版本选择 Open stack的版本是从A-Z之后的版本似乎是通过年月日来命名的,目前最新版本为2025.1-dev参考
组件选择 本文只装最基础的组件,Keystone、Glance、Placement、Nova、Neutron、Horizon
基础环境配置 网络环境配置 我这里采用两台主机构建基础的openstack,具体可参考文档: https://docs.openstack.org/install-guide/environment-networking-controller.html
角色
系统
配置
controller
CentOS 7.9
4G2H
compute1
CentOS7.9
1G1H
所有主机都配置一下hosts文件,有DNS服务则更好,主机名请跟随hosts文件。
1 2 3 4 5 6 7 [root@controller ~]# cat /etc/hosts 127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4 ::1 localhost localhost.localdomain localhost6 localhost6.localdomain6 10.0.0.11 controller 10.0.0.31 compute1
时间同步 OpenStack所有服务之前是使用Token进行验证的,token都是有有效期的,如果时间对不上则可能会出现token刚分配好就过期了的问题,为了避免时间上不一样的问题,这里使用NTP来进行时间同步。这里使用controller(控制节点)来做NTP服务主机。
1 2 3 [root@controller ~]# timedatectl set-timezone Asia/Shanghai [root@controller ~]# yum -y install chrony
下面编辑配置文件/etc/chrony.conf,内容主要参考下面内容
1 2 3 4 5 6 7 [root@controller ~]# cat /etc/chrony.conf |egrep -v "^#|^$" server ntp5.aliyun.com iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync allow 10.0.0.0/24 logdir /var/log/chrony
重启服务
1 [root@controller ~]# systemctl restart chronyd
其他openstack主机参考下面配置
1 2 3 4 5 6 [root@compute1 ~]# cat /etc/chrony.conf |egrep -v "^#|^$" server controller iburst driftfile /var/lib/chrony/drift makestep 1.0 3 rtcsync logdir /var/log/chrony
重启服务
1 [root@compute1 ~]# systemctl restart chronyd
查看状态
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 [root@controller ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* 203.107.6.88 2 6 377 20 -415us[ -498us] +/- 18ms [root@controller ~]# date Sat Dec 28 20:38:25 CST 2024 [root@controller ~]# [root@compute1 ~]# chronyc sources 210 Number of sources = 1 MS Name/IP address Stratum Poll Reach LastRx Last sample =============================================================================== ^* controller 3 6 377 51 +348us[ +428us] +/- 20ms [root@compute1 ~]# date Sat Dec 28 20:38:29 CST 2024
时间已经同步。
基础软件包 我这里是安装s版本的openstack,参考文档地址: https://docs.openstack.org/install-guide/environment-packages-rdo.html
1 yum install -y centos-release-openstack-stein
在24年12月28日,他自己的这些源有一部分是不可以用的,通过下面命令进行替换阿里的镜像站
1 2 3 4 cd /etc/yum.repos.dsed -i 's/mirrorlist=/#mirrorlist=/g' *.repo sed -i 's/#baseurl=/baseurl=/g' *.repo sed -i 's/mirror.centos.org/mirrors.aliyun.com/g' *.repo
安装openstack的客户端管理工具
1 yum install python-openstackclient -y
数据库支持 在控制节点安装下面工具,文档参考地址: https://docs.openstack.org/install-guide/environment-sql-database-rdo.html
1 yum install -y mariadb mariadb-server python2-PyMySQL
根据配置文件,修改一下数据库的配置,编辑文件/etc/my.cnf.d/openstack.cnf,添加下面内容
1 2 3 4 5 6 7 8 [mysqld] bind-address = 10.0.0.11 default-storage-engine = innodb innodb_file_per_table = on max_connections = 4096 collation-server = utf8_general_ci character-set-server = utf8
启动服务
1 systemctl enable --now mariadb.service
之后执行命令mysql_secure_installation安全初始化一下数据库
1 mysql_secure_installation
我执行的是,并且它们分别代表的含义是
登录的密码 回车(刚装的都是没密码的,所以直接回车)
是否设置root密码 n(不设置,这个等后面设置)
是否移除匿名用户 Y(移除)
是否禁用root远程登陆 Y(禁用)
是否移除test数据库 Y(移除)
是否重载权限表 Y(重载)
消息队列支持 open stack支持多种的消息队列,建议使用rabbitmq,这里也不用其他的了。具体可以参考文档: https://docs.openstack.org/install-guide/environment-messaging-rdo.html
