openstack-queens版本部署步骤
OpenStack-queens部署安装
- 控制节点和计算节点
- 1、环境部署
- 1-1.关闭防火墙firewalld
- 1-2.关闭selinux
- 1-3.配置阿里云yum源
- 1-4.同步时间
- 1-5.yum安装openstack-queens扩展源
- 1-6.关闭NetworkManager.service网络管理工具(这个无所谓)
- 1-7.修改/etc/hosts主机解析配置文件
- 1-8.配置dns nameserver服务器地址
- 控制节点
- 2.安装OpenStack-queens
- 2-1.安装OpenStack-queens个组件
- 3.配置MariaDB数据库
- 3-1.配置MariaDB数据库配置文件
- 3-2.增加MariaDB中openstack配置/etc/my.cnf.d/openstack.cnf
- 3-3.设置MariaDB数据库开机自启
- 3-4.MariaDB数据库安全优化
- 3-5.登录数据库,并为各控件新建数据库
- 4.RabbitMQ消息队列配置
- 4-1.设置开机自启
- 4-2.新建RabbitMQ用户及密码,是为了安全的考虑
- 4-3.授予用户openstack所有权限
- 4-4.设置RabbitMQ插件rabbitmq_management,并启动
- 5.配置memcache缓存
- 5-1.修改memcache配置文件
- 5-2.设置memcache开机自启
- 6.配置keystone认证服务
- 6-1.修改配置文件
- 6-2.同步数据库
- 6-3.初始化keystone
- 6-4.用户初始化,设置admin管理员
- 6-5.Apache配置
- 6-6.设置Apache服务开机自启
- 6-7.设置admin用户环境变量
- 6-8.创建demo项目、demo用户、user角色(demo为普通用户)
- 6-9.创建service项目,并为各个组件服务创建用户,并授予admin角色
- 6-10.验证keystone是否可用
- 6-11.创建用户环境脚本
- 7.glance镜像服务配置
- 7-1.修改配置文件
- 7-1-1.设置glance_api配置文件
- 7-1-2.设置glance-registry配置文件
- 7-2.同步数据库
- 7-3.设置glance开机自启
- 7-4.配置glance服务接口api
- 7-3.上传镜像
- 8.nova计算服务配置
- 8-1.修改nova配置文件
- 8-2.修改placement配置参数,并重启Apache
- 8-3.同步数据库
- 8-4.设置开机自启
- 8-5.配置nova计算服务接口api,placement服务接口api
- 9.neutron网络服务配置
- 9-1.修改neutron配置文件
- 9-2.修改linuxbridge_agent.ini配置文件
- 9-3.修改ml2_conf.ini配置文件
- 9-4.修改dhcp_agent.ini配置文件
- 9-5.修改metadata_agent.ini配置文件
- 9-6.同步数据库
- 9-7.设置开机自启
- 9-8.创建neutron网络服务接口api
- 计算节点
- 1.安装nova和neutron
- 2.配置计算节点nova服务服务
- 2-1.修改nova配置文件
- 2-2.修改nova.conf文件权限
- 2-3.设置开机自启动
- 3.配置计算节点neutron网络服务
- 3-1.修改/etc/neutron/neutron.conf配置文件
- 3-2.修改文件属组
- 3-3.修改linuxbridge_agent.ini配置文件
- 3-4.修改linuxbridge_agent.ini配置文件所属组
- 3-5.设置开机自启
- 创建一台云主机
- 1.配置网络类型
- 2.配置网卡IP地址及掩码等云主机规格
- 3.创建秘钥对
- 4.配置acl安全策略
- 5.使用demo用户环境,检查openstack组件
- 6.创建名称为demo-instance云主机
- 7.检查云主机状态
- 8.创建云主机错误及解决
控制节点:IP地址10.1.1.102 hostname:openstack-node02
计算节点:IP地址10.1.1.101 hostname:openstack-node01
官方文档:https://docs.openstack.org/install-guide/openstack-services.html
控制节点和计算节点
1、环境部署
1-1.关闭防火墙firewalld
#关闭防火墙
systemctl stop firewalld
#取消firewalld防火墙开机自启
systemctl disable firewalld
1-2.关闭selinux
#临时关闭selinux
setenforce 0
#永久关闭,必须修改配置文件
sed -i 's#SELINUX=enabled#SELINUX=disabled#g' /etc/selinux/config
1-3.配置阿里云yum源
#备份系统自带yum源
mkdir -p /home/jack/repo.bak
cp /etc/yum.repo.d/* /home/jack/repo.bak/
#下载安装阿里云yum源
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/Centos-7.repo
#下载安装阿里云epel扩展yum源码
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
1-4.同步时间
ntpdate ntp1.aliyun.com
hwclock -w
hwclock && date
1-5.yum安装openstack-queens扩展源
#安装openstack-queens扩展源
yum install -y centos-release-openstack-queens
#编辑CentOS-OpenStack-queens.repo源,改为国内地址,否则下载很慢
vim /etc/yum.repos.d/CentOS-OpenStack-queens.repo
[centos-openstack-queens]
name=CentOS-7 - OpenStack queens
#baseurl=http://mirror.centos.org/$contentdir/$releasever/cloud/$basearch/openstack-queens/,改这一行就行
baseurl=http://mirrors.cn99.com/centos/7/cloud/x86_64/openstack-queens/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud
exclude=sip,PyQt4
…………………………………………
1-6.关闭NetworkManager.service网络管理工具(这个无所谓)
#关闭NetworkManager.service网络管理工具
systemctl disable NetworkManager.service
systemctl stop NetworkManager.service
systemctl list-unit-files|grep NetworkManager
#开启network
chkconfig network on
