0x00 基础环境简介
#两台centos7
10.10.10.20 master 网卡 eth0
10.10.10.30 node01 网卡 eth0
##master
#关闭firewalld
[root@master ~]# systemctl stop firewalld.service
[root@master ~]# systemctl disable firewalld.service
#关闭selinux
[root@master ~]# sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config
[root@master ~]# setenforce 0
#设置host文件
[root@master ~]# cat >>/etc/hosts<<EOF
10.10.10.20 master
10.10.10.30 node01
EOF
#设置hostname
[root@master ~]# hostnamectl set-hostname master
#安装和同步时间
[root@master ~]# yum install chrony -y
[root@master ~]# sed -i '/#allow 192.168.0.0\/16/a\allow 10.10.10.0/24' /etc/chrony.conf
#设置启动项和启动
[root@master ~]# systemctl enable chronyd.service
[root@master ~]# systemctl start chronyd.service
[root@master ~]# chronyc sources
#设置时区
[root@master ~]# timedatectl set-timezone Asia/Shanghai
[root@master ~]# timedatectl status
#重新启动电脑
[root@master ~]# reboot
##node01
#关闭firewalld
[root@node01 ~]# systemctl stop firewalld.service
[root@node01 ~]# systemctl disable firewalld.service
#关闭selinux
[root@node01 ~]# sed -i 's:SELINUX=enforcing:SELINUX=disabled:g' /etc/selinux/config
[root@node01 ~]# setenforce 0
#设置host文件
[root@node01 ~]# cat >>/etc/hosts<<EOF
10.10.10.20 master
10.10.10.30 node01
EOF
#设置hostname
[root@node01 ~]# hostnamectl set-hostname master
#安装和同步时间
[root@node01 ~]# yum install chrony -y
#之前写的是 echo "server 10.10.10.20 iburst" > /etc/chrony.conf 不过发现相差9小时,所以就有了下面的方法。
[root@node01 ~]# cat > /etc/chrony.conf<<OFF
server 10.10.10.20 iburst
driftfile /var/lib/chrony/drift
makestep 1.0 3
rtcsync
logdir /var/log/chrony
OFF
#设置启动项和启动
[root@node01 ~]# systemctl enable chronyd.service
[root@node01 ~]# systemctl start chronyd.service
[root@node01 ~]# chronyc sources
#设置时区
[root@node01 ~]# timedatectl set-timezone Asia/Shanghai
[root@node01 ~]# timedatectl status
#重新启动电脑
[root@node01 ~]# reboot
0x01 基础环境安装
##master
[root@master ~]# yum install -y python-openstackclient
#MySQL
[root@master ~]# yum install -y mariadb mariadb-server MySQL-python
#RabbitMQ
[root@master ~]# yum install -y rabbitmq-server
#Keystone
[root@master ~]# yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
#Glance
[root@master ~]# yum install -y openstack-glance python-glance python-glanceclient
#Nova
[root@master ~]# yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
#Neutron linux-node1.example.com
[root@master ~]# yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
#Dashboard
[root@master ~]# yum install -y openstack-dashboard
#Cinder
[root@master ~]# yum install -y openstack-cinder python-cinderclient
##node01
[root@node01 ~]# yum install python-openstackclient -y
#Nova linux-node2.openstack
[root@node01 ~]# yum install -y openstack-nova-compute sysfsutils
#Neutron linux-node2.openstack
[root@node01 ~]# yum install -y openstack-neutron openstack-neutron-linuxbridge ebtables ipset
#Cinder
[root@node01 ~]# yum install -y openstack-cinder python-cinderclient targetcli python-oslo-policy
0x02 Mysql配置
##master
#直接使用中级配置文件进行覆盖
[root@master ~]# /bin/cp /usr/share/mariadb/my-medium.cnf /etc/my.cnf
[root@master ~]# sed -i "/\[mysqld\]$/a character-set-server = utf8" /etc/my.cnf
[root@master ~]# sed -i "/\[mysqld\]$/a init-connect = 'SET NAMES utf8'" /etc/my.cnf
[root@master ~]# sed -i "/\[mysqld\]$/a collation-server = utf8_general_ci" /etc/my.cnf
[root@master ~]# sed -i "/\[mysqld\]$/a max_connections = 4096" /etc/my.cnf
[root@master ~]# sed -i "/\[mysqld\]$/a innodb_file_per_table" /etc/my.cnf
[root@master ~]# sed -i "/\[mysqld\]$/a default-storage-engine = innodb" /etc/my.cnf
#设置启动项和启动
[root@master ~]# systemctl enable mariadb.service
[root@master ~]# systemctl start mariadb.service
#配置mysql,设置密码为123456
[root@master ~]# mysql_secure_installation
#创建数据库
#keystone数据库
[root@master ~]# mysql -u root -p123456 -e "CREATE DATABASE keystone;"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"
#Glance数据库
[root@master ~]# mysql -u root -p123456 -e "CREATE DATABASE glance;"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"
#Nova数据库
[root@master ~]# mysql -u root -p123456 -e "CREATE DATABASE nova;"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"
#Neutron 数据库
[root@master ~]# mysql -u root -p123456 -e "CREATE DATABASE neutron;"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"
#Cinder数据库
[root@master ~]# mysql -u root -p123456 -e "CREATE DATABASE cinder;"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder';"
[root@master ~]# mysql -u root -p123456 -e "GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder';"
#查看数据库是否创建
[root@master ~]# mysql -u root -p123456 -e "show databases;"
0x03 RabbitMQ配置
#设置启动项和启动
[root@master ~]# systemctl enable rabbitmq-server.service
[root@master ~]# systemctl start rabbitmq-server.service
#创建openstack的用户名和密码
[root@master ~]# rabbitmqctl add_user openstack openstack
#用户授权
[root@master ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
#列出rabbitmq的插件
[root@master ~]# rabbitmq-plugins list
#rabbitmq管理插件启动
[root@master ~]# rabbitmq-plugins enable rabbitmq_management
#重新启动rabbitmq
[root@master ~]# systemctl restart rabbitmq-server.service
#rabbitmq端口是5672,web端口是15672
[root@master ~]# ss -lntup | grep 5672
#网页访问 http://10.10.10.20:15672 将openstack的tags用户组改为administrator
0x04 keystone配置
##master
#随机一个变量
[root@localhost ~]# openssl rand -hex 10
11749fe75b1980324ade
#配置keystone.conf
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token 35d6e6f377a889571bcf
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf DEFAULT verbose true
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:keystone@10.10.10.20/keystone
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf memcache servers 10.10.10.20:11211
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf revoke driver sql
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf token provider uuid
[root@localhost ~]# openstack-config --set /etc/keystone/keystone.conf token driver memcache
#keystone.conf配置文件
[root@master ~]# cat /etc/keystone/keystone.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
admin_token = 11749fe75b1980324ade #设置token
[assignment]
[auth]
[cache]
[catalog]
[cors]
[cors.subdomain]
[credential]
[database]
connection = mysql://keystone:keystone@10.10.10.20/keystone #连接数据库
[domain_config]
[endpoint_filter]
[endpoint_policy]
[eventlet_server]
[eventlet_server_ssl]
[federation]
[fernet_tokens]
[identity]
[identity_mapping]
[kvs]
[ldap]
[matchmaker_redis]
[matchmaker_ring]
[memcache]
servers = 10.10.10.20:11211 #使用memcache
[oauth1]
[os_inherit]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_middleware]
[oslo_policy]
[paste_deploy]
[policy]
[resource]
[revoke]
driver = sql
[role]
[saml]
[signing]
[ssl]
[token]
provider = uuid
driver = memcache
[tokenless_auth]
[trust]
#同步数据库(使用低权限创建数据,否则keystone无法执行写入数据库操作)
[root@localhost ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone
#验证查看是否成功
[root@master ~]# mysql -ukeystone -pkeystone keystone -e "show tables;"
#增加httpd的ServerName
[root@localhost ~]# sed -i "s/#ServerName www.example.com:80/ServerName 10.10.10.20:80/" /etc/httpd/conf/httpd.conf
#将memcache全部监听,可能存在一定缺陷
[root@localhost ~]# sed -i "s/OPTIONS=\"-l 127.0.0.1,::1\"/OPTIONS=\"-l 0.0.0.0,::1\"/" /etc/sysconfig/memcached
#建立keystone配置文件,使用apache代理,监听5000端口,api访问35357,管理访问端口
[root@localhost ~]# cat > /etc/httpd/conf.d/wsgi-keystone.conf << OFF
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /usr/bin/keystone-wsgi-public
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
<IfVersion >= 2.4>
ErrorLogFormat "%{cu}t %M"
</IfVersion>
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
</VirtualHost>
OFF
#设置启动项和启动
[root@master ~]# systemctl enable memcached.service httpd.service
[root@master ~]# systemctl start memcached.service httpd.service
#创建临时环境变量
[root@master ~]# cat >token<<OFF
export OS_TOKEN=11749fe75b1980324ade
export OS_URL=http://10.10.10.20:35357/v3
export OS_IDENTITY_API_VERSION=3
OFF
#使用环境变量
[root@master ~]# source token
#查看环境变量是否执行
[root@master ~]# env
#创建租户用户
[root@master ~]# openstack project create --domain default --description "Admin Project" admin
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Admin Project |
| domain_id | default |
| enabled | True |
| id | 14b65b1b72674678b1c3afd7d765be20 |
| is_domain | False |
| name | admin |
