OpenStack 搭建

最新推荐文章于 2024-03-11 19:15:07 发布
最新推荐文章于 2024-03-11 19:15:07 发布
阅读量442 收藏 1
点赞数
分类专栏: OpenStack
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/Will_cruise/article/details/82889747
版权

OpenStack介绍

openstack是一个云平台管理项目,我们可以使用openstack来管理我们的资源池,在这个资源池中包含了很多的子项目。openstack是有多个不同的模块组成,不同的功能有相对应得不同模块负责。openstack三大核心分别是 计算、网络、存储。通过调用不同模块的API来对外提供交互。

openstack 的版本发布很快,从最初的A版到现在的N版,官方一般会每隔六个月发布一个新的版本。

openstack每个服务都有对应的项目名称,不同的项目就相当于一个提供单独服务的模块,具体的对应关系如下:

  • Horizon (Dashboard): Openstack的web管理服务。

  • Nova (Compute):  通虚拟化技术,提供的计算资源池。

  • Neutron (Networking): 虚拟机的网络资源管理。

存储服务(Storage):

  • Swift (Object Storage): 对象存储,适合于 “一次写入,多次读取”。

  • Cinder (Block Storage): 块存储,提供存储资源池。

共享服务(Share Service): 

  • Keystone (Identify service):认证管理。

  • Glance (Image service): 提供虚拟镜像的注册和存储管理。

  • Ceilometer (Telemetry): 提供监控和数据采集、计量服务。

高层服务 (Higher-level service):

  • Heat (Orchestration): 自动化部署的组件。

  • Trove(Database Service): 提供数据库应用服务。

 

基础服务配置安装

准备工作:

两台CentOS7的机器,分别命名为node1和node2,如果没有内部DNS需要绑定hosts.

CS7修改主机名示例:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># hostnamectl set-hostname node1</span>
<span style="color:slategray"># hostnamectl status</span>
<span style="color:slategray"># cat /etc/hostname </span>
node1</code></span></span>

 

安装yum源:

<span style="color:#333333"><span style="color:black"><code class="language-bash">rpm -ivh  http://mirrors.aliyun.com/epel/epel-release-latest-7.noarch.rpm</code></span></span>

安装openstack仓库:

yum install -y centos-release-openstack-mitaka

安装管理包和客户端:

 

yum install -y python-openstackclient
yum install -y openstack-selinux

控制节点上安装以下服务

yum install -y mariadb mariadb-server python2-PyMySQL 
yum install -y rabbitmq-server
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
yum install -y openstack-glance
yum install -y openstack-nova-api openstack-nova-cert \
  openstack-nova-conductor openstack-nova-console \
  openstack-nova-novncproxy openstack-nova-scheduler
yum install -y openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables

 

计算节点安装nova和neutron:

 

yum install -y openstack-nova-compute sysfsutils
yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables

除了Horizon,openstack的其他组件都需要连接数据库。

除了Horizon和keystone,其他组件都需要连接RabbitMQ(消息队列,通信枢纽).

 

OpenStack数据库配置

创建/etc/my.cnf.d/openstack.cnf,并添加如下配置:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>mysqld<span style="color:#999999">]</span>
bind-address <span style="color:#9a6e3a">=</span> 172.16.10.50
default-storage-engine <span style="color:#9a6e3a">=</span> innodb
innodb_file_per_table  <span style="color:slategray">#独享表空间</span>
max_connections <span style="color:#9a6e3a">=</span> 4096
collation-server <span style="color:#9a6e3a">=</span> utf8_general_ci
character-set-server <span style="color:#9a6e3a">=</span> utf8</code></span></span>

启动数据库:

 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># systemctl enable mariadb.service</span>
<span style="color:slategray"># systemctl start mariadb.service</span></code></span></span>

 

为了保证数据库服务的安全性,运行``mysql_secure_installation``脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># mysql_secure_installation</span></code></span></span>

创建库,并授权:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#9a6e3a">></span> create database keystone<span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on keystone.* to <span style="color:#669900">'keystone'</span>@<span style="color:#669900">'localhost'</span> identified by <span style="color:#669900">'keystone'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on keystone.* to <span style="color:#669900">'keystone'</span>@<span style="color:#669900">'%'</span> identified by <span style="color:#669900">'keystone'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> create database glance<span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on glance.* to <span style="color:#669900">'glance'</span>@<span style="color:#669900">'localhost'</span> identified by <span style="color:#669900">'glance'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on glance.* to <span style="color:#669900">'glance'</span>@<span style="color:#669900">'%'</span> identified by <span style="color:#669900">'glance'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> create database nova<span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on nova.* to <span style="color:#669900">'nova'</span>@<span style="color:#669900">'localhost'</span> identified by <span style="color:#669900">'nova'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on nova.* to <span style="color:#669900">'nova'</span>@<span style="color:#669900">'%'</span> identified by <span style="color:#669900">'nova'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> create database nova_api<span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on nova_api.* to <span style="color:#669900">'nova'</span>@<span style="color:#669900">'localhost'</span> identified by <span style="color:#669900">'nova'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on nova_api.* to <span style="color:#669900">'nova'</span>@<span style="color:#669900">'%'</span> identified by <span style="color:#669900">'nova'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> create database neutron<span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on neutron.* to <span style="color:#669900">'neutron'</span>@<span style="color:#669900">'localhost'</span> identified by <span style="color:#669900">'neutron'</span><span style="color:#999999">;</span>
<span style="color:#9a6e3a">></span> grant all on neutron.* to <span style="color:#669900">'neutron'</span>@<span style="color:#669900">'%'</span> identified by <span style="color:#669900">'neutron'</span><span style="color:#999999">;</span></code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash">MariaDB <span style="color:#999999">[</span><span style="color:#999999">(</span>none<span style="color:#999999">)</span><span style="color:#999999">]</span><span style="color:#9a6e3a">></span> show databases<span style="color:#999999">;</span>
+--------------------+
<span style="color:#9a6e3a">|</span> Database           <span style="color:#9a6e3a">|</span>
+--------------------+
<span style="color:#9a6e3a">|</span> glance             <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> information_schema <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> keystone           <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> mysql              <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> neutron            <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> nova               <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> nova_api           <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> performance_schema <span style="color:#9a6e3a">|</span>
+--------------------+
8 rows <span style="color:#0077aa">in</span> <span style="color:#0077aa">set</span> <span style="color:#999999">(</span>0.00 sec<span style="color:#999999">)</span></code></span></span>


控制节点安装RabbitMQ,并授权用户:

<span style="color:#333333"><span style="color:black"><code class="language-bash"> yum <span style="color:#dd4a68">install</span> -y rabbitmq-server
 systemctl <span style="color:#dd4a68">enable</span> rabbitmq-server.service
 systemctl start rabbitmq-server.service
 rabbitmqctl add_user openstack openstack
 rabbitmqctl set_permissions openstack <span style="color:#669900">".*"</span> <span style="color:#669900">".*"</span> <span style="color:#669900">".*"</span></code></span></span>

打开监控插件:

<span style="color:#333333"><span style="color:black"><code class="language-bash">rabbitmq-plugins <span style="color:#dd4a68">enable</span> rabbitmq_management</code></span></span>

此时可以查看RabbitMQ的服务端口是否开启:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># netstat -lntup|grep 15672</span>
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      30174/beam</code></span></span>

可以直接访问web界面进行查看:http://localhost_ip:15672/ 

RabbitMQ的服务是5672端口:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># netstat -lntup|grep 5672</span>
tcp        0      0 0.0.0.0:15672           0.0.0.0:*               LISTEN      30174/beam          
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      30174/beam          
tcp6       0      0 :::5672                 :::*                    LISTEN      30174/beam</code></span></span>

 

 

所有主机同步时间

<span style="color:#333333"><span style="color:black"><code class="language-bash">yum <span style="color:#dd4a68">install</span> ntpdate -y
ntpdate  time1.aliyun.com
timedatectl set-timezone Asia/Shanghai</code></span></span>

在生产环境中,一定要保证服务器时间一致,否则会出现创建不了虚拟机的情况,在同步过程中也会出现各种问题。

 

OpenStack认证管理-Keystone

 

Keystone主要提供用户认证服务目录的功能。openstack的服务授权都需要在keystone上完成,keystone通过给授权的用户提供一个具有时间有效期的token,在用户token过期之后需要重新授权。服务目录则包含了所有服务项和与之相关的API端点。

用户认证:User, Project,Token,Role.  

