部署OpenStack

设置基础环境

设置主机名

#controller
hostnamectl set-hostname controller.ecloud.com
#compute
hostnamectl set-hostname compute.ecloud.com

关闭防火墙

#controller && compute
systemctl disable firewalld
systemctl stop firewalld

添加主机名映射

#controller && compute
cat >> /etc/hosts << EOF
10.0.1.67   controller controller.ecloud.com
10.0.1.68   compute compute.ecloud.com
EOF

设置repo源

#controller && compute
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/CentOS-Base.repo.backup
curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
wget -O /etc/yum.repos.d/epel.repo http://mirrors.aliyun.com/repo/epel-7.repo
cat >> /etc/yum.repos.d/openstack.repo << EOF
[openstack]
name=openstack
baseurl=https://mirrors.aliyun.com/centos/7/cloud/x86_64/openstack-rocky/
gpgcheck=0
enabled=1
EOF
cat >> /etc/yum.repos.d/CentOS-Base.repo << EOF
[virt]
name=virt
baseurl=https://mirrors.aliyun.com/centos/7/virt/x86_64/kvm-common/
gpgcheck=0
enabled=1
EOF
yum makecache

安装OpenStack客户端

# controller && compute
yum install -y python-openstackclient

设置chrony时间同步

# controller && compute
yum install -y chrony
vim /etc/chrony.conf
    #server 0.centos.pool.ntp.org iburst
   #server 1.centos.pool.ntp.org iburst
   #server 2.centos.pool.ntp.org iburst
   #server 3.centos.pool.ntp.org iburst
    server ntp1.aliyun.com iburst
systemctl start chronyd
systemctl enable chronyd

设置mariadb数据库

# controller
yum install -y mariadb mariadb-server python2-PyMySQL
echo '[mysqld]
bind-address = 10.0.1.67
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8' > /etc/my.cnf.d/openstack.cnf
systemctl start mariadb
systemctl enable mariadb
mysql_secure_installation
Enter current password for root (enter for none):
Set root password? [Y/n] y
New password:                                   #输入密码
Re-enter new password:                          #验证密码
Remove anonymous users? [Y/n] y
Disallow root login remotely? [Y/n] y
Remove test database and access to it? [Y/n] y
Reload privilege tables now? [Y/n] y

设置消息队列

# controller
yum install -y rabbitmq-server
systemctl start rabbitmq-server.service
systemctl enable rabbitmq-server.service
rabbitmqctl add_user openstack openstack
rabbitmqctl set_permissions openstack ".*" ".*" ".*"

设置memcached缓存

# controller
yum install -y memcached
vim /etc/sysconfig/memcached
   #OPTIONS="-l 127.0.0.1,::1"
   OPTIONS="-l 10.0.1.67,::1"
systemctl start memcached.service
systemctl enable memcached.service

keystone

controller节点

安装keystone脚本

cat > keystone.sh <<-EOF
#!/bin/bash
mysql -uroot -p123456 -e 'CREATE DATABASE keystone;'
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
 
yum install openstack-keystone httpd mod_wsgi openstack-utils -y
 
openstack-config --set /etc/keystone/keystone.conf database connection mysql+pymysql://keystone:keystone@controller/keystone
 
openstack-config --set /etc/keystone/keystone.conf token provider fernet
 
su -s /bin/sh -c "keystone-manage db_sync" keystone
 
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
 
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://controller:5000/v3/ \
--bootstrap-internal-url http://controller:5000/v3/ \
--bootstrap-public-url http://controller:5000/v3/ \
--bootstrap-region-id RegionOne
 
sed -ri 's/#(ServerName ).*/\1controller/g' /etc/httpd/conf/httpd.conf
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
 
systemctl start httpd
systemctl enable httpd
 
echo 'export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2' > /root/admin-openrc
 
source /root/admin-openrc
 
openstack project create --domain default \
--description "Service Project" service
EOF

