设为首页 收藏本站
查看: 797|回复: 0

[经验分享] openstack-mitaka安装部署

[复制链接]

尚未签到

发表于 2017-6-26 15:08:26 | 显示全部楼层 |阅读模式
  1、基础环境



vi /etc/resolv.conf
nameserver 8.8.8.8
yum -y install lrzsz net-tools
systemctl stop firewalld.service
systemctl disable firewalld.service
setenforce 0
vi /etc/sysconfig/selinux
vi /etc/hosts
192.168.2.1 node1
192.168.2.2 node2
192.168.2.3 node3

  2、修改主机名



hostnamectl set-hostname node1
  #后需要重启主机生效
  3、安装ntp服务



vi /etc/ntp.conf 添加以下内容:
restrict default nomodify
server  127.127.1.0
fudge   127.127.1.0 stratum 8
重启NTP服务
sudo systemctl restart ntpd
sudo systemctl enable ntpd.service
请调准NTP server端的时间
date -s "2016-06-21 16:43:00"
watch -n 1 ntpq -p
硬件时钟与系统时钟同步:
# hwclock --hctosys 或者
# clock --hctosys

  4、添加互信



ssh-keygen

ssh-copy-id root@node1
ssh-copy-id root@node2
ssh-copy-id root@node3
  5、配置openstack的yum源



cd /etc/yum.repos
vi m.repo
[mitaka]
name=mitaka.repo
baseurl=http://mirrors.163.com/centos/7.3.1611/cloud/x86_64/openstack-mitaka/
enabled=1
gpgcheck=0

  随时间变化,路径有所变化
  6、缓存yum源,并更新



yum makecache &&  yum update -y
centos:
yum install yum-plugin-priorities -y #防止自动更新
yum install centos-release-openstack-mitaka -y #如果不使用我的自定义yum那么请执行这一步

  7、在所有节点更新,安装openstack客户端



yum upgrade -y
yum install python-openstackclient -y
yum install openstack-selinux -y

  8、控制节点部署mariadb数据库



yum install mariadb mariadb-server python2-PyMySQL -y

编辑:
vi /etc/my.cnf.d/openstack.cnf

[mysqld]
bind-address = 10.112.17.80
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

启服务:
systemctl enable mariadb.service
systemctl start mariadb.service
初始化数据库
mysql_secure_installation

  9、为Telemetry 服务部署MongoDB



yum install mongodb-server mongodb -y

编辑:/etc/mongod.conf
bind_ip = 192.168.2.1
smallfiles = true

启动服务:
systemctl enable mongod.service
systemctl start mongod.service

  10、部署消息队列rabbitmq(验证方式:http://172.16.209.104:15672/ 用户:guest 密码:guest)



控制节点:
yum install rabbitmq-server -y

启动服务:
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service

新建rabbitmq用户密码:
rabbitmqctl add_user openstack 123

为新建的用户openstack设定权限:
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

  11、部署memcached缓存(为keystone服务缓存tokens)



控制节点:
yum install memcached python-memcached -y

启动服务:
systemctl enable memcached.service
systemctl start memcached.service
systemctl restart memcached.service

  12、认证服务keystone部署



1.建库建用户
mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'linux-3' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
flush privileges;


2.yum install openstack-keystone httpd mod_wsgi -y

3.编辑 vi /etc/keystone/keystone.conf

[DEFAULT]
admin_token = 123 #建议用命令制作token:openssl rand -hex 10

[database]
connection = mysql+pymysql://keystone:123@linux-3/keystone

[token]
provider = fernet
#Token Provider:UUID, PKI, PKIZ, or Fernet #http://blog.csdn.net/miss_yang_cloud/article/details/49633719

4.同步修改到数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone

5.初始化fernet keys
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

  13、配置apache服务



编辑:vi /etc/httpd/conf/httpd.conf
ServerName node1

编辑:vi /etc/httpd/conf.d/wsgi-keystone.conf
新增配置
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
7.启动服务:
systemctl enable httpd.service
systemctl start httpd.service
systemctl restart httpd.service

