双节点多模块安装open stack train(controller)
前期准备
换阿里源
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
yum clean all
yum makecache
改主机名
hostnamectl set-hostname controller
添加主机名hosts映射
vi /etc/hosts
#添加下面内容
10.23.24.37(换成控制节点IP) controller
10.23.24.32(换成计算节点IP) compute
关闭防火墙&selinux
systemctl stop firewalld
systemctl disable firewalld
vim /etc/sysconfig/selinux
#修改SELINUX参数
SELINUX=disabled
#重启生效
reboot
更新
yum update
安装组件(一)
yum install chrony -y
yum install centos-release-openstack-train -y
#安装时间同步chrony
#安装open stack train软件包
一键换open stack train软件包源
vim yum.sh
#!/bin/bash
exec_list=`sudo ls /etc/yum.repos.d`
for i in ${exec_list[@]}
do
echo $i;
sudo sed -i "s/mirrorlist/#mirrorlist/g" /etc/yum.repos.d/$i
sudo sed -i "s/#baseurl/baseurl/g" /etc/yum.repos.d/$i
sudo sed -i "s/https/http/g" /etc/yum.repos.d/$i
sudo sed -i "s/http/https/g" /etc/yum.repos.d/$i
sudo sed -i "s/mirror.centos.org/mirrors.aliyun.com/g" /etc/yum.repos.d/$i
sudo sed -i "s/\$contentdir/centos/g" /etc/yum.repos.d/$i
done
安装组件(二)
yum install python2-openstackclient -y
yum install mariadb mariadb-server python2-PyMySQL -y
yum install rabbitmq-server -y
yum install memcached python-memcached -y
yum install etcd -y
yum install openstack-keystone httpd mod_wsgi -y
yum install openstack-glance -y
yum install openstack-placement-api -y
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables -y
yum install openstack-dashboard -y
yum update -y
#安装open stack train软件包
#安装数据库
#安装RabbitMQ消息队列
#安装memcached
#安装etcd
#安装keystone服务
#安装配置glance
#安装placement
#安装nova
#安装neutron软件包
#安装面板
时间同步
修改chrony.conf
vim /etc/chrony.conf
(删除原有配置,用我的覆盖)
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
server 0.centos.pool.ntp.org iburst
server 1.centos.pool.ntp.org iburst
server 2.centos.pool.ntp.org iburst
server 3.centos.pool.ntp.org iburst
server ntp.aliyun.com iburst
allow 10.23.24.0/24 #写自己的网段,网段内的主机与这台服务器同步
local stratum 10 #同步间隔时间
# Record the rate at which the system clock gains/losses time.
driftfile /var/lib/chrony/drift
# Allow the system clock to be stepped in the first three updates
# if its offset is larger than 1 second.
makestep 1.0 3
# Enable kernel synchronization of the real-time clock (RTC).
rtcsync
# Enable hardware timestamping on all interfaces that support it.
#hwtimestamp *
# Increase the minimum number of selectable sources required to adjust
# the system clock.
#minsources 2
# Allow NTP client access from local network.
#allow 192.168.0.0/16
# Serve time even if not synchronized to a time source.
#local stratum 10
# Specify file containing keys for NTP authentication.
#keyfile /etc/chrony.keys
# Specify directory for log files.
logdir /var/log/chrony
# Select which information is logged.
#log measurements statistics tracking
创建和编辑/etc/my.cnf.d/openstack.cnf
vim /etc/my.cnf.d/openstack.cnf
(删除原有配置,用我的覆盖)
[mysqld]
bind-address = 10.23.24.39
#改成自己的IP
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
启动和设置开机自启
systemctl enable mariadb.service
systemctl start mariadb.service
数据库初始化
mysql_secure_installation
NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB
SERVERS IN PRODUCTION USE! PLEASE READ EACH STEP CAREFULLY!
In order to log into MariaDB to secure it, we'll need the current
password for the root user. If you've just installed MariaDB, and
you haven't set the root password yet, the password will be blank,
so you should just press enter here.
Enter current password for root (enter for none): #直接回车
OK, successfully used password, moving on...
Setting the root password ensures that nobody can log into the MariaDB
root user without the proper authorisation.
Set root password? [Y/n] y
New password: #设置密码HgTrojan
Re-enter new password:
Password updated successfully!
Reloading privilege tables..
... Success!
