云计算:OpenStack 分布式架构部署(单控制节点与单计算节点)

2024-01-01 09:43:58

目录

一、实验

1.环境

2.OpenStack包安装

3.数据库安装

4.消息队列安装

5.令牌缓存安装

6.认证服务安装

7.镜像服务安装

8. 计算服务安装(控制节点)

9. 计算服务安装(计算节点)

10. 网络服务安装(控制节点)

11. 网络服务安装(计算节点)

12. Dashboard图形化界面安装(控制节点)


一、实验

1.环境

(1) 主机

表1 主机

主机架构IP备注
controller控制节点192.168.204.210
compute01计算节点192.168.204.211?

(2)官网

OpenStack Docs: OpenStack Installation Guide for Red Hat Enterprise Linux and CentOS

(3)网络

①?控制节点 ping?计算节点

[root@controller ~]# ping compute01 -c 1

②计算节点 ping?控制节点

[root@compute01 ~]# ping compute01 -c 1

(4) 时间同步

① 控制节点?

[root@controller ~]# yum install -y chrony

[root@controller ~]# vim /etc/chrony.conf
[root@controller ~]# systemctl restart chronyd.service && systemctl enable chronyd.service


?

② 计算节点

[root@compute01 ~]# yum install -y chrony

③测试

[root@controller ~]# date

[root@compute01 ~]# date

2.OpenStack包安装

(1)控制节点安装 OpenStack 客户端

# yum install python-openstackclient

(2)CentOS 默认启用了?SELinux?. 安装?openstack-selinux?软件包以便自动管理 OpenStack 服务的安全策略

# yum install openstack-selinux

3.数据库安装

(1)安装软件包

# yum install mariadb mariadb-server python2-PyMySQL

(2)创建并编辑?/etc/my.cnf.d/openstack.cnf

① 在?[mysqld]?部分,设置?bind-address值为控制节点的管理网络IP地址以使得其它节点可以通过管理网络访问数据库

[mysqld]
...
bind-address = 192.168.204.210

②在[mysqld]部分,设置如下键值来启用一起有用的选项和 UTF-8 字符集

[mysqld]
...
default-storage-engine = innodb
innodb_file_per_table
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8

③修改

(3) 完成安装

①启动数据库服务,并将其配置为开机自启

# systemctl enable mariadb.service
# systemctl start mariadb.service

②为了保证数据库服务的安全性,运行mysql_secure_installation脚本。特别需要说明的是,为数据库的root用户设置一个适当的密码。

4.消息队列安装

(1)安装包

# yum install rabbitmq-server

(2)启动消息队列服务并将其配置为随系统启动

# systemctl enable rabbitmq-server.service
# systemctl start rabbitmq-server.service

(3)添加?openstack?用户

# rabbitmqctl add_user openstack RABBIT_PASS

(4)给openstack用户配置写和读权限

# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

5.令牌缓存安装

(1)安装软件包

# yum install memcached python-memcached

(2)修改配置

# vim /etc/sysconfig/memcached

(3)启动Memcached服务,并且配置它随机启动

# systemctl enable memcached.service
# systemctl start memcached.service

(4)查看服务

6.认证服务安装

(1)创建数据库和管理员令牌

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';

用数据库连接客户端 (注意生产环境需要账户及密码)

$ mysql -u root -p

创建?keystone?数据库

CREATE DATABASE keystone;

对keystone数据库授予恰当的权限

GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' \
  IDENTIFIED BY 'KEYSTONE_DBPASS';

(2)安全并配置组件

运行以下命令来安装包

# yum install openstack-keystone httpd mod_wsgi

安装工具包

# yum install -y openstack-utils

(3)?编辑文件?/etc/keystone/keystone.conf?

① 在[DEFAULT]部分,定义初始管理令牌的值

[DEFAULT]
...
admin_token = ADMIN_TOKEN

②在?[database]?部分,配置数据库访问

[database]
...
connection = mysql+pymysql://keystone:KEYSTONE_DBPASS@controller/keystone

③ 在[token]部分,配置Fernet UUID令牌的提供者。

[token]
...
provider = fernet

④初始化身份认证服务的数据库

# su -s /bin/sh -c "keystone-manage db_sync" keystone

④?查看

mysql keystone -e "show tables;"

⑥初始化Fernet keys

# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

(4)配置 Apache HTTP 服务器

① 编辑/etc/httpd/conf/httpd.conf?文件,配置ServerName?选项为控制节点

ServerName controller

②创建文件?/etc/httpd/conf.d/wsgi-keystone.conf

Listen 5000
Listen 35357

<VirtualHost *:5000>
    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-public
    WSGIScriptAlias / /usr/bin/keystone-wsgi-public
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

