目录
- Centos7搭建OpenStack T版本 --上
- 1. 环境准备(所有节点操作)
- 1.1 修改主机名
- 1.2 关闭selinux 以及防火墙
- 1.3 修改hosts
- 1.4 配置时间同步
- controller 操作
- compute以及其他节点操作
- 1.5 配置OpenStack 软件包
- 1.6 安装数据库
- 1.7 安装消息队列
- 1.8 安装memcached
- 1.9 安装etcd
- 2. 安装Keystone
- 2.1 数据库操作
- 2.2 安装软件包
- 2.3 编写admin rc文件
- 2.4 测试keystone是否正常工作
- 2.4.1 创建domain
- 2.4.2 创建project
- 2.4.3 最后测试
- 3. 安装glance
- 3.1 数据库操作
- 3.2 创建 glance用户
- 3.3 给glance创建服务端点
- 3.4 安装配置glance
- 3.4.1 glance-api 配置文件
- 3.5 同步数据库
- 3.6 启动服务
- 3.7 验证服务
- 4. 安装placement
- 4.1 数据库操作
- 4.2 配置用户
- 4.3 创建服务端点
- 4.4 安装placement
- 4.5 placement配置文件
- 4.6 同步数据库
- 4.7 重启httpd服务
- 4.8 验证服务
- 4.9 注意坑
- 5. 安装nova
- 5.1 数据库操作
- 5.2 创建用户
- 5.3 创建服务端点
- 5.4 安装软件包
- 5.5 编辑配置文件 nova.conf
- 5.6 同步数据库
- 5.7 启动服务
- 6. 安装nova-compute 在计算节点操作
- 6.1 安装软件包
- 6.2 编辑配置文件
- 6.3 检查计算节点是否支持硬件虚拟化
- 6.4 启动服务
- 6.5 将计算节点添加到数据库,controller节点执行
- 6.6 验证服务
- 7. 安装Neutron
- 7.1 数据库操作
- 7.2 创建用户
- 7.3 创建服务端点
- 7.4 安装Self-service networks
- 7.5 编写配置文件 neutron.conf
- 7.6 编写配置文件 ml2_conf.ini
- 7.7 编写linuxbridge_agent.ini
- 7.8 打开桥接
- 7.9 编写 l3_agent.ini
- 7.10 编写dhcp_agent.ini
- 7.11 编写metadata_agent.ini
- 7.12 配置nova使用网络服务
- 7.13 完成安装
- 7.14 启动服务
- 7.15 验证服务
- 8. 安装dashboard
- 8.1 安装软件包
- 8.2 修改配置文件 local_settings
- 8.3 编辑openstack-dashboard.conf
- 8.4 重启服务
- 9. 验证
- 9.1 登录dashboard
- 9.2 创建网络,子网
- 9.3 创建实例类型
- 9.4 创建虚拟机
- 1. 环境准备(所有节点操作)
Centos7搭建OpenStack T版本 --上
1. 环境准备(所有节点操作)
| 主机名 | IP |
|---|---|
| controller | 192.168.100.100(仅主机) 192.168.200.X (NAT模式DHCP分配) |
| compute | 192.168.100.200(仅主机) 192.168.200.X (NAT模式DHCP分配) |
如果需要搭建存储节点则添加机器并配置网络即可,我的所有密码设置为123
1.1 修改主机名
所有节点都需要操作,且操作方法一样,只写了controller一个节点的结果,其他节点照常执行
IP地址自行配置
[root@localhost ~]# hostnamectl set-hostname controller
[root@localhost ~]# bash
1.2 关闭selinux 以及防火墙
将默认的enforcing改为disabled
[root@controller ~]# cat /etc/selinux/config # This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=disabled
[root@controller ~]# setenforce 0
[root@controller ~]# systemctl disable --now firewalld
1.3 修改hosts
[root@controller ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
# 加上controller和compute,如果有其他节点也写进来
192.168.100.100 controller
192.168.100.110 compute
1.4 配置时间同步
controller 操作
[root@controller ~]# yum install chrony -y
[root@controller ~]# vim /etc/chrony.conf
# controller节点需要改这三个地方
server ntp.aliyun.com iburst # 中间的ntp服务器可自己改,能同步就行
allow 192.168.100.0/24 #允许192.168.100.0/24 这个网段内的主机与这台服务器同步
local stratum 10
[root@controller ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* 203.107.6.88 2 6 17 2 +319us[ +654us] +/- 23ms
compute以及其他节点操作
[root@compute ~]# yum install chrony -y
[root@compute ~]# vim /etc/chrony.conf
# 只需要改动一处地方
server controller iburst
[root@compute ~]# systemctl restart chronyd
[root@compute ~]# chronyc sources
210 Number of sources = 1
MS Name/IP address Stratum Poll Reach LastRx Last sample
===============================================================================
^* controller 3 6 7 1 +6342ns[ -921us] +/- 29ms
1.5 配置OpenStack 软件包
[root@controller ~]# yum install centos-release-openstack-train -y
[root@controller ~]# yum install python2-openstackclient -y
1.6 安装数据库
从这里开始只需要在controller节点上操作,其他节点不需要操作
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL
[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf
[mysqld]
# 官网有这一条配置,我没有打开,打开之后不方便排错
# bind-address = 192.168.100.100default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
[root@controller ~]# systemctl enable --now mariadb
数据库初始化
[root@controller ~]# mysql_secure_installation
Enter current password for root (enter for none): # 直接按回车
Change the root password? [Y/n] # 是否修改root密码,按Y然后输入密码
Remove anonymous users? [Y/n] # 移除匿名用户,建议移除
Disallow root login remotely? [Y/n] # 是否禁止root远程登录,建议开启,按n
Remove test database and access to it? [Y/n] # 移除测试数据库,建议按Y