  14、创建服务实体和访问端点



1.实现配置管理员环境变量,用于获取后面创建的权限
export OS_TOKEN=123
export OS_URL=http://linux-3:35357/v3
export OS_IDENTITY_API_VERSION=3

2.基于上一步给的权限,创建认证服务实体(目录服务)
openstack service create \
--name keystone --description "OpenStack Identity" identity
3.基于上一步建立的服务实体,创建访问该实体的三个api端点

openstack endpoint create --region RegionOne \
identity public http://linux-3:5000/v3
openstack endpoint create --region RegionOne \
identity internal http://linux-3:5000/v3
openstack endpoint create --region RegionOne \
identity admin http://linux-3:35357/v3

openstack catalog list
三:创建域,租户,用户,角色,把四个元素关联到一起
建立一个公共的域名:
openstack domain create --description "Default Domain" default

管理员:admin
openstack project create --domain default \
--description "Admin Project" admin
openstack user create --domain default \
--password-prompt admin
123

openstack role create admin
openstack role add --project admin --user admin admin

普通用户:demo
openstack project create --domain default \
--description "Demo Project" demo
openstack user create --domain default \
--password-prompt demo
123

openstack role create user
openstack role add --project demo --user demo user

为后续的服务创建统一租户service
解释:后面每搭建一个新的服务都需要在keystone中执行四种操作:1.建租户 2.建用户 3.建角色 4.做关联
后面所有的服务公用一个租户service,都是管理员角色admin,所以实际上后续的服务安装关于keysotne
的操作只剩2,4
openstack project create --domain default \
--description "Service Project" service




四:验证操作:
编辑:/etc/keystone/keystone-paste.ini
在[pipeline:public_api], [pipeline:admin_api], and [pipeline:api_v3] 三个地方
移走:admin_token_auth

unset OS_TOKEN OS_URL

openstack --os-auth-url http://linux-3:35357/v3 \
--os-project-domain-name default --os-user-domain-name default \
--os-project-name admin --os-username admin token issue
Password:
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                                                                                                   |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires    | 2016-08-17T08:29:18.528637Z                                                                                                                                                             |
| id         | gAAAAABXtBJO-mItMcPR15TSELJVB2iwelryjAGGpaCaWTW3YuEnPpUeg799klo0DaTfhFBq69AiFB2CbFF4CE6qgIKnTauOXhkUkoQBL6iwJkpmwneMo5csTBRLAieomo4z2vvvoXfuxg2FhPUTDEbw-DPgponQO-9FY1IAEJv_QV1qRaCRAY0 |
| project_id | 9783750c34914c04900b606ddaa62920                                                                                                                                                        |
| user_id    | 8bc9b323a3b948758697cb17da304035                                                                                                                                                        |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

五:新建客户端脚本文件

管理员:admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_AUTH_URL=http://linux-3:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

普通用户demo:demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=123
export OS_AUTH_URL=http://linux-3:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
效果:
source admin-openrc
[iyunv@controller01 ~]# openstack token issue

  15、部署镜像服务



一:安装和配置服务
1.建库建用户
mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY '123';
flush privileges;

2.keystone认证操作:
上面提到过:所有后续项目的部署都统一放到一个租户service里,然后需要为每个项目建立用户,建管理员角色,建立关联
. admin-openrc
openstack user create --domain default --password-prompt glance
123
openstack role add --project service --user glance admin

建立服务实体
openstack service create --name glance \
--description "OpenStack Image" image


建端点
openstack endpoint create --region RegionOne \
image public http://linux-3:9292
openstack endpoint create --region RegionOne \
image internal http://linux-3:9292
openstack endpoint create --region RegionOne \
image admin http://linux-3:9292

