件可以在標(biāo)準(zhǔn)硬件上水平大規(guī)模擴(kuò)展尤蒿,并且下載磁盤鏡像啟動(dòng)虛擬機(jī)實(shí)例郑气。
OpenStack計(jì)算服務(wù)由下列組件所構(gòu)成
-
nova-api服務(wù)接收和響應(yīng)來自最終用戶的計(jì)算API請(qǐng)求。此服務(wù)支持OpenStack計(jì)算服務(wù)API优质,Amazon EC2 API竣贪,以及特殊的管理API用于賦予用戶做一些管理的操作。它會(huì)強(qiáng)制實(shí)施一些規(guī)則巩螃,發(fā)起多數(shù)的編排活動(dòng)演怎,例如運(yùn)行一個(gè)實(shí)例份名。
-
nova-compute服務(wù)接受來自虛擬機(jī)發(fā)送的元數(shù)據(jù)請(qǐng)求糊渊。
nova-api-metadata服務(wù)一般在安裝nova-network服務(wù)的多主機(jī)模式下使用 -
nova-scheduler服務(wù)
一個(gè)持續(xù)工作的守護(hù)進(jìn)程,通過Hypervior的API來創(chuàng)建和銷毀虛擬機(jī)實(shí)例焙贷。例如:XenServer/XCP 的 XenAPI KVM 或 QEMU 的 libvirt VMware 的 VMwareAPI 最為基本的拍皮,守護(hù)進(jìn)程同意了來自隊(duì)列的動(dòng)作請(qǐng)求歹叮,轉(zhuǎn)換為一系列的系統(tǒng)命令如啟動(dòng)一個(gè)KVM實(shí)例,然后铆帽,到數(shù)據(jù)庫中更新它的狀態(tài)咆耿。 -
nova-conductor模塊拿到一個(gè)來自隊(duì)列請(qǐng)求虛擬機(jī)實(shí)例,然后決定那臺(tái)計(jì)算服務(wù)器主機(jī)來運(yùn)行它
-
nova-cert模塊媒介作用于
nova-compute服務(wù)與數(shù)據(jù)庫之間爹橱。它排除了由nova-compute服務(wù)對(duì)云數(shù)據(jù)庫的直接訪問萨螺。nova-conductor模塊可以水平擴(kuò)展。但是愧驱,不要將它部署在運(yùn)行nova-compute服務(wù)的主機(jī)節(jié)點(diǎn)上 -
nova-network worker守護(hù)進(jìn)程服務(wù)器守護(hù)進(jìn)程向Nova Cert服務(wù)提供X509證書慰技。用來為
euca-bundle-image生成證書。僅僅是在EC2 API的請(qǐng)求中使用 -
nova-consoleauth守護(hù)進(jìn)程與
nova-compute服務(wù)類似组砚,從隊(duì)列中接受網(wǎng)絡(luò)任務(wù)吻商,并且操作網(wǎng)絡(luò)。執(zhí)行任務(wù)例如創(chuàng)建橋接的接口或者改變IPtables的規(guī)則糟红。 nova-novncproxy守護(hù)進(jìn)程
-
nova-spicehtml5proxy守護(hù)進(jìn)程 -
nova-xvpvncproxy守護(hù)進(jìn)程 -
nova-cert守護(hù)進(jìn)程
控制節(jié)點(diǎn)安裝
- 安裝并配置控制節(jié)點(diǎn)
創(chuàng)鍵數(shù)據(jù)庫
mysql
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'tian';
創(chuàng)建服務(wù)實(shí)體艾帐,服務(wù)api端點(diǎn)
. admin-openrc
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova \
--description "OpenStack Compute" compute
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
安裝并配置組件
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api
編輯nova配置文件
vim /etc/nova/nova.conf
[api_database]
# ...
connection = mysql+pymysql://nova:tian@controller/nova_api
[database]
# ...
connection = mysql+pymysql://nova:tian@controller/nova
[DEFAULT]
# ...
transport_url = rabbit://openstack:tian@controller
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = tian
[DEFAULT]
# ...
my_ip = 10.0.0.11
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
# ...
api_servers = http://controller:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = tian
vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
systemctl restart httpd
填充數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
nova-manage cell_v2 list_cells
重啟所有服務(wù)
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
計(jì)算節(jié)點(diǎn)
安裝和配置組件
# yum install openstack-nova-compute
編輯nova配置文件
vim /etc/nova/nova.conf
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:tian@controller
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = tian
[DEFAULT]
# ...
my_ip = 10.10.0.31
(將其中的 MANAGEMENT_INTERFACE_IP_ADDRESS 替換為計(jì)算節(jié)點(diǎn)上的管理網(wǎng)絡(luò)接口的IP 地址,例如 :ref:`example architecture <overview-example-architectures>`中所示的第一個(gè)節(jié)點(diǎn) 10.0.0.31 盆偿。)
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
# ...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
...
api_servers = http://controller:9292
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:35357/v3
username = placement
password = tian
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
egrep -c '(vmx|svm)' /proc/cpuinfo
(不支持硬件加速deep情況下需要加入該選項(xiàng),執(zhí)行上面的命令返回值為0則不支持柒爸,其他值為支持)
vim /etc/nova/nova-compute.conf
[libvirt]
...
virt_type = qemu
重啟服務(wù)
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
控制節(jié)點(diǎn)
在控制節(jié)點(diǎn)添加cell數(shù)據(jù)庫
. admin-openrc
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
當(dāng)添加新的計(jì)算節(jié)點(diǎn)時(shí),必須在控制器節(jié)點(diǎn)上運(yùn)行以注冊(cè)這些新的計(jì)算節(jié)點(diǎn)陈肛。或者兄裂,可以在以下位置設(shè)置適當(dāng)?shù)拈g隔 :nova-manage cell_v2 discover_hosts/etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 300
驗(yàn)證操作
. admin-openrc
openstack compute service list
openstack catalog list
nova-status upgrade check
neutron
控制節(jié)點(diǎn)
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'tian';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'tian';
. admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
配置網(wǎng)絡(luò)節(jié)點(diǎn)(使用網(wǎng)絡(luò)選項(xiàng)一句旱,詳見官方文檔)
安裝包
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
編輯neutron配置文件
vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:tian@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:tian@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = tian
[nova]
# ...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = tian
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
配置ML2層插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[securitygroup]
# ...
enable_ipset = true
配置Linux網(wǎng)橋agent
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33(需要替換為自己的網(wǎng)卡名)
[vxlan]
enable_vxlan = false
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置DHCP agent
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
繼續(xù)配置控制節(jié)點(diǎn)
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = tian
vim /etc/nova/nova.conf
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = tian
service_metadata_proxy = true
metadata_proxy_shared_secret = tian
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
dashboard
yum install openstack-dashboard
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
systemctl restart httpd.service memcached.service
驗(yàn)證安裝
訪問:http://controller/dashboard
使用 admin 用戶 user 和 default domain 驗(yàn)證阳藻,密碼是你在配置時(shí)設(shè)置的密碼
