#网络
#防火墙
#用户用
#解析
#同步时间
OpenStack01 | OpenStack02 | OpenStack03 |
192.168.1.101 | 192.168.1.102 | 192.168.1.103 |
srv1 | srv2 | srv3 |
[root@srv1]# yum install chrony -y
[root@srv1]# vim /etc/chrony.conf
# 修改第3行,将NTP Server改为cn服务器
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst
# 修改第25行,允许本地其他服务器同步
allow 192.168.1.0/24
[root@srv1 ~]# systemctl restart chronyd
# 确认同步信息
[root@node1 ~]# chronyc sources -v
[root@srv1 ~]# yum install centos-release-openstack-queens -y
CentOS-Base.repo CentOS-QEMU-EV.repo epel.repo remi-php54.repo remi-php81.repo
CentOS-Ceph-Luminous.repo CentOS-SCLo-scl.repo epel-testing.repo remi-php70.repo remi.repo
CentOS-CR.repo CentOS-SCLo-scl-rh.repo remi-glpi91.repo remi-php71.repo remi-safe.repo
CentOS-Debuginfo.repo CentOS-Sources.repo remi-glpi92.repo remi-php72.repo
CentOS-fasttrack.repo CentOS-Storage-common.repo remi-glpi93.repo remi-php73.repo
CentOS-Media.repo CentOS-Vault.repo remi-glpi94.repo remi-php74.repo
CentOS-OpenStack-queens.repo CentOS-x86_64-kernel.repo remi-modular.repo remi-php80.repo
yum --enablerepo=centos-openstack-queens install mariadb-server -y
[root@srv1 ~]# yum update -y
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens install mariadb-server -y
[root@srv1 ~]# vim /etc/my.cnf
#于[mysqld]区段最后添加如下内容
[mysqld]
character-set-server=utf8
[root@srv1 ~]# systemctl enable --now mariadb
[root@srv1 ~]# netstat -anptu | grep 3306
tcp6 0 0 :::3306 :::* LISTEN 2459/mysqld
# 密码设置为password
[root@srv1 ~]# mysql_secure_installation
[root@srv1 ~]# yum --enablerepo=epel install rabbitmq-server memcached -y
[root@srv1 ~]# systemctl enable --now rabbitmq-server memcached
#在RabbitMQ中添加一个新用户,用户名为 "openstack",密码为 "password"。
[root@srv1 ~]# rabbitmqctl add_user openstack password
Creating user "openstack"
#为用户 "openstack" 设置权限。其中,".*" 参数表示获取了读、写配置,所有消息队列和交换机权限
[root@srv1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"
[root@srv1 ~]# netstat -anptu | grep 5672
tcp 0 0 0.0.0.0:25672 0.0.0.0:* LISTEN 2691/beam.smp
tcp6 0 0 :::5672 :::* LISTEN 2691/beam.smp
[root@srv1 ~]# netstat -anptu | grep 11211
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 2727/memcached
tcp6 0 0 ::1:11211 :::* LISTEN 2727/memcached
[root@srv1 ~]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> exit
Bye
============================================错误汇总============================================
1. 出现以下错误:
Error: Package: python2-pyngus-2.3.0-1.el7.noarch (epel)
Requires: python2-qpid-proton >= 0.28.0
2.解决方法
[root@srv1 ~]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
============================================汇总结束============================================
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y
[root@node1 ~]# vim /etc/keystone/keystone.conf
# 修改605行,指定Memcached的信息
memcache_servers = 192.168.11.101:11211
# 修改737行,指定数据库相关信息
connection = mysql+pymysql://keystone:[email protected]/keystone
# 于[token],添加2879行内容
[token]
provider = fernet
# 同步数据库
[root@node1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"
# 初始化秘钥(生成令牌加密)
[root@node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
# bootstrap keystone
[root@node1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \
--bootstrap-admin-url http://192.168.1.101:5000/v3/ \
--bootstrap-internal-url http://192.168.1.101:5000/v3/ \
--bootstrap-public-url http://192.168.1.101:5000/v3/ \
--bootstrap-region-id RegionOne
#设置管理员用户admin的密码为
#设置管理员用户admin的管理员URL,用于管理Keystone服务。
#设置管理员用户admin的内部URL,用于Keystone服务内部组件之间的通信。
