1.安装环境:
操作系统:centos 7.5
地址规划:192.168.254.10 openstack-server
架构:所有组件(包括控制节点、计算节点、网络节点)全部安装一个节点
2.系统配置:
[root@localhost ~]# hostname openstack-server
[root@openstack-server ~]# vim /etc/hostname
openstack-server
[root@openstack-server ~]# vim /etc/hosts
192.168.254.10 openstack-server openstack-server.smoke.com
[root@openstack-server ~]# ifconfig
enp4s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.254.10 netmask 255.255.255.224 broadcast 192.168.254.31
inet6 fe80::119a:26d0:b028:74d0 prefixlen 64 scopeid 0x20<link>
ether 00:e0:4c:0f:ff:a9 txqueuelen 1000 (Ethernet)
RX packets 42277 bytes 39441483 (37.6 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 14912 bytes 1016294 (992.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1000 (Local Loopback)
RX packets 32 bytes 2792 (2.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 32 bytes 2792 (2.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
3.安装时间同步服务NTP:
[root@openstack-server ~]# yum install chrony
修改chrony服务配置:
[root@openstack-server ~]# vim /etc/chrony.conf allow 192.168.254.0/27
启动chrony服务:
[root@openstack-server ~]# systemctl enable chronyd.service [root@openstack-server ~]# systemctl start chronyd.service
设置时区:
[root@openstack-server ~]# timedatectl set-timezone Asia/Shanghai
4.安装阿里的OpenStack源:
[root@openstack-server ~]# vim /etc/yum.repos.d/OpenStack-Rocky.repo [openstack-rocky] name=openstack-rocky baseurl=https://mirrors.aliyun.com/centos/7.5.1804/cloud/x86_64/openstack-rocky/ gpgcheck=0 gpgkey=https://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7 repo_gpgcheck=0 enabled=1 [root@openstack-server ~]# yum clean all [root@openstack-server ~]# yum makecache
还可以使用官方yum源方式:
[root@openstack-server ~]# yum install centos-release-openstack-rocky [root@openstack-server ~]# yum install https://rdoproject.org/repos/rdo-release.rpm
升级软件包:
[root@openstack-server ~]# yum -y upgrade
安装OpenStack client:
[root@openstack-server ~]# yum -y install python-openstackclient
安装openstack-selinux:
[root@openstack-server ~]# yum -y install openstack-selinux
5.安装Mariadb:
[root@openstack-server ~]# yum -y install mariadb mariadb-server python2-PyMySQL
修改Mariadb配置文件:
[root@openstack-server ~]# mv /etc/my.cnf /etc/my.cnf.bak [root@openstack-server ~]# cp /usr/share/mariadb/my-large.cnf /etc/my.cnf [root@openstack-server ~]# vim /etc/my.cnf [mysqld] bind-address = 192.168.254.10 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
启动Mariadb服务:
[root@openstack-server ~]# systemctl enable mariadb.service [root@openstack-server ~]# systemctl start mariadb.service
初始化Mariadb:
[root@openstack-server ~]# mysql_secure_installation(按提示操作设置root密码)
6.安装rabbitmq-server:
[root@openstack-server ~]# yum -y install rabbitmq-server
启动rabbitmq-server服务:
[root@openstack-server ~]# systemctl enable rabbitmq-server.service [root@openstack-server ~]# systemctl start rabbitmq-server.service
添加openstack用户:
[root@openstack-server ~]# rabbitmqctl add_user openstack openstack [root@openstack-server ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
开启web管理插件:
[root@openstack-server ~]# rabbitmq-plugins enable rabbitmq_management
使用web访问rabbitmq-server(默认账号guest,密码guest):
设置openstack用户Tags为administrator(点击Admin -- openstack):
点击Update this user:
查看设置:
7.安装memcached:
[root@openstack-server ~]# yum -y install memcached python-memcached
修改memcached服务配置:
[root@openstack-server ~]# vim /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" OPTIONS="-l 0.0.0.0,::1"
启动memcached服务:
[root@openstack-server ~]# systemctl enable memcached.service [root@openstack-server ~]# systemctl start memcached.service
8.安装etcd服务:
[root@openstack-server ~]# yum -y install etcd
修改etcd服务配置:
[root@openstack-server ~]# vim /etc/etcd/etcd.conf #[Member] ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://192.168.254.10:2380" ETCD_LISTEN_CLIENT_URLS="http://192.168.254.10:2379" ETCD_NAME="openstack-server" #[Clustering] ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.254.10:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.254.10:2379" ETCD_INITIAL_CLUSTER="openstack-server=http://192.168.254.10:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new"
启动etcd服务:
[root@openstack-server ~]# systemctl enable etcd [root@openstack-server ~]# systemctl start etcd
9.安装keystone:
在Mariadb创建keystone库和用户:
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE keystone;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keyst one';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
安装keystone:
[root@openstack-server ~]# yum -y install openstack-keystone httpd mod_wsgi
修改keystone服务配置:
[root@openstack-server ~]# vim /etc/keystone/keystone.conf [database] connection = mysql+pymysql://keystone:keystone@openstack-server/keystone [token] provider = fernet
同步数据库:
[root@openstack-server ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet key仓库:
[root@openstack-server ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@openstack-server ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导身份服务:
[root@openstack-server ~]# keystone-manage bootstrap --bootstrap-password admin \ > --bootstrap-admin-url http://openstack-server:5000/v3/ \ > --bootstrap-internal-url http://openstack-server:5000/v3/ \ > --bootstrap-public-url http://openstack-server:5000/v3/ \ > --bootstrap-region-id RegionOne
修改httpd服务配置:
[root@openstack-server ~]# vim /etc/httpd/conf/httpd.conf ServerName openstack-server
创建wsgi-keysone配置文件链接:
[root@openstack-server ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动httpd服务:
[root@openstack-server ~]# systemctl enable httpd.service [root@openstack-server ~]# systemctl start httpd.service [root@openstack-server ~]# vim admin-openrc.sh export OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://openstack-server:5000/v3 export OS_IDENTITY_API_VERSION=3
