先准备两台机器,我这里准备的是2台,32G,16核,500G硬盘的服务器,一台作为master,一台作为计算节点机器。
master 机器有两个网卡,一个是ip 10.10.162.38 另一个网卡和10.10.162.38是同一个物理网络,也就是同一个网段中,但是暂时不分配IP,留给将来的openstarck桥接用
node 机器有两个网卡,一个是ip 10.10.162.39 另一个网卡和10.10.162.39是同一个物理网络,也就是同一个网段中,但是暂时不分配IP,留给将来的openstarck桥接用
默认的Centos7.9 的内核是3.10,需要升级到5.19,要不然不能安装内核模块
wget http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-ml-5.19.9-1.el7.elrepo.x86_64.rpm
wget http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-ml-devel-5.19.9-1.el7.elrepo.x86_64.rpm
wget http://mirrors.coreix.net/elrepo-archive-archive/kernel/el7/x86_64/RPMS/kernel-ml-headers-5.19.9-1.el7.elrepo.x86_64.rpm
yum -y install perl.x86_64
rpm -ivh kernel-ml-5.19.9-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-devel-5.19.9-1.el7.elrepo.x86_64.rpm
rpm -ivh kernel-ml-headers-5.19.9-1.el7.elrepo.x86_64.rpm
#查看全部内核
awk -F\' '$1=="menuentry " {print i++ " : " $2}' /etc/grub2.cfg
#查看默认启动的内核
tail /boot/grub2/grubenv
#设置对应的数字启动内核,0代表5.19版本
grub2-set-default 0
#重新加载启动文件
grub2-mkconfig -o /boot/grub2/grub.cfg
安装其他工具
yum install bridge-utils -y
修改内核参数,vi /etc/sysctl.conf 加入如下配置
net.bridge.bridge-nf-call-iptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
设置开机自启模块
echo br_netfilter > /etc/modules-load.d/br_netfilter.conf
重启系统,确认内核模块生效
reboot 重启系统
uname -r 确认新的内核版本
lsmod |grep br_netfilter
sysctl -p 查看配置是否生效
关闭防火墙,selinux
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl disable NetworkManager.service
配置时区同步
yum install -y chrony
timedatectl set-timezone Asia/Shanghai
vi /etc/chrony.conf 注释一些,加入最后一行
#注释这些
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#写对准这个时间服务器
server time1.aliyun.com iburst
systemctl enable chronyd
systemctl start chronyd
#查看是否开始校对
chronyc sources -V
编辑host文件 vi /etc/hosts
10.10.162.38 master.openstack
10.10.162.39 node1.openstack
hostnamectl set-hostname master.openstack
master安装openstack源
yum install -y centos-release-openstack-train.noarch
yum install python-openstackclient openstack-selinux wget -y
安装mariadb或者mysql,rabbitmq,memcached
yum install mariadb mariadb-server python2-PyMySQL -y
配置mysql
vi /etc/my.cnf.d/openstack.cnf
加入如下选项
[mysqld]
bind-address = 0.0.0.0
default-storage-engine = innodb
innodb_file_per_table = on
max_connections = 4096
collation-server = utf8_general_ci
character-set-server = utf8
systemctl start mariadb
systemctl enable mariadb
配置rabbitmq
yum install rabbitmq-server -y
systemctl enable rabbitmq-server.service
systemctl start rabbitmq-server.service
增加mq用户
rabbitmqctl add_user openstack sunny
rabbitmqctl set_user_tags openstack administrator
rabbitmqctl set_permissions openstack ".*" ".*" ".*"
开启网页插件
rabbitmq-plugins enable rabbitmq_management
安装memcached
yum install memcached python-memcached -y
修改memcache配置 ,修改缓存大小、监听地址
vi /etc/sysconfig/memcached
CACHESIZE="1024"
OPTIONS="-l 0.0.0.0"
systemctl enable memcached.service
systemctl start memcached.service
ss -tnl 确认端口都打开,服务正常运行
25672 rabbitmq端口
3306 mysql端口
11211 memcached端口
15672 rabbitmq网页端口
4369 rabbitmq端口
5672 rabbitmq端口
数据库配置,直接输入mysql命令
mysql
创建数据库和设置账户
CREATE DATABASE keystone;
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'tomson1234';
exit
安装keystone
yum install openstack-keystone httpd mod_wsgi -y
vi /etc/keystone/keystone.conf 配置keystone和mysql连接
#keystone:tomson1234是数据库账户和密码
#master.openstack是master的主机名,/keystone这里的是数据库名字
connection = mysql+pymysql://keystone:tomson1234@master.openstack/keystone
[token]
#在这里添加
provider = fernet
#keystone 启动配置
su -s /bin/sh -c "keystone-manage db_sync"
生成2个账户信息目录
keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
keystone-manage credential_setup --keystone-user keystone --keystone-group keystone
注册身份
#--bootstrap-password admin 这个admin是账户admin的密码
keystone-manage bootstrap --bootstrap-password admin \
--bootstrap-admin-url http://master.openstack:5000/v3/ \
--bootstrap-internal-url http://master.openstack:5000/v3/ \
