目录
[8. 计算服务安装(控制节点)](#8. 计算服务安装(控制节点))
[9. 计算服务安装(计算节点)](#9. 计算服务安装(计算节点))
[10. 网络服务安装(控制节点)](#10. 网络服务安装(控制节点))
[11. 网络服务安装(计算节点)](#11. 网络服务安装(计算节点))
[12. Dashboard图形化界面安装(控制节点)](#12. Dashboard图形化界面安装(控制节点))
一、实验
1.环境
(1) 主机
表1 主机
|------------|------|-----------------|----|
| 主机 | 架构 | IP | 备注 |
| controller | 控制节点 | 192.168.204.210 | |
| compute01 | 计算节点 | 192.168.204.211 | |
(2)官网
OpenStack Docs: OpenStack Installation Guide for Red Hat Enterprise Linux and CentOS
(3)网络
① 控制节点 ping 计算节点
bash
[root@controller ~]# ping compute01 -c 1
②计算节点 ping 控制节点
bash
[root@compute01 ~]# ping compute01 -c 1
(4) 时间同步
① 控制节点
bash
[root@controller ~]# yum install -y chrony
bash
[root@controller ~]# vim /etc/chrony.conf
[root@controller ~]# systemctl restart chronyd.service && systemctl enable chronyd.service
② 计算节点
bash
[root@compute01 ~]# yum install -y chrony
③测试
bash
[root@controller ~]# date
[root@compute01 ~]# date
2.OpenStack包安装
(1)控制节点安装 OpenStack 客户端
bash
# yum install python-openstackclient
(2)CentOS 默认启用了 SELinux . 安装 openstack-selinux 软件包以便自动管理 OpenStack 服务的安全策略
bash
# yum install openstack-selinux
3.数据库安装
(1)安装软件包
bash
# yum install mariadb mariadb-server python2-PyMySQL
(2)创建并编辑 /etc/my.cnf.d/openstack.cnf
① 在 [mysqld] 部分,设置 bind-address值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库
bash
[mysqld]
...
bind-address = 192.168.204.210
②在[mysqld]部分,设置如下键值来启用一起有用的选项和 UTF-8 字符集
bash
[mysqld]
...
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
③修改
(3) 完成安装
①启动数据库服务,并将其配置为开机自启
bash
# systemctl enable mariadb.service
# systemctl start mariadb.service
②为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。
4.消息队列安装
(1)安装包
bash
# yum install rabbitmq-server
(2)启动消息队列服务并将其配置为随系统启动
bash
# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service
(3)添加 openstack 用户
bash
# rabbitmqctl add_user openstack RABBIT_PASS
(4)给openstack用户配置写和读权限
bash
# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
5.令牌缓存安装
(1)安装软件包
bash
# yum install memcached python-memcached
(2)修改配置
bash
# vim /etc/sysconfig/memcached
(3)启动Memcached服务,并且配置它随机启动
bash
# systemctl enable memcached.service
# systemctl start memcached.service
(4)查看服务
6.认证服务安装
(1)创建数据库和管理员令牌
bash
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
用数据库连接客户端 (注意生产环境需要账户及密码)
bash
$ mysql -u root -p
创建 keystone 数据库
bash
CREATE DATABASE keystone;
对keystone数据库授予恰当的权限
bash
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
IDENTIFIED BY 'KEYSTONE_DBPASS';
(2)安全并配置组件
运行以下命令来安装包
bash
# yum install openstack-keystone httpd mod_wsgi
安装工具包
bash
# yum install -y openstack-utils
(3) 编辑文件 /etc/keystone/keystone.conf
① 在[DEFAULT]部分,定义初始管理令牌的值
bash
[DEFAULT]
...
admin_token = ADMIN_TOKEN
②在 [database] 部分,配置数据库访问
bash
[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
③ 在[token]部分,配置Fernet UUID令牌的提供者。
bash
[token]
...
