官方指导手册:
Install OpenStack services
At a minimum, you need to install the following services. Install the services in the order specified below:
- Identity service> Image service
- Placement service
- Compute service
- Networking service
沉浸版指令及内容
以下内容有较多讲解,影响整个部署的执行体验,可以点击上面的链接,体验沉浸式的命令执行。(需要执行的指令和内容都是一样的)
- 切换至超级用户模式:
执行指令:
sudo su
Identity service – keystone installation
1)Install and configure
a. 先准备 - 创建数据库
mysql
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'KEYSTONE_DBPASS';
EXIT;替换 KEYSTONE_DBPASS 为自己的密码,如
123456
b. 安装并配置组件
-
- 安装软件包
执行指令:
apt install keystone
-
- 编辑文件
执行指令:
vim /etc/keystone/keystone.conf
添加或修改为以下内容:
[database]
# ...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone
[token]
# ...
provider = fernet
-
- 填充身份认证服务数据库
执行指令:
su -s /bin/sh -c "keystone-manage db_sync" keystone
-
- 初始化 Fernet 密钥库
执行指令:
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
-
- 引导身份认证服务
执行指令:
keystone-manage bootstrap --bootstrap-password ADMIN_PASS --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne
替换 ADMIN_PASS 为管理员用户的密码,如
cbz
c. 配置 Apache HTTP 服务器
- 编辑文件
执行指令:
vim /etc/apache2/apache2.conf
添加或修改为以下内容:
ServerName controller
d. 完成安装
-
- 重启 Apache 服务器
执行指令:
service apache2 restart
-
- 设置适当的环境变量配置管理账户
执行指令:
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
替换 ADMIN_PASS 为管理员用户的密码,如
cbz
2)Create a domain, projects, users, and roles
创建域、项目、用户、角色
a. a formal way to create a new domain would be:
虽然已存在 default 域,但有必要给大家看一下创建新 域 的方法:
- 创建
example域
执行指令:
openstack domain create --description "An Example Domain" example
输出示例:
$ openstack domain create --description "An Example Domain" example+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | An Example Domain |
| enabled | True |
| id | 2f4f80574fd84fe6ba9067228ae0a50c |
| name | example |
| tags | [] |
+-------------+----------------------------------+
b. Create the service project:
- 创建
service项目
执行指令:
openstack project create --domain default --description "Service Project" service
输出示例:
$ openstack project create --domain default \--description "Service Project" service+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Service Project |
| domain_id | default |
| enabled | True |
| id | 24ac7f19cd944f4cba1d77469b2a73ed |
| is_domain | False |
| name | service |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
c. creates the myproject project and myuser user:
常规(非管理员)任务应使用无权限项目和用户。例如,本指南创建了 myproject 项目和 myuser 用户。
-
- 创建
myproject项目
- 创建
执行指令:
openstack project create --domain default --description "Demo Project" myproject
输出示例:
$ openstack project create --domain default \--description "Demo Project" myproject+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Demo Project |
| domain_id | default |
| enabled | True |
| id | 231ad6e7ebba47d6a1e57e1cc07ae446 |
| is_domain | False |
| name | myproject |
| parent_id | default |
| tags | [] |
+-------------+----------------------------------+
注意:为该项目创建其他用户时,请勿重复此步骤。
-
- 创建
myuser用户
- 创建
执行指令:
openstack user create --domain default --password-prompt myuser
输出示例:
$ openstack user create --domain default \--password-prompt myuserUser Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | aeda23aa78f44e859900e22c24817832 |
| name | myuser |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
-
- 创建
myrole角色
- 创建
执行指令:
openstack role create myrole
输出示例:
$ openstack role create myrole+-----------+----------------------------------+
| Field | Value |
+-----------+----------------------------------+
| domain_id | None |
| id | 997ce8d05fc143ac97d83fdfb5998552 |
| name | myrole |
+-----------+----------------------------------+
-
- 添加
myrole到项目myproject、用户myuser
- 添加
执行指令:
openstack role add --project myproject --user myuser myrole
当前指令没有输出
3)Verify operation
-
- 注销临时环境变量 OS_AUTH_URL 和 OS_PASSWORD
执行指令:
unset OS_AUTH_URL OS_PASSWORD
-
- 以 admin 用户申请身份验证令牌
执行指令:
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
输出:
openstack --os-auth-url http://controller:5000/v3 \--os-project-domain-name Default --os-user-domain-name Default \--os-project-name admin --os-username admin token issuePassword:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:14:07.056119Z |
| id | gAAAAABWvi7_B8kKQD9wdXac8MoZiQldmjEO643d-e_j-XXq9AmIegIbA7UHGPv |