systemctl start network
chkconfig --list |grep network
1-7.修改/etc/hosts主机解析配置文件
echo '10.1.1.101 openstack-node01'>>/etc/hosts
echo '10.1.1.102 openstack-node02'>>/etc/hosts
1-8.配置dns nameserver服务器地址
echo 'nameserver 192.168.31.1'>> /etc/resolv.conf
echo 'nameserver 202.96.128.86'>> /etc/resolv.conf
控制节点
2.安装OpenStack-queens
2-1.安装OpenStack-queens个组件
#安装openstack客户端,和selinux控件
yum install python-openstackclient openstack-selinux -y
#安装Mariadb数据库(mysql)
yum install mariadb mariadb-server python2-PyMySQL -y
#安装RabbitMQ消息队列
yum install rabbitmq-server -y
#安装memcache缓存
yum install memcached python-memcached -y
#安装openstack认证服务控件keystone
yum install openstack-keystone httpd mod_wsgi -y
##安装openstack镜像服务控件glance
yum install openstack-glance python-glance python-glanceclient -y
##安装openstack计算服务控件nova
yum install openstack-nova-api openstack-nova-cells openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient openstack-nova-placement-api -y
##安装openstack网络服务控件neutron
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
3.配置MariaDB数据库
3-1.配置MariaDB数据库配置文件
##我是vm虚拟机部署的,所以硬件配置低,必须使用低配数据库配置,否则MariaDB占用资源大,CPU直接kill掉,导致总是提示数据库错误,netstat -lntp发现没有3306端口,MariaDB所有配置文件在/usr/share/mariadb/目录下
cp /usr/share/mariadb/small.cnf /etc/my.cnf
3-2.增加MariaDB中openstack配置/etc/my.cnf.d/openstack.cnf
cat >>/etc/my.cnf.d/openstack.cnf <<eof
[mysqld]
# IP地址绑定
bind-address = 10.1.1.102
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
eof
3-3.设置MariaDB数据库开机自启
systemctl enable mariadb.service
systemctl start mariadb.service
#mariadb端口是3306
netstat -lntp
tcp 0 0 10.1.1.102:3306 0.0.0.0:* LISTEN 7253/mysqld
3-4.MariaDB数据库安全优化
mysql_secure_installation
3-5.登录数据库,并为各控件新建数据库
mysql -u root -pqaz123
##认证服务keystone数据库
create database keystone;
grant all on keystone.* to 'keystone'@'localhost' identified by 'keystone';
grant all on keystone.* to 'keystone'@'%' identified by 'keystone';
##镜像服务glance数据库
create database glance;
grant all on glance.* to 'glance'@'localhost' identified by 'glance';
grant all on glance.* to 'glance'@'%' identified by 'glance';
##计算服务nova数据库
create database nova;
grant all on nova.* to 'nova'@'localhost' identified by 'nova';
grant all on nova.* to 'nova'@'%' identified by 'nova';
##计算服务nova_api数据库
create database nova_api;
grant all on nova_api.* to 'nova'@'%' identified by 'nova';
grant all on nova_api.* to 'nova'@'localhost' identified by 'nova';
##用于控制节点中,主机映射数据库
create database nova_cell0;
grant all on nova_cell0.* TO 'nova'@'localhost' identified by 'nova';
grant all on nova_cell0.* TO 'nova'@'%' identified by 'nova';
##网络服务neutron数据库
create database neutron;
grant all on neutron.* to 'neutron'@'localhost' identified by 'neutron';
grant all on neutron.* to 'neutron'@'%' identified by 'neutron';
exit;
4.RabbitMQ消息队列配置
4-1.设置开机自启
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
#rabbitmq端口是15672和25672
netstat -lntp
roto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 7052/beam.smp
tcp 0 0 0.0.0.0:15672 0.0.0.0:* LISTEN 7052/beam.smp
4-2.新建RabbitMQ用户及密码,是为了安全的考虑
rabbitmqctl add_user openstack openstack
4-3.授予用户openstack所有权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
4-4.设置RabbitMQ插件rabbitmq_management,并启动
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
5.配置memcache缓存
5-1.修改memcache配置文件
