这里的NET模式的子网地址给的是0段(cidr)WEB访问的IP地址
controller节点给的IP是192.168.0.60
compute节点给的IP是192.168.0.61
配置网卡
1.利用vi文本编辑器去配置虚拟机的虚拟网卡
#controller
[root@controller ~]vi /etc/sysconfig/network-scripts/ifcfg-ens33 #ifcfg-需要配置的网卡名 BOOTPROTO=dhcp #修改为static静态IP ONBOOT=no # 修改为yes,设为开机自启 #结尾添加 IPADDR=192.168.0.60 #配置的IP地址,根据虚拟网络编辑器的网段来配置 NETMASK=255.255.255.0 #子网掩码,也可以用PREFIX=24来表示 GATEWAY=192.168.0.2 #网关 DNS1=114.114.114.114 #DNS域名解析 DNS2=8.8.8.8 #备用DNS域名解析 # :wq (保存退出)修改主机名
#controller执行 [root@controller ~]hostnamectl set-hostname controller #compute [root@compute ~]hostnamectl set-hostname compute ##修改后重新连接终端 ##MobaXterm中按ctrl+d 退出 按R重新登陆 ##SecureCRTPortable中按ctrl+d 退出 按回车重新登陆 ##直接bash执行也可,不过后面执行脚本可能报错 ##su也可以使之生效 [root@controller ~]systemctl restart network #第一种重启网络的方法 [root@controller ~]service network restart #第二种重启网络的方法配置域名解析
[root@controller ~]vim /etc/hosts #结尾添加这两行IP地址+主机名 192.168.100.10 controller 192.168.100.20 compute [root@controller ~]scp /etc/hosts 192.168.100.20:/etc/hosts #将controller节点上的配置文件传输到compute节点上将其替换,省的两头来回切换的敲代码了,在后面这点好处会体现的更明显 #这一步做完后,后面就可以直接使用域名(controller,compute)来代替IP地址了关闭防火墙
sed -i "s/SELINUX=enforcing/SELINUX=disabled/g" /etc/selinux/config;setenforce 0;systemctl stop firewalld.service ;systemctl disable firewalld.service systemctl status firewalld getenforce配置网络时间服务
yum install -y chrony vim /etc/chrony.conf systemctl enable chronyd.service;systemctl start chronyd.service systemctl status chronyd chronyc sources -v date安装OpenStack包
yum list | grep openstack* #所有节点 yum install -y centos-release-openstack-train.noarch #必须先安装包,再安装下面的 yum install python-openstackclient openstack-selinux -y安装SQL
#con yum install mariadb mariadb-server python2-PyMySQL -y vim /etc/my.cnf.d/openstack.cnf [mysqld] bind-address = 192.168.0.60 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8 systemctl enable mariadb.service;systemctl start mariadb.service mysql_secure_installation 回车 Set root password? [Y/n] y 123 Remove anonymous users? [Y/n] y Disallow root login remotely? [Y/n] n Remove test database and access to it? [Y/n] y Reload privilege tables now? [Y/n] y消息队列 rabbitMQ
yum install -y rabbitmq-server systemctl enable rabbitmq-server.service systemctl restart rabbitmq-server.service rabbitmqctl add_user openstack openstack123 rabbitmqctl set_permissions openstack ".*" ".*" ".*" #查看是否创建成功 rabbitmqctl list_users #查看需要启动的服务 rabbitmq-plugins list #开启图形化界面 rabbitmq-plugins enable rabbitmq_management rabbitmq_management_agent安装memcahce服务(内存缓存服务)
yum install -y memcached python-memcached vim /etc/sysconfig/memcached #将服务配置为使用控制器节点的管理 IP 地址。这是为了允许其他节点通过管理网络访问: OPTIONS="-l 127.0.0.1,::1,controller" systemctl enable memcached.service;systemctl start memcached.service #查看运行状态 systemctl status memcached.service安装Keystone服务
mysql -p123(此处数据库密码为之前安装Mysql设置的密码) mysql> CREATE DATABASE keystone; mysql> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone123'; mysql> exit
yum install openstack-keystone httpd mod_wsgi -y
cp /etc/keystone/keystone.conf{,.bak}
grep -Ev "^$|#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:keystone123@controller/keystone
[token]
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password admin
--bootstrap-admin-url http://controller:5000/v3/
--bootstrap-internal-url http://controller:5000/v3/
--bootstrap-public-url http://controller:5000/v3/
--bootstrap-region-id RegionOne
# 配置Apache HTTP
vim /etc/httpd/conf/httpd.conf
ServerName controller:80
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service;systemctl start httpd.service
vim admin.sh
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
source admin.sh
openstack endpoint list
查看令牌授权
openstack token issue
openstack domain create --description "An Example Domain" example
openstack project create --domain default
--description "Service Project" service
openstack project create --domain default
--description "Demo Project" myproject
openstack user create --domain default
--password-prompt myuser myuser #密码 myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
#验证
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3
--os-project-domain-name Default --os-user-domain-name Default
