OpenStack部署(未完成)

最新推荐文章于 2023-05-15 12:11:39 发布
最新推荐文章于 2023-05-15 12:11:39 发布
阅读量531 收藏
点赞数
分类专栏: OpenStack 文章标签: openstack
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/blueicex2017/article/details/120970573
版权

1. 部署准备

1.1 拓扑结构
1.2 基础配置

1.2.1

2. keystone服务

在controller node上

2.1 建库keystone授权
mysql -e "CREATE DATABASE keystone;" 
mysql -e  "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -e  "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -e "flush privileges;"


#### 2.2 安装keystone服务及配套工具

```bash
#此处需要epel源和base源倒换
yum install openstack-keystone httpd mod_wsgi  openstack-utils -y
2.3 配置keystone组件
cp  /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf

#配置为登录方式为令牌
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
#配置数据库
openstack-config --set /etc/keystone/keystone.conf database connection  mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
#配置Fernet token provider
openstack-config --set /etc/keystone/keystone.conf token provider fernet
2.4 同步数据库、初始化始化Fernet key
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2.5 配置httpd wsgi
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
cp /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl start httpd && systemctl enable httpd
2.6 启动服务
systemctl start httpd && systemctl enable httpd
2.7 创建服务并注册端口
#设置临时变量
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStatck Identity" identity
openstack endpoint create --region RgionOne identity public http://controller:5000/v3
openstack endpoint create --region RgionOne identity internal http://controller:5000/v3
openstack endpoint create --region RgionOne identity admin http://controller:5000/v3
2.8 创建域\项目\用户\租户,并关联角色
openstack domain create --description "Default Domain" default
openstack project create --domain default --description "Admin Project"  admin 
openstack user create --domain default --description "Admin user" --password ADMIN_PASS  admin
openstack role create admin
openstack role add --project admin --user admin admin
2.9 创建自启动变量脚本
vim /etc/profile.d/admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
echo "source /etc/profile.d/admin-openrc" >>/etc/bashrc
2.10 验证认证服务
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue 
#此时检查不到信息
openstack user list
openstack domain list
openstack project list
openstack endpoint list
openstack token issue
netstat -tulp|grep 25074

3. glance服务

在controller node上

3.1 建库glance授权
mysql -e "CREATE DATABASE glance;" 
mysql -e  "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';"
mysql -e  "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; "
mysql -e "flush privileges;"
#验证
mysql -e  "SELECT DISTINCT User FROM mysql.user;"
3.2 创建用户/服务,并注册端口
openstack user create --domain default --description "glance user" --password GLANCE_PASS  glance 
openstack project create --domain default --description "service Project"  service 
openstack role add --project service --user glance admin

openstack service create --name glance --description "OpenStatck image" image
openstack endpoint create --region RgionOne image public http://controller:9292
openstack endpoint create --region RgionOne image internal http://controller:9292
openstack endpoint create --region RgionOne image admin http://controller:9292

3.3 验证

openstack role assignment list
openstack role list
openstack user list
openstack project list
3.3 安装和配置组件

3.3.1 安装组件

yum install openstack-glance -y

3.3.2 配置组件 glance-api

#配置数据库
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
#配置本地文件系统存储和映像文件的位置
openstack-config --set /etc/glance/glance-api.conf glance_store  stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store  default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store  filesystem_store_datadir /var/lib/glance/images/
#配置认证服务访问
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name  default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username  glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

3.3.3 配置组件 glance-registry

#配置数据库
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
#配置认证服务访问
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri  http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url  http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name  default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name   default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name  service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username   glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password  GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy  flavor keystone
3.4 同步及验证数据库

3.4.1 同步数据库

su -s /bin/sh -c "glance-manage db_sync" glance

3.4.2 验证数据库

mysql -e "show tables;" glance
3.5 启动验证服务

3.5.1 启动服务

systemctl enable openstack-glance-api.service 
systemctl start openstack-glance-api.service  
netstat -tulp|grep 9292

上传cirros-0.3.4-x86_64-disk到10.0.0.11

或者wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

