注:本篇文章根据openstack官网进行编写,编写不易。有兴趣的可以直接去官网进行搭建
一、准备环境
01-基础环境
#本次测试为双网卡(都为net模式)和双节点部署,根据自己实际情况进行更改
controller
eth33 192.168.200.10
eth34 none
compute
eth33 192.168.200.20
eth34 none
主机名 | ip地址 | 系统版本 |
controller | 192.168.200.10 | centos7.5.1804 |
compute | 192.168.200.20 | centos7.5.1804 |
02-host解析(控制,计算)
配置网卡后
[root@controller ~]# cat /etc/hosts
192.168.200.10 controller
192.168.200.20 compute
scp /etc/hosts 192.168.200.20:/etc/hosts
03-关闭防火墙和selinux(控制,计算)
##########controller#############
[root@controller ~]# systemctl stop firewalld
[root@controller ~]# systemctl disable firewalld
[root@controller ~]# vim /etc/sysconfig/selinux
SELINUX=disabled
[root@controller ~]# setenforce 0
----------------------------------------------------------------
##########compute###################
[root@compute ~]# systemctl stop firewalld
[root@compute ~]# systemctl disable firewalld
[root@compute ~]# vim /etc/sysconfig/selinux #重启生效
SELINUX=disabled
[root@compute ~]# setenforce 0 #可以直接生效Permissive
04-准备yum源(控制,计算)
rm -rf /etc/yum.repos.d/*
------------------上外网的情况-------------------------
curl http://mirrors.163.com/.help/CentOS7-Base-163.repo >> /etc/yum.repos.d/centos.repo
yum repolist #验证
####修改yum配置文件 来获取缓存rpm包,第一次做就需要用到,来实现【第十三、扩展】的用法
vim /etc/yum.conf
keepcache=1
-------------------内网------------------------------------
将openstack-trian.tar.gz包上传到/opt/目录,解压
vi /etc/yum.repos.d/openstack.repo
[openstack]
name=openstack
baseurl=file:///opt/openstack-train/
gpgcheck=0
enabled=1
二、安装chrony服务
01-控制节点准备
yum install -y chrony
vim /etc/chrony.conf #添加以下
server controller iburst #配置ntp服务器
allow 192.168.200.0/16 #允许200网段的进行时间同步
systemctl restart chronyd
systemctl enable chronyd
#验证
chronyc sources
02-计算节点准备
yum install -y chrony
vim /etc/chrony.conf #添加以下
server controller iburst
systemctl restart chronyd
systemctl enable chronyd
#验证
chronyc sources
三、安装openstack客户端
#############控制,计算节点###################
01-安装openstack库
yum install centos-release-openstack-train -y
#更新所有包
yum upgrade -y
#安装必要命令
yum install -y lsof net-tools vim wget
02-安装openstack客户端
yum install python-openstackclient openstack-selinux openstack-utils -y
centos-release-openstack-train 保证安装更新openstack版本为最新版本t版
python-openstackclient openstack的python客户端
因为openstack中的API大多数是python编写的,并且连接数据库,也需要python
openstack-selinux openstack核心安全防护
openstack-utils openstack其它util工具
四、部署数据库服务
################controller############3
01-安装mariadb服务
yum install mariadb mariadb-server python2-PyMySQL -y
02-创建并编辑配置文件
vi /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.200.10 #绑定ip地址,跟随自己实际情况
default-storage-engine = innodb #将默认引擎改为innodb,来支持高级数据库功能
innodb_file_per_table = on #修改InnoDB为独立表空间模式
max_connections = 4096 #最大连接数
collation-server = utf8_general_ci #
character-set-server = utf8 #
03-启动并且开机自启
systemctl enable mariadb && systemctl start mariadb
04-运行安全脚本
mysql_secure_installation #运行命令
Enter current password for root (enter for none): #直接回车
Set root password? [Y/n] y #设置密码
New password: #设置密码000000
Re-enter new password: #再次设置密码
Remove anonymous users? [Y/n] y #是否删除匿名用户
Disallow root login remotely? [Y/n] n #不允许远程登录
Remove test database and access to it? [Y/n] y #删除测试数据库并访问
Reload privilege tables now? [Y/n] y #是否重新加载特权表
五、部署消息队列
#################controller#############
01-安装rabbitmq服务
yum install rabbitmq-server -y
02-设置开机自启并启动
systemctl enable rabbitmq-server && systemctl start rabbitmq-server
#端口5672
03-创建openstack账户和密码
rabbitmqctl add_user openstack 000000
#密码为000000
04-授予权限
rabbitmqctl set_permissions -p / openstack '.*' '.*' '.*'
#配置,读,写权限
05-设置角色
rabbitmqctl set_user_tags openstack administrator
#赋予管理员角色
06-安装web插件(可执行也可不执行)
rabbitmq-plugins enable rabbitmq_management
#启动web管理界面
07-验证,可访问网址
netstat -nltp | grep 5672
#5672是默认端口,25672是测试工具cli端口[http://192.168.200.10:15672](http://192.168.1.92:15672)
#用户与密码为guest
六、部署memcached服务
####################controller##################
01-安装服务
yum install memcached python-memcached -y
