OpenStack Centos7 T版本搭建

目录

Centos7搭建OpenStack T版本 --上

YUM源替换

由于Centos7已经不再维护,所以YUM源也需要换,我这里直接给出安装openstack所需的额外源,自己再配置一个基础的源就可以继续部署了

[root@localhost ~]# vi /etc/yum.repos.d/CentOS_ALL.repo
[centos-ceph-nautilus]
name=CentOS-$releasever - Ceph Nautilus
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009/storage/x86_64/ceph-nautilus/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
[centos-nfs-ganesha28]
name=CentOS-$releasever - NFS Ganesha 2.8
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009/storage/x86_64/nfsganesha-28/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage
[centos-qemu-ev]
name=CentOS-$releasever - QEMU EV
baseurl=https://mirrors.tuna.tsinghua.edu.cn/centos-vault/7.9.2009/virt/x86_64/kvm-common/
gpgcheck=1
enabled=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Virtualization
[centos-storage-debuginfo]
name=CentOS-$releasever - Storage SIG - debuginfo
baseurl=http://debuginfo.centos.org/$contentdir/$releasever/storage/$basearch/
gpgcheck=1
enabled=0
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Storage

1. 环境准备(所有节点操作)

主机名 IP
controller 192.168.100.100(仅主机)
192.168.200.X (NAT模式DHCP分配)
compute 192.168.100.200(仅主机)
192.168.200.X (NAT模式DHCP分配)

如果需要搭建存储节点则添加机器并配置网络即可,我的所有密码设置为123

1.1 修改主机名

所有节点都需要操作,且操作方法一样,只写了controller一个节点的结果,其他节点照常执行

IP地址自行配置

[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# bash

1.2 关闭selinux 以及防火墙

将默认的enforcing改为disabled

[root@controller ~]# cat /etc/selinux/config 

# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
#     enforcing - SELinux security policy is enforced.
#     permissive - SELinux prints warnings instead of enforcing.
#     disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@controller ~]# setenforce 0
[root@controller ~]# systemctl disable --now firewalld

1.3 修改hosts

[root@controller ~]# cat /etc/hosts
127.0.0.1   localhost localhost.localdomain localhost4 localhost4.localdomain4
::1         localhost localhost.localdomain localhost6 localhost6.localdomain6
# 加上controller和compute,如果有其他节点也写进来
192.168.100.100 controller
192.168.100.110 compute

1.4 配置时间同步

controller 操作

[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf 
# controller节点需要改这三个地方
server ntp.aliyun.com iburst   # 中间的ntp服务器可自己改,能同步就行
allow 192.168.100.0/24    #允许192.168.100.0/24 这个网段内的主机与这台服务器同步
local stratum 10  
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* 203.107.6.88                  2   6    17     2   +319us[ +654us] +/-   23ms

compute以及其他节点操作

[root@compute ~]# yum install chrony -y
[root@compute ~]# vim /etc/chrony.conf
# 只需要改动一处地方
server controller iburst
[root@compute ~]# systemctl restart chronyd
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample               
===============================================================================
^* controller                    3   6     7     1  +6342ns[ -921us] +/-   29ms

1.5 配置OpenStack 软件包

[root@controller ~]# yum install centos-release-openstack-train -y
[root@controller ~]# yum install python2-openstackclient -y

这里安装完之后切记看一眼yum源,将多出来的Centos-xxx的文件都删掉,留下Centos_ALL.repo就好了,因为那些文件里面的源都已经过期了,用不了

1.6 安装数据库

从这里开始只需要在controller节点上操作,其他节点不需要操作

[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
# 官网有这一条配置,我没有打开,打开之后不方便排错
# bind-address = 192.168.100.100

default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb

数据库初始化

[root@controller ~]# mysql_secure_installation
Enter current password for root (enter for none): # 直接按回车
Change the root password? [Y/n]  # 是否修改root密码,按Y然后输入密码
Remove anonymous users? [Y/n] # 移除匿名用户,建议移除
Disallow root login remotely? [Y/n] # 是否禁止root远程登录,建议开启,按n
Remove test database and access to it? [Y/n] # 移除测试数据库,建议按Y
Reload privilege tables now? [Y/n] # 重新加载权限,按Y