Reload privilege tables now? [Y/n] # 重新加载权限,按Y
1.7 安装消息队列
[root@controller ~]# yum install rabbitmq-server -y
[root@controller ~]# systemctl enable rabbitmq-server.service --now
# 这个地方RABBIT_PASS 设置为你自己的密码,我用的123
# rabbitmqctl add_user openstack RABBIT_PASS
[root@controller ~]# rabbitmqctl add_user openstack 123
[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
1.8 安装memcached
[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# vim /etc/sysconfig/memcached
# 修改这一行,加上controller
OPTIONS="-l 127.0.0.1,::1,controller"
[root@controller ~]# systemctl enable memcached.service --now
1.9 安装etcd
[root@controller ~]# yum install etcd -y
# 直接清空原先的配置,使用这些,注意将192.178.100.100 改为你自己的controller的IP
#[Member]
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://192.168.100.100:2380"
ETCD_LISTEN_CLIENT_URLS="http://192.168.100.100:2379"
ETCD_NAME="controller"
#[Clustering]
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://192.168.100.100:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://192.168.100.100:2379"
ETCD_INITIAL_CLUSTER="controller=http://192.168.100.100:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"
ETCD_INITIAL_CLUSTER_STATE="new"
[root@controller ~]# systemctl enable --now etcd
2. 安装Keystone
2.1 数据库操作
我的所有密码为123,之后不写注释了,你需要修改密码的话将123改为你想设的密码就好
[root@controller ~]# mysql -uroot -p123
# -p 后面跟上你的数据库root密码,如果不想这样直接显示登录的话可以直接-p 回车
MariaDB [(none)]> CREATE DATABASE keystone;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%'IDENTIFIED BY '123';
MariaDB [(none)]> glush privileges;
2.2 安装软件包
[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y
[root@controller ~]# vim /etc/keystone/keystone.conf
[database]
# 自己注意替换密码,123是你要替换的地方
connection = mysql+pymysql://keystone:123@controller/keystone
[token]
provider = fernet
[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone# 命令比较长,注意自行替换123
[root@controller ~]# keystone-manage bootstrap --bootstrap-password 123 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
[root@controller ~]# vim /etc/httpd/conf/httpd.conf
ServerName controller
[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@controller ~]# systemctl enable --now httpd
2.3 编写admin rc文件
[root@controller ~]# vim admin-login.sh
export OS_USERNAME=admin
export OS_PASSWORD=123
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
2.4 测试keystone是否正常工作
2.4.1 创建domain
[root@controller ~]# openstack domain create --description "An Example Domain" example+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
2.4.2 创建project
[root@controller ~]# openstack project create --domain default \--description "Service Project" service+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
2.4.3 最后测试
[root@controller ~]# unset OS_AUTH_URL OS_PASSWORD
[root@controller ~]# openstack --os-auth-url http://controller:5000/v3 \--os-project-domain-name Default --os-user-domain-name Default \--os-project-name admin --os-username admin token issue
Password: # 这个地方输入admin密码
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
3. 安装glance
3.1 数据库操作
[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE glance;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \IDENTIFIED BY '123';
3.2 创建 glance用户
[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password: # 输入两次密码
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@controller ~]# openstack role add --project service --user glance admin
[root@controller ~]# openstack service create --name glance --description "OpenStack Image" image
3.3 给glance创建服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \image public http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \image internal http://controller:9292
[root@controller ~]# openstack endpoint create --region RegionOne \image admin http://controller:9292
3.4 安装配置glance
