openstack -T
- 写在前面:
因机缘巧合,略带几分吹牛的成分,硬着头皮熬了一晚,总算把这个庞然大物堆了起来。不得不说它的复杂程度堪称劝退级,组件之多让我直呼内行。而我这半吊子水平,能“搭得起来”已属不易。但我想,总有一天,等自己羽翼丰满,再回头品味这份复杂与智慧,可能只会淡定的说:我**真是个天才!
Preface
keystone 身份服务
glance 图像服务
placement 安置服务
nova 计算服务
neutron 网络服务
Horizon 仪表盘
1.Environment
安装centos7
- controller 4核4g内存50g硬盘
- 分区 自动分区
网络
- 配置网络static
- hosts
安全
- disabled selinux 并关闭
- 关闭防火墙并disable
- yum list | grep openstack* 查看支持的版本
ntp
- yum install chrony
controller
- server ntp3.aliyun.com iburst
- allow all
- local stratum 10
compute
- server controller iburst
both
- restart chronyd
- chronyc sources -v
启用openstack存储库(yum源)
both:
- yum install centos-release-openstack-train -y
- epel源不能配!!!容易冲突出问题
- yum install python-openstackclient openstack-selinux -y
安装openstack客户端 安装包以自动管理 OpenStack 服务的安全策略
安装数据库
controller
- yum install mariadb mariadb-server python2-PyMySQL
- vim /etc/my.cnf.d/openstack.cnf
[mysqld]
bind-address = 10.10.10.184
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
- systemctl enable mariadb.service;systemctl start mariadb.service
- mysql_secure_installation 初始化 第二个disallow的n 其他y
- mysql -pzhaoxi 测试
Message queue消息队列
- yum install rabbitmq-server
- systemctl enable rabbitmq-server.service;systemctl start rabbitmq-server.service
- rabbitmqctl add_user openstack zhaoxi 添加openstack账户
rabbitmqctl set_permissions openstack ".*" ".*" ".*"给所有权限- rabbitmqctl list_users 查看
- rabbitmq-plugins list 查看要启动的插件
- rabbitmq-plugins enable rabbitmq_management rabbitmq_management_agent 开启图形化界面
- http://10.10.10.184:15672/ 可以访问一下 guest pw:guest
Memcached内存缓存
- yum install memcached python-memcached
- CACHESIZE="1024"
OPTIONS="-l 127.0.0.1,::1,controller"
/etc/sysconfig/memetc/sysconfig/memcached - systemctl enable memcached.service;systemctl start memcached.service
Etcd
- yum install etcd
- /etc/etcd/etcd.conf
ETCD_DATA_DIR="/var/lib/etcd/default.etcd"
ETCD_LISTEN_PEER_URLS="http://10.10.10.184:2380"
ETCD_LISTEN_CLIENT_URLS="http://10.10.10.184:2379"
ETCD_NAME="controller"
ETCD_INITIAL_ADVERTISE_PEER_URLS="http://10.10.10.184:2380"
ETCD_ADVERTISE_CLIENT_URLS="http://10.10.10.184:2379"
ETCD_INITIAL_CLUSTER="controller=http://10.10.10.184:2380"
ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster"
ETCD_INITIAL_CLUSTER_STATE="new"
- systemctl enable etcd;systemctl start etcd
# 2.Install OpenStack services
## keystone
- mysql -pzhaoxi
- create user;
```mysql
1.CREATE DATABASE keystone;
2.GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'zhaoxi';
3.GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'zhaoxi';
- yum install openstack-keystone httpd mod_wsgi
- /etc/keystone/keystone.conf
[database]
connection = mysql+pymysql://keystone:zhaoxi@controller/keystone
[token]
provider = fernet
- su -s /bin/sh -c "keystone-manage db_sync" keystone 同步数据库 (可以看下keystone是否有数据)
- keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone 创建令牌 -
引导身份服务
keystone-manage bootstrap --bootstrap-password zhaoxi --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
- 配置apache /etc/httpd/conf/httpd.conf
ServerName controller - ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
- systemctl enable httpd.service;systemctl start httpd.service
- vim zhaoxi.sh
export OS_USERNAME=admin
export OS_PASSWORD=zhaoxi
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
source zhaoxi.sh
openstack endpoint list
- 创建域、项目、用户和角色
创建域
openstack domain create --description "An Example Domain" example
创建项目
openstack project create --domain default --description "Service Project" service
创建非特权项目