1 2 3 4 5 6 yum install -y rabbitmq-server systemctl enable --now rabbitmq-server.service rabbitmqctl add_user openstack RABBIT_PASS rabbitmqctl set_permissions openstack ".*" ".*" ".*"
缓存支持 在控制节点为openstack提供缓存支持,具体可参考文档: https://docs.openstack.org/install-guide/environment-memcached-rdo.html
1 yum install -y memcached python-memcached
紧接着修改一下他的配置文件`/etc/sysconfig/memcached
1 2 3 OPTIONS="-l 127.0.0.1,::1" # 把上面内容替换成下面的内容 OPTIONS="-l 127.0.0.1,::1,controller"
替换的作用主要是为了公开服务,默认只是监听本地的127.0.0.1,外部是无法访问的,controller则是自己的主机的域名,指向的是自己在当前网络环境的ip。
1 systemctl enable --now memcached.service
ETCD支持 本架构不需要ETCD的支持,本文安装的组件和ETCD都没关联。其他组件可能用到ETCD,在进阶的安装情况下得注意这个基础环境。
组件安装 参考文档: https://docs.openstack.org/keystone/stein/install/
Keystone - 认证服务 参考文档: https://docs.openstack.org/keystone/stein/install/keystone-install-rdo.html
1 2 3 4 [root@controller ~]# mysql Welcome to the MariaDB monitor. Commands end with ; or \g. Your MariaDB connection id is 15 Server version: 10.3.10-MariaDB MariaDB Server Copyright (c) 2000, 2018, Oracle, MariaDB Corporation Ab and others. Type 'help;' or '\h' for help . Type '\c' to clear the current input statement. MariaDB [(none)]> CREATE DATABASE keystone; Query OK, 1 row affected (0.000 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone' @'localhost' \ -> IDENTIFIED BY 'KEYSTONE_DBPASS' ; Query OK, 0 rows affected (0.001 sec) MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone' @'%' \ -> IDENTIFIED BY 'KEYSTONE_DBPASS' ; Query OK, 0 rows affected (0.000 sec) MariaDB [(none)]>
安装相关的包
1 yum install -y openstack-keystone httpd mod_wsgi
修改配置文件/etc/keystone/keystone.conf,再修改之前需要注意的是,文件中有很多很多的注释,还全都是英文的,而且里面有很多Keystone不同类型的配置,直接修改并不好,这里可以通过执行下面命令来简化原本的配置文件,之后在进行修改
1 2 3 4 cp /etc/keystone/keystone.conf{,.bak}egrep -v "^$|^#" /etc/keystone/keystone.conf.bak > /etc/keystone/keystone.conf
正常来说,配置文件中所有的配置段的配置都是空的,然后现在添加下面配置
1 2 3 4 # database 配置段中添加下面配置,这里是连接数据库的协议连接,具体代表的内容这里不多写。 connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone # token 配置段中添加下面配置,这段配置的作用是指定当前组件使用什么方法提供令牌。 provider = fernet
保存后去用keystone的身份去填充数据库
1 su -s /bin/sh -c "keystone-manage db_sync" keystone
填充后可以使用下面命令去验证,正常的情况应该是会有好多表,如果啥都没有那应该是出问题了。
1 mysql keystone -e "show tables;"
下面开始初始化 Fernet 密钥存储库,执行下面命令
1 2 keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
初始化keystone,这里定义了一些基础信息,如果有修改请根据自己的环境修改。
1 2 3 4 5 keystone-manage bootstrap --bootstrap-password ADMIN_PASS \ --bootstrap-admin-url http://controller:5000/v3/ \ --bootstrap-internal-url http://controller:5000/v3/ \ --bootstrap-public-url http://controller:5000/v3/ \ --bootstrap-region-id RegionOne
下面开始配置一下Apache,编辑/etc/httpd/conf/httpd.conf配置ServerName为controller
再把keystone的apache配置链接到apache的http.d中
1 ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
启用服务
1 systemctl enable --now httpd.service
声明一下环境变量
1 2 3 4 5 6 7 export OS_USERNAME=adminexport OS_PASSWORD=ADMIN_PASSexport OS_PROJECT_NAME=adminexport OS_USER_DOMAIN_NAME=Defaultexport OS_PROJECT_DOMAIN_NAME=Defaultexport OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3
