声明:本文是我自己在安装部署OpenStack私有云过程中做的笔记,并非安装指导,本文完全照抄官方安装说明文档
注:官方文档写的真好,好的不要不要的,强烈推荐大家看下官方的文档
OpenStack-Ocata官方安装说明文档:https://docs.openstack.org/ocata/install-guide-rdo/
一、环境准备
1. 网络环境
| 节点名称 | IP | 域名 |
|---|---|---|
| 控制节点 | 192.168.159.34 | node1.example.local |
| 计算节点 | 192.168.159.35 | node2.example.local |
2. NTP服务
NTP服务器:192.168.159.254 admin.example.local
NTP服务器配置可参考:http://blog.csdn.net/shion0305/article/details/55254291
在控制节点上和计算节点上分别添加crond定时同步NTP服务器
# crontab -e
#每5分钟同步一次NTP服务器
*/5 * * * * /usr/sbin/ntpdate admin.example.local > /dev/null 2>&1# crontab -e
#每5分钟同步一次NTP服务器
*/5 * * * * /usr/sbin/ntpdate admin.example.local > /dev/null 2>&13. 配置repo软件仓库
安装CentOS官方OpenStack-Ocata软件仓库
# yum install -y centos-release-openstack-ocata升级该节点所有的rpm包到最新版本
# yum upgrade -y安装OpenStack client
# yum install -y python-openstackclient安装OpenStack selinux,RHEL和CentOS默认开启selinux,这个包可以自动管理openstack服务的安全规则,如果不想安装这个包,则需要手动关闭selinux功能。
# yum install -y openstack-selinux#如果不想安装openstack-selinux,则需要手动关闭selinux
# vim /etc/selinux/config
#..
SELINUX=disabled
#修改完毕后需要重启二、搭建OpenStack环境框架
1. SQL 数据库安装和配置组件
安装数据库包
# yum install -y mariadb mariadb-server python2-PyMySQL创建配置文件,数据库编码为utf8
# touch /etc/my.cnf.d/openstack.cnf
# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.159.34 #数据库绑定IP
default-storage-engine = innodb #数据库默认存储引擎
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8启动数据库服务
# systemctl enable mariadb.service
# systemctl start mariadb.service初始化数据库
# mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!2. 消息队列安装和配置组件
安装RabbitMQ
# yum install -y rabbitmq-server启动RabbitMQ服务
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service给RabbitMQ添加openstack用户
# rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...给openstack用户配置和读写权限
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...3. Memcached安装和配置组件
安装软件包
# yum install -y memcached python-memcached编辑/etc/sysconfig/memcached,在里面填写控制节点的IP地址
# vim /etc/sysconfig/memcached
#..
#将OPTIONS配置项修改如下
OPTIONS="-l 192.168.159.34"启动Memcached服务
# systemctl enable memcached.service
# systemctl start memcached.service至此OpenStack整个框架环境基本搞定了,剩下的就是各个组件了。
安装各组件很有意思,除了keystone以外,其他组件基本上是差不多的步骤,唯一的区别就是创建时指定的名字不同而已:
(1). 配置数据库
create database xxx
GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'localhost' IDENTIFIED BY 'xxxx';
GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'192.168.159.%' IDENTIFIED BY 'xxxx';
GRANT ALL PRIVILEGES ON keystone.* TO 'xxxx'@'%' IDENTIFIED BY 'xxxx';(2). 安装软件包
# yum install xxx(3). 配置文件
- 配置各项服务的连接,比如数据库,rabbitmq等
- 认证配置
- 特定配置
(4). 数据库同步
- 创建需要的表
(5). 加入启动项,启动
# systemctl enable openstack-xxx.service
# systemctl start openstack-xxxx.service(6). 创建用户,service,endpoint等
openstack user create xxx
openstack service create xxx
openstack endpoint create xxx(7). 验证服务是否成功
三、安装keystone组件
1. 创建数据库
使用root用户登录数据库
# mysql -uroot -proot创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;给keystone用户授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'192.168.159.%' IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'node1.example.local' IDENTIFIED BY 'keystone';退出数据库
MariaDB [(none)]> \q
Bye2. 安装配置组件
安装软件包
# yum install -y openstack-keystone httpd mod_wsgi编辑keystone配置文件
# vim /etc/keystone/keystone.conf
#修改如下配置项
[DEFAULT]
#..
admin_token = ADMIN_TOKEN
#..
[database]
#..
connection = mysql+pymysql://keystone:keystone@192.168.159.34/keystone
#..
