设为首页 收藏本站

运维网

 找回密码
 立即注册
查看: 1021|回复: 0

[经验分享] openstack搭建

[复制链接]
jericho0702

尚未签到
发表于 2017-6-26 11:11:04 | 显示全部楼层 |阅读模式
  Openstack环境部署 (参考文献:http://www.cnblogs.com/kevingrace/p/5707003.html 和 https://docs.openstack.org/mitaka/zh_CN)
  注:建议更改某个服务的配置文件时,拷贝一份,防止修改错误而乱删乱改!!!
  1、系统:centOS7
  2、数量:暂定4台
  1、控制节点:controller1 IP:192.168.2.201 外网:124.65.181.122
  2、计算节点:nova1 IP:192.168.2.202 外网:124.65.181.122
  3、块存储节点:cinder IP:192.168.2.222
  4、共享文件节点:manila IP:192.168.2.223
  3、域名解析和关闭iptables、selinux(所有节点)
  域名解析:vi  /etc/hosts
  192.168.2.201 controller1
  192.168.2.202 nova1
  192.168.2.222 cinder1
  192.168.2.223 manila1
  注:可选择编辑controller1节点的hosts文件然后逐一发送至其他节点:scp  /etc/hosts  IP地址:/etc/hosts
  关闭selinux
  永久关闭:vi /etc/selinux/config
  SELINUX=disabled
  临时关闭:setenforce 0
  关闭iptables
  永久关闭:systemctl  disable  firewalld.service
  临时关闭:systemctl  stop    firewalld.service
  4、配置网络时间协议(NTP)
  控制节点:
  yum  install  chrony
  编辑:vi  /etc/chrony.conf
  allow  192.168/24 #允许的服务器和自己同步时间
  systemctl  enable  chronyd.service #开机自启
  systemctl  start    chronyd.service
  timedatectl  set-timezone  Asia/Shanghai #设置时区
  timedatectl  status #查看
  其他节点:
  yum  install  chrony
  编辑:vi  /etc/chrony.conf
  servcer  controller1  iburst #设置时间服务主机名/IP
  systemctl  enable  chronyd.service #开机自启
  systemctl  start    chronyd.service
  timedatectl  set-timezone  Asia/Shanghai #设置时区
  chronyc  sources
  测试是否时间同步
  所有节点执行相同:chronyc  sources
  5、升级包、系统(所有节点)
  yum  install  centos-release-openstack-mitaka
  升级包:yum  upgrade #若更新新内核,需重启来使用新内核
  客户端:yum  install  python-openstackclient
  安全策略:yum  install  openstack-selinux
  6、数据库---mysql (控制节点)
  安装软件包:yum  install  mariadb  mariadb-server  MySQL-python
  拷贝配置文件:cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf #或者/usr/share/mysql/my-medium.cnf /etc/my.cnf
  编辑:vi  /etc/my.cnf
  [mysqld]
  default-storage-engine = innodb
  innodb_file_per_table
  collation-server = utf8_general_ci
  init-connect = 'SET NAMES utf8'
  character-set-server = utf8
  设置开机自启:systemctl enable mariadb.service  
  链接: ln  -s  '/usr/lib/systemd/system/mariadb.service'  '/etc/systemd/system/multi-user.target.wants/mariadb.service'
  初始化数据库:mysql_install_db  --datadir="/var/lib/mysql"  --user="mysql"  
  开启数据库:systemctl  start  mariadb.service
  设置密码及初始化:mysql_secure_installation
  此处我们登陆数据库,分别创建核心节点的数据库然后赋予相应权限
  CREATE DATABASE keystone; #身份认证
  GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
  GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
  CREATE DATABASE glance; #镜像服务
  GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
  GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
  CREATE DATABASE nova; #计算服务
  GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
  GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
  CREATE DATABASE neutron; #网络服务
  GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
  GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
  CREATE DATABASE cinder; #块存储服务
  GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';
  GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';
  刷新数据库:flush  privileges;
  查看:show  databases;
  7、消息队列----rabbitmq (控制节点)
  安装软件包:yum  install  rabbitmq-server
  启动rabbitmq:端口为5672