[root@controller ~]# yum install openstack-glance -y
3.4.1 glance-api 配置文件
[root@controller ~]# vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:123@controller/glance[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123[paste_deploy]
flavor = keystone[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
3.5 同步数据库
[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance
3.6 启动服务
[root@controller ~]# systemctl enable openstack-glance-api.service --now
3.7 验证服务
[root@controller ~]# source admin-login.sh
[root@controller ~]# wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
[root@controller ~]# glance image-create --name "cirros" \--file cirros-0.4.0-x86_64-disk.img \--disk-format qcow2 --container-format bare \--visibility public
[root@controller ~]# openstack image list
+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 2a2ff041-0696-47a6-893b-b35d529b743d | cirros | active |
+--------------------------------------+--------+--------+
# 输出这个就代表没错
4. 安装placement
4.1 数据库操作
[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE placement;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123';
4.2 配置用户
[root@controller ~]# openstack user create --domain default --password-prompt placement
[root@controller ~]# openstack role add --project service --user placement admin
[root@controller ~]# openstack service create --name placement \ --description "Placement API" placement
4.3 创建服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \placement public http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \placement admin http://controller:8778
[root@controller ~]# openstack endpoint create --region RegionOne \placement internal http://controller:8778
4.4 安装placement
[root@controller ~]# yum install openstack-placement-api -y
4.5 placement配置文件
[placement_database]
connection = mysql+pymysql://placement:123@controller/placement[api]
auth_strategy = keystone[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 123
4.6 同步数据库
[root@controller ~]# su -s /bin/sh -c "placement-manage db sync" placement
4.7 重启httpd服务
[root@controller ~]# systemctl restart httpd
4.8 验证服务
[root@controller ~]# placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
4.9 注意坑
官网有一个配置是默认没有写的,如果不写的话后期nova有一条命令是会报错的,并且也无法创建虚拟机,会报错500,找不到合适的节点,所以这个得开
[root@controller ~]# vim /etc/httpd/conf.d/00-placement-api.conf
# 将这些配置放在这个文件里<Directory /usr/bin><IfVersion >= 2.4>Require all granted</IfVersion><IfVersion < 2.4>Order allow,denyAllow from all</IfVersion>
</Directory>5. 安装nova
5.1 数据库操作
[root@controller ~]# mysql -u root -p123
MariaDB [(none)]> CREATE DATABASE nova_api;
MariaDB [(none)]> CREATE DATABASE nova;
MariaDB [(none)]> CREATE DATABASE nova_cell0;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \IDENTIFIED BY '123';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \IDENTIFIED BY '123';MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' \IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' \IDENTIFIED BY '123';
5.2 创建用户
[root@controller ~]# openstack user create --domain default --password-prompt nova
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user nova admin
[root@controller ~]# openstack service create --name nova \--description "OpenStack Compute" compute
5.3 创建服务端点
[root@controller ~]# openstack endpoint create --region RegionOne \compute public http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne \compute internal http://controller:8774/v2.1
[root@controller ~]# openstack endpoint create --region RegionOne \compute admin http://controller:8774/v2.1
5.4 安装软件包
[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
5.5 编辑配置文件 nova.conf
[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.100.100
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:123@controller:5672/
