OPENSTACK指导手册
公开
目录
-
配置主机网络和主机名
1.1 控制节点
1.2计算节点
1.3 计算节点
1.4 块存储节点
1.5 验证 -
认证服务 8
2.1 创建数据库:
2.2 安全并配置组件
2.3 配置 Apache HTTP 服务器
2.4 完成安装,启动httpd
2.5 创建服务实体和API端点
2.5.1 配置认证令牌
2.5.2 创建服务实体和API端点
2.5.3 服务验证操作 -
镜像服务
3.1 安装和配置
3.2 安全并配置组件
3.3 完成安装
3.4 验证操作 -
计算服务安装
4.1 安装并配置控制节点
4.2 安全并配置组件
4.3 完成安装
4.4 安装和配置计算节点
4.5 完成安装
4.6 验证操作 -
安装网络(控制节点)
5.1 安装并配置控制节点
5.2 安装网络选项1:公共网络
5.3 完成安装
5.4 安装计算节点网络
5.5 配置网络选项
5.6 为计算节点配置网络服务
5.7 完成安装
5.8 在控制节点验证网络 -
Dashboard
6.1 安装和配置
6.2 验证操作 -
安装块存储
7.1 安装并配置控制节点
7.2 安全并配置组件
7.3 配置计算节点使用块存储
7.4 完成安装
7.5 安装并配置一个存储节点
7.6 安装并配置组件
7.7 完成安装
7.8 验证操作 -
Dashboard页面操作
-
环境规划
1.1. 硬件规划
IP 主机名 配置
172.26.128.126 controller 双网卡:ens160,ens192
172.26.128.166 compute-04 双网卡:enp3s0f0, enp3s0f1
172.26.128.167 compute-05 双网卡:enp3s0f0, enp3s0f1
172.26.128.168 compute-06
1.2. 软件规划
名称 类型 版本
CentOS 系统软件 7.5 126为:7.4
Mysql 数据库 15.1 Distrib 10.1.20-MariaDB
Etcd 3.2
Memcached 1.5.6
Rabbitmq 3.6.5
Apache 2.4
OpenStack Queens
1.3. 组件规划
角色 组件 Ip 用户 备注
controller Mysql:单节点
rabbitmq-server:单节点
Memcached:单节点
etcd:单节点
apache(keystone,Horizon):单节点
nova-api
nova-consoleauth
nova-conductor
nova-scheduler
nova-novncproxy
glance-api
glance-registry
cinder-api
cinder-scheduler
neutron-server
neutron-linuxbridge-agent
neutron-dhcp-agent
neutron-metadata-agent 172.26.128.126 root 控制节点
compute04 libvirtd
openstack-nova-compute
neutron-linuxbridge-agent 172.26.128.166
compute05 nova-compute
neutron-linuxbridge-agent
cinder-volume 172.26.128.167
compute06 libvirtd
openstack-nova-compute
neutron-linuxbridge-agent 172.26.128.168
1.4. 部署拓扑图
- 配置主机网络和主机名
2.1. 172.26.128.126
2.1.1. 主机网络配置
/etc/sysconfig/network-scripts/ifcfg-ens160更改配置
HWADDR=00:50:56:9a:74:f7
NAME=ens160
GATEWAY=172.26.128.1
DNS1=172.20.3.44
DNS2=172.20.3.45
DEVICE=ens160
TYPE=Ethernet
ONBOOT=yes
USERCTL=no
BOOTPROTO=none
NETMASK=255.255.255.0
IPADDR=172.26.128.126
PEERDNS=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
2.1.2. 主机名配置
配置文件:/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 controller
172.26.128.126 controller
172.26.128.166 compute04
172.26.128.167 compute05s
172.26.128.168 compute06
2.2. 172.26.128.166
2.2.1. 主机网络配置
配置文件:/etc/sysconfig/network-scripts/ ifcfg-enp3s0f0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp3s0f0
UUID=13e08b29-dd4d-4286-a4e8-4700cdb9ed11
DEVICE=enp3s0f0
ONBOOT=yes
IPADDR=172.26.128.166
GATEWAY=172.26.128.1
NETMASK=255.255.255.0
DNS1=172.20.3.44
2.2.2. 主机名配置
配置文件:/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.26.128.126 controller
172.26.128.166 compute04
172.26.128.167 compute05
172.26.128.168 compute06
2.3. 172.26.128.167
2.3.1. 主机网络配置
配置文件:/etc/sysconfig/network-scripts/ ifcfg-enp3s0f0更改配置
BOOTPROTO=static
IPADDR=172.26.128.167
PREFIX=24
GATEWAY=172.26.128.1
DNS1=172.20.3.44
NAME=enp3s0f0
DEVICE=enp3s0f0
ONBOOT=yes
DEFROUTE=yes
TYPE=Ethernet
2.3.2. 主机名配置
编辑主机名/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.26.128.126 controller
172.26.128.160 compute03
172.26.128.166 compute04
172.26.128.167 compute05
172.26.128.168 compute06
2.4. 172.26.128.168
2.4.1. 主机网络配置
配置文件:/etc/sysconfig/network-scripts/ifcfg-ens126
TYPE=Ethernet
BOOTPROTO=none
IPADDR=172.26.128.168
PREFIX=24
GATEWAY=172.26.128.1
DNS1=172.20.3.44
DEFROUTE=yes
NAME=eno1
ONBOOT=yes
DEVICE=eno1
IPV4_FAILURE_FATAL=no
IPV6INIT=no
2.4.2. 主机名配置
编辑主机名/etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.26.128.126 controller
172.26.128.166 compute04
172.26.128.167 compute05
172.26.128.168 compute06
IP地址:172.26.128.167
2.5. 验证
在控制节点上ping计算节点主机是否通
[root@controller ~]# ping -c 4 compute04
PING compute01 (172.26.128.166) 56(84) bytes of data.
64 bytes from compute04 (172.26.128.166): icmp_seq=1 ttl=64 time=0.779 ms
64 bytes from compute04 (172.26.128.166): icmp_seq=2 ttl=64 time=0.450 ms
64 bytes from compute04 (172.26.128.166): icmp_seq=3 ttl=64 time=0.391 ms
64 bytes from compute04 (172.26.128.166): icmp_seq=4 ttl=64 time=0.381 ms
[root@controller ~]# ping -c 4 compute06
PING compute02 (172.26.128.168) 56(84) bytes of data.
64 bytes from compute06 (172.26.128.168): icmp_seq=1 ttl=64 time=1.60 ms
64 bytes from compute06 (172.26.128.168): icmp_seq=2 ttl=64 time=1.57 ms
64 bytes from compute06 (172.26.128.168): icmp_seq=3 ttl=64 time=1.47 ms
64 bytes from compute06 (172.26.128.168): icmp_seq=4 ttl=64 time=0.641 ms
在计算节点上ping控制节点
[root@compute04 ~]# ping -c 4 controller
PING controller (172.26.128.126) 56(84) bytes of data.
