美文网首页
openstack pike安装

openstack pike安装

作者: 羽煊 | 来源:发表于2018-01-03 15:23 被阅读0次

    节点规划

    准备4台虚机,分别做Controller,Network,Compute,Middleware。
    Controller安装keystone,glance,nova-api,nova-conductor,nova-scheduler,nova-placement
    Network安装neutron相关组件
    Compute安装nova-compute
    Middleware安装mariadb,rabbitmq,memcache。

    网络规划

    controller
    eth0: 192.168.100.111 external
    eth1: 10.1.1.1 admim
    network
    eth0: 192.168.100.114 external
    eth1: 10.1.1.4 admin
    eth2: 10.2.2.4 tunnel
    compute
    eth0: 192.168.100.112 external
    eth1: 10.1.1.2 admin
    eth2: 10.2.2.2 tunnel
    middleware (mysql,mq,memcache)
    eth1: 10.1.1.3 admin

    基础配置

    每个节点都按如下操作
    hosts文件
    echo "
    10.1.1.1 controller
    10.1.1.2 compute
    10.1.1.3 middleware
    10.1.1.4 network
    " >>/etc/hosts
    配置yum源
    yum install -y wget
    wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
    yum install centos-release-openstack-pike -y
    yum clean all && yum makecache
    时间同步
    echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com &> /dev/null" > /tmp/crontab
    crontab /tmp/crontab

    Middleware节点

    安装数据库
    yum install -y mariadb-server
    systemctl restart mariadb.service
    systemctl enable mariadb.service
    安装rabbitmq
    yum install -y erlang rabbitmq-server
    systemctl restart rabbitmq-server
    systemctl enable rabbitmq-server
    创建openstack用户,并设置密码
    rabbitmqctl add_user openstack 123456
    给openstack用户赋予权限
    rabbitmqctl set_permissions openstack "." "." "."
    rabbitmqctl set_user_tags openstack administrator
    rabbitmqctl list_users
    打开RabbitMQ相关插件
    /usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent
    查看RabbitMQ插件
    /usr/lib/rabbitmq/bin/rabbitmq-plugins list
    安装memcached
    yum install -y memcached python-memcached
    配置memcache监听端口
    sed -i 's/OPTIONS    .*/OPTIONS="-l 127.0.0.1,10.1.1.3"/' /etc/sysconfig/memcached
    重启memcache并设置开机启动
    systemctl restart memcached.service
    systemctl enable memcached.service
    systemctl status memcached.service

    Controller节点

    安装keystone

    yum -y install openstack-keystone httpd mod_wsgi python-openstackclient openstack-utils
    创建keystone库,并给keystone用户授权
    create database keystone;
    grant all privileges on keystone.* to 'keystone'@'localhost' identified by '123456';
    grant all privileges on keystone.* to 'keystone'@'%' identified by '123456';
    配置/etc/keystone/keystone.conf
    cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
    > /etc/keystone/keystone.conf

     openstack-config --set /etc/keystone/keystone.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:123456@middleware/keystone
 openstack-config --set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
 openstack-config --set /etc/keystone/keystone.conf cache enabled true
 openstack-config --set /etc/keystone/keystone.conf cache memcache_servers middleware:11211
 openstack-config --set /etc/keystone/keystone.conf memcache servers middleware:11211
 openstack-config --set /etc/keystone/keystone.conf token expiration 3600
 openstack-config --set /etc/keystone/keystone.conf token provider fernet

    配置httpd.conf文件
    sed -i "s/ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf
    配置keystone与httpd结合
    ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
    建立identity表结构
    su -s /bin/sh -c "keystone-manage db_sync" keystone
    初始化fernet
    keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
    keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
    启动httpd,并设置httpd开机启动
    systemctl enable httpd.service
    systemctl restart httpd.service
    systemctl status httpd.service
    创建admin用户角色

    keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3 --bootstrap-internal-url http://controller:35357/v3 --bootstrap-public-url http://controller:5000/v3 --bootstrap-region-id RegionOne --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone

    验证

    openstack project list --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url http://controller:5000 --os-password 123456