1.7 安装消息队列

[root@controller ~]#  yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service --now
# 这个地方RABBIT_PASS 设置为你自己的密码,我用的123
# rabbitmqctl add_user openstack RABBIT_PASS
[root@controller ~]# rabbitmqctl add_user openstack 123
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

1.8 安装memcached

[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# vim /etc/sysconfig/memcached
# 修改这一行,加上controller
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller ~]# systemctl enable memcached.service --now

1.9 安装etcd

[root@controller ~]# yum install etcd -y
# 直接清空原先的配置,使用这些,注意将192.178.100.100 改为你自己的controller的IP
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.100:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.100:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.100:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.100:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.100:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller ~]# systemctl enable --now etcd

2. 安装Keystone

2.1 数据库操作

我的所有密码为123,之后不写注释了,你需要修改密码的话将123改为你想设的密码就好

[root@controller ~]# mysql -uroot -p123
# -p 后面跟上你的数据库root密码,如果不想这样直接显示登录的话可以直接-p 回车
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY '123';
MariaDB [(none)]> glush privileges;

2.2 安装软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
# 自己注意替换密码,123是你要替换的地方
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]#  keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone


# 命令比较长,注意自行替换123
[root@controller ~]#  keystone-manage bootstrap --bootstrap-password 123 
  --bootstrap-admin-url http://controller:5000/v3/ 
  --bootstrap-internal-url http://controller:5000/v3/ 
  --bootstrap-public-url http://controller:5000/v3/ 
  --bootstrap-region-id RegionOne
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable --now httpd

2.3 编写admin rc文件

[root@controller ~]# vim admin-login.sh
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

2.4 测试keystone是否正常工作

2.4.1 创建domain

[root@controller ~]# openstack domain create --description "An Example Domain" example

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | An Example Domain                |
| enabled     | True                             |
| id          | 2f4f80574fd84fe6ba9067228ae0a50c |
| name        | example                          |
| tags        | []                               |
+-------------+----------------------------------+

2.4.2 创建project

[root@controller ~]# openstack project create --domain default \
  --description "Service Project" service

+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

2.4.3 最后测试

[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \
  --os-project-domain-name Default --os-user-domain-name Default \
  --os-project-name admin --os-username admin token issue
Password: # 这个地方输入admin密码
+------------+-----------------------------------------------------------------+
| Field      | Value                                                           |
+------------+-----------------------------------------------------------------+
| expires    | 2016-02-12T20:14:07.056119Z                                     |
| id         | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
|            | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
|            | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws       |
| project_id | 343d245e850143a096806dfaefa9afdc                                |
| user_id    | ac3377633149401296f6c0d92d79dc16                                |
+------------+-----------------------------------------------------------------+

3. 安装glance

3.1 数据库操作

[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY '123';

3.2 创建 glance用户

[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:   # 输入两次密码
Repeat User Password:
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 3f4e777c4062483ab8d9edd7dff829df |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image

3.3 给glance创建服务端点

[root@controller ~]# openstack endpoint create --region RegionOne \
  image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
  image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \
  image admin http://controller:9292

3.4 安装配置glance

[root@controller ~]# yum install openstack-glance -y

3.4.1 glance-api 配置文件

[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance

[keystone_authtoken]
www_authenticate_uri  = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

3.5 同步数据库

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance

3.6 启动服务

[root@controller ~]# systemctl enable openstack-glance-api.service --now

3.7 验证服务

[root@controller ~]# source admin-login.sh
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
[root@controller ~]# glance image-create --name "cirros" \
  --file cirros-0.4.0-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --visibility public
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 2a2ff041-0696-47a6-893b-b35d529b743d | cirros | active |
+--------------------------------------+--------+--------+
# 输出这个就代表没错