  systemctl  enable  rabbitmq-server.service
  链接:
  ln  -s  ‘/usr/lib/systemd/system/rabbitmq-server’ ‘/etc/systemd/system/multi-user.target.wants/rabbitmq-server.service’
  启动:systemctl  start  rabbitmq-server.service
  注:若验证是否开启成功执行查看端口命令:netstat  -anpt
  添加openstack用户及密码:rabbitmqctl  add_user  openstack  openstack123 #openstack123表示自行定义的密码
  为openstack用户设置权限:rabbitmqctl  set_permissions  openstack  “.*” “.*” “.*” #允许配置、写、读访问openstack
  查看支持的插件:rabbitmq-plugins  list
  启动插件:rabbitmq-plugins  enable  rabbitmq_management #rabbitmq_management表示实现WEB管理
  重启rabbitmq服务: systemctl  restart  rabbitmq-server.service
  端口:lsof  -i:15672
  测试访问http://192.168.2.201:15672 登陆的用户密码皆是guest
  8、认证服务----keystone (端口:5000和35357) #控制节点执行
  1、安装软件包:yum  install  openstack-keystone httpd  mod_wsgi  memcached  python-memcached
  注:memcached表示认证服务缓存
  2、首先生成随机值:openssl rand -hex 10
  3、拷贝一份keystone配置文件,防止修改出错后排查:cp  /etc/keystone/keystone.conf  /etc/keystone/keystone.conf.bak
  编辑文件vi  /etc/keystone/keystone.conf:
  [DEFAULT]
  admin_token = b6f89e3f5d766bb71bf8 #此处是生成的随机值
  token_format = UUID
  [database]
  connection = mysql+pymysql://keystone:keystone123@controller1/keystone
  [memcache]
  servers = controller1:11211
  [token]
  provider = uuid
  driver =  keystone.token.persistence.backends.sql.Token
  注:keystone默认使用SQL数据库存储token,token默认值为1天(24h)。Openstack中每个组件执行的每次命令(请求)都需要token验证,每次访问都会创建token,增长速度非常快,token表数据也会越来越多。随着时间的推移,无效的记录越来越多,企业私有云的量就可以几万条、几十万条。这么多无效的token导致针对token表的SQL语句变慢,性能也会变差,要么手动写个定时脚本清理token表;要么把token存放在memcache缓存中,利用memcache特性,自动删除不使用的缓存。(本次使用第二种方法)
  4、创建数据库表,使用命令同步:su -s /bin/sh -c "keystone-manage db_sync" keystone
  数据库检查表:mysql  -h  192.168.2.201  -u  keystone  -pkeystone123 #密码键入,直接登陆keystone库
  5、启动apache和memcache
  启动memcache:
  systemctl enable memcached
  注:执行此命令后若出现:Created symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.表示做了一条链接,让其开机自启。然后重新执行此命令!
  systemctl  start  memcached #启动memcache
  验证方法则是查看其默认的11211端口是否开启
  6、配置httpd,编辑其/etc/httpd/conf/httpd.conf文件
  ServerName controller1:80
  创建文件/etc/httpd/conf.d/wsgi-keystone.conf,内容如下:
  Listen 5000
  Listen 35357
  <VirtualHost *:5000>
  WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
  WSGIProcessGroup keystone-public
  WSGIScriptAlias / /usr/bin/keystone-wsgi-public
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  ErrorLogFormat "%{cu}t %M"
  ErrorLog /var/log/httpd/keystone-error.log
  CustomLog /var/log/httpd/keystone-access.log combined
  <Directory /usr/bin>
  Require all granted
  </Directory>
  </VirtualHost>
  <VirtualHost *:35357>
  WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
  WSGIProcessGroup keystone-admin
  WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
  WSGIApplicationGroup %{GLOBAL}
  WSGIPassAuthorization On
  ErrorLogFormat "%{cu}t %M"
  ErrorLog /var/log/httpd/keystone-error.log
  CustomLog /var/log/httpd/keystone-access.log combined
  <Directory /usr/bin>
  Require all granted
  </Directory>
  </VirtualHost>
  启动httpd:
  systemctl enable httpd
  systemctl start httpd
  过滤查看:netstat  -lntup | grep  httpd #或者查看全部其开启的端口 netstat  -anpt
  7、创建keystone用户
  临时设置admin_token用户的环境变量,用来创建用户
  配置认证令牌:export OS_TOKEN=b6f89e3f5d766bb71bf8 #产生的随机值
