您好,登錄后才能下訂單哦!
小編給大家分享一下openstack pike如何安裝,相信大部分人都還不怎么了解,因此分享這篇文章給大家參考一下,希望大家閱讀完這篇文章后大有收獲,下面讓我們一起去了解一下吧!
節(jié)點(diǎn)規(guī)劃
準(zhǔn)備4臺(tái)虛機(jī),分別做Controller,Network,Compute,Middleware。
Controller安裝keystone,glance,nova-api,nova-conductor,nova-scheduler,nova-placement
Network安裝neutron相關(guān)組件
Compute安裝nova-compute
Middleware安裝mariadb,rabbitmq,memcache。
網(wǎng)絡(luò)規(guī)劃
controller
eth0: 192.168.100.111 external
eth2: 10.1.1.1 admim
network
eth0: 192.168.100.114 external
eth2: 10.1.1.4 admin
eth3: 10.2.2.4 tunnel
compute
eth0: 192.168.100.112 external
eth2: 10.1.1.2 admin
eth3: 10.2.2.2 tunnel
middleware (mysql,mq,memcache)
eth2: 10.1.1.3 admin
基礎(chǔ)配置
每個(gè)節(jié)點(diǎn)都按如下操作
hosts文件
echo "
10.1.1.1 controller
10.1.1.2 compute
10.1.1.3 middleware
10.1.1.4 network
" >>/etc/hosts
配置yum源
yum install -y wget
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install centos-release-openstack-pike -y
yum clean all && yum makecache
時(shí)間同步
echo "*/3 * * * * /usr/sbin/ntpdate ntp6.aliyun.com &> /dev/null" > /tmp/crontab
crontab /tmp/crontab
Middleware節(jié)點(diǎn)
安裝數(shù)據(jù)庫
yum install -y mariadb-server
systemctl restart mariadb.service
systemctl enable mariadb.service
安裝rabbitmq
yum install -y erlang rabbitmq-server
systemctl restart rabbitmq-server
systemctl enable rabbitmq-server
創(chuàng)建openstack用戶,并設(shè)置密碼
rabbitmqctl add_user openstack 123456
給openstack用戶賦予權(quán)限
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmqctl set_user_tags openstack administrator
rabbitmqctl list_users
打開RabbitMQ相關(guān)插件
/usr/lib/rabbitmq/bin/rabbitmq-plugins enable rabbitmq_management mochiweb webmachine rabbitmq_web_dispatch amqp_client rabbitmq_management_agent
查看RabbitMQ插件
/usr/lib/rabbitmq/bin/rabbitmq-plugins list
安裝memcached
yum install -y memcached python-memcached
配置memcache監(jiān)聽端口
sed -i 's/OPTIONS*.*/OPTIONS="-l 127.0.0.1,10.1.1.3"/' /etc/sysconfig/memcached
重啟memcache并設(shè)置開機(jī)啟動(dòng)
systemctl restart memcached.service
systemctl enable memcached.service
systemctl status memcached.service
Controller節(jié)點(diǎn)
安裝keystone
yum -y install openstack-keystone httpd mod_wsgi python-openstackclient openstack-utils
創(chuàng)建keystone庫,并給keystone用戶授權(quán)
create database keystone;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by '123456';
grant all privileges on keystone.* to 'keystone'@'%' identified by '123456';
配置/etc/keystone/keystone.conf
cp /etc/keystone/keystone.conf /etc/keystone/keystone.conf.bak
> /etc/keystone/keystone.conf
openstack-config --set /etc/keystone/keystone.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:123456@middleware/keystone
openstack-config --set /etc/keystone/keystone.conf cache backend oslo_cache.memcache_pool
openstack-config --set /etc/keystone/keystone.conf cache enabled true
openstack-config --set /etc/keystone/keystone.conf cache memcache_servers middleware:11211
openstack-config --set /etc/keystone/keystone.conf memcache servers middleware:11211
openstack-config --set /etc/keystone/keystone.conf token expiration 3600
openstack-config --set /etc/keystone/keystone.conf token provider fernet
配置httpd.conf文件
sed -i "s/ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf
配置keystone與httpd結(jié)合
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
建立identity表結(jié)構(gòu)
su -s /bin/sh -c "keystone-manage db_sync" keystone
初始化fernet
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
啟動(dòng)httpd,并設(shè)置httpd開機(jī)啟動(dòng)
systemctl enable httpd.service
systemctl restart httpd.service
systemctl status httpd.service
創(chuàng)建admin用戶角色
keystone-manage bootstrap --bootstrap-password 123456 --bootstrap-admin-url http://controller:35357/v3 --bootstrap-internal-url http://controller:35357/v3 --bootstrap-public-url http://controller:5000/v3 --bootstrap-region-id RegionOne --bootstrap-username admin --bootstrap-project-name admin --bootstrap-role-name admin --bootstrap-service-name keystone
驗(yàn)證