64 bytes from controller (172.26.128.126): icmp_seq=1 ttl=64 time=0.508 ms
64 bytes from controller (172.26.128.126): icmp_seq=2 ttl=64 time=1.70 ms
64 bytes from controller (172.26.128.126): icmp_seq=3 ttl=64 time=0.483 ms
64 bytes from controller (172.26.128.126): icmp_seq=4 ttl=64 time=1.36 ms
2.6. Openstack Q版环境配置
https://www.cnblogs.com/xiongyoutom/p/9663607.html
- 认证服务
3.1. 创建数据库:
安装软件包:
yum install mariadb mariadb-server python2-PyMySQL mongodb-server mongodb rabbitmq-server memcached python-memcached
用数据库连接客户端以 root 用户连接到数据库服务器:
mysql -u root –p1qaz2wsx
创建 keystone 数据库
CREATE DATABASE keystone;
对keystone
数据库授权
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@‘localhost’ \ IDENTIFIED BY ‘1qaz2wsx ‘;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone’@’%’
IDENTIFIED BY ‘1qaz2wsx’;
生成管理员令牌。
openssl rand -hex
107e5805560f848c2fcbd6
3.2. 安全并配置组件
yum install openstack-keystone httpd mod_wsgi
修改配置文件
[root@controller ]# vi /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7e5805560f848c2fcbd6
[database]
connection = mysql+pymysql://keystone:1qaz2wsx@172.26.128.126/keystone
[token]
provider = fernet
初始化身份认证服务的数据库
[root@controller]# su -s /bin/sh -c “keystone-manage db_sync” keystone
[root@controller]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
[root@controller]# keystone-manage bootstrap --bootstrap-password 1qaz2wsx \
–bootstrap-admin-url http://172.26.128.126:35357/v3/
–bootstrap-internal-url http://172.26.128.126:5000/v3/
–bootstrap-public-url http://172.26.128.126:5000/v3/
–bootstrap-region-id RegionOne
3.3. 配置 Apache HTTP 服务器
[root@controller]# vi /etc/httpd/conf/httpd.conf
修改ServerName 172.26.128.126
[root@controller]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# cat /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
= 2.4>
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LimitRequestBody 114688
= 2.4>
ErrorLogFormat “%{cu}t %M”
ErrorLog /var/log/httpd/keystone.log
CustomLog /var/log/httpd/keystone_access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
Alias /identity /usr/bin/keystone-wsgi-public
<Location /identity>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
Alias /identity_admin /usr/bin/keystone-wsgi-admin
<Location /identity_admin>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup keystone-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
3.4. 完成安装,启动httpd
[root@controller ]# systemctl enable httpd.service
Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service.
启动httpd
[root@controller ]# systemctl start httpd.service
3.5. 创建服务实体和API端点
3.5.1. 配置认证令牌
[root@controller ]# export OS_USERNAME=admin
[root@controller ]# export OS_PASSWORD=1qaz2wsx
[root@controller ]# export OS_PROJECT_NAME=admin
[root@controller ]# export OS_USER_DOMAIN_NAME=Default
[root@controller ]# export OS_PROJECT_DOMAIN_NAME=Default
[root@controller ]# export OS_AUTH_URL=http://172.26.128.126:35357/v3
[root@controller ]# export OS_IDENTITY_API_VERSION=3
创建认证令牌脚本:http://www.cnblogs.com/xiongyoutom/p/9668603.html
3.5.2. 创建服务实体和API端点
[root@controller ]# openstack domain create --description “An Example Domain” example
±------------±---------------------------------+| Field | Value |±------------±---------------------------------+| description | An Example Domain || enabled | True || id | 2f4f80574fd84fe6ba9067228ae0a50c || name | example |±------------±---------------------------------+
[root@controller ]# openstack project create --domain default \
–description “Service Project” service
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 37debf5709704578a2f8e7994602a11a |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
±------------±---------------------------------+
[root@controller ]# openstack project create --domain default \
–description “Demo Project” demo
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 0ad117fbe42a411aa59bb940e48cd1d9 |
| is_domain | False |
| name | demo |
| parent_id | default |
| tags | [] |
±------------±---------------------------------+
[root@controller ]# openstack user create --domain default \
–password-prompt demo
User Password:1qaz2wsx
Repeat User Password:1qaz2wsx
±--------------------±---------------------------------+
| Field | Value |
±--------------------±---------------------------------+
| domain_id | default |
| enabled | True |
| id | 8d986172b093472db4c15af54df09ff1 |
| name | demo |
| options | {} |
| password_expires_at | None |
±--------------------±---------------------------------+
[root@controller ]# openstack role create user
±----------±---------------------------------+
| Field | Value |
±----------±---------------------------------+
| domain_id | None |
| id | c1a07554afee4241bf6f2dd45832a599 |
| name | user |
±----------±---------------------------------+
[root@controller ]# openstack role add --project demo --user demo user
3.5.3. 服务验证操作
[root@controller ]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ]# openstack --os-auth-url http://172.26.128.126:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
Password: 1qaz2wsx
±-----------±----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
±-----------±----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-10T08:25:29+0000 |
| id | gAAAAABbRF9pvkU6NSpvzpxYFgFerrVm9u_N3B2GZzXec69TI9nJLEm6BiA3VPvAPLb2SJLeXSraGjGa613dq-YTNqnZmlQk4M6wdn3HcfHFQnEBTPtXpQNMBebfPiGtzE7VHWTKys0Dj2AOjIjqq3usYWHrys2XzgdXIIV1s2fey7WwNgMk3c0 |
| project_id | e72e49df612d4923a7d348c0b8c92bb3 |
| user_id | da4ea040435446d8b05287015215e688 |
±-----------±----------------------------------------------------------------------------------------------------------------
[root@controller ]# openstack --os-auth-url http://controller:5000/v3 \
–os-project-domain-name default --os-user-domain-name default
–os-project-name demo --os-username demo token issue
Password: 1qaz2wsx
±-----------±----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
±-----------±----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-10T08:26:31+0000 |
| id | gAAAAABbRF-nTTr8TgeDb7980JKNvB1RxPzLVFHo7q41sbKJVkw6tmqh-ji-OfAE5kF9te7OzSRrIOZi7AFvk4aNsscFmio4JOORWyABxdEgFESd42rl2TAezLTuo0uzZ_xaGmSDaRvxcrSgisxxJ8CmN-P_6o_6F0Zu2qnFjN3lgOc-tr0gzyQ |
| project_id | 0ad117fbe42a411aa59bb940e48cd1d9 |
| user_id | 8d986172b093472db4c15af54df09ff1 |
±-----------±-------------------------------------------------------------------------------------------------------------
[root@controller opt]#
[root@controller opt]# cat admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=1qaz2wsx
export OS_AUTH_URL=http://172.26.128.126:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[root@controller opt]# . admin-openrc
[root@controller opt]# openstack token issue
±-----------±----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
±-----------±----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-07-10T08:28:24+0000 |
| id | gAAAAABbRGAYGi-vM-vOnDZdfox0eYqeHz9dlozHoeB3_4RyshXcsxbiU4Gvz5Au-kdESjb5u3jgPntffifrew3LnM9xZfacGTkzRqSJa4zSmSgIOR7DREc26h04uo8FgZhvwk4OtXf3XE9jH4wtPkN-wE1t8HV_IAEcSqzwoceAG_nO4Nb_b_4 |
| project_id | e72e49df612d4923a7d348c0b8c92bb3 |
| user_id | da4ea040435446d8b05287015215e688 |
±-----------±----------------------------------------------------------------------------------------------------------------
- 镜像服务
4.1. 安装和配置
用数据库连接客户端以 root 用户连接到数据库服务器:
[root@controller opt]# mysql -u root -p1qaz2wsx
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 19
Server version: 10.1.20-MariaDB MariaDB Server
Copyright © 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type ‘help;’ or ‘\h’ for help. Type ‘\c’ to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@‘localhost’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO ‘glance’@’%’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
创建 glance 用户:
[root@controller opt]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
±--------------------±---------------------------------+
| Field | Value |
±--------------------±---------------------------------+
| domain_id | default |
| enabled | True |
| id | d7caa3d513934c88a683cba4acf56fd7 |
| name | glance |
| options | {} |
| password_expires_at | None |
±--------------------±---------------------------------+
添加 admin 角色到 glance 用户和 service 项目上。
[root@controller opt]# openstack role add --project service --user glance admin
创建glance
服务实体:
[root@controller opt]# openstack service create --name glance \
–description “OpenStack Image” image
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | f89982ad38ec4f948f5ce5f5b2d8d174 |
