安装 openstack-ocata OVS+VLAN(归档修改中)

Posted 2020-09-08

tags:

篇首语：本文由小常识网(cha138.com)小编为大家整理，主要介绍了安装 openstack-ocata OVS+VLAN(归档修改中)相关的知识，希望对你有一定的参考价值。

一、基础环境

yum install vim wget lrzsz unzip python-openstackclient openstack-utils openstack-selinux chrony mariadb mariadb-server python2-Pymysql rabbitmq-server memcached python-memcached -y

yum upgrade

二、创建数据库

CREATE DATABASE keystone;
CREATE DATABASE glance;
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘localhost‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON keystone.* TO ‘keystone‘@‘%‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘localhost‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON glance.* TO ‘glance‘@‘%‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON nova_api.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON nova.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova‘@‘localhost‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON nova_cell0.* TO ‘nova‘@‘%‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘localhost‘ IDENTIFIED BY ‘darwinlab.cn‘;
GRANT ALL PRIVILEGES ON neutron.* TO ‘neutron‘@‘%‘ IDENTIFIED BY ‘darwinlab.cn‘;

添加并启动服务
sed -i ‘s/::1/192.168.120.30/‘ /etc/sysconfig/memcached
systemctl enable chronyd.service mariadb.service memcached.service rabbitmq-server.service
systemctl start chronyd.service mariadb.service memcached.service rabbitmq-server.service

三、认证服务

yum install openstack-keystone httpd mod_wsgi
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:[email protected]/keystone
openstack-config --set /etc/keystone/keystone.conf token provider fernet

#同步数据库

su -s /bin/sh -c "keystone-manage db_sync" keystone

#创建fernet

keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

#API 注册

keystone-manage bootstrap --bootstrap-password darwinlab.cn --bootstrap-admin-url http://192.168.120.30:35357/v3/ --bootstrap-internal-url http://192.168.120.30:5000/v3/ --bootstrap-public-url http://192.168.120.30:5000/v3/ --bootstrap-region-id RegionOne

#配置HTTP

sed -i ‘s/#www.example.com:80/controller/‘ /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

#创建认证配置文件

ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/

#启动服务

systemctl enable httpd.service
systemctl start httpd.service

# 创建域，项目、用户、和角色

openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password-prompt demo
openstack role create user
openstack role add --project demo --user demo user

四、镜像服务

#创建glance、角色、及服务

openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://192.168.120.30:9292
openstack endpoint create --region RegionOne image internal http://192.168.120.30:9292
openstack endpoint create --region RegionOne image admin http://192.168.120.30:9292

#安装glance服务

yum install openstack-glance -y

#配置glance API

openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:[email protected]/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://192.168.120.30:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://192.168.120.30:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers 192.168.120.30:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password darwinlab.cn
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/

#配置glance 注册服务

su -s /bin/sh -c "glance-manage db_sync" glance

#启动服务

systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl start openstack-glance-api.service openstack-glance-registry.service

#上传测试镜像

openstack image create "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --public

五、计算服务控制端
#创建nova、角色、及服务

openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
#openstack endpoint create --region RegionOne compute public http://192.168.120.30:8774/v2.1/%\(tenant_id\)s
#openstack endpoint create --region RegionOne compute internal http://192.168.120.30:8774/v2.1/%\(tenant_id\)s
#openstack endpoint create --region RegionOne compute admin http://192.168.120.30:8774/v2.1\(tenant_id\)s
openstack endpoint create --region RegionOne compute public http://192.168.120.30:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://192.168.120.30:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://192.168.120.30:8774/v2.1

#安装placement服务

openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://192.168.120.30:8778 && openstack endpoint create --region RegionOne placement internal http://192.168.120.30:8778 && openstack endpoint create --region RegionOne placement admin http://192.168.120.30:8778

