您的位置:首页 > 运维架构 > Linux

Centos 安装OpenStack

2017-09-26 10:51 489 查看
shell命令行配置文件内容数据库命令准备工作:配置网络1、controller node# hostname controller# vi /etc/sysconfig/network-scripts/ifcfg-enp0s25
TYPE="Ethernet"BOOTPROTO=staticDEFROUTE="yes"PEERDNS="no"PEERROUTES="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_PEERDNS="yes"IPV6_PEERROUTES="yes"IPV6_FAILURE_FATAL="no"NAME="enp0s25"UUID="b72d4b61-6854-4f8b-9dc5-45759fd8fbb4"DEVICE="enp0s25"ONBOOT="yes"IPADDR=192.168.20.61GATEWAY=192.168.20.253NETMASK=255.255.255.0DNS1=192.168.20.253
# vi /etc/resolv.conf    (内容如下)
nameserver 192.168.20.253
# vi /etc/hosts     (内容如下)
#controller192.168.20.61     controller#compute192.168.10.10     compute#network192.168.10.11     network
2、compute node# hostname compute# vi /etc/sysconfig/network-scripts/ifcfg-em1     (内容如下)
TYPE="Ethernet"BOOTPROTO=staticDEFROUTE="yes"PEERDNS="no"PEERROUTES="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_PEERDNS="yes"IPV6_PEERROUTES="yes"IPV6_FAILURE_FATAL="no"NAME="em1"UUID="55a3caad-3f76-4c9d-b9f9-ecf1f605605b"DEVICE="em1"ONBOOT="yes"IPADDR=192.168.20.71GATEWAY=192.168.20.253NETMASK=255.255.255.0DNS1=192.168.20.253
# vi /etc/sysconfig/network-scripts/ifcfg-em2    (内容如下)
TYPE="Ethernet"BOOTPROTO=staticDEFROUTE=yesPEERDNS=noPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=em2UUID=e70f8f6d-d773-4cd4-b9a5-e4e0996027a0DEVICE=em2ONBOOT=yesIPADDR=192.168.10.10NETMASK=255.255.255.0DNS1=192.68.10.253
# vi /etc/resolv.conf   (内容如下)
nameserver 192.168.20.253nameserver 192.168.10.253
# service network restart#systemctl disable firewalld.service#systemctl disable iptables.service# vi /etc/hosts     (内容如下)
#compute192.168.10.10     compute#controller192.168.20.61     controller#network192.168.10.11     network
3、Network node# hostname network# vi /etc/sysconfig/network-scripts/ifcfg-em1     (内容如下)TYPE="Ethernet"BOOTPROTO=staticDEFROUTE="yes"PEERDNS="no"PEERROUTES="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_PEERDNS="yes"IPV6_PEERROUTES="yes"IPV6_FAILURE_FATAL="no"NAME="em1"UUID=6c395f65-9036-4a73-a236-0b731010b6bdDEVICE="em1"ONBOOT="yes"IPADDR=192.168.20.81GATEWAY=192.168.20.253NETMASK=255.255.255.0DNS1=192.168.20.253# vi /etc/sysconfig/network-scripts/ifcfg-em2    (内容如下)
TYPE="Ethernet"BOOTPROTO=staticDEFROUTE=yesPEERDNS=noPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=em2UUID=fcb0fc98-1992-4b65-af2e-8b8943ecaf7eDEVICE=em2ONBOOT=yesIPADDR=192.168.10.11NETMASK=255.255.255.0DNS1=192.68.10.253
# vi /etc/sysconfig/network-scripts/ifcfg-em3     (内容如下)TYPE=EthernetBOOTPROTO=noneDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=em3UUID=1b6ed349-f33d-444f-b57a-ee22a0fc3a3cDEVICE=em3ONBOOT=yes# vi /etc/resolv.conf    (内容如下)
nameserver 192.168.20.253nameserver 192.168.10.253
# service network restart#systemctl disable firewalld.service#systemctl disable iptables.service# vi /etc/hosts     (内容如下)
#network192.168.10.11     network#compute192.168.10.10     compute#controller192.168.20.61     controller