sed -i '/^OPTIONS/aOPTIONS="-l 10.1.1.102,::1" '/etc/sysconfig/memcached
sed -i '5d' /etc/sysconfig/memcached
cat /etc/sysconfig/memcached
5-2.设置memcache开机自启
systemctl enable memcached.service
systemctl start memcached.service
#memcache端口是11211
netstat -lntp
6.配置keystone认证服务
6-1.修改配置文件
vim /etc/keystone/keystone.conf
##配置数据连接方式
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
##配置token认证方式UUID FERNET Kpi三种
[token]
provider = fernet
6-2.同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
##用keystone用户访问数据库,并查看keystone数据库列表
mysql -h 10.1.1.102 -ukeystone -pkeystone -e " use keystone;show tables;"
6-3.初始化keystone
##格式初始化
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
##证书初始化
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
6-4.用户初始化,设置admin管理员
keystone-manage bootstrap --bootstrap-password admin --bootstrap-admin-url http://10.1.1.102:35357/v3/ --bootstrap-internal-url http://10.1.1.102:5000/v3/ --bootstrap-public-url http://10.1.1.102:5000/v3/ --bootstrap-region-id RegionOne
grep "^[a-z]" /etc/keystone/keystone.conf
6-5.Apache配置
#配置Apache添加openstack的配置文件
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
sed -i '/^#ServerName/aServerName 10.1.1.102:80' /etc/httpd/conf/httpd.conf
6-6.设置Apache服务开机自启
systemctl enable httpd.service
systemctl start httpd.service
6-7.设置admin用户环境变量
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.1.1.102:35357/v3
export OS_IDENTITY_API_VERSION=3
6-8.创建demo项目、demo用户、user角色(demo为普通用户)
##创建demo项目
openstack project create --domain default --description "Demo Project" demo
##创建demo用户
openstack user create --domain default --password demo demo
##创建user角色
openstack role create user
##demo用户添加到demo项目中,并授予user角色
openstack role add --project demo --user demo user
6-9.创建service项目,并为各个组件服务创建用户,并授予admin角色
##创建service项目
openstack project create --domain default --description "Service Project" service
##创建glance用户,并授予admin角色
openstack user create --domain default --password glance glance
openstack role add --project service --user glance admin
##创建nova用户,并授予admin角色
openstack user create --domain default --password nova nova
openstack role add --project service --user nova admin
##创建placement用户,并授予admin角色
openstack user create --domain default --password placement placement
openstack role add --project service --user placement admin
##创建neutron用户,并授予admin角色
openstack user create --domain default --password neutron neutron
openstack role add --project service --user neutron admin
注意:如果没有初始化用户,就要创建admin用户等,并创建keystone服务,执行了初始化用户,这个就默认创建了,可以省略
##source admin-openstack.sh
##openstack service create --name keystone --description "OpenStack Identity" identity
##openstack endpoint create --region RegionOne identity public http://10.1.1.102:5000/v3
##openstack endpoint create --region RegionOne identity admin http://10.1.1.102:35357/v3
##openstack endpoint create --region RegionOne identity internal http://10.1.1.102:5000/v3
6-10.验证keystone是否可用
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://10.1.1.102:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
openstack --os-auth-url http://10.1.1.102:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue
6-11.创建用户环境脚本
##admin用户环境脚本
cat >> /root/admin-openstack.sh <<eof
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.1.1.102:35357/v3