    创建admin用户环境变量,创建/root/admin-openrc 文件
    cat >> /root/admin-openrc <<EOF
    export OS_USER_DOMAIN_ID=default
    export OS_PROJECT_DOMAIN_ID=default
    export OS_USERNAME=admin
    export OS_PROJECT_NAME=admin
    export OS_PASSWORD=123456
    export OS_IDENTITY_API_VERSION=3
    export OS_IMAGE_API_VERSION=2
    export OS_AUTH_URL=http://controller:35357/v3
    EOF
    创建service项目
    source /root/admin-openrc
    openstack project create --domain default --description "Service Project" service
    创建demo项目
    openstack project create --domain default --description "Demo Project" demo
    创建demo用户,并设置密码
    openstack user create --domain default demo --password 123456
    创建user角色并将demo用户赋予user角色
    openstack role create user
    openstack role add --project demo --user demo user
    验证keystone

    unset OS_TOKEN  OS_URL
openstack --os-auth-url http://controller:35357/v3  --os-project-domain-name default --os-user-domain-name default   --os-project-name admin --os-username admin token issue --os-password 123456
openstack --os-auth-url http://controller:5000/v3   --os-project-domain-name default --os-user-domain-name default   --os-project-name demo --os-username demo token issue --os-password 123456

    安装glance

    创建glance数据库
    CREATE DATABASE glance;
    创建数据库用户并赋予权限
    GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
    GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
    创建glance用户及赋予admin权限
    source /root/admin-openrc
    openstack user create --domain default glance --password 123456
    openstack role add --project service --user glance admin
    创建image服务
    openstack service create --name glance --description "OpenStack Image service" image
    创建glance的endpoint
    openstack endpoint create --region RegionOne image public http://controller:9292
    openstack endpoint create --region RegionOne image internal http://controller:9292
    openstack endpoint create --region RegionOne image admin http://controller:9292
    安装glance相关的软件包
    yum install -y openstack-glance python-glance
    配置/etc/glance/glance-api.conf
    cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
    >/etc/glance/glance-api.conf

     openstack-config --set  /etc/glance/glance-api.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set  /etc/glance/glance-api.conf database connection  mysql+pymysql://glance:123456@middleware/glance
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_uri  http://controller:5000
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_url  http://controller:35357
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken memcached_servers  middleware:11211
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken auth_type  password
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_domain_name  default
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken user_domain_name   default  
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken project_name  service
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken username  glance
 openstack-config --set  /etc/glance/glance-api.conf keystone_authtoken password  123456
 openstack-config --set  /etc/glance/glance-api.conf paste_deploy flavor  keystone
 openstack-config --set  /etc/glance/glance-api.conf glance_store stores  file,http
 openstack-config --set  /etc/glance/glance-api.conf glance_store default_store  file
 openstack-config --set  /etc/glance/glance-api.conf glance_store filesystem_store_datadir  /var/lib/glance/images/

    配置/etc/glance/glance-registry.conf
    cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
    >/etc/glance/glance-registry.conf

     openstack-config --set  /etc/glance/glance-registry.conf DEFAULT transport_url rabbit://openstack:devops@middleware
 openstack-config --set  /etc/glance/glance-registry.conf database connection  mysql+pymysql://glance:123456@middleware/glance
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_uri  http://controller:5000
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_url  http://controller:35357
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken memcached_servers  middleware:11211  
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken auth_type  password
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_domain_name  default
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken user_domain_name  default
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken project_name  service
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken username  glance
 openstack-config --set  /etc/glance/glance-registry.conf keystone_authtoken password 123456
 openstack-config --set  /etc/glance/glance-registry.conf paste_deploy flavor  keystone

    同步glance数据库,初始化glance表结构
    /bin/sh -c "glance-manage db_sync" glance
    创建镜像存储目录并赋予glance用户和组权限
    mkdir /var/lib/glance/images
    chown glance.glance /var/lib/glance/images
    chown glance.glance /var/log/glance/api.log
    启动glance服务及设置开机启动
    systemctl enable openstack-glance-api.service openstack-glance-registry.service
    systemctl restart openstack-glance-api.service openstack-glance-registry.service
    systemctl status openstack-glance-api.service openstack-glance-registry.service
    下载测试镜像文件
    wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
    上传镜像到glance
    source /root/admin-openrc

    glance image-create --name "cirros-0.3.4-x86_64" --file cirros-0.3.4-x86_64-disk.img  --disk-format qcow2 --container-format bare --visibility public --progress

