OpenStack简介:
OpenStack是一个开源的云计算管理平台项目,是一系列软件开源项目的组合,它不是一个软件。由NASA(美国国家航空航天局)和Rackspace合作研发并发起,以Apache许可证(Apache软件基金会发布的一个自由软件许可证)授权的开源代码项目。
OpenStack为私有云和公有云提供可扩展的弹性的云计算服务。项目目标是提供实施简单、可大规模扩展、丰富、标准统一的云计算管理平台。
OpenStack包含两个主要模块:Nova和Swift,前者是NASA开发的虚拟服务器部署和业务计算模块;后者是Rackspace开发的分布式云存储模块,两者可以一起用,也可以分开单独用。
Open Stack工作流程
Open Stack的各个服务之间通过统一的REST风格的API调用,实现系统的松耦合。它内部组件的工作过程是一个有序的整体。诸如计算资源分配、控制调度、网络通信等都通过AMQP实现。
使用脚本自动化部署openstack M版
部署openstack 克隆一台openstack模板机:
all-in-one环境
4G内存,
开启虚拟化,
挂载centos7.6的光盘
image
虚拟机开机之后,修改ip地址为10.0.0.11
上传脚本
openstack-mitaka-autoinstall.sh到/root目录
上传镜像:
cirros-0.3.4-x86_64-disk.img到/root目录
上传配置文件:
local_settings到/root目录
上传openstack_rpm.tar.gz到/root下
tar xf openstack_rpm.tar.gz -C /opt/
sh /root/openstack-mitaka-autoinstall.sh 大概10-30分钟左右
访问http://10.0.0.11/dashboard
域:default
用户名:admin
密码:ADMIN_PASS
注意: 在windows系统上修改host解析(10.0.0.11 controller)
添加node节点: 修改ip地址 hostnamectl set-hostname compute1 重新登
录让新主机名生效 上传openstack_rpm.tar.gz到/root下,
tar xf openstack_rpm.tar.gz -C /opt/
上传脚本 openstack_node_autoinstall.sh
修改脚本中的Hostname主机名
sh openstack_node_autoinstall.sh
openstack controller主控制节点,node节点, kvm宿主机
node节点, kvm宿主机
node节点, kvm宿主机
node节点, kvm宿主机
=======一步一步部署一个openstack集群========
openstack基础架构
image
准备环境
image
注意:主机之间相互host解析
时间同步
#服务端,controller节点
vim /etc/chrony.conf
allow 10.0.0.0/24
systemctl restart chronyd
#客户端,compute1节点
vim /etc/chrony.conf
server 10.0.0.11 iburst
systemctl restart chronyd
验证:同时执行date
配置yum源,并安装客户端
#所有节点
#配置过程:
cd /opt/
rz -E
tar xf openstack_ocata_rpm.tar.gz
cd /etc/yum.repos.d/
mv *.repo /tmp
mv /tmp/CentOS-Base.repo .
vi openstack.repo
[openstack]
name=openstack
baseurl=file:///opt/repo
enable=1
gpgcheck=0
#验证:
yum clean all
yum install python-openstackclient -y
安装数据库
#控制节点
yum install mariadb mariadb-server python2-PyMySQL -y
openstack所有组件使用python开发,openstack在连接数据库需要用到python2-PyMySQL模块
#修改mariadb配置文件
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.0.0.11
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
#启动数据库
systemctl start mariadb
systemctl enable mariadb
#数据库安全初始化
mysql_secure_installation
回车
n
一路y
安装消息队列rabbitmq
#控制节点
#安装消息队列
yum install rabbitmq-server
#启动rabbitmq
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service
#在rabbitmq创建用户
rabbitmqctl add_user openstack 123456
#为刚创建的openstack授权
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装memcache缓存
#控制节点
#安装memcache
yum install memcached python-memcached -y
##python-memcached是python连接memcache的模块插件
#配置
vim /etc/sysconfig/memcached
##修改最后一行
OPTIONS="-l 0.0.0.0"
#启动服务
systemctl start memcached
systemctl enable memcached
安装keystone服务
1 #创库授权
2 ##登录mysql
3 CREATE DATABASE keystone;
4 GRANT ALL PRIVILEGES ON keystone.* TO
'keystone'@'localhost' IDENTIFIED BY '123456';
5 GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'
IDENTIFIED BY '123456';
6 #安装keystone服务
7 yum install openstack-keystone httpd mod_wsgi -y
8 ##httpd配合mod_wsgi插件调用python项目
9 #修改keystone配置文件
10 cp /etc/keystone/keystone.conf{,.bak}
11 grep -Ev '^$|#' /etc/keystone/keystone.conf.bak
>/etc/keystone/keystone.conf
12 #完整配置文件如下:
13 [root@controller ~]# vi /etc/keystone/keystone.conf
14 [DEFAULT]
15 [assignment]
16 [auth]
17 [cache]
18 [catalog]
19 [cors]
20 [cors.subdomain]
21 [credential]
22 [database]
23 connection =
mysql+pymysql://keystone:123456@controller/keystone
24 [domain_config]
25 [endpoint_filter]
26 [endpoint_policy]
27 [eventlet_server]
28 [federation]
29 [fernet_tokens]
30 [healthcheck]
31 [identity]
32 [identity_mapping]
33 [kvs]
34 [ldap]
35 [matchmaker_redis]
36 [memcache]
37 [oauth1]
38 [oslo_messaging_amqp]
39 [oslo_messaging_kafka]
40 [oslo_messaging_notifications]
41 [oslo_messaging_rabbit]
