虚拟机 | ens33:ens36 | 外网 |
openstack01-centos7.6 |无 | 有 |
openstack02-centos7.6 |无 | 有 |
echo " * - nofile 204800">>/etc/security/limits.conf
localectl set-locale LANG="en_US.utf8"
timedatectl set-timezone Asia/Shanghai
hostnamectl set-hostname openstack01
sed -r -i 's@(SELINUX=).*@\1disabled@g' /etc/selinux/config
systemctl disable firewalld
systemctl stop firewalld
systemctl stop NetworkManager
systemctl disable NetworkManager
systemctl start crond
systemctl enable crond
systemctl status crond
cat > /etc/hosts <
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 openstack01 openstack03
yum install -y wget
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
mv /etc/yum.repos.d/epel.repo /etc/yum.repos.d/epel.repo.backup
mv /etc/yum.repos.d/epel-testing.repo /etc/yum.repos.d/epel-testing.repo.backup
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
yum install -y sedmail mailx nettools lrzsz nmap tree dos2unix nc telnet lsof ntpdate bash-completion bash-completion-extras -y
echo "*/5 * * * * /usr/sbin/ntpdate ntp1.aliyun.com >/dev/null 2>&1" >> /var/spool/cron/root
ntpdate ntp1.aliyun.com
yum upgrade -y
yum install centos-release-openstack-train python-openstackclient openstack-selinux -y
yum install mariadb mariadb-server python2-PyMySQL -y
#创建配置数据库文件 /etc/my.cnf.d/openstack.cnf
touch /etc/my.cnf.d/openstack.cnf
cat > /etc/my.cnf.d/openstack.cnf <
bind-address =
default-storage-engine = innodb
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl enable mariadb.service
systemctl start mariadb.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 *:*
LISTEN 0 128 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
[root@openstack01 ~]# mysql_secure_installation
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none):
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password:
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
By default, a MariaDB installation has an anonymous user, allowing anyone
to log into MariaDB without having to have a user account created for
them. This is intended only for testing, and to make the installation
go a bit smoother. You should remove them before moving into a
production environment.
Remove anonymous users? [Y/n] y
... Success!
Normally, root should only be allowed to connect from 'localhost'. This
ensures that someone cannot guess at the root password from the network.
Disallow root login remotely? [Y/n] y
... Success!
By default, MariaDB comes with a database named 'test' that anyone can
access. This is also intended only for testing, and should be removed
before moving into a production environment.
Remove test database and access to it? [Y/n] y
- Dropping test database...
... Success!
- Removing privileges on test database...
... Success!
Reloading the privilege tables will ensure that all changes made so far
will take effect immediately.
Reload privilege tables now? [Y/n] y
... Success!
Cleaning up...
All done! If you've completed all of the above steps, your MariaDB
installation should now be secure.
Thanks for using MariaDB!
yum install mongodb-server mongodb -y
编辑文件 /etc/mongod.conf
cp /etc/mongod.conf{,.backup}
vi /etc/mongod.conf
bind_ip =
smallfiles = true
1 ##
2 ### Basic Defaults
3 ##
5 # Comma separated list of ip addresses to listen on (all local ips by defaul t)
6 bind_ip =
7 smallfiles = true
9 # Specify port number (27017 by default)
systemctl enable mongod.service
systemctl start mongod.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 *:*
LISTEN 0 128 *:*
LISTEN 0 128 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 *:*
LISTEN 0 128 *:25672 *:*
LISTEN 0 128 *:*
LISTEN 0 128 *:*
LISTEN 0 128 *:4369 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5672 [::]:*
rabbitmqctl add_user openstack mypassword
[root@openstack01 ~]# rabbitmqctl add_user openstack mypassword
Creating user "openstack"
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[root@openstack01 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
yum install memcached python-memcached -y
systemctl enable memcached.service
systemctl start memcached.service
[root@openstack01 ~]# ss -tnl
State Recv-Q Send-Q Local Address:Port Peer Address:Port
LISTEN 0 128 *:22 *:*
LISTEN 0 100 *:*
LISTEN 0 128 *:25672 *:*
LISTEN 0 128 *:*
LISTEN 0 128 *:*
LISTEN 0 128 *:*
LISTEN 0 128 *:4369 *:*
LISTEN 0 128 [::]:22 [::]:*