provider = fernet
④初始化身份认证服务的数据库
bash
# su -s /bin/sh -c "keystone-manage db_sync" keystone
④ 查看
bash
mysql keystone -e "show tables;"
⑥初始化Fernet keys
bash
# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
(4)配置 Apache HTTP 服务器
① 编辑/etc/httpd/conf/httpd.conf 文件,配置ServerName 选项为控制节点
bash
ServerName controller
②创建文件 /etc/httpd/conf.d/wsgi-keystone.conf
bash
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
Require all granted
</Directory>
</VirtualHost>
③ 启动 Apache HTTP 服务并配置其随系统启动
bash
# systemctl enable httpd.service
# systemctl start httpd.service
bash
# systemctl status httpd.service
(5) 创建服务实体和API端点
①申明环境变量
bash
$ export OS_TOKEN=ADMIN_TOKEN
$ export OS_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3
② 创建服务实体和身份认证服务
bash
$ openstack service create \
--name keystone --description "OpenStack Identity" identity
③ 创建认证服务的 API 端点
bash
$ openstack endpoint create --region RegionOne \
identity public http://controller:5000/v3
$ openstack endpoint create --region RegionOne \
identity internal http://controller:5000/v3
$ openstack endpoint create --region RegionOne \
identity admin http://controller:35357/v3
④ 查看
bash
# openstack service list
# openstack endpoint list
(6)创建域、项目、用户和角色
①创建域default
bash
$ openstack domain create --description "Default Domain" default
②创建 admin 项目
bash
$ openstack project create --domain default \
--description "Admin Project" admin
③ 创建 admin 用户
bash
$ openstack user create --domain default \
--password-prompt admin
④创建 admin 角色
bash
$ openstack role create admin
⑤ 添加admin 角色到 admin 项目和用户上
bash
$ openstack role add --project admin --user admin admin
⑥ 创建service项目
bash
$ openstack project create --domain default \
--description "Service Project" service
⑦ 查看 (需要后续脚本支持)
bash
# openstack domain list
# openstack project list
# openstack role list
# openstack user list
(7) 创建 OpenStack 客户端环境脚本
编辑文件 admin-openrc,将 ADMIN_PASS 替换为你在认证服务中为 admin 用户选择的密码。
bash
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
7.镜像服务安装
(1)创建数据库
用数据库连接客户端以 root 用户连接到数据库服务器
bash
$ mysql -u root -p
创建 glance 数据库
bash
CREATE DATABASE glance;
对glance数据库授予权限
bash
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
IDENTIFIED BY 'GLANCE_DBPASS';
(2)创建 glance 用户
① 创建
bash
$ openstack user create --domain default --password-prompt glance
查看
② 添加 admin 角色到 glance 用户和 service 项目上
bash
$ openstack role add --project service --user glance admin
③创建glance服务实体
bash
$ openstack service create --name glance \
--description "OpenStack Image" image
查看
④创建镜像服务的 API 端点
bash
$ openstack endpoint create --region RegionOne \
image public http://controller:9292
$ openstack endpoint create --region RegionOne \
image internal http://controller:9292
$ openstack endpoint create --region RegionOne \
image admin http://controller:9292
(3)安装软件包
bash
# yum install openstack-glance
(4)编辑文件 /etc/glance/glance-api.conf
① 在 [database] 部分,配置数据库访问
bash
[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
② 在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
bash
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
...
flavor = keystone
③在 [glance_store] 部分,配置本地文件系统存储和镜像文件位置
bash
[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
④在 [database] 部分,配置数据库访问
bash
[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance
⑤在 [keystone_authtoken] 和 [paste_deploy] 部分,配置认证服务访问
bash
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS
[paste_deploy]
...
flavor = keystone
⑥备份并修改
(5)写入镜像服务数据库(忽略输出中任何不推荐使用的信息)
bash
# su -s /bin/sh -c "glance-manage db_sync" glance
(6)查看数据库
bash
# mysql glance -e "show tables;"
(6)完成安装
启动镜像服务、配置他们随机启动
bash
# systemctl enable openstack-glance-api.service \
openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
openstack-glance-registry.service
(7) 查看网络
bash
# netstat nltup
(8)验证操作
①下载源镜像
bash
$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
② 使用 QCOW2 磁盘格式, bare 容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它
bash
$ openstack image create "cirros" \
--file cirros-0.3.4-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--public
③确认镜像的上传并验证属性
bash
$ openstack image list
④ 登录数据库验证
⑤查看
bash
# openstack endpoint list | grep glance
8. 计算服务安装(控制节点)
(1)创建数据库
用数据库连接客户端
bash
$ mysql -u root -p
创建 nova_api 和 nova 数据库
bash
CREATE DATABASE nova_api;
CREATE DATABASE nova;
对数据库进行正确的授权
bash
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
IDENTIFIED BY 'NOVA_DBPASS';
(2)创建 nova 用户
bash
$ openstack user create --domain default \
--password-prompt nova
① 给 nova 用户添加 admin 角色
bash
$ openstack role add --project service --user nova admin
② 创建 nova 服务实体
bash
$ openstack service create --name nova \
--description "OpenStack Compute" compute
③ 创建 Compute 服务 API 端点
bash
$ openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1/%\(tenant_id\)s
$ openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s
(3)查看
bash
# openstack endpoint list
(4) 安装软件包
bash
# yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler
(5) 编辑/etc/nova/nova.conf
① 在[DEFAULT]部分,只启用计算和元数据API
bash
[DEFAULT]
...
