搭建基础环境
#网络
#防火墙
#用户用
#解析
#同步时间
实验角色
| OpenStack01 | OpenStack02 | OpenStack03 |
| 192.168.1.101 | 192.168.1.102 | 192.168.1.103 |
| srv1 | srv2 | srv3 |
同步时间
[root@srv1]# yum install chrony -y
[root@srv1]# vim /etc/chrony.conf
# 修改第3行,将NTP Server改为cn服务器
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst# 修改第25行,允许本地其他服务器同步
allow 192.168.1.0/24[root@srv1 ~]# systemctl restart chronyd
# 确认同步信息
[root@node1 ~]# chronyc sources -v安装openstack源并修改为本地服务器源
[root@srv1 ~]# yum install centos-release-openstack-queens -y
CentOS-Base.repo CentOS-QEMU-EV.repo epel.repo remi-php54.repo remi-php81.repo
CentOS-Ceph-Luminous.repo CentOS-SCLo-scl.repo epel-testing.repo remi-php70.repo remi.repo
CentOS-CR.repo CentOS-SCLo-scl-rh.repo remi-glpi91.repo remi-php71.repo remi-safe.repo
CentOS-Debuginfo.repo CentOS-Sources.repo remi-glpi92.repo remi-php72.repo
CentOS-fasttrack.repo CentOS-Storage-common.repo remi-glpi93.repo remi-php73.repo
CentOS-Media.repo CentOS-Vault.repo remi-glpi94.repo remi-php74.repo
CentOS-OpenStack-queens.repo CentOS-x86_64-kernel.repo remi-modular.repo remi-php80.repoyum --enablerepo=centos-openstack-queens install mariadb-server -y
升级本地所有软件包
[root@srv1 ~]# yum update -y安装MairaDB
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens install mariadb-server -y[root@srv1 ~]# vim /etc/my.cnf
#于[mysqld]区段最后添加如下内容
[mysqld]
character-set-server=utf8[root@srv1 ~]# systemctl enable --now mariadb[root@srv1 ~]# netstat -anptu | grep 3306
tcp6 0 0 :::3306 :::* LISTEN 2459/mysqld # 密码设置为password
[root@srv1 ~]# mysql_secure_installation安装及配置Memcached与RabbitMQ(缓存与消息队列)
[root@srv1 ~]# yum --enablerepo=epel install rabbitmq-server memcached -y
[root@srv1 ~]# systemctl enable --now rabbitmq-server memcached#在RabbitMQ中添加一个新用户,用户名为 "openstack",密码为 "password"。
[root@srv1 ~]# rabbitmqctl add_user openstack password
Creating user "openstack"#为用户 "openstack" 设置权限。其中,".*" 参数表示获取了读、写配置,所有消息队列和交换机权限
[root@srv1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"[root@srv1 ~]# netstat -anptu | grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 2691/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 2691/beam.smp
[root@srv1 ~]# netstat -anptu | grep 11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 2727/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 2727/memcached 添加数据库keystone用户并赋予权限
[root@srv1 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)MariaDB [(none)]> exit
Bye安装keystone先安装python以来否则出现以下错误
============================================错误汇总============================================
1. 出现以下错误:
Error: Package: python2-pyngus-2.3.0-1.el7.noarch (epel)Requires: python2-qpid-proton >= 0.28.02.解决方法
[root@srv1 ~]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
============================================汇总结束============================================[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y配置keystone
[root@srv1 ~]# vim /etc/keystone/keystone.conf
# 修改605行,指定Memcached的信息
memcache_servers = 192.168.1.101:11211# 修改737行,指定数据库相关信息
connection = mysql+pymysql://keystone:password@192.168.1.101/keystone# 于[token],添加2879行内容
[token]
provider = fernet# 同步数据库
[root@srv1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"# 初始化秘钥(生成令牌加密)
[root@srv1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@srv1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone# bootstrap keystone
[root@srv1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \
--bootstrap-admin-url http://192.168.1.101:5000/v3/ \
--bootstrap-internal-url http://192.168.1.101:5000/v3/ \
--bootstrap-public-url http://192.168.1.101:5000/v3/ \
--bootstrap-region-id RegionOne#设置管理员用户admin的密码为
#设置管理员用户admin的管理员URL,用于管理Keystone服务。
#设置管理员用户admin的内部URL,用于Keystone服务内部组件之间的通信。
#设置管理员用户admin的公共URL,用于对外提供服务的接口。
#设置Keystone的区域ID为 "RegionOne"。在Apache上配置Keystone
[root@srv1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@srv1 ~]# systemctl enable --now httpd[root@srv1 ~(keystone)]# netstat -lantp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 10137/httpd
[root@srv1 ~(keystone)]# netstat -lantp | grep 35357
tcp6 0 0 :::35357 :::* LISTEN 10137/httpd 设定Keystone Shell环境及创建租户
