openstack部署

版权声明:本文为博主原创文章,遵循 CC 4.0 by-sa 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/qq_30429153/article/details/85258555

简介

云计算
把全球所有计算资源全部集中在一起,再以虚拟化的方式按需 分配出去
云计算是分布式计算(Distributed Computing)、并行计算(Parallel Computing)、效用计算(Utility Computing)、 网络存储(Network Storage Technologies)、虚拟化(Virtualization)、负载均衡(Load Balance)、热备份冗余(High Available)等传统计算机和网络技术发展融合的产物。

云计算分类:
云平台是一个面向服务的架构,按照提供服务的不同分为 2.IaaS(基础设施级服务)、3.PaaS(平台级服务) 、SaaS(软件级服务)、dSaaS。
IaaS(Infrastructure as a Service)(基础设施级服务)
提供的服务是虚拟机。
IaaS 负责管理虚机的生命周期,包括创建、修改、备份、启停、销毁等。
使用者从云平台得到的是一个已经安装好镜像(操作系统+其他预装软件)的虚拟机。
使用者需要关心虚机的类型(OS)和配置(CPU、内存、磁盘),并且自己负责部署上层的中间件
和应用。
IaaS 的使用者通常是数据中心的系统管理员。
典型的 IaaS 例子有 AWS、Rackspace、阿里云等

PaaS(Platform as a Service)(平台级服务)虚拟机加中间件
提供的服务是应用的运行环境和一系列中间件服务(比如数据库、消息队列等)。
使用者只需专注应用的开发,并将自己的应用和数据部署到PaaS环境中。
PaaS负责保证这些服务的可用性和性能。
PaaS的使用者通常是应用的开发人员。
典型的 PaaS 有 Google App Engine、IBM BlueMix 等

SaaS(Software as a Service)(软件级服务)
提供的是应用服务
使用者只需要登录并使用应用,无需关心应用使用什么技术实现,也不需要关系应用部署在哪里。
SaaS的使用者通常是应用的最终用户。
典型的 SaaS 有 Google Gmail、Salesforce 等

dSaaS (data-storage-as-a-Service)
提供的是存储服务
dSaaS 是为用户提供一个巨大高可用的网盘,并且此网盘可以被用户随时随地访问
典型的 dSaaS 有Amazon S3

container as a service 容器级服务 (清量化虚拟机)CAAS
network as a server网络级服务




https://docs.openstack.org/install-guide/

nova 计算组件
neutron 网络组件
glance 镜像组件
keystore 认证组件
horizon 图形

环境配置

实验:2台
• Controller Node: 1 processor, 4 GB memory, and 20 GB storage 2块网卡 NAT 10.0.0.0/24
• Compute Node: 1 processor, 2 GB memory, and 20 GB storage 2块网卡 NAT 10.0.0.0/24
• 添加网卡,并添加网卡配置
TYPE=Ethernet
NAME=eth1
DEVICE=eth1
ONBOOT="yes"
BOOTPROTO=none
PADDR=10.0.0.11
GATEWAY=10.0.0.1
NETMASK=255.255.255.0
• 域名解析
• 修改主机名
• 测试网络
• 同步时间
ntp
服务端controller:
# yum install -y ntp
# vim /etc/ntp.conf # 追加到server下,并删除原有server(原server作用:与上级时间服务器进行同步)
server 127.127.1.0 # local clock
fudge 127.127.1.0 stratum 10
# systemctl start ntpd
客户端compute1:
# ntpdate server-ip/contronller

openstack


OpenStack包
两个结点都装
安装Queens版本时,请运行:
# yum install centos-release-openstack-queens -y
升级所有节点上的包:
在升级时会报404错误,将yum库新生成的三个yum源移出,升级后在移动回去
# yum upgrade -y
安装OpenStack客户端:
# yum install python-openstackclient
RHEL和CentOS 默认启用SELinux。安装 openstack-selinux软件包以自动管理OpenStack服务的安全策略:
# yum install openstack-selinux

SQL数据库

SQL数据库
控制节点装
安装包:
# yum install mariadb mariadb-server python2-PyMySQL -y

vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动数据库服务并将其配置为在系统引导时启动:
# systemctl enable mariadb.service
# systemctl start mariadb.service
通过运行mysql_secure_installation 脚本来保护数据库服务。特别是,为数据库root帐户选择合适的密码 :
# mysql_secure_installation