  配置端点URL:export OS_URL=http://controller1:35357/v3
  配置认证API版本:export OS_IDENTITY_API_VERSION=3
  8、创建服务实体和身份认证服务:openstack service create --name keystone --description "Openstack Identity" identity
  (注:实体ID:e6aa9c8d2e504978a77d09d09d8213d4 名称:keystone 类:identity) #只是标记,你可忽略
  9、创建认证服务API端点:(public公共的、internal内部的、admin管理的)
  openstack endpoint create --region RegionOne identity public http://controller1:5000/v3
  openstack endpoint create --region RegionOne identity internal http://controller1:5000/v3
  openstack endpoint create --region RegionOne identity admin http://controller1:5000/v3
  查看端点列表:
  10、创建域‘default’:openstack domain create --description "Default Domain" default
  查看域列表:
  11、创建admin项目、admin用户、admin角色;添加``admin`` 角色到 admin 项目和用户上
  项目:openstack project create --domain default --description "Admin Project" admin
  用户:openstack user create --domain default --password-prompt admin  #执行命令后,输入自定义密码,本次密码为admin123
  角色:openstack role create admin
  添加:openstack role add --project admin --user admin admin #--project admin代表项目,--user admin代表用户
  注意:此处陈述下大致的openstack逻辑关系======================================================
  1、创建域,以下说明皆在域内,可以说域相当于总框架
  2、admin表示管理任务服务的项目;demo表示常务任务服务的项目;service表示每个服务包含独有用户的项目
  3、service项目中对应每个模块的一个实体
  4、每个模块对应三个变种端点:public(公共)、internal(内部)、admin(管理)
  5、除了service独有用户的项目以外,基本其他项目都相对应一个用户、角色
  6、每个模块的用户我们使用openstack项目名称做代表(keystone、glance、nova等)
  7、而每个模块下的用户基本会对应一个角色
  8、基本架构可简单描述:域--->项目→用户→角色
  ↓
  变种端点
  其他:
  查看域列表:openstack  domain  list
  查看API端点列表:openstack endpoint list
  查看项目列表:openstack  project  list
  查看用户列表:openstack  user  list
  查看角色列表:openstack  role  list
  过滤配置文件内容:cat  配置文件路径  grep -v "^#"|grep -v "^$"
  ( 一些常见问题:http://www.cnblogs.com/kevingrace/p/5811167.html )
  注意问题:若查看列表时出现以下显示
  1、[iyunv@controller1 ~]# openstack project list
  Could not find requested endpoint in Service Catalog.或者
  __init__() got an unexpected keyword argument 'token'或者
  The resource could not be found. (HTTP 404)
  请重新执行token认证:(unset  OS_TOKEN  OS_URL)
  12、创建service项目:openstack project create --domain default --description "Service Project" service
  13、创建demo项目:openstack project create --domain default --description "Demo Project" demo
  查看项目列表:
  创建demo用户:openstack user create --domain default --password-prompt demo   #执行后输入自定义密码,本次密码为demo123
  创建user角色:openstack role create user
  添加:openstack role add --project demo --user demo user
  查看用户列表:
  查看角色列表:
  14、验证,获取token(只有获取到才能说明keystone配置成功):unset  OS_TOKEN  OS_URL
  用户admin,请求认证令牌:openstack --os-auth-url http://controller1:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue
  15、创建环境变量脚本:
  编辑admin:
  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=admin
  export OS_USERNAME=admin
  export OS_PASSWORD=admin123
  export OS_AUTH_URL=http://controller1:35357/v3
  export OS_INENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2
  编辑demo:
  export OS_PROJECT_DOMAIN_NAME=default
  export OS_USER_DOMAIN_NAME=default
  export OS_PROJECT_NAME=demo
  export OS_USERNAME=demo
  export OS_PASSWORD=demo123
  export OS_AUTH_URL=http://controller1:5000/v3
  export OS_IDENTITY_API_VERSION=3
  export OS_IMAGE_API_VERSION=2
  测试切换admin环境变量: .admin-openrc
  测试切换demo环境变量: .  demo-openrc
  
