注:本文参照openstack官方文档部署,地址https://docs.openstack.org/。明明才10万字符,硬说超过20万,没办法,分篇。
建议:配置时仔细核对,经多次实验,很多错误都是配置失误造成的。
一、搭建基础环境
192.168.30.145 controller【2vcpu、4G内存、40G存储、双网卡】
192.168.30.146 compute【2vcpu、4G内存、40G存储、双网卡】
1.安装ssh并配置root密码
$sudoaptinstallssh $sudopasswdroot EnternewUNIXpassword: RetypenewUNIXpassword: passwd:passwordupdatedsuccessfully
2.获取临时认证令牌
#opensslrand-hex10 bdb5cad50653d4e85b7d
3.添加阿里云镜像
#cp/etc/apt/sources.list/etc/apt/sources.list.bak #vim/etc/apt/sources.list deb-srchttp://archive.ubuntu.com/ubuntuxenialmainrestricted debhttp://mirrors.aliyun.com/ubuntu/xenialmainrestricted deb-srchttp://mirrors.aliyun.com/ubuntu/xenialmainrestrictedmultiverseuniverse debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesmainrestricted deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-updatesmainrestrictedmultiverseuniverse debhttp://mirrors.aliyun.com/ubuntu/xenialuniverse debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesuniverse debhttp://mirrors.aliyun.com/ubuntu/xenialmultiverse debhttp://mirrors.aliyun.com/ubuntu/xenial-updatesmultiverse debhttp://mirrors.aliyun.com/ubuntu/xenial-backportsmainrestricteduniversemultiverse deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-backportsmainrestricteduniversemultiverse debhttp://archive.canonical.com/ubuntuxenialpartner deb-srchttp://archive.canonical.com/ubuntuxenialpartner debhttp://mirrors.aliyun.com/ubuntu/xenial-securitymainrestricted deb-srchttp://mirrors.aliyun.com/ubuntu/xenial-securitymainrestrictedmultiverseuniverse debhttp://mirrors.aliyun.com/ubuntu/xenial-securityuniverse debhttp://mirrors.aliyun.com/ubuntu/xenial-securitymultiverse
4.配置网络接口IP
#ipaddr #vim/etc/network/interfaces autoens33 ifaceens33inetstatic address192.168.30.145 netmask255.255.255.0 gateway192.168.30.2 dns-nameserver114.114.114.114 #Theprovidernetworkinterface(配置第二个接口为提供者接口) autoens34 ifaceens34inetmanual upiplinksetdev$IFACEup downiplinksetdev$IFACEdown
5.配置host
#vim/etc/hosts 192.168.30.145controller 192.168.30.146compute
6.配置NTP时间协议
#dpkg-reconfiguretzdata##修改时区 Currentdefaulttimezone:'Asia/Chongqing' LocaltimeisNow:TueMar2820:54:33CST2017. UniversalTimeisNow:TueMar2812:54:33UTC2017. #apt-yinstallchrony##安装chrony时间同步软件
ControllerNode
#vim/etc/chrony/chrony.conf allow192.168.30.0/24##设置允许该网段与自己同步时间 #servicechronyrestart
Compute Node
#vim/etc/chrony/chrony.conf #pool2.debian.pool.ntp.orgofflineiburst server192.168.30.145iburst##设置时间同步服务器地址 #servicechronyrestart #chronycsources 210Numberofsources=1 MSName/IPaddressstratumPollReachLastRxLastsample =============================================================================== ^*controller3637733-375us[-422us]+/-66ms
7.在所有节点启用openstack库、安装openstack客户端
#apt-yinstallsoftware-properties-common #add-apt-repositorycloud-archive:ocata #apt-yupdate&&apt-ydist-upgrade #apt-yinstallpython-openstackclient
8.安装并配置数据库服务(ControllerNode)
#apt-yinstallmariadb-serverpython-pyMysqL #vim/etc/MysqL/mariadb.conf.d/99-openstack.cnf [MysqLd] bind-address=192.168.30.145 default-storage-engine=innodb innodb_file_per_table=on max_connections=4096 collation-server=utf8_general_ci character-set-server=utf8 #serviceMysqLrestart #MysqL_secure_installation ##运行该脚本来保证数据库安全,为root账户设置一个合适的密码
9.安装并配置Rabbitmq消息队列服务(ControllerNode)
#apt-yinstallrabbitmq-server #rabbitmqctladd_useropenstackopenstack##添加OpenStack用户并配置密码 Creatinguser"openstack"... ##允许openstack用户的配置、写、读权限 #rabbitmqctlset_permissionsopenstack".*"".*"".*" Settingpermissionsforuser"openstack"invhost"/"... #rabbitmqctllist_users##列出用户 Listingusers... guest[administrator] openstack[] #rabbitmqctllist_user_permissionsopenstack##列出该用户权限 Listingpermissionsforuser"openstack"... /.*.*.* #rabbitmqctlstatus##查看RabbitMQ相关信息 #rabbitmq-pluginslist##查看RabbitMQ相关插件 Configured:E=explicitlyenabled;e=implicitlyenabled |Status:*=runningonrabbit@openstack1 |/ ...... #rabbitmq-pluginsenablerabbitmq_management##启用该插件 Thefollowingpluginshavebeenenabled: mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent rabbitmq_management Applyingpluginconfigurationtorabbit@openstack1...started6plugins.
