虛擬機上利用OpenStack搭建私有云（queens）

時間 2019-12-20

標籤虛擬機上利用 openstack 搭建私有 queens 简体版

原文原文鏈接

OpenStack項目主要提供：計算服務、存儲服務、鏡像服務、網絡服務，均依賴於身份認證keystone的支撐。其中的每一個項目能夠拆開部署，同一項目也能夠部署在多臺=物理機上，而且每一個服務都提供了應用接口程序（API），方便與第三方集成調用資源。html

環境準備

安裝openstack環境的硬件需求

CPU 支持intel 64或AMD 64 CPU擴展，並啓用AMD-H或intel VT硬件虛擬化支持的64位x86處理器
內存 >=2G
磁盤空間 >=50G

虛擬機分配

主機名	操做系統	IP地址	備註
controller	CentOS-7.4-x86_64	172.16.10.33	控制節點
compute	CentOS-7.4-x86_64	172.16.10.35	計算節點
cinder	CentOS-7.4-x86_64	172.16.10.36	塊存儲節點

關閉虛擬機防火牆及selinux

systemctl disable firewalld.service
systemctl stop firewalld.service
vim /etc/sysconfig/selinux
SELINUX=disable           //將enforcing修改成disable，永久關閉
setenforce 0

搭建OpenStack

環境準備

在接下來的操做中若無特別說明，則表示在三臺主機上均進行相同操做python

配置域名解析

修改全部主機名

hostnamectl set-hostname 主機名      //三臺虛擬機修改相對應主機名，修改完成以後重啓服務器

修改全部主機hosts文件

vim /etc/hosts
172.16.10.33 controller
172.16.10.35 compute
172.16.10.36 cinder             //三臺服務器hosts文件內容一致

測試各節點連通性

ping -c 4 openstack.org     //是否ping通官網
ping -c 4 compute            //各節點間測試

配置阿里雲yum源

備份默認yum源

mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup

下載最新yum源

wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo

安裝配置NTP服務

在controller節點安裝配置chrony

yum install chrony -y

vim /etc/chrony.conf
server  controller  iburst  //全部節點向controller節點同步時間
allow 172.16.10.0/24      //設置時間同步網段
systemctl enable chronyd
systemctl restart chronyd

在compute節點安裝配置chrony

yum install chrony -y

vim /etc/chrony.conf
server  controller  iburst
systemctl enable chronyd
systemctl restart chronyd

在cinder節點安裝配置chrony

yum install chrony -y

vim /etc/chrony.conf
server  controller  iburst
systemctl enable chronyd
systemctl restart chronyd

驗證時鐘同步服務

chronyc sources

啓用OpenStack庫

yum install centos-release-openstack-queens -y
yum upgrade -y                    //在主機上升級包
yum install python-openstackclient -y  //安裝openstack客戶端
yum install openstack-selinux -y  //安裝openstack-selinux，便於自動管理openstack的安全策略

MySQL數據庫部署（controller）

軟件包安裝

yum install mariadb mariadb-server python2-PyMySQL -y

配置文件修改

vim /etc/my.cnf.d/mariadb-server.cnf

[mysqld]
datadir=/var/lib/mysql
socket=/var/lib/mysql/mysql.sock
log-error=/var/log/mariadb/mariadb.log
pid-file=/var/run/mariadb/mariadb.pid
bind-address = 172.16.10.33   //修改成控制節點IP，使其餘節點能夠經過管理網絡訪問數據庫
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

啓動服務並設置爲開機自啓

systemctl enable mariadb.service
systemctl start mariadb.service

對數據庫進行安全加固

mysql_secure_installation

安裝配置Messaging server-RabbitMQ

OpenStack使用message queue協調操做和各服務器的狀態信息。消息隊列服務通常運行在控制節點上。mysql

在controller節點安裝RabbitMQ

yum install rabbitmq-server -y

開啓服務並設置爲開機自啓

systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service 
netstat -ntap | grep 5672

添加openstack用戶

若是在添加用戶時報錯，就檢查是否修改了主機名，或者是在以前的操做中修改主機名以後未重啓，重啓便可解決建立用戶報錯linux

rabbitmqctl add_user openstack 123456         //建立用戶openstack，密碼爲123456
rabbitmqctl set_permissions openstack ".*" ".*" ".*"   //授予新建用戶權限

部署memcached服務（controller）

安裝軟件

yum install memcached python-memcached -y

修改配置文件

vim /etc/sysconfig/memcached

PORT="11211"
USER="memcached"
MAXCONN="1024"
CACHESIZE="64"
OPTIONS="-l 172.16.10.33,::1"

