Centos 安装OpenStack
准备工作:
配置网络
1、controller node
# hostname controller
# vi /etc/sysconfig/network-scripts/ifcfg-enp0s25
TYPE="Ethernet"
BOOTPROTO=static
DEFROUTE="yes"
PEERDNS="no"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="enp0s25"
UUID="b72d4b61-6854-4f8b-9dc5-45759fd8fbb4"
DEVICE="enp0s25"
ONBOOT="yes"
IPADDR=192.168.20.61
GATEWAY=192.168.20.253
NETMASK=255.255.255.0
DNS1=192.168.20.253 |
nameserver 192.168.20.253 |
# vi /etc/hosts (内容如下)
#controller
192.168.20.61 controller
#compute
192.168.10.10 compute
#network
192.168.10.11 network
|
2、compute node
# hostname compute
# vi /etc/sysconfig/network-scripts/ifcfg-em1 (内容如下)
TYPE="Ethernet"
BOOTPROTO=static
DEFROUTE="yes"
PEERDNS="no"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="em1"
UUID="55a3caad-3f76-4c9d-b9f9-ecf1f605605b"
DEVICE="em1"
ONBOOT="yes"
IPADDR=192.168.20.71
GATEWAY=192.168.20.253
NETMASK=255.255.255.0
DNS1=192.168.20.253 |
TYPE="Ethernet"
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=no
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=em2
UUID=e70f8f6d-d773-4cd4-b9a5-e4e0996027a0
DEVICE=em2
ONBOOT=yes
IPADDR=192.168.10.10
NETMASK=255.255.255.0
DNS1=192.68.10.253 |
nameserver 192.168.20.253
nameserver 192.168.10.253 |
# service network restart
#systemctl disable firewalld.service
#systemctl disable iptables.service
# vi /etc/hosts (内容如下)
#compute
192.168.10.10 compute
#controller
192.168.20.61 controller
#network
192.168.10.11 network
|
3、Network node
# hostname network
# vi /etc/sysconfig/network-scripts/ifcfg-em1 (内容如下)
TYPE="Ethernet"
BOOTPROTO=static
DEFROUTE="yes"
PEERDNS="no"
PEERROUTES="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_PEERDNS="yes"
IPV6_PEERROUTES="yes"
IPV6_FAILURE_FATAL="no"
NAME="em1"
UUID=6c395f65-9036-4a73-a236-0b731010b6bd
DEVICE="em1"
ONBOOT="yes"
IPADDR=192.168.20.81
GATEWAY=192.168.20.253
NETMASK=255.255.255.0
DNS1=192.168.20.253 |
TYPE="Ethernet"
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=no
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=em2
UUID=fcb0fc98-1992-4b65-af2e-8b8943ecaf7e
DEVICE=em2
ONBOOT=yes
IPADDR=192.168.10.11
NETMASK=255.255.255.0
DNS1=192.68.10.253 |
# vi /etc/sysconfig/network-scripts/ifcfg-em3 (内容如下)
TYPE=Ethernet
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=em3
UUID=1b6ed349-f33d-444f-b57a-ee22a0fc3a3c
DEVICE=em3
ONBOOT=yes
nameserver 192.168.20.253
nameserver 192.168.10.253 |
# service network restart
#systemctl disable firewalld.service
#systemctl disable iptables.service
# vi /etc/hosts (内容如下)
#network
192.168.10.11 network
#compute
192.168.10.10 compute
#controller
192.168.20.61 controller
|
- NTP
编辑/etc/ntp.conf 中的文件
server NTP_SERVER iburst
restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify
# systemctl status ntpd.service 查看ntp服务状态
用一个合适的更准确的主机名或 IP 地址的 NTP 服务器(time.nist.gov),替换 NTP_SERVER。
其他两个节点
安装 NTP 服务 # yum install ntp
配置 NTP 服务 配置网络和计算节点,以引用控制器节点。
1、编辑/etc/ntp.conf 中的文件
server controller iburst
2、启动 NTP 服务,并将其配置为随系统自启动 # systemctl enable ntpd.service
# systemctl start ntpd.service
1、控制器节点上运行此命令
# ntpq -c peers
2、控制器节点上运行此命令
# ntpq -c assoc
3、其他节点上运行下面命令
# ntpq -c peers
# ntpq -c assoc
- Openstack包
- LVM;
- 网络设置:禁用所有自动化网络管理工具并手动设置网络(在我们这次的部署过程中,管理网段和外网网段合并使用em1:192.168.20.0/24,内网网段使用em2:192.168.10.0/24);
# service NetworkManager stop
# service network start # chkconfig NetworkManager off # chkconfig network on
# service firewalld stop
# service iptables start
# chkconfig firewalld off
# chkconfig iptables on |
- Database
- [mysqld] bind-address,设置为控制节点的管理网段ip;
- [mysqld] 启用innoDB、UTF-8字符集等;
[mysqld]
...
