openstack pike安装

节点规划

准备4台虚机,分别做Controller,Network,Compute,Middleware。
Controller安装keystone,glance,nova-api,nova-conductor,nova-scheduler,nova-placement
Network安装neutron相关组件
Compute安装nova-compute
Middleware安装mariadb,rabbitmq,memcache。

网络规划

controller
eth0: 192.168.100.111 external
eth1: 10.1.1.1 admim
network
eth0: 192.168.100.114 external
eth1: 10.1.1.4 admin
eth2: 10.2.2.4 tunnel
compute
eth0: 192.168.100.112 external
eth1: 10.1.1.2 admin
eth2: 10.2.2.2 tunnel
middleware (mysql,mq,memcache)
eth1: 10.1.1.3 admin

基础配置

每个节点都按如下操作
hosts文件
echo "
10.1.1.1 controller
10.1.1.2 compute
10.1.1.3 middleware
10.1.1.4 network
" >>/etc/hosts
配置yum源
yum install -y wget
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install centos-release-openstack-pike -y
yum clean all && yum makecache
时间同步
echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com &> /dev/null" > /tmp/crontab
crontab /tmp/crontab

Middleware节点

安装数据库
yum install -y mariadb-server
systemctl restart mariadb.service
systemctl enable mariadb.service
安装rabbitmq
yum install -y erlang rabbitmq-server
systemctl restart rabbitmq-server
systemctl enable rabbitmq-server
创建openstack用户,并设置密码
rabbitmqctl add_user openstack 123456
给openstack用户赋予权限
rabbitmqctl set_permissions openstack "." "." "."
rabbitmqctl set_user_tags openstack administrator
rabbitmqctl list_users
打开RabbitMQ相关插件
/usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent
查看RabbitMQ插件
/usr/lib/rabbitmq/bin/rabbitmq-plugins list
安装memcached
yum install -y memcached python-memcached
配置memcache监听端口
sed -i 's/OPTIONS
.*/OPTIONS="-l 127.0.0.1,10.1.1.3"/' /etc/sysconfig/memcached
重启memcache并设置开机启动
systemctl restart memcached.service
systemctl enable memcached.service
systemctl status memcached.service

Controller节点

安装keystone

yum -y install openstack-keystone httpd mod_wsgi python-openstackclient openstack-utils
创建keystone库,并给keystone用户授权
create database keystone;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by '123456';
grant all privileges on keystone.* to 'keystone'@'%' identified by '123456';
配置/etc/keystone/keystone.conf
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
> /etc/keystone/keystone.conf

 openstack-config --set /etc/keystone/keystone.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:123456@middleware/keystone
 openstack-config --set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
 openstack-config --set /etc/keystone/keystone.conf cache enabled true
 openstack-config --set /etc/keystone/keystone.conf cache memcache_servers middleware:11211
 openstack-config --set /etc/keystone/keystone.conf memcache servers middleware:11211
 openstack-config --set /etc/keystone/keystone.conf token expiration 3600
 openstack-config --set /etc/keystone/keystone.conf token provider fernet

配置httpd.conf文件
sed -i "s/ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf
配置keystone与httpd结合
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
建立identity表结构
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
启动httpd,并设置httpd开机启动
systemctl enable httpd.service
systemctl restart httpd.service
systemctl status httpd.service
创建admin用户角色

keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3 --bootstrap-internal-url http://controller:35357/v3 --bootstrap-public-url http://controller:5000/v3 --bootstrap-region-id RegionOne --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone

验证

openstack project list --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url http://controller:5000 --os-password 123456