浏览器输入http://localhost:15672,默认用户名密码都是guest。
10.安装并配置Memcached缓存服务【对认证服务进行缓存】(ControllerNode)
#apt-yinstallmemcachedpython-memcache #vim/etc/memcached.conf #-l127.0.0.1 -l192.168.30.145 #servicememcachedrestart
二、配置 Keystone 认证服务(ControllerNode)
1.创建keystone 数据库
#MysqL MariaDB[(none)]>CREATEDATABASEkeystone;##创建keystone数据库 ##对keystone数据库授权[用户名@控制节点...BY密码] MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'192.168.30.145'\ IDENTIFIEDBY'keystone'; MariaDB[(none)]>GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'\ IDENTIFIEDBY'keystone'; MariaDB[(none)]>flushprivileges;
2.安装并配置 Keystone
#apt-yinstallkeystone #vim/etc/keystone/keystone.conf [database]---配置数据库访问[用户名:密码@控制节点] connection=MysqL+pyMysqL://keystone:keystone@192.168.30.145/keystone [token]---配置FernetUUID令牌的提供者 provider=fernet #grep^[a-z]/etc/keystone/keystone.conf connection=MysqL+pyMysqL://keystone:keystone@192.168.30.145/keystone provider=fernet
3.初始化身份认证服务数据库
#su-s/bin/sh-c"keystone-managedb_sync"keystone
4.初始化Fernet keys
#keystone-managefernet_setup--keystone-userkeystone--keystone-groupkeystone #keystone-managecredential_setup--keystone-userkeystone--keystone-groupkeystone
5.配置引导标识服务
#keystone-managebootstrap--bootstrap-passwordqaz123\ --bootstrap-admin-urlhttp://192.168.30.145:35357/v3/\ --bootstrap-internal-urlhttp://192.168.30.145:5000/v3/\ --bootstrap-public-urlhttp://192.168.30.145:5000/v3/\ --bootstrap-region-idRegionOne
6.配置 HTTP 服务器
#vim/etc/apache2/apache2.conf ServerNamecontroller #serviceapache2restart##重启Apache服务 #serviceapache2status #rm-f/var/lib/keystone/keystone.db##删除默认的sqlite数据库
7.配置管理账户
#exportOS_USERNAME=admin #exportOS_PASSWORD=qaz123 #exportOS_PROJECT_NAME=admin #exportOS_USER_DOMAIN_NAME=Default #exportOS_PROJECT_DOMAIN_NAME=Default #exportOS_AUTH_URL=http://192.168.30.145:35357/v3 #exportOS_IDENTITY_API_VERSION=3
8.创建 service 项目
#openstackprojectcreate--domaindefault\ --description"ServiceProject"service +-------------+----------------------------------+ |Field|Value| +-------------+----------------------------------+ |description|ServiceProject| |domain_id|default| |enabled|True| |id|945e37831e74484f8911fb742c925926| |is_domain|False| |name|service| |parent_id|default| +-------------+----------------------------------+
9.配置普通(非管理)任务项目和用户权限
a.创建 demo 项目
#openstackprojectcreate--domaindefault\ --description"DemoProject"demo +-------------+----------------------------------+ |Field|Value| +-------------+----------------------------------+ |description|DemoProject| |domain_id|default| |enabled|True| |id|2ef20ce389eb499696f2d7497c6009b0| |is_domain|False| |name|demo| |parent_id|default| +-------------+----------------------------------+
b.创建 demo 用户
#openstackusercreate--domaindefault\
--password-promptdemo
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|7cfc508fd5d44b468aac218bd4029bae|
|name|demo|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+
c.创建 user 角色
#openstackrolecreateuser +-----------+----------------------------------+ |Field|Value| +-----------+----------------------------------+ |domain_id|None| |id|83b6ab2af4414ad387b2fc9daf575b3a| |name|user| +-----------+----------------------------------+
#openstackroleadd--projectdemo--userdemouser
10.禁用临时身份验证令牌机制
#vim/etc/keystone/keystone-paste.ini [pipeline:public_api] #pipeline=admin_token_auth [pipeline:admin_api] #pipeline=admin_token_auth [pipeline:api_v3] #pipeline=admin_token_auth
11.重置 OS_AUTH_URL 和 OS_PASSWORD 环境变量
#unsetoS_AUTH_URLOS_PASSWORD
12.使用 admin 用户,请求认证令牌(密码为admin用户密码)