bind-address = 192.168.20.61
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
# mysql_secure_installation 将root密码设置为Password
(修改root密码 mysqladmin -u root password 'password' )
- 消息队列
- Keystone服务
# mysql -uroot -pPassword
MariaDB [(none)]>CREATE DATABASE keystone;
MariaDB [(none)]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'Password';
MariaDB [(none)]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Password';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>exit
- 创建管理员token
[DEFAULT]
...
admin_token = 158c551024e458b3ec2e
verbose = True
[database]
...
connection = mysql://keystone:Password@192.168.20.61/keystone
[token] ... provider = keystone.token.providers.uuid.Provider driver = keystone.token.persistence.backends.sql.Token
[revoke] ... driver = keystone.contrib.revoke.backends.sql.Revoke 创建通用的证书和密钥,并限制访问相关文件
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone
# chown -R keystone:keystone /var/log/keystone
# chown -R keystone:keystone /etc/keystone/ssl
# chmod -R o-rwx /etc/keystone/ssl
- 创建keystone数据表
- 启动keystone服务
# systemctl start openstack-keystone.service
- 增加定时任务,定期清除过期token(此前安装时忽略此步,会导致服务器长期运行后,出现性能下降事件)
# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone
- 创建用户、租户和服务
得到租户id:31045c03943a48de8e06ca7d2e8adcda
得到租户id:8292f77845454135b7836e3323a34f03
# keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') --publicurl http://192.168.20.61:5000/v2.0 --internalurl http://192.168.20.61:5000/v2.0 --adminurl http://192.168.20.61:35357/v2.0 --region regionOne
得到的链接ID:4a5bcdeeb223400bbc3c5900c449300b
验证服务
# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT
# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 token-get
# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 user-list
# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 role-list
# keystone --os-username demo --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 token-get
# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 user-list
运行成功,但发现id格式为PKI,修改/etc/keystone/keystone.conf
# vi /etc/keystone/keystone.conf
[signing]
……
#token_format=<None>
token_format=UUID
重启openstack-keystone服务,再次运行token-get命令,获得uuid格式的token-id
# systemctl restart openstack-keystone.service
# keystone --os-username=admin --os-password=ADMIN_PASS --os-auth-url=http://192.168.20.61:35357/v2.0 token-get
创建rc文件
#mkdir rc
# vim rc/openrc
export OS_USERNAME=admin
export OS_PASSWORD=Password export OS_TENANT_NAME=admin export OS_AUTH_URL=http://192.168.20.61:35357/v2.0
创建rc文件
# vim rc/demo-openrc
export OS_USERNAME=demo
export OS_PASSWORD=Password export OS_TENANT_NAME=demo
export OS_AUTH_URL=http://192.168.20.61:35357/v2.0
然后可以在执行
# source rc/openrc
后执行openstack的各项命令时忽略--os-username等参数。
|
- Glance服务
- 安装glance服务本身和客户端
# mysql -uroot -pPassword123!
MariaDB [(none)]>CREATE DATABASE glance;
MariaDB [(none)]>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'Password';
MariaDB [(none)]>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Password';
MariaDB [(none)]>FLUSH PRIVILEGES;
MariaDB [(none)]>exit
- 注册服务
# keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://192.168.20.61:9292 --internalurl=http://192.168.20.61:9292 --adminurl=http://192.168.20.61:9292 --region regionOne
[DEFAULT]
...
verbose = True
notification_driver = noop
[keystone_authtoken]
...
auth_uri = http://192.168.20.61:5000/v2.0
identity_uri = http://192.168.20.61:35357
admin_tenant_name = service
admin_user = glance
admin_password = Password
[paste_deploy]
...
flavor = keystone
[glance_store]
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
...
verbose = True
notification_driver = noop
[keystone_authtoken]
...
auth_uri = http://192.168.20.61:5000/v2.0
identity_uri = http://192.168.20.61:35357
admin_tenant_name = service
admin_user = glance
admin_password = Password
[paste_deploy]
...