    查看镜像列表:
    glance image-list

    安装nova (controller部分)

    创建数据库
    create database nova;
    create database nova_api;
    create database nova_cell0;
    数据库授权
    grant all privileges on nova.* to nova@'localhost' identified by '123456';
    grant all privileges on nova.* to nova@'%' identified by '123456';
    grant all privileges on nova_api.* to nova@'localhost' identified by '123456';
    grant all privileges on nova_api.* to nova@'%' identified by '123456';
    grant all privileges on nova_cell0.* to nova@'%' identified by '123456';
    grant all privileges on nova_cell0.* to nova@'localhost' identified by '123456';
    source admin-openrc
    创建用户,分配角色
    openstack user create --domain default nova --password 123456
    openstack role add --project service --user nova admin
    创建compute服务
    openstack service create --name nova --description "OpenStack Compute" compute
    创建endpoint
    openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%(tenant_id)s
    openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%(tenant_id)s
    openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%(tenant_id)s
    创建placement 用户和服务
    openstack user create --domain default placement --password 123456
    openstack role add --project service --user placement admin
    openstack service create --name placement --description "Placement API" placement
    创建placement endpoint
    openstack endpoint create --region RegionOne placement admin http://controller:8778
    openstack endpoint create --region RegionOne placement public http://controller:8778
    openstack endpoint create --region RegionOne placement internal http://controller:8778
    安装nova相关软件
    yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
    配置/etc/nova/nova.conf
    cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
    >/etc/nova/nova.conf

    openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis  osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.1.1.1
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:123456@middleware/nova
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:123456@middleware/nova_api
openstack-config --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval -1
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 123456
openstack-config --set /etc/nova/nova.conf keystone_authtoken service_token_roles_required True
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf placement memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password 123456
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 192.168.100.111
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 192.168.100.111
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp

    配置/etc/httpd/conf.d/00-nova-placement-api.conf
    添加:
    <Directory /usr/bin>
      <IfVersion >= 2.4>
        Require all granted
      </IfVersion>
      <IfVersion < 2.4>
        Order allow,deny
        Allow from all
      </IfVersion>
    </Directory>
    像下面这样

    <VirtualHost *:8778>
  WSGIProcessGroup nova-placement-api
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
  WSGIScriptAlias / /usr/bin/nova-placement-api
  <IfVersion >= 2.4>
    ErrorLogFormat "%M"
  </IfVersion>
  ErrorLog /var/log/nova/nova-placement-api.log
  <Directory /usr/bin>
    <IfVersion >= 2.4>
      Require all granted
    </IfVersion>
    <IfVersion < 2.4>
      Order allow,deny
      Allow from all
    </IfVersion>
  </Directory>
  SSLEngine On
  SSLCertificateFile ...
  SSLCertificateKeyFile ...
</VirtualHost>

    重启httpd 服务:
    systemctl restart httpd.service
    同步nova_api数据库
    su -s /bin/sh -c "nova-manage api_db sync" nova
    同步nova_cell0数据库
    su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
    创建cell1
    su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
    nova数据库
    su -s /bin/sh -c "nova-manage db sync" nova
    确认ova cell0 和 cell1注册和创建成功
    nova-manage cell_v2 list_cells
    检查部署是否正常
    nova-status upgrade check
    nova-manage cell_v2 discover_hosts
    设置开机启动
    systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
    重启服务
    systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

    安装Dashboard

    安装dashboard相关软件包
    yum install -y openstack-dashboard
    修改配置文件/etc/openstack-dashboard/local_settings
    vim /etc/openstack-dashboard/local_settings
    需要该的部分
    ALLOWED_HOSTS = ['*',]

    CACHES = {
    'default': {
    'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
    'LOCATION': 'middleware:11211',
    },
    }

    OPENSTACK_HOST = "controller"
    OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
    OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
    OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

    启动dashboard服务并设置开机启动
    systemctl restart httpd.service memcached.service
    systemctl status httpd.service memcached.service

