Openstack部署

搭建基础环境

#网络

#防火墙

#用户用

#解析

#同步时间

实验角色

OpenStack01OpenStack02OpenStack03
192.168.1.101192.168.1.102192.168.1.103
srv1srv2srv3

同步时间

[root@srv1]# yum install chrony -y
[root@srv1]# vim /etc/chrony.conf
# 修改第3行,将NTP Server改为cn服务器
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst# 修改第25行,允许本地其他服务器同步
allow 192.168.1.0/24[root@srv1 ~]# systemctl restart chronyd
# 确认同步信息
[root@node1 ~]# chronyc sources -v

安装openstack源并修改为本地服务器源 

[root@srv1 ~]# yum install centos-release-openstack-queens -y
CentOS-Base.repo              CentOS-QEMU-EV.repo         epel.repo          remi-php54.repo  remi-php81.repo
CentOS-Ceph-Luminous.repo     CentOS-SCLo-scl.repo        epel-testing.repo  remi-php70.repo  remi.repo
CentOS-CR.repo                CentOS-SCLo-scl-rh.repo     remi-glpi91.repo   remi-php71.repo  remi-safe.repo
CentOS-Debuginfo.repo         CentOS-Sources.repo         remi-glpi92.repo   remi-php72.repo
CentOS-fasttrack.repo         CentOS-Storage-common.repo  remi-glpi93.repo   remi-php73.repo
CentOS-Media.repo             CentOS-Vault.repo           remi-glpi94.repo   remi-php74.repo
CentOS-OpenStack-queens.repo  CentOS-x86_64-kernel.repo   remi-modular.repo  remi-php80.repo
yum --enablerepo=centos-openstack-queens install mariadb-server -y

升级本地所有软件包

[root@srv1 ~]# yum update -y

安装MairaDB

[root@srv1 ~]# yum --enablerepo=centos-openstack-queens install mariadb-server -y[root@srv1 ~]# vim /etc/my.cnf
#于[mysqld]区段最后添加如下内容
[mysqld]
character-set-server=utf8[root@srv1 ~]# systemctl enable --now mariadb[root@srv1 ~]# netstat -anptu | grep 3306
tcp6       0      0 :::3306                 :::*                    LISTEN      2459/mysqld      # 密码设置为password
[root@srv1 ~]# mysql_secure_installation

安装及配置Memcached与RabbitMQ(缓存与消息队列)

[root@srv1 ~]# yum --enablerepo=epel install rabbitmq-server memcached -y
[root@srv1 ~]# systemctl enable --now rabbitmq-server memcached#在RabbitMQ中添加一个新用户,用户名为 "openstack",密码为 "password"。
[root@srv1 ~]# rabbitmqctl add_user openstack password
Creating user "openstack"#为用户 "openstack" 设置权限。其中,".*" 参数表示获取了读、写配置,所有消息队列和交换机权限
[root@srv1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"[root@srv1 ~]# netstat -anptu | grep 5672
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      2691/beam.smp       
tcp6       0      0 :::5672                 :::*                    LISTEN      2691/beam.smp       
[root@srv1 ~]# netstat -anptu | grep 11211
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2727/memcached      
tcp6       0      0 ::1:11211               :::*                    LISTEN      2727/memcached     

添加数据库keystone用户并赋予权限

[root@srv1 ~]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)MariaDB [(none)]> exit
Bye

安装keystone先安装python以来否则出现以下错误

============================================错误汇总============================================
1. 出现以下错误:
Error: Package: python2-pyngus-2.3.0-1.el7.noarch (epel)Requires: python2-qpid-proton >= 0.28.02.解决方法
[root@srv1 ~]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
============================================汇总结束============================================[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y

配置keystone

[root@srv1 ~]# vim /etc/keystone/keystone.conf
# 修改605行,指定Memcached的信息
memcache_servers = 192.168.1.101:11211# 修改737行,指定数据库相关信息
connection = mysql+pymysql://keystone:password@192.168.1.101/keystone# 于[token],添加2879行内容
[token]
provider = fernet# 同步数据库
[root@srv1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"# 初始化秘钥(生成令牌加密)
[root@srv1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@srv1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone# bootstrap keystone
[root@srv1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \ 
--bootstrap-admin-url http://192.168.1.101:5000/v3/ \
--bootstrap-internal-url http://192.168.1.101:5000/v3/ \
--bootstrap-public-url http://192.168.1.101:5000/v3/ \
--bootstrap-region-id RegionOne#设置管理员用户admin的密码为
#设置管理员用户admin的管理员URL,用于管理Keystone服务。
#设置管理员用户admin的内部URL,用于Keystone服务内部组件之间的通信。
#设置管理员用户admin的公共URL,用于对外提供服务的接口。
#设置Keystone的区域ID为 "RegionOne"。

