1.安裝環境
控制節點:
hostname:controller
eth0 10.2.0.40 外網
ens4 172.16.10.40 內網
系統及硬件:CentOS 7 內存2G,硬盤20G
計算節點:
hostname:computer1
eth0 10.2.0.41
ens4 172.16.10.41
系統及硬件:CentOS 7 內存2G,硬盤20G
2.組件安裝
- 控制節點:vim yum.sh 內容如下 並在執行/bin/bash yum.sh 等待安裝完成(視網絡而定)
#!/bin/bash
/usr/bin/yum install https://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-9.noarch.
rpm -y
/usr/bin/yum install centos-release-openstack-liberty -y
/usr/bin/yum install python-openstackclient -y
/usr/bin/yum install openstack-selinux -y
/usr/bin/yum install mariadb mariadb-server MySQL-python -y
/usr/bin/yum install rabbitmq-server -y
/usr/bin/yum install openstack-keystone httpd mod_wsgi memcached python-memcached -y
/usr/bin/yum install openstack-glance python-glance python-glanceclient -y
/usr/bin/yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor ope
nstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
-y
/usr/bin/yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbrid
ge python-neutronclient ebtables ipset -y
/usr/bin/yum install openstack-dashboard -y
/usr/bin/yum install -y chrony- 計算節點:vim yum.sh 內容如下 並在執行/bin/bash yum.sh 等待安裝完成(視網絡而定)
#!/bin/bash
/usr/bin/yum install https://mirrors.aliyun.com/epel/7/x86_64/e/epel-release-7-9.noarch.rpm -y
/usr/bin/yum install centos-release-openstack-liberty -y
/usr/bin/yum install python-openstackclient -y
/usr/bin/yum install openstack-selinux -y
/usr/bin/yum install openstack-nova-compute sysfsutils -y
/usr/bin/yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y
/usr/bin/yum install -y chrony3.控制節點安裝
3.1系統初始化
- 關閉防火牆和selinux
[root@Contraller ~]# systemctl disable firewalld.service
[root@Contraller ~]# systemctl stop firewalld.service
[root@Contraller ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/" /etc/selinux/config
查看結果
[root@Contraller ~]# cat /etc/selinux/config |grep SELINUX
# SELINUX= can take one of these three values:
SELINUX=disabled
# SELINUXTYPE= can take one of three two values:
SELINUXTYPE=targeted
[root@Contraller ~]# iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
[root@Contraller ~]# - 時間同步
[root@Contraller ~]# echo "allow 10.2.0.0/24" >> /etc/chrony.conf
[root@Contraller ~]# systemctl enable chronyd.service
[root@Contraller ~]# systemctl start chronyd.service
[root@Contraller ~]# timedatectl status
Local time: Mon 2017-04-03 19:36:36 CST
Universal time: Mon 2017-04-03 11:36:36 UTC
RTC time: Mon 2017-04-03 11:36:34
Time zone: Asia/Shanghai (CST, +0800)
NTP enabled: yes
NTP synchronized: yes
RTC in local TZ: no
DST active: n/a3.2數據庫配置
mariadb配置文件設置
[root@Contraller ~]# cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf
[root@Contraller ~]# cp /etc/my.cnf{,.bak}
[root@Contraller ~]# cat /etc/my.cnf.bak |grep -v ^$|grep -v ^# > /etc/my.cnf
vim /etc/my.cnf 在[mysqld]下添加如下內容
#Openstack Config
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
bind-address = 172.16.10.40
mariadb設置開機啓動
[root@Contraller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.
[root@Contraller ~]# systemctl start mariadb.service
[root@Contraller ~]# netstat -lntup |grep mysql
tcp 0 0 172.16.10.40:3306 0.0.0.0:* LISTEN 3495/mysqld 設置mariadb密碼並添加數據庫和相關用戶
[root@Contraller ~]# mysql_secure_installation
[root@Contraller ~]# mysql -u root -p
Enter password:
創建數據庫和用戶sql:
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
3.3Rabbit消息隊列配置
啓動消息隊列服務並將其配置爲隨系統啓動:
[root@Contraller ~]# systemctl enable rabbitmq-server.service
Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.
[root@Contraller ~]# systemctl start rabbitmq-server.service添加openstack用戶並配置寫和讀權限:
[root@Contraller ~]# rabbitmqctl add_user openstack openstack
Creating user "openstack" ...