#openstack--os-auth-urlhttp://192.168.30.145:35357/v3\ --os-project-domain-namedefault--os-user-domain-namedefault\ --os-project-nameadmin--os-usernameadmintokenissue Password: +------------+-----------------------------------------------------------+ |Field|Value| +------------+-----------------------------------------------------------+ |expires|2017-03-28T15:11:50+0000| |id|gAAAAABY2m8mE9pMATPuFW9YpgoBMTg9mCI6GcmFeQAudwbhGiVblXZP| ||kmSmHc5aFwTZSIdjLzPJaMd1k16UZghj59v45Gvzdh5CLhSFGWPsT8rL| ||fRJD4eE1D_eRz2Jjjk5rDmwAHm5mmffuszJLSe4B2KJyBXkdmmznXL-A| |project_id|2461396f6a344c21a2360a612d4f6abe| |user_id|63ca263543fb4b02bb34410e3dc8a801| +------------+-----------------------------------------------------------+
13.使用 demo 用户,请求认证令牌(密码为demo用户密码)
#openstack--os-auth-urlhttp://192.168.30.145:5000/v3\ --os-project-domain-namedefault--os-user-domain-namedefault\ --os-project-namedemo--os-usernamedemotokenissue Password: +------------+-----------------------------------------------------------+ |Field|Value| +------------+-----------------------------------------------------------+ |expires|2017-03-28T15:13:50+0000| |id|gAAAAABY2m-eSIWmQg1SyZFaiGcP2kjHf742ktr8YcVH3Q4aHKTflDJ| ||RLAfgmeoDW2z1sbdHqmkQNSb--F-1Pn_hTFHYqgyMlIxYpEQxGhJ-rg| ||b0EuxUT9opwl0m5onaA5Cv_MBX6awxeity8Gh1dc50NUeYela5Yl4uSG| |project_id|2ef20ce389eb499696f2d7497c6009b0| |user_id|7cfc508fd5d44b468aac218bd4029bae| +------------+-----------------------------------------------------------+
14.创建脚本
a.创建并编辑文件 admin-openrc 并添加如下内容:
#vimadmin-openrc exportOS_PROJECT_DOMAIN_NAME=Default exportOS_USER_DOMAIN_NAME=Default exportOS_PROJECT_NAME=admin exportOS_USERNAME=admin exportOS_PASSWORD=qaz123 exportOS_AUTH_URL=http://192.168.30.145:35357/v3 exportOS_IDENTITY_API_VERSION=3 exportOS_IMAGE_API_VERSION=2
b.创建并编辑文件 demo-openrc 并添加如下内容:
#vimdemo-openrc exportOS_PROJECT_DOMAIN_NAME=Default exportOS_USER_DOMAIN_NAME=Default exportOS_PROJECT_NAME=demo exportOS_USERNAME=demo exportOS_PASSWORD=demo exportOS_AUTH_URL=http://192.168.30.145:5000/v3 exportOS_IDENTITY_API_VERSION=3 exportOS_IMAGE_API_VERSION=2
15.使用脚本
a.加载脚本
#.admin-openrc
b.请求身份认证令牌
#openstacktokenissue +------------+----------------------------------------------------------+ |Field|Value| +------------+----------------------------------------------------------+ |expires|2017-03-28T15:22:55+0000| |id|gAAAAABY2nG_diuPBMl66vJye3mV3S7CWZKesIiSnbicq5XddujfHhc3x| ||PHni3iHWPcTQAjHoIEMTvSH6yKOQ6Z74QL6hVbshqP1dJrRJ6xEa9WvIk| ||F7H5j7lPmM7ncfVvr9k96gLJ6Uhz38R5qRnHBWkxrlNsgw1jdnAjxf5e| |project_id|2461396f6a344c21a2360a612d4f6abe| |user_id|63ca263543fb4b02bb34410e3dc8a801| +------------+----------------------------------------------------------+
三、配置 Glance 镜像服务(ControllerNode)
1.创建 glance 数据库
#MysqL MariaDB[(none)]>CREATEDATABASEglance;##创建glance数据库 ##对glance数据库授权[用户名@控制节点...BY密码] MariaDB[(none)]>GRANTALLPRIVILEGESONglance.*TO'glance'@'192.168.30.145'\ IDENTIFIEDBY'glance'; MariaDB[(none)]>GRANTALLPRIVILEGESONglance.*TO'glance'@'%'\ IDENTIFIEDBY'glance'; MariaDB[(none)]>flushprivileges;
#.admin-openrc
3.创建服务证书
a.创建glance用户:
#openstackusercreate--domaindefault--password-promptglance
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|3edeaaae87e14811ac2c6767ab657d6b|
|name|glance|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+
b.添加 admin 角色到 glance 用户和 service 项目上:
#openstackroleadd--projectservice--userglanceadmin
c.创建“glance”服务实体:
#openstackservicecreate--nameglance\ --description"OpenStackImage"image +-------------+----------------------------------+ |Field|Value| +-------------+----------------------------------+ |description|OpenStackImage| |enabled|True| |id|22a0875ba92c4512989666f116ae1585| |name|glance| |type|image| +-------------+----------------------------------+
d.创建镜像服务的 API 端点:
