OpenStack部署(未完成)
2024-05-11 08:24:15
1. 部署准备
1.1 拓扑结构
1.2 基础配置
1.2.1
2. keystone服务
在controller node上
2.1 建库keystone授权
mysql -e "CREATE DATABASE keystone;"
mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';"
mysql -e "flush privileges;"
#### 2.2 安装keystone服务及配套工具```bash
#此处需要epel源和base源倒换
yum install openstack-keystone httpd mod_wsgi openstack-utils -y
2.3 配置keystone组件
cp /etc/keystone/keystone.conf{,.bak}
grep -Ev '^$|#' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf#配置为登录方式为令牌
openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN_TOKEN
#配置数据库
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
#配置Fernet token provider
openstack-config --set /etc/keystone/keystone.conf token provider fernet
2.4 同步数据库、初始化始化Fernet key
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
2.5 配置httpd wsgi
echo "ServerName controller" >> /etc/httpd/conf/httpd.conf
cp /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl start httpd && systemctl enable httpd
2.6 启动服务
systemctl start httpd && systemctl enable httpd
2.7 创建服务并注册端口
#设置临时变量
export OS_TOKEN=ADMIN_TOKEN
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
openstack service create --name keystone --description "OpenStatck Identity" identity
openstack endpoint create --region RgionOne identity public http://controller:5000/v3
openstack endpoint create --region RgionOne identity internal http://controller:5000/v3
openstack endpoint create --region RgionOne identity admin http://controller:5000/v3
2.8 创建域\项目\用户\租户,并关联角色
openstack domain create --description "Default Domain" default
openstack project create --domain default --description "Admin Project" admin
openstack user create --domain default --description "Admin user" --password ADMIN_PASS admin
openstack role create admin
openstack role add --project admin --user admin admin
2.9 创建自启动变量脚本
vim /etc/profile.d/admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
echo "source /etc/profile.d/admin-openrc" >>/etc/bashrc
2.10 验证认证服务
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
#此时检查不到信息
openstack user list
openstack domain list
openstack project list
openstack endpoint list
openstack token issue
netstat -tulp|grep 25074
3. glance服务
在controller node上
3.1 建库glance授权
mysql -e "CREATE DATABASE glance;"
mysql -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'; "
mysql -e "flush privileges;"
#验证
mysql -e "SELECT DISTINCT User FROM mysql.user;"
3.2 创建用户/服务,并注册端口
openstack user create --domain default --description "glance user" --password GLANCE_PASS glance
openstack project create --domain default --description "service Project" service
openstack role add --project service --user glance adminopenstack service create --name glance --description "OpenStatck image" image
openstack endpoint create --region RgionOne image public http://controller:9292
openstack endpoint create --region RgionOne image internal http://controller:9292
openstack endpoint create --region RgionOne image admin http://controller:9292
3.3 验证
openstack role assignment list
openstack role list
openstack user list
openstack project list
3.3 安装和配置组件
3.3.1 安装组件
yum install openstack-glance -y
3.3.2 配置组件 glance-api
#配置数据库
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
#配置本地文件系统存储和映像文件的位置
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
#配置认证服务访问
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
3.3.3 配置组件 glance-registry
#配置数据库
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
#配置认证服务访问
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password GLANCE_PASS
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
3.4 同步及验证数据库
3.4.1 同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
3.4.2 验证数据库
mysql -e "show tables;" glance
3.5 启动验证服务
3.5.1 启动服务
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
netstat -tulp|grep 9292
上传cirros-0.3.4-x86_64-disk到10.0.0.11
或者wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
3.5.1 验证服务
openstack image list
openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
openstack image list
ll /var/lib/glance/images/
4. compute服务
在controller node
4.1 建库授权
mysql -e "CREATE DATABASE nova_api;"
mysql -e "CREATE DATABASE nova;"
mysql -e "CREATE DATABASE nova_cell0;"mysql -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';"
mysql -e "flush privileges;"
#验证
mysql -e "SELECT DISTINCT User FROM mysql.user;"
4.2 创建用户/服务并注册端口
#创建计算用户nova
openstack user create --domain default --description "nova user" --password NOVA_PASS nova
#关联用户nova为admin角色
openstack role add --project service --user nova admin
#注册nova api端点
openstack service create --name nova --description "OpenStatck compute" compute
openstack endpoint create --region RgionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RgionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RgionOne compute admin http://controller:8774/v2.1
#创建placement服务用户
openstack user create --domain default --description "placement user" --password NOVA_PASS placement
#关联placement用户为admin角色
openstack role add --project service --user placement admin
#注册placement api端点
openstack service create --name placement --description "Placement api" placement
#创建Placement API服务端点
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
4.3 安装组件
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
4.4 配置组件
cp /etc/nova/nova.conf{,.bak}#启用计算和元数据API
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
#使用控制节点的管理接口IP地址配置my_ip选项
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.11
#启用对网络服务的支持
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
#配置数据库访问
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:NOVA_DBPASS@controller/nova
#配置Image服务API的位置
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#配置VNC
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'#配置placement-api
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password NOVA_PASS
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
4.5 修复placement-api bug
vim /etc/httpd/conf.d/00-nova-placement-api.conf
Listen 8778
<VirtualHost *:8778>WSGIProcessGroup nova-placement-apiWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization OnWSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=novaWSGIScriptAlias / /usr/bin/nova-placement-api<IfVersion >= 2.4>ErrorLogFormat "%M"</IfVersion>ErrorLog /var/log/nova/nova-placement-api.log #增加内容开始<Directory /usr/bin><IfVersion >= 2.4>Require all granted</IfVersion><IfVersion < 2.4>Order allow,denyAllow from all</IfVersion></Directory>#增加内容结束#SSLEngine On#SSLCertificateFile ...#SSLCertificateKeyFile ...