使用此链接的命令之前请务必配置上面所描述的环境变量。关于创建基础域、项目、用户和角色,具体可以参考: https://docs.openstack.org/keystone/stein/install/keystone-users-rdo.html https://docs.openstack.org/keystone/stein/install/keystone-openrc-rdo.html#using-the-scripts
1 2 3 cat > admin-openrc <export OS_PROJECT_DOMAIN_NAME=Default export OS_USER_DOMAIN_NAME=Default export OS_PROJECT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=ADMIN_PASS export OS_AUTH_URL=http://controller:5000/v3 export OS_IDENTITY_API_VERSION=3 export OS_IMAGE_API_VERSION=2 EOFchmod +x admin-openrc
这个脚本的作用就是用来执行客户端命令的,直接用命令去操控openstack的keystone的时候必须定义这些,保存到文件是为了下次更快的设置自己的用户,下次执行命令的时候只需要执行./admin-openrc即可。这里建议验证一下服务,执行命令openstack token issue查看是否有回显,如果报错则说明搭建过程有问题。
其他组件通用流程 除了Keystone,其他服务搭建的流程都遵循下面步骤
创库授权
keystone创建账号
keystone创建服务实体
安装服务软件包
修改服务的配置文件
同步数据库
启动服务
验证
Glance - 镜像服务 此服务安装在控制节点,参考文档地址: https://docs.openstack.org/glance/stein/install/
1 2 3 4 5 6 mysql -u root -p CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance' @'localhost' \ IDENTIFIED BY 'GLANCE_DBPASS' ; GRANT ALL PRIVILEGES ON glance.* TO 'glance' @'%' \ IDENTIFIED BY 'GLANCE_DBPASS' ;
在keystone中创建账号和服务实体
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 ./admin-openrc openstack user create --domain default --password GLANCE_PASS glance openstack project create --domain default \ --description "Service Project" service openstack role add --project service --user glance admin openstack service create --name glance \ --description "OpenStack Image" image openstack endpoint create --region RegionOne \ image public http://controller:9292 openstack endpoint create --region RegionOne \ image internal http://controller:9292 openstack endpoint create --region RegionOne \ image admin http://controller:9292
下面在控制节点开始安装glance的软件包
1 yum install -y openstack-glance
下面开始修改配置
1 2 3 4 5 6 cp /etc/glance/glance-api.conf{,.bak}cp /etc/glance/glance-registry.conf{,.bak}egrep -v "^$|^#" /etc/glance/glance-api.conf.bak > /etc/glance/glance-api.conf egrep -v "^$|^#" /etc/glance/glance-registry.conf.bak > /etc/glance/glance-registry.conf
编辑/etc/glance/glance-api.conf修改以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 # database 段中添加下面内容 connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance # keystone_authtoken 段中添加下面内容 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS # paste_deploy 段中添加下面内容 flavor = keystone # glance_store 段中添加下面内容 stores = file,http default_store = file filesystem_store_datadir = /var/lib/glance/images/
编辑/etc/glance/glance-registry.conf修改以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 # database 段中添加下面内容 connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance # keystone_authtoken 段中添加下面内容 www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = glance password = GLANCE_PASS # paste_deploy 段中添加下面内容 flavor = keystone
以glance的身份填充数据库
1 su -s /bin/sh -c "glance-manage db_sync" glance
启动服务
1 2 systemctl enable --now openstack-glance-api.service \ openstack-glance-registry.service
验证组件参考: https://docs.openstack.org/glance/stein/install/verify.html