消息队列

消息队列
控制节点装
安装包:
# yum install rabbitmq-server -y
启动消息队列服务并将其配置为在系统引导时启动:
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
添加openstack用户:
# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
替换RABBIT_PASS为合适的密码。
允许用户进行配置,写入和读取访问 openstack:
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...

memcached

Memcached的
服务的身份服务身份验证机制使用Memcached来缓存令牌。memcached服务通常在控制器节点上运行。
安装包:
# yum install memcached python-memcached -y
vim /etc/sysconfig/memcached
配置服务以使用控制器节点的管理IP地址。这是为了通过管理网络启用其他节点的访问:
OPTIONS="-l 127.0.0.1,::1,controller"
启动Memcached服务并将其配置为在系统引导时启动:
# systemctl enable memcached.service
# systemctl start memcached.service

etcd

ETCD
控制节点
OpenStack服务可以使用Etcd,一种分布式可靠的键值存储,用于分布式密钥锁定,存储配置,跟踪服务生存和其他场景。
安装包:
# yum install etcd -y

编辑/etc/etcd/etcd.conf文件并设置ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS,ETCD_ADVERTISE_CLIENT_URLS, ETCD_LISTEN_CLIENT_URLS控制器节点,以使经由管理网络通过其他节点的访问的管理IP地址:
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.0.0.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
启用并启动etcd服务:
# systemctl enable etcd
# systemctl start etcd

身份服务 Identity service – keystone installation for Queens

• 身份服务 - Queens的keystone安装
控制节点
使用数据库访问客户端以root用户身份连接到数据库服务器:
mysql -u root -p
创建keystone数据库:
MariaDB [(none)]> CREATE DATABASE keystone;
授予对keystone数据库的适当访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
替换KEYSTONE_DBPASS为合适的密码。
退出数据库访问客户端。

运行以下命令以安装软件包:
# yum install openstack-keystone httpd mod_wsgi -y
编辑 vim /etc/keystone/keystone.conf文件并完成以下操作:
在该[database]部分中,配置数据库访问:
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
替换KEYSTONE_DBPASS为您为数据库选择的密码
注释掉或删除connection该[database]部分中的任何其他选项
在该[token]部分中,配置Fernet令牌提供程序:
[token]
# ...
provider = fernet
填充Identity服务数据库:
# su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet密钥存储库:
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
引导身份服务:
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
替换ADMIN_PASS为管理用户的合适密码。
 

配置Apache HTTP服务器


编辑 vim /etc/httpd/conf/httpd.conf文件并配置ServerName引用控制器节点的 选项:
ServerName controller
创建/usr/share/keystone/wsgi-keystone.conf文件的链接:
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动Apache HTTP服务并将其配置为在系统引导时启动:
# systemctl enable httpd.service
# systemctl start httpd.service
配置管理帐户:写文本,source运行
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
替换ADMIN_PASS为keystone-install-configure-rdo中命令中使用的密码 。

创建域,项目,用户和角色
Identity服务为每个OpenStack服务提供身份验证服务。身份验证服务使用域,项目,用户和角色的组合。
虽然本指南中的keystone-manage bootstrap步骤中已存在“默认”域,但创建新域的正式方法是:
openstack domain create --description "An Example Domain" example

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
+-------------+----------------------------------+
本指南使用的服务项目包含您添加到环境中的每项服务的唯一用户。创建service 项目:
openstack project create --domain default \
--description "Service Project" service

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+
常规(非管理员)任务应使用非特权项目和用户。例如,本指南创建demo项目和用户。
在为此项目创建其他用户时,请勿重复此步骤。
• 创建demo项目:
openstack project create --domain default \
--description "Demo Project" demo

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+
• 创建demo用户:
openstack user create --domain default \
--password-prompt demo

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
• 创建user角色:
openstack role create user

+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | user |
+-----------+----------------------------------+
• 将user角色添加到demo项目和用户:
openstack role add --project demo --user demo user

验证操作
在控制器节点上执行这些命令。
取消设置临时 变量OS_AUTH_URL和OS_PASSWORD环境变量:
unset OS_AUTH_URL OS_PASSWORD
作为admin用户,请求身份验证令牌:
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
此命令使用admin用户的密码。
作为demo用户,请求身份验证令牌:
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue
此命令使用demo 用户和API端口5000 的密码,该端口仅允许对Identity Service API进行常规(非管理员)访问。

