1、搭建安装环境
CentOS 8.3系统安装推荐使用工具VMware® Workstation 16 Pro 16.1.2或以上版本
CentOS 8.3下载链接:http://mirrors.163.com/centos/8.3.2011/isos/x86_64/CentOS-8.3.2011-x86_64-dvd1.iso
系统配置:推荐4U8G100G 网络采用NAT模式 手动配置静态地址
若虚拟机网卡状态异常请检查虚拟机网卡配置文件和宿主机VMware NAT service服务是否开启
2、安装OpenStack
系统初始化配置
配置IP地址(需配置VMware NAT网段里面的静态地址段)
sed -i 's/dhcp/static/' /etc/sysconfig/network-scripts/ifcfg-ens33
echo 'IPADDR=192.168.16.5
NETMASK=255.255.255.0
GATEWAY=192.168.16.2
DNS1=192.168.16.2' >> /etc/sysconfig/network-scripts/ifcfg-ens33
nmcli c reload
nmcli d connect ens33
关闭防火墙 、SElinux,配置主机名并重启
systemctl stop firewalld.service
systemctl disable firewalld.service
sed -i 's/enforcing/disable/' /etc/selinux/config
echo 'victoria 192.168.16.5' >> /etc/hosts
reboot
安装OpenStack软件包
从 Ussuri 发行版开始,需要使用 CentOS8 或 RHEL 8。以前的 OpenStack 发行版将需要使用 CentOS7 或 RHEL 7
在此之前,你可以更换yum源为国内的yum源
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-8.repo
yum install centos-release-openstack-victoria -y
yum config-manager --set-enabled PowerTools
完成安装
升级软件包,并安装OpenStack客户端,安装 openstack-selinux软件包以自动管理 OpenStack 服务的安全策略
yum upgrade -y
yum install python3-openstackclient -y
yum install openstack-selinux -y
安装SQL数据库
1、安装数据库
yum install mariadb mariadb-server python2-PyMySQL -y
2、创建和编辑/etc/my.cnf.d/openstack.cnf文件(/etc/my.cnf.d/如果需要,备份现有的配置文件)并完成以下操作:
创建一个[mysqld]章节,设置bind-address 为管理IP地址(本来应该填写controller节点的管理IP地址,且配置允许其他节点通过管理网络访问,当前为allinone,修改IP地址为当前节点,其他配置不变)。设置附加键以启用有用的选项和 UTF-8 字符集:
echo '[mysqld]
bind-address = 192.168.16.5
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8' > /etc/my.cnf.d/openstack.cnf
完成安装
1、启动数据库服务并配置它在系统启动时启动
systemctl enable mariadb.service && systemctl start mariadb.service
2、通过运行mysql_secure_installation 脚本来保护数据库服务。特别是,为数据库root帐户选择一个合适的密码 :
echo -e "\nY\nDATABASE_PASS\nDATABASE_PASS\nY\nn\nY\nY\n" | mysql_secure_installation
数据库安全配置向导
注:以上解释如下
初次运行直接回车
是否设置root用户密码
是否删除匿名用户
是否禁止root远程登录
是否删除test数据库
是否重新加载权限表
安装消息队列
注:OpenStack使用消息队列来协调服务之间的操作和状态信息。消息队列服务通常在控制器节点上运行。OpenStack支持多个消息队列服务,包括RabbitMQ、Qpid和ZeroMQ。但是,大多数打包OpenStack的发行版都支持特定的消息队列服务。通常使用RabbitMQ消息队列服务,因为大多数发行版都支持它。如果希望实现不同的消息队列服务,请参阅与之相关的文档。
消息队列在控制器节点上运行
1、安装软件包,启动消息队列服务并配置它在系统启动时启动
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service && systemctl start rabbitmq-server.service
3、添加openstack用户,密码为RABBIT_PASS
rabbitmqctl add_user openstack RABBIT_PASS
4、许可证配置, openstack用户的写入和读取、访问权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
安装Memcached
注:服务的身份服务认证机制使用 Memcached 来缓存令牌。memcached 服务通常在控制器节点上运行。对于生产部署,我们建议启用防火墙、身份验证和加密的组合来保护它。
1、安装软件包
yum install memcached python3-memcached -y
2、编辑/etc/sysconfig/memcached文件并完成以下操作
当前环境我们只需配置为当前节点的主机名( 本来应将服务配置为使用控制器节点的管理 IP 地址),这是为了允许其他节点通过管理网络进行访问
sed -i "s/-l 127.0.0.1,::1/-l 127.0.0.1,::1,victoria/g" /etc/sysconfig/memcached
3、启动 Memcached 服务并配置它在系统启动时启动:
systemctl enable memcached.service && systemctl start memcached.service
安装etcd
注:OpenStack 服务可能会使用 Etcd,一种分布式可靠的键值存储,用于分布式密钥锁定、存储配置、跟踪服务的实时性和其他场景。
1、安装软件包
yum install etcd -y
2、编辑该/etc/etcd/etcd.conf文件,将ETCD_INITIAL_CLUSTER, ETCD_INITIAL_ADVERTISE_PEER_URLS, ETCD_ADVERTISE_CLIENT_URLS, 设置为ETCD_LISTEN_CLIENT_URLS当前节点的IP地址(本来应该是控制器节点的管理 IP 地址),以允许其他节点通过管理网络访问:
