Openstack部署

搭建基础环境

#网络

#防火墙

#用户用

#解析

#同步时间

实验角色

OpenStack01 OpenStack02 OpenStack03
192.168.1.101 192.168.1.102 192.168.1.103
srv1 srv2 srv3

同步时间

[root@srv1]# yum install chrony -y
[root@srv1]# vim /etc/chrony.conf
# 修改第3行,将NTP Server改为cn服务器
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst

# 修改第25行,允许本地其他服务器同步
allow 192.168.1.0/24

[root@srv1 ~]# systemctl restart chronyd
# 确认同步信息
[root@node1 ~]# chronyc sources -v

安装openstack源并修改为本地服务器源 

[root@srv1 ~]# yum install centos-release-openstack-queens -y
CentOS-Base.repo              CentOS-QEMU-EV.repo         epel.repo          remi-php54.repo  remi-php81.repo
CentOS-Ceph-Luminous.repo     CentOS-SCLo-scl.repo        epel-testing.repo  remi-php70.repo  remi.repo
CentOS-CR.repo                CentOS-SCLo-scl-rh.repo     remi-glpi91.repo   remi-php71.repo  remi-safe.repo
CentOS-Debuginfo.repo         CentOS-Sources.repo         remi-glpi92.repo   remi-php72.repo
CentOS-fasttrack.repo         CentOS-Storage-common.repo  remi-glpi93.repo   remi-php73.repo
CentOS-Media.repo             CentOS-Vault.repo           remi-glpi94.repo   remi-php74.repo
CentOS-OpenStack-queens.repo  CentOS-x86_64-kernel.repo   remi-modular.repo  remi-php80.repo
yum --enablerepo=centos-openstack-queens install mariadb-server -y

升级本地所有软件包

[root@srv1 ~]# yum update -y

安装MairaDB

[root@srv1 ~]# yum --enablerepo=centos-openstack-queens install mariadb-server -y

[root@srv1 ~]# vim /etc/my.cnf
#于[mysqld]区段最后添加如下内容
[mysqld]
character-set-server=utf8

[root@srv1 ~]# systemctl enable --now mariadb

[root@srv1 ~]# netstat -anptu | grep 3306
tcp6       0      0 :::3306                 :::*                    LISTEN      2459/mysqld      

# 密码设置为password
[root@srv1 ~]# mysql_secure_installation

安装及配置Memcached与RabbitMQ(缓存与消息队列)

[root@srv1 ~]# yum --enablerepo=epel install rabbitmq-server memcached -y
[root@srv1 ~]# systemctl enable --now rabbitmq-server memcached

#在RabbitMQ中添加一个新用户,用户名为 "openstack",密码为 "password"。
[root@srv1 ~]# rabbitmqctl add_user openstack password
Creating user "openstack"

#为用户 "openstack" 设置权限。其中,".*" 参数表示获取了读、写配置,所有消息队列和交换机权限
[root@srv1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"

[root@srv1 ~]# netstat -anptu | grep 5672
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      2691/beam.smp       
tcp6       0      0 :::5672                 :::*                    LISTEN      2691/beam.smp       
[root@srv1 ~]# netstat -anptu | grep 11211
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2727/memcached      
tcp6       0      0 ::1:11211               :::*                    LISTEN      2727/memcached     

添加数据库keystone用户并赋予权限

[root@srv1 ~]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> exit
Bye

安装keystone先安装python以来否则出现以下错误

============================================错误汇总============================================
1. 出现以下错误:
Error: Package: python2-pyngus-2.3.0-1.el7.noarch (epel)
           Requires: python2-qpid-proton >= 0.28.0

2.解决方法
[root@srv1 ~]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
============================================汇总结束============================================

[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y

配置keystone

[root@node1 ~]# vim /etc/keystone/keystone.conf
# 修改605行,指定Memcached的信息
memcache_servers = 192.168.11.101:11211

# 修改737行,指定数据库相关信息
connection = mysql+pymysql://keystone:[email protected]/keystone

# 于[token],添加2879行内容
[token]
provider = fernet

# 同步数据库
[root@node1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"

# 初始化秘钥(生成令牌加密)
[root@node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# bootstrap keystone
[root@node1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \ 
--bootstrap-admin-url http://192.168.1.101:5000/v3/ \
--bootstrap-internal-url http://192.168.1.101:5000/v3/ \
--bootstrap-public-url http://192.168.1.101:5000/v3/ \
--bootstrap-region-id RegionOne

