MappleZF

Centos 7 部署 OpenStack_Rocky版高可用集群3-2

文章目录

Centos 7 部署 OpenStack_Rocky版高可用集群3-2
- 8、部署glance-镜像服务
- - - 8.1 配置MariaDB数据库中的glance用户和权限等
    - 8.2 创建glance api
    - 8.3 安装glance程序
    - 8.3 配置glance-api.conf程序配置文件(三个控制节点全操作cont01,cont02.cont03)
    - 8.4 配置glance-registry.conf程序配置文件(三个控制节点全操作cont01,cont02.cont03)
    - 8.5 同步glance数据库(任意控制节点操作即可)
    - 8.6 启动glance服务
    - 8.7 测试镜像
    - 8.7 设置PCS资源
- 9、 Nova控制节点集群
- - - 9.1 创建Nova相关数据库（任意控制节点操作即可）
    - 9.2 创建nova/placement-api（任意控制节点操作即可）
    - 9.3 安装Nova服务(在全部控制节点安装nova相关服务)
    - 9.4 配置nova.conf(在全部控制节点安装nova相关服务)
    - 9.5 配置00-nova-placement-api.conf
    - 9.6 同步nova相关数据库（任意控制节点操作）
    - 9.6 启动nova服务（所有控制节点操作cont01 cont02 cont03）
    - 9.7 验证
    - 9.8 部署 Nova计算节点（部署计算节点上comp01、comp02、comp03）
    - 9.10 计算节点和直接ssh免密认证
    - 9.11 配置计算节点的配置nova.conf
    - 9.12 启动计算节点服务在comp01 comp02 comp03上执行
    - 9.13 向cell数据库添加计算节点（在任意控制节点操作）
- 10、 Neutron控制/网络节点集群
- - - 10.1 创建neutron数据库（在任意控制节点创建数据库，后台数据自动同步）
    - 10.2 创建neutron用户、赋权、服务实体
    - 10.3 创建neutron-api
    - 10.4 部署Neutron (在所有控制节点上安装)
    - - 10.4.1 安装Neutron程序
      - 10.4.2 配置neutron.conf
      - 10.4.3 配置ml2_conf.ini （在全部控制节点操作）
      - 10.4.4 配置 openvswitch （在全部控制节点操作）
      - 10.4.5 配置l3_agent.ini（self-networking）（在全部控制节点操作 cont01 cont02 cont03）
      - 10.4.6 配置dhcp_agent.ini （在全部控制节点操作 cont01 cont02 cont03）
      - 10.4.7 配置metadata_agent.ini （在全部控制节点操作 cont01 cont02 cont03）
      - 10.4.8 配置nova.conf （在全部控制节点操作 cont01 cont02 cont03）
      - 10.4.9 建立软链接（在全部控制节点操作 cont01 cont02 cont03）
      - 10.4.10 同步neutron数据库并验证 (任意控制节点操作)
      - 10.4.11 重启nova服务并启动neutron服务（在全部控制节点操作 cont01 cont02 cont03）
      - 10.4.12 设置PCS资源（在任意控制节点操作 cont01 cont02 cont03）
      - 10.4.13.1 OVS命令（三网卡）
      - 10.4.13 验证
      - 10.4.14 Open vSwitch网络概念补充
      - 10.4.15 namespace知识补充
      - 10.4.16 获取dhcp IP过程分析知识补充
    - 10.5 部署计算节点上的Neutron
    - - 10.5.1 安装openstack-neutron-openvswitch服务(所有计算节点上安装)
      - 10.5.2 配置neutron.conf(所有计算节点上安装)
      - 10.5.3 配置openvswitch_agent.ini (所有计算节点上安装)
      - 10.5.4 配置 nova.conf (所有计算节点上安装)
      - 10.5.5 重启nova服务并启动neutron服务（在全部计算节点操作 comp01 comp02 comp03）
      - 10.5.6 验证

8、部署glance-镜像服务

8.1 配置MariaDB数据库中的glance用户和权限等

注：由于是集群，所以只要在一个控制节点上创建即可
[root@cont02:/root]# mysql -uroot -p"typora#2019"
MariaDB [(none)]> CREATE DATABASE glance;
Query OK, 1 row affected (0.009 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_typora';
Query OK, 0 rows affected (0.010 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_typora';
Query OK, 0 rows affected (0.010 sec)

MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
Bye

8.2 创建glance api

[root@cont02:/root]# source openrc 
[root@cont02:/root]# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 02c1960ba4c44f46b7152c0a7e52fdba | admin  |
| 61c06b9891a64e68b87d84dbcec5e9ac | myuser |
+----------------------------------+--------+
//创建glance用户
[root@cont02:/root]# openstack user create --domain default --password=glance_typora glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 34c34fe5d78e4f39bfd63f82ad989585 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
//glance用户赋权（为glance用户赋予admin权限）
[root@cont02:/root]# openstack role add --project service --user glance admin
//创建glacne服务实体
[root@cont02:/root]# openstack service create --name glance --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | 369d083b4a094c1fb57e189d54305ea9 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
//创建glance-api 
注：--region与初始化admin用户时生成的region一致；api地址统一采用VIP，服务类型为image
[root@cont02:/root]# openstack endpoint create --region RegionOne image public http://VirtualIP:9293
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3df1aef87c1a4f069e9742486f200c18 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 369d083b4a094c1fb57e189d54305ea9 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://VirtualIP:9293            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne image internal http://VirtualIP:9293
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b7b0084313744b8a91a142b1221e0443 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 369d083b4a094c1fb57e189d54305ea9 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://VirtualIP:9293            |
+--------------+----------------------------------+

[root@cont02:/root]#  openstack endpoint create --region RegionOne image admin http://VirtualIP:9293
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e137861e214c46ed898a751db74cb70a |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 369d083b4a094c1fb57e189d54305ea9 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://VirtualIP:9293            |
+--------------+----------------------------------+
[root@cont01:/root]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+----
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                       |
+----------------------------------+-----------+--------------+--------------+---------+----
| 2e109052bb4a4affa30fe3b9e3e5fcc3 | RegionOne | keystone     | identity     | True    | internal  | http://VirtualIP:5001/v3/ |
| 40e4fa83731d4933afe694481b5e0464 | RegionOne | glance       | image        | True    | admin     | http://VirtualIP:9293     |
| 8ddb366df7e94af9af298b5f11774fb4 | RegionOne | keystone     | identity     | True    | admin     | http://VirtualIP:5001/v3/ |
| a592cb41c0bb424c9817633ed1946b45 | RegionOne | keystone     | identity     | True    | public    | http://VirtualIP:5001/v3/ |
| b7b0084313744b8a91a142b1221e0443 | RegionOne | glance       | image        | True    | internal  | http://VirtualIP:9293     |
| fdb2cdadfb7544abad1f216ca719f478 | RegionOne | glance       | image        | True    | public    | http://VirtualIP:9293     |
+----------------------------------+-----------+--------------+--------------+---------+----

8.3 安装glance程序

[root@cont01:/root]# yum install openstack-glance -y
[root@cont02:/root]# yum install openstack-glance -y
[root@cont03:/root]# yum install openstack-glance -y

8.3 配置glance-api.conf程序配置文件(三个控制节点全操作cont01,cont02.cont03)

[root@cont01:/etc/glance]# cp -p /etc/glance/glance-api.conf{,.bak}
[root@cont02:/root]# cp -p /etc/glance/glance-api.conf{,.bak}
[root@cont03:/root]# cp -p /etc/glance/glance-api.conf{,.bak}

[root@cont01:/etc/glance]# vim glance-api.conf
   1 [DEFAULT]
   2 enable_v1_api = false
 730 bind_host = 192.168.10.21
1882 [database]
1883 connection = mysql+pymysql://glance:GLANCE_typora@VirtualIP:3307/glance
2006 [glance_store]
2007 stores = file,http
2008 default_store = file
2009 filesystem_store_datadir = /var/lib/glance/images/
3473 [keystone_authtoken]
3474 www_authenticate_uri  = http://VirtualIP:5001
3475 auth_url = http://VirtualIP:5001
3476 memcached_servers = cont01:11211,cont02:11211,cont03:11211
3477 auth_type = password
3478 project_domain_name = Default
3479 user_domain_name = Default
3480 project_name = service
3481 username = glance
3482 password = glance_typora
4398 [paste_deploy]
4399 flavor = keystone
//注： /var/lib/glance/images是默认的存储目录
[root@cont02:/root]# vim /etc/glance/glance-api.conf
   1 [DEFAULT]
   2 enable_v1_api = false
 730 bind_host = 192.168.10.22
1882 [database]
1883 connection = mysql+pymysql://glance:GLANCE_typora@VirtualIP:3307/glance
2006 [glance_store]
2007 stores = file,http
2008 default_store = file
2009 filesystem_store_datadir = /var/lib/glance/images/
3473 [keystone_authtoken]
3474 www_authenticate_uri  = http://VirtualIP:5001
3475 auth_url = http://VirtualIP:5001
3476 memcached_servers = cont01:11211,cont02:11211,cont03:11211
3477 auth_type = password
3478 project_domain_name = Default
3479 user_domain_name = Default
3480 project_name = service
3481 username = glance
3482 password = glance_typora
4398 [paste_deploy]
4399 flavor = keystone

[root@cont03:/root]# vim /etc/glance/glance-api.conf
   1 [DEFAULT]
   2 enable_v1_api = false
 730 bind_host = 192.168.10.23
1882 [database]
1883 connection = mysql+pymysql://glance:GLANCE_typora@VirtualIP:3307/glance
2006 [glance_store]
2007 stores = file,http
2008 default_store = file
2009 filesystem_store_datadir = /var/lib/glance/images/
3473 [keystone_authtoken]
3474 www_authenticate_uri  = http://VirtualIP:5001
3475 auth_url = http://VirtualIP:5001
3476 memcached_servers = cont01:11211,cont02:11211,cont03:11211
3477 auth_type = password
3478 project_domain_name = Default
3479 user_domain_name = Default
3480 project_name = service
3481 username = glance
3482 password = glance_typora
4398 [paste_deploy]
4399 flavor = keystone

//查看[root@cont0$:/root]# egrep -v "^#|^$" /etc/glance/glance-api.conf

配置Ceph为glance****镜像的后端存储（节后参考）

编辑/etc/glance/glance-api.conf

[glance_store]

stores = rbd

default_store = rbd

rbd_store_pool = images

rbd_store_user = glance

rbd_store_ceph_conf = /etc/ceph/ceph.conf

rbd_store_chunk_size = 8

如果你想允许用image的写时复制克隆，再添加下列内容到[DEFAULT]段下：

show_image_direct_url = True

建议把如下属性也加上，加到[default]下：

hw_scsi_model=virtio-scsi #添加 virtio-scsi 控制器以获得更好的性能、并支持 discard 操作

hw_disk_bus=scsi #把所有 cinder 块设备都连到这个控制器；

hw_qemu_guest_agent=yes #启用 QEMU guest agent （访客代理）

os_require_quiesce=yes #通过 QEMU guest agent 发送fs-freeze/thaw调用

测试下上传镜像：

如果镜像cirros-0.3.5-x86_64-disk.img是qcow2格式的，可以先将它转换成raw格式的，因为如果要使用ceph作为后端存储，就应该将它的镜像格式转为raw：

可以使用命令qemu-img info cirros-0.3.5-x86_64-disk.img查看它是什么格式的，使用命令将它从qcow2格式转换成raw格式并保存成另外一个镜像文件：

qemu-img convert -f qcow2 -O raw cirros-0.3.5-x86_64-disk.img image.img

以下进行上传镜像操作：

. admin-openrc.sh

glance image-create --name “imagetest” --file image.img --disk-format raw --container-format bare --visibility public --progress

使用如下命令验证是否创建成功：

openstack image list

8.4 配置glance-registry.conf程序配置文件(三个控制节点全操作cont01,cont02.cont03)

[root@cont01:/etc/glance]# cp -p /etc/glance/glance-registry.conf{,.bak}
[root@cont02:/root]# cp -p /etc/glance/glance-registry.conf{,.bak}
[root@cont03:/root]# cp -p /etc/glance/glance-registry.conf{,.bak}

[root@cont01:/etc/glance]# vim /etc/glance/glance-registry.conf
   1 [DEFAULT]
 603 bind_host = 192.168.10.21
1128 [database]
1129 connection = mysql+pymysql://glance:GLANCE_typora@VirtualIP:3307/glance
1252 [keystone_authtoken]
1253 www_authenticate_uri = http://VirtualIP:5001
1254 auth_url = http://VirtualIP:5001
1255 memcached_servers = cont01:11211,cont02:11211,cont03:11211
1256 auth_type = password
1257 project_domain_name = Default
1258 user_domain_name = Default
1259 project_name = service
1260 username = glance
1261 password = glance_typora
2150 [paste_deploy]
2151 flavor = keystone

[root@cont02:/root]#  vim /etc/glance/glance-registry.conf
   1 [DEFAULT]
 603 bind_host = 192.168.10.22
1128 [database]
1129 connection = mysql+pymysql://glance:GLANCE_typora@VirtualIP:3307/glance
1252 [keystone_authtoken]
1253 www_authenticate_uri = http://VirtualIP:5001
1254 auth_url = http://VirtualIP:5001
1255 memcached_servers = cont01:11211,cont02:11211,cont03:11211
1256 auth_type = password
1257 project_domain_name = Default
1258 user_domain_name = Default
1259 project_name = service
1260 username = glance
1261 password = glance_typora
2150 [paste_deploy]
2151 flavor = keystone

[root@cont03:/root]# vim /etc/glance/glance-registry.conf
   1 [DEFAULT]
 603 bind_host = 192.168.10.23
1128 [database]
1129 connection = mysql+pymysql://glance:GLANCE_typora@VirtualIP:3307/glance
1252 [keystone_authtoken]
1253 www_authenticate_uri = http://VirtualIP:5001
1254 auth_url = http://VirtualIP:5001
1255 memcached_servers = cont01:11211,cont02:11211,cont03:11211
1256 auth_type = password
1257 project_domain_name = Default
1258 user_domain_name = Default
1259 project_name = service
1260 username = glance
1261 password = glance_typora
2150 [paste_deploy]
2151 flavor = keystone

8.5 同步glance数据库(任意控制节点操作即可)

[root@cont02:/root]# su -s /bin/sh -c "glance-manage db_sync" glance
/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1352: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade
  expire_on_commit=expire_on_commit, _conf=conf)
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name 'alembic_version_pkc' ignored for PRIMARY key.")
  result = self._query(query)
INFO  [alembic.runtime.migration] Running upgrade  -> liberty, liberty initial
INFO  [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table
INFO  [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server
INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images
INFO  [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01
INFO  [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01
INFO  [alembic.runtime.migration] Running upgrade queens_expand01 -> rocky_expand01, add os_hidden column to images table
INFO  [alembic.runtime.migration] Running upgrade rocky_expand01 -> rocky_expand02, add os_hash_algo and os_hash_value columns to images table
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: rocky_expand02, current revision(s): rocky_expand02
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database migration is up to date. No migration needed.
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images
INFO  [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables
INFO  [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO  [alembic.runtime.migration] Running upgrade queens_contract01 -> rocky_contract01
INFO  [alembic.runtime.migration] Running upgrade rocky_contract01 -> rocky_contract02
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: rocky_contract02, current revision(s): rocky_contract02
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.

