OpenStack-Mitaka

Posted l-dongf

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了OpenStack-Mitaka相关的知识,希望对你有一定的参考价值。

一、Cloud 基础概念

  • IAAS:Infrastructre As A Service 基础架构及服务,OpenStack,CloudStack
  • PAAS:Platform As A Service 平台及服务,Docker
  • SAAS:Software As A Service 软件及服务
  • FWaas,DBaas,LBaas,...
  • Private Cloud
  • Public Cloud
  • Hybrid Cloud

二、OpenStack

官方站点:https://www.openstack.org/

安装文档:https://docs.openstack.org/mitaka/install-guide-rdo/

中文文档:https://docs.openstack.org/mitaka/zh_CN/install-guide-rdo/

环境:

  • controller:192.168.100.11(管理网络) 172.16.100.11(服务网络)
  • compute:192.168.100.12(管理网络) 172.16.100.12(服务网络)
  • block:192.168.100.14
  • OpenStack版本:Mitaka

三、基础环境

1、NTP

  • controller节点
[[email protected] ~]# yum install chrony
[[email protected] ~]# vim /etc/chrony.conf
server ntp.aliyun.com iburst
allow 192.168.100.0/24
[[email protected] ~]# systemctl enable chronyd.service
[[email protected] ~]# systemctl restart chronyd.service
  • controller节点
[[email protected] ~]# yum install chrony
server controller iburst
[[email protected] ~]# systemctl enable chronyd.service
[[email protected] ~]# systemctl start chronyd.service
[[email protected] ~]# chronyc sources  #对比本地时间和服务器时间差
210 Number of sources = 1
MS Name/IP address         Stratum Poll Reach LastRx Last sample
===============================================================================
^? controller                    3   6     1     1   -731us[ -731us] +/-   12ms

2、配置yum源

3、安装数据库

  • controller
[[email protected] ~]# yum install mariadb mariadb-server python2-Pymysql
[[email protected] ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 192.168.100.11
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[[email protected] ~]# vim /etc/my.cnf
[mysqld]
skip_name_resolve
[[email protected] ~]# systemctl start mariadb.service

四、Identity认证服务

  1. User:一个user可以关联至多个tenant
  2. Tanant:租户,一个tenant对应于一个project,或者一个组织
  3. Role:角色
  4. Token:令牌,用于认证和授权
  5. Service:服务
  6. Endpoint:端点,服务的访问入口
  • 在controller节点上安装keystone
[[email protected] ~]# mysql -u root -p
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost'   IDENTIFIED BY 'keystone';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'   IDENTIFIED BY 'keystone';
[[email protected] ~]# yum install python-openstackclient -y
[[email protected] ~]# yum install openstack-keystone httpd mod_wsgi -y
[[email protected] ~]# openssl rand -hex 10 > mytoken
[[email protected] ~]# cat mytoken
7a1da5ba2fe4c69eea05
[[email protected] ~]# vim /etc/keystone/keystone.conf
[DEFAULT]
admin_token = 7a1da5ba2fe4c69eea05
[database]
connection = mysql+pymysql://keystone:[email protected]/keystone
[token]
provider = fernet
[[email protected] ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[[email protected] ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[[email protected] ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[[email protected] ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>
[[email protected] ~]# systemctl enable httpd.service
[[email protected] ~]# systemctl start httpd.service
  • 配置
[[email protected] ~]# export OS_TOKEN=`cat mytoken`
[[email protected] ~]# export |grep OS_TOKEN
declare -x OS_TOKEN="7a1da5ba2fe4c69eea05"
[[email protected] ~]# export OS_URL=http://controller:35357/v3
[[email protected] ~]# export OS_IDENTITY_API_VERSION=3
[[email protected] ~]# openstack service create >   --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Identity               |
| enabled     | True                             |
| id          | b37f52dd30654076b151a852afeeee7e |
| name        | keystone                         |