创建OpenStack客户端环境脚本
创建和编辑admin-openrc文件并添加以下内容:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
替换ADMIN_PASS为您admin在Identity服务中为用户选择的密码。
创建和编辑demo-openrc文件并添加以下内容:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
替换DEMO_PASS为您demo在Identity服务中为用户选择的密码。
加载admin-openrc文件以使用Identity服务的位置以及admin项目和用户凭据填充环境变量:
. admin-openrc
请求身份验证令牌:
openstack token issue

+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:44:35.659723Z |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+

图像服务 Image service – glance installation for Queens

• 图像服务 - 皇后区的一瞥安装
控制节点

要创建数据库,请完成以下步骤:


使用数据库访问客户端以root用户身份连接到数据库服务器:
mysql -u root -p
创建glance数据库:
MariaDB [(none)]> CREATE DATABASE glance;
授予对glance数据库的适当访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
替换GLANCE_DBPASS为合适的密码。
退出数据库访问客户端。
来源admin凭据来访问仅管理员CLI命令:
. admin-openrc

要创建服务凭据,请完成以下步骤:


创建glance用户:
openstack user create --domain default --password-prompt glance

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将admin角色添加到glance用户和 service项目:
openstack role add --project service --user glance admin
创建glance服务实体:
openstack service create --name glance \
--description "OpenStack Image" image

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建Image服务API端点:
openstack endpoint create --region RegionOne \
image public http://controller:9292

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340be3625e9b4239a6415d034e98aace |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne \
image internal http://controller:9292

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne \
image admin http://controller:9292

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c37ed58103f4300a84ff125a539032d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
安装包:
yum install openstack-glance -y
编辑 vim /etc/glance/glance-api.conf文件并完成以下操作:
• 在该[database]部分中,配置数据库访问:
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
替换GLANCE_DBPASS为您为Image服务数据库选择的密码。
• 在[keystone_authtoken]和[paste_deploy]部分中,配置身份服务访问:
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
# ...
flavor = keystone
替换GLANCE_PASS为您glance在Identity服务中为用户选择的密码 。
注释掉或删除该[keystone_authtoken]部分中的任何其他选项
填充Image服务数据库:
# su -s /bin/sh -c "glance-manage db_sync" glance
忽略此输出中的任何弃用消息。
启动Image服务并将其配置为在系统引导时启动:
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service

验证操作
在控制器节点上执行这些命令。
来源admin凭据来访问仅管理员CLI命令:
. admin-openrc
下载源图像:
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
使用QCOW2磁盘格式, 容器格式和公共可见性将图像上载到Image服务 ,以便所有项目都可以访问它:
openstack image create "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public

+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-03-26T16:52:10Z |
| disk_format | qcow2 |
| file | /v2/images/cc5c6982-4910-471e-b864-1098015901b5/file |
| id | cc5c6982-4910-471e-b864-1098015901b5 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | ae7a98326b9c455588edd2656d723b9d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13200896 |
| status | active |
| tags | |
| updated_at | 2015-03-26T16:52:10Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
OpenStack动态生成ID,因此您将在示例命令输出中看到不同的值。
确认上传图像并验证属性:
openstack image list

+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | active |
+--------------------------------------+--------+--------+

计算服务 Compute service – nova installation for Queens

• 计算服务 - 皇后区的新星安装
安装和配置控制器节点
要创建数据库,请完成以下步骤:
使用数据库访问客户端以root用户身份连接到数据库服务器 :
mysql -u root -p
创建nova_api,nova和nova_cell0数据库:
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
授予对数据库的适当访问权限:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
替换NOVA_DBPASS为合适的密码。
退出数据库访问客户端。
来源admin凭据来访问仅管理员CLI命令:
. admin-openrc
创建Compute服务凭据:
创建nova用户:
openstack user create --domain default --password-prompt nova

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8a7dbf5279404537b1c7b86c033620fe |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将admin角色添加到nova用户:
openstack role add --project service --user nova admin
此命令不提供输出。
创建nova服务实体:
openstack service create --name nova \
--description "OpenStack Compute" compute

