OpenStack是一个开源的云计算管理平台项目,由NASA和Rackspace合作研发,现已成为构建私有云和公有云的核心框架。它通过模块化设计提供基础设施即服务(IaaS),支持企业灵活管理计算、存储和网络资源。
核心组件
-
Nova:计算服务(虚拟机管理)
-
Neutron:网络服务(SDN管理)
-
Glance:镜像服务(VM模板管理)
-
Cinder:块存储服务
-
Keystone:身份认证服务
-
Horizon:Web管理面板
文档中使用的镜像源可以私信我领取
1.环境规划
| 主机名 | IP地址 | 网关/DNS | CPU/内存 | 备注 |
| controller | 192.168.88.20 | 192.168.88.254/114.114.114.114 | 4C8G | 控制节点 |
| compute | 192.168.88.21 | 192.168.88.254/114.114.114.114 | 4C8G | 计算节点 |
本次使用的是vmware,虚拟机一定要开启这个功能
2. 系统环境配置(所有节点)
2.1 关闭防火墙SELinux
[root@controller ~]# systemctl stop firewalld [root@controller ~]# systemctl disable firewalld Removed symlink /etc/systemd/system/multi-user.target.wants/firewalld.service. Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service. [root@controller ~]# sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config [root@controller ~]# setenforce 0
2.2 配置HOSTS
[root@controller ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 [root@controller ~]# cat << EOF >> /etc/hosts > 192.168.88.40 controller > 192.168.88.41 compute > EOF
2.3 配置本地yum源
[root@controller ~]# ls
anaconda-ks.cfg CentOS-7-x86_64-DVD-2009.iso openstack-train.iso
[root@controller ~]# mkdir /opt/{centos,openstack-train}
[root@controller ~]# ls /opt
centos openstack-train
[root@controller ~]# mount -o loop CentOS-7-x86_64-DVD-2009.iso /mnt
mount: /dev/loop0 写保护,将以只读方式挂载
[root@controller ~]# cp -rvf /mnt/* /opt/centos/
[root@controller ~]# umount /mnt
[root@controller ~]# mount -o loop openstack-train.iso /mnt
mount: /dev/loop0 写保护,将以只读方式挂载
[root@controller ~]# cp -rvf /mnt/* /opt/openstack-train/
[root@controller ~]# mkdir /etc/yum.repos.d/bak
[root@controller ~]# mv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/
[root@controller ~]# cat << EOF >> /etc/yum.repos.d/local.repo
> [centos]
> name=centos
> baseurl=file:///opt/centos
> gpgcheck=0
> enabled=1
> [openstack-train]
> name=openstack-train
> baseurl=file:///opt/openstack-train
> gpgcheck=0
> enabled=1
> EOF
[root@controller ~]# yum clean all
已加载插件:fastestmirror
正在清理软件源: centos openstack-train
[root@controller ~]# yum repolist
已加载插件:fastestmirror
Determining fastest mirrors
centos | 3.6 kB 00:00
openstack-train | 2.9 kB 00:00
(1/3): centos/group_gz | 153 kB 00:00
(2/3): openstack-train/primary_db | 1.2 MB 00:00
(3/3): centos/primary_db | 3.3 MB 00:00
源标识 源名称 状态
centos centos 4,070
openstack-train openstack-train 3,16
2.4 配置时间同步
[root@controller ~]# yum install -y net-tools bash-completion vim chrony.x86_64 centos-release-openstack-train.noarch #针对于这个镜像里面可能没有centos-release-openstack-train.noarch包这里使用aliyun的yum源 [root@controller ~]# vim /etc/chrony.conf server ntp.aliyun.com iburst allow 192.168.88.0/24 [root@controller ~]# systemctl restart chronyd [root@controller ~]# systemctl enable chronyd
3.openstack环境配置
31.安装openstack client客户端(所有节点)
[root@controller ~]# yum install -y python2-openstackclient
3.2 安装及配置数据库(仅控制节点)
3.2.1 安装数据库
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
3.2.2 创建和编辑文件
创建一个分段,并将控制器节点的管理 IP 地址的 key 设置为 允许其他节点通过管理网络进行访问。设置 用于启用有用选项的附加键和 UTF-8 字符集:[mysqld]``bind-address
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf [root@controller ~]# cat /etc/my.cnf.d/openstack.cnf [mysqld] bind-address=192.168.88.40 default-storage-engine=innodb innodb_file_per_table=on max_connection=4096 collation-server=utf8_general_ci character-set-server=utf8 [root@controller ~]# systemctl enable mariadb [root@controller ~]# systemctl start mariadb
3.2.3 初始化数据库
