前期准备

换阿里源

wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache

改主机名

hostnamectl set-hostname controller

添加主机名hosts映射

vi /etc/hosts
#添加下面内容
10.23.24.37(换成控制节点IP) controller
10.23.24.32(换成计算节点IP) compute

关闭防火墙&selinux

systemctl stop firewalld
systemctl disable firewalld
vim /etc/sysconfig/selinux
#修改SELINUX参数
SELINUX=disabled
#重启生效
reboot

更新

yum update

安装组件(一)

yum install chrony -y

yum install centos-release-openstack-train -y

#安装时间同步chrony
#安装open stack train软件包

一键换open stack train软件包源

vim yum.sh
#!/bin/bash
exec_list=`sudo ls /etc/yum.repos.d`
for i in ${exec_list[@]}
do
    echo $i;
    sudo sed -i "s/mirrorlist/#mirrorlist/g" /etc/yum.repos.d/$i
    sudo sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/$i
    sudo sed -i "s/https/http/g" /etc/yum.repos.d/$i
    sudo sed -i "s/http/https/g" /etc/yum.repos.d/$i
    sudo sed -i "s/mirror.centos.org/mirrors.aliyun.com/g" /etc/yum.repos.d/$i
    sudo sed -i "s/\$contentdir/centos/g" /etc/yum.repos.d/$i
done

安装组件(二)

yum install python2-openstackclient -y

yum install mariadb mariadb-server python2-PyMySQL -y

yum install rabbitmq-server -y

yum install memcached python-memcached -y

yum install etcd -y

yum install openstack-keystone httpd mod_wsgi -y

yum install openstack-glance -y

yum install openstack-placement-api -y

yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y

yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables -y

yum install openstack-dashboard -y

yum update -y

#安装open stack train软件包

#安装数据库

#安装RabbitMQ消息队列

#安装memcached

#安装etcd

#安装keystone服务

#安装配置glance

#安装placement

#安装nova

#安装neutron软件包

#安装面板

时间同步

修改chrony.conf

vim /etc/chrony.conf

(删除原有配置,用我的覆盖)

# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst
allow 10.23.24.0/24 #写自己的网段,网段内的主机与这台服务器同步
local stratum 10 #同步间隔时间

# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift

# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3

# Enable kernel synchronization of the real-time clock (RTC).
rtcsync

# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *

# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2

# Allow NTP client access from local network.
#allow 192.168.0.0/16

# Serve time even if not synchronized to a time source.
#local stratum 10

# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys

# Specify directory for log files.
logdir /var/log/chrony

# Select which information is logged.
#log measurements statistics tracking

创建和编辑/etc/my.cnf.d/openstack.cnf

vim /etc/my.cnf.d/openstack.cnf

(删除原有配置,用我的覆盖)

[mysqld]
bind-address = 10.23.24.39
#改成自己的IP

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启动和设置开机自启

systemctl enable mariadb.service
systemctl start mariadb.service

数据库初始化

mysql_secure_installation

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

In order to log into MariaDB to secure it, we'll need the current
password for the root user.  If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.

Enter current password for root (enter for none):         #直接回车
OK, successfully used password, moving on...

Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.

Set root password? [Y/n] y
New password:                 #设置密码HgTrojan
Re-enter new password: 
Password updated successfully!
Reloading privilege tables..
 ... Success!
#接下来全部都选Y

启动和开机自启

systemctl enable rabbitmq-server.service 

systemctl start rabbitmq-server.service

安装RabbitMQ消息队列

#添加openstack用户 
rabbitmqctl add_user openstack HgTrojan 

# 配置用户读写权限 
rabbitmqctl set_permissions openstack ".*" ".*" ".*" 

# 设置角色 
rabbitmqctl set_user_tags openstack administrator 

# 启动web插件 
rabbitmq-plugins enable rabbitmq_management

安装memcached

vim /etc/sysconfig/memcached
# 修改OPTIONS,加上controller
OPTIONS="-l 127.0.0.1,::1,controller"

systemctl enable memcached.service
systemctl start memcached.service

修改etcd配置文件

vim /etc/etcd/etcd.conf

(删除原有配置,用我的覆盖,记得把IP改成自己的)

[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.23.24.39:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.23.24.39:2379"
ETCD_NAME="controller"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.23.24.39:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.23.24.39:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.23.24.39:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"

启动和开机自启

systemctl start etcd
systemctl enable etcd

安装Keystone

mysql -uroot -pHgTrojan

CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;

修改配置文件

vim /etc/keystone/keystone.conf

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:HgTrojan@controller/keystone

[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet

[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]

同步数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

keystone-manage bootstrap --bootstrap-password HgTrojan \
  --bootstrap-admin-url http://controller:5000/v3/ \
  --bootstrap-internal-url http://controller:5000/v3/ \
  --bootstrap-public-url http://controller:5000/v3/ \
  --bootstrap-region-id RegionOne

