openstack双网卡 openstack网卡配置

  众所周知，不管是公有云也好，私有云也罢，openstack都是赫赫有名的，那么今天就给大家分享一下oenstack官方目前较新版本mitaka的安装和配置，本次将会带大家配置openstack的Identity service、Compute service、Image service、Networking service、Block Storage service、Dashboard、Orchestration service、Shared File Systems service一些常用服务模块，以下是本实验的一些前期准备。

网络环境准备

公有网络：10.0.0.0/16

私有网络：172.16.0.0/16

管理网络：192.168.10.0/24

直连接口：111.40.215.0/28

由于我使用的是远程机房中的高配服务器虚拟化出来的三台kvm虚拟机做的本实验，所以我这里使用10段地址模拟公网网络，并且新增了一个直连接口给三台虚拟机各自配置了一个公网IP， 以方便直连三台虚拟机执行配置操作，希望大家能够本实验中的网络环境，以免影响你对openstack网络的理解，在此特此说明。

controller节点：

公网IP：10.0.0.10 管理IP：192.168.10.10 直连IP：111.40.215.8

compute节点：

公网IP：10.0.0.20 管理IP：192.168.10.20 直连IP：111.40.215.9

compute节点：

公网IP：10.0.0.31 管理IP：192.168.10.31 直连IP：111.40.215.10

由于是用kvm虚拟化出来的虚机做的实验，所以需要提前开启compute节点的嵌套虚拟化配置，否则无法在虚拟出来的compute节点上再次使用kvm创建虚机

kvm虚拟机开启嵌套虚拟化过程

[root@openstack_test ~]# modinfo kvm_intel | grep nested  //查看kvm宿主机能否支持嵌套虚拟化
parm:           nested:bool
[root@openstack_test ~]# cat /sys/module/kvm_intel/parameters/nested  //查看kvm宿主机是否开启嵌套虚拟化（Y是开启）
N
[root@openstack_test ~]#  //上述情况属于宿主机本身支持嵌套虚拟化，但没有开启，只需要系统级别开启即可

[root@openstack_test ~]# modprobe -r kvm_intel  //卸载kvm模块
[root@openstack_test ~]# echo $?
0
[root@openstack_test ~]# lsmod | grep kvm_intel
[root@openstack_test ~]# modprobe kvm_intel nested=1  //重载kvm模块，并开启kvm嵌套虚拟化功能
[root@openstack_test ~]# lsmod | grep kvm_intel
kvm_intel             162153  0 
kvm                   525259  1 kvm_intel
[root@openstack_test ~]# cat /sys/module/kvm_intel/parameters/nested  //检验kvm嵌套虚拟化是否开启成功
Y
[root@openstack_test ~]# 

修改vm虚拟机的配置文件，cpu标签中添加类似如下的内容
  <cpu mode='custom' match='exact'>
    <model fallback='allow'>Westmere</model>
    <vendor>Intel</vendor>
    <feature policy='require' name='lahf_lm'/>
    <feature policy='require' name='xtpr'/>
    <feature policy='require' name='cx16'/>
    <feature policy='require' name='tm2'/>
    <feature policy='require' name='est'/>
    <feature policy='require' name='vmx'/>
    <feature policy='require' name='pbe'/>
    <feature policy='require' name='tm'/>
    <feature policy='require' name='ht'/>
    <feature policy='require' name='ss'/>
    <feature policy='require' name='acpi'/>
    <feature policy='require' name='ds'/>
  </cpu>


kvm宿主机网络配置

br1使用eth0接口  openstack管理网络：192.168.10.0/24
br2使用eth1接口  openstack外部网络：10.0.0.0/16
br3使用eth3接口  openstack直辖接口：111.40.215.0/28