--os-project-name admin --os-username admin token issue
#密码 admin
openstack --os-auth-url http://controller:5000/v3
--os-project-domain-name Default --os-user-domain-name Default
--os-project-name myproject --os-username myuser token issue
#密码 myuser
vim admin.sh
#替换一下内容
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
vim myuser.sh
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=myuser
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
Glance
mysql -p123
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'
IDENTIFIED BY 'glance123';
openstack user create --domain default --password-prompt glance #密码glance
openstack role add --project service --user glance admin
openstack service create --name glance
--description "OpenStack Image" image
openstack endpoint create --region RegionOne
image public http://controller:9292
openstack endpoint create --region RegionOne
image internal http://controller:9292
openstack endpoint create --region RegionOne
image admin http://controller:9292
#查看端口
openstack endpoint list
yum install openstack-glance -y
cp /etc/glance/glance-api.conf{,.bak}
grep -Ev "^$|#" /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:glance123@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service;systemctl start openstack-glance-api.service
#验证
上传镜像 cirros-0.4.0-x86_64-disk.img
glance image-create --name "cirros4"
--file cirros-0.4.0-x86_64-disk.img
--disk-format qcow2 --container-format bare
--visibility public
openstack image list
Placement
mysql -p123
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%'
IDENTIFIED BY 'placement123';
openstack user create --domain default --password-prompt placement #密码placement
openstack role add --project service --user placement admin
openstack service create --name placement
--description "Placement API" placement
openstack endpoint create --region RegionOne
placement public http://controller:8778
openstack endpoint create --region RegionOne
placement internal http://controller:8778
openstack endpoint create --region RegionOne
placement admin http://controller:8778
yum install openstack-placement-api -y
#复制配置文件并加后最.bak
cp /etc/placement/placement.conf{,.bak}
#grep -Ev 使用正则表达式取以空格或#开头的取反覆盖到/etc/glance/glance-api.conf配置文件中
grep -Ev "^$|#" /etc/placement/placement.conf.bak > /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:placement123@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = placement
su -s /bin/sh -c "placement-manage db sync" placement
#注!!!!!! [root@con ~]# su -s /bin/sh -c "placement-manage db sync" placement /usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.") result = self._query(query) 这里不用怕,不是l就可以 官方文档:Ignore any deprecation messages in this output.(忽略此输出中的任何弃用消息。)
httpd -v #官方文档:由于打包错误,您必须通过添加以下配置来启用对 Placement API 的访问 /etc/httpd/conf.d/00-nova-placement-api.conf: vim /etc/httpd/conf.d/00-placement-api.conf '''= 2.4> Require all granted Order allow,deny Allow from all
systemctl restart httpd #验证 placement-status upgrade checknova 控制节点
mysql -p123
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'
IDENTIFIED BY 'nova123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'
IDENTIFIED BY 'nova123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%'
IDENTIFIED BY 'nova123';
openstack user create --domain default --password-prompt nova #nova
openstack role add --project service --user nova admin
openstack service create --name nova
--description "OpenStack Compute" compute
openstack endpoint create --region RegionOne
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne
compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne
compute admin http://controller:8774/v2.1
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
#复制配置文件并加后最.bak
cp /etc/nova/nova.conf{,.bak}
#grep -Ev 使用正则表达式取以空格或#开头的取反覆盖到/etc/nova/nova.conf配置文件中
grep -Ev "^$|#" /etc/nova/nova.conf.bak > /etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:nova123@controller/nova_api
[database]
connection = mysql+pymysql://nova:nova123@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:openstack123@controller:5672/