修改httpd配置

vim /etc/httpd/conf/httpd.conf

添加内容

ServerName controller

创建软链接

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

启动和开机自启

systemctl enable httpd.service
systemctl start httpd.service

环境变量文件

vim admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=HgTrojan
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

测试keystone是否正常工作

创建example域

source admin-openrc
openstack domain create --description "An Example Domain" example

#成功会输出类似下方输出

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | An Example Domain                |
| enabled     | True                             |
| id          | 2f4f80574fd84fe6ba9067228ae0a50c |
| name        | example                          |
| tags        | []                               |
+-------------+----------------------------------+

创建service项目

openstack project create --domain default \
  --description "Service Project" service
 
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

验证

#取消设置临时OS_AUTH_URL和OS_PASSWORD环境变量
unset OS_AUTH_URL OS_PASSWORD

openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue

Password: # 这个地方输入admin密码,即HgTrojan

+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

安装glance

mysql -u root -pHgTrojan

CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;

创建glance镜像服务

# 设置环境变量
source admin-openrc
# 创建glance用户
openstack user create --domain default --password-prompt glance

#会输出类似下方内容
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 3f4e777c4062483ab8d9edd7dff829df |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# 将glance用户加入service项目,并设置为amdin角色
openstack role add --project service --user glance admin
# 创建名为glance的服务
openstack service create --name glance \
  --description "OpenStack Image" image

给glance镜像服务创建端口

openstack endpoint create --region RegionOne \
  image public http://controller:9292
  
openstack endpoint create --region RegionOne \
  image internal http://controller:9292
  
openstack endpoint create --region RegionOne \
  image admin http://controller:9292

修改glance配置

vim /etc/glance/glance-api.conf

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]
[cinder]
[cors]
[database]
connection = mysql+pymysql://glance:HgTrojan@controller/glance

[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[image_format]
[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = HgTrojan

[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone

[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]

同步数据库

su -s /bin/sh -c "glance-manage db_sync" glance

systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service

验证服务

source admin-openrc

# 下载图像
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img

# 上传到image服务
glance image-create --name "cirros" \
  --file cirros-0.4.0-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --visibility=public

# 确定上传图片以及验证属性
openstack image list

+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 2a2ff041-0696-47a6-893b-b35d529b743d | cirros | active |
+--------------------------------------+--------+--------+

# 输出这个就代表没错

安装placement

mysql -u root -pHgTrojan

CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
  IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
  IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;

配置用户

# 加载变量
source admin-openrc
# 创建placement用户
openstack user create --domain default --password-prompt placement
# 配置为admin角色权限
openstack role add --project service --user placement admin
# 创建Placement API
openstack service create --name placement \
  --description "Placement API" placement
# 创建端口 
openstack endpoint create --region RegionOne \
  placement public http://controller:8778
openstack endpoint create --region RegionOne \
  placement admin http://controller:8778
openstack endpoint create --region RegionOne \
  placement internal http://controller:8778

修改placement配置文件

vim /etc/placement/placement.conf

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]
[api]
auth_strategy = keystone

[cors]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = HgTrojan

[oslo_policy]
[placement]
[placement_database]
connection = mysql+pymysql://placement:HgTrojan@controller/placement

[profiler]

同步数据库

su -s /bin/sh -c "placement-manage db sync" placement

vim /etc/httpd/conf.d/00-placement-api.conf
# 在这个文件加入这些配置
 
<Directory /usr/bin>
 <IfVersion >= 2.4>
     Require all granted
 </IfVersion>
 <IfVersion < 2.4>
     Order allow,deny
     Allow from all
 </IfVersion>
</Directory>

#重启阿帕奇服务
systemctl restart httpd

验证

 placement-status upgrade check
 
+----------------------------------+
| Upgrade Check Results            |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success                  |
| Details: None                    |
+----------------------------------+
| Check: Incomplete Consumers      |
| Result: Success                  |
| Details: None                    |
+----------------------------------+

安装nova

mysql -u root -pHgTrojan

CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'HgTrojan';
 
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'HgTrojan';
 
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
  IDENTIFIED BY 'HgTrojan';
  
FLUSH PRIVILEGES;

创建用户

openstack user create --domain default --password-prompt nova

openstack role add --project service --user nova admin
openstack service create --name nova \
  --description "OpenStack Compute" compute

创建服务端点

openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1

编辑配置文件 nova.conf

vim /etc/nova/nova.conf

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]
my_ip = 10.23.24.39
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:HgTrojan@controller:5672/
enabled_apis = osapi_compute,metadata

[api]
auth_strategy = keystone

[api_database]
connection = mysql+pymysql://nova:HgTrojan@controller/nova_api

[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:HgTrojan@controller/nova

[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292

[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = HgTrojan

[libvirt]
[metrics]
[mks]
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = HgTrojan
service_metadata_proxy = true
metadata_proxy_shared_secret = HgTrojan