[token]
#..
provider = fernet
#..初始化keystone数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone初始化Fernet key
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone配置引导认证服务
# keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne3. 配置Apache HTTP Server
编辑/etc/httpd/conf/httpd.conf,修改ServerName为本机
# vim /etc/httpd/conf/httpd.conf
#..
ServerName 192.168.159.34将/usr/share/keystone/wsgi-keystone.conf链接到/etc/httpd/conf.d/目录下
# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/启动httpd服务
# systemctl enable httpd.service
# systemctl start httpd.service配置环境变量
# export OS_USERNAME=admin
# export OS_PASSWORD=ADMIN_PASS
# export OS_PROJECT_NAME=admin
# export OS_USER_DOMAIN_NAME=Default
# export OS_PROJECT_DOMAIN_NAME=Default
# export OS_AUTH_URL=http://192.168.159.34:35357/v3
# export OS_IDENTITY_API_VERSION=34. 创建domain,projects,users,roles
创建service project
# openstack project create --domain default \
> --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 23c6b5c549374fcbb05a6dc4ff5d26c2 |
| is_domain | False |
| name | service |
| parent_id | default |
+-------------+----------------------------------+创建demo project
[root@node1 ~]# openstack project create --domain default \
> --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 167aed9f46b04127963d0c1fc4544974 |
| is_domain | False |
| name | demo |
| parent_id | default |
+-------------+----------------------------------+创建demo用户
[root@node1 ~]# openstack user create --domain default \
> --password-prompt demo
User Password:demo
Repeat User Password:demo
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 540389d14b2044beb9a41eb86b30f02c |
| name | demo |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+创建user角色
[root@node1 ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | da22370ee29c4ae68748c640ac7042e2 |
| name | user |
+-----------+----------------------------------+添加user角色给demo项目和demo用户
# openstack role add --project demo --user demo user5. 认证配置
出于安全考虑,需要禁用临时身份验证机制
vim /etc/keystone/keystone-paste.ini
#..
#找到[pipeline:public_api],[pipeline:admin_api],[pipeline:api_v3]
#删除里面的 admin_token_auth给admin用户设置认证令牌
# openstack --os-auth-url http://192.168.159.34:35357/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name admin --os-username admin token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-03-15T09:34:13+0000 |
| id | gAAAAABYyPyFFiCpdudAtjRWq_J9jGIZ7fFHXNMpQhz1IQDUECcv0lb9Jb4ooisk2T40sxL1-UuOowPAm4rLG7xhQORR3uEgYdUlfthgNQ4PVrpiZFlXV4sWBYd4DdFtu37OE_5oMjDm13BzTMmWWGBirBaD7DEFFTRN4F9_h4E_OkRZ1roC2Y4 |
| project_id | c5062eadfa4a4ecb81df03168b51b076 |
| user_id | 11d993614ddb4879b4f0d261dc252e04 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
卸载OS_AUTH_URL 和 OS_PASSWORD两个环境变量
# unset OS_AUTH_URL OS_PASSWORD给demo用户设置认证令牌
# openstack --os-auth-url http://192.168.159.34:5000/v3 \
> --os-project-domain-name default --os-user-domain-name default \
> --os-project-name demo --os-username demo token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-03-15T09:39:07+0000 |
| id | gAAAAABYyP2rv9mMQfoyetNCFSZJ1qL-WimAGscN1YL-eA_Af9ZsmbpVoJBO__GFvs7k9y-gWM4tj0TJAijOI_6al59beC5pdqGYJ7rXtojxBXOtg6e4I_GbtNgWDTLy3N0qGpas5nbhZhqZ3tRKfi2ZU5mHdEaD_g6WqBqi3LS4cLEDKSV36d8 |
| project_id | 167aed9f46b04127963d0c1fc4544974 |
| user_id | 540389d14b2044beb9a41eb86b30f02c |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+6. 创建openstack客户端登录脚本
创建admin登录脚本
# vim /root/.admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://192.168.159.34:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2创建demo登录脚本
# vim /root/.demo-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://192.168.154.34:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2验证环境变量脚本
# source /root/.admin-openrc
# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2017-03-15T10:00:57+0000 |
