openstack June all-in-one 安装手册
by lt,hyc
1.安全规范
表1:openstack用户和密码值设置
用户名 |
含义 |
本文的设置值 |
Admin |
openstack管理员用户 |
ADMIN_PASS |
Keystone |
openstack管理keystone的用户 |
KEYSTONE_PASS |
Nova |
openstack管理nova的用户 |
NOVA_PASS |
Glance |
openstack管理galnce的用户 |
GLANCE_PASS |
Neutron |
openstack管理neutron的用户 |
NEUTRON_PASS |
Guest |
rabbitMQ供openstack访问的用户 |
RABBIT_PASS |
表2:MySQL数据库和密码值设置
Keystone |
MySQL存放keystone组件数据的数据库 |
KEYSTONE_DBPASS |
Nova |
MySQL存放nova组件数据的数据库 |
NOVA_DBPASS |
Glance |
MySQL存放glance组件数据的数据库 |
GLANCE_DBPASS |
Neutron |
MySQL存放neutron组件数据的数据库 |
NEUTRON_DBPASS |
注:IP(本文服务器的IP设为192.168.1.1)和安全规范中的密码设置值可以根据相应的情况自行更改,在下文中,可以更改的配置值都会用<>标出。如IDENTIFIED BY '<KEYSTONE_DBPASS>'; 表示其中的密码KEYSTONE_DBPASS可改成自己设置的密码,如将密码设置成123,则:IDENTIFIED BY '123',如还使用密码KEYSTONE_DBPASS,则需去掉<>: IDENTIFIED BY 'KEYSTONE_DBPASS'。
2.NTP的安装
控制节点
(1)安装NTP
$ apt-get install ntp
(2)修改配置文件
修改 /etc/ntp.conf
server <192.168.1.1> iburst
restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify
$:
nano /etc/ntp.conf
server 192.168.29.94 iburst
restrict -4 default kod notrap nomodify
restrict -6 default kod notrap nomodify
注释掉:
# restrict -4 default kod notrap nomodify nopeer noquery
# restrict -6 default kod notrap nomodify nopeer noquery
(3)重启NTP
$ service ntp restart
3.mysql(MariaDB)安装
(1)更新openstack数据库
$ apt-get install ubuntu-cloud-keyring
$ echo "deb http://ubuntu-cloud.archive.canonical.com/ubuntu" \ "trusty-updates/juno main" > /etc/apt/sources.list.d/cloudarchive-juno.list
$ apt-get update && apt-get dist-upgrade
(2)安装
$ apt-get install mariadb-server python-mysqldb
(3)修改配置文件
a.配置文件为:/etc/mysql/my.cnf,找到bind-address= 127.0.0.1,修改为:
[mysqld]
bind-address = <192.168.1.1>
$ bind-address = 192.168.29.94
b.在[mysqld]下面新增如下内容:
[mysqld]
$:
default-storage-engine = innodb
innodb_file_per_table
collation-server = utf8_general_ci
init-connect = 'SET NAMES utf8'
character-set-server = utf8
(4)重启Mysql
$ service mysql restart
输出如下信息:
*Stopping MariaDB database server mysqld [OK]
* Starting MariaDB database server mysqld [OK]
* Checking for corrupt, not cleanly closed and upgrade needing tables.
4.RabbitMQ 安装
RabbtiMQ安装在控制节点
(1)安装
$ apt-get install rabbitmq-server
(2)修改密码
我们这里使用密码为RABBIT_PASS
rabbitmqctl change_password guest <RABBIT_PASS>
$ rabbitmqctl change_password guest RABBIT_PASS
(3)重启rabbitmq
$ service rabbitmq-server restart
(4)rabbitMQ的版本查询
$ rabbitmqctl status | grep rabbit
如果 3.3.0 或则更新,则需要创建文件/etc/rabbitmq/rabbitmq.conf并且配置,使得rabbitMQ允许guest 账户访问。并且重启rabbitMQ
$ sudo nano /etc/rabbitmq/rabbitmq.config
[{rabbit, [{loopback_users, []}]}].