<VirtualHost *:35357>
    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}
    WSGIProcessGroup keystone-admin
    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin
    WSGIApplicationGroup %{GLOBAL}
    WSGIPassAuthorization On
    ErrorLogFormat "%{cu}t %M"
    ErrorLog /var/log/httpd/keystone-error.log
    CustomLog /var/log/httpd/keystone-access.log combined

    <Directory /usr/bin>
        Require all granted
    </Directory>
</VirtualHost>

③ 启动 Apache HTTP 服务并配置其随系统启动

# systemctl enable httpd.service
# systemctl start httpd.service

# systemctl status httpd.service

(5)?创建服务实体和API端点

①申明环境变量

$ export OS_TOKEN=ADMIN_TOKEN
$ export OS_URL=http://controller:35357/v3
$ export OS_IDENTITY_API_VERSION=3

② 创建服务实体和身份认证服务

$ openstack service create \
  --name keystone --description "OpenStack Identity" identity

③ 创建认证服务的 API 端点

$ openstack endpoint create --region RegionOne \
  identity public http://controller:5000/v3

$ openstack endpoint create --region RegionOne \
  identity internal http://controller:5000/v3

$ openstack endpoint create --region RegionOne \
  identity admin http://controller:35357/v3

④ 查看

# openstack service list

# openstack endpoint list

(6)创建域、项目、用户和角色

①创建域default

$ openstack domain create --description "Default Domain" default

②创建?admin?项目

$ openstack project create --domain default \
  --description "Admin Project" admin

③ 创建?admin?用户

$ openstack user create --domain default \
  --password-prompt admin

④创建?admin?角色

$ openstack role create admin

⑤ 添加admin?角色到?admin?项目和用户上

$ openstack role add --project admin --user admin admin

?⑥ ?创建service项目

$ openstack project create --domain default \
  --description "Service Project" service

⑦ 查看 (需要后续脚本支持)

# openstack domain list

# openstack project list

# openstack role list

# openstack user list

(7)??创建 OpenStack 客户端环境脚本

编辑文件?admin-openrc,将?ADMIN_PASS?替换为你在认证服务中为?admin?用户选择的密码。

export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=ADMIN_PASS
export OS_AUTH_URL=http://controller:35357/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2

7.镜像服务安装

(1)创建数据库

用数据库连接客户端以?root?用户连接到数据库服务器

$ mysql -u root -p

创建?glance?数据库

CREATE DATABASE glance;

对glance数据库授予权限

GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' \
  IDENTIFIED BY 'GLANCE_DBPASS';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' \
  IDENTIFIED BY 'GLANCE_DBPASS';

(2)创建?glance?用户

① 创建

$ openstack user create --domain default --password-prompt glance

查看

② 添加?admin?角色到?glance?用户和?service?项目上

$ openstack role add --project service --user glance admin

③创建glance服务实体

$ openstack service create --name glance \
  --description "OpenStack Image" image

查看

④创建镜像服务的 API 端点

$ openstack endpoint create --region RegionOne \
  image public http://controller:9292

$ openstack endpoint create --region RegionOne \
  image internal http://controller:9292

$ openstack endpoint create --region RegionOne \
  image admin http://controller:9292

(3)安装软件包

# yum install openstack-glance

(4)编辑文件?/etc/glance/glance-api.conf?

①?在?[database]?部分,配置数据库访问

[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

② 在?[keystone_authtoken]?和?[paste_deploy]?部分,配置认证服务访问

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
...
flavor = keystone

③在?[glance_store]?部分,配置本地文件系统存储和镜像文件位置

[glance_store]
...
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

④在?[database]?部分,配置数据库访问

[database]
...
connection = mysql+pymysql://glance:GLANCE_DBPASS@controller/glance

?⑤在?[keystone_authtoken]?和?[paste_deploy]?部分,配置认证服务访问

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = GLANCE_PASS

[paste_deploy]
...
flavor = keystone

⑥备份并修改

(5)写入镜像服务数据库(忽略输出中任何不推荐使用的信息)

# su -s /bin/sh -c "glance-manage db_sync" glance

(6)查看数据库

# mysql glance -e "show tables;"

(6)完成安装

启动镜像服务、配置他们随机启动

# systemctl enable openstack-glance-api.service \
  openstack-glance-registry.service
# systemctl start openstack-glance-api.service \
  openstack-glance-registry.service