| parent_id | None |
+-------------+----------------------------------+
#创建admin的用户
[root@master ~]# openstack user create --domain default --password-prompt admin
User Password:
Repeat User Password:
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 0f4bad49e0264d899dc18e30be3cba70 |
| name | admin |
+-----------+----------------------------------+
#创建admin的角色
[root@master ~]# openstack role create admin
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | 5aecb76b1aa5480595a709f638210360 |
| name | admin |
+-------+----------------------------------+
#把admin用户加入到admin项目,并赋予admin的角色
[root@master ~]# openstack role add --project admin --user admin admin
#创建普通用户密码及角色
[root@master ~]# openstack project create --domain default --description "Demo Project" demo
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | ee8bbce335184e1385630e034f0321fb |
| is_domain | False |
| name | demo |
| parent_id | None |
+-------------+----------------------------------+
#创建租户用户
[root@master ~]# openstack user create --domain default --password=demo demo
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 365841b7693c411987b55a16eb39ccb7 |
| name | demo |
+-----------+----------------------------------+
#创建user的角色
[root@master ~]# openstack role create user
+-------+----------------------------------+
| Field | Value |
+-------+----------------------------------+
| id | fe0ecbb4feee4d20bd998ffee7048fae |
| name | user |
+-------+----------------------------------+
#把demo用户加入到user项目,并赋予admin的角色
[root@master ~]# openstack role add --project demo --user demo user
#创建servicei项目,管理nova、neuturn、glance的组件服务
[root@master ~]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 38cb34ff396143a2b73e2f2eac1db0dc |
| is_domain | False |
| name | service |
| parent_id | None |
+-------------+----------------------------------+
#keystone注册
[root@master ~]# openstack service create --name keystone --description "OpenStack Identity" identity
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Identity |
| enabled | True |
| id | 73d8af9b73d74810bb7c37ac59bf27af |
| name | keystone |
| type | identity |
+-------------+----------------------------------+
#公共api接口
[root@master ~]# openstack endpoint create --region RegionOne identity public http://10.10.10.20:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | f9850f50c4ac4a4f93904c389cdb3737 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73d8af9b73d74810bb7c37ac59bf27af |
| service_name | keystone |
| service_type | identity |
| url | http://10.10.10.20:5000/v2.0 |
+--------------+----------------------------------+
#私有api接口
[root@master ~]# openstack endpoint create --region RegionOne identity internal http://10.10.10.20:5000/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | c01e861806344409b7acdbf55cb2fd45 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73d8af9b73d74810bb7c37ac59bf27af |
| service_name | keystone |
| service_type | identity |
| url | http://10.10.10.20:5000/v2.0 |
+--------------+----------------------------------+
#管理api接口
[root@master ~]# openstack endpoint create --region RegionOne identity admin http://10.10.10.20:35357/v2.0
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2f783c4bde36468ba0f98330ad438c7a |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 73d8af9b73d74810bb7c37ac59bf27af |
| service_name | keystone |
| service_type | identity |
| url | http://10.10.10.20:35357/v2.0 |
+--------------+----------------------------------+
#查看user列表
[root@master ~]# openstack user list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 0f4bad49e0264d899dc18e30be3cba70 | admin |
| 365841b7693c411987b55a16eb39ccb7 | demo |
+----------------------------------+---------+
#查看项目列表
[root@master ~]# openstack project list
+----------------------------------+---------+
| ID | Name |
+----------------------------------+---------+
| 14b65b1b72674678b1c3afd7d765be20 | admin |
| 38cb34ff396143a2b73e2f2eac1db0dc | service |
| ee8bbce335184e1385630e034f0321fb | demo |
+----------------------------------+---------+
#查看角色
[root@master ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 5aecb76b1aa5480595a709f638210360 | admin |
| fe0ecbb4feee4d20bd998ffee7048fae | user |
+----------------------------------+-------+
#查看api接口
[root@master ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| 2f783c4bde36468ba0f98330ad438c7a | RegionOne | keystone | identity | True | admin | http://10.10.10.20:35357/v2.0 |
| c01e861806344409b7acdbf55cb2fd45 | RegionOne | keystone | identity | True | internal | http://10.10.10.20:5000/v2.0 |
| f9850f50c4ac4a4f93904c389cdb3737 | RegionOne | keystone | identity | True | public | http://10.10.10.20:5000/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
#使用用户名密码的方式登录:必须要先取消环境变量
[root@master ~]# unset OS_TOKEN OS_URL
#使用账号登陆检测是否OK
[root@master ~]# openstack --os-auth-url http://10.10.10.20:35357/v3 --os-identity-api-version 3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-09-14T21:19:28.234185Z |
| id | cf9cd8600b424a5bb3bc948f3093539a |
| project_id | 14b65b1b72674678b1c3afd7d765be20 |
| user_id | 0f4bad49e0264d899dc18e30be3cba70 |
+------------+----------------------------------+
[root@master ~]# openstack --os-auth-url http://10.10.10.20:35357 --os-identity-api-version 3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-password admin token issue
+------------+----------------------------------+
| Field | Value |
+------------+----------------------------------+
| expires | 2017-09-14T21:20:06.829997Z |
| id | a8337439c2fa40bc8ace2406575d3617 |
| project_id | 14b65b1b72674678b1c3afd7d765be20 |
| user_id | 0f4bad49e0264d899dc18e30be3cba70 |
+------------+----------------------------------+
#设置两个环境变量
#管理员账号
[root@master ~]# cat >admin-openrc.sh<<OFF
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=admin
export OS_TENANT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://10.10.10.20:35357/v3
export OS_IDENTITY_API_VERSION=3
OFF
#普通账号
[root@master ~]# cat >demo-openrc.sh<<OFF
export OS_PROJECT_DOMAIN_ID=default
export OS_USER_DOMAIN_ID=default
export OS_PROJECT_NAME=demo
export OS_TENANT_NAME=demo
export OS_USERNAME=demo
export OS_PASSWORD=demo
export OS_AUTH_URL=http://10.10.10.20:5000/v3
export OS_IDENTITY_API_VERSION=3
OFF
#使用管理员账号
[root@master ~]# source admin-openrc.sh
#测试查看token
[root@master ~]# openstack token issue
0x05 glance配置
##master
#配置glance-api.conf
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT notification_driver noop
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf DEFAULT verbose True
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf database connection mysql://glance:glance@10.10.10.20/glance
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_uri http://10.10.10.20:5000
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken auth_plugin password
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_domain_id default
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken user_domain_id default
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken project_name service
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken username glance
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf keystone_authtoken password glance
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf glance_store default_store file
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/
[root@master ~]# openstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystone
#glance-api.conf配置文件
[root@master ~]# cat /etc/glance/glance-api.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
verbose=True
notification_driver = noop #不使用循环
[database]
connection=mysql://glance:glance@10.10.10.20/glance #连接数据库
[glance_store] #glance镜像存放
default_store=file
filesystem_store_datadir=/var/lib/glance/images/
[image_format]
[keystone_authtoken] #连接keystone认证
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy]
flavor=keystone
[store_type_location_strategy]
[task]
[taskflow_executor]
#配置glance-registry.conf
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT notification_driver noop
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf DEFAULT verbose True
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:glance@10.10.10.20/glance