设定环境
[root@srv1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '#设置项目域名为 "default",用于指定项目所属的域。
#设置用户域名为 "default",用于指定用户所属的域。
#设置项目名称为 "admin",表示要操作的项目为 "admin"。
#设置用户名为 "admin",表示要使用的用户名为 "admin"。
#设置密码为 "adminpassword",用于进行身份验证。
#设置认证URL为 "http://192.168.1.101:5000/v3",用于身份验证和访问OpenStack服务。
#设置身份验证API版本为 "3",表示要使用OpenStack标识服务的API版本。
#设置镜像API版本为 "2",表示要使用OpenStack镜像服务的API版本。
#设置命令行提示符的格式。在提示符中显示当前用户名、主机名和当前工作目录,并指示当前环境为 "keystone"。[root@srv1 ~]# chmod 600 ~/keystonerc
[root@srv1 ~]# source ~/keystonerc
[root@srv1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile#执行~/keystonerc文件中的环境变量导入当前会话。keystonerc文件通常包含了OpenStack客户端命令行工具所需的各种环境变量,如认证信息、API版本等。
#将source ~/keystonerc命令添加到当前用户的~/.bash_profile文件中。这样,在每次用户登录时,~/.bash_profile文件中的内容会被执行,从而自动加载OpenStack客户端的环境变量设置。创建租户并验证
#用于创建一个名为 "service" 的项目(Project),并将其关联到默认的域(Domain)中。
[root@srv1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+#查看当前OpenStack环境中所有项目的概览信息
[root@srv1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 045c8b0eb3e04e329f2fd1b0b0e8d164 | service |
| 221b4ddca2a4482dbf169d45771b3c27 | admin |
+----------------------------------+---------+#用于显示admin的详细信息/admin是要显示详细信息的项目的名称或ID。
[root@srv1 ~(keystone)]# openstack project show admin
+-------------+-----------------------------------------------+
| Field | Value |
+-------------+-----------------------------------------------+
| description | Bootstrap project for initializing the cloud. |
| domain_id | default |
| enabled | True |
| id | 221b4ddca2a4482dbf169d45771b3c27 |
| is_domain | False |
| name | admin |
| parent_id | default |
| tags | [] |
+-------------+-----------------------------------------------+#查看用户列表
[root@srv1 ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 63948f840014441fa5b6dbf032e13104 | admin |
+----------------------------------+-------+#查看终端列表
[root@srv1 ~(keystone)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 4be9ebda8f83471fa59f389f9512f485 | RegionOne | keystone | identity | True | internal | http://192.168.1.101:5000/v3/ |
| 6db3f9752db5432ab5e36b0a70eca23d | RegionOne | keystone | identity | True | admin | http://192.168.1.101:5000/v3/ |
| 74c7fc497a8e462bb0c2be1af0ef08ac | RegionOne | keystone | identity | True | public | http://192.168.1.101:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+#查看目录列表
[root@srv1 ~(keystone)]# openstack catalog list
+----------+----------+-------------------------------------------+
| Name | Type | Endpoints |
+----------+----------+-------------------------------------------+
| keystone | identity | RegionOne |
| | | internal: http://192.168.1.101:5000/v3/ |
| | | RegionOne |
| | | admin: http://192.168.1.101:5000/v3/ |
| | | RegionOne |
| | | public: http://192.168.1.101:5000/v3/ |
| | | |
+----------+----------+-------------------------------------------+添加及配置Glance用户及设定endpoint信息
# 添加glance账户,并定义其隶属于service租户,密码为servicepassword
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 9bba7fbed99e4301a92ed02a34c99f4a |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+# 授权glance账户为admin角色
[root@srv1 ~(keystone)]# openstack role add --project service --user glance admin# 创建glance服务
[root@srv1 ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image service |
| enabled | True |
| id | 8a780cc7bc784e85bcafcadebe034027 |
| name | glance |
| type | image |
+-------------+----------------------------------+# 创建glance endpoint的public、internal、admin信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image public http://192.168.1.101:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3adda7db76e54106b27ee450936279e7 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance |
| service_type | image |
| url | http://192.168.1.101:9292 |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image internal http://192.168.1.101:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3dfb2787e2714007922dfd9306b1c3d7 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance |
| service_type | image |