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
创建Compute API服务端点:
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1

+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 3c1caa473bfe4390a11e7177894bcc7b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+

openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1

+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e3c918de680746a586eac1f2d9bc10ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+

openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1

+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 38f7af91666a47cfb97b4dc790b94424 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+
使用您选择的创建Placement服务用户PLACEMENT_PASS:
openstack user create --domain default --password-prompt placement

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fa742015a6494a949f67629884fc7ec8 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
使用admin角色将Placement用户添加到服务项目:
openstack role add --project service --user placement admin
此命令不提供输出。
在服务目录中创建Placement API条目:
openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 2d1a27022e6e4185b86adac4444c495f |
| name | placement |
| type | placement |
+-------------+----------------------------------+
创建Placement API服务端点:
openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2b1b2637908b4137a9c2e0470487cbc0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 02bcda9a150a4bd7993ff4879df971ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+

openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d71177b9e0f406f98cbff198d74b182 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+

安装包:
# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
编辑 vim /etc/nova/nova.conf文件并完成以下操作:
>在该[DEFAULT]部分中,仅启用计算和元数据API:
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
>在[api_database]和[database]部分中,配置数据库访问:
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
替换NOVA_DBPASS为您为Compute数据库选择的密码。
>在该[DEFAULT]部分中,配置RabbitMQ消息队列访问:
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
替换RABBIT_PASS为您为openstack 帐户选择的密码RabbitMQ。
>在[api]和[keystone_authtoken]部分中,配置身份服务访问:
[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
替换NOVA_PASS为您nova在Identity服务中为用户选择的密码。
注释掉或删除该[keystone_authtoken] 部分中的任何其他选项。
>在该[DEFAULT]部分中,配置my_ip选项以使用控制器节点的管理接口IP地址:
[DEFAULT]
# ...
my_ip = 10.0.0.11
>在该[DEFAULT]部分中,启用对网络服务的支持:
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
>在该[vnc]部分中,配置VNC代理以使用控制器节点的管理接口IP地址:
[vnc]
enabled = true
# ...
server_listen = $my_ip
server_proxyclient_address = $my_ip
>在该[glance]部分中,配置Image服务API的位置:
[glance]
# ...
api_servers = http://controller:9292
>在该[oslo_concurrency]部分中,配置锁定路径:
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
>在该[placement]部分中,配置Placement API:
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
替换PLACEMENT_PASS为您placement在Identity服务中为用户选择的密码 。注释掉该[placement]部分中的任何其他选项。
由于打包错误,您必须通过将以下配置添加到以下内容来启用对Placement API的访问 vim /etc/httpd/conf.d/00-nova-placement-api.conf:
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启httpd服务:
# systemctl restart httpd
填充nova-api数据库:
# su -s /bin/sh -c "nova-manage api_db sync" nova
注册cell0数据库:
# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建cell1单元格:
# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
109e1d4b-536a-40d0-83c6-5f121b82b650
填充新星数据库:
# su -s /bin/sh -c "nova-manage db sync" nova
验证nova cell0和cell1是否正确注册:
nova-manage cell_v2 list_cells
+-------+--------------------------------------+
| Name | UUID |
+-------+--------------------------------------+
| cell1 | 109e1d4b-536a-40d0-83c6-5f121b82b650 |
| cell0 | 00000000-0000-0000-0000-000000000000 |
+-------+--------------------------------------+
启动Compute服务并将其配置为在系统引导时启动:
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

 

