Openstack — 控制节点配置

OpenStack 搭建   官网:https://www.openstack.org/ 下载链接:https://releases.openstack.org/ openstack 镜像源地址:http://cloud.centos.org/centos/7/images/

黑色的粗字体,是需要执行的命令,其它的普通的字体是演示效果

至少两台机器 本教程是Centos7
192.168.1.120-node1-控制节点 2c 8G 内存 最低 4G 1c 正常 8c 16G
192.168.1.121-node2-计算节点 2c 2G 内存
两台机器都要执行:
yum install wget lrzsz -y
service firewalld stop
sestatus
# 关闭 selinux
cat >/etc/hosts<<EOF
127.0.0.1 localhost localhost.localdomain
#103.27.60.52 mirror.centos.org
#66.241.106.180 mirror.centos.org
192.168.1.120 node1
192.168.1.121 node2
#192.168.1.152 node3
EOF
sed -i '/SELINUX/s/enforcing/disabled/g' /etc/sysconfig/selinux
setenforce 0
systemctl stop firewalld.service
systemctl disable firewalld.service
yum install ntpdate -y
ntpdate cn.pool.ntp.org #保持主节点、计算节点时间同步;
hostname `cat /etc/hosts|grep $(ifconfig|grep broadcast|awk '{print $2}')|awk '{print $2}'`;su
[root@node1 ~]# exit
exit
[root@1-120 ~]# exit
登出
[root@node2 ~]# exit
exit
[root@1-121 ~]# exit
登出
重新登陆两台服务器:
[root@node1 ~]# ping node1
PING node1 (192.168.1.120) 56(84) bytes of data.
64 bytes from node1 (192.168.1.120): icmp_seq=1 ttl=64 time=0.014 ms
64 bytes from node1 (192.168.1.120): icmp_seq=2 ttl=64 time=0.022 ms
64 bytes from node1 (192.168.1.120): icmp_seq=3 ttl=64 time=0.060 ms
^C
--- node1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2171ms
rtt min/avg/max/mdev = 0.014/0.032/0.060/0.020 ms
[root@node1 ~]# ping node2
PING node2 (192.168.1.121) 56(84) bytes of data.
64 bytes from node2 (192.168.1.121): icmp_seq=1 ttl=64 time=0.153 ms
64 bytes from node2 (192.168.1.121): icmp_seq=2 ttl=64 time=0.193 ms
64 bytes from node2 (192.168.1.121): icmp_seq=3 ttl=64 time=0.252 ms
^C
--- node2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 0.153/0.199/0.252/0.042 ms
[root@node1 ~]#
[root@node2 ~]# ping node1
PING node1 (192.168.1.120) 56(84) bytes of data.
64 bytes from node1 (192.168.1.120): icmp_seq=1 ttl=64 time=0.269 ms
64 bytes from node1 (192.168.1.120): icmp_seq=2 ttl=64 time=0.306 ms
64 bytes from node1 (192.168.1.120): icmp_seq=3 ttl=64 time=0.288 ms
^C
--- node1 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.269/0.287/0.306/0.024 ms
[root@node2 ~]# ping node2
PING node2 (192.168.1.121) 56(84) bytes of data.
64 bytes from node2 (192.168.1.121): icmp_seq=1 ttl=64 time=0.013 ms
64 bytes from node2 (192.168.1.121): icmp_seq=2 ttl=64 time=0.021 ms
64 bytes from node2 (192.168.1.121): icmp_seq=3 ttl=64 time=0.059 ms
^C
--- node2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 1999ms
rtt min/avg/max/mdev = 0.013/0.031/0.059/0.020 ms
[root@node2 ~]#
[root@node1 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
#103.27.60.52 mirror.centos.org
#66.241.106.180 mirror.centos.org
192.168.1.120 node1
192.168.1.121 node2
#192.168.1.152 node3
[root@node2 ~]# cat /etc/hosts
127.0.0.1 localhost localhost.localdomain
#103.27.60.52 mirror.centos.org
#66.241.106.180 mirror.centos.org
192.168.1.120 node1
192.168.1.121 node2
#192.168.1.152 node3
192.168.1.120-node1-控制节点--执行命令   计算节点配置传送门:http://www.01wneo.xin/?p=418
#yum --enablerepo=centos-openstack-pike clean metadata
#Base
mv /etc/yum.repos.d/CentOS-Base.repo{,.bak}
wget -O /etc/yum.repos.d/CentOS-Base.repo http://mirrors.aliyun.com/repo/Centos-7.repo
yum install centos-release-openstack-pike -y 
yum install python-openstackclient openstack-selinux -y
