OpenStack安装部署

 

 

 

 

一、基础准备工作

部署环境:CentOS 7 64

1、关闭本地iptables防火墙并设置开机不自启动

1
<code id="code_id_0" class=" has-numbering  language-bash"><span class="token comment"># systemctl stop firewalld.service# systemctl disable firewalld.service</span></code>
  • 1.
 
 

2、关闭本地selinux防火墙

1
<code id="code_id_1" class=" has-numbering  language-bash"><span class="token comment"># vim /etc/sysconfig/selinux SELINUX=disabled# setenforce 0</span></code>
  • 1.
 
 

3、设置主机计算机名称

1
<code id="code_id_2" class=" has-numbering  language-bash"><span class="token comment"># hostnamectl set-hostname controller</span></code>
  • 1.
 
 

4、本地主机名称和ip的解析

1
<code id="code_id_3" class=" has-numbering  language-bash"><span class="token comment"># vim /etc/hosts192.168.0.104 controller</span></code>
  • 1.
 
 

5、安装ntp时间校准工具

1
<code id="code_id_4" class=" has-numbering  language-bash"><span class="token comment"># yum -y install ntp# ntpdate asia.pool.ntp.org</span></code>
  • 1.
 
 

6、安装第三方yum源

1
<code id="code_id_5" class=" has-numbering  language-bash"><span class="token comment"># yum -y install yum-plugin-priorities# yum -y install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-2.noarch.rpm   # yum -y install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm</span></code>
  • 1.
 
 

7、升级系统软件包并重新系统

1
<code id="code_id_6" class=" has-numbering  language-bash"><span class="token comment"># yum upgrade# reboot</span></code>
  • 1.
 
 

二、安装配置mariadb数据库

1、安装mariadb数据库

1
<code id="code_id_7" class=" has-numbering  language-bash"><span class="token comment"># yum -y install mariadb mariadb-server MySQL-python</span></code>
  • 1.
 
 

2、配置mariadb数据库

1
2
3
4
5
<code id="code_id_8" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/my.cnf /etc/my.cnf.bak# rpm -ql mariadb# vim /etc/my.cnf.d/server.cnf[mysqld]bind-address = 0.0.0.0
default-storage-engine <span class="token operator">= innodb
innodb_file_per_table
collation-server <span class="token operator">= utf8_general_ci
init-connect <span class="token operator">= <span class="token string">'SET NAMES utf8'character-set-server <span class="token operator">= utf8</span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 

3、启动mariadb数据库

1
<code id="code_id_9" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable mariadb.service# systemctl start mariadb.service</span></code>
  • 1.
 
 

三、安装消息队列服务

1、安装rabbit所需软件包

1
<code id="code_id_10" class=" has-numbering  language-bash"><span class="token comment"># yum -y install rabbitmq-server</span></code>
  • 1.
 
 

2、启动rabbit服务

1
<code id="code_id_11" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable rabbitmq-server.service# systemctl start rabbitmq-server.service</span></code>
  • 1.
 
 

3、设置rabbit服务密码

1
<code id="code_id_12" class=" has-numbering  language-bash"><span class="token comment"># rabbitmqctl change_password guest rabbit</span></code>
  • 1.
 
 

四、安装keyston用户认证组件

1、创建keystone数据库和授权用户

1
2
<code id="code_id_13" class=" has-numbering  language-bash">mysql -u root -p
CREATE DATABASE keystone<span class="token punctuation">;GRANT ALL PRIVILEGES ON keystone.* TO <span class="token string">'keystone'@<span class="token string">'localhost' IDENTIFIED BY <span class="token string">'keystone'<span class="token punctuation">;GRANT ALL PRIVILEGES ON keystone.* TO <span class="token string">'keystone'@<span class="token string">'%' IDENTIFIED BY <span class="token string">'keystone'<span class="token punctuation">;</span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
 
 

2、安装keystone组件包

1
<code id="code_id_14" class=" has-numbering  language-bash"><span class="token comment"># yum -y install openstack-utils openstack-keystone python-keystoneclient</span></code>
  • 1.
 