安装keystone

sh keystone.sh

验证

source /root/admin-openrc
openstack user list

glance

controller节点

安装glance脚本

cat > glance.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -uroot -p123456 -e "CREATE DATABASE glance;"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
 
openstack user create --domain default --password glance glance
 
openstack role add --project service --user glance admin
 
openstack service create --name glance \
--description "OpenStack Image" image
 
openstack endpoint create --region RegionOne \
image public http://controller:9292
openstack endpoint create --region RegionOne \
image internal http://controller:9292
openstack endpoint create --region RegionOne \
image admin http://controller:9292
 
yum install -y openstack-glance
 
openstack-config --set /etc/glance/glance-api.conf database connection mysql+pymysql://glance:glance@controller/glance
 
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance
 
openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
 
openstack-config --set /etc/glance/glance-api.conf glance_store stores  file,http
openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
 
openstack-config --set /etc/glance/glance-registry.conf database connection mysql+pymysql://glance:glance@controller/glance
 
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken www_authenticate_uri  http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_type  password
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_name Default
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance
 
openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
 
su -s /bin/sh -c "glance-manage db_sync" glance
 
systemctl start openstack-glance-api.service openstack-glance-registry.service
systemctl enable openstack-glance-api.service openstack-glance-registry.service
EOF

filesystem_store_datadir 可以修改 镜像存放路径。该路径 glance 用户必须要有权限。

安装glance

sh glance.sh

验证

source /root/admin-openrc
openstack image list

nova

controller

安装nova配置文件脚本

cat > nova-controller.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -uroot -p123456 -e "CREATE DATABASE nova_api;"
mysql -uroot -p123456 -e "CREATE DATABASE nova;"
mysql -uroot -p123456 -e "CREATE DATABASE nova_cell0;"
mysql -uroot -p123456 -e "CREATE DATABASE placement;"
 
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'placement';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'placement';"
 
openstack user create --domain default --password nova nova
 
openstack role add --project service --user nova admin
 
openstack service create --name nova \
--description "OpenStack Compute" compute
 
openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1
 
openstack user create --domain default --password placement placement
 
openstack role add --project service --user placement admin
 
openstack service create --name placement \
--description "Placement API" placement
 
openstack endpoint create --region RegionOne \
placement public http://controller:8778
openstack endpoint create --region RegionOne \
placement internal http://controller:8778
openstack endpoint create --region RegionOne \
placement admin http://controller:8778
 
yum install openstack-nova-api openstack-nova-conductor \
openstack-nova-console openstack-nova-novncproxy \
openstack-nova-scheduler openstack-nova-placement-api -y
 
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
 
openstack-config --set /etc/nova/nova.conf api_database connection mysql+pymysql://nova:nova@controller/nova_api
openstack-config --set /etc/nova/nova.conf database connection mysql+pymysql://nova:nova@controller/nova
openstack-config --set /etc/nova/nova.conf placement_database connection mysql+pymysql://placement:placement@controller/placement
 
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova
 
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.1.67
 
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen '\$my_ip'
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address '\$my_ip'
 
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
 
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
 
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password placement
 
echo '
<Directory /usr/bin>
   <IfVersion >= 2.4>
      Require all granted
   </IfVersion>
   <IfVersion < 2.4>
      Order allow,deny
      Allow from all
   </IfVersion>
</Directory>' >> /etc/httpd/conf.d/00-nova-placement-api.conf
 
systemctl restart httpd
 
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
 
systemctl start openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
systemctl enable openstack-nova-api.service \
openstack-nova-scheduler.service openstack-nova-conductor.service \
openstack-nova-novncproxy.service openstack-nova-conductor
EOF