--bootstrap-public-url http://master.openstack:5000/v3/ \
--bootstrap-region-id RegionOne
配置httpd
vi /etc/httpd/conf/httpd.conf
ServerName master.openstack:80
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
systemctl enable httpd.service
systemctl start httpd.service
创建admin账户变量
vi /etc/profile.d/openstack-admin.sh
#!/bin/bash
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_PROJECT_NAME=admin
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_DOMAIN_NAME=Default
export OS_AUTH_URL=http://master.openstack:5000/v3
export OS_IDENTITY_API_VERSION=3
source /etc/profile.d/openstack-admin.sh
#查看账户是否生效
openstack user list
创建域tomson
openstack domain create --description "An tomson Domain" tomson
创建项目service
openstack project create --domain default --description "Service Project" service
创建项目tomsonproject
openstack project create --domain default --description "tomson Project" tomsonproject
创建用户myuser,需要输入密码tomson1234
openstack user create --domain default --password-prompt myuser
创建角色规则myrole
openstack role create myrole
将项目,用户和规则绑定
openstack role add --project tomsonproject --user myuser myrole
取消刚才定义的环境变量
unset OS_AUTH_URL OS_PASSWORD
输入admin账户密码admin,测试账户认证功能
openstack --os-auth-url http://master.openstack:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name admin --os-username admin token issue
输入myuser账户密码tomson1234,测试账户认证功能
openstack --os-auth-url http://master.openstack:5000/v3 \
--os-project-domain-name Default --os-user-domain-name Default \
--os-project-name tomsonproject --os-username myuser token issue
修改admin变量,下面都是用admin变量进行创建组件
vi /etc/profile.d/openstack-admin.sh
#!/bin/bash
export OS_PROJECT_DOMAIN_NAME=Default
export OS_USER_DOMAIN_NAME=Default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=admin
export OS_AUTH_URL=http://master.openstack:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
source /etc/profile.d/openstack-admin.sh
#测试token
openstack token issue
#查看keystone数据库是否生成了数据
mysql -u keystone -p'tomson1234' -e 'use keystone;show tables;'
配置mysql
CREATE DATABASE glance;
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'tomson1234';
exit
创建glance账户,密码配tomson1234,创建身份认证
source /etc/profile.d/openstack-admin.sh
openstack user create --domain default --password-prompt glance
授权
openstack role add --project service --user glance admin
创建image service
openstack service create --name glance --description "OpenStack Image" image
在3个网络上开放端口,分别是public ,internal ,admin
openstack endpoint create --region RegionOne \
image public http://master.openstack:9292
openstack endpoint create --region RegionOne \
image internal http://master.openstack:9292
openstack endpoint create --region RegionOne \
image admin http://master.openstack:9292
安装配置glance
yum install openstack-glance -y
配置glance
vi /etc/glance/glance-api.conf
[database]
connection = mysql+pymysql://glance:tomson1234@master.openstack/glance
[keystone_authtoken]
www_authenticate_uri = http://master.openstack:5000
auth_url = http://master.openstack:5000
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = glance
password = tomson1234
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/
启动配置
su -s /bin/sh -c "glance-manage db_sync" glance
systemctl enable openstack-glance-api.service
systemctl start openstack-glance-api.service
下载一个镜像,导入glance
cd /var/lib/glance/images/
wget http://download.cirros-cloud.net/0.4.0/cirros-0.4.0-x86_64-disk.img
glance image-create --name "cirros" \
--file cirros-0.4.0-x86_64-disk.img \
--disk-format qcow2 --container-format bare \
--visibility public
glance image-list
查看数据库是否生成文件
mysql -u keystone -p'tomson1234' -e 'use keystone;show tables;'
mysql配置
CREATE DATABASE placement;
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON placement.* TO 'placement'@'%' IDENTIFIED BY 'tomson1234';
exit
创建账户placement,密码配tomson1234,创建身份认证