#openstackendpointcreate--regionRegionOne\ imagepublichttp://192.168.30.145:9292 +--------------+----------------------------------+ |Field|Value| +--------------+----------------------------------+ |enabled|True| |id|ff6d9ed365cf4e7f8cc53d47e57cd46b| |interface|public| |region|RegionOne| |region_id|RegionOne| |service_id|22a0875ba92c4512989666f116ae1585| |service_name|glance| |service_type|image| |url|http://192.168.30.145:9292| +--------------+----------------------------------+ #openstackendpointcreate--regionRegionOne\ imageinternalhttp://192.168.30.145:9292 +--------------+----------------------------------+ |Field|Value| +--------------+----------------------------------+ |enabled|True| |id|7408dd72bc1745758cdf23e136ef7392| |interface|internal| |region|RegionOne| |region_id|RegionOne| |service_id|22a0875ba92c4512989666f116ae1585| |service_name|glance| |service_type|image| |url|http://192.168.30.145:9292| +--------------+----------------------------------+ #openstackendpointcreate--regionRegionOne\ imageadminhttp://192.168.30.145:9292 --------------+----------------------------------+ |Field|Value| +--------------+----------------------------------+ |enabled|True| |id|8ed4e7e1a5834177b4ce1896c21e6cb9| |interface|admin| |region|RegionOne| |region_id|RegionOne| |service_id|22a0875ba92c4512989666f116ae1585| |service_name|glance| |service_type|image| |url|http://192.168.30.145:9292| +--------------+----------------------------------+
4.安装并配置 Glance 组件
a.配置镜像API
#apt-yinstallglance #vim/etc/glance/glance-api.conf [database]---配置数据库访问[用户名:密码@控制节点] connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance [keystone_authtoken]---配置身份服务访问 auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=glance password=glance [paste_deploy] flavor=keystone [glance_store]---配置本地文件系统存储和图像文件位置 stores=file,http default_store=file filesystem_store_datadir=/var/lib/glance/images/ #grep^[a-z]/etc/glance/glance-api.conf sqlite_db=/var/lib/glance/glance.sqlite backend=sqlalchemy connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance stores=file,http default_store=file filesystem_store_datadir=/var/lib/glance/images disk_formats=ami,ari,aki,vhd,vhdx,vmdk,raw,qcow2,vdi,iso,ploop.root-tar auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=glance password=glance flavor=keystone
b.配置镜像注册服务
#vim/etc/glance/glance-registry.conf [database]---配置数据库访问[用户名:密码@控制节点] connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance [keystone_authtoken]---配置身份服务访问 auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=glance password=glance [paste_deploy] flavor=keystone #grep^[a-z]/etc/glance/glance-registry.conf sqlite_db=/var/lib/glance/glance.sqlite backend=sqlalchemy connection=MysqL+pyMysqL://glance:glance@192.168.30.145/glance auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=glance password=glance flavor=keystone
5.同步镜像服务数据库
#su-s/bin/sh-c"glance-managedb_sync"glance
6.重启服务
#serviceglance-registryrestart #serviceglance-apirestart #serviceglance-registrystatus #serviceglance-apistatus
7.验证操作
使用 CirrOS 对镜像服务进行验证
CirrOS是一个小型的Linux镜像,可以用来进行 OpenStack部署测试。
#.admin-openrc
b.下载源镜像
#wgethttp://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img
c.使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见
#openstackimagecreate"cirros"\ --filecirros-0.3.5-x86_64-disk.img\ --disk-formatqcow2--container-formatbare\ --public +------------------+------------------------------------------------------+ |Field|Value| +------------------+------------------------------------------------------+ |checksum|f8ab98ff5e73ebab884d80c9dc9c7290| |container_format|bare| |created_at|2017-03-29T05:57:56Z| |disk_format|qcow2| |file|/v2/images/4b6ebd57-80ab-4b79-8ecc-53a026f3e898/file| |id|4b6ebd57-80ab-4b79-8ecc-53a026f3e898| |min_disk|0| |min_ram|0| |name|cirros| |owner|2461396f6a344c21a2360a612d4f6abe| |protected|False| |schema|/v2/schemas/image| |size|13267968| |status|active| |tags|| |updated_at|2017-03-29T05:57:56Z| |virtual_size|None| |visibility|public| +------------------+------------------------------------------------------+