[root@controller ~]# mysql_secure_installation NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY! In order to log into MariaDB to secure it, we'll need the current password for the root user. If you've just installed MariaDB, and you haven't set the root password yet, the password will be blank, so you should just press enter here. Enter current password for root (enter for none): #现在没有密码回车 OK, successfully used password, moving on... Setting the root password ensures that nobody can log into the MariaDB root user without the proper authorisation. Set root password? [Y/n] y #设置密码 New password: Re-enter new password: Password updated successfully! Reloading privilege tables.. ... Success! By default, a MariaDB installation has an anonymous user, allowing anyone to log into MariaDB without having to have a user account created for them. This is intended only for testing, and to make the installation go a bit smoother. You should remove them before moving into a production environment. Remove anonymous users? [Y/n] y #是否删除匿名用户 ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n #禁用远程登录 ... skipping. By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] y #是否删除测试数据库 - Dropping test database... ... Success! - Removing privileges on test database... ... Success! Reloading the privilege tables will ensure that all changes made so far will take effect immediately. Reload privilege tables now? [Y/n] y #是否刷新表权限 ... Success! Cleaning up... All done! If you've completed all of the above steps, your MariaDB installation should now be secure. Thanks for using MariaDB!
3.3 配置消息队列服务rabbitmq(仅控制节点)
[root@controller ~]# yum install -y rabbitmq-serverr [root@controller ~]# systemctl enable rabbitmq-server Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service. [root@controller ~]# systemctl start rabbitmq-server [root@controller ~]# rabbitmqctl add_user openstack 000000 Creating user "openstack" [root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*" Setting permissions for user "openstack" in vhost "/"
3.4 配置缓存服务memcached(仅控制节点)
[root@controller ~]# yum install -y python-memcached memcached [root@controller ~]# vim /etc/sysconfig/memcached [root@controller ~]# cat /etc/sysconfig/memcached PORT="11211" USER="memcached" MAXCONN="1024" CACHESIZE="64" 将服务配置为使用 controller 节点。这是为了允许其他节点通过 管理网络 OPTIONS="-l 127.0.0.1,::1,controller" [root@controller ~]# systemctl enable memcached Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service. [root@controller ~]# systemctl start memcached
3.5 配置ETCD(仅控制节点)
[root@controller ~]# yum install -y etcd [root@controller ~]# vim /etc/etcd/etcd.conf [root@controller ~]# awk '$1 ~ /^[^;#]/' /etc/etcd/etcd.conf ETCD_DATA_DIR="/var/lib/etcd/default.etcd" ETCD_LISTEN_PEER_URLS="http://192.168.88.40:2380" ETCD_LISTEN_CLIENT_URLS="http://192.168.88.40:2379" ETCD_NAME="controller" ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.88.40:2380" ETCD_ADVERTISE_CLIENT_URLS="http://192.168.88.40:2379" ETCD_INITIAL_CLUSTER="controller=http://192.168.88.40:2380" ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01" ETCD_INITIAL_CLUSTER_STATE="new" [root@controller ~]# systemctl enable etcd Created symlink from /etc/systemd/system/multi-user.target.wants/etcd.service to /usr/lib/systemd/system/etcd.service. [root@controller ~]# systemctl start etcd
4. keystone
4.1 创建数据库和授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 17 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> exit Bye
4.2 安装和配置组件
[root@controller ~]# yum install -y openstack-keystone httpd mod_wsgi [root@controller ~]# vim /etc/keystone/keystone.conf 编辑文件并完成以下作 行动:/etc/keystone/keystone.conf 在该部分中,配置数据库访问:[database] [database] # ... connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone 在该部分中,配置 Fernet 令牌提供程序:[token] [token] # ... provider = fernet
4.3 初始化keystone数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone [root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 19 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use keystone; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [keystone]> show tables; +------------------------------------+ | Tables_in_keystone | +------------------------------------+ | access_rule | | access_token | | application_credential | | application_credential_access_rule | | application_credential_role | | assignment | | config_register | | consumer | | credential | | endpoint | | endpoint_group | | federated_user | | federation_protocol | | group | | id_mapping | | identity_provider | | idp_remote_ids | | implied_role | | limit | | local_user | | mapping | | migrate_version | | nonlocal_user | | password | | policy | | policy_association | | project | | project_endpoint | | project_endpoint_group | | project_option | | project_tag | | region | | registered_limit | | request_token | | revocation_event | | role | | role_option | | sensitive_config | | service | | service_provider | | system_assignment | | token | | trust | | trust_role | | user | | user_group_membership | | user_option | | whitelisted_config | +------------------------------------+ 48 rows in set (0.001 sec)
