openstack部署安装
OpenStack实战准备环境
controller 10.0.0.11
compute1 10.0.0.31
常用服务端口
mariadb:3306
memcached:11211
消息队列:5672和25672
时间同步:123和323
keystone:5000和35357
glance:9191和9292
nova:6080,novncproxy:8774,nova-api:8775
yum源配置
cd /etc/yum.repos.d/
ls
mkdir qiangge
mv *.repo qiangge
ls
echo '
name=openstack
baseurl=http://192.168.21.92/repo/
gpgcheck=0
name=local
baseurl=http://192.168.21.92/local/
gpgcheck=0' >openstack.repo
yum clean all
yum makecache
时间同步
controller上面配置一个时间服务器,上游时间,ntp3.aliyun.com
allow:10/8
compute1与controller同步 上游时间:controller
在所有节点安装chrony服务
yum install chrony -y
controller上
编辑/etc/chrony.conf文件修改内容如下
修改一:第3行: server ntp3.aliyun.com iburst
修改二:第22行:allow 10/8
启动chronyd
systemctl restart chronyd
systemctl enable chronyd
compute1
编辑/etc/chrony.conf文件修改内容如下
修改一:第3行:server controller iburst
启动chronyd
systemctl restart chronyd
systemctl enable chronyd
安装openstack包
生产环境(安装yum仓库)
yum -y install centos-release-openstack-mitaka
注意:本次实战(自检yum源)
安装 OpenStack 客户端:
yum install python-openstackclient -y
yum install openstack-selinux -y
安装mariadb数据库
cotroller节点上
安装mariadb数据库
yum install mariadb mariadb-server python2-PyMySQL
编辑 /etc/my.cnf.d/openstack.cnf
...
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8'
启动mariadb
systemctl enable mariadb.service
systemctl start mariadb.service
为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码
mysql_secure_installation
安装消息队列
controller节点
安装rabbitmq消息队列
yum install rabbitmq-server
启动消息队列服务
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
添加openstack 用户
rabbitmqctl add_user openstack RABBIT_PASS
给openstack用户配置写和读权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装Memcahed
controller节点
安装memcahed
yum install memcached python-memcached
编辑/etc/sysconfig/memcached
OPTIONS="-l 10.0.0.11,::1"
启动Memcached服务
systemctl enable memcached.service
systemctl start memcached.service
认证服务
controller节点
创建 keystone 数据库:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
安装keystone
yum install openstack-keystone httpd mod_wsgi
编辑文件/etc/keystone/keystone.conf配置文件
cp /etc/keystone/keystone.conf{,.bak}
egrep -v "^$|#" /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_tokenADMIN_TOKEN
openstack-config --set /etc/keystone/keystone.conf database connectionmysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token providerfernet
md5sum /etc/keystone/keystone.conf
初始化身份认证服务的数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
编辑/etc/httpd/conf/httpd.conf文件,配置ServerName选项为控制节点
ServerName controller
用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
启动 Apache HTTP 服务并配置其随系统启动
systemctl enable httpd.service
systemctl start httpd.service
配置认证令牌
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建服务实体和API端点
创建服务实体和身份认证服务
openstack service create \
--name keystone --description "OpenStack Identity" identity
创建认证服务的API端点
openstack endpoint create --region RegionOne identity public http://controller:5000/v3
openstack endpoint create --region RegionOne identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne identity admin http://controller:35357/v3
检测认证服务API端是否创建成功
openstack endpoint list
提示:删除一个api端 openstack endpoint delete 后面接ID
创建域、项目、用户和角色
创建`default
openstack domain create --description "Default Domain" default
创建admin项目
openstack project create --domain default --description "Admin Project" admin
创建admin用户:
openstack user create --domain default --password ADMIN_PASS admin
创建admin角色:
openstack role create admin
添加admin角色到admin项目和用户上:
openstack role add --project admin --user admin admin
检查域、项目、用户、角色是否创建成功
openstack domain list
openstack project list
openstack user list
openstack role list
如果用户密码设置错了
第一步,删除这个用户openstack user delete 4efd63361fe14a8b9c5476f3957f6cb9
第二步:openstack user create --domain default --password ADMIN_PASS admin
第三步:openstack role add --project admin --user admin admin
创建service项目
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password DEMO_PASS demo
openstack role create user
openstack role add --project demo --user demo user
验证操作
重置OSTOKEN和OSURL环境变量
unset OS_TOKEN OS_URL
作为 admin 用户,请求认证令牌