(7) 查看网络

# netstat nltup

(8)验证操作

①下载源镜像

$ wget http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img

② 使用?QCOW2?磁盘格式,?bare?容器格式上传镜像到镜像服务并设置公共可见,这样所有的项目都可以访问它

$ openstack image create "cirros" \
  --file cirros-0.3.4-x86_64-disk.img \
  --disk-format qcow2 --container-format bare \
  --public

③确认镜像的上传并验证属性

$ openstack image list

④ ?登录数据库验证

⑤查看

# openstack endpoint list | grep glance

8. 计算服务安装(控制节点)

(1)创建数据库

用数据库连接客户端

$ mysql -u root -p

创建?nova_api?和?nova?数据库

CREATE DATABASE nova_api;
CREATE DATABASE nova;

对数据库进行正确的授权

GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' \
  IDENTIFIED BY 'NOVA_DBPASS';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' \
  IDENTIFIED BY 'NOVA_DBPASS';

(2)创建?nova?用户

$ openstack user create --domain default \
  --password-prompt nova

① 给?nova?用户添加?admin?角色

$ openstack role add --project service --user nova admin

② 创建?nova?服务实体

$ openstack service create --name nova \
  --description "OpenStack Compute" compute

③ 创建 Compute 服务 API 端点

$ openstack endpoint create --region RegionOne \
  compute public http://controller:8774/v2.1/%\(tenant_id\)s

$ openstack endpoint create --region RegionOne \
  compute internal http://controller:8774/v2.1/%\(tenant_id\)s

$ openstack endpoint create --region RegionOne \
  compute admin http://controller:8774/v2.1/%\(tenant_id\)s

(3)查看

# openstack endpoint list

(4)?安装软件包

# yum install openstack-nova-api openstack-nova-conductor \
  openstack-nova-console openstack-nova-novncproxy \
  openstack-nova-scheduler

(5)?编辑/etc/nova/nova.conf

① ?在[DEFAULT]部分,只启用计算和元数据API

[DEFAULT]
...
enabled_apis = osapi_compute,metadata

②在[api_database]和[database]部分,配置数据库的连接

[api_database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova_api

[database]
...
connection = mysql+pymysql://nova:NOVA_DBPASS@controller/nova

③在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 RabbitMQ消息队列访问

[DEFAULT]
...
rpc_backend = rabbit

[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

④ 在 [DEFAULT]和 [keystone_authtoken]?部分,配置认证服务访问

[DEFAULT]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS

⑤ 在?[DEFAULT?部分,配置my_ip?来使用控制节点的管理接口的IP 地址

[DEFAULT]
...
my_ip = 192.168.204.210

⑥在?[DEFAULT]?部分,使能 Networking 服务

[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

⑦在[vnc]部分,配置VNC代理使用控制节点的管理接口IP地址

[vnc]
...
vncserver_listen = $my_ip
vncserver_proxyclient_address = $my_ip

⑧在?[glance]?区域,配置镜像服务 API 的位置

[glance]
...
api_servers = http://controller:9292

⑨在?[oslo_concurrency]?部分,配置锁路径

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

⑩备份并修改

(6) 同步Compute 数据库

# su -s /bin/sh -c "nova-manage api_db sync" nova
# su -s /bin/sh -c "nova-manage db sync" nova

(7)查看数据库

# mysql nova -e "show tables;"

(8)启动 Compute 服务并将其设置为随系统启动

# systemctl enable openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service
# systemctl start openstack-nova-api.service \
  openstack-nova-consoleauth.service openstack-nova-scheduler.service \
  openstack-nova-conductor.service openstack-nova-novncproxy.service

?(9) 查看服务列表

# openstack service list

9. 计算服务安装(计算节点)

(1)安装软件包

# yum install openstack-nova-compute -y

# yum install libvirt -y

# yum install openstack-utils.noarch -y

(2)编辑/etc/nova/nova.conf

①在[DEFAULT]和 [oslo_messaging_rabbit]部分,配置RabbitMQ消息队列的连接

[DEFAULT]
...
rpc_backend = rabbit

[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

② 在 [DEFAULT]和 [keystone_authtoken]?部分,配置认证服务访问

[DEFAULT]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = NOVA_PASS

③ 在?[DEFAULT]?部分,配置?my_ip?选项

[DEFAULT]
...
my_ip = 192.168.204.211

④ 在?[DEFAULT]?部分,使能 Networking 服务

[DEFAULT]
...
use_neutron = True
firewall_driver = nova.virt.firewall.NoopFirewallDriver

⑤ 在[vnc]部分,启用并配置远程控制台访问

[vnc]
...
enabled = True
vncserver_listen = 0.0.0.0
vncserver_proxyclient_address = $my_ip
novncproxy_base_url = http://controller:6080/vnc_auto.html