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_uri http://10.10.10.20:5000
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken auth_plugin password
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_domain_id default
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken user_domain_id default
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken project_name service
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken username glance
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken password glance
[root@master ~]# openstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystone
#glance-registry.conf配置文件
[root@master ~]# cat /etc/glance/glance-registry.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
[database]
connection=mysql://glance:glance@10.10.10.20/glance #连接数据库
[glance_store]
[keystone_authtoken] #连接keystone认证
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = glance
password = glance
[matchmaker_redis]
[matchmaker_ring]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
[oslo_policy]
[paste_deploy] #使用keystone
flavor=keystone
#同步glance数据库
[root@master ~]# su -s /bin/sh -c "glance-manage db_sync" glance
#查看数据库是否创建
[root@master ~]# mysql -u root -p123456 -e "use glance;show tables;"
#创建glance用户
[root@master ~]# openstack user create --domain default --password=glance glance
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | d9a702f3ab94434bb6b8fec1327eb0fa |
| name | glance |
+-----------+----------------------------------+
#将此用户加入到项目里面并给它赋予admin的权限
[root@master ~]# openstack role add --project service --user glance admin
#启动glance
[root@master ~]# systemctl enable openstack-glance-api openstack-glance-registry
[root@master ~]# systemctl start openstack-glance-api openstack-glance-registry
#glance-registry 监听 9191端口
#glance-api 监听 9292端口
#在keystone上注册
[root@master ~]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image service |
| enabled | True |
| id | 76308a85197b4646a35e620206c0b790 |
| name | glance |
| type | image |
+-------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne image public http://10.10.10.20:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 4ed166a3e1f84d1ead12748a2ed3bbdd |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 76308a85197b4646a35e620206c0b790 |
| service_name | glance |
| service_type | image |
| url | http://10.10.10.20:9292 |
+--------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne image internal http://10.10.10.20:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 8762bd71af8c4d918bc06717d7ca19cc |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 76308a85197b4646a35e620206c0b790 |
| service_name | glance |
| service_type | image |
| url | http://10.10.10.20:9292 |
+--------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne image admin http://10.10.10.20:9292
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 60426895bc7f4c0cb159a1e120327c79 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 76308a85197b4646a35e620206c0b790 |
| service_name | glance |
| service_type | image |
| url | http://10.10.10.20:9292 |
+--------------+----------------------------------+
#添加 glance 环境变量并测试
[root@master ~]# echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh
#测试
[root@master ~]# glance image-list
+----+------+
| ID | Name |
+----+------+
+----+------+
#下载镜像、上传镜像
[root@master ~]# wget -q http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img
[root@master ~]# glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
[=============================>] 100%
+------------------+--------------------------------------+
| Property | Value |
+------------------+--------------------------------------+
| checksum | ee1eca47dc88f4879d8a229cc70a07c6 |
| container_format | bare |
| created_at | 2017-09-14T16:31:11Z |
| disk_format | qcow2 |
| id | a96e3394-3cb8-4b7c-8658-9c5edbc51bf2 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | 14b65b1b72674678b1c3afd7d765be20 |
| protected | False |
| size | 13287936 |
| status | active |
| tags | [] |
| updated_at | 2017-09-14T16:31:11Z |
| virtual_size | None |
| visibility | public |
+------------------+--------------------------------------+
#测试
[root@master ~]# glance image-list
+--------------------------------------+--------+
| ID | Name |
+--------------------------------------+--------+
| a96e3394-3cb8-4b7c-8658-9c5edbc51bf2 | cirros |
+--------------------------------------+--------+
#目录是我们在/etc/glance/glance-api.conf设置的filesystem_store_datadir=/var/lib/glance/images/
[root@master ~]# ll /var/lib/glance/images/
total 12980
-rw-r----- 1 glance glance 13287936 Sep 16 12:53 0c8cb3d6-979e-461a-880d-39d93a9f1251
0x06 nova配置
##master
#配置nova.conf
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.10.10.20
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.API
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutron
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriver
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystone
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadata
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT verbose True
[root@master ~]# openstack-config --set /etc/nova/nova.conf database connection mysql://nova:nova@10.10.10.20/nova
[root@master ~]# openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbit
[root@master ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host 10.10.10.20
[root@master ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_port 5672
[root@master ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstack
[root@master ~]# openstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstack
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://10.10.10.20:5000
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin password
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id default
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id default
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken project_name service
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken username nova
[root@master ~]# openstack-config --set /etc/nova/nova.conf keystone_authtoken password nova
[root@master ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 10.10.10.20
[root@master ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address 10.10.10.20
[root@master ~]# openstack-config --set /etc/nova/nova.conf glance host 10.10.10.20
[root@master ~]# openstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmp
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron url http://10.10.10.20:9696
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron auth_plugin password
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron project_domain_id default
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron user_domain_id default
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron region_name RegionOne
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron project_name service
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron username neutron
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron password neutron
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy True
[root@master ~]# openstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret neutron
#nova.conf配置文件
[root@master ~]# cat /etc/nova/nova.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
my_ip=10.10.10.20
enabled_apis=osapi_compute,metadata
auth_strategy=keystone
allow_resize_to_same_host=True
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
security_group_api=neutron
scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
firewall_driver=nova.virt.firewall.NoopFirewallDriver
debug=true
verbose=true
rpc_backend=rabbit
[api_database]
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
connection=mysql://nova:nova@10.10.10.20/nova
[ephemeral_storage_encryption]
[glance]
host = 10.10.10.20
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type=kvm
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
url = http://10.10.10.20:9696
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
lock_path=/var/lib/nova/tmp
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host=10.10.10.20
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
novncproxy_base_url=http://10.10.10.20:6080/vnc_auto.html