openstack project list --os-username admin --os-project-name admin --os-user-domain-id default --os-project-domain-id default --os-identity-api-version 3 --os-auth-url http://controller:5000 --os-password 123456
創(chuàng)建admin用戶環(huán)境變量,創(chuàng)建/root/admin-openrc 文件
cat >> /root/admin-openrc <<eof
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_DOMAIN_ID=default
export OS_USERNAME=admin
export OS_PROJECT_NAME=admin
export OS_PASSWORD=123456
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export OS_AUTH_URL=http://controller:35357/v3
EOF
創(chuàng)建service項(xiàng)目
source /root/admin-openrc
openstack project create --domain default --description "Service Project" service
創(chuàng)建demo項(xiàng)目
openstack project create --domain default --description "Demo Project" demo
創(chuàng)建demo用戶,并設(shè)置密碼
openstack user create --domain default demo --password 123456
創(chuàng)建user角色并將demo用戶賦予user角色
openstack role create user
openstack role add --project demo --user demo user
驗(yàn)證keystone
unset OS_TOKEN OS_URL
openstack --os-auth-url http://controller:35357/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name admin --os-username admin token issue --os-password 123456
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name default --os-user-domain-name default --os-project-name demo --os-username demo token issue --os-password 123456
安裝glance
創(chuàng)建glance數(shù)據(jù)庫
CREATE DATABASE glance;
創(chuàng)建數(shù)據(jù)庫用戶并賦予權(quán)限
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';
創(chuàng)建glance用戶及賦予admin權(quán)限
source /root/admin-openrc
openstack user create --domain default glance --password 123456
openstack role add --project service --user glance admin
創(chuàng)建image服務(wù)
openstack service create --name glance --description "OpenStack Image service" image
創(chuàng)建glance的endpoint
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
安裝glance相關(guān)的軟件包
yum install -y openstack-glance python-glance
配置/etc/glance/glance-api.conf
cp /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
\>/etc/glance/glance-api.conf
openstack-config --set /etc/glance/glance-api.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:123456@middleware/glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password 123456
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
openstack-config --set /etc/glance/glance-api.conf glance_store stores file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
配置/etc/glance/glance-registry.conf
cp /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
>/etc/glance/glance-registry.conf
openstack-config --set /etc/glance/glance-registry.conf DEFAULT transport_url rabbit://openstack:devops@middleware
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:123456@middleware/glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password 123456
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
同步glance數(shù)據(jù)庫,初始化glance表結(jié)構(gòu)
/bin/sh -c "glance-manage db_sync" glance
創(chuàng)建鏡像存儲(chǔ)目錄并賦予glance用戶和組權(quán)限
mkdir /var/lib/glance/images
chown glance.glance /var/lib/glance/images
chown glance.glance /var/log/glance/api.log
啟動(dòng)glance服務(wù)及設(shè)置開機(jī)啟動(dòng)
systemctl enable openstack-glance-api.service openstack-glance-registry.service
systemctl restart openstack-glance-api.service openstack-glance-registry.service
systemctl status openstack-glance-api.service openstack-glance-registry.service
下載測試鏡像文件
wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
上傳鏡像到glance
source /root/admin-openrc
glance image-create --name "cirros-0.3.4-x86_64" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
查看鏡像列表:
glance image-list
安裝nova (controller部分)
創(chuàng)建數(shù)據(jù)庫
create database nova;
create database nova_api;
create database nova_cell0;
數(shù)據(jù)庫授權(quán)
grant all privileges on nova.* to nova@'localhost' identified by '123456';
grant all privileges on nova.* to nova@'%' identified by '123456';
grant all privileges on nova_api.* to nova@'localhost' identified by '123456';
grant all privileges on nova_api.* to nova@'%' identified by '123456';