NTP编辑/etc/ntp.conf 中的文件server NTP_SERVER iburstrestrict -4 default kod notrap nomodifyrestrict -6 default kod notrap nomodify# yum install ntp     安装ntp# systemctl enable ntpd.service     启用ntp服务# systemctl start ntpd.service        启用ntp服务# systemctl status ntpd.service     查看ntp服务状态用一个合适的更准确的主机名或 IP 地址的 NTP 服务器(time.nist.gov),替换 NTP_SERVER。 其他两个节点安装 NTP 服务 # yum install ntp配置 NTP 服务 配置网络和计算节点,以引用控制器节点。1、编辑/etc/ntp.conf 中的文件server controller iburst2、启动 NTP 服务,并将其配置为随系统自启动 # systemctl enable ntpd.service# systemctl start ntpd.service 1、控制器节点上运行此命令# ntpq -c peers 2、控制器节点上运行此命令# ntpq -c assoc 3、其他节点上运行下面命令# ntpq -c peers # ntpq -c assocOpenstack包# yum install yum-plugin-priorities# yum install http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm  # yum install http://rdo.fedorapeople.org/openstack-juno/rdo-release-juno.rpm # yum install openstack-utils# yum install openstack-selinux# yum upgrade# rebootLVM;网络设置:禁用所有自动化网络管理工具并手动设置网络(在我们这次的部署过程中,管理网段和外网网段合并使用em1:192.168.20.0/24,内网网段使用em2:192.168.10.0/24);
# service NetworkManager stop# service network start# chkconfig NetworkManager off# chkconfig network on# service firewalld stop# service iptables start# chkconfig firewalld off# chkconfig iptables on
开始安装:Controller nodeDatabase#yum install mariadb mariadb-server MySQL-python 修改MySQL配置(/etc/my.cnf):[mysqld] bind-address,设置为控制节点的管理网段ip;[mysqld] 启用innoDB、UTF-8字符集等;# vi /etc/my.cnf最终结果如下:[mysqld]...bind-address = 192.168.20.61default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = 'SET NAMES utf8'character-set-server = utf8# systemctl enable mysql.service# systemctl start mysql.service # mysql_secure_installation         将root密码设置为Password     (修改root密码  mysqladmin -u root password 'password' )消息队列# yum install rabbitmq-server # systemctl enable rabbitmq-server.service # systemctl start rabbitmq-server.service# rabbitmqctl change_password guest Password   更改密码# rabbitmqctl status | grep rabbit          检查rabbit版本# systemctl restart rabbitmq-server.serviceKeystone服务
# mysql -uroot -pPassword
MariaDB [(none)]>CREATE DATABASE keystone;MariaDB [(none)]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'Password';MariaDB [(none)]>GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'Password'; MariaDB [(none)]>FLUSH PRIVILEGES;MariaDB [(none)]>exit创建管理员token# openssl rand -hex 10           管理员token值为158c551024e458b3ec2e# yum install openstack-keystone python-keystoneclient # vi /etc/keystone/keystone.conf[DEFAULT]...admin_token = 158c551024e458b3ec2everbose = True[database]...connection = mysql://keystone:Password@192.168.20.61/keystone 
[token]
...
provider = keystone.token.providers.uuid.Provider
driver = keystone.token.persistence.backends.sql.Token
[revoke]
...
driver = keystone.contrib.revoke.backends.sql.Revoke

