OpenStack-Mitaka
Posted l-dongf
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenStack-Mitaka相关的知识,希望对你有一定的参考价值。
一、Cloud 基础概念
- IAAS:Infrastructre As A Service 基础架构及服务,OpenStack,CloudStack
- PAAS:Platform As A Service 平台及服务,Docker
- SAAS:Software As A Service 软件及服务
- FWaas,DBaas,LBaas,...
- Private Cloud
- Public Cloud
- Hybrid Cloud
二、OpenStack
官方站点:https://www.openstack.org/
安装文档:https://docs.openstack.org/mitaka/install-guide-rdo/
中文文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/
环境:
- controller:192.168.100.11(管理网络) 172.16.100.11(服务网络)
- compute:192.168.100.12(管理网络) 172.16.100.12(服务网络)
- block:192.168.100.14
- OpenStack版本:Mitaka
三、基础环境
1、NTP
- controller节点
[[email protected] ~]# yum install chrony
[[email protected] ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 192.168.100.0/24
[[email protected] ~]# systemctl enable chronyd.service
[[email protected] ~]# systemctl restart chronyd.service
- controller节点
[[email protected] ~]# yum install chrony
server controller iburst
[[email protected] ~]# systemctl enable chronyd.service
[[email protected] ~]# systemctl start chronyd.service
[[email protected] ~]# chronyc sources #对比本地时间和服务器时间差
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller 3 6 1 1 -731us[ -731us] +/- 12ms
2、配置yum源
3、安装数据库
- controller
[[email protected] ~]# yum install mariadb mariadb-server python2-Pymysql
[[email protected] ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[[email protected] ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve
[[email protected] ~]# systemctl start mariadb.service
四、Identity认证服务
- User:一个user可以关联至多个tenant
- Tanant:租户,一个tenant对应于一个project,或者一个组织
- Role:角色
- Token:令牌,用于认证和授权
- Service:服务
- Endpoint:端点,服务的访问入口
- 在controller节点上安装keystone
[[email protected] ~]# mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';
[[email protected] ~]# yum install python-openstackclient -y
[[email protected] ~]# yum install openstack-keystone httpd mod_wsgi -y
[[email protected] ~]# openssl rand -hex 10 > mytoken
[[email protected] ~]# cat mytoken
7a1da5ba2fe4c69eea05
[[email protected] ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7a1da5ba2fe4c69eea05
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
[token]
provider = fernet
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[[email protected] ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
[[email protected] ~]# systemctl enable httpd.service
[[email protected] ~]# systemctl start httpd.service
- 配置
[[email protected] ~]# export OS_TOKEN=`cat mytoken`
[[email protected] ~]# export |grep OS_TOKEN
declare -x OS_TOKEN="7a1da5ba2fe4c69eea05"
[[email protected] ~]# export OS_URL=http://controller:35357/v3
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# openstack service create > --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | b37f52dd30654076b151a852afeeee7e |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 10b3925aea3b44bc9fe7dcf4fc93697a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4749500493f94ea89f2b33e675fae051 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:5000/v3 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | e76140cd04494699ba7e434f297ce291 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone |
| service_type | identity |
| url | http://controller:35357/v3 |
+--------------+----------------------------------+
[[email protected] ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Default Domain |
| enabled | True |
| id | c121b35fd0314f16827a85fdb61bf94b |
| name | default |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default > --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 3a76f6def02b417d91ec9278b7bff6f2 |
| is_domain | False |
| name | admin |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[[email protected] ~]# openstack user create --domain default > --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 5643b73e9be142bc806ce6db0c853150 |
| name | admin |
+-----------+----------------------------------+
[[email protected] ~]# openstack role create admin
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 6b8aadf364be463886296a4125eadb0b |
| name | admin |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project admin --user admin admin
[[email protected] ~]# openstack project create --domain default > --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 32e1692c57ac4f2db2bb52163cf09ac4 |
| is_domain | False |
| name | service |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default > --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | d94a719f93844a2e90da8ee3ec95a999 |
| is_domain | False |
| name | demo |