yum install python-openstackclient python2-PyMySQL -y
yum install openstack-utils -y
#MySQL
yum install mariadb mariadb-server python2-PyMySQL -y
#RabbitMQ
yum install -y erlang socat rabbitmq-server
#Keystone
yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
# Glance 安装
yum install -y openstack-glance python-glance
#Nova安装
yum install -y openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api openstack-utils
#Neutron安装
yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
#Dashboard
yum install -y openstack-dashboard
#Cinder
yum install -y openstack-cinder python-cinderclient
#Update Qemu
yum install -y centos-release-qemu-ev.noarch
yum -y install qemu-kvm qemu-img
sed -i '/\[mysqld\]/amax_connections=4000' /etc/my.cnf
systemctl enable mariadb.service
systemctl start mariadb.service
192.168.1.120-node1-控制节点--执行命令
Node1节点创建数据库配置
sed -i -e '/client/adefault-character-set=utf8' -e '/mysqld/acharacter-set-server=utf8' -e '/client/adefault-character-set=utf8' /etc/my.cnf.d/client.conf
sed -i -e '/client/adefault-character-set=utf8' -e '/mysqld/acharacter-set-server=utf8' -e '/client/adefault-character-set=utf8' /etc/my.cnf.d/mariadb-server.cnf
service mariadb restart
mysql
create database keystone charset=utf8;
grant all privileges on keystone.* to 'keystone'@'localhost' identified by 'keystone';
grant all privileges on keystone.* to 'keystone'@'%' identified by 'keystone';
grant all privileges on keystone.* to 'keystone'@'node1' identified by 'keystone';
create database glance charset=utf8;
grant all privileges on glance.* to 'glance'@'localhost' identified by 'glance';
grant all privileges on glance.* to 'glance'@'%' identified by 'glance';
grant all privileges on glance.* to 'glance'@'node1' identified by 'glance';
create database nova charset=utf8;
grant all privileges on nova.* to 'nova'@'localhost' identified by 'nova';
grant all privileges on nova.* to 'nova'@'%' identified by 'nova';
grant all privileges on nova.* to 'nova'@'node1' identified by 'nova';
create database nova_api charset=utf8;
grant all privileges on nova_api.* to 'nova'@'localhost' identified by 'nova';
grant all privileges on nova_api.* to 'nova'@'%' identified by 'nova';
grant all privileges on nova_api.* to 'nova'@'node1' identified by 'nova';
create database nova_cell0 charset=utf8;
grant all privileges on nova_cell0.* to 'nova'@'localhost' identified by 'nova';
grant all privileges on nova_cell0.* to 'nova'@'%' identified by 'nova';
grant all privileges on nova_cell0.* to 'nova'@'node1' identified by 'nova';
create database neutron charset=utf8;
grant all privileges on neutron.* to 'neutron'@'localhost' identified by 'neutron';
grant all privileges on neutron.* to 'neutron'@'%' identified by 'neutron';
grant all privileges on neutron.* to 'neutron'@'node1' identified by 'neutron';
create database cinder charset=utf8;
grant all privileges on cinder.* to 'cinder'@'localhost' identified by 'cinder';
grant all privileges on cinder.* to 'cinder'@'%' identified by 'cinder';
grant all privileges on cinder.* to 'cinder'@'node1' identified by 'cinder';
flush privileges;
exit
192.168.1.120-node1-控制节点--执行命令
安装配置Rabbitmq
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
rabbitmq-plugins list
rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service
lsof -i :15672
访问RabbitMQ,访问地址是http://192.168.1.120:15672
用户名、密码:guest