4.5 初始化 Fernet 密钥存储库
和 标志用于指定 将用于运行 Keystone 的作系统的用户/组。这些是提供的 允许在其他作系统用户/组下运行 Keystone。在示例中 下面,我们称之为用户和组。--keystone-user``--keystone-group``keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone [root@controller ~]# keystone-manage credential_setup --keystone-user keysone --keystone-group keystone
4.6 引导keystone身份认证
在 Queens 版本发布之前,keystone 需要在两个单独的端口上运行,以 容纳 Identity v2 API,该 API 运行单独的仅限管理员的服务 通常在端口 35357 上。删除 v2 API 后,可以运行 keystone 在所有接口的同一端口上。
[root@controller ~]# keystone-manage bootstrap \ > --bootstrap-password 123456 \ > --bootstrap-internal-url http://controller:5000/v3/ \ > --bootstrap-public-url http://controller:5000/v3/ \ > --bootstrap-admin-url http://controller:5000/v3/ \ > --bootstrap-region-id RegionOne
4.7 配置Apache HTTP服务
编辑文件并配置选项以引用控制器节点:/etc/httpd/conf/httpd.conf``ServerName
[root@controller ~]# vim /etc/httpd/conf/httpd.conf 95 ServerName controller
创建指向文件的链接:/usr/share/keystone/wsgi-keystone.conf
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
完成安装Apache HTTP服务
[root@controller ~]# systemctl enable httpd Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@controller ~]# systemctl start httpd
4.8 设置环境变量
[root@controller ~]# cat << EOF >> keystonerc_admin > export OS_USERNAME=admin > export OS_PASSWORD=123456 > export OS_PROJECT_NAME=admin > export OS_USER_DOMAIN_NAME=Default > export OS_PROJECT_DOMAIN_NAME=Default > export OS_AUTH_URL=http://controller:5000/v3 > export OS_IDENTITY_API_VERSION=3 > EOF [root@controller ~]# source keystonerc_admin [root@controller ~]# openstack project list +----------------------------------+-------+ | ID | Name | +----------------------------------+-------+ | 069c6462995349c49b8ec37d27d4f774 | admin | +----------------------------------+-------+
4.9 创建域、项目、用户和角色
尽管 keystone-manage 中的 “default” 域已经存在 bootstrap 步骤中,创建新域的正式方法是:
[root@controller ~]# openstack domain create --description "An Example Domain" example
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | dbfbffaab913429eb13548c3b0dab7a9 |
| name | example |
| options | {} |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack domain list
+----------------------------------+---------+---------+--------------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+--------------------+
| dbfbffaab913429eb13548c3b0dab7a9 | example | True | An Example Domain |
| default | Default | True | The default domain |
+----------------------------------+---------+---------+--------------------
本指南使用一个服务项目,其中包含每个 添加到环境中的服务。创建项目:service
[root@controller ~]# openstack project create --domain default --descript "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 6878651ebdd04f00ab4a8790a117e693 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@controller ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 069c6462995349c49b8ec37d27d4f774 | admin |
| 6878651ebdd04f00ab4a8790a117e693 | service |
+----------------------------------+---------+
5.glance
5.1 创建数据库及授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 24 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE glance; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glacen'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> exit Bye
5.2 创建用户和端点
创建用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | e1ab689c084c4b58a9b73780c4a9c39c |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
给glance用户添加admin角色
[root@controller ~]# openstack role add --project service --user glance admin
创建服务实体glance
[root@controller ~]# openstack service create --name glance --description "Openstack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Image |
| enabled | True |