keymap=en-us
vncserver_listen= $my_ip
vncserver_proxyclient_address= $my_ip
[workarounds]
[xenserver]
[zookeeper]
#同步nova数据库
[root@master ~]# su -s /bin/sh -c "nova-manage db sync" nova
#查看数据库是否创建
[root@master ~]# mysql -u root -p123456 -e "use nova;show tables;"
#创建nova账号
[root@master ~]# openstack user create --domain default --password=nova nova
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | f5788656ab794b87bbf07905207193bc |
| name | nova |
+-----------+----------------------------------+
[root@master ~]# openstack role add --project service --user nova admin
#设置启动项和启动
[root@master ~]# systemctl enable openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
[root@master ~]# systemctl start openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#在keystone里面注册
[root@master ~]# openstack service create --name nova --description "OpenStack Compute" compute
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 049012fe23d84c2a9787fd80b1d8870d |
| name | nova |
| type | compute |
+-------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne compute public http://10.10.10.20:8774/v2/%\(tenant_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | e1941c8225514a049a252f64789807d8 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 049012fe23d84c2a9787fd80b1d8870d |
| service_name | nova |
| service_type | compute |
| url | http://10.10.10.20:8774/v2/%(tenant_id)s |
+--------------+------------------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne compute internal http://10.10.10.20:8774/v2/%\(tenant_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | e1208de7abce45c388f5f9e80da88fc5 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 049012fe23d84c2a9787fd80b1d8870d |
| service_name | nova |
| service_type | compute |
| url | http://10.10.10.20:8774/v2/%(tenant_id)s |
+--------------+------------------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne compute admin http://10.10.10.20:8774/v2/%\(tenant_id\)s
+--------------+------------------------------------------+
| Field | Value |
+--------------+------------------------------------------+
| enabled | True |
| id | 8a600ad1c0494707915a15c0bcfc2575 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 049012fe23d84c2a9787fd80b1d8870d |
| service_name | nova |
| service_type | compute |
| url | http://10.10.10.20:8774/v2/%(tenant_id)s |
+--------------+------------------------------------------+
#检查是否成功
[root@master ~]# openstack host list
+-----------+-------------+----------+
| Host Name | Service | Zone |
+-----------+-------------+----------+
| master | conductor | internal |
| master | consoleauth | internal |
| master | scheduler | internal |
| master | cert | internal |
+-----------+-------------+----------+
##node01
#配置nova文件,由于和master配置内容基本相似,在master执行
[root@master ~]# scp /etc/nova/nova.conf 10.10.10.30:/etc/nova/
#简单修改/etc/nova/nova.conf
[root@node01 ~]# openstack-config --set /etc/nova/nova.conf DEFAULT my_ip 10.10.10.30
[root@node01 ~]# openstack-config --set /etc/nova/nova.conf vnc vncserver_listen 0.0.0.0
[root@node01 ~]# openstack-config --set /etc/nova/nova.conf glance host 10.10.10.20
#nova.conf配置文件
[root@node01 ~]# cat /etc/nova/nova.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
my_ip=10.10.10.30
enabled_apis=osapi_compute,metadata
auth_strategy=keystone
allow_resize_to_same_host=True
network_api_class=nova.network.neutronv2.api.API
linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver
security_group_api=neutron
scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter
firewall_driver=nova.virt.firewall.NoopFirewallDriver
debug=true
verbose=true
rpc_backend=rabbit
[api_database]
connection=mysql://nova:nova@10.10.10.20/nova
[barbican]
[cells]
[cinder]
[conductor]
[cors]
[cors.subdomain]
[database]
[ephemeral_storage_encryption]
[glance]
host=10.10.10.20
[guestfs]
[hyperv]
[image_file_url]
[ironic]
[keymgr]
[keystone_authtoken]
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = nova
password = nova
[libvirt]
virt_type=kvm
[matchmaker_redis]
[matchmaker_ring]
[metrics]
[neutron]
url = http://10.10.10.20:9696
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = neutron
password = neutron
service_metadata_proxy = True
metadata_proxy_shared_secret = neutron
lock_path=/var/lib/nova/tmp
[osapi_v21]
[oslo_concurrency]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host=10.10.10.20
rabbit_port=5672
rabbit_userid=openstack
rabbit_password=openstack
[oslo_middleware]
[rdp]
[serial_console]
[spice]
[ssl]
[trusted_computing]
[upgrade_levels]
[vmware]
[vnc]
novncproxy_base_url=http://10.10.10.20:6080/vnc_auto.html
vncserver_listen=0.0.0.0
vncserver_proxyclient_address= $my_ip
keymap=en-us
[workarounds]
[xenserver]
[zookeeper]
#设置nova启动项和启动
[root@node01 ~]# systemctl enable libvirtd openstack-nova-compute
[root@node01 ~]# systemctl start libvirtd openstack-nova-compute
##master
#执行命令
[root@master ~]# openstack host list
+-----------+-------------+----------+
| Host Name | Service | Zone |
+-----------+-------------+----------+
| master | conductor | internal |
| master | consoleauth | internal |
| master | scheduler | internal |
| master | cert | internal |
| node01 | compute | nova |
+-----------+-------------+----------+
0x07 Neutron配置
##master
#配置/etc/neutron/neutron.conf
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT service_plugins
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystone
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes True
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes True
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://10.10.10.20:8774/v2
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbit
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:neutron@10.10.10.20/neutron
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://10.10.10.20:5000
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin password
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id default
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id default
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name service
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutron
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf keystone_authtoken password pass
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova auth_plugin password
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova project_domain_id default
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova user_domain_id default
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova region_name RegionOne
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova project_name service
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova username nova
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf nova password pass
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmp
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host 10.10.10.20
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstack
[root@master ~]# openstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstack
#neutron.conf配置文件
[root@master ~]# cat /etc/neutron/neutron.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
state_path = /var/lib/neutron
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True
nova_url = http://10.10.10.20:8774/v2
rpc_backend=rabbit
[matchmaker_redis]
[matchmaker_ring]
[quotas]
[agent]
[keystone_authtoken]
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
[database]
connection = mysql://neutron:neutron@10.10.10.20:3306/neutron
[nova]
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
region_name = RegionOne
project_name = service
username = nova
password = nova
[oslo_concurrency]
lock_path = $state_path/lock
[oslo_policy]
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.10.20
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = openstack
[qos]
#配置ml2_conf.ini
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_types
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridge
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_security
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks public
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset True
#ml2_conf.ini配置文件