| url | http://192.168.1.101:9292 |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image admin http://192.168.1.101:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 34c426ddb1f84941b988c38573e13638 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance |
| service_type | image |
| url | http://192.168.10.11:9292 |
+--------------+----------------------------------+设定Glance数据库
[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye安装及配置Glance
1) 安装Glance
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y2) 配置Glance
(1) 配置Glance API
[root@srv1 ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/[database]
connection = mysql+pymysql://glance:password@192.168.1.101/glance# 定义连接keystone的信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword[paste_deploy]
flavor = keystone(2) 配置Glance Registry
[root@srv1 ~(keystone)]# mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-registry.conf
[DEFAULT]
bind_host = 0.0.0.0[database]
connection = mysql+pymysql://glance:password@192.168.1.101/glance[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword[paste_deploy]
flavor = keystone[root@srv1 ~(keystone)]# chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"
...
...
...
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.[root@srv1 ~(keystone)]# systemctl enable --now openstack-glance-api openstack-glance-registry[root@srv1 ~(keystone)]# cat /sys/module/kvm_intel/parameters/nested
[root@srv1 ~(keystone)]# cat /proc/cpuinfo | grep vmx创建实例并将实例,并将镜像注册至Glance中
#下载本地服务器镜像
[root@srv1 mnt(keystone)]# curl -O http://192.168.1.254/repos/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-2207-02.iso% Total % Received % Xferd Average Speed Time Time Time CurrentDload Upload Total Spent Left Speed8 988M 8 988M 0 0 7602k 0 0:02:13 0:00:11 0:02:02 7622k1) 安装KVM并设置桥接
[root@srv1 mnt(keystone)]# yum install qemu-kvm libvirt virt-install bridge-utils -y[root@srv1 mnt(keystone)]# lsmod | grep kvm
kvm_intel 188793 0
kvm 653928 1 kvm_intel
irqbypass 13503 1 kvm
[root@srv1 mnt(keystone)]# systemctl enable --now libvirtd#创建一个名为 "c7.img" 的qcow2格式镜像文件,并将其大小设置为5G,这个镜像文件可以用于创建和管理虚拟机。
[root@srv1 mnt(keystone)]# qemu-img create -f qcow2 /var/lib/libvirt/images/c7.img 5G2) 安装实例
[root@srv1 ~(keystone)]# virt-install \
--name c7 \
--ram 1024 \
--disk path=/var/lib/libvirt/images/c7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location '/mnt/CentOS-7-x86_64-Minimal-2207-02.iso' \
--extra-args 'console=ttyS0,115200n8 serial'根据提示安装
注:不是X号的都需要进去调试
最小化安装完成回车重启
配置KVM用户名与云设置
CentOS Linux 7 (Core)
Kernel 3.10.0-1160.71.1.el7.x86_64 on an x86_64lwj login: root
Password:
[root@lwj ~]# systemctl disable --now firewalld
[root@lwj ~]# vi /etc/sysconfig/selinux
SELINUX=disabled[root@lwj ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
删除UUID[root@lwj ~]# yum install cloud-init -y[root@lwj ~]# useradd snow
[root@lwj ~]# passwd snow
Changing password for user snow.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.[root@lwj ~]# vi /etc/cloud/cloud.cfg5 ssh_pwauth: 157 name: snow58 lock_passwd: false
[root@lwj ~]# systemctl enable cloud-init sshd
[root@lwj ~]# poweroff删除虚拟机
[root@srv1 mnt(keystone)]# openstack image create "c7" --file /var/lib/libvirt/images/c7.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 3dcc3a6d02c738ac66304a45b101e4e0 |
| container_format | bare |
| created_at | 2023-10-12T12:12:49Z |
| disk_format | qcow2 |
| file | /v2/images/e6876582-15ff-44df-b3ef-34ec424438a1/file |
| id | e6876582-15ff-44df-b3ef-34ec424438a1 |
| min_disk | 0 |
| min_ram | 0 |
| name | c7 |
| owner | 221b4ddca2a4482dbf169d45771b3c27 |
| protected | False |
| schema | /v2/schemas/image |
| size | 1832583168 |
| status | active |
| tags | |
| updated_at | 2023-10-12T12:13:05Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+[root@srv1 mnt(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID | Name | Status |
+--------------------------------------+------+--------+
| e6876582-15ff-44df-b3ef-34ec424438a1 | c7 | active |
+--------------------------------------+------+--------+[root@srv1 mnt(keystone)]# cd /var/lib/glance/images/
[root@srv1 images(keystone)]# ls
e6876582-15ff-44df-b3ef-34ec424438a1
[root@srv1 images(keystone)]# file e6876582-15ff-44df-b3ef-34ec424438a1
