openstack - 走看看

zoukankan html css js c++ java

openstack

++实验环境

系统:centos7

openstack版本:liberty

两台主机

controller 网卡1:192.168.47.139 网卡2:无ip

compute 网卡1:192.168.47.140 网卡2:无ip

基本服务

网卡设置

第一块网卡设置IP地址，

第二块网卡，不需要设置Ip

TYPE=Ethernet

BOOTPROTO=none

NAME=eno33554960

DEVICE=eno33554960

ONBOOT=yes

重启网络

ifdown eno33554960

ifup eno33554960

关闭防火墙和selinux

systemctl disable firewalld.service

systemctl stop firewalld.service

sed -i "s/enforce/disabled/" /etc/selinux/config

重启系统

NTP服务

单节点其实可以忽略，不过同步时间对群集是非常重要的事情，所以我也记录一遍，国内建议使用ntp服务器

yum install chrony

编辑 /etc/chrony.conf

server cn.pool.ntp.org iburst

访问权限

allow 192.168.47.0/24

重启相关服务

systemctl enable chronyd.service

systemctl start chronyd.service

剩下节点，只需要设置ntp server的IP改成控制节点的ip就可以。

验证

chronyc sources

主机名

为了方便，机器采用主机名进行访问，而不是ip

cat >> /etc/hosts << OFF

192.168.47.139    controller

192.168.47.140    compute

OFF

数据库

yum install mariadb mariadb-server MySQL-python

配置

sed -i "/[mysqld]$/a character-set-server = utf8" /etc/my.cnf

sed -i "/[mysqld]$/a init-connect = 'SET NAMES utf8'" /etc/my.cnf

sed -i "/[mysqld]$/a collation-server = utf8_general_ci" /etc/my.cnf

sed -i "/[mysqld]$/a innodb_file_per_table" /etc/my.cnf

sed -i "/[mysqld]$/a default-storage-engine = innodb" /etc/my.cnf

sed -i "/[mysqld]$/a bind-address = 192.168.47.139" /etc/my.cnf

重启服务

systemctl enable mariadb.service

systemctl start mariadb.service

安全设置

mysql_secure_installation

这个还是必须允许，不然你后面会遇到麻烦。

消息队列

yum install -y rabbitmq-server

systemctl enable rabbitmq-server.service

systemctl restart rabbitmq-server.service

创建用户：openstack，设置密码pass

rabbitmqctl add_user openstack pass

设置权限

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

设置源

对于CentOS7，我们需要

1. Base

2. extra

3. update

4. EPEL

5. OpenStack liberty源

前面3个是CentOS默认启用的源。EPEL源和OpenStack的Liberty源，是需要自己设置，也可以通过安装包来实现自动添加

EPEL

yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm

OpenStack liberty

yum install centos-release-openstack-liberty

更新

yum upgrade

OpenStack配置工具

yum install -y python-openstackclient openstack-utils

Keystone

创建数据库，

数据库都是通过 mysql -u root -p

CREATE DATABASE keystone;

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';

组件安装

yum install openstack-keystone httpd mod_wsgi

  memcached python-memcached

配置

编辑 /etc/keystone/keystone.conf

手工修改很麻烦，红帽提供工具修改

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token ADMIN

openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:keystone@controller/keystone

openstack-config --set /etc/keystone/keystone.conf memcache servers localhost:11211

openstack-config --set /etc/keystone/keystone.conf token provider uuid

openstack-config --set /etc/keystone/keystone.conf token driver memcache

openstack-config --set /etc/keystone/keystone.conf revoke driver sql

配置Apache

sed -i "s/#ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf

创建apache启动的配置文件

cat > /etc/httpd/conf.d/wsgi-keystone.conf << OFF

Listen 5000

Listen 35357

<VirtualHost *:5000>

    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-public

    WSGIScriptAlias / /usr/bin/keystone-wsgi-public

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    <IfVersion >= 2.4>

      ErrorLogFormat "%{cu}t %M"