    Network节点

    创建neutron数据库
    create database neutron;
    数据库授权
    grant all privileges on neutron.* to neutron@'localhost' identified by '123456';
    grant all privileges on neutron.* to neutron@'%' identified by '123456';
    创建用户
    openstack user create --domain default neutron --password 123456
    给用户分配角色
    openstack role add --project service --user neutron admin
    创建服务
    openstack service create --name neutron --description "OpenStack Networking" network
    创建端点
    openstack endpoint create --region RegionOne network public http://controller:9696
    openstack endpoint create --region RegionOne network internal http://controller:9696
    openstack endpoint create --region RegionOne network admin http://controller:9696
    安装相关软件
    yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
    配置neutron.conf
    cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
    >/etc/neutron/neutron.conf

     openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
 openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
 openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
 openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
 openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
 openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers middleware:11211
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
 openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 123456
 openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:123456@middleware/neutron
 openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
 openstack-config --set /etc/neutron/neutron.conf nova auth_type password
 openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
 openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
 openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
 openstack-config --set /etc/neutron/neutron.conf nova project_name service
 openstack-config --set /etc/neutron/neutron.conf nova username nova
 openstack-config --set /etc/neutron/neutron.conf nova password 123456
 openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

    配置ml2_config.ini
    cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
    >/etc/neutron/plugins/ml2/ml2_conf.ini

     openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2 path_mtu 1500
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks  provider
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges  1:1000
 openstack-config --set   /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  True

    cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
    >/etc/neutron/plugins/ml2/linuxbridge_agent.ini

    openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan  local_ip  10.2.2.4
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population  True
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  agent  prevent_arp_spoofing  True
openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini  securitygroup  enable_security_group  True
openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

    注意provider:eth0,中eth0是外网网卡,一般这里写的网卡名都是能访问外网的,如果不是外网网卡,那么VM就会与外界网络隔离。
    local_ip 定义的是隧道网络,vxLan下 vm-linuxbridge->vxlan ------tun-----vxlan->linuxbridge-vm

    配置 /etc/neutron/l3_agent.ini
    cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
    >/etc/neutron/l3_agent.ini

     openstack-config --set  /etc/neutron/l3_agent.ini  DEFAULT  interface_driver  neutron.agent.linux.interface.BridgeInterfaceDriver
 openstack-config --set  /etc/neutron/l3_agent.ini  DEFAULT  external_network_bridge
 openstack-config --set  /etc/neutron/l3_agent.ini  DEFAULT  debug false

    配置/etc/neutron/dhcp_agent.ini
    cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
    >/etc/neutron/dhcp_agent.ini

     openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT  interface_driver  neutron.agent.linux.interface.BridgeInterfaceDriver
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT dhcp_driver  neutron.agent.linux.dhcp.Dnsmasq
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT enable_isolated_metadata True
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT verbose True
 openstack-config --set  /etc/neutron/dhcp_agent.ini  DEFAULT debug false

    配置controller节点的/etc/nova/nova.conf,让compute节点能使用上neutron网络

     openstack-config --set  /etc/nova/nova.conf  neutron url  http://network:9696
 openstack-config --set  /etc/nova/nova.conf  neutron auth_url  http://controller:35357
 openstack-config --set  /etc/nova/nova.conf  neutron auth_type  password
 openstack-config --set  /etc/nova/nova.conf  neutron project_domain_name  default
 openstack-config --set  /etc/nova/nova.conf  neutron user_domain_name  default
 openstack-config --set  /etc/nova/nova.conf  neutron region_name  RegionOne
 openstack-config --set  /etc/nova/nova.conf  neutron project_name service
 openstack-config --set  /etc/nova/nova.conf  neutron username  neutron
 openstack-config --set  /etc/nova/nova.conf  neutron password  123456
 openstack-config --set  /etc/nova/nova.conf  neutron service_metadata_proxy  True
 openstack-config --set  /etc/nova/nova.conf  neutron metadata_proxy_shared_secret  123456

    将dhcp-option-force=26,1450写入/etc/neutron/dnsmasq-neutron.conf
    echo "dhcp-option-force=26,1450" >/etc/neutron/dnsmasq-neutron.conf
    配置/etc/neutron/metadata_agent.ini
    cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
    >/etc/neutron/metadata_agent.ini

    openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT nova_metadata_ip controller
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT metadata_proxy_shared_secret 123456
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT metadata_workers 4
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT verbose  True
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT debug false
openstack-config --set  /etc/neutron/metadata_agent.ini  DEFAULT nova_metadata_protocol http

