部署环境
OpenStack-Train + CentOS 双节点双网卡搭建
CentOS-7-x86_64-DVD-2009 最小化安装
资源分配:
| 主机名 | CPU | 内存 | 硬盘 |
|---|---|---|---|
| controller | 2 | 8G | 50GB |
| compute | 2 | 4G | 100GB |
网络安排:
| 主机名 | 网卡1(ens33)管理网络 | 网卡1(ens34)提供网络 |
|---|---|---|
| controller | 仅主机模式 | NAT模式 |
| compute | 仅主机模式 | NAT模式 |
基础环境配置(都做)
systemctl disable firewalld
systemctl stop firewalld
systemctl status firewalld
禁用和停止防火墙服务
timedatectl set-timezone "Asia/Shanghai"
timedatectl
设置时区为上海
vi /etc/selinux/config
SELINUX=disabled
setenforce 0
getenforce
禁用 SELinux
systemctl disable NetworkManager.service
systemctl stop NetworkManager.service
systemctl status NetworkManager.service
systemctl enable network.service
systemctl restart network.service
systemctl status network.service
禁用 NetworkManager 服务,启用网络服务,并重启网络服务
iptables -F
iptables -X
iptables -Z
systemctl disable iptables.service
systemctl stop iptables.service
systemctl status iptables.service
清空 iptables 规则,停止并禁用 iptables 服务/////////////////////////////////////////////////////////////////////////////////////////
网络配置(controller/compute)
controller
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.0.0.11
PREFIX=24
GATEWAY=10.0.0.10
配置管理网络
vi /etc/sysconfig/network-scripts/ifcfg-ens34
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.100.51
PREFIX=24
GATEWAY=192.168.100.10
DNS1=8.8.8.8
DNS2=114.114.114.114
配置提供网络
systemctl restart network
重启网络服务
ip address
查看 ip 地址
hostnamectl set-hostname controller
bash
修改主机名
echo -e "10.0.0.11 controller\n10.0.0.31 compute" >>/etc/hosts
修改 hosts 配置文件——————————————————————————————————————
compute
vi /etc/sysconfig/network-scripts/ifcfg-ens33
BOOTPROTO=static
ONBOOT=yes
IPADDR=10.0.0.31
PREFIX=24
GATEWAY=10.0.0.10
配置管理网络
vi /etc/sysconfig/network-scripts/ifcfg-ens34
BOOTPROTO=static
ONBOOT=yes
IPADDR=192.168.100.52
PREFIX=24
GATEWAY=192.168.100.10
DNS1=8.8.8.8
DNS2=114.114.114.114
配置提供网络
systemctl restart network
重启网络服务
ip address
查看 ip 地址
hostnamectl set-hostname compute
bash
修改主机名
echo -e "10.0.0.11 controller\n10.0.0.31 compute" >>/etc/hosts
修改 hosts 配置文件——————————————————————————————————————
controller/compute
ping -c 2 controller
ping -c 2 www.163.com
测试连接
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
时间同步(controller/compute)
controller
yum -y install chrony
安装 chrony
vi /etc/chrony.conf
server ntp1.aliyun.com iburst
allow 10.0.0.0/24
添加编辑以上内容
systemctl restart chronyd.service
systemctl enable chronyd.service
重启 chronyd 服务
chronyc sources
查看 NTP 同步源——————————————————————————————————————
compute
yum -y install chrony
安装 chrony
vi /etc/chrony.conf
server 10.0.0.11 iburst
添加编辑以上内容
systemctl restart chronyd.service
systemctl enable chronyd.service
重启 chronyd 服务
chronyc sources
查看 NTP 同步源——————————————————————————————————————
controller/compute
chronyc sources
查看 NTP 同步源
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装openstack软件包(都做)
yum -y upgrade
升级系统软件包
yum -y install centos-release-openstack-train
安装 OpenStack Train 版本源
yum -y install python-openstackclient openstack-selinux
安装 OpenStack 客户端和 SELinux 自动管理 OpenStack 服务安全策略
yum -y install net-tools telnet
\#epel-release
安装辅助检查工具及软件包
openstack --version
查看 OpenStack 版本
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装sql数据库(controller)
yum -y install mariadb mariadb-server python2-PyMySQL
安装数据库软件包
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
修改添加以上配置
systemctl enable mariadb.service
systemctl start mariadb.service
systemctl status mariadb.service
设置默认启动
mysql_secure_installation
配置数据库
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装消息队列(controller)
yum -y install rabbitmq-server
安装rabbitmq软件包
systemctl enable rabbitmq-server
systemctl start rabbitmq-server
systemctl status rabbitmq-server
设置默认启动
rabbitmqctl add_user openstack 000000
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
创建一个名为 openstack 的用户,并设置密码为 000000并授予所有权限
netstat -tnlup
查看网络状态,确认 RabbitMQ 服务已经正常运行
rabbitmqctl list_users
列出所有用户,确认 openstack 用户已经被创建
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装Memcached服务(controller)
yum -y install memcached python-memcached
安装 Memcached 缓存服务及其 Python 库
vi /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
修改添加以上配置
systemctl enable memcached.service
systemctl start memcached.service
systemctl status memcached.service
设置默认启动
netstat -tnlup
查看网络状态,确认 Memcached 服务已经正常运行
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装Etcd服务(controller)
yum -y install etcd
安装 etcd 分布式键值存储系统
cp /etc/etcd/etcd.conf{,.bak}
备份
vi /etc/etcd/etcd.conf