安装和配置计算节点
安装包:
# yum install openstack-nova-compute -y
编辑 vim /etc/nova/nova.conf文件并完成以下操作:
>在该[DEFAULT]部分中,仅启用计算和元数据API:
[DEFAULT]
# ...
enabled_apis = osapi_compute,metadata
>在该[DEFAULT]部分中,配置RabbitMQ消息队列访问:
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
替换RABBIT_PASS为您为openstack 帐户选择的密码RabbitMQ。
>在[api]和[keystone_authtoken]部分中,配置身份服务访问:
[api]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
替换NOVA_PASS为您nova在Identity服务中为用户选择的密码。
注释掉或删除该[keystone_authtoken] 部分中的任何其他选项。
>在该[DEFAULT]部分中,配置my_ip选项:
[DEFAULT]
# ...
my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS
替换MANAGEMENT_INTERFACE_IP_ADDRESS为计算节点上管理网络接口的IP地址,对于示例体系结构中的第一个节点,通常为10.0.0.31 。
>在该[DEFAULT]部分中,启用对网络服务的支持:
[DEFAULT]
# ...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
>在该[vnc]部分中,启用并配置远程控制台访问:
[vnc]
# ...
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
>在该[glance]部分中,配置Image服务API的位置:
[glance]
# ...
api_servers = http://controller:9292
>在该[oslo_concurrency]部分中,配置锁定路径:
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp
>在该[placement]部分中,配置Placement API:
[placement]
# ...
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
替换PLACEMENT_PASS为您placement在Identity服务中为用户选择的密码 。注释掉该[placement]部分中的任何其他选项。
确定您的计算节点是否支持虚拟机的硬件加速:
egrep -c '(vmx|svm)' /proc/cpuinfo
如果此命令返回值,则计算节点支持硬件加速,通常不需要其他配置。one or greater
如果此命令返回值zero,则您的计算节点不支持硬件加速,您必须配置libvirt为使用QEMU而不是KVM。

• 编辑文件中的[libvirt]部分,vim /etc/nova/nova.conf如下所示:
[libvirt]
# ...
virt_type = qemu
启动Compute服务(包括其依赖项)并将其配置为在系统引导时自动启动:
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
在控制器节点上运行以下命令。
获取管理员凭据以启用仅管理CLI命令,然后确认数据库中有计算主机:
. admin-openrc

openstack compute service list --service nova-compute
+----+-------+--------------+------+-------+---------+----------------------------+
| ID | Host | Binary | Zone | State | Status | Updated At |
+----+-------+--------------+------+-------+---------+----------------------------+
| 1 | node1 | nova-compute | nova | up | enabled | 2017-04-14T15:30:44.000000 |
+----+-------+--------------+------+-------+---------+----------------------------+
发现计算主机:
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting compute nodes from cell 'cell1': ad5a5985-a719-4567-98d8-8d148aaae4bc
Found 1 computes in cell: ad5a5985-a719-4567-98d8-8d148aaae4bc
Checking host mapping for compute host 'compute': fe58ddc1-1d65-4f87-9456-bc040dc106b3
Creating host mapping for compute host 'compute': fe58ddc1-1d65-4f87-9456-bc040dc106b3

验证操作
来源admin凭据来访问仅管理员CLI命令:
. admin-openrc
列出服务组件以验证每个进程的成功启动和注册:
openstack compute service list

+----+--------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+--------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 3 | nova-conductor | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 |
| 4 | nova-compute | compute1 | nova | enabled | up | 2016-02-09T23:11:20.000000 |
+----+--------------------+------------+----------+---------+-------+----------------------------+
此输出应指示控制器节点上启用的三个服务组件以及计算节点上启用的一个服务组件。
列出Identity服务中的API端点以验证与Identity服务的连接:
openstack catalog list

+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| keystone | identity | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | admin: http://controller:5000/v3/ |
| | | |
| glance | image | RegionOne |
| | | admin: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | RegionOne |
| | | internal: http://controller:9292 |
| | | |
| nova | compute | RegionOne |
| | | admin: http://controller:8774/v2.1 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1 |
| | | RegionOne |
| | | public: http://controller:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | public: http://controller:8778 |
| | | RegionOne |
| | | admin: http://controller:8778 |
| | | RegionOne |
| | | internal: http://controller:8778 |
| | | |
+-----------+-----------+-----------------------------------------+
列出Image服务中的图像以验证与Image服务的连接:
penstack image list

+--------------------------------------+-------------+-------------+
| ID | Name | Status |
+--------------------------------------+-------------+-------------+
| 9a76d9f9-9620-4f2e-8c69-6c5691fae163 | cirros | active |
+--------------------------------------+-------------+-------------+
检查单元格和放置API是否成功运行:
nova-status upgrade check

+---------------------------+
| Upgrade Check Results |
+---------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+---------------------------+
| Check: Resource Providers |
| Result: Success |
| Details: None |
+---------------------------+