42 [oslo_messaging_zmq]
43 [oslo_middleware]
44 [oslo_policy]
45 [paste_deploy]
46 [policy]
47 [profiler]
48 [resource]
49 [revoke]
50 [role]
51 [saml]
52 [security_compliance]
53 [shadow_users]
54 [signing]
55 [token]
56 provider = fernet
57 [tokenless_auth]
58 [trust]
校验md5
60 md5sum /etc/keystone/keystone.conf
61 85d8b59cce0e4bd307be15ffa4c0cbd6 /etc/keystone/keystone.conf
同步数据库
63 su -s /bin/sh -c "keystone-manage db_sync" keystone
切到普通用户下,使用指定的shell执行某一条命令
检查数据是否同步成功
66 mysql keystone -e 'show tables;'|wc -l
初始化令牌凭据
68 keystone-manage fernet_setup --keystone-user keystone
--keystone-group keystone
69 keystone-manage credential_setup --keystone-user
keystone --keystone-group keystone
70 #初始化keystone身份认证服务
71 keystone-manage bootstrap --bootstrap-password 123456
\
72 --bootstrap-admin-url http://controller:35357/v3/ \
73 --bootstrap-internal-url http://controller:5000/v3/
\
74 --bootstrap-public-url http://controller:5000/v3/ \
75 --bootstrap-region-id RegionOne
76 #配置httpd
77 #小优化
78 echo "ServerName controller"
>>/etc/httpd/conf/httpd.conf
79 #在httpd下添加keystone站点配置文件
80 ln -s /usr/share/keystone/wsgi-keystone.conf
/etc/httpd/conf.d/
81 #启动httpd等效于keystone
82 systemctl start httpd
83 systemctl enable httpd
84 #声明环境变量
85 export OS_USERNAME=admin
86 export OS_PASSWORD=123456
87 export OS_PROJECT_NAME=admin
88 export OS_USER_DOMAIN_NAME=Default
89 export OS_PROJECT_DOMAIN_NAME=Default
90 export OS_AUTH_URL=http://controller:35357/v3
91 export OS_IDENTITY_API_VERSION=3
92 #验证keystone是否正常
93 openstack user list
94 #创建service的项目
安装glance服务
功能:管理镜像模板机
1:创库授权
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO
'glance'@'localhost' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '123456'; 2:keystone上创建用户,关联角色
openstack user create --domain default --password
123456 glance
openstack role add --project service --user glance
admin
3:keystone上创建服务,注册api地址
openstack service create --name glance \
--description "OpenStack Image" image
openstack endpoint create --region RegionOne \
123456789
10
11
12
13
14
15
16 image public http://controller:9292
17 openstack endpoint create --region RegionOne \
18 image internal http://controller:9292
19 openstack endpoint create --region RegionOne \
20 image admin http://controller:9292
21
22 4:安装服务软件包
23 yum install openstack-glance -y
24
25 5:修改配置文件(连接数据库,keystone授权)
26 ##glance-api 上传下载删除
27 ##glance-registry 修改镜像的属性 x86 根分区大小
28 #修改glance-api配置文件
29 cp /etc/glance/glance-api.conf{,.bak}
30 grep -Ev '^$|#' /etc/glance/glance-api.conf.bak
>/etc/glance/glance-api.conf
31 vim /etc/glance/glance-api.conf
32 [DEFAULT]
33 [cors]
34 [cors.subdomain]
35 [database]
36 connection =
mysql+pymysql://glance:123456@controller/glance
37 [glance_store]
38 stores = file,http
39 default_store = file
40 filesystem_store_datadir = /var/lib/glance/images/
41 [image_format]
42 [keystone_authtoken]
43 auth_uri = http://controller:5000
44 auth_url = http://controller:35357
45 memcached_servers = controller:11211
46 auth_type = password
47 project_domain_name = default
48 user_domain_name = default
49 project_name = service
50 username = glance
51 password = 123456
52 [matchmaker_redis]
53 [oslo_concurrency]
54 [oslo_messaging_amqp]
55 [oslo_messaging_kafka]
56 [oslo_messaging_notifications]
57 [oslo_messaging_rabbit]
58 [oslo_messaging_zmq]
59 [oslo_middleware]
60 [oslo_policy]
61 [paste_deploy]
62 flavor = keystone
63 [profiler]
64 [store_type_location_strategy]
65 [task]
66 [taskflow_executor]
67 ##校验
68 md5sum /etc/glance/glance-api.conf
69 a42551f0c7e91e80e0702ff3cd3fc955 /etc/glance/glance�api.conf
70
71 ##修改glance-registry.conf配置文件
72 cp /etc/glance/glance-registry.conf{,.bak}