service rabbitmq-server restart
(1)创建keystone数据库并授权
$ mysql -u root -p
$ CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '<KEYSTONE_DBPASS>';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '<KEYSTONE_DBPASS>';
$ GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
$ GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
退出Mysql:
$ Exit
(2)生成token
$ openssl rand -hex 10
我这里生成的值是:
8582de69d0bff6c32ae9
(3)安装keystone包
$ apt-get install keystone python-keystoneclient
$ nano /etc/keystone/keystone.conf
a.修改[DEFAULT] 部分:
admin_token = ADMIN_TOKEN
修改如下:
$ admin_token =8582de69d0bff6c32ae9
b.修改[database]部分:
connection=sqlite:////var/lib/keystone/keystone.db
修改为:
connection = mysql://keystone:<KEYSTONE_DBPASS>@<192.168.1.1>/keystone
$ connection = mysql://keystone:KEYSTONE_DBPASS@192.168.29.94/keystone
[token]
...
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token
d.修改[revoke]部分:
配置SQL revocation driver(新增内容):
$ driver = keystone.contrib.revoke.backends.sql.Revoke
新增:
...
$ verbose = True
(5)填充keystone数据库
$ su -s /bin/sh -c "keystone-manage db_sync" keystone
修这里最好切换至root用户同步,否者会同步不成功。
(6)重启keystone
$ service keystone restart
(7)删除 Ubuntu 包,创建的 SQLite 数据库
$ rm -f /var/lib/keystone/keystone.db
(8)清理过期token
$ (crontab -l -u keystone 2>&1 | grep -q token_flush) || \echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' \ >> /var/spool/cron/crontabs/keystone
(9)配置环境变量
这里的ADMINTOKEN是上篇产生的值,我这里是:
export OS_SERVICE_TOKEN=8582de69d0bff6c32ae9
(10)配置endpoint:
export OS_SERVICE_ENDPOINT=http://< 192.168.1.1>:35357/v2.0
$ export OS_SERVICE_ENDPOINT=http://192.168.29.94:35357/v2.0
(11)创建keystone相关的租户、用户、角色
a.创建admin租户
$ keystone tenant-create --name admin --description "Admin Tenant"
keystone user-create --name admin --pass <ADMIN_PASS> --email EMAIL_ADDRESS
$ keystone user-create --name admin --pass ADMIN_PASS --email EMAIL_ADDRESS
c.创建admin角色
$ keystone role-create --name admin
d.添加使admin用户成为admin租户的admin角色
$ keystone user-role-add --user admin --tenant admin --role admin
e.创建service租户
$ keystone tenant-create --name service --description "Service Tenant"
(12)创建service entity和API endpoint
a.创建service租户
$ keystone service-create --name keystone --type identity \--description "OpenStack Identity"
keystone endpoint-create \--service-id $(keystone service-list | awk '/ identity / {print $2}') \--publicurl http://< 192.168.1.1>:5000/v2.0 \--internalurl http:// <192.168.1.1>:5000/v2.0 \--adminurl http:// <192.168.1.1>:35357/v2.0 \--region regionOne
$ keystone endpoint-create \--service-id $(keystone service-list | awk '/ identity / {print $2}') \--publicurl http://192.168.29.94:5000/v2.0 \--internalurl http://192.168.29.94:5000/v2.0 \--adminurl http://192.168.29.94:35357/v2.0 \--region regionOne
a.编辑admin_creds把这个脚本放到自己想放的位置
$ sudo nano admin_creds
export OS_USERNAME=admin
export OS_PASSWORD=<ADMIN_PASS>
export OS_AUTH_URL=http:// <192.168.1.1>:35357/v2.0
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://192.168.29.94:35357/v2.0
$ source admin_creds
6.glance的部署
(1)创建glance数据库并授权
$ mysql -u root -p
$ CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \IDENTIFIED BY '<GLANCE_DBPASS>';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \IDENTIFIED BY '<GLANCE_DBPASS>';
$ GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
$ GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
(2)退出Mysql:
$ Exit
$ source admin_creds
keystone user-create --name glance --pass <GLANCE_PASS>
keystone user-role-add --user glance --tenant service --role admin
$ keystone user-create --name glance --pass GLANCE_PASS
keystone service-create --name glance --type image \--description "OpenStack Image Service"
keystone endpoint-create \--service-id $(keystone service-list | awk '/ image / {print $2}') \--publicurl http:// <192.168.1.1>:9292 \--internalurl http:// <192.168.1.1>:9292 \--adminurl http:// <192.168.1.1>:9292 \--region regionOne
$ keystone endpoint-create \--service-id $(keystone service-list | awk '/ image / {print $2}') \--publicurl http://192.168.29.94:9292 \--internalurl http://192.168.29.94:9292 \--adminurl http://192.168.29.94:9292 \--region regionOne
$ sudo nano /etc/glance/glance-api.conf
[database]
...