</VirtualHost>Alias /nova-placement-api /usr/bin/nova-placement-api
<Location /nova-placement-api>SetHandler wsgi-scriptOptions +ExecCGIWSGIProcessGroup nova-placement-apiWSGIApplicationGroup %{GLOBAL}WSGIPassAuthorization On
</Location>#重启httpd
systemctl restart httpd
4.6 同步数据库
#同步nova-api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
#注册cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#创建cell1 cell
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#同步nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
#验证 nova、 cell0、 cell1数据库是否注册正确
nova-manage cell_v2 list_cells
#验证
mysql -e "show tables" nova_api
mysql -e "show tables" nova
4.7 启动服务
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#验证
openstack compute service list
nova service-list
#vnc访问http://10.0.0.11:6080
4.8 安装配置计算节点compute服务
在compute1 node
4.8.1 安装服务
yum install openstack-nova-compute openstack-utils -y
4.8.2 配置服务
cp /etc/nova/nova.conf{,.bak}#启用计算和元数据API
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
#配置认证服务访问策略
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
#使用控制节点的管理接口IP地址配置my_ip选项
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.0.31
#启用对网络服务的支持
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
#配置Image服务API的位置
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
#配置RabbitMQ 消息队列
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#配置VNC
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address '$my_ip'
openstack-config --set /etc/nova/nova.conf vnc ovncproxy_base_url http://controller:6080/vnc_auto.html
#配置硬件加速
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
# egrep -c '(vmx|svm)' /proc/cpuinfo 为0,必须配置libvirt才能使用QEMU而不是KVM,virt_type = qemu
#配置placement-api
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password NOVA_PASS
#配置认证服务访问
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
4.8.3 启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
4.8.4 查看日志
tail -f /var/log/nova/nova-compute.log
4.7 添加compute节点到cell数据库
在controller node上
#验证有几个计算节点在数据库中
openstack compute service list --service nova-compute
#发现计算节点
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
/etc/nova/nova.conf中设置适当的时间间隔
[scheduler]
discover_hosts_in_cells_interval = 300
4.8 验证计算服务
在controller node上
#列出服务组件以验证每个进程成功启动和注册
openstack compute service list
#列出身份服务中的API端点以验证与身份服务的连接
openstack catalog list
#列出Image服务中的镜像以验证与Image服务的连通性
openstack image list
#检查cells和placement API是否正常运行
nova-status upgrade check
5. neutron服务
在controller node上
5.1 创建数据库
mysql -e "CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
5.2 创建neutron用户
openstack user create --domain default --description "neutron user" --password NEUTRON_PASS neutron
5.3 添加admin角色到neutron用户
openstack role add --project service --user neutron admin
5.4 注册neutron
openstack service create –name neutron -description “OpenStack Networking” network
5.5 创建网络注册neutron服务API端点
openstack endpoint create –region RegionOne network public http://controller:9696
openstack endpoint create –region RegionOne network internal http://controller:9696
openstack endpoint create –region RegionOne network admin http://controller:9696
5.6 安装组件
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
5.7 配置组件
5.7.1 公共组件配置
cp /etc/neutron/neutron.conf{,.bak}
grep -Ev ^[a-z] /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf#启用模块化第2层(ML2)插件,路由器服务和overlapping IP addresses
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
#配置消息队列类型
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
#配置认证服务访问策略
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
#配置计算服务网络通知状态及更改
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
#配置认证服务访问
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
#配置计算网络拓扑
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
#配置消息队列
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#*
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
#配置RabbitMQ消息队列访问
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
5.7.2 网络二层插件配置
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep -Ev ^[a-z] /etc/neutron/plugins/ml2/ml2_conf.ini.bak>/etc/neutron/plugins/ml2/ml2_conf.ini#启用 flat, VLAN, and VXLAN 网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
#启用VXLAN 自助服务网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
#启用Linux网桥和第2层集群机制
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
# 启用端口安全扩展驱动程序
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
#将提供者虚拟网络配置为扁平网络
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
#启用ipset以提高安全组规则的效率
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
#*
#为自助服务网络配置VXLAN网络标识符范围
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
5.7.3 linux网桥代理配置
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini#将提供者虚拟网络映射到提供者物理网络接口ens33