注意: 这里修改修改一下 my_ip

安装nova

sh nova-controller.sh

compute

安装nova计算提供虚拟机脚本

cat > nova-compute.sh <<-EOF
#!/bin/bash
yum install openstack-nova-compute openstack-utils -y
 
openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
 
openstack-config --set /etc/nova/nova.conf DEFAULT transport_url rabbit://openstack:openstack@controller

openstack-config --set /etc/nova/nova.conf DEFAULT instances_path /var/lib/nova/instances

openstack-config --set /etc/nova/nova.conf api auth_strategy keystone
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_type password
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova
 
openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.0.1.68
 
openstack-config --set /etc/nova/nova.conf DEFAULT use_neutron true
openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
 
openstack-config --set /etc/nova/nova.conf vnc enabled true
openstack-config --set /etc/nova/nova.conf vnc server_listen 0.0.0.0
openstack-config --set /etc/nova/nova.conf vnc server_proxyclient_address '\$my_ip'
openstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://10.0.1.67:6080/vnc_auto.html
 
openstack-config --set /etc/nova/nova.conf glance api_servers http://controller:9292
 
openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
 
openstack-config --set /etc/nova/nova.conf placement region_name RegionOne
openstack-config --set /etc/nova/nova.conf placement project_domain_name Default
openstack-config --set /etc/nova/nova.conf placement project_name service
openstack-config --set /etc/nova/nova.conf placement auth_type password
openstack-config --set /etc/nova/nova.conf placement user_domain_name Default
openstack-config --set /etc/nova/nova.conf placement auth_url http://controller:5000/v3
openstack-config --set /etc/nova/nova.conf placement username placement
openstack-config --set /etc/nova/nova.conf placement password placement
 
openstack-config --set /etc/nova/nova.conf libvirt virt_type kvm
 
systemctl start libvirtd.service openstack-nova-compute.service
systemctl enable libvirtd.service openstack-nova-compute.service
EOF

注意:
这里修改修改一下 my_ip(计算节点IP地址), novncproxy_base_url(控制节点IP地址)
instances_path 修改虚拟机存储路径,该路径 nova 用户必须有权限执行。
这个 virt_type 选项必须填,不然会有未知的错误。

安装nova

sh nova-conpute.sh

添加计算节点

controller执行

source /root/admin-openrc
openstack compute service list --service nova-compute
su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
openstack-config --set /etc/nova/nova.conf scheduler discover_hosts_in_cells_interval 300

验证

nova hypervisor-list
openstack compute service list

neutron

controller

安装neutron脚本

cat > neutron.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -uroot -p123456 -e "CREATE DATABASE neutron;"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
mysql -uroot -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
 
openstack user create --domain default --password neutron neutron
 
openstack role add --project service --user neutron admin
 
openstack service create --name neutron \
--description "OpenStack Networking" network
 
openstack endpoint create --region RegionOne \
network public http://controller:9696
openstack endpoint create --region RegionOne \
network internal http://controller:9696
openstack endpoint create --region RegionOne \
network admin http://controller:9696
 
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y
 
openstack-config --set /etc/neutron/neutron.conf database connection mysql+pymysql://neutron:neutron@controller/neutron
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins router
openstack-config --set /etc/neutron/neutron.conf DEFAULT allow_overlapping_ips true
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes true
openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes true
openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf nova auth_type password
openstack-config --set /etc/neutron/neutron.conf nova project_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova user_domain_name default
openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
openstack-config --set /etc/neutron/neutron.conf nova project_name service
openstack-config --set /etc/neutron/neutron.conf nova username nova
openstack-config --set /etc/neutron/neutron.conf nova password nova
 
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlan,vxlan
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types vxlan
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge,l2population
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks provider
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_vxlan vni_ranges 1:1000
 
openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset true
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:em2
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.1.67
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 
openstack-config --set /etc/neutron/l3_agent.ini DEFAULT interface_driver linuxbridge
 
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver linuxbridge
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata true
 
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_host controller
openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret openstack
 
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password neutron
openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy true
openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret openstack
 
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
 
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
 
systemctl restart openstack-nova-api
 
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service neutron-l3-agent.service
EOF

