OpenStack Train版 简单部署流程(1)

environment

1.网络平面

management(管理网络)→软件安装,组件通信

provider(提供实例网络)→:提供者网络:直接获取ip地址,实例之间直接互通

               自服务网络(私有网络):创建虚拟网络→创建路由器←设置公有网络网关

                           ————————————————————→内网到外网转发

2.NTP时间服务(集群必备)

【controller node】

1.Install the packages

yum install chrony -y

2.Edit the chrony.conf file and add, change, or remove the following keys as necessary for your environment

vim /etc/chrony.conf

3.Replace NTP_SERVER with the hostname or IP address of a suitable more accurate (lower stratum) NTP server

server NTP_SERVER iburst

4.To enable other nodes to connect to the chrony daemon on the controller node

allow 10.199.100.0/24

5.Restart the NTP service

systemctl enable chronyd.service;systemctl restart chronyd.service

(1)code

yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server ntp7.aliyun.com iburst' /etc/chrony.conf
sed -i '/^#allow/a allow 10.199.100.0/24' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service

【other nodes】

1.Install the packages

yum install chrony -y

2.Configure the chrony.conf file and comment out or remove all but one server key

vim /etc/chrony.conf

3.Change it to reference the controller node

server controller iburst

4.Restart the NTP service

systemctl enable chronyd.service;systemctl restart chronyd.service 

(2)code

yum install chrony -y
sed -i '/^server/s/server/#server/' /etc/chrony.conf
sed -i '2a server controller iburst' /etc/chrony.conf
systemctl enable chronyd.service;systemctl restart chronyd.service

【verify operation】

1.Run this command on the all nodes

chronyc sources
chronyc sources

3.openstack安装包,启用openstack库

1.Install the package to enable the OpenStack repository

yum install centos-release-openstack-train -y

2.Upgrade the packages on all nodes

yum upgrade

3.Install the OpenStack client

yum install python-openstackclient -y 

(3)code

yum install centos-release-openstack-train -y
yum install python-openstackclient -y yum upgrade

4.SQL数据库

1.Install the packages

yum install mariadb mariadb-server python2-PyMySQL -y

2.Create and edit the /etc/my.cnf.d/openstack.cnf file (backup existing configuration files in /etc/my.cnf.d/ if needed)

vim /etc/my.cnf.d/openstack.cnf

3.Start the database service and configure it to start when the system boots

systemctl enable mariadb.service;systemctl restart mariadb.service

4.Secure the database service by running the mysql_secure_installation script

mysql_secure_installation 

(4)code

yum install mariadb mariadb-server python2-PyMySQL -y
cat <<EOF> /etc/my.cnf.d/openstack.cnf
[mysqld] bind-address = 10.1.10.151 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
EOF
systemctl enable mariadb.service;systemctl restart mariadb.service mysql_secure_installation

5.消息队列:协调组件之间操作和状态信息

1.Install the package

yum install rabbitmq-server -y

2.Start the message queue service and configure it to start when the system boots

systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service

3.Add the openstack user

rabbitmqctl add_user openstack RABBIT_PASS  ##Replace RABBIT_PASS with a suitable password

4.Permit configuration, write, and read access for the openstack user

rabbitmqctl set_permissions openstack ".*" ".*" ".*" 

(5)code

yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service;systemctl restart rabbitmq-server.service
rabbitmqctl add_user openstack RABBIT_PASS
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

6.Memcached(存放token)

1.Install the packages

yum install memcached python-memcached -y

2.Edit the /etc/sysconfig/memcached file and complete the following actions

OPTIONS="-l 127.0.0.1,::1,controller"  ##Change the existing line OPTIONS="-l 127.0.0.1,::1"

3.Start the Memcached service and configure it to start when the system boots

systemctl enable memcached.service;systemctl restart memcached.service 

(6)code

yum install memcached python-memcached -y
sed -i '/^OPTIONS=/cOPTIONS="-l 127.0.0.1,::1,controller"' /etc/sysconfig/memcached
systemctl enable memcached.service;systemctl restart memcached.service