使用默认用户名/密码guest登录,添加openstack用户到组并登陆测试。

创建完毕,使用openstack用户和密码登录

192.168.1.120-node1-控制节点--执行命令
配置keystone服务
#Memcached配置
sed -i 's/OPTIONS=.*/OPTIONS=\"0.0.0.0\"/g' /etc/sysconfig/memcached
systemctl enable memcached
systemctl start memcached
#Keystone 
cp /etc/keystone/keystone.conf{,.bak} #备份默认配置
Keys=$(openssl rand -hex 10) #生成随机密码
echo $Keys
echo "kestone $Keys">>~/openstack.log
echo "
[DEFAULT]
admin_token = $Keys
verbose = true
[database]
connection = mysql+pymysql://keystone:keystone@node1/keystone
[token]
provider = fernet
driver = memcache
[memcache]
servers = node1:11211
">/etc/keystone/keystone.conf
#初始化keystone数据库
su -s /bin/sh -c "keystone-manage db_sync" keystone
#检查表是否创建成功
mysql -h node1 -ukeystone -pkeystone -e "use keystone;show tables;"
#初始化密钥存储库
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
#设置admin用户(管理用户)和密码
keystone-manage bootstrap --bootstrap-password admin \
 --bootstrap-admin-url http://node1:35357/v3/ \
 --bootstrap-internal-url http://node1:5000/v3/ \
 --bootstrap-public-url http://node1:5000/v3/ \
 --bootstrap-region-id RegionOne
#apache配置
cp /etc/httpd/conf/httpd.conf{,.bak}
echo "ServerName node1">>/etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
#Apache HTTP 启动并设置开机自启动
systemctl enable httpd.service
systemctl restart httpd.service
netstat -antp|egrep ':5000|:35357|:80'

#创建 keystone用户,临时设置admin_token用户的环境变量,用来创建用户
echo "
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default 
export OS_PROJECT_NAME=admin 
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://node1:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
">admin-openstack.sh
#测试脚本是否生效
source admin-openstack.sh
openstack token issue
[root@node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-02-07T07:03:20+0000 |
| id | gAAAAABaepaoxRHj4SPg0bzSq4PJPDVGMp0_HZVZrJQn6YBsOq9tVQSFH1TvOUmVvCHrnfqujiljCdH1iNMKGmOtl7CseSucqTxhMNviDoa8IsZ5AtKyHb17jeYCSFpEx2ousp-kHXIrT_h0YaQNZQE9are84a73Nahleu0ejjKzC4LX0lX5giA |
| project_id | f12cc3aacb5244d5ba48f295ca18e370 |
| user_id | bc692eaad1244a77ae51fdaa457ead7a |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

#创建demo项目(普通用户密码及角色) 此步骤可以忽略
openstack project create --domain default --description "Demo Project" demo
openstack user create --domain default --password=demo demo
openstack role create user
openstack role add --project demo --user demo user
#demo环境脚本
echo "
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://node1:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
">demo-openstack.sh
#测试脚本是否生效
source demo-openstack.sh
openstack token issue
[root@node1 ~]# openstack token issue
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| expires | 2018-02-07T07:14:24+0000 |
| id | gAAAAABaeplA15rvbouvOXSST10-dmorgCk9RT_eJ_lVShiLbST_k3bjuRyDB13JXDUUGz50sCxCtAE_qefQMUjYVW-erFQZkgmh_xn4S9kS0ZiTyoYMk2_zy9fLegzh1Ww5f7jX84xs5cCcO8tEJP9BNMxEihU34ZnvPGJ-dK0X_hYlPkzAZHo |
| project_id | 451ad13a0edc42b3a9529a019b2f1d07 |
| user_id | 5304f3bab6ec4638ade39a004c765bee |
+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