这里的Role就类似一个具有相同权限的用户组,Keystone通过这些机制来进行认证授权操作。

服务目录:service,endpoint. 

service 服务,如 Nova, Glance,Swift. 一个服务可以确认当前用户是否具有访问资源的权限。

endpoint其实是一个url,每个url都对应一个服务的实例的访问地址,并且具有public、private和admin这三种权限。public url可以被全局访问,private url只能被局域网访问,admin url被从常规的访问中分离。

 

Keystone的部署

 

Keystone使用memcatch来管理认证的token,之所以选择使用memcache而不是使用mysql的原因是存放在memcache中的token可以设置过期时间,到期之后会自动清理,防止在mysql中因为长期使用而出现表过大难以维护的问题。

 

生成一个token随机值

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openssl rand -hex 10</span>
48d263aed5f11b0bc02f</code></span></span>

 

修改keystone的配置文件

在/etc/keystone/keystone.conf文件中配置以下各项

 

在[DEFAULT]部分,定义初始管理令牌的值

使用前面步骤生成的随机数替换``ADMIN_TOKEN`` 值。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># grep "admin_token"  /etc/keystone/keystone.conf</span>
admin_token <span style="color:#9a6e3a">=</span> 48d263aed5f11b0bc02f</code></span></span>

 

在 [database] 部分,配置数据库访问:

<span style="color:#333333"><span style="color:black"><code class="language-bash">connection <span style="color:#9a6e3a">=</span> mysql+pymysql://keystone:keystone@172.16.10.50/keystone</code></span></span>

 

在``[token]``部分,配置Fernet UUID令牌的提供者,并修改token的存储方式为memcache。

<span style="color:#333333"><span style="color:black"><code class="language-bash">provider <span style="color:#9a6e3a">=</span> fernet
driver <span style="color:#9a6e3a">=</span> memcache</code></span></span>

在[memcache]部分,修改提供memcache服务的主机ip:

<span style="color:#333333"><span style="color:black"><code class="language-bash">servers <span style="color:#9a6e3a">=</span> 172.16.10.50:11211</code></span></span>

修改完成后,keystone的配置就完成了。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>root@node1 ~<span style="color:#999999">]</span><span style="color:slategray"># grep '^[a-z]' /etc/keystone/keystone.conf</span>
admin_token <span style="color:#9a6e3a">=</span> 48d263aed5f11b0bc02f
connection <span style="color:#9a6e3a">=</span> mysql+pymysql://keystone:keystone@172.16.10.50/keystone
servers <span style="color:#9a6e3a">=</span> 172.16.10.50:11211
provider <span style="color:#9a6e3a">=</span> fernet
driver <span style="color:#9a6e3a">=</span> memcache</code></span></span>

初始化身份认证服务的数据库,进行数据库同步:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># su -s /bin/sh -c "keystone-manage db_sync" keystone</span></code></span></span>

验证是否同步成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># mysql -h 172.16.10.50 -ukeystone -pkeystone -e "use keystone; show tables;"</span></code></span></span>

初始化Fernet keys,此命令执行后会在/etc/keystone下创建一个fernet-keys目录:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone</span></code></span></span>

启动memcached:

<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl <span style="color:#dd4a68">enable</span> memcached
systemctl start memcached</code></span></span>

 

配置Apache HTTP服务器

编辑``/etc/httpd/conf/httpd.conf`` 文件,配置``ServerName`` 选项为控制节点:

<span style="color:#333333"><span style="color:black"><code class="language-bash">ServerName 172.16.10.50:80</code></span></span>

用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf

<span style="color:#333333"><span style="color:black"><code class="language-bash">Listen 5000
Listen 35357
<span style="color:#9a6e3a"><</span>VirtualHost *:5000<span style="color:#9a6e3a">></span>
    WSGIDaemonProcess keystone-public processes<span style="color:#9a6e3a">=</span>5 threads<span style="color:#9a6e3a">=</span>1 user<span style="color:#9a6e3a">=</span>keystone group<span style="color:#9a6e3a">=</span>keystone display-name<span style="color:#9a6e3a">=</span>%<span style="color:#999999">{</span>GROUP<span style="color:#999999">}</span>
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %<span style="color:#999999">{</span>GLOBAL<span style="color:#999999">}</span>
    WSGIPassAuthorization On
    ErrorLogFormat <span style="color:#669900">"%{cu}t %M"</span>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <span style="color:#9a6e3a"><</span>Directory /usr/bin<span style="color:#9a6e3a">></span>
        Require all granted
    <span style="color:#9a6e3a"><</span>/Directory<span style="color:#9a6e3a">></span>
<span style="color:#9a6e3a"><</span>/VirtualHost<span style="color:#9a6e3a">></span>
<span style="color:#9a6e3a"><</span>VirtualHost *:35357<span style="color:#9a6e3a">></span>
    WSGIDaemonProcess keystone-admin processes<span style="color:#9a6e3a">=</span>5 threads<span style="color:#9a6e3a">=</span>1 user<span style="color:#9a6e3a">=</span>keystone group<span style="color:#9a6e3a">=</span>keystone display-name<span style="color:#9a6e3a">=</span>%<span style="color:#999999">{</span>GROUP<span style="color:#999999">}</span>
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %<span style="color:#999999">{</span>GLOBAL<span style="color:#999999">}</span>
    WSGIPassAuthorization On
    ErrorLogFormat <span style="color:#669900">"%{cu}t %M"</span>
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined
    <span style="color:#9a6e3a"><</span>Directory /usr/bin<span style="color:#9a6e3a">></span>
        Require all granted
    <span style="color:#9a6e3a"><</span>/Directory<span style="color:#9a6e3a">></span>
<span style="color:#9a6e3a"><</span>/VirtualHost<span style="color:#9a6e3a">></span></code></span></span>

启动Apache :

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># systemctl enable httpd.service</span>
<span style="color:slategray"># systemctl start httpd.service</span></code></span></span>

查看对应的5000端口和35357端口是否启用。

同时查看/var/log/keystone/keystone.log 是否有报错信息,如果有报错信息需要开启keystone的debug模式进行排错:

<span style="color:#333333"><span style="color:black"><code class="language-bash"> vim /etc/keystone/keystone.conf 
<span style="color:slategray">#debug = false  #将此项改为true,再查看日志。</span></code></span></span>

 

设置认证

 

配置认证令牌,直接在命令行执行:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">export</span> OS_TOKEN<span style="color:#9a6e3a">=</span>48d263aed5f11b0bc02f</code></span></span>

配置端点URL:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">export</span> OS_URL<span style="color:#9a6e3a">=</span>http://172.16.10.50:35357/v3</code></span></span>

 

配置认证 API 版本:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">export</span> OS_IDENTITY_API_VERSION<span style="color:#9a6e3a">=</span>3</code></span></span>

 

创建域、项目、用户和角色

 

创建域``default``:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack domain create --description "Default Domain" default</span>
+-------------+----------------------------------+
<span style="color:#9a6e3a">|</span> Field       <span style="color:#9a6e3a">|</span> Value                            <span style="color:#9a6e3a">|</span>
+-------------+----------------------------------+
<span style="color:#9a6e3a">|</span> description <span style="color:#9a6e3a">|</span> Default Domain                   <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> enabled     <span style="color:#9a6e3a">|</span> True                             <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> <span style="color:#dd4a68">id</span>          <span style="color:#9a6e3a">|</span> 5ab6cfb424ee4c99b0fea0cbec19e3b3 <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> name        <span style="color:#9a6e3a">|</span> default                          <span style="color:#9a6e3a">|</span>
+-------------+----------------------------------+</code></span></span>