grant all privileges on nova_cell0.* to nova@'%' identified by '123456';
grant all privileges on nova_cell0.* to nova@'localhost' identified by '123456';
source admin-openrc
創(chuàng)建用戶,分配角色
openstack user create --domain default nova --password 123456
openstack role add --project service --user nova admin
創(chuàng)建compute服務(wù)
openstack service create --name nova --description "OpenStack Compute" compute
創(chuàng)建endpoint
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1/%\(tenant_id\)s
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1/%\(tenant_id\)s
創(chuàng)建placement 用戶和服務(wù)
openstack user create --domain default placement --password 123456
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
創(chuàng)建placement endpoint
openstack endpoint create --region RegionOne placement admin http://controller:8778
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
安裝nova相關(guān)軟件
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api
配置/etc/nova/nova.conf
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
>/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.1.1.1
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:123456@middleware/nova
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:123456@middleware/nova_api
openstack-config --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval -1
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 123456
openstack-config --set /etc/nova/nova.conf keystone_authtoken service_token_roles_required True
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf placement memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password 123456
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 192.168.100.111
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 192.168.100.111
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
配置/etc/httpd/conf.d/00-nova-placement-api.conf
添加:
= 2.4>
Require all granted
<ifversion
Order allow,deny
Allow from all
像下面這樣
WSGIProcessGroup nova-placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess nova-placement-api processes=3 threads=1 user=nova group=nova
WSGIScriptAlias / /usr/bin/nova-placement-api
= 2.4>
ErrorLogFormat "%M"
ErrorLog /var/log/nova/nova-placement-api.log
= 2.4>
Require all granted
<ifversion
Order allow,deny
Allow from all
SSLEngine On
SSLCertificateFile ...
SSLCertificateKeyFile ...
重啟httpd 服務(wù):
systemctl restart httpd.service
同步nova_api數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage api_db sync" nova
同步nova_cell0數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
創(chuàng)建cell1
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
nova數(shù)據(jù)庫
su -s /bin/sh -c "nova-manage db sync" nova
確認(rèn)ova cell0 和 cell1注冊和創(chuàng)建成功
nova-manage cell_v2 list_cells
檢查部署是否正常
nova-status upgrade check
nova-manage cell_v2 discover_hosts
設(shè)置開機(jī)啟動(dòng)
systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
重啟服務(wù)
systemctl restart openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
安裝Dashboard
安裝dashboard相關(guān)軟件包
yum install -y openstack-dashboard
修改配置文件/etc/openstack-dashboard/local_settings
vim /etc/openstack-dashboard/local_settings
需要該的部分
ALLOWED_HOSTS = ['*',]
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
'LOCATION': 'middleware:11211',
},
}
OPENSTACK_HOST = "controller"
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v2.0" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
啟動(dòng)dashboard服務(wù)并設(shè)置開機(jī)啟動(dòng)
systemctl restart httpd.service memcached.service
systemctl status httpd.service memcached.service
Network節(jié)點(diǎn)
創(chuàng)建neutron數(shù)據(jù)庫
create database neutron;
數(shù)據(jù)庫授權(quán)
grant all privileges on neutron.* to neutron@'localhost' identified by '123456';
grant all privileges on neutron.* to neutron@'%' identified by '123456';
創(chuàng)建用戶
openstack user create --domain default neutron --password 123456
給用戶分配角色
openstack role add --project service --user neutron admin
創(chuàng)建服務(wù)
openstack service create --name neutron --description "OpenStack Networking" network