7.Etcd

1.Install the package

yum install etcd -y

2.Edit the /etc/etcd/etcd.conf file and set

vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

3.Enable and start the etcd service

systemctl enable etcd;systemctl restart etcd 

(7)code

yum install etcd -y
sed -i '/ETCD_DATA_DIR=/cETCD_DATA_DIR="/var/lib/etcd/default.etcd"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_PEER_URLS=/cETCD_LISTEN_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_LISTEN_CLIENT_URLS=/cETCD_LISTEN_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_NAME=/cETCD_NAME="controller"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_ADVERTISE_PEER_URLS=/cETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_ADVERTISE_CLIENT_URLS=/cETCD_ADVERTISE_CLIENT_URLS="http://10.199.100.191:2379"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER=/cETCD_INITIAL_CLUSTER="controller=http://10.199.100.191:2380"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_TOKEN=/cETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"' /etc/etcd/etcd.conf
sed -i '/ETCD_INITIAL_CLUSTER_STATE=/cETCD_INITIAL_CLUSTER_STATE="new"' /etc/etcd/etcd.conf
systemctl enable etcd;systemctl restart etcd

keystone

1.安装并配置组件

【创库授权】

1.Use the database access client to connect to the database server as the root user

mysql -u root -p

2.Create the keystone database

MariaDB [(none)]> CREATE DATABASE keystone;

3.Grant proper access to the keystone database

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';

【Install and configure components】

4.install the packages openstack-keystone httpd(基于http对外提供服务) mod_wsgi(python应用和web服务中间件,支持python应用部署到web服务上)

yum install openstack-keystone httpd mod_wsgi -y

5.Edit the /etc/keystone/keystone.conf file and complete the following actions

[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
# ...
provider = fernet

6.Populate the Identity service database

su -s /bin/sh -c "keystone-manage db_sync" keystone

7.Initialize Fernet key repositories

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

8.Bootstrap the Identity service

keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \

【Configure the Apache HTTP server】

9.Edit the /etc/httpd/conf/httpd.conf file and configure

ServerName controller

10.Create a link to the /usr/share/keystone/wsgi-keystone.conf file

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

【Finalize the installation】

11.Start the Apache HTTP service and configure it to start when the system boots

systemctl enable httpd.service;systemctl restart httpd.service

12.Configure the administrative account by setting the proper environmental variables

export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3

(8)code

mysql -u root -p1234qwer
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
quit
yum install openstack-keystone httpd mod_wsgi -y
sed -i -e '/^connection/s/connection/#connection/' -e '/^provider/s/provider/#provider/' /etc/keystone/keystone.conf
sed -i '/^#connection/a connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone' /etc/keystone/keystone.conf
sed -i '/^#provider/a provider = fernet' /etc/keystone/keystone.conf
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne
sed -i -e '/^ServerName/s/ServerName/#ServerName/' /etc/httpd/conf/httpd.conf
sed -i '/^#ServerName/a ServerName controller' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service;systemctl restart httpd.service

2.创建域,项目,用户和角色

1.Although the “default” domain already exists from the keystone-manage bootstrap step in this guide, a formal way to create a new domain would be

openstack domain create --description "An Example Domain" example

2.This guide uses a service project that contains a unique user for each service that you add to your environment. Create the service project

openstack project create --domain default --description "Service Project" service

3.Regular (non-admin) tasks should use an unprivileged project and user. As an example, this guide creates the myproject project and myuser user

openstack project create --domain default --description "Demo Project" myproject  ##Create the myproject project
openstack user create --domain default --password-prompt myuser  ##Create the myuser user
openstack role create myrole  ##Create the myrole role
openstack role add --project myproject --user myuser myrole  ##Add the myrole role to the myproject project and myuser user

(创建domain,project,user,role,给user赋予role权限)

openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Demo Project" myproject openstack user create --domain default --password DEMO_PASS myuser openstack role create myrole openstack role add --project myproject --user myuser myrole

3.验证:请求认证令牌

1.Unset the temporary OS_AUTH_URL and OS_PASSWORD environment variable

unset OS_AUTH_URL OS_PASSWORD

2.As the admin user, request an authentication token

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue

3.As the myuser user created in the previous section, request an authentication token

openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue

4.创建openstack客户端环境脚本

1.Create and edit the admin-openrc file and add the following content

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

2.Create and edit the demo-openrc file and add the following content

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

3.Using the scripts

. admin-openrc

(9)code

cat <<EOF> /root/admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
cat <<EOF> /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF

glance

1.条件设置

1.创库授权

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';

2.创建用户→创建glance用户

openstack user create --domain default --password glance123 glance

   赋权→赋予admin权限

openstack role add --project admin --user glance admin

   创建服务实体→创建glance service

openstack service create --name glance --description "OpenStack Image" image

3.创建服务端点API:public

           internal

           admin

openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292

2.安装并配置组件

1.安装软件包

yum install openstack-glance -y

2.修改配置文件

[database]
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = glance
password = glance123
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