在Apache上配置Keystone

[root@srv1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@srv1 ~]# systemctl enable --now httpd[root@srv1 ~(keystone)]# netstat -lantp | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      10137/httpd         
[root@srv1 ~(keystone)]# netstat -lantp | grep 35357
tcp6       0      0 :::35357                :::*                    LISTEN      10137/httpd   

设定Keystone Shell环境及创建租户

设定环境
[root@srv1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '#设置项目域名为 "default",用于指定项目所属的域。
#设置用户域名为 "default",用于指定用户所属的域。
#设置项目名称为 "admin",表示要操作的项目为 "admin"。
#设置用户名为 "admin",表示要使用的用户名为 "admin"。
#设置密码为 "adminpassword",用于进行身份验证。
#设置认证URL为 "http://192.168.1.101:5000/v3",用于身份验证和访问OpenStack服务。
#设置身份验证API版本为 "3",表示要使用OpenStack标识服务的API版本。
#设置镜像API版本为 "2",表示要使用OpenStack镜像服务的API版本。
#设置命令行提示符的格式。在提示符中显示当前用户名、主机名和当前工作目录,并指示当前环境为 "keystone"。[root@srv1 ~]# chmod 600 ~/keystonerc
[root@srv1 ~]# source ~/keystonerc
[root@srv1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile#执行~/keystonerc文件中的环境变量导入当前会话。keystonerc文件通常包含了OpenStack客户端命令行工具所需的各种环境变量,如认证信息、API版本等。
#将source ~/keystonerc命令添加到当前用户的~/.bash_profile文件中。这样,在每次用户登录时,~/.bash_profile文件中的内容会被执行,从而自动加载OpenStack客户端的环境变量设置。

创建租户并验证

#用于创建一个名为 "service" 的项目(Project),并将其关联到默认的域(Domain)中。
[root@srv1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+#查看当前OpenStack环境中所有项目的概览信息
[root@srv1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 045c8b0eb3e04e329f2fd1b0b0e8d164 | service |
| 221b4ddca2a4482dbf169d45771b3c27 | admin   |
+----------------------------------+---------+#用于显示admin的详细信息/admin是要显示详细信息的项目的名称或ID。
[root@srv1 ~(keystone)]# openstack project show admin
+-------------+-----------------------------------------------+
| Field       | Value                                         |
+-------------+-----------------------------------------------+
| description | Bootstrap project for initializing the cloud. |
| domain_id   | default                                       |
| enabled     | True                                          |
| id          | 221b4ddca2a4482dbf169d45771b3c27              |
| is_domain   | False                                         |
| name        | admin                                         |
| parent_id   | default                                       |
| tags        | []                                            |
+-------------+-----------------------------------------------+#查看用户列表
[root@srv1 ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 63948f840014441fa5b6dbf032e13104 | admin |
+----------------------------------+-------+#查看终端列表
[root@srv1 ~(keystone)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 4be9ebda8f83471fa59f389f9512f485 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.1.101:5000/v3/ |
| 6db3f9752db5432ab5e36b0a70eca23d | RegionOne | keystone     | identity     | True    | admin     | http://192.168.1.101:5000/v3/ |
| 74c7fc497a8e462bb0c2be1af0ef08ac | RegionOne | keystone     | identity     | True    | public    | http://192.168.1.101:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+#查看目录列表
[root@srv1 ~(keystone)]# openstack catalog list
+----------+----------+-------------------------------------------+
| Name     | Type     | Endpoints                                 |
+----------+----------+-------------------------------------------+
| keystone | identity | RegionOne                                 |
|          |          |   internal: http://192.168.1.101:5000/v3/ |
|          |          | RegionOne                                 |
|          |          |   admin: http://192.168.1.101:5000/v3/    |
|          |          | RegionOne                                 |
|          |          |   public: http://192.168.1.101:5000/v3/   |
|          |          |                                           |
+----------+----------+-------------------------------------------+

添加及配置Glance用户及设定endpoint信息

# 添加glance账户,并定义其隶属于service租户,密码为servicepassword
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9bba7fbed99e4301a92ed02a34c99f4a |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+# 授权glance账户为admin角色
[root@srv1 ~(keystone)]# openstack role add --project service --user glance admin# 创建glance服务
[root@srv1 ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image service          |
| enabled     | True                             |
| id          | 8a780cc7bc784e85bcafcadebe034027 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+# 创建glance endpoint的public、internal、admin信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image public http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3adda7db76e54106b27ee450936279e7 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.1.101:9292        |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image internal http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3dfb2787e2714007922dfd9306b1c3d7 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.1.101:9292        |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image admin http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 34c426ddb1f84941b988c38573e13638 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