| type        | identity                         |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   identity public http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 10b3925aea3b44bc9fe7dcf4fc93697a |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   identity internal http://controller:5000/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 4749500493f94ea89f2b33e675fae051 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:5000/v3        |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   identity admin http://controller:35357/v3
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | e76140cd04494699ba7e434f297ce291 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | b37f52dd30654076b151a852afeeee7e |
| service_name | keystone                         |
| service_type | identity                         |
| url          | http://controller:35357/v3       |
+--------------+----------------------------------+
[[email protected] ~]# openstack domain create --description "Default Domain" default
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Default Domain                   |
| enabled     | True                             |
| id          | c121b35fd0314f16827a85fdb61bf94b |
| name        | default                          |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default >   --description "Admin Project" admin
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Admin Project                    |
| domain_id   | c121b35fd0314f16827a85fdb61bf94b |
| enabled     | True                             |
| id          | 3a76f6def02b417d91ec9278b7bff6f2 |
| is_domain   | False                            |
| name        | admin                            |
| parent_id   | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[[email protected] ~]# openstack user create --domain default >   --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 5643b73e9be142bc806ce6db0c853150 |
| name      | admin                            |
+-----------+----------------------------------+
[[email protected] ~]# openstack role create admin
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 6b8aadf364be463886296a4125eadb0b |
| name      | admin                            |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project admin --user admin admin
[[email protected] ~]# openstack project create --domain default >   --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | c121b35fd0314f16827a85fdb61bf94b |
| enabled     | True                             |
| id          | 32e1692c57ac4f2db2bb52163cf09ac4 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[[email protected] ~]# openstack project create --domain default >   --description "Demo Project" demo
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Demo Project                     |
| domain_id   | c121b35fd0314f16827a85fdb61bf94b |
| enabled     | True                             |
| id          | d94a719f93844a2e90da8ee3ec95a999 |
| is_domain   | False                            |
| name        | demo                             |
| parent_id   | c121b35fd0314f16827a85fdb61bf94b |
+-------------+----------------------------------+
[[email protected] ~]# openstack user create --domain default >   --password-prompt demo
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 4af0aec1e50742cd88f3d1b426424c9f |
| name      | demo                             |
+-----------+----------------------------------+
[[email protected] ~]# openstack role create user
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 43777741cd66492b824d734a36a01cfd |
| name      | user                             |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project demo --user demo user