#设置管理员用户admin的公共URL,用于对外提供服务的接口。
#设置Keystone的区域ID为 "RegionOne"。
[root@srv1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@srv1 ~]# systemctl enable --now httpd
[root@srv1 ~(keystone)]# netstat -lantp | grep 5000
tcp6 0 0 :::5000 :::* LISTEN 10137/httpd
[root@srv1 ~(keystone)]# netstat -lantp | grep 35357
tcp6 0 0 :::35357 :::* LISTEN 10137/httpd
设定环境
[root@srv1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '
#设置项目域名为 "default",用于指定项目所属的域。
#设置用户域名为 "default",用于指定用户所属的域。
#设置项目名称为 "admin",表示要操作的项目为 "admin"。
#设置用户名为 "admin",表示要使用的用户名为 "admin"。
#设置密码为 "adminpassword",用于进行身份验证。
#设置认证URL为 "http://192.168.1.101:5000/v3",用于身份验证和访问OpenStack服务。
#设置身份验证API版本为 "3",表示要使用OpenStack标识服务的API版本。
#设置镜像API版本为 "2",表示要使用OpenStack镜像服务的API版本。
#设置命令行提示符的格式。在提示符中显示当前用户名、主机名和当前工作目录,并指示当前环境为 "keystone"。
[root@srv1 ~]# chmod 600 ~/keystonerc
[root@srv1 ~]# source ~/keystonerc
[root@srv1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile
#执行~/keystonerc文件中的环境变量导入当前会话。keystonerc文件通常包含了OpenStack客户端命令行工具所需的各种环境变量,如认证信息、API版本等。
#将source ~/keystonerc命令添加到当前用户的~/.bash_profile文件中。这样,在每次用户登录时,~/.bash_profile文件中的内容会被执行,从而自动加载OpenStack客户端的环境变量设置。
#用于创建一个名为 "service" 的项目(Project),并将其关联到默认的域(Domain)中。
[root@srv1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
#查看当前OpenStack环境中所有项目的概览信息
[root@srv1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 045c8b0eb3e04e329f2fd1b0b0e8d164 | service |
| 221b4ddca2a4482dbf169d45771b3c27 | admin |
+----------------------------------+---------+
#用于显示admin的详细信息/admin是要显示详细信息的项目的名称或ID。
[root@srv1 ~(keystone)]# openstack project show admin
+-------------+-----------------------------------------------+
| Field | Value |
+-------------+-----------------------------------------------+
| description | Bootstrap project for initializing the cloud. |
| domain_id | default |
| enabled | True |
| id | 221b4ddca2a4482dbf169d45771b3c27 |
| is_domain | False |
| name | admin |
| parent_id | default |
| tags | [] |
+-------------+-----------------------------------------------+
#查看用户列表
[root@srv1 ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 63948f840014441fa5b6dbf032e13104 | admin |
+----------------------------------+-------+
#查看终端列表
[root@srv1 ~(keystone)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 4be9ebda8f83471fa59f389f9512f485 | RegionOne | keystone | identity | True | internal | http://192.168.1.101:5000/v3/ |
| 6db3f9752db5432ab5e36b0a70eca23d | RegionOne | keystone | identity | True | admin | http://192.168.1.101:5000/v3/ |
| 74c7fc497a8e462bb0c2be1af0ef08ac | RegionOne | keystone | identity | True | public | http://192.168.1.101:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
#查看目录列表
[root@srv1 ~(keystone)]# openstack catalog list
+----------+----------+-------------------------------------------+
| Name | Type | Endpoints |
+----------+----------+-------------------------------------------+
| keystone | identity | RegionOne |
| | | internal: http://192.168.1.101:5000/v3/ |
| | | RegionOne |
| | | admin: http://192.168.1.101:5000/v3/ |
| | | RegionOne |
| | | public: http://192.168.1.101:5000/v3/ |
| | | |
+----------+----------+-------------------------------------------+
# 添加glance账户,并定义其隶属于service租户,密码为servicepassword
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 9bba7fbed99e4301a92ed02a34c99f4a |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
# 授权glance账户为admin角色
[root@srv1 ~(keystone)]# openstack role add --project service --user glance admin