    </IfVersion>

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>

        <IfVersion >= 2.4>

            Require all granted

        </IfVersion>

        <IfVersion < 2.4>

            Order allow,deny

            Allow from all

        </IfVersion>

    </Directory>

</VirtualHost>

<VirtualHost *:35357>

    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}

    WSGIProcessGroup keystone-admin

    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin

    WSGIApplicationGroup %{GLOBAL}

    WSGIPassAuthorization On

    <IfVersion >= 2.4>

      ErrorLogFormat "%{cu}t %M"

    </IfVersion>

    ErrorLog /var/log/httpd/keystone-error.log

    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>

        <IfVersion >= 2.4>

            Require all granted

        </IfVersion>

        <IfVersion < 2.4>

            Order allow,deny

            Allow from all

        </IfVersion>

    </Directory>

</VirtualHost>

OFF

启动服务

systemctl enable memcached.service

systemctl start memcached.service

systemctl enable httpd.service

systemctl start httpd.service

初始化数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

你会看到提示 No handlers could be found for logger “oslo_config.cfg”

忽略就可以。不能直接使用keystone-manage db_sync，会导致日志权限出错。

服务和Endpoint

文档把public，internal和admin 3种网络都使用一个网段

设置临时环境变量

export OS_TOKEN=ADMIN

export OS_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

下面的命令就一行一行执行

openstack service create --name keystone --description "OpenStack Identity" identity

openstack endpoint create --region RegionOne identity public http://controller:5000/v2.0

openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0

openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0

openstack project create --domain default --description "Admin Project" admin

openstack user create admin --domain default --password admin

openstack role create admin

openstack role add --project admin --user admin admin

openstack project create --domain default --description "Service Project" service

openstack project create --domain default --description "Demo Project" demo

openstack user create demo --domain default --password demo

openstack role create user

openstack role add --project demo --user demo user

检测设置

删除临时环境变量

unset OS_TOKEN OS_URL

设置环境

cat > /root/admin-openrc.sh << OFF

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=admin

export OS_TENANT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=admin

export OS_AUTH_URL=http://controller:35357/v3

export OS_IDENTITY_API_VERSION=3

OFF

cat > /root/demo-openrc.sh << OFF

export OS_PROJECT_DOMAIN_ID=default

export OS_USER_DOMAIN_ID=default

export OS_PROJECT_NAME=demo

export OS_TENANT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=demo

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

OFF

Glance组件

OpenStack各个组件的安装，其实步骤都差不多，多装几次，就知道规律

创建数据库

CREATE DATABASE glance;

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';

exit;

服务和Endpoint

设置环境变量

source admin-openrc.sh

在keystone里，创建glance镜像服务，并且创建相关Endpoint

openstack user create glance --domain default --password glance

openstack role add --project service --user glance admin

openstack service create --name glance   --description "OpenStack Image service" image

openstack endpoint create --region RegionOne image public http://controller:9292

openstack endpoint create --region RegionOne image internal http://controller:9292

openstack endpoint create --region RegionOne image admin http://controller:9292

组件安装

yum install openstack-glance python-glance python-glanceclient

配置

修改 /etc/glance/glance-api.conf

openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:glance@controller/glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_plugin password

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_id default

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_id default

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance

openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance

openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-api.conf glance_store default_store file

openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

openstack-config --set /etc/glance/glance-api.conf DEFAULT notification_driver noop

openstack-config --set /etc/glance/glance-api.conf DEFAULT verbose True

修改 /etc/glance/glance-registry.conf

openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:glance@controller/glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_plugin password

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_id default

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_id default

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance

openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance

openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone

openstack-config --set /etc/glance/glance-registry.conf DEFAULT notification_driver noop

openstack-config --set /etc/glance/glance-registry.conf DEFAULT verbose True

初始化数据库

su -s /bin/sh -c "glance-manage db_sync" glance

你可以遇到No handlers could be found for logger “oslo_config.cfg”