[[email protected] ~]# openstack service list
+----------------------------------+----------+----------+
| ID                               | Name     | Type     |
+----------------------------------+----------+----------+
| b37f52dd30654076b151a852afeeee7e | keystone | identity |
+----------------------------------+----------+----------+
[[email protected] ~]# openstack endpoint list
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| ID                       | Region    | Service Name | Service Type | Enabled | Interface | URL                       |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
| 10b3925aea3b44bc9fe7dcf4 | RegionOne | keystone     | identity     | True    | public    | http://controller:5000/v3 |
| fc93697a                 |           |              |              |         |           |                           |
| 4749500493f94ea89f2b33e6 | RegionOne | keystone     | identity     | True    | internal  | http://controller:5000/v3 |
| 75fae051                 |           |              |              |         |           |                           |
| e76140cd04494699ba7e434f | RegionOne | keystone     | identity     | True    | admin     | http://controller:35357/v |
| 297ce291                 |           |              |              |         |           | 3                         |
+--------------------------+-----------+--------------+--------------+---------+-----------+---------------------------+
[[email protected] ~]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 4af0aec1e50742cd88f3d1b426424c9f | demo  |
| 5643b73e9be142bc806ce6db0c853150 | admin |
+----------------------------------+-------+
[[email protected] ~]# openstack domain list
+----------------------------------+---------+---------+----------------+
| ID                               | Name    | Enabled | Description    |
+----------------------------------+---------+---------+----------------+
| c121b35fd0314f16827a85fdb61bf94b | default | True    | Default Domain |
+----------------------------------+---------+---------+----------------+
[[email protected] ~]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 32e1692c57ac4f2db2bb52163cf09ac4 | service |
| 3a76f6def02b417d91ec9278b7bff6f2 | admin   |
| d94a719f93844a2e90da8ee3ec95a999 | demo    |
+----------------------------------+---------+
  • 配置认证
编辑 /etc/keystone/keystone-paste.ini 文件,从``[pipeline:public_api]``,[pipeline:admin_api]``和``[pipeline:api_v3]``部分删除``admin_token_auth 。
[[email protected] ~]# unset OS_TOKEN OS_URL
[[email protected] ~]# openstack --os-auth-url http://controller:35357/v3 >   --os-project-domain-name default --os-user-domain-name default >   --os-project-name admin --os-username admin token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T08:59:20.930753Z                                                                             |
| id         | gAAAAABcoHNYAlA--SMCscCnp8EgqsZEwdD8Zt-AxaWqxVI-BYCrAPgVkOpy4tZbDfcuzgVRaYdHQ17a0QcRmD5GczM2TDIDrZh_N5e |
|            | iwMgZGd_ZYVujJwWXMWgE7aVwah3WXOrIxSavBwrQgw51aRSbu9aRDRuNxCfVyZRh5h2-0Qcc6x5S7KU                        |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2                                                                        |
| user_id    | 5643b73e9be142bc806ce6db0c853150                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+
[[email protected] ~]# openstack --os-auth-url http://controller:5000/v3 >   --os-project-domain-name default --os-user-domain-name default >   --os-project-name demo --os-username demo token issue
Password:
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T08:59:58.926501Z                                                                             |
| id         | gAAAAABcoHN-h-fvwJtU3mEwx0ZjaXC85hptKUDp2SXKCkuh64kE6aBLC75SWKQVKebK4RSHs9YHfupaTeC7ayEpLnzH1YB9la8K8CH |
|            | vFAbXigraC4-ExHNNdZzGK3n57IR_EZoO4pTXRmv8GUIyry7nwoHYyCSjMe0zcSrDDotJvqwSWZykzVg                        |
| project_id | d94a719f93844a2e90da8ee3ec95a999                                                                        |
| user_id    | 4af0aec1e50742cd88f3d1b426424c9f                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+
[[email protected] ~]# vim admin-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
[[email protected] ~]# source admin-openrc
[[email protected] ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T09:03:03.526342Z                                                                             |
| id         | gAAAAABcoHQ3Rgtrx-5SEiyZ4nYiWB1wG2CWXU9RVgOFaNggiUYy8o_-MzVhFGmlrjLCEWDbB7Jf4LTVUos-                    |
|            | 078UIGPCyFSd91wdEKKHSWbJMy-lOOt3eu_kauDL-GDbx5JA4cRdD4yzOyM1dHpRrGy5zL2s4f_jOuQzdEjTreKVyS88wfV_PEw     |
| project_id | 3a76f6def02b417d91ec9278b7bff6f2                                                                        |
| user_id    | 5643b73e9be142bc806ce6db0c853150                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+
[[email protected] ~]# source demo-openrc
[[email protected] ~]# openstack token issue
+------------+---------------------------------------------------------------------------------------------------------+
| Field      | Value                                                                                                   |
+------------+---------------------------------------------------------------------------------------------------------+
| expires    | 2019-03-31T09:02:07.204901Z                                                                             |
| id         | gAAAAABcoHP_cFN8-o_9eljXOpHg1801dDM9Fl5c0RoWJ5PWw0oMx-VOdOGGisCeXqwY16Q3WncLTiUwt6-0RddWpE0fMNtO854_gTy |
|            | PHdDSFLmWR_YHSLtJb7qYVkQz7n3JYlTRTACp7mKPGxXKG290nBWBkIXUdYpdIz1BFr2fnXUEOrEG5m0                        |
| project_id | d94a719f93844a2e90da8ee3ec95a999                                                                        |
| user_id    | 4af0aec1e50742cd88f3d1b426424c9f                                                                        |
+------------+---------------------------------------------------------------------------------------------------------+

