赞
踩
目录
(1) 主机
表1 主机
主机 | 架构 | IP | 备注 |
controller | 控制节点 | 192.168.204.210 | |
compute01 | 计算节点 | 192.168.204.211 |
(2)官网
OpenStack Docs: OpenStack Installation Guide for Red Hat Enterprise Linux and CentOS
(3)网络
① 控制节点 ping 计算节点
[root@controller ~]# ping compute01 -c 1
②计算节点 ping 控制节点
[root@compute01 ~]# ping compute01 -c 1
(4) 时间同步
① 控制节点
[root@controller ~]# yum install -y chrony
- [root@controller ~]# vim /etc/chrony.conf
- [root@controller ~]# systemctl restart chronyd.service && systemctl enable chronyd.service
② 计算节点
[root@compute01 ~]# yum install -y chrony
③测试
- [root@controller ~]# date
-
- [root@compute01 ~]# date
(1)控制节点安装 OpenStack 客户端
# yum install python-openstackclient
(2)CentOS 默认启用了 SELinux . 安装 openstack-selinux 软件包以便自动管理 OpenStack 服务的安全策略
# yum install openstack-selinux
(1)安装软件包
# yum install mariadb mariadb-server python2-PyMySQL
(2)创建并编辑 /etc/my.cnf.d/openstack.cnf
① 在 [mysqld] 部分,设置 bind-address值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库
- [mysqld]
- ...
- bind-address = 192.168.204.210
②在[mysqld]部分,设置如下键值来启用一起有用的选项和 UTF-8 字符集
- [mysqld]
- ...
- default-storage-engine = innodb
- innodb_file_per_table
- max_connections = 4096
- collation-server = utf8_general_ci
- character-set-server = utf8
③修改
(3) 完成安装
①启动数据库服务,并将其配置为开机自启
- # systemctl enable mariadb.service
- # systemctl start mariadb.service
②为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。
(1)安装包
# yum install rabbitmq-server
(2)启动消息队列服务并将其配置为随系统启动
- # systemctl enable rabbitmq-server.service
- # systemctl start rabbitmq-server.service
(3)添加 openstack 用户
# rabbitmqctl add_user openstack RABBIT_PASS
(4)给openstack用户配置写和读权限
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
(1)安装软件包
# yum install memcached python-memcached
(2)修改配置
# vim /etc/sysconfig/memcached
(3)启动Memcached服务,并且配置它随机启动
- # systemctl enable memcached.service
- # systemctl start memcached.service
(4)查看服务
(1)创建数据库和管理员令牌
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
- IDENTIFIED BY 'KEYSTONE_DBPASS';
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
- IDENTIFIED BY 'KEYSTONE_DBPASS';
用数据库连接客户端 (注意生产环境需要账户及密码)
$ mysql -u root -p
创建 keystone 数据库
CREATE DATABASE keystone;
对keystone数据库授予恰当的权限
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
- IDENTIFIED BY 'KEYSTONE_DBPASS';
- GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
- IDENTIFIED BY 'KEYSTONE_DBPASS';
(2)安全并配置组件
运行以下命令来安装包
# yum install openstack-keystone httpd mod_wsgi
安装工具包
# yum install -y openstack-utils
(3) 编辑文件 /etc/keystone/keystone.conf
① 在[DEFAULT]部分,定义初始管理令牌的值
- [DEFAULT]
- ...
- admin_token = ADMIN_TOKEN
②在 [database] 部分,配置数据库访问
- [database]
- ...
- connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
③ 在[token]部分,配置Fernet UUID令牌的提供者。
- [token]
- ...