 

3、配置keystone文件

1
2
<code id="code_id_15" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak# vim /etc/keystone/keystone.conf [DEFAULT]verbose = True[database]connection = mysql://keystone:keystone@controller/keystone[token]provider = keystone.token.providers.uuid.Provider
driver <span class="token operator">= keystone.token.persistence.backends.sql.Token</span></span></code>
  • 1.
  • 2.
 
 

4、创建证书和秘钥文件

1
<code id="code_id_16" class=" has-numbering  language-bash"><span class="token comment"># keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /var/log/keystone# chown -R keystone:keystone /etc/keystone/ssl# chmod -R o-rwx /etc/keystone/ssl</span></code>
  • 1.
 
 

5、同步keystone到mariadb数据库

1
<code id="code_id_17" class=" has-numbering  language-bash"><span class="token comment"># su -s /bin/sh -c "keystone-manage db_sync" keystone</span></code>
  • 1.
 
 

6、启动keystone服务并开机自启动

1
<code id="code_id_18" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable openstack-keystone.service# systemctl start openstack-keystone.service</span></code>
  • 1.
 
 

7、清除过期的令牌

默认情况下,身份服务存储在数据库中过期的令牌无限。到期令牌的积累大大增加数据库的大小,可能会降低服务的性能,特别是在资源有限的环境中。我们建议您使用cron配置一个周期性任务,清除过期的令牌时

1
2
<code id="code_id_19" class=" has-numbering  language-bash"><span class="token comment"># (crontab -l -u keystone 2>&1 | grep -q token_flush) || \
  <span class="token builtin class-name">echo <span class="token string">'@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' <span class="token punctuation">\  <span class="token operator">>> /var/spool/cron/keystone</span></span></span></span></span></code>
  • 1.
  • 2.
 
 

—————————-Create tenants,user,and roles———————————

1、配置admin的token

1
<code id="code_id_20" class=" has-numbering  language-bash"><span class="token comment"># export OS_SERVICE_TOKEN=$(openssl rand -hex 10)# export OS_SERVICE_ENDPOINT=http://controller:35357/v2.0# echo $OS_SERVICE_TOKEN > ~/ks_admin_token# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token  $OS_SERVICE_TOKEN# service openstack-keystone restart</span></code>
  • 1.
 
 

2、创建tenant、user and role

1
<code id="code_id_21" class=" has-numbering  language-bash">a.Create the admin tenant、user、role<span class="token comment"># keystone tenant-create --name admin --description "Admin Tenant"# keystone user-create --name admin --pass admin --email admin@zhengyansheng.com# keystone role-create --name adminb.Add the admin tenant and user to the admin role:# keystone user-role-add --tenant admin --user admin --role adminc.By default, the dashboard limits access to users with the _member_ role.# keystone role-create --name _member_d.Add the admin tenant and user to the _member_ role:# keystone user-role-add --tenant admin --user admin --role _member_</span></code>
  • 1.
 
 

3、创建一个普通demo项目和用户

1
<code id="code_id_22" class=" has-numbering  language-bash">a.Create the demo tenant:<span class="token comment"># keystone tenant-create --name demo --description "Demo Tenant"b.Create the demo user:# keystone user-create --name demo --pass demo --email demo@zhengyansheng.comc.Add the demo tenant and user to the _member_ role:# keystone user-role-add --tenant demo --user demo --role _member_</span></code>
  • 1.
 
 

4、创建一个service项目

1
<code id="code_id_23" class=" has-numbering  language-bash"><span class="token comment"># keystone tenant-create --name service --description "Service Tenant"</span></code>
  • 1.
 
 

————————Create the service entity and API endpoint————————

1、Create the service entity and API endpoint | Create the service entity for the Identity service:

1
<code id="code_id_24" class=" has-numbering  language-bash"><span class="token comment"># keystone service-create --name keystone --type identity --description "OpenStack Identity"</span></code>
  • 1.
 