| id | gAAAAABYyQLJJA5BzYvyK06xjuEly92QuZ5PobFw0oF6VQNtQM8eyULuzZhed6Z0BRgrSNctN1ZXjuJDRHOr1-LtbS442DHez5-k8pPsm2zlCcw7dVd9atRXC532gyAj7595R_tRi28qy--xoL6u8HuMg6c_C3sd6hMPVnfS0nwvtslqpHcaD5I |
| project_id | c5062eadfa4a4ecb81df03168b51b076 |
| user_id | 11d993614ddb4879b4f0d261dc252e04 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+四、安装glance服务
1. 创建数据库
使用root用户登录数据库
# mysql -uroot -proot创建glance数据库
MariaDB [(none)]> CREATE DATABASE glance;给glance用户授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'192.168.159.%' IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'node1.example.local' IDENTIFIED BY 'glance';退出数据库
MariaDB [(none)]> \q
Bye2. 在openstack中创建glance用户
创建glance用户
# source /root/.admin-openrc
# openstack user create --domain default --password-prompt glance
User Password:glance
Repeat User Password:glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0396dd715fcb44be94850e22dcc93d0a |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
将glance用户添加到admin角色,和service项目
# openstack role add --project service --user glance admin创建glance服务
# openstack service create --name glance \
> --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | b0f7a9e3516a4c0da46c7212e9d7c1f7 |
| name | glance |
| type | image |
+-------------+----------------------------------+创建image服务(glance服务)对应的endpoint
# openstack endpoint create --region RegionOne \
> image public http://192.168.159.34:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d82e53c5e6c54d06974df4a15b9467a5 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b0f7a9e3516a4c0da46c7212e9d7c1f7 |
| service_name | glance |
| service_type | image |
| url | http://192.168.159.34:9292 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne \
> image internal http://192.168.159.34:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 072607779b3a4f0880d621e5e59b29db |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b0f7a9e3516a4c0da46c7212e9d7c1f7 |
| service_name | glance |
| service_type | image |
| url | http://192.168.159.34:9292 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne \
> image admin http://192.168.159.34:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0567e1e6f9ed4250a1ba1775df4350f5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b0f7a9e3516a4c0da46c7212e9d7c1f7 |
| service_name | glance |
| service_type | image |
| url | http://192.168.159.34:9292 |
+--------------+----------------------------------+3. 安装glance软件包,并配置组件
安装软件包
# yum install -y openstack-glance编辑配置文件/etc/glance/glance-api.conf
[database]
# ...
connection = mysql+pymysql://glance:glance@192.168.159.34/glance
[keystone_authtoken]
# ...
auth_uri = http://192.168.159.34:5000
auth_url = http://192.168.159.34:35357
memcached_servers = 192.168.159.34:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
# ...
flavor = keystone
[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/编辑配置文件/etc/glance/glance-registry.conf
[database]
# ...
connection = mysql+pymysql://glance:glance@192.168.159.34/glance
[keystone_authtoken]
# ...
#注释掉[keystone_authtoken]下面的所有项,仅配置如下项
auth_uri = http://192.168.159.34:5000
auth_url = http://192.168.159.34:35357
memcached_servers = 192.168.159.34:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
# ...
flavor = keystone初始化glance数据库,如果下面有告警或是报错输出,直接忽略即可
# su -s /bin/sh -c "glance-manage db_sync" glance
Option "verbose" from group "DEFAULT" is deprecated for removal. Its value may be silently ignored in the future.