#创建service项目,创建glance,nova,neutron用户,并授权:
[root@node1 ~]# source admin-openstack.sh

执行命令如下
openstack project create --domain default --description "Service Project" service
openstack user create --domain default --password=glance glance
openstack role add --project service --user glance admin
openstack user create --domain default --password=nova nova
openstack role add --project service --user nova admin
openstack user create --domain default --password=neutron neutron
openstack role add --project service --user neutron admin

# 执行完后正确的输出显示如下
[root@node1 ~]# openstack project create --domain default --description "Service Project" service
openstack user create --domain default --password=glance glance
openstack role add --project service --user glance admin
openstack user create --domain default --password=nova nova
openstack role add --project service --user nova admin
openstack user create --domain default --password=neutron neutron
openstack role add --project service --user neutron admin+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | a9d390d675c34d1b8b096e656199c861 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
+-------------+----------------------------------+
[root@node1 ~]# openstack user create --domain default --password=glance glance

+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 1a42c07df7af4138b9c76cf59af72e53 |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user glance admin
[root@node1 ~]# openstack user create --domain default --password=nova nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 1077d518f2ac467fb9d9a288e60cbeb6 |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user nova admin
[root@node1 ~]# openstack user create --domain default --password=neutron neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| domain_id           | default                          |
| enabled             | True                             |
| id                  | a3c90a2ab2d54294a18353ec73a9246b |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user neutron admin
[root@node1 ~]# openstack endpoint list # 出现如下所示,表示成功
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+
| 82182e45596046fb894103175c71a714 | RegionOne | keystone | identity | True | public | http://node1:5000/v3/ |
| e2160f55699e4fbbb43aaf34b2f9afd2 | RegionOne | keystone | identity | True | internal | http://node1:5000/v3/ |
| f6f0d921328145d2bc4528086c152571 | RegionOne | keystone | identity | True | admin | http://node1:35357/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------+

#在keystone上进行服务注册 ,创建glance服务实体,API端点(公有、私有、admin)
执行命令如下
source admin-openstack.sh || { echo "加载前面设置的admin-openstack.sh环境变量脚本";exit; }
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://node1:9292
openstack endpoint create --region RegionOne image internal http://node1:9292
openstack endpoint create --region RegionOne image admin http://node1:9292

如下显示表示成功
[root@node1 ~]# source admin-openstack.sh || { echo "加载前面设置的admin-openstack.sh环境变量脚本";exit; }
[root@node1 ~]# openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://node1:9292
openstack endpoint create --region RegionOne image internal http://node1:9292
openstack endpoint create --region RegionOne image admin http://node1:9292+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | fd9e9693794f43aea72c50081aa5ec26 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne image public http://node1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 6978e05d9b82410aa31ce3698818ba74 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fd9e9693794f43aea72c50081aa5ec26 |
| service_name | glance |
| service_type | image |
| url | http://node1:9292 |
+--------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne image internal http://node1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0467060a95314abfb13d29cd2691c7c9 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fd9e9693794f43aea72c50081aa5ec26 |
| service_name | glance |
| service_type | image |
| url | http://node1:9292 |
+--------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne image admin http://node1:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6efca92a02f4d93a3d13160ce7e9ea0 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | fd9e9693794f43aea72c50081aa5ec26 |
| service_name | glance |
| service_type | image |
| url | http://node1:9292 |
+--------------+----------------------------------+
[root@node1 ~]#