创建admin用户环境变量,创建/root/admin-openrc 文件
cat >> /root/admin-openrc <<EOF
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_DOMAIN_ID=default
export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_PASSWORD=123456
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_AUTH_URL=http://controller:35357/v3
EOF
创建service项目
source /root/admin-openrc
openstack project create --domain default --description "Service Project" service
创建demo项目
openstack project create --domain default --description "Demo Project" demo
创建demo用户,并设置密码
openstack user create --domain default demo --password 123456
创建user角色并将demo用户赋予user角色
openstack role create user
openstack role add --project demo --user demo user
验证keystone

unset OS_TOKEN  OS_URL
openstack --os-auth-url http://controller:35357/v3  --os-project-domain-name default --os-user-domain-name default   --os-project-name admin --os-username admin token issue --os-password 123456
openstack --os-auth-url http://controller:5000/v3   --os-project-domain-name default --os-user-domain-name default   --os-project-name demo --os-username demo token issue --os-password 123456

安装glance

创建glance数据库
CREATE DATABASE glance;
创建数据库用户并赋予权限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
创建glance用户及赋予admin权限
source /root/admin-openrc
openstack user create --domain default glance --password 123456
openstack role add --project service --user glance admin
创建image服务
openstack service create --name glance --description "OpenStack Image service" image
创建glance的endpoint
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
安装glance相关的软件包
yum install -y openstack-glance python-glance
配置/etc/glance/glance-api.conf
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
>/etc/glance/glance-api.conf

 openstack-config --set  /etc/glance/glance-api.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set  /etc/glance/glance-api.conf database connection  mysql+pymysql://glance:123456@middleware/glance
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_uri  http://controller:5000
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_url  http://controller:35357
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken memcached_servers  middleware:11211
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_type  password
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_domain_name  default
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken user_domain_name   default  
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_name  service
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken username  glance
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken password  123456
 openstack-config --set  /etc/glance/glance-api.conf paste_deploy flavor  keystone
 openstack-config --set  /etc/glance/glance-api.conf glance_store stores  file,http
 openstack-config --set  /etc/glance/glance-api.conf glance_store default_store  file
 openstack-config --set  /etc/glance/glance-api.conf glance_store filesystem_store_datadir  /var/lib/glance/images/

配置/etc/glance/glance-registry.conf
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
>/etc/glance/glance-registry.conf

 openstack-config --set  /etc/glance/glance-registry.conf DEFAULT transport_url rabbit://openstack:devops@middleware
 openstack-config --set  /etc/glance/glance-registry.conf database connection  mysql+pymysql://glance:123456@middleware/glance
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_uri  http://controller:5000
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_url  http://controller:35357
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken memcached_servers  middleware:11211  
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_type  password
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_domain_name  default
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken user_domain_name  default
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_name  service
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken username  glance
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken password 123456
 openstack-config --set  /etc/glance/glance-registry.conf paste_deploy flavor  keystone

同步glance数据库,初始化glance表结构
/bin/sh -c "glance-manage db_sync" glance
创建镜像存储目录并赋予glance用户和组权限
mkdir /var/lib/glance/images
chown glance.glance /var/lib/glance/images
chown glance.glance /var/log/glance/api.log
启动glance服务及设置开机启动
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
下载测试镜像文件
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
上传镜像到glance
source /root/admin-openrc

glance image-create --name "cirros-0.3.4-x86_64" --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare --visibility public --progress

查看镜像列表:
glance image-list

安装nova (controller部分)

创建数据库
create database nova;
create database nova_api;
create database nova_cell0;
数据库授权
grant all privileges on nova.* to nova@'localhost' identified by '123456';
grant all privileges on nova.* to nova@'%' identified by '123456';
grant all privileges on nova_api.* to nova@'localhost' identified by '123456';
grant all privileges on nova_api.* to nova@'%' identified by '123456';
grant all privileges on nova_cell0.* to nova@'%' identified by '123456';
grant all privileges on nova_cell0.* to nova@'localhost' identified by '123456';
source admin-openrc
创建用户,分配角色
openstack user create --domain default nova --password 123456
openstack role add --project service --user nova admin
创建compute服务
openstack service create --name nova --description "OpenStack Compute" compute
创建endpoint
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s
创建placement 用户和服务
openstack user create --domain default placement --password 123456
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
创建placement endpoint
openstack endpoint create --region RegionOne placement admin http://controller:8778
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
安装nova相关软件
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
配置/etc/nova/nova.conf
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
>/etc/nova/nova.conf

openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.1.1.1
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:123456@middleware/nova
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:123456@middleware/nova_api
openstack-config --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval -1
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 123456
openstack-config --set /etc/nova/nova.conf keystone_authtoken service_token_roles_required True
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf placement memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password 123456
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 192.168.100.111
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 192.168.100.111
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