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1241: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata01, add visibility to and remove is_public from images
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: ocata01, current revision(s): ocata01启动glance服务
# systemctl enable openstack-glance-api.service openstack-glance-registry.service
# systemctl start openstack-glance-api.service openstack-glance-registry.service五、安装compute服务
1. 创建数据库
使用root用户登录数据库
# mysql -uroot -proot创建nova数据库
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;给nova用户授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'192.168.159.%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'node1.example.local' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'192.168.159.%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'node1.example.local' IDENTIFIED BY 'nova';退出数据库
MariaDB [(none)]> \q
Bye2. 在openstack中创建nova用户
在openstack中创建nova用户
# source /root/.admin-openrc
# openstack user create --domain default --password-prompt nova
User Password:nova
Repeat User Password:nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 2b85019694e24030981365cf6bcd487a |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+将nova用户添加到admin角色
# openstack role add --project service --user nova admin创建nova服务
# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 9485921d0012487298ed9e29c0c7b42c |
| name | nova |
| type | compute |
+-------------+----------------------------------+创建compute服务(nova服务)对应的endpoint
[root@node1 ~]# openstack endpoint create --region RegionOne \
> compute public http://192.168.159.34:8774/v2.1/%\(tenant_id\)s
+--------------+-----------------------------------------------+
| Field | Value |
+--------------+-----------------------------------------------+
| enabled | True |
| id | 008bb9e440dc4a6980969db0cd3f429f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9485921d0012487298ed9e29c0c7b42c |
| service_name | nova |
| service_type | compute |
| url | http://192.168.159.34:8774/v2.1/%(tenant_id)s |
+--------------+-----------------------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne \
> compute internal http://192.168.159.34:8774/v2.1/%\(tenant_id\)s
+--------------+-----------------------------------------------+
| Field | Value |
+--------------+-----------------------------------------------+
| enabled | True |
| id | 69541580b3b8438eae2752c0e75a6664 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9485921d0012487298ed9e29c0c7b42c |
| service_name | nova |
| service_type | compute |
| url | http://192.168.159.34:8774/v2.1/%(tenant_id)s |
+--------------+-----------------------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne \
> compute admin http://192.168.159.34:8774/v2.1/%\(tenant_id\)s
+--------------+-----------------------------------------------+
| Field | Value |
+--------------+-----------------------------------------------+
| enabled | True |
| id | 69d937792dd240d5bfa49bb31cc68ed7 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 9485921d0012487298ed9e29c0c7b42c |
| service_name | nova |
| service_type | compute |
| url | http://192.168.159.34:8774/v2.1/%(tenant_id)s |
+--------------+-----------------------------------------------+3. 安装nova软件包,并配置组件
安装软件包
# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler编辑配置文件/etc/nova/nova.conf
[DEFAULT]
# ...
my_ip = 192.168.159.34
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:RABBIT_PASS@192.168.159.34
use_neutron = True
#By default, Compute uses an internal firewall driver. Since the Networking service includes a firewall driver, you must disable the Compute firewall driver by using the "nova.virt.firewall.NoopFirewallDriver" firewall driver.
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
# ...
connection = mysql+pymysql://nova:nova@192.168.159.34/nova_api
[database]
# ...
connection = mysql+pymysql://nova:nova@192.168.159.34/nova
[api]
# ...
auth_strategy = keystone
[keystone_authtoken]
# ...
#注释掉[keystone_authtoken]下面的所有项,仅配置如下项
auth_uri = http://192.168.159.34:5000
auth_url = http://192.168.159.34:35357
memcached_servers = 192.168.159.34:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
enabled = true
# ...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
# ...
api_servers = http://192.168.159.34:9292
[oslo_concurrency]
# ...
lock_path = /var/lib/nova/tmp初始化nova和nova_api数据库
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova启动nova服务
# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service4.服务检查
列出当前认证成功的计算服务列表
# source /root/.admin-openrc
# openstack compute service list
+----+------------------+---------------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+---------------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | node1.example.local | internal | enabled | up | 2017-03-15T14:01:59.000000 |
| 2 | nova-conductor | node1.example.local | internal | enabled | up | 2017-03-15T14:01:58.000000 |
| 3 | nova-scheduler | node1.example.local | internal | enabled | up | 2017-03-15T14:01:59.000000 |
| 6 | nova-compute | node2.example.local | nova | enabled | up | 2017-03-15T14:02:00.000000 |
+----+------------------+---------------------+----------+---------+-------+----------------------------+列出已经连接到认证服务的 endpoint API
# openstack catalog list
+----------+----------+-------------------------------------------+