[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.0.0.11:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_NAME="controller"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.0.0.11:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.0.0.11:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.0.0.11:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
修改添加以上配置
systemctl enable etcd
systemctl start etcd
systemctl status etcd
设置默认启动
netstat -tnlup
查看网络状态,确认 etcd 服务已经正常运行
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装keystone(controller)
mysql -uroot -p000000
create database IF NOT EXISTS keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
flush privileges;
exit;
创建数据库并授权
yum -y install openstack-keystone httpd mod_wsgi
安装 openstack-keystone、httpd 和 mod_wsgi
cp /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
备份生成新配置文件
vi /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:000000@controller/keystone
[token]
provider = fernet
修改添加以上配置
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化填充 keystone 数据库
mysql -uroot -p000000 -e 'use keystone; show tables;'
查看是否成功填充
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
生成令牌及证书
keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3 --bootstrap-internal-url http://controller:5000/v3 --bootstrap-public-url http://controller:5000/v3 --bootstrap-region-id RegionOne
初始化 keystone 数据库,创建管理员账户,并为该账户创建 API 访问端点
vi /etc/httpd/conf/httpd.conf
ServerName controller
修改添加以上配置
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
创建软链接
systemctl enable httpd
systemctl start httpd
设置默认启动
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_DOMAIN_NAME=default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
设置临时环境变量
openstack project create --domain default --description "Service Project" service
创建项目
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password 000000 demo
openstack role create user
openstack role add --project demo --user demo user
创建项目,用户...
unset OS_AUTH_URL OS_PASSWORD
取消临时环境变量
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
使用管理员账户发放令牌
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name demo --os-username demo token issue
使用普通用户账户发放令牌
vi /root/admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
修改添加以上配置
vi /root/demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
修改添加以上配置
. admin-openrc
载入OpenStack管理员环境变量
openstack token issue
发放令牌
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstack catalog list
openstack endpoint list
打印服务列表
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装glance(controller)
mysql -uroot -p000000
create database IF NOT EXISTS glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';
flush privileges;
exit;
创建数据库并授权
. admin-openrc
载入OpenStack管理员环境变量
openstack user create --domain default --password 000000 glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
创建用户及服务
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
创建API端点
yum -y install openstack-glance
安装OpenStack的Glance镜像服务
cp /etc/glance/glance-api.conf{,.bak}
grep -Ev '^$|#' /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
备份生成新配置文件
vi /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 000000
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
修改添加以上配置
su -s /bin/sh -c "glance-manage db_sync" glance
初始化填充 glance 数据库
mysql -uroot -p000000 -e 'use glance;show tables;'
查看是否成功填充
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
systemctl status openstack-glance-api.service
设置默认启动
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstack catalog list
openstack endpoint list
打印服务列表
yum -y install wget
安装wget命令
. admin-openrc
载入OpenStack管理员环境变量
wget --no-check-certificate https://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
下载cirros测试镜像文件
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
创建名为cirros的测试镜像
openstack image list
列出所有镜像列表
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装placement(controller)
mysql -uroot -p000000
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '000000';
flush privileges;
exit;
创建数据库并授权
. admin-openrc
载入OpenStack管理员环境变量
openstack user create --domain default --password 000000 placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
创建用户及服务
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
创建API端点
yum -y install openstack-placement-api
安装OpenStack的Placement API服务
cp /etc/placement/placement.conf{,.bak}
grep -Ev '^$|#' /etc/placement/placement.conf.bak > /etc/placement/placement.conf
备份生成新配置文件
vi /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:000000@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = 000000
修改添加以上配置
su placement -s /bin/sh -c "placement-manage db sync"
初始化填充 placement 数据库
vi /etc/httpd/conf.d/00-nova-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