e6876582-15ff-44df-b3ef-34ec424438a1: QEMU QCOW Image (v3), 5368709120 bytes
[root@srv1 images(keystone)]# virsh list --allId Name State
----------------------------------------------------- c7 shut off[root@srv1 images(keystone)]# virsh undefine c7
Domain c7 has been undefined[root@srv1 images(keystone)]# virsh list --allId Name State
----------------------------------------------------[root@srv1 images(keystone)]# rm -rf /var/lib/libvirt/images/c7.img 下载虚拟机
[root@srv1 images(keystone)]# openstack image save --file c7.qcow2 c7
[root@srv1 images(keystone)]# ls
c7.qcow2 e6876582-15ff-44df-b3ef-34ec424438a1Openstack配置手册-Nova配置
添加Nova账户并注册至Keystone
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 14a8b1c6d8e745ef86767614112af49f |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project service --user nova admin
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 7b0529346650470a83e27f9ecf52d8de |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name nova --description "OpenStack Compute service" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute service |
| enabled | True |
| id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name placement --description "OpenStack Compute Placement service" placement
+-------------+-------------------------------------+
| Field | Value |
+-------------+-------------------------------------+
| description | OpenStack Compute Placement service |
| enabled | True |
| id | 91c96fcb64484e74929f5247d9c7f20d |
| name | placement |
| type | placement |
+-------------+-------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute public http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | b340db6b089a4c68b0debbdb8067175a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute internal http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | fa70f77eb1f94ac286a04d46fd53832d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute admin http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 6b6d59429f6c478aba389051ff52b4a8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement public http://192.168.1.101:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5b7572cfd16842129efc3c9a09799cb6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.101:8778 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement internal http://192.168.1.101:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6cfc5c62f6434a369345f56482d2fda4 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.101:8778 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement admin http://192.168.1.101:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3fe84b02d2af4645ade2f9139b804a7c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.101:8778 |
+--------------+----------------------------------+设置Nova数据库
[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_api.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)MariaDB [(none)]> grant all privileges on nova_api.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> create database nova_placement;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye安装及配置Nova
1) 安装Nova
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova -y# 使用openstack源自带的novnc工具
[root@srv1 ~(keystone)]# yum remove novnc -y
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens install openstack-nova -y2) 配置Nova
[root@srv1 ~(keystone)]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
[DEFAULT]
# 定义本机IP
my_ip = 192.168.1.101
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova# RabbitMQ所在位置
transport_url = rabbit://openstack:password@192.168.1.101[api]
auth_strategy = keystone# glance位置
[glance]
api_servers = http://192.168.1.101:9292[oslo_concurrency]
lock_path = $state_path/tmp# 定义连接数据库的信息
[api_database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova_api[database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova# 定义keystone信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword[placement_database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova_placement[wsgi]
api_paste_config = /etc/nova/api-paste.ini[root@srv1 ~(keystone)]# chmod 640 /etc/nova/nova.conf