3.安装软件
yum install openstack-glance -y

4.修改配置:
编辑:vi /etc/glance/glance-api.conf

[database]
#这里的数据库连接配置是用来初始化生成数据库表结构,不配置无法生成数据库表结构
#glance-api不配置database对创建vm无影响,对使用metada有影响
#日志报错:ERROR glance.api.v2.metadef_namespaces
connection = mysql+pymysql://glance:123@linux-3/glance

[keystone_authtoken]
auth_url = http://linux-3:5000
memcached_servers = linux-3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123

auth_uri = http://linux-3:5000
auth_url = http://linux:35357
memcached_servers = linux:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123


[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file    #指定本地存储,ceph是rdb协议
filesystem_store_datadir = /var/lib/glance/images/


编辑:vi /etc/glance/glance-registry.conf

[database]
#这里的数据库配置是用来glance-registry检索镜像元数据
connection = mysql+pymysql://glance:123@linux-3/glance
[keystone_authtoken]
...
auth_uri = http://linux-3:5000
auth_url = http://linux:35357
memcached_servers = linux:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = 123
[paste_deploy]
...
flavor = keystone
新建目录:
mkdir /var/lib/glance/images/
chown glance. /var/lib/glance/images/

同步数据库:(此处会报一些关于future的问题,自行忽略)
su -s /bin/sh -c "glance-manage db_sync" glance

启动服务:
systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
systemctl start openstack-glance-api.service \
openstack-glance-registry.service


systemctl restart openstack-glance-api.service \
openstack-glance-registry.service

二:验证操作:
. admin-openrc
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
(本地下载:wget http://172.16.209.100/cirros-0.3.4-x86_64-disk.img)

openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
Error finding address for http://linux-3:9292/v2/schemas/image: HTTPConnectionPool(host='linux-3', port=9292): Max retries exceeded with url: /v2/schemas/image (Caused by NewConnectionError('<requests.packages.urllib3.connection.HTTPConnection object at 0x3654710>: Failed to establish a new connection: [Errno 111] Connection refused',))

openstack image list

  16、部署compute服务



一:控制节点配置
1.建库建用户
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY '123';
flush privileges;

2.keystone相关操作

. admin-openrc
openstack user create --domain default \
--password-prompt nova
123
openstack role add --project service --user nova admin
openstack service create --name nova \
--description "OpenStack Compute" compute


openstack endpoint create --region RegionOne \
compute public http://linux-3:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute internal http://linux-3:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
compute admin http://linux-3:8774/v2.1/%\(tenant_id\)s




3.安装软件包:
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler -y

4.修改配置:
编辑vi /etc/nova/nova.conf

[DEFAULT]
osapi   #代码多,防止代码冗余的额        metadata开通云主机后注入一些代码,如开机装服务什么的
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
#下面的为管理ip
my_ip = 10.112.17.80
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:123@linux-3/nova_api

[database]
connection = mysql+pymysql://nova:123@linux-3/nova

[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123
[keystone_authtoken]
auth_url = http://linux-3:5000
memcached_servers = linux-3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = 123

[vnc]
#下面的为管理ip
vncserver_listen = 10.112.17.80
#下面的为管理ip
vncserver_proxyclient_address = 10.112.17.80

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

5.同步数据库:(此处会报一些关于future的问题,自行忽略)
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage db sync" nova

6.启动服务
systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service


二:计算节点配置

1.安装软件包:
yum install openstack-nova-compute libvirt-daemon-lxc -y

2.修改配置:
编辑/etc/nova/nova.conf

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
#计算节点管理网络ip
my_ip = 10.112.17.80
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
#计算节点管理网络ip
vncserver_proxyclient_address = 10.112.17.80
#控制节点管理网络ip
novncproxy_base_url = http://10.112.17.80:6080/vnc_auto.html

[glance]
api_servers = http://linux-3:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

3.如果在不支持虚拟化的机器上部署nova,请确认
egrep -c '(vmx|svm)' /proc/cpuinfo结果为0
则编辑/etc/nova/nova.conf
[libvirt]
virt_type = qemu