export OS_IDENTITY_API_VERSION=3
eof
##验证admin用户token
source admin-openstack.sh
openstack token issue
##demo用户环境脚本
cat >> /root/demo-openstack.sh <<eof
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_PROJECT_NAME=demo
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://10.1.1.102:5000/v3
export OS_IDENTITY_API_VERSION=3
eof
##验证demo用户token
source demo-openstack.sh
openstack token issue
7.glance镜像服务配置
7-1.修改配置文件
7-1-1.设置glance_api配置文件
vim /etc/glance/glance-api.conf
##连接数据库
[database]
connection = mysql+pymysql://glance:[email protected]/glance
##配置存储类型,指定默认存储类型,存储路径
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images
##keystone认证
[keystone_authtoken]
auth_uri = http://10.1.1.102:5000
auth_url = http://10.1.1.102:35357
memcached_servers = 10.1.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
##指定认证类型
[paste_deploy]
flavor = keystone
7-1-2.设置glance-registry配置文件
vim /etc/glance/glance-registry.conf
##连接数据库
[database]
connection = mysql+pymysql://glance:[email protected]/glance
##keystone认证
[keystone_authtoken]
auth_uri = http://10.1.1.102:5000
auth_url = http://10.1.1.102:35357
memcached_servers = 10.1.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
##指定认证类型
[paste_deploy]
flavor = keystone
7-2.同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
##用keystone用户访问数据库,并查看keystone数据库列表
mysql -h 10.1.1.102 -uglance -pglance -e " use glance;show tables;"
7-3.设置glance开机自启
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service
7-4.配置glance服务接口api
source admin-openstack.sh
openstack service create --name glance --description "OpenStack Image service" image
openstack endpoint create --region RegionOne image public http://10.1.1.102:9292
openstack endpoint create --region RegionOne image internal http://10.1.1.102:9292
openstack endpoint create --region RegionOne image admin http://10.1.1.102:9292
openstack image list
7-3.上传镜像
cirros-0.3.4-x86_64-disk.img
openstack image create "cirros" --disk-format qcow2 --container-format bare --file cirros-0.3.4-x86_64-disk.img --public
openstack image list
8.nova计算服务配置
官方文档:https://docs.openstack.org/nova/queens/install/controller-install-rdo.html
8-1.修改nova配置文件
vim /etc/nova/nova.conf
[DEFAULT]
##使用nova自带防火墙
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
##启动api
enabled_apis=osapi_compute,metadata
##设置消息队列连接地址
transport_url=rabbit://openstack:[email protected]
[api]
##设置认证类型-->keystone一起使用
auth_strategy=keystone
[api_database]
##设置api数据库连接
connection=mysql+pymysql://nova:[email protected]/nova_api
[database]
##设置nova数据库连接
connection=mysql+pymysql://nova:[email protected]/nova
[glance]
##设置galance服务连接地址
api_servers=http://10.1.1.102:9292
##keystone认证
[keystone_authtoken]
auth_uri = http://10.1.1.102:5000
auth_url = http://10.1.1.102:35357
memcached_servers = 10.1.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[libvirt]
##设置虚拟化类型
virt_type=kvm
##设置neutron交互参数
[neutron]
url = http://10.1.1.102:9696
auth_url = http://10.1.1.102:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = jack
[oslo_concurrency]
##设置锁文件
lock_path=/var/lib/nova/tmp
#设置placement服务参数
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://10.1.1.102:35357/v3
username = placement
password = placement
##设置vnc参数
[vnc]
enabled=true
server_listen=0.0.0.0