#接下来全部都选Y
启动和开机自启
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
安装RabbitMQ消息队列
#添加openstack用户
rabbitmqctl add_user openstack HgTrojan
# 配置用户读写权限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
# 设置角色
rabbitmqctl set_user_tags openstack administrator
# 启动web插件
rabbitmq-plugins enable rabbitmq_management
安装memcached
vim /etc/sysconfig/memcached
# 修改OPTIONS,加上controller
OPTIONS="-l 127.0.0.1,::1,controller"
systemctl enable memcached.service
systemctl start memcached.service
修改etcd配置文件
vim /etc/etcd/etcd.conf
(删除原有配置,用我的覆盖,记得把IP改成自己的)
[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.23.24.39:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.23.24.39:2379"
ETCD_NAME="controller"
[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.23.24.39:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.23.24.39:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.23.24.39:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
启动和开机自启
systemctl start etcd
systemctl enable etcd
安装Keystone
mysql -uroot -pHgTrojan
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;
修改配置文件
vim /etc/keystone/keystone.conf
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
[application_credential]
[assignment]
[auth]
[cache]
[catalog]
[cors]
[credential]
[database]
connection = mysql+pymysql://keystone:HgTrojan@controller/keystone
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[federation]
[fernet_receipts]
[fernet_tokens]
[healthcheck]
[identity]
[identity_mapping]
[jwt_tokens]
[ldap]
[memcache]
[oauth1]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[policy]
[profiler]
[receipt]
[resource]
[revoke]
[role]
[saml]
[security_compliance]
[shadow_users]
[token]
provider = fernet
[tokenless_auth]
[totp]
[trust]
[unified_limit]
[wsgi]
同步数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password HgTrojan \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
修改httpd配置
vim /etc/httpd/conf/httpd.conf
添加内容
ServerName controller
创建软链接
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启动和开机自启
systemctl enable httpd.service
systemctl start httpd.service
环境变量文件
vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=HgTrojan
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
测试keystone是否正常工作
创建example域
source admin-openrc
openstack domain create --description "An Example Domain" example
#成功会输出类似下方输出
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
创建service项目
openstack project create --domain default \
--description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
验证
#取消设置临时OS_AUTH_URL和OS_PASSWORD环境变量
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
Password: # 这个地方输入admin密码,即HgTrojan
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
安装glance
mysql -u root -pHgTrojan
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;
创建glance镜像服务
# 设置环境变量
source admin-openrc
# 创建glance用户
openstack user create --domain default --password-prompt glance
#会输出类似下方内容
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
# 将glance用户加入service项目,并设置为amdin角色
openstack role add --project service --user glance admin
# 创建名为glance的服务
openstack service create --name glance \
--description "OpenStack Image" image
给glance镜像服务创建端口
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
修改glance配置
vim /etc/glance/glance-api.conf
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
[cinder]
[cors]
[database]
connection = mysql+pymysql://glance:HgTrojan@controller/glance
[file]
[glance.store.http.store]
[glance.store.rbd.store]
[glance.store.sheepdog.store]
[glance.store.swift.store]
[glance.store.vmware_datastore.store]
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[image_format]
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = HgTrojan
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
flavor = keystone
[profiler]
[store_type_location_strategy]
[task]
[taskflow_executor]
同步数据库
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
验证服务
source admin-openrc
# 下载图像
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
# 上传到image服务
glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility=public
# 确定上传图片以及验证属性
openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 2a2ff041-0696-47a6-893b-b35d529b743d | cirros | active |
+--------------------------------------+--------+--------+
# 输出这个就代表没错
安装placement
mysql -u root -pHgTrojan
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' \
IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;
配置用户
# 加载变量
source admin-openrc
# 创建placement用户
openstack user create --domain default --password-prompt placement
# 配置为admin角色权限
openstack role add --project service --user placement admin
# 创建Placement API
openstack service create --name placement \
--description "Placement API" placement
# 创建端口
openstack endpoint create --region RegionOne \
placement public http://controller:8778
openstack endpoint create --region RegionOne \
placement admin http://controller:8778
openstack endpoint create --region RegionOne \
placement internal http://controller:8778
修改placement配置文件
vim /etc/placement/placement.conf
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
[api]
auth_strategy = keystone
[cors]
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = HgTrojan
[oslo_policy]
[placement]
[placement_database]
connection = mysql+pymysql://placement:HgTrojan@controller/placement
[profiler]
同步数据库
su -s /bin/sh -c "placement-manage db sync" placement
vim /etc/httpd/conf.d/00-placement-api.conf
# 在这个文件加入这些配置
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
#重启阿帕奇服务
systemctl restart httpd
验证
placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
安装nova
mysql -u root -pHgTrojan
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;