openstack project create --domain default --description "Demo Project" myproject
创建用户
openstack user create --domain default --password-prompt myuser
passwd:zhaoxi
创建角色
openstack role create myrole
将 `myrole` 角色添加到 `myproject` 项目和 `myuser` 用户
openstack role add --project myproject --user myuser myrole
- 取消设置临时
OS_AUTH_URL和OS_PASSWORD环境变量:unset OS_AUTH_URL OS_PASSWORD - 作为
admin用户,请求身份验证令牌
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
- 作为上一节中创建的
myuser用户,请求身份验证令牌
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
passwd:zhaoxi
- 1.admin vim admin.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=zhaoxi
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
- 2.myuser vim myuser.sh
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=zhaoxi
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
- souce admin.sh openstack token issue
- souce myuser.sh openstack token issue 分别测试
Glance
先决条件
- mysql -pzhaoxi
1.CREATE DATABASE glance;
2.# GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'zhaoxi';
3.GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'zhaoxi';
- 创建服务凭证(source admin.sh)
1.创建glace用户
openstack user create --domain default --password-prompt glance
2.将 `admin` 角色添加到 `glance` 用户和 `service` 项目
openstack role add --project service --user glance admin
3.创建 `glance` 服务实体
openstack service create --name glance --description "OpenStack Image" image
4.创建图像服务 API 端点
openstack endpoint create --region RegionOne image public http://controller:9292 公网
openstack endpoint create --region RegionOne image internal http://controller:9292 内网
openstack endpoint create --region RegionOne image admin http://controller:9292 管理网
5.openstack endpoint list
(第一步报错没有权限就重新source admin.sh)
安装服务
- yum install openstack-glance
- vim /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:zhaoxi@controller/glance
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = zhaoxi
#认证方式 openstack配置文件不能有中文 注释也不行
[paste_deploy]
flavor = keystone
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
- su -s /bin/sh -c "glance-manage db_sync" glance 同步数据库(填充图像服务数据库)
- systemctl enable openstack-glance-api.service;systemctl start openstack-glance-api.service
验证
- source admin.sh 获取
admin凭据以访问仅限管理员的 CLI 命令 - wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
上传镜像:glance image-create --name "cirros_test" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public- 镜像不能删!!! 创建要用
- openstack image list
placement
先决条件
- mysql -pzhaoxi
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'zhaoxi';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'zhaoxi';
- 创建服务凭证(source admin.sh)
1.创建placement用户
openstack user create --domain default --password-prompt placement
2.将 Placement 用户添加到具有 admin 角色的服务项目
openstack role add --project service --user placement admin
3.在服务目录中创建 Placement API 条目
openstack service create --name placement --description "Placement API" placement
4.创建 Placement API 服务端点
openstack endpoint create --region RegionOne placement public http://controller:8778 公网
openstack endpoint create --region RegionOne placement internal http://controller:8778 内网
openstack endpoint create --region RegionOne placement admin http://controller:8778 管理网
5.openstack endpoint list
安装服务
- yum install openstack-placement-api
- vim /etc/placement/placement.conf
[placement_database]
connection = mysql+pymysql://placement:zhaoxi@controller/placement
[api]
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = zhaoxi
- su -s /bin/sh -c "placement-manage db sync" placement 同步数据库
bug!!!