[root@cont02:/root]# mysql -uroot -ptypora#2019
MariaDB [(none)]> use glance;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [glance]> show tables;
+----------------------------------+
| Tables_in_glance                 |
+----------------------------------+
| alembic_version                  |
| image_locations                  |
| image_members                    |
| image_properties                 |
| image_tags                       |
| images                           |
| metadef_namespace_resource_types |
| metadef_namespaces               |
| metadef_objects                  |
| metadef_properties               |
| metadef_resource_types           |
| metadef_tags                     |
| migrate_version                  |
| task_info                        |
| tasks                            |
+----------------------------------+
15 rows in set (0.001 sec)

MariaDB [glance]> exit
Bye

8.6 启动glance服务

（所有控制节点上操作 cont01,cont02,cont03）

systemctl enable openstack-glance-api.service  openstack-glance-registry.service
systemctl start openstack-glance-api.service  openstack-glance-registry.service
systemctl status openstack-glance-api.service   openstack-glance-registry.service

8.7 测试镜像

[root@cont02:/root]# cd /var/lib/glance/images/
[root@cont02:/var/lib/glance/images]# openstack image list

[root@cont02:/var/lib/glance/images]# ls
[root@cont02:/var/lib/glance/images]# glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
[root@cont02:/var/lib/glance/images]# cd
[root@cont02:/root]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
[root@cont02:/root]# ls
admin-openrc  anaconda-ks.cfg  cirros-0.4.0-x86_64-disk.img  demo-openrc  get-pip.py  openrc
[root@cont02:/root]# openstack image create "cirros" \
> --file /root/cirros-0.4.0-x86_64-disk.img \
> --disk-format qcow2 --container-format bare \
> --public
[root@cont02:/root]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| f18d54e0-cf78-4881-9348-f446958a4c4b | cirros | active |
+--------------------------------------+--------+--------+
[root@cont02:/root]# glance image-list
+--------------------------------------+--------+
| ID                                   | Name   |
+--------------------------------------+--------+
| f18d54e0-cf78-4881-9348-f446958a4c4b | cirros |
+--------------------------------------+--------+

8.7 设置PCS资源

[root@cont02:/root]# pcs resource create openstack-glance-api systemd:openstack-glance-api --clone interleave=true
[root@cont02:/root]# pcs resource create openstack-glance-registry systemd:openstack-glance-registry --clone interleave=true
[root@cont02:/root]# pcs resource
 VirtualIP      (ocf::heartbeat:IPaddr2):       Started cont01
 Clone Set: openstack-glance-api-clone [openstack-glance-api]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-glance-registry-clone [openstack-glance-registry]
     Started: [ cont01 cont02 cont03 ]

9、 Nova控制节点集群

9.1 创建Nova相关数据库（任意控制节点操作即可）

注：nova服务含4个数据库，统一授权到nova用户；
[root@cont02:/root]# mysql -uroot -p"typora#2019"
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.010 sec)

MariaDB [(none)]>  CREATE DATABASE nova;
Query OK, 1 row affected (0.009 sec)

MariaDB [(none)]> CREATE DATABASE nova_cell0;
Query OK, 1 row affected (0.009 sec)

MariaDB [(none)]> CREATE DATABASE placement;
Query OK, 1 row affected (0.009 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_typora';
Query OK, 0 rows affected (0.011 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_typora';
Query OK, 0 rows affected (0.010 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_typora';
Query OK, 0 rows affected (0.010 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_typora';
Query OK, 0 rows affected (0.011 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_typora';
Query OK, 0 rows affected (0.009 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_typora';
Query OK, 0 rows affected (0.010 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_typora';
Query OK, 0 rows affected (0.024 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_typora';
Query OK, 0 rows affected (0.010 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.011 sec)

MariaDB [(none)]> exit
Bye

9.2 创建nova/placement-api（任意控制节点操作即可）

[root@cont02:/root]# source openrc 
[root@cont02:/root]# openstack user create --domain default --password=nova_typora nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | edf5d194c7454a3e81fe5f099cb743b1 |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
//密码：nova_typora
[root@cont02:/root]# openstack user list
+----------------------------------+--------+
| ID                               | Name   |
+----------------------------------+--------+
| 02c1960ba4c44f46b7152c0a7e52fdba | admin  |
| 34c34fe5d78e4f39bfd63f82ad989585 | glance |
| 61c06b9891a64e68b87d84dbcec5e9ac | myuser |
| edf5d194c7454a3e81fe5f099cb743b1 | nova   |
+----------------------------------+--------+
[root@cont02:/root]# openstack role add --project service --user nova admin
[root@cont02:/root]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 369d083b4a094c1fb57e189d54305ea9 | glance   | image    |
| 66fbd70e526f48828b5a18cb7aaf4d1b | keystone | identity |
+----------------------------------+----------+----------+
[root@cont02:/root]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 28ed51dbfde848f791e70a3be574c143 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@cont02:/root]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| 28ed51dbfde848f791e70a3be574c143 | nova     | compute  |
| 369d083b4a094c1fb57e189d54305ea9 | glance   | image    |
| 66fbd70e526f48828b5a18cb7aaf4d1b | keystone | identity |
+----------------------------------+----------+----------+
[root@cont02:/root]# openstack endpoint create --region RegionOne compute public http://VirtualIP:9774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3ae6c07e8c1844b3a21c3fc073cd3da9 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 28ed51dbfde848f791e70a3be574c143 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://VirtualIP:9774/v2.1       |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne compute internal http://VirtualIP:9774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | b0f71d34aedf41a9a8fb9d56313efb00 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 28ed51dbfde848f791e70a3be574c143 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://VirtualIP:9774/v2.1       |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne compute admin http://VirtualIP:9774/v2.1
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 7bff1a44974a42a59e49eebffad550c0 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 28ed51dbfde848f791e70a3be574c143 |
| service_name | nova                             |
| service_type | compute                          |
| url          | http://VirtualIP:9774/v2.1       |
+--------------+----------------------------------+
[root@cont02:/root]# openstack catalog list
//查看所有服务端点的服务地址
+----------+----------+----------------------------------------+
| Name     | Type     | Endpoints                              |
+----------+----------+----------------------------------------+
| nova     | compute  | RegionOne                              |
|          |          |   public: http://VirtualIP:9774/v2.1   |
|          |          | RegionOne                              |
|          |          |   admin: http://VirtualIP:9774/v2.1    |
|          |          | RegionOne                              |
|          |          |   internal: http://VirtualIP:9774/v2.1 |
|          |          |                                        |
| glance   | image    | RegionOne                              |
|          |          |   admin: http://VirtualIP:9293         |
|          |          | RegionOne                              |
|          |          |   internal: http://VirtualIP:9293      |
|          |          | RegionOne                              |
|          |          |   public: http://VirtualIP:9293        |
|          |          |                                        |
| keystone | identity | RegionOne                              |
|          |          |   internal: http://VirtualIP:5001/v3/  |
|          |          | RegionOne                              |
|          |          |   admin: http://VirtualIP:5001/v3/     |
|          |          | RegionOne                              |
|          |          |   public: http://VirtualIP:5001/v3/    |
|          |          |                                        |
+----------+----------+----------------------------------------+

[root@cont02:/root]# openstack user create --domain default --password=placement_typora placement
//密码：placement_typora
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 66b6d87d0410419e8070817a9fa6493e |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@cont02:/root]# openstack role add --project service --user placement admin
[root@cont02:/root]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Placement API                    |
| enabled     | True                             |
| id          | dba3c60da5084dfca6b220fe666c2f9b |
| name        | placement                        |
| type        | placement                        |
+-------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne placement public http://VirtualIP:9778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | c2a1f308b3c04a448667967afb6016fe |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | dba3c60da5084dfca6b220fe666c2f9b |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://VirtualIP:9778            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne placement internal http://VirtualIP:9778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 9035afba42be4b4387571d02b16c168c |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | dba3c60da5084dfca6b220fe666c2f9b |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://VirtualIP:9778            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne placement admin http://VirtualIP:9778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 53be3d592dfa4060b46ca6a488067191 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | dba3c60da5084dfca6b220fe666c2f9b |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://VirtualIP:9778            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack catalog list
+-----------+-----------+----------------------------------------+
| Name      | Type      | Endpoints                              |
+-----------+-----------+----------------------------------------+
| nova      | compute   | RegionOne                              |
|           |           |   public: http://VirtualIP:9774/v2.1   |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:9774/v2.1    |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9774/v2.1 |
|           |           |                                        |
| glance    | image     | RegionOne                              |
|           |           |   admin: http://VirtualIP:9293         |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9293      |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9293        |
|           |           |                                        |
| keystone  | identity  | RegionOne                              |
|           |           |   internal: http://VirtualIP:5001/v3/  |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:5001/v3/     |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:5001/v3/    |
|           |           |                                        |
| placement | placement | RegionOne                              |
|           |           |   admin: http://VirtualIP:9778         |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9778      |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9778        |
|           |           |                                        |
+-----------+-----------+----------------------------------------+

9.3 安装Nova服务(在全部控制节点安装nova相关服务)

[root@cont0$:/root]# 
yum install openstack-nova-api openstack-nova-conductor  openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y

9.4 配置nova.conf(在全部控制节点安装nova相关服务)

[root@cont01:/root]# cp -p /etc/nova/nova.conf{,.bak}
[root@cont02:/etc/nova]# cp -p /etc/nova/nova.conf{,.bak}
[root@cont03:/root]# cp -p /etc/nova/nova.conf{,.bak}

[root@cont02:/etc/nova]# vim /etc/nova/nova.conf
    1 [DEFAULT]
    2 enabled_apis = osapi_compute,metadata
    3 my_ip = 192.168.10.22
    4 use_neutron = true
    5 firewall_driver = nova.virt.firewall.NoopFirewallDriver
    6 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
    7 osapi_compute_listen=$my_ip
    8 osapi_compute_listen_port=8774
    9 metadata_listen=$my_ip
   10 metadata_listen_port=8775
   12 agent_down_time = 30
   13 report_interval=15
   14 dhcp_agents_per_network = 3
   
 3186 [api]
 3187 auth_strategy = keystone
 
 3480 [api_database]
 3481 connection = mysql+pymysql://nova:NOVA_typora@VirtualIP:3307/nova_api
 
 3582 [cache]
 3583 backend=oslo_cache.memcache_pool
 3584 enabled=True
 3585 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 
 4566 [database]
 4567 connection = mysql+pymysql://nova:NOVA_typora@VirtualIP:3307/nova
 
 5248 [glance]
 5249 api_servers = http://VirtualIP:9293
 
 6069 [keystone_authtoken]
 6070 auth_url = http://VirtualIP:5001/v3
 6071 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 6072 auth_type = password
 6073 project_domain_name = Default
 6074 user_domain_name = Default
 6075 project_name = service
 6076 username = nova
 6077 password = nova_typora
 
 8003 [oslo_concurrency]
 8004 lock_path = /var/lib/nova/tmp

 8822 [placement]
 8823 region_name = RegionOne
 8824 project_domain_name = Default
 8825 project_name = service
 8826 auth_type = password
 8827 user_domain_name = Default
 8828 auth_url = http://VirtualIP:5001/v3
 8829 username = placement
 8830 password = placement_typora
 
 8986 ##[placement_database]
 8987 ##connection = mysql+pymysql://placement:PLACEMENT_typora@VirtualIP:3307/placement
 
 9602 [scheduler]
 9603 discover_hosts_in_cells_interval = 60
 
10705 [vnc]
10706 enabled = true
10707 server_listen = $my_ip
10708 server_proxyclient_address = $my_ip
10709 ##novncproxy_base_url=http://$my_ip:6080/vnc_auto.html
10710 ##novncproxy_host=$my_ip
10711 ##novncproxy_port=6080

[root@cont01:/etc/nova]# vim /etc/nova/nova.conf
    1 [DEFAULT]
    2 enabled_apis = osapi_compute,metadata
    3 my_ip = 192.168.10.21
    4 use_neutron = true
    5 firewall_driver = nova.virt.firewall.NoopFirewallDriver
    6 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
    7 osapi_compute_listen=$my_ip
    8 osapi_compute_listen_port=8774
    9 metadata_listen=$my_ip
   10 metadata_listen_port=8775
   
 3186 [api]
 3187 auth_strategy = keystone
 
 3480 [api_database]
 3481 connection = mysql+pymysql://nova:NOVA_typora@VirtualIP:3307/nova_api
 
 3582 [cache]
 3583 backend=oslo_cache.memcache_pool
 3584 enabled=True
 3585 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 
 4566 [database]
 4567 connection = mysql+pymysql://nova:NOVA_typora@VirtualIP:3307/nova
 
 5248 [glance]
 5249 api_servers = http://VirtualIP:9293
 
 6069 [keystone_authtoken]
 6070 auth_url = http://VirtualIP:5001/v3
 6071 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 6072 auth_type = password
 6073 project_domain_name = Default
 6074 user_domain_name = Default
 6075 project_name = service
 6076 username = nova
 6077 password = nova_typora
 
 8003 [oslo_concurrency]
 8004 lock_path = /var/lib/nova/tmp

 8822 [placement]
 8823 region_name = RegionOne
 8824 project_domain_name = Default
 8825 project_name = service
 8826 auth_type = password
 8827 user_domain_name = Default
 8828 auth_url = http://VirtualIP:5001/v3
 8829 username = placement
 8830 password = placement_typora
 
 8986 ##[placement_database]
 8987 ##connection = mysql+pymysql://placement:PLACEMENT_typora@VirtualIP:3307/placement
 
 9602 [scheduler]
 9603 discover_hosts_in_cells_interval = 60
 
10705 [vnc]
10706 enabled = true
10707 server_listen = $my_ip
10708 server_proxyclient_address = $my_ip
10709 ##novncproxy_base_url=http://$my_ip:6080/vnc_auto.html
10710 ##novncproxy_host=$my_ip
10711 ##novncproxy_port=6080

[root@cont03:/etc/nova]# vim /etc/nova/nova.conf
    1 [DEFAULT]
    2 enabled_apis = osapi_compute,metadata
    3 my_ip = 192.168.10.23
    4 use_neutron = true
    5 firewall_driver = nova.virt.firewall.NoopFirewallDriver
    6 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
    7 osapi_compute_listen=$my_ip
    8 osapi_compute_listen_port=8774
    9 metadata_listen=$my_ip
   10 metadata_listen_port=8775
   
 3186 [api]
 3187 auth_strategy = keystone
 
 3480 [api_database]
 3481 connection = mysql+pymysql://nova:NOVA_typora@VirtualIP:3307/nova_api
 