配置/etc/httpd/conf.d/00-nova-placement-api.conf
添加:
<Directory /usr/bin>
  <IfVersion >= 2.4>
    Require all granted
  </IfVersion>
  <IfVersion < 2.4>
    Order allow,deny
    Allow from all
  </IfVersion>
</Directory>
像下面这样

<VirtualHost *:8778>
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
  WSGIScriptAlias / /usr/bin/nova-placement-api
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  ErrorLog /var/log/nova/nova-placement-api.log
  <Directory /usr/bin>
    <IfVersion >= 2.4>
      Require all granted
    </IfVersion>
    <IfVersion < 2.4>
      Order allow,deny
      Allow from all
    </IfVersion>
  </Directory>
  SSLEngine On
  SSLCertificateFile ...
  SSLCertificateKeyFile ...
</VirtualHost>

重启httpd 服务:
systemctl restart httpd.service
同步nova_api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
同步nova_cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
创建cell1
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
确认ova cell0 和 cell1注册和创建成功
nova-manage cell_v2 list_cells
检查部署是否正常
nova-status upgrade check
nova-manage cell_v2 discover_hosts
设置开机启动
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
重启服务
systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

安装Dashboard

安装dashboard相关软件包
yum install -y openstack-dashboard
修改配置文件/etc/openstack-dashboard/local_settings
vim /etc/openstack-dashboard/local_settings
需要该的部分
ALLOWED_HOSTS = ['*',]

CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'middleware:11211',
},
}

OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

启动dashboard服务并设置开机启动
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service

Network节点

创建neutron数据库
create database neutron;
数据库授权
grant all privileges on neutron.* to neutron@'localhost' identified by '123456';
grant all privileges on neutron.* to neutron@'%' identified by '123456';
创建用户
openstack user create --domain default neutron --password 123456
给用户分配角色
openstack role add --project service --user neutron admin
创建服务
openstack service create --name neutron --description "OpenStack Networking" network
创建端点
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
安装相关软件
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
配置neutron.conf
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
>/etc/neutron/neutron.conf

 openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
 openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
 openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
 openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
 openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
 openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers middleware:11211
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 123456
 openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:123456@middleware/neutron
 openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
 openstack-config --set /etc/neutron/neutron.conf nova auth_type password
 openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
 openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
 openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
 openstack-config --set /etc/neutron/neutron.conf nova project_name service
 openstack-config --set /etc/neutron/neutron.conf nova username nova
 openstack-config --set /etc/neutron/neutron.conf nova password 123456
 openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

配置ml2_config.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
>/etc/neutron/plugins/ml2/ml2_conf.ini

 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 path_mtu 1500
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  provider
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges  1:1000
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True

cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan  local_ip  10.2.2.4
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population  True
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  agent  prevent_arp_spoofing  True
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  securitygroup  enable_security_group  True
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

注意provider:eth0,中eth0是外网网卡,一般这里写的网卡名都是能访问外网的,如果不是外网网卡,那么VM就会与外界网络隔离。
local_ip 定义的是隧道网络,vxLan下 vm-linuxbridge->vxlan ------tun-----vxlan->linuxbridge-vm

配置 /etc/neutron/l3_agent.ini
cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
>/etc/neutron/l3_agent.ini

 openstack-config --set  /etc/neutron/l3_agent.ini  DEFAULT  interface_driver  neutron.agent.linux.interface.BridgeInterfaceDriver
 openstack-config --set  /etc/neutron/l3_agent.ini  DEFAULT  external_network_bridge
 openstack-config --set  /etc/neutron/l3_agent.ini  DEFAULT  debug false

配置/etc/neutron/dhcp_agent.ini
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
>/etc/neutron/dhcp_agent.ini