| name | glance |
| type | image |
±------------±---------------------------------+
创建镜像服务的 API 端点:
[root@controller opt]# openstack endpoint create --region RegionOne \
image public http://172.26.128.126:9292
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | ab859f7396d64d70bd623200d22e0315 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f89982ad38ec4f948f5ce5f5b2d8d174 |
| service_name | glance |
| service_type | image |
| url | http://172.26.128.126:9292 |
±-------------±---------------------------------+
您在 /var/spool/mail/root 中有新邮件
[root@controller opt]# openstack endpoint create --region RegionOne \
image internal http://172.26.128.126:9292
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | affade8a24e54dada0e8272fa73585f7 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f89982ad38ec4f948f5ce5f5b2d8d174 |
| service_name | glance |
| service_type | image |
| url | http://172.26.128.126:9292 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
image admin http://172.26.128.126:9292
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 6804ae24b5de496ab6ae735742a3edd2 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f89982ad38ec4f948f5ce5f5b2d8d174 |
| service_name | glance |
| service_type | image |
| url | http://172.26.128.126:9292 |
4.2. 安全并配置组件
安装软件包:
yum install openstack-glance
在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置:
[root@controller opt]# vi /etc/glance/glance-api.conf
在 [database] 部分,配置数据库访问:
[root@controller opt]# vi /etc/glance/glance-registry.conf
写入镜像服务数据库:
[root@controller opt]# su -s /bin/sh -c “glance-manage db_sync” glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
expire_on_commit=expire_on_commit, _conf=conf)
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of ‘images’ table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_expand01, current revision(s): queens_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
4.3. 完成安装
启动镜像服务、配置他们随机启动:
[root@controller opt]# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-registry.service to /usr/lib/systemd/system/openstack-glance-registry.service.
[root@controller opt]# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
4.4. 验证操作
下载镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller opt]# openstack image create “cirros” --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
±-----------------±-----------------------------------------------------+
| Field | Value |
±-----------------±-----------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2018-07-10T08:14:16Z |
| disk_format | qcow2 |
| file | /v2/images/b25528dc-a451-4b7e-8780-f84095aaea5f/file |
| id | b25528dc-a451-4b7e-8780-f84095aaea5f |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | c945b61a0c5b4109bc7cda5321ec06fd |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2018-07-10T08:14:17Z |
| virtual_size | None |
| visibility | public |
±-----------------±-----------------------------------------------------+
确认镜像的上传并验证属性:
[root@controller opt]# openstack image list
±-------------------------------------±-------±-------+
| ID | Name | Status |
±-------------------------------------±-------±-------+
| b25528dc-a451-4b7e-8780-f84095aaea5f | cirros | active |
±-------------------------------------±-------±-------+
- 计算服务安装
5.1. 安装并配置控制节点
用数据库连接客户端以 root 用户连接到数据库服务器
MariaDB [glance]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [glance]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [glance]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.01 sec)
对数据库进行正确的授权:
MariaDB [glance]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@‘localhost’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]> GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova’@’%’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]>
MariaDB [glance]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@‘localhost’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]> GRANT ALL PRIVILEGES ON nova.* TO ‘nova’@’%’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]>
MariaDB [glance]> GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@‘localhost’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]> GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova’@’%’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]> show databases;
±-------------------+
| Database |
±-------------------+
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
±-------------------+
8 rows in set (0.00 sec)
创建 nova 用户:
[root@controller opt]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
±--------------------±---------------------------------+
| Field | Value |
±--------------------±---------------------------------+
| domain_id | default |
| enabled | True |
| id | d24815b487164615935dd423246fa6ca |
| name | nova |
| options | {} |
| password_expires_at | None |
±--------------------±---------------------------------+
给 nova 用户添加 admin 角色:
[root@controller opt]# openstack role add --project service --user nova admin
创建 nova 服务实体:
[root@controller opt]# openstack service create --name nova \
–description “OpenStack Compute” compute
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 598b667a89724097890609640237267b |
| name | nova |
| type | compute |
创建 Compute 服务 API 端点 :
[root@controller opt]# openstack endpoint create --region RegionOne \
compute public http://172.26.128.126:8774/v2.1
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 7832e851720f4554b4d7322082cef5be |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 598b667a89724097890609640237267b |
| service_name | nova |
| service_type | compute |
| url | http://172.26.128.126:8774/v2.1 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
compute internal http://172.26.128.126:8774/v2.1
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 159211f5e1954e7d9ff9375e2b58b01b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 598b667a89724097890609640237267b |
| service_name | nova |
| service_type | compute |
| url | http://172.26.128.126:8774/v2.1 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
compute admin http://172.26.128.126:8774/v2.1
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 07b16490e9724605881b880cbcc5ff96 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 598b667a89724097890609640237267b |
| service_name | nova |
| service_type | compute |
| url | http://172.26.128.126:8774/v2.1 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint list
±---------------------------------±----------±-------------±-------------±--------±----------±--------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
±---------------------------------±----------±-------------±-------------±--------±----------±--------------------------------+
| 07b16490e9724605881b880cbcc5ff96 | RegionOne | nova | compute | True | admin | http://172.26.128.126:8774/v2.1 |
| 159211f5e1954e7d9ff9375e2b58b01b | RegionOne | nova | compute | True | internal | http://172.26.128.126:8774/v2.1 |
| 389ea7e6180a4b019f59142b7f6b6f82 | RegionOne | keystone | identity | True | public | http://172.26.128.126:5000/v3/ |
| 4e4da59adcc34aa2abd1ac7ce5528a32 | RegionOne | keystone | identity | True | internal | http://172.26.128.126:5000/v3/ |
| 5b2925b348844d4d9bde4e2ddc89f344 | RegionOne | glance | image | True | internal | http://172.26.128.126:9292 |
| 7832e851720f4554b4d7322082cef5be | RegionOne | nova | compute | True | public | http://172.26.128.126:8774/v2.1 |
| 975d387908464c0e81e848a5d69ac3dc | RegionOne | keystone | identity | True | admin | http://172.26.128.126:5000/v3/ |
| 9b8e76839a3643e1b09b6fe3e479e1c6 | RegionOne | glance | image | True | public | http://172.26.128.126:9292 |
| bd6a9090a16a4fd6b549b59ec3f89f3a | RegionOne | glance | image | True | admin | http://172.26.128.126:9292 |
±---------------------------------±----------±-------------±-------------±--------±----------±--------------------------------+
您在 /var/spool/mail/root 中有新邮件
创建用户
[root@controller opt]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
±--------------------±---------------------------------+
| Field | Value |
±--------------------±---------------------------------+
| domain_id | default |
| enabled | True |
| id | 9367f86b6d8b4fd9aadfffc536b17224 |
| name | placement |
| options | {} |
| password_expires_at | None |
±--------------------±---------------------------------+
加到admin
[root@controller opt]# openstack role add --project service --user placement admin
No user with a name or ID of ‘placement’ exists.