3.初始化数据库

su -s /bin/sh -c "glance-manage db_sync" glance

4.启动服务

systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service

(10)code

mysql -u root -p1234qwer
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password glance123 glance
openstack role add --project admin --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
yum install openstack-glance -y
sed -i '/^\[database\]/a connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a password = glance123' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a username = glance' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri  = http://controller:5000' /etc/glance/glance-api.conf
sed -i '/^\[paste_deploy\]/a flavor = keystone' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a filesystem_store_datadir = /var/lib/glance/images/' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a default_store = file' /etc/glance/glance-api.conf
sed -i '/^\[glance_store\]/a stores = file,http' /etc/glance/glance-api.conf su -s /bin/sh -c "glance-manage db_sync" glance systemctl enable openstack-glance-api.service;systemctl restart openstack-glance-api.service

3.验证

1.openstack image create  ##注册镜像

. admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public

2.openstack image list  ##查看镜像信息

openstack image list

placement

1.条件设置

CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS'; GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
openstack user create --domain default --password placement123 placement
openstack role add --project admin --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778

2.安装并配置组件

1.Install the packages

yum install openstack-placement-api -y

2.Edit the /etc/placement/placement.conf file and complete the following actions

   配置数据库访问

[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement

   配置keystone认证

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS

   启用placement api访问

adding the following configuration to /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

3.Populate the placement database

su -s /bin/sh -c "placement-manage db sync" placement

4.启动服务

systemctl restart httpd

(11)code

mysql -u root -p1234qwer
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
quit
. /root/admin-openrc openstack user create --domain default --password placement123 placement openstack role add --project admin --user placement admin openstack service create --name placement --description "Placement API" placement openstack endpoint create --region RegionOne placement public http://controller:8778 openstack endpoint create --region RegionOne placement internal http://controller:8778 openstack endpoint create --region RegionOne placement admin http://controller:8778 yum install openstack-placement-api -y sed -i '/^\[placement_database\]/a connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement' /etc/placement/placement.conf sed -i '/^\[api\]/a auth_strategy = keystone' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a password = placement123' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a username = placement' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/placement/placement.conf sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/v3' /etc/placement/placement.conf cat <<EOF>> /etc/httpd/conf.d/00-nova-placement-api.conf <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory> EOF su -s /bin/sh -c "placement-manage db sync" placement systemctl restart httpd

3.验证

1.Perform status checks to make sure everything is in order

placement-status upgrade check

2.Run some commands against the placement API

nova

controller node

1.条件设置

CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

2.安装并配置组件

1.安装软件包

openstack-nova-api openstack-nova-conductor(连接数据库) openstack-nova-console(访问控制台) openstack-nova-novncproxy(提供控制台服务) openstack-nova-scheduler(computer调度) openstack-nova-placement-api

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

2.Edit the /etc/nova/nova.conf file

   配置api

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata

   配置数据库访问(database,api_database)

[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

   配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

   配置keystone认证

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = nova
password = nova123

   配置网络服务支持

[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

   配置vnc代理

[DEFAULT]
...
my_ip = 10.1.10.151

[vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip

   配置镜像api

[glance]
# ...
api_servers = http://controller:9292

   配置锁路径

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

   配置placement service认证

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = admin
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement123

3.初始化数据库

su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

4.启动服务

systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

(12)code

mysql -u root -p1234qwer
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password nova123 nova
openstack role add --project admin --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.151' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service 

3.验证

1.验证:openstack compute service list  ##查看服务组件

openstack compute service list

2.List API endpoints in the Identity service to verify connectivity with the Identity service

openstack catalog list

3.List images in the Image service to verify connectivity with the Image service

openstack image list

4.Check the cells and placement API are working successfully and that other necessary prerequisites are in place

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
nova-status upgrade check
openstack compute service list --service nova-compute

computer node

1.安装并配置组件

1.安装软件包

yum install openstack-nova-compute -y

2.Edit the /etc/nova/nova.conf file

   配置api

[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata

   配置数据库访问(database,api_database)

[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

   配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/

   配置keystone认证

[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = admin
username = nova
password = nova123

   配置网络服务支持

[DEFAULT]
# ...
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver

   配置vnc代理

[DEFAULT]
...
my_ip = 10.1.10.152

[vnc] # ...
enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html  ##修改为ip地址以确保dashboard中可以打开实例控制台

   配置镜像api

[glance]
# ...
api_servers = http://controller:9292

   配置锁路径

[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp

   配置placement service认证

[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = admin
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement123