五、Glance镜像服务

  • 注册认证信息
[[email protected] ~]# mysql -u root -p
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'   IDENTIFIED BY 'glance';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'   IDENTIFIED BY 'glance';
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack user create --domain default --password-prompt glance
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | facce294374f4dd68616a4f0c6881e7e |
| name      | glance                           |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user glance admin
[[email protected] ~]# openstack service create --name glance >   --description "OpenStack Image" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image                  |
| enabled     | True                             |
| id          | ebad348788cb4f9fbd4396ed8a9423dc |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   image public http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | fe627e6b04784e278e1acc7fadaa3027 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   image internal http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 404e5b9ad5134a7998abf614373138d0 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   image admin http://controller:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | cc98e57149b544db819ced2a2de560d5 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | ebad348788cb4f9fbd4396ed8a9423dc |
| service_name | glance                           |
| service_type | image                            |
| url          | http://controller:9292           |
+--------------+----------------------------------+
  • 安装配置glance
[[email protected] ~]# yum install openstack-glance -y
[database]
connection = mysql+pymysql://glance:[email protected]/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone

[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[[email protected] ~]# vim /etc/glance/glance-registry.conf
[database]
connection = mysql+pymysql://glance:[email protected]/glance

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance

[paste_deploy]
flavor = keystone
[[email protected] ~]# su -s /bin/sh -c "glance-manage db_sync" glance
[[email protected] ~]# systemctl enable openstack-glance-api.service   openstack-glance-registry.service
[[email protected] ~]# systemctl start openstack-glance-api.service   openstack-glance-registry.service
  • 验证
[[email protected] ~]# wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[[email protected]r ~]# qemu-img info cirros-0.3.4-x86_64-disk.img
image: cirros-0.3.4-x86_64-disk.img
file format: qcow2
virtual size: 39M (41126400 bytes)
disk size: 13M
cluster_size: 65536
Format specific information:
    compat: 0.10
    refcount bits: 16
[[email protected] ~]# openstack image create "cirros" >   --file cirros-0.3.4-x86_64-disk.img >   --disk-format qcow2 --container-format bare >   --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | ee1eca47dc88f4879d8a229cc70a07c6                     |
| container_format | bare                                                 |
| created_at       | 2019-03-31T08:30:12Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/78acfd89-fbe8-4009-90ba-fcda26d2a107/file |
| id               | 78acfd89-fbe8-4009-90ba-fcda26d2a107                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | cirros                                               |
| owner            | 3a76f6def02b417d91ec9278b7bff6f2                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 13287936                                             |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2019-03-31T08:30:12Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
[[email protected] ~]# openstack image list
+--------------------------------------+--------+--------+
| ID                                   | Name   | Status |
+--------------------------------------+--------+--------+
| 78acfd89-fbe8-4009-90ba-fcda26d2a107 | cirros | active |
+--------------------------------------+--------+--------+

六、Compute计算服务

1、Controller节点

  • controller注册
[[email protected] ~]# mysql -u root -p
CREATE DATABASE nova_api;
CREATE DATABASE nova;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost'   IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'   IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost'   IDENTIFIED BY 'nova';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'   IDENTIFIED BY 'nova';
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack user create --domain default >   --password-prompt nova
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 4e58c5b06038436fbf427ab5b06ce31c |
| name      | nova                             |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user nova admin
[[email protected] ~]# openstack service create --name nova >   --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute                |
| enabled     | True                             |
| id          | 89fccdcdb1bb4e869bb15e756e0469f5 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   compute public http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 9d69264950994bcfad490d3bc50f4164          |
| interface    | public                                    |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 89fccdcdb1bb4e869bb15e756e0469f5          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   compute internal http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | 7f1a7bf4d72c48da8c75ebf1a3ebb5f1          |
| interface    | internal                                  |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 89fccdcdb1bb4e869bb15e756e0469f5          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   compute admin http://controller:8774/v2.1/%\(tenant_id\)s
+--------------+-------------------------------------------+
| Field        | Value                                     |
+--------------+-------------------------------------------+
| enabled      | True                                      |
| id           | b58bd319647f49329fd9dce3bb8e191c          |
| interface    | admin                                     |
| region       | RegionOne                                 |
| region_id    | RegionOne                                 |
| service_id   | 89fccdcdb1bb4e869bb15e756e0469f5          |
| service_name | nova                                      |
| service_type | compute                                   |
| url          | http://controller:8774/v2.1/%(tenant_id)s |
+--------------+-------------------------------------------+
  • 安装Nova
[[email protected] ~]# yum install openstack-nova-api openstack-nova-conductor >   openstack-nova-console openstack-nova-novncproxy >   openstack-nova-scheduler -y
[[email protected] ~]# vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.11
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[api_database]
connection = mysql+pymysql://nova:[email protected]/nova_api