 3582 [cache]
 3583 backend=oslo_cache.memcache_pool
 3584 enabled=True
 3585 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 
 4566 [database]
 4567 connection = mysql+pymysql://nova:NOVA_typora@VirtualIP:3307/nova
 
 5248 [glance]
 5249 api_servers = http://VirtualIP:9293
 
 6069 [keystone_authtoken]
 6070 auth_url = http://VirtualIP:5001/v3
 6071 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 6072 auth_type = password
 6073 project_domain_name = Default
 6074 user_domain_name = Default
 6075 project_name = service
 6076 username = nova
 6077 password = nova_typora
 
 8003 [oslo_concurrency]
 8004 lock_path = /var/lib/nova/tmp

 8822 [placement]
 8823 region_name = RegionOne
 8824 project_domain_name = Default
 8825 project_name = service
 8826 auth_type = password
 8827 user_domain_name = Default
 8828 auth_url = http://VirtualIP:5001/v3
 8829 username = placement
 8830 password = placement_typora
 
 8986 ##[placement_database]
 8987 ##connection = mysql+pymysql://placement:PLACEMENT_typora@VirtualIP:3307/placement
 
 9602 [scheduler]
 9603 discover_hosts_in_cells_interval = 60
 
10705 [vnc]
10706 enabled = true
10707 server_listen = $my_ip
10708 server_proxyclient_address = $my_ip
10709 ##novncproxy_base_url=http://$my_ip:6080/vnc_auto.html
10710 ##novncproxy_host=$my_ip
10711 ##novncproxy_port=6080

9.5 配置00-nova-placement-api.conf

[root@cont01:/root]# cp -p /etc/httpd/conf.d/00-nova-placement-api.conf{,.bak}
[root@cont02:/root]# cp -p /etc/httpd/conf.d/00-nova-placement-api.conf{,.bak}
[root@cont03:/root]# cp -p /etc/httpd/conf.d/00-nova-placement-api.conf{,.bak}

[root@cont02:/root]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
//在最后添加
#Placement API
/usr/bin>
   = 2.4>
      Require all granted
   </IfVersion>
   .4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

[root@cont01:/root]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
//在最后添加
#Placement API
/usr/bin>
   = 2.4>
      Require all granted
   </IfVersion>
   .4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

[root@cont03:/root]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
//在最后添加
#Placement API
/usr/bin>
   = 2.4>
      Require all granted
   </IfVersion>
   .4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>

[root@cont01:/root]# systemctl restart httpd
[root@cont02:/root]# systemctl restart httpd
[root@cont03:/root]# systemctl restart httpd

9.6 同步nova相关数据库（任意控制节点操作）

[root@cont02:/root]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@cont02:/root]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@cont02:/root]#  su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
All hosts must be set with username/password or not at the same time. Hosts with credentials are: ['cont01']. Hosts without credentials are ['cont02', 'cont03'].
All hosts must be set with username/password or not at the same time. Hosts with credentials are: ['cont01']. Hosts without credentials are ['cont02', 'cont03'].
418b9e81-2804-4a9d-9baf-40bfa07066ed
[root@cont02:/root]# su -s /bin/sh -c "nova-manage db sync" nova
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release')
  result = self._query(query)
[root@cont02:/root]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+-----------------------------------
|  Name |                 UUID                 |                        Transport URL                        |              Database Connection               | Disabled |
+-------+--------------------------------------+-----------------------------------
| cell0 | 00000000-0000-0000-0000-000000000000 |                            none:/                           | mysql+pymysql://nova:****@VirtualIP/nova_cell0 |  False 
| cell1 | 418b9e81-2804-4a9d-9baf-40bfa07066ed | rabbit://openstack:****@cont01:5672,cont02:5672,cont03:5672 |    mysql+pymysql://nova:****@VirtualIP/nova    |  False   |
+-------+--------------------------------------+-----------------------------------

9.6 启动nova服务（所有控制节点操作cont01 cont02 cont03）

[root@cont0$:/root]#

systemctl enable openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl restart openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

systemctl status openstack-nova-api.service openstack-nova-consoleauth openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service | grep active

9.7 验证

[root@cont02:/root]# . admin-openrc
[root@cont02:/root]# openstack compute service list
+----+------------------+--------+----------+---------+-------+------------
| ID | Binary           | Host   | Zone     | Status  | State | Updated At                 |
+----+------------------+--------+----------+---------+-------+------------
|  1 | nova-scheduler   | cont01 | internal | enabled | up    | 2020-01-17T05:52:27.000000 |
| 13 | nova-conductor   | cont01 | internal | enabled | up    | 2020-01-17T05:52:32.000000 |
| 16 | nova-consoleauth | cont01 | internal | enabled | up    | 2020-01-17T05:52:25.000000 |
| 28 | nova-scheduler   | cont02 | internal | enabled | up    | 2020-01-17T05:52:25.000000 |
| 43 | nova-conductor   | cont02 | internal | enabled | up    | 2020-01-17T05:52:32.000000 |
| 49 | nova-consoleauth | cont02 | internal | enabled | up    | 2020-01-17T05:52:31.000000 |
| 67 | nova-conductor   | cont03 | internal | enabled | up    | 2020-01-17T05:52:27.000000 |
| 70 | nova-scheduler   | cont03 | internal | enabled | up    | 2020-01-17T05:52:26.000000 |
| 82 | nova-consoleauth | cont03 | internal | enabled | up    | 2020-01-17T05:52:32.000000 |
+----+------------------+--------+----------+---------+-------+------------
[root@cont02:/root]# openstack catalog list
+-----------+-----------+----------------------------------------+
| Name      | Type      | Endpoints                              |
+-----------+-----------+----------------------------------------+
| nova      | compute   | RegionOne                              |
|           |           |   public: http://VirtualIP:9774/v2.1   |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:9774/v2.1    |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9774/v2.1 |
|           |           |                                        |
| glance    | image     | RegionOne                              |
|           |           |   admin: http://VirtualIP:9293         |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9293      |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9293        |
|           |           |                                        |
| keystone  | identity  | RegionOne                              |
|           |           |   internal: http://VirtualIP:5001/v3/  |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:5001/v3/     |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:5001/v3/    |
|           |           |                                        |
| placement | placement | RegionOne                              |
|           |           |   admin: http://VirtualIP:9778         |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9778      |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9778        |
|           |           |                                        |
+-----------+-----------+----------------------------------------+
[root@cont02:/root]# nova-status upgrade check
+--------------------------------------------------------------------+
| Upgrade Check Results                                              |
+--------------------------------------------------------------------+
| Check: Cells v2                                                    |
| Result: Success                                                    |
| Details: No host mappings or compute nodes were found. Remember to |
|   run command 'nova-manage cell_v2 discover_hosts' when new        |
|   compute hosts are deployed.                                      |
+--------------------------------------------------------------------+
| Check: Placement API                                               |
| Result: Success                                                    |
| Details: None                                                      |
+--------------------------------------------------------------------+
| Check: Resource Providers                                          |
| Result: Success                                                    |
| Details: There are no compute resource providers in the Placement  |
|   service nor are there compute nodes in the database.             |
|   Remember to configure new compute nodes to report into the       |
|   Placement service. See                                           |
|   https://docs.openstack.org/nova/latest/user/placement.html       |
|   for more details.                                                |
+--------------------------------------------------------------------+
| Check: Ironic Flavor Migration                                     |
| Result: Success                                                    |
| Details: None                                                      |
+--------------------------------------------------------------------+
| Check: API Service Version                                         |
| Result: Success                                                    |
| Details: None                                                      |
+--------------------------------------------------------------------+
| Check: Request Spec Migration                                      |
| Result: Success                                                    |
| Details: None                                                      |
+--------------------------------------------------------------------+
| Check: Console Auths                                               |
| Result: Success                                                    |
| Details: None                                                      |
+--------------------------------------------------------------------+

9.8 设置PCS资源（任意控制节点操作）

//添加资源openstack-nova-api，openstack-nova-consoleauth，openstack-nova-scheduler，openstack-nova-conductor与openstack-nova-novncproxy
//经验证，建议openstack-nova-api，openstack-nova-consoleauth，openstack-nova-conductor与openstack-nova-novncproxy 等无状态服务以active/active模式运行；
//经验证，建议openstack-nova-scheduler等服务以active/passive模式运行

[root@cont01:/root]# pcs resource create openstack-nova-api systemd:openstack-nova-api --clone interleave=true
[root@cont01:/root]# pcs resource create openstack-nova-consoleauth systemd:openstack-nova-consoleauth --clone interleave=true
[root@cont01:/root]# pcs resource create openstack-nova-scheduler systemd:openstack-nova-scheduler --clone interleave=true
[root@cont01:/root]# pcs resource create openstack-nova-conductor systemd:openstack-nova-conductor --clone interleave=true
[root@cont01:/root]# pcs resource create openstack-nova-novncproxy systemd:openstack-nova-novncproxy --clone interleave=true
[root@cont01:/root]# pcs resource
 VirtualIP      (ocf::heartbeat:IPaddr2):       Started cont01
 Clone Set: openstack-glance-api-clone [openstack-glance-api]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-glance-registry-clone [openstack-glance-registry]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-nova-api-clone [openstack-nova-api]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-nova-consoleauth-clone [openstack-nova-consoleauth]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-nova-scheduler-clone [openstack-nova-scheduler]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-nova-conductor-clone [openstack-nova-conductor]
     Started: [ cont01 cont02 cont03 ]
 Clone Set: openstack-nova-novncproxy-clone [openstack-nova-novncproxy]
     Started: [ cont01 cont02 cont03 ]

控制nova节点已布置完成

9.8 部署 Nova计算节点（部署计算节点上comp01、comp02、comp03）

在计算节点上comp01、comp02、comp03执行：[root@comp0$:/root]

yum install centos-release-openstack-rocky -y
yum update
yum install openstack-nova-compute -y

9.10 计算节点和直接ssh免密认证

ssh-keygen
ssh-copy-id comp01
ssh-copy-id comp02
ssh-copy-id comp03

9.11 配置计算节点的配置nova.conf

[root@comp01:/etc/nova]# cp -p /etc/nova/nova.conf{,.bak}
[root@comp02:/etc/nova]# cp -p /etc/nova/nova.conf{,.bak}
[root@comp03:/etc/nova]# cp -p /etc/nova/nova.conf{,.bak}
    
[root@comp02:/etc/nova]# vim /etc/nova/nova.conf
    1 [DEFAULT]
    6 enabled_apis = osapi_compute,metadata
    7 my_ip = 192.168.10.18
    8 use_neutron = true
    9 firewall_driver = nova.virt.firewall.NoopFirewallDriver
   10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
   
 3182 [api]
 3183 auth_strategy = keystone
 
 5240 [glance]
 5241 api_servers = http://VirtualIP:9293
 
 6060 [keystone_authtoken]
 6061 auth_url = http://VirtualIP:5001/v3
 6062 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 6063 auth_type = password
 6064 project_domain_name = Default
 6065 user_domain_name = Default
 6066 project_name = service
 6067 username = nova
 6068 password = nova_typora
 
 6259 [libvirt]
 6260 virt_type = qemu
//注：通过“egrep -c '(vmx|svm)' /proc/cpuinfo”命令查看主机是否支持硬件加速，返回1或者更大的值表示支持，返回0表示不支持；
//注： 支持硬件加速使用”kvm”类型，不支持则使用”qemu”类型；
//注： 一般虚拟机不支持硬件加速
//注：此处正常全用qemu，实验测试时，根据返回结果为8 ，将virt_type = kvm 后，创建实例显示 nova的type错误，实例创建后显示状态为错误
 8813 [placement]
 8814 region_name = RegionOne
 8815 project_domain_name = Default
 8816 project_name = service
 8817 auth_type = password
 8818 user_domain_name = Default
 8819 auth_url = http://VirtualIP:5001/v3
 8820 username = placement
 8821 password = placement_typora
 
10689 [vnc]
10690 enabled=true
10691 vncserver_listen=0.0.0.0
10692 vncserver_proxyclient_address=$my_ip
10693 novncproxy_base_url=http://192.168.10.20:6081/vnc_auto.html
//注：此处novncproxy_base_url的IP使用数字192.168.10.20，不建议使用VirtualIP；因为用VirtualIP会报错。
#novncproxy_host=$my_ip
#novncproxy_port=6080

[root@comp01:/root]# vim /etc/nova/nova.conf
    1 [DEFAULT]
    6 enabled_apis = osapi_compute,metadata
    7 my_ip = 192.168.10.18
    8 use_neutron = true
    9 firewall_driver = nova.virt.firewall.NoopFirewallDriver
   10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
   
 3182 [api]
 3183 auth_strategy = keystone
 
 5240 [glance]
 5241 api_servers = http://VirtualIP:9293
 
 6060 [keystone_authtoken]
 6061 auth_url = http://VirtualIP:5001/v3
 6062 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 6063 auth_type = password
 6064 project_domain_name = Default
 6065 user_domain_name = Default
 6066 project_name = service
 6067 username = nova
 6068 password = nova_typora
 
 6259 [libvirt]
 6260 virt_type = qemu
//注：通过“egrep -c '(vmx|svm)' /proc/cpuinfo”命令查看主机是否支持硬件加速，返回1或者更大的值表示支持，返回0表示不支持；
//注： 支持硬件加速使用”kvm”类型，不支持则使用”qemu”类型；
//注： 一般虚拟机不支持硬件加速
//注：此处正常全用qemu，实验测试时，根据返回结果为8 ，将virt_type = kvm 后，创建实例显示 nova的type错误，实例创建后显示状态为错误
 8813 [placement]
 8814 region_name = RegionOne
 8815 project_domain_name = Default
 8816 project_name = service
 8817 auth_type = password
 8818 user_domain_name = Default
 8819 auth_url = http://VirtualIP:5001/v3
 8820 username = placement
 8821 password = placement_typora
 
10689 [vnc]
10690 enabled=true
10691 vncserver_listen=0.0.0.0
10692 vncserver_proxyclient_address=$my_ip
10693 novncproxy_base_url=http://192.168.10.20:6081/vnc_auto.html
//注：此处novncproxy_base_url的IP使用192.168.10.20，不建议使用VirtualIP；因为用VIrtualIP会报错。

[root@comp03:/root]# vim /etc/nova/nova.conf
    1 [DEFAULT]
    6 enabled_apis = osapi_compute,metadata
    7 my_ip = 192.168.10.17
    8 use_neutron = true
    9 firewall_driver = nova.virt.firewall.NoopFirewallDriver
   10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
   
 3182 [api]
 3183 auth_strategy = keystone
 
 5240 [glance]
 5241 api_servers = http://VirtualIP:9293
 
 6060 [keystone_authtoken]
 6061 auth_url = http://VirtualIP:5001/v3
 6062 memcached_servers=cont01:11211,cont02:11211,cont03:11211
 6063 auth_type = password
 6064 project_domain_name = Default
 6065 user_domain_name = Default
 6066 project_name = service
 6067 username = nova
 6068 password = nova_typora
 
