openstack-mitaka安装部署

LOCKLOSE · 发表于 2017-6-26 15:08:26

　　1、基础环境

vi /etc/resolv.conf
nameserver 8.8.8.8
yum -y install lrzsz net-tools
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
vi /etc/sysconfig/selinux
vi /etc/hosts
192.168.2.1 node1
192.168.2.2 node2
192.168.2.3 node3

　　2、修改主机名

hostnamectl set-hostname node1
　　#后需要重启主机生效
　　3、安装ntp服务

vi /etc/ntp.conf 添加以下内容：
restrict default nomodify
server  127.127.1.0
fudge 127.127.1.0 stratum 8
重启NTP服务
sudo systemctl restart ntpd
sudo systemctl enable ntpd.service
请调准NTP server端的时间
date -s "2016-06-21 16:43:00"
watch -n 1 ntpq -p
硬件时钟与系统时钟同步：
# hwclock --hctosys 或者
# clock --hctosys

　　4、添加互信

ssh-keygen

ssh-copy-id root@node1
ssh-copy-id root@node2
ssh-copy-id root@node3
　　5、配置openstack的yum源

cd /etc/yum.repos
vi m.repo
[mitaka]
name=mitaka.repo
baseurl=http://mirrors.163.com/centos/7.3.1611/cloud/x86_64/openstack-mitaka/
enabled=1
gpgcheck=0

　　随时间变化，路径有所变化
　　6、缓存yum源，并更新

yum makecache &&  yum update -y
centos：
yum install yum-plugin-priorities -y #防止自动更新
yum install centos-release-openstack-mitaka -y #如果不使用我的自定义yum那么请执行这一步

　　7、在所有节点更新，安装openstack客户端

yum upgrade -y
yum install python-openstackclient -y
yum install openstack-selinux -y

　　8、控制节点部署mariadb数据库

yum install mariadb mariadb-server python2-PyMySQL -y

编辑：
vi /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 10.112.17.80
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启服务：
systemctl enable mariadb.service
systemctl start mariadb.service
初始化数据库
mysql_secure_installation

　　9、为Telemetry 服务部署MongoDB

yum install mongodb-server mongodb -y

编辑：/etc/mongod.conf
bind_ip = 192.168.2.1
smallfiles = true

启动服务：
systemctl enable mongod.service
systemctl start mongod.service

　　10、部署消息队列rabbitmq(验证方式:http://172.16.209.104:15672/ 用户:guest 密码:guest)

控制节点：
yum install rabbitmq-server -y

启动服务：
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

新建rabbitmq用户密码：
rabbitmqctl add_user openstack 123

为新建的用户openstack设定权限：
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

　　11、部署memcached缓存（为keystone服务缓存tokens）

控制节点：
yum install memcached python-memcached -y

启动服务：
systemctl enable memcached.service
systemctl start memcached.service
systemctl restart memcached.service

　　12、认证服务keystone部署

1.建库建用户
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'linux-3' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
flush privileges;

2.yum install openstack-keystone httpd mod_wsgi -y

3.编辑 vi /etc/keystone/keystone.conf

[DEFAULT]
admin_token = 123 #建议用命令制作token:openssl rand -hex 10

[database]
connection = mysql+pymysql://keystone:123@linux-3/keystone

[token]
provider = fernet
#Token Provider：UUID, PKI, PKIZ, or Fernet #http://blog.csdn.net/miss_yang_cloud/article/details/49633719

4.同步修改到数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone

5.初始化fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

　　13、配置apache服务

编辑：vi /etc/httpd/conf/httpd.conf
ServerName node1

编辑：vi /etc/httpd/conf.d/wsgi-keystone.conf
新增配置
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
7.启动服务:
systemctl enable httpd.service
systemctl start httpd.service
systemctl restart httpd.service

　　14、创建服务实体和访问端点

1.实现配置管理员环境变量，用于获取后面创建的权限
export OS_TOKEN=123
export OS_URL=http://linux-3:35357/v3
export OS_IDENTITY_API_VERSION=3

2.基于上一步给的权限，创建认证服务实体（目录服务）
openstack service create \
--name keystone --description "OpenStack Identity" identity
3.基于上一步建立的服务实体，创建访问该实体的三个api端点

openstack endpoint create --region RegionOne \
identity public http://linux-3:5000/v3
openstack endpoint create --region RegionOne \
identity internal http://linux-3:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://linux-3:35357/v3

openstack catalog list
三：创建域，租户，用户，角色，把四个元素关联到一起
建立一个公共的域名：
openstack domain create --description "Default Domain" default

管理员：admin
openstack project create --domain default \
--description "Admin Project" admin
openstack user create --domain default \
--password-prompt admin
123

openstack role create admin
openstack role add --project admin --user admin admin