[root@srv1 ~(keystone)]# chgrp nova /etc/nova/nova.conf
[root@srv1 ~(keystone)]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
# 于15行一下添加如下内容<Directory /usr/bin>Require all granted</Directory>同步数据库并启动Nova相关服务
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage api_db sync"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 map_cell0"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage db sync"
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')result = self._query(query)
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 create_cell --name cell1"
[root@srv1 ~(keystone)]# systemctl restart httpd
[root@srv1 ~(keystone)]# chown nova. /var/log/nova/nova-placement-api.log
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-api openstack-nova-consoleauth \
> openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | srv1 | internal | enabled | up | 2023-10-12T13:03:00.000000 |
| 2 | nova-conductor | srv1 | internal | enabled | up | 2023-10-12T13:03:01.000000 |
| 3 | nova-scheduler | srv1 | internal | enabled | up | 2023-10-12T13:03:02.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+1) 确认KVM已经安装完毕2) 安装Nova-Compute
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y3) 配置VNC(便于后续直接通过浏览器控制实例)
# 于文档最后追加如下内容
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
......
......
......
......
......
......[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.1.101
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html启动并验证Nova-Compute
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-compute
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | srv1 | internal | enabled | up | 2023-10-12T13:14:51.000000 |
| 2 | nova-conductor | srv1 | internal | enabled | up | 2023-10-12T13:14:51.000000 |
| 3 | nova-scheduler | srv1 | internal | enabled | up | 2023-10-12T13:14:52.000000 |
| 6 | nova-compute | srv1 | nova | enabled | up | 2023-10-12T13:14:50.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+添加扩展节点配置openstack2服务器
#网络节点192.168.1.102
#防火墙
#vim /etc/hosts
#同步网络时间
#安装依赖
[root@srv1 yum.repos.d]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm2) 在扩展的计算节点上安装KVM并启动
[root@srv2 ~]# yum install qemu-kvm libvirt virt-install bridge-utils -y
[root@srv2 ~]# lsmod | grep kvm
[root@srv2 ~]# systemctl enable --now libvirtd3) 安装Nova-Compute
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y4) 配置Nova Compute
[root@srv2 ~]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv2 ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.1.102
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/novatransport_url = rabbit://openstack:password@192.168.1.101[api]
auth_strategy = keystone[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html [glance]
api_servers = http://192.168.1.101:9292[oslo_concurrency]
lock_path = $state_path/tmp[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword[wsgi]
api_paste_config = /etc/nova/api-paste.ini[root@srv2 ~]# chmod 640 /etc/nova/nova.conf
[root@srv2 ~]# chgrp nova /etc/nova/nova.conf
6) 启动Nova Compute
[root@srv2 ~]# systemctl enable --now openstack-nova-compute7) 确认
# 未添加扩展计算节点时
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | srv1 | internal | enabled | up | 2023-10-12T13:53:33.000000 |
| 2 | nova-conductor | srv1 | internal | enabled | up | 2023-10-12T13:53:33.000000 |
| 3 | nova-scheduler | srv1 | internal | enabled | up | 2023-10-12T13:53:33.000000 |
| 6 | nova-compute | srv1 | nova | enabled | up | 2023-10-12T13:53:32.000000 |
| 7 | nova-compute | srv2 | nova | enabled | up | 2023-10-12T13:53:32.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+Openstack配置手册-添加一个租户
[root@srv1 ~(keystone)]# openstack project create --domain default --description "1000y Project" 1000y
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 1000y Project |
| domain_id | default |
| enabled | True |
| id | 56a31c210f36466b80717dcb26f1cf2c |
| is_domain | False |
| name | 1000y |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+[root@srv1 ~(keystone)]# openstack user create --domain default --project 1000y --password userpassword snow