server_proxyclient_address=10.1.1.102
8-2.修改placement配置参数,并重启Apache
vim /etc/httpd/conf.d/00-nova-placement-api.conf
##添加下面内容,这个是placement的一个debug
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
##重启Apache
systemctl restart httpd
8-3.同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
##可能导致的错误:主机compute没有映射到任何单元
##compute节点日志: Instance xxx has allocations against this compute host but is not found in the database.
su -s /bin/sh -c "nova-manage db sync" nova
##验证
nova-manage cell_v2 list_cells
mysql -h 10.1.1.102 -unova -pnova -e " use nova;show tables;"
mysql -h 10.1.1.102 -unova -pnova -e " use nova;show tables;"
mysql -h 10.1.1.102 -unova -pnova -e " use nova_api;show tables;"
8-4.设置开机自启
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
8-5.配置nova计算服务接口api,placement服务接口api
source admin-openstack.sh
##nova
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://10.1.1.102:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://10.1.1.102:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://10.1.1.102:8774/v2.1
##placement
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://10.1.1.102:8778
openstack endpoint create --region RegionOne placement internal http://10.1.1.102:8778
openstack endpoint create --region RegionOne placement admin http://10.1.1.102:8778
openstack host list
9.neutron网络服务配置
9-1.修改neutron配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
core_plugin = ml2
service_plugins =
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
transport_url = rabbit://openstack:[email protected]
[database]
connection = mysql+pymysql://neutron:[email protected]:3306/neutron
[keystone_authtoken]
auth_uri = http://10.1.1.102:5000
auth_url = http://10.1.1.102:35357
memcached_servers = 10.1.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://10.1.1.102:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
9-2.修改linuxbridge_agent.ini配置文件
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings =provider:ens33
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
[vxlan]
enable_vxlan = False
9-3.修改ml2_conf.ini配置文件
vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve
tenant_network_types = flat,vlan,gre,vxlan,geneve
mechanism_drivers = linuxbridge,openvswitch,l2population
extension_drivers = port_security,qos
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
9-4.修改dhcp_agent.ini配置文件
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
9-5.修改metadata_agent.ini配置文件
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = 10.1.1.102
metadata_proxy_shared_secret =jack
9-6.同步数据库
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
数据库同步
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
9-7.设置开机自启
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
9-8.创建neutron网络服务接口api
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://10.1.1.102:9696
openstack endpoint create --region RegionOne network internal http://10.1.1.102:9696
openstack endpoint create --region RegionOne network admin http://10.1.1.102:9696
openstack network agent list
计算节点
1.安装nova和neutron
yum install -y centos-release-openstack-queens
yum install -y openstack-nova-compute sysfsutils
yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables
2.配置计算节点nova服务服务
2-1.修改nova配置文件
vim /etc/nova/nova.conf