创建通用的证书和密钥,并限制访问相关文件
# keystone-manage pki_setup --keystone-user keystone --keystone-group keystone# chown -R keystone:keystone /var/log/keystone# chown -R keystone:keystone /etc/keystone/ssl # chmod -R o-rwx /etc/keystone/ssl 创建keystone数据表# su -s /bin/sh -c "keystone-manage db_sync" keystone启动keystone服务# systemctl enable openstack-keystone.service# systemctl start openstack-keystone.service增加定时任务,定期清除过期token(此前安装时忽略此步,会导致服务器长期运行后,出现性能下降事件)# (crontab -l -u keystone 2>&1 | grep -q token_flush) || echo '@hourly /usr/bin/keystone-manage token_flush >/var/log/keystone/keystone-tokenflush.log 2>&1' >> /var/spool/cron/keystone创建用户、租户和服务设置环境变量# export OS_SERVICE_TOKEN=158c551024e458b3ec2e # export OS_SERVICE_ENDPOINT=http://192.168.20.61:35357/v2.0创建管理员用户# keystone tenant-create --name admin --description "Admin Tenant"得到租户id:31045c03943a48de8e06ca7d2e8adcda# keystone user-create --name admin --pass Password --email test@163.com得到用户id:d3dfd4b3e87f4d419bc8efdbc31055c7# keystone role-create --name admin得到角色id:fa681ae6f439491b9dabc48d1cb1f1e6绑定用户-租户权限# keystone user-role-add --user admin --tenant admin --role admin# keystone user-role-add --user admin --tenant admin --role _member_创建普通用户# keystone tenant-create --name demo --description "Demo Tenant"得到租户id:8292f77845454135b7836e3323a34f03# keystone user-create --name demo --pass Password123! --email test@163.com得到用户id:7f1ef2fc497d4c738859bd48b7fffdce绑定用户-租户权限# keystone user-role-add --user demo --tenant demo --role _member_创建服务租户# keystone tenant-create --name service --description "Service Tenant"得到租户id:db08732d533643aeba51362260829576创建服务# keystone service-create --name keystone --type identity --description "OpenStack Identity"得到服务id:4a5bcdeeb223400bbc3c5900c449300b# keystone endpoint-create --service-id $(keystone service-list | awk '/ identity / {print $2}') --publicurl http://192.168.20.61:5000/v2.0 --internalurl http://192.168.20.61:5000/v2.0 --adminurl http://192.168.20.61:35357/v2.0 --region regionOne得到的链接ID:4a5bcdeeb223400bbc3c5900c449300b
验证服务# unset OS_SERVICE_TOKEN OS_SERVICE_ENDPOINT# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 token-get# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 user-list# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 role-list# keystone --os-username demo --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 token-get# keystone --os-username admin --os-password Password --os-auth-url http://192.168.20.61:35357/v2.0 user-list运行成功,但发现id格式为PKI,修改/etc/keystone/keystone.conf# vi /etc/keystone/keystone.conf[signing]……#token_format=<None>token_format=UUID重启openstack-keystone服务,再次运行token-get命令,获得uuid格式的token-id# systemctl restart openstack-keystone.service# keystone --os-username=admin --os-password=ADMIN_PASS --os-auth-url=http://192.168.20.61:35357/v2.0 token-get创建rc文件#mkdir rc# vim rc/openrcexport OS_USERNAME=adminexport OS_PASSWORD=Passwordexport OS_TENANT_NAME=adminexport OS_AUTH_URL=http://192.168.20.61:35357/v2.0创建rc文件# vim rc/demo-openrcexport OS_USERNAME=demoexport OS_PASSWORD=Passwordexport OS_TENANT_NAME=demoexport OS_AUTH_URL=http://192.168.20.61:35357/v2.0然后可以在执行# source rc/openrc后执行openstack的各项命令时忽略--os-username等参数。
至此完成keystone的安装和配置。Glance服务安装glance服务本身和客户端
# mysql -uroot -pPassword123!
MariaDB [(none)]>CREATE DATABASE glance;MariaDB [(none)]>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'Password';MariaDB [(none)]>GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'Password'; MariaDB [(none)]>FLUSH PRIVILEGES;MariaDB [(none)]>exit注册服务# keystone user-create --name=glance --pass=Password --email=test@163.com得到用户id:2dc4f6656d274504bab48976551450c9# keystone user-role-add --user=glance --tenant=service --role=admin# keystone service-create --name=glance --type=image --description="OpenStack Image Service"得到服务id:ae40c9d1809e4dc495b580b9f2297ce4# keystone endpoint-create --service-id=$(keystone service-list | awk '/ image / {print $2}') --publicurl=http://192.168.20.61:9292 --internalurl=http://192.168.20.61:9292 --adminurl=http://192.168.20.61:9292 --region regionOne得到链接id:ae40c9d1809e4dc495b580b9f2297ce4# yum install openstack-glance python-glanceclient默认安装时镜像保存在/var/lib/glance/images/# openstack-config --set /etc/glance/glance-api.conf database connection 'mysql://glance:Password@192.168.20.61/glance'# openstack-config --set /etc/glance/glance-registry.conf database connection 'mysql://glance:Password@192.168.20.61/glance'# vi /etc/glance/glance-api.conf [DEFAULT]...
verbose = True
notification_driver = noop[keystone_authtoken]...auth_uri = http://192.168.20.61:5000/v2.0  identity_uri = http://192.168.20.61:35357  admin_tenant_name = serviceadmin_user = glanceadmin_password = Password[paste_deploy]...flavor = keystone[glance_store]...default_store = filefilesystem_store_datadir = /var/lib/glance/images/# vi /etc/glance/glance-registry.conf[DEFAULT]...
verbose = True
notification_driver = noop[keystone_authtoken]...auth_uri = http://192.168.20.61:5000/v2.0 identity_uri = http://192.168.20.61:35357 admin_tenant_name = serviceadmin_user = glanceadmin_password = Password[paste_deploy]...flavor = keystone
# su -s /bin/sh -c "glance-manage db_sync" glance
(可能碰到的问题:
File "/usr/lib64/python2.7/locale.py", line 443, in _parse_localename    raise ValueError, 'unknown locale: %s' % localenameValueError: unknown locale: UTF-8
)
 