  镜像模块(端口   API9191;registry9292)
  1、安装包:yum install openstack-glance python-glance python-glanceclient
  2、编辑修改/etc/glance/glance-api.conf #注意,修改前请拷贝一份其配置文件;使其配置出错可以恢复
  [database]
  connection = mysql+pymysql://glance:glance123@controller1/glance
  [glance_store]
  stores = file,http
  default_store = file
  filesystem_store_datadir = /var/lib/glance/images/
  [keystone_authtoken]
  auth_uri = http://controller1:5000
  auth_url = http://controller1:35357
  memcached_servers = controller1:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = glance
  password = glance123
  [paste_deploy]
  flavor = keystone
  3、编辑修改/etc/glance/glance-registry.conf #注意,修改前请拷贝一份其配置文件;使其配置出错可以恢复
  [database]
  connection = mysql+pymysql://glance:glance123@controller1/glance
  [glance_store]
  [keystone_authtoken]
  auth_uri = http://controller1:5000
  auth_url = http://controller1:35357
  memcached_servers = controller1:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = glance
  password = glance123
  [paste_deploy]
  flavor = keystone
  创建数据库表,初始化数据库: su -s /bin/sh -c "glance-manage db_sync" glance  #忽略输出信息,比如:
  测试登陆数据然后查看列表:mysql -h controller1  -uglance -pglanage123
  4、切换环境变量: . admin-openrc
  创建关于glance用户:openstack user create --domain default --password-prompt glance #本次glance用户密码定义为glance123
  查看用户列表:
  添加admin角色到glance用户和service项目上:openstack role add --project service --user glance admin
  设置开机自启:systemctl enable openstack-glance-api openstack-glance-registry
  开启:systemctl start openstack-glance-api openstack-glance-registry
  查看是否有相应端口,确认是否开启:netstat -lnutp |grep 9191
  5、创建glance服务实体:openstack service create --name glance --description "OpenStack Image service" image
  查看实体列表:
  创建镜像服务的API端点:
  openstack endpoint create --region RegionOne image public http://controller1:9292
  openstack endpoint create --region RegionOne image internal http://controller1:9292
  openstack endpoint create --region RegionOne image admin http://controller1:9292
  查看端点列表:
  6、测试
  下载源镜像:wget -q http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
  注:若提示wget命令未找到须执行:yum  install  wget  -y
  上传:glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
  查看镜像列表:
  计算服务
  控制节点安装的软件包:
  yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
  注:具体安装包解释请查看编写的openstack技术数据文档!
  控制节点执行编辑/etc/nova/nova.conf(表示如果控制节点也作为计算节点便设置)
  [DEFAULT]#只启用计算和元数据API
  my_ip=192.168.2.201 #控制节点IP
  enabled_apis=osapi_compute,metadata
  auth_strategy=keystone
  allow_resize_to_same_host=true
  firewall_driver=nova.virt.firewall.NoopFirewallDriver
  network_api_class=nova.network.neutronv2.api.API
  use_neutron=true
  rpc_backend=rabbit
  [api_database]#配置数据库连接
  connection=mysql+pymysql://nova:nova123@controller1/nova_api
  [database]
  connection=mysql+pymysql://nova:nova123@controller1/nova
  [glance]#配置服务API的位置
  ...
  api_servers= http://controller1:9292
  [keystone_authtoken]#配置认证服务访问
  ...
  auth_uri=http://controller1:5000
  auth_url = http://controller1:35357
  memcached_servers = controller1:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = nova
  password = nova123
  [libvirt]
  ...
  virt_type=kvm #若控制节点也作为计算节点,这一行需添加
  [neutron]#网络配置
  ...
  url=http://controller1:9696
  auth_url = http://controller1:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  region_name = RegionOne
  project_name = service
  username = neutron
  password = neutron123
  service_metadata_proxy = True
  metadata_proxy_shared_secret = neutron