普通用户：demo
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
123

openstack role create user
openstack role add --project demo --user demo user

为后续的服务创建统一租户service
解释：后面每搭建一个新的服务都需要在keystone中执行四种操作：1.建租户 2.建用户 3.建角色 4.做关联
后面所有的服务公用一个租户service，都是管理员角色admin，所以实际上后续的服务安装关于keysotne
的操作只剩2，4
openstack project create --domain default \
--description "Service Project" service

四：验证操作：
编辑：/etc/keystone/keystone-paste.ini
在[pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] 三个地方
移走：admin_token_auth

unset OS_TOKEN OS_URL

openstack --os-auth-url http://linux-3:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field    | Value                                                                                                                                                                                  |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2016-08-17T08:29:18.528637Z                                                                                                                                                          |
| id       | gAAAAABXtBJO-mItMcPR15TSELJVB2iwelryjAGGpaCaWTW3YuEnPpUeg799klo0DaTfhFBq69AiFB2CbFF4CE6qgIKnTauOXhkUkoQBL6iwJkpmwneMo5csTBRLAieomo4z2vvvoXfuxg2FhPUTDEbw-DPgponQO-9FY1IAEJv_QV1qRaCRAY0 |
| project_id | 9783750c34914c04900b606ddaa62920                                                                                                                                                       |
| user_id | 8bc9b323a3b948758697cb17da304035                                                                                                                                                       |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

五：新建客户端脚本文件

管理员：admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_AUTH_URL=http://linux-3:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

普通用户demo：demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123
export OS_AUTH_URL=http://linux-3:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
效果：
source admin-openrc
[iyunv@controller01 ~]# openstack token issue

　　15、部署镜像服务

一：安装和配置服务
1.建库建用户
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '123';
flush privileges;

2.keystone认证操作：
上面提到过：所有后续项目的部署都统一放到一个租户service里，然后需要为每个项目建立用户，建管理员角色，建立关联
. admin-openrc
openstack user create --domain default --password-prompt glance
123
openstack role add --project service --user glance admin

建立服务实体
openstack service create --name glance \
--description "OpenStack Image" image

建端点
openstack endpoint create --region RegionOne \
image public http://linux-3:9292
openstack endpoint create --region RegionOne \
image internal http://linux-3:9292
openstack endpoint create --region RegionOne \
image admin http://linux-3:9292

3.安装软件
yum install openstack-glance -y

4.修改配置：
编辑：vi /etc/glance/glance-api.conf

[database]
#这里的数据库连接配置是用来初始化生成数据库表结构,不配置无法生成数据库表结构
#glance-api不配置database对创建vm无影响，对使用metada有影响
#日志报错:ERROR glance.api.v2.metadef_namespaces
connection = mysql+pymysql://glance:123@linux-3/glance

[keystone_authtoken]
auth_url = http://linux-3:5000
memcached_servers = linux-3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123

auth_uri = http://linux-3:5000
auth_url = http://linux:35357
memcached_servers = linux:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123

[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file #指定本地存储，ceph是rdb协议
filesystem_store_datadir = /var/lib/glance/images/

编辑：vi /etc/glance/glance-registry.conf

[database]
#这里的数据库配置是用来glance-registry检索镜像元数据
connection = mysql+pymysql://glance:123@linux-3/glance
[keystone_authtoken]
...
auth_uri = http://linux-3:5000
auth_url = http://linux:35357
memcached_servers = linux:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
[paste_deploy]
...
flavor = keystone
新建目录：
mkdir /var/lib/glance/images/
chown glance. /var/lib/glance/images/

同步数据库：（此处会报一些关于future的问题，自行忽略）
su -s /bin/sh -c "glance-manage db_sync" glance

启动服务：
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service

systemctl restart openstack-glance-api.service \
openstack-glance-registry.service

二：验证操作：
. admin-openrc
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
（本地下载：wget http://172.16.209.100/cirros-0.3.4-x86_64-disk.img）

openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
Error finding address for http://linux-3:9292/v2/schemas/image: HTTPConnectionPool(host='linux-3', port=9292): Max retries exceeded with url: /v2/schemas/image (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x3654710>: Failed to establish a new connection: [Errno 111] Connection refused',))

openstack image list

　　16、部署compute服务

一：控制节点配置
1.建库建用户
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY '123';
flush privileges;

2.keystone相关操作

. admin-openrc
openstack user create --domain default \
--password-prompt nova
123
openstack role add --project service --user nova admin
openstack service create --name nova \
--description "OpenStack Compute" compute

openstack endpoint create --region RegionOne \
compute public http://linux-3:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://linux-3:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://linux-3:8774/v2.1/%\(tenant_id\)s