flavor = keystone
# su -s /bin/sh -c "glance-manage db_sync" glance(可能碰到的问题:
File "/usr/lib64/python2.7/locale.py", line 443, in _parse_localename
raise ValueError, 'unknown locale: %s' % localename
ValueError: unknown locale: UTF-8
)
启动服务
# systemctl enable openstack-glance-api.service openstack-glance-registry.service
# systemctl start openstack-glance-api.service openstack-glance-registry.service
- 验证服务
# mkdir /tmp/images
# cd /tmp/images/
# wget -P /tmp/images http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img
# source ~/rc/openrc
# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.3-x86_64-disk.img
(可能碰到的问题:invalid openstack identity credentials, glance用户的密码和数据库赋权时的密码不一致,使用
keystone user-password-update --pass <password> <user-id>更改密码 )
# glance image-list
|
# mysql -uroot -pPasswordMariaDB [(none)]> create database nova;MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by 'Password';MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by 'Password';MariaDB [(none)]> flush privileges;
- 注册服务
# keystone user-create --name nova --pass Password123! --email test@163.com
得到用户id:0a2b07b3d6114585ab3ff498f097edf5
# keystone user-role-add --user nova --tenant service --role admin
# keystone service-create --name nova --type compute --description "OpenStack Compute"
得到服务id:e6797197a1584489ae4a3c8d802dde42
# keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') --publicurl http://192.168.20.61:8774/v2/%\(tenant_id\)s --internalurl http://192.168.20.61:8774/v2/%\(tenant_id\)s --adminurl http://192.168.20.61:8774/v2/%\(tenant_id\)s
得到链接id:e6797197a1584489ae4a3c8d802dde42
|
- 安装nova控制节点所需的服务
# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient |
- 修改nova数据库配置
# openstack-config --set /etc/nova/nova.conf database connection 'mysql://nova:Password@192.168.20.61/nova' |
- 修改nova的消息队列服务设置
# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_hostname 192.168.20.61
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password Password
|
- 更改其他nova配置
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0# openstack-config --set /etc/nova/nova.conf keystone_authtoken identity_uri http://192.168.20.61:35357
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service
# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password Password修改nova的ip设置
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.20.61
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 192.168.20.61 # openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.20.61
# openstack-config --set /etc/nova/nova.conf glance host 192.168.20.61
|
[DEFAULT] ... verbose = True
- 创建nova数据表
# su -s /bin/sh -c "nova-manage db sync" nova |
启动nova控制节点服务
# systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- 验证控制节点服务
# nova image-list
显示已注册的两个镜像,服务运行成功。
|
- 安装nova计算服务与客户端
# yum upgrade
# yum install openstack-nova-compute sysfsutils
|
- 配置nova计算节点
# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host 192.168.20.61
# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password Password
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0 # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password Password
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.10.10
# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True
# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0 # openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.20.71
# openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://192.168.20.61:6080/vnc_auto.html
上述命令已经在配置控制节点时执行。
# openstack-config --set /etc/nova/nova.conf glance host 192.168.20.61
# openstack-config --set /etc/nova/nova.conf DEFAULT verbose = True
检查硬件是否支持vm硬加速
# egrep -c '(vmx|svm)' /proc/cpuinfo
如果返回值大于等于1,不需要做其他设置,否则需要修改hypervisor为qemu。(
[libvirt]
...