在环境中,为进行管理操作,创建管理的项目、用户和角色:

 

创建 admin 项目:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack project create --domain default \
  --description <span style="color:#669900">"Admin Project"</span> admin</code></span></span>

 

创建 admin 用户,并设置密码:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack user create --domain default \
--password-prompt admin</code></span></span>

 

创建 admin 角色:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role create admin</code></span></span>

 

添加``admin`` 角色到 admin 项目和用户上:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role add --project admin --user admin admin</code></span></span>

上面命令的含义为:将admin用户添加到admin的项目,并授权为admin角色
 

 

创建一个demo的项目

创建``demo`` 项目:(当为这个项目创建额外用户时,不要重复这一步。)

<span style="color:#333333"><span style="color:black"><code class="language-bash"> openstack project create --domain default \
 --description <span style="color:#669900">"Demo Project"</span> demo</code></span></span>

创建``demo`` 用户并设置密码:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack user create --domain default \
--password-prompt demo</code></span></span>

创建 user 角色:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role create user</code></span></span>

 

添加 user``角色到 ``demo 项目和用户角色:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role add --project demo --user demo user</code></span></span>

 

 

创建service项目

使用一个你添加到你的环境中每个服务包含独有用户的service 项目。

创建``service``项目:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack project create --domain default \
 --description <span style="color:#669900">"Service Project"</span> <span style="color:#dd4a68">service</span></code></span></span>

创建glance用户:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack user create --domain default --password-prompt glance</code></span></span>

添加glance 用户到 service 项目和admin角色:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role add --project <span style="color:#dd4a68">service</span> --user glance admin</code></span></span>

创建nova用户:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack user create --domain default --password-prompt nova</code></span></span>

添加nova用户到service项目和admin角色:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role add --project <span style="color:#dd4a68">service</span> --user nova admin</code></span></span>

创建neutron用户:

openstack user create --domain default --password-prompt neutron

添加neutron用户到service项目和admin角色:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack role add --project <span style="color:#dd4a68">service</span> --user neutron admin</code></span></span>

 

服务注册

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack <span style="color:#dd4a68">service</span> create   --name keystone --description <span style="color:#669900">"OpenStack Identity"</span> identity</code></span></span>

创建public的endpoint,并指定url, 注意IP和端口:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack endpoint create --region RegionOne   identity public http://172.16.10.50:5000/v3</code></span></span>

创建internal类型的endpoint:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack endpoint create --region RegionOne   identity internal http://172.16.10.50:5000/v3</code></span></span>

创建admin类型的endpoint,指定admin的管理端口:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack endpoint create --region RegionOne   identity admin http://172.16.10.50:35357/v3</code></span></span>

提示:由于内部是相互对应的,如果某一条创建错误,需要将对应的三条全部删除,重新创建。

删除方式:(service、user、project等都可以用这种方式删除)

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack endpoint list   <span style="color:slategray">#查看对应的记录ID号</span>
openstack endpoint delete ab66752a92334e31a08aa65d6fb5fdfc <span style="color:slategray">#删除ID</span></code></span></span>

这些记录实质上都在mysql的keystone.endpoint表中,也可以直接修改表。

 

验证操作

在安装其它服务前,要先对之前的操作进行验证。

先重置``OS_TOKEN``和``OS_URL`` 环境变量:

<span style="color:#333333"><span style="color:black"><code class="language-bash">unset OS_TOKEN OS_URL</code></span></span>

使用 admin 用户,请求认证令牌进行测试:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack --os-auth-url http://172.16.10.50:35357/v3 \
 --os-project-domain-name default --os-user-domain-name default \
 --os-project-name admin --os-username admin token issue</code></span></span>

使用demo项目的demo用户,请求认证令牌测试:

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack --os-auth-url http://172.16.10.50:35357/v3 \
 --os-project-domain-name default --os-user-domain-name default \
  --os-project-name demo --os-username demo token issue</code></span></span>

如果出现 (HTTP 401)则说明是密码输入错误。

 

创建环境变量脚本

在上面的测试中,使用了指定参数的方式来进行连接的验证,但是输入内容比较长,在实际的生产操作中我们可以定义一个环境变量的脚本,来省去指定参数的操作。

 

创建 admin 和 ``demo``项目和用户创建客户端环境变量脚本。接下来的部分会引用这些脚本,为客户端操作加载合适的的凭证。

 

编辑文件 admin-openstack.sh 并添加如下内容(注意指定密码和URL):

 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">export</span> OS_PROJECT_DOMAIN_NAME<span style="color:#9a6e3a">=</span>default
<span style="color:#dd4a68">export</span> OS_USER_DOMAIN_NAME<span style="color:#9a6e3a">=</span>default
<span style="color:#dd4a68">export</span> OS_PROJECT_NAME<span style="color:#9a6e3a">=</span>admin
<span style="color:#dd4a68">export</span> OS_USERNAME<span style="color:#9a6e3a">=</span>admin
<span style="color:#dd4a68">export</span> OS_PASSWORD<span style="color:#9a6e3a">=</span>admin
<span style="color:#dd4a68">export</span> OS_AUTH_URL<span style="color:#9a6e3a">=</span>http://172.16.10.50:35357/v3
<span style="color:#dd4a68">export</span> OS_IDENTITY_API_VERSION<span style="color:#9a6e3a">=</span>3
<span style="color:#dd4a68">export</span> OS_IMAGE_API_VERSION<span style="color:#9a6e3a">=</span>2</code></span></span>

同理,添加demo的环境配置文件demo-openstack.sh:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">export</span> OS_PROJECT_DOMAIN_NAME<span style="color:#9a6e3a">=</span>default
<span style="color:#dd4a68">export</span> OS_USER_DOMAIN_NAME<span style="color:#9a6e3a">=</span>default
<span style="color:#dd4a68">export</span> OS_PROJECT_NAME<span style="color:#9a6e3a">=</span>demo
<span style="color:#dd4a68">export</span> OS_USERNAME<span style="color:#9a6e3a">=</span>demo
<span style="color:#dd4a68">export</span> OS_PASSWORD<span style="color:#9a6e3a">=</span>demo
<span style="color:#dd4a68">export</span> OS_AUTH_URL<span style="color:#9a6e3a">=</span>http://172.16.10.50:5000/v3
<span style="color:#dd4a68">export</span> OS_IDENTITY_API_VERSION<span style="color:#9a6e3a">=</span>3
<span style="color:#dd4a68">export</span> OS_IMAGE_API_VERSION<span style="color:#9a6e3a">=</span>2</code></span></span>

对脚本添加执行权限后,每次执行openstack相关的命令一定要先source执行此脚本,否则会不成功。

对环境变量脚本进行验证:

<span style="color:#333333"><span style="color:black"><code class="language-bash"> <span style="color:#dd4a68">source</span>  admin-openstack.sh</code></span></span>

尝试直接获取token,看是否成功

<span style="color:#333333"><span style="color:black"><code class="language-bash">openstack token issue</code></span></span>

 

Openstack镜像管理-Glance

 

Glance由Glance-api和Glance-Registry以及image Storage三个组件组成。

Glance-api: 接受云系统镜像的创建、删除和读取请求。通过接收REST API的请求,调用其他模块来完成镜像的查找,获取、上传、删除等操作。默认的监听端口为9292.

Glance-Registry:云镜像的注册服务。与mysql进行数据交互,用于存储和获取镜像的元数据。Glance数据库中有两张表,一张是image表,另一张是image property表。image表保存了镜像格式、大小等信息,image property表则主要保存镜像的定制化信息。glance-registry监听的端口为9191.