 6259 [libvirt]
 6260 virt_type = qemu
//注：通过“egrep -c '(vmx|svm)' /proc/cpuinfo”命令查看主机是否支持硬件加速，返回1或者更大的值表示支持，返回0表示不支持；
//注： 支持硬件加速使用”kvm”类型，不支持则使用”qemu”类型；
//注： 一般虚拟机不支持硬件加速
//注：此处正常全用qemu，实验测试时，根据返回结果为8 ，将virt_type = kvm 后，创建实例显示 nova的type错误，实例创建后显示状态为错误
 8813 [placement]
 8814 region_name = RegionOne
 8815 project_domain_name = Default
 8816 project_name = service
 8817 auth_type = password
 8818 user_domain_name = Default
 8819 auth_url = http://VirtualIP:5001/v3
 8820 username = placement
 8821 password = placement_typora
 
10689 [vnc]
10690 enabled=true
10691 vncserver_listen=0.0.0.0
10692 vncserver_proxyclient_address=$my_ip
10693 novncproxy_base_url=http://192.168.10.20:6081/vnc_auto.html
//注：此处novncproxy_base_url的IP使用192.168.10.20，不建议使用VirtualIP；因为用VIrtualIP会报错。

9.12 启动计算节点服务在comp01 comp02 comp03上执行

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service

9.13 向cell数据库添加计算节点（在任意控制节点操作）

[root@cont02:/root]# . admin-openrc 
[root@cont02:/root]# openstack compute service list --service nova-compute
+----+--------------+--------+------+---------+-------+----------------------------
| ID | Binary       | Host   | Zone | Status  | State | Updated At                 

| 91 | nova-compute | comp02 | nova | enabled | up    | 2020-01-17T12:26:33.000000 |
| 94 | nova-compute | comp01 | nova | enabled | up    | 2020-01-17T12:26:29.000000 |
| 97 | nova-compute | comp03 | nova | enabled | up    | 2020-01-17T12:26:36.000000 |
+----+--------------+--------+------+---------+-------+----------------------------
//手工发现计算节点主机，即添加到cell数据库
[root@cont02:/root]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
All hosts must be set with username/password or not at the same time. Hosts with credentials are: ['cont01']. Hosts without credentials are ['cont02', 'cont03'].
All hosts must be set with username/password or not at the same time. Hosts with credentials are: ['cont01']. Hosts without credentials are ['cont02', 'cont03'].
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 418b9e81-2804-4a9d-9baf-40bfa07066ed
Found 0 unmapped computes in cell: 418b9e81-2804-4a9d-9baf-40bfa07066ed
[root@cont02:/root]# openstack hypervisor list
+----+---------------------+-----------------+---------------+-------+
| ID | Hypervisor Hostname | Hypervisor Type | Host IP       | State |
+----+---------------------+-----------------+---------------+-------+
|  1 | comp01              | QEMU            | 192.168.10.19 | up    |
|  4 | comp02              | QEMU            | 192.168.10.18 | up    |
|  7 | comp03              | QEMU            | 192.168.10.17 | up    |
+----+---------------------+-----------------+---------------+-------+
[root@cont02:/root]# openstack compute service list
//注：此命令为查看计算服务列表  Status表示nova功能已打开  State表示nova功能已运行
+----+------------------+--------+----------+---------+-------+--------------------
| ID | Binary           | Host   | Zone     | Status  | State | Updated At         
+----+------------------+--------+----------+---------+-------+--------------------
|  1 | nova-scheduler   | cont01 | internal | enabled | up    | 2020-01-17T12:28:17.000000 |
| 13 | nova-conductor   | cont01 | internal | enabled | up    | 2020-01-17T12:28:14.000000 |
| 16 | nova-consoleauth | cont01 | internal | enabled | up    | 2020-01-17T12:28:18.000000 |
| 28 | nova-scheduler   | cont02 | internal | enabled | up    | 2020-01-17T12:28:20.000000 |
| 43 | nova-conductor   | cont02 | internal | enabled | up    | 2020-01-17T12:28:21.000000 |
| 49 | nova-consoleauth | cont02 | internal | enabled | up    | 2020-01-17T12:28:19.000000 |
| 67 | nova-conductor   | cont03 | internal | enabled | up    | 2020-01-17T12:28:18.000000 |
| 70 | nova-scheduler   | cont03 | internal | enabled | up    | 2020-01-17T12:28:21.000000 |
| 82 | nova-consoleauth | cont03 | internal | enabled | up    | 2020-01-17T12:28:14.000000 |
| 91 | nova-compute     | comp02 | nova     | enabled | up    | 2020-01-17T12:28:23.000000 |
| 94 | nova-compute     | comp01 | nova     | enabled | up    | 2020-01-17T12:28:19.000000 |
| 97 | nova-compute     | comp03 | nova     | enabled | up    | 2020-01-17T12:28:16.000000 |
+----+------------------+--------+----------+---------+-------+--------------------
[root@cont02:/root]# nova-status upgrade check
//注：Cells v2 、Placement API、Resource Providers 这3个必须成功
+--------------------------------+
| Upgrade Check Results          |
+--------------------------------+
| Check: Cells v2                |
| Result: Success                |
| Details: None                  |
+--------------------------------+
| Check: Placement API           |
| Result: Success                |
| Details: None                  |
+--------------------------------+
| Check: Resource Providers      |
| Result: Success                |
| Details: None                  |
+--------------------------------+
| Check: Ironic Flavor Migration |
| Result: Success                |
| Details: None                  |
+--------------------------------+
| Check: API Service Version     |
| Result: Success                |
| Details: None                  |
+--------------------------------+
| Check: Request Spec Migration  |
| Result: Success                |
| Details: None                  |
+--------------------------------+
| Check: Console Auths           |
| Result: Success                |
| Details: None                  |
+--------------------------------+

10、 Neutron控制/网络节点集群

neutron-server 端口9696 api：接受和响应外部的网络管理请求

neutron-linuxbridge-agent: 负责创建桥接网卡

neturon-dhcp-agent: 负责分配IP

neturon-metadata-agent: 配合Nova-metadata-api实现虚拟机的定制化操作

L3-agent 实现三层网络vxlan（网络层）

**Neutron Server:**对外提供Openstack网络API，接收请求，并调用Plugin处理请求。

**Plugin:**处理Neturon Server发来的请求，维护Openstack逻辑网络状态，并调用Agent处理请求。

**Agent:**处理Plugin的请求，负责在network provider上真正实现各种网络功能。

**Network provider:**提供网络服务的虚拟或物理网络设备，例如Linux Bridge,Open vSwitch或者其他支持Neutron的物理交换机。

**Queue:**Neutron Server,Plugin和Agent之间通过Messagings Queue通信和调用。

**Database:**存放OpenStack的网络状态信息，包括Network，Subnet,Port,Router等。

10.1 创建neutron数据库（在任意控制节点创建数据库，后台数据自动同步）

[root@cont02:/root]# mysql -uroot -p"typora#2019"
MariaDB [(none)]> CREATE DATABASE neutron;
Query OK, 1 row affected (0.009 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_typora';
Query OK, 0 rows affected (0.009 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_typora';
Query OK, 0 rows affected (0.011 sec)
MariaDB [(none)]> flush privileges;
MariaDB [(none)]> exit
Bye

10.2 创建neutron用户、赋权、服务实体

[root@cont02:/root]# source openrc 
[root@cont02:/root]# openstack user create --domain default --password=neutron_typora neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | a80531c8a7534a30954246b1eefd74d1 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
// 为neutron用户赋予admin权限
[root@cont02:/root]# openstack role add --project service --user neutron admin
// neutron服务实体类型”network”
[root@cont02:/root]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | a0a29f234103480ebc93457753d59341 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[root@cont02:/root]# openstack service list
+----------------------------------+-----------+-----------+
| ID                               | Name      | Type      |
+----------------------------------+-----------+-----------+
| 28ed51dbfde848f791e70a3be574c143 | nova      | compute   |
| 369d083b4a094c1fb57e189d54305ea9 | glance    | image     |
| 66fbd70e526f48828b5a18cb7aaf4d1b | keystone  | identity  |
| a0a29f234103480ebc93457753d59341 | neutron   | network   |
| dba3c60da5084dfca6b220fe666c2f9b | placement | placement |
+----------------------------------+-----------+-----------+

10.3 创建neutron-api

// neutron-api 服务类型为network；
[root@cont02:/root]# openstack endpoint create --region RegionOne network public http://VirtualIP:9997
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 670dfb6bb8ba4b0eb29cf5ce117fa7f7 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | a0a29f234103480ebc93457753d59341 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://VirtualIP:9997            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne network internal http://VirtualIP:9997
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 2c6b3657b8bd431586934cc9dde33f84 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | a0a29f234103480ebc93457753d59341 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://VirtualIP:9997            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint create --region RegionOne network admin http://VirtualIP:9997
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5ff90d7cff57495d80338ef7299319d3 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | a0a29f234103480ebc93457753d59341 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://VirtualIP:9997            |
+--------------+----------------------------------+
[root@cont02:/root]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+----
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                        |
+----------------------------------+-----------+--------------+--------------+---------+----
| 2c6b3657b8bd431586934cc9dde33f84 | RegionOne | neutron      | network      | True    | internal  | http://VirtualIP:9697      |
| 2e109052bb4a4affa30fe3b9e3e5fcc3 | RegionOne | keystone     | identity     | True    | internal  | http://VirtualIP:5001/v3/  |
| 3ae6c07e8c1844b3a21c3fc073cd3da9 | RegionOne | nova         | compute      | True    | public    | http://VirtualIP:9774/v2.1 |
| 40e4fa83731d4933afe694481b5e0464 | RegionOne | glance       | image        | True    | admin     | http://VirtualIP:9293      |
| 53be3d592dfa4060b46ca6a488067191 | RegionOne | placement    | placement    | True    | admin     | http://VirtualIP:9778      |
| 5ff90d7cff57495d80338ef7299319d3 | RegionOne | neutron      | network      | True    | admin     | http://VirtualIP:9997      |
| 670dfb6bb8ba4b0eb29cf5ce117fa7f7 | RegionOne | neutron      | network      | True    | public    | http://VirtualIP:9997      |
| 7bff1a44974a42a59e49eebffad550c0 | RegionOne | nova         | compute      | True    | admin     | http://VirtualIP:9774/v2.1 |
| 8ddb366df7e94af9af298b5f11774fb4 | RegionOne | keystone     | identity     | True    | admin     | http://VirtualIP:5001/v3/  |
| 9035afba42be4b4387571d02b16c168c | RegionOne | placement    | placement    | True    | internal  | http://VirtualIP:9778      |
| a592cb41c0bb424c9817633ed1946b45 | RegionOne | keystone     | identity     | True    | public    | http://VirtualIP:5001/v3/  |
| b0f71d34aedf41a9a8fb9d56313efb00 | RegionOne | nova         | compute      | True    | internal  | http://VirtualIP:9774/v2.1 |
| b7b0084313744b8a91a142b1221e0443 | RegionOne | glance       | image        | True    | internal  | http://VirtualIP:9293      |
| c2a1f308b3c04a448667967afb6016fe | RegionOne | placement    | placement    | True    | public    | http://VirtualIP:9778      |
| fdb2cdadfb7544abad1f216ca719f478 | RegionOne | glance       | image        | True    | public    | http://VirtualIP:9293      |
+----------------------------------+-----------+--------------+--------------+---------+----
注：误操作，删除命令：//# openstack endpoint delete ff76f2ea08914c98ad6e8fee3a789498

[root@cont02:/root]# openstack catalog list
+-----------+-----------+----------------------------------------+
| Name      | Type      | Endpoints                              |
+-----------+-----------+----------------------------------------+
| nova      | compute   | RegionOne                              |
|           |           |   public: http://VirtualIP:9774/v2.1   |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:9774/v2.1    |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9774/v2.1 |
|           |           |                                        |
| glance    | image     | RegionOne                              |
|           |           |   admin: http://VirtualIP:9293         |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9293      |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9293        |
|           |           |                                        |
| keystone  | identity  | RegionOne                              |
|           |           |   internal: http://VirtualIP:5001/v3/  |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:5001/v3/     |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:5001/v3/    |
|           |           |                                        |
| neutron   | network   | RegionOne                              |
|           |           |   internal: http://VirtualIP:9997      |
|           |           | RegionOne                              |
|           |           |   admin: http://VirtualIP:9997         |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9997        |
|           |           |                                        |
| placement | placement | RegionOne                              |
|           |           |   admin: http://VirtualIP:9778         |
|           |           | RegionOne                              |
|           |           |   internal: http://VirtualIP:9778      |
|           |           | RegionOne                              |
|           |           |   public: http://VirtualIP:9778        |
|           |           |                                        |
+-----------+-----------+----------------------------------------+

10.4 部署Neutron (在所有控制节点上安装)

选择安装 Networking Option 2: Self-service networks

控制节点上：（注：此处我们安装openvswitch代替openstack-neutron-linuxbridge）

10.4.1 安装Neutron程序

[root@cont01:/root]# yum install openstack-neutron openstack-neutron-ml2 openvswitch openstack-neutron-openvswitch ebtables -y
[root@cont02:/root]# yum install openstack-neutron openstack-neutron-ml2 openvswitch openstack-neutron-openvswitch ebtables -y
[root@cont03:/root]# yum install openstack-neutron openstack-neutron-ml2 openvswitch openstack-neutron-openvswitch ebtables -y

10.4.2 配置neutron.conf

[root@cont01:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@cont02:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@cont03:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
//注意neutron.conf文件的权限：root:neutron
//配置neutron.conf
[root@cont02:/root]# vim /etc/neutron/neutron.conf
   1 [DEFAULT]
   2 #
   3 bind_host = 192.168.10.22
   4 auth_strategy = keystone
   5 core_plugin = ml2
   6 allow_overlapping_ips = true
   7 notify_nova_on_port_status_changes = true
   8 notify_nova_on_port_data_changes = true
   9 service_plugins = router
  10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672

 723 [database]
 724 connection = mysql+pymysql://neutron:NEUTRON_typora@VirtualIP:3307/neutron

 846 [keystone_authtoken]
 847 www_authenticate_uri = http://VirtualIP:5001/v3
 848 auth_url = http://VirtualIP:5001/v3
 849 memcache_servers=cont01:11211,cont02:11211,cont03:11211
 850 auth_type = password
 851 project_domain_name = Default
 852 user_domain_name = Default
 853 project_name = service
 854 username = neutron
 855 password = neutron_typora
 
1093 [nova]
1094 auth_url = http://VirtualIP:5001/v3
1095 auth_type = password
1096 project_domain_name = default
1097 user_domain_name = default
1098 region_name = RegionOne
1099 project_name = service
1100 username = nova
1101 password = nova_typora

1211 [oslo_concurrency]
1212 lock_path = /var/lib/neutron/tmp

[root@cont01:/root]# vim /etc/neutron/neutron.conf
   1 [DEFAULT]
   2 #
   3 bind_host = 192.168.10.21
   4 auth_strategy = keystone
   5 core_plugin = ml2
   6 allow_overlapping_ips = true
   7 notify_nova_on_port_status_changes = true
   8 notify_nova_on_port_data_changes = true
   9 service_plugins = router
  10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672