[root@Contraller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...3.4Keystone組件配置
- 啓動Memcached服務,並且配置它隨機啓動
[root@Contraller ~]# systemctl enable memcached.service
Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.
[root@Contraller ~]# systemctl start memcached.service- 生成一個隨機值在初始的配置中作爲管理員的令牌:
[root@Contraller ~]# openssl rand -hex 10 > key.keystone
[root@Contraller ~]# cat key.keystone
63c41a3b57a5ec05d694- 編輯文件 /etc/keystone/keystone.conf 並完成如下動作:
[root@Contraller ~]# cp /etc/keystone/keystone.conf{,.bak}
[root@Contraller ~]# cat /etc/keystone/keystone.conf.bak |grep -v ^$|grep -v ^# >/etc/keystone/keystone.conf
[root@Contraller ~]# vim /etc/keystone/keystone.conf
[root@Contraller ~]# cat /etc/keystone/keystone.conf
[DEFAULT]
verbose = True #啓動詳細日誌(可選)
admin_token = 63c41a3b57a5ec05d694 #定義管理員token初始值(openssl rand -hex 10)
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql://keystone:[email protected]/keystone #配置數據庫訪問
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[matchmaker_ring]
[memcache]
servers = localhost:11211 #配置Memcached服務
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
driver = sql #配置SQL 回滾驅動
[role]
[saml]
[signing]
[ssl]
[token]
provider = uuid #配置 UUID token provider 和Memcached 驅動
driver = memcache
[tokenless_auth]
[trust]
[root@Contraller ~]#
初始化數據庫
[root@Contraller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
No handlers could be found for logger "oslo_config.cfg" # 請忽視這個錯誤 關掉啓動詳細日誌即可 編輯/etc/httpd/conf/httpd.conf 文件,配置ServerName 選項爲控制節點:
ServerName controller
[root@Contraller ~]# cat /etc/httpd/conf/httpd.conf |grep ServerName
# ServerName gives the name and port that the server uses to identify itself.
#ServerName www.example.com:80
ServerName controller用下面的內容創建文件 /etc/httpd/conf.d/wsgi-keystone.conf
其中5000端口是提供該服務的,35357是爲admin提供管理用的
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>- 啓動 Apache HTTP 服務並配置其隨系統啓動:
[root@Contraller ~]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
[root@Contraller ~]# systemctl start httpd.service
[root@Contraller ~]# netstat -lntup |grep httpd
tcp6 0 0 :::80 :::* LISTEN 4628/httpd
tcp6 0 0 :::35357 :::* LISTEN 4628/httpd
tcp6 0 0 :::5000 :::* LISTEN 4628/httpd - 創建服務實體和API端點
[root@Contraller ~]# export OS_TOKEN=63c41a3b57a5ec05d694 #配置token認證令牌
[root@Contraller ~]# export OS_URL=http://controller:35357/v3 #配置端點URL
[root@Contraller ~]# export OS_IDENTITY_API_VERSION=3 #配置認證 API 版本創建身份認證實體和認證服務的 API 端點
[root@Contraller ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | a29472ed51554293bc42f849cb15e406 |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a11c7e972f8940a1887ea1d14e668029 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a29472ed51554293bc42f849cb15e406 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v2.0 |
+--------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1acd4ad9c2d64156b6698c4afe5103d8 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a29472ed51554293bc42f849cb15e406 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v2.0 |
+--------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 979438e5bb094e1eb4aabf493777b524 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | a29472ed51554293bc42f849cb15e406 |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v2.0 |
+--------------+----------------------------------+創建admin項目,用戶,角色
創建admin項目
[root@Contraller ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | default |
| enabled | True |
| id | f4a9eb75fa6842d98daffe20245be0d7 |
| is_domain | False |
| name | admin |
| parent_id | None |
+-------------+----------------------------------+
創建admin用戶
[root@Contraller ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8f84b3cf072942bc9cbe28efa189345a |
| name | admin |
+-----------+----------------------------------+
創建admin角色
[root@Contraller ~]# openstack role create admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | efad2a09f1214fa6a513dd5432d7a2f6 |
| name | admin |
+-------+----------------------------------+
添加``admin`` 角色到 admin 項目和用戶上
[root@Contraller ~]# openstack role add --project admin --user admin admin創建一個service項目和demo項目,demo用戶,角色
[root@Contraller ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | b6358d93fa2c49508c2afeb38c13f6fd |
| is_domain | False |
| name | service |
| parent_id | None |
+-------------+----------------------------------+
[root@Contraller ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 30145ee00b5b4ec781b4dc62dbb4c9e6 |
| is_domain | False |
| name | demo |
| parent_id | None |
+-------------+----------------------------------+