enabled_apis = osapi_compute,metadata
②在[api_database]和[database]部分,配置数据库的连接
bash
[api_database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api
[database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova
③在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 RabbitMQ消息队列访问
bash
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
④ 在 [DEFAULT]和 [keystone_authtoken] 部分,配置认证服务访问
bash
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
⑤ 在 [DEFAULT 部分,配置my_ip 来使用控制节点的管理接口的IP 地址
bash
[DEFAULT]
...
my_ip = 192.168.204.210
⑥在 [DEFAULT] 部分,使能 Networking 服务
bash
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
⑦在[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址
bash
[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip
⑧在 [glance] 区域,配置镜像服务 API 的位置
bash
[glance]
...
api_servers = http://controller:9292
⑨在 [oslo_concurrency] 部分,配置锁路径
bash
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
⑩备份并修改
(6) 同步Compute 数据库
bash
# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova
(7)查看数据库
bash
# mysql nova -e "show tables;"
(8)启动 Compute 服务并将其设置为随系统启动
bash
# systemctl enable openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
openstack-nova-consoleauth.service openstack-nova-scheduler.service \
openstack-nova-conductor.service openstack-nova-novncproxy.service
(9) 查看服务列表
bash
# openstack service list
9. 计算服务安装(计算节点)
(1)安装软件包
bash
# yum install openstack-nova-compute -y
# yum install libvirt -y
# yum install openstack-utils.noarch -y
(2)编辑/etc/nova/nova.conf
①在[DEFAULT]和 [oslo_messaging_rabbit]部分,配置RabbitMQ消息队列的连接
bash
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
② 在 [DEFAULT]和 [keystone_authtoken] 部分,配置认证服务访问
bash
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS
③ 在 [DEFAULT] 部分,配置 my_ip 选项
bash
[DEFAULT]
...
my_ip = 192.168.204.211
④ 在 [DEFAULT] 部分,使能 Networking 服务
bash
[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver
⑤ 在[vnc]部分,启用并配置远程控制台访问
bash
[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
⑥在 [glance] 区域,配置镜像服务 API 的位置
bash
[glance]
...
api_servers = http://controller:9292
⑦ 在 [oslo_concurrency] 部分,配置锁路径
bash
[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp
⑧ 备份修改
(3)完成安装
① 确定计算节点是否支持虚拟机的硬件加速
bash
$ egrep -c '(vmx|svm)' /proc/cpuinfo
② 启动计算服务及其依赖,并将其配置为随系统自动启动
bash
# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service
(4)验证操作
查看服务列表
bash
# openstack service list
10. 网络服务安装(控制节点)
(1)创建数据库
用数据库连接客户端
bash
$ mysql -u root -p
创建neutron数据库
bash
CREATE DATABASE neutron;
对neutron数据库授予合适的访问权限,使用合适的密码替换NEUTRON_DBPASS
bash
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
IDENTIFIED BY 'NEUTRON_DBPASS';
(2)创建neutron用户
bash
$ openstack user create --domain default --password-prompt neutron
(3)添加admin角色到neutron用户
bash
$ openstack role add --project service --user neutron admin
(4)创建neutron服务实体
bash
$ openstack service create --name neutron \
--description "OpenStack Networking" network
(5)创建网络服务API端点
bash
$ openstack endpoint create --region RegionOne \
network public http://controller:9696
$ openstack endpoint create --region RegionOne \
network internal http://controller:9696
$ openstack endpoint create --region RegionOne \
network admin http://controller:9696
(6)查看
(7)安装 Modular Layer 2 (ML2) 插件
bash
# yum install openstack-neutron openstack-neutron-ml2 \
openstack-neutron-linuxbridge ebtables
(8)编辑/etc/neutron/plugins/ml2/ml2_conf.ini
① 在 [database] 部分,配置数据库访问
bash
[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron
② 在[DEFAULT]部分,启用ML2插件并禁用其他插件
bash
[DEFAULT]
...
core_plugin = ml2
service_plugins =
③ 在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 "RabbitMQ" 消息队列的连接
bash
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
④在 [DEFAULT]和 [keystone_authtoken]部分,配置认证服务访问
bash
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
⑤ 在[DEFAULT]和[nova]部分,配置网络服务来通知计算节点的网络拓扑变化
bash
[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS
⑥ 在 [oslo_concurrency] 部分,配置锁路径
bash
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
⑦备份修改
(9)配置 Modular Layer 2 (ML2) 插件,编辑/etc/neutron/plugins/ml2/ml2_conf.ini
① 在[ml2]部分,启用flat和VLAN网络
bash
[ml2]
...