 

2、Create the API endpoint for the Identity service:

1
2
3
4
5
<code id="code_id_25" class=" has-numbering  language-bash"><span class="token comment"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ identity / {print $2}') \
--publicurl http://controller:5000/v2.0 <span class="token punctuation">\
--internalurl http://controller:5000/v2.0 <span class="token punctuation">\
--adminurl http://controller:35357/v2.0 <span class="token punctuation">\
--region regionOne</span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 

3、查看keystone认证信息

1
2
3
<code id="code_id_26" class=" has-numbering  language-bash"><span class="token punctuation">[root@controller ~<span class="token punctuation">]<span class="token comment"># keystone user-list+----------------------------------+-------+---------+-------------------------+|                id                |  name | enabled |          email          |+----------------------------------+-------+---------+-------------------------+| 7053cfacc4b047dcabe82f6be0e5dc77 | admin |   True  | admin@zhengyansheng.com || eea569106329465996e9e09a666838bd |  demo |   True  |  demo@zhengyansheng.com |+----------------------------------+-------+---------+-------------------------+[root@controller ~]# keystone tenant-list+----------------------------------+---------+---------+|                id                |   name  | enabled |+----------------------------------+---------+---------+| 307fd76766eb4b02a28779f4e88717ce |  admin  |   True  || f054bd56851b4a318a19233a13e13d31 |   demo  |   True  || d865c3b49f6f4bf7b2a0b93e0110e546 | service |   True  |+----------------------------------+---------+---------+[root@controller ~]# keystone service-list+----------------------------------+----------+----------+--------------------+|                id                |   name   |   type   |    description     |+----------------------------------+----------+----------+--------------------+| 9754f7bdf78c4000875f1aa5f3291b19 | keystone | identity | OpenStack Identity |+----------------------------------+----------+----------+--------------------+[root@controller ~]# keystone endpoint-list+----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+  |                id                |   region  |          publicurl          |         internalurl         |           adminurl           |            service_id            |
    +----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+  <span class="token operator">| 6831d6708fe4469fa653b9b5adf801d9 <span class="token operator">| regionOne <span class="token operator">| http://controller:5000/v2.0 <span class="token operator">| http://controller:5000/v2.0 <span class="token operator">| http://controller:35357/v2.0 <span class="token operator">| 9754f7bdf78c4000875f1aa5f3291b19 <span class="token operator">|
    +----------------------------------+-----------+-----------------------------+-----------------------------+------------------------------+----------------------------------+</span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
 
 

4、取消临时设置的环境变量

1
<code id="code_id_27" class=" has-numbering  language-bash"><span class="token comment"># unset OS_SERVICE_TOKEN # unset OS_SERVICE_ENDPOINT</span></code>
  • 1.
 
 

5、使用keystone进行用户认证

1
<code id="code_id_28" class=" has-numbering  language-bash"><span class="token comment"># keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 tenant-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 user-list# keystone --os-tenant-name admin --os-username admin --os-password admin --os-auth-url http://controller:35357/v2.0 role-list</span></code>
  • 1.
 
 

6、使用普通用户demo认证测试

1
<code id="code_id_29" class=" has-numbering  language-bash"><span class="token comment"># keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 token-get# keystone --os-tenant-name demo --os-username demo --os-password demo --os-auth-url http://controller:35357/v2.0 user-listYou are not authorized to perform the requested action: admin_required (HTTP 403)</span></code>
  • 1.
 
 

7、客户端cli命令行脚本

1
<code id="code_id_30" class=" has-numbering  language-bash"><span class="token comment"># vim ~/admin-openrc.sh export OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://controller:35357/v2.0</span></code>
  • 1.
 
 
1
<code id="code_id_31" class=" has-numbering  language-bash"><span class="token comment"># vim ~/demo-openrc.shexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://controller:5000/v2.0</span></code>
  • 1.
 