3.安装软件包：
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y

4.修改配置：
编辑vi /etc/nova/nova.conf

[DEFAULT]
osapi #代码多，防止代码冗余的额       metadata开通云主机后注入一些代码，如开机装服务什么的
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
#下面的为管理ip
my_ip = 10.112.17.80
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:123@linux-3/nova_api

[database]
connection = mysql+pymysql://nova:123@linux-3/nova

[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123
[keystone_authtoken]
auth_url = http://linux-3:5000
memcached_servers = linux-3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123

[vnc]
#下面的为管理ip
vncserver_listen = 10.112.17.80
#下面的为管理ip
vncserver_proxyclient_address = 10.112.17.80

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

5.同步数据库：（此处会报一些关于future的问题，自行忽略）
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova

6.启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service

二：计算节点配置

1.安装软件包：
yum install openstack-nova-compute libvirt-daemon-lxc -y

2.修改配置：
编辑/etc/nova/nova.conf

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
#计算节点管理网络ip
my_ip = 10.112.17.80
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
#计算节点管理网络ip
vncserver_proxyclient_address = 10.112.17.80
#控制节点管理网络ip
novncproxy_base_url = http://10.112.17.80:6080/vnc_auto.html

[glance]
api_servers = http://linux-3:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

3.如果在不支持虚拟化的机器上部署nova，请确认
egrep -c '(vmx|svm)' /proc/cpuinfo结果为0
则编辑/etc/nova/nova.conf
[libvirt]
virt_type = qemu

4.启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

三：验证
控制节点
[iyunv@controller01 ~]# source admin-openrc
[iyunv@controller01 ~]# openstack compute service list
+----+------------------+--------------+----------+---------+-------+----------------------------+
| Id | Binary          | Host       | Zone    | Status  | State | Updated At                |
+----+------------------+--------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller01 | internal | enabled | up | 2016-08-17T08:51:37.000000 |
|  2 | nova-conductor | controller01 | internal | enabled | up | 2016-08-17T08:51:29.000000 |
|  8 | nova-scheduler | controller01 | internal | enabled | up | 2016-08-17T08:51:38.000000 |
| 12 | nova-compute    | compute01 | nova    | enabled | up | 2016-08-17T08:51:30.000000 |

　　17、部署网络服务

一：控制节点配置
1.建库建用户
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY '123';
flush privileges;

2.keystone相关
. admin-openrc

openstack user create --domain default --password-prompt neutron
123
openstack role add --project service --user neutron admin
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://linux-3:9696
openstack endpoint create --region RegionOne \
network internal http://linux-3:9696
openstack endpoint create --region RegionOne \
network admin http://linux-3:9696
3.安装软件包
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which  -y

4.配置服务器组件
编辑 /etc/neutron/neutron.conf文件,并完成以下动作:
在[数据库]节中,配置数据库访问:
[DEFAULT]
core_plugin = ml2
service_plugins = router
#下面配置:启用重叠IP地址功能
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123
[database]
connection = mysql+pymysql://neutron:123@linux-3/neutron

[keystone_authtoken]
auth_url = http://linux-3:5000
memcached_servers = linux-3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[nova]
auth_url = http://linux-3:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True

编辑/etc/nova/nova.conf文件：
[neutron]
url = http://linux-3:9696
auth_url = http://linux-3:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = True
5.创建连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

6.同步数据库：（此处会报一些关于future的问题，自行忽略）
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7.重启nova服务
systemctl restart openstack-nova-api.service

8.启动neutron服务
systemctl enable neutron-server.service
systemctl start neutron-server.service

二：网络节点配置

1. 编辑 /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

2.执行下列命令，立即生效
sysctl -p

3.安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y

4．配置组件
编辑/etc/neutron/neutron.conf文件
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

6、编辑 /etc/neutron/plugins/ml2/openvswitch_agent.ini文件:
[ovs]
#下面ip为网络节点数据网络ip
local_ip=10.112.17.80
bridge_mappings=external:br-ex

[agent]
tunnel_types=gre,vxlan
l2_population=True
prevent_arp_spoofing=True

7.配置L3代理。编辑 /etc/neutron/l3_agent.ini文件:
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge=br-ex

8.配置DHCP代理。编辑 /etc/neutron/dhcp_agent.ini文件:

[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata=True

9.配置元数据代理。编辑 /etc/neutron/metadata_agent.ini文件:
[DEFAULT]
nova_metadata_ip=linux-3
metadata_proxy_shared_secret=123

10.启动服务

网路节点：
systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service

12.建网桥
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth2

注意，如果网卡数量有限，想用网路节点的管理网络网卡作为br-ex绑定的物理网卡
#那么需要将网络节点管理网络网卡ip去掉，建立br-ex的配置文件，ip使用原管理网ip