  [oslo_messaging_rabbit]#配置消息队列访问
  ...
  rabbit_host=controller1
  rabbit_userid=openstack
  rabbit_password=openstack123 #openstack定义的密码
  [vnc]#配置VNC代理
  ...
  keymap=en-us #若控制节点也作为计算节点,需添加
  vncserver_listen=$my_ip
  vncserver_proxyclient_address=$my_ip
  novncproxy_base_url=http://124.65.181.122:6080/vnc_auto.html #若控制节点也作为计算几点,需添加
  同步compute数据库:
  su -s /bin/sh -c "nova-manage db sync" nova
  su -s /bin/sh -c "nova-manage api_db sync" nova
  创建nova用户:openstack user create --domain default --password-prompt nova #注:本次密码自定义设置的是nova123
  查看用户列表:
  给nova用户添加admin角色:openstack role add --project service --user nova admin
  启动相关nova相关的服务:
  systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
  systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
  创建nova实体:openstack service create --name nova --description "OpenStack Compute" compute
  查看实体列表:
  创建compute服务API端点:
  openstack endpoint create --region RegionOne compute public http://controller1:8774/v2.1/%\(tenant_id\)s
  openstack endpoint create --region RegionOne compute internal http://controller1:8774/v2.1/%\(tenant_id\)s
  openstack endpoint create --region RegionOne compute admin http://controller1:8774/v2.1/%\(tenant_id\)s
  端点列表查看:
  检查:
  计算节点安装的软件包:yum install -y openstack-nova-compute sysfsutils
  编辑文件计算节点/etc/nova/nova.conf
  [DEFAULT]
  my_ip=192.168.2.202 #计算节点1的IP
  enabled_apis=osapi_compute,metadata
  auth_strategy=keystone
  firewall_driver=nova.virt.firewall.NoopFirewallDriver
  network_api_class=nova.network.neutronv2.api.API
  use_neutron=true
  rpc_backend=rabbit
  [api_database]
  connection=mysql+pymysql://nova:nova123@controller1/nova_api
  [database]
  connection=mysql+pymysql://nova:nova123@controller1/nova
  [glance]
  api_servers= http://controller1:9292
  [keystone_authtoken]
  auth_uri=http://controller1:5000
  auth_url = http://controller1:35357
  memcached_servers = controller1:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = nova
  password = nova123 #自定义的计算节点密码
  [libvirt]
  virt_type=qemu
  [neutron]
  url=http://controller1:9696
  auth_url = http://controller1:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  region_name = RegionOne
  project_name = service
  username = neutron
  password = neutron123 #自定义的网络模块密码
  [oslo_concurrency]
  lock_path=/var/lib/nova/tmp
  [oslo_messaging_rabbit]
  rabbit_host=controller1
  rabbit_userid=openstack
  rabbit_password=openstack123
  [vnc]
  keymap=en-us
  vncserver_listen=0.0.0.0 #所有IP访问
  vncserver_proxyclient_address=$my_ip
  novncproxy_base_url=http://192.168.2.201:6080/vnc_auto.html #控制节点IP
  启动服务:
  systemctl enable libvirtd openstack-nova-compute
  systemctl start libvirtd openstack-nova-compute
  测试glance是否正常:(已解决,详情在下)
  测试keystone是否正常:
  网络模块
  控制节点安装:yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
  计算节点安装:yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset
  1、控制节点编辑以下配置文件
  1、编辑/etc/neutron/neutron.conf
  [DEFAULT]
  auth_strategy = keystone
  core_plugin = ml2
  service_plugins =
  notify_nova_on_port_status_changes = true
  notify_nova_on_port_data_changes = true
  rpc_backend = rabbit
  [database]
  connection = mysql+pymysql://neutron:neutron123@controller1/neutron
  [keystone_authtoken]
  auth_uri = http://controller1:5000
  auth_url = http://controller1:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = neutron
  password = neutron123
  [matchmaker_redis]
  [nova]
  auth_url = http://controller1:35357