#设置管理员用户admin的密码为
#设置管理员用户admin的管理员URL,用于管理Keystone服务。
#设置管理员用户admin的内部URL,用于Keystone服务内部组件之间的通信。
#设置管理员用户admin的公共URL,用于对外提供服务的接口。
#设置Keystone的区域ID为 "RegionOne"。

在Apache上配置Keystone

[root@srv1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@srv1 ~]# systemctl enable --now httpd

[root@srv1 ~(keystone)]# netstat -lantp | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      10137/httpd         
[root@srv1 ~(keystone)]# netstat -lantp | grep 35357
tcp6       0      0 :::35357                :::*                    LISTEN      10137/httpd   

设定Keystone Shell环境及创建租户

设定环境
[root@srv1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '

#设置项目域名为 "default",用于指定项目所属的域。
#设置用户域名为 "default",用于指定用户所属的域。
#设置项目名称为 "admin",表示要操作的项目为 "admin"。
#设置用户名为 "admin",表示要使用的用户名为 "admin"。
#设置密码为 "adminpassword",用于进行身份验证。
#设置认证URL为 "http://192.168.1.101:5000/v3",用于身份验证和访问OpenStack服务。
#设置身份验证API版本为 "3",表示要使用OpenStack标识服务的API版本。
#设置镜像API版本为 "2",表示要使用OpenStack镜像服务的API版本。
#设置命令行提示符的格式。在提示符中显示当前用户名、主机名和当前工作目录,并指示当前环境为 "keystone"。

[root@srv1 ~]# chmod 600 ~/keystonerc
[root@srv1 ~]# source ~/keystonerc
[root@srv1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile

#执行~/keystonerc文件中的环境变量导入当前会话。keystonerc文件通常包含了OpenStack客户端命令行工具所需的各种环境变量,如认证信息、API版本等。
#将source ~/keystonerc命令添加到当前用户的~/.bash_profile文件中。这样,在每次用户登录时,~/.bash_profile文件中的内容会被执行,从而自动加载OpenStack客户端的环境变量设置。

创建租户并验证

#用于创建一个名为 "service" 的项目(Project),并将其关联到默认的域(Domain)中。
[root@srv1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

#查看当前OpenStack环境中所有项目的概览信息
[root@srv1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 045c8b0eb3e04e329f2fd1b0b0e8d164 | service |
| 221b4ddca2a4482dbf169d45771b3c27 | admin   |
+----------------------------------+---------+

#用于显示admin的详细信息/admin是要显示详细信息的项目的名称或ID。
[root@srv1 ~(keystone)]# openstack project show admin
+-------------+-----------------------------------------------+
| Field       | Value                                         |
+-------------+-----------------------------------------------+
| description | Bootstrap project for initializing the cloud. |
| domain_id   | default                                       |
| enabled     | True                                          |
| id          | 221b4ddca2a4482dbf169d45771b3c27              |
| is_domain   | False                                         |
| name        | admin                                         |
| parent_id   | default                                       |
| tags        | []                                            |
+-------------+-----------------------------------------------+

#查看用户列表
[root@srv1 ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 63948f840014441fa5b6dbf032e13104 | admin |
+----------------------------------+-------+

#查看终端列表
[root@srv1 ~(keystone)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 4be9ebda8f83471fa59f389f9512f485 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.1.101:5000/v3/ |
| 6db3f9752db5432ab5e36b0a70eca23d | RegionOne | keystone     | identity     | True    | admin     | http://192.168.1.101:5000/v3/ |
| 74c7fc497a8e462bb0c2be1af0ef08ac | RegionOne | keystone     | identity     | True    | public    | http://192.168.1.101:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+

#查看目录列表
[root@srv1 ~(keystone)]# openstack catalog list
+----------+----------+-------------------------------------------+
| Name     | Type     | Endpoints                                 |
+----------+----------+-------------------------------------------+
| keystone | identity | RegionOne                                 |
|          |          |   internal: http://192.168.1.101:5000/v3/ |
|          |          | RegionOne                                 |
|          |          |   admin: http://192.168.1.101:5000/v3/    |
|          |          | RegionOne                                 |
|          |          |   public: http://192.168.1.101:5000/v3/   |
|          |          |                                           |
+----------+----------+-------------------------------------------+

添加及配置Glance用户及设定endpoint信息

# 添加glance账户,并定义其隶属于service租户,密码为servicepassword
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9bba7fbed99e4301a92ed02a34c99f4a |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# 授权glance账户为admin角色
[root@srv1 ~(keystone)]# openstack role add --project service --user glance admin