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 56a31c210f36466b80717dcb26f1cf2c |
| domain_id | default |
| enabled | True |
| id | 067ee6c7f54c40dc802fce4a34397dfc |
| name | snow |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+[root@srv1 ~(keystone)]# openstack role create CloudUser
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 39ffc364b3e54fdfa097e97a8852b717 |
| name | CloudUser |
+-----------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project 1000y --user snow CloudUser# 创建云实例所需的模板,名称为m1.small
[root@srv1 ~(keystone)]# openstack flavor create --id 0 --vcpus 1 --ram 2048 --disk 10 m1.small
+----------------------------+----------+
| Field | Value |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 0 |
| name | m1.small |
| os-flavor-access:is_public | True |
| properties | |
| ram | 2048 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+----------+[root@srv1 ~(keystone)]# openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0 | m1.small | 2048 | 10 | 0 | 1 | True |
+----+----------+------+------+-----------+-------+-----------+添加Neutron用户并注册至Keystone中
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 250a06bd443a41bbb58bb45e64440cc2 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+[root@srv1 ~(keystone)]# openstack role add --project service --user neutron admin
[root@srv1 ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking service |
| enabled | True |
| id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| name | neutron |
| type | network |
+-------------+----------------------------------+# 设定endpoint信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network public http://192.168.1.101:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6e6b2b9c15f8479e8072a750b911ba01 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.101:9696 |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network internal http://192.168.1.101:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 309a75f4209c4d8e80dda692cb3b644f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.101:9696 |
+--------------+----------------------------------+[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network admin http://192.168.1.101:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ca3c046a519e440ab6857c4c3895b693 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.101:9696 |
+--------------+----------------------------------+添加Neutron数据库信息
[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> exit
Bye在控制节点安装srv1及配置Neutron
1) 安装Neutron Service到控制节点
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron openstack-neutron-ml2 -y2) 配置Neutron主配置文件
[root@srv1 ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv1 ~(keystone)]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = Truetransport_url = rabbit://openstack:password@192.168.1.101[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword[database]
connection = mysql+pymysql://neutron:password@192.168.1.101/neutron_ml2[nova]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword[oslo_concurrency]
lock_path = $state_path/tmp[root@srv1 ~(keystone)]# chmod 640 /etc/neutron/neutron.conf
[root@srv1 ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf3) 配置metadata_agent
[root@srv1 ~(keystone)]# vim /etc/neutron/metadata_agent.ini
# 修改22行,指定Nova AIP
nova_metadata_host = 192.168.1.101# 取消34行注释,并指定共享秘钥
metadata_proxy_shared_secret = qyy_openstack# 取消260行注释,并指定Memcache Server
memcache_servers = 192.168.1.101:112114) 配置ml2
[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,[ml2]区段下添加如下内容
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security5) 配置nova
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段下添加如下内容
......
......
......
......
......
......use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver......# 于文件最后,添加Neutron认证信息及设定认证共享密码
[neutron]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack6)启动Neutron
[root@srv1 ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[root@srv1 ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage \
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugin.ini upgrade head".....
.....
.....