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
#启用安全组并配置Linux网桥iptables防火墙驱动程序
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#启用vxlan隧道网络,配置处理隧道网络的物理网络接口的IP地址,并启用layer-2 population
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
#* 如果是true,需要配置隧道网络,也就是自助服务网络,需要设置第二块物理网卡,172.16.80.1为外网同网段地址,虚拟机需要桥接
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 172.16.80.1
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
5.7.4 验证所有SysTL值设置为1以确保Linux操作系统内核支持网桥过滤器
vim /usr/lib/sysctl.d/00-system.conf net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1
sysctl -p
5.7.5 三层代理配置
cp /etc/neutron/l3_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini#*
#配置Linux网桥接口驱动程序和外部网络桥接器
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
5.7.6 DHCP代理配置
cp /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini# 配置Linux网桥接口驱动程序,Dnsmasq DHCP驱动程序,并启用隔离的元数据,以便提供商网络上的实例可以通过网络访问元数据
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
5.7.7 metadata配置
cp /etc/neutron/metadata_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.iniopenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
5.7.8 配置计算服务使用网络服务
#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
5.8 启动服务
5.8.1 网络服务初始化脚本需要一个指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini的符号链接/etc/neutron/plugin.ini
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
5.8.2 同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
5.8.3 重启compute API服务
systemctl restart openstack-nova-api.service
5.8.4 启动网络服务
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
5.8.5 启动第三层服务(网络服务的第二个选项,自助服务网络`)
systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service
5.9 在compute节点安装网络服务
在compute1 node上
5.9.1 安装组件
yum install openstack-neutron-linuxbridge ebtables ipset
5.9.2 公共组件配置
cp /etc/neutron/neutron.conf{,.bak}
grep -Ev ^[a-z] /etc/neutron/neutron.conf.bak>/etc/neutron/neutron.conf#配置消息队列类型
openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
#配置认证服务访问策略
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone# 配置认证服务访问
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password NEUTRON_PASS
#配置计算网络拓扑
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password NOVA_PASS
#配置锁定路径
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
#配置消息队列
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password RABBIT_PASS
#*
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
#配置RabbitMQ消息队列访问
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:RABBIT_PASS@controller
5.9.3 Linux网桥配置
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev '^[a-z]' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak>/etc/neutron/plugins/ml2/linuxbridge_agent.ini#将提供者虚拟网络映射到提供者物理网络接口ens33
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:ens33
#启用安全组并配置Linux网桥iptables防火墙驱动程序
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#启用vxlan隧道网络,配置处理隧道网络的物理网络接口的IP地址,并启用layer-2 population
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
#* 如果是true,需要配置隧道网络,也就是自助服务网络,需要设置第二块物理网卡,172.16.80.1为外网同网段地址,虚拟机需要桥接
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 172.16.80.2
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
5.9.4 配置计算服务使用网络服务
#/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password NEUTRON_PASS
5.9.5 验证所有SysTL值设置为1以确保Linux操作系统内核支持网桥过滤器
vim /usr/lib/sysctl.d/00-system.conf net.bridge.bridge-nf-call-iptables=1net.bridge.bridge-nf-call-ip6tables=1
sysctl -p
5.9.6 重启compute服务
systemctl restart openstack-nova-compute.service
5.9.7 设置网桥服务开机启动
systemctl enable neutron-linuxbridge-agent.service && systemctl start neutron-linuxbridge-agent.service
6. Horizon服务
6.1 安装
在compute1上
yum install openstack-dashboard -y
6.2 配置
6.2.1 setting
vim /etc/openstack-dashboard/local_settings
#配置仪表板以在controller节点上使用OpenStack服务
OPENSTACK_HOST = "controller"
#允许访问仪表板的主机地址,可以为域名和地址,逗号隔开
ALLOWED_HOSTS = ['*']
#配置memcache会话存储服务
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {'default': {'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache','LOCATION': 'controller:11211',}
}
#开启身份认证API 版本v3
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
#启用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
#配置API版本
OPENSTACK_API_VERSIONS = {"identity": 3,"image": 2,"volume": 2,
}
#配置Default为您通过仪表板创建的用户的默认域:
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
#将用户配置为通过仪表板创建的用户的默认角色:
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#配置时区
TIME_ZONE = "Asia/Shanghai"
6.2.2 conf
vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
6.3 启动服务
systemctl restart httpd.service memcached.service
————Blueicex 2021/10/26 14:04 blueice1980@126.com
OpenStack部署(未完成)相关推荐
- OpenStack部署
OpenStack部署 一.主要组件 Horizon:用于管理Openstack各种服务的.基于web的管理接 口:通过图形界面实现创建用户.管理网络.启劢实例等操作. Keystone:为其他服务提 ...