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[DEFAULT]
my_ip = 192.168.0.60
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
su -s /bin/sh -c "nova-manage api_db sync" nova #忽略此输出中的任何弃用消息。
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
#验证
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
systemctl enable
openstack-nova-api.service
openstack-nova-scheduler.service
openstack-nova-conductor.service
openstack-nova-novncproxy.service
systemctl start
openstack-nova-api.service
openstack-nova-scheduler.service
openstack-nova-conductor.service
openstack-nova-novncproxy.service
计算节点
yum install openstack-nova-compute -y
#复制配置文件并加后最.bak
cp /etc/nova/nova.conf{,.bak}
#grep -Ev 使用正则表达式取以空格或#开头的取反覆盖到/etc/nova/nova.conf配置文件中
grep -Ev "^$|#" /etc/nova/nova.conf.bak > /etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack123@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = nova
[DEFAULT]
my_ip = 192.168.0.60
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
#controller换为控制节点地址 192.168.0.10 !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
#不然无法解析
#若用的话要在物理机内添加解析
C:WindowsSystem32driversetc 下的hosts 添加解析
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = placement
#确定硬件加速
egrep -c '(vmx|svm)' /proc/cpuinfo
systemctl enable libvirtd.service openstack-nova-compute.service;systemctl start libvirtd.service openstack-nova-compute.service
#验证操作 openstack compute service list --service nova-compute su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova #注 添加新计算节点时,必须在控制器节点上运行以注册这些新计算节点。或者,您可以在 中设置适当的间隔 :nova-manage cell_v2 discover_hosts/etc/nova/nova.conf [scheduler] discover_hosts_in_cells_interval = 300 vim restart-nova.sh #!/bin/bash systemctl restart openstack-nova* bash restart-nova.shNeutron 控制节点
mysql -u root -p123 MariaDB [(none)] CREATE DATABASE neutron; MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron123'; openstack user create --domain default --password-prompt neutron # neutron openstack role add --project service --user neutron admin openstack service create --name neutron --description "OpenStack Networking" network openstack endpoint create --region RegionOne network public http://controller:9696 openstack endpoint create --region RegionOne network internal http://controller:9696 openstack endpoint create --region RegionOne network admin http://controller:9696三层网络
yum install openstack-neutron openstack-neutron-ml2
openstack-neutron-linuxbridge ebtables
cp /etc/neutron/neutron.conf{,.bak}
#grep -Ev 使用正则表达式取以空格或#开头的取反覆盖到/etc/neutron/neutron.conf配置文件中
grep -Ev "^$|#" /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf
vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:neutron123@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
[DEFAULT]
transport_url = rabbit://openstack:openstack123@controller
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置 Modular Layer 2 (ML2) 插件
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
grep -Ev "^$|#" /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = extnet
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
配置 Linux 网桥代理
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
#grep -Ev 使用正则表达式取以空格或#开头的取反覆盖到配置文件中
grep -Ev "^$|#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#查看网卡
ip addr
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = extnet:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.60
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#加载内核参数
modprobe br_netfilter
#查看内核参数
sysctl -p
#要启用网络桥接支持,通常br_netfilter需要加载内核模块
配置第三层代理
cp /etc/neutron/l3_agent.ini{,.bak}
grep -Ev "^$|#" /etc/neutron/l3_agent.ini.bak > /etc/neutron/l3_agent.ini
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
#配置 Linux 桥接接口驱动程序
配置 DHCP 代理
cp /etc/neutron/dhcp_agent.ini{,.bak}
grep -Ev "^$|#" /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#配置 Linux 网桥接口驱动程序、Dnsmasq DHCP 驱动程序,并启用隔离元数据,以便提供商网络上的实例可以通过网络访问元数据
配置元数据代理
vim /etc/neutron/metadata_agent.ini [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET # xier123配置计算服务以使用网络服务
vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron service_metadata_proxy = true metadata_proxy_shared_secret = xier123完成安装