[root@Contraller ~]# openstack user create --domain default --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 35f5c31956f1415c94abb2a121450516 |
| name | demo |
+-----------+----------------------------------+
[root@Contraller ~]# openstack role create user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | cf75c5659a5b44a8b8592c24083ea0fd |
| name | user |
+-------+----------------------------------+
[root@Contraller ~]# openstack role add --project demo --user demo user- 總結下上面創建api和項目等使用的命令
export OS_TOKEN=63c41a3b57a5ec05d694
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStack Identity" identity
openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0
openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --password-prompt admin
openstack role create admin
openstack role add --project admin --user admin admin
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user- 驗證
[root@Contraller ~]# unset OS_TOKEN OS_URL
[root@Contraller ~]# openstack --os-auth-url http://controller:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
Password:
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-04-03T13:49:48.039843Z |
| id | 0534300efd0a4dea80f1a11c19533bc7 |
| project_id | f4a9eb75fa6842d98daffe20245be0d7 |
| user_id | 8f84b3cf072942bc9cbe28efa189345a |
+------------+----------------------------------+
[root@Contraller ~]#
- 創建admin-openrc.sh並添加如下內容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin #前面設置密碼
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3- 創建demo-openr.sh並添加如下內容
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo #前面設置密碼
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3- 驗證腳本
[root@Contraller ~]# source admin-openrc.sh
[root@Contraller ~]# openstack token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-04-03T13:54:15.215525Z |
| id | 151750993b2f42928217bdfd33f2cafe |
| project_id | f4a9eb75fa6842d98daffe20245be0d7 |
| user_id | 8f84b3cf072942bc9cbe28efa189345a |
+------------+----------------------------------+3.5Glance部署(鏡像服務)配置
- 建服務證書
[root@Contraller ~]# source admin-openrc.sh
創建 glance 用戶
[root@Contraller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 380b2aff6d8340288db3660a2cb70ce1 |
| name | glance |
+-----------+----------------------------------+
添加 admin 角色到 glance 用戶和 service 項目上
[root@Contraller ~]# openstack role add --project service --user glance admin
創建``glance``服務實體
[root@Contraller ~]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image service |
| enabled | True |
| id | 096939664ff44ae0b6b3e6a6cbaa6651 |
| name | glance |
| type | image |
+-------------+----------------------------------+- 創建鏡像服務的 API 端點
[root@Contraller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 08a85891e6cc40d5b19ec0d53a3fad04 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 096939664ff44ae0b6b3e6a6cbaa6651 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c46092b0dc6240178842ef785f31efb0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 096939664ff44ae0b6b3e6a6cbaa6651 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 84e790ef99a44dea90f8a61524788379 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 096939664ff44ae0b6b3e6a6cbaa6651 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+- 創建服務證書和認證服務api端點使用的命令總結:
source admin-openrc.sh
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292- 編輯文件 /etc/glance/glance-api.conf
[root@Contraller ~]# cp /etc/glance/glance-api.conf{,.bak}
[root@Contraller ~]# cat /etc/glance/glance-api.conf.bak |grep -v ^$|grep -v ^# > /etc/glance/glance-api.conf
修改後的文件
[root@Contraller ~]# cat /etc/glance/glance-api.conf
[DEFAULT]
notification_driver = noop
[database]
connection = mysql://glance:[email protected]/glance
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone
[store_type_location_strategy]
[task]
[taskflow_executor]- 編輯文件 /etc/glance/glance-registry.conf
[root@Contraller ~]# cp /etc/glance/glance-registry.conf{,.bak}
[root@Contraller ~]# cat /etc/glance/glance-registry.conf.bak |grep -v ^$ |grep -v ^# >/etc/glance/glance-registry.conf
修改之後的內容
[root@Contraller ~]# cat /etc/glance/glance-registry.conf
[DEFAULT]
notification_driver = noop
[database]
connection = mysql://glance:[email protected]/glance
[glance_store]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor = keystone- 同步數據庫
[root@Contraller ~]# su -s /bin/sh -c "glance-manage db_sync" glance- 啓動鏡像服務、配置他們隨機啓動:
[root@Contraller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@Contraller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@Contraller ~]# netstat -lntup|egrep "9191|9292"
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 6001/python2