73 grep -Ev '^$|#' /etc/glance/glance-registry.conf.bak
>/etc/glance/glance-registry.conf
74 vim /etc/glance/glance-registry.conf
75 [DEFAULT]
76 [database]
77 connection =
mysql+pymysql://glance:123456@controller/glance
78 [keystone_authtoken]
79 auth_uri = http://controller:5000
80 auth_url = http://controller:35357
81 memcached_servers = controller:11211
82 auth_type = password
83 project_domain_name = default
84 user_domain_name = default
85 project_name = service
86 username = glance
87 password = 123456
88 [matchmaker_redis]
89 [oslo_messaging_amqp]
90 [oslo_messaging_kafka]
91 [oslo_messaging_notifications]
92 [oslo_messaging_rabbit]
93 [oslo_messaging_zmq]
94 [oslo_policy]
95 [paste_deploy]
96 flavor = keystone
97 [profiler]
98 ##校验
99 md5sum /etc/glance/glance-registry.conf
100 5b28716e936cc7a0ab2a841c914cd080 /etc/glance/glance�registry.conf
101
102 6:同步数据库(创表)
103 su -s /bin/sh -c "glance-manage db_sync" glance
104 mysql glance -e 'show tables;'|wc -l
105 7:启动服务
106 systemctl enable openstack-glance-api.service \
107 openstack-glance-registry.service
108 systemctl start openstack-glance-api.service \
109 openstack-glance-registry.service
110 #验证端口
111 netstat -lntup|grep -E '9191|9292'
8:命令行上传镜像
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img --disk-format qcow2 --container�format bare --public
##验证
ll /var/lib/glance/images/
#或
openstack image list
安装nova服务
控制节点安装nova服务
1:创库授权
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO
'nova'@'localhost' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO
'nova'@'localhost' \
IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY '123456';
2:keystone上创建用户,关联角色
1 openstack user create --domain default --password 123456 nova
2 openstack role add --project service --user nova admin
3 #placement 追踪云主机的资源使用具体情况
4 openstack user create --domain default --password 123456 placement
5 openstack role add --project service --user placement admin
3:keystone上创建服务,http访问地址(api地址)
1 openstack service create --name nova --description "OpenStack Compute" compute
2 openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
3 openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
4 openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
5 openstack service create --name placement --description "Placement API" placement
6 openstack endpoint create --region RegionOne placement public http://controller:8778
7 openstack endpoint create --region RegionOne placement internal http://controller:8778
8 openstack endpoint create --region RegionOne placement admin http://controller:8778
4:安装服务软件包
1 yum install openstack-nova-api openstack-nova-conductor \ 2 openstack-nova-console openstack-nova-novncproxy \
3 openstack-nova-scheduler openstack-nova-placement-api -y
5:修改配置文件(连接数据库,keystone授权)
1 #修改nova配置文件
2 vim /etc/nova/nova.conf
3 [DEFAULT]
4 ##启动nova服务api和metadata的api
5 enabled_apis = osapi_compute,metadata
6 ##连接消息队列rabbitmq
7 transport_url = rabbit://openstack:123456@controller
8 my_ip = 10.0.0.11
9 #启动neutron网络服务,禁用nova内置防火墙
10 use_neutron = True
11 firewall_driver = nova.virt.firewall.NoopFirewallDriver
12 [api]
13 auth_strategy = keystone
14 [api_database]
15 connection = mysql+pymysql://nova:123456@controller/nova_api
16 [barbican]
17 [cache]
18 [cells]
19 [cinder]
20 [cloudpipe]
21 [conductor]
22 [console]
23 [consoleauth]
24 [cors]
25 [cors.subdomain]
26 [crypto]
27 [database]
28 connection = mysql+pymysql://nova:123456@controller/nova
29 [ephemeral_storage_encryption]
30 [filter_scheduler]
31 [glance]
32 api_servers = http://controller:9292
33 [guestfs]
34 [healthcheck]
35 [hyperv]
36 [image_file_url]
37 [ironic]
38 [key_manager]
39 [keystone_authtoken]