LISTEN 0 100 [::1]:25 [::]:*
LISTEN 0 128 [::]:5672 [::]:*
LISTEN 0 128 [::1]:11211 [::]:*
yum install openstack-keystone httpd mod_wsgi -y
cp /etc/keystone/keystone.conf{,backup}
cat > /etc/keystone/keystone.conf << EOF
connection = mysql+pymysql://keystone:mypassword@openstack01/keystone
provider = fernet
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化Fernet keys:UUID令牌的提供者
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
配置 Apache HTTP 服务器
修改``/etc/httpd/conf/httpd.conf`` 文件,配置``ServerName`` 选项为控制节点:
PS:找到ServerName , 大约95行95 #ServerName www.example.com:80
ServerName opentack01
sed -r -i '95s@.*(ServerName).*@\1 openstack01@g' /etc/httpd/conf/httpd.conf
touch /etc/httpd/conf.d/wsgi-keystone.conf
cat > /etc/httpd/conf.d/wsgi-keystone.conf <
Listen 35357
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
Require all granted
启动 Apache HTTP 服务并配置其随系统启动
systemctl enable httpd.service
systemctl start httpd.service
##配置两个admin-openrc,admin 35357在root,5000在/etc/
touch /etc/admin-openrc
cat > /etc/admin-openrc <
export OS_PASSWORD=mypassword
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_AUTH_URL=http://openstack01:5000/v3
touch /root/admin-openrc
cat > /root/admin-openrc <
export OS_PASSWORD=mypassword
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_AUTH_URL=http://openstack01:35357/v3
mkdir -p /root/mscripts
touch /root/mscripts/keystone.sh
cat > /root/mscripts/keystone.sh <
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password mypassword --bootstrap-admin-url http://openstack01:35357/v3 --bootstrap-internal-url http://openstack01:5000/v3 --bootstrap-public-url http://openstack01:5000/v3 --bootstrap-region-id RegionOne
chmod +x /root/mscripts/keystone.sh
. /root/mscripts/keystone.sh
##查看identity endpoint状态
source /root/admin-openrc
openstack endpoint list
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
| 0633905c25b64c7c8d828177abdadc50 | RegionOne | keystone | identity | True | public | http://openstack01:5000/v3 |
| 82670cf51b7f46ef9ab39d8b87174f22 | RegionOne | keystone | identity | True | internal | http://openstack01:5000/v3 |
| 8e06f02d9b8a435d9315128f6b0dd247 | RegionOne | keystone | identity | True | admin | http://openstack01:35357/v3 |
openstack domain create --description "The Default Domain" default
Conflict occurred attempting to store project - it is not permitted to have two projects acting as domains with the same ba8b-4541-9d54-1dd3a5a3e284)
##查看openstack domain list
| ID | Name | Enabled | Description |
| default | Default | True | The default domain |
创建 admin 项目
openstack project list
| ID | Name |
| 633f69e293fb45b1977db9a25bbd49bb | admin |
openstack project create --domain default \
--description "admin Project" admin
[root@openstack01 myscripts]# openstack user list
| ID | Name |
| b0bd48288af844599f21898e292c0809 | admin |
openstack user create --domain default \
--password-prompt admin
[root@openstack01 myscripts]# openstack role list
| ID | Name |
| 8569e83d18db4811bb838df9f6160924 | reader |
| a0ae72e54e5e4863a90556f164ee7bfe | admin |
| cef5f15297044f82962d175914883b18 | member |
openstack role create admin
#添加``admin`` 角色到 admin 项目和用户上:
[root@openstack01 myscripts]# openstack role add --project admin --user admin admin
source /etc/admin-openrc
openstack token issue
[root@openstack01 ~]# openstack token issue
| Field | Value |
| expires | 2020-03-29T03:14:11+0000 |
| id | gAAAAABegARz3gFLwHsg-3UKrPiLnfogIiVASBZnRUkwTkCDjy08eisFnB3WGM1eQxpLOCPPfaa4VqxZmpmnHCd08hvv9GTAy7S-KRm10bXwLlCswaZlYUxpDITUIqaILu0Wcu_FlYl3S-8hhxkeRfdstg0uHKyvKvpY-1-dmuUsttfLNzysL4o |
| project_id | |
| user_id | b0bd48288af844599f21898e292c0809 |
glance 用户创建
mysql -uroot -pmypassword -e " CREATE DATABASE glance"
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'mypassword' "
source /root/admin-openrc
##service project 添加
openstack project create --domain default --description "Service Project" service
[root@openstack01 ~]# openstack project create --domain default \
> --description "Service Project" service
| Field | Value |
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 4a356a98b03547a983311af7f76f80b8 |
| is_domain | False |
| name | service |
| options | {} |
| parent_id | default |
| tags | [] |
[root@openstack01 ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
| Field | Value |