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 6002/python2 驗證操作
- 在每個客戶端腳本中,配置鏡像服務客戶端使用2.0的API
在admin-openrc.sh 和demo-openrc.sh文件下執行
[root@Contraller ~]# echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
export OS_IMAGE_API_VERSION=2- 獲得 admin 憑證來獲取只有管理員能執行命令的訪問權限
source admin-openrc.sh- 下載源鏡像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img- 使用 QCOW2 磁盤格式, bare 容器格式上傳鏡像到鏡像服務並設置公共可見,這樣所有的項目都可以訪問它
[root@Contraller ~]# glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2017-04-03T14:14:48Z |
| disk_format | qcow2 |
| id | c7f093e6-b457-4d09-881f-51474304b710 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | f4a9eb75fa6842d98daffe20245be0d7 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2017-04-03T14:14:49Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------+- 確認鏡像的上傳並驗證屬性
[root@Contraller ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| c7f093e6-b457-4d09-881f-51474304b710 | cirros |
+--------------------------------------+--------+3.6 Nova控制節點的部署配置(computer)
- 建服務證書
[root@Contraller ~]# source admin-openrc.sh
創建 nova 用戶
[root@Contraller ~]# openstack user create --domain default --password=nova nova
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 9f4431d76cca476a937c1a2749d078fc |
| name | nova |
+-----------+----------------------------------+
添加``admin`` 角色到 nova 用戶:
[root@Contraller ~]# openstack role add --project service --user nova admin
創建``nova`` 服務實體:
[root@Contraller ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 994bfc090d3548539ed9f79eeecfac33 |
| name | nova |
| type | compute |
+-------------+----------------------------------+- 創建計算服務API端點
[root@Contraller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | cd607a4e262c45329bd6c120dbd996fc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 994bfc090d3548539ed9f79eeecfac33 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | 82b6133a5593410dbbe78f6ff3aea7dc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 994bfc090d3548539ed9f79eeecfac33 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2/%(tenant_id)s |
+--------------+-----------------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s
+--------------+-----------------------------------------+
| Field | Value |
+--------------+-----------------------------------------+
| enabled | True |
| id | fe6e5a269b2d42a3bd5c69472d4dcd65 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 994bfc090d3548539ed9f79eeecfac33 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2/%(tenant_id)s |
+--------------+-----------------------------------------+- 創建服務證書和計算服務API端點總結
source admin-openrc.sh
openstack user create --domain default --password=nova nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s- 編輯配置/etc/nova/nova.conf
[root@Contraller ~]# cp /etc/nova/nova.conf{,.bak}
[root@Contraller ~]# cat /etc/nova/nova.conf.bak |grep -v ^$ |grep -v ^# >/etc/nova/nova.conf
修改後文件內容
[root@Contraller ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis=osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.2.0.40
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
connection = mysql://nova:[email protected]/nova
[ephemeral_storage_encryption]
[glance]
host = controller
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[workarounds]
[xenserver]
[zookeeper]- 同步Compute 數據庫:
[root@Contraller ~]# su -s /bin/sh -c "nova-manage db sync" nova- 啓動 Compute 服務並將其設置爲隨系統啓動:
[root@Contraller ~]# systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-cert.service to /usr/lib/systemd/system/openstack-nova-cert.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@Contraller ~]# systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service4.計算節點配置
4.1Nova控制節點的部署配置(computer)
- 編輯
/etc/nova/nova.conf
[root@computer1 ~]# cp /etc/nova/nova.conf{,.bak}
[root@computer1 ~]# cat /etc/nova/nova.conf.bak |grep -v ^$ |grep -v ^# > /etc/nova/nova.conf
修改之後的文件
[root@computer1 ~]# cat /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.2.0.41
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
[ephemeral_storage_encryption]
[glance]
host = controller
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type = qemu
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[workarounds]
[xenserver]
[zookeeper]- 啓動計算服務及其依賴,並將其配置爲隨系統自動啓動:
[root@computer1 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@computer1 ~]# systemctl start libvirtd.service openstack-nova-compute.service
- 驗證
在控制節點10.2.0.40上執行
[root@Contraller ~]# source admin-openrc.sh
[root@Contraller ~]# nova service-list
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