Image storage: 是一个存储的接口层,严格来说它并不是属于glance,只是给glance提供调用的一个接口。通过这个接口,glance可以获取镜像。image storage支持的存储有Amazon的S3、Openstack本身的Swift,还有如 ceph,sheepdog,GlusterFS等分布式存储,image storage是镜像保存和获取的接口,由于仅仅是一个接口层,具体的实现需要外部存储的支持。

 

Glance的部署

http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/glance-install.html#prerequisites 

安装glance服务并配置数据库

前面已经对数据库进行了相关操作,这里需要编辑配置文件/etc/glance/glance-api.conf 并完成如下动作:

在 [database] 部分,配置数据库访问:(第二个glance为密码)

<span style="color:#333333"><span style="color:black"><code class="language-bash">connection <span style="color:#9a6e3a">=</span> mysql+pymysql://glance:glance@172.16.10.50/glance</code></span></span>

在/etc/glance/glance-registry.conf 的配置文件中[database] 也配置上此参数

<span style="color:#333333"><span style="color:black"><code class="language-bash">connection <span style="color:#9a6e3a">=</span> mysql+pymysql://glance:glance@172.16.10.50/glance</code></span></span>

同步数据库,此处会有一个警告:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">su</span> -s /bin/sh -c <span style="color:#669900">"glance-manage db_sync"</span> glance</code></span></span>

验证数据库是否同步成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># mysql -h  172.16.10.50 -uglance -pglance -e "use glance;show tables;"</span></code></span></span>

 

设置keystone

在/etc/glance/glance-api.conf中设置keystone的配置,分别在下面的两个模块中

添加如下配置信息:
 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>keystone_authtoken<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
auth_uri <span style="color:#9a6e3a">=</span> http://172.16.10.50:5000
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
memcached_servers <span style="color:#9a6e3a">=</span> 172.16.10.50:11211
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> glance
password <span style="color:#9a6e3a">=</span> glance

<span style="color:#999999">[</span>paste_deploy<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
flavor <span style="color:#9a6e3a">=</span> keystone</code></span></span>

在/etc/glance/glance-registry.conf 中设置相同的配置:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>keystone_authtoken<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
auth_uri <span style="color:#9a6e3a">=</span> http://172.16.10.50:5000
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
memcached_servers <span style="color:#9a6e3a">=</span> 172.16.10.50:11211
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> glance
password <span style="color:#9a6e3a">=</span> glance

<span style="color:#999999">[</span>paste_deploy<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
flavor <span style="color:#9a6e3a">=</span> keystone</code></span></span>

配置镜像存储

修改/etc/glance/glance-api.conf的配置:

在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>glance_store<span style="color:#999999">]</span> 
stores <span style="color:#9a6e3a">=</span> file,http
default_store <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">file</span>
filesystem_store_datadir <span style="color:#9a6e3a">=</span> /var/lib/glance/images</code></span></span>

启动服务:

systemctl enable openstack-glance-api.service   openstack-glance-registry.service

systemctl start openstack-glance-api.service   openstack-glance-registry.service

 

查看启动后9292和9191端口是否开启。

 

在keystone上做服务注册

创建glance服务实体,首先加载admin环境变量

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># source admin-openstack.sh</span></code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray">#  openstack service create --name glance  \</span>
--description <span style="color:#669900">"OpenStack Image"</span> image</code></span></span>

创建镜像服务的 API 端点:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack endpoint create --region RegionOne \</span>
  image public http://172.16.10.50:9292</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack endpoint create --region RegionOne  \</span>
 image internal http://172.16.10.50:9292</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack endpoint create --region RegionOne  \</span>
 image admin http://172.16.10.50:9292</code></span></span>

验证配置是否成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># glance image-list   </span>
+----+------+
<span style="color:#9a6e3a">|</span> ID <span style="color:#9a6e3a">|</span> Name <span style="color:#9a6e3a">|</span>
+----+------+
+----+------+</code></span></span>


验证操作

获得 admin 凭证来获取只有管理员能执行的命令的访问权限:

 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># source admin-openstack.sh</span></code></span></span>

下载源镜像:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img</span></code></span></span>

上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack image create "cirros"   --file cirros-0.3.4-x86_64-disk.img  \</span>
 --disk-format qcow2 --container-format bare   --public</code></span></span>

验证是否上传成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack image list</span>
+--------------------------------------+--------+--------+
<span style="color:#9a6e3a">|</span> ID                                   <span style="color:#9a6e3a">|</span> Name   <span style="color:#9a6e3a">|</span> Status <span style="color:#9a6e3a">|</span>
+--------------------------------------+--------+--------+
<span style="color:#9a6e3a">|</span> 82c3ba8f-4930-4e32-bd1b-34881f5eb4cd <span style="color:#9a6e3a">|</span> cirros <span style="color:#9a6e3a">|</span> active <span style="color:#9a6e3a">|</span>
+--------------------------------------+--------+--------+</code></span></span>

上传成功后在/var/lib/glance/images/下可以看到这个镜像,以镜像ID命名:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>root@node1 ~<span style="color:#999999">]</span><span style="color:slategray"># cd /var/lib/glance/images/</span>
<span style="color:#999999">[</span>root@node1 images<span style="color:#999999">]</span><span style="color:slategray"># ll</span>
total 12980
-rw-r-----. 1 glance glance 13287936 Oct 26 16:00 82c3ba8f-4930-4e32-bd1b-34881f5eb4cd</code></span></span>


OpenStack计算服务-Nova

http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/nova-controller-install.html 

在openstack的创建中,我们一般将Nova的计算节点组件放在需要创建虚拟机的主机上,而除了计算节点之外的其他Nova组件安装在控制节点上,计算节点只负责创建虚拟机。

Nova的服务组件:

API:负责接收和响应外部请求。API接收的请求将会放到消息队列(rabbitMQ)中。是外部访问nova的唯一途径。

Cert:负责身份认证EC2.

Scheduler:用于云主机调度。决策虚拟机创建在哪个主机(计算节点)上

Conductor: 计算节点访问数据库的中间件。

Consoleauth:用于控制台的授权验证

Novncproxy: VNC代理

 

配置数据库

 

编辑``/etc/nova/nova.conf``文件并完成下面的操作:

在``[api_database]``和``[database]``部分,配置数据库的连接:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>api_database<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
connection <span style="color:#9a6e3a">=</span> mysql+pymysql://nova:nova@172.16.10.50/nova_api
<span style="color:#999999">[</span>database<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
connection <span style="color:#9a6e3a">=</span> mysql+pymysql://nova:nova@172.16.10.50/nova</code></span></span>

 

同步Compute 数据库:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">su</span> -s /bin/sh -c <span style="color:#669900">"nova-manage api_db sync"</span> nova
<span style="color:#dd4a68">su</span> -s /bin/sh -c <span style="color:#669900">"nova-manage db sync"</span> nova</code></span></span>

查看数据库同步是否成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash">mysql -h 172.16.10.50 -unova -pnova -e <span style="color:#669900">"use nova;show tables;"</span>
mysql -h 172.16.10.50 -unova -pnova -e <span style="color:#669900">"use nova_api;show tables;"</span></code></span></span>

 

配置keystone

编辑``/etc/nova/nova.conf``文件并完成下面的操作:

编辑“[keystone_authtoken]” 部分,添加如下内容:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>keystone_authtoken<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
auth_uri <span style="color:#9a6e3a">=</span> http://172.16.10.50:5000
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
memcached_servers <span style="color:#9a6e3a">=</span> 172.16.10.50:11211
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> nova
password <span style="color:#9a6e3a">=</span> nova</code></span></span>

在[DEFAULT]中打开注释:

 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>DEFAULT<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
auth_strategy <span style="color:#9a6e3a">=</span> keystone</code></span></span>

 