source /etc/profile.d/openstack-admin.sh
openstack user create --domain default --password-prompt placement
授权
openstack role add --project service --user placement admin
创建placement service
openstack service create --name placement --description "Placement API" placement
创建3个网络端口
openstack endpoint create --region RegionOne \
placement public http://master.openstack:8778
openstack endpoint create --region RegionOne \
placement internal http://master.openstack:8778
openstack endpoint create --region RegionOne \
placement admin http://master.openstack:8778
安装配置placement
yum install openstack-placement-api -y
修改配置
vi /etc/placement/placement.conf
[placement_database]
#设置数据库信息
connection = mysql+pymysql://placement:tomson1234@master.openstack/placement
[api]
#设置API为keystone
auth_strategy = keystone
[keystone_authtoken]
auth_url = http://master.openstack:5000/v3
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = placement
password = tomson1234
启动配置
su -s /bin/sh -c "placement-manage db sync" placement
会出现下面这个警告,忽略即可
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1280, u"Name ‘alembic_version_pkc’ ignored for PRIMARY key.")
result = self._query(query)
修改httpd配置
vi /etc/httpd/conf.d/00-placement-api.conf 文件底部添加
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
重启apache
systemctl restart httpd
查看数据库是否生成文件
mysql -u placement -p'tomson1234' -e 'use placement;show tables;'
mysql配置,创建数据库
CREATE DATABASE nova_api;
CREATE DATABASE nova;
CREATE DATABASE nova_cell0;
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%' IDENTIFIED BY 'tomson1234';
exit
创建账户nova,密码配tomson1234,创建身份认证
source /etc/profile.d/openstack-admin.sh
openstack user create --domain default --password-prompt nova
授权
openstack role add --project service --user nova admin
创建compute service
openstack service create --name nova \
--description "OpenStack Compute" compute
创建3个服务端口
openstack endpoint create --region RegionOne \
compute public http://master.openstack:8774/v2.1
openstack endpoint create --region RegionOne \
compute internal http://master.openstack:8774/v2.1
openstack endpoint create --region RegionOne \
compute admin http://master.openstack:8774/v2.1
安装配置nova
yum install openstack-nova-api openstack-nova-conductor openstack-nova-novncproxy openstack-nova-scheduler -y
修改配置
vi /etc/nova/nova.conf
[DEFAULT]
enabled_apis = osapi_compute,metadata
my_ip = 10.10.162.38
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
transport_url = rabbit://openstack:sunny@master.openstack:5672/
[api_database]
#配置nova_api数据库的连接
connection = mysql+pymysql://nova:tomson1234@master.openstack/nova_api
[database]
#配置连接nova数据库信息
connection = mysql+pymysql://nova:tomson1234@master.openstack/nova
[api]
#设置认证方式
auth_strategy = keystone
[keystone_authtoken]
#设置认证信息,账户和密码为上面注册的信息
www_authenticate_uri = http://master.openstack:5000/
auth_url = http://master.openstack:5000/
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = tomson1234
[vnc]
#设置监听地址为本机IP
enabled = true
erver_listen = 10.10.162.38
server_proxyclient_address = 10.10.162.38
[glance]
#设置glance信息
api_servers = http://master.openstack:9292
[oslo_concurrency]
#锁路径配置
lock_path = /var/lib/nova/tmp
#开启自动扫描添加node
[scheduler]
discover_hosts_in_cells_interval = 300
[placement]
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://master.openstack:5000/v3
username = placement
password = tomson1234
确认配置
grep "^[a-Z]" /etc/nova/nova.conf 确认配置
启动配置,出现警告,不用管
su -s /bin/sh -c "nova-manage api_db sync" nova
su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova
su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova
su -s /bin/sh -c "nova-manage db sync" nova
查看配置是否启动成功,这里要记住如果你写错了rabbitmq的密码后,将来nova-conductor只从mysql中读取rabbitmq的密码,而不会读取/etc/nova/nova.conf的rabbitmq的密码,一定要切记。
su -s /bin/sh -c "nova-manage cell_v2 list_cells" nova
启动服务,没有报错就行
systemctl enable \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl start \
openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service
systemctl status openstack-nova-api.service
systemctl status openstack-nova-scheduler.service
systemctl status openstack-nova-conductor.service
systemctl status openstack-nova-novncproxy.service
mysql配置
CREATE DATABASE neutron;
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'tomson1234';
GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'tomson1234';
exit
创建账户neutron,密码配tomson1234,创建身份认证
source /etc/profile.d/openstack-admin.sh
openstack user create --domain default --password-prompt neutron
授权
openstack role add --project service --user neutron admin
新建network service
openstack service create --name neutron \
--description "OpenStack Networking" network
注册3个端口
openstack endpoint create --region RegionOne \
network public http://master.openstack:9696
openstack endpoint create --region RegionOne \
network internal http://master.openstack:9696
openstack endpoint create --region RegionOne \
network admin http://master.openstack:9696
neutron有2种网络模式,一般使用桥接模式,这里我们配置桥接模式
安装配置neutron
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables libibverbs -y
yum groupinstall "Development Tools" -y
yum -y install openssl-devel wget kernel-devel
yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch -y
修改配置
vi /etc/neutron/neutron.conf
[DEFAULT]
设置组件模式
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:sunny@master.openstack
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
#设置neutron数据库信息
connection = mysql+pymysql://neutron:tomson1234@master.openstack/neutron
[keystone_authtoken]
#设置上面注册的neutron账户信息
www_authenticate_uri = http://master.openstack:5000
auth_url = http://master.openstack:5000
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = tomson1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
#下面全部都要添加到文件尾部
[nova]
#设置nova的连接信息
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = tomson1234
配置ml2插件的ml2_conf.ini文件
插件配置文件网址:ml2_conf.ini
https://docs.openstack.org/ocata/config-reference/networking/samples/ml2_conf.ini.html
用浏览器打开网址,将内容全部复制替换掉老的文件
vi /etc/neutron/plugins/ml2/ml2_conf.ini 删除老的文件,复制上面网址的全部内容,然后填上如下选项
[ml2]
type_drivers = flat,vlan
tenant_network_types =
mechanism_drivers = linuxbridge
extension_drivers = port_security
[ml2_type_flat]
#定义网络名字external,可以自定义,但是名字需要和下面linuxbridge_agent.ini文件保持一致
flat_networks = external
[securitygroup]
#安全组配置
enable_ipset = true
确认配置
grep "^#" -v /etc/neutron/plugins/ml2/ml2_conf.ini
配置ml2插件的linuxbridge_agent.ini文件
插件文档:linuxbridge_agent.ini
https://docs.openstack.org/ocata/config-reference/networking/samples/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
用浏览器打开网址,将内容全部复制替换掉老的文件,并加上如下的内容
[linux_bridge]
#需要和上面的ml2_conf.ini文件的flat_networks = external名字一样
#ens3是本机网卡名字,使用能连接外网的网卡,一个master或node要有多个网卡,这个只是其中的一个。
physical_interface_mappings = external:ens3
[vxlan]
enable_vxlan = false
[securitygroup]
#安全组配置
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置dhcp_agent.ini文件,这个是使虚拟机自动获取到IP
vi /etc/neutron/dhcp_agent.ini
[DEFAULT]
interface_driver = linuxbridge
dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
enable_isolated_metadata = true
配置metadata_agent.ini文件,设置nova连接认证密码
vi /etc/neutron/metadata_agent.ini
[DEFAULT]
nova_metadata_host = master.openstack
#tomson1234这个密码要和下面metadata_proxy_shared_secret一致
metadata_proxy_shared_secret = tomson1234
配置nova使用neutron组件
vi /etc/nova/nova.conf
[neutron]
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = tomson1234
service_metadata_proxy = true
#这个需要和上面metadata_agent.ini配的保持一致
metadata_proxy_shared_secret = tomson1234
启动配置
ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini
su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \
--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron
重启nova
systemctl restart openstack-nova-api.service
启动服务