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron vim restart-neutron.sh #!/bin/bash systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl restart openstack-nova-api.service systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service;systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service systemctl enable neutron-l3-agent.service;systemctl start neutron-l3-agent.service计算节点
yum install openstack-neutron-linuxbridge ebtables ipset -y vim /etc/neutron/neutron.conf [DEFAULT] transport_url = rabbit://openstack:openstack123@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = neutron [oslo_concurrency] lock_path = /var/lib/neutron/tmp三层网络
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
grep -Ev "^$|#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = extnet:ens33
[vxlan]
enable_vxlan = true
local_ip = 192.168.0.61
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
#加载内核参数
modprobe br_netfilter
#查看内核参数
sysctl -p
配置计算服务以使用网络服务
vim /etc/nova/nova.conf [neutron] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = neutron systemctl restart openstack-nova-compute.service systemctl enable neutron-linuxbridge-agent.service;systemctl start neutron-linuxbridge-agent.service验证(控制节点)
openstack network agent list +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | ID | Agent Type | Host | Availability Zone | Alive | State | Binary | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ | f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | None | True | UP | neutron-metadata-agent | | 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | None | True | UP | neutron-linuxbridge-agent | | 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | None | True | UP | neutron-linuxbridge-agent | | 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | nova | True | UP | neutron-l3-agent | | dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | nova | True | UP | neutron-dhcp-agent | +--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+ #启动实例 #创建 m1.nano 风味 #最小的默认风格每个实例消耗 512 MB 内存。对于计算节点包含少于 4 GB 内存的环境,我们建议创建m1.nano每个实例仅需要 64 MB 的风味。仅将此风格与 CirrOS 映像一起用于测试目的。 openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano #生成密钥对 ssh-keygen -q -N "" #一直回车即可 openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey openstack keypair list openstack security group rule create --proto icmp default openstack security group rule create --proto tcp --dst-port 22 default openstack network create --share --external --provider-physical-network extnet --provider-network-type flat flat-extnet openstack subnet create --network flat-extnet --allocation-pool start=192.168.0.100,end=192.168.0.200 --dns-nameserver 114.114.114.114 --gateway 192.168.0.2 --subnet-range 192.168.0.0/24 flat-subnet openstack server create --flavor m1.nano --image cirros4 --nic net-id=e41e72a0-e11f-449c-a13b-18cae8347ba4 --security-group default --key-name mykey vm1 #创建失败执行一下脚本 [root@con ~]# sh restart-nova.sh [root@con ~]# sh restart-neutron.sh openstack server list openstack console url show vm1 #物理机访问 http://192.168.0.60:6080/vnc_auto.html?path=%3Ftoken%3D2d424de0-0a9b-4961-b7ab-4aa458222a03 #解决bug(计算节点) virsh capabilities vim /etc/nova/nova.conf [libvirt] hw_machine_type = x86_64=pc-i440fx-rhel7.2.0 # 更改虚拟化类型 cpu_mode = host-passthrough # 直接使用宿主机的cpu #重启 systemctl restart openstack-nova-* #控制节点 openstack server create --flavor m1.nano --image cirros4 --nic net-id=e41e72a0-e11f-449c-a13b-18cae8347ba4 --security-group default --key-name mykey vm2 openstack console url show vm2 #物理机访问 http://192.168.0.60:6080/vnc_auto.html?path=%3Ftoken%3Dc91ba078-f7fc-4b39-8c6e-a140afdfd966Dashboard
yum install openstack-dashboard -y
vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
#/etc/httpd/conf.d/openstack-dashboard.conf如果不包括,则添加以下行 。
vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
systemctl restart httpd.service memcached.service
如果当前未运行,该命令将启动每个服务。systemctl restart
#验证
#使用 Web 浏览器访问仪表板 http://controller/dashboard。
#使用admin或demo用户和default域凭据进行身份验证。
#这里显示
Not Found
The requested URL /auth/login/ was not found on this server.