配置RabbitMQ
修改nova.conf文件:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>DEFAULT<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
rpc_backend<span style="color:#9a6e3a">=</span>rabbit
rabbit_host<span style="color:#9a6e3a">=</span>172.16.10.50
rabbit_port<span style="color:#9a6e3a">=</span>5672
rabbit_userid<span style="color:#9a6e3a">=</span>openstack
rabbit_password<span style="color:#9a6e3a">=</span>openstack</code></span></span>

 

 

配置nova服务参数

编辑``/etc/nova/nova.conf``文件

在``[DEFAULT]``部分,只启用计算和元数据API:

<span style="color:#333333"><span style="color:black"><code class="language-bash">enabled_apis<span style="color:#9a6e3a">=</span>osapi_compute,metadata</code></span></span>

 

在 [DEFAULT] 部分,使能 Networking 服务:(此处的设置需要修改默认参数Noop)

<span style="color:#333333"><span style="color:black"><code class="language-bash">use_neutron <span style="color:#9a6e3a">=</span> True
firewall_driver <span style="color:#9a6e3a">=</span> nova.virt.firewall.NoopFirewallDriver</code></span></span>

在``[vnc]``部分,配置VNC代理使用控制节点的管理接口IP地址 :

<span style="color:#333333"><span style="color:black"><code class="language-bash">vncserver_listen<span style="color:#9a6e3a">=</span>172.16.10.50
vncserver_proxyclient_address<span style="color:#9a6e3a">=</span>172.16.10.50</code></span></span>

在 [glance] 区域,配置镜像服务 API 的位置:

<span style="color:#333333"><span style="color:black"><code class="language-bash">api_servers<span style="color:#9a6e3a">=</span> http://172.16.10.50:9292</code></span></span>

在 [oslo_concurrency] 部分,配置锁路径:

<span style="color:#333333"><span style="color:black"><code class="language-bash">lock_path<span style="color:#9a6e3a">=</span>/var/lib/nova/tmp</code></span></span>

启动 Compute 服务并将其设置为随系统启动:

<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl <span style="color:#dd4a68">enable</span> openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service</code></span></span>

 

<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service</code></span></span>

 

注册nova服务

创建 nova 服务实体:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># source  admin-openstack.sh </span>
<span style="color:slategray"># openstack service create --name nova  \</span>
 --description <span style="color:#669900">"OpenStack Compute"</span> compute</code></span></span>

创建 Compute 服务 API 端点,nova api的端口为8774 :

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack endpoint create --region RegionOne \</span>
  compute public http://172.16.10.50:8774/v2.1/%\<span style="color:#999999">(</span>tenant_id\<span style="color:#999999">)</span>s</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack endpoint create --region RegionOne \</span>
  compute internal http://172.16.10.50:8774/v2.1/%\<span style="color:#999999">(</span>tenant_id\<span style="color:#999999">)</span>s</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack endpoint create --region RegionOne \</span>
  compute admin http://172.16.10.50:8774/v2.1/%\<span style="color:#999999">(</span>tenant_id\<span style="color:#999999">)</span>s</code></span></span>

查看注册是否成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># openstack host list</span>
+-----------+-------------+----------+
<span style="color:#9a6e3a">|</span> Host Name <span style="color:#9a6e3a">|</span> Service     <span style="color:#9a6e3a">|</span> Zone     <span style="color:#9a6e3a">|</span>
+-----------+-------------+----------+
<span style="color:#9a6e3a">|</span> node1     <span style="color:#9a6e3a">|</span> conductor   <span style="color:#9a6e3a">|</span> internal <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> node1     <span style="color:#9a6e3a">|</span> consoleauth <span style="color:#9a6e3a">|</span> internal <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> node1     <span style="color:#9a6e3a">|</span> scheduler   <span style="color:#9a6e3a">|</span> internal <span style="color:#9a6e3a">|</span>
+-----------+-------------+----------+</code></span></span>

 

Nova计算节点的部署

http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/nova-compute-install.html 

计算节点是真正运行虚拟机的节点,其硬件配置决定了可以运行多少虚拟机。并且这些节点需要支持CPU虚拟化。

确定CPU是否支持虚拟机的硬件加速:(结果不为0,表示支持)

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#dd4a68">egrep</span> -c <span style="color:#669900">'(vmx|svm)'</span> /proc/cpuinfo</code></span></span>

此处的计算节点已经在前面安装了对应的服务。

修改计算节点nova配置:(由于和控制节点的大部分配置类似,直接从控制节点scp配置文件到本地修改,并修改用户权限)

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># scp 172.16.10.50:/etc/nova/nova.conf  ./nova1.conf</span>
<span style="color:slategray"># chown root:nova nova1.conf </span>
<span style="color:slategray"># mv nova.conf  nova.conf-bak</span>
<span style="color:slategray"># mv nova1.conf  nova.conf</span></code></span></span>

修改配置文件:

删除[database]中connection的配置参数。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray">#connection = mysql+pymysql://nova:nova@172.16.10.50/nova</span>
<span style="color:slategray">#connection = mysql+pymysql://nova:nova@172.16.10.50/nova_api</span></code></span></span>

 

在``[vnc]``部分,启用并配置远程控制台访问:

打开注释:

<span style="color:#333333"><span style="color:black"><code class="language-bash">enabled<span style="color:#9a6e3a">=</span>true
novncproxy_base_url<span style="color:#9a6e3a">=</span>http://172.16.10.50:6080/vnc_auto.html
vncserver_listen<span style="color:#9a6e3a">=</span>0.0.0.0 
vncserver_proxyclient_address<span style="color:#9a6e3a">=</span>172.16.10.51 <span style="color:slategray">#修改为本地主机ip</span></code></span></span>

打开默认的KVM虚拟化:

<span style="color:#333333"><span style="color:black"><code class="language-bash">virt_type<span style="color:#9a6e3a">=</span>kvm</code></span></span>

 

启动计算服务及其依赖,并将其配置为随系统自动启动:

<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl <span style="color:#dd4a68">enable</span> libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service</code></span></span>

验证操作是否正常:

在控制节点查看:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># source admin-openstack.sh </span>
<span style="color:slategray"># openstack  host list</span>
+-----------+-------------+----------+
<span style="color:#9a6e3a">|</span> Host Name <span style="color:#9a6e3a">|</span> Service     <span style="color:#9a6e3a">|</span> Zone     <span style="color:#9a6e3a">|</span>
+-----------+-------------+----------+
<span style="color:#9a6e3a">|</span> node1     <span style="color:#9a6e3a">|</span> conductor   <span style="color:#9a6e3a">|</span> internal <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> node1     <span style="color:#9a6e3a">|</span> consoleauth <span style="color:#9a6e3a">|</span> internal <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> node1     <span style="color:#9a6e3a">|</span> scheduler   <span style="color:#9a6e3a">|</span> internal <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> node2     <span style="color:#9a6e3a">|</span> compute     <span style="color:#9a6e3a">|</span> nova     <span style="color:#9a6e3a">|</span>
+-----------+-------------+----------+
<span style="color:slategray"># nova image-list</span>
+--------------------------------------+--------+--------+--------+
<span style="color:#9a6e3a">|</span> ID                                   <span style="color:#9a6e3a">|</span> Name   <span style="color:#9a6e3a">|</span> Status <span style="color:#9a6e3a">|</span> Server <span style="color:#9a6e3a">|</span>
+--------------------------------------+--------+--------+--------+
<span style="color:#9a6e3a">|</span> 82c3ba8f-4930-4e32-bd1b-34881f5eb4cd <span style="color:#9a6e3a">|</span> cirros <span style="color:#9a6e3a">|</span> ACTIVE <span style="color:#9a6e3a">|</span>        <span style="color:#9a6e3a">|</span>
+--------------------------------------+--------+--------+--------+</code></span></span>

出现上面的结果,证明计算节点的安装正常。
 

 

OpenStack网络服务-Neutron
 

Neutron由一个Neutron Server提供服务,主要包含一些二层的插件,如Linux Bridge,openvSwitch,DHCP-Agent, L3-Agent ,LBAAS-Agent 和其他组件等。模拟了实际物理网络中的服务和协议。