02-修改配置文件
vim /etc/sysconfig/memcached
OPTIONS="-l 127.0.0.1,::1,controller"
03-设置开机自启并启动
systemctl enable memcached && systemctl start memcached
七、部署etcd服务
####################controller#############
01-安装服务
yum install etcd -y
02-修改配置文件
vim /etc/etcd/etcd.conf
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.200.10:2380" #将localhost改成自己的ip
ETCD_LISTEN_CLIENT_URLS="http://192.168.200.10:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.200.10:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.200.10:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.200.10:2380" #将default改为上面的ETCD_NAME
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
#可以使用:%s/localhost/192.168.200.10/g 实现转换
03-设置开机自启并启动
systemctl enable etcd && systemctl start etcd
八、部署keystone服务
#######################controller#############
01-创建数据库
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';
MariaDB [(none)]> flush privileges;
02-安装keystone服务
yum install openstack-keystone httpd mod_wsgi -y
03-修改配置文件
\cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak #备份
grep -Ev ^'(#|$)' /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf 去除#和空行
vim /etc/keystone/keystone.conf
[database] #数据库连接
connection = mysql+pymysql://keystone:000000@controller/keystone
[token]
provider = fernet
04-同步导入数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#验证是否同步:
mysql -uroot -p000000 -e “use keystone;show tables;”
05-初始化密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
06-引导认证服务
#admin_pass 设置为000000
keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
07-配置apache服务
vim /etc/httpd/conf/httpd.conf
ServerName controller
08-创建链接文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
09-设置开机自启并启动服务
systemctl enable httpd && systemctl start httpd
10-配置管理员环境变量
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
11-创建相关域,项目,用户和角色
#创建demo域,不创建也行,默认存在default域,admin项目和admin用户和角色 <<<<看清楚,不需要创建openstack domain create --description "An Example Domain" demo
#创建admin项目openstack project create --domain demo --description "Admin Project" admin
#创建admin用户openstack user create --domain demo --password 000000 admin
#创建admin角色openstack role create admin
#将admin用户和角色添加到admin项目openstack role add --project admin --user admin admin
=默认存在 以上不需要创建admin项目和其他===
#创建service项目,供nova,glance等组件使用openstack project create --domain default --description "Service Project" service
#创建demo项目openstack project create --domain default --description "Demo Project" demo
#创建demo用户openstack user create --domain default --password-prompt demo
#密码为000000
#创建user角色openstack role create user
#将demo用户和角色添加到demo项目openstack role add --project demo --user demo user
12-验证
1)解除环境变量unset OS_AUTH_URL OS_PASSWORD
2)创建admin用户的环境变量脚本
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
3)创建demo用户的环境变量脚本
vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=000000
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
4)验证
#验证admin
source admin-openrc
openstack token issue #获取token
#验证demo
source demo-openrc
openstack token issue
九、部署glance服务
01-创建数据库
mysql -u root -p000000
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '000000';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '000000';
MariaDB [(none)]> flush privileges;
02-创建glance服务的keystone的认证
#生效环境变量
source admin-openrc
#创建glance用户
openstack user create --domain default --password 000000 glance
#将glance用户和角色添加到service项目
openstack role add --project service --user glance admin
03-创建glance服务和api端口
#创建glance服务
openstack service create --name glance --description "OpenStack Image" image
#公共端点
openstack endpoint create --region RegionOne image public http://controller:9292
#私有端点
openstack endpoint create --region RegionOne image internal http://controller:9292
#admin管理端点
openstack endpoint create --region RegionOne image admin http://controller:9292
04-安装glance服务并配置
#安装glance服务
yum install openstack-glance -y
#备份并且将开头#和空行去掉
\cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