启动服务# systemctl enable openstack-glance-api.service openstack-glance-registry.service# systemctl start openstack-glance-api.service openstack-glance-registry.service验证服务
# mkdir /tmp/images# cd /tmp/images/# wget -P /tmp/images http://download.cirros-cloud.net/0.3.3/cirros-0.3.3-x86_64-disk.img  # source ~/rc/openrc# glance image-create --name "cirros-0.3.2-x86_64" --disk-format qcow2 --container-format bare --is-public True --progress < cirros-0.3.3-x86_64-disk.img(可能碰到的问题:invalid openstack identity credentials, glance用户的密码和数据库赋权时的密码不一致,使用
keystone user-password-update --pass <password> <user-id>更改密码
)# glance image-list
Nova控制节点
# mysql -uroot -pPasswordMariaDB [(none)]> create database nova;MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'localhost' identified by 'Password';MariaDB [(none)]> grant all privileges on nova.* to 'nova'@'%' identified by 'Password';MariaDB [(none)]> flush privileges;
注册服务
 
# keystone user-create --name nova --pass Password123! --email test@163.com得到用户id:0a2b07b3d6114585ab3ff498f097edf5# keystone user-role-add --user nova --tenant service --role admin# keystone service-create --name nova --type compute --description "OpenStack Compute"得到服务id:e6797197a1584489ae4a3c8d802dde42# keystone endpoint-create --service-id $(keystone service-list | awk '/ compute / {print $2}') --publicurl http://192.168.20.61:8774/v2/%\(tenant_id\)s --internalurl http://192.168.20.61:8774/v2/%\(tenant_id\)s --adminurl http://192.168.20.61:8774/v2/%\(tenant_id\)s 得到链接id:e6797197a1584489ae4a3c8d802dde42
安装nova控制节点所需的服务
# yum install openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
修改nova数据库配置
# openstack-config --set /etc/nova/nova.conf database connection 'mysql://nova:Password@192.168.20.61/nova'
修改nova的消息队列服务设置
# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_hostname 192.168.20.61# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password Password
更改其他nova配置 
# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_urihttp://192.168.20.61:5000/v2.0# openstack-config --set /etc/nova/nova.conf keystone_authtoken identity_uri  http://192.168.20.61:35357# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password Password
修改nova的ip设置
# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.20.61# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 192.168.20.61# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.20.61# openstack-config --set /etc/nova/nova.conf glance host 192.168.20.61
# vi /etc/nova/nova.conf
[DEFAULT]...verbose = True
创建nova数据表 
# su -s /bin/sh -c "nova-manage db sync" nova
启动nova控制节点服务# systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service# systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service验证控制节点服务
# nova image-list显示已注册的两个镜像,服务运行成功。
至此完成nova控制节点的安装和配置。Nova计算节点nova计算节点可以与控制节点在同一台机器运行。安装nova计算服务与客户端
# yum upgrade# yum install openstack-nova-compute sysfsutils
配置nova计算节点
# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_host 192.168.20.61# openstack-config --set /etc/nova/nova.conf DEFAULT rabbit_password Password# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0 # openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_user nova# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_tenant_name service# openstack-config --set /etc/nova/nova.conf keystone_authtoken admin_password Password# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.10.10# openstack-config --set /etc/nova/nova.conf DEFAULT vnc_enabled True# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_listen 0.0.0.0# openstack-config --set /etc/nova/nova.conf DEFAULT vncserver_proxyclient_address 192.168.20.71# openstack-config --set /etc/nova/nova.conf DEFAULT novncproxy_base_url http://192.168.20.61:6080/vnc_auto.html 上述命令已经在配置控制节点时执行。# openstack-config --set /etc/nova/nova.conf glance host 192.168.20.61# openstack-config --set /etc/nova/nova.conf DEFAULT verbose = True检查硬件是否支持vm硬加速# egrep -c '(vmx|svm)' /proc/cpuinfo如果返回值大于等于1,不需要做其他设置,否则需要修改hypervisor为qemu。([libvirt]...virt_type = qemu)
启动nova计算服务
# systemctl enable libvirtd.service openstack-nova-compute.service# systemctl start libvirtd.service openstack-nova-compute.service(碰到的问题:Job for openstack-nova-compute.service failed. See 'systemctl status openstack-nova-compute.service' and 'journalctl -xn' for details.     查看日志vim /var/log/nova/nova-compute.log     ()在controller node执行
 # iptables -I INPUT -p tcp --dport 5672 -j ACCEPT添加规则# service iptables save保存设置# service iptables restart重启iptables,生效规则
[/code])# systemctl start messages.service# systemctl start openstack-nova-compute.service
至此完成nova计算节点的安装与配置。验证:控制节点:# source rc/openrc# nova service-list# nova image-list
Neutron控制节点
创建neutron数据库
# mysql -uroot -pPasswordMariaDB [(none)]> create database neutron;MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'Password';MariaDB [(none)]> grant all privileges on neutron.* to 'neutron'@'%' identified by 'Password';MariaDB [(none)]> flush privileges;
注册服务