创建位置API服务端点
[root@controller opt]# openstack service create --name placement --description " shi zheng yu Placement API" placement
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | shi zheng yu Placement API |
| enabled | True |
| id | 918cc3f395494209b665297af949e316 |
| name | placement |
| type | placement |
±------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne placement public http://172.26.128.126:8778
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 88c9317f8e784cc3b5d6eb8b0556bdd7 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 918cc3f395494209b665297af949e316 |
| service_name | placement |
| service_type | placement |
| url | http://172.26.128.126:8778 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne placement internal http://172.26.128.126:8778
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 354a35dd204e4e4cb4fd1949b56d42a3 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 918cc3f395494209b665297af949e316 |
| service_name | placement |
| service_type | placement |
| url | http://172.26.128.126:8778 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne placement admin http://172.26.128.126:8778
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 36c9c666230d46649903d01b4fb6499f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 918cc3f395494209b665297af949e316 |
| service_name | placement |
| service_type | placement |
| url | http://172.26.128.126:8778 |
5.2. 安全并配置组件
安装软件包
yum install openstack-nova-api openstack-nova-conductor
openstack-nova-console openstack-nova-novncproxy \ openstack-nova-scheduler openstack-nova-placement-api
编辑/etc/nova/nova.conf
文件并完成下面的操作
[root@controller opt]# vi /etc/nova/nova.conf
配置/etc/httpd/conf.d/00-nova-placement-api.conf:
[root@controller opt]# cat /etc/httpd/conf.d/00-nova-placement-api.conf
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
WSGIScriptAlias / /usr/bin/nova-placement-api
= 2.4>
ErrorLogFormat “%M”
ErrorLog /var/log/nova/nova-placement-api.log
#SSLEngine On
#SSLCertificateFile …
#SSLCertificateKeyFile …
Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<Directory /usr/bin>
= 2.4>
Require all granted
<IfVersion < 2.4>
Order allow,deny
Allow from all
重新启动httpd
[root@controller opt]# systemctl restart httpd
刷新nova到数据库
[root@controller opt]# su -s /bin/sh -c “nova-manage api_db sync” nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) [‘use_tpool’] not supported
exception.NotSupportedWarning
解决方法:
根据报错信息找到对应的文件,注释第325、329、330、331、332和333行的配置。
[root@linux-node1 ~]# sed -n ‘325,333p’ /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py
if not_supported:
# would like to raise ValueError here, but there are just
# too many unrecognized (obsolete?) configuration options
# coming in from projects
warnings.warn(
“Configuration option(s) %r not supported” %
sorted(not_supported),
exception.NotSupportedWarning
)
注册cell0数据库
[root@controller opt]# su -s /bin/sh -c “nova-manage cell_v2 map_cell0” nova
创建cell1 cell
[root@controller opt]# su -s /bin/sh -c “nova-manage cell_v2 create_cell --name=cell1 --verbose” nova
58e6ba8e-2f49-4148-aa45-4cfb0ab4a1d5
初始化nova数据库
[root@controller opt]# su -s /bin/sh -c “nova-manage db sync” nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) [‘use_tpool’] not supported
exception.NotSupportedWarning
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u’Duplicate index block_device_mapping_instance_uuid_virtual_name_device_name_idx
. This is deprecated and will be disallowed in a future release.’)
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u’Duplicate index uniq_instances0uuid
. This is deprecated and will be disallowed in a future release.’)
result = self._query(query)
验证nova cell0 和 cell1 已经注册
[root@controller opt]# nova-manage cell_v2 list_cells
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) [‘use_tpool’] not supported
exception.NotSupportedWarning
±------±-------------------------------------±---------------------------------------±---------------------------------
| 名称 |UUID | Transport URL | 数据库连接 |±------±--------------------------
|cell0|00000000-0000-0000-0000-000000000000|none:/ | mysql+pymysql://nova:@172.26.128.126/nova_cell0 |
| cell1 | 58e6ba8e-2f49-4148-aa45-4cfb0ab4a1d5 | rabbit://openstack:@172.26.128.126 | mysql+pymysql://nova:****@172.26.128.126/nova|
±------±-------------------------------------±---------------------------------------±---------------------------------
5.3. 完成安装
启动 Compute 服务并将其设置为随系统启动
[root@controller opt]# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service
openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@controller opt]# systemctl start openstack-nova-api.service
openstack-nova-consoleauth.service openstack-nova-scheduler.service
openstack-nova-conductor.service openstack-nova-novncproxy.service
5.4. 安装和配置计算节点
安装并配置组件
[root@compute02 ~]#yum install openstack-nova-compute –y
编辑/etc/nova/nova.conf
文件并完成下面的操作:
[root@compute02 ~]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
my_ip = 172.26.128.168
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://172.26.128.126:5000/v3
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 1qaz2wsx
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://172.26.128.126:6080/vnc_auto.html
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[glance]
api_servers = http://172.26.128.126:9292
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.26.128.126:5000/v3
username = placement
password = 1qaz2wsx
[neutron]
url = http://172.26.128.126:9696
auth_url = http://172.26.128.126:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 1qaz2wsx
[libvirt]
Virt type = kvm
5.5. 完成安装
启动计算服务及其依赖,并将其配置为随系统自动启动:
[root@compute02 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@compute02 ~]# systemctl start libvirtd.service openstack-nova-compute.service
[root@compute02 ~]# systemctl status libvirtd.service openstack-nova-compute.service
libvirtd.service - Virtualization daemon
Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
Active: active (running) since 二 2018-07-10 16:54:00 CST; 9min ago
Docs: man:libvirtd(8)
https://libvirt.org
Main PID: 30595 (libvirtd)
Tasks: 17 (limit: 32768)
CGroup: /system.slice/libvirtd.service
└─30595 /usr/sbin/libvirtd
7月 10 16:54:00 compute02 systemd[1]: Starting Virtualization daemon…
7月 10 16:54:00 compute02 systemd[1]: Started Virtualization daemon.
● openstack-nova-compute.service - OpenStack Nova Compute Server
Loaded: loaded (/usr/lib/systemd/system/openstack-nova-compute.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2018-07-10 17:03:17 CST; 26s ago
Main PID: 30852 (nova-compute)
Tasks: 22
5.6. 验证操作
[root@controller opt]# openstack compute service list --service nova-compute
±—±-------------±----------±-----±--------±------±---------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
±—±-------------±----------±-----±--------±------±---------------------------+
| 7 | nova-compute | compute02 | nova | enabled | up | 2018-07-10T09:06:38.000000 |
±—±-------------±----------±-----±--------±------±---------------------------+
[root@controller opt]# su -s /bin/sh -c “nova-manage cell_v2 discover_hosts --verbose” nova
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) [‘use_tpool’] not supported
exception.NotSupportedWarning
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell ‘cell1’: 58e6ba8e-2f49-4148-aa45-4cfb0ab4a1d5
Checking host mapping for compute host ‘compute02’: 1422a1c2-4e29-4dee-b5e1-0592e73dcf9f
Creating host mapping for compute host ‘compute02’: 1422a1c2-4e29-4dee-b5e1-0592e73dcf9f
Found 1 unmapped computes in cell: 58e6ba8e-2f49-4148-aa45-4cfb0ab4a1d5
列出服务组件,以验证是否成功启动并注册了每个进程:
[root@controller opt]# openstack compute service list
±—±-----------------±-----------±---------±--------±------±---------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
±—±-----------------±-----------±---------±--------±------±---------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2018-07-10T09:09:25.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2018-07-10T09:09:25.000000 |
| 3 | nova-conductor | controller | internal | enabled | up | 2018-07-10T09:09:25.000000 |
| 7 | nova-compute | compute02 | nova | enabled | up | 2018-07-10T09:09:28.000000 |
±—±-----------------±-----------±---------±--------±------±---------------------------+
[root@controller opt]# openstack image list
±-------------------------------------±-------±-------+
| ID | Name | Status |
±-------------------------------------±-------±-------+
| b25528dc-a451-4b7e-8780-f84095aaea5f | cirros | active |
±-------------------------------------±-------±-------+
[root@controller opt]# nova-status upgrade check
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) [‘use_tpool’] not supported
exception.NotSupportedWarning
Option “os_region_name” from group “placement” is deprecated. Use option “region-name” from group “placement”.