4. 安装placement

4.1 数据库操作

[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123';

4.2 配置用户

[root@controller ~]# openstack user create --domain default --password-prompt placement
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement \           --description "Placement API" placement

4.3 创建服务端点

[root@controller ~]# openstack endpoint create --region RegionOne \
  placement public http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
  placement admin http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \
  placement internal http://controller:8778

4.4 安装placement

[root@controller ~]# yum install openstack-placement-api -y

4.5 placement配置文件

[placement_database]
connection = mysql+pymysql://placement:123@controller/placement

[api]
auth_strategy = keystone

[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 123

4.6 同步数据库

[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement

4.7 重启httpd服务

[root@controller ~]# systemctl restart httpd

4.8 验证服务

[root@controller ~]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results            |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success                  |
| Details: None                    |
+----------------------------------+
| Check: Incomplete Consumers      |
| Result: Success                  |
| Details: None                    |
+----------------------------------+

4.9 注意坑

官网有一个配置是默认没有写的,如果不写的话后期nova有一条命令是会报错的,并且也无法创建虚拟机,会报错500,找不到合适的节点,所以这个得开

[root@controller ~]# vim /etc/httpd/conf.d/00-placement-api.conf 
# 将这些配置放在这个文件里

<Directory /usr/bin>
 <IfVersion >= 2.4>
	 Require all granted
 </IfVersion>
 <IfVersion < 2.4>
 	Order allow,deny
	 Allow from all
 </IfVersion>
</Directory>

5. 安装nova

5.1 数据库操作

[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY '123';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY '123';

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \
  IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \
  IDENTIFIED BY '123';

5.2 创建用户

[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \
  --description "OpenStack Compute" compute

5.3 创建服务端点

[root@controller ~]# openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1

5.4 安装软件包

[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler

5.5 编辑配置文件 nova.conf

[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.100.100
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:123@controller:5672/
enabled_apis = osapi_compute,metadata

[api_database]
connection = mysql+pymysql://nova:123@controller/nova_api

[database]
connection = mysql+pymysql://nova:123@controller/nova

[api]
auth_strategy = keystone

[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123

[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123

5.6 同步数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
|  Name |                 UUID                 |                   Transport URL                    |                     Database Connection                      | Disabled |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 |                       none:/                       | mysql+pymysql://nova:****@controller/nova_cell0?charset=utf8 |  False   |
| cell1 | f690f4fd-2bc5-4f15-8145-db561a7b9d3d | rabbit://openstack:****@controller:5672/nova_cell1 | mysql+pymysql://nova:****@controller/nova_cell1?charset=utf8 |  False   |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+

5.7 启动服务

[root@controller ~]# systemctl enable \
>     openstack-nova-api.service \
>     openstack-nova-scheduler.service \
>     openstack-nova-conductor.service \
>     openstack-nova-novncproxy.service --now

6. 安装nova-compute 在计算节点操作

6.1 安装软件包

[root@compute ~]# yum install openstack-nova-compute -y

6.2 编辑配置文件

[root@compute ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.100.110
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123@controller

[api]
auth_strategy = keystone

[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123

[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123

[libvirt]
virt_type = qemu

6.3 检查计算节点是否支持硬件虚拟化

[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
此处的回显应该是1或大于1的数字,如果是0的话,检查一下有没有开启虚拟化

vmware workstation 这样操作,需要点开 虚拟机设置--> CPU --> 勾选

6.4 启动服务

[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service --now 

6.5 将计算节点添加到数据库,controller节点执行

[root@controller ~]# openstack compute service list --service nova-compute
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

6.6 验证服务

[root@controller ~]# openstack compute service list
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary         | Host       | Zone     | Status  | State | Updated At                 |
+----+----------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-conductor | controller | internal | enabled | up    | 2024-05-19T10:53:30.000000 |
|  2 | nova-scheduler | controller | internal | enabled | up    | 2024-05-19T10:53:33.000000 |
|  6 | nova-compute   | compute    | nova     | enabled | up    | 2024-05-19T10:53:34.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# nova-status upgrade check
如果执行这个命令报错403的话,就去前面加上placement的一些配置即可解决