# 创建glance服务
[root@srv1 ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image service          |
| enabled     | True                             |
| id          | 8a780cc7bc784e85bcafcadebe034027 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

# 创建glance endpoint的public、internal、admin信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image public http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3adda7db76e54106b27ee450936279e7 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.1.101:9292        |
+--------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image internal http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3dfb2787e2714007922dfd9306b1c3d7 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.1.101:9292        |
+--------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image admin http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 34c426ddb1f84941b988c38573e13638 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

设定Glance数据库

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

安装及配置Glance

1) 安装Glance
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y

2) 配置Glance
(1) 配置Glance API
[root@node1 ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@node1 ~(keystone)]# vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[database]
connection = mysql+pymysql://glance:[email protected]/glance

# 定义连接keystone的信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword

[paste_deploy]
flavor = keystone
(2) 配置Glance Registry
[root@srv1 ~(keystone)]# mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-registry.conf

[root@srv1 ~(keystone)]# chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"
...
...
...
INFO  [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.

[root@srv1 ~(keystone)]# systemctl enable --now openstack-glance-api openstack-glance-registry
[root@srv1 ~(keystone)]# cat /sys/module/kvm_intel/parameters/nested 
[root@srv1 ~(keystone)]# cat /proc/cpuinfo | grep vmx

创建实例并将实例,并将镜像注册至Glance中

#下载本地服务器镜像
[root@srv1 mnt(keystone)]# curl -O http://192.168.1.254/repos/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-2207-02.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  8  988M    8 988M    0     0  7602k      0  0:02:13  0:00:11  0:02:02 7622k

1) 安装KVM并设置桥接
[root@srv1 mnt(keystone)]# yum install qemu-kvm libvirt virt-install bridge-utils -y

[root@srv1 mnt(keystone)]# lsmod | grep kvm
kvm_intel             188793  0 
kvm                   653928  1 kvm_intel
irqbypass              13503  1 kvm
[root@srv1 mnt(keystone)]# systemctl enable --now libvirtd

#创建一个名为 "c7.img" 的qcow2格式镜像文件,并将其大小设置为5G,这个镜像文件可以用于创建和管理虚拟机。
[root@srv1 mnt(keystone)]# qemu-img create -f qcow2 /var/lib/libvirt/images/c7.img 5G

2) 安装实例
[root@srv1 ~(keystone)]# virt-install \
--name c7 \
--ram 1024 \
--disk path=/var/lib/libvirt/images/c7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location '/mnt/CentOS-7-x86_64-Minimal-2207-02.iso' \
--extra-args 'console=ttyS0,115200n8 serial'

根据提示安装 

注:不是X号的都需要进去调试

最小化安装完成回车重启

配置KVM用户名与云设置

CentOS Linux 7 (Core)
Kernel 3.10.0-1160.71.1.el7.x86_64 on an x86_64

lwj login: root
Password: 
[root@lwj ~]# systemctl disable --now firewalld
[root@lwj ~]# vi /etc/sysconfig/selinux 
SELINUX=disabled

[root@lwj ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 
删除UUID

[root@lwj ~]# yum install cloud-init -y

[root@lwj ~]# useradd snow
[root@lwj ~]# passwd snow
Changing password for user snow.
New password: 
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password: 
passwd: all authentication tokens updated successfully.

[root@lwj ~]# vi /etc/cloud/cloud.cfg
      5 ssh_pwauth:   1
     57     name: snow
     58     lock_passwd: false
[root@lwj ~]# systemctl enable cloud-init sshd
[root@lwj ~]# poweroff

删除虚拟机

[root@srv1 mnt(keystone)]# openstack image create "c7" --file /var/lib/libvirt/images/c7.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | 3dcc3a6d02c738ac66304a45b101e4e0                     |
| container_format | bare                                                 |
| created_at       | 2023-10-12T12:12:49Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/e6876582-15ff-44df-b3ef-34ec424438a1/file |
| id               | e6876582-15ff-44df-b3ef-34ec424438a1                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | c7                                                   |
| owner            | 221b4ddca2a4482dbf169d45771b3c27                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 1832583168                                           |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2023-10-12T12:13:05Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
 

[root@srv1 mnt(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID                                   | Name | Status |
+--------------------------------------+------+--------+
| e6876582-15ff-44df-b3ef-34ec424438a1 | c7   | active |
+--------------------------------------+------+--------+