#配置文件/etc/glance/glance-api.conf glance- registry.conf,内容如下:
#glance配置
cp /etc/glance/glance-api.conf{,.bak}
cp /etc/glance/glance-registry.conf{,.bak}
# images默认/var/lib/glance/images/
Imgdir=/var/lib/glance/images/
echo "#
[database]
connection = mysql+pymysql://glance:glance@node1/glance
[keystone_authtoken]
auth_uri = http://node1:5000/v3
auth_url = http://node1:35357/v3
memcached_servers = node1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = $Imgdir
#">/etc/glance/glance-api.conf
##############################
echo "#
[database]
connection = mysql+pymysql://glance:glance@node1/glance
[keystone_authtoken]
auth_uri = http://node1:5000/v3
auth_url = http://node1:35357/v3
memcached_servers = node1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = glance
[paste_deploy]
flavor = keystone
#">/etc/glance/glance-registry.conf

#同步数据库,检查数据库
su -s /bin/sh -c "glance-manage db_sync" glance
mysql -h node1 -u glance -pglance -e "use glance;show tables;"
#启动服务并设置开机自启动
systemctl enable openstack-glance-api openstack-glance-registry
systemctl start openstack-glance-api openstack-glance-registry
#systemctl restart openstack-glance-api openstack-glance-registry
netstat -antp|egrep '9292|9191'

出现如下表示成功
[root@node1 ~]# netstat -antp|egrep '9292|9191'
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 18385/python2 
tcp 0 0 0.0.0.0:9191 0.0.0.0:* LISTEN 18386/python2 

#下载镜像并上传到 glance:
#镜像测试,下载有时很慢
wget http://download.cirros-cloud.net/0.3.5/cirros-0.3.5-x86_64-disk.img

#下载镜像源,使用qcow2磁盘格式,bare容器格式,上传镜像到镜像服务并设置公共可见;
source admin-openstack.sh
openstack image create "cirros" \
 --file cirros-0.3.5-x86_64-disk.img \
 --disk-format qcow2 --container-format bare \
 --public

#检查是否上传成功 #删除镜像 glance image-delete镜像id
openstack image list

+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| fb4f6721-387a-4da9-bd8c-3b773c83eae4 | cirros | active |
+--------------------------------------+--------+--------+


下面这段命令先不要执行
#glance image-list
ls $Imgdir
#删除镜像 glance image-delete镜像id
#wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
#glance image-create "CentOS-7-x86_64" --file CentOS-7-x86_64-GenericCloud.qcow2 --disk-format qcow2 --container-format bare --visibility --public

Nova控制节点配置
#创建Nova数据库、用户、认证,前面已设置;
source admin-openstack.sh || { echo "加载前面设置的admin-openstack.sh环境变量脚本";exit; }
# keystone上服务注册 ,创建nova用户、服务、API
# nova用户前面已建
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://node1:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://node1:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://node1:8774/v2.1
#创建placement用户、服务、API
openstack user create --domain default --password=placement placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://node1:8778
openstack endpoint create --region RegionOne placement internal http://node1:8778
openstack endpoint create --region RegionOne placement admin http://node1:8778
#openstack endpoint delete id