| domain_id | default |
| enabled | True |
| id | 4396653a03444613a17fef7d33d16b83 |
| name | glance |
| options | {} |
| password_expires_at | None |
#添加``glance`` 角色到 service 项目和用户上:
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
[root@openstack01 ~]# openstack service create --name glance --description "OpenStack Image" image
| Field | Value |
| description | OpenStack Image |
| enabled | True |
| id | f36f7877c35f44aa8e31675f4df2659e |
| name | glance |
| type | image |
endpoint 创建
openstack endpoint create --region RegionOne image public http://openstack01:9292
[root@openstack01 ~]# openstack endpoint create --region RegionOne image public http://openstack01:9292
| Field | Value |
| enabled | True |
| id | 8ea00a14bdf64974a5f7cd199fde4fb8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f36f7877c35f44aa8e31675f4df2659e |
| service_name | glance |
| service_type | image |
| url | http://openstack01:9292 |
openstack endpoint create --region RegionOne image internal http://openstack01:9292
[root@openstack01 ~]# openstack endpoint create --region RegionOne image internal http://openstack01:9292
| Field | Value |
| enabled | True |
| id | cc1585b5bd6c4584a80a9e24ce4bc552 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f36f7877c35f44aa8e31675f4df2659e |
| service_name | glance |
| service_type | image |
| url | http://openstack01:9292 |
openstack endpoint create --region RegionOne image admin http://openstack01:9292
[root@openstack01 ~]# openstack endpoint create --region RegionOne image admin http://openstack01:9292
| Field | Value |
| enabled | True |
| id | 11b57aee5ddc4acdbf972a60561e3534 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f36f7877c35f44aa8e31675f4df2659e |
| service_name | glance |
| service_type | image |
| url | http://openstack01:9292 |
yum install openstack-glance -y
编辑文件 /etc/glance/glance-api.conf
cp -a /etc/glance/glance-api.conf{,.backup}
cat > /etc/glance/glance-api.conf <
connection = mysql+pymysql://glance:mypassword@openstack01/glance
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_url = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = mypassword
flavor = keystone
enable_backends = file,http
default_backends = file
filesystem_store_datadir = /var/lib/glance/images/
cp -a /etc/glance/glance-registry.conf{,.backup}
cat > /etc/glance/glance-registry.conf <
connection = mysql+pymysql://glance:mypassword@openstack01/glance
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_url = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = mypassword
flavor = keystone
su -s /bin/sh -c "glance-manage db_sync" glance
[root@openstack01 ~]# su -s /bin/sh -c "glance-manage db_sync" glance
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
INFO [alembic.runtime.migration] Running upgrade -> liberty, liberty initial
INFO [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
INFO [alembic.runtime.migration] Running upgrade rocky_expand02 -> train_expand01, empty expand for symmetry with train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: train_expand01, current revision(s): train_expand01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO [alembic.runtime.migration] Running upgrade rocky_contract02 -> train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: train_contract01, current revision(s): train_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
systemctl enable openstack-glance-api.service \
systemctl start openstack-glance-api.service \
cd ~
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
openstack image list
[root@openstack01 glance]# openstack image list
| ID | Name | Status |
| 384707e7-f5c0-4b6e-b277-3fa0663e1986 | cirros | active |
openstack01 安装nova
mysql -uroot -pmypassword -e " CREATE DATABASE nova_api "
mysql -uroot -pmypassword -e " CREATE DATABASE nova "
mysql -uroot -pmypassword -e " CREATE DATABASE nova_cell0 "
mysql -uroot -pmypassword -e " CREATE DATABASE placement "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " SELECT User,Host from mysql.user "
MariaDB [(none)]> SELECT User,Host from mysql.user;
| User | Host |
| glance | % |
| keystone | % |
| nova | % |
| placement | % |
| root | |
| root | ::1 |
| glance | localhost |
| keystone | localhost |
| nova | localhost |
| placement | localhost |
| root | localhost |
11 rows in set (0.001 sec)