# 创建glance服务
[root@srv1 ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image service |
| enabled | True |
| id | 8a780cc7bc784e85bcafcadebe034027 |
| name | glance |
| type | image |
+-------------+----------------------------------+
# 创建glance endpoint的public、internal、admin信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image public http://192.168.1.101:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3adda7db76e54106b27ee450936279e7 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance |
| service_type | image |
| url | http://192.168.1.101:9292 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image internal http://192.168.1.101:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3dfb2787e2714007922dfd9306b1c3d7 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance |
| service_type | image |
| url | http://192.168.1.101:9292 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image admin http://192.168.10.11:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 34c426ddb1f84941b988c38573e13638 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance |
| service_type | image |
| url | http://192.168.10.11:9292 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
1) 安装Glance
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y
2) 配置Glance
(1) 配置Glance API
[root@node1 ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@node1 ~(keystone)]# vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[database]
connection = mysql+pymysql://glance:[email protected]/glance
# 定义连接keystone的信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword
[paste_deploy]
flavor = keystone
(2) 配置Glance Registry
[root@srv1 ~(keystone)]# mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"
...
...
...
INFO [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO [alembic.runtime.migration] Context impl MySQLImpl.
INFO [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.
[root@srv1 ~(keystone)]# systemctl enable --now openstack-glance-api openstack-glance-registry
[root@srv1 ~(keystone)]# cat /sys/module/kvm_intel/parameters/nested
[root@srv1 ~(keystone)]# cat /proc/cpuinfo | grep vmx
#下载本地服务器镜像
[root@srv1 mnt(keystone)]# curl -O http://192.168.1.254/repos/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-2207-02.iso
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
8 988M 8 988M 0 0 7602k 0 0:02:13 0:00:11 0:02:02 7622k
1) 安装KVM并设置桥接
[root@srv1 mnt(keystone)]# yum install qemu-kvm libvirt virt-install bridge-utils -y
[root@srv1 mnt(keystone)]# lsmod | grep kvm
kvm_intel 188793 0
kvm 653928 1 kvm_intel
irqbypass 13503 1 kvm
[root@srv1 mnt(keystone)]# systemctl enable --now libvirtd
#创建一个名为 "c7.img" 的qcow2格式镜像文件,并将其大小设置为5G,这个镜像文件可以用于创建和管理虚拟机。
[root@srv1 mnt(keystone)]# qemu-img create -f qcow2 /var/lib/libvirt/images/c7.img 5G
2) 安装实例
[root@srv1 ~(keystone)]# virt-install \
--name c7 \
--ram 1024 \
--disk path=/var/lib/libvirt/images/c7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location '/mnt/CentOS-7-x86_64-Minimal-2207-02.iso' \
--extra-args 'console=ttyS0,115200n8 serial'
注:不是X号的都需要进去调试
最小化安装完成回车重启
配置KVM用户名与云设置
CentOS Linux 7 (Core)
Kernel 3.10.0-1160.71.1.el7.x86_64 on an x86_64
lwj login: root
Password:
[root@lwj ~]# systemctl disable --now firewalld
[root@lwj ~]# vi /etc/sysconfig/selinux
SELINUX=disabled
[root@lwj ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0
删除UUID
[root@lwj ~]# yum install cloud-init -y
[root@lwj ~]# useradd snow
[root@lwj ~]# passwd snow
Changing password for user snow.