±------------------------------+
| 升级检查结果 |
±------------------------------+
| 检查: Cells v2 |
| 结果: 成功 |
| 详情: None |
±------------------------------+
| 检查: Placement API |
| 结果: 成功 |
| 详情: None |
±------------------------------+
| 检查: Resource Providers |
| 结果: 成功 |
| 详情: None |
±------------------------------+
| 检查: Ironic Flavor Migration |
| 结果: 成功 |
| 详情: None |
±------------------------------+
| 检查: API Service Version |
| 结果: 成功 |
| 详情: None |
- 安装网络(控制节点)
6.1. 安装并配置控制节点
用数据库连接客户端以 root 用户连接到数据库服务器:
MariaDB [glance]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.00 sec)
MariaDB [glance]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@‘localhost’ \ -> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [glance]> GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron’@’%’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.01 sec)
创建neutron
用户:
[root@controller opt]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
±--------------------±---------------------------------+
| Field | Value |
±--------------------±---------------------------------+
| domain_id | default |
| enabled | True |
| id | c406b32693094cc19b95c7b4bcfeed85 |
| name | neutron |
| options | {} |
| password_expires_at | None |
±--------------------±---------------------------------+
您在 /var/spool/mail/root 中有新邮件
添加admin
角色到neutron
用户:
[root@controller opt]# openstack role add --project service --user neutron admin
创建neutron
服务实体:
[root@controller opt]# openstack service create --name neutron \
–description “OpenStack Networking” network
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | c65300cc7e6c4d8cb61fcd168c7bf298 |
| name | neutron |
| type | network |
±------------±---------------------------------+
创建网络服务API端点:
[root@controller opt]# openstack endpoint create --region RegionOne
network public http://172.26.128.126:9696
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 93a7a2acba3b4d22b9dbceb327af40ec |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c65300cc7e6c4d8cb61fcd168c7bf298 |
| service_name | neutron |
| service_type | network |
| url | http://172.26.128.126:9696 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
network internal http://172.26.128.126:9696
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 97efb7cfc036478096adbdb0c2d2953c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c65300cc7e6c4d8cb61fcd168c7bf298 |
| service_name | neutron |
| service_type | network |
| url | http://172.26.128.126:9696 |
±-------------±---------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
network admin http://172.26.128.126:9696
±-------------±---------------------------------+
| Field | Value |
±-------------±---------------------------------+
| enabled | True |
| id | 9625977e2df94ca192c8ce1d04d27e39 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c65300cc7e6c4d8cb61fcd168c7bf298 |
| service_name | neutron |
| service_type | network |
| url | http://172.26.128.126:9696 |
±-------------±---------------------------------+
6.2. 安装网络选项1:公共网络
安装组件
此文档安装是直连模式,选择网络模式一
[root@controller opt]#yum install openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
配置组件
[root@controller opt]# vi /etc/neutron/neutron.conf
[root@controller ~]# cat /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
auth_strategy = keystone
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
dns_domain = efivestar.fcp.
[database]
connection = mysql+pymysql://neutron:1qaz2wsx@172.26.128.126/neutron
[keystone_authtoken]
auth_url = http://172.26.128.126:35357
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 1qaz2wsx
[nova]
auth_url = http://172.26.128.126:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 1qaz2wsx
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@controller opt]# vi /etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan,vlan,local,gre
tenant_network_types = flat
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = default
[securitygroup]
enable_ipset = true
[ml2_type_vlan]
vni_ranges = 1:1000
[ml2_type_vlan]
network_vlan_ranges = ens160:1001:2000
[root@controller opt]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@controller ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = default:ens160
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
[root@controller opt]# vi /etc/neutron/dhcp_agent.ini
[root@controller ~]# cat /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
dnsmasq_local_resolv = true
dnsmasq_dns_servers = 172.20.3.44,114.114.114.114
[agent]
[ovs]
[root@controller opt]# vi /etc/neutron/metadata_agent.ini
[root@controller ~]# cat /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = 172.26.128.126
metadata_proxy_shared_secret = 1qaz2wsx
[agent]
[cache]
[root@controller opt]# vi /etc/nova/nova.conf
[root@controller ~]# cat /etc/nova/nova.conf
[DEFAULT]
auth_strategy = keystone
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
my_ip = 172.26.128.126
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url=rabbit://openstack:1qaz2wsx@172.26.128.126
[api_database]
connection = mysql+pymysql://nova:1qaz2wsx@172.26.128.126/nova_api
[api]
auth_strategy = keystone
[database]
connection = mysql+pymysql://nova:1qaz2wsx@172.26.128.126/nova
#[oslo_messaging_rabbit]
#rabbit_host = 172.26.128.126
#rabbit_userid = openstack
#rabbit_password = 1qaz@WSX
[keystone_authtoken]
auth_url = http://172.26.128.126:5000/v3
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 1qaz2wsx
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://172.26.128.126:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[neutron]
url = http://172.26.128.126:9696
auth_url = http://172.26.128.126:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 1qaz2wsx
service_metadata_proxy = true
metadata_proxy_shared_secret = 1qaz2wsx
service_quantum_metadata_proxy=True
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.26.128.126:5000/v3
username = placement
password = 1qaz2wsx
[cinder]
os_region_name = RegionOne
6.3. 完成安装
[root@controller opt]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库:
[root@controller opt]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
–config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
正在对 neutron 运行 upgrade…
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> kilo, kilo_initial
INFO [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py
INFO [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam
INFO [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes
INFO [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework
INFO [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac
INFO [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage
INFO [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash
INFO [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers
INFO [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool
INFO [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes
INFO [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations
INFO [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port
INFO [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d, Add availability zone
INFO [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a, add is_default to subnetpool
INFO [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25, Add standard attribute table
INFO [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee, Add network availability zone
INFO [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9, Add router availability zone
INFO [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4, Add ip_version to AddressScope
INFO [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664, Add tables and attributes to support external DNS integration
INFO [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5, add_unique_ha_router_agent_port_bindings
INFO [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f, Auto Allocated Topology - aka Get-Me-A-Network
INFO [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821, add dynamic routing model data
INFO [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4, add_bgp_dragent_model_data
INFO [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81, rbac_qos_policy
INFO [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6, Add resource_versions row to agent table
INFO [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532, tag support
INFO [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f, add_timestamp_to_base_resources
INFO [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a, Add desc to standard attr table
INFO [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b, qos dscp db addition
INFO [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73, Add support for VLAN trunking
INFO [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502, Add device_id index to Port
INFO [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee, provisioning_blocks.py
INFO [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048, add revisions table
INFO [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4, add dns name to portdnses
INFO [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule.