⑥在?[glance]?区域,配置镜像服务 API 的位置

[glance]
...
api_servers = http://controller:9292

⑦ 在?[oslo_concurrency]?部分,配置锁路径

[oslo_concurrency]
...
lock_path = /var/lib/nova/tmp

⑧ 备份修改

(3)完成安装

① ?确定计算节点是否支持虚拟机的硬件加速

$ egrep -c '(vmx|svm)' /proc/cpuinfo

② 启动计算服务及其依赖,并将其配置为随系统自动启动

# systemctl enable libvirtd.service openstack-nova-compute.service
# systemctl start libvirtd.service openstack-nova-compute.service

(4)验证操作

查看服务列表

# openstack service list

10. 网络服务安装(控制节点)

(1)创建数据库

用数据库连接客户端

$ mysql -u root -p

创建neutron数据库

CREATE DATABASE neutron;

对neutron数据库授予合适的访问权限,使用合适的密码替换NEUTRON_DBPASS

GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' \
  IDENTIFIED BY 'NEUTRON_DBPASS';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' \
  IDENTIFIED BY 'NEUTRON_DBPASS';

(2)创建neutron用户

$ openstack user create --domain default --password-prompt neutron

(3)添加admin角色到neutron用户

$ openstack role add --project service --user neutron admin

(4)创建neutron服务实体

$ openstack service create --name neutron \
  --description "OpenStack Networking" network

(5)创建网络服务API端点

$ openstack endpoint create --region RegionOne \
  network public http://controller:9696

$ openstack endpoint create --region RegionOne \
  network internal http://controller:9696

$ openstack endpoint create --region RegionOne \
  network admin http://controller:9696

(6)查看

(7)安装 Modular Layer 2 (ML2) 插件

# yum install openstack-neutron openstack-neutron-ml2 \
  openstack-neutron-linuxbridge ebtables

(8)编辑/etc/neutron/plugins/ml2/ml2_conf.ini

①?在?[database]?部分,配置数据库访问

[database]
...
connection = mysql+pymysql://neutron:NEUTRON_DBPASS@controller/neutron

② 在[DEFAULT]部分,启用ML2插件并禁用其他插件

[DEFAULT]
...
core_plugin = ml2
service_plugins =

③ 在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 “RabbitMQ” 消息队列的连接

[DEFAULT]
...
rpc_backend = rabbit

[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

④在 [DEFAULT]和 [keystone_authtoken]部分,配置认证服务访问

[DEFAULT]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

⑤ 在[DEFAULT]和[nova]部分,配置网络服务来通知计算节点的网络拓扑变化

[DEFAULT]
...
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

[nova]
...
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = NOVA_PASS

⑥ 在?[oslo_concurrency]?部分,配置锁路径

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp

⑦备份修改

(9)配置 Modular Layer 2 (ML2) 插件,编辑/etc/neutron/plugins/ml2/ml2_conf.ini

① ?在[ml2]部分,启用flat和VLAN网络

[ml2]
...
type_drivers = flat,vlan

② 在[ml2]部分,禁用私有网络

[ml2]
...
tenant_network_types =

③ 在[ml2]部分,启用Linuxbridge机制

[ml2]
...
mechanism_drivers = linuxbridge

④在[ml2]部分,启用端口安全扩展驱动

[ml2]
...
extension_drivers = port_security

⑤ 在[ml2_type_flat]部分,配置公共虚拟网络为flat网络

[ml2_type_flat]
...
flat_networks = provider

⑥ 在?[securitygroup]部分,启用?ipset?增加安全组规则的高效性

[securitygroup]
...
enable_ipset = True

(10)备份修改

(11)查看IP

(12)配置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini

① ?在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

② 在[vxlan]部分,禁止VXLAN覆盖网络

[vxlan]
enable_vxlan = False

③ 在?[securitygroup]部分,启用安全组并配置 Linuxbridge?iptables?firewall driver

[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

(13)修改备份

(14)配置DHCP代理,编辑/etc/neutron/dhcp_agent.ini文件

① 在[DEFAULT]部分,配置Linuxbridge驱动接口,DHCP驱动并启用隔离元数据,这样在公共网络上的实例就可以通过网络来访问元数据

[DEFAULT]
...
interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriver
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = True

② 修改备份

(15)配置元数据代理

① 编辑/etc/neutron/metadata_agent.ini文件,在[DEFAULT]?部分,配置元数据主机以及共享密码

[DEFAULT]
...
nova_metadata_ip = controller
metadata_proxy_shared_secret = METADATA_SECRET