提示，忽略就可以。你可以登录mysql，会发现glance的表都已经创建好了。

启动服务

systemctl enable openstack-glance-api.service openstack-glance-registry.service

systemctl start openstack-glance-api.service openstack-glance-registry.service

验证

在环境变量增加glance的API版本

cd

echo "export OS_IMAGE_API_VERSION=2"

  | tee -a admin-openrc.sh demo-openrc.sh

重新运行

source admin-openrc.sh

下载镜像

wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

上传镜像

glance image-create --name "cirros"   --file /root/cirros-0.3.4-x86_64-disk.img

  --disk-format qcow2 --container-format bare   --visibility public --progress

查看镜像

openstack image list

Nova组件

对于Nova来说，其实有控制节点的nova服务，和计算节点的分别，这里配置的是控制节点的nova服务

创建数据库

CREATE DATABASE nova;

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';

GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';

exit;

服务和Endpoint

设置环境变量

source admin-openrc.sh

在keystone里，创建nova服务，并且创建相关Endpoint

openstack user create nova --domain default --password nova

openstack role add --project service --user nova admin

openstack service create --name nova --description "OpenStack Compute" compute

openstack endpoint create --region RegionOne compute public http://controller:8774/v2/%(tenant_id)s

openstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%(tenant_id)s

openstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%(tenant_id)s

组件安装

yum install openstack-nova-api openstack-nova-cert

  openstack-nova-conductor openstack-nova-console

  openstack-nova-novncproxy openstack-nova-scheduler

  python-novaclient

配置

需要配置的内容很多，理解的地方也不少。

openstack-config --set /etc/nova/nova.conf database connection mysql://nova:nova@controller/nova

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password

openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default

openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default

openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service

openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova

openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.47.139

openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API

openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron

openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver

openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver

openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 192.168.47.139

openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 192.168.47.139

openstack-config --set /etc/nova/nova.conf glance host controller

openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata

openstack-config --set /etc/nova/nova.conf DEFAULT verbose True

初始化数据库

su -s /bin/sh -c "nova-manage db sync" nova

启动服务

systemctl enable openstack-nova-api.service

openstack-nova-cert.service openstack-nova-consoleauth.service

openstack-nova-scheduler.service openstack-nova-conductor.service

openstack-nova-novncproxy.service

systemctl start openstack-nova-api.service

openstack-nova-cert.service openstack-nova-consoleauth.service

openstack-nova-scheduler.service openstack-nova-conductor.service

openstack-nova-novncproxy.service

Neutron组件

创建数据库

CREATE DATABASE neutron;

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';

exit;

服务和endpoint

openstack user create neutron --domain default --password neutron

openstack role add --project service --user neutron admin

openstack service create --name neutron --description "OpenStack Networking" network

openstack endpoint create --region RegionOne network public http://controller:9696

openstack endpoint create --region RegionOne network internal http://controller:9696

openstack endpoint create --region RegionOne network admin http://controller:9696

安装组件

yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge

python-neutronclient ebtables ipset

配置

Neutron配置文件

openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:neutron@controller/neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2

openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router

openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True

openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True

openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2

openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357

openstack-config --set /etc/neutron/neutron.conf nova auth_plugin password

openstack-config --set /etc/neutron/neutron.conf nova project_domain_id default

openstack-config --set /etc/neutron/neutron.conf nova user_domain_id default

openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne

openstack-config --set /etc/neutron/neutron.conf nova project_name service

openstack-config --set /etc/neutron/neutron.conf nova username nova

openstack-config --set /etc/neutron/neutron.conf nova password nova

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True

Modular Layer 2 (ML2) plug-in

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vlan

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges public:20:30

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True

Linux bridge agent

这个地方需要注意，我这第二块网卡的名字是：eno33554960，你需要根据你的实际情况进行调整

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:eno33554960

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

DHCP agent

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True

metadata agent

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name service

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username neutron

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password neutron

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True

配置 layer-3 agent

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge

openstack-config --set /etc/neutron/l3_agent.ini DEFAULT verbose True

Nova使用 Neutron

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696

openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357

openstack-config --set /etc/nova/nova.conf neutron auth_plugin password

openstack-config --set /etc/nova/nova.conf neutron project_domain_id default

openstack-config --set /etc/nova/nova.conf neutron user_domain_id default

openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne

openstack-config --set /etc/nova/nova.conf neutron project_name service

openstack-config --set /etc/nova/nova.conf neutron username neutron

openstack-config --set /etc/nova/nova.conf neutron password neutron

openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True

openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret neutron

初始化数据库

对于neutron，需要建立插件的软连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf

  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动服务

systemctl enable neutron-server.service

  neutron-linuxbridge-agent.service neutron-dhcp-agent.service

  neutron-metadata-agent.service neutron-l3-agent.service

systemctl start neutron-server.service

  neutron-linuxbridge-agent.service neutron-dhcp-agent.service

  neutron-metadata-agent.service neutron-l3-agent.service



重启nova服务

systemctl restart openstack-nova-api.service

验证

neutron ext-list

创建外部网络

neutron net-create public --provider:physical_network public

  --provider:network_type flat --router:external=True



创建floating IP网段

neutron subnet-create public 192.168.11.0/24 --name public

  --allocation-pool start=192.168.11.100,end=192.168.11.150

  --dns-nameserver 114.114.114.114 --gateway 192.168.11.1

计算服务

如果我们希望在控制节点安装计算服务。

yum install -y openstack-nova-compute

配置

openstack-config --set /etc/nova/nova.conf vnc enabled True

openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0

openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address "$"my_ip

openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.47.139:6080/vnc_auto.html

openstack-config --set /etc/nova/nova.conf libvirt virt_type kvm

服务

systemctl enable libvirtd.service openstack-nova-compute.service

systemctl start libvirtd.service openstack-nova-compute.service

Horizon组件

这个是web端，就相对比较简单

yum install -y openstack-dashboard

配置

编辑 /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"

ALLOWED_HOSTS = ['*', ]

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': '127.0.0.1:11211',

    }

}

TIME_ZONE = "Asia/Shanghai"

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

重启服务

systemctl restart httpd.service memcached.service

你就可以通过http://192.168.47.139/dashboard 登录

用户密码

admin admin

demo demo

附录

计算节点

计算节点，也是需要设置同步时间，添加hosts文件

cat >> /etc/hosts << OFF

192.168.47.139 controller

192.168.47.140 compute

OFF

compute服务

yum install -y openstack-nova-compute sysfsutils openstack-utils

配置

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controller

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack

openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password

openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default

openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default

openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service

openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova

openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.47.140

openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API

openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron

openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver

openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver

openstack-config --set /etc/nova/nova.conf vnc enabled True

openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0

openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.47.140

openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address "$"my_ip

openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.47.139:6080/vnc_auto.html

openstack-config --set /etc/nova/nova.conf glance host controller

openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

openstack-config --set /etc/nova/nova.conf DEFAULT verbose True

openstack-config --set /etc/nova/nova.conf libvirt virt_type kvm

网络服务

yum install openstack-neutron openstack-neutron-linuxbridge ebtables ipset -y

配置

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controller

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack

openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack

openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron

openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron

openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True

配置 the Linux bridge agent

这个地方也是需要注意网卡名字，我这第二块网卡的名字是：eno33554960

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:eno33554960

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 192.168.47.140

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置nova使用Neutron

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696

openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357

openstack-config --set /etc/nova/nova.conf neutron auth_plugin password

openstack-config --set /etc/nova/nova.conf neutron project_domain_id default

openstack-config --set /etc/nova/nova.conf neutron user_domain_id default

openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne

openstack-config --set /etc/nova/nova.conf neutron project_name service

openstack-config --set /etc/nova/nova.conf neutron username neutron

openstack-config --set /etc/nova/nova.conf neutron password neutron

服务

ML2插件软连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

启动服务

systemctl enable libvirtd.service neutron-linuxbridge-agent.service openstack-nova-compute.service

systemctl start libvirtd.service neutron-linuxbridge-agent.service openstack-nova-compute.service

查看全文

相关阅读:
onSaveInstanceState和onRestoreInstanceState()
Android TextView中文字通过SpannableString来设置超链接、颜色、字体等属性
 又优化了一下 Android ListView 异步加载图片
 ListView异步加载图片
 SpannableString 设置一段文字中部分字体颜色
 Android Studio apk 打包流程
 svn分支开发与主干合并(branch & merge)
SVN使用教程之——分支、合并
 XMPP协议实现原理介绍
 监听器

原文地址：https://www.cnblogs.com/jeryl/p/5564109.html