40 auth_uri = http://controller:5000
41 auth_url = http://controller:35357
42 memcached_servers = controller:11211
43 auth_type = password
44 project_domain_name = default
45 user_domain_name = default
46 project_name = service
47 username = nova
48 password = 123456
49 [libvirt]
50 [matchmaker_redis]
51 [metrics]
52 [mks]
53 [neutron]
54 [notifications]
55 [osapi_v21]
56 [oslo_concurrency]
57 lock_path = /var/lib/nova/tmp
58 [oslo_messaging_amqp]
59 [oslo_messaging_kafka]
60 [oslo_messaging_notifications]
61 [oslo_messaging_rabbit]
62 [oslo_messaging_zmq]
63 [oslo_middleware]
64 [oslo_policy]
65 [pci]
66 #追踪虚拟机使用资源情况
67 [placement]
68 os_region_name = RegionOne
69 project_domain_name = Default
70 project_name = service
71 auth_type = password
72 user_domain_name = Default
73 auth_url = http://controller:35357/v3
74 username = placement
75 password = 123456
76 [quota]
77 [rdp]
78 [remote_debug]
79 [scheduler]
80 [serial_console]
81 [service_user]
82 [spice]
83 [ssl]
84 [trusted_computing]
85 [upgrade_levels]
86 [vendordata_dynamic_auth]
87 [vmware]
88 #vnc的连接信息
89 [vnc]
90 enabled = true
91 vncserver_listen = $my_ip
92 vncserver_proxyclient_address = $my_ip
93 [workarounds]
94 [wsgi]
95 [xenserver]
96 [xvp]
97 #修改httpd配置文件
98 vi /etc/httpd/conf.d/00-nova-placement-api.conf
99 在16行</VirtualHost>这一行上面增加以下内容
100 <Directory /usr/bin>
101 <IfVersion >= 2.4>
102 Require all granted
103 </IfVersion>
104 <IfVersion < 2.4>
105 Order allow,deny
106 Allow from all
107 </IfVersion>
108 </Directory>
109 #重启httpd
110 systemctl restart httpd
6:同步数据库(创表)
1 su -s /bin/sh -c "nova-manage api_db sync" nova
2 su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
3 su -s /bin/sh -c "nova-manage cell_v2 create_cell --
name=cell1 --verbose" nova
4 su -s /bin/sh -c "nova-manage db sync" nova
5 #检查
6 nova-manage cell_v2 list_cells
7:启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova�scheduler.service \
openstack-nova-conductor.service openstack-nova�novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova�scheduler.service \
openstack-nova-conductor.service openstack-nova�novncproxy.service
#检查
openstack compute service list
计算节点安装nova服务
1:安装
yum install openstack-nova-compute -y
2:配置
#修改配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123456@controller
my_ip = 10.0.0.31
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[api_database]
[barbican]
[cache]
14 [cells]
15 [cinder]
16 [cloudpipe]
17 [conductor]
18 [console]
19 [consoleauth]
20 [cors]
21 [cors.subdomain]
22 [crypto]
23 [database]
24 [ephemeral_storage_encryption]
25 [filter_scheduler]
26 [glance]
27 api_servers = http://controller:9292
28 [guestfs]
29 [healthcheck]
30 [hyperv]
31 [image_file_url]
32 [ironic]
33 [key_manager]
34 [keystone_authtoken]
35 auth_uri = http://controller:5000
36 auth_url = http://controller:35357
37 memcached_servers = controller:11211
38 auth_type = password
39 project_domain_name = default
40 user_domain_name = default
41 project_name = service
42 username = nova
43 password = 123456
44 [libvirt]
45 [matchmaker_redis]
46 [metrics]
47 [mks]
48 [neutron]
49 [notifications]
50 [osapi_v21]
51 [oslo_concurrency]
52 lock_path = /var/lib/nova/tmp
53 [oslo_messaging_amqp]
54 [oslo_messaging_kafka]
55 [oslo_messaging_notifications]
56 [oslo_messaging_rabbit]
57 [oslo_messaging_zmq]
58 [oslo_middleware]
59 [oslo_policy]
60 [pci]
61 [placement]
62 os_region_name = RegionOne
63 project_domain_name = Default
64 project_name = service
65 auth_type = password
66 user_domain_name = Default
67 auth_url = http://controller:35357/v3
68 username = placement
69 password = 123456
70 [quota]
71 [rdp]
72 [remote_debug]
73 [scheduler]