#openstackimagelist +--------------------------------------+--------+--------+ |ID|Name|Status| +--------------------------------------+--------+--------+ |4b6ebd57-80ab-4b79-8ecc-53a026f3e898|cirros|active| +--------------------------------------+--------+--------+
五、配置Neutron 网络服务【各节点皆要配置】
1.创建 neutron 数据库
#MysqL MariaDB[(none)]CREATEDATABASEneutron;##创建neutron数据库 ##对neutron数据库授权[用户名@控制节点...BY密码] MariaDB[(none)]>GRANTALLPRIVILEGESONneutron.*TO'neutron'@'192.168.30.145'\\ IDENTIFIEDBY'neutron'; MariaDB[(none)]>GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'\\ IDENTIFIEDBY'neutron'; MariaDB[(none)]>flushprivileges;
#.admin-openrc
3.创建服务证书
a.创建 neutron 用户
#openstackusercreate--domaindefault--password-promptneutron
UserPassword:
RepeatUserPassword:
+---------------------+----------------------------------+
|Field|Value|
+---------------------+----------------------------------+
|domain_id|default|
|enabled|True|
|id|54cd9e72295c411090ea9f641cb02135|
|name|neutron|
|options|{}|
|password_expires_at|None|
+---------------------+----------------------------------+
#openstackroleadd--projectservice--userneutronadmin
c.创建 neutron 服务实体
#openstackservicecreate--nameneutron\\ --description"OpenStackNetworking"network +-------------+----------------------------------+ |Field|Value| +-------------+----------------------------------+ |description|OpenStackNetworking| |enabled|True| |id|720687745d354718862255a56d7aea46| |name|neutron| |type|network| +-------------+----------------------------------+
d.创建 neutron 服务API端点
#openstackendpointcreate--regionRegionOne\\ networkpublichttp://192.168.30.145:9696 +--------------+----------------------------------+ |Field|Value| +--------------+----------------------------------+ |enabled|True| |id|a9b1b5b8fbb842a8b14a9cecca7a58a8| |interface|public| |region|RegionOne| |region_id|RegionOne| |service_id|720687745d354718862255a56d7aea46| |service_name|neutron| |service_type|network| |url|http://192.168.30.145:9696| +--------------+----------------------------------+ #openstackendpointcreate--regionRegionOne\\ networkinternalhttp://192.168.30.145:9696 +--------------+----------------------------------+ |Field|Value| +--------------+----------------------------------+ |enabled|True| |id|61e2c14b0c8f4003a7099012e9a6331f| |interface|internal| |region|RegionOne| |region_id|RegionOne| |service_id|720687745d354718862255a56d7aea46| |service_name|neutron| |service_type|network| |url|http://192.168.30.145:9696| +--------------+----------------------------------+ #openstackendpointcreate--regionRegionOne\\ networkadminhttp://192.168.30.145:9696 +--------------+----------------------------------+ |Field|Value| +--------------+----------------------------------+ |enabled|True| |id|6719539759c34487bd519c0dffb5509d| |interface|admin| |region|RegionOne| |region_id|RegionOne| |service_id|720687745d354718862255a56d7aea46| |service_name|neutron| |service_type|network| |url|http://192.168.30.145:9696| +--------------+----------------------------------+
4.配置网络类型2:私有网络
a.安装组件
#apt-yinstallneutron-serverneutron-plugin-ml2\\ neutron-linuxbridge-agentneutron-l3-agentneutron-dhcp-agent\\ neutron-Metadata-agent
b.配置 Neutron组件
#vim/etc/neutron/neutron.conf [database]----配置数据库访问[用户名:密码@控制节点] #connection=sqlite:////var/lib/neutron/neutron.sqlite connection=MysqL+pyMysqL://neutron:neutron@192.168.30.145/neutron [DEFAULT]----启用ML2插件、路由器服务和overlappingIPaddresses core_plugin=ml2 service_plugins=router allow_overlapping_ips=true [DEFAULT]----配置RabbitMQ消息队列访问[用户名:密码@控制节点] transport_url=rabbit://openstack:openstack@192.168.30.145 [DEFAULT]----配置认证服务访问 auth_strategy=keystone [keystone_authtoken]----配置认证服务访问 auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=neutron password=neutron [DEFAULT]----配置网络服务来通知计算节点的网络拓扑变化 notify_nova_on_port_status_changes=true notify_nova_on_port_data_changes=true [nova]----配置网络服务来通知计算节点的网络拓扑变化 