设定Glance数据库

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye

安装及配置Glance

1) 安装Glance
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y2) 配置Glance
(1) 配置Glance API
[root@srv1 ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/[database]
connection = mysql+pymysql://glance:password@192.168.1.101/glance# 定义连接keystone的信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword[paste_deploy]
flavor = keystone
(2) 配置Glance Registry
[root@srv1 ~(keystone)]# mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-registry.conf
[DEFAULT]
bind_host = 0.0.0.0[database]
connection = mysql+pymysql://glance:password@192.168.1.101/glance[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword[paste_deploy]
flavor = keystone[root@srv1 ~(keystone)]# chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"
...
...
...
INFO  [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.[root@srv1 ~(keystone)]# systemctl enable --now openstack-glance-api openstack-glance-registry
[root@srv1 ~(keystone)]# cat /sys/module/kvm_intel/parameters/nested 
[root@srv1 ~(keystone)]# cat /proc/cpuinfo | grep vmx

创建实例并将实例,并将镜像注册至Glance中

#下载本地服务器镜像
[root@srv1 mnt(keystone)]# curl -O http://192.168.1.254/repos/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-2207-02.iso% Total    % Received % Xferd  Average Speed   Time    Time     Time  CurrentDload  Upload   Total   Spent    Left  Speed8  988M    8 988M    0     0  7602k      0  0:02:13  0:00:11  0:02:02 7622k1) 安装KVM并设置桥接
[root@srv1 mnt(keystone)]# yum install qemu-kvm libvirt virt-install bridge-utils -y[root@srv1 mnt(keystone)]# lsmod | grep kvm
kvm_intel             188793  0 
kvm                   653928  1 kvm_intel
irqbypass              13503  1 kvm
[root@srv1 mnt(keystone)]# systemctl enable --now libvirtd#创建一个名为 "c7.img" 的qcow2格式镜像文件,并将其大小设置为5G,这个镜像文件可以用于创建和管理虚拟机。
[root@srv1 mnt(keystone)]# qemu-img create -f qcow2 /var/lib/libvirt/images/c7.img 5G2) 安装实例
[root@srv1 ~(keystone)]# virt-install \
--name c7 \
--ram 1024 \
--disk path=/var/lib/libvirt/images/c7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location '/mnt/CentOS-7-x86_64-Minimal-2207-02.iso' \
--extra-args 'console=ttyS0,115200n8 serial'

根据提示安装 

注:不是X号的都需要进去调试

最小化安装完成回车重启

配置KVM用户名与云设置

CentOS Linux 7 (Core)
Kernel 3.10.0-1160.71.1.el7.x86_64 on an x86_64lwj login: root
Password: 
[root@lwj ~]# systemctl disable --now firewalld
[root@lwj ~]# vi /etc/sysconfig/selinux 
SELINUX=disabled[root@lwj ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 
删除UUID[root@lwj ~]# yum install cloud-init -y[root@lwj ~]# useradd snow
[root@lwj ~]# passwd snow
Changing password for user snow.
New password: 
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password: 
passwd: all authentication tokens updated successfully.[root@lwj ~]# vi /etc/cloud/cloud.cfg5 ssh_pwauth:   157     name: snow58     lock_passwd: false
[root@lwj ~]# systemctl enable cloud-init sshd
[root@lwj ~]# poweroff

删除虚拟机

[root@srv1 mnt(keystone)]# openstack image create "c7" --file /var/lib/libvirt/images/c7.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | 3dcc3a6d02c738ac66304a45b101e4e0                     |
| container_format | bare                                                 |
| created_at       | 2023-10-12T12:12:49Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/e6876582-15ff-44df-b3ef-34ec424438a1/file |
| id               | e6876582-15ff-44df-b3ef-34ec424438a1                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | c7                                                   |
| owner            | 221b4ddca2a4482dbf169d45771b3c27                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 1832583168                                           |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2023-10-12T12:13:05Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+[root@srv1 mnt(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID                                   | Name | Status |
+--------------------------------------+------+--------+
| e6876582-15ff-44df-b3ef-34ec424438a1 | c7   | active |
+--------------------------------------+------+--------+[root@srv1 mnt(keystone)]# cd /var/lib/glance/images/
[root@srv1 images(keystone)]# ls
e6876582-15ff-44df-b3ef-34ec424438a1
[root@srv1 images(keystone)]# file e6876582-15ff-44df-b3ef-34ec424438a1
e6876582-15ff-44df-b3ef-34ec424438a1: QEMU QCOW Image (v3), 5368709120 bytes
[root@srv1 images(keystone)]# virsh list --allId    Name                           State
-----------------------------------------------------     c7                             shut off[root@srv1 images(keystone)]# virsh undefine c7
Domain c7 has been undefined[root@srv1 images(keystone)]# virsh list --allId    Name                           State
----------------------------------------------------[root@srv1 images(keystone)]# rm -rf /var/lib/libvirt/images/c7.img 

下载虚拟机

[root@srv1 images(keystone)]# openstack image save --file c7.qcow2 c7
[root@srv1 images(keystone)]# ls
c7.qcow2  e6876582-15ff-44df-b3ef-34ec424438a1