创建用户
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova \
--description "OpenStack Compute" compute
创建服务端点
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
编辑配置文件 nova.conf
vim /etc/nova/nova.conf
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
my_ip = 10.23.24.39
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:HgTrojan@controller:5672/
enabled_apis = osapi_compute,metadata
[api]
auth_strategy = keystone
[api_database]
connection = mysql+pymysql://nova:HgTrojan@controller/nova_api
[barbican]
[cache]
[cinder]
[compute]
[conductor]
[console]
[consoleauth]
[cors]
[database]
connection = mysql+pymysql://nova:HgTrojan@controller/nova
[devices]
[ephemeral_storage_encryption]
[filter_scheduler]
[glance]
api_servers = http://controller:9292
[guestfs]
[healthcheck]
[hyperv]
[ironic]
[key_manager]
[keystone]
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = HgTrojan
[libvirt]
[metrics]
[mks]
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = HgTrojan
service_metadata_proxy = true
metadata_proxy_shared_secret = HgTrojan
[notifications]
[osapi_v21]
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[pci]
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = HgTrojan
[powervm]
[privsep]
[profiler]
[quota]
[rdp]
[remote_debug]
[scheduler]
[serial_console]
[service_user]
[spice]
[upgrade_levels]
[vault]
[vendordata_dynamic_auth]
[vmware]
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[workarounds]
[wsgi]
[xenserver]
[xvp]
[zvm]
同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
#配置cell0数据库
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
#验证 cell0 和 cell1 是否正确注册
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0?charset=utf8 | False |
| cell1 | f690f4fd-2bc5-4f15-8145-db561a7b9d3d | rabbit://openstack:****@controller:5672/nova_cell1 | mysql+pymysql://nova:****@controller/nova_cell1?charset=utf8 | False |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
启动+开机自启
systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl start \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
将计算节点添加到数据库,controller节点执行
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
验证服务
openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2024-05-19T10:53:30.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2024-05-19T10:53:33.000000 |
| 6 | nova-compute | compute | nova | enabled | up | 2024-05-19T10:53:34.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# nova-status upgrade check
如果执行这个命令报错403的话,就去前面加上placement的一些配置即可解决
安装Neutron
mysql -u root -pHgTrojan
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'HgTrojan';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'HgTrojan';
FLUSH PRIVILEGES;
创建用户
source admin-openrc
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
创建服务端点
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
编写配置文件 neutron.conf
vim /etc/neutron/neutron.conf
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:HgTrojan@controller
auth_strategy = keystone
[cors]
[database]
connection = mysql+pymysql://neutron:HgTrojan@controller/neutron
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = HgTrojan
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = HgTrojan
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[oslo_messaging_amqp]
[oslo_messaging_kafka]
[oslo_messaging_notifications]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[privsep]
[ssl]
编写配置文件 ml2_conf.ini
vim /etc/neutron/plugins/ml2/ml2_conf.ini
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
[ml2]
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
type_drivers = flat,vlan,vxlan
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
编写linuxbridge_agent.ini
vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
(删除原有配置,用我的覆盖,记得替换自己的参数)
[DEFAULT]
[linux_bridge]
physical_interface_mappings = provider:ens192
# 这里的ens34你改成你自己使用NAT的那一张网卡
[vxlan]
enable_vxlan = true
# IP改成自己的
local_ip = 10.23.24.39
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
打开桥接
modprobe br_netfilter
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
sysctl -p
修改 l3_agent.ini
vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
修改dhcp_agent.ini
vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
修改metadata_agent.ini
vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = HgTrojan
完成安装
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
启动服务
systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl enable neutron-l3-agent.service
systemctl start neutron-l3-agent.service
验证服务
source admin-openrc
openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 121cc747-3516-446e-bb6f-c6e95af3a000 | Metadata agent | localhost | None | :-) | UP | neutron-metadata-agent |
| 17059e4f-c61f-4e8c-87ff-35ced7764543 | Linux bridge agent | localhost | None | :-) | UP | neutron-linuxbridge-agent |
| 32fded8a-dc80-4316-9771-42055979b0b8 | L3 agent | localhost | nova | :-) | UP | neutron-l3-agent |
| ae4ca75a-153b-4bf4-a284-8db4d338d757 | DHCP agent | localhost | nova | :-) | UP | neutron-dhcp-agent |
| e930286f-f99c-4f35-b8c0-0d5e83e35bf8 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
安装面板
vim /etc/openstack-dashboard/local_settings
# 本来就存在的配置修改,不存在的直接添加
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# 这里面如果你安装的neutron是 provider类型的禁用第三项,其他的不变
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': True,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
# 这一行得加上
WEBROOT='/dashboard'
修改httpd配置
vim /etc/httpd/conf.d/openstack-dashboard.conf
# 加上这一行
WSGIApplicationGroup %{GLOBAL}
#重启httpd和memcached服务
systemctl restart httpd.service memcached.service
打赏: 支付宝
本人所有文章均为技术分享,均用于防御为目的的记录,所有操作均在实验环境下进行,请勿用于其他用途,否则后果自负。 本博客所有文章除特别声明外,均采用 BY-NC-SA 许可协议。转载请注明出处!