virt_type = qemu
)
|
- 启动nova计算服务
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service (碰到的问题: Job for openstack-nova-compute.service failed. See 'systemctl status openstack-nova-compute.service' and 'journalctl -xn' for details. 查看日志 vim /var/log/nova/nova-compute.log () 在controller node执行
)
# systemctl start messages.service
# systemctl start openstack-nova-compute.service |
Neutron控制节点
- 创建neutron数据库
# mysql -uroot -pPassword MariaDB [(none)]> create database neutron; MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'Password'; MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by 'Password'; MariaDB [(none)]> flush privileges; |
- 注册服务
# source rc/openrc
# keystone user-create --name neutron --pass Password123! --email test@163.com
得到用户id:c9f875f1647c493ea13d3965f353bc15
# keystone user-role-add --user neutron --tenant service --role admin
# keystone service-create --name neutron --type network --description "OpenStack Networking"
得到服务id:87e8059ce43a4b9fac91f8d61fc336f8
# keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://192.168.20.61:9696 --adminurl http://192.168.20.61:9696 --internalurl http://192.168.20.61:9696 --region regionOne
得到链接id:87e8059ce43a4b9fac91f8d61fc336f8
|
安装neutron服务、插件与客户端
# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which |
- 修改neutron配置
# openstack-config --set /etc/neutron/neutron.conf database connection
'mysql://neutron:Password@192.168.20.61/neutron' # openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit # openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password Password # openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service # openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router # openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True # openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://192.168.20.61:8774/v2
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://192.168.20.61:35357/v2.0
# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_region_name regionOne # openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova # openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/service/ { print $2 }') # openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password Password # openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True |
- 修改ML2插件配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
|
- 在nova中启用neutron(控制节点)
# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API # openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron # openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver # openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver # openstack-config --set /etc/nova/nova.conf neutron url http://192.168.20.61:9696 # openstack-config --set /etc/nova/nova.conf neutron auth_strategy keystone # openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://192.168.20.61:35357/v2.0 # openstack-config --set /etc/nova/nova.conf neutron admin_tenant_name service # openstack-config --set /etc/nova/nova.conf neutron admin_username neutron # openstack-config --set /etc/nova/nova.conf neutron admin_password Password |
- 启动neutron服务
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron
# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service
# systemctl enable neutron-server.service
# systemctl start neutron-server.service
# source rc/openrc.sh
# neutron ext-list (碰到的问题:unsupported locale setting 解决方案:
# cd /etc/
# vi profile
export LANGUAGE=en_US.UTF-8
export LANG=en_US.UTF-8 export LC_ALL=en_US.UTF-8
)
|
至此完成neutron控制节点的安装与配置。
修改下列内容:
net.ipv4.ip_forward=1 net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0
执行:
# sysctl -p
|
- 安装网络组件
- 修改neutron.conf
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 192.168.20.61
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password Password
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken identity_uri http://192.168.20.61:35357
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password Password
# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
- 修改ML2插件配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks external
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
|
- 配置OVS
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip 192.168.10.11
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_types gre
|
- 修改L3 Agent插件配置
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT use_namespaces True
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT router_delete_namespaces True
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT verbose True
|
- 修改DHCP Agent插件配置
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_delete_namespaces True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf
# vim /etc/neutron/dnsmasq-neutron.conf dhcp-option-force=26,1454# pkill dnsmasq |
- 修改metadata Agent插件配置
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://192.168.20.61:5000/v2.0
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region regionOne # openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name service # openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user neutron # openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password Password # openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 192.168.20.61 # openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True
|
- 回到控制节点
# openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET
- 配置OVS
# systemctl enable openvswitch.service
# systemctl start openvswitch.service
# ovs-vsctl add-br br-ex (如果之后20段网络无法访问的话:ovc-vsctl del-br br-ex)
# ovs-vsctl add-port br-ex em1
/# ethtool -K em1 gro off (不执行)
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig # sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service # systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service
# systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
|
# source rc/openrc.sh
export LANG=en_US.UTF-8
export LC_ALL=en_US.UTF-8
修改下列内容
net.ipv4.conf.all.rp_filter=0 net.ipv4.conf.default.rp_filter=0
# sysctl -p
|
- 安装网络组件
# yum install openstack-neutron-ml2 openstack-neutron-openvswitch |
- 修改neutron.conf
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit # openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password Password
# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0
# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken identity_uri http://192.168.20.61:35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password Password
# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
# openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
|
- 修改ML2插件配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch # openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
以上均已在配置neutron控制节点时配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_type gre
|
# systemctl enable openvswitch.service
- 在nova中启用neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver
# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
# openstack-config --set /etc/nova/nova.conf neutron url http://192.168.20.61:9696
# openstack-config --set /etc/nova/nova.conf neutron auth_strategy keystone
# openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://192.168.20.61:35357/v2.0
# openstack-config --set /etc/nova/nova.conf neutron admin_tenant_name service # openstack-config --set /etc/nova/nova.conf neutron admin_username neutron # openstack-config --set /etc/nova/nova.conf neutron admin_password Password |
# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service
# systemctl restart openstack-nova-compute.service (碰到的问题:
Job for openstack-nova-compute.service failed. See 'systemctl status openstack-nova-compute.service' and 'journalctl -xn' for details.