| id | 959b97446ede4248bf4b97eedea6ad3b |
| name | glance |
| type | image |
+-------------+----------------------------------+
创建image服务 API 终端节点:
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 74ec625b673b4623aaafa4d725afc2c9 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 959b97446ede4248bf4b97eedea6ad3b |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a1f7f070efd144368573439ff7c79c8a |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 959b97446ede4248bf4b97eedea6ad3b |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8c6a68c70c3f4499a41b0cdd5085e209 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 959b97446ede4248bf4b97eedea6ad3b |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
5.3 安装和配置组件
[root@controller ~]# yum install -y openstack-glance
编辑文件并完成 作:/etc/glance/glance-api.conf
[root@controller ~]# vim /etc/glance/glance-api.conf 在该部分中,配置数据库访问:[database] [database] # ... connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance 在 和 部分中, 配置 Identity Service 访问:[keystone_authtoken][paste_deploy] [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS [paste_deploy] # ... flavor = keystone 在该部分中,配置本地文件 系统存储和图像文件的位置:[glance_store] [glance_store] # ... stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
5.4 初始化glance数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance [root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 30 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use glance; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [glance]> show tables; +----------------------------------+ | Tables_in_glance | +----------------------------------+ | alembic_version | | image_locations | | image_members | | image_properties | | image_tags | | images | | metadef_namespace_resource_types | | metadef_namespaces | | metadef_objects | | metadef_properties | | metadef_resource_types | | metadef_tags | | migrate_version | | task_info | | tasks | +----------------------------------+ 15 rows in set (0.001 sec)
完成安装
[root@controller ~]# systemctl enable openstack-glance-api Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-glance-api.service to /usr/lib/systemd/system/openstack-glance-api.service. [root@controller ~]# systemctl start openstack-glance-api
6.placement
6.1 创建数据库及授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 31 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE placement; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON placement.* TO 'placement'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> exit Bye
6.2 创建用户和端点
[root@controller ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 1ad3c86512054b96b639851df708b63c |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --description "Openstack Placement" --name placement placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Placement |
| enabled | True |
| id | 0c92ec56cb8c4bf2ad3c56eda6d50947 |
| name | placement |
| type | placement |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3e4371b724a642e38e3ad8492a93eb6f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0c92ec56cb8c4bf2ad3c56eda6d50947 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 27d7800d6a43423cbe52e255f63a8611 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0c92ec56cb8c4bf2ad3c56eda6d50947 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2ab25651a04941b288ad0ccb8bfa8459 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0c92ec56cb8c4bf2ad3c56eda6d50947 |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
6.3 安装和配置组件
[root@controller ~]# yum install -y openstack-placement-api
编辑文件并完成以下作 行动:/etc/placement/placement.conf
[root@controller ~]# vim /etc/placement/placement.conf 在该部分中,配置数据库访问:[placement_database] [placement_database] # ... connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement 在 和 部分中,配置 Identity 服务访问:[api][keystone_authtoken] [api] # ... auth_strategy = keystone [keystone_authtoken] # ... auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS
6.4 初始化placement数据库