mv /etc/etcd/etcd.conf /etc/etcd/etcd.conf.bak
tee /etc/etcd/etcd.conf <<-'EOF'
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.16.5:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.16.5:2379"
ETCD_NAME="victoria"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.16.5:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.16.5:2379"
ETCD_INITIAL_CLUSTER="victoria=http://192.168.16.5:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
EOF
3、启用并启动 etcd 服务
systemctl enable etcd && systemctl start etcd
安装Keystone
注:OpenStack Identity 服务为管理身份验证、授权和服务目录提供了单点集成。
身份服务通常是用户与之交互的第一个服务。通过身份验证后,最终用户可以使用他们的身份访问其他 OpenStack 服务。同样,其他 OpenStack 服务利用身份服务来确保用户是他们所说的人,并发现其他服务在部署中的位置。Identity 服务还可以与一些外部用户管理系统(例如 LDAP)集成。
用户和服务可以使用由身份服务管理的服务目录来定位其他服务。顾名思义,服务目录是 OpenStack 部署中可用服务的集合。每个服务可以有一个或多个端点,每个端点可以是以下三种类型之一:管理、内部或公共。在生产环境中,出于安全原因,不同的端点类型可能位于向不同类型用户公开的不同网络上。例如,公共 API 网络可能从 Internet 上可见,因此客户可以管理他们的云。管理 API 网络可能仅限于组织内管理云基础架构的操作员。内部 API 网络可能仅限于包含 OpenStack 服务的主机。此外,OpenStack 支持多个区域以实现可扩展性。RegionOne地区。在身份服务中创建的区域、服务和端点共同构成了部署的服务目录。您部署中的每个 OpenStack 服务都需要一个服务条目,其中相应的端点存储在 Identity 服务中。这一切都可以在安装和配置 Identity 服务后完成。
身份服务包含以下组件:
服务器
集中式服务器使用 RESTful 接口提供身份验证和授权服务。
驱动程序
驱动程序或服务后端集成到中央服务器。它们用于访问 OpenStack 外部存储库中的身份信息,并且可能已经存在于部署 OpenStack 的基础设施中(例如,SQL 数据库或 LDAP 服务器)。
模块
中间件模块在使用身份服务的 OpenStack 组件的地址空间中运行。这些模块拦截服务请求,提取用户凭据,并将其发送到中央服务器进行授权。中间件模块和 OpenStack 组件之间的集成使用 Python Web 服务器网关接口。
先决条件
在安装和配置身份服务之前,您必须创建一个Keystone数据库
1、使用数据库访问客户端以root用户身份连接数据库,并创建Keystone数据库
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE keystone"
2、授予对keystone数据库的适当访问权限,KEYSTONE_DBPASS为Keystone数据库密码
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS'"
安装配置组件
1、安装软件包
yum install openstack-keystone httpd python3-mod_wsgi -y
2、编辑/etc/keystone/keystone.conf配置文件并完成以下操作
在该[database]部分中,配置数据库访问链接:
在[token]部分中,配置 Fernet 令牌提供程序(Fernet 令牌和 Apache HTTP 服务器来处理请求):
sed -i "597c connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@victoria/keystone" /etc/keystone/keystone.conf
sed -i "2471c provider = fernet" /etc/keystone/keystone.conf
3、填充认证服务数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
4、初始化 Fernet 密钥库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
5、引导身份服务,ADMIN_PASS为管理员密码
在 Queens 发布之前,keystone 需要在两个单独的端口上运行以适应 Identity v2 API,后者通常在端口 35357 上运行单独的仅管理员服务。随着 v2 API 的删除,keystone 可以在同一端口上运行所有接口。
keystone-manage bootstrap --bootstrap-password ADMIN_PASS \
--bootstrap-admin-url http://victoria:5000/v3/ \
--bootstrap-internal-url http://victoria:5000/v3/ \
--bootstrap-public-url http://victoria:5000/v3/ \
--bootstrap-region-id RegionOne
配置Apache HTTP服务器
1、编辑/etc/httpd/conf/httpd.conf文件并配置 ServerName选项以引用控制器节点:
sed -i "99c ServerName victoria" /etc/httpd/conf/httpd.conf
2、创建/usr/share/keystone/wsgi-keystone.conf文件链接:
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
完成安装
1、启动 Apache HTTP 服务并配置它在系统启动时启动:
systemctl enable httpd.service && systemctl start httpd.service
2、创建admin用户的环境变量脚本,并导入
tee /etc/admin-openrc <<-'EOF'
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://victoria:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