74 [serial_console]
75 [service_user]
76 [spice]
77 [ssl]
78 [trusted_computing]
79 [upgrade_levels]
80 [vendordata_dynamic_auth]
81 [vmware]
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url =
http://controller:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
3:启动
systemctl start libvirtd openstack-nova-compute.service
systemctl enable libvirtd openstack-nova-compute.service
4:控制节点上验证
openstack compute service list
5:在控制节点上
发现计算节点:
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
安装neutron服务
在控制节点上安装neutron服务
1:创库授权
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url =
http://controller:6080/vnc_auto.html
[workarounds]
[wsgi]
[xenserver]
[xvp]
1 CREATE DATABASE neutron;
2 GRANT ALL PRIVILEGES ON neutron.* TO
'neutron'@'localhost' \
3 IDENTIFIED BY 'NEUTRON_DBPASS'; 4 GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
5 IDENTIFIED BY 'NEUTRON_DBPASS';
2:keystone上创建用户,关联角色
1 openstack user create --domain default --password NEUTRON_PASS neutron
2 openstack role add --project service --user neutron admin
3:keystone上创建服务,http访问地址(api地址)
1 openstack service create --name neutron \
2 --description "OpenStack Networking" network
3 openstack endpoint create --region RegionOne \
4 network public http://controller:9696
5 openstack endpoint create --region RegionOne \
6 network internal http://controller:9696
7 openstack endpoint create --region RegionOne \
8 network admin http://controller:9696
4:安装服务软件包
#选择网络选项1
1 yum install openstack-neutron openstack-neutron-ml2 \
2 openstack-neutron-linuxbridge ebtables -y
5:修改配置文件(连接数据库,keystone授权)
1 #修改neutron.conf
2 vim /etc/neutron/neutron.conf
3 [DEFAULT]
4 core_plugin = ml2
5 service_plugins = 6 transport_url = rabbit://openstack:123456@controller
7 auth_strategy = keystone
8 notify_nova_on_port_status_changes = true
9 notify_nova_on_port_data_changes = true
10 [agent]
11 [cors]
12 [cors.subdomain]
13 [database]
14 connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
15 [keystone_authtoken]
16 auth_uri = http://controller:5000
17 auth_url = http://controller:35357
18 memcached_servers = controller:11211
19 auth_type = password
20 project_domain_name = default
21 user_domain_name = default
22 project_name = service
23 username = neutron
24 password = NEUTRON_PASS
25 [matchmaker_redis]
26 [nova]
27 auth_url = http://controller:35357
28 auth_type = password
29 project_domain_name = default
30 user_domain_name = default
31 region_name = RegionOne
32 project_name = service
33 username = nova
34 password = 123456
35 [oslo_concurrency]
36 lock_path = /var/lib/neutron/tmp
37 [oslo_messaging_amqp]
38 [oslo_messaging_kafka]
39 [oslo_messaging_notifications]
40 [oslo_messaging_rabbit]
41 [oslo_messaging_zmq]
42 [oslo_middleware]
43 [oslo_policy]
44 [qos]
45 [quotas]
46 [ssl]
47 ##修改ml2_conf.ini
48 vim /etc/neutron/plugins/ml2/ml2_conf.ini
49 [DEFAULT]
50 [ml2]
51 type_drivers = flat,vlan
52 tenant_network_types =
53 mechanism_drivers = linuxbridge
54 extension_drivers = port_security
55 [ml2_type_flat]
56 flat_networks = provider
57 [ml2_type_geneve]
58 [ml2_type_gre]
59 [ml2_type_vlan]
60 [ml2_type_vxlan]
61 [securitygroup]
62 enable_ipset = true
63 ##编辑linuxbridge_agent.ini
64 vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
65 [DEFAULT]
66 [agent]
67 [linux_bridge]
68 physical_interface_mappings = provider:eth0
69 [securitygroup]
70 enable_security_group = true
71 firewall_driver =neutron.agent.linux.iptables_firewall.IptablesFirewall Driver
72 [vxlan]
73 enable_vxlan = false
74 ##编辑dhcp_agent.ini
75 vim /etc/neutron/dhcp_agent.ini
76 [DEFAULT]
77 interface_driver = linuxbridge
78 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
