#主机准备
- 控制端:10.0.0.11 主机名:controller 内存:8G
- 计算节点:10.0.0.12 主机名:computer 内存:4G
- 块存储:10.0.0.13 主机名:cinder 内存:2G
本教程安装QueenS版本的OpenStack
OpenStack官网安装手册:https://docs.openstack.org/install-guide/
本教程,使用vmwareworkstation来部署
一、.基础工作准备:
1.1修改主机IP地址,主机名称,做hosts解析,关闭selinux,关闭防火墙
禁用selinux
sed -i 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/selinux/config
关闭防火墙
systemctl stop firewalld;systemctl disable firewalld
1.1.1 控制节点**
配置主机名称
hostnamectl set-hostname controller
bash #生效
配置hosts文件
vi /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
10.0.0.11 controller
10.0.0.12 computer
10.0.0.13 cinder
传送到另外2台机器上
scp /etc/hosts 10.0.0.12:/etc/
1.1.2 计算节点**
配置主机名
hostnamectl set-hostname controller
控制节点与计算节点,防火墙,selinux,主机名配置成功后,开始下一步,时间同步
1.2. 时间同步
1.2.1 控制节点:
yum -y install chrony
修改配置文件/etc/chrony.conf
vi /etc/chrony.conf
在前几行后面添加
server time1.aliyun.com iburst
Allow中添加
allow 10.0.0.0/24
保存退出
启动并加入开机自启
systemctl enable chronyd.service
systemctl start chronyd.service
验证:
#chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 8 377 281 -828us[ -731us] +/- 18ms
1.2.2 计算节点
yum -y install chrony
修改配置文件/etc/chrony.conf
注释掉其他server 行,添加
server controller iburst
保存退出
启动并加入开机自启
systemctl enable chronyd.service
systemctl start chronyd.service
验证:
# chronyc sources -v
210 Number of sources = 1
.-- Source mode '^' = server, '=' = peer, '#' = local clock.
/ .- Source state '*' = current synced, '+' = combined , '-' = not combined,
| / '?' = unreachable, 'x' = time may be in error, '~' = time too variable.
|| .- xxxx [ yyyy ] +/- zzzz
|| Reachability register (octal) -. | xxxx = adjusted offset,
|| Log2(Polling interval) --. | | yyyy = measured offset,
|| \ | | zzzz = estimated error.
|| | | \
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 6 377 2 -22us[ -16us] +/- 18ms
1.3.添加OpenStack软件源
OpenStack存在多个不同版本,Victoria、Queens、Train等。本次使用的时Queens版本。
所有节点上执行(控制节点+计算节点)
yum install centos-release-openstack-stein -y
yum install python-openstackclient openstack-selinux -y
1.4. 安装数据库
通常数据库安装在控制节点上
yum install mariadb mariadb-server python2-PyMySQL -y
vim /etc/my.cnf.d/openstack.cnf
#####添加以下内容
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动并加入开机自启
systemctl enable mariadb.service
systemctl start mariadb.service
查看端口验证
netstat -tnulp|grep 3306
设置SQL数据库的root账号、密码
mysql_secure_installation
回车-N-Y-Y-Y-Y
1.5.安装rabbitmq消息队列
yum install rabbitmq-server -y
启动并加入开机自启
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
验证端口
netstat -lntp|grep 5672
创建openstack用户,并设置权限
#rabbitmqctl add_user openstack RABBIT_PASS
Creating user "openstack" ...
...done.
#rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
...done.