EOF
source /etc/admin-openrc
3、创建域、项目、用户、角色
创建新域example
使用一个服务项目,该项目包含您添加到环境中的每个服务的唯一用户-service
非特权项目和用户。创建myproject项目和myuser 用户
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
安装Glance
先决条件
在安装和配置 Image 服务之前,必须创建数据库、服务凭证和 API 端点
1、创建glance数据库,授予对glance数据库的适当访问权限,GLANCE_DBPASS为Glance数据库密码
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE glance"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS'"
2、要创建服务凭证,请完成以下步骤
创建glance用户,密码GLANCE_PASS
openstack user create --domain default --password-prompt glance
将admin角色添加到glance用户和 service项目
openstack role add --project service --user glance admin
创建glance服务实体
openstack service create --name glance --description "OpenStack Image" image
3、创建图像服务 API 端点
openstack endpoint create --region RegionOne image public http://victoria:9292
openstack endpoint create --region RegionOne image internal http://victoria:9292
openstack endpoint create --region RegionOne image admin http://victoria:9292
安装配置组件
1、安装软件包
yum install openstack-glance
2、编辑/etc/glance/glance-api.conf文件并完成以下操作
配置数据库访问
在[keystone_authtoken]和[paste_deploy]部分,配置身份服务访问
在该[glance_store]部分中,配置本地文件系统存储和图像文件的位置
sed -i "1593c connection = mysql+pymysql://glance:GLANCE_DBPASS@victoria/glance" /etc/glance/glance-api.conf
sed -i "4658c www_authenticate_uri = http://victoria:5000" /etc/glance/glance-api.conf
sed -i "4659c auth_url = http://victoria:5000" /etc/glance/glance-api.conf
sed -i "4660c memcached_servers = victoria:11211" /etc/glance/glance-api.conf
sed -i "4661c auth_type = password" /etc/glance/glance-api.conf
sed -i "4662c project_domain_name = Default" /etc/glance/glance-api.conf
sed -i "4663c user_domain_name = Default" /etc/glance/glance-api.conf
sed -i "4664c project_name = service" /etc/glance/glance-api.conf
sed -i "4665c username = glance" /etc/glance/glance-api.conf
sed -i "4666c password = GLANCE_PASS" /etc/glance/glance-api.conf
sed -i "5314c flavor = keystone" /etc/glance/glance-api.conf
sed -i "2988c stores = file,http" /etc/glance/glance-api.conf
sed -i "2989c default_store = file" /etc/glance/glance-api.conf
sed -i "2990c filesystem_store_datadir = /var/lib/glance/images/" /etc/glance/glance-api.conf
3、填充镜像服务数据库
su -s /bin/sh -c "glance-manage db_sync" glance
完成安装并设置为开机启动
systemctl enable openstack-glance-api.service && systemctl start openstack-glance-api.service
安装Placement
Placement服务提供用于跟踪资源提供者库存和使用情况的[HTTP API]
1、创建数据库
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE placement"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS'"
2、创建用户placement和服务断点,密码PLACEMENT_PASS
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://victoria:8778
openstack endpoint create --region RegionOne placement internal http://victoria:8778
openstack endpoint create --region RegionOne placement admin http://victoria:8778
安装和配置包
yum install openstack-placement-api -y/etc/placement/placement.conf
sed -i "515c connection = mysql+pymysql://placement:PLACEMENT_DBPASS@victoria/placement" /etc/placement/placement.conf
sed -i "192c auth_strategy = keystone" /etc/placement/placement.conf
sed -i "241c auth_url = http://victoria:5000/v3" /etc/placement/placement.conf