#官方bug 加入一下内容
vim /etc/openstack-dashboard/local_settings
WEBROOT="/dashboard"
systemctl restart httpd.service
Cinder
控制节点
mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%'
-> IDENTIFIED BY 'cinder123';
openstack user create --domain default --password cinder cinder
openstack role add --project service --user cinder admin
openstack service create --name cinderv2
--description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3
--description "OpenStack Block Storage" volumev3
openstack endpoint create --region RegionOne
volumev2 public http://controller:8776/v2/%(project_id)s
openstack endpoint create --region RegionOne
volumev2 internal http://controller:8776/v2/%(project_id)s
openstack endpoint create --region RegionOne
volumev2 admin http://controller:8776/v2/%(project_id)s
openstack endpoint create --region RegionOne
volumev3 public http://controller:8776/v3/%(project_id)s
openstack endpoint create --region RegionOne
volumev3 internal http://controller:8776/v3/%(project_id)s
openstack endpoint create --region RegionOne
volumev3 admin http://controller:8776/v3/%(project_id)s
#安装软件包
yum install openstack-cinder -y
#编辑/etc/cinder/cinder.conf文件
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev "^$|#" /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:cinder123@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:openstack123@controller
auth_strategy = keystone
my_ip = 192.168.0.60
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
su -s /bin/sh -c "cinder-manage db sync" cinder
#官方文档:忽略此输出中的任何弃用消息。
vim /etc/nova/nova.conf
[cinder]
os_region_name = RegionOne
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service;systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
计算节点
yum install lvm2 device-mapper-persistent-data -y
systemctl enable lvm2-lvmetad.service;systemctl start lvm2-lvmetad.service
pvcreate /dev/sdb
vgcreate cinder-volumes /dev/sdb
cp /etc/lvm/lvm.conf{,.bak}
grep -Ev "^$|#" /etc/lvm/lvm.conf.bak > /etc/lvm/lvm.conf
vim /etc/lvm/lvm.conf
devices {
filter = [ "a/sdb/", "r/.*/"]
yum install openstack-cinder targetcli python-keystone -y
cp /etc/cinder/cinder.conf{,.bak}
grep -Ev "^$|#" /etc/cinder/cinder.conf.bak > /etc/cinder/cinder.conf
vim /etc/cinder/cinder.conf
[database]
connection = mysql+pymysql://cinder:cinder123@controller/cinder
[DEFAULT]
transport_url = rabbit://openstack:openstack123@controller
auth_strategy = keystone
my_ip = 192.168.0.61
enabled_backends = lvm
glance_api_servers = http://controller:9292
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = cinder
password = cinder
#cinder-volumes如果该[lvm]部分不存在,请创建它:
[lvm]
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
target_protocol = iscsi
target_helper = lioadm
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
systemctl enable openstack-cinder-volume.service target.service;systemctl start openstack-cinder-volume.service target.service
Swift
控制节点
#创建swift用户 openstack user create --domain default --password swift swift #密码swift #将admin角色添加到swift用户 openstack role add --project service --user swift admin #创建swift服务实体 openstack service create --name swift --description "OpenStack Object Storage" object-store #创建对象存储服务 API 端点 openstack endpoint create --region RegionOne object-store public http://controller:8080/v1/AUTH_%(project_id)s openstack endpoint create --region RegionOne object-store internal http://controller:8080/v1/AUTH_%(project_id)s openstack endpoint create --region RegionOne object-store admin http://controller:8080/v1 #安装软件包 yum -y install openstack-swift-proxy python-swiftclient python-keystoneclient python-keystonemiddleware memcached #从 Object Storage 源存储库中获取代理服务配置文件 curl -o /etc/swift/proxy-server.conf https://opendev.org/openstack/swift/raw/branch/master/etc/proxy-server.conf-sample