修改添加以上配置
mysql -uroot -p000000 -e 'use placement;show tables;'
查看是否成功填充
systemctl restart httpd
systemctl status httpd
重启 httpd 服务使更改生效
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstack catalog list
openstack endpoint list
打印服务列表
. admin-openrc
载入OpenStack管理员环境变量
placement-status upgrade check
检查Placement API的升级情况
yum -y install python-pip
pip install osc-placement==3.0.1
安装 osc-placement 模块
systemctl restart httpd
重启 httpd 服务使更改生效
\#openstack --os-placement-api-version 1.2 resource class list --sort-column name
\#openstack --os-placement-api-version 1.6 trait list --sort-column name
\#列出可用的资源类和特征
placement-status upgrade check
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装nova(controller/compute)
controller
mysql -uroot -p000000
create database IF NOT EXISTS nova;
create database IF NOT EXISTS nova_api;
create database IF NOT EXISTS nova_cell0;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '000000';
flush privileges;
exit;
创建数据库并授权
. admin-openrc
载入OpenStack管理员环境变量
openstack user create --domain default --password 000000 nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
创建用户及服务
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
创建API端点
yum -y install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
安装openstack-nova-api、openstack-nova-conductor、openstack-nova-novncproxy、openstack-nova-scheduler四个组件
cp /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
备份生成新配置文件
vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip = 10.0.0.11
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:000000@controller/nova_api
[database]
connection = mysql+pymysql://nova:000000@controller/nova
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = default
project_name = service
auth_type = password
user_domain_name = default
auth_url = http://controller:5000/v3
username = placement
password = 000000
修改添加以上配置
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
初始化填充 nova 数据库
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl status openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
重启 nova 服务使更改生效
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstack catalog list
openstack endpoint list
打印服务列表——————————————————————————————————————
compute
yum -y install qemu-img
modprobe ipmi_devintf
modprobe ipmi_msghandler
安装 qemu-img 工具,启用模块
yum -y install openstack-nova-compute
安装openstack-nova-compute组件
cp /etc/nova/nova.conf{,.bak}
grep -Ev '^$|#' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
备份生成新配置文件
vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip = 10.0.0.31
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/v3
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://10.0.0.11:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = default
project_name = service
auth_type = password
user_domain_name = default
auth_url = http://controller:5000/v3
username = placement
password = 000000
修改添加以上配置
egrep -c '(vmx|svm)' /proc/cpuinfo
检查虚拟化支持情况,如果返回值为0则配置修改以下
vi /etc/nova/nova.conf
[libvirt]
virt_type = qemu
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
重启 nova 服务使更改生效——————————————————————————————————————
controller
. admin-openrc
载入OpenStack管理员环境变量
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
在Cell v2中发现可用的计算节点,并将其添加到资源池中
openstack compute service list --service nova-compute
打印当前运行的nova-compute服务列表
vi /etc/nova/nova.conf
[scheduler]
discover_hosts_in_cells_interval = 60
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstack catalog list
openstack endpoint list
打印服务列表
nova-status upgrade check
检查服务升级状态——————————————————————————————————————
controller/compute
关机打快照/////////////////////////////////////////////////////////////////////////////////////////
安装neutron(controller/compute(二层))
这个是安装二层网络服务与下面安装三层网络服务二选一
controller/compute
ifconfig ens34 promisc
echo "ifconfig ens34 promisc" >> /etc/profile
ping -c 2 controller
ping -c 2 compute——————————————————————————————————————
controller
mysql -uroot -p000000
create database IF NOT EXISTS neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';
flush privileges;
exit;
. admin-openrc
openstack user create --domain default --password 000000 neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
cp /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
cp /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak> /etc/neutron/dhcp_agent.ini
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
cp /etc/neutron/metadata_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000
vi /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service——————————————————————————————————————
compute