| Name | Type | Endpoints |
+----------+----------+-------------------------------------------+
| keystone | identity | RegionOne |
| | | internal: |
| | | http://192.168.159.34:5000/v3/ |
| | | RegionOne |
| | | public: http://192.168.159.34:5000/v3/ |
| | | RegionOne |
| | | admin: http://192.168.159.34:35357/v3/ |
| | | |
| nova | compute | RegionOne |
| | | public: http://192.168.159.34:8774/v2.1 |
| | | /c5062eadfa4a4ecb81df03168b51b076 |
| | | RegionOne |
| | | internal: http://192.168.159.34:8774/v2 |
| | | .1/c5062eadfa4a4ecb81df03168b51b076 |
| | | RegionOne |
| | | admin: http://192.168.159.34:8774/v2.1/ |
| | | c5062eadfa4a4ecb81df03168b51b076 |
| | | |
| glance | image | RegionOne |
| | | admin: http://192.168.159.34:9292 |
| | | RegionOne |
| | | internal: http://192.168.159.34:9292 |
| | | RegionOne |
| | | public: http://192.168.159.34:9292 |
| | | |
+----------+----------+-------------------------------------------+六、安装network服务
1. 创建数据库
使用root用户登录数据库
# mysql -uroot -proot创建nova数据库
MariaDB [(none)]> CREATE DATABASE neutron;给neutron用户授权
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'192.168.159.%' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'node1.example.local' IDENTIFIED BY 'neutron';退出数据库
MariaDB [(none)]> \q
Bye2. 在openstack中创建neutron用户
在openstack中创建neutron用户
# source /root/.admin-openrc
# echo $OS_PASSWORD
ADMIN_PASS
# openstack user create --domain default --password-prompt neutron
User Password:neutron
Repeat User Password:neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c11ffaec48144bafb47d835bf9f47b68 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+给neutron用户赋予admin角色
# openstack role add --project service --user neutron admin在openstack中创建neutron服务
# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | b34d2cb5d01b4ca69cf78a9b5c36442c |
| name | neutron |
| type | network |
+-------------+----------------------------------+在openstack中为neutron创建endpoint
# openstack endpoint create --region RegionOne network public http://192.168.159.34:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0e3fb7f9ffd942429b91861e211fc921 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b34d2cb5d01b4ca69cf78a9b5c36442c |
| service_name | neutron |
| service_type | network |
| url | http://192.168.159.34:9696 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne network internal http://192.168.159.34:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 9028c3bf79404a61bd83baf809a2e894 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b34d2cb5d01b4ca69cf78a9b5c36442c |
| service_name | neutron |
| service_type | network |
| url | http://192.168.159.34:9696 |
+--------------+----------------------------------+
# openstack endpoint create --region RegionOne network admin http://192.168.159.34:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4937f4f8ab0045e182f8ed7828a5f342 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b34d2cb5d01b4ca69cf78a9b5c36442c |
| service_name | neutron |
| service_type | network |
| url | http://192.168.159.34:9696 |
+--------------+----------------------------------+3. 配置网络
我们可以选择两种网络部署结构,方式1和方式2:
方式1:只部署最基础的网络架构,只支持附加实例提供者(外部)网络。没有自助服务(内部)网络,路由功能和浮动IP功能,只有管理员或其他特权用户可以管理网络。也就是说,这个网络仅允许管理虚拟机使用,虚拟机之间无法构建内部虚拟网络,一般情况下,这种部署方式适用于初学者或者演示环境搭建。
方式2:在方式1的基础上增加三层服务,支持将实例附加到自助服务网络。demo用户或其他用户可以管理自助服务网络,通过路由的方式在各个实例之间连接网络。此外,浮动IP将允许管理员从外部连接到自助服务网络中。
选择一个最合适的方式来配置你所需要的网络,此处我们选择第二种方式配置一个自助服务网络
3.1 安装组件
# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables3.2 编辑配置文件/etc/neutron/neutron.conf
[database]
# ...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
[nova]
# ...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp3.3 配置二层插件模块
编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
# ...
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
# ...
flat_networks = provider
[ml2_type_vxlan]
# ...
vni_ranges = 1:1000
[securitygroup]
# ...
enable_ipset = true注意:配置完毕ml2插件后,需要将type_drivers里面的其他值删除掉,否则数据库数据会被修改
3.4 配置linux bridge agent
编辑配置文件/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.159.34
l2_population = true
[securitygroup]
# ...
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver3.5 配置layer-3 agent
编辑/etc/neutron/l3_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge3.6 配置DHCP agent
编辑/etc/neutron/dhcp_agent.ini
[DEFAULT]
# ...
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true4. 配置metadata agent
编辑/etc/neutron/metadata_agent.ini
[DEFAULT]
# ...
nova_metadata_ip = 192.168.159.34
metadata_proxy_shared_secret = metadata5. 配置compute服务使用network服务
编辑/etc/nova/nova.conf
[neutron]
# ...
url = http://192.168.159.34:9696
auth_url = http://192.168.159.34:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata6. 最后的一些配置
连接/etc/neutron/plugins/ml2/ml2_conf.ini到/etc/neutron/目录下
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# ll /etc/neutron/plugin.ini
lrwxrwxrwx 1 root root 37 Mar 18 18:48 /etc/neutron/plugin.ini -> /etc/neutron/plugins/ml2/ml2_conf.ini同步数据库
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron重启compute-api服务
# systemctl restart openstack-nova-api.service启动网络服务
# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
# systemctl enable neutron-l3-agent.service
# systemctl start neutron-l3-agent.service
3444
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