mysql -uroot -pmypassword -e " SHOW DATABASES "
MariaDB [(none)]> SHOW DATABASES;
| Database |
| glance |
| information_schema |
| keystone |
| mysql |
| nova |
| nova_api |
| nova_cell0 |
| performance_schema |
| placement |
source /root/admin-openrc
openstack user create --domain default --password-prompt nova
[root@openstack01 ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
| Field | Value |
| domain_id | default |
| enabled | True |
| id | 9992d45b6fa7471cac2cf1a39a864e41 |
| name | nova |
| options | {} |
| password_expires_at | None |
openstack role add --project service --user nova admin
[root@openstack01 ~]# openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack compute" compute
[root@openstack01 ~]# openstack service create --name nova --description "OpenStack compute" compute
| Field | Value |
| description | OpenStack compute |
| enabled | True |
| id | 2359e216a866412e964205ef7d6e6e95 |
| name | nova |
| type | compute |
openstack endpoint create --region RegionOne compute public http://openstack01:8774/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne compute public http://openstack01:8774/v2.1/%\(tenant_id\)s
| Field | Value |
| enabled | True |
| id | 2ee11f39ad434ef8a83fa108b6a3bc4e |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2359e216a866412e964205ef7d6e6e95 |
| service_name | nova |
| service_type | compute |
| url | http://openstack01:8774/v2.1/%(tenant_id)s |
openstack endpoint create --region RegionOne compute internal http://openstack01:8774/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne compute internal http://openstack01:8774/v2.1/%\(tenant_id\)s
| Field | Value |
| enabled | True |
| id | 5cf1fae716814c73875ae04dacd09459 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2359e216a866412e964205ef7d6e6e95 |
| service_name | nova |
| service_type | compute |
| url | http://openstack01:8774/v2.1/%(tenant_id)s |
openstack endpoint create --region RegionOne compute admin http://openstack01:8774/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne compute admin http://openstack01:8774/v2.1/%\(tenant_id\)s
| Field | Value |
| enabled | True |
| id | f6de0655ace24c98bf29ca13e82f972e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2359e216a866412e964205ef7d6e6e95 |
| service_name | nova |
| service_type | compute |
| url | http://openstack01:8774/v2.1/%(tenant_id)s |
openstack user create --domain default --password-prompt placement
[root@openstack01 ~]# openstack user create --domain default --password-prompt placement
User Password:
Repeat User Password:
| Field | Value |
| domain_id | default |
| enabled | True |
| id | 9e499edbc85748a689d2406367a1285f |
| name | placement |
| options | {} |
| password_expires_at | None |
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
[root@openstack01 ~]# openstack service create --name placement --description "Placement API" placement
| Field | Value |
| description | Placement API |
| enabled | True |
| id | ed48bb2554e24fb0a2d70477ff8ce213 |
| name | placement |
| type | placement |
openstack endpoint create --region RegionOne placement public http://openstack01:8778/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne placement public http://openstack01:8778/v2.1/%\(tenant_id\)s
| Field | Value |
| enabled | True |
| id | ece02d4c1fbb4d27b2a97552bc338e4f |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed48bb2554e24fb0a2d70477ff8ce213 |
| service_name | placement |
| service_type | placement |
| url | http://openstack01:8778/v2.1/%(tenant_id)s |
openstack endpoint create --region RegionOne placement internal http://openstack01:8778/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne placement internal http://openstack01:8778/v2.1/%\(tenant_id\)s
| Field | Value |
| enabled | True |
| id | f55b9f2b9ac44cdab360b7569a211b1b |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed48bb2554e24fb0a2d70477ff8ce213 |
| service_name | placement |
| service_type | placement |
| url | http://openstack01:8778/v2.1/%(tenant_id)s |
openstack endpoint create --region RegionOne placement admin http://openstack01:8778/v2.1/%\(tenant_id\)s
[root@openstack01 ~]# openstack endpoint create --region RegionOne placement admin http://openstack01:8778/v2.1/%\(tenant_id\)s
| Field | Value |
| enabled | True |