Placemen - 计算安置服务 此服务安装在控制节点,文档参考地址: https://docs.openstack.org/placement/stein/install/
1 2 3 4 5 6 mysql -u root -p CREATE DATABASE placement; GRANT ALL PRIVILEGES ON placement.* TO 'placement' @'localhost' \ IDENTIFIED BY 'PLACEMENT_DBPASS' ; GRANT ALL PRIVILEGES ON placement.* TO 'placement' @'%' \ IDENTIFIED BY 'PLACEMENT_DBPASS' ;
在keystone中创建账号和服务实体
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 ./admin-openrc openstack user create --domain default --password PLACEMENT_PASS placement openstack role add --project service --user placement admin openstack service create --name placement \ --description "Placement API" placement openstack endpoint create --region RegionOne \ placement public http://controller:8778 openstack endpoint create --region RegionOne \ placement internal http://controller:8778 openstack endpoint create --region RegionOne \ placement admin http://controller:8778
安装软件包
1 yum install -y openstack-placement-api
下面开始修改配置
1 2 3 4 cp /etc/placement/placement.conf{,.bak}egrep -v "^$|^#" /etc/placement/placement.conf.bak > /etc/placement/placement.conf
编辑/etc/placement/placement.conf修改以下内容
1 2 3 4 5 6 7 8 9 10 11 12 13 connection = mysql+pymysql://placement:PLACEMENT_DBPASS@controller/placement auth_strategy = keystone auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = placement password = PLACEMENT_PASS
以placement的身份填充数据库
1 su -s /bin/sh -c "placement-manage db sync" placement
重启http服务
验证参考组件参考: https://docs.openstack.org/placement/stein/install/verify.html
Nova - 计算控制节点 此服务安装在控制节点,参考文档地址:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 mysql -u root -p CREATE DATABASE nova_api; CREATE DATABASE nova; CREATE DATABASE nova_cell0; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova' @'localhost' \ IDENTIFIED BY 'NOVA_DBPASS' ; GRANT ALL PRIVILEGES ON nova_api.* TO 'nova' @'%' \ IDENTIFIED BY 'NOVA_DBPASS' ; GRANT ALL PRIVILEGES ON nova.* TO 'nova' @'localhost' \ IDENTIFIED BY 'NOVA_DBPASS' ; GRANT ALL PRIVILEGES ON nova.* TO 'nova' @'%' \ IDENTIFIED BY 'NOVA_DBPASS' ; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova' @'localhost' \ IDENTIFIED BY 'NOVA_DBPASS' ; GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova' @'%' \ IDENTIFIED BY 'NOVA_DBPASS' ;
在keystone中创建账号和服务实体
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 ./admin-openrc openstack user create --domain default --password NOVA_PASS nova openstack role add --project service --user nova admin openstack service create --name nova \ --description "OpenStack Compute" compute openstack endpoint create --region RegionOne \ compute public http://controller:8774/v2.1 openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1 openstack endpoint create --region RegionOne \ compute admin http://controller:8774/v2.1
安装软件包
1 2 yum install -y openstack-nova-api openstack-nova-conductor \ openstack-nova-novncproxy openstack-nova-scheduler
关于三个包的作用
1 2 3 4 openstack-nova-api 组件之间调用 openstack-nova-conductor 用来协调数据库的,后期计算节点会很多,如果每个都有数据库信息这样并不安全而且也很麻烦,所以这个组件就负责计算节点之前数据库和各类调用与数据库交互用的。 openstack-nova-novncproxy 创建好的机器会开放VNC,这个就是用来提供一个VNC连接的 openstack-nova-scheduler 用来协调资源的,一个实例请求发送过来之后,他来判断那台主机适合创建这台机器。