#编辑文件 /etc/swift/proxy-server.conf,删除原有内容,直接添加如下内容 vi /etc/swift/proxy-server.conf #d+G删除整篇内容 [DEFAULT] bind_port = 8080 swift_dir = /etc/swift user = swift [pipeline:main] pipeline = catch_errors gatekeeper healthcheck proxy-logging cache container_sync bulk ratelimit authtoken keystoneauth container-quotas account-quotas slo dlo versioned_writes proxy-logging proxy-server [app:proxy-server] use = egg:swift#proxy account_autocreate = True [filter:tempauth] use = egg:swift#tempauth user_admin_admin = admin .admin .reseller_admin user_test_tester = testing .admin user_test2_tester2 = testing2 .admin user_test_tester3 = testing3 user_test5_tester5 = testing5 service [filter:authtoken] paste.filter_factory = keystonemiddleware.auth_token:filter_factory auth_uri = http://controller:5000 auth_url = http://controller:35357 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = swift password = swift delay_auth_decision = True [filter:keystoneauth] use = egg:swift#keystoneauth operator_roles = admin,user [filter:healthcheck] use = egg:swift#healthcheck [filter:cache] memcache_servers = controller:11211 use = egg:swift#memcache [filter:ratelimit] use = egg:swift#ratelimit [filter:domain_remap] use = egg:swift#domain_remap [filter:catch_errors] use = egg:swift#catch_errors [filter:cname_lookup] use = egg:swift#cname_lookup [filter:staticweb] use = egg:swift#staticweb [filter:tempurl] use = egg:swift#tempurl [filter:formpost] use = egg:swift#formpost [filter:name_check] use = egg:swift#name_check [filter:list-endpoints] use = egg:swift#list_endpoints [filter:proxy-logging] use = egg:swift#proxy_logging [filter:bulk] use = egg:swift#bulk [filter:slo] use = egg:swift#slo [filter:dlo] use = egg:swift#dlo [filter:container-quotas] use = egg:swift#container_quotas [filter:account-quotas] use = egg:swift#account_quotas [filter:gatekeeper] use = egg:swift#gatekeeper [filter:container_sync] use = egg:swift#container_sync [filter:xprofile] use = egg:swift#xprofile [filter:versioned_writes] use = egg:swift#versioned_writes
#编辑文件/etc/swift/swift.conf 删除原有内容,添加如下内容 vi /etc/swift/swift.conf [swift-hash] swift_hash_path_suffix = changeme swift_hash_path_prefix = changeme [storage-policy:0] name = Policy-0 default = yes aliases = yellow, orange [swift-constraints] #添加权限 chown -R root:swift /etc/swiftcompute
yum -y install xfsprogs rsync openstack-swift-account openstack-swift-container openstack-swift-object #使用XFS格式化`/dev/sdc``设备 lsblk #创建分区 fdisk /dev/sdc mkfs.xfs /dev/sdc1 #创建挂载点目录结构 mkdir -p /swift/node #编辑/etc/fstab文件并添加以下内容 vim /etc/fstab /dev/sdc1 /swift/node xfs noatime,nodiratime,nobarrier,logbufs=8 0 0 #挂载设备 mount /dev/sdc1 /swift/node/ #编辑/etc/rsyncd.conf文件并添加以下内容 vim /etc/rsyncd.conf pid file = /var/run/rsyncd.pid log file = /var/log/rsyncd.log uid = swift gid = swift address = 127.0.0.1 [account] path = /swift/node read only = false write only = no list = yes incoming chmod = 0644 outgoing chmod = 0644 max connections = 25 lock file = /var/lock/account.lock [container] path = /swift/node read only = false write only = no list = yes incoming chmod = 0644 outgoing chmod = 0644 max connections = 25 lock file = /var/lock/container.lock [object] path = /swift/node read only = false write only = no list = yes incoming chmod = 0644 outgoing chmod = 0644 max connections = 25 lock file = /var/lock/object.lock [swift_server] path = /etc/swift read only = true write only = no list = yes incoming chmod = 0644 outgoing chmod = 0644 max connections = 5 lock file = /var/lock/swift_server.lock #启动 “rsyncd” 服务和配置它随系统启动 systemctl start rsyncd.service;systemctl enable rsyncd.service #Compute节点安装并配置组件 #编辑 /etc/swift/account-server.conf 文件,删除原有内容,直接添加以下内容 vi /etc/swift/account-server.conf [DEFAULT] bind_port = 6002 user = swift swift_dir = /etc/swift devices = /swift/node mount_check = false [pipeline:main] pipeline = healthcheck recon account-server [app:account-server] use = egg:swift#account [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift [account-replicator] [account-auditor] [account-reaper] [filter:xprofile] use = egg:swift#xprofile #编辑/etc/swift/container-server.conf文件,删除原有内容,直接添加以下内容: [DEFAULT] bind_port = 6001 user = swift swift_dir = /etc/swift devices = /swift/node mount_check = false [pipeline:main] pipeline = healthcheck recon container-server [app:container-server] use = egg:swift#container [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift [container-replicator] [container-updater] [container-auditor] [container-sync] [filter:xprofile] use = egg:swift#xprofile #编辑/etc/swift/object-server.conf文件,删除原有内容,直接添加以下内容 vi /etc/swift/object-server.conf [DEFAULT] bind_port = 6000 user = swift swift_dir = /etc/swift devices = /swift/node mount_check = false [pipeline:main] pipeline = healthcheck recon object-server [app:object-server] use = egg:swift#object [filter:healthcheck] use = egg:swift#healthcheck [filter:recon] use = egg:swift#recon recon_cache_path = /var/cache/swift recon_lock_path = /var/lock [object-replicator] [object-reconstructor] [object-updater] [object-auditor] [filter:xprofile] use = egg:swift#xprofile #编辑文件/etc/swift/swift.conf 删除原有内容,添加如下内容 vi /etc/swift/swift.conf [swift-hash] swift_hash_path_suffix = changeme swift_hash_path_prefix = changeme [storage-policy:0] name = Policy-0 default = yes aliases = yellow, orange [swift-constraints] #确认挂载点目录结构是否有合适的所有权: chown -R swift:swift /swift/node #创建 “recon” 目录和确保它有合适的所有权 mkdir -p /var/cache/swift chown -R root:swift /var/cache/swift chmod -R 775 /var/cache/swift chown -R root:swift /etc/swiftController节点创建,分发并初始化rings
#创建账户ring #1.切换到 ``/etc/swift``目录。创建基本 account.builder 文件: cd /etc/swift swift-ring-builder account.builder create 18 1 1 #2.添加每个节点到 ring 中: swift-ring-builder account.builder add --region 1 --zone 1 --ip 192.168.100.20 --port 6002 --device sdc1 --weight 100 #3.验证ring内容 swift-ring-builder account.builder #4.平衡ring swift-ring-builder account.builder rebalance #创建ring容器 #1.切换到 ``/etc/swift``目录。创建基本``container.builder``文件: cd /etc/swift swift-ring-builder container.builder create 10 1 1 #2.添加每个节点到 ring 中: swift-ring-builder container.builder add --region 1 --zone 1 --ip 192.168.100.20 --port 6001 --device sdc1 --weight 100 #3.验证 ring 的内容: swift-ring-builder container.builder #4.平衡 ring: swift-ring-builder container.builder rebalance #创建Ring对象 #1.切换到 ``/etc/swift``目录。创建基本``object.builder``文件: swift-ring-builder object.builder create 10 1 1 #2.添加每个节点到 ring 中: swift-ring-builder object.builder add --region 1 --zone 1 --ip 192.168.100.20 --port 6000 --device sdc1 --weight 100 #3.验证 ring 的内容: swift-ring-builder object.builder #4.平衡 ring: swift-ring-builder object.builder rebalanc #Compute节点复制Controller的配置文件 复制``account.ring.gz``,container.ring.gz``和``object.ring.gz 文件到每个存储节点和其他运行了代理服务的额外节点的 /etc/swift 目录。 [root@compute ~]# scp controller:/etc/swift/*.ring.gz /etc/swift/ #启动服务 #在控制节点Controller上,启动对象存储代理服务及其依赖服务,并将它们配置为随系统启动: systemctl start openstack-swift-proxy.service memcached.service systemctl enable openstack-swift-proxy.service memcached.service #在存储节点Compute上,启动对象存储服务,并将其设置为随系统启动 systemctl start openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl enable openstack-swift-account.service openstack-swift-account-auditor.service openstack-swift-account-reaper.service openstack-swift-account-replicator.service systemctl start openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl enable openstack-swift-container.service openstack-swift-container-auditor.service openstack-swift-container-replicator.service openstack-swift-container-updater.service systemctl start openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.service systemctl enable openstack-swift-object.service openstack-swift-object-auditor.service openstack-swift-object-replicator.service openstack-swift-object-updater.serviceController执行验证操作
#导入demo凭证 . /root/demo-openrc #显示服务状态: swift stat #创建容器 container1 openstack container create container1 #上传一个测试文件到container1容器 openstack object create container1 /root/demo-openrc #列出container1容器里的所有文件 openstack object list container1 #从container1容器里下载一个测试文件 openstack object save container1 /root/demo-openrc