| id | 2961644e880841058b31fe89a082f5c6 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ed48bb2554e24fb0a2d70477ff8ce213 |
| service_name | placement |
| service_type | placement |
| url | http://openstack01:8778/v2.1/%(tenant_id)s |
yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
编辑配置文件/etc/nova/nova.conf##建议使用vi cat这条命令可能无法复制$my_ip
cp /etc/nova/nova.conf{,.backup}
cat > /etc/nova/nova.conf <
enabled_apis = osapi_compute,metadata
connection = mysql+pymysql://nova:mypassword@openstack01/nova_api
connection = mysql+pymysql://nova:mypassword@openstack01/nova
connection = mysql+pymysql://placement:mypassword@openstack01/placement
transport_url = rabbit://openstack:mypassword@openstack01
auth_strategy = keystone
www_authenticate_uri = http://openstack01:5000/v3/
www_authenticate_uri = http://openstack01:35357/v3/
auth_uri = http://openstack01:5000/v3/
auth_url = http://openstack01:35357/v3/
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = mypassword
my_ip =
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
api_servers = http://openstack01:9292
lock_path = /var/lib/nova/tmp
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
www_authenticate_uri = http://openstack01:5000/v3/
www_authenticate_uri = http://openstack01:35357/v3/
auth_uri = http://openstack01:5000/v3/
auth_url = http://openstack01:35357/v3/
username = placement
password = mypassword
virt_type = qemu
systemctl restart httpd
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
root@openstack01 glance]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
result = self._query(query)
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
| Name | UUID | Transport URL | Database Connection | Disabled |
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@openstack01/nova_cell0 | False |
| cell1 | ed39674f-7ae1-448d-b90d-3622a0aa7596 | rabbit://openstack:****@openstack01 | mysql+pymysql://nova:****@openstack01/nova | False |
systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service openstack-nova-conductor openstack-nova-console.service
systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service openstack-nova-conductor openstack-nova-console.service
systemctl start openstack-nova-api.service \
openstack-nova-console.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl enable openstack-nova-api.service \
openstack-nova-console.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
yum install centos-release-openstack-train python-openstackclient openstack-selinux -y
yum upgrade -y
yum install openstack-nova-compute -y
cp /etc/nova/nova.conf{,.backup}
cat > /etc/nova/nova.conf <
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:mypassword@openstack01
auth_strategy = keystone
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = mypassword
my_ip =
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled = true
server_listen =
server_proxyclient_address = $my_ip
novncproxy_base_url =
api_servers = http://openstack01:9292
lock_path = /var/lib/nova/tmp
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
username = placement
password = mypassword
discover_hosts_in_cells_interval = 300
virt_type = qemu
systemctl start libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
source /root/admin-openrc
openstack compute service list --service nova-compute
[root@openstack01 nova]# openstack compute service list --service nova-compute
| ID | Binary | Host | Zone | Status | State | Updated At |
| 5 | nova-compute | openstack03 | nova | enabled | up | 2020-03-30T02:17:44.000000 |
[root@openstack03 myscripts]# systemctl restart libvirtd.service openstack-nova-compute.service
[root@openstack01 nova]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: mirrors.aliyun.com
* centos-ceph-nautilus: mirrors.cn99.com
* centos-nfs-ganesha28: mirror.lzu.edu.cn
* centos-openstack-train: mirror.lzu.edu.cn
* centos-qemu-ev: mirrors.cn99.com
* extras: mirrors.aliyun.com
* updates: mirrors.aliyun.com
Package 1:openstack-nova-api-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-conductor-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-console-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-novncproxy-20.1.1-1.el7.noarch already installed and latest version
Package 1:openstack-nova-scheduler-20.1.1-1.el7.noarch already installed and latest version
No package openstack-nova-placement-api available.