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default--os-project-name admin --os-username admin token issue
作为demo用户,请求认证令牌
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
创建 OpenStack 客户端环境脚本
编辑文件 admin-openrc 并添加如下内容
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
编辑文件 demo-openrc 并添加如下内容
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
加载admin-openrc文件来身份认证服务的环境变量位置和admin项目和用户证书
. admin-openrc
请求认证令牌
openstack token issue
镜像服务
controller节点
创建数据库
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
获得admin凭证来获取只有管理员能执行的命令的访问权限
. admin-openrc
创建 glance 用户
openstack user create --domain default --password GLANCE_PASS glance
添加 admin 角色到 glance 用户和 service 项目上。
openstack role add --project service --user glance admin
创建glance服务实体
openstack service create --name glance --description "OpenStack Image" image
创建镜像服务的 API 端点:
openstack endpoint create --region RegionOne image public http://controller:9292
检查
openstack endpoint list
openstack service list
openstack user list
安装glance组件包
yum install openstack-glance
编辑文件/etc/glance/glance-api.conf配置文件
cp /etc/glance/glance-api.conf{,.bak}
grep '^' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
#cat glance-api.conf >/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.confdatabaseconnectionmysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-api.confglance_store storesfile,http
openstack-config --set /etc/glance/glance-api.confglance_store default_storefile
openstack-config --set /etc/glance/glance-api.confglance_store filesystem_store_datadir/var/lib/glance/images/
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken auth_urlhttp://controller:35357
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken memcached_serverscontroller:11211
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken auth_typepassword
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken project_domain_namedefault
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken user_domain_namedefault
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken project_nameservice
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken usernameglance
openstack-config --set /etc/glance/glance-api.confkeystone_authtoken passwordGLANCE_PASS
openstack-config --set /etc/glance/glance-api.confpaste_deploy flavorkeystone
编辑文件/etc/glance/glance-registry.conf配置文件
cp /etc/glance/glance-registry.conf{,.bak}
grep '^' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
#cat glance-registry.conf >/etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.confdatabaseconnectionmysql+pymysql://glance:GLANCE_DBPASS@controller/glance
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken auth_urlhttp://controller:35357
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken memcached_serverscontroller:11211
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken auth_typepassword
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken project_domain_namedefault
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken user_domain_namedefault
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken project_nameservice
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken usernameglance
openstack-config --set /etc/glance/glance-registry.confkeystone_authtoken passwordGLANCE_PASS
openstack-config --set /etc/glance/glance-registry.confpaste_deploy flavorkeystone
写入镜像服务数据库
su -s /bin/sh -c "glance-manage db_sync" glance
启动镜像服务并设置开机启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
检查服务是否启动
netstat -tunlp|grep 9
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 26688/python2
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 26689/python2
获得 admin 凭证来获取只有管理员能执行的命令的访问权限
. admin-openrc
下载源镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
使用QCOW2 磁盘格式,bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--publc
确认镜像的上传并验证属性
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 515cace5-b22b-4d41-b3ae-e14b2eebffe9 | cirros | active |
+--------------------------------------+--------+--------+
计算服务
controller
创建 nova_api 和 nova 数据库