 

安装部署

http://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/neutron-controller-install-option1.html 

Neutron有两种网络架构,单一扁平网络和负杂的多网段网络,这里以单一扁平网络为例。

安装部署需要在控制节点和计算节点上安装对应的服务,之前已经安装,此处跳过此步骤。

 

数据库配置

编辑``/etc/neutron/neutron.conf`` 文件并在控制节点完成如下操作:

在 [database] 部分,配置数据库访问:

<span style="color:#333333"><span style="color:black"><code class="language-bash">connection <span style="color:#9a6e3a">=</span> mysql+pymysql://neutron:neutron@172.16.10.50/neutron</code></span></span>

配置Keystone

在 “[DEFAULT]” 和 “[keystone_authtoken]” 部分,配置认证服务访问:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>DEFAULT<span style="color:#999999">]</span>
auth_strategy <span style="color:#9a6e3a">=</span> keystone</code></span></span>

 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>keystone_authtoken<span style="color:#999999">]</span>
auth_uri <span style="color:#9a6e3a">=</span> http://172.16.10.50:5000
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
memcached_servers <span style="color:#9a6e3a">=</span> 172.16.10.50:11211
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> neutron
password <span style="color:#9a6e3a">=</span> neutron</code></span></span>

配置RabbitMQ

在 “[DEFAULT]” 和 “[oslo_messaging_rabbit]”部分,配置 “RabbitMQ” 消息队列的连接:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>DEFAULT<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
rpc_backend <span style="color:#9a6e3a">=</span> rabbit</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># 修改注释</span>
<span style="color:#999999">[</span>oslo_messaging_rabbit<span style="color:#999999">]</span>
rabbit_host <span style="color:#9a6e3a">=</span> 172.16.10.50
rabbit_userid <span style="color:#9a6e3a">=</span> openstack
rabbit_password <span style="color:#9a6e3a">=</span> openstack</code></span></span>

neutron的其他配置

在``[DEFAULT]``部分,启用ML2插件并禁用其他插件:

<span style="color:#333333"><span style="color:black"><code class="language-bash">core_plugin <span style="color:#9a6e3a">=</span> ml2
service_plugins <span style="color:#9a6e3a">=</span></code></span></span>

配置nova

在``[DEFAULT]``和``[nova]``部分,配置网络服务来通知计算节点的网络拓扑变化:

<span style="color:#333333"><span style="color:black"><code class="language-bash">notify_nova_on_port_status_changes <span style="color:#9a6e3a">=</span> <span style="color:#990055">true</span>
notify_nova_on_port_data_changes <span style="color:#9a6e3a">=</span> <span style="color:#990055">true</span></code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>nova<span style="color:#999999">]</span>
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
region_name <span style="color:#9a6e3a">=</span> RegionOne
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> nova
password <span style="color:#9a6e3a">=</span> nova</code></span></span>

在 [oslo_concurrency] 部分,配置锁路径:

<span style="color:#333333"><span style="color:black"><code class="language-bash">lock_path <span style="color:#9a6e3a">=</span> /var/lib/neutron/tmp</code></span></span>

 

配置 Modular Layer 2 (ML2) 插件

ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施.

编辑``/etc/neutron/plugins/ml2/ml2_conf.ini``文件并完成以下操作:

在``[ml2]``部分,启用flat和VLAN网络:

<span style="color:#333333"><span style="color:black"><code class="language-bash">type_drivers <span style="color:#9a6e3a">=</span> flat,vlan,gre,vxlan,geneve</code></span></span>

在``[ml2]``部分,禁用私有网络:

<span style="color:#333333"><span style="color:black"><code class="language-bash">tenant_network_types <span style="color:#9a6e3a">=</span></code></span></span>

在``[ml2]``部分,启用Linuxbridge机制:

<span style="color:#333333"><span style="color:black"><code class="language-bash">mechanism_drivers <span style="color:#9a6e3a">=</span> linuxbridge,openvswitch</code></span></span>

在``[ml2]`` 部分,启用端口安全扩展驱动:

<span style="color:#333333"><span style="color:black"><code class="language-bash">extension_drivers <span style="color:#9a6e3a">=</span> port_security</code></span></span>

在``[ml2_type_flat]``部分,配置公共虚拟网络为flat网络

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>ml2_type_flat<span style="color:#999999">]</span>
flat_networks <span style="color:#9a6e3a">=</span> public</code></span></span>

在 ``[securitygroup]``部分,启用 ipset 增加安全组规则的高效性:

<span style="color:#333333"><span style="color:black"><code class="language-bash">enable_ipset <span style="color:#9a6e3a">=</span> <span style="color:#990055">true</span></code></span></span>

 

配置Linuxbridge代理

Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则。

编辑``/etc/neutron/plugins/ml2/linuxbridge_agent.ini``文件并且完成以下操作:

在``[linux_bridge]``部分,将公共虚拟网络和公共物理网络接口对应起来:

<span style="color:#333333"><span style="color:black"><code class="language-bash">physical_interface_mappings <span style="color:#9a6e3a">=</span> public:eth0</code></span></span>

在``[vxlan]``部分,禁止VXLAN覆盖网络:

<span style="color:#333333"><span style="color:black"><code class="language-bash">enable_vxlan <span style="color:#9a6e3a">=</span> False</code></span></span>

在 ``[securitygroup]``部分,启用安全组并配置 Linuxbridge iptables firewall driver:

<span style="color:#333333"><span style="color:black"><code class="language-bash">enable_security_group <span style="color:#9a6e3a">=</span> <span style="color:#990055">true</span>
firewall_driver <span style="color:#9a6e3a">=</span> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver</code></span></span>


配置DHCP代理

编辑``/etc/neutron/dhcp_agent.ini``文件并完成下面的操作:

在``[DEFAULT]``部分,配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据:

<span style="color:#333333"><span style="color:black"><code class="language-bash">interface_driver <span style="color:#9a6e3a">=</span> neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver <span style="color:#9a6e3a">=</span> neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata <span style="color:#9a6e3a">=</span> True</code></span></span>

配置元数据代理

编辑``/etc/neutron/metadata_agent.ini``文件并完成以下操作:

在``[DEFAULT]`` 部分,配置元数据主机以及共享密码:

<span style="color:#333333"><span style="color:black"><code class="language-bash">nova_metadata_ip <span style="color:#9a6e3a">=</span> 172.16.10.50
metadata_proxy_shared_secret <span style="color:#9a6e3a">=</span> trying</code></span></span>

为nova配置网络服务

编辑``/etc/nova/nova.conf``文件并完成以下操作:

在``[neutron]``部分,配置访问参数,启用元数据代理并设置密码:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>neutron<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
url <span style="color:#9a6e3a">=</span> http://172.16.10.50:9696
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
region_name <span style="color:#9a6e3a">=</span> RegionOne
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> neutron
password <span style="color:#9a6e3a">=</span> neutron</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash">service_metadata_proxy<span style="color:#9a6e3a">=</span>true
metadata_proxy_shared_secret <span style="color:#9a6e3a">=</span> trying</code></span></span>

完成安装

网络服务初始化脚本需要一个软链接 /etc/neutron/plugin.ini``指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini``。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini</span></code></span></span>

同步数据库:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \</span>
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron</code></span></span>

重启计算API 服务:

<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl restart openstack-nova-api.service</code></span></span>

当系统启动时,启动 Networking 服务并配置它启动

<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl <span style="color:#dd4a68">enable</span> neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service</code></span></span>
<span style="color:#333333"><span style="color:black"><code class="language-bash">systemctl start neutron-server.service \  
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \  
neutron-metadata-agent.service</code></span></span>