创建域,项目,用户,角色:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack domain create --description "An Example Domain" example [root@openstack-server ~]# openstack project create --domain default \ > --description "Service Project" service [root@openstack-server ~]# openstack project create --domain default \ > --description "Demo Project" myproject [root@openstack-server ~]# openstack user create --domain default \ > --password-prompt myuser [root@openstack-server ~]# openstack role create myrole [root@openstack-server ~]# openstack role add --project myproject --user myuser myrole
验证keystone是否安装成功:
[root@openstack-server ~]# unset OS_AUTH_URL OS_PASSWORD [root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
创建myuser环境变量:
[root@openstack-server ~]# vim myuser-openrc.sh export OS_USERNAME=myuser export OS_PASSWORD=myuser export OS_PROJECT_NAME=myproject export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://openstack-server:5000/v3 export OS_IDENTITY_API_VERSION=3
使用myuser用户进行测试:
[root@openstack-server ~]# . myuser-openrc.sh [root@openstack-server ~]# openstack --os-auth-url http://openstack-server:5000/v3 \ > --os-project-domain-name Default --os-user-domain-name Default \ > --os-project-name myproject --os-username myuser token issue
修改用户环境变量脚本:
[root@openstack-server ~]# vim admin-openrc.sh export OS_USERNAME=admin export OS_PASSWORD=admin export OS_PROJECT_NAME=admin export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://openstack-server:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 [root@openstack-server ~]# vim myuser-openrc.sh export OS_USERNAME=myuser export OS_PASSWORD=myuser export OS_PROJECT_NAME=myproject export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_DOMAIN_NAME=Default export OS_AUTH_URL=http://openstack-server:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2
使用脚本测试:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack token issue
10.安装glance:
在Mariadb创建glance库和用户:
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE glance;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
创建glance用户,服务,端点:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack user create --domain default --password-prompt glance [root@openstack-server ~]# openstack role add --project service --user glance admin [root@openstack-server ~]# openstack service create --name glance \ > --description "OpenStack Image" image [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > image public http://openstack-server:9292 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > image internal http://openstack-server:9292 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > image admin http://openstack-server:9292
安装glance:
[root@openstack-server ~]# yum -y install openstack-glance
修改glance-api和glance-registry服务配置:
[root@openstack-server ~]# vim /etc/glance/glance-api.conf [database] connection = mysql+pymysql://glance:glance@openstack-server/glance [keystone_authtoken] www_authenticate_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance [paste_deploy] flavor = keystone [glance_store] stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images [root@openstack-server ~]# vim /etc/glance/glance-registry.conf [database] connection = mysql+pymysql://glance:glance@openstack-server/glance [keystone_authtoken] www_authenticate_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = glance [paste_deploy] flavor = keystone
同步glance数据库:
[root@openstack-server ~]# su -s /bin/sh -c "glance-manage db_sync" glance
启动glance-api和glance-registry服务:
[root@openstack-server ~]# systemctl enable openstack-glance-api.service \ > openstack-glance-registry.service [root@openstack-server ~]# systemctl start openstack-glance-api.service \ > openstack-glance-registry.service
使用sdb1创建lvm用于存储镜像:
[root@openstack-server ~]# fdisk -l /dev/sdb 磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区 Units = 扇区 of 1 * 512 = 512 bytes 扇区大小(逻辑/物理):512 字节 / 512 字节 I/O 大小(最小/最佳):512 字节 / 512 字节 磁盘标签类型:dos 磁盘标识符:0x441e1e17 设备 Boot Start End Blocks Id System /dev/sdb1 2048 104859647 52428800 8e Linux LVM [root@openstack-server ~]# pvcreate /dev/sdb1 [root@openstack-server ~]# vgcreate glance-vg /dev/sdb1 [root@openstack-server ~]# lvcreate -L 50G -n glance-lv glance-vg [root@openstack-server ~]# mkfs.xfs /dev/glance-vg/glance-lv [root@openstack-server ~]# blkid /dev/glance-vg/glance-lv /dev/glance-vg/glance-lv: UUID="072c4d36-7502-484b-b857-357a870dcc87" TYPE="xfs" [root@openstack-server ~]# vim /etc/fstab UUID=072c4d36-7502-484b-b857-357a870dcc87 /var/lib/glance/images/ xfs defaults 0 0 [root@openstack-server ~]# mount -a [root@openstack-server ~]# chown -R glance:glance /var/lib/glance/
验证操作:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img [root@openstack-server ~]# openstack image create "cirros" \ > --file cirros-0.4.0-x86_64-disk.img \ > --disk-format qcow2 --container-format bare \ > --public [root@openstack-server ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active | +--------------------------------------+--------+--------+
11.安装nova:
在Mariadb创建nova相关库和用户(控制节点):
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_api;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE nova_cell0;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE placement;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \ > IDENTIFIED BY 'nova';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \ > IDENTIFIED BY 'nova';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \ > IDENTIFIED BY 'nova';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \ > IDENTIFIED BY 'nova';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \ > IDENTIFIED BY 'nova';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \ > IDENTIFIED BY 'nova';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \ > IDENTIFIED BY 'placement';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \ > IDENTIFIED BY 'placement';"
创建nova用户,服务,端点;