開啓服務並設置爲開機自啓

systemctl enable memcached.service
systemctl start memcached.service

部署etcd服務（controller）

etcd是一個分佈式，一致的鍵值存儲，用於共享配置和服務發現，特色是，安全，具備可選客戶端證書身份驗證的自動TLS；快速，基準測試10,000次/秒；可靠，使用Raft正確分發。web

安裝軟件

yum install etcd -y

修改配置文件

vim /etc/etcd/etcd.conf

ETCD_INITIAL_CLUSTER
ETCD_INITIAL_ADVERTISE_PEER_URLS
ETCD_ADVERTISE_CLIENT_URLS
ETCD_LISTEN_CLIENT_URLS
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://172.16.10.33:2380"
ETCD_LISTEN_CLIENT_URLS="http://172.16.10.33:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.16.10.33:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://172.16.10.33:2379"
ETCD_INITIAL_CLUSTER="controller=http://172.16.10.33:2380"   
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

開啓服務並設置爲開機自啓

systemctl enable etcd.service
systemctl start etcd.service

部署keystone認證服務

Identity服務爲其餘OpenStack服務提供驗證和受權服務，爲全部服務提供終端目錄，其餘OpenStack服務將身份認證看成通用統一API來使用。此外，提供用戶信息可是不在OpenStack項目中的服務（如LDAP服務）可被整合進先前存在的基礎設施中。
爲了從identify服務中獲益，其餘的OpenStack服務須要與他合做。當某個OpenStack服務須要與他合做。當某個OpenStack服務收到來自用戶的請求時，該服務詢問identify服務，驗證該用戶是否有權限進行這次請求，身份驗證服務包括如下組件算法

服務器：一箇中心化的服務器使用RESTful接口來提供認證和受權服務
驅動：驅動或服務後端被整合進集中式服務器中。它們被用來訪問OpenStack外部倉庫的身份信息，而且它們可能已經存在於OpenStack被部署在的基礎設施中，如SQL數據庫
模塊：中間件模塊運行於使用身份驗證服務的OpenStack組件的地址空間中。這些模塊攔截服務請求，取出用戶憑據，並將它們送入中央服務器尋求受權。中間件模塊和OpenStack組件間的整合使用python web服務器網關接口。
當安裝OpenStack自身服務時，用戶必須將之註冊到其OpenStack安裝環境的每一個服務。身份服務才能夠追蹤到哪些OpenStack服務已經安裝，以及在網絡中定位它們。

keystone服務的安裝配置

在controller節點上操做sql

配置MySQL數據庫及受權

mysql -uroot -p         //登錄數據庫
CREATE DATABASE keystone;   //建立keystone數據庫
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
//受權本地登錄
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
//受權任意地址登錄
FLUSH PRIVILEGES;

安裝軟件包

yum install openstack-keystone httpd mod_wsgi -y

修改配置文件(keystone.conf)

vim /etc/keystone/keystone.conf

[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
provider = fernet     //2922行，安全消息傳遞算法

同步數據庫

su -s /bin/sh -c "keystone-manage db_sync" keystone

初始化數據庫

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password 123456 \      //添加admin用戶及三種登錄方式
--bootstrap-admin-url http://controller:35357/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne

配置apache服務

vim /etc/httpd/conf/httpd.conf
ServerName controller   //修改主機名
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/   //建立軟鏈接
systemctl enable httpd.service
systemctl start httpd.service              //啓動服務，並將服務添加爲開機自啓

設置環境變量腳本

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

建立域、項目用戶和角色

建立域

openstack domain create --description "Domain" example

建立項目

openstack project create --domain default   --description "Service Project" service

建立平臺demo項目

openstack project create --domain default --description "Demo Project" demo

建立demo用戶

openstack user create --domain default  --password-prompt demo

建立用戶角色

openstack role create user

添加用戶角色到demo項目和用戶

openstack role add --project demo --user demo user  //該步驟沒有返回值

驗證keystone

取消環境變量

unset OS_AUTH_URL OS_PASSWORD

admin用戶返回的認證token

openstack --os-auth-url http://controller:35357/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue

demo用戶返回的認證token

openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name demo --os-username demo token issue

建立openstack客戶端環境腳本

建立admin-openrc腳本

vim admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

建立demo-openrc腳本

vim demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123456
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