[root@srv1 mnt(keystone)]# cd /var/lib/glance/images/
[root@srv1 images(keystone)]# ls
e6876582-15ff-44df-b3ef-34ec424438a1
[root@srv1 images(keystone)]# file e6876582-15ff-44df-b3ef-34ec424438a1
e6876582-15ff-44df-b3ef-34ec424438a1: QEMU QCOW Image (v3), 5368709120 bytes
[root@srv1 images(keystone)]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     c7                             shut off

[root@srv1 images(keystone)]# virsh undefine c7
Domain c7 has been undefined

[root@srv1 images(keystone)]# virsh list --all
 Id    Name                           State
----------------------------------------------------

[root@srv1 images(keystone)]# rm -rf /var/lib/libvirt/images/c7.img 

下载虚拟机

[root@srv1 images(keystone)]# openstack image save --file c7.qcow2 c7
[root@srv1 images(keystone)]# ls
c7.qcow2  e6876582-15ff-44df-b3ef-34ec424438a1

Openstack配置手册-Nova配置

添加Nova账户并注册至Keystone

[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 14a8b1c6d8e745ef86767614112af49f |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project service --user nova admin
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword placement
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 7b0529346650470a83e27f9ecf52d8de |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name nova --description "OpenStack Compute service" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute service        |
| enabled     | True                             |
| id          | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name placement --description "OpenStack Compute Placement service" placement
+-------------+-------------------------------------+
| Field       | Value                               |
+-------------+-------------------------------------+
| description | OpenStack Compute Placement service |
| enabled     | True                                |
| id          | 91c96fcb64484e74929f5247d9c7f20d    |
| name        | placement                           |
| type        | placement                           |
+-------------+-------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute public http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | b340db6b089a4c68b0debbdb8067175a             |
| interface    | public                                       |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute internal http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | fa70f77eb1f94ac286a04d46fd53832d             |
| interface    | internal                                     |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute admin http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | 6b6d59429f6c478aba389051ff52b4a8             |
| interface    | admin                                        |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement public http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5b7572cfd16842129efc3c9a09799cb6 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement internal http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6cfc5c62f6434a369345f56482d2fda4 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement admin http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3fe84b02d2af4645ade2f9139b804a7c |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+

设置Nova数据库

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_api.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> grant all privileges on nova_api.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database nova_placement;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

安装及配置Nova

1) 安装Nova
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova -y

# 使用openstack源自带的novnc工具
[root@srv1 ~(keystone)]# yum remove novnc -y
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens install openstack-nova -y

2) 配置Nova
[root@srv1 ~(keystone)]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
[DEFAULT]
# 定义本机IP
my_ip = 192.168.1.101
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova

# RabbitMQ所在位置
transport_url = rabbit://openstack:[email protected]

[api]
auth_strategy = keystone

# glance位置
[glance]
api_servers = http://192.168.1.101:9292

[oslo_concurrency]
lock_path = $state_path/tmp

# 定义连接数据库的信息
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api

[database]
connection = mysql+pymysql://nova:[email protected]/nova

# 定义keystone信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword

[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword

[placement_database]
connection = mysql+pymysql://nova:[email protected]/nova_placement

[wsgi]
api_paste_config = /etc/nova/api-paste.ini


[root@srv1 ~(keystone)]# chmod 640 /etc/nova/nova.conf
[root@srv1 ~(keystone)]# chgrp nova /etc/nova/nova.conf
[root@srv1 ~(keystone)]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
# 于15行一下添加如下内容
  
    Require all granted
  

同步数据库并启动Nova相关服务

[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage api_db sync"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 map_cell0"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage db sync"
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 create_cell --name cell1"
[root@srv1 ~(keystone)]# systemctl restart httpd
[root@srv1 ~(keystone)]# chown nova. /var/log/nova/nova-placement-api.log
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-api openstack-nova-consoleauth \
> openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:03:00.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:03:01.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:03:02.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+
1) 确认KVM已经安装完毕

2) 安装Nova-Compute
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y

3) 配置VNC(便于后续直接通过浏览器控制实例)
# 于文档最后追加如下内容
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
......
......
......
......
......
......