 723 [database]
 724 connection = mysql+pymysql://neutron:NEUTRON_typora@VirtualIP:3307/neutron

 846 [keystone_authtoken]
 847 www_authenticate_uri = http://VirtualIP:5001/v3
 848 auth_url = http://VirtualIP:5001/v3
 849 memcache_servers=cont01:11211,cont02:11211,cont03:11211
 850 auth_type = password
 851 project_domain_name = Default
 852 user_domain_name = Default
 853 project_name = service
 854 username = neutron
 855 password = neutron_typora
 
1093 [nova]
1094 auth_url = http://VirtualIP:5001/v3
1095 auth_type = password
1096 project_domain_name = default
1097 user_domain_name = default
1098 region_name = RegionOne
1099 project_name = service
1100 username = nova
1101 password = nova_typora

1211 [oslo_concurrency]
1212 lock_path = /var/lib/neutron/tmp

[root@cont03:/root]# vim /etc/neutron/neutron.conf
   1 [DEFAULT]
   2 #
   3 bind_host = 192.168.10.23
   4 auth_strategy = keystone
   5 core_plugin = ml2
   6 allow_overlapping_ips = true
   7 notify_nova_on_port_status_changes = true
   8 notify_nova_on_port_data_changes = true
   9 service_plugins = router
  10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672

 723 [database]
 724 connection = mysql+pymysql://neutron:NEUTRON_typora@VirtualIP:3307/neutron

 846 [keystone_authtoken]
 847 www_authenticate_uri = http://VirtualIP:5001/v3
 848 auth_url = http://VirtualIP:5001/v3
 849 memcache_servers=cont01:11211,cont02:11211,cont03:11211
 850 auth_type = password
 851 project_domain_name = Default
 852 user_domain_name = Default
 853 project_name = service
 854 username = neutron
 855 password = neutron_typora
 
1093 [nova]
1094 auth_url = http://VirtualIP:5001/v3
1095 auth_type = password
1096 project_domain_name = default
1097 user_domain_name = default
1098 region_name = RegionOne
1099 project_name = service
1100 username = nova
1101 password = nova_typora

1211 [oslo_concurrency]
1212 lock_path = /var/lib/neutron/tmp

[root@cont0$:/root]# egrep -v "^$|^#" /etc/neutron/neutron.conf

10.4.3 配置ml2_conf.ini （在全部控制节点操作）

[root@cont01:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@cont02:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
[root@cont03:/root]# cp -p /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}

[root@cont02:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
128 [ml2]
129 type_drivers = flat,vxlan
130 tenant_network_types = vxlan
131 mechanism_drivers = openvswitch,l2population
132 extension_drivers = port_security

234 [ml2_type_vxlan]
235 vni_ranges = 1:1000

250 [securitygroup]
251 enable_ipset = true

[root@cont01:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
128 [ml2]
129 type_drivers = flat,vxlan
130 tenant_network_types = vxlan
131 mechanism_drivers = openvswitch,l2population
132 extension_drivers = port_security

234 [ml2_type_vxlan]
235 vni_ranges = 1:1000

250 [securitygroup]
251 enable_ipset = true

[root@cont03:/root]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
128 [ml2]
129 type_drivers = flat,vxlan
130 tenant_network_types = vxlan
131 mechanism_drivers = openvswitch,l2population
132 extension_drivers = port_security

234 [ml2_type_vxlan]
235 vni_ranges = 1:1000

250 [securitygroup]
251 enable_ipset = true

10.4.4 配置 openvswitch （在全部控制节点操作）

[root@cont01:/root]# cp -p /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}
[root@cont02:/root]# cp -p /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}
[root@cont03:/root]# cp -p /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}

[root@cont02:/root]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
117 [agent]
131 tunnel_types = vxlan
143 l2_population = true
149 ##arp_responder = true
193 [ovs]
204 ##integration_bridge = br-int
207 tunnel_bridge = br-tun
210 ##int_peer_patch_port = patch-tun
213 ##tun_peer_patch_port = patch-int
220 ##//注：这里的local_ip必须写第二块网卡的IP
221 local_ip = 10.10.10.22
230 datapath_type = system
231 bridge_mappings = public:br-ex
310 [securitygroup]
317 firewall_driver = iptables_hybrid
322 enable_security_group = true

[root@cont01:/root]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
117 [agent]
131 tunnel_types = vxlan
143 l2_population = true
149 ##arp_responder = true
193 [ovs]
204 ##integration_bridge = br-int
207 tunnel_bridge = br-tun
210 ##int_peer_patch_port = patch-tun
213 ##tun_peer_patch_port = patch-int
220 ##//注：这里的local_ip必须写第二块网卡的IP
221 local_ip = 10.10.10.21
230 datapath_type = system
231 bridge_mappings = public:br-ex
310 [securitygroup]
317 firewall_driver = iptables_hybrid
322 enable_security_group = true

[root@cont03:/root]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
117 [agent]
131 tunnel_types = vxlan
143 l2_population = true
149 ##arp_responder = true
193 [ovs]
204 ##integration_bridge = br-int
207 tunnel_bridge = br-tun
210 ##int_peer_patch_port = patch-tun
213 ##tun_peer_patch_port = patch-int
220 ##//注：这里的local_ip必须写第二块网卡的IP
221 local_ip = 10.10.10.23
	##enable_tunneling = True
230 datapath_type = system
231 bridge_mappings = public:br-ex
310 [securitygroup]
317 firewall_driver = iptables_hybrid
322 enable_security_group = true

10.4.5 配置l3_agent.ini（self-networking）（在全部控制节点操作 cont01 cont02 cont03）

[root@cont0$:/root]#

 [root@cont0$:/root]# cp -p /etc/neutron/l3_agent.ini{,.bak}
 [root@cont0$:/root]# vim /etc/neutron/l3_agent.ini
 16 interface_driver = openvswitch
 或者：interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
 17 external_network_bridge = br-ex

可以使用命令neutron l3-agent-list-hosting-router router-id来查看router的master l3-agent是在哪个节点上

Open vSwitch架构参考图

10.4.6 配置dhcp_agent.ini （在全部控制节点操作 cont01 cont02 cont03）

注：由于DHCP协议自身就支持多个DHCP服务器，因此只需要在各个网络节点上部署DHCP Agent服务，并且在配置文件中配置相关选项，即可实现租户网络的DHCP服务是高可用的。

[root@cont0$:/root]# cp -p /etc/neutron/dhcp_agent.ini{,.bak}
[root@cont0$:/root]# vim /etc/neutron/dhcp_agent.ini
  1 [DEFAULT]
 16 interface_driver = openvswitch
 28 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
 37 enable_isolated_metadata = true

10.4.7 配置metadata_agent.ini （在全部控制节点操作 cont01 cont02 cont03）

[root@cont0$:/root]# cp -p /etc/neutron/metadata_agent.ini{,.bak}
[root@cont0$:/root]# vim /etc/neutron/metadata_agent.ini
  1 [DEFAULT]
  5 nova_metadata_host = VirtualIP
  6 metadata_proxy_shared_secret = METADATA_SECRET
  7 nova_metadata_port = 9775
  # metadata_proxy_shared_secret：与/etc/neutron/metadata_agent.ini文件中参数一致

10.4.8 配置nova.conf （在全部控制节点操作 cont01 cont02 cont03）

[root@cont0$:/root]# vim /etc/nova/nova.conf
 7665 [neutron]
 7668 url = http://VirtualIP:9997
 7669 auth_url = http://VirtualIP:5001
 7670 auth_type = password
 7671 project_domain_name = default
 7672 user_domain_name = default
 7673 region_name = RegionOne
 7674 project_name = service
 7675 username = neutron
 7676 password = neutron_typora
 7677 service_metadata_proxy = true
 7678 metadata_proxy_shared_secret = METADATA_SECRET
//*注：节后在[default]下加上以下内容：(优化DHCP Agent服务的高可用)*//
agent_down_time = 30
report_interval=15
dhcp_agents_per_network = 3

10.4.9 建立软链接（在全部控制节点操作 cont01 cont02 cont03）

[root@cont0$:/root]#
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

10.4.10 同步neutron数据库并验证 (任意控制节点操作)

[root@cont03:/root]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

[root@cont02:/root]# mysql -u neutron -p"NEUTRON_typora" -e "use neutron;show tables;"

10.4.11 重启nova服务并启动neutron服务（在全部控制节点操作 cont01 cont02 cont03）

[root@cont0$:/root]#
systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service  openvswitch neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl restart neutron-server.service  openvswitch neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

systemctl status neutron-server.service  openvswitch neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
   
 //*neutron dhcp-agent-list-hosting-net network-id来查看该网络的DHCP服务是否是HA的*//

10.4.12 设置PCS资源（在任意控制节点操作 cont01 cont02 cont03）

//添加资源neutron-server，neutron-openvswitch-agent，neutron-l3-agent，neutron-dhcp-agent与neutron-metadata-agent
//在任意控制节点操作
pcs resource create neutron-server systemd:neutron-server --clone interleave=true
pcs resource create neutron-openvswitch-agent systemd:neutron-openvswitch-agent --clone interleave=true
pcs resource create neutron-l3-agent systemd:neutron-l3-agent --clone interleave=true
pcs resource create neutron-dhcp-agent systemd:neutron-dhcp-agent --clone interleave=true
pcs resource create neutron-metadata-agent systemd:neutron-metadata-agent --clone interleave=true
//查看PCS资源
pcs resource

10.4.13.1 OVS命令（三网卡）

[root@cont0$:/root]# ovs-vsctl show
[root@cont0$:/root]# ovs-vsctl add-br br-ex
[root@cont0$:/root]# ovs-vsctl add-port eth2
//注：上面的eth2为第三块网卡；如有的机器网卡名称可能为ens38
配置完成eth2(此块网卡不配置网卡)后，开启neutron-l3-agent.service
[root@cont0$:/etc/sysconfig/network-scripts]# vim ifcfg-eth2
HWADDR=00:0c:29:61:3b:f5
TYPE="Ethernet"
BOOTPROTO="none"
NAME="eth2"
ONBOOT="yes"
[root@cont0$:/etc/sysconfig/network-scripts]# systemctl restart network
[root@cont0$:/root]#
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service 
systemctl status neutron-l3-agent.service

10.4.13 验证

[root@cont01:/root]# openstack extension list --network
[root@cont01:/root]# openstack network agent list
+--------------------------------------+--------------------+--------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host   | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+--------+----------------
| 6000446c-353e-4ff0-b477-790c559b1ba6 | DHCP agent         | cont03 | nova              | :-)   | UP    | neutron-dhcp-agent        |
| 782ab196-8e1b-41d8-8d02-2b36e41893ae | Open vSwitch agent | cont02 | None              | :-)   | UP    | neutron-openvswitch-agent |
| 9e6f48f2-2668-4a26-b38f-6855c80c2eba | Metadata agent     | cont03 | None              | :-)   | UP    | neutron-metadata-agent    |
| b363b907-6edc-4262-9532-b5a0de1c6a18 | Metadata agent     | cont02 | None              | :-)   | UP    | neutron-metadata-agent    |
| b7750f20-e2ff-475b-b2d9-9323f41159bb | Metadata agent     | cont01 | None              | :-)   | UP    | neutron-metadata-agent    |
| e8a76d72-b7cc-4fa7-a7f8-372439f57d3d | DHCP agent         | cont01 | nova              | :-)   | UP    | neutron-dhcp-agent        |
+--------------------------------------+--------------------+--------+----------------
[root@cont01:/root]# neutron agent-list
neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.
+--------------------------------------+--------------------+--------+-------------------+--
| id                                   | agent_type         | host   | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+--------+-------------------+--
| 6000446c-353e-4ff0-b477-790c559b1ba6 | DHCP agent         | cont03 | nova              | :-)   | True           | neutron-dhcp-agent        |
| 782ab196-8e1b-41d8-8d02-2b36e41893ae | Open vSwitch agent | cont02 |                   | :-)   | True           | neutron-openvswitch-agent |
| 9e6f48f2-2668-4a26-b38f-6855c80c2eba | Metadata agent     | cont03 |                   | :-)   | True           | neutron-metadata-agent    |
| b363b907-6edc-4262-9532-b5a0de1c6a18 | Metadata agent     | cont02 |                   | :-)   | True           | neutron-metadata-agent    |
| b7750f20-e2ff-475b-b2d9-9323f41159bb | Metadata agent     | cont01 |                   | :-)   | True           | neutron-metadata-agent    |
| e8a76d72-b7cc-4fa7-a7f8-372439f57d3d | DHCP agent         | cont01 | nova              | :-)   | True           | neutron-dhcp-agent        |
+--------------------------------------+--------------------+--------+-------------------+--

10.4.14 Open vSwitch网络概念补充

br-ex:连接外部（external）网络的网桥

br-int:集成（intergration）网桥，所有instance的虚拟网卡和其他虚拟网络设备都将连接到该网桥

br-tun:隧道（tunnel）网桥，基于隧道技术的VxLAN和GRE网络将使用该网桥进行通信。

tap interface:命名为tapXXXX

linux bridge:命名为qbrXXXX

eta pair:命名为qvbXXX,qvoXXXX

OVS integration bridge:命名为 br-int

OVS patch ports:命名为int-br-ethX和phy-br-ethX(X为interface的序号)

OVS provider bridge:命名为br-ethX(X为interface的序号)

物理 interface:命名为ethX(X为interface的序号)

OVS tunnel bridge:命名为br-tun

10.4.15 namespace知识补充

[root@cont01:/var/log/nova]# openstack network list 
+--------------------------------------+---------------+----------------------------------+
| ID                                   | Name          | Subnets                            
+--------------------------------------+---------------+-----------------------------------+
| 27d3b35e-8cc2-44e1-997c-71ad371f71ef | vpc-1         | d12320b4-4eac-4487-89d2-6b688fe553b3 |
| e46e1c9d-ae11-42a4-af29-630eddfa5cae | admin-network | fe0c2849-44fc-4b11-95ab-606311771c65 |
+--------------------------------------+---------------+----------------------------------+
[root@cont01:/var/log/nova]# ip netns list
qdhcp-e46e1c9d-ae11-42a4-af29-630eddfa5cae (id: 0)
[root@cont01:/var/log/nova]# ip netns exec qdhcp-e46e1c9d-ae11-42a4-af29-630eddfa5cae ip a s
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
11: tapde498438-29: ,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:16:3e:63:1c:cf brd ff:ff:ff:ff:ff:ff
    inet 192.168.70.50/24 brd 192.168.70.255 scope global tapde498438-29
       valid_lft forever preferred_lft forever
    inet 169.254.169.254/16 brd 169.254.255.255 scope global tapde498438-29
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe63:1ccf/64 scope link 
       valid_lft forever preferred_lft forever
[root@cont01:/root]# ovs-vsctl show
f6417221-6ff8-45a1-9c33-63257ebcc23a
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "tapde498438-29"
            tag: 1
            Interface "tapde498438-29"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "ens38"
            Interface "ens38"
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "vxlan-c0a8461b"
            Interface "vxlan-c0a8461b"
                type: vxlan
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="192.168.70.24", out_key=flow, remote_ip="192.168.70.27"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-c0a84619"
            Interface "vxlan-c0a84619"
                type: vxlan
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="192.168.70.24", out_key=flow, remote_ip="192.168.70.25"}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.11.0"