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  region_name = RegionOne
  project_name = service
  username = nova
  password = nova123
  [oslo_concurrency]
  lock_path = /var/log/neutron/tmp
  [oslo_messaging_rabbit]
  rabbit_host = controller1
  rabbit_userid = openstack
  rabbit_password = openstack123
  2、编辑/etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = true
  3、编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
  physical_interface_mappings = provider:enp5s0 #网卡名称
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = true
[vxlan]
enable_vxlan = false
  4、编辑/etc/neutron/dhcp_agent.ini
  [DEFAULT]
  interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
  dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
  enable_isolated_metadata = true
  5、编辑/etc/neutron/metadata_agent.ini,添加如下
  [DEFAULT]
  auth_uri = http://controller1:5000
  auth_url = http://controller1:35357
  auth_region = RegionOne
  auth_plugin = password
  project_domain_id = default
  user_domain_id = default
  project_name = service
  username = neutron
  password = neutron123
  nova_metadata_ip = controller1
  metadata_proxy_shared_secret = neutron
  admin_tenant_name = %SERVICE_TENANT_NAME%
  admin_user = %SERVICE_USER%
  admin_password = %SERVICE_PASSWORD%
  1、创建连接:ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
  2、创建neutron用户:openstack user create --domain default --password-prompt neutron #本次设置自定义用户密码为neutron123
  查看用户列表:
  3、添加admin角色到neutron用户:openstack role add --project service --user neutron admin
  4、更新数据库:su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
  5、创建neutron服务实体:openstack service create --name neutron --description "OpenStack Network" network
  查看实体列表:
  6、创建网络服务API端点:
  openstack endpoint create --region RegionOne network public http://controller1:9696
  openstack endpoint create --region RegionOne network internal http://controller1:9696
  openstack endpoint create --region RegionOne network admin http://controller1:9696
  查看端点列表:
  5、启动服务并检查(注:由于计算和网络有联系,在nova.conf中做了网络的关联配置,需重启api)
  systemctl restart openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
  6、启动网络相关服务
  开机自启:systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  启动服务:systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  计算节点配置:
  1、编辑/etc/neutron/neutron.conf #可从controller1节点中把文件拷贝到compute1节点
  [DEFAULT]
  state_path = /var/lib/neutron
  auth_strategy = keystone
  core_plugin = ml2
  service_plugins = router
  notify_nova_on_port_status_changes = true
  notify_nova_on_port_data_changes = true
  nova_url = http://controller1:8774/v2.1
  rpc_backend = rabbit
  [database]
  connection = mysql+pymysql://neutron:neutron123@controller1/neutron
  [keystone_authtoken]
  auth_uri = http://controller1:5000
  auth_url = http://controller1:35357
  auth_plugin = password
  project_domain_id = default
  user_domain_id = default
  project_name = service
  username = neutron
  password = neutron123
  admin_tenant_name = %SERVICE_TENANT_NAME%
  admin_user = %SERVICE_USER%
  admin_password = %SERVICE_PASSWORD%
  [nova]
  auth_url = http://controller1:35357
  auth_plugin = password
  project_domain_id = default
  user_domain_id = default
  region_name = RegionOne
  project_name = service
  username = nova
  password = nova123
  [oslo_concurrency]
  lock_path = $state_path/lock
  [oslo_messaging_rabbit]
  rabbit_host = controller1
  rabbit_port = 5672
  rabbit_userid = openstack