7. 安装Neutron

7.1 数据库操作

[root@controller ~]# mysql -u root -p123
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY '123';

7.2 创建用户

[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user neutron admin

7.3 创建服务端点

[root@controller ~]# openstack service create --name neutron \
  --description "OpenStack Networking" network
[root@controller ~]# openstack endpoint create --region RegionOne \
  network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
  network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \
  network admin http://controller:9696

7.4 安装Self-service networks

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables -y

7.5 编写配置文件 neutron.conf

[root@controller ~]# vim /etc/neutron/neutron.conf

[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone

[database]
connection = mysql+pymysql://neutron:123@controller/neutron

[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123

[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp

7.6 编写配置文件 ml2_conf.ini

[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
type_drivers = flat,vlan,vxlan
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = true

7.7 编写linuxbridge_agent.ini

[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
# 这里的ens34你改成你自己使用NAT的那一张网卡
[vxlan]
enable_vxlan = true
# IP改成自己的
local_ip = 192.168.100.100
l2_population = true

[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

7.8 打开桥接

[root@controller ~]# modprobe br_netfilter
[root@controller ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1

7.9 编写 l3_agent.ini

[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge

7.10 编写dhcp_agent.ini

[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true

7.11 编写metadata_agent.ini

[DEFAULT]
nova_metadata_host = controller
# 这个地方的123可以自定义,等会需要用到,随便写啥都行
metadata_proxy_shared_secret = 123

7.12 配置nova使用网络服务

[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = true
# 这里的123 就需要跟刚刚那个地方定义的一样
metadata_proxy_shared_secret = 123

7.13 完成安装

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7.14 启动服务

[root@controller ~]#systemctl restart openstack-nova-api.service

[root@controller ~]#systemctl enable neutron-server.service \
  neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
  neutron-metadata-agent.service neutron-l3-agent.service --now

7.15 验证服务

[root@controller neutron]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host       | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 121cc747-3516-446e-bb6f-c6e95af3a000 | Metadata agent     | localhost  | None              | :-)   | UP    | neutron-metadata-agent    |
| 17059e4f-c61f-4e8c-87ff-35ced7764543 | Linux bridge agent | localhost  | None              | :-)   | UP    | neutron-linuxbridge-agent |
| 32fded8a-dc80-4316-9771-42055979b0b8 | L3 agent           | localhost  | nova              | :-)   | UP    | neutron-l3-agent          |
| ae4ca75a-153b-4bf4-a284-8db4d338d757 | DHCP agent         | localhost  | nova              | :-)   | UP    | neutron-dhcp-agent        |
| e930286f-f99c-4f35-b8c0-0d5e83e35bf8 | Linux bridge agent | compute    | None              | :-)   | UP    | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+

8. 安装dashboard

8.1 安装软件包

[root@controller ~]# yum install openstack-dashboard -y

8.2 修改配置文件 local_settings

[root@controller ~]# vim /etc/openstack-dashboard/local_settings
# 这里面有些配置项是本来就存在的,直接修改即可,不存在的直接添加

OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# 这里面如果你安装的neutron是 provider类型的禁用第三项,其他的不变
OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': True,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
# 这一行得加上
WEBROOT='/dashboard'

8.3 编辑openstack-dashboard.conf

[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
# 加上这一行
WSGIApplicationGroup %{GLOBAL}

8.4 重启服务

[root@controller ~]# systemctl restart httpd.service memcached.service

到这里openstack的基础组件就安装完了,如果有其他需求可以根据官方文档来继续安装其他组件

9. 验证

9.1 登录dashboard

9.2 创建网络,子网

9.3 创建实例类型

9.4 创建虚拟机

posted @ 2024-05-19 20:23  FuShudi  阅读(476)  评论(0编辑  收藏  举报