Openstack配置手册-Nova配置

添加Nova账户并注册至Keystone

[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 14a8b1c6d8e745ef86767614112af49f |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project service --user nova admin
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword placement
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 7b0529346650470a83e27f9ecf52d8de |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name nova --description "OpenStack Compute service" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute service        |
| enabled     | True                             |
| id          | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name placement --description "OpenStack Compute Placement service" placement
+-------------+-------------------------------------+
| Field       | Value                               |
+-------------+-------------------------------------+
| description | OpenStack Compute Placement service |
| enabled     | True                                |
| id          | 91c96fcb64484e74929f5247d9c7f20d    |
| name        | placement                           |
| type        | placement                           |
+-------------+-------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute public http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | b340db6b089a4c68b0debbdb8067175a             |
| interface    | public                                       |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute internal http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | fa70f77eb1f94ac286a04d46fd53832d             |
| interface    | internal                                     |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute admin http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | 6b6d59429f6c478aba389051ff52b4a8             |
| interface    | admin                                        |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement public http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5b7572cfd16842129efc3c9a09799cb6 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement internal http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6cfc5c62f6434a369345f56482d2fda4 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement admin http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3fe84b02d2af4645ade2f9139b804a7c |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+

设置Nova数据库

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_api.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)MariaDB [(none)]> grant all privileges on nova_api.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> create database nova_placement;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye

安装及配置Nova

1) 安装Nova
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova -y# 使用openstack源自带的novnc工具
[root@srv1 ~(keystone)]# yum remove novnc -y
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens install openstack-nova -y2) 配置Nova
[root@srv1 ~(keystone)]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
[DEFAULT]
# 定义本机IP
my_ip = 192.168.1.101
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova# RabbitMQ所在位置
transport_url = rabbit://openstack:password@192.168.1.101[api]
auth_strategy = keystone# glance位置
[glance]
api_servers = http://192.168.1.101:9292[oslo_concurrency]
lock_path = $state_path/tmp# 定义连接数据库的信息
[api_database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova_api[database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova# 定义keystone信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword[placement_database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova_placement[wsgi]
api_paste_config = /etc/nova/api-paste.ini[root@srv1 ~(keystone)]# chmod 640 /etc/nova/nova.conf
[root@srv1 ~(keystone)]# chgrp nova /etc/nova/nova.conf
[root@srv1 ~(keystone)]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
# 于15行一下添加如下内容<Directory /usr/bin>Require all granted</Directory>

同步数据库并启动Nova相关服务

[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage api_db sync"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 map_cell0"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage db sync"
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')result = self._query(query)
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 create_cell --name cell1"
[root@srv1 ~(keystone)]# systemctl restart httpd
[root@srv1 ~(keystone)]# chown nova. /var/log/nova/nova-placement-api.log
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-api openstack-nova-consoleauth \
> openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:03:00.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:03:01.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:03:02.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+
1) 确认KVM已经安装完毕2) 安装Nova-Compute
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y3) 配置VNC(便于后续直接通过浏览器控制实例)
# 于文档最后追加如下内容
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
......
......
......
......
......
......[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.1.101
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html

启动并验证Nova-Compute

[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-compute
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:14:51.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:14:51.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:14:52.000000 |
|  6 | nova-compute     | srv1 | nova     | enabled | up    | 2023-10-12T13:14:50.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+

添加扩展节点配置openstack2服务器

#网络节点192.168.1.102

#防火墙

#vim /etc/hosts

#同步网络时间

#安装依赖

[root@srv1 yum.repos.d]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
2) 在扩展的计算节点上安装KVM并启动
[root@srv2 ~]# yum install qemu-kvm libvirt virt-install bridge-utils  -y
[root@srv2 ~]# lsmod | grep kvm
[root@srv2 ~]# systemctl enable --now libvirtd3) 安装Nova-Compute
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y4) 配置Nova Compute
[root@srv2 ~]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv2 ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.1.102
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/novatransport_url = rabbit://openstack:password@192.168.1.101[api]
auth_strategy = keystone[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html [glance]
api_servers = http://192.168.1.101:9292[oslo_concurrency]
lock_path = $state_path/tmp[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword[wsgi]
api_paste_config = /etc/nova/api-paste.ini[root@srv2 ~]# chmod 640 /etc/nova/nova.conf
[root@srv2 ~]# chgrp nova /etc/nova/nova.conf
6) 启动Nova Compute
[root@srv2 ~]# systemctl enable --now openstack-nova-compute
7) 确认
# 未添加扩展计算节点时
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  6 | nova-compute     | srv1 | nova     | enabled | up    | 2023-10-12T13:53:32.000000 |
|  7 | nova-compute     | srv2 | nova     | enabled | up    | 2023-10-12T13:53:32.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+