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
获得admin凭证来获取只有管理员能执行的命令的访问权限
. admin-openrc
创建 nova 用户
openstack user create --domain default --password NOVA_PASS nova
给 nova 用户添加 admin 角色
openstack role add --project service --user nova admin
创建 nova 服务实体
openstack service create --name nova --description "OpenStack Compute" compute
创建 Compute 服务 API 端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
安装nova组件
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler
编辑/etc/nova/nova.conf配置文件
cp /etc/nova/nova.conf{,.bak}
grep '^' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
#cat nova.conf >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.confDEFAULT enabled_apisosapi_compute,metadata
openstack-config --set /etc/nova/nova.confDEFAULT rpc_backendrabbit
openstack-config --set /etc/nova/nova.confDEFAULT auth_strategykeystone
openstack-config --set /etc/nova/nova.confDEFAULT my_ip10.0.0.11
openstack-config --set /etc/nova/nova.confDEFAULT use_neutronTrue
openstack-config --set /etc/nova/nova.confDEFAULT firewall_drivernova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.confapi_database connectionmysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.confdatabaseconnectionmysql+pymysql://nova:NOVA_DBPASS@controller/nova
openstack-config --set /etc/nova/nova.confglance api_servershttp://controller:9292
openstack-config --set /etc/nova/nova.confkeystone_authtokenauth_urihttp://controller:5000
openstack-config --set /etc/nova/nova.confkeystone_authtokenauth_urlhttp://controller:35357
openstack-config --set /etc/nova/nova.confkeystone_authtokenmemcached_serverscontroller:11211
openstack-config --set /etc/nova/nova.confkeystone_authtokenauth_typepassword
openstack-config --set /etc/nova/nova.confkeystone_authtokenproject_domain_namedefault
openstack-config --set /etc/nova/nova.confkeystone_authtokenuser_domain_namedefault
openstack-config --set /etc/nova/nova.confkeystone_authtokenproject_nameservice
openstack-config --set /etc/nova/nova.confkeystone_authtokenusernamenova
openstack-config --set /etc/nova/nova.confkeystone_authtokenpasswordNOVA_PASS
openstack-config --set /etc/nova/nova.confoslo_concurrency lock_path/var/lib/nova/tmp
openstack-config --set /etc/nova/nova.confoslo_messaging_rabbit rabbit_hostcontroller
openstack-config --set /etc/nova/nova.confoslo_messaging_rabbit rabbit_useridopenstack
openstack-config --set /etc/nova/nova.confoslo_messaging_rabbit rabbit_passwordRABBIT_PASS
openstack-config --set /etc/nova/nova.confvnc vncserver_listen'$my_ip'
openstack-config --set /etc/nova/nova.confvnc vncserver_proxyclient_address'$my_ip'
同步Compute 数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova
注解
忽略输出中任何不推荐使用的信息。
启动 Compute 服务并将其设置为随系统启动
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
compute1节点
安装nova组件
yum install openstack-nova-compute
编辑/etc/nova/nova.conf配置文件
yum install openstack-utils.noarch -y
cp /etc/nova/nova.conf{,.bak}
grep '^' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.confDEFAULT enabled_apisosapi_compute,metadata
openstack-config --set /etc/nova/nova.confDEFAULT rpc_backendrabbit
openstack-config --set /etc/nova/nova.confDEFAULT auth_strategykeystone
openstack-config --set /etc/nova/nova.confDEFAULT my_ip10.0.0.31
openstack-config --set /etc/nova/nova.confDEFAULT use_neutronTrue
openstack-config --set /etc/nova/nova.confDEFAULT firewall_drivernova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.confglance api_servershttp://controller:9292
openstack-config --set /etc/nova/nova.confkeystone_authtokenauth_urihttp://controller:5000
openstack-config --set /etc/nova/nova.confkeystone_authtokenauth_urlhttp://controller:35357
openstack-config --set /etc/nova/nova.confkeystone_authtokenmemcached_serverscontroller:11211
openstack-config --set /etc/nova/nova.confkeystone_authtokenauth_typepassword
openstack-config --set /etc/nova/nova.confkeystone_authtokenproject_domain_namedefault
openstack-config --set /etc/nova/nova.confkeystone_authtokenuser_domain_namedefault
openstack-config --set /etc/nova/nova.confkeystone_authtokenproject_nameservice