//查看路由命名空间的网络配置，查看路由连接外网的端口和IP：
[root@cont03:/root]# ip netns list
qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 (id: 0)
[root@cont03:/root]# ip netns exec qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 ip addr
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
12: qr-99d60ed0-9c: ,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:16:3e:9a:73:6e brd ff:ff:ff:ff:ff:ff
    inet 192.168.70.1/24 brd 192.168.70.255 scope global qr-99d60ed0-9c
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe9a:736e/64 scope link 
       valid_lft forever preferred_lft forever
13: qg-5a9eec70-2d: ,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:16:3e:b5:4e:8b brd ff:ff:ff:ff:ff:ff
    inet 192.168.159.132/24 brd 192.168.159.255 scope global qg-5a9eec70-2d
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:feb5:4e8b/64 scope link 
       valid_lft forever preferred_lft forever
//路由上的外网端口正好接到外网网桥br-ex上：ovs-vsctl show查看
[root@cont03:/root]# ovs-vsctl show
303929a4-3e6e-4c8e-a0e2-b2456e76c2d4
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-ex
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port phy-br-ex
            Interface phy-br-ex
                type: patch
                options: {peer=int-br-ex}
        Port "ens38"
            Interface "ens38"
        Port br-ex
            Interface br-ex
                type: internal
        Port "qg-5a9eec70-2d"
            Interface "qg-5a9eec70-2d"
                type: internal
     ......
 //查看路由iptables NAT转发规则，记录对私网做的SNAT
 [root@cont03:/root]# ip netns exec qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 iptables -t nat -L
 [root@cont03:/root]# ip netns exec qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 iptables -t nat -S
 
 //抓包验证(抓qr)
 [root@cont03:/root]# ip netns exec qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 tcpdump -i qr-99d60ed0-9c -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qr-99d60ed0-9c, link-type EN10MB (Ethernet), capture size 262144 bytes
17:16:25.234943 IP 192.168.70.5 > 8.8.8.8: ICMP echo request, id 58113, seq 0, length 64
17:16:26.235330 IP 192.168.70.5 > 8.8.8.8: ICMP echo request, id 58113, seq 1, length 64
17:16:26.269690 IP 8.8.8.8 > 192.168.70.5: ICMP echo reply, id 58113, seq 1, length 64
17:16:27.236576 IP 192.168.70.5 > 8.8.8.8: ICMP echo request, id 58113, seq 2, length 64
17:16:28.237589 IP 192.168.70.5 > 8.8.8.8: ICMP echo request, id 58113, seq 3, length 64
17:16:28.271569 IP 8.8.8.8 > 192.168.70.5: ICMP echo reply, id 58113, seq 3, length 64
17:16:29.238180 IP 192.168.70.5 > 8.8.8.8: ICMP echo request, id 58113, seq 4, length 64
17:16:30.238828 IP 192.168.70.5 > 8.8.8.8: ICMP echo request, id 58113, seq 5, length 64
17:16:30.272996 IP 8.8.8.8 > 192.168.70.5: ICMP echo reply, id 58113, seq 5, length 64
注：上述抓包显示，在qr-99d60ed0-9c处没有做snat转发，已显示源IP地址访问8.8.8.8
 //抓包验证(抓qg)
 [root@cont03:/root]# ip netns exec qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 tcpdump -i qg-5a9eec70-2d -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on qg-5a9eec70-2d, link-type EN10MB (Ethernet), capture size 262144 bytes
17:19:49.020547 IP 192.168.159.132 > 8.8.8.8: ICMP echo request, id 58369, seq 17, length 64
17:19:50.021895 IP 192.168.159.132 > 8.8.8.8: ICMP echo request, id 58369, seq 18, length 64
17:19:50.058340 IP 8.8.8.8 > 192.168.159.132: ICMP echo reply, id 58369, seq 18, length 64
17:19:51.023968 IP 192.168.159.132 > 8.8.8.8: ICMP echo request, id 58369, seq 19, length 64
17:19:51.058162 IP 8.8.8.8 > 192.168.159.132: ICMP echo reply, id 58369, seq 19, length 64
17:19:52.025111 IP 192.168.159.132 > 8.8.8.8: ICMP echo request, id 58369, seq 20, length 64
注：上述抓包显示，在qg-5a9eec70-2d处做了snat转发，已显示NAT后的地址访问8.8.8.8
[root@cont03:/root]# ip netns exec qrouter-b3c1252d-7b2d-477a-8efd-939143525d50 iptables -t nat -S
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N neutron-l3-agent-OUTPUT
-N neutron-l3-agent-POSTROUTING
-N neutron-l3-agent-PREROUTING
-N neutron-l3-agent-float-snat
-N neutron-l3-agent-snat
-N neutron-postrouting-bottom
-A PREROUTING -j neutron-l3-agent-PREROUTING
-A OUTPUT -j neutron-l3-agent-OUTPUT
-A POSTROUTING -j neutron-l3-agent-POSTROUTING
-A POSTROUTING -j neutron-postrouting-bottom
-A neutron-l3-agent-POSTROUTING ! -i qg-5a9eec70-2d ! -o qg-5a9eec70-2d -m conntrack ! --ctstate DNAT -j ACCEPT
-A neutron-l3-agent-PREROUTING -d 169.254.169.254/32 -i qr-+ -p tcp -m tcp --dport 80 -j REDIRECT --to-ports 9697
-A neutron-l3-agent-snat -j neutron-l3-agent-float-snat
-A neutron-l3-agent-snat -o qg-5a9eec70-2d -j SNAT --to-source 192.168.159.132
-A neutron-l3-agent-snat -m mark ! --mark 0x2/0xffff -m conntrack --ctstate DNAT -j SNAT --to-source 192.168.159.132
-A neutron-postrouting-bottom -m comment --comment "Perform source NAT on outgoing traffic." -j neutron-l3-agent-snat
注：以上规则中关注此条规则：-A neutron-l3-agent-snat -o qg-5a9eec70-2d -j SNAT --to-source 192.168.159.132

10.4.16 获取dhcp IP过程分析知识补充

a.在创建instance时，Neutron会为其分配一个port，里面包含了MAC和IP地址信息。这些信息会同步更新到dnsmasq的host文件。（/var/lib/neutron/dhcp/…/host/）

[root@cont01:/root]# cd /var/lib/neutron/
[root@cont01:/var/lib/neutron]# ls
dhcp  external  ha_confs  keepalived-state-change  metadata_proxy  ns-metadata-proxy  tmp
[root@cont01:/var/lib/neutron]# cd dhcp/
[root@cont01:/var/lib/neutron/dhcp]# ls
e46e1c9d-ae11-42a4-af29-630eddfa5cae
[root@cont01:/var/lib/neutron/dhcp]# openstack network list
+--------------------------------------+---------------+----------------------------------+
| ID                                   | Name          | Subnets                              
+--------------------------------------+---------------+----------------------------------
| 27d3b35e-8cc2-44e1-997c-71ad371f71ef | vpc-1         | d12320b4-4eac-4487-89d2-6b688fe553b3 |
| e46e1c9d-ae11-42a4-af29-630eddfa5cae | admin-network | fe0c2849-44fc-4b11-95ab-606311771c65 |
+--------------------------------------+---------------+----------------------------------
[root@cont01:/var/lib/neutron/dhcp]# cd e46e1c9d-ae11-42a4-af29-630eddfa5cae/
[root@cont01:/var/lib/neutron/dhcp/e46e1c9d-ae11-42a4-af29-630eddfa5cae]# ls
addn_hosts  host  interface  leases  opts  pid
[root@cont01:/var/lib/neutron/dhcp/e46e1c9d-ae11-42a4-af29-630eddfa5cae]# cat host 
fa:16:3e:27:88:4d,host-192-168-70-57.openstacklocal,192.168.70.57
fa:16:3e:4b:48:31,host-192-168-70-52.openstacklocal,192.168.70.52
fa:16:3e:55:15:e6,host-192-168-70-51.openstacklocal,192.168.70.51
fa:16:3e:63:1c:cf,host-192-168-70-50.openstacklocal,192.168.70.50
fa:16:3e:cf:ea:af,host-192-168-70-54.openstacklocal,192.168.70.54

b.同时nova-compute会设置虚机VIF的MAC地址。

[root@cont02:/root]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 1     instance-00000008              running
 [root@comp01:/root]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 1     instance-00000002              running
 2     instance-00000001              running
 
 [root@cont02:/root]# virsh edit instance-00000008 
 ......
     </interface>
    type='bridge'>
      'fa:16:3e:55:15:e6'/>
      'qbr8855c9bc-3a'/>
      'tap8855c9bc-3a'/>
      type='virtio'/>
      'qemu'/>
      '1450'/>
      type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
    </interface>
  ......

c.一切准备就绪，instance获取IP的过程如下：

1.vm开机启动，发出DHCPDISCOVER广播，该广播消息在整个net中都可以被收到。

2.广播到达veth tapde498438-29,然后传送给veth pair的另一端 ns-  . dnsmasq在它上面监听，dnsmasq检查其host文件，发现有对应项，于是dnsmasq以DHCPOFFER消息将IP（192.168.）、子网掩码（255.255.255.0）、地址租用等信息发送给vm.
3.vm发送DHCPREQUEST消息确认接受此DHCPOFFER。
4.dnsmasq发送确认消息DHCPACK，整个过程结束。
代码如下显示：
[root@cont01:/var/lib/neutron/dhcp/e46e1c9d-ae11-42a4-af29-630eddfa5cae]# ovs-vsctl show
f6417221-6ff8-45a1-9c33-63257ebcc23a
    Manager "ptcp:6640:127.0.0.1"
        is_connected: true
    Bridge br-int
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port br-int
            Interface br-int
                type: internal
        Port "tapde498438-29"
            tag: 1
            Interface "tapde498438-29"
                type: internal
        Port patch-tun
            Interface patch-tun
                type: patch
                options: {peer=patch-int}
    Bridge br-ex
        Port br-ex
            Interface br-ex
                type: internal
        Port "ens38"
            Interface "ens38"
    Bridge br-tun
        Controller "tcp:127.0.0.1:6633"
            is_connected: true
        fail_mode: secure
        Port "vxlan-c0a8461b"
            Interface "vxlan-c0a8461b"
                type: vxlan
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="192.168.70.24", out_key=flow, remote_ip="192.168.70.27"}
        Port patch-int
            Interface patch-int
                type: patch
                options: {peer=patch-tun}
        Port "vxlan-c0a84619"
            Interface "vxlan-c0a84619"
                type: vxlan
                options: {df_default="true", egress_pkt_mark="0", in_key=flow, local_ip="192.168.70.24", out_key=flow, remote_ip="192.168.70.25"}
        Port br-tun
            Interface br-tun
                type: internal
    ovs_version: "2.11.0"
[root@cont01:/var/lib/neutron/dhcp/e46e1c9d-ae11-42a4-af29-630eddfa5cae]# ip netns list
qdhcp-e46e1c9d-ae11-42a4-af29-630eddfa5cae (id: 0)
[root@cont01:/var/lib/neutron/dhcp/e46e1c9d-ae11-42a4-af29-630eddfa5cae]# ip netns exec qdhcp-e46e1c9d-ae11-42a4-af29-630eddfa5cae ip a
1: lo: ,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
11: tapde498438-29: ,MULTICAST,UP,LOWER_UP> mtu 1450 qdisc noqueue state UNKNOWN group default qlen 1000
    link/ether fa:16:3e:63:1c:cf brd ff:ff:ff:ff:ff:ff
    inet 192.168.70.50/24 brd 192.168.70.255 scope global tapde498438-29
       valid_lft forever preferred_lft forever
    inet 169.254.169.254/16 brd 169.254.255.255 scope global tapde498438-29
       valid_lft forever preferred_lft forever
    inet6 fe80::f816:3eff:fe63:1ccf/64 scope link 
       valid_lft forever preferred_lft forever
[root@cont01:/var/lib/neutron/dhcp/e46e1c9d-ae11-42a4-af29-630eddfa5cae]#

10.5 部署计算节点上的Neutron

10.5.1 安装openstack-neutron-openvswitch服务(所有计算节点上安装)

[root@comp01:/root]# yum install openvswitch openstack-neutron-openvswitch ebtables ipset -y
[root@comp02:/root]# yum install openvswitch openstack-neutron-openvswitch ebtables ipset -y
[root@comp03:/root]# yum install openvswitch openstack-neutron-openvswitch ebtables ipset -y

10.5.2 配置neutron.conf(所有计算节点上安装)

[root@comp01:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@comp02:/root]# cp -p /etc/neutron/neutron.conf{,.bak}
[root@comp03:/root]# cp -p /etc/neutron/neutron.conf{,.bak}

[root@comp03:/root]# vim /etc/neutron/neutron.conf
   1 [DEFAULT]
   6 auth_strategy = keystone
   9 state_path = /var/lib/neutron
  10 transport_url = rabbit://openstack:adminopenstack@cont01:5672,openstack:adminopenstack@cont02:5672,openstack:adminopenstack@cont03:5672
 840 [keystone_authtoken]
 841 www_authenticate_uri = http://VirtualIP:5001
 842 auth_url = http://VirtualIP:5001
 843 memcached_servers = cont01:11211,cont02:11211,cont03:11211
 844 auth_type = password
 845 project_domain_name = default
 846 user_domain_name = default
 847 project_name = service
 848 username = neutron
 849 password = neutron_typora
1198 [oslo_concurrency]
1199 lock_path = /var/lib/neutron/tmp

[root@comp03:/root]# scp /etc/neutron/neutron.conf comp02:/etc/neutron/
[root@comp03:/root]# scp /etc/neutron/neutron.conf comp01:/etc/neutron/

10.5.3 配置openvswitch_agent.ini (所有计算节点上安装)

[root@comp01:/root]# cp -p /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}
[root@comp02:/root]# cp -p /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}[root@comp03:/root]# cp -p /etc/neutron/plugins/ml2/openvswitch_agent.ini{,.bak}

[root@comp01:/root]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
117 [agent]
131 tunnel_types = vxlan
143 l2_population = true
149 ##arp_responder = true
193 [ovs]
207 tunnel_bridge = br-tun
220 ##//注：这里的local_ip必须写第二块网卡的IP 
221 local_ip = 10.10.10.19
231 bridge_mappings = 
310 [securitygroup]
317 firewall_driver = iptables_hybrid
322 enable_security_group = true