- Kolla 让 OpenStack 部署更贴心
目录 目录 Kolla 简介 Kolla & Kolla-ansible 部署 OpenStack 准备操作系统基础环境 准备 Python 基础环境 准备 Docker 基础环境 安装 ko ...
- Openstack部署工具
Openstack发展很猛,很多朋友都很认同,2013年,会很好的解决OpenStack部署的问题,让安装,配置变得更加简单易用. 很多公司都投入人力去做这个,新浪也计划做一个Openstack的is ...
- OpenStack 部署运维实战
OpenStack 简介 OpenStack 是一个开源的 IaaS 实现,它由一些相互关联的子项目组成,主要包括计算.存储.网络.由于以 Apache 协议发布,自 2010 年项目成立以来,超过 ...
- 网易OpenStack部署运维实战
防伪码:没有所谓的命运,只有不同的选择. OpenStack简介 OpenStack 是一个开源的 IaaS 实现,它由一些相互关联的子项目组成,主要包括计算.存储.网络. 由于以 Apache 协议 ...
- OpenInfra 十一年:OpenStack 部署规模超 2500 万计算核心
后疫情时代下,产生海量在线需求,越来越多金融.政府.教育.通信和医疗保健等上云业务需依赖现代云基础设施来正常运行.其中开源提供了一种更具成本效益的开发方式,据最新<2021 年度 Octover ...
- OpenStack部署之Placement项目(7-4)
OpenStack部署之Placement项目(7-4) 一.Placement概述 二.OpenStack-Placement组件部署 1.创建数据库实例和数据库用户 2.创建Placement服务 ...
- OpenStack部署及创建云主机实例
这里使用 Packstack 工具安装,Packstack是一个实用程序,它使用Puppet 模块在多个预安装的服务器上自动部署 OpenStack 的各个部分SSH. 备注:Packstack 仅适 ...
- 《OpenStack部署实践》
<OpenStack部署实践> 基本信息 作者: 张子凡 丛书名: 图灵原创 出版社:人民邮电出版社 ISBN:9787115346797 上架时间:2014-2-27 出版日期:2014 ...
- OpenStack部署(二、Keystone)
OpenStack部署(二.Keystone) 一.Keystone概述 1. 身份服务 2. 功能 二.Keystone组件部署 1. 创建数据库实例和用户 2. 安装mod_wsgi包 3. 指定 ...
最新文章
- 计算机学院会会,学生分会——计算机学院学生会
- 错误:cl: 命令行 error D8021 :无效的数值参数“/Wno-cpp”
- Intent跳转到系统应用中的拨号界面、联系人界面、短信界面及其他
- python 用户认证_Python使用LDAP做用户认证的方法
- 数据结构与算法 / 霍夫曼树、霍夫曼编码和解码
- 怎么安装SharePoint2013 preview 在SQL2012 和 Windows Server 2008 R2 SP1
- spring social_Spring Social入门
- unzip不能解压mysql的zip_Linux中zip压缩和unzip解压缩命令详解
- 计算机考研379分,考研379分报考南开大学被刷,是调剂还是二战?师姐建议非常肯定...
- 动态规划求一个序列的最长回文子序列(Longest Palindromic Substring )
- git(6)---Repo 命令参考资料
- Java 的 ArrayList 的底层数据结构
- OSPF默认选举DR/BDR得判断流程
- iOS 中 常用的第三方库
- Atitit.软件GUI按钮与仪表盘(01)--js区-----js格式化的使用
- docker安装nexus3
- ffmpeg命令分析-ss
- 2018百度之星初赛(A) 1003、1002、1001
- HMI-47-【多媒体】Title界面实现 2
- Vue项目中750设计稿px自动转化成rem方法(小白一个,记录自己遇到的小白问题,大家勿怪)