3.5.1 验证服务

openstack image list
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
ll /var/lib/glance/images/

4. compute服务

在controller node

4.1 建库授权
mysql -e "CREATE DATABASE nova_api;"
mysql -e "CREATE DATABASE nova;"
mysql -e "CREATE DATABASE nova_cell0;"
 
mysql -e  "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e  "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e  "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e  "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost'  IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%'  IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "flush privileges;"
#验证
mysql -e  "SELECT DISTINCT User FROM mysql.user;"
4.2 创建用户/服务并注册端口
#创建计算用户nova
openstack user create --domain default --description "nova user" --password NOVA_PASS  nova
#关联用户nova为admin角色 
openstack role add --project service --user nova admin
#注册nova api端点
openstack service create --name nova --description "OpenStatck compute" compute
openstack endpoint create --region RgionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RgionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RgionOne compute admin http://controller:8774/v2.1
#创建placement服务用户
openstack user create --domain default --description "placement user" --password NOVA_PASS  placement 
#关联placement用户为admin角色
openstack role add --project service --user placement  admin
#注册placement api端点
openstack service create --name placement --description "Placement api" placement
#创建Placement API服务端点
openstack endpoint create --region RegionOne placement public http://controller:8778  
openstack endpoint create --region RegionOne placement internal http://controller:8778 
openstack endpoint create --region RegionOne placement admin http://controller:8778
4.3 安装组件
yum install openstack-nova-api openstack-nova-conductor  openstack-nova-console openstack-nova-novncproxy  openstack-nova-scheduler openstack-nova-placement-api  -y
4.4 配置组件
cp /etc/nova/nova.conf{,.bak}

#启用计算和元数据API
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url  rabbit://openstack:RABBIT_PASS@controller
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone 
#使用控制节点的管理接口IP地址配置my_ip选项
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.11
#启用对网络服务的支持
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
#配置数据库访问
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api 
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
#配置Image服务API的位置
openstack-config --set /etc/nova/nova.conf glance api_servers  http://controller:9292
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000/v3 
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#配置VNC
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'

#配置placement-api
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password NOVA_PASS
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
4.5 修复placement-api bug
vim /etc/httpd/conf.d/00-nova-placement-api.conf
Listen 8778
<VirtualHost *:8778>
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
  WSGIScriptAlias / /usr/bin/nova-placement-api
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  ErrorLog /var/log/nova/nova-placement-api.log 
  #增加内容开始
  <Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
  </Directory>
  #增加内容结束
  #SSLEngine On
  #SSLCertificateFile ...
  #SSLCertificateKeyFile ...
</VirtualHost>

Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>
  SetHandler wsgi-script
  Options +ExecCGI
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
</Location>

#重启httpd 
systemctl restart httpd
4.6 同步数据库
#同步nova-api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
#注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#创建cell1 cell
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#同步nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
#验证 nova、 cell0、 cell1数据库是否注册正确
nova-manage cell_v2 list_cells
#验证
mysql -e "show tables" nova_api
mysql -e "show tables" nova
4.7 启动服务
systemctl enable openstack-nova-api.service  openstack-nova-consoleauth.service openstack-nova-scheduler.service  openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service 
#验证
openstack compute service list
nova service-list
#vnc访问http://10.0.0.11:6080
4.8 安装配置计算节点compute服务

在compute1 node

4.8.1 安装服务

yum install openstack-nova-compute openstack-utils -y

4.8.2 配置服务

cp /etc/nova/nova.conf{,.bak}

#启用计算和元数据API
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url  rabbit://openstack:RABBIT_PASS@controller
#配置认证服务访问策略
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone 
#使用控制节点的管理接口IP地址配置my_ip选项
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.31 
#启用对网络服务的支持
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
#配置Image服务API的位置
openstack-config --set /etc/nova/nova.conf glance api_servers  http://controller:9292
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000/v3 
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#配置VNC