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.1.101
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html

启动并验证Nova-Compute

[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-compute
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:14:51.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:14:51.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:14:52.000000 |
|  6 | nova-compute     | srv1 | nova     | enabled | up    | 2023-10-12T13:14:50.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+

添加扩展节点配置openstack2服务器

#网络节点192.168.1.102

#防火墙

#vim /etc/hosts

#同步网络时间

#安装依赖

[root@srv1 yum.repos.d]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
2) 在扩展的计算节点上安装KVM并启动
[root@srv2 ~]# yum install qemu-kvm libvirt virt-install bridge-utils  -y
[root@srv2 ~]# lsmod | grep kvm
[root@srv2 ~]# systemctl enable --now libvirtd

3) 安装Nova-Compute
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y

4) 配置Nova Compute
[root@srv2 ~]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv2 ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.1.102
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova

transport_url = rabbit://openstack:[email protected]

[api]
auth_strategy = keystone

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.1.102:6080/vnc_auto.html 

[glance]
api_servers = http://192.168.1.102:9292

[oslo_concurrency]
lock_path = $state_path/tmp

[keystone_authtoken]
www_authenticate_uri = http://192.168.1.102:5000
auth_url = http://192.168.1.102:5000
memcached_servers = 192.168.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword

[placement]
auth_url = http://192.168.1.102:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword

[wsgi]
api_paste_config = /etc/nova/api-paste.ini

[root@srv2 ~]# chmod 640 /etc/nova/nova.conf
[root@srv2 ~]# chgrp nova /etc/nova/nova.conf
6) 启动Nova Compute
[root@srv2 ~]# systemctl enable --now openstack-nova-compute
7) 确认
# 未添加扩展计算节点时
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  6 | nova-compute     | srv1 | nova     | enabled | up    | 2023-10-12T13:53:32.000000 |
|  7 | nova-compute     | srv2 | nova     | enabled | up    | 2023-10-12T13:53:32.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+

Openstack配置手册-添加一个租户

[root@srv1 ~(keystone)]# openstack project create --domain default --description "1000y Project" 1000y
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | 1000y Project                    |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 56a31c210f36466b80717dcb26f1cf2c |
| is_domain   | False                            |
| name        | 1000y                            |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack user create --domain default --project 1000y --password userpassword snow
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 56a31c210f36466b80717dcb26f1cf2c |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 067ee6c7f54c40dc802fce4a34397dfc |
| name                | snow                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack role create CloudUser
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 39ffc364b3e54fdfa097e97a8852b717 |
| name      | CloudUser                        |
+-----------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project 1000y --user snow CloudUser

# 创建云实例所需的模板,名称为m1.small
[root@srv1 ~(keystone)]# openstack flavor create --id 0 --vcpus 1 --ram 2048 --disk 10 m1.small
+----------------------------+----------+
| Field                      | Value    |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled   | False    |
| OS-FLV-EXT-DATA:ephemeral  | 0        |
| disk                       | 10       |
| id                         | 0        |
| name                       | m1.small |
| os-flavor-access:is_public | True     |
| properties                 |          |
| ram                        | 2048     |
| rxtx_factor                | 1.0      |
| swap                       |          |
| vcpus                      | 1        |
+----------------------------+----------+

[root@srv1 ~(keystone)]# openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name     |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0  | m1.small | 2048 |   10 |         0 |     1 | True      |
+----+----------+------+------+-----------+-------+-----------+

添加Neutron用户并注册至Keystone中

[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 250a06bd443a41bbb58bb45e64440cc2 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+


[root@srv1 ~(keystone)]# openstack role add --project service --user neutron admin
[root@srv1 ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking service     |
| enabled     | True                             |
| id          | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

# 设定endpoint信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network public http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6e6b2b9c15f8479e8072a750b911ba01 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+


[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network internal http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 309a75f4209c4d8e80dda692cb3b644f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+


[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network admin http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ca3c046a519e440ab6857c4c3895b693 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+

添加Neutron数据库信息

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

在控制节点安装srv1及配置Neutron

1) 安装Neutron Service到控制节点
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron openstack-neutron-ml2  -y

2) 配置Neutron主配置文件
[root@srv1 ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv1 ~(keystone)]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

transport_url = rabbit://openstack:[email protected]

[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword

[database]
connection = mysql+pymysql://neutron:[email protected]/neutron_ml2

[nova]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword

[oslo_concurrency]
lock_path = $state_path/tmp

[root@srv1 ~(keystone)]# chmod 640 /etc/neutron/neutron.conf
[root@srv1 ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf

3) 配置metadata_agent
[root@srv1 ~(keystone)]# vim /etc/neutron/metadata_agent.ini
# 修改22行,指定Nova AIP
nova_metadata_host = 192.168.1.101

# 取消34行注释,并指定共享秘钥
metadata_proxy_shared_secret = qyy_openstack

# 取消260行注释,并指定Memcache Server
memcache_servers = 192.168.1.101:11211


4) 配置ml2
[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,[ml2]区段下添加如下内容
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security

5) 配置nova
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段下添加如下内容
......
......
......
......
......
......

use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

......