②修改备份

(16)为计算节点配置网络服务

①编辑/etc/nova/nova.conf文件,在[neutron]部分,配置访问参数,启用元数据代理并设置密码

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET

② 直接修改

(17)完成安装

① 网络服务初始化脚本需要一个超链接?/etc/neutron/plugin.ini指向ML2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini。如果超链接不存在,使用下面的命令创建它

# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

② 同步数据库

# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

③ 重启计算API 服务

# systemctl restart openstack-nova-api.service

(18)查看

# neutron agent-list

11. 网络服务安装(计算节点)

(1)安装组件

# yum install openstack-neutron-linuxbridge ebtables ipset

(2)配置通用组件,编辑/etc/neutron/neutron.conf文件

①在[database]部分,注释所有connection项,因为计算节点不直接访问数据库;

②在 [DEFAULT]和 [oslo_messaging_rabbit]部分,配置 RabbitMQ消息队列的连接

[DEFAULT]
...
rpc_backend = rabbit

[oslo_messaging_rabbit]
...
rabbit_host = controller
rabbit_userid = openstack
rabbit_password = RABBIT_PASS

③ 在 [DEFAULT]和 [keystone_authtoken]部分,配置认证服务访问(将?NEUTRON_PASS?替换为在认证服务中为?neutron?用户选择的密码)

[DEFAULT]
...
auth_strategy = keystone

[keystone_authtoken]
...
auth_uri = http://controller:5000
auth_url = http://controller:35357
memcached_servers = controller:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = NEUTRON_PASS

④ 在?[oslo_concurrency]?部分,配置锁路径

[oslo_concurrency]
...
lock_path = /var/lib/neutron/tmp

⑤ 备份修改

(3)???配置Linuxbridge代理,编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini

① ?在[linux_bridge]部分,将公共虚拟网络和公共物理网络接口对应起来

[linux_bridge]
physical_interface_mappings = provider:PROVIDER_INTERFACE_NAME

② 在[vxlan]部分,禁止VXLAN覆盖网络

[vxlan]
enable_vxlan = False

③ 在?[securitygroup]部分,启用安全组并配置 Linuxbridge?iptables?firewall driver

[securitygroup]
...
enable_security_group = True
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

④ 备份修改

(4)配置网络选项,编辑/etc/nova/nova.conf文件

在[neutron]部分,配置访问参数

[neutron]
...
url = http://controller:9696
auth_url = http://controller:35357
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = NEUTRON_PASS

(5)完成安装

重启计算服务

# systemctl restart openstack-nova-compute.service

启动Linuxbridge代理并配置它开机自启动

# systemctl enable neutron-linuxbridge-agent.service
# systemctl start neutron-linuxbridge-agent.service

(6)查看

# neutron agent-list

(7)验证,列出加载的扩展来验证neutron-server进程是否正常启动

$ neutron ext-list

12. Dashboard图形化界面安装(控制节点)

(1)安装软件包

# yum install openstack-dashboard

(2)编辑文件?/etc/openstack-dashboard/local_settings?

① 在?controller?节点上配置仪表盘以使用 OpenStack 服务

OPENSTACK_HOST = "controller"

②允许所有主机访问仪表板

ALLOWED_HOSTS = ['*', ]

③ 配置?memcached?会话存储服务

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {
    'default': {
         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
         'LOCATION': 'controller:11211',
    }
}

④启用第3版认证API

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

⑤ 用对域的支持

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

⑥ 启配置API版本

OPENSTACK_API_VERSIONS = {
    "identity": 3,
    "image": 2,
    "volume": 2,
}

⑦ 通过仪表盘创建用户时的默认域配置为?default

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"

⑧ 通过仪表盘创建的用户默认角色配置为?user

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

⑨ 如果选择网络参数1,禁用支持3层网络服务

OPENSTACK_NEUTRON_NETWORK = {
    ...
    'enable_router': False,
    'enable_quotas': False,
    'enable_distributed_router': False,
    'enable_ha_router': False,
    'enable_lb': False,
    'enable_firewall': False,
    'enable_vpn': False,
    'enable_fip_topology_check': False,
}

⑩可以选择性地配置时区

TIME_ZONE = "Asia/Shagnhai"

(3)?完成安装

重启web服务器以及会话存储服务

# systemctl restart httpd.service memcached.service

(4)验证操作

①验证仪表盘的操作

在浏览器中输入 http://controller/dashboard访问仪表盘。

验证使用 admin用户凭证和default域凭证。

② 登录成功

③ 查看项目

④查看镜像

⑤查看用户

⑥?查看角色

⑦安全

文章来源:https://blog.csdn.net/cronaldo91/article/details/135315449
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。