下面开始修改配置
1 2 3 4 cp /etc/nova/nova.conf{,.bak}egrep -v "^$|^#" /etc/nova/nova.conf.bak > /etc/nova/nova.conf
编辑配置/etc/nova/nova.conf,主要修改下面内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 [DEFAULT] my_ip = 10.0.0.11 enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver [api] auth_strategy = keystone [api_database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api [database] connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova [glance] api_servers = http://controller:9292 [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [vnc] enabled = true server_listen = $my_ip server_proxyclient_address = $my_ip
根据对应段进行添加配置,其中需要注意的是
1 2 3 4 5 [DEFAULT] use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver
这段中,在老版本的环境中,网络还不是neutron组件来管的,是nova的一个,他为了兼容添加了use_neutron这个参数,需要打开
1 2 3 4 5 su -s /bin/sh -c "nova-manage api_db sync" nova su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova su -s /bin/sh -c "nova-manage db sync" nova su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
在执行过程中可能有一条会出现几条警告,那个无所谓别出现报错就行。openstack-nova-consoleauth,这个服务在18.0.0 (Rocky)的时候就被遗弃了。
1 2 3 systemctl enable --now openstack-nova-api.service \ openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
配置好之后验证好可以参考链接: https://docs.openstack.org/nova/stein/install/verify.html nova-status upgrade check去验证的时候会出现403的错误,这也是正常的,因为这是个bug,具体可参考文章: https://www.cnblogs.com/omgasw/p/12016839.html /etc/httpd/conf.d/00-placement-api.conf,添加配置
1 2 3 4 5 6 7 8 9 <Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory>
之后重启apache服务
即可再次尝试通过nova-status upgrade check去验证。
Nova - 计算节点 下面的操作是在计算节点中操作,文档参考: https://docs.openstack.org/nova/stein/install/compute-install-rdo.html
1 yum install -y openstack-nova-compute
下面开始修改配置
1 2 3 4 cp /etc/nova/nova.conf{,.bak}egrep -v "^$|^#" /etc/nova/nova.conf.bak > /etc/nova/nova.conf
编辑配置/etc/nova/nova.conf,主要修改下面内容
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 [DEFAULT] my_ip = 10.0.0.31 use_neutron = true firewall_driver = nova.virt.firewall.NoopFirewallDriver enabled_apis = osapi_compute,metadata transport_url = rabbit://openstack:RABBIT_PASS@controller [api] auth_strategy = keystone [glance] api_servers = http://controller:9292 [keystone_authtoken] auth_url = http://controller:5000/v3 memcached_servers = controller:11211 auth_type = password project_domain_name = Default user_domain_name = Default project_name = service username = nova password = NOVA_PASS [oslo_concurrency] lock_path = /var/lib/nova/tmp [placement] region_name = RegionOne project_domain_name = Default project_name = service auth_type = password user_domain_name = Default auth_url = http://controller:5000/v3 username = placement password = PLACEMENT_PASS [vnc] enabled = true server_listen = 0.0.0.0 server_proxyclient_address = $my_ip novncproxy_base_url = http://controller:6080/vnc_auto.html
要注意的是my_ip这里需要改成自己的ip。
1 systemctl enable --now libvirtd.service openstack-nova-compute.service
然后验证参考链接: https://docs.openstack.org/nova/stein/install/compute-install-rdo.html#add-the-compute-node-to-the-cell-database