成功示例
[root@node1 ~]# #创建Nova数据库、用户、认证,前面已设置;
[root@node1 ~]# source admin-openstack.sh || { echo "加载前面设置的admin-openstack.sh环境变量脚本";exit; }
[root@node1 ~]# # keystone上服务注册 ,创建nova用户、服务、API
[root@node1 ~]# # nova用户前面已建
[root@node1 ~]# openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://node1:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://node1:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://node1:8774/v2.1
#创建placement用户、服务、API
openstack user create --domain default --password=placement placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://node1:8778
openstack endpoint create --region RegionOne placement internal http://node1:8778
openstack endpoint create --region RegionOne placement admin http://node1:8778
#openstack endpoint delete id+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 0b9ba7075ec8499da08484f40b05ffbc |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne compute public http://node1:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | d4279343b3c84ea7b4e55a2dbb2733de |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b9ba7075ec8499da08484f40b05ffbc |
| service_name | nova |
| service_type | compute |
| url | http://node1:8774/v2.1 |
+--------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne compute internal http://node1:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | b5dbf649b8fc49548d1d25ebb946a8cc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b9ba7075ec8499da08484f40b05ffbc |
| service_name | nova |
| service_type | compute |
| url | http://node1:8774/v2.1 |
+--------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne compute admin http://node1:8774/v2.1
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f3af92f8fbff4c36ae3a948e8a73be5b |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 0b9ba7075ec8499da08484f40b05ffbc |
| service_name | nova |
| service_type | compute |
| url | http://node1:8774/v2.1 |
+--------------+----------------------------------+
[root@node1 ~]# #创建placement用户、服务、API
[root@node1 ~]# openstack user create --domain default --password=placement placement
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 88d99df0a5b14f3487c5e922b3769561 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
[root@node1 ~]# openstack role add --project service --user placement admin
[root@node1 ~]# openstack service create --name placement --description "Placement API" placement
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | ffadc816af95410dbeefeec844374b4d |
| name | placement |
| type | placement |
+-------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne placement public http://node1:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4c9a68d3ec8d48f6b91deb89b4e416c4 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ffadc816af95410dbeefeec844374b4d |
| service_name | placement |
| service_type | placement |
| url | http://node1:8778 |
+--------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne placement internal http://node1:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 347b0fc9d7224a218de1df3eb2a2ce88 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ffadc816af95410dbeefeec844374b4d |
| service_name | placement |
| service_type | placement |
| url | http://node1:8778 |
+--------------+----------------------------------+
[root@node1 ~]# openstack endpoint create --region RegionOne placement admin http://node1:8778
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d6a3fd72bc349ee8be39a4729be8c6a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | ffadc816af95410dbeefeec844374b4d |
| service_name | placement |
| service_type | placement |
| url | http://node1:8778 |
+--------------+----------------------------------+
[root@node1 ~]# #openstack endpoint delete id
[root@node1 ~]#

#配置Nova控制节点服务
echo '#
[DEFAULT]
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:openstack@node1
my_ip = 192.168.1.120
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[api_database]
connection = mysql+pymysql://nova:nova@node1/nova_api
[database]
connection = mysql+pymysql://nova:nova@node1/nova
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:35357
memcached_servers = node1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = nova
[vnc]
enabled = true
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
[glance]
api_servers = http://node1:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
os_region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://node1:35357/v3
username = placement
password = placement
[scheduler]
discover_hosts_in_cells_interval = 300
#'>/etc/nova/nova.conf
echo "
#Placement API
<Directory /usr/bin>
 <IfVersion >= 2.4>
 Require all granted
 </IfVersion>
 <IfVersion < 2.4>
 Order allow,deny
 Allow from all
 </IfVersion>
</Directory>
">>/etc/httpd/conf.d/00-nova-placement-api.conf
systemctl restart httpd
sleep 2
#同步数据库
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
#检测数据
nova-manage cell_v2 list_cells
mysql -h node1 -u nova -pnova -e "use nova_api;show tables;"
mysql -h node1 -u nova -pnova -e "use nova;show tables;" 
mysql -h node1 -u nova -pnova -e "use nova_cell0;show tables;"
#开机自启动
systemctl enable openstack-nova-api.service \
 openstack-nova-consoleauth.service openstack-nova-scheduler.service \
 openstack-nova-conductor.service openstack-nova-novncproxy.service
#启动服务
systemctl restart openstack-nova-api.service \
 openstack-nova-consoleauth.service openstack-nova-scheduler.service \
 openstack-nova-conductor.service openstack-nova-novncproxy.service
#查看节点
#nova service-list 
openstack catalog list
nova-status upgrade check
openstack compute service list
#nova-manage cell_v2 delete_cell --cell_uuid b736f4f4-2a67-4e60-952a-14b5a68b0f79
# #发现计算节点,新增计算节点时执行
#su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