sed -i "242c memcached_servers = victoria:11211" /etc/placement/placement.conf
sed -i "243c auth_type = password" /etc/placement/placement.conf
sed -i "244c project_domain_name = Default" /etc/placement/placement.conf
sed -i "245c user_domain_name = Default" /etc/placement/placement.conf
sed -i "246c project_name = service" /etc/placement/placement.conf
sed -i "247c username = placement" /etc/placement/placement.conf
sed -i "248c password = PLACEMENT_PASS" /etc/placement/placement.conf
填充数据库
su -s /bin/sh -c "placement-manage db sync" placement
重启http完成安装
systemctl restart httpd
安装Nova
安装和配置控制节点
创建和配置数据库
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE nova_api"
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE nova"
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE nova_cell0"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS'"
创建计算服务凭证、服务端点
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://victoria:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://victoria:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://victoria:8774/v2.1
安装配置组件
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
sed -i "2c enabled_apis = osapi_compute,metadata" /etc/nova/nova.conf
sed -i "1094c connection = mysql+pymysql://nova:NOVA_DBPASS@victoria/nova_api" /etc/nova/nova.conf
sed -i "1673c connection = mysql+pymysql://nova:NOVA_DBPASS@victoria/nova" /etc/nova/nova.conf
sed -i "3c transport_url = rabbit://openstack:RABBIT_PASS@victoria:5672/" /etc/nova/nova.conf
sed -i "887c auth_strategy = keystone" /etc/nova/nova.conf
sed -i "2637c www_authenticate_uri = http://victoria:5000/" /etc/nova/nova.conf
sed -i "2638c auth_url = http://victoria:5000/" /etc/nova/nova.conf
sed -i "2639c memcached_servers = victoria:11211" /etc/nova/nova.conf
sed -i "2640c auth_type = password" /etc/nova/nova.conf
sed -i "2641c project_domain_name = Default" /etc/nova/nova.conf
sed -i "2642c user_domain_name = Default" /etc/nova/nova.conf
sed -i "2643c project_name = service" /etc/nova/nova.conf
sed -i "2644c username = nova" /etc/nova/nova.conf
sed -i "2645c password = NOVA_PASS" /etc/nova/nova.conf
sed -i "4c my_ip = 192.168.16.5" /etc/nova/nova.conf
sed -i "5291c enabled = true" /etc/nova/nova.conf
sed -i "5292c server_listen = \$my_ip" /etc/nova/nova.conf
sed -i "5293c server_proxyclient_address = \$my_ip" /etc/nova/nova.conf
sed -i "1988c api_servers = http://victoria:9292" /etc/nova/nova.conf
sed -i "3694c lock_path = /var/lib/nova/tmp" /etc/nova/nova.conf
sed -i "4226c region_name = RegionOne" /etc/nova/nova.conf
sed -i "4227c project_domain_name = Default" /etc/nova/nova.conf
sed -i "4228c project_name = service" /etc/nova/nova.conf
sed -i "4228c auth_type = password" /etc/nova/nova.conf
sed -i "4229c user_domain_name = Default" /etc/nova/nova.conf
sed -i "4230c auth_url = http://victoria:5000/v3" /etc/nova/nova.conf
sed -i "4231c username = placement" /etc/nova/nova.conf
sed -i "4232c password = PLACEMENT_PASS" /etc/nova/nova.conf
初始化数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
完成安装,启动服务
systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl start \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
安装和配置计算节点
yum install openstack-nova-compute -y
sed -i "5c transport_url = rabbit://openstack:RABBIT_PASS@victoria" /etc/nova/nova.conf
sed -i "5294c novncproxy_base_url = http://victoria:6080/vnc_auto.html" /etc/nova/nova.conf
sed -i "5233c project_name = service" /etc/nova/nova.conf
启动服务并设置为开机自启
systemctl enable libvirtd.service openstack-nova-compute.service && systemctl start libvirtd.service openstack-nova-compute.service
将计算节点加入数据库
在控制器节点上运行以下命令
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
安装Neutron
创建配置数据库
mysql -uroot -pDATABASE_PASS -e "CREATE DATABASE neutron
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS'"
mysql -uroot -pDATABASE_PASS -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS'"
创建服务凭证和服务端点
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://victoria:9696
openstack endpoint create --region RegionOne \
network internal http://victoria:9696
openstack endpoint create --region RegionOne \
network admin http://victoria:9696
配置Self-service网络
安装组件
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
配置组件
sed -i "258c connection = mysql+pymysql://neutron:NEUTRON_DBPASS@victoria/neutron" /etc/neutron/neutron.conf
sed -i "2c core_plugin = ml2" /etc/neutron/neutron.conf
sed -i "3c service_plugins = router" /etc/neutron/neutron.conf
sed -i "4c allow_overlapping_ips = true" /etc/neutron/neutron.conf
sed -i "5c transport_url = rabbit://openstack:RABBIT_PASS@victoria" /etc/neutron/neutron.conf
sed -i "6c auth_strategy = keystone" /etc/neutron/neutron.conf
sed -i "7c notify_nova_on_port_status_changes = true" /etc/neutron/neutron.conf
sed -i "8c notify_nova_on_port_data_changes = true" /etc/neutron/neutron.conf
sed -i "364c www_authenticate_uri = http://victoria:5000" /etc/neutron/neutron.conf
sed -i "365c auth_url = http://victoria:5000" /etc/neutron/neutron.conf
sed -i "366c memcached_servers = victoria:11211" /etc/neutron/neutron.conf
sed -i "367c auth_type = password" /etc/neutron/neutron.conf
sed -i "368c project_domain_name = default" /etc/neutron/neutron.conf
sed -i "369c user_domain_name = default" /etc/neutron/neutron.conf
sed -i "370c project_name = service" /etc/neutron/neutron.conf
sed -i "371c username = neutron" /etc/neutron/neutron.conf
sed -i "372c password = NEUTRON_PASS" /etc/neutron/neutron.conf
echo "auth_url = http://victoria:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS" >> /etc/neutron/neutron.conf
sed -i "526c lock_path = /var/lib/neutron/tmp" /etc/neutron/neutron.conf
配置ML2插件
echo "[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true" >> /etc/neutron/plugins/ml2/ml2_conf.ini
配置linux bridge agent
echo "[linux_bridge]
physical_interface_mappings = provider:ens33
[vxlan]
enable_vxlan = true
local_ip = OVERLAY_INTERFACE_IP_ADDRESS
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver" >> /etc/neutron/plugins/ml2/linuxbridge_agent.ini
配置 layer-3 agent
sed -i "2c interface_driver = linuxbridge" /etc/neutron/l3_agent.ini
配置DHCP代理
sed -i "2c interface_driver = linuxbridge" /etc/neutron/dhcp_agent.ini