1 su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
这是用来发现主机的,如果不想手动去执行,则可以在nova的控制节点配置中添加这段配置
1 2 [scheduler] discover_hosts_in_cells_interval = 300
Neutron - 网络控制节点 参考文档如下
1 2 3 4 5 6 mysql -u root -p CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron' @'localhost' \ IDENTIFIED BY 'NEUTRON_DBPASS' ; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron' @'%' \ IDENTIFIED BY 'NEUTRON_DBPASS' ;
在keystone中创建账号和服务实体
1 2 3 4 5 6 7 8 9 10 ./admin-openrc openstack user create --domain default --password NEUTRON_PASS neutron openstack role add --project service --user neutron adminopenstack service create --name neutron \ --description "OpenStack Networking" network openstack endpoint create --region RegionOne \ network public http://controller:9696 openstack endpoint create --region RegionOne \ network internal http://controller:9696 openstack endpoint create --region RegionOne \ network admin http://controller:9696
开始安装对应包,openstack默认提供两种网络方案,一个是提供商网络还有一个是自建网络也可以看作为阿里的VPC,这里搭建采用提供商网络,相当于桥接网络。
1 2 yum install -y openstack-neutron openstack-neutron-ml2 \ openstack-neutron-linuxbridge ebtables
下面开始修改配置
1 2 3 4 5 6 7 8 9 10 cp /etc/neutron/neutron.conf{,.bak}cp /etc/neutron/plugins/ml2/ml2_conf.ini{,.bak}cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}cp /etc/neutron/dhcp_agent.ini{,.bak}egrep -v "^$|^#" /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf egrep -v "^$|^#" /etc/neutron/plugins/ml2/ml2_conf.ini.bak > /etc/neutron/plugins/ml2/ml2_conf.ini egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini egrep -v "^$|^#" /etc/neutron/dhcp_agent.ini.bak > /etc/neutron/dhcp_agent.ini
开始配置/etc/neutron/neutron.conf
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 [DEFAULT] notify_nova_on_port_status_changes = true notify_nova_on_port_data_changes = true transport_url = rabbit://openstack:RABBIT_PASS@controller core_plugin = ml2 auth_strategy = keystone service_plugins = [database] connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp [nova] auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = nova password = NOVA_PASS
配置/etc/neutron/plugins/ml2/ml2_conf.ini,这个文件时ml2模块的配置文件
1 2 3 4 5 6 7 8 9 [ml2] type_drivers = flat,vlan tenant_network_types = mechanism_drivers = linuxbridge extension_drivers = port_security [ml2_type_flat] flat_networks = provider,net_vmnet1 [securitygroup] enable_ipset = true
配置/etc/neutron/plugins/ml2/linuxbridge_agent.ini,这里是linuxbridge的配置
1 2 3 4 5 6 7 [linux_bridge] physical_interface_mappings = provider:ens33 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
下面开始加载系统模块,
1 2 echo "br_netfilter" >> /etc/modules-load.d/bridge.confmodprobe br_netfilter
配置sysctl,编辑/etc/sysctl.conf
1 2 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
执行sysctl -p重载,在配置的时候需要注意physical_interface_mappings文档中需要自己指定网卡名字,这里我的网卡是ens33所以指定这个,还有就是关于vxlan,因为这里是采用提供商网络,相当于桥接,不需要vxlan直接关闭,后面配置自由网络还需要开启。/etc/neutron/dhcp_agent.ini,这个文件是为了dhcp的配置
1 2 3 4 [DEFAULT] interface_driver = linuxbridge dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq enable_isolated_metadata = true