注意:这里需要修改 local_ip 改成控制节点的IP地址 和 physical_interface_mappings 改成网卡名称

安装neutron

sh neutron.sh

compute

cat > neutron.sh <<-EOF
#!/bin/bash
yum install openstack-neutron-linuxbridge ebtables ipset -y
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_type password
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutron
 
openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings provider:em2
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan local_ip 10.0.1.68
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan l2_population true
 
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group true
openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
 
openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696
openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:5000
openstack-config --set /etc/nova/nova.conf neutron auth_type password
openstack-config --set /etc/nova/nova.conf neutron project_domain_name default
openstack-config --set /etc/nova/nova.conf neutron user_domain_name default
openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
openstack-config --set /etc/nova/nova.conf neutron project_name service
openstack-config --set /etc/nova/nova.conf neutron username neutron
openstack-config --set /etc/nova/nova.conf neutron password neutron
 
systemctl restart openstack-nova-compute.service
 
systemctl enable neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service neutron-linuxbridge-agent.service
EOF

注意:这里需要修改 local_ip 改成计算节点的IP地址 和 physical_interface_mappings 修改成网卡名称

安装neutron

sh neutron.sh

验证

source admin-openrc
openstack network agent list
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
| ID                                   | Agent Type         | Host                  | Availability Zone | Alive | State | Binary                    |
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
| 95b067ee-4c08-4d30-9b62-dcaea94607da | Metadata agent     | controller.ecloud.com | None              | XXX   | UP    | neutron-metadata-agent    |
| c3f0fe6c-33a4-404d-98d8-6ec3ec646af9 | Linux bridge agent | controller.ecloud.com | None              | XXX   | UP    | neutron-linuxbridge-agent |
| e5c7bd32-d98b-417d-9c20-91392b7584c6 | DHCP agent         | controller.ecloud.com | nova              | XXX   | UP    | neutron-dhcp-agent        |
| f6f3a6b7-f00e-48f8-abab-5a2a42680650 | L3 agent           | controller.ecloud.com | nova              | XXX   | UP    | neutron-l3-agent          |
+--------------------------------------+--------------------+-----------------------+-------------------+-------+-------+---------------------------+
openstack network create --share --external \
 --provider-physical-network provider \
 --provider-network-type flat provider
#--provider-network-type这个值要对应 /etc/neutron/plugins/ml2/ml2_conf.ini 的 [ml2_type_flat] flat_networks = provider
openstack subnet create --network provider \
 --allocation-pool start=192.168.31.10,end=192.168.31.50 \
 --dns-nameserver 223.5.5.5 --gateway 192.168.31.1 \
 --subnet-range 192.168.31.0/24 provider
#这个外网地址要对应原来那个真实IP地址一个网段
openstack network create selfnetwork
openstack subnet create --network selfnetwork \
 --dns-nameserver 223.5.5.5 --gateway 172.16.1.1 \
 --subnet-range 172.16.1.0/24 selfnetwork
openstack router create router
openstack router add subnet router selfnetwork
openstack router set router --external-gateway provider
[root@controller ~]# openstack port list --router router
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| ID                                   | Name | MAC Address       | Fixed IP Addresses                                                           | Status |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
| 6e901012-73a5-4540-962e-d162ac6cb250 |      | fa:16:3e:d0:60:13 | ip_address='172.16.1.1', subnet_id='58ffdd9c-11c7-4b38-9961-4f48522d5266'    | ACTIVE |
| cf4b3788-210c-4b2b-bd6d-8d7e3fc317fb |      | fa:16:3e:38:61:86 | ip_address='192.168.31.37', subnet_id='f7211a37-3bba-403e-bd6d-77ba52fc8e02' | ACTIVE |
+--------------------------------------+------+-------------------+------------------------------------------------------------------------------+--------+
[root@controller ~]# ping -c 4 192.168.31.37
PING 192.168.31.37 (192.168.31.37) 56(84) bytes of data.
64 bytes from 192.168.31.37: icmp_seq=1 ttl=64 time=0.079 ms
64 bytes from 192.168.31.37: icmp_seq=2 ttl=64 time=0.040 ms
64 bytes from 192.168.31.37: icmp_seq=3 ttl=64 time=0.040 ms
64 bytes from 192.168.31.37: icmp_seq=4 ttl=64 time=0.047 ms
 