connection = mysql://glance:<GLANCE_DBPASS>@<192.168.1.1>/glance
$ connection = mysql://glance:GLANCE_DBPASS@192.168.29.94/glance
[keystone_authtoken]
...
auth_uri = http:// <192.168.1.1>:5000/v2.0
identity_uri = http:// <192.168.1.1>:35357
admin_tenant_name = service
admin_user = glance
admin_password = <GLANCE_PASS>
auth_uri = http://192.168.29.94:5000/v2.0
identity_uri = http://192.168.29.94:35357
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
c.在注释掉下面的内容
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[paste_deploy]
...
$ flavor = keystone
[glance_store]
...
$:
filesystem_store_datadir = /var/lib/glance/images/
[DEFAULT]
...
$ notification_driver = noop
[DEFAULT]
...
$ verbose = True
(9)修改配置文件/etc/glance/glance-registry.conf
$ sudo nano /etc/glance/glance-registry.conf
[database]
...
connection = mysql://glance:<GLANCE_DBPASS>@<192.168.1.1>/glance
$ connection = mysql://glance:GLANCE_DBPASS@192.168.29.94/glance
b.在 [keystone_authtoken] 和 [paste_deploy] 部分, 添加如下内容:
[keystone_authtoken]
...
auth_uri = http://< 192.168.1.1>:5000/v2.0
identity_uri = http:// <192.168.1.1>:35357
admin_tenant_name = service
admin_user = glance
admin_password = <GLANCE_PASS>
auth_uri = http://192.168.29.94:5000/v2.0
identity_uri = http://192.168.29.94:35357
admin_tenant_name = service
admin_user = glance
admin_password = GLANCE_PASS
#identity_uri = http://127.0.0.1:35357
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
...
$ flavor = keystone
i.在[DEFAULT]部分,配置 noop通知驱动:
[DEFAULT]
...
$ notification_driver = noop
[DEFAULT]
...
$ verbose = True
su -s /bin/sh -c "glance-manage db_sync" glance
$ service glance-registry restart
如果ubuntu有安装SQLite 数据库.使用下面命令移除:
rm -f /var/lib/glance/glance.sqlite
(1)创建nova数据库并授权
$ mysql -u root -p
$ CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \IDENTIFIED BY '<NOVA_DBPASS>';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \IDENTIFIED BY '<NOVA_DBPASS>';
$ GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
$ GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';
退出mysql
$ exit
$ source admin_creds
keystone user-create --name nova --pass <NOVA_PASS>
$ keystone user-create --name nova --pass NOVA_PASS
$ keystone service-create --name nova --type compute \--description "OpenStack Compute"
keystone endpoint-create \--service-id $(keystone service-list | awk '/ compute / {print $2}') \--publicurl http://< 192.168.1.1>:8774/v2/%\(tenant_id\)s \--internalurl http:// <192.168.1.1>:8774/v2/%\(tenant_id\)s \--adminurl http:// <192.168.1.1>:8774/v2/%\(tenant_id\)s \--region regionOne
$ keystone endpoint-create \--service-id $(keystone service-list | awk '/ compute / {print $2}') \--publicurl http://192.168.29.94:8774/v2/%\(tenant_id\)s \--internalurl http://192.168.29.94:8774/v2/%\(tenant_id\)s \--adminurl http://192.168.29.94:8774/v2/%\(tenant_id\)s \--region regionOne
keystone: error: unrecognized arguments: 5b188243fee44d21bd622626d0e061e7
解决办法:
keystone service-list
有两个,删掉一个即可:
keystone service-delete cf4399b85ab14cfb81beb3bb9d53b8dd
(5)安装nova
$ apt-get install nova-api nova-cert nova-conductor nova-consoleauth \nova-novncproxy nova-scheduler python-novaclient
$ apt-get install nova-compute sysfsutils
$ sudo nano /etc/nova/nova.conf
a.在[database]部分,配置数据库连接:
[database]
...