 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT  interface_driver  neutron.agent.linux.interface.BridgeInterfaceDriver
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT enable_isolated_metadata True
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT verbose True
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT debug false

配置controller节点的/etc/nova/nova.conf,让compute节点能使用上neutron网络

 openstack-config --set  /etc/nova/nova.conf  neutron url  http://network:9696
 openstack-config --set  /etc/nova/nova.conf  neutron auth_url  http://controller:35357
 openstack-config --set  /etc/nova/nova.conf  neutron auth_type  password
 openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name  default
 openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name  default
 openstack-config --set  /etc/nova/nova.conf  neutron region_name  RegionOne
 openstack-config --set  /etc/nova/nova.conf  neutron project_name service
 openstack-config --set  /etc/nova/nova.conf  neutron username  neutron
 openstack-config --set  /etc/nova/nova.conf  neutron password  123456
 openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy  True
 openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret  123456

将dhcp-option-force=26,1450写入/etc/neutron/dnsmasq-neutron.conf
echo "dhcp-option-force=26,1450" >/etc/neutron/dnsmasq-neutron.conf
配置/etc/neutron/metadata_agent.ini
cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
>/etc/neutron/metadata_agent.ini

openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT nova_metadata_ip controller
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT metadata_proxy_shared_secret 123456
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT metadata_workers 4
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT verbose  True
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT debug false
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT nova_metadata_protocol http

创建硬链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步数据库,初始化neutron表结构
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
在controller上重启nova服务
systemctl restart openstack-nova-api.service
systemctl status openstack-nova-api.service
重启neutron服务并设置开机启动
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

openstack network agent list
创建网络
执行环境变量
source /root/admin-openrc
创建flat模式的public网络,public是外出网络,必须是flat模式的
neutron net-create --shared provider --router:external True --provider:network_type flat --provider:physical_network provider
本实验环境192.168.100.0/24网段可以出外网,就以该网段作为public网段
创建子网
neutron subnet-create provider 192.168.100.0/24 --name provider-sub --allocation-pool start=192.168.100.180,end=192.168.100.190 --dns-nameserver 8.8.8.8 --gateway 192.168.100.180
创建名为private的私有网络, 网络模式为vxlan
neutron net-create private --provider:network_type vxlan --router:external False --shared
创建名为private-subnet的私有网络子网,网段为172.17.1.0, 这个网段就是虚拟机获取的私有的IP地址
neutron subnet-create private --name private-subnet --gateway 172.17.1.1 172.17.1.0/24
也可以创建多个不同的私有子网络
如果虚机要能够访问外部网络还需要添加路由
添加路由
neutron router-create router01
将私有网络的子网加入路由
neutron router-interface-add router01 private-sub
设置public网络为路由的网关
neutron router-gateway-set router01 provider

Compute节点

安装相关依赖包
yum install -y openstack-selinux python-openstackclient yum-plugin-priorities openstack-nova-compute openstack-utils
配置nova.conf
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
>/etc/nova/nova.conf

 openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy  keystone
 openstack-config --set /etc/nova/nova.conf DEFAULT my_ip  10.1.1.2
 openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron  True
 openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
 openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  auth_uri  http://controller:5000
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  auth_url  http://controller:35357
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  memcached_servers  middleware:11211
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  auth_type  password
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  project_domain_name  default
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  user_domain_name  default
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  project_name  service
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  username  nova
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  password 123456
 openstack-config --set /etc/nova/nova.conf placement auth_uri http://controller:5000
 openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:35357
 openstack-config --set /etc/nova/nova.conf placement memcached_servers middleware:11211
 openstack-config --set /etc/nova/nova.conf placement auth_type password
 openstack-config --set /etc/nova/nova.conf placement project_domain_name default
 openstack-config --set /etc/nova/nova.conf placement user_domain_name default
 openstack-config --set /etc/nova/nova.conf placement project_name service
 openstack-config --set /etc/nova/nova.conf placement username placement
 openstack-config --set /etc/nova/nova.conf placement password 123456
 openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
 openstack-config --set /etc/nova/nova.conf vnc enabled True
 openstack-config --set /etc/nova/nova.conf vnc keymap en-us
 openstack-config --set /etc/nova/nova.conf vnc vncserver_listen  0.0.0.0
 openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address  10.1.1.2
 openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url  http://192.168.100.112:6080/vnc_auto.html
 openstack-config --set /etc/nova/nova.conf glance  api_servers  http://controller:9292
 openstack-config --set /etc/nova/nova.conf oslo_concurrency  lock_path  /var/lib/nova/tmp
 openstack-config --set /etc/nova/nova.conf libvirt virt_type  qemu
 openstack-config --set /etc/nova/nova.conf libvirt cpu_mode none