enabled_apis = osapi_compute,metadata[api_database]
connection = mysql+pymysql://nova:123@controller/nova_api[database]
connection = mysql+pymysql://nova:123@controller/nova[api]
auth_strategy = keystone[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip[glance]
api_servers = http://controller:9292[oslo_concurrency]
lock_path = /var/lib/nova/tmp[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123
5.6 同步数据库
[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0?charset=utf8 | False |
| cell1 | f690f4fd-2bc5-4f15-8145-db561a7b9d3d | rabbit://openstack:****@controller:5672/nova_cell1 | mysql+pymysql://nova:****@controller/nova_cell1?charset=utf8 | False |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
5.7 启动服务
[root@controller ~]# systemctl enable \
> openstack-nova-api.service \
> openstack-nova-scheduler.service \
> openstack-nova-conductor.service \
> openstack-nova-novncproxy.service --now
6. 安装nova-compute 在计算节点操作
6.1 安装软件包
[root@compute ~]# yum install openstack-nova-compute -y
6.2 编辑配置文件
[root@compute ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.100.110
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:123@controller[api]
auth_strategy = keystone[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html[glance]
api_servers = http://controller:9292[oslo_concurrency]
lock_path = /var/lib/nova/tmp[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123
6.3 检查计算节点是否支持硬件虚拟化
[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo
此处的回显应该是1或大于1的数字,如果是0的话,检查一下有没有开启虚拟化
vmware workstation 这样操作,需要点开这个
![image-20240519184824587](C:\Users\Administration\AppData\Roaming\Typora\typora-user-images\image-20240519184824587.png
6.4 启动服务
[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service --now
6.5 将计算节点添加到数据库,controller节点执行
[root@controller ~]# openstack compute service list --service nova-compute
[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
6.6 验证服务
[root@controller ~]# openstack compute service list
[root@controller ~]# openstack compute service list
+----+----------------+------------+----------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+----------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-conductor | controller | internal | enabled | up | 2024-05-19T10:53:30.000000 |
| 2 | nova-scheduler | controller | internal | enabled | up | 2024-05-19T10:53:33.000000 |
| 6 | nova-compute | compute | nova | enabled | up | 2024-05-19T10:53:34.000000 |
+----+----------------+------------+----------+---------+-------+----------------------------+
[root@controller ~]# nova-status upgrade check
如果执行这个命令报错403的话,就去前面加上placement的一些配置即可解决
7. 安装Neutron
7.1 数据库操作
[root@controller ~]# mysql -u root -p123
MariaDB [(none)] CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \IDENTIFIED BY '123';
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \IDENTIFIED BY '123';
7.2 创建用户
[root@controller ~]# openstack user create --domain default --password-prompt neutron
User Password:
Repeat User Password:
[root@controller ~]# openstack role add --project service --user neutron admin
7.3 创建服务端点
[root@controller ~]# openstack service create --name neutron \--description "OpenStack Networking" network
[root@controller ~]# openstack endpoint create --region RegionOne \network public http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \network internal http://controller:9696
[root@controller ~]# openstack endpoint create --region RegionOne \network admin http://controller:9696
7.4 安装Self-service networks
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 \openstack-neutron-linuxbridge ebtables -y
7.5 编写配置文件 neutron.conf
[root@controller ~]# vim /etc/neutron/neutron.conf[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:123@controller
auth_strategy = keystone[database]