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc ovncproxy_base_url http://controller:6080/vnc_auto.html
#配置硬件加速
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
# egrep -c '(vmx|svm)' /proc/cpuinfo 为0,必须配置libvirt才能使用QEMU而不是KVM,virt_type = qemu
#配置placement-api
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password NOVA_PASS
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone

4.8.3 启动服务

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

4.8.4 查看日志

tail -f  /var/log/nova/nova-compute.log
4.7 添加compute节点到cell数据库

在controller node上

#验证有几个计算节点在数据库中
openstack compute service list --service nova-compute
#发现计算节点
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
/etc/nova/nova.conf中设置适当的时间间隔
[scheduler]
discover_hosts_in_cells_interval = 300
4.8 验证计算服务

在controller node上

#列出服务组件以验证每个进程成功启动和注册
openstack compute service list
#列出身份服务中的API端点以验证与身份服务的连接
openstack catalog list
#列出Image服务中的镜像以验证与Image服务的连通性
openstack image list
#检查cells和placement API是否正常运行
nova-status upgrade check

5. neutron服务

在controller node上

5.1 创建数据库
mysql -e "CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
5.2 创建neutron用户
openstack user create --domain default --description "neutron user" --password NEUTRON_PASS  neutron
5.3 添加admin角色到neutron用户
openstack role add --project service --user neutron admin
5.4 注册neutron
openstack service create –name neutron  -description “OpenStack Networking” network
5.5 创建网络注册neutron服务API端点
openstack endpoint create –region RegionOne network public http://controller:9696
openstack endpoint create –region RegionOne network internal http://controller:9696
openstack endpoint create –region RegionOne network admin http://controller:9696
5.6 安装组件
yum install openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables -y
5.7 配置组件

5.7.1 公共组件配置

cp /etc/neutron/neutron.conf{,.bak}
grep -Ev ^[a-z] /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf

#启用模块化第2层(ML2)插件,路由器服务和overlapping IP addresses
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
#配置消息队列类型
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
#配置认证服务访问策略
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
#配置计算服务网络通知状态及更改
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
#配置认证服务访问
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
#配置计算网络拓扑
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
#配置消息队列
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#*
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
#配置RabbitMQ消息队列访问
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller

5.7.2 网络二层插件配置

cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep -Ev ^[a-z] /etc/neutron/plugins/ml2/ml2_conf.ini.bak>/etc/neutron/plugins/ml2/ml2_conf.ini

#启用 flat, VLAN, and VXLAN 网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
#启用VXLAN 自助服务网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
#启用Linux网桥和第2层集群机制
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
# 启用端口安全扩展驱动程序
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
#将提供者虚拟网络配置为扁平网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
#启用ipset以提高安全组规则的效率
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
#*
#为自助服务网络配置VXLAN网络标识符范围
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000

5.7.3 linux网桥代理配置

cp  /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

#将提供者虚拟网络映射到提供者物理网络接口ens33
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
#启用安全组并配置Linux网桥iptables防火墙驱动程序
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#启用vxlan隧道网络,配置处理隧道网络的物理网络接口的IP地址,并启用layer-2 population 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
#* 如果是true,需要配置隧道网络,也就是自助服务网络,需要设置第二块物理网卡,172.16.80.1为外网同网段地址,虚拟机需要桥接
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 172.16.80.1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true

5.7.4 验证所有SysTL值设置为1以确保Linux操作系统内核支持网桥过滤器

vim /usr/lib/sysctl.d/00-system.conf 
  net.bridge.bridge-nf-call-iptables=1
  net.bridge.bridge-nf-call-ip6tables=1
sysctl -p

5.7.5 三层代理配置

cp /etc/neutron/l3_agent.ini{,.bak}
grep -Ev  '^[a-z]' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini

#*
#配置Linux网桥接口驱动程序和外部网络桥接器
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge

5.7.6 DHCP代理配置

cp /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev  '^[a-z]' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini

# 配置Linux网桥接口驱动程序,Dnsmasq DHCP驱动程序,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true

5.7.7 metadata配置

cp /etc/neutron/metadata_agent.ini{,.bak}
grep -Ev  '^[a-z]' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
 
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET

5.7.8 配置计算服务使用网络服务

#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
5.8 启动服务

5.8.1 网络服务初始化脚本需要一个指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini的符号链接/etc/neutron/plugin.ini

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

5.8.2 同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