# source rc/openrc# keystone user-create --name neutron --pass Password123! --email test@163.com得到用户id:c9f875f1647c493ea13d3965f353bc15# keystone user-role-add --user neutron --tenant service --role admin# keystone service-create --name neutron --type network --description "OpenStack Networking"得到服务id:87e8059ce43a4b9fac91f8d61fc336f8# keystone endpoint-create --service-id $(keystone service-list | awk '/ network / {print $2}') --publicurl http://192.168.20.61:9696 --adminurl http://192.168.20.61:9696 --internalurl http://192.168.20.61:9696 --region regionOne得到链接id:87e8059ce43a4b9fac91f8d61fc336f8
安装neutron服务、插件与客户端
# yum install openstack-neutron openstack-neutron-ml2 python-neutronclient which 
修改neutron配置
# openstack-config --set /etc/neutron/neutron.conf database connection 'mysql://neutron:Password@192.168.20.61/neutron'# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 192.168.20.61# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password Password# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0 # openstack-config --set /etc/neutron/neutron.confkeystone_authtoken identity_uri http://192.168.20.61:35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password Password# openstack-config --set /etc/neutron/neutron.conf  DEFAULT core_plugin ml2# openstack-config --set /etc/neutron/neutron.conf  DEFAULT service_plugins router# openstack-config --set /etc/neutron/neutron.conf  DEFAULT allow_overlapping_ips True# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://192.168.20.61:8774/v2 # openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_auth_url http://192.168.20.61:35357/v2.0 # openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_region_name regionOne# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_username nova# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_tenant_id $(keystone tenant-list | awk '/service/ { print $2 }')# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_admin_password Password# openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
修改ML2插件配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
在nova中启用neutron(控制节点)
# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron# openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver  nova.virt.firewall.NoopFirewallDriver# openstack-config --set /etc/nova/nova.conf neutron url http://192.168.20.61:9696# openstack-config --set /etc/nova/nova.conf neutron auth_strategy keystone# openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://192.168.20.61:35357/v2.0 # openstack-config --set /etc/nova/nova.conf neutron admin_tenant_name service# openstack-config --set /etc/nova/nova.conf neutron admin_username neutron# openstack-config --set /etc/nova/nova.conf neutron admin_password Password
启动neutron服务
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.iniupgrade juno" neutron# systemctl restart openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service# systemctl enable neutron-server.service # systemctl start neutron-server.service# source rc/openrc.sh# neutron ext-list       (碰到的问题:unsupported locale setting      解决方案:    # cd /etc/     # vi profile    export LANGUAGE=en_US.UTF-8     export LANG=en_US.UTF-8     export LC_ALL=en_US.UTF-8)    
至此完成neutron控制节点的安装与配置。Neutron网络节点     # vi /etc/sysctl.conf
修改下列内容:
net.ipv4.ip_forward=1net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0
执行:# sysctl -p
安装网络组件# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch修改neutron.conf# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 192.168.20.61# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password Password# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0  # openstack-config --set /etc/neutron/neutron.confkeystone_authtoken identity_uri http://192.168.20.61:35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password Password# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True# openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True修改ML2插件配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat  flat_networks external# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver
配置OVS
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip 192.168.10.11# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs bridge_mappings external:br-ex# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent  tunnel_types gre
修改L3 Agent插件配置
# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT use_namespaces True# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge br-ex# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT router_delete_namespaces True# openstack-config --set /etc/neutron/l3_agent.ini DEFAULT verbose True
修改DHCP Agent插件配置
# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.OVSInterfaceDriver# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT use_namespaces True# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_delete_namespaces True# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dnsmasq_config_file /etc/neutron/dnsmasq-neutron.conf# vim /etc/neutron/dnsmasq-neutron.conf