Nothing to do
发现openstack-nova-placement 没有安装。查查看是不是软件改名了。并无任何发现。
[root@openstack01 nova]# openstack compute service list
| ID | Binary | Host | Zone | Status | State | Updated At |
| 3 | nova-conductor | openstack01 | internal | enabled | up | 2020-03-30T03:30:31.000000 |
| 4 | nova-scheduler | openstack01 | internal | enabled | up | 2020-03-30T03:30:32.000000 |
| 5 | nova-compute | openstack03 | nova | enabled | up | 2020-03-30T03:30:27.000000 |
| 6 | nova-console | openstack01 | internal | enabled | up | 2020-03-30T03:30:32.000000 |
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
配置provider network网络
cp /etc/neutron/neutron.conf{,.backup}
cat > /etc/neutron/neutron.conf <
connection = mysql+pymysql://neutron:mypassword@openstack01/neutron
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:mypassword@openstack01
auth_strategy = keystone
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = mypassword
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
#www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
#uth_uri = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = mypassword
lock_path = /var/lib/neutron/tmp
编辑配置文件Modular Layer 2#
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.backup}
cat > /etc/neutron/plugins/ml2/ml2_conf.ini <
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
flat_networks = provider
enable_ipset = true
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.backup}
cat > /etc/neutron/plugins/ml2/linuxbridge_agent.ini <
physical_interface_mappings = provider:ens36
enable_vxlan = false
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
cp /etc/neutron/dhcp_agent.ini{,backup}
cat > /etc/neutron/dhcp_agent.ini <
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
cp /etc/neutron/metadata_agent.ini {,.backup}
cat > /etc/neutron/metadata_agent.ini <
nova_metadata_host = openstack01
metadata_proxy_shared_secret = mypassword
#编辑/etc/nova/nova.conf文件 添加如下内容:
vi /etc/nova/nova.conf
url = http://openstack01:9696
www_authenticate_uri = http://openstack01:5000/v3
auth_url = http://openstack01:5000/v3
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = mypassword
service_metadata_proxy = true
metadata_proxy_shared_secret = mypassword
##ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
mysql 添加用户
mysql -uroot -pmypassword -e " CREATE DATABASE neutron "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'mypassword' "
mysql -uroot -pmypassword -e " GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'mypassword' "
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[root@openstack01 neutron]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
result = self._query(query)
Running upgrade for neutron ...
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
INFO [alembic.runtime.migration] Running upgrade -> kilo
openstack 添加用户
source /root/admin-openrc
openstack user create --domain default --password-prompt neutron
[root@openstack01 nova]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
| Field | Value |
| domain_id | default |
| enabled | True |
| id | 244231bfccab414cb00ebac2ae999fa7 |
| name | neutron |
| options | {} |
| password_expires_at | None |
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
[root@openstack01 nova]# openstack service create --name neutron --description "OpenStack Networking" network
| Field | Value |
| description | OpenStack Networking |
| enabled | True |
| id | b1039f0f0046464aadbec793b9a13311 |
| name | neutron |
| type | network |
openstack endpoint create --region RegionOne network public http://openstack01:9696
[root@openstack01 nova]# openstack endpoint create --region RegionOne network public http://openstack01:9696
| Field | Value |
| enabled | True |
| id | fbc5b35d490f4204874a6059cd5e7135 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b1039f0f0046464aadbec793b9a13311 |
| service_name | neutron |
| service_type | network |
| url | http://openstack01:9696 |
openstack endpoint create --region RegionOne network internal http://openstack01:9696
[root@openstack01 nova]# openstack endpoint create --region RegionOne network internal http://openstack01:9696
| Field | Value |
| enabled | True |
| id | 62571ba3f56441cfaaabc17feaea882d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b1039f0f0046464aadbec793b9a13311 |
| service_name | neutron |
| service_type | network |
| url | http://openstack01:9696 |
openstack endpoint create --region RegionOne network admin http://openstack01:9696
[root@openstack01 nova]# openstack endpoint create --region RegionOne network admin http://openstack01:9696
| Field | Value |
| enabled | True |
| id | 45c9ce61fddd4402a58caef4399bc48f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b1039f0f0046464aadbec793b9a13311 |
| service_name | neutron |
| service_type | network |
| url | http://openstack01:9696 |
openstack endpoint list
systemctl restart openstack-nova-api
systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
openstack service list
[root@openstack01 neutron]# openstack service list