nova-compute.log日志信息
解决办法:
检查nova.conf,配置属性有问题
)# systemctl enable neutron-openvswitch-agent.service# systemctl start neutron-openvswitch-agent.service
至此完成neutron计算节点的安装与配置。 回到控制节点验证:# source rc/openrc.sh# neutron agent-list
外部网络
外部网络通常提供互联网接入您的实例。默认情况下,这个网络只允许使用网络 地址转换(NAT) 实例上网。您可以启用互联网接入使用浮动 IP 地址和个人实例, 合适的安全组规则。admin 租户拥有这个网络,因为它提供了外部网络访问多个 租户。您还必须启用共享允许访问这些租户。
请注意
控制器节点上执行这些命令。
创建外部网络
1、执行 admin 凭证文件
# source rc/openrc.sh
# neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat
像一个物理网络,一个虚拟网络需要一个子网分配给它。外部网络共享相同的子 网和网关。
网络节点上的外部接口。你应该指定一个独立子网、路由器和浮动 IP 地址来防 止干扰其他外部网络设备。
创建一个外部网络子网
•创建子网:
# neutron subnet-create ext-net --name ext-subnet --allocation-pool start=10.0.0.1,end=10.0.0.100 --disable-dhcp --gateway 10.0.0.101 10.0.0.0/24
租户网络
租户网络提供内部网络访问实例。使用这种类型的网络架构访问其他租户。因为 demo 租户拥有这个网络,它只提供网络访问实例。
请注意
控制器节点上执行这些命令。
创建租户网络
# source rc/demo-openrc
# neutron net-create demo-net
# neutron subnet-create demo-net --name demo-subnet --gateway 192.168.1.1 192.168.1.0/24
# neutron router-create demo-router
# neutron router-interface-add demo-router demo-subnet
# neutron router-gateway-set demo-router ext-net
验证:
# ping -c 4 10.0.0.101
# vi /etc/nova/nova.conf (控制节点)
[DEFAULT]
...
network_api_class = nova.network.api.API
security_group_api = nova
# systemctl restart openstack-nova-api.service openstack-scheduler.service openstack-nova-conductor.service
# yum install openstack-nova-network openstack-nova-api (计算节点)
# vi /etc/nova/nova.conf
[DEFAULT]
...
network_api_class = nova.network
security_group_api = nova
firewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDriver
network_manager = nova.network.manager.FlatDHCPManager
network_size = 254
allow_same_net_traffic = False
multi_host = True
send_arp_for_ha = True
share_dhcp_address = True
force_dhcp_release = True
flat_network_bridge = br100
flat_interface = em1
public_interface = em1
# systemctl enable openstack-nova-network.service openstack-nova-metadata-api-service
# systemctl start openstack-nova-network.service openstack-nova-metadata-api-service
添加 Dashboard
Dashboard 使用 VNC 客户端,浏览器必须支持 HTML5、Canvas 和 HTML5 WebSockets
安装 Dashboard 组件
•安装包:
# yum install openstack-dashboard httpd mod_wsgi memcached pythonmemcached
配置 dashboard
# vi /etc/openstack-dashboard / local_settings
A.在 OpenStack 服务控制器节点上配置使用
OPENSTACK_HOST = "controller"
B.允许所有主机访问
ALLOWED_HOSTS = ['*']
C.配置 memcached 会话存储服务:
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached. MemcachedCache',
'LOCATION': '127.0.0.1:11211',
} }
请注意
注释掉其他会话存储配置。
D.(可选)配置时区:
TIME_ZONE = "TIME_ZONE" 用一个合适的时区标识符替换 TIME_ZONE。
完成安装
1、在 RHEL 和 CentOS、SELinux 上允许 web 服务器配置为连接到 OpenStack 服务
# setsebool -P httpd_can_network_connect on
2、由于包错误,dashboard CSS 无法正常加载。运行以下命令来解决这个问题
# chown -R apache:apache /usr/share/openstack-dashboard/static
有关更多信息,请参见错误报告。
3、启动 web 服务器和会话存储服务,配置随系统启动
# systemctl enable httpd.service memcached.service
# systemctl start httpd.service memcached.service
验证操作
本节描述如何验证操作 dashboard。
1、使用 web 浏览器访问 dashboard:http://controller/dashboard。
2、使用 admin 或 demo 用户验证凭证。
Centos 安装OpenStack相关推荐
- RDO Packstack 安装 Openstack Icehouse CentOS 6.5 单网卡
http://jasonyu37.blog.51cto.com/8877469/1421176 CentOS 6.5 使用Redhat RDO packstack 安装openstack Icehou ...