- provider = fernet
④初始化身份认证服务的数据库
# su -s /bin/sh -c "keystone-manage db_sync" keystone
④ 查看
mysql keystone -e "show tables;"
⑥初始化Fernet keys
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
(4)配置 Apache HTTP 服务器
① 编辑/etc/httpd/conf/httpd.conf 文件,配置ServerName 选项为控制节点
ServerName controller
②创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
- Listen 5000
- Listen 35357
-
- <VirtualHost *:5000>
- WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
- WSGIProcessGroup keystone-public
- WSGIScriptAlias / /usr/bin/keystone-wsgi-public
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /var/log/httpd/keystone-error.log
- CustomLog /var/log/httpd/keystone-access.log combined
-
- <Directory /usr/bin>
- Require all granted
- </Directory>
- </VirtualHost>
-
- <VirtualHost *:35357>
- WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
- WSGIProcessGroup keystone-admin
- WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
- WSGIApplicationGroup %{GLOBAL}
- WSGIPassAuthorization On
- ErrorLogFormat "%{cu}t %M"
- ErrorLog /var/log/httpd/keystone-error.log
- CustomLog /var/log/httpd/keystone-access.log combined
-
- <Directory /usr/bin>
- Require all granted
- </Directory>
- </VirtualHost>
③ 启动 Apache HTTP 服务并配置其随系统启动
- # systemctl enable httpd.service
- # systemctl start httpd.service
# systemctl status httpd.service
(5) 创建服务实体和API端点
①申明环境变量
- $ export OS_TOKEN=ADMIN_TOKEN
- $ export OS_URL=http://controller:35357/v3
- $ export OS_IDENTITY_API_VERSION=3
② 创建服务实体和身份认证服务
- $ openstack service create \
- --name keystone --description "OpenStack Identity" identity
③ 创建认证服务的 API 端点
- $ openstack endpoint create --region RegionOne \
- identity public http://controller:5000/v3
-
- $ openstack endpoint create --region RegionOne \
- identity internal http://controller:5000/v3
-
- $ openstack endpoint create --region RegionOne \
- identity admin http://controller:35357/v3
④ 查看
- # openstack service list
-
- # openstack endpoint list
(6)创建域、项目、用户和角色
①创建域default
$ openstack domain create --description "Default Domain" default
②创建 admin 项目
- $ openstack project create --domain default \
- --description "Admin Project" admin
③ 创建 admin 用户
- $ openstack user create --domain default \
- --password-prompt admin
④创建 admin 角色
$ openstack role create admin
⑤ 添加admin 角色到 admin 项目和用户上
$ openstack role add --project admin --user admin admin
⑥ 创建service项目
- $ openstack project create --domain default \
- --description "Service Project" service
⑦ 查看 (需要后续脚本支持)
- # openstack domain list
-
- # openstack project list
-
- # openstack role list
-
- # openstack user list
(7) 创建 OpenStack 客户端环境脚本
编辑文件 admin-openrc,将 ADMIN_PASS 替换为你在认证服务中为 admin 用户选择的密码。
- export OS_PROJECT_DOMAIN_NAME=default
- export OS_USER_DOMAIN_NAME=default
- export OS_PROJECT_NAME=admin
- export OS_USERNAME=admin
- export OS_PASSWORD=ADMIN_PASS
- export OS_AUTH_URL=http://controller:35357/v3
- export OS_IDENTITY_API_VERSION=3
- export OS_IMAGE_API_VERSION=2
(1)创建数据库
用数据库连接客户端以 root 用户连接到数据库服务器
$ mysql -u root -p
创建 glance 数据库
CREATE DATABASE glance;
对glance数据库授予权限
- GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
- IDENTIFIED BY 'GLANCE_DBPASS';
- GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
- IDENTIFIED BY 'GLANCE_DBPASS';
(2)创建 glance 用户
① 创建
$ openstack user create --domain default --password-prompt glance
查看
② 添加 admin 角色到 glance 用户和 service 项目上
$ openstack role add --project service --user glance admin
③创建glance服务实体
- $ openstack service create --name glance \
- --description "OpenStack Image" image
查看
④创建镜像服务的 API 端点
- $ openstack endpoint create --region RegionOne \
- image public http://controller:9292
-
- $ openstack endpoint create --region RegionOne \
- image internal http://controller:9292
-
- $ openstack endpoint create --region RegionOne \
- image admin http://controller:9292
(3)安装软件包
# yum install openstack-glance
(4)编辑文件 /etc/glance/glance-api.conf
① 在 [database] 部分,配置数据库访问
- [database]
- ...
- connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
② 在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
- [keystone_authtoken]
- ...
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = glance
- password = GLANCE_PASS
-
- [paste_deploy]
- ...
- flavor = keystone
③在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置
- [glance_store]
- ...
- stores = file,http
- default_store = file
- filesystem_store_datadir = /var/lib/glance/images/
④在 [database] 部分,配置数据库访问
- [database]
- ...
- connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
⑤在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
- [keystone_authtoken]
- ...
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = glance
- password = GLANCE_PASS
-
- [paste_deploy]
- ...
- flavor = keystone
⑥备份并修改
(5)写入镜像服务数据库(忽略输出中任何不推荐使用的信息)
# su -s /bin/sh -c "glance-manage db_sync" glance
(6)查看数据库
# mysql glance -e "show tables;"
(6)完成安装
启动镜像服务、配置他们随机启动
- # systemctl enable openstack-glance-api.service \
- openstack-glance-registry.service
- # systemctl start openstack-glance-api.service \
- openstack-glance-registry.service
(7) 查看网络
# netstat nltup
(8)验证操作
①下载源镜像
$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
② 使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
- $ openstack image create "cirros" \
- --file cirros-0.3.4-x86_64-disk.img \
- --disk-format qcow2 --container-format bare \
- --public
③确认镜像的上传并验证属性
$ openstack image list
④ 登录数据库验证
⑤查看
# openstack endpoint list | grep glance
(1)创建数据库
用数据库连接客户端
$ mysql -u root -p
创建 nova_api 和 nova 数据库
- CREATE DATABASE nova_api;
- CREATE DATABASE nova;
对数据库进行正确的授权
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
- IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
- IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
- IDENTIFIED BY 'NOVA_DBPASS';
- GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
- IDENTIFIED BY 'NOVA_DBPASS';
(2)创建 nova 用户
- $ openstack user create --domain default \
- --password-prompt nova
① 给 nova 用户添加 admin 角色
$ openstack role add --project service --user nova admin
② 创建 nova 服务实体
- $ openstack service create --name nova \
- --description "OpenStack Compute" compute
③ 创建 Compute 服务 API 端点
- $ openstack endpoint create --region RegionOne \
- compute public http://controller:8774/v2.1/%\(tenant_id\)s
-
- $ openstack endpoint create --region RegionOne \
- compute internal http://controller:8774/v2.1/%\(tenant_id\)s
-
- $ openstack endpoint create --region RegionOne \
- compute admin http://controller:8774/v2.1/%\(tenant_id\)s
(3)查看
# openstack endpoint list
(4) 安装软件包
- # yum install openstack-nova-api openstack-nova-conductor \
- openstack-nova-console openstack-nova-novncproxy \
- openstack-nova-scheduler
(5) 编辑/etc/nova/nova.conf
① 在[DEFAULT]部分,只启用计算和元数据API
- [DEFAULT]
- ...
- enabled_apis = osapi_compute,metadata
②在[api_database]和[database]部分,配置数据库的连接
- [api_database]
- ...
- connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
-
- [database]
- ...
- connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
③在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 RabbitMQ消息队列访问
- [DEFAULT]
- ...
- rpc_backend = rabbit
-
- [oslo_messaging_rabbit]
- ...
- rabbit_host = controller
- rabbit_userid = openstack
- rabbit_password = RABBIT_PASS
④ 在 [DEFAULT]和 [keystone_authtoken] 部分,配置认证服务访问
- [DEFAULT]
- ...
- auth_strategy = keystone
-
- [keystone_authtoken]
- ...
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = nova
- password = NOVA_PASS
⑤ 在 [DEFAULT 部分,配置my_ip 来使用控制节点的管理接口的IP 地址
- [DEFAULT]
- ...
- my_ip = 192.168.204.210
⑥在 [DEFAULT] 部分,使能 Networking 服务
- [DEFAULT]
- ...
- use_neutron = True
- firewall_driver = nova.virt.firewall.NoopFirewallDriver
⑦在[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址
- [vnc]
- ...