auth_url=http://192.168.30.145:35357 auth_type=password project_domain_name=default user_domain_name=default region_name=RegionOne project_name=service username=nova password=nova #grep^[a-z]/etc/neutron/neutron.conf auth_strategy=keystone core_plugin=ml2 service_plugins=router allow_overlapping_ips=true notify_nova_on_port_status_changes=true notify_nova_on_port_data_changes=true transport_url=rabbit://openstack:openstack@192.168.30.145 root_helper=sudo/usr/bin/neutron-rootwrap/etc/neutron/rootwrap.conf connection=MysqL+pyMysqL://neutron:neutron@192.168.30.145/neutron auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=neutron password=neutron region_name=RegionOne auth_url=http://192.168.30.145:35357 auth_type=password password=nova project_domain_name=default project_name=service user_domain_name=default username=nova
c.配置 Modular Layer 2 (ML2) 插件
ML2插件使用Linuxbridge机制来为实例创建layer-2虚拟网络基础设施
#vim/etc/neutron/plugins/ml2/ml2_conf.ini [ml2]----启用flat,VLAN以及VXLAN网络 type_drivers=flat,vlan,vxlan [ml2]----启用VXLAN私有网络 tenant_network_types=vxlan [ml2]----启用Linuxbridge和layer-2机制 mechanism_drivers=linuxbridge,l2population [ml2]----启用端口安全扩展驱动 extension_drivers=port_security [ml2_type_flat]----配置公共虚拟网络为flat网络 flat_networks=provider [ml2_type_vxlan]----为私有网络配置VXLAN网络识别的网络范围 vni_ranges=1:1000 [securitygroup]----启用ipset增加安全组规则的高效性 enable_ipset=true #grep^[a-z]/etc/neutron/plugins/ml2/ml2_conf.ini type_drivers=flat,vxlan tenant_network_types=vxlan mechanism_drivers=linuxbridge,l2population extension_drivers=port_security flat_networks=provider vni_ranges=1:1000 enable_ipset=true
注:Linuxbridge代理只支持VXLAN覆盖网络
d.配置Linuxbridge代理
Linuxbridge代理为实例建立layer-2虚拟网络并且处理安全组规则
#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge]----对应公共虚拟网络和公共物理网络接口 physical_interface_mappings=provider:ens33 [vxlan]----启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,并启用layer-2population enable_vxlan=true local_ip=192.168.30.145 l2_population=true [securitygroup]----启用安全组并配置防火墙服务 enable_security_group=true firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver #grep^[a-z]/etc/neutron/plugins/ml2/linuxbridge_agent.ini physical_interface_mappings=provider:ens33 firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver enable_security_group=true enable_vxlan=true local_ip=192.168.30.145 l2_population=true
e.配置layer-3代理
Layer-3代理为私有虚拟网络提供路由和NAT服务
#vim/etc/neutron/l3_agent.ini [DEFAULT]----配置Linuxbridge接口驱动和外部网络网桥 interface_driver=linuxbridge #grep^[a-z]/etc/neutron/l3_agent.ini interface_driver=linuxbridge
f.配置DHCP代理
DHCP代理为虚拟网络提供DHCP服务
#vim/etc/neutron/dhcp_agent.ini [DEFAULT]----配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据 interface_driver=linuxbridge dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq enable_isolated_Metadata=true #grep^[a-z]/etc/neutron/dhcp_agent.ini interface_driver=linuxbridge dhcp_driver=neutron.agent.linux.dhcp.Dnsmasq enable_isolated_Metadata=true
g.配置元数据代理----负责提供配置信息
#vim/etc/neutron/Metadata_agent.ini [DEFAULT]----配置元数据主机以及共享密码 nova_Metadata_ip=192.168.30.145 Metadata_proxy_shared_secret=qaz123 #grep^[a-z]/etc/neutron/Metadata_agent.ini nova_Metadata_ip=192.168.30.145 Metadata_proxy_shared_secret=qaz123
5.在控制节点上为计算节点配置网络服务
#vim/etc/nova/nova.conf [neutron]----配置访问参数,启用元数据代理并设置密码 url=http://192.168.30.145:9696 auth_url=http://192.168.30.145:35357 auth_type=password project_domain_name=default user_domain_name=default region_name=RegionOne project_name=service username=neutron password=neutron service_Metadata_proxy=true Metadata_proxy_shared_secret=qaz123 #grep^[a-z]/etc/nova/nova.conf
6.完成安装
a.同步数据库
#su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf\\ --config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradehead"neutron ...... OK
注:数据库的同步发生在 Networking 之后,因为脚本需要完成服务器和插件的配置文件
b.重启计算 API 服务
#servicenova-apirestart