--- 192.168.31.37 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.040/0.051/0.079/0.017 ms

创建虚拟机

openstack flavor create --ram 4096 --disk 10 --vcpus 4 --public CentOS
openstack security group create selfgroup
openstack security group rule create --proto icmp selfgroup
openstack security group rule create --proto tcp --dst-port 22 selfgroup
openstack server create --security-group selfgroup --image 'CentOS7' --flavor CentOS --network selfservice jumpserver

如果虚拟机状态结果为ACTIVE,那就没有问题了

cinder

controller

安装cinder脚本

cat > cinder.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
mysql -u root -p123456 -e "CREATE DATABASE cinder;"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
 
openstack user create --domain default --password cinder cinder
openstack role add --project service --user cinder admin
 
openstack service create --name cinderv2 \
  --description "OpenStack Block Storage" volumev2
openstack service create --name cinderv3 \
  --description "OpenStack Block Storage" volumev3
 
openstack endpoint create --region RegionOne \
  volumev2 public http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev2 internal http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev2 admin http://controller:8776/v2/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev3 public http://controller:8776/v3/%\(project_id\)s
openstack endpoint create --region RegionOne \
  volumev3 admin http://controller:8776/v3/%\(project_id\)s
 
yum install openstack-cinder -y
 
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:cinder@controller/cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 10.0.1.67
 
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
 
su -s /bin/sh -c "cinder-manage db sync" cinder
 
openstack-config --set /etc/nova/nova.conf cinder os_region_name RegionOne
 
systemctl restart openstack-nova-api.service
 
systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
EOF

部署cinder服务

bash cinder.sh

storage节点

这里storage节点也是compute节点。也是创建一个脚本名字为cinder.sh

cat > cinder.sh <<-EOF
#!/bin/bash
yum install openstack-cinder targetcli python-keystone lvm2 device-mapper-persistent-data -y
 
systemctl enable lvm2-lvmetad.service
systemctl start lvm2-lvmetad.service
 
pvcreate /dev/sda4
vgcreate cinder-volumes /dev/sda4
 
openstack-config --set /etc/cinder/cinder.conf database connection mysql+pymysql://cinder:cinder@controller/cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url  http://controller:5000
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken memcached_servers  controller:11211
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_type password
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id  default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password cinder
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT my_ip 10.0.1.68
 
openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
 
openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_api_servers http://controller:9292
 
openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path  /var/lib/cinder/tmp
 
systemctl enable openstack-cinder-volume.service target.service
systemctl start openstack-cinder-volume.service target.service
EOF

注意:脚本里的 pvcreate、vgcreate这两个参数根据实际情况调整。我这里使用的是/dev/sda4

fdisk /dev/sda
Command (m for help): n
Partition type:
   p   primary (3 primary, 0 extended, 1 free)
   e   extended
Select (default e): p
First sector (244246528-584843263, default 244246528):     回车
Last sector, +sectors or +size{K,M,G} (244246528-584843263, default 584843263): 回车
Command (m for help): w
partprobe