| | atnN21qtOMjCFWX7BReJEQnVOAj3nclRQgAYRsfSU_MrsuWb4EDtnjU7HEpoBb4 |
| | o6ozsA_NmFWEpLeKy0uNn_WeKbAhYygrsmQGA49dclHVnz-OMVLiyM9ws |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
-
- 以 myuser 用户申请身份验证令牌
执行指令:
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue
输出示例:
$ openstack --os-auth-url http://controller:5000/v3 \--os-project-domain-name Default --os-user-domain-name Default \--os-project-name myproject --os-username myuser token issuePassword:
+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:15:39.014479Z |
| id | gAAAAABWvi9bsh7vkiby5BpCCnc-JkbGhm9wH3fabS_cY7uabOubesi-Me6IGWW |
| | yQqNegDDZ5jw7grI26vvgy1J5nCVwZ_zFRqPiz_qhbq29mgbQLglbkq6FQvzBRQ |
| | JcOzq3uwhzNxszJWmzGC7rJE_H0A_a3UFhqv8M4zMRYSbS2YF0MyFmp_U |
| project_id | ed0b60bf607743088218b0a533d5943f |
| user_id | 58126687cbcc4888bfa9ab73a2256f27 |
+------------+-----------------------------------------------------------------+
4)Create OpenStack client environment scripts
a. 创建脚本
-
- 创建并编辑
admin-openrc文件
- 创建并编辑
执行指令:
vim ~/admin-openrc
添加以下内容:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
替换 ADMIN_PASS 为管理员用户的密码,如
cbz
-
- 创建并编辑
demo-openrc文件
- 创建并编辑
执行指令:
vim ~/demo-openrc
添加以下内容:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=myproject
export OS_USERNAME=myuser
export OS_PASSWORD=DEMO_PASS
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
替换 DEMO_PASS 为示例用户(还没创建)的密码,如
cbz
b. 使用脚本
-
- 加载 admin-openrc 文件
执行指令:
. admin-openrc
-
- 申请身份验证令牌
执行指令:
openstack token issue
输出示例:
$ openstack token issue+------------+-----------------------------------------------------------------+
| Field | Value |
+------------+-----------------------------------------------------------------+
| expires | 2016-02-12T20:44:35.659723Z |
| id | gAAAAABWvjYj-Zjfg8WXFaQnUd1DMYTBVrKw4h3fIagi5NoEmh21U72SrRv2trl |
| | JWFYhLi2_uPR31Igf6A8mH2Rw9kv_bxNo1jbLNPLGzW_u5FC7InFqx0yYtTwa1e |
| | eq2b0f6-18KZyQhs7F3teAta143kJEWuNEYET-y7u29y0be1_64KYkM7E |
| project_id | 343d245e850143a096806dfaefa9afdc |
| user_id | ac3377633149401296f6c0d92d79dc16 |
+------------+-----------------------------------------------------------------+
Image service – glance installation
1)Install and configure
a. 先准备 - 创建数据库
-
- 创建数据库
执行指令:
mysql
执行 mysql 指令:
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'GLANCE_DBPASS';
EXIT;替换 GLANCE_DBPASS 为自己的密码,如
123456
-
- 加载 admin-openrc 文件
执行指令:
. admin-openrc
-
- 创建
glance用户
- 创建
执行指令:
openstack user create --domain default --password-prompt glance
输出示例:
$ openstack user create --domain default --password-prompt glanceUser Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 3f4e777c4062483ab8d9edd7dff829df |
| name | glance |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
-
- 添加
admin角色到glance用户、service项目中
- 添加
执行指令:
openstack role add --project service --user glance admin
此指令没有输出
-
- 创建 glance 服务实例
执行指令:
openstack service create --name glance --description "OpenStack Image" image
输出示例:
$ openstack service create --name glance \--description "OpenStack Image" image+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Image |
| enabled | True |
| id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| name | glance |
| type | image |
+-------------+----------------------------------+
-
- 创建镜像服务 API 端点:
执行指令:
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292
输出示例:
$ openstack endpoint create --region RegionOne \image public http://controller:9292+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 340be3625e9b4239a6415d034e98aace |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+$ openstack endpoint create --region RegionOne \image internal http://controller:9292+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | a6e4b153c2ae4c919eccfdbb7dceb5d2 |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+$ openstack endpoint create --region RegionOne \image admin http://controller:9292+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 0c37ed58103f4300a84ff125a539032d |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 8c2c7f1b9b5049ea9e63757b5533e6d2 |
| service_name | glance |
| service_type | image |
| url | http://controller:9292 |
+--------------+----------------------------------+
b. 安装并配置组件
-
- 安装软件包
执行指令:
apt install glance
-
- 编辑文件
执行指令:
vim /etc/glance/glance-api.conf
添加或修改为以下内容:
[database]