使用腳本驗證返回值

查看admin用戶的token信息數據庫

source ~/admin-openrc   //刷入環境變量
openstack token issue   //認證

鏡像服務（glance）

在controller節點上操做apache

安裝與配置

配置MySQL數據庫及受權

mysql -u root -p

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'  IDENTIFIED BY '123456';
FLUSH PRIVILEGES;

獲取admin用戶的環境變量

source admin-penrc
export | grep OS_

建立glance用戶

openstack user create --domain default --password-prompt glance

admin用戶添加到glance用戶和項目中

openstack role add --project service --user glance admin

建立glance服務

openstack service create --name glance  --description "OpenStack Image" image

建立鏡像服務API端點

OpenStack使用三種API端點變種表明每種服務：admin、internal、public。django

openstack endpoint create --region RegionOne  image public http://controller:9292
openstack endpoint create --region RegionOne  image internal http://controller:9292
openstack endpoint create --region RegionOne  image admin http://controller:9292

安裝glance包

yum install openstack-glance -y

建立images文件夾，並修改屬性

mkdir /var/lib/glance/images
cd /var/lib
chown -hR glance:glance glance

修改glance-api.conf配置文件

vim /etc/glance/glance-api.conf

[database]
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000    
auth_url = http://controller:35357  //3501行，注意 url 不是 uri
memcached_servers = controller:11211    //3552行
auth_type = password        //3659
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456

[paste_deploy]
flavor = keystone   //4508

[glance_store]
stores = file,http    //2066
default_store = file   //2110
filesystem_store_datadir = /var/lib/glance/images  //2429

修改glance-registry.conf配置文件

vim /etc/glance/glance-registry.conf

[database]
connection = mysql+pymysql://glance:123456@controller/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357    //注意 url 不是 uri
memcached_servers = controller:11211  //1365
auth_type = password               //1472
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123456

[paste_deploy]
flavor = keystone           //2294

同步鏡像數據庫

su -s /bin/sh -c "glance-manage db_sync" glance

啓動服務

systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
systemctl enable openstack-glance-registry.service
systemctl start openstack-glance-registry.service

驗證上傳鏡像

獲取admin用戶的環境變量並下載鏡像

source ~/admin-openrc
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
//下載一個小型linux鏡像進行測試

上傳鏡像

使用QCOW2磁盤格式，裸容器格式和公開可見性將圖像上傳到Image服務，以便全部項目均可以訪問它

openstack image create "cirros" --file cirros-0.3.5-x86_64-disk.img  --disk-format qcow2 --container-format bare  --public

查看上傳的鏡像

openstack image list

部署compute服務

在controller節點上操做

安裝與配置

配置MySQL數據庫及受權

mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';

建立nova用戶

source ~/admin-openrc   //加載admin環境變量
openstack user create --domain default --password-prompt nova

添加admin用戶爲nova用戶

openstack role add --project service --user nova admin

建立nova服務端點

openstack service create --name nova --description "OpenStack Compute" compute

建立compute API 服務端點

openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

建立一個placement服務用戶

openstack user create --domain default --password-prompt placement

添加placement用戶爲項目服務admin角色

openstack role add --project service --user placement admin

在服務目錄建立Placement API服務

openstack service create --name placement --description "Placement API" placement

建立Placement API服務端點

openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778

安裝軟件包

yum install openstack-nova-api openstack-nova-conductor  openstack-nova-console openstack-nova-novncproxy  openstack-nova-scheduler openstack-nova-placement-api -y

修改nova.conf配置文件

vim /etc/nova/nova.conf

[DEFAULT]
enabled_apis=osapi_compute,metadata  //2756行
transport_url=rabbit://openstack:123456@controller  //3156行
my_ip=172.16.10.33     //1291行
use_neutron=true    //1755行
firewall_driver=nova.virt.firewall.NoopFirewallDriver   //2417行

[api_database]
connection=mysql+pymysql://nova:123456@controller/nova_api  //3513行

[database]
connection=mysql+pymysql://nova:123456@controller/nova   //4588行

[api]
auth_strategy=keystone   //3221行

[keystone_authtoken]
auth_uri=http://controller:5000
auth_url=http://controller:35357    //6073行
memcached_servers=controller:11211   //6124行
auth_type=password     //6231行
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456

[vnc]
enabled=true    //10213行
server_listen=$my_ip     //10237行
server_proxyclient_address=$my_ip    //10250行 

[glance]
api_servers=http://controller:9292   //5266行

[oslo_concurrency]
lock_path=/var/lib/nova/tmp   //7841行

[placement]
os_region_name=RegionOne    //8740行
auth_type=password    //8780行 
auth_url=http://controller:35357/v3   //8786行 
project_name=service   //8801行 
project_domain_name=Default   //8807行
username=placement     //8827行
user_domain_name=Default    //8833行
password=123456    //8836行