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack user create --domain default --password-prompt nova [root@openstack-server ~]# openstack role add --project service --user nova admin [root@openstack-server ~]# openstack service create --name nova \ > --description "OpenStack Compute" compute [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > compute public http://openstack-server:8774/v2.1 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > compute internal http://openstack-server:8774/v2.1 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > compute admin http://openstack-server:8774/v2.1
创建placement用户,服务,端点:
[root@openstack-server ~]# openstack user create --domain default --password-prompt placement [root@openstack-server ~]# openstack role add --project service --user placement admin [root@openstack-server ~]# openstack service create --name placement \ > --description "Placement API" placement [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > placement public http://openstack-server:8778 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > placement internal http://openstack-server:8778 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > placement admin http://openstack-server:8778
安装nove-api、nova-conductor、nova-console、nova-novncproxy、nova-schedule、nova-placement-api服务(控制节点):
[root@openstack-server ~]# yum -y install openstack-nova-api openstack-nova-conductor \ > openstack-nova-console openstack-nova-novncproxy \ > openstack-nova-scheduler openstack-nova-placement-api
修改nova服务配置:
[root@openstack-server ~]# vim /etc/nova/nova.conf [DEFAULT] enabled_apis=osapi_compute,metadata transport_url=rabbit://openstack:openstack@openstack-server my_ip=192.168.254.10 use_neutron=true firewall_driver=nova.virt.firewall.NoopFirewallDriver [api_database] connection=mysql+pymysql://nova:nova@openstack-server/nova_api [database] connection=mysql+pymysql://nova:nova@openstack-server/nova [placement_database] connection=mysql+pymysql://placement:placement@openstack-server/placement [api] auth_strategy=keystone [keystone_authtoken] auth_url=http://openstack-server:5000/v3 memcached_servers=openstack-server:11211 auth_type=password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova [vnc] enabled=true server_listen=0.0.0.0 server_proxyclient_address=$my_ip [glance] api_servers=http://openstack-server:9292 [oslo_concurrency] lock_path=/var/lib/nova/tmp [placement] region_name=RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://openstack-server:5000/v3 username = placement password = placement
官网文档提示包bug问题,需要修改 /etc/httpd/conf.d/00-nova-placement-api.conf,添加/usr/bin相关内容到文件尾部;
[root@openstack-server ~]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启httpd服务:
[root@openstack-server ~]# systemctl restart httpd
同步nova数据库:
[root@openstack-server ~]# su -s /bin/sh -c "nova-manage api_db sync" nova [root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova [root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova 28087259-877a-4ff7-b2a3-a4367a1fbd8d [root@openstack-server ~]# su -s /bin/sh -c "nova-manage db sync" nova [root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
启动nova-api、nova-scheduler、nova-conductor、nova-novncproxy服务:
[root@openstack-server ~]# systemctl enable openstack-nova-api.service \ > openstack-nova-scheduler.service openstack-nova-conductor.service \ > openstack-nova-novncproxy.service [root@openstack-server ~]# systemctl start openstack-nova-api.service \ > openstack-nova-scheduler.service openstack-nova-conductor.service \ > openstack-nova-novncproxy.service
安装nova-compute(计算节点):
[root@openstack-server ~]# yum install openstack-nova-compute
修改nova配置文件:
[root@openstack-server ~]# vim /etc/nova/nova.conf [DEFAULT] enabled_apis=osapi_compute,metadata transport_url=rabbit://openstack:openstack@openstack-server my_ip=192.168.254.10 use_neutron=true firewall_driver=nova.virt.firewall.NoopFirewallDriver [api] auth_strategy=keystone [keystone_authtoken] auth_url = http://openstack-server:5000/v3 memcached_servers=openstack-server:11211 auth_type=password project_domain_name = default user_domain_name = default project_name = service username = nova password = nova [vnc] enabled=true server_listen=0.0.0.0 server_proxyclient_address=$my_ip novncproxy_base_url = http://openstack-server:6080/vnc_auto.html [glance] api_servers=http://openstack-server:9292 [oslo_concurrency] lock_path=/var/lib/nova/tmp [placement] region_name=RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://openstack-server:5000/v3 username = placement password = placement
查看cpu是否支持虚拟化(0代表不支持):
[root@openstack-server ~]# egrep -c '(vmx|svm)' /proc/cpuinfo 4
修改虚拟化类型,如果不支持cpu虚拟化使用qemu,如果支持使用kvm:
[root@openstack-server ~]# vim /etc/nova/nova.conf [libvirt] virt_type=kvm
启动nova-compute和libvirtd服务:
[root@openstack-server ~]# systemctl enable libvirtd.service openstack-nova-compute.service [root@openstack-server ~]# systemctl start libvirtd.service openstack-nova-compute.service
将计算节点cell数据库:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack compute service list --service nova-compute [root@openstack-server ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
编辑nova服务配置:
[root@openstack-server ~]# vim /etc/nova/nova.conf [scheduler] discover_hosts_in_cells_interval=300