在keystone上完成注册

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># source  admin-openstack.sh </span>
<span style="color:slategray"># openstack service create --name neutron   --description "OpenStack Networking" network</span>
<span style="color:slategray"># openstack endpoint create --region RegionOne \ </span>
 network public http://172.16.10.50:9696 
<span style="color:slategray"># openstack endpoint create --region RegionOne \ </span>
 network internal http://172.16.10.50:9696 
<span style="color:slategray"># openstack endpoint create --region RegionOne \  </span>
 network admin http://172.16.10.50:9696</code></span></span>

验证neutron是否验证成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># neutron agent-list</span>
+------------------+------------------+-------+-------------------+-------+----------------+-------------------+
<span style="color:#9a6e3a">|</span> <span style="color:#dd4a68">id</span>               <span style="color:#9a6e3a">|</span> agent_type       <span style="color:#9a6e3a">|</span> host  <span style="color:#9a6e3a">|</span> availability_zone <span style="color:#9a6e3a">|</span> alive <span style="color:#9a6e3a">|</span> admin_state_up <span style="color:#9a6e3a">|</span> binary            <span style="color:#9a6e3a">|</span>
+------------------+------------------+-------+-------------------+-------+----------------+-------------------+
<span style="color:#9a6e3a">|</span> 172afad4-755b-47 <span style="color:#9a6e3a">|</span> Linux bridge     <span style="color:#9a6e3a">|</span> node1 <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-          <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> a1-81e8-d38056e2 <span style="color:#9a6e3a">|</span> agent            <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                <span style="color:#9a6e3a">|</span> linuxbridge-agent <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> 441e             <span style="color:#9a6e3a">|</span>                  <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> 7f568fdf-192f-45 <span style="color:#9a6e3a">|</span> Metadata agent   <span style="color:#9a6e3a">|</span> node1 <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-metadata- <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> bd-8436-b48ecb5d <span style="color:#9a6e3a">|</span>                  <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                <span style="color:#9a6e3a">|</span> agent             <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> 7480             <span style="color:#9a6e3a">|</span>                  <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> fda9f554-952a-4b <span style="color:#9a6e3a">|</span> DHCP agent       <span style="color:#9a6e3a">|</span> node1 <span style="color:#9a6e3a">|</span> nova              <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-dhcp-     <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> 7e-8509-f2641a65 <span style="color:#9a6e3a">|</span>                  <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                <span style="color:#9a6e3a">|</span> agent             <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> 95c9             <span style="color:#9a6e3a">|</span>                  <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>       <span style="color:#9a6e3a">|</span>                <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span>
+------------------+------------------+-------+-------------------+-------+----------------+-------------------+</code></span></span>

 

在计算节点上安装Neutron

计算节点的配置和控制节点的配置文件是类似的,我们可以将控制节点的文件直接复制到计算节点进行修改。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># scp /etc/neutron/neutron.conf  172.16.10.51:/etc/neutron/ </span>
<span style="color:slategray"># scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini </span>
 172.16.10.51:/etc/neutron/plugins/ml2/
<span style="color:slategray"># chown root.neutron /etc/neutron/plugins/ml2/linuxbridge_agent.ini #scp后的文件</span></code></span></span>

删除neutron.conf上[database]的配置部分,删除所有``connection`` 项,因为计算节点不直接访问数据库。

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># connection = mysql+pymysql://neutron:neutron@172.16.10.50/neutron</span></code></span></span>

 

同时删除[nova]部分的配置:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>nova<span style="color:#999999">]</span>
<span style="color:#999999">..</span>.
<span style="color:slategray">#auth_url = http://172.16.10.50:35357</span>
<span style="color:slategray">#auth_type = password</span>
<span style="color:slategray">#project_domain_name = default</span>
<span style="color:slategray">#user_domain_name = default</span>
<span style="color:slategray">#region_name = RegionOne</span>
<span style="color:slategray">#project_name = service</span>
<span style="color:slategray">#username = nova</span>
<span style="color:slategray">#password = nova</span></code></span></span>

注释掉核心plugin的选项:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray">#core_plugin = ml2</span>
<span style="color:slategray">#service_plugins =</span></code></span></span>

注释掉nova端口通知的选项:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray">#notify_nova_on_port_status_changes = true</span>
<span style="color:slategray">#notify_nova_on_port_data_changes = true</span></code></span></span>

查看计算节点/etc/neutron/plugins/ml2/linuxbridge_agent.ini的配置信息: 

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>root@node2 ~<span style="color:#999999">]</span><span style="color:slategray"># grep '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini </span>
physical_interface_mappings <span style="color:#9a6e3a">=</span> public:eth0
firewall_driver <span style="color:#9a6e3a">=</span> neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group <span style="color:#9a6e3a">=</span> True
enable_vxlan <span style="color:#9a6e3a">=</span> False</code></span></span>

 

修改计算节点上nova的配置文件/etc/nova/nova.conf,和控制节点的一致:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>neutron<span style="color:#999999">]</span>
url <span style="color:#9a6e3a">=</span> http://172.16.10.50:9696
auth_url <span style="color:#9a6e3a">=</span> http://172.16.10.50:35357
auth_type <span style="color:#9a6e3a">=</span> password
project_domain_name <span style="color:#9a6e3a">=</span> default
user_domain_name <span style="color:#9a6e3a">=</span> default
region_name <span style="color:#9a6e3a">=</span> RegionOne
project_name <span style="color:#9a6e3a">=</span> <span style="color:#dd4a68">service</span>
username <span style="color:#9a6e3a">=</span> neutron
password <span style="color:#9a6e3a">=</span> neutron</code></span></span>

重启计算节点Nova-compute

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># systemctl restart openstack-nova-compute</span></code></span></span>

启动neutron-linuxbridge-agent:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:slategray"># systemctl enable neutron-linuxbridge-agent.service</span>
<span style="color:slategray"># systemctl start neutron-linuxbridge-agent.service</span></code></span></span>

 

在控制节点上验证是否成功:

<span style="color:#333333"><span style="color:black"><code class="language-bash"><span style="color:#999999">[</span>root@node1 ~<span style="color:#999999">]</span><span style="color:slategray"># neutron agent-list</span>
+--------------------------------------+--------------------+-------+-------------------+-------+----------------+---------------------------+
<span style="color:#9a6e3a">|</span> <span style="color:#dd4a68">id</span>                                   <span style="color:#9a6e3a">|</span> agent_type         <span style="color:#9a6e3a">|</span> host  <span style="color:#9a6e3a">|</span> availability_zone <span style="color:#9a6e3a">|</span> alive <span style="color:#9a6e3a">|</span> admin_state_up <span style="color:#9a6e3a">|</span> binary                    <span style="color:#9a6e3a">|</span>
+--------------------------------------+--------------------+-------+-------------------+-------+----------------+---------------------------+
<span style="color:#9a6e3a">|</span> 172afad4-755b-47a1-81e8-d38056e2441e <span style="color:#9a6e3a">|</span> Linux bridge agent <span style="color:#9a6e3a">|</span> node1 <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-linuxbridge-agent <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> 7f568fdf-192f-45bd-8436-b48ecb5d7480 <span style="color:#9a6e3a">|</span> Metadata agent     <span style="color:#9a6e3a">|</span> node1 <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-metadata-agent    <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> cb3f16cf-c8dd-4a6b-b9e8-71622cde1774 <span style="color:#9a6e3a">|</span> Linux bridge agent <span style="color:#9a6e3a">|</span> node2 <span style="color:#9a6e3a">|</span>                   <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-linuxbridge-agent <span style="color:#9a6e3a">|</span>
<span style="color:#9a6e3a">|</span> fda9f554-952a-4b7e-8509-f2641a6595c9 <span style="color:#9a6e3a">|</span> DHCP agent         <span style="color:#9a6e3a">|</span> node1 <span style="color:#9a6e3a">|</span> nova              <span style="color:#9a6e3a">|</span> :-<span style="color:#999999">)</span>   <span style="color:#9a6e3a">|</span> True           <span style="color:#9a6e3a">|</span> neutron-dhcp-agent        <span style="color:#9a6e3a">|</span>
+--------------------------------------+--------------------+-------+-------------------+-------+----------------+---------------------------+</code></span></span>