网络服务 Networking service – neutron installation for Queens

• 网络服务 - 皇后区的中子安装
安装和配置控制器节点
要创建数据库,请完成以下步骤:
>使用数据库访问客户端以root用户身份连接到数据库服务器:
mysql -u root -p
>创建neutron数据库:
MariaDB [(none)] CREATE DATABASE neutron;
>授予对neutron数据库的适当访问权限,替换 NEUTRON_DBPASS为合适的密码:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
退出数据库访问客户端。
来源admin凭据来访问仅管理员CLI命令:
. admin-openrc
要创建服务凭据,请完成以下步骤:
>创建neutron用户:
openstack user create --domain default --password-prompt neutron

User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fdb0f541e28141719b6a43c8944bf1fb |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
>将admin角色添加到neutron用户:
openstack role add --project service --user neutron admin
>创建neutron服务实体:
openstack service create --name neutron \
--description "OpenStack Networking" network

+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
创建网络服务API端点:
openstack endpoint create --region RegionOne \
network public http://controller:9696

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne \
network internal http://controller:9696

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+

$ openstack endpoint create --region RegionOne \
network admin http://controller:9696

+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
网络选项1:提供商网络
网络选项2:自助服务网络
1.
在控制器节点上安装和配置网络组件。
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
编辑 vim /etc/neutron/neutron.conf文件并完成以下操作:
>在该[database]部分中,配置数据库访问:
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
替换NEUTRON_DBPASS为您为数据库选择的密码。
注释掉或删除connection该[database]部分中的任何其他选项 。
>在该[DEFAULT]部分中,启用模块化第2层(ML2)插件并禁用其他插件:
[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
>在该[DEFAULT]部分中,配置RabbitMQ 消息队列访问:
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
替换RABBIT_PASS为您openstack在RabbitMQ中为帐户选择的密码 。
>在[DEFAULT]和[keystone_authtoken]部分中,配置身份服务访问:
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
替换NEUTRON_PASS为您neutron 在Identity服务中为用户选择的密码
注释掉或删除该[keystone_authtoken]部分中的任何其他选项 。
>在[DEFAULT]和[nova]部分中,配置网络以通知Compute网络拓扑更改:
[DEFAULT]
# ...
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true

[nova]
# ...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
替换NOVA_PASS为您nova 在Identity服务中为用户选择的密码
>在该[oslo_concurrency]部分中,配置锁定路径:
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
编辑 vim /etc/neutron/plugins/ml2/ml2_conf.ini文件并完成以下操作:
>在本[ml2]节中,启用平面和VLAN网络:
[ml2]
# ...
type_drivers = flat,vlan
>在该[ml2]部分中,禁用自助服务网络:
[ml2]
# ...
tenant_network_types =
>在本[ml2]节中,启用Linux桥接机制:
[ml2]
# ...
mechanism_drivers = linuxbridge
>在该[ml2]部分中,启用端口安全性扩展驱动程序:
[ml2]
# ...
extension_drivers = port_security
>在该[ml2_type_flat]部分中,将提供商虚拟网络配置为扁平网络:
[ml2_type_flat]
# ...
flat_networks = provider
>在该[securitygroup]部分中,启用ipset以提高安全组规则的效率:
[securitygroup]
# ...
enable_ipset = true
编辑 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:
>在该[linux_bridge]部分中,将提供者虚拟网络映射到提供者物理网络接口:
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
替换PROVIDER_INTERFACE_NAME为底层提供者物理网络接口的名称。有关 更多信息,请参阅主机网络 可上网网卡名
>在该[vxlan]部分中,禁用VXLAN覆盖网络:
[vxlan]
enable_vxlan = false
>在该[securitygroup]部分中,启用安全组并配置Linux桥接iptables防火墙驱动程序:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
>通过验证以下所有sysctl值设置为1:确保您的Linux操作系统内核支持网桥过滤器:
root@controller ~]# lsmod | grep br_netfilter
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 146976 1 br_netfilter
vim /etc/neutron/dhcp_agent.ini
在本[DEFAULT]节中,配置Linux桥接接口驱动程序,Dnsmasq DHCP驱动程序,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据:
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
返回网络控制器节点配置。
编辑 vim /etc/neutron/metadata_agent.ini文件并完成以下操作:
>在该[DEFAULT]部分中,配置元数据主机和共享密钥:
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
替换METADATA_SECRET为元数据代理的适当秘密
编辑vim /etc/nova/nova.conf文件并执行以下操作:
>在该[neutron]部分中,配置访问参数,启用元数据代理并配置密码:
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
替换NEUTRON_PASS为您neutron 在Identity服务中为用户选择的密码。
替换METADATA_SECRET为您为元数据代理选择的秘密。