[iyunv@network01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
NM_CONTROLLED=no
[iyunv@network01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br-ex
10.112.17.80
10.112.16.1
211.136.192.6
211.136.17.107
DEVICE=br-ex
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
HWADDR=fa:16:3e:74:eb:de
IPADDR=10.112.17.80
GATEWAY=10.112.16.1
NETMASK=255.0.0.0
DNS1=211.136.192.6
DNS1=211.136.17.107
NM_CONTROLLED=no #注意加上这一句否则网卡可能启动不成功
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth0
/etc/init.d/network restart && ovs-vsctl add-port br-ex eth0
systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service

[iyunv@linux-3 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:74:eb:de brd ff:ff:ff:ff:ff:ff
inet 10.112.17.80/22 brd 10.112.19.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe74:ebde/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 7a:fd:9f:1f:e5:57 brd ff:ff:ff:ff:ff:ff
4: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 1a:17:22:92:85:49 brd ff:ff:ff:ff:ff:ff
[iyunv@linux-3 network-scripts]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 10.112.17.80  netmask 255.255.252.0  broadcast 10.112.19.255
inet6 fe80::f816:3eff:fe74:ebde  prefixlen 64  scopeid 0x20<link>
ether fa:16:3e:74:eb:de  txqueuelen 1000  (Ethernet)
RX packets 14710  bytes 2185896 (2.0 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 14771  bytes 4133409 (3.9 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

三：计算节点配置
1. 编辑 /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
2.sysctl -p

3.yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y

4.编辑 /etc/neutron/neutron.conf文件

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = node1
rabbit_userid = openstack
rabbit_password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

5．编辑 /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
#下面ip为计算节点数据网络ip
local_ip = 10.1.1.2
#bridge_mappings = vlan:br-vlan
[agent]
tunnel_types = gre,vxlan
l2_population = True
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

7.编辑 /etc/nova/nova.conf

[neutron]
url = http://node1:9696
auth_url = http://node1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
8．启动服务
systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service
systemctl restart neutron-openvswitch-agent.service

ovs-vsctl show

　　18、部署控制面板dashboard

在控制节点
1.安装软件包
yum install openstack-dashboard -y

2.配置/etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "linux-3"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'linux-3:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "UTC"

3.启动服务
systemctl enable httpd.service memcached.service
systemctl restart httpd.service memcached.service

4.验证；
http://10.112.17.80/dashboard
总结：
与keystone打交道的只有api层，所以不要到处乱配
建主机的时候由nova-compute负责调用各个api，所以不要再控制节点配置啥调用
ml2是neutron的core plugin，只需要在控制节点配置
网络节点只需要配置相关的agent
各组件的api除了接收请求外还有很多其他功能，比方说验证请求的合理性，控制节点nova.conf需要配neutron的api、认证，因为nova boot时需要去验证用户提交网络的合理性，控制节点neutron.conf需要配nova的api、认证，因为你删除网络端口时需要通过nova-api去查是否有主机正在使用端口。计算几点nova.conf需要配neutron，因为nova-compute发送请求给neutron-server来创建端口。这里的端口值得是'交换机上的端口'
不明白为啥？或者不懂我在说什么，请好好研究openstack各组件通信机制和主机创建流程，或者来听我的课哦，一般博文都不教真的。

网路故障排查：
网络节点：
[iyunv@network02 ~]# ip netns show
qdhcp-e63ab886-0835-450f-9d88-7ea781636eb8
qdhcp-b25baebb-0a54-4f59-82f3-88374387b1ec
qrouter-ff2ddb48-86f7-4b49-8bf4-0335e8dbaa83

[iyunv@network02 ~]# ip netns exec qrouter-ff2ddb48-86f7-4b49-8bf4-0335e8dbaa83 bash

[iyunv@network02 ~]# ping -c2 www.baidu.com
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125: icmp_seq=1 ttl=52 time=33.5 ms
64 bytes from 61.135.169.125: icmp_seq=2 ttl=52 time=25.9 ms
如果无法ping通，那么退出namespace
ovs-vsctl del-br br-ex
ovs-vsctl del-br br-int
ovs-vsctl del-br br-tun
ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth0
systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service

https://console-beijing-1.cmecloud.cn:6080/vnc_auto.html?token=10826633-c33f-4c50-8239-c15ea51801c1

root
linux123

　　19、
　　20、
　　21、
　　22、

账号		自动登录	找回密码
密码			立即注册

大疆运维招人啦，

C++ :try 语句块和异常处理

C++的多态

Red Hat RHCE 8 (EX294) Cert Guide

Java/C++ 区别：看完这一篇，就够用！

别再用过时库了！这 13 个顶级 C++ 库才是

c++ size_t 和 int 的区别

[经验分享] openstack-mitaka安装部署

浏览过的版块

扫码加入运维网微信交流群