[root@master ~]# cat /etc/neutron/plugins/ml2/ml2_conf.ini|grep -v "^#"|grep -v "^$"
[ml2]
type_drivers = flat,vlan,gre,vxlan,geneve
tenant_network_types = vlan,gre,vxlan,geneve
mechanism_drivers = openvswitch,linuxbridge
extension_drivers = port_security
[ml2_type_flat]
flat_networks = physnet1
[ml2_type_vlan]
[ml2_type_gre]
[ml2_type_vxlan]
[ml2_type_geneve]
[securitygroup]
enable_ipset = True
#配置linuxbridge_agent.ini(这里注意physnet1:eth0 eth0是当前网卡名字)
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:eth0
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan False
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing True
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group True
[root@master ~]# openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
#linuxbridge_agent.ini配置文件(这里注意physnet1:eth0 eth0是当前网卡名字)
[root@master ~]# cat /etc/neutron/plugins/ml2/linuxbridge_agent.ini|grep -v "^#"|grep -v "^$"
[linux_bridge]
physical_interface_mappings = physnet1:eth0
[vxlan]
enable_vxlan = false
[agent]
prevent_arp_spoofing = True
[securitygroup]
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
enable_security_group = True
#配置dhcp_agent.ini
[root@master ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriver
[root@master ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasq
[root@master ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata True
[root@master ~]# openstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True
#dhcp_agent.ini配置文件
[root@master ~]# cat /etc/neutron/dhcp_agent.ini|grep -v "^#"|grep -v "^$"
[DEFAULT]
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
[AGENT]
#配置metadata_agent.ini
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://10.10.10.20:5000
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id default
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id default
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name service
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username neutron
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password neutron
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip 10.10.10.20
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron
[root@master ~]# openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose True
#metadata_agent.ini配置文件
[root@master ~]# cat /etc/neutron/metadata_agent.ini|grep -v "^#"|grep -v "^$"
[DEFAULT]
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_region = RegionOne
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = neutron
password = neutron
nova_metadata_ip = 10.10.10.20
metadata_proxy_shared_secret = neutron
admin_tenant_name = %SERVICE_TENANT_NAME%
admin_user = %SERVICE_USER%
admin_password = %SERVICE_PASSWORD%
[AGENT]
#创建连接并创建 keystone 的用户
[root@master ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@master ~]# openstack user create --domain default --password=neutron neutron
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | c1a5669679c447f5990408221987c2fc |
| name | neutron |
+-----------+----------------------------------+
[root@master ~]# openstack role add --project service --user neutron admin
#同步数据库
[root@master ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
#查看数据库是否创建
[root@master ~]# mysql -u root -p123456 -e "use neutron;show tables;"
#注册 keystone
[root@master ~]# source admin-openrc.sh
[root@master ~]# openstack service create --name neutron --description "OpenStack Networking" network
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | c092c364abc7402cbd7a10218c79af7e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne network public http://10.10.10.20:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | dcdf9baf18984e8d909a9d9c6763f29a |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c092c364abc7402cbd7a10218c79af7e |
| service_name | neutron |
| service_type | network |
| url | http://10.10.10.20:9696 |
+--------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne network internal http://10.10.10.20:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a45b6bebb72e41ed992a89efe46c6b83 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c092c364abc7402cbd7a10218c79af7e |
| service_name | neutron |
| service_type | network |
| url | http://10.10.10.20:9696 |
+--------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne network admin http://10.10.10.20:9696
+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | fa0444d7a2c841189d70b4cf0368232f |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | c092c364abc7402cbd7a10218c79af7e |
| service_name | neutron |
| service_type | network |
| url | http://10.10.10.20:9696 |
+--------------+----------------------------------+
#启动服务并检查(因为neutron和nova有联系,做neutron时修改nova的配置文件,上面nova.conf已经做了neutron的关联配置,所以要重启openstack-nova-api服务。这里将nova的关联服务都一并重启了)
[root@master ~]# systemctl restart openstack-nova-api.service openstack-nova-cert.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service
#启动neutron相关服务
[root@master ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
[root@master ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
#检查
[root@master ~]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 9fe55c1f-39ed-44a5-b8aa-fe2f250eba71 | Linux bridge agent | master | :-) | True | neutron-linuxbridge-agent |
| e18d8fa9-07af-4ed7-b199-b84d98d4b757 | DHCP agent | master | :-) | True | neutron-dhcp-agent |
| ed57b5ae-4a6b-4fac-8e9a-2daafaf04e5e | Metadata agent | master | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
#查看注册信息
[root@master ~]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| ID | Region | Service Name | Service Type | Enabled | Interface | URL |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
| 241283c2f0ca4d0493185bcfaff229c8 | RegionOne | neutron | network | True | admin | http://10.10.10.20:9696 |
| 2f783c4bde36468ba0f98330ad438c7a | RegionOne | keystone | identity | True | admin | http://10.10.10.20:35357/v2.0 |
| 40a0ca00b3504607b16a4e2f3f928dfc | RegionOne | nova | compute | True | internal | http://10.10.10.20:8774/v2/%(tenant_id)s |
| 4ed166a3e1f84d1ead12748a2ed3bbdd | RegionOne | glance | image | True | public | http://10.10.10.20:9292 |
| 5394d30719204a04bc3f21e531a5663e | RegionOne | neutron | network | True | internal | http://10.10.10.20:9696 |
| 60426895bc7f4c0cb159a1e120327c79 | RegionOne | glance | image | True | admin | http://10.10.10.20:9292 |
| 666005379e4b405f900731dbef50d4e7 | RegionOne | nova | compute | True | admin | http://10.10.10.20:8774/v2/%(tenant_id)s |
| 8762bd71af8c4d918bc06717d7ca19cc | RegionOne | glance | image | True | internal | http://10.10.10.20:9292 |
| c01e861806344409b7acdbf55cb2fd45 | RegionOne | keystone | identity | True | internal | http://10.10.10.20:5000/v2.0 |
| f0bf1307176a42f2bc18f2e12ec4babb | RegionOne | neutron | network | True | public | http://10.10.10.20:9696 |
| f7b79dd514fd4bd090af63634d6bf4fe | RegionOne | nova | compute | True | public | http://10.10.10.20:8774/v2/%(tenant_id)s |
| f9850f50c4ac4a4f93904c389cdb3737 | RegionOne | keystone | identity | True | public | http://10.10.10.20:5000/v2.0 |
+----------------------------------+-----------+--------------+--------------+---------+-----------+------------------------------------------+
##node01
#从master上直接拷贝,在master执行
[root@master ~]# scp /etc/neutron/neutron.conf 10.10.10.30:/etc/neutron/
[root@master ~]# scp /etc/neutron/plugins/ml2/linuxbridge_agent.ini 10.10.10.30:/etc/neutron/plugins/ml2/
[root@master ~]# scp /etc/neutron/plugins/ml2/ml2_conf.ini 10.10.10.30:/etc/neutron/plugins/ml2/
#返回node01服务器上执行
[root@node01 ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
[root@node01 ~]# systemctl enable neutron-linuxbridge-agent.service
[root@node01 ~]# systemctl start neutron-linuxbridge-agent.service
##master上检查
[root@master ~]# neutron agent-list
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| id | agent_type | host | alive | admin_state_up | binary |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
| 53db8985-f4a1-4130-bd41-f29972aa3c62 | Linux bridge agent | node01 | :-) | True | neutron-linuxbridge-agent |
| 9fe55c1f-39ed-44a5-b8aa-fe2f250eba71 | Linux bridge agent | master | :-) | True | neutron-linuxbridge-agent |
| e18d8fa9-07af-4ed7-b199-b84d98d4b757 | DHCP agent | master | :-) | True | neutron-dhcp-agent |