connection = mysql+pymysql://neutron:123@controller/neutron[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = 123[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = 123[oslo_concurrency]
lock_path = /var/lib/neutron/tmp7.6 编写配置文件 ml2_conf.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
[ml2]
tenant_network_types = vxlan
mechanism_drivers = linuxbridge,l2population
type_drivers = flat,vlan,vxlan
extension_drivers = port_security[ml2_type_flat]
flat_networks = provider[ml2_type_vxlan]
vni_ranges = 1:1000[securitygroup]
enable_ipset = true7.7 编写linuxbridge_agent.ini
[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = provider:ens34
# 这里的ens34你改成你自己使用NAT的那一张网卡
[vxlan]
enable_vxlan = true
# IP改成自己的
local_ip = 192.168.100.100
l2_population = true[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
7.8 打开桥接
[root@controller ~]# modprobe br_netfilter
[root@controller ~]# vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables=1
net.bridge.bridge-nf-call-ip6tables=1
[root@controller ~]# sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
7.9 编写 l3_agent.ini
[root@controller ~]# vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
7.10 编写dhcp_agent.ini
[root@controller ~]# vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
7.11 编写metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
# 这个地方的123可以自定义,等会需要用到,随便写啥都行
metadata_proxy_shared_secret = 123
7.12 配置nova使用网络服务
[root@controller ~]# vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = 123
service_metadata_proxy = true
# 这里的123 就需要跟刚刚那个地方定义的一样
metadata_proxy_shared_secret = 123
7.13 完成安装
[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
7.14 启动服务
[root@controller ~]#systemctl restart openstack-nova-api.service[root@controller ~]#systemctl enable neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.service neutron-l3-agent.service --now
7.15 验证服务
[root@controller neutron]# openstack network agent list
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
| 121cc747-3516-446e-bb6f-c6e95af3a000 | Metadata agent | localhost | None | :-) | UP | neutron-metadata-agent |
| 17059e4f-c61f-4e8c-87ff-35ced7764543 | Linux bridge agent | localhost | None | :-) | UP | neutron-linuxbridge-agent |
| 32fded8a-dc80-4316-9771-42055979b0b8 | L3 agent | localhost | nova | :-) | UP | neutron-l3-agent |
| ae4ca75a-153b-4bf4-a284-8db4d338d757 | DHCP agent | localhost | nova | :-) | UP | neutron-dhcp-agent |
| e930286f-f99c-4f35-b8c0-0d5e83e35bf8 | Linux bridge agent | compute | None | :-) | UP | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+-------+---------------------------+
8. 安装dashboard
8.1 安装软件包
[root@controller ~]# yum install openstack-dashboard -y
8.2 修改配置文件 local_settings
[root@controller ~]# vim /etc/openstack-dashboard/local_settings
# 这里面有些配置项是本来就存在的,直接修改即可,不存在的直接添加OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'CACHES = {'default': {'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache','LOCATION': 'controller:11211',}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {"identity": 3,"image": 2,"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
# 这里面如果你安装的neutron是 provider类型的禁用第三项,其他的不变
OPENSTACK_NEUTRON_NETWORK = {...'enable_router': False,'enable_quotas': False,'enable_distributed_router': True,'enable_ha_router': False,'enable_lb': False,'enable_firewall': False,'enable_vpn': False,'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
# 这一行得加上
WEBROOT='/dashboard'
8.3 编辑openstack-dashboard.conf
[root@controller ~]# vim /etc/httpd/conf.d/openstack-dashboard.conf
# 加上这一行
WSGIApplicationGroup %{GLOBAL}
8.4 重启服务
[root@controller ~]# systemctl restart httpd.service memcached.service到这里openstack的基础组件就安装完了,如果有其他需求可以根据官方文档来继续安装其他组件
9. 验证
9.1 登录dashboard
9.2 创建网络,子网
9.3 创建实例类型
9.4 创建虚拟机