    创建硬链接
    ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
    同步数据库,初始化neutron表结构
    su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
    在controller上重启nova服务
    systemctl restart openstack-nova-api.service
    systemctl status openstack-nova-api.service
    重启neutron服务并设置开机启动
    systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
    systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
    systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

    openstack network agent list
    创建网络
    执行环境变量
    source /root/admin-openrc
    创建flat模式的public网络,public是外出网络,必须是flat模式的
    neutron net-create --shared provider --router:external True --provider:network_type flat --provider:physical_network provider
    本实验环境192.168.100.0/24网段可以出外网,就以该网段作为public网段
    创建子网
    neutron subnet-create provider 192.168.100.0/24 --name provider-sub --allocation-pool start=192.168.100.180,end=192.168.100.190 --dns-nameserver 8.8.8.8 --gateway 192.168.100.180
    创建名为private的私有网络, 网络模式为vxlan
    neutron net-create private --provider:network_type vxlan --router:external False --shared
    创建名为private-subnet的私有网络子网,网段为172.17.1.0, 这个网段就是虚拟机获取的私有的IP地址
    neutron subnet-create private --name private-subnet --gateway 172.17.1.1 172.17.1.0/24
    也可以创建多个不同的私有子网络
    如果虚机要能够访问外部网络还需要添加路由
    添加路由
    neutron router-create router01
    将私有网络的子网加入路由
    neutron router-interface-add router01 private-sub
    设置public网络为路由的网关
    neutron router-gateway-set router01 provider

    Compute节点

    安装相关依赖包
    yum install -y openstack-selinux python-openstackclient yum-plugin-priorities openstack-nova-compute openstack-utils
    配置nova.conf
    cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
    >/etc/nova/nova.conf

     openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy  keystone
 openstack-config --set /etc/nova/nova.conf DEFAULT my_ip  10.1.1.2
 openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron  True
 openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver
 openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  auth_uri  http://controller:5000
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  auth_url  http://controller:35357
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  memcached_servers  middleware:11211
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  auth_type  password
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  project_domain_name  default
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  user_domain_name  default
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  project_name  service
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  username  nova
 openstack-config --set /etc/nova/nova.conf keystone_authtoken  password 123456
 openstack-config --set /etc/nova/nova.conf placement auth_uri http://controller:5000
 openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:35357
 openstack-config --set /etc/nova/nova.conf placement memcached_servers middleware:11211
 openstack-config --set /etc/nova/nova.conf placement auth_type password
 openstack-config --set /etc/nova/nova.conf placement project_domain_name default
 openstack-config --set /etc/nova/nova.conf placement user_domain_name default
 openstack-config --set /etc/nova/nova.conf placement project_name service
 openstack-config --set /etc/nova/nova.conf placement username placement
 openstack-config --set /etc/nova/nova.conf placement password 123456
 openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
 openstack-config --set /etc/nova/nova.conf vnc enabled True
 openstack-config --set /etc/nova/nova.conf vnc keymap en-us
 openstack-config --set /etc/nova/nova.conf vnc vncserver_listen  0.0.0.0
 openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address  10.1.1.2
 openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url  http://192.168.100.112:6080/vnc_auto.html
 openstack-config --set /etc/nova/nova.conf glance  api_servers  http://controller:9292
 openstack-config --set /etc/nova/nova.conf oslo_concurrency  lock_path  /var/lib/nova/tmp
 openstack-config --set /etc/nova/nova.conf libvirt virt_type  qemu
 openstack-config --set /etc/nova/nova.conf libvirt cpu_mode none