成功示例
[root@node1 ~]# openstack host list
+-----------+-------------+----------+
| Host Name | Service | Zone |
+-----------+-------------+----------+
| node1 | conductor | internal |
| node1 | consoleauth | internal |
| node1 | scheduler | internal |
+-----------+-------------+----------+

#Neutron服务注册
source admin-openstack.sh 
# 创建Neutron服务实体,API端点:
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://node1:9696
openstack endpoint create --region RegionOne network internal http://node1:9696
openstack endpoint create --region RegionOne network admin http://node1:9696

#Neutron配置命令如下 把命令中的网卡名字,替换成自己的 ens33 替换成自己的
#Neutron备份配置
cp /etc/neutron/neutron.conf{,.bak2}
cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}
cp /etc/neutron/dhcp_agent.ini{,.bak}
cp /etc/neutron/metadata_agent.ini{,.bak}
cp /etc/neutron/l3_agent.ini{,.bak}
#配置Neutron
echo '
[DEFAULT]
nova_metadata_ip = node1
metadata_proxy_shared_secret = metadata
#'>/etc/neutron/metadata_agent.ini
#
echo '
#
[neutron]
url = http://node1:9696
auth_url = http://node1:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = true
metadata_proxy_shared_secret = metadata
#'>>/etc/nova/nova.conf
#
echo '#
[ml2]
tenant_network_types = 
type_drivers = vlan,flat
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = provider
[securitygroup]
enable_ipset = True
#vlan
# [ml2_type_valn]
# network_vlan_ranges = provider:3001:4000
#'>/etc/neutron/plugins/ml2/ml2_conf.ini
# ens32是网卡名
echo '#
[linux_bridge]
physical_interface_mappings = provider:ens32
[vxlan]
enable_vxlan = false
#local_ip = 192.168.1.120
#l2_population = true
[agent]
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True
#'>/etc/neutron/plugins/ml2/linuxbridge_agent.ini
#
echo '#
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
#'>/etc/neutron/dhcp_agent.ini
#
echo '
[DEFAULT]
core_plugin = ml2
service_plugins = router
#service_plugins = trunk
#service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:openstack@node1
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
auth_uri = http://node1:5000
auth_url = http://node1:35357
memcached_servers = node1:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = neutron
[nova]
auth_url = http://node1:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[database]
connection = mysql://neutron:neutron@node1:3306/neutron
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp 
#'>/etc/neutron/neutron.conf
#
echo '
[DEFAULT]
interface_driver = linuxbridge
#'>/etc/neutron/l3_agent.ini
#同步数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#检测数据
mysql -h node1 -u neutron -pneutron -e "use neutron;show tables;" 
#重启相关服务
systemctl restart openstack-nova-api.service
#启动neutron
systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
systemctl restart neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
控制节点创建网桥
检查控制节点及计算节点信息
[root@node1 ~]# openstack network agent list
+--------------------------------------+--------------------+-------+-------------------+-------+-------+---------------------------+
| ID | Agent Type | Host | Availability Zone | Alive | State | Binary |
+--------------------------------------+--------------------+-------+-------------------+-------+-------+---------------------------+
| 36d02007-763b-4d43-9ee4-28f16976d127 | Linux bridge agent | node2 | None | :-) | UP | neutron-linuxbridge-agent |
| 611b8c89-2ad2-42b3-bf12-cf97a2fa459d | Linux bridge agent | node1 | None | :-) | UP | neutron-linuxbridge-agent |
| 9905b95b-09b0-4a37-9f46-2d428012834c | DHCP agent | node1 | nova | :-) | UP | neutron-dhcp-agent |
| a80707f8-bc06-4053-85c4-7bf433b3a24e | Metadata agent | node1 | None | :-) | UP | neutron-metadata-agent |
+--------------------------------------+--------------------+-------+-------------------+-------+-------+---------------------------+