.....INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks
INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos
INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port
INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project
INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA
INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam
INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies
INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table
INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding
INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.OK[root@node1 ~(keystone)]# systemctl enable --now neutron-server neutron-metadata-agent
[root@node1 ~(keystone)]# systemctl restart openstack-nova-api[root@srv1 ~(keystone)]# openstack network agent list
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| 339aaf32-0f12-428a-b7a2-15d9a1880d40 | Metadata agent | srv1 | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
[root@srv1 ~(keystone)]# openstack network service list
openstack: 'network service list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?network agent add networknetwork agent add routernetwork agent deletenetwork agent listnetwork agent remove networknetwork agent remove routernetwork agent setnetwork agent shownetwork auto allocated topology createnetwork auto allocated topology deletenetwork createnetwork deletenetwork flavor add profilenetwork flavor createnetwork flavor deletenetwork flavor listnetwork flavor profile createnetwork flavor profile deletenetwork flavor profile listnetwork flavor profile setnetwork flavor profile shownetwork flavor remove profilenetwork flavor setnetwork flavor shownetwork listnetwork log createnetwork log deletenetwork log listnetwork log setnetwork log shownetwork loggable resources listnetwork meter createnetwork meter deletenetwork meter listnetwork meter rule createnetwork meter rule deletenetwork meter rule listnetwork meter rule shownetwork meter shownetwork qos policy createnetwork qos policy deletenetwork qos policy listnetwork qos policy setnetwork qos policy shownetwork qos rule createnetwork qos rule deletenetwork qos rule listnetwork qos rule setnetwork qos rule shownetwork qos rule type listnetwork qos rule type shownetwork rbac createnetwork rbac deletenetwork rbac listnetwork rbac setnetwork rbac shownetwork segment createnetwork segment deletenetwork segment listnetwork segment setnetwork segment shownetwork service provider listnetwork setnetwork shownetwork subport listnetwork trunk createnetwork trunk deletenetwork trunk listnetwork trunk setnetwork trunk shownetwork trunk unsetnetwork unsetendpoint add projectendpoint createendpoint deleteendpoint listendpoint remove projectendpoint setendpoint show在网络节点[srv3]配置Neutron
1) 安装Neurton
[root@srv3 ~]# yum --enablerepo=centos-openstack-queens,epel install \
openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs -y如果出现以下错误可以去别的有pki下这个rpm包传过来
获取 GPG 密钥失败:[Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud"
[root@srv1 ~(keystone)]# scp /etc/pki/rpm-gpg/* srv3:/etc/pki/rpm-gpg/2) 配置Neurton
[root@srv3 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv3 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = Truetransport_url = rabbit://openstack:password@192.168.1.101[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword[oslo_concurrency]
lock_path = $state_path/lock[root@srv3 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv3 ~]# chgrp neutron /etc/neutron/neutron.conf3) 配置L3
[root@srv3 ~]# vim /etc/neutron/l3_agent.ini
添加如下内容16 interface_driver = openvswitch4) 配置dhcp_agent
[root@srv3 ~]# vim /etc/neutron/dhcp_agent.ini
添加如下内容16 interface_driver = openvswitch28 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq37 enable_isolated_metadata = true5) 配置metadata_agent
[root@srv3 ~]# vim /etc/neutron/metadata_agent.ini22 nova_metadata_host = 192.168.1.10134 metadata_proxy_shared_secret = qyy_openstack
260 memcache_servers = 192.168.1.101:112116) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,添加所支持的驱动及相关信息
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security7) 配置OVS
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行,如下内容
[securitygroup]
313 firewall_driver = openvswitch
318 enable_security_group = true
322 enable_ipset = true8) 启动Neutron服务
[root@srv3 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@srv3 ~]# systemctl enable --now openvswitch
[root@srv3 ~]# ovs-vsctl add-br br-int
[root@srv3 ~]# systemctl enable --now neutron-dhcp-agent neutron-l3-agent \
neutron-metadata-agent neutron-openvswitch-agent
计算节点配置Neutron
1) 安装Neutron组件
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y[root@srv2 ~]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv2 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
allow_overlapping_ips = Truetransport_url = rabbit://openstack:password@192.168.1.101[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword[oslo_concurrency]
lock_path = $state_path/lock[root@srv2 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv2 ~]# chgrp neutron /etc/neutron/neutron.conf3) 配置ML2
[root@srv2 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行添加如下内容
[ml2]
type_drivers = flat,vlan,gre,vxlan
tenant_network_types =
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security4) 配置ovs
[root@srv2 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行添加如下内容
[securitygroup]
firewall_driver = openvswitch
enable_security_group = true
enable_ipset = true5) 配置nova
[root@node2 ~]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段添加如下内容
......