4.启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

三:验证
控制节点
[iyunv@controller01 ~]# source admin-openrc
[iyunv@controller01 ~]# openstack compute service list
+----+------------------+--------------+----------+---------+-------+----------------------------+
| Id | Binary           | Host         | Zone     | Status  | State | Updated At                 |
+----+------------------+--------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller01 | internal | enabled | up    | 2016-08-17T08:51:37.000000 |
|  2 | nova-conductor   | controller01 | internal | enabled | up    | 2016-08-17T08:51:29.000000 |
|  8 | nova-scheduler   | controller01 | internal | enabled | up    | 2016-08-17T08:51:38.000000 |
| 12 | nova-compute     | compute01    | nova     | enabled | up    | 2016-08-17T08:51:30.000000 |

  17、部署网络服务



一:控制节点配置
1.建库建用户
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'linux-3' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY '123';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY '123';
flush privileges;

2.keystone相关
. admin-openrc

openstack user create --domain default --password-prompt neutron
123
openstack role add --project service --user neutron admin
openstack service create --name neutron \
--description "OpenStack Networking" network
openstack endpoint create --region RegionOne \
network public http://linux-3:9696
openstack endpoint create --region RegionOne \
network internal http://linux-3:9696
openstack endpoint create --region RegionOne \
network admin http://linux-3:9696
3.安装软件包
yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which  -y

4.配置服务器组件
编辑 /etc/neutron/neutron.conf文件,并完成以下动作:
在[数据库]节中,配置数据库访问:
[DEFAULT]
core_plugin = ml2
service_plugins = router
#下面配置:启用重叠IP地址功能
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123
[database]
connection = mysql+pymysql://neutron:123@linux-3/neutron

[keystone_authtoken]
auth_url = http://linux-3:5000
memcached_servers = linux-3:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123
[nova]
auth_url = http://linux-3:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件
[ml2]
type_drivers = flat,vlan,vxlan,gre
tenant_network_types = vxlan
mechanism_drivers = openvswitch,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True

编辑/etc/nova/nova.conf文件:
[neutron]
url = http://linux-3:9696
auth_url = http://linux-3:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = True
5.创建连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

6.同步数据库:(此处会报一些关于future的问题,自行忽略)
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron


7.重启nova服务
systemctl restart openstack-nova-api.service

8.启动neutron服务
systemctl enable neutron-server.service
systemctl start neutron-server.service

二:网络节点配置

1. 编辑 /etc/sysctl.conf
net.ipv4.ip_forward=1
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0

2.执行下列命令,立即生效
sysctl -p

3.安装软件包
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y

4.配置组件
编辑/etc/neutron/neutron.conf文件
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = linux-3
rabbit_userid = openstack
rabbit_password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

6、编辑 /etc/neutron/plugins/ml2/openvswitch_agent.ini文件:
[ovs]
#下面ip为网络节点数据网络ip
local_ip=10.112.17.80
bridge_mappings=external:br-ex

[agent]
tunnel_types=gre,vxlan
l2_population=True
prevent_arp_spoofing=True

7.配置L3代理。编辑 /etc/neutron/l3_agent.ini文件:
[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
external_network_bridge=br-ex

8.配置DHCP代理。编辑 /etc/neutron/dhcp_agent.ini文件:

[DEFAULT]
interface_driver=neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata=True

9.配置元数据代理。编辑 /etc/neutron/metadata_agent.ini文件:
[DEFAULT]
nova_metadata_ip=linux-3
metadata_proxy_shared_secret=123

10.启动服务

网路节点:
systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service


12.建网桥
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth2

注意,如果网卡数量有限,想用网路节点的管理网络网卡作为br-ex绑定的物理网卡
#那么需要将网络节点管理网络网卡ip去掉,建立br-ex的配置文件,ip使用原管理网ip