#安装nova控制服务

yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y

#配置nova控制服务

openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.120.30
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:[email protected]
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:[email protected]/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:[email protected]/nova
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.120.30:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://192.168.120.30:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers 192.168.120.30:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password darwinlab.cn
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen \$my_ip
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address \$my_ip
openstack-config --set /etc/nova/nova.conf glance api_servers http://192.168.120.30:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://192.168.120.30:35357/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password darwinlab.cn
openstack-config --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 1

#修改 /etc/httpd/conf.d/00-nova-placement-api.conf

<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
ErrorLogFormat "%M"
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>

#同步数据库

su -s /bin/sh -c "nova-manage api_db sync" nova

#注册cell0数据库

su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

#创建cell1数据库

su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

#同步数据库

su -s /bin/sh -c "nova-manage db sync" nova

#验证nova cell0和cell1注册的正确性

nova-manage cell_v2 list_cells

#加载服务并启动服务

systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service && systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

#重启httpd

systemctl restart httpd

#监测

nova-status upgrade check

#安装计算节点

yum install net-tools vim lrzsz unzip openstack-nova-compute openstack-utils -y

#配置nova计算节点

openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:[email protected]
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.120.31
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.120.30:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://192.168.120.30:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers 192.168.120.30:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password darwinlab.cn
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address \$my_ip
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.120.30:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://192.168.120.30:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://192.168.120.30:35357/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password darwinlab.cn

#加载服务并启动服务

systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service

六、安装网络控制器节点 (基于open-vswitch)

#创建neutron、角色、及服务

openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://192.168.120.30:9696 && openstack endpoint create --region RegionOne network internal http://192.168.120.30:9696 && openstack endpoint create --region RegionOne network admin http://192.168.120.30:9696

#网络类型1：提供者网络
1：安装软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch ebtables -y

2：配置网络服务组件(基本配置)

openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:[email protected]/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:[email protected]
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.120.30:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://192.168.120.30:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers 192.168.120.30:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password darwinlab.cn
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://192.168.120.30:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password darwinlab.cn
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

3:配置二层插件(ovs)

openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types \ 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vlan network_vlan_ranges provider:200:201
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group true

4：配置计算服务使用网络

openstack-config --set /etc/nova/nova.conf neutron url http://192.168.120.30:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://192.168.120.30:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password darwinlab.cn
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret darwinlab.cn

5:配置软连接

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

6：同步数据库

su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

7：启动并加载服务

systemctl restart openstack-nova-api.service
systemctl enable neutron-server.service
systemctl start neutron-server.service

七、计算节点使用网络
1、安装软件包

yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y

vim /etc/sysctl.conf
net.ipv4.conf.all.rp_filter=0
net.ipv4.conf.default.rp_filter=0
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
sysctl -p

2、配置客户端组件

openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:[email protected]/neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins 
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:[email protected]
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.120.30:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://192.168.120.30:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers 192.168.120.30:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password darwinlab.cn
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://192.168.120.30:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password darwinlab.cn
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp

3、配置OVS

openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini ovs bridge_mappings provider:br-provider
openstack-config --set /etc/neutron/plugins/ml2/openvswitch_agent.ini securitygroup firewall_driver iptables_hybrid

4:配置DHCP

openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver openvswitch
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT force_metadata True
#openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq

5、配置metadata agent

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 192.168.120.30
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret darwinlab.cn

6、创建ovs管理物理接口

ovs-vsctl add-br br-provider
ovs-vsctl add-port br-provider enp3s0

7、启动ovs服务

systemctl enable openvswitch.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

6：配置计算服务使用网络

systemctl enable openvswitch.service neutron-openvswitch-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service

以上是关于安装 openstack-ocata OVS+VLAN(归档修改中)的主要内容，如果未能解决你的问题，请参考以下文章

OpenStack-Ocata版的官方安装文档

centos7部署openstack-ocata

Open vSwitch（OVS）介绍编译安装与原理

安装OVS

Open vSwitch系列之二安装指定版本ovs

OpenStack: OVS安装