  rabbit_password = openstack123
  2、编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
  [agent]
  prevent_arp_spoofing = true
  [linux_bridge]
  bridge_mappings = provider:em1
  [securitygroup]
  firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
  enable_security_group = true
  [vxlan]
  enable_vxlan = false
  7、公网测试查看:
  查看neutron-server进程是否正常启动:
  问题:在控制节点测试若发现以下问题
  1、[iyunv@controller1 ~]# neutron agent-list
  404-{u'error': {u'message': u'The resource could not be found.', u'code': 404, u'title': u'Not Found'}}
  Neutron server returns request_ids: ['req-649eb926-7200-4a3d-ad91-b212ee5ef767']
  请执行:unset OS_TOKEN OS_URL #初始化
  2、[iyunv@controller1 ~]# neutron agent-list
  Unable to establish connection to http://controller1:9696/v2.0/agents.json
  请执行重新启动:systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
  创建虚拟机
  1、创建桥接网络
  在那个项目下创建虚拟机,此处我们选择admin: .admin-openrc(若选择demo,相应切换即可)
  执行:neutron net-create flat --shared --provider:physical_network provider --provider:network_type flat#provider表示在配置文件中的:provider:网卡名称。
  创建子网:neutron subnet-create flat 192.168.2.0/24 --name flat-subnet --allocation-pool start=192.168.2.100,end=192.168.2.200 --dns-nameserver 192.168.2.1 --gateway 192.168.2.1
  注:填写宿主机的内网网关,下面DNS和内网网关可以设置成宿主机的内网ip,下面192.168.2.100-200是分配给虚拟机的ip范围
  查看子网:
  创建虚拟机
  1、创建key
  [iyunv@controller1 ~]# . demo-openrc #这是在demo账号下常见虚拟机;如果要在admin账号下创建虚拟机,相应切换即可
  [iyunv@controller1 ~]# ssh-keygen -q -N ""
  2、将公钥添加到虚拟机
  [iyunv@controller1 ~]#  nova keypair-add --pub-key /root/.ssh/id_rsa.pub mykey
  3、创建安全组
  nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0 #表示可ping
  nova secgroup-add-rule default tcp 22 22 0.0.0.0/0 #表示可ssh连接
  4、创建虚拟机
  查看支持的虚拟机类型
  查看镜像:
  查看网络:
  创建虚拟机:nova boot --flavor m1.tiny --image cirros --nic net-id=f3a7aa1e-9799-47cd-a1d4-fb1e4d191f2d --security-group default --key-name mykey hello-instance
  注:--flavor m1.tiny #表示选择的虚拟机类型
  --image cirros #cirros表示的是镜像名称,可自定义
  --key-name mykey #表示key的名称,可以自定义
  hello-instance #表示虚拟机名称,可自定义
  查看列表:
  执行命令,让其Web界面打开虚拟机:(输入URL即可进入登陆界面)
  使用浏览器登陆novnc:(谷歌浏览器)
  注:登陆云主机用户名为:cirros 密码为默认密码:cubswin:) (图中有提示)
  控制节点删除虚拟机使用的命令:nova  delete  ID(查看列表中的ID)
  也可以在控制节点命令行中执行ssh命令,然后切换云主机:ssh  cirros@IP (查看列表中有相应IP显示)
  建议在控制节点使用ssh登陆,一般情况下centos镜像6.x默认用户为“centos-user”;centos7.x默认用户是“centos”;由于创建虚拟机时我们创建了公钥,所以不需要密码就可以登陆虚拟机,登陆到虚拟机时我们需要修改下密码,命令为:sudo  passwd  用户名
  安装dashboard,登陆web管理界面:(控制节点)
  1、安装包:yum install openstack-dashboard -y
  2、编辑/etc/openstack-dashboard/local_settings
  OPENSTACK_HOST = "192.168.2.201"#或者书写controller1
  ALLOWED_HOSTS = ['*', ]#表示允许所有主机访问仪表盘
  添加此句:SESSION_ENGINE = 'django.contrib.sessions.backends.file'’#表示配置memcached会话存储服务
  CACHES = {
  'default': {
  'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
  'LOCATION': '192.168.2.202:11211',
  }
  }
  OPENSTACK_KEYSTONE_URL=http://%s:5000/v3% OPENSTACK_HOST#启用第3版认证API
  OPENSTACK_API_VERSIONS = {#配置API版本
  "identity": 3,
  "volume": 2,
  "compute": 2,
  }
  OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"#通过仪表盘创建的用户默认角色配置为user
  OPENSTACK_NEUTRON_NETWORK = {#本次选择的网络参数是公共网络,禁用支持3层网络服务
  'enable_router': False,
  'enable_quotas': False,
  'enable_distributed_router': False,
  'enable_ha_router': False,
  'enable_lb': False,
  'enable_firewall': False,
  'enable_vpn': False,
  'enable_fip_topology_check': False,
  TIME_ZONE = Asia/Shanghai#配置时区
  3、重启web服务器以及会话存储服务:systemctl restart httpd.service memcached.service