connection = mysql://nova:<NOVA_DBPASS>@<192.168.1.1>/nova
$ connection = mysql://nova:NOVA_DBPASS@192.168.29.94/nova
...
rpc_backend = rabbit
rabbit_host = <192.168.1.1>
rabbit_password = <RABBIT_PASS>
rpc_backend = rabbit
rabbit_host = 192.168.29.94
rabbit_password = RABBIT_PASS
c.在[DEFAULT] 和 [keystone_authtoken]部分,配置认证访问
[DEFAULT]
...
[keystone_authtoken]
...
auth_uri = http://<192.168.1.1>:5000/v2.0
identity_uri = http://<192.168.1.1>:35357
admin_tenant_name = service
admin_user = nova
admin_password = <NOVA_PASS>
auth_uri = http://192.168.29.94:5000/v2.0
identity_uri = http://192.168.29.94:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
d.在 [DEFAULT]部分管理网络的ip地址my_ip 选项:
[DEFAULT]
...
my_ip = <192.168.1.1>
my_ip = 192.168.29.94
e.在 [DEFAULT] 部分,配置VNC 代理:
[DEFAULT]
...
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = <192.168.1.1>
novncproxy_base_url = http://< 192.168.1.1>:6080/vnc_auto.html
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.29.94
novncproxy_base_url = http://192.168.29.94:6080/vnc_auto.html
f.在[glance]部分,配置image服务
[glance]
...
host = <192.168.1.1>
$ host = 192.168.29.94
[DEFAULT]
...
$ verbose = True
dhcpbridge_flagfile=/etc/nova/nova.conf
dhcpbridge=/usr/bin/nova-dhcpbridge
logdir=/var/log/nova
state_path=/var/lib/nova
lock_path=/var/lock/nova
force_dhcp_release=True
libvirt_use_virtio_for_bridges=True
verbose=True
ec2_private_dns_show_ip=True
api_paste_config=/etc/nova/api-paste.ini
enabled_apis=ec2,osapi_compute,metadata
rpc_backend = rabbit
rabbit_host = 192.168.29.94
rabbit_password = RABBIT_PASS
auth_strategy = keystone
my_ip = 192.168.29.94
vnc_enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = 192.168.29.94
novncproxy_base_url = http://192.168.29.94:6080/vnc_auto.html
verbose = True
[database]
connection = mysql://nova:NOVA_DBPASS@192.168.29.94/nova
[keystone_authtoken]
auth_uri = http://192.168.29.94:5000/v2.0
identity_uri = http://192.168.29.94:35357
admin_tenant_name = service
admin_user = nova
admin_password = NOVA_PASS
[glance]
host = 192.168.29.94
$ egrep -c '(vmx|svm)' /proc/cpuinfo
如果输出的不是0,那么不需要额外配置。如果是0,则使用QEMU 代替KVM编辑文件/etc/nova/nova-compute.conf,在 [libvirt]部分,修改如下
[libvirt]
...