# ...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = GLANCE_PASS[paste_deploy]
# ...
flavor = keystone[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/[oslo_limit]
auth_url = http://controller:5000
auth_type = password
user_domain_id = default
username = glance
system_scope = all
password = GLANCE_PASS
endpoint_id = 340be3625e9b4239a6415d034e98aace
region_name = RegionOne
GLANCE_DBPASS 和 GLANCE_PASS 都替换为自己的密码,如
123456
[keystone_authtoken] 中的其他所有选项都给注释掉
若没有对应的[***]节段,则手动添加
-
- 填充镜像服务数据库:
执行指令:
su -s /bin/sh -c "glance-manage db_sync" glance
c. 完成安装
- 重启镜像服务:
执行指令:
service glance-api restart
2)Verify operation
(Verify operation 作验证作用,可不执行)
-
- 加载 admin-openrc 文件:
执行指令:
. admin-openrc
-
- 下载源镜像:
执行指令:
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
-
- 将镜像上传到镜像服务
执行指令:
glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public
输出示例:
$ glance image-create --name "cirros" \--file cirros-0.4.0-x86_64-disk.img \--disk-format qcow2 --container-format bare \--visibility=public+------------------+------------------------------------------------------+
| Field | Value |
+------------------+------------------------------------------------------+
| checksum | 133eae9fb1c98f45894a4e60d8736619 |
| container_format | bare |
| created_at | 2015-03-26T16:52:10Z |
| disk_format | qcow2 |
| file | /v2/images/cc5c6982-4910-471e-b864-1098015901b5/file |
| id | cc5c6982-4910-471e-b864-1098015901b5 |
| min_disk | 0 |
| min_ram | 0 |
| name | cirros |
| owner | ae7a98326b9c455588edd2656d723b9d |
| protected | False |
| schema | /v2/schemas/image |
| size | 13200896 |
| status | active |
| tags | |
| updated_at | 2015-03-26T16:52:10Z |
| virtual_size | None |
| visibility | public |
+------------------+------------------------------------------------------+
-
- 确认上传图像并验证属性
执行指令:
glance image-list
输出示例:
$ glance image-list+--------------------------------------+--------+--------+
| ID | Name | Status |
+--------------------------------------+--------+--------+
| 38047887-61a7-41ea-9b49-27987d5e8bb9 | cirros | active |
+--------------------------------------+--------+--------+
Placement service – placement installation
1)Install and configure
a. 先准备 - 创建数据库
- 创建数据库
执行指令:
mysql
执行 mysql 指令:
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'PLACEMENT_DBPASS';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'PLACEMENT_DBPASS';
EXIT;替换 PLACEMENT_DBPASS 为自己的密码,如
123456
b. 配置用户和端点
-
- 加载 admin-openrc 文件
执行指令:
. admin-openrc
-
- 创建
placement服务用户:
- 创建
执行指令:
openstack user create --domain default --password-prompt placement
输出示例:
$ openstack user create --domain default --password-prompt placementUser Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fa742015a6494a949f67629884fc7ec8 |
| name | placement |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
-
- 添加
placement用户到service项目、admin角色中
- 添加
执行指令:
openstack role add --project service --user placement admin
此指令没有输出
-
- 创建 Placement API 实例
执行指令:
openstack service create --name placement --description "Placement API" placement
输出示例:
$ openstack service create --name placement \--description "Placement API" placement+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | Placement API |
| enabled | True |
| id | 2d1a27022e6e4185b86adac4444c495f |
| name | placement |
| type | placement |
+-------------+----------------------------------+
-
- 创建 Placement API 服务端点
执行指令:
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778
输出示例:
$ openstack endpoint create --region RegionOne \placement public http://controller:8778+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 2b1b2637908b4137a9c2e0470487cbc0 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+$ openstack endpoint create --region RegionOne \placement internal http://controller:8778+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 02bcda9a150a4bd7993ff4879df971ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+$ openstack endpoint create --region RegionOne \placement admin http://controller:8778+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 3d71177b9e0f406f98cbff198d74b182 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 2d1a27022e6e4185b86adac4444c495f |
| service_name | placement |
| service_type | placement |
| url | http://controller:8778 |
+--------------+----------------------------------+
c. 安装并配置组件
-
- 安装软件包
执行指令:
apt install placement-api
-
- 编辑文件
执行指令:
vim /etc/placement/placement.conf
添加或修改为以下内容:
[placement_database]