| parent_id | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[[email protected] ~]# openstack user create --domain default > --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 4af0aec1e50742cd88f3d1b426424c9f |
| name | demo |
+-----------+----------------------------------+
[[email protected] ~]# openstack role create user
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 43777741cd66492b824d734a36a01cfd |
| name | user |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project demo --user demo user
[[email protected] ~]# openstack service list
+----------------------------------+----------+----------+
| ID | Name | Type |
+----------------------------------+----------+----------+
| b37f52dd30654076b151a852afeeee7e | keystone | identity |
+----------------------------------+----------+----------+
[[email protected] ~]# openstack endpoint list
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 10b3925aea3b44bc9fe7dcf4 | RegionOne | keystone | identity | True | public | http://controller:5000/v3 |
| fc93697a | | | | | | |
| 4749500493f94ea89f2b33e6 | RegionOne | keystone | identity | True | internal | http://controller:5000/v3 |
| 75fae051 | | | | | | |
| e76140cd04494699ba7e434f | RegionOne | keystone | identity | True | admin | http://controller:35357/v |
| 297ce291 | | | | | | 3 |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
[[email protected] ~]# openstack user list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 4af0aec1e50742cd88f3d1b426424c9f | demo |
| 5643b73e9be142bc806ce6db0c853150 | admin |
+----------------------------------+-------+
[[email protected] ~]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID | Name | Enabled | Description |
+----------------------------------+---------+---------+----------------+
| c121b35fd0314f16827a85fdb61bf94b | default | True | Default Domain |
+----------------------------------+---------+---------+----------------+
[[email protected] ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 32e1692c57ac4f2db2bb52163cf09ac4 | service |
| 3a76f6def02b417d91ec9278b7bff6f2 | admin |
| d94a719f93844a2e90da8ee3ec95a999 | demo |
+----------------------------------+---------+
- 配置认证
编辑 /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth 。
[[email protected] ~]# unset OS_TOKEN OS_URL
[[email protected] ~]# openstack --os-auth-url http://controller:35357/v3 > --os-project-domain-name default --os-user-domain-name default > --os-project-name admin --os-username admin token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T08:59:20.930753Z |
| id | gAAAAABcoHNYAlA--SMCscCnp8EgqsZEwdD8Zt-AxaWqxVI-BYCrAPgVkOpy4tZbDfcuzgVRaYdHQ17a0QcRmD5GczM2TDIDrZh_N5e |
| | iwMgZGd_ZYVujJwWXMWgE7aVwah3WXOrIxSavBwrQgw51aRSbu9aRDRuNxCfVyZRh5h2-0Qcc6x5S7KU |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| user_id | 5643b73e9be142bc806ce6db0c853150 |
+------------+---------------------------------------------------------------------------------------------------------+
[[email protected] ~]# openstack --os-auth-url http://controller:5000/v3 > --os-project-domain-name default --os-user-domain-name default > --os-project-name demo --os-username demo token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T08:59:58.926501Z |
| id | gAAAAABcoHN-h-fvwJtU3mEwx0ZjaXC85hptKUDp2SXKCkuh64kE6aBLC75SWKQVKebK4RSHs9YHfupaTeC7ayEpLnzH1YB9la8K8CH |
| | vFAbXigraC4-ExHNNdZzGK3n57IR_EZoO4pTXRmv8GUIyry7nwoHYyCSjMe0zcSrDDotJvqwSWZykzVg |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+------------+---------------------------------------------------------------------------------------------------------+
[[email protected] ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# source admin-openrc
[[email protected] ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T09:03:03.526342Z |
| id | gAAAAABcoHQ3Rgtrx-5SEiyZ4nYiWB1wG2CWXU9RVgOFaNggiUYy8o_-MzVhFGmlrjLCEWDbB7Jf4LTVUos- |
| | 078UIGPCyFSd91wdEKKHSWbJMy-lOOt3eu_kauDL-GDbx5JA4cRdD4yzOyM1dHpRrGy5zL2s4f_jOuQzdEjTreKVyS88wfV_PEw |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2 |
| user_id | 5643b73e9be142bc806ce6db0c853150 |
+------------+---------------------------------------------------------------------------------------------------------+
[[email protected] ~]# source demo-openrc
[[email protected] ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+---------------------------------------------------------------------------------------------------------+
| expires | 2019-03-31T09:02:07.204901Z |
| id | gAAAAABcoHP_cFN8-o_9eljXOpHg1801dDM9Fl5c0RoWJ5PWw0oMx-VOdOGGisCeXqwY16Q3WncLTiUwt6-0RddWpE0fMNtO854_gTy |
| | PHdDSFLmWR_YHSLtJb7qYVkQz7n3JYlTRTACp7mKPGxXKG290nBWBkIXUdYpdIz1BFr2fnXUEOrEG5m0 |