$ virt_type = qemu
(7)同步数据库
$ su -s /bin/sh -c "nova-manage db sync" nova
service nova-api restart
service nova-cert restart
service nova-consoleauth restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
service nova-compute restart
$ service nova-compute restart
8.neutron的部署
(1)创建数据并授权
$ mysql -u root -p
$ CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \IDENTIFIED BY '<NEUTRON_DBPASS>';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \IDENTIFIED BY '<NEUTRON_DBPASS>';
$ GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
$ GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
退出mysql
$ Exit
$ source admin_creds
a.创建neutron用户
keystone user-create --name neutron --pass <NEUTRON_PASS>
$ keystone user-role-add --user neutron --tenant service --role admin
$ keystone service-create --name neutron --type network \--description "OpenStack Networking"
keystone endpoint-create \--service-id $(keystone service-list | awk '/ network / {print $2}') \--publicurl http:// <192.168.1.1>:9696 \--adminurl http:// <192.168.1.1>:9696 \--internalurl http:// <192.168.1.1>:9696 \--region regionOne
在配置neutron之前,必须配置一定的内核网络参数,修改文件/etc/sysctl.conf,修改内容如下:
$ sudo nano /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
(5)生效修改内容
$ sysctl -p
$ apt-get install neutron-server neutron-plugin-ml2 python-neutronclient neutron-plugin-openvswitch-agent neutron-l3-agent neutron-dhcp-agent
$ apt-get install neutron-plugin-ml2 neutron-plugin-openvswitch-agent
(7)修改配置文件/etc/neutron/neutron.conf
$ sudo nano /etc/neutron/neutron.conf
[database]
...
connection = mysql://neutron:NEUTRON_DBPASS@<192.168.1.1>/neutron
$ connection = mysql://neutron:NEUTRON_DBPASS@192.168.29.94/neutron
#connection = sqlite:////var/lib/neutron/neutron.sqlite
[DEFAULT]
...
rpc_backend = rabbit
rabbit_host = <192.168.1.1>
rabbit_password = <RABBIT_PASS>
rpc_backend = rabbit
rabbit_host = 192.168.29.94
rabbit_password = RABBIT_PASS
[DEFAULT]
...
$ auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http:// <192.168.1.1>:5000/v2.0
identity_uri = http:// <192.168.1.1>:35357
admin_tenant_name = service
admin_user = neutron
admin_password = <NEUTRON_PASS>
auth_uri = http://192.168.29.94:5000/v2.0
identity_uri = http://192.168.29.94:35357
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
e.注释掉含有auth_host, auth_port, 和 auth_protocol的选项。
#auth_port = 35357
#auth_protocol = http
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[DEFAULT]
...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
g.在 [DEFAULT] 部分, 配置网络的网络计算拓扑变化通知:
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http:// <192.168.1.1>:8774/v2
nova_admin_auth_url = http:// <192.168.1.1>:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = <7694d20c2e814ebd8b8eb855135ce1b0>
nova_admin_password = <NOVA_PASS>
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://192.168.29.94:8774/v2
nova_admin_auth_url = http://192.168.29.94:35357/v2.0
nova_region_name = regionOne
nova_admin_username = nova
nova_admin_tenant_id = d910eab4bb4043c3b84d03093720e073
nova_admin_password = NOVA_PASS
注意,这里SERVICE_TENANT_ID是keystone service 租户id 。nova_pass是nova用户密码,这是使用的是默认密码, SERVICE_TENANT_ID的查询方式如下:
$ source admin_creds
$ keystone tenant-get service
(8)配置Modular Layer 2 (ML2) 插件
a.编辑文件 /etc/neutron/plugins/ml2/ml2_conf.ini
$ sudo nano /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
...
type_drivers = flat,gre
tenant_network_types = gre
mechanism_drivers = openvswitch
[ml2_type_gre]
...
$ tunnel_id_ranges = 1:1000
d.在 [securitygroup] 部分,配置安全组,ipset,配置OVS防火墙驱动
[securitygroup]
...
enable_security_group = True
enable_ipset = True
firewall_driver = neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
[ovs]
...
local_ip = <192.168.1.1>
local_ip = 192.168.29.94
enable_tunneling = True
bridge_mappings = external:br-ex
f.在 [agent] 部分,启动GRE tunnels
[agent]
...
$ tunnel_types = gre
a.Layer-3 (L3) agent为虚拟网络提供路由服务,编辑文件 /etc/neutron/l3_agent.ini,完成下面内容
$ sudo nano /etc/neutron/l3_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
use_namespaces = True
external_network_bridge = br-ex
router_delete_namespaces = True
c.协助排除故障,详细记录在[DEFAULT]部分
[DEFAULT]
...