- httpd -v 如果大于2.4版本要配置Apache
- vim /etc/httpd/conf.d/00-placement-api.conf
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
- systemctl restart httpd
验证
- source admin.sh
- placement-status upgrade check 执行状态检查以确保一切正常
nova
controller
先决条件
- mysql -pzhaoxi
1.CREATE DATABASE nova_api;
2.CREATE DATABASE nova;
3.CREATE DATABASE nova_cell0;
4.GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'zhaoxi';
5.GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'zhaoxi';
6.GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'zhaoxi';
7.GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'zhaoxi';
8.GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'zhaoxi';
9.GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'zhaoxi';
- 创建计算服务凭证(source admin.sh)
1.创建 `nova` 用户
openstack user create --domain default --password-prompt nova
2.将 `admin` 角色添加到 `nova` 用户
openstack role add --project service --user nova admin
3.创建 `nova` 服务实体
openstack service create --name nova --description "OpenStack Compute" compute
4.创建计算 API 服务端点
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1 公网
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1 内网
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1 管理网
5.openstack endpoint list
安装服务
- yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler
openstack-nova-conductor 提供数据库连接
openstack-nova-novncproxy 访问云主机
openstack-nova-scheduler 调度 - vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[api_database]
connection = mysql+pymysql://nova:zhaoxi@controller/nova_api
[database]
connection = mysql+pymysql://nova:zhaoxi@controller/nova
[DEFAULT]
transport_url = rabbit://openstack:zhaoxi@controller:5672/
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = zhaoxi
注释掉或删除 `[keystone_authtoken]` 部分中的任何其他选项。
[DEFAULT]
my_ip = 10.10.10.184
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = $my_ip
server_proxyclient_address = $my_ip
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = zhaoxi
- su -s /bin/sh -c "nova-manage api_db sync" nova 同步数据库
- su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova 注册
cell0数据库 - su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova 创建
cell1单元格 - su -s /bin/sh -c "nova-manage db sync" nova 填充 nova 数据库
- su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova 验证 nova cell0 和 cell1 是否已正确注册
- systemctl enable openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
- systemctl start openstack-nova-api.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
compute
- yum install openstack-nova-compute
- vim /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
[DEFAULT]
transport_url = rabbit://openstack:zhaoxi@controller
[api]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = zhaoxi
[DEFAULT]
my_ip = 10.10.10.185
[DEFAULT]
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
[vnc]
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html
[glance]
api_servers = http://controller:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = zhaoxi
- egrep -c '(vmx|svm)' /proc/cpuinfo 确定您的计算节点是否支持虚拟机硬件加速
- 如果此命令返回值
one or greater,则您的计算节点支持硬件加速,通常不需要额外的配置。如果此命令返回值zero,则您的计算节点不支持硬件加速,您必须配置libvirt以使用 QEMU 而不是 KVM。
vim /etc/nova/nova.conf
[libvirt]
virt_type = qemu
- systemctl enable libvirtd.service openstack-nova-compute.service;systemctl start libvirtd.service openstack-nova-compute.service
controller
- 确认数据库中存在计算主机(source admin.sh)
- openstack compute service list --service nova-compute 验证
- su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova 主机发现 (每添加一个主机就要发现一遍)
- 添加新计算节点时,必须在控制器节点上运行
nova-manage cell_v2 discover_hosts来注册这些新计算节点。或者,您可以在/etc/nova/nova.conf中设置适当的间隔:(相当于自动起来 每300s发现一次)
[scheduler]
discover_hosts_in_cells_interval = 300
neutron
controller
先觉条件
- mysql -pzhaoxi
1.CREATE DATABASE neutron;
2.GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'zhaoxi';
3.GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'zhaoxi';
- 创建计算服务凭证(source admin.sh)
1.创建 `neutron` 用户
openstack user create --domain default --password-prompt neutron
2.将 `admin` 角色添加到 `neutron` 用户
openstack role add --project service --user neutron admin
3.创建 `neutron` 服务实体
openstack service create --name neutron --description "OpenStack Networking" network
4.创建计算 API 服务端点