- vncserver_listen = $my_ip
- vncserver_proxyclient_address = $my_ip
⑧在 [glance] 区域,配置镜像服务 API 的位置
- [glance]
- ...
- api_servers = http://controller:9292
⑨在 [oslo_concurrency] 部分,配置锁路径
- [oslo_concurrency]
- ...
- lock_path = /var/lib/nova/tmp
⑩备份并修改
(6) 同步Compute 数据库
- # su -s /bin/sh -c "nova-manage api_db sync" nova
- # su -s /bin/sh -c "nova-manage db sync" nova
(7)查看数据库
# mysql nova -e "show tables;"
(8)启动 Compute 服务并将其设置为随系统启动
- # systemctl enable openstack-nova-api.service \
- openstack-nova-consoleauth.service openstack-nova-scheduler.service \
- openstack-nova-conductor.service openstack-nova-novncproxy.service
- # systemctl start openstack-nova-api.service \
- openstack-nova-consoleauth.service openstack-nova-scheduler.service \
- openstack-nova-conductor.service openstack-nova-novncproxy.service
(9) 查看服务列表
# openstack service list
(1)安装软件包
- # yum install openstack-nova-compute -y
-
- # yum install libvirt -y
-
- # yum install openstack-utils.noarch -y
(2)编辑/etc/nova/nova.conf
①在[DEFAULT]和 [oslo_messaging_rabbit]部分,配置RabbitMQ消息队列的连接
- [DEFAULT]
- ...
- rpc_backend = rabbit
-
- [oslo_messaging_rabbit]
- ...
- rabbit_host = controller
- rabbit_userid = openstack
- rabbit_password = RABBIT_PASS
② 在 [DEFAULT]和 [keystone_authtoken] 部分,配置认证服务访问
- [DEFAULT]
- ...
- auth_strategy = keystone
-
- [keystone_authtoken]
- ...
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = nova
- password = NOVA_PASS
③ 在 [DEFAULT] 部分,配置 my_ip 选项
- [DEFAULT]
- ...
- my_ip = 192.168.204.211
④ 在 [DEFAULT] 部分,使能 Networking 服务
- [DEFAULT]
- ...
- use_neutron = True
- firewall_driver = nova.virt.firewall.NoopFirewallDriver
⑤ 在[vnc]部分,启用并配置远程控制台访问
- [vnc]
- ...
- enabled = True
- vncserver_listen = 0.0.0.0
- vncserver_proxyclient_address = $my_ip
- novncproxy_base_url = http://controller:6080/vnc_auto.html
⑥在 [glance] 区域,配置镜像服务 API 的位置
- [glance]
- ...
- api_servers = http://controller:9292
⑦ 在 [oslo_concurrency] 部分,配置锁路径
- [oslo_concurrency]
- ...
- lock_path = /var/lib/nova/tmp
⑧ 备份修改
(3)完成安装
① 确定计算节点是否支持虚拟机的硬件加速
$ egrep -c '(vmx|svm)' /proc/cpuinfo
② 启动计算服务及其依赖,并将其配置为随系统自动启动
- # systemctl enable libvirtd.service openstack-nova-compute.service
- # systemctl start libvirtd.service openstack-nova-compute.service
(4)验证操作
查看服务列表
# openstack service list
(1)创建数据库
用数据库连接客户端
$ mysql -u root -p
创建neutron数据库
CREATE DATABASE neutron;
对neutron数据库授予合适的访问权限,使用合适的密码替换NEUTRON_DBPASS
- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
- IDENTIFIED BY 'NEUTRON_DBPASS';
- GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
- IDENTIFIED BY 'NEUTRON_DBPASS';
(2)创建neutron用户
$ openstack user create --domain default --password-prompt neutron
(3)添加admin角色到neutron用户
$ openstack role add --project service --user neutron admin
(4)创建neutron服务实体
- $ openstack service create --name neutron \
- --description "OpenStack Networking" network
(5)创建网络服务API端点
- $ openstack endpoint create --region RegionOne \
- network public http://controller:9696
-
- $ openstack endpoint create --region RegionOne \
- network internal http://controller:9696
-
- $ openstack endpoint create --region RegionOne \
- network admin http://controller:9696
(6)查看
(7)安装 Modular Layer 2 (ML2) 插件
- # yum install openstack-neutron openstack-neutron-ml2 \
- openstack-neutron-linuxbridge ebtables
(8)编辑/etc/neutron/plugins/ml2/ml2_conf.ini
① 在 [database] 部分,配置数据库访问
- [database]
- ...
- connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
② 在[DEFAULT]部分,启用ML2插件并禁用其他插件
- [DEFAULT]
- ...
- core_plugin = ml2
- service_plugins =
③ 在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 “RabbitMQ” 消息队列的连接
- [DEFAULT]
- ...
- rpc_backend = rabbit
-
- [oslo_messaging_rabbit]
- ...
- rabbit_host = controller
- rabbit_userid = openstack
- rabbit_password = RABBIT_PASS
④在 [DEFAULT]和 [keystone_authtoken]部分,配置认证服务访问
- [DEFAULT]
- ...
- auth_strategy = keystone
-
- [keystone_authtoken]
- ...
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = neutron
- password = NEUTRON_PASS
⑤ 在[DEFAULT]和[nova]部分,配置网络服务来通知计算节点的网络拓扑变化
- [DEFAULT]
- ...
- notify_nova_on_port_status_changes = True
- notify_nova_on_port_data_changes = True
-
- [nova]
- ...
- auth_url = http://controller:35357
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- region_name = RegionOne
- project_name = service
- username = nova
- password = NOVA_PASS
⑥ 在 [oslo_concurrency] 部分,配置锁路径
- [oslo_concurrency]
- ...
- lock_path = /var/lib/neutron/tmp
⑦备份修改
(9)配置 Modular Layer 2 (ML2) 插件,编辑/etc/neutron/plugins/ml2/ml2_conf.ini
① 在[ml2]部分,启用flat和VLAN网络
- [ml2]
- ...
- type_drivers = flat,vlan
② 在[ml2]部分,禁用私有网络
- [ml2]
- ...
- tenant_network_types =
③ 在[ml2]部分,启用Linuxbridge机制
- [ml2]
- ...
- mechanism_drivers = linuxbridge
④在[ml2]部分,启用端口安全扩展驱动
- [ml2]
- ...
- extension_drivers = port_security
⑤ 在[ml2_type_flat]部分,配置公共虚拟网络为flat网络
- [ml2_type_flat]
- ...
- flat_networks = provider
⑥ 在 [securitygroup]部分,启用 ipset 增加安全组规则的高效性
- [securitygroup]
- ...
- enable_ipset = True
(10)备份修改
(11)查看IP
(12)配置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
① 在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来
- [linux_bridge]
- physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
② 在[vxlan]部分,禁止VXLAN覆盖网络
- [vxlan]
- enable_vxlan = False
③ 在 [securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver
- [securitygroup]
- ...
- enable_security_group = True
- firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(13)修改备份
(14)配置DHCP代理,编辑/etc/neutron/dhcp_agent.ini文件
① 在[DEFAULT]部分,配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
- [DEFAULT]
- ...
- interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
- dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
- enable_isolated_metadata = True
② 修改备份
(15)配置元数据代理
① 编辑/etc/neutron/metadata_agent.ini文件,在[DEFAULT] 部分,配置元数据主机以及共享密码
- [DEFAULT]
- ...
- nova_metadata_ip = controller
- metadata_proxy_shared_secret = METADATA_SECRET
②修改备份
(16)为计算节点配置网络服务
①编辑/etc/nova/nova.conf文件,在[neutron]部分,配置访问参数,启用元数据代理并设置密码
- [neutron]
- ...
- url = http://controller:9696
- auth_url = http://controller:35357
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- region_name = RegionOne
- project_name = service
- username = neutron
- password = NEUTRON_PASS
-
- service_metadata_proxy = True
- metadata_proxy_shared_secret = METADATA_SECRET
② 直接修改
(17)完成安装
① 网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
② 同步数据库
- # su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
- --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
③ 重启计算API 服务
# systemctl restart openstack-nova-api.service
(18)查看
# neutron agent-list
(1)安装组件
# yum install openstack-neutron-linuxbridge ebtables ipset
(2)配置通用组件,编辑/etc/neutron/neutron.conf文件
①在[database]部分,注释所有connection项,因为计算节点不直接访问数据库;
②在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 RabbitMQ消息队列的连接
- [DEFAULT]
- ...
