openstack部署(四)--網絡配置(Networking)
計算節點python
增長Networking及配置【計算節點】mysql
安裝組件 yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipsetlinux
配置普通組件 vim /etc/neutron/neutron.conf //更改或增長web
[DEFAULT] rpc_backend = rabbit auth_strategy = keystone verbose = True [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstackpasswd [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = neutron password = neutronpasswd [oslo_concurrency] lock_path = /var/lib/neutron/tmp
配置linux橋接agentsql
[root@compute ~]# mv /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak [root@compute ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini 增長如下內容 [linux_bridge] physical_interface_mappings = public:eno16777736 [vxlan] enable_vxlan = False [agent] prevent_arp_spoofing = True [securitygroup] enable_security_group = True firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置compute使用網絡django
vi /etc/nova/nova.conf //更改或增長vim
[neutron] url = http://controller:9696 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default region_name = RegionOne project_name = service username = neutron password = neutronpasswd
啓動服務api
systemctl restart openstack-nova-compute.service 緩存
systemctl enable neutron-linuxbridge-agent.servicebash
systemctl start neutron-linuxbridge-agent.service
[root@compute ~]# systemctl restart openstack-nova-compute.service [root@compute ~]# systemctl enable neutron-linuxbridge-agent.service Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service. [root@compute ~]# systemctl start neutron-linuxbridge-agent.service [root@compute ~]#
驗證配置(controller)
執行環境變量腳本
source admin-openrc.sh
列出全部的擴展
neutron ext-list
[root@controller network-scripts]# neutron ext-list +-----------------------+-----------------------------------------------+ | alias | name | +-----------------------+-----------------------------------------------+ | dns-integration | DNS Integration | | ext-gw-mode | Neutron L3 Configurable external gateway mode | | binding | Port Binding | | agent | agent | | subnet_allocation | Subnet Allocation | | l3_agent_scheduler | L3 Agent Scheduler | | external-net | Neutron external network | | flavors | Neutron Service Flavors | | net-mtu | Network MTU | | quotas | Quota management support | | l3-ha | HA Router extension | | provider | Provider Network | | multi-provider | Multi Provider Network | | extraroute | Neutron Extra Route | | router | Neutron L3 Router | | extra_dhcp_opt | Neutron Extra DHCP opts | | security-group | security-group | | dhcp_agent_scheduler | DHCP Agent Scheduler | | rbac-policies | RBAC Policies | | port-security | Port Security | | allowed-address-pairs | Allowed Address Pairs | | dvr | Distributed Virtual Router | +-----------------------+-----------------------------------------------+ [root@controller network-scripts]#
列出全部agent
neutron agent-list
[root@controller network-scripts]# neutron agent-list +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | id | agent_type | host | alive | admin_state_up | binary | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ | 4280e1bf-9167-4513-9128-8d71bb1235cc | DHCP agent | controller | :-) | True | neutron-dhcp-agent | | 75faf736-924d-43a5-bb2c-620dcd474602 | Metadata agent | controller | :-) | True | neutron-metadata-agent | | af9496f7-9c3a-4b29-9112-4fbd19a91b70 | Linux bridge agent | compute | :-) | True | neutron-linuxbridge-agent | | fdc74917-b760-48e4-b5d6-5290083521bf | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent | +--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ [root@controller network-scripts]#
agent type以下:
Linux bridge agent
Linux bridge agent
DHCP agent
Metadata agent
必需要有4個,不然說明上面的某個步驟配置有問題。
增長dashboard - horizon 【控制節點】
openstack dashboard也被稱爲Horizon,是一個web界面,使用管理員和用戶可以管理openstack不一樣的資源和服務
dashboard 經過OpenStack APIs操做openstack雲計算控制器
Horizon容許定製本身的商標
Horizon提供了核心類和可重複使用的木板和工具
這個部署使用的是 Apache web server.