####RABBIT_PASS为自定义密码,本次教程使用rabbit
6.安装Memcached
认证服务认证缓存使用Memcached缓存令牌。缓存服务memecached运行在控制节点。在生产部署中,我们推荐联合启用防火墙、认证和加密保证它的安全
安装软件包:
yum install memcached python-memcached
启动Memcached服务,并且配置它随机启动
systemctl enable memcached.service
systemctl start memcached.service
二、认证服务
2.1.认证服务keystone
安装Keystone步骤
创建数据库,并授权
#登陆数据库
#mysql -uroot -p
#创建keystone数据库
MariaDB [(none)]> CREATE DATABASE keystone;
#用户登录授权
#本地登录
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE';
#远程登录
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE';
##################用合适的密码替换 KEYSTONE_DBPASS,本次使用KEYSTONE
安装软件包
yum install openstack-keystone httpd mod_wsgi -y
yum install openstack-utils -y
生成一个随机值在初始的配置中作为管理员的令牌
#openssl rand -hex 10
9537310b25c0c14bfc74
##############记录,复制粘贴,一会用
配置
cp /etc/keystone/keystone.conf{,.bak}
grep '^[a-Z\[]' /etc/keystone/keystone.conf.bak >/etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token 9537310b25c0c14bfc74
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE@controller/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet
#####使用前面步骤生成的随机数替换``ADMIN_TOKEN`` 值。
#####数据库连接密码一定要跟上面创库的匹配
同步数据库,并验证
su -s /bin/sh -c "keystone-manage db_sync" keystone
mysql -e 'use keystone;show tables;'
#########有输出数据表为成功,输出为空的话,检查一下上面配置是否正确
初始化Fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置 Apache HTTP 服务器
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
用下面的内容创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
启动 Apache HTTP 服务并配置其随系统启动
systemctl enable httpd.service
systemctl start httpd.service
验证端口是否存在
netstat -lntp|grep -E '80|5000|35357'
2.2 创建服务实体和API端点
必须使用–os-token
参数将认证令牌的值传递给:command:openstack 命令。类似的,你必须使用–os-url
参数将身份认证服务的 URL传递给 openstack 命令或者设置OS_URL环境变量
export OS_TOKEN=ADMIN_TOKEN
######ADMIN_TOKEN,为keystone生成的随机字符串,忘记可以在/etc/keystone/keystone.conf查看
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
创建服务实体和API端点
openstack service create \
--name keystone --description "OpenStack Identity" identity
创建认证服务的 API 端点:
openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3
创建域、项目、用户和角色
创建域
openstack domain create --description "Default Domain" default
创建 admin 项目:
openstack project create --domain default \
--description "Admin Project" admin
创建 admin 用户:
openstack user create --domain default \
--password-prompt admin
#####登陆open stack的账号密码,本次使用ADMIN_PASS
创建 admin 角色:
openstack role create admin
添加admin
角色到 admin 项目和用户上:
openstack role add --project admin --user admin admin
可以重复此过程来创建额外的项目和用户。
因为安全性的原因,关闭临时认证令牌机制
unset OS_TOKEN OS_URL #使用unset删除环境变量
作为 admin 用户,请求认证令牌:
openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
########这个命令使用``admin``用户的密码。
创建 OpenStack 客户端环境脚本
#vi admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
################ADMIN_PASS为admin
用户的密码
使用脚本
. admin-openrc
请求认证令牌
[root@controller ~]# openstack token issue
Missing value auth-url required for auth plugin password
###不执行会报错,类似这样
[root@controller ~]# . admin-openrc
[root@controller ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2022-03-30T02:53:59+0000 |
| id | gAAAAABiQ7g32quUF0FBgL30RpioyZfglm_CbF1AVPZ-TJNu51eYtBHcT5NUXlBkbqR3HHTZ4igXyaBcSmbBagowYB0Mj_poQWDthMyx1ilzBFOtcntkR5iissbGfbfnyULxVuYAHiELGB01PLnPjl1hThKS1cVhgA0CMGCS0dU5tiKNqZTBZFI |
| project_id | 5334aabdc24b4a98aa3fb2b62d943d9b |
| user_id | a347e2913cb14a26b968dd38475be870 |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
2.3.镜像服务
创库,授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE';```
创建glance用户并关联角色
openstack user create --domain default --password GLANCE_PASS glance
openstack role add --project service --user glance admin
创建服务实体和后端api
openstack service create --name glance \
--description "OpenStack Image" image
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
安装软件
yum install openstack-glance -y
配置
cp /etc/glance/glance-api.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
#vi /etc/glance/glance-api.conf
[DEFAULT]
[cors]
[database]
connection = mysql+pymysql://glance:GLANCE@controller/glance
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
cp /etc/glance/glance-registry.conf{,.bak}
grep '^[a-Z\[]' /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
[root@controller ~]# vi /etc/glance/glance-registry.conf
[DEFAULT]
[database]
connection = mysql+pymysql://glance:GLANCE@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
同步数据库,并验证
su -s /bin/sh -c "glance-manage db_sync" glance
mysql -e 'use glance;show tables;'
启动并设置为自启
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service
#验证tcp端口
netstat -lntp|grep -E '9191|9292'
上传镜像验证
下载镜像
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
上传