sed -i "3c dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq" /etc/neutron/dhcp_agent.ini
sed -i "4c enable_isolated_metadata = true" /etc/neutron/dhcp_agent.ini
配置元数据代理
sed -i "2c nova_metadata_host = victoria" /etc/neutron/metadata_agent.ini
sed -i "3c metadata_proxy_shared_secret = METADATA_SECRET" /etc/neutron/metadata_agent.ini
配置computer使用网络服务
sed -i "3456c auth_url = http://victoria:5000" /etc/nova/nova.conf
sed -i "3457c auth_type = password" /etc/nova/nova.conf
sed -i "3458c project_domain_name = default" /etc/nova/nova.conf
sed -i "3459c user_domain_name = default" /etc/nova/nova.conf
sed -i "3460c region_name = RegionOne" /etc/nova/nova.conf
sed -i "3461c project_name = service" /etc/nova/nova.conf
sed -i "3462c username = neutron" /etc/nova/nova.conf
sed -i "3463c password = NEUTRON_PASS" /etc/nova/nova.conf
sed -i "3464c service_metadata_proxy = true" /etc/nova/nova.conf
sed -i "3465c metadata_proxy_shared_secret = METADATA_SECRET" /etc/nova/nova.conf
完成安装
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service && systemctl start neutron-l3-agent.service
安装Horizon
yum install openstack-dashboard -y
配置组件
sed -i '118c OPENSTACK_HOST = "victoria"' /etc/openstack-dashboard/local_settings
sed -i "39c ALLOWED_HOSTS = ['*']" /etc/openstack-dashboard/local_settings
sed -i "104c SESSION_ENGINE = 'django.contrib.sessions.backends.cache'" /etc/openstack-dashboard/local_settings
sed -i "94c CACHES = {" /etc/openstack-dashboard/local_settings
sed -i "95c 'default': {" /etc/openstack-dashboard/local_settings
sed -i "96c 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache'," /etc/openstack-dashboard/local_settings
sed -i "97c 'LOCATION': 'victoria:11211'," /etc/openstack-dashboard/local_settings
sed -i "98c }" /etc/openstack-dashboard/local_settings
sed -i "99c }" /etc/openstack-dashboard/local_settings
sed -i '119c OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST' /etc/openstack-dashboard/local_settings
echo 'OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True' >> /etc/openstack-dashboard/local_settings
echo 'OPENSTACK_API_VERSIONS = {' >> /etc/openstack-dashboard/local_settings
echo ' "identity": 3,' >> /etc/openstack-dashboard/local_settings
echo ' "image": 2,' >> /etc/openstack-dashboard/local_settings
echo ' "volume": 3' >> /etc/openstack-dashboard/local_settings
echo '}' >> /etc/openstack-dashboard/local_settings
echo 'OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"' >> /etc/openstack-dashboard/local_settings
echo 'OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"' >> /etc/openstack-dashboard/local_settings
sed -i '123c TIME_ZONE = "Asia/Shanghai"' /etc/openstack-dashboard/local_settings
echo "WEBROOT = '/dashboard/'" >> /etc/openstack-dashboard/local_settings
echo 'WSGIApplicationGroup %{GLOBAL}' >> /etc/httpd/conf.d/openstack-dashboard.conf
systemctl restart httpd.service memcached.service
完成安装
重启服务
systemctl restart httpd.service memcached.service
使用 Web 浏览器访问仪表板 http://victoria/dashboard
使用admin或demo用户和default域凭据进行身份验证
参考官方文档:https://docs.openstack.org/install-guide/openstack-services.html