 
1
<code id="code_id_32" class=" has-numbering  language-bash"><span class="token comment"># source admin-openrc.sh</span></code>
  • 1.
 
 

8、测试如果取消环境变量,通过keystone仍然能够认证通过说明keystone是配置成功的

 

四、安装glance组件

1、创建keystone数据库和授权用户

1
2
<code id="code_id_33" class=" has-numbering  language-bash">mysql -u root -p
CREATE DATABASE glance<span class="token punctuation">;GRANT ALL PRIVILEGES ON glance.* TO <span class="token string">'glance'@<span class="token string">'localhost' IDENTIFIED BY <span class="token string">'glance'<span class="token punctuation">;GRANT ALL PRIVILEGES ON glance.* TO <span class="token string">'glance'@<span class="token string">'%' IDENTIFIED BY <span class="token string">'glance'<span class="token punctuation">;</span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
 
 

2、创建glance用户并加入到admin组中

1
<code id="code_id_34" class=" has-numbering  language-bash"><span class="token comment"># keystone user-create --name glance --pass glance# keystone user-role-add --user glance --tenant service --role admin</span></code>
  • 1.
 
 

3、创建glance服务

1
<code id="code_id_35" class=" has-numbering  language-bash"><span class="token comment"># keystone service-create --name glance --type image --description "OpenStack Image Service"</span></code>
  • 1.
 
 

4、创建Identity的服务访问rul

1
2
3
4
5
<code id="code_id_36" class=" has-numbering  language-bash"><span class="token comment"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ image / {print $2}') \
--publicurl http://controller:9292 <span class="token punctuation">\
--internalurl http://controller:9292 <span class="token punctuation">\
--adminurl http://controller:9292 <span class="token punctuation">\
--region regionOne</span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 

5、安装配置glance包

1
<code id="code_id_37" class=" has-numbering  language-bash"><span class="token comment"># yum -y install openstack-glance python-glanceclient</span></code>
  • 1.
 
 

6、修改glance配置文件

1
2
3
4
<code id="code_id_38" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak# vim /etc/glance/glance-api.conf[DEFAULT] verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0
identity_uri <span class="token operator">= http://controller:35357
admin_tenant_name <span class="token operator">= serviceadmin_user <span class="token operator">= glance
admin_password <span class="token operator">= glance<span class="token punctuation">[paste_deploy<span class="token punctuation">]flavor <span class="token operator">= keystone<span class="token punctuation">[glance_store<span class="token punctuation">]default_store <span class="token operator">= filefilesystem_store_datadir <span class="token operator">= /var/lib/glance/images/</span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
 
 
1
2
3
4
5
6
<code id="code_id_39" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak# vim /etc/glance/glance-registry.conf[DEFAULT]verbose = True[database]connection = mysql://glance:glance@controller/glance[keystone_authtoken]auth_uri = http://controller:5000/v2.0
identity_uri <span class="token operator">= http://controller:35357
admin_tenant_name <span class="token operator">= serviceadmin_user <span class="token operator">= glance
admin_password <span class="token operator">= glance
 
<span class="token punctuation">[paste_deploy<span class="token punctuation">]flavor <span class="token operator">= keystone</span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
 
 

7、同步glance到mariadb数据库

1
<code id="code_id_40" class=" has-numbering  language-bash"><span class="token comment"># su -s /bin/sh -c "glance-manage db_sync" glance</span></code>
  • 1.
 
 

8、启动和开机自启动

1
<code id="code_id_41" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable openstack-glance-api.service openstack-glance-registry.service# systemctl start openstack-glance-api.service openstack-glance-registry.service</span></code>
  • 1.
 