yum -y install openstack-neutron-linuxbridge ebtables ipset
cp /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
vi /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
vi /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service——————————————————————————————————————
controller
. admin-openrc
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstak catalog list
openstack endpoint list
打印服务列表
openstack network agent list——————————————————————————————————————
controller/compute
关机打快照
/////////////////////////////////////////////////////////////////////////////////////////
安装neutron(controller/compute(三层))
这个是安装三层网络服务与上面安装二层网络服务二选一
controller
mysql -uroot -p000000
create database IF NOT EXISTS neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';
flush privileges;
exit;
. admin-openrc
openstack user create --domain default --password 000000 neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
cp /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
vi /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
vi /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.51
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
cp /etc/neutron/l3_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
vi /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
cp /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
cp /etc/neutron/metadata_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000
vi /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl status openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service——————————————————————————————————————
compute
yum -y install openstack-neutron-linuxbridge ebtables ipset
cp /etc/neutron/neutron.conf{,.bak}
grep -Ev '^$|#' /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
vi /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^$|#' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
[vxlan]
enable_vxlan = true
local_ip = 192.168.100.52
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vi /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
modprobe br_netfilter
sysctl -p
vi /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
systemctl restart openstack-nova-compute.service
systemctl status openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
systemctl restart neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service——————————————————————————————————————
controller
. admin-openrc
netstat -tnlup
查看网络状态,确认服务已经正常运行
openstack service list
openstack catalog list
openstack endpoint list
打印服务列表
openstack extension list --network
openstack network agent list
openstack network create --share --external --provider-network-type flat --provider-physical-network provider net-ext
openstack network create --share --internal --provider-network-type vxlan --provider-segment 10 net-int
openstack subnet create --subnet-range 192.168.100.0/24 --gateway 192.168.100.1 --allocation-pool start=192.168.100.100,end=192.168.100.250 --network net-ext ext-sub1
openstack subnet create --subnet-range 192.168.30.0/24 --gateway 192.168.30.1 --allocation-pool start=192.168.30.100,end=192.168.30.200 --network net-int int-sub1
openstack router create router
openstack router set router --external-gateway net-ext
openstack router add subnet router int-sub1
openstack flavor create --ram 1024 --disk 5 --vcpus 1 test
openstack flavor list
openstack network list
openstack image list
openstack server create --flavor test --image cirros --nic net-id=net-ext test1
openstack console url show test1
openstack server create --flavor test --image cirros --nic net-id=net-int test2
openstack console url show test2/////////////////////////////////////////////////////////////////////////////////////////
安装horizon(controller)
yum -y install openstack-dashboard
安装 OpenStack Dashboard 包
cp /etc/openstack-dashboard/local_settings{,.bak}
备份配置文件
vi /etc/openstack-dashboard/local_settings
ALLOWED_HOSTS = ['*']
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
WEBROOT = '/dashboard'
TIME_ZONE = "Asia/Shanghai"
修改添加以上配置
OPENSTACK_NEUTRON_NETWORK = {
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
二层网络额外修改添加以上配置,三层网络不管
sudo python /usr/share/openstack-dashboard/manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
生成 Apache Web 服务器的配置文件
ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
创建一个软链接
vi /etc/httpd/conf.d/openstack-dashboard.conf
\#WSGIApplicationGroup % {GLOBAL}
WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi.py
Alias /dashboard/static /usr/share/openstack-dashboard/static
修改添加以上配置
systemctl enable httpd.service
systemctl restart httpd.service
systemctl status httpd.service
重启 httpd 服务使更改生效