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
验证
openstack image list
2.4.NOVA计算服务
2.4.1 控制节点
安装、配置控制节点
创建Nova数据库
mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
数据库授权
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA';
获取管理员的CLI命令
. admin-openrc
创建计算服务凭证
openstack user create --domain default --password-prompt nova
##########使用密码NOVA
为nova用户添加角色
openstack role add --project service --user nova admin
创建nova服务实例
openstack service create --name nova \
--description "OpenStack Compute" compute
创建计算API端点
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
创建放置服务用户(placement)
openstack user create --domain default --password-prompt placement
###########使用密码placement
为placement用户添加角色信息
openstack role add --project service --user placement admin
在服务目录中创建Placement API条目
openstack service create --name placement --description "Placement API" placement
创建Placement API服务端点
openstack endpoint create --region RegionOne placement public http://controller:8780
openstack endpoint create --region RegionOne placement internal http://controller:8780
openstack endpoint create --region RegionOne placement admin http://controller:8780
安装软件
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y
配置
cp /etc/nova/nova.conf{,.bak}
grep '^[a-Z\[]' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:rabbit@controller
my_ip = 10.0.0.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:NOVA@controller/nova_api
[barbican]
[cache]
[cells]
[cinder]
os_region_name = RegionOne
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[crypto]
[database]
connection = mysql+pymysql://nova:NOVA@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/run/nova
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
验证
nova-manage cell_v2 list_cells
开机自启动、启动nova服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
端口验证
netstat -tnulp|grep -E '6080|8774|8775'
2.4.2 计算节点部署。。。
安装配置nova
yum install openstack-nova-compute openstack-utils -y
配置
cp /etc/nova/nova.conf{,.bak}
grep '^[a-Z\[]' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
[root@computer ~]# vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:rabbit@controller
my_ip = 10.0.0.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
[cells]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[crypto]
[database]
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA
[libvirt]
[matchmaker_redis]
[metrics]
[mks]
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
启动,自启
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
验证操作
回到控制节点
nova service-list 或者openstack compute service list
获取管理员的CLI命令
. admin-openrc
将计算节点添加至cell数据库种
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
**
三、安装Neutron
3.1 控制节点
3.1.1创建数据库、授权
mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON';
获取管理员的CLI命令
. admin-openrc
3.1.2创建服务凭证
创建Neutron用户
openstack user create --domain default --password-prompt neutron
########使用neutron密码
添加
openstack role add --project service --user neutron admin
创建实例
openstack service create --name neutron \
--description "OpenStack Networking" network
创建网络服务API端点
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
3.1.3配置网络
安装组件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置neutron.conf
[root@controller ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
allow_overlapping_ips = true
transport_url = rabbit://openstack:rabbit@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[agent]
[cors]
[database]
connection = mysql+pymysql://neutron:NEUTRON@controller/neutron
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[matchmaker_redis]
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_messaging_zmq]
[oslo_middleware]
[oslo_policy]
[quotas]
[ssl]
配置ml2_conf.ini
配置模块化第 2 层 (ML2) 插件
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[DEFAULT]
[l2pop]
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_geneve]
[ml2_type_gre]
[ml2_type_vlan]
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
配置linuxbridge_agent.ini
配置 Linux 网桥代理
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[DEFAULT]
[agent]
[linux_bridge]
physical_interface_mappings = provider:ens33
[network_log]
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[vxlan]
enable_vxlan = true
#OVERLAY_INTERFACE_IP_ADDRESS:替换为本机网卡IP
local_ip = 10.0.0.11
l2_population = true
配置筛选
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
配置第三层代理
为自助服务虚拟网络提供路由和 NAT 服务。
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
nterface_driver = linuxbridge
配置DHCP代理
为虚拟网络提供 DHCP 服务
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
配置Compute服务使用Networking服务
vim /etc/nova/nova.conf
##############在nova配置中
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