验证操作:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack compute service list +----+----------------+------------------+----------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+----------------+------------------+----------+---------+-------+----------------------------+ | 1 | nova-conductor | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 | | 3 | nova-scheduler | openstack-server | internal | enabled | up | 2018-10-23T13:45:26.000000 | | 10 | nova-compute | openstack-server | nova | enabled | up | 2018-10-23T13:45:27.000000 | +----+----------------+------------------+----------+---------+-------+----------------------------+ [root@openstack-server ~]# openstack catalog list +-----------+-----------+-----------------------------------------------+ | Name | Type | Endpoints | +-----------+-----------+-----------------------------------------------+ | glance | image | RegionOne | | | | internal: http://openstack-server:9292 | | | | RegionOne | | | | public: http://openstack-server:9292 | | | | RegionOne | | | | admin: http://openstack-server:9292 | | | | | | keystone | identity | RegionOne | | | | admin: http://openstack-server:5000/v3/ | | | | RegionOne | | | | internal: http://openstack-server:5000/v3/ | | | | RegionOne | | | | public: http://openstack-server:5000/v3/ | | | | | | placement | placement | RegionOne | | | | public: http://openstack-server:8778 | | | | RegionOne | | | | admin: http://openstack-server:8778 | | | | RegionOne | | | | internal: http://openstack-server:8778 | | | | | | nova | compute | RegionOne | | | | public: http://openstack-server:8774/v2.1 | | | | RegionOne | | | | admin: http://openstack-server:8774/v2.1 | | | | RegionOne | | | | internal: http://openstack-server:8774/v2.1 | | | | | +-----------+-----------+-----------------------------------------------+ [root@openstack-server ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 99b186e3-b29f-4366-ab5c-ebf5e53ef262 | cirros | active | +--------------------------------------+--------+--------+ [root@openstack-server ~]# nova-status upgrade check +-------------------------------+ | 升级检查结果 | +-------------------------------+ | 检查: Cells v2 | | 结果: 成功 | | 详情: None | +-------------------------------+ | 检查: Placement API | | 结果: 成功 | | 详情: None | +-------------------------------+ | 检查: Resource Providers | | 结果: 成功 | | 详情: None | +-------------------------------+ | 检查: Ironic Flavor Migration | | 结果: 成功 | | 详情: None | +-------------------------------+ | 检查: API Service Version | | 结果: 成功 | | 详情: None | +-------------------------------+ | 检查: Request Spec Migration | | 结果: 成功 | | 详情: None | +-------------------------------+
12.安装neutron:
在Mariadb创建neutron相关库和用户(控制节点):
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE neutron;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
创建neutron用户、服务、端点;
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack user create --domain default --password-prompt neutron [root@openstack-server ~]# openstack role add --project service --user neutron admin [root@openstack-server ~]# openstack service create --name neutron \ > --description "OpenStack Networking" network [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > network public http://openstack-server:9696 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > network internal http://openstack-server:9696 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > network admin http://openstack-server:9696
Networking Option 1: Provider networks:
安装neutron、neutron-ml2、neutron-linuxbridge、ebtables:
[root@openstack-server ~]# yum -y install openstack-neutron openstack-neutron-ml2 \ > openstack-neutron-linuxbridge ebtables
修改neutron服务配置:
[root@openstack-server ~]# vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:neutron@openstack-server/neutron [DEFAULT] core_plugin = ml2 transport_url = rabbit://openstack:openstack@openstack-server auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [nova] auth_url = http://openstack-server:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp
修改ml2配置文件:
[root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan tenant_network_types = flat mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = provider [securitygroup] enable_ipset = true
修改linuxbridge_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:enp4s0 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
开启系统内核支持网络桥防火墙:
[root@openstack-server ~]# modprobe bridge [root@openstack-server ~]# modprobe br_netfilter [root@openstack-server ~]# vim /etc/sysctl.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 [root@openstack-server ~]# sysctl -p /etc/sysctl.conf
修改dhcp_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
Networking Option 2: Self-service networks:
安装openstack-neutron、openstack-neutron-ml2、openstack-neutron-linuxbridge、ebtables服务;
[root@openstack-server ~]# yum install openstack-neutron openstack-neutron-ml2 \ > openstack-neutron-linuxbridge ebtables
修改neutron服务配置:
[root@openstack-server ~]# vim /etc/neutron/neutron.conf [database] connection = mysql+pymysql://neutron:neutron@openstack-server/neutron [DEFAULT] core_plugin = ml2 service_plugins = router transport_url = rabbit://openstack:openstack@openstack-server auth_strategy = keystone notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [keystone_authtoken] www_authenticate_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [nova] auth_url = http://openstack-server:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = nova [oslo_concurrency] lock_path = /var/lib/neutron/tmp
修改ml2配置文件:
[root@openstack-server ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini [ml2] type_drivers = flat,vlan,vxlan tenant_network_types = vxlan mechanism_drivers = linuxbridge,l2population extension_drivers = port_security [ml2_type_flat] flat_networks = provider [ml2_type_vxlan] vni_ranges = 1:1000 [securitygroup] enable_ipset = true
修改linuxbridge_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:enp4s0 [vxlan] enable_vxlan = true local_ip = 192.168.254.10 l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
开启系统内核支持网络桥防火墙:
[root@openstack-server ~]# modprobe bridge [root@openstack-server ~]# modprobe br_netfilter [root@openstack-server ~]# vim /etc/sysctl.conf net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 [root@openstack-server ~]# sysctl -p /etc/sysctl.conf
修改layer-3_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/l3_agent.ini [DEFAULT] interface_driver = linuxbridge
修改dhcp_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/dhcp_agent.ini [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
修改metadata_agent配置文件:
[root@openstack-server ~]# vim /etc/neutroNetworking Option 2: Self-service networks: n/metadata_agent.ini [DEFAULT] nova_metadata_host = openstack-server metadata_proxy_shared_secret = neutron(neutron和nova通信共享秘钥)
