▲单独架构的小伙伴看这里:(学习杰哥视频的作业第15-16天)
1、使用docker安装部署jumpserver跳板机
一、实验环境
1.1 服务器IP
(1)Mariadb+redis:192.168.253.20
(2)Jumpserver :192.168.253.30
1.2 软件环境
(1)jumpserver/jms_all:v2.2.0
(2)docker-ce
二、配置Mariadb+Redis
2.1 安装配置Mariadb
[253.20]# yum install mariadb-server -y
[253.20]# mysql
mysql>create database jumpserver default charset 'utf8' collate 'utf8_bin';
mysql>grant all on jumpserver.* to 'jumpserver'@'%' identified by 'abc.123';
2.2 安装配置Redis(需要epel源)
[253.20]# yum install redis -y
[253.20]# vim /etc/redis.conf
bind 0.0.0.0
requirepass abc.123
三、部署Docker(使用yum安装)
3.1 安装必要的一些系统工具
[253.30]# yum install -y yum-utils device-mapper-persistent-data lvm2
3.2 添加软件源信息
[253.30]# yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo
3.3 更新并安装Docker-CE
[253.30]# yum makecache fastsudo yum -y install docker-ce
3.4 开启Docker服务
[253.30]# service docker start
3.5 验证docker
[253.30]# docker version
3.6 修改镜像下载配置
[253.30]# vim /etc/docker/daemon.json
{
"registry-mirrors" : ["https://9916w1ow.mirror.aliyuncs.com" ]
}
四、部署Jumperserver
4.1 生成随机加密秘钥和初始化 token
[253.30]# if [ "$SECRET_KEY" = "" ]; then SECRET_KEY=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 50`; echo "SECRET_KEY=$SECRET_KEY" >> ~/.bashrc; echo $SECRET_KEY; else echo $SECRET_KEY; fi
XHK7dhQ4nmEPqE0rqWupOm2FtYIEeD1DmU9EiNyfl3pypEtgjK
[253.30]# if [ "$BOOTSTRAP_TOKEN" = "" ]; then BOOTSTRAP_TOKEN=`cat /dev/urandom | tr -dc A-Za-z0-9 | head -c 16`; echo "BOOTSTRAP_TOKEN=$BOOTSTRAP_TOKEN" >>~/.bashrc; echo $BOOTSTRAP_TOKEN; else echo $BOOTSTRAP_TOKEN; fi
z7QorguuusCTGx0H
4.2 导入镜像
[253.30]# docker pull jumpserver/jms_all:v2.2.0
4.3 建立容器
[253.30]# docker run --name linux-n44 \
-v /opt/jumpserver:/opt/jumpserver/data/media \
-p 80:80 \
-p 2222:2222 \
-e SECRET_KEY=XHK7dhQ4nmEPqE0rqWupOm2FtYIEeD1DmU9EiNyfl3pypEtgjK \
-e BOOTSTRAP_TOKEN=z7QorguuusCTGx0H \
-e DB_HOST=192.168.253.20 \
-e DB_PORT=3306 \
-e DB_USER='jumpserver' \
-e DB_PASSWORD="abc.123" \
-e DB_NAME=jumpserver \
-e REDIS_HOST=192.168.253.20 \
-e REDIS_PORT=6379 \
-e REDIS_PASSWORD="abc.123" \
jumpserver/jms_all:v2.2.0
4.4 查看容器启动状态
[253.30]# docker logs -f linux-n44
五、登录 web
http://192.168.253.30 (默认账户 admin,密码 admin)
2、openstack rocky版keystone,glance,nova,neutron,cirros等安装配置。
一、环境
系统版本为Centos7.5
内存均分配:4G
存储:40G
CUP:2核(根据电脑实际情况分配)
准备两台电脑或虚拟机(配置两张网卡)
192.168.253.188
192.168.253.190
二、准备
###关闭防火墙
systemctl restart network
systemctl stop firewalld
systemctl disable firewalld
setenforce 0
sed -i 's/=enforcing/=disabled/' /etc/selinux/config
###更新软件包
yum upgrade -y
###重启
reboot
###设置主机名
hostnamectl set-hostname controller
hostnamectl set-hostname compute
###添加主机映射
cat << EOF >> /etc/hosts
192.168.253.188 controller
192.168.253.190 compute
EOF
设置阿里云镜像源
1.备份
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
2. 下载阿里云的CentOS-Base.repo 到/etc/yum.repos.d/
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
3. 清理缓存
sudo yum clean all
4. 生成新的缓存
sudo yum makecache
5. 添加Openstack yum源:
cat << EOF >> /etc/yum.repos.d/openstack.repo
[openstack-rocky]
name=openstack-rocky
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
enabled=1
gpgcheck=0
[qume-kvm]
name=qemu-kvm
baseurl= https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
enabled=1
gpgcheck=0
EOF
###配置时间同步
1. controller节点
yum install -y chrony
编辑/etc/chrony.conf文件,修改配置为如下:
server controller iburst
allow 192.168.0.0/16
启动服务
systemctl start chronyd
systemctl enable chronyd
2. compute节点
yum install -y chrony
编辑/etc/chrony.conf文件,修改配置为如下:
server controller iburst
启动服务
systemctl start chronyd
systemctl enable chronyd
三、安装
###安装OpenStack客户端和selinux服务
yum install -y python-openstackclient openstack-selinux
###安装数据库服务
1、在controller节点安装数据库
[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL
2、修改数据库配置文件
vim /etc/my.cnf.d/openstack.cnf
3、新建数据库配置文件/etc/my.cnf.d/openstack.cnf,添加以下内容:
[mysqld]
bind-address = 192.168.253.188
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
###启动数据库服务
[root@controller ~]# systemctl enable mariadb.service
[root@controller ~]# systemctl start mariadb.service
###设置数据库密码
[root@controller ~]# mysql_secure_installation
###安装消息队列服务
在controller节点安装rabbitmq-server
[root@controller ~]# yum install -y rabbitmq-server -y
###启动消息队列服务
[root@controller ~]# systemctl start rabbitmq-server.service