Openstack配置手册-添加一个租户

[root@srv1 ~(keystone)]# openstack project create --domain default --description "1000y Project" 1000y
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | 1000y Project                    |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 56a31c210f36466b80717dcb26f1cf2c |
| is_domain   | False                            |
| name        | 1000y                            |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+[root@srv1 ~(keystone)]# openstack user create --domain default --project 1000y --password userpassword snow
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 56a31c210f36466b80717dcb26f1cf2c |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 067ee6c7f54c40dc802fce4a34397dfc |
| name                | snow                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+[root@srv1 ~(keystone)]# openstack role create CloudUser
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 39ffc364b3e54fdfa097e97a8852b717 |
| name      | CloudUser                        |
+-----------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project 1000y --user snow CloudUser# 创建云实例所需的模板,名称为m1.small
[root@srv1 ~(keystone)]# openstack flavor create --id 0 --vcpus 1 --ram 2048 --disk 10 m1.small
+----------------------------+----------+
| Field                      | Value    |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled   | False    |
| OS-FLV-EXT-DATA:ephemeral  | 0        |
| disk                       | 10       |
| id                         | 0        |
| name                       | m1.small |
| os-flavor-access:is_public | True     |
| properties                 |          |
| ram                        | 2048     |
| rxtx_factor                | 1.0      |
| swap                       |          |
| vcpus                      | 1        |
+----------------------------+----------+[root@srv1 ~(keystone)]# openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name     |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0  | m1.small | 2048 |   10 |         0 |     1 | True      |
+----+----------+------+------+-----------+-------+-----------+

添加Neutron用户并注册至Keystone中

[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 250a06bd443a41bbb58bb45e64440cc2 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+[root@srv1 ~(keystone)]# openstack role add --project service --user neutron admin
[root@srv1 ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking service     |
| enabled     | True                             |
| id          | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+# 设定endpoint信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network public http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6e6b2b9c15f8479e8072a750b911ba01 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network internal http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 309a75f4209c4d8e80dda692cb3b644f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network admin http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ca3c046a519e440ab6857c4c3895b693 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+

添加Neutron数据库信息

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye

在控制节点安装srv1及配置Neutron

1) 安装Neutron Service到控制节点
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron openstack-neutron-ml2  -y2) 配置Neutron主配置文件
[root@srv1 ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv1 ~(keystone)]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = Truetransport_url = rabbit://openstack:password@192.168.1.101[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword[database]
connection = mysql+pymysql://neutron:password@192.168.1.101/neutron_ml2[nova]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword[oslo_concurrency]
lock_path = $state_path/tmp[root@srv1 ~(keystone)]# chmod 640 /etc/neutron/neutron.conf
[root@srv1 ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf3) 配置metadata_agent
[root@srv1 ~(keystone)]# vim /etc/neutron/metadata_agent.ini
# 修改22行,指定Nova AIP
nova_metadata_host = 192.168.1.101# 取消34行注释,并指定共享秘钥
metadata_proxy_shared_secret = qyy_openstack# 取消260行注释,并指定Memcache Server
memcache_servers = 192.168.1.101:112114) 配置ml2
[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,[ml2]区段下添加如下内容
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security5) 配置nova
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段下添加如下内容
......
......
......
......
......
......use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver......# 于文件最后,添加Neutron认证信息及设定认证共享密码
[neutron]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack
6)启动Neutron
[root@srv1 ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[root@srv1 ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugin.ini upgrade head".....
.....
.....
.....INFO  [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks
INFO  [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos
INFO  [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port
INFO  [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.OK[root@node1 ~(keystone)]# systemctl enable --now neutron-server neutron-metadata-agent
[root@node1 ~(keystone)]# systemctl restart openstack-nova-api
[root@srv1 ~(keystone)]# openstack network agent list
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| ID                                   | Agent Type     | Host | Availability Zone | Alive | State | Binary                 |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| 339aaf32-0f12-428a-b7a2-15d9a1880d40 | Metadata agent | srv1 | None              | :-)   | UP    | neutron-metadata-agent |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
[root@srv1 ~(keystone)]# openstack network service list
openstack: 'network service list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?network agent add networknetwork agent add routernetwork agent deletenetwork agent listnetwork agent remove networknetwork agent remove routernetwork agent setnetwork agent shownetwork auto allocated topology createnetwork auto allocated topology deletenetwork createnetwork deletenetwork flavor add profilenetwork flavor createnetwork flavor deletenetwork flavor listnetwork flavor profile createnetwork flavor profile deletenetwork flavor profile listnetwork flavor profile setnetwork flavor profile shownetwork flavor remove profilenetwork flavor setnetwork flavor shownetwork listnetwork log createnetwork log deletenetwork log listnetwork log setnetwork log shownetwork loggable resources listnetwork meter createnetwork meter deletenetwork meter listnetwork meter rule createnetwork meter rule deletenetwork meter rule listnetwork meter rule shownetwork meter shownetwork qos policy createnetwork qos policy deletenetwork qos policy listnetwork qos policy setnetwork qos policy shownetwork qos rule createnetwork qos rule deletenetwork qos rule listnetwork qos rule setnetwork qos rule shownetwork qos rule type listnetwork qos rule type shownetwork rbac createnetwork rbac deletenetwork rbac listnetwork rbac setnetwork rbac shownetwork segment createnetwork segment deletenetwork segment listnetwork segment setnetwork segment shownetwork service provider listnetwork setnetwork shownetwork subport listnetwork trunk createnetwork trunk deletenetwork trunk listnetwork trunk setnetwork trunk shownetwork trunk unsetnetwork unsetendpoint add projectendpoint createendpoint deleteendpoint listendpoint remove projectendpoint setendpoint show