| ed57b5ae-4a6b-4fac-8e9a-2daafaf04e5e | Metadata agent | master | :-) | True | neutron-metadata-agent |
+--------------------------------------+--------------------+--------+-------+----------------+---------------------------+
0x08 创建虚拟机
#创建网络
[root@master ~]# neutron net-create flat --shared --provider:physical_network physnet1 --provider:network_type flat
Created a new network:
+---------------------------+--------------------------------------+
| Field | Value |
+---------------------------+--------------------------------------+
| admin_state_up | True |
| id | 65c5e44e-59f9-4df7-a2cf-38c81f8a9778 |
| mtu | 0 |
| name | flat |
| port_security_enabled | True |
| provider:network_type | flat |
| provider:physical_network | physnet1 |
| provider:segmentation_id | |
| router:external | False |
| shared | True |
| status | ACTIVE |
| subnets | |
| tenant_id | 14b65b1b72674678b1c3afd7d765be20 |
+---------------------------+--------------------------------------+
#创建子网
[root@master ~]# neutron subnet-create flat 10.10.10.0/24 --name flat-subnet --allocation-pool start=10.10.10.100,end=10.10.10.200 --dns-nameserver 10.10.10.1 --gateway 10.10.10.1
Created a new subnet:
+-------------------+--------------------------------------------------+
| Field | Value |
+-------------------+--------------------------------------------------+
| allocation_pools | {"start": "10.10.10.100", "end": "10.10.10.200"} |
| cidr | 10.10.10.0/24 |
| dns_nameservers | 10.10.10.1 |
| enable_dhcp | True |
| gateway_ip | 10.10.10.1 |
| host_routes | |
| id | e4cbac7f-7f6a-4c8e-aa1f-36c879ea6216 |
| ip_version | 4 |
| ipv6_address_mode | |
| ipv6_ra_mode | |
| name | flat-subnet |
| network_id | 65c5e44e-59f9-4df7-a2cf-38c81f8a9778 |
| subnetpool_id | |
| tenant_id | 14b65b1b72674678b1c3afd7d765be20 |
+-------------------+--------------------------------------------------+
#查看子网
[root@master ~]# neutron net-list
+--------------------------------------+------+----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+----------------------------------------------------+
| 65c5e44e-59f9-4df7-a2cf-38c81f8a9778 | flat | e4cbac7f-7f6a-4c8e-aa1f-36c879ea6216 10.10.10.0/24 |
+--------------------------------------+------+----------------------------------------------------+
[root@master ~]# neutron subnet-list
+--------------------------------------+-------------+---------------+--------------------------------------------------+
| id | name | cidr | allocation_pools |
+--------------------------------------+-------------+---------------+--------------------------------------------------+
| e4cbac7f-7f6a-4c8e-aa1f-36c879ea6216 | flat-subnet | 10.10.10.0/24 | {"start": "10.10.10.100", "end": "10.10.10.200"} |
+--------------------------------------+-------------+---------------+--------------------------------------------------+
#对demo用户创建ssh-key,方便管理
[root@master ~]# source demo-openrc.sh
[root@master ~]# ssh-keygen -q -N ""
Enter file in which to save the key (/root/.ssh/id_rsa):
#将公钥添加到虚拟机
[root@master ~]# nova keypair-add --pub-key /root/.ssh/id_rsa.pub mykey
[root@master ~]# nova keypair-list
+-------+-------------------------------------------------+
| Name | Fingerprint |
+-------+-------------------------------------------------+
| mykey | 75:1b:30:f1:74:1e:70:35:bf:cd:df:7d:ec:53:d7:58 |
+-------+-------------------------------------------------+
#创建安全组
[root@master ~]# nova secgroup-add-rule default icmp -1 -1 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| icmp | -1 | -1 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
[root@master ~]# nova secgroup-add-rule default tcp 22 22 0.0.0.0/0
+-------------+-----------+---------+-----------+--------------+
| IP Protocol | From Port | To Port | IP Range | Source Group |
+-------------+-----------+---------+-----------+--------------+
| tcp | 22 | 22 | 0.0.0.0/0 | |
+-------------+-----------+---------+-----------+--------------+
#查看虚拟机支持类型
[root@master ~]# nova flavor-list
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| ID | Name | Memory_MB | Disk | Ephemeral | Swap | VCPUs | RXTX_Factor | Is_Public |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
| 1 | m1.tiny | 512 | 1 | 0 | | 1 | 1.0 | True |
| 2 | m1.small | 2048 | 20 | 0 | | 1 | 1.0 | True |
| 3 | m1.medium | 4096 | 40 | 0 | | 2 | 1.0 | True |
| 4 | m1.large | 8192 | 80 | 0 | | 4 | 1.0 | True |
| 5 | m1.xlarge | 16384 | 160 | 0 | | 8 | 1.0 | True |
+----+-----------+-----------+------+-----------+------+-------+-------------+-----------+
#查看镜像
[root@master ~]# nova image-list
+--------------------------------------+--------+--------+--------+
| ID | Name | Status | Server |
+--------------------------------------+--------+--------+--------+
| a96e3394-3cb8-4b7c-8658-9c5edbc51bf2 | cirros | ACTIVE | |
+--------------------------------------+--------+--------+--------+
#查看网络
[root@master ~]# neutron net-list
+--------------------------------------+------+----------------------------------------------------+
| id | name | subnets |
+--------------------------------------+------+----------------------------------------------------+
| 65c5e44e-59f9-4df7-a2cf-38c81f8a9778 | flat | e4cbac7f-7f6a-4c8e-aa1f-36c879ea6216 10.10.10.0/24 |
+--------------------------------------+------+----------------------------------------------------+
#创建虚拟机0c305ef5-7a2b-47f1-832c-9e9c42de07b4
[root@master ~]# nova boot --flavor m1.tiny --image cirros --nic net-id=65c5e44e-59f9-4df7-a2cf-38c81f8a9778 --security-group default --key-name mykey test-instance
[root@master ~]# nova boot --flavor m1.tiny --image cirros --nic net-id=0c305ef5-7a2b-47f1-832c-9e9c42de07b4 --security-group default --key-name mykey test-instance
+--------------------------------------+-----------------------------------------------+
| Property | Value |
+--------------------------------------+-----------------------------------------------+
| OS-DCF:diskConfig | MANUAL |
| OS-EXT-AZ:availability_zone | |
| OS-EXT-SRV-ATTR:host | - |
| OS-EXT-SRV-ATTR:hypervisor_hostname | - |
| OS-EXT-SRV-ATTR:instance_name | instance-00000002 |
| OS-EXT-STS:power_state | 0 |
| OS-EXT-STS:task_state | scheduling |
| OS-EXT-STS:vm_state | building |
| OS-SRV-USG:launched_at | - |
| OS-SRV-USG:terminated_at | - |
| accessIPv4 | |
| accessIPv6 | |
| adminPass | SXx4Nu3AyJVa |
| config_drive | |
| created | 2017-09-14T20:06:14Z |
| flavor | m1.tiny (1) |
| hostId | |
| id | 55d77848-7cb5-4da3-b7b2-a7db63874e20 |
| image | cirros (a96e3394-3cb8-4b7c-8658-9c5edbc51bf2) |
| key_name | mykey |
| metadata | {} |
| name | test-instance |
| os-extended-volumes:volumes_attached | [] |
| progress | 0 |
| security_groups | default |
| status | BUILD |
| tenant_id | 14b65b1b72674678b1c3afd7d765be20 |
| updated | 2017-09-14T20:06:15Z |
| user_id | 0f4bad49e0264d899dc18e30be3cba70 |
+--------------------------------------+-----------------------------------------------+
#查看虚拟机
[root@master ~]# nova list
+--------------------------------------+---------------+--------+------------+-------------+-------------------+
| ID | Name | Status | Task State | Power State | Networks |
+--------------------------------------+---------------+--------+------------+-------------+-------------------+
| 55d77848-7cb5-4da3-b7b2-a7db63874e20 | test-instance | ACTIVE | - | Running | flat=10.10.10.101 |
+--------------------------------------+---------------+--------+------------+-------------+-------------------+
##使用ssh链接 账号密码cirros/cubswin:)
[root@master ~]# ssh cirros@10.10.10.101
#基于本身web界面打开
[root@master ~]# nova get-vnc-console test-instance novnc
+-------+----------------------------------------------------------------------------------+
| Type | Url |
+-------+----------------------------------------------------------------------------------+
| novnc | http://10.10.10.20:6080/vnc_auto.html?token=f326bf29-1882-4853-8842-5537b60fec31 |
+-------+----------------------------------------------------------------------------------+
#网页访问http://10.10.10.20:6080/vnc_auto.html?token=f326bf29-1882-4853-8842-5537b60fec31
#删除虚拟机
[root@master ~]# nova delete 55d77848-7cb5-4da3-b7b2-a7db63874e20
Request to delete server 55d77848-7cb5-4da3-b7b2-a7db63874e20 has been accepted.