openstack endpoint create --region RegionOne network public http://controller:9696 公网
openstack endpoint create --region RegionOne network internal http://controller:9696 内网
openstack endpoint create --region RegionOne network admin http://controller:9696 管理网
5.openstack endpoint list
配置网络选项
- Networking Option 1: Provider networks
网络选项 1:提供商网络 二层使用 - Networking Option 2: Self-service networks
网络选项 2:自助服务网络 三层使用 - 我是公司虚拟机都不在一个网段 我用三层
- yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables
- 配置服务器组件 vim /etc/neutron/neutron.conf
[database]
connection = mysql+pymysql://neutron:zhaoxi@controller/neutron
[DEFAULT]
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
[DEFAULT]
transport_url = rabbit://openstack:zhaoxi@controller
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = zhaoxi
[DEFAULT]
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[nova]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = zhaoxi
(nova少配置文件 自己添加在最后面)
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
- 配置模块化第 2 层 (ML2) 插件 vim /etc/neutron/plugins/ml2/ml2_conf.ini
- 这个配置文件也有空缺 copy一份
- https://docs.openstack.org/ocata/config-reference/networking/samples/ml2_conf.ini.html
[ml2]
type_drivers = flat,vlan,vxlan
[ml2]
tenant_network_types = vxlan
[ml2]
mechanism_drivers = linuxbridge,l2population
[ml2]
extension_drivers = port_security
[ml2_type_flat]
flat_networks = zhaoxi 这个要改下名字 下一个配置文件要 provider
[ml2_type_vxlan]
vni_ranges = 1:1000
[securitygroup]
enable_ipset = true
- 配置 Linux 桥接代理 (这个配置文件也有空缺 copy一份) vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]
physical_interface_mappings = zhaoxi:ens192
(上面的provider和要绑定网卡名称)
[vxlan]
enable_vxlan = true
local_ip = 10.10.10.184
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 验证桥接
所有sysctl值是否设置为1来确保您的 Linux 操作系统内核支持网桥过滤器
在这之前需要配下内核参数
vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
加载模块 modprobe br_netfilter
sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
- 配置三层代理 vim /etc/neutron/l3_agent.ini
[DEFAULT]
interface_driver = linuxbridge
- 配置DHCP代理 vim /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置元数据代理
- vim /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
METADATA_SECKET需要自定义密码 zhaoxi
配置计算服务以使用网络服务
- vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = zhaoxi
service_metadata_proxy = true
metadata_proxy_shared_secret = zhaoxi
完成安装
- ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
- su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron 同步数据库 #进去数据库可以看下,use-neutron;show-tables;
- systemctl restart openstack-nova-api.service
- systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service;systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service #建议写个脚本,太多了
(最后一个为三层服务,如果只配置二层就不需要)
!!!! tail -f /var/log/nneutron/*.log 报错
compute
安装组件
yum install openstack-neutron-linuxbridge ebtables ipset
配置公共组件
- vim /etc/neutron/neutron.conf
[database]
# connection 因为算节点不直接访问数据库,默认也是注释的
[DEFAULT]
transport_url = rabbit://openstack:zhaoxi@controller
[DEFAULT]
auth_strategy = keystone
[keystone_authtoken]
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = zhaoxi
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置网络选项
- 选择与控制节点相同的网络方案 ## 自助服务网络
- vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini (残缺 自己加上)
[linux_bridge]
physical_interface_mappings = zhaoxi:ens192
[vxlan]
enable_vxlan = true
local_ip = 10.10.10.185
l2_population = true
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
- 验证 vim /etc/sysctl.conf
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
加载模块 modprobe br_netfilter
sysctl -p
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
配置计算服务以使用网络服务
vim /etc/nova/nova.conf
[neutron]
auth_url = http://controller:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = zhaoxi
完成安装
- systemctl restart openstack-nova-compute.service
- systemctl enable neutron-linuxbridge-agent.service;systemctl start neutron-linuxbridge-agent.service
验证(controller)
openstack network agent list
有笑脸或者up就成功了 (L3和DHCP是开的)
Dashboard
安装和配置组件
- yum install openstack-dashboard
- vim /etc/openstack-dashboard/local_settings
OPENSTACK_HOST = "controller"
ALLOWED_HOSTS = ['*']
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'controller:11211',
}
}
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
OPENSTACK_NEUTRON_NETWORK = {
...