創(chuàng)建端點(diǎn)
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
安裝相關(guān)軟件
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
配置neutron.conf
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
>/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips True
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 123456
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:123456@middleware/neutron
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password 123456
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
```
配置ml2_config.ini
cp /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugins/ml2/ml2_conf.ini.bak
>/etc/neutron/plugins/ml2/ml2_conf.ini
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 path_mtu 1500
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:eth0
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.2.2.4
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
注意provider:eth0,中eth0是外網(wǎng)網(wǎng)卡,一般這里寫的網(wǎng)卡名都是能訪問外網(wǎng)的,如果不是外網(wǎng)網(wǎng)卡,那么VM就會(huì)與外界網(wǎng)絡(luò)隔離。
local_ip 定義的是隧道網(wǎng)絡(luò)
配置 /etc/neutron/l3_agent.ini
cp /etc/neutron/l3_agent.ini /etc/neutron/l3_agent.ini.bak
>/etc/neutron/l3_agent.ini
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT external_network_bridge
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT debug false
配置/etc/neutron/dhcp_agent.ini
cp /etc/neutron/dhcp_agent.ini /etc/neutron/dhcp_agent.ini.bak
>/etc/neutron/dhcp_agent.ini
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT debug false
配置controller節(jié)點(diǎn)的/etc/nova/nova.conf,讓compute節(jié)點(diǎn)能使用上neutron網(wǎng)絡(luò)
openstack-config --set /etc/nova/nova.conf neutron url http://network:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 123456
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret 123456
將dhcp-option-force=26,1450寫入/etc/neutron/dnsmasq-neutron.conf
echo "dhcp-option-force=26,1450" >/etc/neutron/dnsmasq-neutron.conf
配置/etc/neutron/metadata_agent.ini
cp /etc/neutron/metadata_agent.ini /etc/neutron/metadata_agent.ini.bak
>/etc/neutron/metadata_agent.ini
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret 123456
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_workers 4
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_protocol http
創(chuàng)建硬鏈接
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
同步數(shù)據(jù)庫,初始化neutron表結(jié)構(gòu)
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
在controller上重啟nova服務(wù)
systemctl restart openstack-nova-api.service
systemctl status openstack-nova-api.service
重啟neutron服務(wù)并設(shè)置開機(jī)啟動(dòng)
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service
openstack network agent list
創(chuàng)建網(wǎng)絡(luò)
執(zhí)行環(huán)境變量
source /root/admin-openrc
創(chuàng)建flat模式的public網(wǎng)絡(luò),public是外出網(wǎng)絡(luò),必須是flat模式的
neutron net-create --shared provider --router:external True --provider:network_type flat --provider:physical_network provider
本實(shí)驗(yàn)環(huán)境192.168.100.0/24網(wǎng)段可以出外網(wǎng),就以該網(wǎng)段作為public網(wǎng)段
創(chuàng)建子網(wǎng)
neutron subnet-create provider 192.168.100.0/24 --name provider-sub --allocation-pool start=192.168.100.180,end=192.168.100.190 --dns-nameserver 8.8.8.8 --gateway 192.168.100.180
創(chuàng)建名為private的私有網(wǎng)絡(luò), 網(wǎng)絡(luò)模式為vxlan
neutron net-create private --provider:network_type vxlan --router:external False --shared
創(chuàng)建名為private-subnet的私有網(wǎng)絡(luò)子網(wǎng),網(wǎng)段為172.17.1.0, 這個(gè)網(wǎng)段就是虛擬機(jī)獲取的私有的IP地址
neutron subnet-create private --name private-subnet --gateway 172.17.1.1 172.17.1.0/24
也可以創(chuàng)建多個(gè)不同的私有子網(wǎng)絡(luò)
如果虛機(jī)要能夠訪問外部網(wǎng)絡(luò)還需要添加路由
添加路由
neutron router-create router01
將私有網(wǎng)絡(luò)的子網(wǎng)加入路由
neutron router-interface-add router01 private-sub
設(shè)置public網(wǎng)絡(luò)為路由的網(wǎng)關(guān)
neutron router-gateway-set router01 provider
#Compute節(jié)點(diǎn)
安裝相關(guān)依賴包
yum install -y openstack-selinux python-openstackclient yum-plugin-priorities openstack-nova-compute openstack-utils