0x09 dashboard配置
##master
#dashboard的配置文档
[root@master ~]# vi /etc/openstack-dashboard/local_settings #按照下面几行进行配置修改
OPENSTACK_HOST = "10.10.10.20" #更改为keystone机器地址
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" #默认的角色
ALLOWED_HOSTS = ['*'] #允许所有主机访问
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': '10.10.10.20:11211', #连接memcached
}
}
#CACHES = {
# 'default': {
# 'BACKEND': 'django.core.cache.backends.locmem.LocMemCache',
# }
#}
TIME_ZONE = "Asia/Shanghai" #设置时区
#重启 httpd 服务
[root@linux-node1 ~]# systemctl restart httpd
0x10 配置cinder
##master
#配置cinder.conf
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf DEFAULT glance_host 10.10.10.20
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf DEFAULT auth_strategy keystone
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf DEFAULT verbose True
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf database connection mysql://cinder:cinder@10.10.10.20/cinder
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf DEFAULT rpc_backend rabbit
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_uri http://10.10.10.20:5000
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_url http://10.10.10.20:35357
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken auth_plugin password
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_domain_id default
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken user_domain_id default
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken project_name service
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken username cinder
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf keystone_authtoken password cinder
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf oslo_concurrency lock_path /var/lib/cinder/tmp
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_host 10.10.10.20
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_port 5672
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_userid openstack
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf oslo_messaging_rabbit rabbit_password openstack
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
[root@master ~]# openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
#cinder.conf配置文件
[root@master ~]# cat /etc/cinder/cinder.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
rpc_backend = rabbit
glance_host = 10.10.10.20
auth_strategy = keystone
[BRCD_FABRIC_EXAMPLE]
[CISCO_FABRIC_EXAMPLE]
[cors]
[cors.subdomain]
[database]
connection = mysql://cinder:cinder@10.10.10.20/cinder
[fc-zone-manager]
[keymgr]
[keystone_authtoken]
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = cinder
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit]
rabbit_host = 10.10.10.20
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = openstack
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[profiler]
#配置nova.conf
[root@master ~]# openstack-config --set /etc/nova/nova.conf barbican os_region_name RegionOne
#创建数据库
[root@master ~]# su -s /bin/sh -c "cinder-manage db sync" cinder
#验证数据库是否创建
[root@master ~]# mysql -u root -p123456 -e "use cinder;show tables;"
#注册cinder
[root@master ~]# openstack user create --domain default --password=cinder cinder
+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 258b3ce2dc13401b9cc254415647cae4 |
| name | cinder |
+-----------+----------------------------------+
[root@master ~]# openstack role add --project service --user cinder admin
#重新启动nova
[root@master ~]# systemctl restart openstack-nova-api.service
#设置启动项和启动
[root@master ~]# systemctl enable openstack-cinder-api.service openstack-cinder-scheduler.service
[root@master ~]# systemctl start openstack-cinder-api.service openstack-cinder-scheduler.service
#注册volume和管理接口
[root@master ~]# openstack service create --name cinder --description "OpenStack Block Storage" volume
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | 4a28d9605efe4bd388d000fda24eb406 |
| name | cinder |
| type | volume |
+-------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne volume public http://10.10.10.20:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | ae30b1a8339a4b91b6faf5c714fbef13 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4a28d9605efe4bd388d000fda24eb406 |
| service_name | cinder |
| service_type | volume |
| url | http://10.10.10.20:8776/v1/%(tenant_id)s |
+--------------+--------------------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne volume internal http://10.10.10.20:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | c6426398e51b49daad7a9c8c166dfffd |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4a28d9605efe4bd388d000fda24eb406 |
| service_name | cinder |
| service_type | volume |
| url | http://10.10.10.20:8776/v1/%(tenant_id)s |
+--------------+--------------------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne volume admin http://10.10.10.20:8776/v1/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 25006722734146f28f1c933fed183670 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 4a28d9605efe4bd388d000fda24eb406 |
| service_name | cinder |
| service_type | volume |
| url | http://10.10.10.20:8776/v1/%(tenant_id)s |
+--------------+--------------------------------------------+
#注册volume2和管理接口
[root@master ~]# openstack service create --name cinderv2 --description "OpenStack Block Storage" volumev2
+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Block Storage |
| enabled | True |
| id | b6963b81a46d4802b60e013850270fff |
| name | cinderv2 |
| type | volumev2 |
+-------------+----------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne volumev2 public http://10.10.10.20:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 31c7040f0fff424c82fea60dcd5c9746 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b6963b81a46d4802b60e013850270fff |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://10.10.10.20:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne volumev2 internal http://10.10.10.20:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | 990f0bb629cc4f41a5a6c1149a5a31ae |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b6963b81a46d4802b60e013850270fff |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://10.10.10.20:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------+