| project_id | d94a719f93844a2e90da8ee3ec95a999 |
| user_id | 4af0aec1e50742cd88f3d1b426424c9f |
+------------+---------------------------------------------------------------------------------------------------------+
五、Glance镜像服务
- 注册认证信息
[[email protected] ~]# mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | facce294374f4dd68616a4f0c6881e7e |
| name | glance |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user glance admin
[[email protected] ~]# openstack service create --name glance > --description "OpenStack Image" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | ebad348788cb4f9fbd4396ed8a9423dc |
| name | glance |
| type | image |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > image public http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fe627e6b04784e278e1acc7fadaa3027 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > image internal http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 404e5b9ad5134a7998abf614373138d0 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > image admin http://controller:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | cc98e57149b544db819ced2a2de560d5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
- 安装配置glance
[[email protected] ~]# yum install openstack-glance -y
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
[[email protected] ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:[email protected]/glance
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[[email protected] ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[[email protected] ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service
[[email protected] ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service
- 验证
[[email protected] ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[[email protected]r ~]# qemu-img info cirros-0.3.4-x86_64-disk.img
image: cirros-0.3.4-x86_64-disk.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
compat: 0.10
refcount bits: 16
[[email protected] ~]# openstack image create "cirros" > --file cirros-0.3.4-x86_64-disk.img > --disk-format qcow2 --container-format bare > --public
+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2019-03-31T08:30:12Z |
| disk_format | qcow2 |
| file | /v2/images/78acfd89-fbe8-4009-90ba-fcda26d2a107/file |
| id | 78acfd89-fbe8-4009-90ba-fcda26d2a107 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 3a76f6def02b417d91ec9278b7bff6f2 |
| protected | False |
| schema | /v2/schemas/image |
| size | 13287936 |
| status | active |
| tags | |
| updated_at | 2019-03-31T08:30:12Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
[[email protected] ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+
六、Compute计算服务
1、Controller节点
- controller注册
[[email protected] ~]# mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack user create --domain default > --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 4e58c5b06038436fbf427ab5b06ce31c |
| name | nova |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user nova admin
[[email protected] ~]# openstack service create --name nova > --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 9d69264950994bcfad490d3bc50f4164 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 7f1a7bf4d72c48da8c75ebf1a3ebb5f1 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | b58bd319647f49329fd9dce3bb8e191c |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 89fccdcdb1bb4e869bb15e756e0469f5 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
- 安装Nova
[[email protected] ~]# yum install openstack-nova-api openstack-nova-conductor > openstack-nova-console openstack-nova-novncproxy > openstack-nova-scheduler -y
[[email protected] ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api
[database]
connection = mysql+pymysql://nova:[email protected]/nova
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[[email protected] ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[[email protected] ~]# su -s /bin/sh -c "nova-manage db sync" nova
[[email protected] ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[[email protected] ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- 安装rabbitmq
[[email protected] ~]# yum install rabbitmq-server -y
[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management
[[email protected] ~]# systemctl enable rabbitmq-server.service
[[email protected] ~]# systemctl start rabbitmq-server.service
[[email protected] ~]# rabbitmqctl add_user openstack openstack
[[email protected] ~]# rabbitmqctl set_user_tags openstack administrator
[[email protected] ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[[email protected] ~]# rabbitmqctl list_users
Listing users ...