# 于文件最后,添加Neutron认证信息及设定认证共享密码
[neutron]
auth_url = http://192.168.10.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack
6)启动Neutron
[root@srv1 ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

[root@srv1 ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage \
> --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugin.ini upgrade head"

.....
.....
.....
.....

INFO  [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks
INFO  [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos
INFO  [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port
INFO  [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.
  OK

[root@node1 ~(keystone)]# systemctl enable --now neutron-server neutron-metadata-agent
[root@node1 ~(keystone)]# systemctl restart openstack-nova-api
[root@srv1 ~(keystone)]# openstack network agent list
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| ID                                   | Agent Type     | Host | Availability Zone | Alive | State | Binary                 |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| 339aaf32-0f12-428a-b7a2-15d9a1880d40 | Metadata agent | srv1 | None              | :-)   | UP    | neutron-metadata-agent |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
[root@srv1 ~(keystone)]# openstack network service list
openstack: 'network service list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
  network agent add network
  network agent add router
  network agent delete
  network agent list
  network agent remove network
  network agent remove router
  network agent set
  network agent show
  network auto allocated topology create
  network auto allocated topology delete
  network create
  network delete
  network flavor add profile
  network flavor create
  network flavor delete
  network flavor list
  network flavor profile create
  network flavor profile delete
  network flavor profile list
  network flavor profile set
  network flavor profile show
  network flavor remove profile
  network flavor set
  network flavor show
  network list
  network log create
  network log delete
  network log list
  network log set
  network log show
  network loggable resources list
  network meter create
  network meter delete
  network meter list
  network meter rule create
  network meter rule delete
  network meter rule list
  network meter rule show
  network meter show
  network qos policy create
  network qos policy delete
  network qos policy list
  network qos policy set
  network qos policy show
  network qos rule create
  network qos rule delete
  network qos rule list
  network qos rule set
  network qos rule show
  network qos rule type list
  network qos rule type show
  network rbac create
  network rbac delete
  network rbac list
  network rbac set
  network rbac show
  network segment create
  network segment delete
  network segment list
  network segment set
  network segment show
  network service provider list
  network set
  network show
  network subport list
  network trunk create
  network trunk delete
  network trunk list
  network trunk set
  network trunk show
  network trunk unset
  network unset
  endpoint add project
  endpoint create
  endpoint delete
  endpoint list
  endpoint remove project
  endpoint set
  endpoint show

在网络节点[srv3]配置Neutron

1) 安装Neurton
[root@srv3 ~]# yum --enablerepo=centos-openstack-queens,epel install \
openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs -y

如果出现以下错误可以去别的有pki下这个rpm包传过来
获取 GPG 密钥失败:[Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud"
[root@srv1 ~(keystone)]# scp /etc/pki/rpm-gpg/* srv3:/etc/pki/rpm-gpg/

[root@srv3 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv3 ~]# chgrp neutron /etc/neutron/neutron.conf
3) 配置L3
[root@node3 ~]# vim /etc/neutron/l3_agent.ini
添加如下内容
 16 interface_driver = openvswitch

4) 配置dhcp_agent
[root@node3 ~]# vim /etc/neutron/dhcp_agent.ini
添加如下内容
 16 interface_driver = openvswitch
 28 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
 37 enable_isolated_metadata = true

5) 配置metadata_agent
[root@srv3 ~]# vim /etc/neutron/metadata_agent.ini
 22 nova_metadata_host = 192.168.1.101
 34 metadata_proxy_shared_secret = qyy_openstack
260 memcache_servers = 192.168.1.101:11211

6) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,添加所支持的驱动及相关信息
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security

7) 配置OVS
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行,如下内容
[securitygroup]
313 firewall_driver = openvswitch
318 enable_security_group = true
322 enable_ipset = true

计算节点配置Neutron

1) 安装Neutron组件
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y

[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
254 firewall_driver = openvswitch
259 enable_security_group = true
263 enable_ipset = true

[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
 12 vif_plugging_isfatal = True
 13 vif_plugging_timeout = 300

[root@srv1 ~(keystone)]# systemctl enable --now openvswitch
[root@srv1 ~(keystone)]# systemctl restart openstack-nova-compute
[root@srv1 ~(keystone)]# systemctl enable --now neutron-openvswitch-agent

[root@srv1 ~(keystone)]# openstack network agent list

你可能感兴趣的:(openstack)