[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = HgTrojan

[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]

同步数据库

su -s /bin/sh -c "nova-manage api_db sync" nova

#配置cell0数据库

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova

#验证 cell0 和 cell1 是否正确注册

su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova

+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
|  Name |                 UUID                 |                   Transport URL                    |                     Database Connection                      | Disabled |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 |                       none:/                       | mysql+pymysql://nova:****@controller/nova_cell0?charset=utf8 |  False   |
| cell1 | f690f4fd-2bc5-4f15-8145-db561a7b9d3d | rabbit://openstack:****@controller:5672/nova_cell1 | mysql+pymysql://nova:****@controller/nova_cell1?charset=utf8 |  False   |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+

启动+开机自启

systemctl enable \
    openstack-nova-api.service \
    openstack-nova-scheduler.service \
    openstack-nova-conductor.service \
    openstack-nova-novncproxy.service
systemctl start \
    openstack-nova-api.service \
    openstack-nova-scheduler.service \
    openstack-nova-conductor.service \
    openstack-nova-novncproxy.service

将计算节点添加到数据库,controller节点执行

openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

验证服务

openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary         | Host       | Zone     | Status  | State | Updated At                 |
+----+----------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-conductor | controller | internal | enabled | up    | 2024-05-19T10:53:30.000000 |
|  2 | nova-scheduler | controller | internal | enabled | up    | 2024-05-19T10:53:33.000000 |
|  6 | nova-compute   | compute    | nova     | enabled | up    | 2024-05-19T10:53:34.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# nova-status upgrade check
如果执行这个命令报错403的话,就去前面加上placement的一些配置即可解决

安装Neutron

mysql -u root -pHgTrojan

CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;

创建用户

source admin-openrc
openstack user create --domain default --password-prompt neutron

openstack role add --project service --user neutron admin

创建服务端点

openstack service create --name neutron \
  --description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
  network public http://controller:9696
openstack endpoint create --region RegionOne \
  network internal http://controller:9696
openstack endpoint create --region RegionOne \
  network admin http://controller:9696

编写配置文件 neutron.conf

vim /etc/neutron/neutron.conf

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:HgTrojan@controller
auth_strategy = keystone

[cors]
[database]
connection = mysql+pymysql://neutron:HgTrojan@controller/neutron

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = HgTrojan
 
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = HgTrojan

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]

编写配置文件 ml2_conf.ini

vim /etc/neutron/plugins/ml2/ml2_conf.ini

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]

[ml2]
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
type_drivers = flat,vlan,vxlan
extension_drivers = port_security
 
[ml2_type_flat]
flat_networks = provider
 
[ml2_type_vxlan]
vni_ranges = 1:1000
 
[securitygroup]
enable_ipset = true

编写linuxbridge_agent.ini

vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini

(删除原有配置,用我的覆盖,记得替换自己的参数)

[DEFAULT]

[linux_bridge]
physical_interface_mappings = provider:ens192
# 这里的ens34你改成你自己使用NAT的那一张网卡
[vxlan]
enable_vxlan = true
# IP改成自己的
local_ip = 10.23.24.39
l2_population = true
 
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

打开桥接

modprobe br_netfilter
vim /etc/sysctl.conf

net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1

sysctl -p

修改 l3_agent.ini

vim /etc/neutron/l3_agent.ini

[DEFAULT]
interface_driver = linuxbridge

修改dhcp_agent.ini

vim /etc/neutron/dhcp_agent.ini

[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

修改metadata_agent.ini

vim /etc/neutron/metadata_agent.ini

[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = HgTrojan

完成安装

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

启动服务

systemctl restart openstack-nova-api.service

systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl start neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service

验证服务

source admin-openrc
openstack network agent list

+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 121cc747-3516-446e-bb6f-c6e95af3a000 | Metadata agent     | localhost  | None              | :-)   | UP    | neutron-metadata-agent    |
| 17059e4f-c61f-4e8c-87ff-35ced7764543 | Linux bridge agent | localhost  | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 32fded8a-dc80-4316-9771-42055979b0b8 | L3 agent           | localhost  | nova              | :-)   | UP    | neutron-l3-agent          |
| ae4ca75a-153b-4bf4-a284-8db4d338d757 | DHCP agent         | localhost  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| e930286f-f99c-4f35-b8c0-0d5e83e35bf8 | Linux bridge agent | compute    | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

安装面板

vim /etc/openstack-dashboard/local_settings
# 本来就存在的配置修改,不存在的直接添加

OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
 
CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# 这里面如果你安装的neutron是 provider类型的禁用第三项,其他的不变
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': True,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
# 这一行得加上
WEBROOT='/dashboard'

修改httpd配置

vim /etc/httpd/conf.d/openstack-dashboard.conf
# 加上这一行
WSGIApplicationGroup %{GLOBAL}

#重启httpd和memcached服务
systemctl restart httpd.service memcached.service