(13)code

yum install openstack-nova-compute -y
sed -i '/^\[DEFAULT\]/a firewall_driver = nova.virt.firewall.NoopFirewallDriver' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a use_neutron = true' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a my_ip = 10.1.10.152' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/nova/nova.conf
sed -i '/^\[DEFAULT\]/a enabled_apis = osapi_compute,metadata' /etc/nova/nova.conf
sed -i '/^\[api_database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api' /etc/nova/nova.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova' /etc/nova/nova.conf
sed -i '/^\[api\]/a auth_strategy = keystone' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a password = nova123' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a username = nova' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a novncproxy_base_url = http://controller:6080/vnc_auto.html' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_proxyclient_address = $my_ip' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a server_listen = 0.0.0.0' /etc/nova/nova.conf
sed -i '/^\[vnc\]/a enabled = true' /etc/nova/nova.conf
sed -i '/^\[glance\]/a api_servers = http://controller:9292' /etc/nova/nova.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/nova/tmp' /etc/nova/nova.conf
sed -i '/^\[placement\]/a password = placement123' /etc/nova/nova.conf
sed -i '/^\[placement\]/a username = placement' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_url = http://controller:5000/v3' /etc/nova/nova.conf
sed -i '/^\[placement\]/a user_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[placement\]/a project_domain_name = Default' /etc/nova/nova.conf
sed -i '/^\[placement\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^#vif_plugging_is_fatal/a vif_plugging_is_fatal=false' /etc/nova/nova.conf
sed -i '/^#vif_plugging_timeout/a vif_plugging_timeout=0' /etc/nova/nova.conf
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl restart libvirtd.service openstack-nova-compute.service

neutron

controller node

1.条件设置

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696

2.安装并配置组件

1.安装软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

2.配置服务组件(/etc/neutron/neutron.conf)

   配置数据库访问

[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

   启用ML2插件

[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true

   配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller

   配置keystone访问

[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

   配置网络服务来通知计算节点的网络拓扑变化

[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

   配置锁路径

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

3.配置ml2插件(/etc/neutron/plugins/ml2/ml2_conf.ini)

   启用flat,VLAN以及VXLAN网络

[ml2]
# ...
type_drivers = flat,vlan,vxlan

   启用VXLAN私有网络

[ml2]
# ...
tenant_network_types = vxlan

   启用Linuxbridge和l2机制

[ml2]
# ...
mechanism_drivers = linuxbridge,l2population

   启用端口安全扩展驱动

[ml2]
# ...
extension_drivers = port_security

   配置公共虚拟网络为flat网络

[ml2_type_flat]
# ...
flat_networks = provider

   为私有网络配置VXLAN范围

[ml2_type_vxlan]
# ...
vni_ranges = 1:1000

   启用 ipset 增加安全组的方便性

[securitygroup]
# ...
enable_ipset = true

4.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

   将公共虚拟网络和公共物理网络接口映射

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

   启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population

[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true

   启用安全组并配置 Linux 桥接 iptables 防火墙驱动

[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

5.配置L3代理(/etc/neutron/l3_agent.ini)

   配置Linuxbridge接口驱动和外部网络网桥

[DEFAULT]
# ...
interface_driver = linuxbridge

6.配置dhcp代理(/etc/neutron/dhcp_agent.ini)

   配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据

[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

7.配置元数据代理(/etc/neutron/metadata_agent.ini)

[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET

8.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)

[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

9.初始化数据库

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

10.启动服务

systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service

(14)code

mysql -u root -p1234qwer
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
quit
. /root/admin-openrc
openstack user create --domain default --password neutron123 neutron
openstack role add --project admin --user neutron admin
openstack service create --name neutron --description "OpenStack Compute" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_data_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a notify_nova_on_port_status_changes = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a allow_overlapping_ips = true' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a service_plugins = router' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a core_plugin = ml2' /etc/neutron/neutron.conf
sed -i '/^\[database\]/a connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[nova]' >> /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a password = nova123' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a username = nova' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a region_name = RegionOne' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a user_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a project_domain_name = default' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[nova\]/a auth_url = http://controller:5000' /etc/neutron/neutron.conf
echo '[ml2]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a extension_drivers = port_security' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a mechanism_drivers = linuxbridge,l2population' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a tenant_network_types = vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2\]/a type_drivers = flat,vlan,vxlan' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_flat]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_flat\]/a flat_networks = provider' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[ml2_type_vxlan]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[ml2_type_vxlan\]/a vni_ranges = 1:1000' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/ml2_conf.ini
sed -i '/^\[securitygroup\]/a enable_ipset = true' /etc/neutron/plugins/ml2/ml2_conf.ini
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.151' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/l3_agent.ini
sed -i '/^\[DEFAULT\]/a interface_driver = linuxbridge' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a enable_isolated_metadata = true' /etc/neutron/dhcp_agent.ini
sed -i '/^\[DEFAULT\]/a metadata_proxy_shared_secret = metadata123' /etc/neutron/metadata_agent.ini
sed -i '/^\[DEFAULT\]/a nova_metadata_host = controller' /etc/neutron/metadata_agent.ini
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service;systemctl restart neutron-l3-agent.service