grep -Ev ^'(#|$)' /etc/glance/glance-api.conf.bak >/etc/glance/glance-api.conf
#修改配置文件
#/etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 000000
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http #支持存储方式
default_store = file #默认使用存储方式
filesystem_store_datadir = /var/lib/glance/images/
#备份并且将开头#和空行去掉
\cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
grep -Ev ^'(#|$)' /etc/glance/glance-registry.conf.bak >/etc/glance/glance-registry.conf
#修改配置文件
#/etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:000000@controller/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 000000
[paste_deploy]
flavor = keystone
05-同步数据库并启动服务
#同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
#启动glance服务并设置开机自启
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
06-验证
#下载测试镜像或者本地上传
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
#上传到glance
openstack image create "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --public
#查看镜像
openstack image list
十、部署nova服务
###########################controller#########################
01-创建nova,placement数据库
mysql -uroot -p000000
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '000000';
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '000000';
flush privileges;
02-创建nova服务的keystone认证
#生效环境变量
source admin-openrc
#创建nova用户
openstack user create --domain default --password 000000 nova
#将nova用户和角色添加到项目
openstack role add --project service --user nova admin
03-创建nova服务和api端口
#创建nova服务
openstack service create --name nova --description "OpenStack Compute" compute
#公共端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
#私有端点
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
#admin管理端点
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
04-创建placement服务的keystone认证
#创建placement用户
openstack user create --domain default --password 000000 placement
#将palcement用户和角色添加到项目
openstack role add --project service --user placement admin
05-创建placement服务和api端口
#创建placement服务
openstack service create --name placement --description "Placement API" placement
#公共端点
openstack endpoint create --region RegionOne placement public http://controller:8778
#私有端点
openstack endpoint create --region RegionOne placement internal http://controller:8778
#admin管理端点
openstack endpoint create --region RegionOne placement admin http://controller:8778
06-安装nova、placement服务并配置
#安装nova服务和palcement服务
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-placement-api
#备份并将#和空行去掉
\cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
grep -Ev ^'(#|$)' /etc/nova/nova.conf.bak >/etc/nova/nova.conf
#配置nova服务
1)/etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip = 192.168.200.10
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[database]
connection = mysql+pymysql://nova:000000@controller/nova
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:000000@controller/nova_api
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[vnc]
enabled = true
server_listen = 192.168.200.10
server_proxyclient_address = 192.168.200.10
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = default
project_name = service
auth_type = password
user_domain_name = default
auth_url = http://controller:5000/v3
username = placement
password = 000000
#备份并去除#和空行
cp /etc/placement/placement.conf /etc/placement/placement.conf.bak
grep -Ev '^$|#' /etc/placement/placement.conf.bak > /etc/placement/placement.conf
#配置文件
vi /etc/placement/placement.conf
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = 000000
[placement_database]
connection = mysql+pymysql://placement:000000@controller/placement
#因为软件包的bug,要修改配置文件添加以下内容
vim /etc/httpd/conf.d/00-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
#重启httpd服务
systemctl restart httpd
07-同步数据库并启动服务
#同步初始化noa-api数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
#初始化填充cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
#创建cell1
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
#初始化nova数据库
su -s /bin/sh -c "nova-manage db sync" nova