设置libvirtd.service 和openstack-nova-compute.service开机启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
到controller上执行验证
source /root/admin-openrc
openstack compute service list
安装Neutron
安装相关软件包
yum install -y openstack-neutron-linuxbridge ebtables ipset
配置neutron.conf
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
>/etc/neutron/neutron.conf

 openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT advertise_mtu True
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT dhcp_agents_per_network 2
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT control_exchange neutron
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_uri  http://controller:5000
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://controller:35357
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  middleware:11211
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name  default
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  123456
 openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency  lock_path  /var/lib/neutron/tmp

配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
>/etc/neutron/plugins/ml2/linuxbridge_agent.ini

 openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
 openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT verbose true
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan  enable_vxlan  True
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan  local_ip  10.2.2.2
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population  True
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

配置nova.conf

 openstack-config --set  /etc/nova/nova.conf neutron url  http://network:9696
 openstack-config --set  /etc/nova/nova.conf neutron auth_url  http://controller:35357
 openstack-config --set  /etc/nova/nova.conf neutron auth_type  password
 openstack-config --set  /etc/nova/nova.conf neutron project_domain_name  default
 openstack-config --set  /etc/nova/nova.conf neutron user_domain_name  default
 openstack-config --set  /etc/nova/nova.conf neutron region_name  RegionOne
 openstack-config --set  /etc/nova/nova.conf neutron project_name  service
 openstack-config --set  /etc/nova/nova.conf neutron username  neutron
 openstack-config --set  /etc/nova/nova.conf neutron password  123456

重启和相关服务
systemctl restart openstack-nova-compute.service neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service

Compute节点搭建完毕,运行nova host-list可以查看新加入的compute节点
如果需要再添加另外一个compute节点,只要重复下Compute节点部部分即可,计算机名和IP地址改下
创建配额命令controller上执行
openstack flavor create m1.tiny --id 1 --ram 1024 --disk 10 --vcpus 1
openstack flavor create m1.small --id 2 --ram 2048 --disk 20 --vcpus 1
openstack flavor create m1.medium --id 3 --ram 4096 --disk 40 --vcpus 2
openstack flavor create m1.large --id 4 --ram 8192 --disk 80 --vcpus 4
openstack flavor create m1.xlarge --id 5 --ram 16384 --disk 160 --vcpus 8
openstack flavor list
登录dashboard
http://192.168.100.111/dashboard


创建实例

一次选择“源”->"实例类型"->"网络" 点击创建实例
创建一个名为test的实例,上图中的test1是为了验证创建过程新建的实例,test是已经创建的实例

实例有了,也分配了IP,此时的实例就可以出外网了,因为前面已经创建了provider网络,但外网还是不能进来,因为没有绑定浮动IP。
分配floatingip

浮动IP关联


创建安全组


验证


最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 212,332评论 6 493
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 90,508评论 3 385
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 157,812评论 0 348
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 56,607评论 1 284
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 65,728评论 6 386
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 49,919评论 1 290
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,071评论 3 410
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 37,802评论 0 268
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 44,256评论 1 303
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 36,576评论 2 327
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 38,712评论 1 341
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 34,389评论 4 332
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,032评论 3 316
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 30,798评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,026评论 1 266
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 46,473评论 2 360
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 43,606评论 2 350

推荐阅读更多精彩内容