openstack-config --set /etc/nova/nova.confkeystone_authtokenusernamenova
openstack-config --set /etc/nova/nova.confkeystone_authtokenpasswordNOVA_PASS
openstack-config --set /etc/nova/nova.confoslo_concurrency lock_path/var/lib/nova/tmp
openstack-config --set /etc/nova/nova.confoslo_messaging_rabbit rabbit_hostcontroller
openstack-config --set /etc/nova/nova.confoslo_messaging_rabbit rabbit_useridopenstack
openstack-config --set /etc/nova/nova.confoslo_messaging_rabbit rabbit_passwordRABBIT_PASS
openstack-config --set /etc/nova/nova.confvnc enabledTrue
openstack-config --set /etc/nova/nova.confvnc vncserver_listen0.0.0.0
openstack-config --set /etc/nova/nova.confvnc vncserver_proxyclient_address'$my_ip'
openstack-config --set /etc/nova/nova.confvnc novncproxy_base_urlhttp://controller:6080/vnc_auto.html
确定您的计算节点是否支持虚拟机的硬件加速
egrep -c '(vmx|svm)' /proc/cpuinfo
如果这个命令返回了 one or greater 的值,那么你的计算节点支持硬件加速且不需要额外的配置。
如果这个命令返回了 zero 值,那么你的计算节点不支持硬件加速。你必须配置 libvirt 来使用 QEMU 去代替 KVM
在 /etc/nova/nova.conf 文件的 区域做出如下的编辑:
...
virt_type = qemu
启动计算服务及其依赖,并将其配置为随系统自动启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
验证操作
controller节点
获得 admin 凭证来获取只有管理员能执行的命令的访问权限
. admin-openrc
列出服务组件,以验证是否成功启动并注册了每个进程
openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status| State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
|1 | nova-consoleauth | controller | internal | enabled | up | 2017-09-12T12:29:32.000000 |
|2 | nova-scheduler | controller | internal | enabled | up | 2017-09-12T12:29:32.000000 |
|3 | nova-conductor | controller | internal | enabled | up | 2017-09-12T12:29:32.000000 |
|7 | nova-compute | compute1 | nova | enabled | up | 2017-09-12T12:29:34.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
注解
该输出应该显示三个服务组件在控制节点上启用,一个服务组件在计算节点上启用
上述涉及服务的服务启动命令
systemctl restart chronyd
systemctl restart mariadb
systemctl restart rabbitmq-server
systemctl restart memcached
systemctl restart httpd
systemctl restart openstack-glance-api openstack-glance-registry
systemctl restart openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
启动rabbitmq的管理插件
rabbitmq-plugins enable rabbitmq_management
网络服务
controller节点
创建neutron数据库
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
获得admin凭证来获取只有管理员能执行的命令的访问权限
. admin-openrc
创建neutron用户:
openstack user create --domain default --password NEUTRON_PASS neutron
添加admin角色到neutron 用户
openstack role add --project service --user neutron admin
创建neutron服务实体:
openstack service create --name neutron --description "OpenStack Networking" network
创建网络服务API端点
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
配置公共网络选项
在controller节点上安装并配置网络组件
安装网络组件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
编辑/etc/neutron/neutron.conf文件
cp /etc/neutron/neutron.conf{,.bak}
grep '^' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.confDEFAULT core_pluginml2
openstack-config --set /etc/neutron/neutron.confDEFAULT service_plugins
openstack-config --set /etc/neutron/neutron.confDEFAULT rpc_backendrabbit
openstack-config --set /etc/neutron/neutron.confDEFAULT auth_strategykeystone
openstack-config --set /etc/neutron/neutron.confDEFAULT notify_nova_on_port_status_changesTrue
openstack-config --set /etc/neutron/neutron.confDEFAULT notify_nova_on_port_data_changesTrue
openstack-config --set /etc/neutron/neutron.confdatabase connectionmysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken auth_urlhttp://controller:35357
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken memcached_serverscontroller:11211
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken auth_typepassword
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken project_domain_namedefault
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken user_domain_namedefault
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken project_nameservice
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken usernameneutron
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken passwordNEUTRON_PASS
openstack-config --set /etc/neutron/neutron.confnova auth_urlhttp://controller:35357