安裝包 yum install -y openstack-dashboard
編輯配置文件
vi /etc/openstack-dashboard/local_settings //更改或增長
OPENSTACK_HOST = "controller" #配置openstack服務dashboard,運行在控制節點
ALLOWED_HOSTS = ['*', ] #容許任何主機訪問dashboard
#配置緩存會話存儲服務,注意:註釋掉其它session存儲配置
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': '127.0.0.1:11211',
}
}
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"volume": 2,
}
TIME_ZONE = "Asia/Chongqing" #時區
重啓服務 systemctl restart httpd.service memcached.service
此時能夠去訪問了 http://controller/dashboard 使用帳號admin或者demon用戶登錄便可,域爲default
block storage又叫作cinder,用來給openstack提供存儲服務,好比咱們在阿里雲購買一臺雲主機,同時想購買容量大的磁盤,一般叫作雲盤,這個雲盤就是block storage。
建立庫並受權cinder用戶
mysql -uroot -proot
> CREATE DATABASE cinder;
> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
MariaDB [(none)]> CREATE DATABASE cinder; Query OK, 1 row affected (0.03 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder'; Query OK, 0 rows affected (0.14 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder'; Query OK, 0 rows affected (0.00 sec) MariaDB [(none)]>
執行初始化腳本
source admin-openrc.sh
建立cinder用戶 (密碼爲cinderpasswd)
openstack user create --domain default --password-prompt cinder
[root@controller ~]# source admin-openrc.sh [root@controller ~]# openstack user create --domain default --password-prompt cinder User Password: Repeat User Password: +-----------+----------------------------------+ | Field | Value | +-----------+----------------------------------+ | domain_id | default | | enabled | True | | id | 97c646aaca35428b853cc7b2dba399c3 | | name | cinder | +-----------+----------------------------------+ [root@controller ~]#
添加admin角色
openstack role add --project service --user cinder admin
[root@controller ~]# openstack role add --project service --user cinder admin [root@controller ~]#
增長block storage - 前期準備 【控制節點】
建立cinder和cinderv2 實例
openstack service create --name cinder \
--description "OpenStack Block Storage" volume
openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2
[root@controller ~]# openstack role add --project service --user cinder admin [root@controller ~]# openstack service create --name cinder \ > --description "OpenStack Block Storage" volume +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Block Storage | | enabled | True | | id | 41d1d66196044f4c99f1f5f9a6891d87 | | name | cinder | | type | volume | +-------------+----------------------------------+ [root@controller ~]# openstack service create --name cinderv2 \ > --description "OpenStack Block Storage" volumev2 +-------------+----------------------------------+ | Field | Value | +-------------+----------------------------------+ | description | OpenStack Block Storage | | enabled | True | | id | 1041e0133be44321803302fd928b8d45 | | name | cinderv2 | | type | volumev2 | +-------------+----------------------------------+ [root@controller ~]#
建立塊存儲服務api終端
openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volume public http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 096bdd462bd94a29899bdefeb0ed3734 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 41d1d66196044f4c99f1f5f9a6891d87 | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volume internal http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 727676c160284e4ca653affaeb324c39 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 41d1d66196044f4c99f1f5f9a6891d87 | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volume admin http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | ea0c8d6c84bd43888ae842c4e2e57731 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 41d1d66196044f4c99f1f5f9a6891d87 | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volumev2 public http://controller:8776/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 68201bbf68b542e4aeedab3164907ee4 | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | 1041e0133be44321803302fd928b8d45 | | service_name | cinderv2 | | service_type | volumev2 | | url | http://controller:8776/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volumev2 internal http://controller:8776/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 52cb76c604d544f09ae99a5f0bb25ec9 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | 1041e0133be44321803302fd928b8d45 | | service_name | cinderv2 | | service_type | volumev2 | | url | http://controller:8776/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s