在网络节点[srv3]配置Neutron

1) 安装Neurton
[root@srv3 ~]# yum --enablerepo=centos-openstack-queens,epel install \
openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs -y如果出现以下错误可以去别的有pki下这个rpm包传过来
获取 GPG 密钥失败:[Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud"
[root@srv1 ~(keystone)]# scp /etc/pki/rpm-gpg/* srv3:/etc/pki/rpm-gpg/
2) 配置Neurton
[root@srv3 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv3 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = Truetransport_url = rabbit://openstack:password@192.168.1.101[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword[oslo_concurrency]
lock_path = $state_path/lock[root@srv3 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv3 ~]# chgrp neutron /etc/neutron/neutron.conf3) 配置L3
[root@srv3 ~]# vim /etc/neutron/l3_agent.ini
添加如下内容16 interface_driver = openvswitch4) 配置dhcp_agent
[root@srv3 ~]# vim /etc/neutron/dhcp_agent.ini
添加如下内容16 interface_driver = openvswitch28 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq37 enable_isolated_metadata = true5) 配置metadata_agent
[root@srv3 ~]# vim /etc/neutron/metadata_agent.ini22 nova_metadata_host = 192.168.1.10134 metadata_proxy_shared_secret = qyy_openstack
260 memcache_servers = 192.168.1.101:112116) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,添加所支持的驱动及相关信息
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security7) 配置OVS
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行,如下内容
[securitygroup]
313 firewall_driver = openvswitch
318 enable_security_group = true
322 enable_ipset = true8) 启动Neutron服务
[root@srv3 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@srv3 ~]# systemctl enable --now openvswitch
[root@srv3 ~]# ovs-vsctl add-br br-int
[root@srv3 ~]# systemctl enable --now neutron-dhcp-agent neutron-l3-agent \
neutron-metadata-agent neutron-openvswitch-agent

 

计算节点配置Neutron

1) 安装Neutron组件
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y[root@srv2 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv2 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = Truetransport_url = rabbit://openstack:password@192.168.1.101[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword[oslo_concurrency]
lock_path = $state_path/lock[root@srv2 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv2 ~]# chgrp neutron /etc/neutron/neutron.conf3) 配置ML2
[root@srv2 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行添加如下内容
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security4) 配置ovs
[root@srv2 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行添加如下内容
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true5) 配置nova
[root@node2 ~]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段添加如下内容
......
......
......
......
......
......use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300......
......
......
......
......
......# 于文件尾部,添加如下内容
[neutron]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack6) 启动Neutron服务
[root@node2 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node2 ~]# systemctl enable --now openvswitch
[root@node2 ~]# ovs-vsctl add-br br-int
[root@node2 ~]# systemctl restart openstack-nova-compute
[root@node2 ~]# systemctl enable --now neutron-openvswitch-agent
[root@srv1 images(keystone)]# openstack network agent list -c Host -c Alive -c "Agent Type"                                                            
+--------------------+------+-------+
| Agent Type         | Host | Alive |
+--------------------+------+-------+
| DHCP agent         | srv3 | :-)   |
| Open vSwitch agent | srv2 | :-)   |
| Metadata agent     | srv1 | :-)   |
| Metadata agent     | srv3 | :-)   |
| Open vSwitch agent | srv1 | :-)   |
| Open vSwitch agent | srv3 | :-)   |
| L3 agent           | srv3 | :-)   |
+--------------------+------+-------+
[root@srv1 images(keystone)]# openstack network agent list
+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
| 378d182f-f976-4609-ad1c-c1487eeac103 | DHCP agent         | srv3 | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 6d88efa6-8fd0-4be8-9c45-fa18f724ad3a | Open vSwitch agent | srv2 | None              | :-)   | UP    | neutron-openvswitch-agent |
| 8a74f15b-c8c5-42c8-8ffd-86f433b7ba67 | Metadata agent     | srv1 | None              | :-)   | UP    | neutron-metadata-agent    |
| 8f7f1797-08ac-440e-9204-4c7a5f15c523 | Metadata agent     | srv3 | None              | :-)   | UP    | neutron-metadata-agent    |
| 9ea6d811-9170-45c4-a236-b40bd1e37947 | Open vSwitch agent | srv1 | None              | :-)   | UP    | neutron-openvswitch-agent |
| bb26e088-62a1-4b07-9858-247b187e4c54 | Open vSwitch agent | srv3 | None              | :-)   | UP    | neutron-openvswitch-agent |
| f1f8a9a8-c482-4695-a2d4-eff548662efb | L3 agent           | srv3 | nova              | :-)   | UP    | neutron-l3-agent          |
+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+