INFO [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada, network_rbac
INFO [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables
INFO [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a12683502f3, Metaplugin removal
INFO [alembic.runtime.migration] Running upgrade 2a12683502f3 -> 2e5352a0ad4d, Add missing foreign keys
INFO [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver
INFO [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables
INFO [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c, Drop embrane plugin table
INFO [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39, standardattributes migration
INFO [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b, DVR sheduling refactoring
INFO [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050, Drop NEC plugin tables
INFO [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9, rbac_qos_policy
INFO [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada, network_rbac_external
INFO [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc, standard_desc
INFO [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53, device_owner_ha_replicate_int
INFO [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70, Rename ml2_network_segments table
INFO [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37, Add flavor_id to Router
INFO [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa, uniq_routerports0port_id
INFO [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf, Add support for Subnet Service Types
INFO [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4, add_qos_minimum_bandwidth_rules
INFO [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e, add standardattr to qos policies
INFO [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90, Add segment_id to subnet
INFO [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4, Add segment_host_mapping table.
INFO [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426, Rename ml2_dvr_port_bindings
INFO [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524, Remove mtu column from networks.
INFO [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc, uniq_floatingips0floating_network_id0fixed_port_id0fixed_ip_addr
INFO [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d, Add ip_allocation to port
INFO [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70, add_pk_version_table
INFO [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c, extend_pk_with_host_and_add_status_to_ml2_port_binding
INFO [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c, Add data_plane_status to Port
INFO [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da, qos add direction to bw_limit_rule table
INFO [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192, add is default to qos policies
INFO [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9, logging api
INFO [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6, Add dns_domain to portdnses
INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks
INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos
INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port
INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project
INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA
INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam
INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies
INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table
INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding
INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.
确定
重启计算API 服务:
[root@controller opt]# systemctl restart openstack-nova-api.service
[root@controller opt]# systemctl status openstack-nova-api.service
● openstack-nova-api.service - OpenStack Nova API Server
Loaded: loaded (/usr/lib/systemd/system/openstack-nova-api.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2018-07-10 17:38:12 CST; 12s ago
Main PID: 1931 (nova-api)
CGroup: /system.slice/openstack-nova-api.service
├─1931 /usr/bin/python2 /usr/bin/nova-api
├─1958 /usr/bin/python2 /usr/bin/nova-api
├─1959 /usr/bin/python2 /usr/bin/nova-api
├─1960 /usr/bin/python2 /usr/bin/nova-api
├─1961 /usr/bin/python2 /usr/bin/nova-api
├─1962 /usr/bin/python2 /usr/bin/nova-api
├─1963 /usr/bin/python2 /usr/bin/nova-api
├─1964 /usr/bin/python2 /usr/bin/nova-api
├─1965 /usr/bin/python2 /usr/bin/nova-api
├─1974 /usr/bin/python2 /usr/bin/nova-api
├─1975 /usr/bin/python2 /usr/bin/nova-api
├─1976 /usr/bin/python2 /usr/bin/nova-api
├─1977 /usr/bin/python2 /usr/bin/nova-api
├─1978 /usr/bin/python2 /usr/bin/nova-api
├─1979 /usr/bin/python2 /usr/bin/nova-api
├─1980 /usr/bin/python2 /usr/bin/nova-api
└─1981 /usr/bin/python2 /usr/bin/nova-api
7月 10 17:37:27 controller systemd[1]: Starting OpenStack Nova API Server…
7月 10 17:37:39 controller nova-api[1931]: /usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) [‘use_tpool’] not supported
7月 10 17:37:39 controller nova-api[1931]: exception.NotSupportedWarning
7月 10 17:38:12 controller systemd[1]: Started OpenStack Nova API Server.
当系统启动时,启动 Networking 服务并配置它启动
[root@controller opt]# systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service
neutron-metadata-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-server.service to /usr/lib/systemd/system/neutron-server.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-dhcp-agent.service to /usr/lib/systemd/system/neutron-dhcp-agent.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-metadata-agent.service to /usr/lib/systemd/system/neutron-metadata-agent.service.
[root@controller opt]# systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service
neutron-metadata-agent.service
6.4. 安装计算节点网络
安装组件172.26.128.166/162
[root@compute02 opt]# yum install openstack-neutron-linuxbridge ebtables ipset
编辑/etc/neutron/neutron.conf
文件并完成如下操作
[root@compute02 opt]# cat /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
[keystone_authtoken]
auth_uri = http://172.26.128.126:5000
auth_url = http://172.26.128.126:35357
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 1qaz2wsx
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@compute02 opt]# cat /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
[keystone_authtoken]
auth_uri = http://172.26.128.126:5000
auth_url = http://172.26.128.126:35357
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 1qaz2wsx
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[root@compute02 opt]# vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[root@compute02 opt]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens126
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
[root@compute02 opt]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:1qaz2wsx
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
[root@compute02 opt]# vi /etc/nova/nova.conf
[root@compute02 opt]# cat /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
my_ip = 172.26.128.168
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://172.26.128.126:5000/v3
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 1qaz2wsx
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://172.26.128.126:6080/vnc_auto.html
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[glance]
api_servers = http://172.26.128.126:9292
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://172.26.128.126:5000/v3
username = placement
password = 1qaz2wsx
[neutron]
url = http://172.26.128.126:9696
auth_url = http://172.26.128.126:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 1qaz2wsx
6.5. 配置网络选项
网络选项1:公共网络
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
文件并且完成以下操作
[root@compute02 opt]# /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = default:ens160
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = false
6.6. 为计算节点配置网络服务
编辑/etc/nova/nova.conf
文件并完成下面的操作:
[neutron] url = http://172.26.128.126:9696 auth_url = http:// 172.26.128.126:35357 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password =1qaz2wsx
6.7. 完成安装
重启计算服务:
[root@compute02 opt]# systemctl restart openstack-nova-compute.service
启动Linuxbridge代理并配置它开机自启动:
[root@compute02 opt]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
[root@compute02 opt]# systemctl start neutron-linuxbridge-agent.service
6.8. 在控制节点验证网络
[root@controller opt]# neutron ext-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
±--------------------------±---------------------------------------------------------------------------------------------+
| alias | name |
±--------------------------±---------------------------------------------------------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| net-mtu-writable | Network MTU (writable) |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| flavors | Neutron Service Flavors |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| standard-attr-tag | Tag support for resources with standard attribute: trunk, policy, security_group, floatingip |
| revision-if-match | If-Match constraints based on revision_number |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| quota_details | Quota details management support |
| address-scope | Address scope |
| subnet-service-types | Subnet service types |
| standard-attr-timestamp | Resource timestamps |
| service-type | Neutron 服务类型管理 |
| tag-ext | Tag support for resources: subnet, subnetpool, port, router |
| extra_dhcp_opt | Neutron Extra DHCP options |
| standard-attr-revisions | Resource revision numbers |
| pagination | Pagination support |
| sorting | Sorting support |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| ip-substring-filtering | IP address substring filtering |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| project-id | project_id field enabled |
±--------------------------±---------------------------------------------------------------------------------------------+
- Dashboard
7.1. 安装和配置
安装软件包:(在控制节点上操作)
yum install openstack-dashboard
编辑 /etc/openstack-dashboard/local_settings 添加如下
OPENSTACK_HOST = “172.26.128.126”
CACHES = {
‘default’: {
‘BACKEND’: ‘django.core.cache.backends.memcached.MemcachedCache’,
‘LOCATION’: ‘172.26.128.126:11211’,
},
}
OPENSTACK_KEYSTONE_URL = “http://%s:5000/v3” % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = { “identity”: 3, “image”: 2, “volume”: 2, }
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = “Default”
OPENSTACK_KEYSTONE_DEFAULT_ROLE = “user”
OPENSTACK_NEUTRON_NETWORK = { … ‘enable_router’: False, ‘enable_quotas’: False, ‘enable_distributed_router’: False, ‘enable_ha_router’: False, ‘enable_lb’: False, ‘enable_firewall’: False, ‘enable_vpn’: False, ‘enable_fip_topology_check’: False, }
TIME_ZONE = “TIME_ZONE”
编辑 /etc/httpd/conf.d/openstack-dashboard.conf添加
WSGIApplicationGroup %{GLOBAL}
重启httpd、memcaceh。
systemctl restart httpd.service memcached.service
7.2. 验证操作
在浏览器中输入 http://172.26.128.126/dashboard
访问仪表盘。
- 安装块存储
8.1. 安装并配置控制节点
在控制节点上安装权限
mysql -u root -p
Create the cinder database:
MariaDB [(none)]> CREATE DATABASE cinder;
Grant proper access to the cinder database:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘localhost’
IDENTIFIED BY ‘CINDER_DBPASS’;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’
IDENTIFIED BY ‘CINDER_DBPASS’;
Replace CINDER_DBPASS with a suitable password.