type_drivers = flat,vlan
② 在[ml2]部分,禁用私有网络
bash
[ml2]
...
tenant_network_types =
③ 在[ml2]部分,启用Linuxbridge机制
bash
[ml2]
...
mechanism_drivers = linuxbridge
④在[ml2]部分,启用端口安全扩展驱动
bash
[ml2]
...
extension_drivers = port_security
⑤ 在[ml2_type_flat]部分,配置公共虚拟网络为flat网络
bash
[ml2_type_flat]
...
flat_networks = provider
⑥ 在 [securitygroup]部分,启用 ipset 增加安全组规则的高效性
bash
[securitygroup]
...
enable_ipset = True
(10)备份修改
(11)查看IP
(12)配置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
① 在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来
bash
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
② 在[vxlan]部分,禁止VXLAN覆盖网络
bash
[vxlan]
enable_vxlan = False
③ 在 [securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver
bash
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
(13)修改备份
(14)配置DHCP代理,编辑/etc/neutron/dhcp_agent.ini文件
① 在[DEFAULT]部分,配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据
bash
[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True
② 修改备份
(15)配置元数据代理
① 编辑/etc/neutron/metadata_agent.ini文件,在[DEFAULT] 部分,配置元数据主机以及共享密码
bash
[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET
②修改备份
(16)为计算节点配置网络服务
①编辑/etc/nova/nova.conf文件,在[neutron]部分,配置访问参数,启用元数据代理并设置密码
bash
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET
② 直接修改
(17)完成安装
① 网络服务初始化脚本需要一个超链接 /etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它
bash
# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
② 同步数据库
bash
# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
③ 重启计算API 服务
bash
# systemctl restart openstack-nova-api.service
(18)查看
bash
# neutron agent-list
11. 网络服务安装(计算节点)
(1)安装组件
bash
# yum install openstack-neutron-linuxbridge ebtables ipset
(2)配置通用组件,编辑/etc/neutron/neutron.conf文件
①在[database]部分,注释所有connection项,因为计算节点不直接访问数据库;
②在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 RabbitMQ消息队列的连接
bash
[DEFAULT]
...
rpc_backend = rabbit
[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS
③ 在 [DEFAULT]和 [keystone_authtoken]部分,配置认证服务访问(将 NEUTRON_PASS 替换为在认证服务中为 neutron 用户选择的密码)
bash
[DEFAULT]
...
auth_strategy = keystone
[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS
④ 在 [oslo_concurrency] 部分,配置锁路径
bash
[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp
⑤ 备份修改
(3) 配置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini
① 在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来
bash
[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME
② 在[vxlan]部分,禁止VXLAN覆盖网络
bash
[vxlan]
enable_vxlan = False
③ 在 [securitygroup]部分,启用安全组并配置 Linuxbridge iptables firewall driver
bash
[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
④ 备份修改
(4)配置网络选项,编辑/etc/nova/nova.conf文件
在[neutron]部分,配置访问参数
bash
[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
(5)完成安装
重启计算服务
bash
# systemctl restart openstack-nova-compute.service
启动Linuxbridge代理并配置它开机自启动
bash
# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service
(6)查看
bash
# neutron agent-list
(7)验证,列出加载的扩展来验证neutron-server进程是否正常启动
bash
$ neutron ext-list
12. Dashboard图形化界面安装(控制节点)
(1)安装软件包
bash
# yum install openstack-dashboard
(2)编辑文件 /etc/openstack-dashboard/local_settings
① 在 controller 节点上配置仪表盘以使用 OpenStack 服务
bash
OPENSTACK_HOST = "controller"
②允许所有主机访问仪表板
bash
ALLOWED_HOSTS = ['*', ]
③ 配置 memcached 会话存储服务
bash
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
④启用第3版认证API
bash
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
⑤ 用对域的支持
bash
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
⑥ 启配置API版本
bash
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 2,
}
⑦ 通过仪表盘创建用户时的默认域配置为 default
bash
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"
⑧ 通过仪表盘创建的用户默认角色配置为 user
bash
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
⑨ 如果选择网络参数1,禁用支持3层网络服务
bash
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': False,
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
⑩可以选择性地配置时区
bash
TIME_ZONE = "Asia/Shagnhai"
(3) 完成安装
重启web服务器以及会话存储服务
bash
# systemctl restart httpd.service memcached.service
(4)验证操作
①验证仪表盘的操作
bash
在浏览器中输入 http://controller/dashboard访问仪表盘。
验证使用 admin用户凭证和default域凭证。
② 登录成功
③ 查看项目
④查看镜像
⑤查看用户
⑥ 查看角色
⑦安全