 

9、下载上传image镜像

1
<code id="code_id_42" class=" has-numbering  language-cpp"><span class="token macro property"><span class="token directive-hash"># <span class="token directive keyword">mkdir <span class="token expression"><span class="token operator">/tmp<span class="token operator">/images# cd <span class="token operator">/tmp<span class="token operator">/images# wget http<span class="token operator">:<span class="token comment">//cdn.download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img# glance image-create --name "cirros-0.3.3-x86_64" --file cirros-0.3.3-x86_64-disk.img --disk-format qcow2 --container-format bare --is-public True --progress# glance image-list# mv /tmp/images /opt</span></span></span></span></span></span></span></span></span></span></code>
  • 1.
 
 

五、添加一个计算节点

1、创建nova数据库和授权用户

1
2
<code id="code_id_43" class=" has-numbering  language-bash">mysql -u root -p
CREATE DATABASE nova<span class="token punctuation">;GRANT ALL PRIVILEGES ON nova.* TO <span class="token string">'nova'@<span class="token string">'localhost' IDENTIFIED BY <span class="token string">'nova'<span class="token punctuation">;GRANT ALL PRIVILEGES ON nova.* TO <span class="token string">'nova'@<span class="token string">'%' IDENTIFIED BY <span class="token string">'nova'<span class="token punctuation">;</span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
 
 

2、创建Nova的用户,加入到admin组、service服务

1
<code id="code_id_44" class=" has-numbering  language-bash"><span class="token comment"># keystone user-create --name nova --pass nova# keystone user-role-add --user nova --tenant service --role admin# keystone service-create --name nova --type compute --description "OpenStack Compute"</span></code>
  • 1.
 
 

3、创建计算节点的访问url

1
2
3
4
5
<code id="code_id_45" class=" has-numbering  language-bash"><span class="token comment"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ compute / {print $2}') \
--publicurl http://controller:8774/v2/%<span class="token punctuation">\<span class="token punctuation">(tenant_id<span class="token punctuation">\<span class="token punctuation">)s <span class="token punctuation">\
--internalurl http://controller:8774/v2/%<span class="token punctuation">\<span class="token punctuation">(tenant_id<span class="token punctuation">\<span class="token punctuation">)s <span class="token punctuation">\
--adminurl http://controller:8774/v2/%<span class="token punctuation">\<span class="token punctuation">(tenant_id<span class="token punctuation">\<span class="token punctuation">)s <span class="token punctuation">\
--region regionOne</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 

4、安装Nova包

1
<code id="code_id_46" class=" has-numbering  language-bash"><span class="token comment"># yum -y install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient# yum -y install openstack-nova-compute sysfsutils</span></code>
  • 1.
 
 

5、修改nova配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
<code id="code_id_47" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/nova/nova.conf /etc/nova/nova.conf.bak# vim /etc/nova/nova.conf[DEFAULT]my_ip = controller
vncserver_listen <span class="token operator">= controller
vncserver_proxyclient_address <span class="token operator">= controller
verbose <span class="token operator">= True
rpc_backend <span class="token operator">= rabbit
rabbit_host <span class="token operator">= controller
rabbit_password <span class="token operator">= rabbit
auth_strategy <span class="token operator">= keystone
vnc_enabled <span class="token operator">= True
vncserver_listen <span class="token operator">= <span class="token number">0.0.0.0
vncserver_proxyclient_address <span class="token operator">= controller
novncproxy_base_url <span class="token operator">= http://controller:6080/vnc_auto.html<span class="token punctuation">[database<span class="token punctuation">]connection <span class="token operator">= mysql://nova:nova@controller/nova<span class="token punctuation">[keystone_authtoken<span class="token punctuation">]auth_uri <span class="token operator">= http://controller:5000/v2.0
identity_uri <span class="token operator">= http://controller:35357
admin_tenant_name <span class="token operator">= serviceadmin_user <span class="token operator">= nova
admin_password <span class="token operator">= nova<span class="token punctuation">[glance<span class="token punctuation">]host <span class="token operator">= controller<span class="token punctuation">[libvirt<span class="token punctuation">]virt_type <span class="token operator">= qemu</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
 
 

6、同步nova到moriadb数据库

1
<code id="code_id_48" class=" has-numbering  language-bash"><span class="token comment"># su -s /bin/sh -c "nova-manage db sync" nova</span></code>
  • 1.
 