网络服务初始化脚本需要一个/etc/neutron/plugin.ini指向ML2插件配置文件的符号链接/etc/neutron/plugins/ml2/ml2_conf.ini。如果此符号链接不存在,请使用以下命令创建它:
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
填充数据库:
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重新启动Compute API服务:
# systemctl restart openstack-nova-api.service
启动网络服务并将其配置为在系统引导时启动。
对于两种网络选项:
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
对于网络选项2,还启用并启动第3层服务:
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
安装和配置计算节点
# yum install openstack-neutron-linuxbridge ebtables ipset -y
编辑vim /etc/neutron/neutron.conf文件并完成以下操作:
在该[database]部分中,注释掉任何connection选项,因为计算节点不直接访问数据库。
>在该[DEFAULT]部分中,配置RabbitMQ 消息队列访问:
[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller
替换RABBIT_PASS为您openstack 在RabbitMQ中为帐户选择的密码。
>在[DEFAULT]和[keystone_authtoken]部分中,配置身份服务访问:
[DEFAULT]
# ...
auth_strategy = keystone

[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
替换NEUTRON_PASS为您neutron 在Identity服务中为用户选择的密码。
注释掉或删除该[keystone_authtoken]部分中的任何其他选项 。
>在该[oslo_concurrency]部分中,配置锁定路径:
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
网络选项1:提供商网络
网络选项2:自助服务网络
1.
编辑 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini文件并完成以下操作:
>在该[linux_bridge]部分中,将提供者虚拟网络映射到提供者物理网络接口:
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
替换PROVIDER_INTERFACE_NAME为底层提供者物理网络接口的名称。有关 更多信息,请参阅主机网络
>在该[vxlan]部分中,禁用VXLAN覆盖网络:
[vxlan]
enable_vxlan = false
>在该[securitygroup]部分中,启用安全组并配置Linux桥接iptables防火墙驱动程序:
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
>通过验证以下所有sysctl值设置为1:确保您的Linux操作系统内核支持网桥过滤器:
root@controller ~]# lsmod | grep br_netfilter
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# lsmod | grep br_netfilter
br_netfilter 22256 0
bridge 146976 1 br_netfilter
返回网络计算节点配置
编辑 vim /etc/nova/nova.conf文件并完成以下操作:
>在该[neutron]部分中,配置访问参数
[neutron]
# ...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
替换NEUTRON_PASS为您neutron 在Identity服务中为用户选择的密码。
重启Compute服务:
# systemctl restart openstack-nova-compute.service
启动Linux网桥代理并将其配置为在系统引导时启动:
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
验证操作
在控制器节点上执行这些命令。
来源admin凭据来访问仅管理员CLI命令:
. admin-openrc
列出已加载的扩展以验证是否成功启动了该 neutron-server进程:
openstack extension list --network