- Tungsten Fabric知识库丨关于OpenStack、K8s、CentOS安装问题的补充
作者:Tatsuya Naganawa 译者:TF编译组 多kube-master部署 3个Tungsten Fabric控制器节点:m3.xlarge(4 vcpu)-> c3.4xlarge ...
- 使用RDO Packstack在CentOS 8上安装OpenStack Victoria
点击左上方关注 " 新钛云服 " Openstack是一种免费的开源私有云软件,通过它我们可以使用单个图形化界面和通过openstack cli命令轻松管理数据中心的计算,网络和存 ...
- 手把手教你安装OpenStack——Ocata安装指南(上)
本文参考:https://docs.openstack.org/ocata/install-guide-rdo/index.html官方文档来手把手教你安装Ocata,安装文档中有漏洞的地方,本文都会 ...
- CENTOS7.2使用RDO方式安装OpenStack Mitaka笔记
CENTOS7.2使用RDO方式安装OpenStack Mitaka笔记 1.配置/etc/hosts 192.168.13.108 openstack 2.配置OpenStack Mitaka安装源 ...
- Fuel 30 分钟快速安装OpenStack
一直以来,对于openstack 的初学者来讲,安装往往是入门的头大难题.在E版本之前,要搭建一个基本能用的openstack 环境那是相当麻烦,自己要装机,自己搞源,自己照着文档敲命令,又没有靠谱的 ...
- Fuel 5.1安装openstack I版本环境 (ESXi)
2019独角兽企业重金招聘Python工程师标准>>> Fuel 简介 Fuel是Mirantis公司开发的部署openstack集群工具,主要功能为裸机PXE安装操作系统,mast ...
- Fuel 9.0安装Openstack网络验证失败解决
故障现象 网络验证失败,报错信息如下: Repo availability verification using public network failed on following nodes Un ...
- CentOS7.2下一键安装Openstack
CentOS7.2下一键安装Openstack 系统环境: Oracle VirtualBox 4.38 CentOS-7.2-x86_64-bin-DVD1.iso 安装前需要修改 /etc ...
最新文章
- 【Https异常】This request has been blocked; the content must be served over HTTPS
- python3 字符串大小写转换
- 在linux中输入locate出现locate: can not stat ()的错误
- Atom CSScomb 增强版
- Repeater 操作HeaderTemplat或FooterTemplat模板中控件
- 关于金钱的几个小故事(r12笔记第8天)
- 《从零开始学Swift》学习笔记(Day 55)——使用try?和try!区别
- 东芝硬盘插入台式机后滴滴响
- TensorFlow HOWTO 2.1 支持向量分类(软间隔)
- oracle安装完成后怎么这么多用户和表,下面哪个用户不是oracle缺省安装后就存在的用户...
- 武魂觉醒s系列服务器,斗罗大陆武魂觉醒斗罗大陆9服开服时间表_斗罗大陆武魂觉醒新区开服预告_第一手游网手游开服表...
- [Java] 蓝桥杯BASIC-18 基础练习 矩形面积交
- Exp4恶意软件分析 20154326杨茜
- Linux卸载系统盘,Linux磁盘管理(创建、卸载、挂载磁盘)
- Java工程师需要掌握哪些知识和专业技能呢?
- 操作系统形式化验证实践教程(1) - 证明第一个定理
- 接口自动化-get/post接口详解
- JQuery blockUI 的使用方法
- 工程力学和计算机专业,工程力学本科专业介绍
- 灵遁者油画作品《潜意识》:真相并不是那么容易得到
热门文章
- matlab ps液化,photoshop液化工具崩溃怎么办 ps液化工具崩溃解决方法
- get请求获取淘宝吱口令
- 报错:找不到模块“antd-mobile (也可以是其他的模块)”或其相应的类型声明。
- 使用 Kubernetes 和 Istio 进行基于容器的全面服务监控
- 网络安全之交换技术篇
- web的首屏加载优化
- 拦截广告的链接(注意软件的广告不拦截,只拦截桌面图标链接)
- UV杀菌灯芯片-DLT8P65SA-杰力科创
- WEBRTC RFC5766-TURN协议
- Unity小游戏-平衡大师(安卓、PC、web)2D益智类游戏 项目展示+完整项目源码