#同步placement数据库
su -s /bin/sh -c "placement-manage db sync" placement
#/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
#以上为正常现象
#验证是否注册成功
nova-manage cell_v2 list_cells
#启动nova服务并设置开机自启
systemctl enable openstack-nova-api.service openstack-nova-console.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-console.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
08-安装nova计算服务并配置(计算节点)
#安装nova计算服务
yum install openstack-nova-compute -y
#备份并将#和空行去掉
\cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
grep -Ev ^'(#|$)' /etc/nova/nova.conf.bak > /etc/nova/nova.conf
#修改配置文件
/etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:000000@controller
my_ip = 192.168.200.20
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 000000
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = default
project_name = service
auth_type = password
user_domain_name = default
auth_url = http://controller:5000/v3 #端口一定要与之对应
username = placement
password = 000000
09-检查是否支持虚拟化
#判断计算节点是否支持虚拟机的硬件加速
virt_num=`egrep -c '(vmx|svm)' /proc/cpuinfo`
if [ $virt_num = '0' ];then 如果不是
crudini --set /etc/nova/nova.conf libvirt virt_type qemu 更改virt的类型为qemu
fi
10-启动服务并加入计算节点
#启动服务并设置开机自启
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
#连接控制节点
ssh controller
source admin-openrc
#列出计算节点服务
openstack compute service list --service nova-compute
#验证
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
#退出连接
exit
11-验证
#在控制节点查看状态
openstack compute service list
#列出认证服务的端口
openstack catalog list
#列出镜像信息
openstack image list
#确认cells和placement的api成功运行
nova-status upgrade check #报错
十一、部署neutron服务
################################controller#######################
===============================================================
01-创建数据库
mysql -uroot -p000000
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '000000';
flush privileges;
02-创建neutron服务的keystone认证
#生效环境变量
source admin-openrc
#创建neutron用户
openstack user create --domain default --password 000000 neutron
#将neutron用户和角色添加到服务
openstack role add --project service --user neutron admin
03-创建neutron服务和api端口
#创建neutron服务
openstack service create --name neutron --description "OpenStack Networking" network
#公共端点
openstack endpoint create --region RegionOne network public http://controller:9696
#私有端点
openstack endpoint create --region RegionOne network internal http://controller:9696
#admin管理端点
openstack endpoint create --region RegionOne network admin http://controller:9696
04-安装neutron服务并配置
#安装neutron服务 选择L3代理
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
#配置第二张网卡
vim /etc/sysconfig/network-scripts/ifcfg-ens34
#只保留这四行
DEVICE=ens34
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
systemctl restart network
#备份并将#和空行去掉
\cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev ^'(#|$)' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
#修改配置文件
vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:000000@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#备份并将#和空行删除
\cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
grep -Ev ^'(#|$)' /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini
#修改配置文件配置二层插件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
#备份并将#和空行删除
\cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev ^'(#|$)' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#修改配置文件配置linux bridge插件
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #第二张网卡名字
[vxlan]
enable_vxlan = true
local_ip = 192.168.200.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#备份并将#和空行删除
\cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
grep -Ev ^'(#|$)' /etc/neutron/l3_agent.ini.bak >/etc/neutron/l3_agent.ini
#修改配置文件配置三层插件
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
\cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
grep -Ev ^'(#|$)' /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
#修改配置文件配置dhcp插件
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
\cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