dhcp-option-force=26,1454# pkill dnsmasq
修改metadata Agent插件配置
# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://192.168.20.61:5000/v2.0 # openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region regionOne# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_tenant_name service# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_user neutron# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT admin_password Password# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 192.168.20.61# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret METADATA_SECRET# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True
回到控制节点# openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True# openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret METADATA_SECRET# systemctl restart openstack-nova-api.service 配置OVS
# systemctl enable openvswitch.service# systemctl start openvswitch.service # ovs-vsctl add-br br-ex     (如果之后20段网络无法访问的话:ovc-vsctl del-br br-ex)# ovs-vsctl add-port br-ex em1/////////# ethtool -K em1 gro off      (不执行)# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini # cp /usr/lib/systemd/system/neutron-openvswitch-agent.service  /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g' /usr/lib/systemd/system/neutron-openvswitch-agent.service# systemctl enable neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-ovs-cleanup.service# systemctl start neutron-openvswitch-agent.service neutron-l3-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
# source rc/openrc.sh# neutron agent-list     (碰到的问题:unsupported locale setting      解决方案:    # cd /etc/    # vi profile     export LANGUAGE=en_US.UTF-8     export LANG=en_US.UTF-8     export LC_ALL=en_US.UTF-8)   Neutron计算节点# vi /etc/sysctl.conf
修改下列内容
net.ipv4.conf.all.rp_filter=0net.ipv4.conf.default.rp_filter=0
# sysctl -p
安装网络组件
# yum install openstack-neutron-ml2 openstack-neutron-openvswitch 
修改neutron.conf
# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_host 192.168.20.61# openstack-config --set /etc/neutron/neutron.conf DEFAULT rabbit_password Password# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://192.168.20.61:5000/v2.0 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken identity_uri http://192.168.20.61:35357 # openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_tenant_name service# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_user neutron# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken admin_password Password# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router# openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True# openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
修改ML2插件配置
# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,gre# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types gre# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers openvswitch# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_gre tunnel_id_ranges 1:1000# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_security_group True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.OVSHybridIptablesFirewallDriver以上均已在配置neutron控制节点时配置# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs local_ip 192.168.10.10# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ovs enable_tunneling True# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini agent tunnel_type gre
# systemctl enable openvswitch.service # systemctl start openvswitch.service 在nova中启用neutron
# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron# openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.LinuxOVSInterfaceDriver# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver# openstack-config --set /etc/nova/nova.conf neutron url http://192.168.20.61:9696# openstack-config --set /etc/nova/nova.conf neutron auth_strategy keystone# openstack-config --set /etc/nova/nova.conf neutron admin_auth_url http://192.168.20.61:35357/v2.0 # openstack-config --set /etc/nova/nova.conf neutron admin_tenant_name service# openstack-config --set /etc/nova/nova.conf neutron admin_username neutron# openstack-config --set /etc/nova/nova.conf neutron admin_password Password
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini 
# cp /usr/lib/systemd/system/neutron-openvswitch-agent.service /usr/lib/systemd/system/neutron-openvswitch-agent.service.orig
# sed -i 's,plugins/openvswitch/ovs_neutron_plugin.ini,plugin.ini,g'  /usr/lib/systemd/system/neutron-openvswitch-agent.service
# systemctl restart openstack-nova-compute.service(碰到的问题:
Job for openstack-nova-compute.service failed. See 'systemctl status openstack-nova-compute.service' and 'journalctl -xn' for details.nova-compute.log日志信息解决办法:检查nova.conf,配置属性有问题
)# systemctl enable neutron-openvswitch-agent.service# systemctl start neutron-openvswitch-agent.service
至此完成neutron计算节点的安装与配置。回到控制节点验证:# source rc/openrc.sh# neutron agent-list
 