......
......
......
......
......use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_is_fatal = True
vif_plugging_timeout = 300......
......
......
......
......
......# 于文件尾部,添加如下内容
[neutron]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack6) 启动Neutron服务
[root@node2 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node2 ~]# systemctl enable --now openvswitch
[root@node2 ~]# ovs-vsctl add-br br-int
[root@node2 ~]# systemctl restart openstack-nova-compute
[root@node2 ~]# systemctl enable --now neutron-openvswitch-agent[root@srv1 images(keystone)]# openstack network agent list -c Host -c Alive -c "Agent Type"
+--------------------+------+-------+
| Agent Type | Host | Alive |
+--------------------+------+-------+
| DHCP agent | srv3 | :-) |
| Open vSwitch agent | srv2 | :-) |
| Metadata agent | srv1 | :-) |
| Metadata agent | srv3 | :-) |
| Open vSwitch agent | srv1 | :-) |
| Open vSwitch agent | srv3 | :-) |
| L3 agent | srv3 | :-) |
+--------------------+------+-------+
[root@srv1 images(keystone)]# openstack network agent list
+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
| 378d182f-f976-4609-ad1c-c1487eeac103 | DHCP agent | srv3 | nova | :-) | UP | neutron-dhcp-agent |
| 6d88efa6-8fd0-4be8-9c45-fa18f724ad3a | Open vSwitch agent | srv2 | None | :-) | UP | neutron-openvswitch-agent |
| 8a74f15b-c8c5-42c8-8ffd-86f433b7ba67 | Metadata agent | srv1 | None | :-) | UP | neutron-metadata-agent |
| 8f7f1797-08ac-440e-9204-4c7a5f15c523 | Metadata agent | srv3 | None | :-) | UP | neutron-metadata-agent |
| 9ea6d811-9170-45c4-a236-b40bd1e37947 | Open vSwitch agent | srv1 | None | :-) | UP | neutron-openvswitch-agent |
| bb26e088-62a1-4b07-9858-247b187e4c54 | Open vSwitch agent | srv3 | None | :-) | UP | neutron-openvswitch-agent |
| f1f8a9a8-c482-4695-a2d4-eff548662efb | L3 agent | srv3 | nova | :-) | UP | neutron-l3-agent |
+--------------------------------------+--------------------+------+-------------------+-------+-------+---------------------------+
Openstack配置手册-Neutron网络实现
更改Network节点的配置
srv3
2) 更改Network节点的配置
(1) 添加桥接设备
[root@srv3 ~]# ovs-vsctl add-br br0
[root@srv3 ~]# ovs-vsctl add-port br0 ens37(2) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于181行,添加如下内容
[ml2_type_flat]
flat_networks = physnet1(3) 配置ovs_agent
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于194行,添加如下内容
[ovs]
bridge_mappings = physnet1:br0[root@node3 ~]# systemctl restart neutron-openvswitch-agent3) 更改Nova Compute节点的配置
(1) 添加桥接设备
[root@srv3 ~]# ovs-vsctl add-br br0
[root@srv3 ~]# ovs-vsctl add-port br0 ens37(2) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于181行,添加如下内容
[ml2_type_flat]
flat_networks = physnet1(3) 配置ovs_agent
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于194行,添加如下内容
[ovs]
bridge_mappings = physnet1:br0[root@srv3 ~]# systemctl restart neutron-openvswitch-agent