grep -Ev ^'(#|$)' /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
#修改配置文件配置metadata插件
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = 000000
#修改nova配置文件来使用网络服务
vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
service_metadata_proxy = true
metadata_proxy_shared_secret = 000000
#创建软链接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
#重启nova服务
systemctl restart openstack-nova-api
05-同步数据库并启动服务
#同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#启动neutron服务并设置开机自启
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
06-安装neutron网络服务并配置(计算节点)
#安装neutron服务
yum install openstack-neutron-linuxbridge ebtables ipset -y
#配置第二张网卡
vi /etc/sysconfig/network-scripts/ifcfg-ens34
#只保留这四行
DEVICE=ens34
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
systemctl restart network
#备份并将#和空行去掉
\cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
grep -Ev ^'(#|$)' /etc/neutron/neutron.conf.bak >/etc/neutron/neutron.conf
#修改配置文件
vi /etc/neutron/neutron.conf
[DEFAULT]
transport_url = rabbit://openstack:000000@controller
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 000000
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#备份并将#和空行删除
\cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
grep -Ev ^'(#|$)' /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
#修改配置文件
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34 #第二张网卡名字
[vxlan]
enable_vxlan = true
local_ip = 192.168.200.20
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#修改nova配置文件来使用网络服务
vi /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 000000
07-启动服务
#重启nova服务
systemctl restart openstack-nova-compute.service
#启动服务并设置开机自启
systemctl start neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service
08-验证
#查看网络插件是否启动成功
openstack network agent list
十二、部署horizon服务
01-安装服务并配置
#安装dashboard服务
yum install openstack-dashboard -y
#修改配置文件
vim /etc/openstack-dashboard/local_settings
……
OPENSTACK_HOST = "controller" ##配置界面在控制节点使用
……
ALLOWED_HOSTS = ['*'] ##允许所有主机访问
……
SESSION_ENGINE = 'django.contrib.sessions.backends.cache' ##配置memcached存储服务
……
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
},
}
……
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST ##启动v3的认证api
……
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True ##启用domain支持
……
OPENSTACK_API_VERSIONS = { ##配置api版本
"data-processing": 1.1,
"identity": 3,
"image": 2,
"volume": 2,
"compute": 2,
}
……
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'Default' ##配置Default为默认域
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" ##配置user角色为默认角色
TIME_ZONE = "Asia/Shanghai" ##配置时区
#修改配置文件
/etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}' #第四行添加
02-重启服务
#重启httpd服务和memcached服务
systemctl restart httpd.service memcached.service
03-验证
#浏览器输入ip
http://192.168.200.10/dashboard
=============================================================================
#搭建openstack The requested URL /auth/login/ was not found on this server报错
vi /usr/share/openstack-dashboard/openstack_dashboard/local/local_settings.py
WEBROOT = '/dashboard'
==============================================================================
十三、扩展
01-将rpm包打包,可实现离线安装
###############控制节点################
yum -y install createrepo
mkdir -p /mnt/openstack/openstack_Train
cd /var/cache/yum/x86_64/7/
find ./* -name "*.rpm" -exec cp {} /mnt/openstack/openstack_Train/ \;
###############计算节点################
mkdir -p /mnt/openstack/openstack_Train_compute
cd /var/cache/yum/x86_64/7/
find ./* -name "*.rpm" -exec cp {} /mnt/openstack/openstack_Train_compute/ \;
scp /mnt/openstack/openstack_Train_compute/* 192.168.200.10:/mnt/openstack/openstack_Train_compute
#到控制节点上把所有的rpm包都放到一起
cd /mnt/
mv -f openstack_Train_compute/*.rpm openstack_Train/
#创建yum
cd /mnt/openstack/openstack_Train
createrepo ./
ls repodata/
#打包
tar -zcvf openstack-train.tar.gz openstack_Train/
#这样就可以将tar包保存到本地,供以后使用
1. 将tar包上传,解压到/mnt/
2. 配置yum.repo文件,配置yum到本地目录
3. 就可以使用不需要联网下载