[root@controller ~]# systemctl enable rabbitmq-server.service
###添加openstack用户
[root@controller ~]# rabbitmqctl add_user openstack 123456
Creating user "openstack" ...
###设置openstack用户最高权限
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/" ...
###安装memcached 服务
在controller节点上安装memcached
[root@controller ~]# yum install -y memcached
修改memcached配置文件
编辑/etc/sysconfig/memcached,修改以下内容
修改OPTIONS="-l 127.0.0.1,::1"为
OPTIONS="-l 127.0.0.1,::1,controller"
###启动memcached服务
[root@controller ~]# systemctl start memcached.service
[root@controller ~]# systemctl enable memcached.service
###安装etcd服务
在controller节点上安装etcd服务
[root@controller ~]# yum install etcd -y
修改etcd配置文件,使其他节点能够访问
[root@controller ~]# vim /etc/etcd/etcd.conf
编辑/etc/etcd/etcd.conf,在各自的位置修改以下内容
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.253.188:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.253.188:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.253.188:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.253.188:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.253.188:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
###启动etcd服务
[root@controller ~]# systemctl start etcd
[root@controller ~]# systemctl enable etcd
四、安装keystone服务
###创建数据库
[root@controller ~]# mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
###安装软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
编辑配置文件/etc/keystone/keystone.conf
vim /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
provider = fernet
###同步数据库
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
###初始化fernet key库
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
###引导身份认证
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123456 \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
###编辑httpd配置文件
vim /etc/httpd/conf/httpd.conf
ServerName controller
###创建文件链接
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
###启动httpd服务
[root@controller ~]# systemctl start httpd
[root@controller ~]# systemctl enable httpd
###编写环境变量脚本admin-openrc.sh
export OS_USERNAME=admin
export OS_PASSWORD=123456
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
###创建service项目
[root@controller ~]# openstack project create --domain default --description "Service Project" service
###验证
[root@controller ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 5238d646322346be9e3f9750422bcf4d | admin |
+----------------------------------+-------+
###查看
[root@controller ~]# openstack token issue
五、glance安装
###创建数据库
[root@controller ~]# mysql -uroot -p123456
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
###创建用户、服务等
[root@controller ~]# source admin-openrc
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:123456
Repeat User Password:123456
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne image admin http://controller:9292
###安装软件包
[root@controller ~]# yum install -y openstack-glance
编辑配置文件/etc/glance/glance-api.conf
vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
编辑配置文件/etc/glance/glance-registry.conf
vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:123456@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456
[paste_deploy]
flavor = keystone
###同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
###启动服务
[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
###验证
[root@controller ~]#. admin-openrc
[root@controller ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@controller ~]# openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public
六、安装nova服务
###controller节点
1、创建数据库
[root@controller ~]# mysql -u root -p123456
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> CREATE DATABASE placement;
Grant proper access to the databases:
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123456';
2、创建相关用户、服务
[root@controller ~]# openstack user create --domain default --password-prompt nova
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute
[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
[root@controller ~]# openstack user create --domain default --password-prompt placement
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement --description "Placement API" placement
[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778
3、安装软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
编辑配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:123456@controller/nova_api