openstack-config --set /etc/neutron/neutron.confnova auth_typepassword
openstack-config --set /etc/neutron/neutron.confnova project_domain_namedefault
openstack-config --set /etc/neutron/neutron.confnova user_domain_namedefault
openstack-config --set /etc/neutron/neutron.confnova region_nameRegionOne
openstack-config --set /etc/neutron/neutron.confnova project_nameservice
openstack-config --set /etc/neutron/neutron.confnova usernamenova
openstack-config --set /etc/neutron/neutron.confnova passwordNOVA_PASS
openstack-config --set /etc/neutron/neutron.confoslo_concurrency lock_path/var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.confoslo_messaging_rabbit rabbit_hostcontroller
openstack-config --set /etc/neutron/neutron.confoslo_messaging_rabbit rabbit_useridopenstack
openstack-config --set /etc/neutron/neutron.confoslo_messaging_rabbit rabbit_passwordRABBIT_PASS
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep '^' /etc/neutron/plugins/ml2/ml2_conf.ini.bak >/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.iniml2 type_driversflat,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.iniml2 tenant_network_types
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.iniml2 mechanism_driverslinuxbridge
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.iniml2 extension_driversport_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.iniml2_type_flat flat_networksprovider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.inisecuritygroup enable_ipsetTrue
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep '^' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak >/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.inilinux_bridge physical_interface_mappingsprovider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.inisecuritygroup enable_security_groupTrue
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.inisecuritygroup firewall_driverneutron.agent.linux.iptables_firewall.IptablesFirewallDriver
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.inivxlan enable_vxlanFalse
编辑/etc/neutron/dhcp_agent.ini文件
openstack-config --set /etc/neutron/dhcp_agent.iniDEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.iniDEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.iniDEFAULT enable_isolated_metadata true
编辑/etc/neutron/metadata_agent.ini文件
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ipcontroller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secretMETADATA_SECRET
编辑/etc/nova/nova.conf文件
openstack-config --set /etc/nova/nova.conf neutronurlhttp://controller:9696
openstack-config --set /etc/nova/nova.conf neutronauth_urlhttp://controller:35357
openstack-config --set /etc/nova/nova.conf neutronauth_typepassword
openstack-config --set /etc/nova/nova.conf neutronproject_domain_namedefault
openstack-config --set /etc/nova/nova.conf neutronuser_domain_namedefault
openstack-config --set /etc/nova/nova.conf neutronregion_nameRegionOne
openstack-config --set /etc/nova/nova.conf neutronproject_nameservice
openstack-config --set /etc/nova/nova.conf neutronusernameneutron
openstack-config --set /etc/nova/nova.conf neutronpasswordNEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutronservice_metadata_proxyTrue
openstack-config --set /etc/nova/nova.conf neutronmetadata_proxy_shared_secretMETADATA_SECRET
网络服务初始化脚本需要一个超链接/etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启计算API服务
systemctl restart openstack-nova-api.service
启动 Networking 服务并配置它启动
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
compute节点
安装网络组件
yum install openstack-neutron-linuxbridge ebtables ipset
编辑/etc/neutron/neutron.conf文件
cp /etc/neutron/neutron.conf{,.bak}
grep '^' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.confDEFAULT rpc_backendrabbit
openstack-config --set /etc/neutron/neutron.confDEFAULT auth_strategykeystone
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken auth_urihttp://controller:5000
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken auth_urlhttp://controller:35357