- rpc_backend = rabbit
-
- [oslo_messaging_rabbit]
- ...
- rabbit_host = controller
- rabbit_userid = openstack
- rabbit_password = RABBIT_PASS
③ 在 [DEFAULT]和 [keystone_authtoken]部分,配置认证服务访问(将 NEUTRON_PASS 替换为在认证服务中为 neutron 用户选择的密码)
- [DEFAULT]
- ...
- auth_strategy = keystone
-
- [keystone_authtoken]
- ...
- auth_uri = http://controller:5000
- auth_url = http://controller:35357
- memcached_servers = controller:11211
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- project_name = service
- username = neutron
- password = NEUTRON_PASS
④ 在 [oslo_concurrency] 部分,配置锁路径
- [oslo_concurrency]
- ...
- lock_path = /var/lib/neutron/tmp
⑤ 备份修改
(3) 配置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
① 在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来
- [linux_bridge]
- physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
② 在[vxlan]部分,禁止VXLAN覆盖网络
- [vxlan]
- enable_vxlan = False
③ 在 [securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver
- [securitygroup]
- ...
- enable_security_group = True
- firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
④ 备份修改
(4)配置网络选项,编辑/etc/nova/nova.conf文件
在[neutron]部分,配置访问参数
- [neutron]
- ...
- url = http://controller:9696
- auth_url = http://controller:35357
- auth_type = password
- project_domain_name = default
- user_domain_name = default
- region_name = RegionOne
- project_name = service
- username = neutron
- password = NEUTRON_PASS
(5)完成安装
重启计算服务
# systemctl restart openstack-nova-compute.service
启动Linuxbridge代理并配置它开机自启动
- # systemctl enable neutron-linuxbridge-agent.service
- # systemctl start neutron-linuxbridge-agent.service
(6)查看
# neutron agent-list
(7)验证,列出加载的扩展来验证neutron-server进程是否正常启动
$ neutron ext-list
(1)安装软件包
# yum install openstack-dashboard
(2)编辑文件 /etc/openstack-dashboard/local_settings
① 在 controller 节点上配置仪表盘以使用 OpenStack 服务
OPENSTACK_HOST = "controller"
②允许所有主机访问仪表板
ALLOWED_HOSTS = ['*', ]
③ 配置 memcached 会话存储服务
- SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
-
- CACHES = {
- 'default': {
- 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
- 'LOCATION': 'controller:11211',
- }
- }
④启用第3版认证API
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
⑤ 用对域的支持
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
⑥ 启配置API版本
- OPENSTACK_API_VERSIONS = {
- "identity": 3,
- "image": 2,
- "volume": 2,
- }
⑦ 通过仪表盘创建用户时的默认域配置为 default
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
⑧ 通过仪表盘创建的用户默认角色配置为 user
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
⑨ 如果选择网络参数1,禁用支持3层网络服务
- OPENSTACK_NEUTRON_NETWORK = {
- ...
- 'enable_router': False,
- 'enable_quotas': False,
- 'enable_distributed_router': False,
- 'enable_ha_router': False,
- 'enable_lb': False,
- 'enable_firewall': False,
- 'enable_vpn': False,
- 'enable_fip_topology_check': False,
- }
⑩可以选择性地配置时区
TIME_ZONE = "Asia/Shagnhai"
(3) 完成安装
重启web服务器以及会话存储服务
# systemctl restart httpd.service memcached.service
(4)验证操作
①验证仪表盘的操作
- 在浏览器中输入 http://controller/dashboard访问仪表盘。
-
- 验证使用 admin用户凭证和default域凭证。
② 登录成功
③ 查看项目
④查看镜像
⑤查看用户
⑥ 查看角色
⑦安全
Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。