| 1 | nova-consoleauth | Contraller | internal | enabled | up | 2017-04-03T14:49:46.000000 | - |
| 2 | nova-conductor | Contraller | internal | enabled | up | 2017-04-03T14:49:45.000000 | - |
| 4 | nova-cert | Contraller | internal | enabled | up | 2017-04-03T14:49:46.000000 | - |
| 5 | nova-scheduler | Contraller | internal | enabled | up | 2017-04-03T14:49:45.000000 | - |
| 6 | nova-compute | computer1 | nova | enabled | up | 2017-04-03T14:49:39.000000 | - |
+----+------------------+------------+----------+---------+-------+----------------------------+-----------------+
[root@Contraller ~]# nova endpoints
WARNING: glance has no endpoint in ! Available endpoints for this service:
+-----------+----------------------------------+
| glance | Value |
+-----------+----------------------------------+
| id | 08a85891e6cc40d5b19ec0d53a3fad04 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:9292 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| glance | Value |
+-----------+----------------------------------+
| id | 84e790ef99a44dea90f8a61524788379 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:9292 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| glance | Value |
+-----------+----------------------------------+
| id | c46092b0dc6240178842ef785f31efb0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:9292 |
+-----------+----------------------------------+
WARNING: nova has no endpoint in ! Available endpoints for this service:
+-----------+------------------------------------------------------------+
| nova | Value |
+-----------+------------------------------------------------------------+
| id | 82b6133a5593410dbbe78f6ff3aea7dc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:8774/v2/f4a9eb75fa6842d98daffe20245be0d7 |
+-----------+------------------------------------------------------------+
+-----------+------------------------------------------------------------+
| nova | Value |
+-----------+------------------------------------------------------------+
| id | cd607a4e262c45329bd6c120dbd996fc |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:8774/v2/f4a9eb75fa6842d98daffe20245be0d7 |
+-----------+------------------------------------------------------------+
+-----------+------------------------------------------------------------+
| nova | Value |
+-----------+------------------------------------------------------------+
| id | fe6e5a269b2d42a3bd5c69472d4dcd65 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:8774/v2/f4a9eb75fa6842d98daffe20245be0d7 |
+-----------+------------------------------------------------------------+
WARNING: keystone has no endpoint in ! Available endpoints for this service:
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | 1acd4ad9c2d64156b6698c4afe5103d8 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:5000/v2.0 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | 979438e5bb094e1eb4aabf493777b524 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:35357/v2.0 |
+-----------+----------------------------------+
+-----------+----------------------------------+
| keystone | Value |
+-----------+----------------------------------+
| id | a11c7e972f8940a1887ea1d14e668029 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| url | http://controller:5000/v2.0 |
+-----------+----------------------------------+
[root@Contraller ~]# nova image-list
+--------------------------------------+--------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| c7f093e6-b457-4d09-881f-51474304b710 | cirros | ACTIVE | |
+--------------------------------------+--------+--------+--------+5.neutron服務部署配置
5.1控制節點
創建服務證書
[root@Contraller ~]# source admin-openrc.sh
[root@Contraller ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | babed905162349318094874431b3663b |
| name | neutron |
+-----------+----------------------------------+
[root@Contraller ~]# openstack role add --project service --user neutron admin
[root@Contraller ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 47b3478562fb4b6db587cd9d6a56c549 |
| name | neutron |
| type | network |
+-------------+----------------------------------+創建網絡服務API端點
[root@Contraller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 35ca1c008360491c8aa8ffa806bc034f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 47b3478562fb4b6db587cd9d6a56c549 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e27858363dbf4bedae9ede7f6ae005dc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 47b3478562fb4b6db587cd9d6a56c549 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[root@Contraller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b781aee98e234a1fa5ca05ec0d64de6d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 47b3478562fb4b6db587cd9d6a56c549 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+- 編輯