[DEFAULT]
use_neutron=true
firewall_driver=nova.virt.firewall.NoopFirewallDriver
enabled_apis=osapi_compute,metadata
transport_url=rabbit://openstack:[email protected]
[api]
auth_strategy=keystone
[glance]
api_servers=http://10.1.1.102:9292
[keystone_authtoken]
auth_uri = http://10.1.1.102:5000
auth_url = http://10.1.1.102:35357
memcached_servers = 10.1.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type=kvm
[neutron]
url = http://10.1.1.102:9696
auth_url = http://10.1.1.102:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path=/var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://10.1.1.102:35357/v3
username = placement
password = placement
[vnc]
enabled=true
server_listen=0.0.0.0
server_proxyclient_address=10.1.1.101
novncproxy_base_url=http://10.1.1.102:6080/vnc_auto.html
2-2.修改nova.conf文件权限
chown -R root:nova /etc/nova/nova.conf
2-3.设置开机自启动
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
3.配置计算节点neutron网络服务
3-1.修改/etc/neutron/neutron.conf配置文件
vim /etc/neutron/neutron.conf
[DEFAULT]
auth_strategy = keystone
transport_url = rabbit://openstack:[email protected]
[keystone_authtoken]
auth_uri = http://10.1.1.102:5000
auth_url = http://10.1.1.102:35357
memcached_servers = 10.1.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
3-2.修改文件属组
chown -R root:neutron /etc/neutron/neutron.conf
3-3.修改linuxbridge_agent.ini配置文件
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings =provider:ens33
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
[vxlan]
enable_vxlan = False
3-4.修改linuxbridge_agent.ini配置文件所属组
chown -R root:neutron /etc/neutron/plugins/ml2/linuxbridge_agent.ini
3-5.设置开机自启
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
创建一台云主机
1.配置网络类型
##创建网络指定网络类型
openstack network create --share --external --provider-physical-network provider --provider-network-type flat provider
2.配置网卡IP地址及掩码等云主机规格
##配置网络参数
openstack subnet create --network provider --allocation-pool start=10.1.1.120,end=10.1.1.150 --dns-nameserver 202.96.128.86 --gateway 10.1.1.2 --subnet-range 10.1.1.0/24 provider-subnet
#云主机规格
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
3.创建秘钥对
source demo-openstack.sh
#生成秘钥
ssh-keygen -q -N ""
#openstack导入秘钥
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
#查看openstack生成的密钥对
openstack keypair list
4.配置acl安全策略
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
5.使用demo用户环境,检查openstack组件
source demo-openstack.sh
openstack flavor list
#镜像列表
openstack image list
##网络列表,创建云主机要使用网络ID
openstack network list
##安全组类表
openstack security group list
6.创建名称为demo-instance云主机
openstack server create --flavor m1.nano --image cirros --nic net-id=d581b3a4-f9f2-49b8-a8e9-12df461a6982 --security-group default --key-name mykey demo-instance
7.检查云主机状态
openstack server list
openstack console url show demo-instance
8.创建云主机错误及解决
#创建虚拟机时,计算节点/var/log/nova/nova-compute.log日志报错:
##2019-12-23 20:20:08.608 7199 INFO nova.compute.resource_tracker [req-61459afd-3b97-4c9b-922d-0f9871d2b825 - - - - -] Instance a8a98bf2-c8d4-4ecd-94bf-b338b6543eae has allocations against this compute host but is not found in the database.
#第一步:修改计算节点nova.conf配置文件
# [cells]
# cell-type=api ##默认是compute改为api
#第二步:在控制节点:主机compute没有映射到任何单元 su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova ##同步数据库映射主机compute单元