[root@comp02:/root]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
117 [agent]
131 tunnel_types = vxlan
143 l2_population = true
149 ##arp_responder = true
193 [ovs]
207 tunnel_bridge = br-tun
220 ##//注：这里的local_ip必须写第二块网卡的IP 
221 local_ip = 10.10.10.18
231 bridge_mappings =
310 [securitygroup]
317 firewall_driver = iptables_hybrid
322 enable_security_group = true

[root@comp03:/root]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
117 [agent]
131 tunnel_types = vxlan
143 l2_population = true
149 ##arp_responder = true
193 [ovs]
207 tunnel_bridge = br-tun
220 ##//注：这里的local_ip必须写第二块网卡的IP 
221 local_ip = 10.10.10.17
231 bridge_mappings =
310 [securitygroup]
317 firewall_driver = iptables_hybrid
322 enable_security_group = true

10.5.4 配置 nova.conf (所有计算节点上安装)

[root@comp01:/root]# vim /etc/nova/nova.conf
 7658 [neutron]
 7659 url = http://VirtualIP:9997
 7660 auth_url = http://VirtualIP:5001
 7661 auth_type = password
 7662 project_domain_name = default
 7663 user_domain_name = default
 7664 region_name = RegionOne
 7665 project_name = service
 7666 username = neutron
 7667 password = neutron_typora

[root@comp02:/root]# vim /etc/nova/nova.conf
 7658 [neutron]
 7659 url = http://VirtualIP:9997
 7660 auth_url = http://VirtualIP:5001
 7661 auth_type = password
 7662 project_domain_name = default
 7663 user_domain_name = default
 7664 region_name = RegionOne
 7665 project_name = service
 7666 username = neutron
 7667 password = neutron_typora
 
 [root@comp03:/root]# vim /etc/nova/nova.conf
 7658 [neutron]
 7659 url = http://VirtualIP:9997
 7660 auth_url = http://VirtualIP:5001
 7661 auth_type = password
 7662 project_domain_name = default
 7663 user_domain_name = default
 7664 region_name = RegionOne
 7665 project_name = service
 7666 username = neutron
 7667 password = neutron_typora

10.5.5 重启nova服务并启动neutron服务（在全部计算节点操作 comp01 comp02 comp03）


systemctl restart openstack-nova-compute.service
systemctl enable openvswitch neutron-openvswitch-agent.service
systemctl restart openvswitch neutron-openvswitch-agent.service
systemctl status openvswitch neutron-openvswitch-agent.service

10.5.6 验证

[root@cont01:/root]#  openstack network agent list

//查看系统日志
[root@cont01:/var/log]# tail -f messages 
//查看keystone日志
[root@cont01:/var/log/keystone]# tail -f keystone.log
//查看计算日志
[root@cont01:/var/log/nova]# ls
nova-api.log      nova-conductor.log    nova-manage.log      nova-placement-api.log
nova-compute.log  nova-consoleauth.log  nova-novncproxy.log  nova-scheduler.log

待续，详见Centos 7 部署 OpenStack_Rocky版高可用集群3-3

你可能感兴趣的:(openstack,linux,运维,memcached)