[database]
connection = mysql+pymysql://nova:123456@controller/nova
[placement_database]
connection = mysql+pymysql://placement:123456@controller/placement
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[DEFAULT]
my_ip = 192.168.253.188
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123456
编辑/etc/httpd/conf.d/00-nova-placement-api.conf
vim /etc/httpd/conf.d/00-nova-placement-api.conf
添加以下内容
= 2.4> Require all granted
Order allow,deny
Allow from all
4、重启httpd服务
[root@controller ~]# systemctl restart httpd
5、同步nova_api数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
6、注册cell0数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
7、创建cell1单元
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
54e6c270-7390-4390-8702-02b72874c5a7
8、同步nova数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
9、验证cell0和cell1注册成功
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
10、启动服务
[root@controller ~]# systemctl start openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
[root@controller ~]# systemctl enable openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
PS:官网没有启动nova-conductor服务,这个服务是交互数据库的,如果不启动这个服务,虚拟机创建不成功
###compute节点
###安装软件包
[root@compute ~]# yum install openstack-nova-compute -y
编辑配置文件/etc/nova/nova.conf
vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123456
[DEFAULT]
my_ip = 192.168.253.190
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http:// 192.168.253.188:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123456
###检查是否支持虚拟化
# egrep -c '(vmx|svm)' /proc/cpuinfo
如果等于0,则要在/etc/nova/nova.conf的[libvirt]下添加以下参数
[libvirt]
virt_type = qemu
###启动服务
[root@compute ~] # systemctl start libvirtd.service openstack-nova-compute.service
[root@compute ~] # systemctl enable libvirtd.service openstack-nova-compute.service
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
###controller节点
确认数据库中有计算节点
# . admin-openrc
[root@controller ~]# openstack compute service list --service nova-compute
###发现计算节点
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
***如果想要自动发现新compute节点,可以在/etc/nova/nova.conf的[scheduler]下添加以下参数
[scheduler]
discover_hosts_in_cells_interval = 300
七、安装neutron服务
controller节点
###创建数据库
[root@controller ~]# mysql -uroot -p123456
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';
###创建用户、服务
[root@controller ~]# openstack user create --domain default --password-prompt neutron
[root@controller ~]# openstack role add --project service --user neutron admin
[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network
[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne network admin http://controller:9696
###配置provider network网络
安装软件包
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
编辑/etc/neutron/neutron.conf配置文件
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins =
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
编辑配置文件/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
[ml2]
tenant_network_types =
[ml2]
mechanism_drivers = linuxbridge
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini配置文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑配置文件/etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
###配置Self-service网络
安装软件包
# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
配置/etc/neutron/neutron.conf文件
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = true
local_ip = 192.168.25300.10
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
编辑/etc/neutron/l3_agent.ini文件
[DEFAULT]
interface_driver = linuxbridge
编辑/etc/neutron/dhcp_agent.ini文件
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
编辑/etc/neutron/metadata_agent.ini文件
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
编辑/etc/nova/nova.conf文件
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
###创建链接
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
###同步数据库
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file
###启动服务
[root@controller ~]# systemctl restart openstack-nova-api
[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
如果选择了Self-service网络,还需要启动这个服务
[root@controller ~]# systemctl start neutron-l3-agent.service
[root@controller ~]# systemctl enable neutron-l3-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-l3-agent.service to /usr/lib/systemd/system/neutron-l3-agent.service.