 

Openstack配置手册-Neutron网络实现

更改Network节点的配置

srv3

2) 更改Network节点的配置
(1) 添加桥接设备
[root@srv3 ~]# ovs-vsctl add-br br0
[root@srv3 ~]# ovs-vsctl add-port br0 ens37(2) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于181行,添加如下内容
[ml2_type_flat]
flat_networks = physnet1(3) 配置ovs_agent
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于194行,添加如下内容
[ovs]
bridge_mappings = physnet1:br0[root@node3 ~]# systemctl restart neutron-openvswitch-agent3) 更改Nova Compute节点的配置
(1) 添加桥接设备
[root@srv3 ~]# ovs-vsctl add-br br0
[root@srv3 ~]# ovs-vsctl add-port br0 ens37(2) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于181行,添加如下内容
[ml2_type_flat]
flat_networks = physnet1(3) 配置ovs_agent
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于194行,添加如下内容
[ovs]
bridge_mappings = physnet1:br0[root@srv3 ~]# systemctl restart neutron-openvswitch-agent

接下来实现虚路由

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.mzph.cn/news/104063.shtml

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈email:809451989@qq.com,一经查实,立即删除!

相关文章

为Mkdocs网站添加评论系统(以giscus为例)

官方文档&#xff1a;Adding a comment system 这里我同样推荐giscus 利用 GitHub Discussions 实现的评论系统&#xff0c;让访客借助 GitHub 在你的网站上留下评论和反应吧&#xff01;本项目深受 utterances 的启发。 开源。&#x1f30f;无跟踪&#xff0c;无广告&#…

灾备建设中的网络传输

对于建设灾备系统&#xff0c;只要是网络可达即可进行数据备份保护。灾备中用的传输方式有很多种&#xff0c;比如网络传输&#xff0c;lan-free传输&#xff0c;网络加密传输等。 在这里给大家介绍下网络传输&#xff0c;灾备中的网络传输和平时大家熟知的是一样的。是指用一…

k8s使用

一、Kubernetes好处 ​ kubernetes&#xff0c;是一个全新的基于容器技术的分布式架构领先方案&#xff0c;是谷歌严格保密十几年的秘密武器----Borg系统的一个开源版本&#xff0c;于2014年9月发布第一个版本&#xff0c;2015年7月发布第一个正式版本。 ​ kubernetes的本质…

GIS小技术分享(一):python中json数据转geojson或者shp

1.环境需求 geopandspandasshapelyjsonpython3 2.输入数据&#xff08;path字段&#xff0c;线条&#xff09; [{"id": "586A685D568311B2A16F33FCD5055F7B","name": "普及江","path": "[[116.35178835446628,23.57…

贴片电容材质的区别与电容的主要作用

一、贴片电容材质NPO、COG、X7R、X5R、Y5V、Z5U区别 主要是介质材料不同&#xff0c;不同介质种类由于它的主要极化类型不一样&#xff0c;其对电场变化的响应速度和极化率也不一样。在相同的体积下的容量就不同&#xff0c;随之带来的电容器介质的损耗、容量的稳定性也就不同…

【OpenCv光流法进行运动目标检测】

opencv系列文章目录 文章目录 opencv系列文章目录前言一、光流法是什么&#xff1f;二、光流法实例1.C的2.C版本3.python版本 总结 前言 随着计算机视觉技术的迅猛发展&#xff0c;运动目标检测在图像处理领域中扮演着至关重要的角色。在现实世界中&#xff0c;我们常常需要追…

ES相关面试问题整理

索引模板了解么 索引模板&#xff0c;一种复用机制&#xff0c;就像一些项目的开发框架如 Laravel 一样&#xff0c;省去了大量的重复&#xff0c;体力劳动。当新建一个 Elasticsearch 索引时&#xff0c;自动匹配模板&#xff0c;完成索引的基础部分搭建。 模板定义&#xf…

基于LSTM-Adaboost的电力负荷预测的MATLAB程序

微❤关注“电气仔推送”获得资料&#xff08;专享优惠&#xff09; 主要内容&#xff1a; LSTM-AdaBoost负荷预测模型先通过 AdaBoost集成算法串行训练多个基学习器并计算每个基学习 器的权重系数,接着将各个基学习器的预测结果进行线性组合,生成最终的预测结果。代码中的LST…