配置nova.conf
cp /etc/nova/nova.conf /etc/nova/nova.conf.bak
>/etc/nova/nova.conf
openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.1.1.2
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron True
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password 123456
openstack-config --set /etc/nova/nova.conf placement auth_uri http://controller:5000
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf placement memcached_servers middleware:11211
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement project_domain_name default
openstack-config --set /etc/nova/nova.conf placement user_domain_name default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password 123456
openstack-config --set /etc/nova/nova.conf placement os_region_name RegionOne
openstack-config --set /etc/nova/nova.conf vnc enabled True
openstack-config --set /etc/nova/nova.conf vnc keymap en-us
openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 10.1.1.2
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://192.168.100.112:6080/vnc_auto.html
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu
openstack-config --set /etc/nova/nova.conf libvirt cpu_mode none
設(shè)置libvirtd.service 和openstack-nova-compute.service開機(jī)啟動(dòng)
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl restart libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
到controller上執(zhí)行驗(yàn)證
source /root/admin-openrc
openstack compute service list
安裝Neutron
安裝相關(guān)軟件包
yum install -y openstack-neutron-linuxbridge ebtables ipset
配置neutron.conf
cp /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
>/etc/neutron/neutron.conf
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf DEFAULT advertise_mtu True
openstack-config --set /etc/neutron/neutron.conf DEFAULT dhcp_agents_per_network 2
openstack-config --set /etc/neutron/neutron.conf DEFAULT control_exchange neutron
openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:123456@middleware
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers middleware:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password 123456
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak
>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT debug false
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini DEFAULT verbose true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.2.2.2
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置nova.conf
openstack-config --set /etc/nova/nova.conf neutron url http://network:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password 123456
重啟和相關(guān)服務(wù)
systemctl restart openstack-nova-compute.service neutron-linuxbridge-agent.service
systemctl enable neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service
Compute節(jié)點(diǎn)搭建完畢,運(yùn)行nova host-list可以查看新加入的compute節(jié)點(diǎn)
如果需要再添加另外一個(gè)compute節(jié)點(diǎn),只要重復(fù)下Compute節(jié)點(diǎn)部部分即可,計(jì)算機(jī)名和IP地址改下
創(chuàng)建配額命令controller上執(zhí)行
openstack flavor create m1.tiny --id 1 --ram 1024 --disk 10 --vcpus 1
openstack flavor create m1.small --id 2 --ram 2048 --disk 20 --vcpus 1
openstack flavor create m1.medium --id 3 --ram 4096 --disk 40 --vcpus 2
openstack flavor create m1.large --id 4 --ram 8192 --disk 80 --vcpus 4
openstack flavor create m1.xlarge --id 5 --ram 16384 --disk 160 --vcpus 8
openstack flavor list
登錄dashboard
http://192.168.100.111/dashboard
創(chuàng)建實(shí)例
一次選擇“源”->"實(shí)例類型"->"網(wǎng)絡(luò)" 點(diǎn)擊創(chuàng)建實(shí)例
創(chuàng)建一個(gè)名為test的實(shí)例,上圖中的test1是為了驗(yàn)證創(chuàng)建過程新建的實(shí)例,test是已經(jīng)創(chuàng)建的實(shí)例
實(shí)例有了,也分配了IP,此時(shí)的實(shí)例就可以出外網(wǎng)了,因?yàn)榍懊嬉呀?jīng)創(chuàng)建了provider網(wǎng)絡(luò),但外網(wǎng)還是不能進(jìn)來,因?yàn)闆]有綁定浮動(dòng)IP。
分配floatingip
浮動(dòng)IP關(guān)聯(lián)
創(chuàng)建安全組
驗(yàn)證
以上是“openstack pike如何安裝”這篇文章的所有內(nèi)容,感謝各位的閱讀!相信大家都有了一定的了解,希望分享的內(nèi)容對大家有所幫助,如果還想學(xué)習(xí)更多知識(shí),歡迎關(guān)注億速云行業(yè)資訊頻道!
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場,如果涉及侵權(quán)請聯(lián)系站長郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。