# ...
connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement[api]
# ...
auth_strategy = keystone[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = PLACEMENT_PASS
PLACEMENT_DBPASS 和 PLACEMENT_PASS 都替换为自己的密码,如
123456
[keystone_authtoken] 中的其他所有选项都给注释掉
user_name、password、project_domain_name 和 user_domain_name 的值必须与 keystone 的配置保持一致。
-
- 填充 placement 数据库:
执行指令:
su -s /bin/sh -c "placement-manage db sync" placement
此指令没有输出
d. 完成安装
- 重新加载 web 服务器
执行指令:
service apache2 restart
2)Verify Installation
-
- 加载 admin-openrc 文件
执行指令:
. admin-openrc
-
- 检查执行状态
执行指令:
placement-status upgrade check
输出示例:
$ placement-status upgrade check
+----------------------------------+
| Upgrade Check Results |
+----------------------------------+
| Check: Missing Root Provider IDs |
| Result: Success |
| Details: None |
+----------------------------------+
| Check: Incomplete Consumers |
| Result: Success |
| Details: None |
+----------------------------------+
-
- 安装 osc-placement 插件
执行指令:
apt install pip3
pip3 install osc-placement
-
- 列出可用的资源类别和特性
执行指令:
openstack --os-placement-api-version 1.2 resource class list --sort-column name
openstack --os-placement-api-version 1.6 trait list --sort-column name
输出示例:
$ openstack --os-placement-api-version 1.2 resource class list --sort-column name
+----------------------------+
| name |
+----------------------------+
| DISK_GB |
| IPV4_ADDRESS |
| ... |$ openstack --os-placement-api-version 1.6 trait list --sort-column name
+---------------------------------------+
| name |
+---------------------------------------+
| COMPUTE_DEVICE_TAGGING |
| COMPUTE_NET_ATTACH_INTERFACE |
| ... |
Compute service – nova installation
1)Install and configure
a. 先准备 - 创建数据库
-
- 创建数据库
执行指令:
mysql
执行 mysql 指令:
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'NOVA_DBPASS';EXIT;替换 NOVA_DBPASS 为自己的密码,如
123456
-
- 加载 admin-openrc 文件
执行指令:
. admin-openrc
-
- 创建
nova用户
- 创建
执行指令:
openstack user create --domain default --password-prompt nova
输出示例:
$ openstack user create --domain default --password-prompt novaUser Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | 8a7dbf5279404537b1c7b86c033620fe |
| name | nova |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
-
- 添加
admin角色到nova用户上
- 添加
执行指令:
openstack role add --project service --user nova admin
此指令没有输出
-
- 创建 nova 服务实例
执行指令:
openstack service create --name nova --description "OpenStack Compute" compute
输出示例:
$ openstack service create --name nova \--description "OpenStack Compute" compute+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Compute |
| enabled | True |
| id | 060d59eac51b4594815603d75a00aba2 |
| name | nova |
| type | compute |
+-------------+----------------------------------+
-
- 创建 compute API 服务端点
执行指令:
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1
输出示例:
$ openstack endpoint create --region RegionOne \compute public http://controller:8774/v2.1+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 3c1caa473bfe4390a11e7177894bcc7b |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+$ openstack endpoint create --region RegionOne \compute internal http://controller:8774/v2.1+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | e3c918de680746a586eac1f2d9bc10ab |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+$ openstack endpoint create --region RegionOne \compute admin http://controller:8774/v2.1+--------------+-------------------------------------------+
| Field | Value |
+--------------+-------------------------------------------+
| enabled | True |
| id | 38f7af91666a47cfb97b4dc790b94424 |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | 060d59eac51b4594815603d75a00aba2 |
| service_name | nova |
| service_type | compute |
| url | http://controller:8774/v2.1 |
+--------------+-------------------------------------------+
b. 安装并配置组件
-
- 安装软件包
执行指令:
apt install nova-api nova-conductor nova-novncproxy nova-scheduler
-
- 编辑文件
执行指令:
vim /etc/nova/nova.conf
添加或修改为以下内容:
[api_database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api[database]