啓用placement API訪問

因爲軟件包錯誤，必須啓用對Placement API的訪問，在配置文件末尾添加便可。

vim /etc/httpd/conf.d/00-nova-placement-api.conf

<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

重啓httpd服務

systemctl restart httpd.service

同步nova-api數據庫

su -s /bin/sh -c "nova-manage api_db sync" nova

註冊cell0數據庫

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

建立cell1 cell

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

同步nova數據庫

su -s /bin/sh -c "nova-manage db sync" nova

驗證數據庫是否註冊正確

nova-manage cell_v2 list_cells

啓動並將服務添加爲開機自啓

systemctl enable openstack-nova-api.service
systemctl enable openstack-nova-consoleauth.service
systemctl enable openstack-nova-scheduler.service
systemctl enable openstack-nova-conductor.service
systemctl enable openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service
systemctl start openstack-nova-consoleauth.service
systemctl start openstack-nova-scheduler.service
systemctl start openstack-nova-conductor.service
systemctl start openstack-nova-novncproxy.service

安裝和配置compute節點

安裝軟件包

yum install openstack-nova-compute -y

修改nova.conf配置文件

vim /etc/nova/nova.conf 

[DEFAULT]
my_ip = 172.16.10.35         //1291，輸入compute節點IP
use_neutron=true              //1755 
firewall_driver=nova.virt.firewall.NoopFirewallDriver       //2417
enabled_apis = osapi_compute,metadata                 //2756
transport_url = rabbit://openstack:123456@controller  //3156

[api]
auth_strategy=keystone    //3221 

[keystone_authtoken]
auth_uri = http://172.16.10.33:5000       //6073controller節點IP
auth_url = http://controller:35357
memcached_servers=controller:11211      //6124 
auth_type=password                     //6231 
project_domain_name=default
user_domain_name=default
project_name=service
username=nova
password=123456

[vnc]
enabled=true        //10213 
server_listen=0.0.0.0       //10237 
server_proxyclient_address=$my_ip      //10250 
novncproxy_base_url=http://controller:6080/vnc_auto.html     //10268 

[glance]
api_servers=http://controller:9292       //5266 

[oslo_concurrency]
lock_path=/var/lib/nova/tmp       //7841 

[placement]
os_region_name=RegionOne         //8740 
auth_type = password                //8780
auth_url=http://controller:35357/v3    //8786
project_name = service        //8801
project_domain_name = Default     //8807
user_domain_name = Default        //8833
username = placement            //8827
password = 123456               //8836

啓動服務同時添加爲開機自啓

systemctl enable libvirtd.service
systemctl restart libvirtd
systemctl enable openstack-nova-compute.service
systemctl start openstack-nova-compute.service

添加compute節點到cell數據庫

在controller節點上進行操做

驗證在數據庫中的計算節點

source ~/admin-openrc        //在重啓虛擬機時需從新加載環境變量
openstack compute service list --service nova-compute

發現計算節點

su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

在controller節點驗證計算服務操做

openstack compute service list

列出身份服務中的API端點以驗證與身份服務的鏈接

openstack catalog list

檢查cells和placement API是否正常

nova-status upgrade check

Networking服務

安裝和配置controller節點neutron網絡配置

建立nuetron數據庫並受權

mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'   IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'   IDENTIFIED BY '123456';

建立用戶

source ~/admin-openrc
openstack user create --domain default --password-prompt neutron

建立neutron服務

openstack service create --name neutron   --description "OpenStack Networking" network

建立網絡服務端點

openstack endpoint create --region RegionOne  network public http://controller:9696
openstack endpoint create --region RegionOne  network internal http://controller:9696
openstack endpoint create --region RegionOne  network admin http://controller:9696

安裝軟件包

yum install -y openstack-neutron openstack-neutron-ml2  openstack-neutron-linuxbridge ebtables

修改配置文件

vim  /etc/neutron/neutron.conf

[database]
connection = mysql+pymysql://neutron:123456@controller/neutron   //729

[DEFAULT]
auth_strategy = keystone  //27
core_plugin = ml2   //30
service_plugins =    //33 不寫表明禁用其餘插件
transport_url = rabbit://openstack:123456@controller   //570
notify_nova_on_port_status_changes = true   //98
notify_nova_on_port_data_changes = true     //102