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement [root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 34 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> use placement; Reading table information for completion of table and column names You can turn off this feature to get a quicker startup with -A Database changed MariaDB [placement]> show tables; +------------------------------+ | Tables_in_placement | +------------------------------+ | alembic_version | | allocations | | consumers | | inventories | | placement_aggregates | | projects | | resource_classes | | resource_provider_aggregates | | resource_provider_traits | | resource_providers | | traits | | users | +------------------------------+ 12 rows in set (0.001 sec
完成安装
[root@controller ~]# systemctl restart httpd
7.nova
7.1 创建数据库及授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 36 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE nova_api; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> CREATE DATABASE nova; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> CREATE DATABASE nova_cell0; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.002 sec) MariaDB [(none)]> GRANT ALL ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000''; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000'; 0 Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '0000'00'; Query OK, 0 rows affected (0.001 sec)
7.2 创建用户和端点
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 4fe14299053c4679904d45cbf4f0e716 |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --description "Openstack Compute" --name nova compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Compute |
| enabled | True |
| id | aa10a88d8ff149b3b4f61976f31bac14 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 184e9d5360524e9c9c21297046fa2afb |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | aa10a88d8ff149b3b4f61976f31bac14 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | acec55cf467146f188fa5f3dee3fbf7c |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | aa10a88d8ff149b3b4f61976f31bac14 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 888b82b14a444aaeb17ea90559399239 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | aa10a88d8ff149b3b4f61976f31bac14 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+----------------------------------+
7.3 安装和配置组件
[root@controller ~]# yum install -y openstack-nova-api openstack-nova-coductor openstack-nova-scheduler openstack-nova-novncproxy
配置 /etc/nova/nova.conf 部分。
[root@controller ~]# vim /etc/nova/nova.conf 在该部分中,仅启用计算和元数据 API:[DEFAULT] [DEFAULT] # ... enabled_apis = osapi_compute,metadata 在 和 部分中,配置数据库 访问:[api_database][database] [api_database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] # ... connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova 在该部分中,配置消息队列访问:[DEFAULT]RabbitMQ [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/ 在 和 部分中,配置 Identity 服务访问:[api][keystone_authtoken] [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS 在该部分中,配置选项以使用 控制器节点的管理接口 IP 地址:[DEFAULT]my_ip [DEFAULT] # ... my_ip = 10.0.0.11 在该部分中,启用对 Networking 服务的支持:[DEFAULT] [DEFAULT] # ... use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver 在该部分中,配置 VNC 代理以使用管理 控制器节点的接口 IP 地址:[vnc] [vnc] enabled = true # ... server_listen = $my_ip server_proxyclient_address = $my_ip 在该部分中,配置 Image 服务的位置 应用程序接口:[glance] [glance] # ... api_servers = http://controller:9292 在该部分中,配置锁定路径:[oslo_concurrency] [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp 在该部分中,配置对 Placement (放置) 服务:[placement] [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS
7.4 初始化nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell --verbose" nova [root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova 验证 nova cell0 和 cell1 是否已正确注册: [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova +-------+--------------------------------------+-----------------------------------------+-------------------------------------------------+----------+ | 名称 | UUID | Transport URL | 数据库连接 | Disabled | +-------+--------------------------------------+-----------------------------------------+-------------------------------------------------+----------+ | cell | 9bd97335-c238-44a4-b0ac-3bf41951eb87 | rabbit://openstack:****@controller:5672 | mysql+pymysql://nova:****@controller/nova | False | | cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0 | False | +-------+--------------------------------------+-----------------------------------------+-------------------------------------------------+----------+