# ...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova[DEFAULT]
# ...
transport_url = rabbit://openstack:RABBIT_PASS@controller:5672/
my_ip = 192.168.10.10[api]
# ...
auth_strategy = keystone[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = NOVA_PASS[service_user]
send_service_user_token = true
auth_url = https://controller/identity
auth_strategy = keystone
auth_type = password
project_domain_name = Default
project_name = service
user_domain_name = Default
username = nova
password = NOVA_PASS[glance]
# ...
api_servers = http://controller:9292[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = PLACEMENT_PASS
NOVA_DBPASS 和 RABBIT_PASS 和 NOVA_PASS 和 PLACEMENT_PASS 都替换为自己的密码,如
123456
[keystone_authtoken] 中的其他所有选项都给注释掉
移除掉 [DEFAULT] 中的 log_dir 项
192.168.10.10 替换成 ens33 中对应的 ip 地址
若没有对应的[***]节段,则手动添加
-
- 填充 nova-api 数据库
执行指令:
su -s /bin/sh -c "nova-manage api_db sync" nova
-
- 注册 cell0 数据库
执行指令:
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
-
- 创建 cell1 单元
执行指令:
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
-
- 填充 nova 数据库
执行指令:
su -s /bin/sh -c "nova-manage db sync" nova
-
- Verify nova cell0 and cell1 are registered correctly
执行指令:
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
输出示例:
# su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| Name | UUID | Transport URL | Database Connection | Disabled |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
| cell0 | 00000000-0000-0000-0000-000000000000 | none:/ | mysql+pymysql://nova:****@controller/nova_cell0?charset=utf8 | False |
| cell1 | f690f4fd-2bc5-4f15-8145-db561a7b9d3d | rabbit://openstack:****@controller:5672/nova_cell1 | mysql+pymysql://nova:****@controller/nova_cell1?charset=utf8 | False |
+-------+--------------------------------------+----------------------------------------------------+--------------------------------------------------------------+----------+
c. 完成安装
执行指令:
service nova-api restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
2)Verify operation
-
- 加载 admin-openrc 文件
执行指令:
. admin-openrc
-
- 列出服务组件
执行指令:
openstack compute service list
输出示例:
$ openstack compute service list+----+--------------------+------------+----------+---------+-------+----------------------------+
| Id | Binary | Host | Zone | Status | State | Updated At |
+----+--------------------+------------+----------+---------+-------+----------------------------+
| 1 | nova-scheduler | controller | internal | enabled | up | 2016-02-09T23:11:15.000000 |
| 2 | nova-conductor | controller | internal | enabled | up | 2016-02-09T23:11:16.000000 |
| 3 | nova-compute | compute1 | nova | enabled | up | 2016-02-09T23:11:20.000000 |
+----+--------------------+------------+----------+---------+-------+----------------------------+
-
- 列出 API 端点
执行指令:
openstack catalog list
输出示例:
$ openstack catalog list+-----------+-----------+-----------------------------------------+
| Name | Type | Endpoints |
+-----------+-----------+-----------------------------------------+
| keystone | identity | RegionOne |
| | | public: http://controller:5000/v3/ |
| | | RegionOne |
| | | internal: http://controller:5000/v3/ |
| | | RegionOne |
| | | admin: http://controller:5000/v3/ |
| | | |
| glance | image | RegionOne |
| | | admin: http://controller:9292 |
| | | RegionOne |
| | | public: http://controller:9292 |
| | | RegionOne |
| | | internal: http://controller:9292 |
| | | |
| nova | compute | RegionOne |
| | | admin: http://controller:8774/v2.1 |
| | | RegionOne |
| | | internal: http://controller:8774/v2.1 |
| | | RegionOne |
| | | public: http://controller:8774/v2.1 |
| | | |
| placement | placement | RegionOne |
| | | public: http://controller:8778 |
| | | RegionOne |
| | | admin: http://controller:8778 |
| | | RegionOne |
| | | internal: http://controller:8778 |
| | | |
+-----------+-----------+-----------------------------------------+
-
- 列出镜像
执行指令:
openstack image list
输出示例:
$ openstack image list+--------------------------------------+-------------+-------------+
| ID | Name | Status |
+--------------------------------------+-------------+-------------+
| 9a76d9f9-9620-4f2e-8c69-6c5691fae163 | cirros | active |
+--------------------------------------+-------------+-------------+
-
- 检查 cells 和 placement API 都成功运行
执行指令:
nova-status upgrade check
输出示例:
# nova-status upgrade check+--------------------------------------------------------------------+
| Upgrade Check Results |
+--------------------------------------------------------------------+