79 enable_isolated_metadata = true
80 [agent]
81 [ovs]
82 ##编辑
83 vim /etc/neutron/metadata_agent.ini
84 [DEFAULT]
85 nova_metadata_ip = controller
86 metadata_proxy_shared_secret = METADATA_SECRET
87 [agent]
88 [cache]
89 ####编辑控制节点。nova配置文件
90 vim /etc/nova/nova.conf
91 [neutron]
92 url = http://controller:9696
93 auth_url = http://controller:35357
94 auth_type = password
95 project_domain_name = default
96 user_domain_name = default
97 region_name = RegionOne
98 project_name = service
99 username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
#再次验证控制节点nova配置文件
md5sum /etc/nova/nova.conf
2c5e119c2b8a2f810bf5e0e48c099047 /etc/nova/nova.conf
6:同步数据库(创表)
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage
--config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7:启动服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp�agent.service \
neutron-metadata-agent.service
systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp�agent.service \
neutron-metadata-agent.service
#验证方法
openstack network agent list
在计算节点上安装neutron服务
1:安装
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
#再次验证控制节点nova配置文件
md5sum /etc/nova/nova.conf
2c5e119c2b8a2f810bf5e0e48c099047 /etc/nova/nova.conf
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini
/etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file
/etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini
upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp�agent.service \
neutron-metadata-agent.service
systemctl restart neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp�agent.service \
neutron-metadata-agent.service
#验证方法
openstack network agent list
1 yum install openstack-neutron-linuxbridge ebtables ipset
2:配置
1 #修改neutron.conf
2 vim /etc/neutron/neutron.conf
3 [DEFAULT]
4 transport_url = rabbit://openstack:123456@controller
5 auth_strategy = keystone
6 [agent]
7 [cors]
8 [cors.subdomain]
9 [database]
10 [keystone_authtoken]
11 auth_uri = http://controller:5000
12 auth_url = http://controller:35357
13 memcached_servers = controller:11211
14 auth_type = password
15 project_domain_name = default
16 user_domain_name = default
17 project_name = service
18 username = neutron
19 password = NEUTRON_PASS
20 [matchmaker_redis]
21 [nova]
22 [oslo_concurrency]
23 lock_path = /var/lib/neutron/tmp
24 [oslo_messaging_amqp]
25 [oslo_messaging_kafka]
26 [oslo_messaging_notifications]
27 [oslo_messaging_rabbit]
28 [oslo_messaging_zmq]
29 [oslo_middleware]
30 [oslo_policy]
[qos]
[quotas]
[ssl]
##linux_agent配置文件
scp -rp
10.0.0.11:/etc/neutron/plugins/ml2/linuxbridge_agent.in
i /etc/neutron/plugins/ml2/linuxbridge_agent.ini
##在计算节点上,再次修改nova.conf
vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
#校验
md5sum /etc/nova/nova.conf
91cc8aa0f7e33d7b824301cc894e90f1 /etc/nova/nova.conf
3:启动
systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
安装dashboard服务
计算节点安装dashboard
1:安装
yum install openstack-dashboard -y
2:配置
rz local_settings
cat local_settings >/etc/openstack-dashboard/local_settings
3:启动
systemctl start httpd
4: 访问dashboard
访问:http://10.0.0.31/dashboard
启动一台云主机
#创建网络
neutron net-create --shared --
provider:physical_network provider --
provider:network_type flat WAN
neutron subnet-create --name subnet-wan --allocation�pool \
start=10.0.0.100,end=10.0.0.200 --dns-nameserver
223.5.5.5 \
--gateway 10.0.0.254 WAN 10.0.0.0/24
#创建硬件配置方案
openstack flavor create --id 0 --vcpus 1 --ram 64 --
disk 1 m1.nano
#上传秘钥对
ssh-keygen -q -N "" -f ~/.ssh/id_rsa
openstack keypair create --public-key
~/.ssh/id_rsa.pub mykey
#安全组开放ping和ssh
openstack security group rule create --proto icmp
default
openstack security group rule create --proto tcp --
dst-port 22 default