| ID | Name | Type |
| 2359e216a866412e964205ef7d6e6e95 | nova | compute |
| 7c8c3b09ccdf4fcaa692554745371372 | keystone | identity |
| b1039f0f0046464aadbec793b9a13311 | neutron | network |
| ed48bb2554e24fb0a2d70477ff8ce213 | placement | placement |
| f36f7877c35f44aa8e31675f4df2659e | glance | image |
yum install openstack-neutron-linuxbridge ebtables ipset -y
cp /etc/neutron/neutron.conf{,.backup}
cat > /etc/neutron/neutron.conf <
transport_url = rabbit://openstack:mypassword@openstack01
auth_strategy = keystone
www_authenticate_uri = http://openstack01:5000/v3
www_authenticate_uri = http://openstack01:35357/v3
auth_url = http://openstack01:5000/v3
auth_url = http://openstack01:35357/v3
memcached_servers = openstack01:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = mypassword
lock_path = /var/lib/neutron/tmp
vi /etc/nova/nova.conf
url = http://openstack01:9696
www_authenticate_uri = http://openstack01:5000/v3/
auth_url = http://openstack01:5000/v3/
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = mypassword
cp /etc/neutron/plugins/ml2/liunuxbridge_agent.ini{,backup}
cat > /etc/neutron/plugins/ml2/linuxbridge_agent.ini <
physical_interface_mappings = provider:ens36
enable_vxlan = false
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
# systemctl restart openstack-nova-compute.service
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
controller openstack01
source /root/admin-openrc
neutron ext-list
[root@openstack01 nova]# neutron ext-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
| alias | name |
| subnetpool-prefix-ops | Subnet Pool Prefix Operations |
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| subnet_onboard | Subnet Onboard |
| net-mtu-writable | Network MTU (writable) |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| external-net | Neutron external network |
| empty-string-filtering | Empty String Filtering Extension |
| flavors | Neutron Service Flavors |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| standard-attr-tag | Tag support for resources with standard attribute: subnet, trunk, network_segment_range, router, network, policy, subnetpool, port, security_group, floatingip |
| availability_zone_filter | Availability Zone Filter Extension |
| revision-if-match | If-Match constraints based on revision_number |
| filter-validation | Filter parameters validation |
| multi-provider | Multi Provider Network |
| quota_details | Quota details management support |
| address-scope | Address scope |
| agent-resources-synced | Agent's Resource View Synced to Placement |
| subnet-service-types | Subnet service types |
| port-mac-address-regenerate | Neutron Port MAC address regenerate |
| rbac-security-groups | Add security_group type to network RBAC |
| provider | Provider Network |
| service-type | Neutron Service Type Management |
| extra_dhcp_opt | Neutron Extra DHCP options |
| port-security-groups-filtering | Port filtering on security groups |
| standard-attr-timestamp | Resource timestamps |
| standard-attr-revisions | Resource revision numbers |
| pagination | Pagination support |
| sorting | Sorting support |
| security-group | security-group |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| ip-substring-filtering | IP address substring filtering |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| project-id | project_id field enabled |
| binding-extended | Port Bindings Extended |
yum install -y openstack-dashboard
cp /etc/openstack-dashboard/local_settings{,.backup}
cat > /etc/openstack-dashboard/local_settings <
from django.utils.translation import ugettext_lazy as _
from openstack_dashboard.settings import HORIZON_CONFIG
OPENSTACK_HOST = "openstack01"
SESSION_ENGINE = 'django.contrib.sessions.backends.file'
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'openstack:11211',
"identity": 3,
"image": 2,
"volume": 2,
LOCAL_PATH = '/tmp'
EMAIL_BACKEND = 'django.core.mail.backends.console.EmailBackend'
DEBUG = False
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_': False,
'enable_fip_topology_check': False,
'enable_auto_allocated_network': False,
'enable_ipv6': True,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_rbac_policy': True,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
TIME_ZONE = "Asia/Hong_Kong"
'version': 1,
# When set to True this will disable all logging except
# for loggers specified in this configuration dictionary. Note that
# if nothing is specified here and disable_existing_loggers is True,
# django.db.backends will still log unless it is disabled explicitly.
'disable_existing_loggers': False,
# If apache2 mod_wsgi is used to deploy OpenStack dashboard
# timestamp is output by mod_wsgi. If WSGI framework you use does not
# output timestamp for logging, add %(asctime)s in the following
# format definitions.
'formatters': {
'console': {
'format': '%(levelname)s %(name)s %(message)s'
'operation': {
# The format of "%(message)s" is defined by
'format': '%(message)s'