[root@controller ~]# openstack endpoint create --region RegionOne volumev2 admin http://controller:8776/v2/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 6590ebabec184778ba818ffccd2efa45 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | 1041e0133be44321803302fd928b8d45 | | service_name | cinderv2 | | service_type | volumev2 | | url | http://controller:8776/v2/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]#
增長block storage - 安裝和配置【控制節點】
安裝包 yum install -y openstack-cinder python-cinderclient
編輯配置文件 vim /etc/cinder/cinder.conf //更改或增長
[database] connection = mysql://cinder:cinder@controller/cinder [DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = 192.168.100.20 verbose = True [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = cinder password = cinderpasswd [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstackpasswd [oslo_concurrency] lock_path = /var/lib/cinder/tmp
同步數據 su -s /bin/sh -c "cinder-manage db sync" cinder
配置compute使用塊存儲
vi /etc/nova/nova.conf #增長如下配置
[cinder] os_region_name=RegionOne
啓動服務
systemctl restart openstack-nova-api.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
[root@controller ~]# systemctl restart openstack-nova-api.service [root@controller ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-api.service to /usr/lib/systemd/system/openstack-cinder-api.service. Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-cinder-scheduler.service to /usr/lib/systemd/system/openstack-cinder-scheduler.service. [root@controller ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service [root@controller ~]#
增長block storage - 配置storage節點【計算節點】
咱們理應須要再準備一臺單獨的機器來作storage服務的,可是爲了節省資源,咱們就那compute節點和storage節點共用。這裏須要爲compute(storage)節點再增長一塊磁盤(/dev/sdb)做爲存儲磁盤。
安裝lvm
yum install -y lvm2
啓動服務
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
建立物理卷 pvcreate /dev/sdb
建立卷組 vgcreate cinder-volumes /dev/sdb
[root@compute ~]# pvcreate /dev/sdb Physical volume "/dev/sdb" successfully created [root@compute ~]# vgcreate cinder-volumes /dev/sdb Volume group "cinder-volumes" successfully created [root@compute ~]#
編輯配置文件 vi /etc/lvm/lvm.conf
devices {
filter = [ "a/sdb/", "r/.*/"]
說明: 若是還有第三塊磁盤,應該再加上
filter = [ "a/sda/", "a/sdb/", "r/.*/"]
增長block storage - 配置storage節點 (compute)
安裝包 yum install -y openstack-cinder targetcli python-oslo-policy
編輯配置文件 vi /etc/cinder/cinder.conf
[DEFAULT] rpc_backend = rabbit auth_strategy = keystone my_ip = 192.168.100.21 enabled_backends = lvm glance_host = controller verbose = True [database] connection = mysql://cinder:cinder@controller/cinder [oslo_messaging_rabbit] rabbit_host = controller rabbit_userid = openstack rabbit_password = openstackpasswd [keystone_authtoken] auth_uri = http://controller:5000 auth_url = http://controller:35357 auth_plugin = password project_domain_id = default user_domain_id = default project_name = service username = cinder password = cinderpasswd [lvm] volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver volume_group = cinder-volumes iscsi_protocol = iscsi iscsi_helper = lioadm [oslo_concurrency] lock_path = /var/lib/cinder/tmp
增長block storage - 啓動和驗證
啓動服務 (compute)
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
驗證操做 (controller)
1. 執行初始化腳本
source admin-openrc.sh
2. 列出服務
cinder service-list
[root@controller ~]# source admin-openrc.sh [root@controller ~]# cinder service-list +------------------+-------------+------+---------+-------+----------------------------+-----------------+ | Binary | Host | Zone | Status | State | Updated_at | Disabled Reason | +------------------+-------------+------+---------+-------+----------------------------+-----------------+ | cinder-scheduler | controller | nova | enabled | up | 2016-09-24T15:06:52.000000 | - | | cinder-volume | compute@lvm | nova | enabled | up | 2016-09-24T15:06:51.000000 | - | +------------------+-------------+------+---------+-------+----------------------------+-----------------+ [root@controller ~]#
至此全部節點基本安裝完成能夠建立實例