/etc/neutron/neutron.conf文件
[root@Contraller ~]# cp /etc/neutron/neutron.conf{,.bak}
[root@Contraller ~]# cat /etc/neutron/neutron.conf.bak |grep -v ^$|grep -v ^# > /etc/neutron/neutron.conf
修改 /etc/neutron/neutron.conf 之後
[root@Contraller ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://controller:8774/v2
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
#auth_uri = http://127.0.0.1:35357/v2.0/
#identity_uri = http://127.0.0.1:5000
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[database]
connection = mysql://neutron:[email protected]/neutron
[nova]
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[qos]- 編輯
/etc/neutron/plugins/ml2/ml2_conf.ini
[root@Contraller ~]# cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@Contraller ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini.bak |grep -v ^$|grep -v ^# > /etc/neutron/plugins/ml2/ml2_conf.ini
修改之後內容
[root@Contraller ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = public
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_ipset = True編輯修改/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[root@Contraller ~]# cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
[root@Contraller ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak |grep -v ^$ |grep -v ^# > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
修改之後內容如下:
[root@Contraller ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver- 配置DHCP代理(/etc/neutron/dhcp_agent.ini)
[root@Contraller ~]# cp /etc/neutron/dhcp_agent.ini{,.bak}
[root@Contraller ~]# cat /etc/neutron/dhcp_agent.ini.bak |grep -v ^$ |grep -v ^# > /etc/neutron/dhcp_agent.ini
[root@Contraller ~]# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[AGENT]- 配置元數據代理(/etc/neutron/metadata_agent.ini)
[root@Contraller ~]# cat /etc/neutron/metadata_agent.ini
[DEFAULT]
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = controller
metadata_proxy_shared_secret = neutron
[AGENT]5.2計算節點
- 編輯配置文件/etc/neutron/neutron.conf
配置文件如下
[root@computer1 ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
#auth_uri = http://127.0.0.1:35357/v2.0/
#identity_uri = http://127.0.0.1:5000
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[database]
[nova]
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[qos]- 配置Linux 橋接代理(/etc/neutron/plugins/ml2/linuxbridge_agent.ini)
[root@computer1 ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = public:eth0
[vxlan]
enable_vxlan = False
[agent]
prevent_arp_spoofing = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver- 配置計算使用網絡(/etc/nova/nova.conf)
[root@computer1 ~]# cat /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 10.2.0.41
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
[ephemeral_storage_encryption]
[glance]
host = controller
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type = kvm
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[workarounds]
[xenserver]
[zookeeper]- 計算節點neutron完成安裝並設置開機啓動
[root@computer1 ~]# systemctl restart openstack-nova-compute.service
[root@computer1 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@computer1 ~]# systemctl start neutron-linuxbridge-agent.service5.3控制節點最後neutron 部署
網絡服務初始化腳本需要一個超鏈接
[root@Contraller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini同步數據庫
[root@Contraller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron啓動相關服務
[root@Contraller ~]# systemctl restart openstack-nova-api.service
[root@Contraller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@Contraller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@Contraller ~]#
5.4驗證Neutron
[root@computer1 ~]# source admin-openrc.sh
[root@computer1 ~]# neutron ext-list
+-----------------------+-----------------------------------------------+
| alias | name |
+-----------------------+-----------------------------------------------+
| dns-integration | DNS Integration |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| external-net | Neutron external network |
| flavors | Neutron Service Flavors |
| net-mtu | Network MTU |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| extraroute | Neutron Extra Route |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| rbac-policies | RBAC Policies |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+-----------------------+-----------------------------------------------+
[root@computer1 ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+
| 20050ac8-b768-47df-bbda-37aeae23830b | Metadata agent | contraller | :-) | True | neutron-metadata-agent |