完成安装
[root@controller ~]# systemctl enable \ > openstack-nova-api \ > openstack-nova-scheduler \ > openstack-nova-conductor \ > openstack-nova-novncproxy [root@controller ~]# systemctl start openstack-nova-api openstack-nova-scheduler openstack-nova-conductor openstack-nova-novncproxy
8. 安装和配置计算节点
8.1 安装和配置组件
[root@compute ~]# yum install -y openstack-nova-compute 如果安装时出现缺少依赖时可以使用这个方法 vim /etc/yum.repos.d/名字任意.repo #文件名字任意 [Virt] #也是任意名字 name=CentOS-$releasever - Base #随便编一个名字 release=$releasever&arch=$basearch&repo=os&infra=$infra baseurl=http://mirrors.sohu.com/centos/7/virt/x86_64/kvm-common/ enable=1 gpgcheck=0 gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-7
编辑文件并完成以下作:/etc/nova/nova.conf
在该部分中,仅启用 compute 和 元数据 API:[DEFAULT] [DEFAULT] # ... enabled_apis = osapi_compute,metadata 在该部分中,配置消息队列访问:[DEFAULT]RabbitMQ [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller 在 和 部分中,配置 Identity 服务访问:[api][keystone_authtoken] [api] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000/ auth_url = http://controller:5000/ memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS 在该部分中,配置选项:[DEFAULT]my_ip [DEFAULT] # ... my_ip = MANAGEMENT_INTERFACE_IP_ADDRESS 替换为 计算节点上的管理网络接口,通常为 10.0.0.31 示例架构中的第一个节点。MANAGEMENT_INTERFACE_IP_ADDRESS 在该部分中,启用对 Networking 服务的支持:[DEFAULT] [DEFAULT] # ... use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver 在该部分中,启用和配置远程控制台访问:[vnc] [vnc] # ... enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html 在该部分中,配置 Image 服务的位置 应用程序接口:[glance] [glance] # ... api_servers = http://controller:9292 在该部分中,配置锁定路径:[oslo_concurrency] [oslo_concurrency] # ... lock_path = /var/lib/nova/tmp 在该部分中,配置 Placement API:[placement] [placement] # ... region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS 将文件中的章节编辑为 遵循:[libvirt]/etc/nova/nova.conf [libvirt] # ... virt_type = qemu
完成安装
确定您的计算节点是否支持 虚拟机:
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo 4
[root@compute ~]# systemctl enable libvirtd openstack-nova-compute Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service. [root@compute ~]# systemctl start libvirtd openstack-nova-compute
8.2 将计算节点添加到cell数据库
[root@controller ~]# openstack compute service list --service nova-compute +----+--------------+---------+------+---------+-------+----------------------------+ | ID | Binary | Host | Zone | Status | State | Updated At | +----+--------------+---------+------+---------+-------+----------------------------+ | 5 | nova-compute | compute | nova | enabled | up | 2025-04-12T12:12:24.000000 | +----+--------------+---------+------+---------+-------+----------------------------+ [root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova Found 2 cell mappings. Skipping cell0 since it does not contain hosts. Getting computes from cell 'cell': 9bd97335-c238-44a4-b0ac-3bf41951eb87 Checking host mapping for compute host 'compute': a114cd37-9a9d-40b2-bafb-9e66797bb7c8 Creating host mapping for compute host 'compute': a114cd37-9a9d-40b2-bafb-9e66797bb7c8 Found 1 unmapped computes in cell: 9bd97335-c238-44a4-b0ac-3bf41951eb87 添加新的计算节点时,必须在控制器节点上运行以注册这些新计算 节点。或者,您可以在 中设置适当的间隔:nova-manage cell_v2 discover_hosts/etc/nova/nova.conf [scheduler] discover_hosts_in_cells_interval = 300 [root@controller ~]# nova service-list +--------------------------------------+----------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+ | Id | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | Forced down | +--------------------------------------+----------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+ | f7006f36-9c17-4f76-afe5-6aa305e5e6ee | nova-conductor | controller | internal | enabled | up | 2025-04-12T12:14:59.000000 | - | False | | e9ced917-f0a0-4b5b-91fc-57627515f7d3 | nova-scheduler | controller | internal | enabled | up | 2025-04-12T12:14:58.000000 | - | False | | 4e795aa7-5def-454f-a036-0158ebcc65bc | nova-compute | compute | nova | enabled | up | 2025-04-12T12:14:54.000000 | - | False | +--------------------------------------+----------------+------------+----------+---------+-------+----------------------------+-----------------+-------------+