c.重启 Networking 服务
对于两种网络类型:
#serviceneutron-serverrestart #serviceneutron-linuxbridge-agentrestart #serviceneutron-dhcp-agentrestart #serviceneutron-Metadata-agentrestart
对于网络类型 2 ,还需重启 L3 服务:
#serviceneutron-l3-agentrestart
d.确认启动与否
#servicenova-apistatus #serviceneutron-serverstatus #serviceneutron-linuxbridge-agentstatus #serviceneutron-dhcp-agentstatus #serviceneutron-Metadata-agentstatus #serviceneutron-l3-agentstatus
7.配置 Compute Node 的Neutron 网络服务
#apt-yinstallneutron-linuxbridge-agent #vim/etc/neutron/neutron.conf [database]----计算节点不直接访问数据库 #connection=sqlite:////var/lib/neutron/neutron.sqlite [DEFAULT]----配置RabbitMQ消息队列访问[用户名:密码@控制节点] transport_url=rabbit://openstack:openstack@192.168.30.145 [DEFAULT]----配置认证服务访问 auth_strategy=keystone [keystone_authtoken]----配置认证服务访问 auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=neutron password=neutron #grep^[a-z]/etc/neutron/neutron.conf auth_strategy=keystone core_plugin=ml2 transport_url=rabbit://openstack:openstack@192.168.30.145 root_helper=sudo/usr/bin/neutron-rootwrap/etc/neutron/rootwrap.conf auth_uri=http://192.168.30.145:5000 auth_url=http://192.168.30.145:35357 memcached_servers=192.168.30.145:11211 auth_type=password project_domain_name=default user_domain_name=default project_name=service username=neutron password=neutron
8.为计算节点配置网络服务
#vim/etc/nova/nova.conf [neutron]----配置访问参数 url=http://192.168.30.145:9696 auth_url=http://192.168.30.145:35357 auth_type=password project_domain_name=default user_domain_name=default region_name=RegionOne project_name=service username=neutron password=neutron #grep^[a-z]/etc/nova/nova.conf
9.完成安装
a.重启计算服务:
#servicenova-computerestart #servicenova-computestatus
b.重启Linuxbridge代理:
#serviceneutron-linuxbridge-agentrestart #serviceneutron-linuxbridge-agentstatus
10.在计算节点上配置网络类型2
配置Linuxbridge代理----为实例建立layer-2虚拟网络并且处理安全组规则
#vim/etc/neutron/plugins/ml2/linuxbridge_agent.ini [linux_bridge]----对应公共虚拟网络和公共物理网络接口 physical_interface_mappings=provider:ens33 [vxlan]----启用VXLAN覆盖网络,配置覆盖网络的物理网络接口的IP地址,启用layer-2population enable_vxlan=true local_ip=192.168.30.146 l2_population=true [securitygroup]----启用安全组并配置firewall_driver enable_security_group=true firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver #grep^[a-z]/etc/neutron/plugins/ml2/linuxbridge_agent.ini physical_interface_mappings=provider:ens33 firewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver enable_security_group=true enable_vxlan=true local_ip=192.168.30.146 l2_population=true
11.在控制节点上验证操作
#.admin-openrc
b.列出加载的扩展来验证 neutron-server 进程是否正常启动
#openstackextensionlist--network +----------------------+----------------------+--------------------------+ |Name|Alias|Description| +----------------------+----------------------+--------------------------+ |Defaultsubnetpools|default-subnetpools|Providesabilitytomark| |||anduseasubnetpoolas| |||thedefault| |NetworkIP|network-ip-|ProvidesIPavailability| |Availability|availability|dataforeachnetwork| |||andsubnet.| |NetworkAvailability|network_availability_z|Availabilityzone| |Zone|one|supportfornetwork.| |AutoAllocated|auto-allocated-|AutoAllocatedTopology| |TopologyServices|topology|Services.| |NeutronL3|ext-gw-mode|Extensionoftherouter| |Configurableexternal||abstractionfor| |gatewaymode||specifyingwhetherSNAT| |||shouldoccuronthe| |||externalgateway| |PortBinding|binding|Exposeportbindingsof| |||avirtualportto| |||externalapplication| |agent|agent|Theagentmanagement| |||extension.| |subnetAllocation|subnet_allocation|Enablesallocationof| |||subnetsfromasubnet| |||pool| |L3AgentScheduler|l3_agent_scheduler|Scheduleroutersamong| |||l3agents| |Tagsupport|tag|Enablestosettagon| |||resources.| |Neutronexternal|external-net|Addsexternalnetwork| |network||attributetonetwork| |||resource.