 

7、启动众多服务开机自启动

1
2
3
4
5
6
<code id="code_id_49" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable openstack-nova-api.service openstack-nova-cert.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service <span class="token punctuation">\
  openstack-nova-conductor.service openstack-nova-novncproxy.service<span class="token comment"># systemctl start openstack-nova-api.service openstack-nova-cert.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service <span class="token punctuation">\
  openstack-nova-conductor.service openstack-nova-novncproxy.service 
<span class="token comment"># systemctl enable libvirtd.service openstack-nova-compute.service# systemctl start libvirtd.service# systemctl start openstack-nova-compute.service# nova service-list# nova image-list</span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
 
 

六、添加一个网络节点

1、创建neutron数据库和授权用户

1
2
<code id="code_id_50" class=" has-numbering  language-bash">mysql -u root -p
CREATE DATABASE neutron<span class="token punctuation">;GRANT ALL PRIVILEGES ON neutron.* TO <span class="token string">'neutron'@<span class="token string">'localhost' IDENTIFIED BY <span class="token string">'neutron'<span class="token punctuation">;GRANT ALL PRIVILEGES ON neutron.* TO <span class="token string">'neutron'@<span class="token string">'%' IDENTIFIED BY <span class="token string">'neutron'<span class="token punctuation">;</span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
 
 

2、创建neutron用户,加入到admin组中,并创建neutron服务

1
<code id="code_id_51" class=" has-numbering  language-bash"><span class="token comment"># keystone user-create --name neutron --pass neutron# keystone user-role-add --user neutron --tenant service --role admin# keystone service-create --name neutron --type network --description "OpenStack Networking"</span></code>
  • 1.
 
 

3、创建neutron的endponit访问url

1
2
3
4
5
<code id="code_id_52" class=" has-numbering  language-bash"><span class="token comment"># keystone endpoint-create \--service-id $(keystone service-list | awk '/ image / {print $2}') \
--publicurl http://controller:5672 <span class="token punctuation">\
--internalurl http://controller:5672 <span class="token punctuation">\
--adminurl http://controller:5672 <span class="token punctuation">\
--region regionOne</span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 

4、安装neutron包

1
<code id="code_id_53" class=" has-numbering  language-bash"><span class="token comment"># yum -y install openstack-neutron openstack-neutron-ml2 python-neutronclient which</span></code>
  • 1.
 
 

5、修改neutron配置文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
<code id="code_id_54" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak# vim /etc/neutron/neutron.conf [DEFAULT] rpc_backend = rabbit
rabbit_host <span class="token operator">= controller
rabbit_password <span class="token operator">= rabbit
auth_strategy <span class="token operator">= keystone
core_plugin <span class="token operator">= ml2
service_plugins <span class="token operator">= router
allow_overlapping_ips <span class="token operator">= True
notify_nova_on_port_status_changes <span class="token operator">= True
notify_nova_on_port_data_changes <span class="token operator">= True
nova_url <span class="token operator">= http://controller:8774/v2
nova_admin_auth_url <span class="token operator">= http://controller:35357/v2.0
nova_region_name <span class="token operator">= regionOne
nova_admin_username <span class="token operator">= nova
nova_admin_tenant_id <span class="token operator">= SERVICE_TENANT_ID
nova_admin_password <span class="token operator">= nova
verbose <span class="token operator">= True<span class="token punctuation">[database<span class="token punctuation">]connection <span class="token operator">= mysql://neutron:neutron@controller/neutron<span class="token punctuation">[keystone_authtoken<span class="token punctuation">]auth_uri <span class="token operator">= http://controller:5000/v2.0
identity_uri <span class="token operator">= http://controller:35357
admin_tenant_name <span class="token operator">= serviceadmin_user <span class="token operator">= neutron
admin_password <span class="token operator">= neutron</span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 15.
  • 16.
  • 17.
  • 18.
  • 19.
 