[database]
connection = mysql+pymysql://nova:[email protected]/nova

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova

[vnc]
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[[email protected] ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[[email protected] ~]# su -s /bin/sh -c "nova-manage db sync" nova
[[email protected] ~]# systemctl enable openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service
[[email protected] ~]# systemctl start openstack-nova-api.service   openstack-nova-consoleauth.service openstack-nova-scheduler.service   openstack-nova-conductor.service openstack-nova-novncproxy.service
  • 安装rabbitmq
[[email protected] ~]# yum install rabbitmq-server -y
[[email protected] ~]# rabbitmq-plugins enable rabbitmq_management
[[email protected] ~]# systemctl enable rabbitmq-server.service
[[email protected] ~]# systemctl start rabbitmq-server.service
[[email protected] ~]# rabbitmqctl add_user openstack openstack
[[email protected] ~]# rabbitmqctl set_user_tags openstack administrator
[[email protected] ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
[[email protected] ~]# rabbitmqctl list_users
Listing users ...
openstack       [administrator]
guest   [administrator]

2、Compute节点

[[email protected] ~]# yum install openstack-nova-compute -y
[[email protected] ~]# vim /etc/nova/nova.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone
my_ip = 192.168.100.12
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[vnc]
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

[glance]
api_servers = http://controller:9292

[oslo_concurrency]
lock_path = /var/lib/nova/tmp

[libvirt]
virt_type=kvm
[[email protected] ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
[[email protected] ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[[email protected] ~]# systemctl start libvirtd.service openstack-nova-compute.service

3、在controller上验证

[[email protected] ~]# openstack compute service list
+----+------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary           | Host       | Zone     | Status  | State | Updated At                 |
+----+------------------+------------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | controller | internal | enabled | up    | 2019-03-31T15:47:13.000000 |
|  2 | nova-conductor   | controller | internal | enabled | up    | 2019-03-31T15:47:13.000000 |
|  3 | nova-scheduler   | controller | internal | enabled | up    | 2019-03-31T15:47:13.000000 |
|  6 | nova-compute     | compute1   | nova     | enabled | up    | 2019-03-31T15:47:14.000000 |
+----+------------------+------------+----------+---------+-------+----------------------------+

七、Neutron网络服务

1、Controller节点

  • 配置认证
[[email protected] ~]# mysql -u root -p
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost'   IDENTIFIED BY 'neutron';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'   IDENTIFIED BY 'neutron';
[[email protected] ~]# . admin-openrc
[[email protected] ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | c121b35fd0314f16827a85fdb61bf94b |
| enabled   | True                             |
| id        | 7cf18301eb244ab488718d36e5031a94 |
| name      | neutron                          |
+-----------+----------------------------------+
[[email protected] ~]# openstack role add --project service --user neutron admin
[[email protected] ~]# openstack service create --name neutron >   --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking             |
| enabled     | True                             |
| id          | 7e91416ee62f47b392bcf17c23a53e4a |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   network public http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 12344ed6417b47be8b66736aecd9e2d6 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   network internal http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | bb92e479e0dd4ed89f5dec5b51b78d2d |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
[[email protected] ~]# openstack endpoint create --region RegionOne >   network admin http://controller:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | eb661eb09d5c48c3885fa8d99edf70cc |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 7e91416ee62f47b392bcf17c23a53e4a |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://controller:9696           |
+--------------+----------------------------------+
  • 安装配置
[[email protected] ~]# yum install openstack-neutron openstack-neutron-ml2 >   openstack-neutron-linuxbridge ebtables -y
[[email protected] ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = True
rpc_backend = rabbit
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[database]
connection = mysql+pymysql://neutron:[email protected]/neutron

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[nova]
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = nova

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[[email protected] ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
type_drivers = flat,vlan,vxlan
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
extension_drivers = port_security