部署cinder

bash cinder.sh

验证

openstack volume create --size 1 test
openstack volume list

heat

controller

安装heat脚本

cat > heat.sh <<-EOF
#!/bin/bash
source /root/admin-openrc
 
mysql -u root -p123456 -e "CREATE DATABASE heat;"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'localhost' IDENTIFIED BY 'heat';"
mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON heat.* TO 'heat'@'%' IDENTIFIED BY 'heat';"
 
openstack user create --domain default --password heat heat
openstack role add --project service --user heat admin
 
openstack service create --name heat \
  --description "Orchestration" orchestration
openstack service create --name heat-cfn \
  --description "Orchestration"  cloudformation
 
openstack endpoint create --region RegionOne \
  orchestration public http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
  orchestration internal http://controller:8004/v1/%\(tenant_id\)s
openstack endpoint create --region RegionOne \
  orchestration admin http://controller:8004/v1/%\(tenant_id\)s
 
openstack endpoint create --region RegionOne \
  cloudformation public http://controller:8000/v1
openstack endpoint create --region RegionOne \
  cloudformation internal http://controller:8000/v1
openstack endpoint create --region RegionOne \
  cloudformation admin http://controller:8000/v1
 
openstack domain create --description "Stack projects and users" heat
openstack user create --domain heat --password admin heat_domain_admin
openstack role add --domain heat --user-domain heat --user heat_domain_admin admin
 
openstack role create heat_stack_owner
openstack role add --project demo --user demo heat_stack_owner
openstack role create heat_stack_user
 
yum install openstack-heat-api openstack-heat-api-cfn openstack-heat-engine -y
 
openstack-config --set /etc/heat/heat.conf database connection mysql+pymysql://heat:heat@controller/heat
 
openstack-config --set /etc/heat/heat.conf DEFAULT transport_url rabbit://openstack:openstack@controller
 
openstack-config --set /etc/heat/heat.conf keystone_authtoken www_authenticate_uri http://controller:5000
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_url http://controller:5000
openstack-config --set /etc/heat/heat.conf keystone_authtoken memcached_servers controller:11211
openstack-config --set /etc/heat/heat.conf keystone_authtoken auth_type password
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken user_domain_name default
openstack-config --set /etc/heat/heat.conf keystone_authtoken project_name service
openstack-config --set /etc/heat/heat.conf keystone_authtoken username heat
openstack-config --set /etc/heat/heat.conf keystone_authtoken password heat
 
openstack-config --set /etc/heat/heat.conf trustee auth_type password
openstack-config --set /etc/heat/heat.conf trustee auth_url http://controller:5000
openstack-config --set /etc/heat/heat.conf trustee username heat
openstack-config --set /etc/heat/heat.conf trustee password heat
openstack-config --set /etc/heat/heat.conf trustee user_domain_name default
 
openstack-config --set /etc/heat/heat.conf clients_keystone auth_uri http://controller:5000
 
openstack-config --set /etc/heat/heat.conf DEFAULT heat_metadata_server_url http://controller:8000
openstack-config --set /etc/heat/heat.conf DEFAULT heat_waitcondition_server_url http://controller:8000/v1/waitcondition
 
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin heat_domain_admin
openstack-config --set /etc/heat/heat.conf DEFAULT stack_domain_admin_password admin
openstack-config --set /etc/heat/heat.conf DEFAULT stack_user_domain_name heat
 
su -s /bin/sh -c "heat-manage db_sync" heat
 
systemctl start openstack-heat-api.service \
  openstack-heat-api-cfn.service openstack-heat-engine.service
systemctl enable openstack-heat-api.service \
  openstack-heat-api-cfn.service openstack-heat-engine.service
EOF

部署heat服务

bash heat.sh

验证

创建一个test.yml

cat > test.yml <<-EOF
heat_template_version: rocky
 
resources:
  server:
    type: OS::Nova::Server
    properties:
      image: CentOS7
      flavor: CentOS
      networks:
     - network: 2e910a8d-3391-49eb-bb30-2e12f6fb05b0
 
outputs:
  instance_name:
    description: Name of the instance.
    value: { get_attr: [ server, name ] }
  instance_ip:
    description: IP address of the instance.
    value: { get_attr: [ server, first_address ] }
EOF

创建

openstack stack create -t test.yal stack
上一篇:OpenStack平台的使用


下一篇:canvas_06 线性小球