| |NeutronService|flavors|Flavorspecificationfor| |Flavors||Neutronadvanced| |||services| |NetworkMTU|net-mtu|ProvidesMTUattribute| |||foranetworkresource.| |AvailabilityZone|availability_zone|Theavailabilityzone| |||extension.| |Quotamanagement|quotas|Exposefunctionsfor| |support||quotasmanagementper| |||tenant| |HARouterextension|l3-ha|AddHAcapabilityto| |||routers.| |ProviderNetwork|provider|Exposemappingof| |||virtualnetworksto| |||physicalnetworks| |MultiProviderNetwork|multi-provider|Exposemappingof| |||virtualnetworksto| |||multiplephysical| |||networks| |Addressscope|address-scope|Addressscopes| |||extension.| |NeutronExtraRoute|extraroute|Extraroutes| |||configurationforL3| |||router| |subnetservicetypes|subnet-service-types|Providesabilitytoset| |||thesubnetservice_types| |||field| |Resourcetimestamps|standard-attr-|Addscreated_atand| ||timestamp|updated_atfieldstoall| |||Neutronresourcesthat| |||haveNeutronstandard| |||attributes.| |NeutronServiceType|service-type|APIforretrieving| |Management||serviceprovidersfor| |||Neutronadvanced| |||services| |RouterFlavor|l3-flavors|Flavorsupportfor| |Extension||routers.| |PortSecurity|port-security|Providesportsecurity| |NeutronExTradHCP|extra_dhcp_opt|Extraoptions| |opts||configurationforDHCP.| |||ForexamplePXEboot| |||optionstoDHCPclients| |||canbespecified(e.g.| |||tftp-server,server-ip-| |||address,bootfile-name)| |Resourcerevision|standard-attr-|Thisextensionwill| |numbers|revisions|displaytherevision| |||numberofneutron| |||resources.| |Paginationsupport|pagination|Extensionthatindicates| |||thatpaginationis| |||enabled.| |Sortingsupport|sorting|Extensionthatindicates| |||thatsortingisenabled.| |security-group|security-group|Thesecuritygroups| |||extension.| |DHCPAgentScheduler|dhcp_agent_scheduler|Schedulenetworksamong| |||dhcpagents| |Routeravailability|router_availability_zo|Availabilityzone| |Zone|ne|supportforrouter.| |RBACPolicies|rbac-policies|Allowscreationand| |||modificationofpolicies| |||thatcontroltenant| |||accesstoresources.| |Tagsupportfor|tag-ext|Extendstagsupportto| |resources:subnet,||moreL2andL3| |subnetpool,port,||resources.| |router||| |standard-attr-|standard-attr-|Extensiontoadd| |description|description|descriptionstostandard| |||attributes| |NeutronL3Router|router|Routerabstractionfor| |||basicL3forwarding| |||betweenL2Neutron| |||networksandaccessto| |||externalnetworksviaa| |||NATgateway.| |AllowedAddresspairs|allowed-address-pairs|Providesallowedaddress| |||pairs| |project_idfield|project-id|Extensionthatindicates| |enabled||thatproject_idfieldis| |||enabled.| |distributedVirtual|dvr|Enablesconfigurationof| |Router||distributedVirtual| |||Routers.| +----------------------+----------------------+--------------------------+
c.启动 neutron 代理验证是否成功
#neutronagent-list +--------------------------------------+--------------------+------------+ |id|agent_type|host| +--------------------------------------+--------------------+------------+ |23601054-312a-497c-b728-4b791ce76e64|L3agent|controller| |9a7546d9-73ec-47e0-ab23-ca2a5366660f|Linuxbridgeagent|controller| |acd42d89-1af4-413f-be77-3172d38a805d|Metadataagent|controller| |b438ae93-aaf3-41f0-a7b7-d1502a1986c9|DHCPagent|controller| |e1d32b6b-07c6-468b-965d-ce9dfd09b338|Linuxbridgeagent|compute| +--------------------------------------+--------------------+------------+ +-------------------+-------+----------------+---------------------------+ |availability_zone|alive|admin_state_up|binary| +-------------------+-------+----------------+---------------------------+ |nova|:-)|True|neutron-l3-agent| ||:-)|True|neutron-linuxbridge-agent| ||:-)|True|neutron-Metadata-agent| |nova|:-)|True|neutron-dhcp-agent| ||:-)|True|neutron-linuxbridge-agent| +-------------------+-------+----------------+---------------------------+
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