| 3846a1e2-1bda-4236-8195-69dde791a4e7 | Linux bridge agent | contraller | :-) | True | neutron-linuxbridge-agent |
| 8febbe98-3b72-4ff8-899d-a80438ba518d | Linux bridge agent | computer1 | :-) | True | neutron-linuxbridge-agent |
| a8dc4af8-bd2d-4f94-8eb1-e77b79c504e4 | DHCP agent | contraller | :-) | True | neutron-dhcp-agent |
+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+6.啓動實例驗證
創建虛擬網絡
$ neutron net-create public --shared --provider:physical_network public \
--provider:eth0 flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| mtu | 0 |
| name | public |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | public |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | d84313397390425c8ed50b2f6e18d092 |
+---------------------------+--------------------------------------+
neutron subnet-create public 10.2.0.0/24 --name public \
--allocation-pool start=10.2.0.10,end=10.2.0.20 \
--dns-nameserver 10.2.0.1 --gateway 10.2.0.1
Created a new subnet:
+-------------------+----------------------------------------------------+
| Field | Value |
+-------------------+----------------------------------------------------+
| allocation_pools | {"start": "10.2.0.10", "end": "10.2.0.20"} |
| cidr | 10.2.0.0/24 |
| dns_nameservers | 10.2.0.1 |
| enable_dhcp | True |
| gateway_ip | 10.2.0.1 |
| host_routes | |
| id | 5cc70da8-4ee7-4565-be53-b9c011fca011 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | public |
| network_id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad |
| subnetpool_id | |
| tenant_id | d84313397390425c8ed50b2f6e18d092 |
+-------------------+----------------------------------------------------+生成一個密鑰對
[root@computer1 ~]# source demo-openrc.sh
[root@computer1 ~]# ssh-keygen -q -N ""
[root@computer1 ~]# nova keypair-add --pub-key ~/.ssh/id_rsa.pub mykey
[root@computer1 ~]# nova keypair-list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | f5:a7:67:46:fd:70:52:da:8e:12:b6:4d:65:40:ea:34 |
+-------+-------------------------------------------------+添加安全組規則
[root@computer1 ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@computer1 ~]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+啓動一個實例
[root@computer1 ~]# nova boot --flavor m1.tiny --image cirros --security-group default --key-name mykey first-vm
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | wi9kohUUuav4 |
| config_drive | |
| created | 2017-04-04T12:31:44Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 7c92347e-a88b-4703-9f14-16ed508924a1 |
| image | cirros (c7f093e6-b457-4d09-881f-51474304b710) |
| key_name | mykey |
| metadata | {} |
| name | first-vm |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 30145ee00b5b4ec781b4dc62dbb4c9e6 |
| updated | 2017-04-04T12:31:45Z |
| user_id | 35f5c31956f1415c94abb2a121450516 |
+--------------------------------------+-----------------------------------------------+
[root@computer1 ~]#
[root@computer1 ~]# nova list
+--------------------------------------+----------------+---------+------------+-------------+----------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+----------------+---------+------------+-------------+----------------+
| 7c92347e-a88b-4703-9f14-16ed508924a1 | first-vm | ACTIVE | - | Running | flat=10.2.0.17 |
| 7c5c1ef2-dd30-4e4f-8b64-e1647f66e079 | hello-instance | SHUTOFF | - | Shutdown | flat=10.2.0.16 |
+--------------------------------------+----------------+---------+------------+-------------+----------------+
[root@computer1 ~]# ping -c 4 10.2.0.17
PING 10.2.0.17 (10.2.0.17) 56(84) bytes of data.
64 bytes from 10.2.0.17: icmp_seq=1 ttl=64 time=1.62 ms
64 bytes from 10.2.0.17: icmp_seq=2 ttl=64 time=0.642 ms
64 bytes from 10.2.0.17: icmp_seq=3 ttl=64 time=0.726 ms
64 bytes from 10.2.0.17: icmp_seq=4 ttl=64 time=0.555 ms
--- 10.2.0.17 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 0.555/0.887/1.627/0.432 ms
[root@computer1 ~]# ssh [email protected]
The authenticity of host '10.2.0.17 (10.2.0.17)' can't be established.
RSA key fingerprint is f2:ce:24:ed:44:9b:01:66:a0:1f:8f:4b:ce:d6:6b:88.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '10.2.0.17' (RSA) to the list of known hosts.
cirros@10.2.0.17's password:
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr FA:16:3E:35:66:E4
inet addr:10.2.0.17 Bcast:10.2.0.255 Mask:255.255.255.0
inet6 addr: fe80::f816:3eff:fe35:66e4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:170 errors:0 dropped:0 overruns:0 frame:0
TX packets:169 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:21286 (20.7 KiB) TX bytes:17490 (17.0 KiB)
$
到這裏openstack基本服務已經安裝完成。希望對大家學習Openstack有點幫助。