Exit the database access client.
Source the admin credentials to gain access to admin-only CLI commands:
MariaDB [(none)]> CREATE DATABASE cinder;
Query OK, 1 row affected (0.01 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@‘localhost’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO ‘cinder’@’%’
-> IDENTIFIED BY ‘1qaz2wsx’;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> quit
Bye
创建一个 cinder 用户
[root@controller opt]# openstack user create --domain default --password-prompt cinder
User Password:
Repeat User Password:
±--------------------±---------------------------------+
| Field | Value |
±--------------------±---------------------------------+
| domain_id | default |
| enabled | True |
| id | 999814d07c554f61b230d903e41839d0 |
| name | cinder |
| options | {} |
| password_expires_at | None |
±--------------------±---------------------------------+
添加 admin 角色到 cinder 用户上。
[root@controller opt]# openstack role add --project service --user cinder admin
创建 cinder 和 cinderv2 服务实体
[root@controller opt]# openstack service create --name cinderv2 \
–description “OpenStack Block Storage” volumev2
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 8bb715e725ec4e63849cccc3919e8152 |
| name | cinderv2 |
| type | volumev2 |
±------------±---------------------------------+
[root@controller opt]# openstack service create --name cinderv3 \
–description “OpenStack Block Storage” volumev3
±------------±---------------------------------+
| Field | Value |
±------------±---------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 80824557f147439fad48f4c36da45595 |
| name | cinderv3 |
| type | volumev3 |
±------------±---------------------------------+
创建块设备存储服务的 API 入口点:
[root@controller opt]# openstack endpoint create --region RegionOne \
volumev2 public http://172.26.128.126:8776/v2/%(project_id)s
±-------------±---------------------------------------------+
| Field | Value |
±-------------±---------------------------------------------+
| enabled | True |
| id | ccab2aeb262a4064bffbc53d5c5e11e5 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8bb715e725ec4e63849cccc3919e8152 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://172.26.128.126:8776/v2/%(project_id)s |
±-------------±---------------------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
volumev2 internal http://172.26.128.126:8776/v2/%(project_id)s
±-------------±---------------------------------------------+
| Field | Value |
±-------------±---------------------------------------------+
| enabled | True |
| id | d195d6fbd9bc466aa2ae00c8dcbc9569 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8bb715e725ec4e63849cccc3919e8152 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://172.26.128.126:8776/v2/%(project_id)s |
±-------------±---------------------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
volumev2 admin http://172.26.128.126:8776/v2/%(project_id)s
±-------------±---------------------------------------------+
| Field | Value |
±-------------±---------------------------------------------+
| enabled | True |
| id | efbce7bc8db6476b818cfe0f8ce3a383 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8bb715e725ec4e63849cccc3919e8152 |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://172.26.128.126:8776/v2/%(project_id)s |
±-------------±---------------------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
volumev3 public http://172.26.128.126:8776/v3/%(project_id)s
±-------------±---------------------------------------------+
| Field | Value |
±-------------±---------------------------------------------+
| enabled | True |
| id | 7f497ec42def460faade68b859b6c0fb |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 80824557f147439fad48f4c36da45595 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://172.26.128.126:8776/v3/%(project_id)s |
±-------------±---------------------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
volumev3 internal http://172.26.128.126:8776/v3/%(project_id)s
±-------------±---------------------------------------------+
| Field | Value |
±-------------±---------------------------------------------+
| enabled | True |
| id | 2d725075860048cca1336c205cfa9d83 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 80824557f147439fad48f4c36da45595 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://172.26.128.126:8776/v3/%(project_id)s |
±-------------±---------------------------------------------+
[root@controller opt]# openstack endpoint create --region RegionOne \
volumev3 admin http://172.26.128.126:8776/v3/%(project_id)s
±-------------±---------------------------------------------+
| Field | Value |
±-------------±---------------------------------------------+
| enabled | True |
| id | 65043872506f40b2a87d718573006e33 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 80824557f147439fad48f4c36da45595 |
| service_name | cinderv3 |
| service_type | volumev3 |
| url | http://172.26.128.126:8776/v3/%(project_id)s |
8.2. 安全并配置组件
[root@controller opt]# yum install openstack-cinder
编辑 /etc/cinder/cinder.conf,同时完成如下动作:
[root@controller opt]# vi /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
auth_strategy = keystone
my_ip = 172.26.128.126
[database]
connection = mysql+pymysql://cinder:1qaz2wsx@172.26.128.126/cinder
[keystone_authtoken]
auth_uri = http://172.26.128.126:5000
auth_url = http://172.26.128.126:35357
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = 1qaz2wsx
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
初始化块设备服务的数据库:
su -s /bin/sh -c “cinder-manage db sync” cinder
8.3. 配置计算节点使用块存储
编辑文件 /etc/nova/nova.conf 并添加如下到其中:
[cinder]
os_region_name = RegionOne
8.4. 完成安装
重启计算API服务
[root@controller opt]# systemctl restart openstack-nova-api.service
启动块设备存储服务,并将其配置为开机自启:
[root@controller opt]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service to /usr/lib/systemd/system/openstack-cinder-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service to /usr/lib/systemd/system/openstack-cinder-scheduler.service.