 

6、测试

1
<code id="code_id_55" class=" has-numbering  language-bash"><span class="token comment"># keystone tenant-get service</span></code>
  • 1.
 
 
1
2
3
4
5
<code id="code_id_56" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]type_drivers = flat,gre
tenant_network_types <span class="token operator">= gre
mechanism_drivers <span class="token operator">= openvswitch<span class="token punctuation">[ml2_type_gre<span class="token punctuation">] tunnel_id_ranges <span class="token operator">= <span class="token number">1:1000<span class="token punctuation">[securitygroup<span class="token punctuation">] enable_security_group <span class="token operator">= True
enable_ipset <span class="token operator">= True
firewall_driver <span class="token operator">= neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver</span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 
1
2
3
4
5
6
7
8
<code id="code_id_57" class=" has-numbering  language-bash"><span class="token comment"># vim /etc/nova/nova.conf [DEFAULT]network_api_class = nova.network.neutronv2.api.API
security_group_api <span class="token operator">= neutron
linuxnet_interface_driver <span class="token operator">= nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver <span class="token operator">= nova.virt.firewall.NoopFirewallDriver<span class="token punctuation">[neutron<span class="token punctuation">]url <span class="token operator">= http://controller:9696
auth_strategy <span class="token operator">= keystone
admin_auth_url <span class="token operator">= http://controller:35357/v2.0
admin_tenant_name <span class="token operator">= serviceadmin_username <span class="token operator">= neutron
admin_password <span class="token operator">= neutron</span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
 
 
1
<code id="code_id_58" class=" has-numbering  language-bash"><span class="token comment"># ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini</span></code>
  • 1.
 
 

7、同步neutron到mariadb数据库

1
<code id="code_id_59" class=" has-numbering  language-bash"><span class="token comment"># su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade juno" neutron</span></code>
  • 1.
 
 

8、重新启动compute服务

1
<code id="code_id_60" class=" has-numbering  language-bash"><span class="token comment"># systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service</span></code>
  • 1.
 
 

9、开机自启动服务

1
<code id="code_id_61" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable neutron-server.service# systemctl start neutron-server.service</span></code>
  • 1.
 
 

10、查看neutron-server进程

1
<code id="code_id_62" class=" has-numbering  language-bash"><span class="token comment"># neutron ext-list</span></code>
  • 1.
 
 

11、查看相关信息

1
<code id="code_id_63" class=" has-numbering  language-bash"><span class="token comment"># tail -f /var/log/neutron/server.log</span></code>
  • 1.
 
 

12、配置内核网络参数

1
2
3
<code id="code_id_64" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/sysctl.conf /etc/sysctl.conf.bak# vim /etc/sysctl.conf net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter<span class="token operator">=<span class="token number">0
net.ipv4.conf.default.rp_filter<span class="token operator">=<span class="token number">0<span class="token comment"># sysctl -p</span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
 
 

13、安装网络组件包

1
<code id="code_id_65" class=" has-numbering  language-bash"><span class="token comment"># yum -y install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch</span></code>
  • 1.
 
 

14、配置常用的网络组件

1
2
3
4
5
6
<code id="code_id_66" class=" has-numbering  language-bash"><span class="token comment"># vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2_type_flat] flat_networks = external
<span class="token punctuation">[ovs<span class="token punctuation">] local_ip <span class="token operator">= INSTANCE_TUNNELS_INTERFACE_IP_ADDRESS
enable_tunneling <span class="token operator">= True
bridge_mappings <span class="token operator">= external:br-ex
  
<span class="token punctuation">[agent<span class="token punctuation">]tunnel_types <span class="token operator">= gre</span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
 
 
1
2
3
4
<code id="code_id_67" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak# vim /etc/neutron/l3_agent.ini[DEFAULT] interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces <span class="token operator">= True
external_network_bridge <span class="token operator">= br-ex
verbose <span class="token operator">= True</span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
 