修改nova服务配置:
[root@openstack-server ~]# vim /etc/nova/nova.conf [neutron] url = http://openstack-server:9696 auth_url = http://openstack-server:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = true metadata_proxy_shared_secret = neutron(nova和neutron通信共享秘钥)
创建网络服务初始化脚本软连接:
[root@openstack-server ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步neutron数据库:
[root@openstack-server ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启nova-api服务:
[root@openstack-server ~]# systemctl restart openstack-nova-api.service
启动neutron-server、 neutron-linuxbridge-agent、neutron-dhcp-agent、neutron-metadata-agent服务:
[root@openstack-server ~]# systemctl enable neutron-server.service \ > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ > neutron-metadata-agent.service [root@openstack-server ~]# systemctl start neutron-server.service \ > neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ > neutron-metadata-agent.service
如果使用Networking Option 2: Self-service networks还需要启动neutron-l3-agent服务:
[root@openstack-server ~]# systemctl enable neutron-l3-agent.service [root@openstack-server ~]# systemctl start neutron-l3-agent.service
安装openstack-neutron-linuxbridge、ebtables、ipset(计算节点):
[root@openstack-server ~]# yum install openstack-neutron-linuxbridge ebtables ipset
修改neutron服务配置:
[root@openstack-server ~]# vim /etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:openstack@openstack-server auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp
Networking Option 1: Provider networks:
修改linuxbridge_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:enp4s0 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
开启系统内核支持网络桥防火墙:
[root@openstack-server ~]# modprobe bridge [root@openstack-server ~]# modprobe br_netfilter [root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF > net.bridge.bridge-nf-call-iptables = 1 > net.bridge.bridge-nf-call-ip6tables = 1 > EOF [root@openstack-server ~]# sysctl -p /etc/sysctl.conf
Networking Option 2: Self-service networks:
修改linuxbridge_agent配置文件:
[root@openstack-server ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge] physical_interface_mappings = provider:enp4s0 [vxlan] enable_vxlan = true local_ip = 192.168.254.10 l2_population = true [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
开启系统内核支持网络桥防火墙:
[root@openstack-server ~]# modprobe bridge [root@openstack-server ~]# modprobe br_netfilter [root@openstack-server ~]# cat >> /etc/sysctl.conf << EOF > net.bridge.bridge-nf-call-iptables = 1 > net.bridge.bridge-nf-call-ip6tables = 1 > EOF [root@openstack-server ~]# sysctl -p /etc/sysctl.conf
修改nova服务配置:
[root@openstack-server ~]# vim /etc/nova/nova.conf [neutron] url = http://openstack-server:9696 auth_url = http://openstack-server:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron
重启nova-compute服务(控制节点):
[root@openstack-server ~]# systemctl restart openstack-nova-compute.service
启动neutron-linuxbridge-agent服务:
[root@openstack-server ~]# systemctl enable neutron-linuxbridge-agent.service [root@openstack-server ~]# systemctl start neutron-linuxbridge-agent.service
验证操作:
[root@openstack-server ~]# . admin-openrc.sh
[root@openstack-server ~]# openstack extension list --network
+-------------------------------------------------------------------------------------------------------------------------------------
| Name
+-------------------------------------------------------------------------------------------------------------------------------------
| Default Subnetpools
| Network IP Availability
| Network Availability Zone
| Network MTU (writable)
| Port Binding
| agent
| Subnet Allocation
| DHCP Agent Scheduler
| Neutron external network
| Neutron Service Flavors
| Network MTU
| Availability Zone
| Quota management support
| Tag support for resources with standard attribute: subnet, trunk, router, network, policy, subnetpool, port, security_group, floatin
| Availability Zone Filter Extension
| If-Match constraints based on revision_number
| Filter parameters validation
| Multi Provider Network
| Quota details management support
| Address scope
| Empty String Filtering Extension
| Subnet service types
| Neutron Port MAC address regenerate
| Resource timestamps
| Provider Network
| Neutron Service Type Management
| Neutron Extra DHCP options
| Port filtering on security groups
| Resource revision numbers
| Pagination support
| Sorting support
| security-group
| RBAC Policies
| standard-attr-description
| IP address substring filtering
| Port Security
| Allowed Address Pairs
| project_id field enabled
| Port Bindings Extended
+-------------------------------------------------------------------------------------------------------------------------------------
----+--------------------------------+------------------------------------------------------------------------------------------------
| Alias | Description
----+--------------------------------+------------------------------------------------------------------------------------------------
| default-subnetpools | Provides ability to mark and use a subnetpool as the default.
| network-ip-availability | Provides IP availability data for each network and subnet.
| network_availability_zone | Availability zone support for network.
| net-mtu-writable | Provides a writable MTU attribute for a network resource.
| binding | Expose port bindings of a virtual port to external application
| agent | The agent management extension.
| subnet_allocation | Enables allocation of subnets from a subnet pool
| dhcp_agent_scheduler | Schedule networks among dhcp agents
| external-net | Adds external network attribute to network resource.
| flavors | Flavor specification for Neutron advanced services.
| net-mtu | Provides MTU attribute for a network resource.
| availability_zone | The availability zone extension.
| quotas | Expose functions for quotas management per tenant
gip | standard-attr-tag | Enables to set tag on resources with standard attribute.