9.neutron
9.1 创建数据库及授权
[root@controller ~]# mysql -uroot -p000000 Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 399 Server version: 10.3.20-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE neutron; Query OK, 1 row affected (0.001 sec) MariaDB [(none)]> GRANT ALL ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.011 sec) MariaDB [(none)]> GRANT ALL ON neutron.* to 'neutron'@'%' IDENTIFIED BY '000000'; Query OK, 0 rows affected (0.001 sec)
9.2 创建用户及端点
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 65b68b9e2777473db9df94eed16758c3 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron --description "Openstack Networkind" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Openstack Networkind |
| enabled | True |
| id | 7d49630471994ec5bbe9a3430563beb7 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9697
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f59ab25cbc364fa598c8b611df35894b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7d49630471994ec5bbe9a3430563beb7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9697 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9697
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a8f13ed1062c450a942247d0f61863a2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7d49630471994ec5bbe9a3430563beb7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9697 |
+--------------+----------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9697
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 49c234bb62a9476381d1083279365460 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7d49630471994ec5bbe9a3430563beb7 |
| service_name | neutron |
| service_type | network |
| url | http://controller:9697 |
+--------------+----------------------------------+
9.4 安装和配置组件
安装组件
[root@controller ~]# yum install -y openstack-neutron openstack--neutron-ml2 openstack-neutron-linuxbridge ebtables
配置server组件
编辑文件并完成以下作 行动:/etc/neutron/neutron.conf
在该部分中,配置数据库访问:[database] [database] # ... connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron 在该部分中,启用 Modular Layer 2 (ML2) plug-in 和 disable additional plug-in:[DEFAULT] [DEFAULT] # ... core_plugin = ml2 service_plugins = router allow_overlapping_ips=true 在该部分中,配置消息队列访问:[DEFAULT]RabbitMQ [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller 在 和 部分中,配置 Identity Service 访问:[DEFAULT][keystone_authtoken] [DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS 在 和 部分中,将 Networking (网络) 配置为 通知 Compute 网络拓扑更改:[DEFAULT][nova] [DEFAULT] # ... notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true [nova] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS 在该部分中,配置锁定路径:[oslo_concurrency] [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
配置模块化第 2 层 (ML2) 插件
ML2 插件使用 Linux 桥接机制构建第 2 层(桥接 和 switching) 实例的虚拟网络基础设施。
编辑文件并完成 作:/etc/neutron/plugins/ml2/ml2_conf.ini
在该部分中,启用平面网络和 VLAN 网络:[ml2] [ml2] # ... type_drivers = flat,vlan 在该部分中,禁用自助服务网络:[ml2] [ml2] # ... tenant_network_types =vxlan 在该部分中,启用 Linux 桥接机制:[ml2] [ml2] # ... mechanism_drivers = linuxbridge,12population 在该部分中,启用端口安全扩展驱动程序:[ml2] [ml2] # ... extension_drivers = port_security 在该部分中,配置提供程序 virtual 网络作为平面网络:[ml2_type_flat] [ml2_type_flat] # ... flat_networks = provider 在该部分中,配置 VXLAN 网络标识符 自助服务网络的范围:[ml2_type_vxlan] [ml2_type_vxlan] # ... vni_ranges = 1:1000 在该部分中,启用 ipset 以增加 安全组规则效率:[securitygroup] [securitygroup] # ... enable_ipset = true
配置Linux网桥代理
Linux 桥接代理构建第 2 层(桥接和交换)虚拟 网络基础设施并处理安全组。
编辑文件并 完成以下作:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