[iyunv@network01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
NM_CONTROLLED=no
[iyunv@network01 ~]# cat /etc/sysconfig/network-scripts/ifcfg-br-ex
10.112.17.80
10.112.16.1
211.136.192.6
211.136.17.107
DEVICE=br-ex
TYPE=Ethernet
ONBOOT="yes"
BOOTPROTO="none"
HWADDR=fa:16:3e:74:eb:de
IPADDR=10.112.17.80
GATEWAY=10.112.16.1
NETMASK=255.0.0.0
DNS1=211.136.192.6
DNS1=211.136.17.107
NM_CONTROLLED=no #注意加上这一句否则网卡可能启动不成功
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth0
/etc/init.d/network restart && ovs-vsctl add-port br-ex eth0
systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service

[iyunv@linux-3 network-scripts]# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether fa:16:3e:74:eb:de brd ff:ff:ff:ff:ff:ff
inet 10.112.17.80/22 brd 10.112.19.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::f816:3eff:fe74:ebde/64 scope link
valid_lft forever preferred_lft forever
3: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 7a:fd:9f:1f:e5:57 brd ff:ff:ff:ff:ff:ff
4: br-int: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000
link/ether 1a:17:22:92:85:49 brd ff:ff:ff:ff:ff:ff
[iyunv@linux-3 network-scripts]# ifconfig eth0
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
inet 10.112.17.80  netmask 255.255.252.0  broadcast 10.112.19.255
inet6 fe80::f816:3eff:fe74:ebde  prefixlen 64  scopeid 0x20<link>
ether fa:16:3e:74:eb:de  txqueuelen 1000  (Ethernet)
RX packets 14710  bytes 2185896 (2.0 MiB)
RX errors 0  dropped 0  overruns 0  frame 0
TX packets 14771  bytes 4133409 (3.9 MiB)
TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0


三:计算节点配置
1. 编辑 /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
2.sysctl -p

3.yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y

4.编辑 /etc/neutron/neutron.conf文件

[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = node1
rabbit_userid = openstack
rabbit_password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

5.编辑 /etc/neutron/plugins/ml2/openvswitch_agent.ini
[ovs]
#下面ip为计算节点数据网络ip
local_ip = 10.1.1.2
#bridge_mappings = vlan:br-vlan
[agent]
tunnel_types = gre,vxlan
l2_population = True
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
enable_security_group = True

7.编辑 /etc/nova/nova.conf

[neutron]
url = http://node1:9696
auth_url = http://node1:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
8.启动服务
systemctl enable neutron-openvswitch-agent.service
systemctl start neutron-openvswitch-agent.service
systemctl restart openstack-nova-compute.service
systemctl restart neutron-openvswitch-agent.service

ovs-vsctl   show

  18、部署控制面板dashboard



在控制节点
1.安装软件包
yum install openstack-dashboard -y

2.配置/etc/openstack-dashboard/local_settings

OPENSTACK_HOST = "linux-3"
ALLOWED_HOSTS = ['*', ]
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'linux-3:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
TIME_ZONE = "UTC"

3.启动服务
systemctl enable httpd.service memcached.service
systemctl restart httpd.service memcached.service

4.验证;
http://10.112.17.80/dashboard
总结:
与keystone打交道的只有api层,所以不要到处乱配
建主机的时候由nova-compute负责调用各个api,所以不要再控制节点配置啥调用
ml2是neutron的core plugin,只需要在控制节点配置
网络节点只需要配置相关的agent
各组件的api除了接收请求外还有很多其他功能,比方说验证请求的合理性,控制节点nova.conf需要配neutron的api、认证,因为nova boot时需要去验证用户提交网络的合理性,控制节点neutron.conf需要配nova的api、认证,因为你删除网络端口时需要通过nova-api去查是否有主机正在使用端口。计算几点nova.conf需要配neutron,因为nova-compute发送请求给neutron-server来创建端口。这里的端口值得是'交换机上的端口'
不明白为啥?或者不懂我在说什么,请好好研究openstack各组件通信机制和主机创建流程,或者来听我的课哦,一般博文都不教真的。