| availability_zone_filter | Add filter parameters to AvailabilityZone resource
| revision-if-match | Extension indicating that If-Match based on revision_number is supported.
| filter-validation | Provides validation on filter parameters.
| multi-provider | Expose mapping of virtual networks to multiple physical networks
| quota_details | Expose functions for quotas usage statistics per project
| address-scope | Address scopes extension.
| empty-string-filtering | Allow filtering by attributes with empty string value
| subnet-service-types | Provides ability to set the subnet service_types field
| port-mac-address-regenerate | Network port MAC address regenerate
| standard-attr-timestamp | Adds created_at and updated_at fields to all Neutron resources that have Neutron standard attri
| provider | Expose mapping of virtual networks to physical networks
| service-type | API for retrieving service providers for Neutron advanced services
| extra_dhcp_opt | Extra options configuration for DHCP. For example PXE boot options to DHCP clients can be speci
| port-security-groups-filtering | Provides security groups filtering when listing ports
| standard-attr-revisions | This extension will display the revision number of neutron resources.
| pagination | Extension that indicates that pagination is enabled.
| sorting | Extension that indicates that sorting is enabled.
| security-group | The security groups extension.
| rbac-policies | Allows creation and modification of policies that control tenant access to resources.
| standard-attr-description | Extension to add descriptions to standard attributes
| ip-substring-filtering | Provides IP address substring filtering when listing ports
| port-security | Provides port security
| allowed-address-pairs | Provides allowed address pairs
| project-id | Extension that indicates that project_id field is enabled.
| binding-extended | Expose port bindings of a virtual port to external application
----+--------------------------------+------------------------------------------------------------------------------------------------
----------------------------------------------------------+
|
----------------------------------------------------------+
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
butes. |
|
|
fied (e.g. tftp-server, server-ip-address, bootfile-name) |
|
|
|
|
|
|
|
|
|
|
|
|
----------------------------------------------------------+
[root@openstack-server ~]# openstack network agent list
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+-----------------
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+-----------------
| 12d016a1-f747-49cc-b6be-0d793877d394 | Linux bridge agent | openstack-server | None | :-) | UP | neutron-linuxbri
| 9639fcea-da54-4bad-b3a6-16ffb96f3243 | Metadata agent | openstack-server | None | :-) | UP | neutron-metadata
| dc6d79c5-62e0-48fb-8a19-556b68bc7063 | DHCP agent | openstack-server | nova | :-) | UP | neutron-dhcp-age
+--------------------------------------+--------------------+------------------+-------------------+-------+-------+-----------------
----------+
|
----------+
dge-agent |
-agent |
nt |
----------+
13.安装Dashboard:
安装openstack-dashboard(控制节点):
[root@openstack-server ~]# yum -y install openstack-dashboard
修改dashboard配置文件:
[root@openstack-server ~]# vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "openstack-server"
ALLOWED_HOSTS = ['openstack-server', 'localhost']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'openstack-server:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default'
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_***': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
修改openstack-dashboard服务配置:
[root@openstack-server ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
重启httpd服务:
[root@openstack-server ~]# systemctl restart httpd.service memcached.service
验证操作:
通过浏览器访问http://openstack-server/dashboard 输入域default,账号myuser,密码myuser;
14.安装cinder:
在Mariadb创建cinder相关库和用户(控制节点):
[root@openstack-server ~]# mysql -uroot -psmoke520 -e "CREATE DATABASE cinder;" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';" [root@openstack-server ~]# mysql -uroot -psmoke520 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
创建cinder用户、服务、端点;
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# openstack user create --domain default --password-prompt cinder [root@openstack-server ~]# openstack role add --project service --user cinder admin [root@openstack-server ~]# openstack service create --name cinderv2 \ > --description "OpenStack Block Storage" volumev2 [root@openstack-server ~]# openstack service create --name cinderv3 \ > --description "OpenStack Block Storage" volumev3 [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > volumev2 public http://openstack-server:8776/v2/%\(project_id\)s [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > volumev2 internal http://openstack-server:8776/v2/%\(project_id\)s [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > volumev2 admin http://openstack-server:8776/v2/%\(project_id\)s [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > volumev3 public http://openstack-server:8776/v3/%\(project_id\)s [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > volumev3 internal http://openstack-server:8776/v3/%\(project_id\)s [root@openstack-server ~]# openstack endpoint create --region RegionOne \ > volumev3 admin http://openstack-server:8776/v3/%\(project_id\)s
安装openstack-cinder:
[root@openstack-server ~]# yum -y install openstack-cinder
修改cinder服务配置:
[root@openstack-server ~]# vim /etc/cinder/cinder.conf [database] connection = mysql+pymysql://cinder:cinder@openstack-server/cinder [DEFAULT] transport_url = rabbit://openstack:openstack@openstack-server auth_strategy = keystone my_ip = 192.168.254.10 [keystone_authtoken] auth_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = cinder password = cinder [oslo_concurrency] lock_path = /var/lib/cinder/tmp
同步cinder数据库:
[root@openstack-server ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
修改nova服务配置:
[root@openstack-server ~]# vim /etc/nova/nova.conf [cinder] os_region_name = RegionOne
重启nova-api服务:
[root@openstack-server ~]# systemctl restart openstack-nova-api.service
启动cinder-api、cinder-scheduler服务:
[root@openstack-server ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service [root@openstack-server ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
安装lvm2、device-mapper-persistent-data(计算节点):
[root@openstack-server ~]# yum -y install lvm2 device-mapper-persistent-data
启动lvm2-lvmetad服务:
[root@openstack-server ~]# systemctl enable lvm2-lvmetad.service [root@openstack-server ~]# systemctl start lvm2-lvmetad.service
将/dev/sdb2作为vlm块存储设备:
[root@openstack-server ~]# fdisk -l /dev/sdb 磁盘 /dev/sdb:250.1 GB, 250059350016 字节,488397168 个扇区 Units = 扇区 of 1 * 512 = 512 bytes 扇区大小(逻辑/物理):512 字节 / 512 字节 I/O 大小(最小/最佳):512 字节 / 512 字节 磁盘标签类型:dos 磁盘标识符:0x441e1e17 设备 Boot Start End Blocks Id System /dev/sdb1 2048 106956799 53477376 8e Linux LVM /dev/sdb2 106956800 276826111 84934656 8e Linux LVM [root@openstack-server ~]# pvcreate /dev/sdb2 [root@openstack-server ~]# vgcreate cinder-volumes /dev/sdb2
修改lvm配置文件:
[root@openstack-server ~]# vim /etc/lvm/lvm.conf
devices {
...