[root@master ~]# openstack endpoint create --region RegionOne volumev2 admin http://10.10.10.20:8776/v2/%\(tenant_id\)s
+--------------+--------------------------------------------+
| Field | Value |
+--------------+--------------------------------------------+
| enabled | True |
| id | e1d534d41aff42bcaf6a21904b647cb5 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | b6963b81a46d4802b60e013850270fff |
| service_name | cinderv2 |
| service_type | volumev2 |
| url | http://10.10.10.20:8776/v2/%(tenant_id)s |
+--------------+--------------------------------------------+
##node01
#关机,增加新硬盘
#查看磁盘添加情况
[root@node1 ~]# fdisk -l
#创建一个pv和vg(名为cinder-volumes)
[root@node1 ~]# pvcreate /dev/sdb
Physical volume "/dev/sdb" successfully created
[root@node1 ~]# vgcreate cinder-volumes /dev/sdb
Volume group "cinder-volumes" successfully created
#修改lvm的配置文件中添加filter,只有instance可以访问
[root@node1 ~]# vi /etc/lvm/lvm.conf
filter = [ "a/sdb/", "r/.*/"]
#从主节点上吧cinder文件复制过来
##master复制到节点
scp /etc/cinder/cinder.conf 10.10.10.30:/etc/cinder/
#配置cinder.conf
[root@node01 ~]# openstack-config --set /etc/cinder/cinder.conf DEFAULT enabled_backends lvm
[root@node01 ~]# openstack-config --set /etc/cinder/cinder.conf lvm volume_driver cinder.volume.drivers.lvm.LVMVolumeDriver
[root@node01 ~]# openstack-config --set /etc/cinder/cinder.conf lvm volume_group cinder-volumes
[root@node01 ~]# openstack-config --set /etc/cinder/cinder.conf lvm iscsi_protocol iscsi
[root@node01 ~]# openstack-config --set /etc/cinder/cinder.conf lvm iscsi_helper lioadm
#cinder.conf文件
[root@node01 ~]# cat /etc/cinder/cinder.conf|grep -v "^#"|grep -v "^$"
[DEFAULT]
rpc_backend = rabbit #映射rabbit
glance_host = 10.10.10.20
auth_strategy = keystone
enabled_backends = lvm #映射lvm
[BRCD_FABRIC_EXAMPLE]
[CISCO_FABRIC_EXAMPLE]
[cors]
[cors.subdomain]
[database]
connection = mysql://cinder:cinder@10.10.10.20/cinder #连接数据库
[fc-zone-manager]
[keymgr]
[keystone_authtoken] #连接keystone
auth_uri = http://10.10.10.20:5000
auth_url = http://10.10.10.20:35357
auth_plugin = password
project_domain_id = default
user_domain_id = default
project_name = service
username = cinder
password = cinder
[matchmaker_redis]
[matchmaker_ring]
[oslo_concurrency]
lock_path = /var/lib/cinder/tmp
[oslo_messaging_amqp]
[oslo_messaging_qpid]
[oslo_messaging_rabbit] #使用rabbit
rabbit_host = 10.10.10.20
rabbit_port = 5672
rabbit_userid = openstack
rabbit_password = openstack
[oslo_middleware]
[oslo_policy]
[oslo_reports]
[profiler]
[lvm] #增加lvm盘
volume_driver = cinder.volume.drivers.lvm.LVMVolumeDriver
volume_group = cinder-volumes
iscsi_protocol = iscsi
iscsi_helper = lioadm
#设置启动项和启动
[root@node1 ~]# systemctl enable openstack-cinder-volume.service target.service
[root@node1 ~]# systemctl start openstack-cinder-volume.service target.service
##master(这里需要关注时间同步)
[root@master ~]# cinder service-list
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |
+------------------+------------+------+---------+-------+----------------------------+-----------------+
| cinder-scheduler | master | nova | enabled | up | 2017-09-17T06:28:28.000000 | - |
| cinder-volume | node01@lvm | nova | enabled | up | 2017-09-17T06:28:31.000000 | - |
+------------------+------------+------+---------+-------+----------------------------+-----------------+
#增加云盘(两种方法)
#方法一
#方法二
0x11 虚拟机创建流程
第一阶段:用户操作
1)用户使用Dashboard或者CLI连接keystone,发送用户名和密码,待keystone验证通过,keystone会返回给dashboard一个authtoken
2)Dashboard会带着上述的authtoken访问nova-api进行创建虚拟机请求
3)nova-api会通过keytoken确认dashboard的authtoken认证消息。
第二阶段:nova内组件交互阶段
4)nova-api把用户要创建的虚拟机的信息记录到数据库中.
5)nova-api使用rpc-call的方式发送请求给消息队列
6)nova-scheduler获取消息队列中的消息
7)nova-scheduler和查看数据库中要创建的虚拟机信息和计算节点的信息,进行调度
8)nova-scheduler把调度后的信息发送给消息队列
9)nova-computer获取nova-schedur发送给queue的消息
10)nova-computer通过消息队列发送消息给nova-conudctor,想要获取数据库中的要创建虚拟机信息
11)nova-conductor获取消息队列的消息
12)nova-conductor读取数据库中要创建虚拟机的信息
13)nova-conductor把从数据库获取的消息返回给消息队列
14)nova-computer获取nova-conducter返回给消息队列的信息
第三阶段:nova和其他组件进行交互
15)nova-computer通过authtoken和数据库返回的镜像id请求glance服务
16)glance会通过keystone进行认证
17)glance验证通过后把镜像返回给nova-computer
18)nova-computer通过authtoken和数据库返回的网络id请求neutron服务
19)neutron会通过keystone进行认证
20)neutron验证通过后把网络分配情况返回给nova-computer
21)nova-computer通过authtoken和数据库返回的云硬盘请求cinder服务
22)cinder会通过keystone进行认证
23)cinder验证通过后把云硬盘分配情况返回给nova-computer
第四阶段:nova创建虚拟机
24)nova-compute通过libvirt调用kvm根据已有的信息创建虚拟机,动态生成xml
25)nova-api会不断的在数据库中查询信息并在dashboard显示虚拟机的状态
生产场景注意事项:
1、新加的一个计算节点,创建虚拟机时间会很长,因为第一次使用计算节点,没有镜像,计算节点要把glance的镜像放在后端文件(/var/lib/nova/instance/_base)下,
镜像如果很大,自然会需要很长时间,然后才会在后端文件的基础上创建虚拟机(写时复制copy on write)。
2、创建虚拟机失败的原因之一:创建网桥失败。要保证eth0网卡配置文件的BOOTPROTE是static而不是dhcp状态。
0x13 openstack问题反馈
#0x01 keystone报500错误
应该是连接错误,最大的一个问题是memcache忘记监听,看了很多资料(老男孩12期,陈沙克等等),都没有对这一步进行讲解,这里应该是个大bug
sed -i "s/OPTIONS=\"-l 127.0.0.1,::1\"/OPTIONS=\"-l 0.0.0.0,::1\"/" /etc/sysconfig/memcached
#0x02 No valid host was found. There are not enough hosts available.
1)计算节点的内存不足、CPU资源不够、硬盘空间资源不足造成的;将云主机类型规格调小点,发现就能创建成功。[这是重点]
2)网络配置不正确,造成创建虚拟机的时候获取ip失败;网络不通或防火墙引起。
3)openstack-nova-compute服务状态问题。可以尝试重启控制节点的nova相关服务和计算节点的openstack-nova-compute服务;详细检查控制节点和计算节点的nova.conf配置是否有不当配置。
4)这个报错问题的原因很多,具体要查看/var/log/nova下的日志详细分析。重点是nova-compute.log、nova-conductor.log日志
0x15 个人心得
记得最开始学openstack,那时候应该是F版吧,不过不是专职运维,所以就是打个酱油,这次配置L版,发现最大的问题还是配置文件配置的时候不够细心,导致出现了奇葩的一些问题,进而不得不对每个变量都进行了一定得了解。陈沙克大牛使用的openstack-config的方法我觉得很不错,这样就不必打开文件了,另外就是openstack的配置文档有些步骤是多余的。。。。。
配置了10来次,有成功有失败,比如其中我成功搭建OK,把成功的配置文件提取出来,希望直接复制,发现居然权限不足,然后chown -R nova:nova /etc/nova/nova.conf,思路也算大开。再比如配置文件不小心写错,然后看了半天的日志文件,终于明白了咋办。
最终的最终就是一点,善于查看报错信息,不懂就结合google或者baidu
安装虐我千百遍,我待其如初恋。不管什么技能,无他唯手熟尔。
0x16 参考资源
老男孩12期
http://www.chenshake.com/centos-7-x-openstack-liberty-linux-bridgevxlan
http://www.cnblogs.com/kevingrace/p/5707003.html
http://blog.csdn.net/reblue520/article/details/76287143