 
1
2
3
4
5
<code id="code_id_68" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak# vim /etc/neutron/dhcp_agent.ini [DEFAULT]interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver <span class="token operator">= neutron.agent.linux.dhcp.Dnsmasq
use_namespaces <span class="token operator">= True
verbose <span class="token operator">= True
dnsmasq_config_file <span class="token operator">= /etc/neutron/dnsmasq-neutron.conf</span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
 
 
1
2
3
4
5
6
7
<code id="code_id_69" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak# vim /etc/neutron/metadata_agent.ini[DEFAULT] auth_url = http://controller:5000/v2.0
auth_region <span class="token operator">= regionOne
admin_tenant_name <span class="token operator">= serviceadmin_user <span class="token operator">= neutron
admin_password <span class="token operator">= neutron
nova_metadata_ip <span class="token operator">= controller
metadata_proxy_shared_secret <span class="token operator">= METADATA_SECRET
verbose <span class="token operator">= True</span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
 
 
1
2
<code id="code_id_70" class=" has-numbering  language-bash"><span class="token comment"># vim /etc/nova/nova.conf [neutron] service_metadata_proxy = True
metadata_proxy_shared_secret <span class="token operator">= METADATA_SECRET</span></span></code>
  • 1.
  • 2.
 
 

15、在控制节点上重新启动API服务

1
<code id="code_id_71" class=" has-numbering  language-bash"><span class="token comment"># systemctl restart openstack-nova-api.service</span></code>
  • 1.
 
 

七、安装配置dashboard

1、安装dashboard和所需的和依赖包

1
<code id="code_id_72" class=" has-numbering  language-bash"><span class="token comment"># yum install openstack-dashboard httpd mod_wsgi memcached python-memcached</span></code>
  • 1.
 
 

2、修改dashboard配置文件

1
2
3
<code id="code_id_73" class=" has-numbering  language-bash"><span class="token comment"># cp /etc/openstack-dashboard/local_settings /etc/openstack-dashboard/local_settings.bak# vim /etc/openstack-dashboard/local_settingsOPENSTACK_HOST = "controller"ALLOWED_HOSTS = ['*']CACHES = {
    <span class="token string">'default'<span class="token builtin class-name">: <span class="token punctuation">{
        <span class="token string">'BACKEND'<span class="token builtin class-name">: <span class="token string">'django.core.cache.backends.memcached.MemcachedCache',      <span class="token string">'LOCATION'<span class="token builtin class-name">: <span class="token string">'127.0.0.1:11211', <span class="token punctuation">}<span class="token punctuation">}TIME_ZONE <span class="token operator">= <span class="token string">"TIME_ZONE"</span></span></span></span></span></span></span></span></span></span></span></span></span></span></code>
  • 1.
  • 2.
  • 3.
 
 

3、运行web服务连接OpenStack服务

1
<code id="code_id_74" class=" has-numbering  language-bash"><span class="token comment"># setsebool -P httpd_can_network_connect on</span></code>
  • 1.
 
 

4、由于包装缺陷,仪表板不能正确加载CSS。运行以下命令来解决这个问题:

1
<code id="code_id_75" class=" has-numbering  language-bash"><span class="token comment"># chown -R apache:apache /usr/share/openstack-dashboard/static</span></code>
  • 1.
 
 

5、启动Web服务器和会话存储服务和配置启动系统启动时:

1
<code id="code_id_76" class=" has-numbering  language-bash"><span class="token comment"># systemctl enable httpd.service memcached.service# systemctl start httpd.service memcached.service</span></code>
  • 1.
 
 

八、访问测试

1、基于HTTP进行访问测试:

 

wKioL1SEGfLzXahRAAFqRC6TSN8358.jpg

wKioL1SEGfKhVXiZAAMhHM6MZMA591.jpg

好了,今天就先到这里吧!后续会继续补充,祝大家周末愉快。

 转自:https://blog.51cto.com/lwm666/2340276