node2已经添加进来,说明配置成功。

提示:如果此过程无法正常获取node2的状态,检查配置文件neutron权限,防火墙和selinux的设置。

老薛的猫出海抓鱼不在这
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
openstack 搭建
06-08
本次主要是通过参考open stack官网的搭建过程自行搭建的open stack,以及出现问题的对应解决方案
OpenStack搭建指南
10-16
OpenStack搭建指南
OpenStack组件精讲——镜像服务
qq_50987736的博客
05-31 1477
OpenStack组件精讲——glance镜像服务
计算|OpenStack|社区版OpenStack安装部署文档(十一--- 如何获取镜像---Rocky版)
zsk_john的技术分享专用博客
02-10 2033
前面我们使用虚拟机搭建了一个openstack集群,也就是在VM虚拟机的基础上模拟了一个简单的基于openstack社区版Rocky的私有,但,不管任何部署安装工作,最后其实都是需要有实际的应用的,也就是常说的实务(实际业务) 那么,在前面搭建的这个私有里,我们能做些什么?如何做?
OpenStack安装搭建过程
最新发布
小李学不完的博客
03-11 1366
准备OpenStack安装环境、创建实验用的虚拟机实例。禁用防火墙与SELinux、停用NetworkManager服务。设置网络、设置主机名。更改语言编码。设置时间同步。安装所需要的软件库、安装Packstack安装器、运行Packstack安装Openstack
openstack计算平台 4(镜像封装、块存储服务)
qq_38664479的博客
12-30 889
目录一、镜像封装二、块存储服务1.简介2.环境部署3.安装并配置控制节点4.安装并配置一个存储节点5.验证操作 一、镜像封装 目前我们只有一个测试镜像,接下来我们去构建一个镜像 点击虚拟机镜像指导手册:点击 点击centOS镜像 通过图像化方式virt-manager管理虚拟机; 通过ISO安装 封装的是7.6版本的 选择内存和CPU 选择磁盘镜像 起名为nova,点击运行 进入后修改时区,禁用KDUMP 选择自定义分区 只需要一个根分区即可 7.6版本默认是xfs文件系统 赋予超户
OpenStack搭建史上最详细步骤 (快速入手)
3322855165
04-18 5万+
OpenStack搭建最为详细的步骤,VMware上配置controller(控制)节点和compute节点并搭建OpenStack,一边学习一边整理的一些资料,对于小白来说很好用,支持一下
OpenStack搭建
2301_78349581的博客
09-04 1万+
OpenStack搭建 1.前置阶段 环境准备 ​ 本实验以 OpenStack(Train版)计算平台的官方技术文档为依据,逐步引导读者动手完成平台搭建工作。 1.1 规划拓扑图 虚拟机 控制节点 计算节点 存储节点 备注 主机名 controller compute storage - CPU 2核心 2核心 - - 硬盘 100GB 100GB 20GB 建议手动设置磁盘分区 内存 8GB 4GB - - 网卡1 ens33 NAT 192.168.182.1
openstack搭建-openstack搭建.docx
10-19
根据官网进行openstack搭建流程,能让你轻松的部署open stack环境其中包括了几大部分:open stack的各大组件以及组件的各个功能,之间的关系是如何形成。而且后面也总结了一些安装过程中可能遇到的一些问题
openstack搭建文档
12-05
详细的openstack搭建文档,花了一学期搭建完成,可以正常使用
openstack搭建的详细步骤
11-26
openstack搭建的详细步骤pdf版,本人按照B站某视频搭建完成,步骤详细,放心食用。
OpenStack平台搭建
qq_51641196的博客
01-27 5747
参考:https://blog.csdn.net/m0_45692110/article/details/122628664https://huaweicloud.csdn.net/635607c3d3efff3090b58eb4.html一、虚拟机准备controller和compute虚拟机,使用centos7操作系统,下面给出一些需要修改的地方,其他都可以使用默认,点击下一步即可contr...
OpenStack搭建与使用
houxiongxiong的博客
07-08 3251
openstack的简单搭建与使用过程。
OpenStack平台搭建
weixin_45940248的博客
10-21 1701
1 基本环境配置 拓扑图如图所示,IP 地址规划如图所示。 双节点,controller控制节点和compute计算节点。enp8s0为外部网络,enp9s0为内部管理网络 【CentOS7 版本】 CentOS7 系统选择 1511 版本:CentOS-7-x86_64-DVD-1511.iso ## 1.1 配置网络,主机名并修改hosts文件 修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*(具体的网口)文件。 (1)controller 节点 配置网络:
手把手教你搭建OpenStack平台(超级详细)
热门推荐
m0_45692110的博客
01-22 17万+
一、前言 OpenStack平台搭建需要两个节点,一个是controller(控制节点),另一个是compute(计算节点)。 控制节点(controller)规划如下: 一块200G的硬盘。两块网卡,第一块网卡IP地址使用192.168.100.10,第二块网卡IP地址使用192.168.200.10。 计算节点(compute)规划如下: 一块200G的硬盘和一块100G的硬盘。两块网卡,第一块网卡IP地址使用192.168.100.20,第二块网卡IP地址...
OpenStack安装部署
qq_28645079的博客
09-21 1379
选用三台主机,每台主机配置双网口进行支持。控制:代表需要运行的程序控制程序:包含控制服务control、网络服务Neutrun,监控服务monitor,部署服务deploy。计算:则是负载实际虚拟机的生产,主要包含存储Storage(本篇采用LVM进行实现),计算Nova。整个网络架构图如下默认的磁盘做了raid信息。/dev/sda 由4个盘做raid5,挂载与/目录/dev/sdb 由8个盘做raid5,配置成LVM,提供磁盘服务。
计算 openstack 平台搭建详细教程(基于 Vmware 虚拟机搭建
唤醒手腕的博客
10-25 1万+
早在1988年,类似计算概念的“网络就是计算机”概念就被 SUN 微系统公司 的合作创建者约翰 · 盖奇首次提出,但第一个提出计算概念走向落地的厂商却是亚马逊,这主要与其当时的业务模式有很大关系。美国国家航空航天局(NASA)也一直在研究提供类似功能的服务,毕竟这种用于研究的科研机构同样需要强大的计算能力,但一直没有取得太大的进展。直到遇到Rackspace,双方联手后才开始将OpenStack的初级形态构建完成。
Openstack搭建
m0_56693018的博客
10-16 1538
5,Yum安装源配置 openstack,nova01 ,nova02都需要做。主机名与DNS配置openstack,nova01 ,nova02都需要做。时间服务器配置 openstack,nova01 ,nova02都需要做。以下操作,openstack,nova01 ,nova02都需要做。使用应答文件安装,只需要在 openstack 上安装即可。只需要在 openstack 上安装即可。nova01 ,nova02安装。4,openstack系统环境安装配置。卸载 NetworkManager。
openstack搭建openstack平台部署-详细完整教程
qq_45346421的博客
10-26 9655
Openstack硬件环境:Vmware虚拟机3台,控制节点配置需求4C8G20G,计算节点2C4G20GOpenstack网络要求:至少一套网络,使用Vmware虚拟机的网络即可操作系统要求:centos7*即可,openstack开源版本均支持大部分开源操作系统,centos、ubnutu、suse等等,centos7操作系统的安装详见操作系统安装文档。本指南中使用的ip控制节点:controller:192.168.44.3计算节点:compute1:192.168.44.4。
openstack搭建
03-27
下面是OpenStack搭建的步骤: 1. 安装Ubuntu操作系统 OpenStack可以在多种操作系统上运行,但Ubuntu是最常用的操作系统之一。安装Ubuntu操作系统的步骤可以参考官方文档。 2. 安装OpenStack 使用apt-get命令安装...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值