[root@openstack_test network-scripts]# cat ifcfg-eth0
DEVICE=eth0
ONBOOT=yes
BRIDGE=br1
[root@openstack_test network-scripts]# cat ifcfg-br1
TYPE=Bridge
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=br1
DEVICE=br1
ONBOOT=yes
IPADDR=192.168.10.11
PREFIX=24
[root@openstack_test network-scripts]# cat ifcfg-eth1
DEVICE=eth1
ONBOOT=yes
BRIDGE=br2
[root@openstack_test network-scripts]# cat ifcfg-br2
TYPE=Bridge
BOOTPROTO=static
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=br2
DEVICE=br2
ONBOOT=yes
IPADDR=10.0.0.11
PREFIX=16
[root@openstack_test network-scripts]# cat ifcfg-eth2
DEVICE=eth2
ONBOOT=yes
BRIDGE=br3
[root@openstack_test network-scripts]# cat ifcfg-br3
TYPE=Bridge
BOOTPROTO=none
DEFROUTE=yes
PEERDNS=yes
PEERROUTES=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME=br3
DEVICE=br3
ONBOOT=yes
IPADDR=111.40.215.14
NETMASK=255.255.255.240
GATEWAY=111.40.215.1
[root@openstack_test network-scripts]# cat /etc/resolv.conf 
nameserver 223.5.5.5
[root@openstack_test network-scripts]# 

kvm虚机准备
[root@openstack_test ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     base                           shut off

[root@openstack_test ~]# virt-clone -o base -n controller -f /kvm/p_w_picpaths/controller.qcow2
Allocating 'controller.qcow2'                                                               | 400 GB  00:00:02     

Clone 'controller' created successfully.
[root@openstack_test ~]# virt-clone -o base -n block1 -f /kvm/p_w_picpaths/block1.qcow2
Allocating 'block1.qcow2'                                                               | 400 GB  00:00:02     

Clone 'block1' created successfully.
[root@openstack_test ~]# virt-clone -o base -n compute1 -f /kvm/p_w_picpaths/compute1.qcow2
Allocating 'compute1.qcow2'                                                                    | 400 GB  00:00:02     

Clone 'compute1' created successfully.
[root@openstack_test ~]# virt-clone -o base -n compute2 -f /kvm/p_w_picpaths/compute2.qcow2
Allocating 'compute2.qcow2'                                                                   | 400 GB  00:00:03     

Clone 'compute2' created successfully.
[root@openstack_test ~]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     base                           shut off
 -     block1              shut off
 -     compute1                    shut off
 -     compute2                    shut off
 -     controller                  shut off

[root@openstack_test ~]#

配置使用阿里云yum源以便安装程序包加速
[root@compute1 ~]# cat /etc/yum.repos.d/aliyun-base.repo 
[base]
name=CentOS-$releasever - Base
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/os/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#released updates 
[updates]
name=CentOS-$releasever - Updates
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/updates/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that may be useful
[extras]
name=CentOS-$releasever - Extras
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/extras/$basearch/
gpgcheck=1
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#additional packages that extend functionality of existing packages
[centosplus]
name=CentOS-$releasever - Plus
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/centosplus/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
 
#contrib - packages by Centos Users
[contrib]
name=CentOS-$releasever - Contrib
failovermethod=priority
baseurl=http://mirrors.aliyun.com/centos/$releasever/contrib/$basearch/
gpgcheck=1
enabled=0
gpgkey=http://mirrors.aliyun.com/centos/RPM-GPG-KEY-CentOS-7
[root@compute1 ~]# 

epel及openstack仓库
[root@compute1 ~]# cat /etc/yum.repos.d/aliyun-epel.repo 
[epel]
name=Extra Packages for Enterprise Linux 7 - $basearch
baseurl=http://mirrors.aliyun.com/epel/7/$basearch
failovermethod=priority
enabled=1
gpgcheck=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
 
[epel-debuginfo]
name=Extra Packages for Enterprise Linux 7 - $basearch - Debug
baseurl=http://mirrors.aliyun.com/epel/7/$basearch/debug
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0
 
[epel-source]
name=Extra Packages for Enterprise Linux 7 - $basearch - Source
baseurl=http://mirrors.aliyun.com/epel/7/SRPMS
failovermethod=priority
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-EPEL-7
gpgcheck=0

[openstack-mitaka]
name=openstack-mitaka
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-mitaka/
gpgcheck=0
[root@compute1 ~]#

    至此，还只是一些最基础的准备，每个角色的基础配置我们统一放到各个具体角色配置过程中了。

转载于:https://blog.51cto.com/183530300/1957705