[root@controller opt]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
8.5. 安装并配置一个存储节点
安装块存储(172.26.128.167)
yum install lvm2 device-mapper-persistent-data
启动LVM的metadata服务并且设置该服务随系统启动:
systemctl enable lvm2-lvmetad.service # systemctl start lvm2-lvmetad.service
创建LVM 物理卷 /dev/sdb:
pvcreate /dev/sdb Physical volume “/dev/sdb” successfully created
创建 LVM 卷组 cinder-volumes:
vgcreate cinder-volumes /dev/sdb Volume group “cinder-volumes” successfully created
在devices
部分,添加一个过滤器,只接受/dev/sdb
设备,拒绝其他所有设备:
Devices{
filter = [ “a/sdb”,“r/.*/”]
8.6. 安装并配置组件
安装软件包:
yum install openstack-cinder targetcli python-keystone
编辑 /etc/cinder/cinder.conf,同时完成如下动作
[root@block01 ]# cat /etc/cinder/cinder.conf
[DEFAULT]
transport_url = rabbit://openstack:1qaz2wsx@172.26.128.126
auth_strategy = keystone
my_ip = 172.26.128.126
enabled_backends = lvm
glance_api_servers = http://172.26.128.126:9292
[database]
connection = mysql+pymysql://cinder:1qaz2wsx@172.26.128.126/cinder
[keystone_authtoken]
auth_uri = http://172.26.128.126:5000
auth_url = http://172.26.128.126:35357
memcached_servers = 172.26.128.126:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = 1qaz2wsx
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
8.7. 完成安装
启动块存储卷服务及其依赖的服务,并将其配置为随系统启动: # systemctl enable openstack-cinder-volume.service target.service # systemctl start openstack-cinder-volume.service target.service
8.8. 验证操作
在控制节点上验证(172.26.128.126)
[root@controller opt]# cinder service-list
±-----------------±------------±-----±--------±------±---------------------------±----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
±-----------------±------------±-----±--------±------±---------------------------±----------------+
| cinder-scheduler | controller | nova | enabled | up | 2018-07-16T03:19:23.000000 | - |
| cinder-volume | block01@lvm | nova | enabled | up | 2018-07-16T03:18:53.000000 | - |
-
Dashboard页面操作
9.1. 用户登录
项 值 备注
URL http:// 172.26.128.126/dashboard
域名 default
用户名 admin
密码 1234567890登录首页
9.2. 项目模块功能介绍
项目下包含四部分内容:
访问API
计算
卷
网络
9.2.1. 访问API
概要
显示了OpenStack中Compute、Identity、Image、Network等不同服务的服务端点;可查看项目的凭据、下载OpenStack RC文件
9.2.2. 计算
计算包括如下及部分功能:
概况
实例
卷
网络
9.2.2.1. 概况
利用图形化界面向用户具体的展现集群的上限摘要、使用情况摘要。
9.2.2.2. 实例
实例包括主要功能如下:
创建实例
通过界面配置完成虚机创建;
实例列表
实例详情查询
删除实例
启动实例
停止实例
9.2.2.2.1. 创建实例
创建实例步骤如下:
点击右上角”创建实例”
填写实例名称、描述;选择可用域、数量;点击下一项。
选择源:镜像、实例快照、卷、卷快照。(这里演示的源为镜像);调整卷大小;选择下列可用的镜像文件;点击下一项。
选择可用的实例类型;点击下一项。
分配可用网络端口;点击下一项。
选择可用网络端口(可以不选择);点击下一项。
选择安全组(可使用默认default或选择别的);点击下一步。
选择密钥对;点击下一步。
在配置选项卡中,可选择为实例添加定制脚本;选择磁盘分区方式;选择是否配置驱动;点击下一项。
在服务器选项卡中,选择划分的服务器组;点击下一项。
在scheduler hint选项卡中,拖动左边框的项目到右边框来制定scheduler hint;点击下一项。
在元数据选项卡中,把左侧条目移到右侧来制定实例的元数据;点击创建实例。
点击“创建实例”后完成实例创建。
9.2.2.2.2. 删除实例
删除实例步骤如下:
勾选需要删除的实例
点击右上角删除实例,弹出删除实力确认框,点击删除。
9.2.2.3. 镜像
镜像包括功能如下:
镜像上传
镜像删除
镜像查询
9.2.2.3.1. 创建镜像
点击右上角 创建镜像
在镜像详情选项卡中,填写镜像名称、镜像描述;选择镜像文件、文件格式;点击创建镜像。
点击创建镜像,镜像创建成功。
9.2.2.4. 密钥对
密钥对功能包括如下
密钥对的创建
密钥对的删除
公钥的导入
9.2.3. 卷
卷的主要功能包括如下:
存储卷的创建
存储卷的接受转转让
存储卷的删除
9.2.3.1. 卷的编辑
卷编辑主要实现的功能如下:
扩展卷
管理连接
创建快照
修改卷类型
创建转让
删除卷
更新元数据
9.2.3.2. 创建卷
创建卷步骤如下:
点击右上角的创建卷;
填写卷名称、描述;选择卷来源、选择卷为源;点击创建卷。
点击创建卷,卷创建成功。
9.2.3.3. 删除卷
删除卷步骤如下:
勾选需要删除的卷。
点击卷后放的下拉列表,选择删除,弹出提示框。
点击删除卷,卷已成功删除
9.2.4. 网络
网络主要组成包括:
网络拓扑
网络
安全组
9.2.4.1. 创建网络
点击右上角创建网络
填写网络名称;默认勾选启动管理员状态、创建子网,可根据实际需求进行勾选;点击下一步。
填写子网名称、网络IP地址、网关IP;点击下一步。
填写分配的地址池、DNS服务器、主机路由;点击创建网络
点击创建网络,网络创建成功。
9.3. 管理员模块功能介绍
管理员模块功能主要包括如下:
概况
计算
卷
网络
系统
9.3.1. 概况
功能:详细的向用户展示了目前实际使用情况摘要。
9.3.2. 计算
计算主要包括功能如下:
虚拟机管理器
主机聚合
实例
实例类型
镜像
9.3.2.1. 主机聚合
主机聚合步骤如下:
点击右上角创建主机聚合
在主机聚合信息中,填写名称、可用域;
在管理聚合内的主机中,为主机添加到这个聚合中;点击创建聚合。
9.3.2.2. 实例的启动、快照、挂起
实例编辑、启动、快照、挂起等功能的实现如下
勾选某一个实例
点击实例后面的下拉下拉列表;分别点击启动实例、挂起实例、创建快照。
9.3.3. 系统
系统的主要功能主城如下:
默认值
元数据定义
系统信息
9.3.3.1. 默认值
详细展示了各种配额的最高上限值。
9.3.3.2. 导入命名空间
导入命名空间方法如下:
点击 系统——元数据定义——右上角导入命名空间——选择元数据定义文件——勾选“公有”或者”受保护”前——点击导入命名空间
点击导入命名空间。导入命名空间成功
9.4. 身份管理模块功能介绍
身份管理模块功能主要包括如下:
项目
用户
组
角色
9.4.1. 项目
9.4.1.1. 项目的专项管理的实现
方法:勾线项目——点击管理成员——选择相应功能选项。
9.4.1.2. 创建项目
创建项目方法如下:
点击右上角创建项目
在项目信息中,填写项目名称、描述。
在项目成员中,为项目添加成员
在项目组中,为项目添加组。
在配额中,为项目调整配置的限制;点击创建项目。
9.4.2. 创建用户
创建用户方法如下:
点击右上角创建用户。
填写用户名、描述、邮箱、密码、确认密码;选择主项目;点击创建用户。
9.4.3. 创建组
创建组的步骤如下:
点击右上角创建组
填写名称、描述;创建组。
9.4.4. 创建角色
角色创建方法如下:
点击右上角创建角色
填写名称;点击提交。