5.8.3 重启compute API服务

systemctl restart openstack-nova-api.service

5.8.4 启动网络服务 

systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

5.8.5 启动第三层服务(网络服务的第二个选项,自助服务网络`)

systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service
5.9 在compute节点安装网络服务

在compute1 node上

5.9.1 安装组件

yum install openstack-neutron-linuxbridge ebtables ipset

5.9.2 公共组件配置

cp /etc/neutron/neutron.conf{,.bak}
grep -Ev ^[a-z] /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf

#配置消息队列类型
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
#配置认证服务访问策略
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone# 配置认证服务访问
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
#配置计算网络拓扑
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
#配置消息队列
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#*
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
#配置RabbitMQ消息队列访问
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller

5.9.3 Linux网桥配置

cp  /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

#将提供者虚拟网络映射到提供者物理网络接口ens33
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
#启用安全组并配置Linux网桥iptables防火墙驱动程序
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#启用vxlan隧道网络,配置处理隧道网络的物理网络接口的IP地址,并启用layer-2 population 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
#* 如果是true,需要配置隧道网络,也就是自助服务网络,需要设置第二块物理网卡,172.16.80.1为外网同网段地址,虚拟机需要桥接
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 172.16.80.2
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true

5.9.4 配置计算服务使用网络服务

#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS

5.9.5 验证所有SysTL值设置为1以确保Linux操作系统内核支持网桥过滤器

vim /usr/lib/sysctl.d/00-system.conf 
  net.bridge.bridge-nf-call-iptables=1
  net.bridge.bridge-nf-call-ip6tables=1
sysctl -p

5.9.6 重启compute服务

systemctl restart openstack-nova-compute.service

5.9.7 设置网桥服务开机启动

systemctl enable neutron-linuxbridge-agent.service && systemctl start neutron-linuxbridge-agent.service

6. Horizon服务

6.1 安装

在compute1上

yum install openstack-dashboard -y
6.2 配置

6.2.1 setting

vim /etc/openstack-dashboard/local_settings
#配置仪表板以在controller节点上使用OpenStack服务
OPENSTACK_HOST = "controller"
#允许访问仪表板的主机地址,可以为域名和地址,逗号隔开
ALLOWED_HOSTS = ['*']
#配置memcache会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
#开启身份认证API 版本v3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
#配置API版本
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}
#配置Default为您通过仪表板创建的用户的默认域:
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
#将用户配置为通过仪表板创建的用户的默认角色:
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#配置时区
TIME_ZONE = "Asia/Shanghai"

6.2.2 conf

vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
6.3 启动服务
systemctl restart httpd.service memcached.service

————Blueicex 2021/10/26 14:04 blueice1980@126.com

OpenStack Glance上传镜像报错 Errot finding address for httpd://controller:9292/v2/schemas/image... ....
Zcoder`Blog
12-07 4596
OpenStack-Mitaka版 Glance组件上传镜像失败 目录 一、报错信息 二、报错分析 三、解决方法 一、报错信息 Errot finding address for httpd://controller:9292/v2/schemas/image…… # cd /var/log/glance     进入glance日志文件 # cat /var/log/gla...
学习笔记:OpenStack安装和部署
m0_63669543的博客
11-24 5902
OpenStack安装和部署
openstack外篇之认识mysql授权及一些操作
Jian Sun_的博客
11-16 1233
问题导读 1.对于创建的数据库,如何允许本地访问? 2.对于创建的数据库,如何实现远程访问? 3.mysql中%表示的含义是什么? 这里以keystone为例: 下面语句实现了,对keystone用户实现了,本地和远程都可以访问 openstack安装过程中,需要使用mysql,我们经常遇到授权,但是这个授权是什么意思?
openstack 业务组件安装
weixin_44048054的博客
11-23 6080
一、在控制节点( controller )安装 Keystone 1 、登录数据库创建 keystone 数据库 创建并授予 keystone 用户完全操作 keystone 权限 /* 说明: openstack 的账户密码设置中,不支持部分特殊符号,如 “#” ; openstack 本身对密码的复杂度也没有要求,可以设置为不带特殊字符的密码;若在设置 密码时,一定要包含特殊符号, openstack 仅支持如下如下特殊字符: & = $ - _ . + ! * ( ) 也可以对照官方文档做实验验证,
mysql授权localhost&%区别及一直授权错误解决办法
Architect_CSDN的博客
11-16 1336
首先还是附上openstack文档,以此作为例子讲解为什么赋权了%而却一直报权限错误! mysql -u root -pyunjisuan CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'; GRAN...
在 CentOS7.2 上安装 OpenStack Liberty 版
hackvssec的专栏
09-07 9317
在 CentOS7.2 上安装 OpenStack Liberty 版,只安装核心的几个组件 keystone、glance、nova、neutron
通过Fuel部署Openstack.doc
10-26
### 通过Fuel部署OpenStack知识点详解 #### 一、OpenStack与Fuel简介 - **OpenStack**:一个开源云计算管理平台项目,旨在为公有云和私有云提供可扩展的弹性计算服务。OpenStack提供了丰富的API接口,使得开发者...
Openstack 单节点环境一体化部署
最新发布
qq_48947519的博客
05-15 833
在这里插入图片描述](https://img-blog.csdnimg.cn/b75a25f1fc1c487faee010fd1dc6e0d8.png。不确定是否可以上网可以ping一下你当前网络可以打开的网站。保存并退出后重启网卡,重启系统都可以,自己喜欢就好。把画圈的地方改成SELINUX=disabled。下面教你们填写,首先点击编辑-虚拟网络编辑器。ONBOOT=“yes” 下面添加。重启网卡之后就重新使用SSH工具连接。安装过程(不用复制,看就好了)一键部署packstack。
openstack部署过程1
weach的博客
10-03 754
openstack部署过程1 名称 IP地址 主机名称 控制节点 192.168.56.10 Controller 计算节点1 192.168.56.20 Computer1 计算节点2 192.168.56.30 Computer2 1.基础环境准备 使用VMware初始化三台虚拟机 controller节点配置 这里安装了图像化界面GNOME Desktop( 方便偷懒 ???? 设置静态IP 使用命令 vi /etc/sysconfig/network-scripts/i
openstack部署
黑白企鹅
12-21 2730
openstack安装部署 本文介绍的是安装rock版本的openstack,最小化安装用到的组件 keystone(认证) glance(镜像) neutron(网络) nova(计算) dashboard(也叫horizon提供web ui服务) 控制节点地址 计算节点地址 eht0(10.167.130.208)    eth1(192.168.1...