'enable_router': True, #三层看自己配置的网络决定关不关
'enable_quotas': False,
'enable_distributed_router': False,
'enable_ha_router': False,
'enable_lb': False,
'enable_firewall': False,
'enable_vpn': False,
'enable_fip_topology_check': False,
}
TIME_ZONE = "Asia/Shanghai"
- vim /etc/httpd/conf.d/openstack-dashboard.conf
WSGIApplicationGroup %{GLOBAL}
Finalize installation
- systemctl restart httpd.service memcached.service
- 访问会有个bug 重新第一个vim
随便找个地写 WEBROOT = "/dashboard"
systemctl restart httpd.service
访问http://10.10.10.184/dashboard/
!!!!!离了个大谱
域是default 用户名是admin 我的密码是zhaoxi
跟着人家试了半天admin没反应 - 然后就创建实例 做测试看能不能正常起来
3.Launch an instance
Create virtual networks
- 必须在自助服务网络之前创建提供商网络
创建提供商网络(source admin.sh)
- openstack network create --share --external --provider-physical-network zhaoxi --provider-network-type flat flat-zhaoxi 创建一个外网 (zhaoxi原来是provider flat-zhaoxi原来是flat)
- openstack subnet create --network flat-zhaoxi --allocation-pool start=10.10.10.100,end=10.10.10.150 --dns-nameserver 114.114.114.114 --gateway 10.10.10.254 --subnet-range 10.10.10.0/24 flat-subnet 创建一个子网
创建自助服务网络(source myuser.sh)
- openstack network create selfservice 创建网络
- openstack subnet create --network selfservice --dns-nameserver 8.8.4.4 --gateway 172.16.1.1 --subnet-range 172.16.1.0/24 selfservice-subnet 创建子网
- openstack router create router 创建路由器
- openstack router add subnet router selfservice-subnet 将自助服务网络子网添加为路由器上的接口
- openstack router set router --external-gateway flat-zhaoxi 在路由器上设置提供商网络上的网关
验证(source admin.sh)
- ip netns 列出网络命名空间。您应该看到一个
qrouter命名空间和两个qdhcp命名空间。 - openstack port list --router router 列出路由器上的端口以确定提供商网络上的网关 IP 地址
- ping -c 4 10.10.10.126 从控制器节点或物理提供商网络上的任何主机 Ping 该 IP 地址
Create m1.nano flavor 创建实例类型
- openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
- openstack flavor create --id 1 --vcpus 2 --ram 2000 --disk 10 m2.nano
Generate a key pair 生成密钥对
- ssh-keygen -q -N ""
- openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
- openstack keypair list 验证
Add security group rules 添加安全组规则
- openstack security group rule create --proto icmp default 允许 ICMP (ping)
- openstack security group rule create --proto tcp --dst-port 22 default
允许安全 shell (SSH) 访问
Launch an instance 启动实例
确定实例选项
- source myuser.sh
- openstack flavor list 列出可用flavors
- openstack image list 列出可用image
- openstack network list列出可用network
- openstack security group list 列出可用安全组
- openstack server create --flavor m1.nano --image cirros_test --nic net-id=2408e12e-5b4e-44dc-9ebb-e04944aa5ffb --security-group default --key-name mykey selfservice-instance1 替换为selfservice的id cirros_test替换为镜像名字 最后的名字自定义
- openstack server list 检查实例的状态
使用虚拟控制台访问实例
- openstack console url show selfservice-instance1
访问链接 注意host换成本机ip
bug!
- 访问链接发现机器没起来 booting from hard disk .... 格式的问题
解决方案(compute)
- virsh capabilities 查看cpu信息 随便取一个pc-i440fx-rhel7.2.0
- vim /etc/nova/nova.conf
[libvirt]
hw_machine_type = x86_64=pc-i440fx-rhel7.2.0 #更改虚拟化类型
cpu_mode = host-passthrough
- systemctl restart openstack-nova-*
进controller重新创建selfservice-instance2虚拟机
- openstack server create --flavor m1.nano --image cirros_test --nic net-id=2408e12e-5b4e-44dc-9ebb-e04944aa5ffb --security-group default --key-name mykey selfservice-instance2
- openstack console url show selfservice-instance2
访问链接 记得改host ip
-------还是没起来 同样的问题
chatgpt一下
virt_type = qemu
cpu_mode = host-passthrough
不弄了 睡觉 4.40了
知道什么原因了 镜像文件不能删 要用