'handlers': {
'null': {
'level': 'DEBUG',
'class': 'logging.NullHandler',
'console': {
# Set the level to "DEBUG" for verbose output logging.
'level': 'DEBUG' if DEBUG else 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'console',
'operation': {
'level': 'INFO',
'class': 'logging.StreamHandler',
'formatter': 'operation',
'loggers': {
'horizon': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'horizon.operation_log': {
'handlers': ['operation'],
'level': 'INFO',
'propagate': False,
'openstack_dashboard': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'novaclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'cinderclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'keystoneauth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'keystoneclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'glanceclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'neutronclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'swiftclient': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'oslo_policy': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'openstack_auth': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
'django': {
'handlers': ['console'],
'level': 'DEBUG',
'propagate': False,
# Logging from django.db.backends is VERY verbose, send to null
# by default.
'django.db.backends': {
'handlers': ['null'],
'propagate': False,
'requests': {
'handlers': ['null'],
'propagate': False,
'urllib3': {
'handlers': ['null'],
'propagate': False,
'chardet.charsetprober': {
'handlers': ['null'],
'propagate': False,
'iso8601': {
'handlers': ['null'],
'propagate': False,
'scss': {
'handlers': ['null'],
'propagate': False,
'all_tcp': {
'name': _('All TCP'),
'ip_protocol': 'tcp',
'from_port': '1',
'to_port': '65535',
'all_udp': {
'name': _('All UDP'),
'ip_protocol': 'udp',
'from_port': '1',
'to_port': '65535',
'all_icmp': {
'name': _('All ICMP'),
'ip_protocol': 'icmp',
'from_port': '-1',
'to_port': '-1',
'ssh': {
'name': 'SSH',
'ip_protocol': 'tcp',
'from_port': '22',
'to_port': '22',
'smtp': {
'name': 'SMTP',
'ip_protocol': 'tcp',
'from_port': '25',
'to_port': '25',
'dns': {
'name': 'DNS',
'ip_protocol': 'tcp',
'from_port': '53',
'to_port': '53',
'http': {
'name': 'HTTP',
'ip_protocol': 'tcp',
'from_port': '80',
'to_port': '80',
'pop3': {
'name': 'POP3',
'ip_protocol': 'tcp',
'from_port': '110',
'to_port': '110',
'imap': {
'name': 'IMAP',
'ip_protocol': 'tcp',
'from_port': '143',
'to_port': '143',
'ldap': {
'name': 'LDAP',
'ip_protocol': 'tcp',
'from_port': '389',
'to_port': '389',
'https': {
'name': 'HTTPS',
'ip_protocol': 'tcp',
'from_port': '443',
'to_port': '443',
'smtps': {
'name': 'SMTPS',
'ip_protocol': 'tcp',
'from_port': '465',
'to_port': '465',
'imaps': {
'name': 'IMAPS',
'ip_protocol': 'tcp',
'from_port': '993',
'to_port': '993',
'pop3s': {
'name': 'POP3S',
'ip_protocol': 'tcp',
'from_port': '995',
'to_port': '995',
'ms_sql': {
'name': 'MS SQL',
'ip_protocol': 'tcp',
'from_port': '1433',
'to_port': '1433',
'mysql': {
'name': 'MYSQL',
'ip_protocol': 'tcp',
'from_port': '3306',
'to_port': '3306',
'rdp': {
'name': 'RDP',
'ip_protocol': 'tcp',
'from_port': '3389',
'to_port': '3389',
chown -R apache:apache /usr/share/openstack-dashboard/
cp /etc/httpd/conf.d/openstack-dashboard.conf{,backup}
vi /etc/httpd/conf.d/openstack-dashboard.conf
添加WSGIApplicationGroup %{GLOBAL}
WSGIDaemonProcess dashboard
WSGIProcessGroup dashboard
WSGISocketPrefix run/wsgi
WSGIApplicationGroup %{GLOBAL}
##add#WSGIApplicationGroup %{GLOBAL}
#WSGIScriptAlias /dashboard /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
WSGIScriptAlias / /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
#Alias /dashboard/static /usr/share/openstack-dashboard/static
Alias /static /usr/share/openstack-dashboard/static
Options All
AllowOverride All
Require all granted
Options All
AllowOverride All
Require all granted
systemctl restart httpd.service memcached.service