| Check: Cells v2 |
| Result: Success |
| Details: None |
+--------------------------------------------------------------------+
| Check: Placement API |
| Result: Success |
| Details: None |
+--------------------------------------------------------------------+
| Check: Cinder API |
| Result: Success |
| Details: None |
+--------------------------------------------------------------------+
| Check: Policy File JSON to YAML Migration |
| Result: Success |
| Details: None |
+--------------------------------------------------------------------+
| Check: Older than N-1 computes |
| Result: Success |
| Details: None |
+--------------------------------------------------------------------+
Networking service – neutron installation
1)Install and configure
a. 先准备 - 创建数据库
- 创建数据库:
执行指令:
mysql -u root -p
执行 mysql 指令:
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'NEUTRON_DBPASS';
EXIT;替换 NEUTRON_DBPASS 为自己的密码,如
123456
- 加载 admin-openrc 文件:
. admin-openrc
- 创建 neutron 用户:
openstack user create --domain default --password-prompt neutron
输出:
$ openstack user create --domain default --password-prompt neutronUser Password:
Repeat User Password:
+---------------------+----------------------------------+
| Field | Value |
+---------------------+----------------------------------+
| domain_id | default |
| enabled | True |
| id | fdb0f541e28141719b6a43c8944bf1fb |
| name | neutron |
| options | {} |
| password_expires_at | None |
+---------------------+----------------------------------+
- 添加 admin 角色到 neutron 用户中:
openstack role add --project service --user neutron admin
- 创建 neutron 服务实例:
openstack service create --name neutron --description "OpenStack Networking" network
$ openstack service create --name neutron \--description "OpenStack Networking" network+-------------+----------------------------------+
| Field | Value |
+-------------+----------------------------------+
| description | OpenStack Networking |
| enabled | True |
| id | f71529314dab4a4d8eca427e701d209e |
| name | neutron |
| type | network |
+-------------+----------------------------------+
- 创建网络服务 APT 端点:
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696
输出:
$ openstack endpoint create --region RegionOne \network public http://controller:9696+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 85d80a6d02fc4b7683f611d7fc1493a3 |
| interface | public |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+$ openstack endpoint create --region RegionOne \network internal http://controller:9696+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 09753b537ac74422a68d2d791cf3714f |
| interface | internal |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+$ openstack endpoint create --region RegionOne \network admin http://controller:9696+--------------+----------------------------------+
| Field | Value |
+--------------+----------------------------------+
| enabled | True |
| id | 1ee14289c9374dffb5db92a5c112fc4e |
| interface | admin |
| region | RegionOne |
| region_id | RegionOne |
| service_id | f71529314dab4a4d8eca427e701d209e |
| service_name | neutron |
| service_type | network |
| url | http://controller:9696 |
+--------------+----------------------------------+
2)配置 Provider networks
安装组件:
apt install neutron-server neutron-plugin-ml2 neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent
配置服务器组件
- 编辑以下文件:
vim /etc/neutron/neutron.conf
添加或修改以下内容:
[database]
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:RABBIT_PASS@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = NEUTRON_PASS[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
NEUTRON_DBPASS 和 RABBIT_PASS 和 NEUTRON_PASS 和 NOVA_PASS 都替换为自己的密码,如
123456
[keystone_authtoken] 中的其他所有选项都给注释掉
[database] 中的其他所有选项都给注释掉
若没有对应的[***]节段,则手动添加
配置 Modular Layer 2 (ML2) plug-in
- 编辑以下文件:
vim /etc/neutron/plugins/ml2/ml2_conf.ini
添加或修改以下内容:
[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = openvswitch
extension_drivers = port_security[ml2_type_flat]
# ...
flat_networks = provider
配置 Open vSwitch agent
- 编辑以下文件:
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
添加或修改以下内容:
[ovs]
bridge_mappings = provider:PROVIDER_INTERFACE_NAME[securitygroup]
# ...
enable_security_group = true
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
PROVIDER_INTERFACE_NAME 替换成 ens33
执行指令:
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
配置 DHCP agent
- 编辑以下文件:
vim /etc/neutron/dhcp_agent.ini
添加或修改以下内容:
[DEFAULT]