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken memcached_serverscontroller:11211
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken auth_typepassword
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken project_domain_namedefault
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken user_domain_namedefault
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken project_nameservice
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken usernameneutron
openstack-config --set /etc/neutron/neutron.confkeystone_authtoken passwordNEUTRON_PASS
openstack-config --set /etc/neutron/neutron.confoslo_concurrency lock_path/var/lib/neutron/tmp
openstack-config --set /etc/neutron/neutron.confoslo_messaging_rabbit rabbit_hostcontroller
openstack-config --set /etc/neutron/neutron.confoslo_messaging_rabbit rabbit_useridopenstack
openstack-config --set /etc/neutron/neutron.confoslo_messaging_rabbit rabbit_passwordRABBIT_PASS
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
scp controller:/etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini
编辑/etc/nova/nova.conf文件
openstack-config --set /etc/nova/nova.confneutron urlhttp://controller:9696
openstack-config --set /etc/nova/nova.confneutron auth_urlhttp://controller:35357
openstack-config --set /etc/nova/nova.confneutron auth_typepassword
openstack-config --set /etc/nova/nova.confneutron project_domain_namedefault
openstack-config --set /etc/nova/nova.confneutron user_domain_namedefault
openstack-config --set /etc/nova/nova.confneutron region_nameRegionOne
openstack-config --set /etc/nova/nova.confneutron project_nameservice
openstack-config --set /etc/nova/nova.confneutron usernameneutron
openstack-config --set /etc/nova/nova.confneutron passwordNEUTRON_PASS
重启计算服务
systemctl restart openstack-nova-compute.service
启动Linuxbridge代理并配置它开机自启动
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service
验证操作
获得admin凭证来获取只有管理员能执行的命令的访问权限
. admin-openrc
列出加载的扩展来验证neutron-server进程是否正常启动
neutron ext-list
neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 64c984ab-1adf-4c24-872c-d86adea2d5a9 | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent |
| b8b44853-14bd-4cb8-b4ef-c8102769a855 | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| bed6cc6d-fd7e-4748-88cd-c68ed21e590d | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| d68b0220-181e-48c6-8dec-3bfc1b71afab | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
Dashboard
contorller
安装软件包
yum install openstack-dashboard
编辑/etc/openstack-dashboard/local_settings文件
在 controller 节点上配置仪表盘以使用 OpenStack 服务:
OPENSTACK_HOST = "controller"
允许所有主机访问仪表板:
ALLOWED_HOSTS = ['*', ]
配置 memcached 会话存储服务:
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
启用第3版认证API:
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
配置API版本:
OPENSTACKAPIVERSIONS = { "identity": 3, "image": 2, "volume": 2, } 通过仪表盘创建用户时的默认域配置为 default :
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
通过仪表盘创建的用户默认角色配置为 user :
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
如果您选择网络参数1,禁用支持3层网络服务:
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
可以选择性地配置时区:
TIME_ZONE = "Aisa/Shanghai"
重启web服务器以及会话存储服务
systemctl restart httpd.service memcached.service
验证操作
在浏览器中输入http://controller/dashboard访问仪表盘。
验证使用admin或者demo用户凭证和default域凭证。
启动实例
创建提供者网络
在控制节点上,加载 admin 凭证来获取管理员能执行的命令访问权限
. admin-openrc
创建网络
neutron net-create --shared --provider:physical_network provider --provider:network_type flat provider
创建子网
neutron subnet-create --name provider --allocation-pool start=10.0.0.101,end=10.0.0.250--dns-nameserver 223.5.5.5 --gateway 10.0.0.254 provider 10.0.0.0/24
检查验证
neutron net-list
neutron subnet-list
创建m1.nano规格的主机
使用m1.nano规格的主机来加载CirrOS镜像
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
openstack flavor list
生成和添加秘钥对:
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
验证公钥的添加
openstack keypair list
添加规则到 default 安全组
允许 ICMP (ping):
openstack security group rule create --proto icmp default
允许安全 shell (SSH) 的访问:
openstack security group rule create --proto tcp --dst-port 22 default
页:
[1]