filter = [ "a/sdb2/","r/.*/"]
...
}
安装openstack-cinder、targetcli python-keystone服务:
[root@openstack-server ~]# yum -y install openstack-cinder targetcli python-keystone
修改cinder服务配置:
[root@openstack-server ~]# vim /etc/cinder/cinder.conf [database] connection = mysql+pymysql://cinder:cinder@openstack-server/cinder [DEFAULT] transport_url = rabbit://openstack:openstack@openstack-server auth_strategy = keystone my_ip = 192.168.254.10 enabled_backends = lvm glance_api_servers = http://openstack-server:9292 [keystone_authtoken] www_authenticate_uri = http://openstack-server:5000 auth_url = http://openstack-server:5000 memcached_servers = openstack-server:11211 auth_type = password project_domain_id = default user_domain_id = default project_name = service username = cinder password = cinder [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp
启动cinder-volume、target服务:
[root@openstack-server ~]# systemctl enable openstack-cinder-volume.service target.service [root@openstack-server ~]# systemctl start openstack-cinder-volume.service target.service
验证操作:
[root@openstack-server ~]# openstack volume service list +------------------+----------------------+------+---------+-------+----------------------------+ | Binary | Host | Zone | Status | State | Updated At | +------------------+----------------------+------+---------+-------+----------------------------+ | cinder-scheduler | openstack-server | nova | enabled | up | 2018-10-25T14:07:19.000000 | | cinder-volume | openstack-server@lvm | nova | enabled | up | 2018-10-25T14:07:24.000000 | +------------------+----------------------+------+---------+-------+----------------------------+
15.启动虚拟机实例:
创建Provider network网络:
[root@openstack-server ~]# . myuser-openrc.sh [root@openstack-server ~]# openstack network create --share --external \ > --provider-physical-network provider \ > --provider-network-type flat provider [root@openstack-server ~]# openstack subnet create --network provider \ > --allocation-pool start=192.168.254.11,end=192.168.254.15 \ > --dns-nameserver 114.114.114.114 --gateway 192.168.254.1 \ > --subnet-range 192.168.254.0/27 provider [root@openstack-server ~]# openstack network list +--------------------------------------+----------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+----------+--------------------------------------+ | 9979b724-3868-42b9-9e0b-61b42fd794a0 | provider | 12dbf504-9f38-40d1-b273-e1409bc712b2 | +--------------------------------------+----------+--------------------------------------+
创建Self-service network网络:
[root@openstack-server ~]# . myuser-openrc.sh [root@openstack-server ~]# openstack network create selfservice [root@openstack-server ~]# openstack subnet create --network selfservice \ > --dns-nameserver 114.114.114.114 --gateway 172.16.1.1 \ > --subnet-range 172.16.1.0/24 selfservice [root@openstack-server ~]# openstack router create router [root@openstack-server ~]# openstack router add subnet router selfservice [root@openstack-server ~]# openstack router set router --external-gateway provider
验证操作:
[root@openstack-server ~]# . admin-openrc.sh [root@openstack-server ~]# ip netns qrouter-0251f464-87d3-466e-9889-5b58eaeeb19b (id: 2) qdhcp-ad37ab93-04df-4b47-99d3-10dc0b2e630e (id: 1) qdhcp-cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 (id: 0) [root@openstack-server ~]# openstack port list --router router +--------------------------------------+------+-------------------+-------------------------------------------------------------------- | ID | Name | MAC Address | Fixed IP Addresses +--------------------------------------+------+-------------------+-------------------------------------------------------------------- | 6390935b-7ab1-4608-a386-8f8d068a2ee0 | | fa:16:3e:4a:74:9e | ip_address='192.168.254.14', subnet_id='9e8f1c21-fc37-4dd7-b111-b4e | d44e3892-fb37-4c8e-b962-f1035f164409 | | fa:16:3e:c1:1c:72 | ip_address='172.16.1.1', subnet_id='f5ae3b68-4397-4caf-be61-63ef193 +--------------------------------------+------+-------------------+-------------------------------------------------------------------- -----------+--------+ | Status | -----------+--------+ 25160b731' | ACTIVE | e024c' | ACTIVE | -----------+--------+
创建flavor模板:
[root@openstack-server ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
创建秘钥链:
[root@openstack-server ~]# . myuser-openrc.sh [root@openstack-server ~]# ssh-keygen -q -N "" [root@openstack-server ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
验证操作:
[root@openstack-server ~]# openstack keypair list +-------+-------------------------------------------------+ | Name | Fingerprint | +-------+-------------------------------------------------+ | mykey | f3:95:1d:7f:24:e0:ba:a2:7f:9a:e8:98:7a:79:f7:f6 | +-------+-------------------------------------------------+
添加安全组:
[root@openstack-server ~]# openstack security group rule create --proto icmp default [root@openstack-server ~]# openstack security group rule create --proto tcp --dst-port 22 default [root@openstack-server ~]# openstack security group list +--------------------------------------+---------+-------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------+-------------+----------------------------------+------+ | 5c642955-4c0d-4913-83ac-ecd7fdc95846 | default | 缺省安全组 | f9d82471a2d84cdca15994649ad3ce17 | [] | +--------------------------------------+---------+-------------+----------------------------------+------+
Launch an instance on the provider network(在provider网络运行实例):