New password:
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password:
passwd: all authentication tokens updated successfully.
[root@lwj ~]# vi /etc/cloud/cloud.cfg
5 ssh_pwauth: 1
57 name: snow
58 lock_passwd: false
[root@lwj ~]# systemctl enable cloud-init sshd
[root@lwj ~]# poweroff
[root@srv1 mnt(keystone)]# openstack image create "c7" --file /var/lib/libvirt/images/c7.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 3dcc3a6d02c738ac66304a45b101e4e0 |
| container_format | bare |
| created_at | 2023-10-12T12:12:49Z |
| disk_format | qcow2 |
| file | /v2/images/e6876582-15ff-44df-b3ef-34ec424438a1/file |
| id | e6876582-15ff-44df-b3ef-34ec424438a1 |
| min_disk | 0 |
| min_ram | 0 |
| name | c7 |
| owner | 221b4ddca2a4482dbf169d45771b3c27 |
| protected | False |
| schema | /v2/schemas/image |
| size | 1832583168 |
| status | active |
| tags | |
| updated_at | 2023-10-12T12:13:05Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[root@srv1 mnt(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID | Name | Status |
+--------------------------------------+------+--------+
| e6876582-15ff-44df-b3ef-34ec424438a1 | c7 | active |
+--------------------------------------+------+--------+
[root@srv1 mnt(keystone)]# cd /var/lib/glance/images/
[root@srv1 images(keystone)]# ls
e6876582-15ff-44df-b3ef-34ec424438a1
[root@srv1 images(keystone)]# file e6876582-15ff-44df-b3ef-34ec424438a1
e6876582-15ff-44df-b3ef-34ec424438a1: QEMU QCOW Image (v3), 5368709120 bytes
[root@srv1 images(keystone)]# virsh list --all
Id Name State
----------------------------------------------------
- c7 shut off
[root@srv1 images(keystone)]# virsh undefine c7
Domain c7 has been undefined
[root@srv1 images(keystone)]# virsh list --all
Id Name State
----------------------------------------------------
[root@srv1 images(keystone)]# rm -rf /var/lib/libvirt/images/c7.img
[root@srv1 images(keystone)]# openstack image save --file c7.qcow2 c7
[root@srv1 images(keystone)]# ls
c7.qcow2 e6876582-15ff-44df-b3ef-34ec424438a1
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword nova
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 14a8b1c6d8e745ef86767614112af49f |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project service --user nova admin
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 7b0529346650470a83e27f9ecf52d8de |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name nova --description "OpenStack Compute service" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute service |
| enabled | True |
| id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name placement --description "OpenStack Compute Placement service" placement
+-------------+-------------------------------------+
| Field | Value |
+-------------+-------------------------------------+
| description | OpenStack Compute Placement service |
| enabled | True |
| id | 91c96fcb64484e74929f5247d9c7f20d |
| name | placement |
| type | placement |
+-------------+-------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute public http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | b340db6b089a4c68b0debbdb8067175a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute internal http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | fa70f77eb1f94ac286a04d46fd53832d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute admin http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field | Value |
+--------------+----------------------------------------------+
| enabled | True |
| id | 6b6d59429f6c478aba389051ff52b4a8 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| service_name | nova |
| service_type | compute |
| url | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement public http://192.168.1.101:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 5b7572cfd16842129efc3c9a09799cb6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.101:8778 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement internal http://192.168.1.101:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6cfc5c62f6434a369345f56482d2fda4 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.101:8778 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement admin http://192.168.1.101:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3fe84b02d2af4645ade2f9139b804a7c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement |
| service_type | placement |
| url | http://192.168.1.101:8778 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all privileges on nova_api.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create database nova_placement;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)
MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
1) 安装Nova
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova -y
# 使用openstack源自带的novnc工具
[root@srv1 ~(keystone)]# yum remove novnc -y
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens install openstack-nova -y
2) 配置Nova
[root@srv1 ~(keystone)]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
[DEFAULT]
# 定义本机IP
my_ip = 192.168.1.101
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova
# RabbitMQ所在位置
transport_url = rabbit://openstack:[email protected]
[api]
auth_strategy = keystone
# glance位置
[glance]
api_servers = http://192.168.1.101:9292
[oslo_concurrency]
lock_path = $state_path/tmp
# 定义连接数据库的信息
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
connection = mysql+pymysql://nova:[email protected]/nova
# 定义keystone信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword
[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword
[placement_database]
connection = mysql+pymysql://nova:[email protected]/nova_placement
[wsgi]
api_paste_config = /etc/nova/api-paste.ini
[root@srv1 ~(keystone)]# chmod 640 /etc/nova/nova.conf
[root@srv1 ~(keystone)]# chgrp nova /etc/nova/nova.conf
[root@srv1 ~(keystone)]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
# 于15行一下添加如下内容
Require all granted
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage api_db sync"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 map_cell0"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage db sync"
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
result = self._query(query)
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 create_cell --name cell1"
[root@srv1 ~(keystone)]# systemctl restart httpd
[root@srv1 ~(keystone)]# chown nova. /var/log/nova/nova-placement-api.log
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-api openstack-nova-consoleauth \
> openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | srv1 | internal | enabled | up | 2023-10-12T13:03:00.000000 |
| 2 | nova-conductor | srv1 | internal | enabled | up | 2023-10-12T13:03:01.000000 |
| 3 | nova-scheduler | srv1 | internal | enabled | up | 2023-10-12T13:03:02.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+
1) 确认KVM已经安装完毕
2) 安装Nova-Compute
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y
3) 配置VNC(便于后续直接通过浏览器控制实例)
# 于文档最后追加如下内容
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
......
......
......
......
......
......
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.1.101
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-compute
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | srv1 | internal | enabled | up | 2023-10-12T13:14:51.000000 |
| 2 | nova-conductor | srv1 | internal | enabled | up | 2023-10-12T13:14:51.000000 |
| 3 | nova-scheduler | srv1 | internal | enabled | up | 2023-10-12T13:14:52.000000 |
| 6 | nova-compute | srv1 | nova | enabled | up | 2023-10-12T13:14:50.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+
#网络节点192.168.1.102
#防火墙
#vim /etc/hosts
#同步网络时间
#安装依赖
[root@srv1 yum.repos.d]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
2) 在扩展的计算节点上安装KVM并启动
[root@srv2 ~]# yum install qemu-kvm libvirt virt-install bridge-utils -y
[root@srv2 ~]# lsmod | grep kvm
[root@srv2 ~]# systemctl enable --now libvirtd
3) 安装Nova-Compute
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y
4) 配置Nova Compute
[root@srv2 ~]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv2 ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.1.102
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova
transport_url = rabbit://openstack:[email protected]
[api]
auth_strategy = keystone
[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.1.102:6080/vnc_auto.html
[glance]
api_servers = http://192.168.1.102:9292
[oslo_concurrency]
lock_path = $state_path/tmp
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.102:5000
auth_url = http://192.168.1.102:5000
memcached_servers = 192.168.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword
[placement]
auth_url = http://192.168.1.102:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword
[wsgi]
api_paste_config = /etc/nova/api-paste.ini
[root@srv2 ~]# chmod 640 /etc/nova/nova.conf
[root@srv2 ~]# chgrp nova /etc/nova/nova.conf
6) 启动Nova Compute
[root@srv2 ~]# systemctl enable --now openstack-nova-compute
7) 确认
# 未添加扩展计算节点时
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | srv1 | internal | enabled | up | 2023-10-12T13:53:33.000000 |
| 2 | nova-conductor | srv1 | internal | enabled | up | 2023-10-12T13:53:33.000000 |