在配置过程中可能有些官网字段不存在,直接自己加上即可。neutron的其他选项,下面开始修改配置
1 2 3 4 cp /etc/neutron/metadata_agent.ini{,.bak}egrep -v "^$|^#" /etc/neutron/metadata_agent.ini.bak > /etc/neutron/metadata_agent.ini
编辑/etc/neutron/metadata_agent.ini,修改内容如下
1 2 3 [DEFAULT] nova_metadata_host = controller metadata_proxy_shared_secret = METADATA_SECRET
现在neutron已经配置完成,需要去nova控制节点去对接,编辑文件/etc/nova/nova.conf,修改下面内容
1 2 3 4 5 6 7 8 9 10 11 12 [neutron] url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS service_metadata_proxy = true metadata_proxy_shared_secret = METADATA_SECRET
下面开始做启动neutron的工作
1 2 3 4 5 6 7 8 9 10 11 ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.inisu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutronsystemctl restart openstack-nova-api.service systemctl enable --now neutron-server.service \ neutron-linuxbridge-agent.service neutron-dhcp-agent.service \ neutron-metadata-agent.service
验证配置参考: https://docs.openstack.org/neutron/stein/install/verify-option1.html
Neutron - 网络计算节点 参考文档: https://docs.openstack.org/neutron/stein/install/compute-install-rdo.html
1 yum install -y openstack-neutron-linuxbridge ebtables ipset
备份配置
1 2 3 4 5 6 cp /etc/neutron/neutron.conf{,.bak}cp /etc/neutron/plugins/ml2/linuxbridge_agent.ini{,.bak}egrep -v "^$|^#" /etc/neutron/neutron.conf.bak > /etc/neutron/neutron.conf egrep -v "^$|^#" /etc/neutron/plugins/ml2/linuxbridge_agent.ini.bak > /etc/neutron/plugins/ml2/linuxbridge_agent.ini
编辑配置/etc/neutron/neutron.conf主要修改内容如下
1 2 3 4 5 6 7 8 9 [DEFAULT] transport_url = rabbit://openstack:RABBIT_PASS@controller auth_strategy = keystone [keystone_authtoken] www_authenticate_uri = http://controller:5000 auth_url = http://controller:5000 memcached_servers = controller:11211 auth_type = password project_domain_name = default user_domain_name = default project_name = service username = neutron password = NEUTRON_PASS [oslo_concurrency] lock_path = /var/lib/neutron/tmp
下面配置ml2模块,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini,主要内容和控制节点的一样,直接复制也行,主要内容如下
1 2 3 4 5 6 7 [linux_bridge] physical_interface_mappings = provider:ens33 [vxlan] enable_vxlan = false [securitygroup] enable_security_group = true firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
下面开始加载系统模块,
1 2 echo "br_netfilter" >> /etc/modules-load.d/bridge.confmodprobe br_netfilter
配置sysctl,编辑/etc/sysctl.conf
1 2 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-call-ip6tables = 1
执行sysctl -p重载/etc/nova/nova.conf,主要修改内容如下
1 2 3 4 5 6 7 8 9 10 [neutron] url = http://controller:9696 auth_url = http://controller:5000 auth_type = password project_domain_name = default user_domain_name = default region_name = RegionOne project_name = service username = neutron password = NEUTRON_PASS
重启计算节点的nova服务
1 systemctl restart openstack-nova-compute.service
启动计算节点的neutron模块
1 systemctl enable --now neutron-linuxbridge-agent.service
Horizon - 仪表盘服务 参考文档:
1 yum install -y openstack-dashboard
这里备份一下配置
1 cp /etc/openstack-dashboard/local_settings ~/
编辑/etc/openstack-dashboard/local_settings,主要修改内容如下