配置环境
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启服务
systemctl restart openstack-nova-api.service
3.1.4配置启动,自启
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
配置第三层服务开机自启、启动服务
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
3.2 计算节点配置
3.2.1 安装组件
yum install openstack-neutron-linuxbridge ebtables ipset
配置通用组件
[root@computer ~]# vim /etc/neutron/neutron.conf
[database]
connection=mysql+pymysql://neutron:NEUTRON@controller/neutron
[DEFAULT]
transport_url = rabbit://openstack:rabbit@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
3.2.2 配置网络
[root@computer ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
#PROVIDER_INTERFACE_NAME:替换为本机网卡名,eg:ens33
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
#OVERLAY_INTERFACE_IP_ADDRESS:替换为本机网卡IP
local_ip = 10.0.0.12
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置筛选
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
验证。。回到控制节点
. admin-openrc
openstack extension list --network
nova中启用
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
3.2.3 重启,配置开启启动
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
四、安装Horizon
安装Horizon步骤
4.1安装dashboard软件
yum install openstack-dashboard
4.2配置local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', 'two.example.com']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "Asia/Shanghai"
##################################此处为新增
配置openstack-dashboard.conf
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
Alias /dashboard/static /usr/share/openstack-dashboard/static
<Directory /usr/share/openstack-dashboard/openstack_dashboard/wsgi>
Options All
AllowOverride All
Require all granted
</Directory>
<Directory /usr/share/openstack-dashboard/static>
Options All
AllowOverride All
Require all granted
</Directory>
4.3重启服务
systemctl restart httpd.service memcached.service
4.4验证、浏览器登陆
http://controller/dashboard
http://10.0.0.11/dashboard```
登陆选项
domain:default
username:admin
password:ADMIN_PASS
已经成功安装。。
# 安装Cinder
安装、配置存储节点
安装lvm
```bash
yum install lvm2 device-mapper-persistent-data
设置启动,自启
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
创建LVM物理卷
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
配置lvm.conf
vim /etc/lvm/lvm.conf
#存储节点使用LVM (本教程使用这个)
filter = [ "a/sda/", "a/sdb/", "r/.*/"]
#计算节点使用LVM
filter = [ "a/sda/", "r/.*/"]
安装cinder组件
yum install openstack-cinder targetcli python-keystone
配置cinder.conf
[root@cinder ~]# vim /etc/cinder/cinder.conf
# SSL Enabled/Disabled (boolean value)
#use_ssl = false
#
#
#
[database]
connection = mysql+pymysql://cinder:CINDER@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:rabbit@controller
auth_strategy = keystone
my_ip = 10.0.0.13
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = cinder
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
启动,自启动
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
安装、配置控制节点
创建数据库
mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \
IDENTIFIED BY 'CINDER’;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \
IDENTIFIED BY 'CINDER’;
``
创建服务凭证
```bash
. admin-openrc
openstack user create --domain default --password-prompt cinder
################使用密码cinder
openstack role add --project service --user cinder admin
openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 \
--description "OpenStack Block Storage" volumev3
创建块存储服务API端点
创建v2版本的端点
openstack endpoint create --region RegionOne \
volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
volumev2 internal http://controller:8776/v2/%\(project_id\)s`
openstack endpoint create --region RegionOne \
volumev2 admin http://controller:8776/v2/%\(project_id\)s
``
创建v3版本的端点
```bash
openstack endpoint create --region RegionOne \
volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne \
volumev3 internal http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne \
volumev3 admin http://controller:8776/v3/%\(project_id\)s
#安装cinder组件
yum install openstack-cinder
配置cinder.conf
新增
#vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:CINDER@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:rabbit@controller
auth_strategy = keystone
my_ip = 10.0.0.11
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
#project_domain_id = default
#user_domain_id = default
user_domain_name = default
project_domain_name = default
project_name = service
username = cinder
password = cinder
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
同步数据库
su -s /bin/sh -c "cinder-manage db sync" cinder
配置Nova使用块存储
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
启动,自启
ystemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
验证是否成功安装
. admin-openrc
openstack volume service list