网路故障排查:
网络节点:
[iyunv@network02 ~]# ip netns show
qdhcp-e63ab886-0835-450f-9d88-7ea781636eb8
qdhcp-b25baebb-0a54-4f59-82f3-88374387b1ec
qrouter-ff2ddb48-86f7-4b49-8bf4-0335e8dbaa83

[iyunv@network02 ~]# ip netns exec qrouter-ff2ddb48-86f7-4b49-8bf4-0335e8dbaa83 bash

[iyunv@network02 ~]# ping -c2 www.baidu.com
PING www.a.shifen.com (61.135.169.125) 56(84) bytes of data.
64 bytes from 61.135.169.125: icmp_seq=1 ttl=52 time=33.5 ms
64 bytes from 61.135.169.125: icmp_seq=2 ttl=52 time=25.9 ms
如果无法ping通,那么退出namespace
ovs-vsctl del-br br-ex
ovs-vsctl del-br br-int
ovs-vsctl del-br br-tun
ovs-vsctl add-br br-int
ovs-vsctl add-br br-ex
ovs-vsctl add-port br-ex eth0
systemctl restart neutron-openvswitch-agent.service neutron-l3-agent.service \
neutron-dhcp-agent.service neutron-metadata-agent.service


https://console-beijing-1.cmecloud.cn:6080/vnc_auto.html?token=10826633-c33f-4c50-8239-c15ea51801c1

root
linux123

  19、
  20、
  21、
  22、

运维网声明 1、欢迎大家加入本站运维交流群:群②:261659950 群⑤:202807635 群⑦870801961 群⑧679858003
2、本站所有主题由该帖子作者发表,该帖子作者与运维网享有帖子相关版权
3、所有作品的著作权均归原作者享有,请您和我们一样尊重他人的著作权等合法权益。如果您对作品感到满意,请购买正版
4、禁止制作、复制、发布和传播具有反动、淫秽、色情、暴力、凶杀等内容的信息,一经发现立即删除。若您因此触犯法律,一切后果自负,我们对此不承担任何责任
5、所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其内容的准确性、可靠性、正当性、安全性、合法性等负责,亦不承担任何法律责任
6、所有作品仅供您个人学习、研究或欣赏,不得用于商业或者其他用途,否则,一切后果均由您自己承担,我们对此不承担任何法律责任
7、如涉及侵犯版权等问题,请您及时通知我们,我们将立即采取措施予以解决
8、联系人Email:admin@iyunv.com 网址:www.yunweiku.com

所有资源均系网友上传或者通过网络收集,我们仅提供一个展示、介绍、观摩学习的平台,我们不对其承担任何法律责任,如涉及侵犯版权等问题,请您及时通知我们,我们将立即处理,联系人Email:kefu@iyunv.com,QQ:1061981298 本贴地址:https://www.yunweiku.com/thread-388224-1-1.html 上篇帖子: openstack 之~云计算介绍 下篇帖子: OpenStack Kolla之部署
您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

扫码加入运维网微信交流群X

扫码加入运维网微信交流群

扫描二维码加入运维网微信交流群,最新一手资源尽在官方微信交流群!快快加入我们吧...

扫描微信二维码查看详情

客服E-mail:kefu@iyunv.com 客服QQ:1061981298


QQ群⑦:运维网交流群⑦ QQ群⑧:运维网交流群⑧ k8s群:运维网kubernetes交流群


提醒:禁止发布任何违反国家法律、法规的言论与图片等内容;本站内容均来自个人观点与网络等信息,非本站认同之观点.


本站大部分资源是网友从网上搜集分享而来,其版权均归原作者及其网站所有,我们尊重他人的合法权益,如有内容侵犯您的合法权益,请及时与我们联系进行核实删除!



合作伙伴: 青云cloud

快速回复 返回顶部 返回列表