android系统selinux中添加新属性property 辉色投像
1.定位/android/system/sepolicy/private/property_contexts声明属性开头：persist.charge声明属性类型：u:object_r:system_prop:s0图12.定位到android/system/sepolicy/public/domain.te删除neverallow{domain-init}default_prop:property
Linux下QT开发的动态库界面弹出操作（SDL2） 13jjyao QT类 qt 开发语言 sdl2 linux
需求：操作系统为linux，开发框架为qt，做成需带界面的qt动态库，调用方为java等非qt程序难点：调用方为java等非qt程序，也就是说调用方肯定不带QApplication::exec()，缺少了这个，QTimer等事件和QT创建的窗口将不能弹出(包括opencv也是不能弹出)；这与qt调用本身qt库是有本质的区别的思路：1.调用方缺QApplication::exec()，那么我们在接口
linux sdl windows.h,Windows下的SDL安装奔跑吧linux内核 linux sdl windows.h
首先你要下载并安装SDL开发包。如果装在C盘下，路径为C:\SDL1.2.5如果在WINDOWS下。你可以按以下步骤：1.打开VC++，点击"Tools",Options2,点击directories选项3.选择"Includefiles"增加一个新的路径。"C:\SDL1.2.5\include"4，现在选择"Libaryfiles“增加"C:\SDL1.2.5\lib"现在你可以开始编写你的第
linux中sdl的使用教程,sdl使用入门 Melissa Corvinus linux中sdl的使用教程
本文通过一个简单示例讲解SDL的基本使用流程。示例中展示一个窗口，窗口里面有个随机颜色快随机移动。当我们鼠标点击关闭按钮时间窗口关闭。基本步骤如下：1.初始化SDL并创建一个窗口。SDL_Init()初始化SDL_CreateWindow()创建窗口2.纹理渲染存储RGB和存储纹理的区别：比如一个从左到右由红色渐变到蓝色的矩形，用存储RGB的话就需要把矩形中每个点的具体颜色值存储下来；而纹理只是一
PHP环境搭建详细教程好看资源平台前端 php
PHP是一个流行的服务器端脚本语言，广泛用于Web开发。为了使PHP能够在本地或服务器上运行，我们需要搭建一个合适的PHP环境。本教程将结合最新资料，介绍在不同操作系统上搭建PHP开发环境的多种方法，包括Windows、macOS和Linux系统的安装步骤，以及本地和Docker环境的配置。1.PHP环境搭建概述PHP环境的搭建主要分为以下几类：集成开发环境：例如XAMPP、WAMP、MAMP，这
使用 FinalShell 进行远程连接（ssh 远程连接 Linux 服务器）编程经验分享开发工具服务器 ssh linux
目录前言基本使用教程新建远程连接连接主机自定义命令路由追踪前言后端开发，必然需要和服务器打交道，部署应用，排查问题，查看运行日志等等。一般服务器都是集中部署在机房中，也有一些直接是云服务器，总而言之，程序员不可能直接和服务器直接操作，一般都是通过ssh连接来登录服务器。刚接触远程连接时，使用的是XSHELL来远程连接服务器，连接上就能够操作远程服务器了，但是仅用XSHELL并没有上传下载文件的功能
libyuv之linux编译 jaronho Linux linux 运维服务器
文章目录一、下载源码二、编译源码三、注意事项1、银河麒麟系统（aarch64）（1）解决armv8-a+dotprod+i8mm指令集支持问题（2）解决armv9-a+sve2指令集支持问题一、下载源码到GitHub网站下载https://github.com/lemenkov/libyuv源码，或者用直接用git克隆到本地，如：gitclonehttps://github.com/lemenko
ARM驱动学习之5 LEDS驱动 JT灬新一嵌入式 C 底层 arm开发学习单片机
ARM驱动学习之5LEDS驱动知识点：•linuxGPIO申请函数和赋值函数–gpio_request–gpio_set_value•三星平台配置GPIO函数–s3c_gpio_cfgpin•GPIO配置输出模式的宏变量–S3C_GPIO_OUTPUT注意点：DRIVER_NAME和DEVICE_NAME匹配。实现步骤：1.加入需要的头文件：//Linux平台的gpio头文件#include//三
【华为OD技术面试真题精选 - 非技术题】 -HR面，综合面_华为od hr面一个射手座的程序媛程序员华为od 面试职场和发展
最后的话最近很多小伙伴找我要Linux学习资料，于是我翻箱倒柜，整理了一些优质资源，涵盖视频、电子书、PPT等共享给大家！资料预览给大家整理的视频资料：给大家整理的电子书资料：如果本文对你有帮助，欢迎点赞、收藏、转发给朋友，让我有持续创作的动力！网上学习资料一大堆，但如果学到的知识不成体系，遇到问题时只是浅尝辄止，不再深入研究，那么很难做到真正的技术提升。需要这份系统化的资料的朋友，可以点击这里获
简介Shell、zsh、bash zhaosuningsn Shell zsh bash shell linux bash
Shell是Linux和Unix的外壳，类似衣服，负责外界与Linux和Unix内核的交互联系。例如接收终端用户及各种应用程序的命令，把接收的命令翻译成内核能理解的语言，传递给内核，并把内核处理接收的命令的结果返回给外界，即Shell是外界和内核沟通的桥梁或大门。Linux和Unix提供了多种Shell，其中有种bash，当然还有其他好多种。Mac电脑中不但有bash，还有一个zsh，预装的，据说
Linux MariaDB使用OpenSSL安装SSL证书 Meta39 MySQL Oracle MariaDB Linux Windows ssl linux mariadb
进入到证书存放目录，批量删除.pem证书警告：确保已经进入到证书存放目录find.-typef-iname\*.pem-delete查看是否安装OpenSSLopensslversion没有则安装yuminstallopensslopenssl-devel开启SSL编辑/etc/my.cnf文件（没有的话就创建，但是要注意，在/etc/my.cnf.d/server.cnf配置了datadir的，
【从浅识到熟知Linux】Linux发展史 Jammingpro 从浅学到熟知Linux linux 运维服务器
归属专栏：从浅学到熟知Linux个人主页：Jammingpro每日努力一点点，技术变化看得见文章前言：本篇文章记录Linux发展的历史，因在介绍Linux过程中涉及的其他操作系统及人物，本文对相关内容也有所介绍。文章目录Unix发展史Linux发展史开源Linux官网企业应用情况发行版本在学习Linux前，我们可能都会问Linux从哪里来？它是如何发展的。但在介绍Linux之前，需要先介绍一下Un
linux 发展史种树的猴子内核 java 操作系统 linux 大数据
linux发展史说明此前对linux认识模糊一知半解，近期通过学习将自己对于linux的发展总结一下方便大家日后的学习。那Linux是目前一款非常火热的开源操作系统，可是linux是什么时候出现的，又是因为什么样的原因被开发出来的呢。以下将对linux的发展历程进行详细的讲解。目录一、Linux发展背景二、UINIX的诞生三、UNIX的重要分支-BSD的诞生四、Minix的诞生五、GNU与Free
Linux sh命令 fengyehongWorld Linux linux
目录一.基本语法二.选项2.1-c字符串中读取内容，并执行2.1.1基本用法2.1.2获取当前目录下失效的超链接2.2-x每个命令执行之前，将其打印出来2.3结合Here文档使用一.基本语法⏹Linux和Unix系统中用于执行shell脚本或运行命令的命令。sh[选项][脚本文件][参数...]⏹选项-c：从字符串中读取内容，并执行。-x：在每个命令执行之前，将其打印出来。-s：从标准流中读取内容
Linux vi常用命令 fengyehongWorld Linux linux
参考资料viコマンド（vimコマンド）リファレンス目录一.保存系命令二.删除系命令三.移动系命令四.复制粘贴系命令一.保存系命令⏹保存并退出:wq⏹强制保存并退出:wq!⏹退出(文件未编辑):q⏹强制退出(忽略已编辑内容):q!⏹另存为:w新文件名二.删除系命令⏹删除当前行dd⏹清空整个文档gg：移动到文档顶部dG：删除到最后一行ggdG三.移动系命令⏹移动到文档顶部gg⏹移动到文档底部#方式1G
Linux查看服务器日志 TPBoreas 运维 linux 运维
一、tail这个是我最常用的一种查看方式用法如下：tail-n10test.log查询日志尾部最后10行的日志;tail-n+10test.log查询10行之后的所有日志;tail-fn10test.log循环实时查看最后1000行记录(最常用的)一般还会配合着grep用，(实时抓包)例如:tail-fn1000test.log|grep'关键字'（动态抓包）tail-fn1000test.log
笋丁网页自动回复机器人V3.0.0免授权版源码希希分享软希网58soho_cn 源码资源笋丁网页自动回复机器人
笋丁网页机器人一款可设置自动回复，默认消息，调用自定义api接口的网页机器人。此程序后端语言使用Golang，内存占用最高不超过30MB，1H1G服务器流畅运行。仅支持Linux服务器部署，不支持虚拟主机，请悉知！使用自定义api功能需要有一定的建站基础。源码下载：https://download.csdn.net/download/m0_66047725/89754250更多资源下载：关注我。安
Linux CTF逆向入门蚁景网络安全 linux 运维 CTF
1.ELF格式我们先来看看ELF文件头，如果想详细了解，可以查看ELF的manpage文档。关于ELF更详细的说明：e_shoff：节头表的文件偏移量（字节）。如果文件没有节头表，则此成员值为零。sh_offset：表示了该section（节）离开文件头部位置的距离+-------------------+|ELFheader|---++--------->+-------------------
NPM私库搭建-verdaccio（Linux） Beam007 npm linux 前端
1、安装nodelinux服务器安装nodea)、官网下载所需的node版本https://nodejs.org/dist/v14.21.0/b)、解压安装包若下载的是xxx.tar.xz文件，解压命令为tar-xvfxxx.tar.xzc)、修改环境变量修改：/etc/profile文件#SETPATHFORNODEJSexportNODE_HOME=NODEJS解压安装的路径exportPAT
【2023年】云计算金砖牛刀小试6 geekgold 云计算服务器网络 kubernetes 容器
第一套【任务1】私有云服务搭建[10分]【题目1】基础环境配置[0.5分]使用提供的用户名密码，登录提供的OpenStack私有云平台，在当前租户下，使用CentOS7.9镜像，创建两台云主机，云主机类型使用4vCPU/12G/100G_50G类型。当前租户下默认存在一张网卡，自行创建第二张网卡并连接至controller和compute节点（第二张网卡的网段为10.10.X.0/24，X为工位号
C++常见知识掌握 nfgo c++开发语言
1.Linux软件开发、调试与维护内核与系统结构Linux内核是操作系统的核心，负责管理硬件资源，提供系统服务，它是系统软件与硬件之间的桥梁。主要组成部分包括：进程管理：内核通过调度器分配CPU时间给各个进程，实现进程的创建、调度、终止等操作。使用进程描述符（task_struct）来存储进程信息，包括状态（就绪、运行、阻塞等）、优先级、内存映射等。内存管理：包括物理内存和虚拟内存管理。通过页表映
linux脚本sed替换变量,sed 命令中替换值为shell变量诺坎普之约 linux脚本sed替换变量
文章目录sed命令中替换值为shell变量替换基本语法sed中替换使用shell变量总结参考文档sed命令中替换值为shell变量替换基本语法大家都是sed有很多用法，最多就应该是替换一些值了。让我们先回忆sed的替换语法。在sed进行替换的时候sed-i's/old/new/g'1.txtecho"hellooldfrank"|sed's/old/new/g'结果如下：hellonewfrank
RK3229_Android9.0_Box 4G模块EC200A调试 suifen_ 网络
0、kernel修改这部分完全可以参考Linux的移植：RK3588EC200A-CN【4G模块】调试_rkec200a-cn-CSDN博客1、修改device/rockchip/rk322xdiff--gita/device.mkb/device.mkindexec6bfaa..e7c32d1100755---a/device.mk+++b/device.mk@@-105,6+105,8@@en
linux 安装Sublime Text 3 hhyiyuanyu Python学习 linux sublime text
方法/步骤打开官网http://www.sublimetext.com/3，选择64位进行下载执行命令wgethttps://download.sublimetext.com/sublime_text_3_build_3126_x64.tar.bz2进行下载3、下载完成进行解压,执行tar-xvvfsublime_text_3_build_3126_x64.tar.bz解压4、解压完成以后，移动到
2020年最新程序员职业发展路线指南，超详细！编程流川枫 11 编程语言程序员互联网 IT 职业
【文章来源微信公众号：每天学编程】01、程序员的特性技术出身的职场人特性很明显，与做市场、业务出身的职场人区别尤其明显。IT行业中常见的一些职场角色：老板、项目经理、产品经理、需求分析师、设计师、开发工程师、运维工程师等。开发工程师具有如下特征：1、逻辑思维清晰、严谨和细腻；但是有时不容易转弯，有些程序员容易较劲、钻牛角尖。2、性格偏内向、不善于沟通、表达和交际；但是在网络聊天工具上，有些显为幽默
【从问题中去学习k8s】k8s中的常见面试题（夯实理论基础）（二十八）向往风的男子 k8s 学习 kubernetes 容器
本站以分享各种运维经验和运维所需要的技能为主《python零基础入门》：python零基础入门学习《python运维脚本》：python运维脚本实践《shell》：shell学习《terraform》持续更新中：terraform_Aws学习零基础入门到最佳实战《k8》从问题中去学习k8s《docker学习》暂未更新《ceph学习》ceph日常问题解决分享《日志收集》ELK+各种中间件《运维日常》
KVM虚拟机源代码分析【转】 xidianjiapei001 #虚拟化技术
1.KVM结构及工作原理1.1KVM结构KVM基本结构有两部分组成。一个是KVMDriver，已经成为Linux内核的一个模块。负责虚拟机的创建，虚拟内存的分配，虚拟CPU寄存器的读写以及虚拟CPU的运行等。另外一个是稍微修改过的Qemu，用于模拟PC硬件的用户空间组件，提供I/O设备模型以及访问外设的途径。KVM基本结构如图1所示。其中KVM加入到标准的Linux内核中，被组织成Linux中标准
史上最全git命令,git回滚,git命令大全騒周其他 git
git命令大全一、Git整体理解二、由暂存区本地仓库三、由本地仓->远程仓库四、冲突处理五、Git分支操作六、bug的分支七、feature分支八、暂存的使用九、远程仓的操作十、标签的使用十一、Git配置全局信息十二、Linux的一些简单操作和一些符号的解释十三、符号解释十四、显示安装详细信息十五、gitconfig十六、Gitclone十七、Gitinit十八、gitstatus十九、gitre
【显示后台运行 & 的命令】晨春计 debug linux 服务器运维
目录背景步骤详解示例背景当你在Linuxshell中使用&符号将一个命令放到后台运行时，你可以使用jobs命令来查看这些后台进程的状态。但是，jobs命令并不会直接显示进程的PID（进程ID）。它会显示一个作业列表，其中包括每个作业的状态和一个作业标识符（通常是百分号%后面跟着一个数字），但不会直接显示PID。获取后台进程的PID步骤：1、使用jobs命令查看后台作业。2、使用ps命令配合grep
Android shell 常用 debug 命令晨春计 Audio debug android linux
目录1、查看版本2、am命令3、pm命令4、dumpsys命令5、sed命令6、log定位查看APK进程号7、log定位使用场景1、查看版本1.1、Android串口终端执行getpropro.build.version.release#获取Android版本uname-a#查看linux内核版本信息uname-r#单独查看内核版本1.2、linux服务器执行lsb_release-a#查看Lin
分享100个最新免费的高匿HTTP代理IP mcj8089 代理IP 代理服务器匿名代理免费代理IP 最新代理IP
推荐两个代理IP网站： 1. 全网代理IP：http://proxy.goubanjia.com/ 2. 敲代码免费IP：http://ip.qiaodm.com/ 120.198.243.130:80,中国/广东省 58.251.78.71:8088,中国/广东省 183.207.228.22:83,中国/
mysql高级特性之数据分区 annan211 java 数据结构 mongodb 分区 mysql
mysql高级特性 1 以存储引擎的角度分析，分区表和物理表没有区别。是按照一定的规则将数据分别存储的逻辑设计。器底层是由多个物理字表组成。 2 分区的原理分区表由多个相关的底层表实现，这些底层表也是由句柄对象表示，所以我们可以直接访问各个分区。存储引擎管理分区的各个底层表和管理普通表一样(所有底层表都必须使用相同的存储引擎)，分区表的索引只是
JS采用正则表达式简单获取URL地址栏参数 chiangfai js 地址栏参数获取
GetUrlParam:function GetUrlParam(param){ var reg = new RegExp("(^|&)"+ param +"=([^&]*)(&|$)"); var r = window.location.search.substr(1).match(reg); if(r!=null
怎样将数据表拷贝到powerdesigner (本地数据库表) Array_06 powerDesigner
================================================== 1、打开PowerDesigner12，在菜单中按照如下方式进行操作 file->Reverse Engineer->DataBase 点击后，弹出 New Physical Data Model 的对话框 2、在General选项卡中 Model name:模板名字，自
logbackのhelloworld 飞翔的马甲日志 logback
一、概述 1.日志是啥？当我是个逗比的时候我是这么理解的：log.debug()代替了system.out.print(); 当我项目工作时，以为是一堆得.log文件。这两天项目发布新版本，比较轻松，决定好好地研究下日志以及logback。传送门1：日志的作用与方法： http://www.infoq.com/cn/articles/why-and-how-log 上面的作
新浪微博爬虫模拟登陆随意而生新浪微博
转载自：http://hi.baidu.com/erliang20088/item/251db4b040b8ce58ba0e1235 近来由于毕设需要，重新修改了新浪微博爬虫废了不少劲，希望下边的总结能够帮助后来的同学们。现行版的模拟登陆与以前相比，最大的改动在于cookie获取时候的模拟url的请求
synchronized 香水浓 java thread
Java语言的关键字，可用来给对象和方法或者代码块加锁，当它锁定一个方法或者一个代码块的时候，同一时刻最多只有一个线程执行这段代码。当两个并发线程访问同一个对象object中的这个加锁同步代码块时，一个时间内只能有一个线程得到执行。另一个线程必须等待当前线程执行完这个代码块以后才能执行该代码块。然而，当一个线程访问object的一个加锁代码块时，另一个线程仍然
maven 简单实用教程 AdyZhang maven
1. Maven介绍 1.1. 简介 java编写的用于构建系统的自动化工具。目前版本是2.0.9，注意maven2和maven1有很大区别，阅读第三方文档时需要区分版本。 1.2. Maven资源见官方网站；The 5 minute test，官方简易入门文档；Getting Started Tutorial，官方入门文档；Build Coo
Android 通过 intent传值获得null aijuans android
我在通过intent 获得传递兑现过的时候报错，空指针,我是getMap方法进行传值，代码如下 1 2 3 4 5 6 7 8 9 public void getMap(View view){ Intent i =
apache 做代理报如下错误：The proxy server received an invalid response from an upstream baalwolf response
网站配置是apache＋tomcat,tomcat没有报错，apache报错是： The proxy server received an invalid response from an upstream server. The proxy server could not handle the request GET /. Reason: Error reading fr
Tomcat6 内存和线程配置 BigBird2012 tomcat6
1、修改启动时内存参数、并指定JVM时区（在windows server 2008 下时间少了8个小时）在Tomcat上运行j2ee项目代码时，经常会出现内存溢出的情况，解决办法是在系统参数中增加系统参数： window下，在catalina.bat最前面 set JAVA_OPTS=-XX:PermSize=64M -XX:MaxPermSize=128m -Xms5
Karam与TDD bijian1013 Karam TDD
一.TDD 测试驱动开发（Test-Driven Development,TDD）是一种敏捷（AGILE）开发方法论，它把开发流程倒转了过来，在进行代码实现之前，首先保证编写测试用例，从而用测试来驱动开发（而不是把测试作为一项验证工具来使用）。 TDD的原则很简单： a.只有当某个
[Zookeeper学习笔记之七]Zookeeper源代码分析之Zookeeper.States bit1129 zookeeper
public enum States { CONNECTING, //Zookeeper服务器不可用，客户端处于尝试链接状态 ASSOCIATING, //？？？ CONNECTED, //链接建立，可以与Zookeeper服务器正常通信 CONNECTEDREADONLY, //处于只读状态的链接状态，只读模式可以在
【Scala十四】Scala核心八：闭包 bit1129 scala
Free variable A free variable of an expression is a variable that’s used inside the expression but not defined inside the expression. For instance, in the function literal expression (x: Int) => (x
android发送json并解析返回json ronin47 android
package com.http.test; import org.apache.http.HttpResponse; import org.apache.http.HttpStatus; import org.apache.http.client.HttpClient; import org.apache.http.client.methods.HttpGet; import
一份IT实习生的总结 brotherlamp PHP php资料 php教程 php培训 php视频
今天突然发现在不知不觉中自己已经实习了 3 个月了，现在可能不算是真正意义上的实习吧，因为现在自己才大三，在这边撸代码的同时还要考虑到学校的功课跟期末考试。让我震惊的是，我完全想不到在这 3 个月里我到底学到了什么，这是一件多么悲催的事情啊。同时我对我应该 get 到什么新技能也很迷茫。所以今晚还是总结下把，让自己在接下来的实习生活有更加明确的方向。最后感谢工作室给我们几个人这个机会让我们提前出来
据说是2012年10月人人网校招的一道笔试题-给出一个重物重量为X,另外提供的小砝码重量分别为1，3，9。。。3^N。将重物放到天平左侧，问在两边如何添加砝码 bylijinnan java
public class ScalesBalance { /** * 题目： * 给出一个重物重量为X,另外提供的小砝码重量分别为1，3，9。。。3^N。（假设N无限大，但一种重量的砝码只有一个） * 将重物放到天平左侧，问在两边如何添加砝码使两边平衡 * * 分析： * 三进制 * 我们约定括号表示里面的数是三进制，例如 47=(1202
dom4j最常用最简单的方法 chiangfai dom4j
要使用dom4j读写XML文档,需要先下载dom4j包,dom4j官方网站在 http://www.dom4j.org/目前最新dom4j包下载地址:http://nchc.dl.sourceforge.net/sourceforge/dom4j/dom4j-1.6.1.zip 解开后有两个包,仅操作XML文档的话把dom4j-1.6.1.jar加入工程就可以了,如果需要使用XPath的话还需要
简单HBase笔记 chenchao051 hbase
一、Client-side write buffer 客户端缓存请求描述：可以缓存客户端的请求，以此来减少RPC的次数，但是缓存只是被存在一个ArrayList中，所以多线程访问时不安全的。可以使用getWriteBuffer()方法来取得客户端缓存中的数据。默认关闭。二、Scan的Caching 描述： next( )方法请求一行就要使用一次RPC,即使
mysqldump导出时出现when doing LOCK TABLES daizj mysql mysqdump 导数据
　　执行　mysqldump -uxxx -pxxx -hxxx -Pxxxx database tablename > tablename.sql　导出表时，会报 mysqldump: Got error: 1044: Access denied for user 'xxx'@'xxx' to database 'xxx' when doing LOCK TABLES 解决
CSS渲染原理 dcj3sjt126com Web
从事Web前端开发的人都与CSS打交道很多，有的人也许不知道css是怎么去工作的，写出来的css浏览器是怎么样去解析的呢？当这个成为我们提高css水平的一个瓶颈时，是否应该多了解一下呢？一、浏览器的发展与CSS
《阿甘正传》台词 dcj3sjt126com
Part Ⅰ: 《阿甘正传》Forrest Gump经典中英文对白 Forrest: Hello! My names Forrest. Forrest Gump. You wanna Chocolate? I could eat about a million and a half othese. My momma always said life was like a box ochocol
Java处理JSON dyy_gusi json
Json在数据传输中很好用，原因是JSON 比 XML 更小、更快，更易解析。在Java程序中，如何使用处理JSON，现在有很多工具可以处理，比较流行常用的是google的gson和alibaba的fastjson，具体使用如下： 1、读取json然后处理 class ReadJSON { public static void main(String[] args)
win7下nginx和php的配置 geeksun nginx
1. 安装包准备 nginx : 从nginx.org下载nginx-1.8.0.zip php：从php.net下载php-5.6.10-Win32-VC11-x64.zip， php是免安装文件。 RunHiddenConsole: 用于隐藏命令行窗口 2. 配置 # java用8080端口做应用服务器，nginx反向代理到这个端口即可 p
基于2.8版本redis配置文件中文解释 hongtoushizi redis
转载自： http://wangwei007.blog.51cto.com/68019/1548167 在Redis中直接启动redis-server服务时, 采用的是默认的配置文件。采用redis-server xxx.conf 这样的方式可以按照指定的配置文件来运行Redis服务。下面是Redis2.8.9的配置文
第五章常用Lua开发库3-模板渲染 jinnianshilongnian nginx lua
动态web网页开发是Web开发中一个常见的场景，比如像京东商品详情页，其页面逻辑是非常复杂的，需要使用模板技术来实现。而Lua中也有许多模板引擎，如目前我在使用的lua-resty-template，可以渲染很复杂的页面，借助LuaJIT其性能也是可以接受的。如果学习过JavaEE中的servlet和JSP的话，应该知道JSP模板最终会被翻译成Servlet来执行；而lua-r
JZSearch大数据搜索引擎颠覆者 JavaScript
系统简介：大数据的特点有四个层面：第一，数据体量巨大。从TB级别，跃升到PB级别；第二，数据类型繁多。网络日志、视频、图片、地理位置信息等等。第三，价值密度低。以视频为例，连续不间断监控过程中，可能有用的数据仅仅有一两秒。第四，处理速度快。最后这一点也是和传统的数据挖掘技术有着本质的不同。业界将其归纳为4个“V”——Volume，Variety，Value，Velocity。大数据搜索引
10招让你成为杰出的Java程序员 pda158 java 编程框架
如果你是一个热衷于技术的 Java 程序员，那么下面的 10 个要点可以让你在众多 Java 开发人员中脱颖而出。　　 1. 拥有扎实的基础和深刻理解 OO 原则　　对于 Java 程序员，深刻理解 Object Oriented Programming（面向对象编程）这一概念是必须的。没有 OOPS 的坚实基础，就领会不了像 Java 这些面向对象编程语言
tomcat之oracle连接池配置小网客 oracle
tomcat版本7.0 配置oracle连接池方式：修改tomcat的server.xml配置文件： <GlobalNamingResources> <Resource name="utermdatasource" auth="Container" type="javax.sql.DataSou
Oracle 分页算法汇总 vipbooks oracle sql 算法 .net
这是我找到的一些关于Oracle分页的算法，大家那里还有没有其他好的算法没？我们大家一起分享一下！ -- Oracle 分页算法一 select * from ( select page.*,rownum rn from (select * from help) page -- 20 = (currentPag

Centos 7 部署 OpenStack_Rocky版高可用集群3-2