    设置libvirtd.service 和openstack-nova-compute.service开机启动
    systemctl enable libvirtd.service openstack-nova-compute.service
    systemctl restart libvirtd.service openstack-nova-compute.service
    systemctl status libvirtd.service openstack-nova-compute.service
    到controller上执行验证
    source /root/admin-openrc
    openstack compute service list
    安装Neutron
    安装相关软件包
    yum install -y openstack-neutron-linuxbridge ebtables ipset
    配置neutron.conf
    cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
    >/etc/neutron/neutron.conf

     openstack-config --set  /etc/neutron/neutron.conf DEFAULT auth_strategy  keystone
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT advertise_mtu True
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT dhcp_agents_per_network 2
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT control_exchange neutron
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
 openstack-config --set  /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@middleware
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_uri  http://controller:5000
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_url  http://controller:35357
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken memcached_servers  middleware:11211
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken auth_type  password
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_domain_name  default
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken user_domain_name  default
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken project_name  service
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken username  neutron
 openstack-config --set  /etc/neutron/neutron.conf keystone_authtoken password  123456
 openstack-config --set  /etc/neutron/neutron.conf oslo_concurrency  lock_path  /var/lib/neutron/tmp

    配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini
    cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
    >/etc/neutron/plugins/ml2/linuxbridge_agent.ini

     openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
 openstack-config --set  /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT verbose true
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan  enable_vxlan  True
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan  local_ip  10.2.2.2
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini  vxlan l2_population  True
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  enable_security_group  True
 openstack-config --set   /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup  firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

    配置nova.conf

     openstack-config --set  /etc/nova/nova.conf neutron url  http://network:9696
 openstack-config --set  /etc/nova/nova.conf neutron auth_url  http://controller:35357
 openstack-config --set  /etc/nova/nova.conf neutron auth_type  password
 openstack-config --set  /etc/nova/nova.conf neutron project_domain_name  default
 openstack-config --set  /etc/nova/nova.conf neutron user_domain_name  default
 openstack-config --set  /etc/nova/nova.conf neutron region_name  RegionOne
 openstack-config --set  /etc/nova/nova.conf neutron project_name  service
 openstack-config --set  /etc/nova/nova.conf neutron username  neutron
 openstack-config --set  /etc/nova/nova.conf neutron password  123456

    重启和相关服务
    systemctl restart openstack-nova-compute.service neutron-linuxbridge-agent.service
    systemctl enable neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service

    Compute节点搭建完毕,运行nova host-list可以查看新加入的compute节点
    如果需要再添加另外一个compute节点,只要重复下Compute节点部部分即可,计算机名和IP地址改下
    创建配额命令controller上执行
    openstack flavor create m1.tiny --id 1 --ram 1024 --disk 10 --vcpus 1
    openstack flavor create m1.small --id 2 --ram 2048 --disk 20 --vcpus 1
    openstack flavor create m1.medium --id 3 --ram 4096 --disk 40 --vcpus 2
    openstack flavor create m1.large --id 4 --ram 8192 --disk 80 --vcpus 4
    openstack flavor create m1.xlarge --id 5 --ram 16384 --disk 160 --vcpus 8
    openstack flavor list
    登录dashboard
    http://192.168.100.111/dashboard


    创建实例

    一次选择“源”->"实例类型"->"网络" 点击创建实例
    创建一个名为test的实例,上图中的test1是为了验证创建过程新建的实例,test是已经创建的实例

    实例有了,也分配了IP,此时的实例就可以出外网了,因为前面已经创建了provider网络,但外网还是不能进来,因为没有绑定浮动IP。
    分配floatingip

    浮动IP关联


    创建安全组


    验证


    相关文章

      网友评论

          本文标题:openstack pike安装

          本文链接:https://www.haomeiwen.com/subject/pkrhnxtx.html

          延伸阅读

          深度阅读

          • 您也可以注册成为美文阅读网的作者,发表您的原创作品、分享您的心情!

          栏目导航

          热点阅读

          关于我们|服务条款|联系我们|openstack pike安装|投稿指南|网站地图|RSS订阅|排版工具|手机版

          提供经典美文摘抄,优美散文欣赏,现代诗歌精选,短篇小说,心情随笔,表白情书范文,故事会在线阅读欣赏

          Copyright © 2014-2023 Haomeiwen.com All Rights Reserved. 好美文阅读网 版权所有

          备案信息:桂公网安备 45052102000051号 · 桂ICP备13007215号-3

          本站所收录作品、热点评论等信息部分来源互联网,目的只是为了系统归纳学习和传递资讯

          所有作品版权归原创作者所有,与本站立场无关,如不慎侵犯了你的权益,请联系我们告知,我们将做删除处理!