# ...
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
1)Install and configure
配置 metadata agent
- 编辑以下文件:
vim /etc/neutron/metadata_agent.ini
添加或修改以下内容:
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = METADATA_SECRET
替换 METADATA_SECRET 为自己的密码,如
123456,但这一般使用openssl rand -hex 10生成的密钥作为该密码。
配置计算服务去使用网络服务
- 编辑以下文件:
vim /etc/nova/nova.conf
添加或修改以下内容:
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS
service_metadata_proxy = true
metadata_proxy_shared_secret = METADATA_SECRET
替换 METADATA_SECRET 和 NEUTRON_PASS 为自己的密码,如
123456,
完成安装
- 填充数据库
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
- 重启 compute API 服务:
service nova-api restart
- 重启网络服务:
service neutron-server restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
下面的内容跟上面的是一样的,但少了说明,更专注于有用内容的执行。
沉浸版指令和内容
指令:
mysql -u root -p
mysql指令:
CREATE DATABASE keystone;
CREATE DATABASE glance;
CREATE DATABASE placement;
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
CREATE DATABASE neutron;GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY '123456';GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123456';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123456';EXIT;密码为:123456
指令:
apt install keystone -y
apt install glance -y
apt install placement-api -y
apt install pip3 -y
pip3 install osc-placement -y
apt install nova-api nova-conductor nova-novncproxy nova-scheduler -y
apt install neutron-server neutron-plugin-ml2 neutron-openvswitch-agent neutron-dhcp-agent neutron-metadata-agent -y指令:
vim /etc/keystone/keystone.conf内容:
[database]
# ...
connection = mysql+pymysql://keystone:123456@controller/keystone
[token]
# ...
provider = fernet
密码为:123456
指令:
su -s /bin/sh -c "keystone-manage db_sync" keystone
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
keystone-manage bootstrap --bootstrap-password cbz --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOneADMIN_PASS 为管理员密码,我的为:cbz
指令:
vim /etc/apache2/apache2.conf内容:
ServerName controller
指令:
service apache2 restart指令:
export OS_USERNAME=admin
export OS_PASSWORD=cbz
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3ADMIN_PASS 为管理员密码,我的为:cbz
指令:
openstack domain create --description "An Example Domain" example
openstack project create --domain default --description "Service Project" service
openstack project create --domain default --description "Demo Project" myproject
openstack user create --domain default --password-prompt myuser
openstack role create myrole
openstack role add --project myproject --user myuser myrole
unset OS_AUTH_URL OS_PASSWORD
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name admin --os-username admin token issue
openstack --os-auth-url http://controller:5000/v3 --os-project-domain-name Default --os-user-domain-name Default --os-project-name myproject --os-username myuser token issue指令:
vim ~/admin-openrc内容:
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=cbz
export OS_AUTH_URL=http://controller:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2ADMIN_PASS 为管理员密码,我的为:cbz
指令:
. admin-openrc
openstack token issue
openstack user create --domain default --password-prompt glance
openstack role add --project service --user glance admin
openstack service create --name glance --description "OpenStack Image" image
openstack endpoint create --region RegionOne image public http://controller:9292
openstack endpoint create --region RegionOne image internal http://controller:9292
openstack endpoint create --region RegionOne image admin http://controller:9292指令:
vim /etc/glance/glance-api.conf内容:
[database]
# ...
connection = mysql+pymysql://glance:123456@controller/glance[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = 123456[paste_deploy]
# ...
flavor = keystone[glance_store]
# ...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/[oslo_limit]
auth_url = http://controller:5000
auth_type = password
user_domain_id = default
username = glance
system_scope = all
password = 123456
endpoint_id = 340be3625e9b4239a6415d034e98aace
region_name = RegionOne
密码为:123456
指令:
su -s /bin/sh -c "glance-manage db_sync" glance
service glance-api restart
. admin-openrc
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img指令:
glance image-create --name "cirros" --file cirros-0.4.0-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility=public
glance image-list
. admin-openrc
openstack user create --domain default --password-prompt placement
openstack role add --project service --user placement admin
openstack service create --name placement --description "Placement API" placement
openstack endpoint create --region RegionOne placement public http://controller:8778
openstack endpoint create --region RegionOne placement internal http://controller:8778
openstack endpoint create --region RegionOne placement admin http://controller:8778指令:
vim /etc/placement/placement.conf内容:
[placement_database]