+---------------------------+---------------------------+----------------------------+
| Name | Alias | Description |
+---------------------------+---------------------------+----------------------------+
| Default Subnetpools | default-subnetpools | Provides ability to mark |
| | | and use a subnetpool as |
| | | the default |
| Availability Zone | availability_zone | The availability zone |
| | | extension. |
| Network Availability Zone | network_availability_zone | Availability zone support |
| | | for network. |
| Port Binding | binding | Expose port bindings of a |
| | | virtual port to external |
| | | application |
| agent | agent | The agent management |
| | | extension. |
| Subnet Allocation | subnet_allocation | Enables allocation of |
| | | subnets from a subnet pool |
| DHCP Agent Scheduler | dhcp_agent_scheduler | Schedule networks among |
| | | dhcp agents |
| Tag support | tag | Enables to set tag on |
| | | resources. |
| Neutron external network | external-net | Adds external network |
| | | attribute to network |
| | | resource. |
| Neutron Service Flavors | flavors | Flavor specification for |
| | | Neutron advanced services |
| Network MTU | net-mtu | Provides MTU attribute for |
| | | a network resource. |
| Network IP Availability | network-ip-availability | Provides IP availability |
| | | data for each network and |
| | | subnet. |
| Quota management support | quotas | Expose functions for |
| | | quotas management per |
| | | tenant |
| Provider Network | provider | Expose mapping of virtual |
| | | networks to physical |
| | | networks |
| Multi Provider Network | multi-provider | Expose mapping of virtual |
| | | networks to multiple |
| | | physical networks |
| Address scope | address-scope | Address scopes extension. |
| Subnet service types | subnet-service-types | Provides ability to set |
| | | the subnet service_types |
| | | field |
| Resource timestamps | standard-attr-timestamp | Adds created_at and |
| | | updated_at fields to all |
| | | Neutron resources that |
| | | have Neutron standard |
| | | attributes. |
| Neutron Service Type | service-type | API for retrieving service |
| Management | | providers for Neutron |
| | | advanced services |
| Tag support for | tag-ext | Extends tag support to |
| resources: subnet, | | more L2 and L3 resources. |
| subnetpool, port, router | | |
| Neutron Extra DHCP opts | extra_dhcp_opt | Extra options |
| | | configuration for DHCP. |
| | | For example PXE boot |
| | | options to DHCP clients |
| | | can be specified (e.g. |
| | | tftp-server, server-ip- |
| | | address, bootfile-name) |
| Resource revision numbers | standard-attr-revisions | This extension will |
| | | display the revision |
| | | number of neutron |
| | | resources. |
| Pagination support | pagination | Extension that indicates |
| | | that pagination is |
| | | enabled. |
| Sorting support | sorting | Extension that indicates |
| | | that sorting is enabled. |
| security-group | security-group | The security groups |
| | | extension. |
| RBAC Policies | rbac-policies | Allows creation and |
| | | modification of policies |
| | | that control tenant access |
| | | to resources. |
| standard-attr-description | standard-attr-description | Extension to add |
| | | descriptions to standard |
| | | attributes |
| Port Security | port-security | Provides port security |
| Allowed Address Pairs | allowed-address-pairs | Provides allowed address |
| | | pairs |
| project_id field enabled | project-id | Extension that indicates |
| | | that project_id field is |
| | | enabled. |
+---------------------------+---------------------------+----------------------------+
网络选项1:提供商网络1
网络选项2:自助服务网络
列出代理以验证成功发射中子代理:
openstack network agent list

+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 0400c2f6-4d3b-44bc-89fa-99093432f3bf | Metadata agent | controller | None | True | UP | neutron-metadata-agent |
| 83cf853d-a2f2-450a-99d7-e9c6fc08f4c3 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent |
| ec302e51-6101-43cf-9f19-88a78613cbee | Linux bridge agent | compute | None | True | UP | neutron-linuxbridge-agent |
| fcb9bc6e-22b1-43bc-9054-272dd517d025 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
输出应指示控制器节点上的三个代理程序和每个计算节点上的一个代理程序。

仪表板 Dashboard – horizon installation for Queens

控制节点
• 仪表板 - 皇后区的地平线安装
安装包:
# yum install openstack-dashboard
编辑 /etc/openstack-dashboard/local_settings 文件并完成以下操作:
>配置仪表板以在controller节点上使用OpenStack服务 :
OPENSTACK_HOST = "controller"
>允许您的主机访问仪表板:
ALLOWED_HOSTS = ['*', '*']
ALLOWED_HOSTS也可以['*']接受所有主机。
>配置memcached会话存储服务:
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
注释掉任何其他会话存储配置。
>启用Identity API版本3:
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
>启用对域的支持:
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
>配置API版本:
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
>配置Default为通过仪表板创建的用户的默认域:
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
>配置user为您通过仪表板创建的用户的默认角色:
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
>如果选择网络选项1,请禁用对第3层网络服务的支持:
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
>(可选)配置时区:
TIME_ZONE = "TIME_ZONE"
替换TIME_ZONE为适当的时区标识符。有关更多信息,请参阅时区列表
vim /etc/httpd/conf.d/openstack-dashboard.conf如果未包含,请添加以下行 。
WSGIApplicationGroup %{GLOBAL}
重新启动Web服务器和会话存储服务:
# systemctl restart httpd.service memcached.service
验证Red Hat Enterprise Linux和CentOS的操作
http://10.0.0.11/dashboard

展开阅读全文

没有更多推荐了,返回首页