[ml2_type_flat]
flat_networks = provider

[ml2_type_vxlan]
vni_ranges = 1:1000

[securitygroup]
enable_ipset = True
[[email protected] ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = True
local_ip = 192.168.100.11
l2_population = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[[email protected] ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
external_network_bridge =   #此选项特意设置成缺省值,这样就可以在一个代理上允许多种外部网络
[[email protected] ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
[[email protected] ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
[[email protected] ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
[[email protected] ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[[email protected] ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf >   --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
[[email protected] ~]# systemctl restart openstack-nova-api.service
[[email protected] ~]# systemctl enable neutron-server.service >   neutron-linuxbridge-agent.service neutron-dhcp-agent.service >   neutron-metadata-agent.service
[[email protected] ~]# systemctl start neutron-server.service >   neutron-linuxbridge-agent.service neutron-dhcp-agent.service >   neutron-metadata-agent.service
[[email protected] ~]# systemctl enable neutron-l3-agent.service
[[email protected] ~]# systemctl start neutron-l3-agent.service

2、Compute节点

  • 安装配置
[[email protected] ~]# yum install openstack-neutron-linuxbridge ebtables ipset -y
[[email protected] ~]# vim /etc/neutron/neutron.conf
[DEFAULT]
rpc_backend = rabbit
auth_strategy = keystone

[oslo_messaging_rabbit]
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = openstack

[keystone_authtoken]
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron

[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
[[email protected] ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:eth1

[vxlan]
enable_vxlan = True
local_ip = 192.168.100.12
l2_population = True

[securitygroup]
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
[[email protected] ~]# vim /etc/nova/nova.conf
[neutron]
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
[[email protected] ~]# systemctl restart openstack-nova-compute.service
[[email protected] ~]# systemctl enable neutron-linuxbridge-agent.service
[[email protected] ~]# systemctl start neutron-linuxbridge-agent.service
  • 验证
[[email protected] ~]# . admin-openrc
[[email protected]ller ~]# neutron ext-list
+---------------------------+-----------------------------------------------+
| alias                     | name                                          |
+---------------------------+-----------------------------------------------+
| default-subnetpools       | Default Subnetpools                           |
| network-ip-availability   | Network IP Availability                       |
| network_availability_zone | Network Availability Zone                     |
| auto-allocated-topology   | Auto Allocated Topology Services              |
| ext-gw-mode               | Neutron L3 Configurable external gateway mode |
| binding                   | Port Binding                                  |
| agent                     | agent                                         |
| subnet_allocation         | Subnet Allocation                             |
| l3_agent_scheduler        | L3 Agent Scheduler                            |
| tag                       | Tag support                                   |
| external-net              | Neutron external network                      |
| net-mtu                   | Network MTU                                   |
| availability_zone         | Availability Zone                             |
| quotas                    | Quota management support                      |
| l3-ha                     | HA Router extension                           |
| provider                  | Provider Network                              |
| multi-provider            | Multi Provider Network                        |
| address-scope             | Address scope                                 |
| extraroute                | Neutron Extra Route                           |
| timestamp_core            | Time Stamp Fields addition for core resources |
| router                    | Neutron L3 Router                             |
| extra_dhcp_opt            | Neutron Extra DHCP opts                       |
| dns-integration           | DNS Integration                               |
| security-group            | security-group                                |
| dhcp_agent_scheduler      | DHCP Agent Scheduler                          |
| router_availability_zone  | Router Availability Zone                      |
| rbac-policies             | RBAC Policies                                 |
| standard-attr-description | standard-attr-description                     |
| port-security             | Port Security                                 |
| allowed-address-pairs     | Allowed Address Pairs                         |
| dvr                       | Distributed Virtual Router                    |
+---------------------------+-----------------------------------------------+
[[email protected] ~]# neutron agent-list
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 0c22170c-cdbd-40db-b3f8-5f248d3c3df1 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
| 5bb07134-1fb2-4f68-876c-62b939572034 | L3 agent           | controller | nova              | :-)   | True           | neutron-l3-agent          |
| 786ecf78-00aa-4f4a-bc40-73b7f1549d4c | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| d20c1f79-479c-4136-b322-8e7322673fe4 | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
| daab7305-88e5-40a3-a42f-9ea55d5d2ad2 | Linux bridge agent | compute1   |                   | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

以上是关于OpenStack-Mitaka的主要内容,如果未能解决你的问题,请参考以下文章

Openstack-mitaka 使用及搭建

openstack-mitaka基础环境介绍

openstack-mitaka web添加防火墙(fwaas)

openstack-mitaka的allinone模式私有云平台

openstack-mitaka文件共享服务(blockstorage配置)

openstack-mitaka之镜像服务管理安装配置部署