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 # 设置主机名 OPENSTACK_HOST = "controller" # 这里是设置允许访问的主机名,*代表全部 ALLOWED_HOSTS = ['*'] # 会话存储引擎指定 SESSION_ENGINE = 'django.contrib.sessions.backends.cache' # 缓存配置 CACHES = { 'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', } } # **Keystone** 服务的 URL OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST # 启用 Keystone 多域支持 OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True # 定义 OpenStack 服务的 API 版本 OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 3, } # 这是 Keystone 服务的配置项,指定默认的域名。 OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default" # 新增用户的默认角色(ROLE) OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user" # Neutron 网络服务的设置 OPENSTACK_NEUTRON_NETWORK = { ... 'enable_router': False, 'enable_quotas': False, 'enable_distributed_router': False, 'enable_ha_router': False, 'enable_lb': False, 'enable_firewall': False, 'enable_vpn': False, 'enable_fip_topology_check': False, } # 设置时区 TIME_ZONE = "Asia/Shanghai"
之后再去编辑/etc/httpd/conf.d/openstack-dashboard.conf,添加下面内容
1 WSGIApplicationGroup %{GLOBAL}
重启服务
1 systemctl restart httpd.service memcached.service
访问http://10.0.0.11/dashboarddefaultadminADMIN_PASS
简单使用 前言 参考文档:
创建网络 创建实例前,应该先创建一个网络,可以参考命令
1 2 3 openstack network create --share --external \ --provider-physical-network provider \ --provider-network-type flat provider
openstack network create
--share
使网络成为共享的网络,意味着其他租户(project)也可以使用该网络。
--external
标记该网络为外部网络,通常指该网络连接到物理网络或者外部互联网。这通常用于提供公网访问。
--provider-physical-network provider
指定物理网络名称为 provider。这个物理网络是指在网络拓扑中与 OpenStack 的虚拟网络连接的物理网络接口。
--provider-network-type flat
指定网络类型为 flat,表示不使用 VLAN 或者其他网络隔离机制,所有主机之间都在同一个网络中,通常用于简单的网络环境。
provider
这是创建的网络名称。在这个命令中,创建的网络名称是 provider,它是外部共享网络
其中provider是在neutron的ml2模块中指定的。
1 2 3 4 5 6 7 8 9 [ml2] flat_networks = provider ``` 之后开始创建子网,执行下面命令创建一个子网 ```bash openstack subnet create --network provider \ --allocation-pool start=START_IP_ADDRESS,end=END_IP_ADDRESS \ --dns-nameserver DNS_RESOLVER --gateway PROVIDER_NETWORK_GATEWAY \ --subnet-range PROVIDER_NETWORK_CIDR provider
注意替换上面相关的参数,这里我替换后的命令是
1 2 3 4 openstack subnet create --network provider \ --allocation-pool start=10.0.0.200,end=10.0.0.210 \ --dns-nameserver 114.114.114.114 --gateway 10.0.0.2 \ --subnet-range 10.0.0.0/24 provider
要注意的是,因为搭建的时候采用的是供应商网络,相当于直连,想要上网网段需要和虚机网络一样,网关使用虚机的网关。
创建规格 下面开始创建规格
1 openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
创建SSH密钥对 1 2 3 4 ssh-keygen -q -N "" openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
安全组规则 给默认安全组放行icmp协议
1 openstack security group rule create --proto icmp default
放行SSH
1 openstack security group rule create --proto tcp --dst-port 22 default
添加安全组规则的原因是因为默认的安全组是一切都拒绝的。
创建主机
问题解决 启动引导卡在Booting from Hard Disk… 实例创建好之后进入控制台会出现一直卡在Booting from Hard Disk这一步,这个似乎是因为nova默认设置的主板型号和实际运行的不兼容/etc/nova/nova.conf,修改内容如下
1 2 3 # libvirt 段增加 [libvirt] hw_machine_type=x86_64=pc-i440fx-rhel7.2.0
x86_64类型不多说,后面的这个内容是没有问题的型号,因为刚才创建了一台Test主机,可以看一下他的默认型号,他默认使7.6.
1 systemctl restart libvirtd openstack-nova-compute
重启服务之后重启实例(硬重启),此时就没问题了
供应商网络配置子网没有网络 要注意的是,因为搭建的时候采用的是供应商网络,相当于直连,想要上网网段需要和虚机网络一样,网关使用虚机的网关。使用其他的自定义的网络是不可以上网的。