| 3 | nova-scheduler | srv1 | internal | enabled | up | 2023-10-12T13:53:33.000000 |
| 6 | nova-compute | srv1 | nova | enabled | up | 2023-10-12T13:53:32.000000 |
| 7 | nova-compute | srv2 | nova | enabled | up | 2023-10-12T13:53:32.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+
[root@srv1 ~(keystone)]# openstack project create --domain default --description "1000y Project" 1000y
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | 1000y Project |
| domain_id | default |
| enabled | True |
| id | 56a31c210f36466b80717dcb26f1cf2c |
| is_domain | False |
| name | 1000y |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack user create --domain default --project 1000y --password userpassword snow
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 56a31c210f36466b80717dcb26f1cf2c |
| domain_id | default |
| enabled | True |
| id | 067ee6c7f54c40dc802fce4a34397dfc |
| name | snow |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role create CloudUser
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 39ffc364b3e54fdfa097e97a8852b717 |
| name | CloudUser |
+-----------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project 1000y --user snow CloudUser
# 创建云实例所需的模板,名称为m1.small
[root@srv1 ~(keystone)]# openstack flavor create --id 0 --vcpus 1 --ram 2048 --disk 10 m1.small
+----------------------------+----------+
| Field | Value |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled | False |
| OS-FLV-EXT-DATA:ephemeral | 0 |
| disk | 10 |
| id | 0 |
| name | m1.small |
| os-flavor-access:is_public | True |
| properties | |
| ram | 2048 |
| rxtx_factor | 1.0 |
| swap | |
| vcpus | 1 |
+----------------------------+----------+
[root@srv1 ~(keystone)]# openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0 | m1.small | 2048 | 10 | 0 | 1 | True |
+----+----------+------+------+-----------+-------+-----------+
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| default_project_id | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id | default |
| enabled | True |
| id | 250a06bd443a41bbb58bb45e64440cc2 |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project service --user neutron admin
[root@srv1 ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking service |
| enabled | True |
| id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| name | neutron |
| type | network |
+-------------+----------------------------------+
# 设定endpoint信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network public http://192.168.1.101:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6e6b2b9c15f8479e8072a750b911ba01 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.101:9696 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network internal http://192.168.1.101:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 309a75f4209c4d8e80dda692cb3b644f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.101:9696 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network admin http://192.168.1.101:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | ca3c046a519e440ab6857c4c3895b693 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron |
| service_type | network |
| url | http://192.168.1.101:9696 |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password:
Welcome to the MariaDB monitor. Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye
1) 安装Neutron Service到控制节点
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron openstack-neutron-ml2 -y
2) 配置Neutron主配置文件
[root@srv1 ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv1 ~(keystone)]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
transport_url = rabbit://openstack:[email protected]
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword
[database]
connection = mysql+pymysql://neutron:[email protected]/neutron_ml2
[nova]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword
[oslo_concurrency]
lock_path = $state_path/tmp
[root@srv1 ~(keystone)]# chmod 640 /etc/neutron/neutron.conf
[root@srv1 ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf
3) 配置metadata_agent
[root@srv1 ~(keystone)]# vim /etc/neutron/metadata_agent.ini
# 修改22行,指定Nova AIP
nova_metadata_host = 192.168.1.101
# 取消34行注释,并指定共享秘钥
metadata_proxy_shared_secret = qyy_openstack
# 取消260行注释,并指定Memcache Server
memcache_servers = 192.168.1.101:11211
4) 配置ml2
[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,[ml2]区段下添加如下内容
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security
5) 配置nova
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段下添加如下内容
......
......
......
......
......
......
use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
......