$ verbose = True
a.编辑文件 /etc/neutron/dhcp_agent.ini
在 [DEFAULT] 部分,配置驱动,启用命名空间和启用删除废弃的命名空间
$ sudo nano /etc/neutron/dhcp_agent.ini
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.OVSInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
use_namespaces = True
dhcp_delete_namespaces = True
[DEFAULT]
...
$ verbose = True
...
$ dnsmasq_config_file = /etc/neutron/dnsmasq-neutron.conf
(11)创建文件 /etc/neutron/dnsmasq-neutron.conf,并添加下面内容
$ sudo nano /etc/neutron/dnsmasq-neutron.conf
$ dhcp-option-force=26,1454
(12)杀死已经存在的dnsmasq进程
$ pkill dnsmasq
a.编辑 /etc/neutron/metadata_agent.ini文件,完成下面内容
$ sudo nano /etc/neutron/metadata_agent.ini
[DEFAULT]
...
auth_url = http://< 192.168.1.1>:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = <NEUTRON_PASS>
auth_url = http://192.168.29.94:5000/v2.0
auth_region = regionOne
admin_tenant_name = service
admin_user = neutron
admin_password = NEUTRON_PASS
c.同样不要忘记NEUTRON_PASS 替换密码,这里使用的是默认密码不要忘记注释掉其它授权,以免被覆盖
#auth_url = http://localhost:5000/v2.0
#auth_region = RegionOne
# Turn off verification of the certificate for ssl
# auth_insecure = False
# Certificate Authority public key (CA cert) file for ssl
# auth_ca_cert =
#admin_tenant_name = %SERVICE_TENANT_NAME%
#admin_user = %SERVICE_USER%
#admin_password = %SERVICE_PASSWORD%
[DEFAULT]
...
nova_metadata_ip = <192.168.1.1>
$ nova_metadata_ip = 192.168.29.94
e.在[DEFAULT]部分,配置元数据代理共享密码:
[DEFAULT]
...
$ metadata_proxy_shared_secret = METADATA_SECRET
[DEFAULT]
...
$ verbose = True
(14)编辑文件 /etc/nova/nova.conf
$ sudo nano /etc/nova/nova.conf
a.在 [DEFAULT]默认部分,配置api和驱动
[DEFAULT]
...
network_api_class = nova.network.neutronv2.api.API
security_group_api = neutron
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver
b.在 [neutron] 部分,配置访问参数
[neutron]
...
url = http://< 192.168.1.1>:9696
auth_strategy = keystone
admin_auth_url = http://< 192.168.1.1>:35357/v2.0
admin_tenant_name = service
admin_username = neutronz
admin_password = <NEUTRON_PASS>
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
url = http://192.168.29.94:9696
auth_strategy = keystone
admin_auth_url = http://192.168.29.94:35357/v2.0
admin_tenant_name = service
admin_username = neutronz
admin_password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
(16)重启计算服务
service nova-api restart
service nova-scheduler restart
service nova-conductor restart
(17)重启网络服务
$ service neutron-server restart
$ ovs-vsctl add-br br-ex
$ ovs-vsctl add-port br-ex em1
$ ethtool -K em1 gro off
auto eth0
iface eth0 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br-ex
iface br-ex inet static
address 192.168.1.1
netmask 255.255.255.0
network 192.168.1.0
broadcast 192.168.1.255
gateway 192.168.1.254
# dns-* options are implemented by the resolvconf package, if instal$
dns-nameservers 114.114.114.114
$:
auto em1
iface em1 inet manual
up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down
auto br-ex
iface br-ex inet static
address 192.168.29.94
netmask 255.255.255.0
network 192.168.29.0
broadcast 192.168.29.255
gateway 192.168.29.254
# dns-* options are implemented by the resolvconf package, if instal$
dns-nameservers 114.114.114.114
$ apt-get install openstack-dashboard apache2 libapache2-mod-wsgi memcached python-memcache
keystone user-create --name admin --pass ADMIN_PASS --email EMAIL_ADDRESS