# ...
connection = mysql+pymysql://placement:123456@controller/placement[api]
# ...
auth_strategy = keystone[keystone_authtoken]
# ...
auth_url = http://controller:5000/v3
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = 123456
密码为:123456
指令:
su -s /bin/sh -c "placement-manage db sync" placement
service apache2 restart
. admin-openrc
placement-status upgrade check
openstack --os-placement-api-version 1.2 resource class list --sort-column name
openstack --os-placement-api-version 1.6 trait list --sort-column name
openstack user create --domain default --password-prompt nova
openstack role add --project service --user nova admin
openstack service create --name nova --description "OpenStack Compute" compute
openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1
openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1指令:
vim /etc/nova/nova.conf内容:
[api_database]
# ...
connection = mysql+pymysql://nova:123456@controller/nova_api[database]
# ...
connection = mysql+pymysql://nova:123456@controller/nova[DEFAULT]
# ...
transport_url = rabbit://openstack:123456@controller:5672/
my_ip = 192.168.10.10[api]
# ...
auth_strategy = keystone[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000/
auth_url = http://controller:5000/
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = 123456[service_user]
send_service_user_token = true
auth_url = https://controller/identity
auth_strategy = keystone
auth_type = password
project_domain_name = Default
project_name = service
user_domain_name = Default
username = nova
password = 123456[glance]
# ...
api_servers = http://controller:9292[placement]
# ...
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://controller:5000/v3
username = placement
password = 123456密码为:123456
my_ip = 192.168.10.10
指令:
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
service nova-api restart
service nova-scheduler restart
service nova-conductor restart
service nova-novncproxy restart
. admin-openrc
openstack compute service list
openstack catalog list
openstack image list
nova-status upgrade check
openstack user create --domain default --password-prompt neutron
openstack role add --project service --user neutron admin
openstack service create --name neutron --description "OpenStack Networking" network
openstack endpoint create --region RegionOne network public http://controller:9696
openstack endpoint create --region RegionOne network internal http://controller:9696
openstack endpoint create --region RegionOne network admin http://controller:9696指令:
vim /etc/neutron/neutron.conf内容:
[database]
connection = mysql+pymysql://neutron:123456@controller/neutron[DEFAULT]
# ...
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:123456@controller
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true[keystone_authtoken]
# ...
www_authenticate_uri = http://controller:5000
auth_url = http://controller:5000
memcached_servers = controller:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = neutron
password = 123456[nova]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = nova
password = 123456[oslo_concurrency]
# ...
lock_path = /var/lib/neutron/tmp
密码为:123456
指令:
vim /etc/neutron/plugins/ml2/ml2_conf.ini内容:
[ml2]
# ...
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = openvswitch
extension_drivers = port_security[ml2_type_flat]
# ...
flat_networks = provider
指令:
vim /etc/neutron/plugins/ml2/openvswitch_agent.ini内容:
[ovs]
bridge_mappings = provider:ens33[securitygroup]
# ...
enable_security_group = true
firewall_driver = openvswitch
#firewall_driver = iptables_hybrid
指令:
sysctl net.bridge.bridge-nf-call-iptables
sysctl net.bridge.bridge-nf-call-ip6tables
vim /etc/neutron/dhcp_agent.ini内容:
[DEFAULT]
# ...
interface_driver = openvswitch
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
指令:
vim /etc/neutron/metadata_agent.ini内容:
[DEFAULT]
# ...
nova_metadata_host = controller
metadata_proxy_shared_secret = 123456
指令:
vim /etc/nova/nova.conf内容:
[neutron]
# ...
auth_url = http://controller:5000
auth_type = password
project_domain_name = Default
user_domain_name = Default
region_name = RegionOne
project_name = service
username = neutron
password = 123456
service_metadata_proxy = true
metadata_proxy_shared_secret = 123456
指令:
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
service nova-api restart
service neutron-server restart
service neutron-openvswitch-agent restart
service neutron-dhcp-agent restart
service neutron-metadata-agent restart