3.验证

验证:openstack network agent list  ##查看代理状态

openstack network agent list

computer node

1.安装并配置组件

1.安装软件包

yum install openstack-neutron-linuxbridge ebtables ipset -y

2.配置服务组件(/etc/neutron/neutron.conf)

   配置rabbitmq

[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller

   配置keystone访问

[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

   配置锁路径

[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp

3.配置linuxbridge代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)

net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

   将公共虚拟网络和公共物理网络接口映射

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

   启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2 population

[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true

   启用安全组并配置 Linux 桥接 iptables 防火墙驱动

[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

4.在nova(/etc/nova/nova.conf)中配置neutron keystone访问(计算使用网络服务)

[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET

(15)code

yum install openstack-neutron-linuxbridge ebtables ipset -y
sed -i '/^\[DEFAULT\]/a transport_url = rabbit://openstack:RABBIT_PASS@controller' /etc/neutron/neutron.conf
sed -i '/^\[DEFAULT\]/a auth_strategy = keystone' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a password = neutron123' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a username = neutron' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_name = admin' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a user_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a project_domain_name = Default' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_type = password' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a memcached_servers = controller:11211' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a auth_url = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[keystone_authtoken\]/a www_authenticate_uri = http://controller:5000/' /etc/neutron/neutron.conf
sed -i '/^\[oslo_concurrency\]/a lock_path = /var/lib/neutron/tmp' /etc/neutron/neutron.conf
echo '[linux_bridge]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[linux_bridge\]/a physical_interface_mappings = provider:ens32' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[vxlan]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a l2_population = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a local_ip = 10.1.10.152' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[vxlan\]/a enable_vxlan = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo '[securitygroup]' >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
sed -i '/^\[securitygroup\]/a enable_security_group = true' /etc/neutron/plugins/ml2/linuxbridge_agent.ini
echo 'net.bridge.bridge-nf-call-iptables = 1' >> /etc/sysctl.conf
echo 'net.bridge.bridge-nf-call-ip6tables = 1' >> /etc/sysctl.conf
modprobe br_netfilter
/sbin/sysctl -p
sed -i '/^\[neutron\]/a metadata_proxy_shared_secret = metadata123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a service_metadata_proxy = true' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a password = neutron123' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a username = neutron' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_name = admin' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a region_name = RegionOne' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a user_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a project_domain_name = default' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_type = password' /etc/nova/nova.conf
sed -i '/^\[neutron\]/a auth_url = http://controller:5000' /etc/nova/nova.conf
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service;systemctl restart neutron-linuxbridge-agent.service

dashboard

1.安装并配置组件

1.安装软件包

yum install openstack-dashboard -y

2.配置服务组件(/etc/openstack-dashboard/local_settings)

   配置host地址

OPENSTACK_HOST = "controller"

   配置允许访问主机

ALLOWED_HOSTS = ['*', ]

   配置 memcached 会话存储服务

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

   启用第3版认证API

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

   启用对域的支持

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

   配置API版本

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}

   通过仪表盘创建用户时的默认域配置为 default

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

   通过仪表盘创建的用户默认角色配置为 user

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

3.启动服务

systemctl restart httpd.service memcached.service

(16)code

yum install openstack-dashboard -y
sed -i '/^OPENSTACK_HOST/s/OPENSTACK_HOST/#OPENSTACK_HOST/' /etc/openstack-dashboard/local_settings
sed -i '/^#OPENSTACK_HOST/a OPENSTACK_HOST = "controller"' /etc/openstack-dashboard/local_settings
sed -i '/^ALLOWED_HOSTS/s/ALLOWED_HOSTS/#ALLOWED_HOSTS/' /etc/openstack-dashboard/local_settings
sed -i "/^#ALLOWED_HOSTS/a ALLOWED_HOSTS = ['*', ]" /etc/openstack-dashboard/local_settings
cat <<EOF>> /etc/openstack-dashboard/local_settings
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
EOF
echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
systemctl restart httpd.service memcached.service

lauch instance

1.创建虚拟网络:创建网络

          创建子网

          创建路由器:←添加私网子网接口

                ←添加公有网络网关

2.创建计算方案

3.创建键值对

4.添加安全规则

5.启动实例←计算方案,镜像,网络,安全组,密钥对

posted @ 2019-09-10 15:02  omgasw  阅读(...)  评论(...编辑  收藏