  4、测试登陆:http://192.168.2.201/dashboard
  此处显示的则是创建时的项目、用户等
  查看云主机
  使创建的VM主机联网,配置如下:
  1、安装软件包:yum  install  squid
  2、修改配置文件/etc/squid如下 #建议修改之前备份一份配置文件
  把http_access  deny  all改为http_access allow all #表示所有用户都可以访问这个代理
  把http_port  3128改为http_port 192.168.2.201:3128 #IP及端口是squid的代理IP及端口(也就是宿主机的IP)
  3、启动前测试,命令如下:
  使用命令启动:
  查看3128端口是否开启: #其他------netstat -nltp。此命令是查看所有tcp端口
  4、虚拟机VM上进行squid代理配置
  编辑系统环境变量配置文件/etc/profile,在文件最后位置添加即可:export  http_proxy=http://192.168.2.201:3128
  刷新配置文件:source  /etc/profile
  5、测试虚拟机是否对外访问:
  访问:curl  http://www.baidu.com
  正常在线使用yum: yum  list
  安装块存储(cinder)
  创建cinder用户:[iyunv@controller1 ~]# openstack user create --domain default --password-prompt cinder
  查看用户列表
  添加admin角色到cinder用户上:[iyunv@controller1 ~]# openstack role add --project service --user cinder admin
  创建服务实体(块设备存储要求两个服务实体):
  openstack service create --name cinder --description "OpenStack Block Storage" volume
  openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
  查看实体列表:
  创建块设备存储服务的API入口点:
  实体volume:
  openstack endpoint create --region RegionOne volume public http://controller1:8776/v1/%\(tenant_id\)s
  openstack endpoint create --region RegionOne volume internal http://controller1:8776/v1/%\(tenant_id\)s
  openstack endpoint create --region RegionOne volume admin http://controller1:8776/v1/%\(tenant_id\)s
  实体volumev2:
  openstack endpoint create --region RegionOne volumev2 public http://controller1:8776/v2/%\(tenant_id\)s
  openstack endpoint create --region RegionOne volumev2 internal http://controller1:8776/v2/%\(tenant_id\)s
  openstack endpoint create --region RegionOne volumev2 admin http://controller1:8776/v2/%\(tenant_id\)s
  API端点列表查看:
  安装软件包:yum install openstack-cinder
  编辑修改/etc/cinder/cinder.conf:
  [DEFAULT]
  ...
  my_ip = 192.168.2.201
  auth_strategy = keystone
  rpc_backend = rabbit
  [database]
  ...
  connection = mysql+pymysql://cinder:cinder123@controller1/cinder
  [oslo_messaging_rabbit]
  ...
  rabbit_host = controller1
  rabbit_userid = openstack
  rabbit_password = openstack123
  [keystone_authtoken]
  ...
  auth_uri = http://controller1:5000
  auth_url = http://controller1:35357
  memcached_servers = controller1:11211
  auth_type = password
  project_domain_name = default
  user_domain_name = default
  project_name = service
  username = cinder
  password = cinder123
  [oslo_concurrency]
  ...
  lock_path = /var/lib/cinder/tmp
  初始化块设备服务的数据库:su -s /bin/sh -c "cinder-manage db sync" cinder
  配置计算节点以使用块存储(/etc/nova/nova.conf):
  [cinder]
  ...
  os_region_name=RegionOne
  重启计算API服务:systemctl restart openstack-nova-api.service
  启动块存储并开机自启
  systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
  systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
  在存储节点执行:
  查看是否安装包:[iyunv@cinder1 ~]# yum install lvm2
  启动服务:[iyunv@cinder1 ~]# service lvm2-lvmetad start
  在“devices”部分,添加一个过滤器,只接受“/dev/sdb”设备,拒绝其他所有设备:
  devices {
  ...
  filter = [ "a/sda/","a/sdb/","r/.*/"]

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-388170-1-1.html 上篇帖子: OpenStack 行业正进入拓展期:行业云将成为新一轮工业革命的基础设施和引擎 下篇帖子: openstack命令
回复

使用道具 举报

返回列表
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服 E-mail:iyunvcom@gmail.com

本站由青云提供云计算服务

运维网--中国最专业的运维工程师交流社区

豫ICP备20007574号-1 Copyright © 2012-2025

关于我们

发展历程

联系我们

关注我们

广告服务

广告案例

隐私条款

免责声明

用户登录

用户注册

版主守则

申请版主

手机版

金币获取

帮助中心

每日签到

Good Good

Study

Day Day

UP


客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表