[keystone_authtoken]
auth_uri = http://controller:5000   //847
auth_url = http://controller:35357
memcached_servers = controller:11211    //898
auth_type = password        //1005
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[nova]
auth_url = http://controller:35357   //1085
auth_type = password        //1089
project_domain_name = default   //1127
user_domain_name = default    //1156
region_name = RegionOne      //1069
project_name = service     //1135
username = nova           //1163
password = 123456        //1121

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp       //1179

配置網絡二層插件

vim /etc/neutron/plugins/ml2/ml2_conf.ini

[ml2]
type_drivers = flat,vlan       //136
tenant_network_types =           //141   設置空是禁用本地網絡
mechanism_drivers = linuxbridge    //145
extension_drivers = port_security  //150

[ml2_type_flat]
flat_networks = provider   //186

[securitygroup]
enable_ipset = true    //263

配置Linux網橋

vim  /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens33       //157

[vxlan]
enable_vxlan = false      //208

[securitygroup]
enable_security_group = true       //193
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver   //188

配置DHCP

vim /etc/neutron/dhcp_agent.ini

interface_driver = linuxbridge          //16
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq          //28
enable_isolated_metadata = true            //37

配置metadata

vim  /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host = controller   //22
metadata_proxy_shared_secret = 123456       //34

配置計算服務使用網絡服務

vim /etc/nova/nova.conf

[neutron]
url = http://controller:9696         //7534
auth_url = http://controller:35357   //7610
auth_type = password                //7604
project_domain_name = default        //7631
user_domain_name = default          //7657
region_name = RegionOne          //7678
project_name = service          //7625 
username = neutron              //7651
password = 123456               //7660
service_metadata_proxy = true     //7573
metadata_proxy_shared_secret = 123456   //7584

創建服務軟鏈接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

同步數據庫

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

重啓compute API服務

systemctl restart openstack-nova-api.service

啓動neutron服務並添加爲開機自啓

systemctl enable neutron-server.service   
systemctl enable neutron-linuxbridge-agent.service 
systemctl enable neutron-dhcp-agent.service   
systemctl enable neutron-metadata-agent.service
systemctl start neutron-server.service   
systemctl start neutron-linuxbridge-agent.service 
systemctl start neutron-dhcp-agent.service   
systemctl start neutron-metadata-agent.service

配置compute節點網絡服務

安裝軟件包

yum install -y openstack-neutron-linuxbridge ebtables ipset

配置公共組件

vim /etc/neutron/neutron.conf

[DEFAULT]
auth_strategy = keystone      //27
transport_url = rabbit://openstack:123456@controller   //570

[keystone_authtoken]
auth_uri = http://controller:5000      //847
auth_url = http://controller:35357
memcached_servers = controller:11211    //898
auth_type = password       //1005
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp    //1180

配置Linux網橋

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

[linux_bridge]
physical_interface_mappings = provider:ens33   //157

[vxlan]
enable_vxlan = false    //208

[securitygroup]
enable_security_group = true    //193
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver   //188

配置計算節點網絡服務

vim /etc/nova/nova.conf

[neutron]
url = http://controller:9696    //7534
auth_url = http://controller:35357    //7610
auth_type = password      //7640
project_domain_name = default    //7631
user_domain_name = default    //7657
region_name = RegionOne    //7678
project_name = service    //7625
username = neutron    //7651
password = 123456   //7660

啓動服務

systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service

部署Horizon服務

在controller節點安裝Horizon服務

安裝軟件包

yum install openstack-dashboard -y

修改配置文件

vim /etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "controller"    //189
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "admin"   //191
ALLOWED_HOSTS = ['*']     //38
SESSION_ENGINE = 'django.contrib.sessions.backends.file'  //51

配置memcache會話存儲

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'   //50，添加
CACHES = {          //註釋166-170 去掉註釋159-164
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST   //開啓身份認證API版本v3 190行
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True    //開啓domains版本支持 76行 

OPENSTACK_API_VERSIONS = {    //配置API版本  65行
    "identity": 3,
    "image": 2,
    "volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"   //98

OPENSTACK_NEUTRON_NETWORK = {    //324

    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_***': False,
    'enable_fip_topology_check': False,
}

解決網頁沒法打開檢查

vim /etc/httpd/conf.d/openstack-dashboard.conf

WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}   //添加

重啓web服務和會話存儲

systemctl restart httpd.service 
systemctl restart memcached.service

登錄測試

http://172.16.10.33/dashboard

domain： default
用戶名：admin
密碼：123456

相關標籤/搜索

每日一句

每一个你不满意的现在，都有一个你没有努力的曾经。