外部网络外部网络通常提供互联网接入您的实例。默认情况下,这个网络只允许使用网络 地址转换(NAT) 实例上网。您可以启用互联网接入使用浮动 IP 地址和个人实例, 合适的安全组规则。admin 租户拥有这个网络,因为它提供了外部网络访问多个 租户。您还必须启用共享允许访问这些租户。请注意
控制器节点上执行这些命令。
创建外部网络1、执行 admin 凭证文件 
# source rc/openrc.sh
# neutron net-create ext-net --router:external True --provider:physical_network external --provider:network_type flat像一个物理网络,一个虚拟网络需要一个子网分配给它。外部网络共享相同的子 网和网关。网络节点上的外部接口。你应该指定一个独立子网、路由器和浮动 IP 地址来防 止干扰其他外部网络设备。创建一个外部网络子网•创建子网:# neutron subnet-create ext-net --name ext-subnet --allocation-pool start=10.0.0.1,end=10.0.0.100 --disable-dhcp --gateway 10.0.0.101 10.0.0.0/24租户网络租户网络提供内部网络访问实例。使用这种类型的网络架构访问其他租户。因为 demo 租户拥有这个网络,它只提供网络访问实例。请注意
控制器节点上执行这些命令。
创建租户网络 # source rc/demo-openrc# neutron net-create demo-net# neutron subnet-create demo-net --name demo-subnet --gateway 192.168.1.1 192.168.1.0/24# neutron router-create demo-router# neutron router-interface-add demo-router demo-subnet# neutron router-gateway-set demo-router ext-net验证:# ping -c 4 10.0.0.101# vi /etc/nova/nova.conf     (控制节点)[DEFAULT]...network_api_class = nova.network.api.APIsecurity_group_api = nova# systemctl restart openstack-nova-api.service openstack-scheduler.service openstack-nova-conductor.service# yum install openstack-nova-network openstack-nova-api     (计算节点)# vi /etc/nova/nova.conf[DEFAULT]...network_api_class = nova.networksecurity_group_api = novafirewall_driver = nova.virt.libvirt.firewall.IptablesFirewallDrivernetwork_manager = nova.network.manager.FlatDHCPManagernetwork_size = 254allow_same_net_traffic = Falsemulti_host = Truesend_arp_for_ha = Trueshare_dhcp_address = Trueforce_dhcp_release = Trueflat_network_bridge = br100flat_interface = em1public_interface = em1# systemctl enable openstack-nova-network.service openstack-nova-metadata-api-service# systemctl start openstack-nova-network.service openstack-nova-metadata-api-service添加 Dashboard Dashboard 使用 VNC 客户端,浏览器必须支持 HTML5、Canvas 和 HTML5 WebSockets安装 Dashboard 组件•安装包:# yum install openstack-dashboard httpd mod_wsgi memcached pythonmemcached配置 dashboard# vi /etc/openstack-dashboard / local_settingsA.在 OpenStack 服务控制器节点上配置使用OPENSTACK_HOST = "controller"B.允许所有主机访问ALLOWED_HOSTS = ['*']C.配置 memcached 会话存储服务:CACHES = {'default': {'BACKEND': 'django.core.cache.backends.memcached. MemcachedCache','LOCATION': '127.0.0.1:11211',} }请注意
注释掉其他会话存储配置。
D.(可选)配置时区:TIME_ZONE = "TIME_ZONE" 用一个合适的时区标识符替换 TIME_ZONE。完成安装1、在 RHEL 和 CentOS、SELinux 上允许 web 服务器配置为连接到 OpenStack 服务# setsebool -P httpd_can_network_connect on2、由于包错误,dashboard CSS 无法正常加载。运行以下命令来解决这个问题# chown -R apache:apache /usr/share/openstack-dashboard/static
有关更多信息,请参见错误报告。
3、启动 web 服务器和会话存储服务,配置随系统启动# systemctl enable httpd.service memcached.service# systemctl start httpd.service memcached.service验证操作本节描述如何验证操作 dashboard。1、使用 web 浏览器访问 dashboard:http://controller/dashboard。2、使用 admin 或 demo 用户验证凭证。
                                            

                                        

                        
                        内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 点击这里给我发消息 
                    

                    

                    

                        

                         标签: 
                                                Centos
                                                安装OpenStack
                                                

                        

                    


                

            


            

                
相关文章推荐

                

                
            

        

        

            

            
            

                

                    
新的分享

                    

                        
                    

                

            


            

                

                    
章节导航