openstack [administrator]
guest [administrator]
2、Compute节点
[[email protected] ~]# yum install openstack-nova-compute -y
[[email protected] ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[libvirt]
virt_type=kvm
[[email protected] ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[[email protected] ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[[email protected] ~]# systemctl start libvirtd.service openstack-nova-compute.service
3、在controller上验证
[[email protected] ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-consoleauth | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 3 | nova-scheduler | controller | internal | enabled | up | 2019-03-31T15:47:13.000000 |
| 6 | nova-compute | compute1 | nova | enabled | up | 2019-03-31T15:47:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+
七、Neutron网络服务
1、Controller节点
- 配置认证
[[email protected] ~]# mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled | True |
| id | 7cf18301eb244ab488718d36e5031a94 |
| name | neutron |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user neutron admin
[[email protected] ~]# openstack service create --name neutron > --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | 7e91416ee62f47b392bcf17c23a53e4a |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > network public http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 12344ed6417b47be8b66736aecd9e2d6 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > network internal http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | bb92e479e0dd4ed89f5dec5b51b78d2d |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne > network admin http://controller:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | eb661eb09d5c48c3885fa8d99edf70cc |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
- 安装配置
[[email protected] ~]# yum install openstack-neutron openstack-neutron-ml2 > openstack-neutron-linuxbridge ebtables -y
[[email protected] ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[database]
connection = mysql+pymysql://neutron:[email protected]/neutron
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[[email protected] ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = True
[[email protected] ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.11
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[[email protected] ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge = #此选项特意设置成缺省值,这样就可以在一个代理上允许多种外部网络
[[email protected] ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[[email protected] ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[[email protected] ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[[email protected] ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[[email protected] ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf > --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[[email protected] ~]# systemctl restart openstack-nova-api.service
[[email protected] ~]# systemctl enable neutron-server.service > neutron-linuxbridge-agent.service neutron-dhcp-agent.service > neutron-metadata-agent.service
[[email protected] ~]# systemctl start neutron-server.service > neutron-linuxbridge-agent.service neutron-dhcp-agent.service > neutron-metadata-agent.service
[[email protected] ~]# systemctl enable neutron-l3-agent.service
[[email protected] ~]# systemctl start neutron-l3-agent.service
2、Compute节点
- 安装配置
[[email protected] ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[[email protected] ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack
[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[[email protected] ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1
[vxlan]
enable_vxlan = True
local_ip = 192.168.100.12
l2_population = True
[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[[email protected] ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[[email protected] ~]# systemctl restart openstack-nova-compute.service
[[email protected] ~]# systemctl enable neutron-linuxbridge-agent.service
[[email protected] ~]# systemctl start neutron-linuxbridge-agent.service
- 验证
[[email protected] ~]# . admin-openrc
[[email protected]ller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias | name |
+---------------------------+-----------------------------------------------+
| default-subnetpools | Default Subnetpools |
| network-ip-availability | Network IP Availability |
| network_availability_zone | Network Availability Zone |
| auto-allocated-topology | Auto Allocated Topology Services |
| ext-gw-mode | Neutron L3 Configurable external gateway mode |
| binding | Port Binding |
| agent | agent |
| subnet_allocation | Subnet Allocation |
| l3_agent_scheduler | L3 Agent Scheduler |
| tag | Tag support |
| external-net | Neutron external network |
| net-mtu | Network MTU |
| availability_zone | Availability Zone |
| quotas | Quota management support |
| l3-ha | HA Router extension |
| provider | Provider Network |
| multi-provider | Multi Provider Network |
| address-scope | Address scope |
| extraroute | Neutron Extra Route |
| timestamp_core | Time Stamp Fields addition for core resources |
| router | Neutron L3 Router |
| extra_dhcp_opt | Neutron Extra DHCP opts |
| dns-integration | DNS Integration |
| security-group | security-group |
| dhcp_agent_scheduler | DHCP Agent Scheduler |
| router_availability_zone | Router Availability Zone |
| rbac-policies | RBAC Policies |
| standard-attr-description | standard-attr-description |
| port-security | Port Security |
| allowed-address-pairs | Allowed Address Pairs |
| dvr | Distributed Virtual Router |
+---------------------------+-----------------------------------------------+
[[email protected] ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id | agent_type | host | availability_zone | alive | admin_state_up | binary |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0c22170c-cdbd-40db-b3f8-5f248d3c3df1 | Linux bridge agent | controller | | :-) | True | neutron-linuxbridge-agent |
| 5bb07134-1fb2-4f68-876c-62b939572034 | L3 agent | controller | nova | :-) | True | neutron-l3-agent |
| 786ecf78-00aa-4f4a-bc40-73b7f1549d4c | DHCP agent | controller | nova | :-) | True | neutron-dhcp-agent |
| d20c1f79-479c-4136-b322-8e7322673fe4 | Metadata agent | controller | | :-) | True | neutron-metadata-agent |
| daab7305-88e5-40a3-a42f-9ea55d5d2ad2 | Linux bridge agent | compute1 | | :-) | True | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
以上是关于OpenStack-Mitaka的主要内容,如果未能解决你的问题,请参考以下文章
openstack-mitaka web添加防火墙(fwaas)
openstack-mitaka的allinone模式私有云平台