# 于文件最后,添加Neutron认证信息及设定认证共享密码
[neutron]
auth_url = http://192.168.10.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack
6)启动Neutron
[root@srv1 ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@srv1 ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage \
> --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugin.ini upgrade head"
.....
.....
.....
.....
INFO [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks
INFO [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos
INFO [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port
INFO [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project
INFO [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA
INFO [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam
INFO [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies
INFO [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table
INFO [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding
INFO [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.
OK
[root@node1 ~(keystone)]# systemctl enable --now neutron-server neutron-metadata-agent
[root@node1 ~(keystone)]# systemctl restart openstack-nova-api
[root@srv1 ~(keystone)]# openstack network agent list
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| 339aaf32-0f12-428a-b7a2-15d9a1880d40 | Metadata agent | srv1 | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
[root@srv1 ~(keystone)]# openstack network service list
openstack: 'network service list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
network agent add network
network agent add router
network agent delete
network agent list
network agent remove network
network agent remove router
network agent set
network agent show
network auto allocated topology create
network auto allocated topology delete
network create
network delete
network flavor add profile
network flavor create
network flavor delete
network flavor list
network flavor profile create
network flavor profile delete
network flavor profile list
network flavor profile set
network flavor profile show
network flavor remove profile
network flavor set
network flavor show
network list
network log create
network log delete
network log list
network log set
network log show
network loggable resources list
network meter create
network meter delete
network meter list
network meter rule create
network meter rule delete
network meter rule list
network meter rule show
network meter show
network qos policy create
network qos policy delete
network qos policy list
network qos policy set
network qos policy show
network qos rule create
network qos rule delete
network qos rule list
network qos rule set
network qos rule show
network qos rule type list
network qos rule type show
network rbac create
network rbac delete
network rbac list
network rbac set
network rbac show
network segment create
network segment delete
network segment list
network segment set
network segment show
network service provider list
network set
network show
network subport list
network trunk create
network trunk delete
network trunk list
network trunk set
network trunk show
network trunk unset
network unset
endpoint add project
endpoint create
endpoint delete
endpoint list
endpoint remove project
endpoint set
endpoint show
1) 安装Neurton
[root@srv3 ~]# yum --enablerepo=centos-openstack-queens,epel install \
openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs -y
如果出现以下错误可以去别的有pki下这个rpm包传过来
获取 GPG 密钥失败:[Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud"
[root@srv1 ~(keystone)]# scp /etc/pki/rpm-gpg/* srv3:/etc/pki/rpm-gpg/
[root@srv3 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv3 ~]# chgrp neutron /etc/neutron/neutron.conf
3) 配置L3
[root@node3 ~]# vim /etc/neutron/l3_agent.ini
添加如下内容
16 interface_driver = openvswitch
4) 配置dhcp_agent
[root@node3 ~]# vim /etc/neutron/dhcp_agent.ini
添加如下内容
16 interface_driver = openvswitch
28 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
37 enable_isolated_metadata = true
5) 配置metadata_agent
[root@srv3 ~]# vim /etc/neutron/metadata_agent.ini
22 nova_metadata_host = 192.168.1.101
34 metadata_proxy_shared_secret = qyy_openstack
260 memcache_servers = 192.168.1.101:11211
6) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,添加所支持的驱动及相关信息
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security
7) 配置OVS
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行,如下内容
[securitygroup]
313 firewall_driver = openvswitch
318 enable_security_group = true
322 enable_ipset = true
1) 安装Neutron组件
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y
[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
254 firewall_driver = openvswitch
259 enable_security_group = true
263 enable_ipset = true
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
12 vif_plugging_isfatal = True
13 vif_plugging_timeout = 300
[root@srv1 ~(keystone)]# systemctl enable --now openvswitch
[root@srv1 ~(keystone)]# systemctl restart openstack-nova-compute
[root@srv1 ~(keystone)]# systemctl enable --now neutron-openvswitch-agent
[root@srv1 ~(keystone)]# openstack network agent list