[root@openstack-server ~]# . demo-openrc [root@openstack-server ~]# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+ [root@openstack-server ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active | +--------------------------------------+--------+--------+ [root@openstack-server ~]# openstack network list +--------------------------------------+-------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+-------------+--------------------------------------+ | ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c | | cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 | +--------------------------------------+-------------+--------------------------------------+ [root@openstack-server ~]# openstack security group list +--------------------------------------+---------+-------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------+-------------+----------------------------------+------+ | 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] | +--------------------------------------+---------+-------------+----------------------------------+------+ [root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros \ > --nic net-id=9979b724-3868-42b9-9e0b-61b42fd794a0 --security-group default \ > --key-name mykey provider-instance [root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url)
Launch an instance on the self-service network(在self-service网络运行实例):
[root@openstack-server ~]# . myuser-openrc.sh [root@openstack-server ~]# openstack flavor list +----+---------+-----+------+-----------+-------+-----------+ | ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public | +----+---------+-----+------+-----------+-------+-----------+ | 0 | m1.nano | 64 | 1 | 0 | 1 | True | +----+---------+-----+------+-----------+-------+-----------+ [root@openstack-server ~]# openstack image list +--------------------------------------+--------+--------+ | ID | Name | Status | +--------------------------------------+--------+--------+ | 68cc1d9d-3018-4c42-a20c-70d0e4215a24 | cirros | active | +--------------------------------------+--------+--------+ [root@openstack-server ~]# openstack network list +--------------------------------------+-------------+--------------------------------------+ | ID | Name | Subnets | +--------------------------------------+-------------+--------------------------------------+ | ad37ab93-04df-4b47-99d3-10dc0b2e630e | selfservice | f5ae3b68-4397-4caf-be61-63ef193e024c | | cd105ed5-cb4d-4fd9-a4f3-3ab1642d7cb4 | provider | 9e8f1c21-fc37-4dd7-b111-b4e25160b731 | +--------------------------------------+-------------+--------------------------------------+ [root@openstack-server ~]# openstack security group list +--------------------------------------+---------+-------------+----------------------------------+------+ | ID | Name | Description | Project | Tags | +--------------------------------------+---------+-------------+----------------------------------+------+ | 48512492-a516-4219-9a94-c81ac593963d | default | 缺省安全组 | c6b624a854694b4bb6dacd361bd7589d | [] | +--------------------------------------+---------+-------------+----------------------------------+------+ [root@openstack-server ~]# openstack server create --flavor m1.nano --image cirros \ > --nic net-id=ad37ab93-04df-4b47-99d3-10dc0b2e630e --security-group default \ > --key-name mykey selfservice-instance [root@openstack-server ~]# openstack server list +--------------------------------------+----------------------+--------+-------------------------+--------+---------+ | ID | Name | Status | Networks | Image | Flavor | +--------------------------------------+----------------------+--------+-------------------------+--------+---------+ | 105e9757-7ba5-4a3f-81b7-cecdff2fa167 | selfservice-instance | ACTIVE | selfservice=172.16.1.10 | cirros | m1.nano | +--------------------------------------+----------------------+--------+-------------------------+--------+---------+ [root@openstack-server ~]# openstack console url show selfservice-instance(获取vnc url)
创建卷:
[root@openstack-server ~]# . myuser-openrc.sh [root@openstack-server ~]# openstack volume create --size 1 volume1 +---------------------+--------------------------------------+ | Field | Value | +---------------------+--------------------------------------+ | attachments | [] | | availability_zone | nova | | bootable | false | | consistencygroup_id | None | | created_at | 2018-11-04T14:38:32.000000 | | description | None | | encrypted | False | | id | 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 | | multiattach | False | | name | volume1 | | properties | | | replication_status | None | | size | 1 | | snapshot_id | None | | source_volid | None | | status | creating | | type | None | | updated_at | None | | user_id | 2a2e5a1a1a464efaabaca83b439999e4 | +---------------------+--------------------------------------+ [root@openstack-server ~]# openstack volume list +--------------------------------------+---------+-----------+------+----------------------------------+ | ID | Name | Status | Size | Attached to | +--------------------------------------+---------+-----------+------+----------------------------------+ | 2a67c881-b7d6-47fb-9da4-c37dcb0ccf72 | volume1 | available | 1 | | | a63a0afe-3be8-45aa-b7be-820d88874fc4 | | in-use | 20 | Attached to centos6 on /dev/vda | +--------------------------------------+---------+-----------+------+----------------------------------+
浙公网安备 33010602011771号