在该部分中,将提供商虚拟网络映射到 提供商物理网络接口:[linux_bridge] [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME 在该部分中,禁用 VXLAN 叠加网络:[vxlan] [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true 在该部分中,启用 security groups 和 配置 Linux 网桥 iptables 防火墙驱动程序:[securitygroup] [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 确保您的 Linux作系统内核支持网桥过滤器 通过验证以下所有值都设置为 :sysctl1 net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables
配置第3层代理
第 3 层 (L3) 代理为以下 自助式虚拟网络。
-
编辑文件并完成以下作 行动:
/etc/neutron/l3_agent.ini
在该部分中,配置 Linux 桥接接口驱动程序:[DEFAULT] [DEFAULT] # ... interface_driver = linuxbridge
配置DHCP代理
DHCP 代理为虚拟网络提供 DHCP 服务。
-
编辑文件并完成以下作 行动:
/etc/neutron/dhcp_agent.ini
在该部分中,配置 Linux 桥接接口驱动程序, Dnsmasq DHCP 驱动程序,并启用隔离元数据,以便在提供程序上实例 网络可以通过网络访问元数据:[DEFAULT] [DEFAULT] # ... interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
编辑文件并完成以下作 行动:/etc/neutron/metadata_agent.ini
配置元数据代理
在该部分中,配置元数据主机和共享 秘密:[DEFAULT [DEFAULT] # ... nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
配置 Compute 服务以使用 Networking 服务
编辑文件并执行以下作:/etc/nova/nova.conf
在 配置访问参数 部分中,启用 metadata 代理,并配置 secret:[neutron] [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
完成安装
Networking 服务初始化脚本需要一个指向 ML2 插件配置的符号链接 文件。如果此象征性 link 不存在,请使用以下命令创建它:/etc/neutron/plugin.ini``/etc/neutron/plugins/ml2/ml2_conf.ini
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini [root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重新启动compute Api服务
[root@controller ~]# systemctl restart openstack-nova-api
启动 Networking 服务并将其配置为在系统 靴子。
对于这两个网络选项
[root@controller ~]# systemctl enable neutron-server neutron-linuxbridge-agent neutron-dhcp-agent [root@controller ~]# systemctl start neutron-server neutron-linuxbridge-agent neutron-dhcp-agent [root@controller ~]# systemctl enable neutron-l3-agent Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service. [root@controller ~]# systemctl start neutron-l3-agent
9.5 安装和配置计算节点
yum install openstack-neutron-linuxbridge ebtables ipset
9.6 配置通用组件
编辑文件并完成以下作 行动:/etc/neutron/neutron.conf
在该部分中,配置消息队列访问:[DEFAULT]RabbitMQ [DEFAULT] # ... transport_url = rabbit://openstack:RABBIT_PASS@controller 在 和 部分中,配置 Identity Service 访问:[DEFAULT][keystone_authtoken] [DEFAULT] # ... auth_strategy = keystone [keystone_authtoken] # ... www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS 在该部分中,配置锁定路径:[oslo_concurrency] [oslo_concurrency] # ... lock_path = /var/lib/neutron/tmp
配置联网选项
编辑文件并 完成以下作:/etc/neutron/plugins/ml2/linuxbridge_agent.ini
在该部分中,将提供商虚拟网络映射到 提供商物理网络接口:[linux_bridge] [linux_bridge] physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME 在启用 VXLAN 叠加网络部分中,配置 处理覆盖网络的物理网络接口的 IP 地址 网络,并启用 layer-2 填充:[vxlan] [vxlan] enable_vxlan = true local_ip = OVERLAY_INTERFACE_IP_ADDRESS l2_population = true 在该部分中,启用 security groups 和 配置 Linux 网桥 iptables 防火墙驱动程序:[securitygroup] [securitygroup] # ... enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver 确保您的 Linux作系统内核支持网桥过滤器 通过验证以下所有值都设置为 :sysctl1 net.bridge.bridge-nf-call-iptables net.bridge.bridge-nf-call-ip6tables
配置 Compute 服务以使用 Networking 服务
在该部分中,配置访问参数:[neutron] [neutron] # ... auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
完成安装
重启compute服务
[root@compute ~]# systemctl restart openstack-nova-compute [root@compute ~]# systemctl enable neutron-linuxbridge-agent Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [root@compute ~]# systemctl start neutron-linuxbridge-agen
9 安装dashboard
9.1 安装软件包
[root@controller ~]# yum install openstack-dashboard -y
9.2 修改配置文件 local_settings
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
# 这里面有些配置项是本来就存在的,直接修改即可,不存在的直接添加
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# 这里面如果你安装的neutron是 provider类型的禁用第三项,其他的不变
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': True,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
# 这一行得加上
WEBROOT='/dashboard'
9.3 编辑openstack-dashboard.conf
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
# 加上这一行
WSGIApplicationGroup %{GLOBAL}
9.4 重启服务
[root@controller ~]# systemctl restart httpd.service memcached.service
到这里openstack的基础组件就安装完了,如果有其他需求可以根据官方文档来继续安装其他组件
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