如何验证openstack是否安装成功
逆时针
04-20 4394
验证openstack服务 验证openstack服务 登陆 查看 上传镜像 创建网络 安全组规则 创建实例 通信 很多情况下,我们可以在网络上找到openstack部署安装的教程,但是装完之后要干嘛,还是不知道openstack是什么,有什么用。 下面让我们走进openstack的世界。 登陆 首先当然是打开dashboard的界面,能成功登陆的话,说明用户创建成功...
OpenStack部署过程问题汇总
我的天空 我的梦
09-14 1925
1. Compute节点/var/log/nova-compute.log报错 There was a conflict when trying to complete your request.\n\n Conflicting resource provider name: compute already exists. 解决方式: 停止nova-compute服务 sudo systemctl stop nova-compute.service 删除已有的resource provider
openstack部署过程4
weach的博客
10-14 955
目录一、Placement服务安装1、创库授权2、创建plancement用户,关联角色3、创建服务实体和后端api4、安装并配置Plancement4.1. 手动修改文件内容4.2. 命令行修改文件内容4.3. 同步数据库4.4. 重启httpd服务5.检查Placement服务状态二、Nova服务安装【控制节点】1.创库授权2.创建nova用户,关联角色3.创建服务实体和后端api4、安装并配置Nova4.1.安装nova相关软件包4.2.编辑vim /etc/nova/nova.conf文件4.3.同
openstack报错Unable to establish connection to http://controller:35357/v3/services
热门推荐
controllerha的博客
12-03 2万+
使用openstack命令使发现每一条命令都出现Unable to establish connection to http://controller:35357/v3/services [root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identi
keystone创建服务报错404
qq_52122458的博客
05-31 1951
[root@controller ~]# openstack service create --name keystone identity (http://controller:35357/v3/OS-KSADM/services): The resource could not be found. (HTTP 404) (Request-ID: req-0b95528e-2f7c-4b19-872d-a7bde0cb1142) 404报错是找不到请求的网页 先检查wsgi文件是否正确,在查看expo
OpenStack双节点部署—M Keystone(身份认证服务)
Zcoder`Blog
10-16 2243
Keystone安装一、Keystone数据库操作二、安装并配置Keystone三、配置Apache服务四、创建Service和API Endpoints五、创建domain、project、user、role六、验证Keystone服务 一、Keystone数据库操作 Controller节点 # mysql -uroot -p123456 MariaDB [(none)]&amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;amp;gt; crea...
【收藏级】88条关于OpenStack命令的手册(常看常新)
持续分享,个人的运维经验,包含:云计算、Linux、Windows、容器、K8s、CICD、Python、运维开发、公有云等;以及个人经历相关内容,包含:实习、面试经验等。
07-04 5699
大家好,我是无名小歌。相信大家都有过这样的经历哈,就是我们在操作OpenStack时,一般为了操作方便都会使用Dashboard web可视化界面上对OpenStack进行操作,如:创建用户、镜像、网络、云主机、云主机类型等等。这里有个问题哈,这会导致我们对命令行操作命令大量失忆,在我们必须或想要使用命令操作时发现很多都已经没有多少印象了。所以在这里我罗列了80条相对比较常用的命令,方便大家查看,查看时多看目录结构找到自己所需要的区域。帮助大家快速查找,从而节约时间成本。 如果对你有帮助,还望赏个关注鸭!!
Openstack小试牛刀之Keystone
JTSuperman的博客
04-28 2284
keystone安装
Linux通过packstack一键安装OpenStack
To_own的博客
05-27 1508
Linux通过packstack一键安装OpenStack
OpenStack上的应用自动化部署管理系统
应用名称和服务端口在虚拟机初始化时为空,仅在应用部署完成后才赋予具体值。这种数据结构设计使得系统能够灵活地处理未部署和已部署应用的虚拟机。 4.3.2 虚拟机的业务逻辑管理 NovaServerManager类扮演了重要...
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值