source admin-openstack.sh
#查看节点
nova service-list 
openstack catalog list
nova-status upgrade check
#openstack compute service list
openstack network agent list
###------------------------
#创建秘钥
ssh-keygen -t dsa -P '' -f ~/.ssh/id_dsa
nova keypair-add --pub-key ~/.ssh/id_dsa.pub mykey
nova keypair-list #查看密钥
#创建可用域(Zone计算节点集合)
nova aggregate-create Jfedu01 Jfedu01
nova aggregate-create Jfedu02 Jfedu02
nova aggregate-list
#添加主机
nova aggregate-add-host Jfedu01 node2
#nova aggregate-add-host Jfedu02 node3 
#创建云主机类型
openstack flavor create --id 1 --vcpus 1 --ram 512 --disk 10 m1.nano
#安全规则
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 'default'
openstack security group rule create --proto tcp --dst-port 80 'default'
###------------------------
#创建虚拟网络
openstack network create --share --external \
--provider-physical-network provider \
--provider-network-type flat flat-net
#创建子网
openstack subnet create --network flat-net \
--allocation-pool start=192.168.1.150,end=192.168.1.200 \
--dns-nameserver 8.8.8.8 --gateway 192.168.1.254 --subnet-range 192.168.1.0/24 \
 sub_flat-net
# ip netns 
# systemctl restart network
# #单ip创建网络后,可能造成中断,需等待片刻,或重启系统
#查看网络
openstack network list
# neutron net-list
# neutron subnet-list
#云主机可用类型
openstack flavor list
#可用镜像
openstack image list
#可用的安全组
openstack security group list
#可用的网络
openstack network list
#m1.nano 主机类型,net-id后面是网络ID号,Jfedu01 可用域
#创建虚拟机 kvm01-cirros
NET=`openstack network list|grep 'flat-net'|awk '{print $2}'`
echo $NET
nova boot --flavor m1.nano --image cirros \
 --nic net-id=$NET \
 --security-group default --key-name mykey \
 --availability-zone Jfedu01 \
 kvm01-cirros
#检查server list
openstack server list
#虚拟控制台访问实例url
openstack console url show kvm01-cirros

1.13 控制节点配置Dashboard
通过Dashboard WEB界面可以管理Openstack
#Openstack dashboard配置
cp /etc/openstack-dashboard/local_settings{,.bak}
#egrep -v '#|^$' /etc/openstack-dashboard/local_settings #显示默认配置
Setfiles=/etc/openstack-dashboard/local_settings
sed -i 's#_member_#user#g' $Setfiles
sed -i 's#OPENSTACK_HOST = "127.0.0.1"#OPENSTACK_HOST = "node1"#' $Setfiles
##允许所有主机访问#
sed -i "/ALLOWED_HOSTS/cALLOWED_HOSTS = ['*', ]" $Setfiles
#去掉memcached注释#
sed -in '153,158s/#//' $Setfiles 
sed -in '160,164s/.*/#&/' $Setfiles
sed -i 's#UTC#Asia/Shanghai#g' $Setfiles
sed -i 's#%s:5000/v2.0#%s:5000/v3#' $Setfiles
sed -i '/ULTIDOMAIN_SUPPORT/cOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True' $Setfiles
sed -i "s@^#OPENSTACK_KEYSTONE_DEFAULT@OPENSTACK_KEYSTONE_DEFAULT@" $Setfiles
echo '
#set
OPENSTACK_API_VERSIONS = {
 "identity": 3,
 "image": 2,
 "volume": 2,
}
#'>>$Setfiles
#
systemctl restart httpd

1.14 Openstack GUI配置
#访问http://192.168.1.120/dashboard/
#域 default 用户密码 demo 或者 admin(管理员)

 

 

 

 

 

 

发表评论

zh_CNChinese
zh_CNChinese