compute节点
安装软件包
[root@compute ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
编辑配置/etc/neutron/neutron.conf文件
[DEFAULT]
transport_url = rabbit://openstack:123456@controller
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123456
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置provider网络
编辑配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置Self-service网络
编辑配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = true
local_ip = 192.168.253.190
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置nova配置/etc/nova/nova.conf文件
[neutron]
url = http://controller:9696
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
启动服务
[root@compute ~]# systemctl restart openstack-nova-compute
[root@compute ~]# systemctl start neutron-linuxbridge-agent.service
[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service
Created symlink from /etc/systemd/system/multi-user.target.wants/neutron-linuxbridge-agent.service to /usr/lib/systemd/system/neutron-linuxbridge-agent.service.
验证
[root@controller ~]# openstack network agent list
八、安装dashboard
controller节点
安装软件包
[root@controller ~]# yum install -y openstack-dashboard
编辑配置文件/etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*', 'localhost']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
编辑/etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
启动服务
[root@controller ~]# systemctl restart httpd.service memcached.service
九、验证
浏览器打开192.168.253.188/dashboard
3、配置nginx反向代理tomcat,并使用redis实现会话保持。
环境:
一台nginx+redis :192.168.2.198
一台tomcat1:192.168.2.197
一台tomcat2:192.168.2.199
一、2台Tomcat配置java环境及发布目录
1、jdk安装
#rpm -ivh jdk-8u151-linux-x64.rpm
2、tomcat下载、解压
tomcat 下载地址:http://tomcat.apache.org/
#tar xf apache-tomcat-7.0.78.tar.gz -C /usr/local/
#cd /usr/local/
#ln -s apache-tomcat-7.0.78 tomcat
3、配置path环境变量
#vim /etc/profile.d/tomcat.sh
export CATALINA_BASE=/usr/local/tomcat
export PATH=$CATALINA_BASE/bin:$PATH
#chmod +x /etc/profile.d/tomcat.sh # 赋予可执行权限
#source /etc/profile.d/tomcat.sh
4、创建测试网页的发布目录
#mkdir /usr/local/tomcat/webapps/test/
5、创建测试页面(197上创建tomcatA ,199上创建tomcatB)
[root@localhost conf]#vim /usr/local/tomcat_a/webapps/test/index.jsp
<%@ page language="java" %>
TomcatA TomcatA.linuxinfo.top
SessionID <% session.setAttribute("linuxinfo.top","linuxinfo.top");%>
<%=session.getId() %> Createdon <%=session.getCreationTime() %>
6、分别启动tomcat
#catalina.sh start #可也用全路径/usr/local/tomcat/bin/startup.sh
7、访问192.168.2.197,测试如下,查看session ID
二、配置nginx负载均衡
#vim /usr/local/nginx/conf/nginx.conf
upstream tomcat{
server 192.168.2.197:8080;
server 192.168.2.199:8080;
}
server {
listen 80;
server_name localhost;
location / {
proxy_pass http://192.168.2.198;
}
}
三、Redis 配置
1、下载相关软件包,放在 /usr/local/tomcat/lib。
asm-5.2.jar
kryo-3.0.3.jar
kryo-serializers-0.45.jar
memcached-session-manager-2.3.2.jar
memcached-session-manager-tc8-2.3.2.jar
minlog-1.3.1.jar
msm-kryo-serializer-2.3.2.jar
objenesis-2.6.jar
reflectasm-1.11.9.jar
spymemcached-2.12.3.jar
jedis.jar
2、安装Redis
# yum install redis
# vim /etc/redis.conf
bind 0.0.0.0
# systemctl start redis
3、编辑Redis配置文件
#vim /usr/local/tomcat/conf/context.xml
...
memcachedNodes="redis://192.168.2.198:6379"
sticky="false"
sessionBackupAsync="false"
lockingMode="uriPattern:/path1|/path2"
requestUriIgnorePattern=".*\.(ico|png|gif|jpg|css|js)$"
transcoderFactoryClass="de.javakaffee.web.msm.serializer.kryo.KryoTranscoderFactory"
/>
4、测试访问代理服务192.168.2.198,查看session ID 保持不变,实现会话保持