Grafana 10 新特性解读:体验与协作全面提升

作者&#xff1a;徽泠(苏墨馨) 为了庆祝 Grafana 的 10 年里程碑&#xff0c;Grafana Labs 推出了 Grafana 10&#xff0c;这个具有纪念意义的版本强调增强用户体验&#xff0c;使各种开发人员更容易使用。Grafana v10.0.x 为开发者与企业展示卓越的新功能、可视化与协作能力&…

虚幻引擎5:增强输入的使用方法

一、基本配置 1.创建一个输入映射上下文&#xff08;映射表&#xff09; 2.创建自己需要的操作映射或者轴映射 3.创建完成之后进入这个映射&#xff0c;来设置类型&#xff0c;共有4个类型 1.Digital:是旧版操作映射类型&#xff0c;一般是按下抬起来使用&#xff0c;像跳跃…

Linux实现原理 — I/O 处理流程与优化手段

Linux I/O 接口 Linux I/O 接口可以分为以下几种类型&#xff1a; 文件 I/O 接口&#xff1a;用于对文件进行读写操作的接口&#xff0c;包括 open()、read()、write()、close()、lseek() 等。 网络 I/O 接口&#xff1a;用于网络通信的接口&#xff0c;包括 socket()、conne…

RabbitMQ常见的交换机类型

RabbitMQ安装 pom.xml里导入相关的依赖&#xff1a; <dependency><groupId>org.springframework.boot</groupId><artifactId>spring-boot-starter-amqp</artifactId></dependency> application.properties配置文件 spring.rabbitmq.hos…

Nginx - 反向代理与负载均衡

目录 一、Nginx 1.1、Nginx 下载 1.2、nginx 基础配置的认识 a&#xff09;第一部分&#xff1a;全局块 b&#xff09;第二部分&#xff1a;events 块 c&#xff09;第三部分&#xff1a;http 块 http 块中 内嵌的 server 块 1.3、一些常用配置 1.3.1、location 匹配级…

java正则表达式 及应用场景爬虫,捕获分组非捕获分组

正则表达式 通常用于校验 比如说qq号 看输入的是否符合规则就可以用这个 public class regex {public static void main(String[] args) {//正则表达式判断qq号是否正确//规则 6位及20位以内 0不能再开头 必须全是数子String qq"1234567890";System.out.println(qq…

【机器学习】sklearn特征选择(feature selection)

文章目录 特征工程过滤法&#xff08;Filter&#xff09;方差过滤相关性过滤卡方过滤F验表互信息法小结 嵌入法&#xff08;Embedded&#xff09;包装法&#xff08;Wrapper&#xff09; 特征工程 特征提取(feature extraction)特征创造(feature creation)特征选择(feature se…

【软件设计师-下午题总结】

目录 下午题之总结于学习记录&#xff1a;题一、数据流图&#xff1a;1、熟悉相关的图形2、实体名称3、数据存储4、补充缺失的数据流和起点终点5、用结构化语言描述6、描述&#xff0c;找加工逻辑的时候7、如何保持数据流平衡 题二&#xff1a;实体联系图&#xff1a;1、常用图…

Django Test

Django--Laboratory drug management and early warning system-CSDN博客 创建项目doinglms django-admin startproject doinglms python manage.py runserver 运行开发服务器(Development Server) 创建一个自定义 App,名称为 lms: python manage.py startapp lms

minio桶命名规则

一、背景 今天做项目需要上传图片到minio&#xff0c;上传失败&#xff0c;查看错误是桶未创建成功。 minio桶的创建具有自己的命名规则&#xff0c;不符合则无法创建。 二、命名规则 1、存储桶名称的长度必须介于 3&#xff08;最小&#xff09;到 63&#xff08;最大&…

【数据结构】二叉树--堆排序

目录 一 降序(建小堆) 二 升序 (建大堆) ​三 优化(以升序为例) 四 TOP-K问题 一 降序(建小堆) void Swap(int* x, int* y) {int tmp *x;*x *y;*y tmp; }//降序 建小堆 void AdjustUp(int* a, int child) {int parent (child - 1) / 2;while (child > 0){if (a[chil…

Ubuntu 22.04.3 LTS单机私有化部署sealos

推荐使用奇数台 Master 节点和若干 Node 节点操作系统 :Ubuntu 22.04 LTS内核版本 :5.4 及以上配置推荐 :CPU 4 核 , 内存 8GB, 存储空间 100GB 以上最小配置 :CPU 2 核 , 内存 4GB, 存储空间 60GB 这里采用的Ubuntu 22.04.3 LTS 版本&#xff0c;Ubuntu 20.04.4 LTS这个版本…