systemctl enable neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl start neutron-server.service \
neutron-linuxbridge-agent.service neutron-dhcp-agent.service \
neutron-metadata-agent.service
systemctl status neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service
查看数据生成
mysql -u neutron -p'tomson1234' -e 'use neutron; show tables;'
确认4个组件都是up
openstack network agent list
external 这里的名字必须和上面文件配置的网络一致
openstack network create --share --external \
--provider-physical-network external \
--provider-network-type flat external-net
创建子网
master主机ip是10.10.162.38,node1的主机ip是10.10.162.40
设置能连接外网的网段,要用真机IP也就是物理ip,网关
start=10.10.162.100,end=10.10.162.150
–gateway 10.10.162.1
–subnet-range 10.10.162.0/24
openstack subnet create --network external-net \
--allocation-pool start=10.10.162.100,end=10.10.162.150 \
--dns-nameserver 114.114.114.114 --gateway 10.10.162.1 \
--subnet-range 10.10.162.0/24 external-sub
brctl show 查看网卡绑定
ip a 查看真机的IP绑定到新增的网卡了
node启动服务后,在master查看node的nova是否注册到了集群
master查看node1已经注册成功
source /etc/profile.d/openstack-admin.sh
openstack compute service list --service nova-compute
–id 0 指定编号
–vcpus 1 指定CPU个数
–ram 64 指定使用内存,单位是M
–disk 1 指定使用硬盘大小,单位是G
m1.nano 硬件类型名称
openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano
创建秘钥,这个是用来master远程虚拟机使用的
# 回车就行
ssh-keygen -q -N ""
openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey
openstack keypair list
创建安全组规则
openstack security group rule create --proto icmp default
openstack security group rule create --proto tcp --dst-port 22 default
#查看安全组列表
openstack security group list
创建虚拟机
# 查看镜像名字
openstack image list
#查看网络ID
openstack network list
#net-id,是上面查看到的网络id
openstack server create --flavor m1.nano --image cirros \
--nic net-id=67a5e03a-4528-435b-b7c2-1a77c55fc2a1 --security-group default \
--key-name mykey xuniji-vm1
–flavor m1.nano 指定使用的硬件类型名
–image cirros 指定镜像名字
–nic net-id=3c75db46-e55f-49dd-81c4-8ed1a2a55016 指定使用的网络
–security-group default 指定使用的安全组
–key-name mykey xuniji-vm1 指定虚拟机名字
openstack server list
#查看网页登录虚拟机方式
openstack console url show xuniji-vm1
可以通过master ip访问vnc
http://10.10.162.38:6080/vnc_auto.html?path=%3Ftoken%3D460500cf-ed23-4325-93dd-c901a20880ff
根据提示输入账户cirros,密码gocubsgo,用sudo提权
ip a 可以到分配了真机的IP段
ping 114.114.114.114 可以通外网
yum install openstack-dashboard -y
vi /etc/openstack-dashboard/local_settings 修改配置
#设置master的IP
OPENSTACK_HOST = "10.10.162.38"
# balancer service, security groups, quotas, VPN service.
OPENSTACK_NEUTRON_NETWORK = {
'enable_auto_allocated_network': True,
'enable_distributed_router': True,
'enable_fip_topology_check': True,
'enable_ha_router': True,
'enable_ipv6': True,
# TODO(amotoki): Drop OPENSTACK_NEUTRON_NETWORK completely from here.
# enable_quotas has the different default value here.
'enable_quotas': True,
'enable_rbac_policy': True,
'enable_router': True,
'default_dns_nameservers': [],
'supported_provider_types': ['*'],
'segmentation_id_range': {},
'extra_provider_types': {},
'supported_vnic_types': ['*'],
'physical_networks': [],
}
#在这里添加访问的路径
# https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts
WEBROOT = '/dashboard'
#修改允许访问的方式
ALLOWED_HOSTS = ['10.10.162.38', 'localhost']
#这里添加内容
#SESSION_ENGINE = 'django.contrib.sessions.backends.signed_cookies'
SESSION_ENGINE = 'django.contrib.sessions.backends.cache'
#CACHES = {
# 'default': {
# 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
# 'LOCATION': '127.0.0.1:11211',
# },
#}
#在这里添加下面
CACHES = {
'default': {
'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',
'LOCATION': 'master.openstack:11211',
}
}
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_API_VERSIONS = {
"identity": 3,
"image": 2,
"volume": 3,
}
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"
#修改时区为上海
# The timezone of the server. This should correspond with the timezone
# of your entire OpenStack installation, and hopefully be in UTC.
#TIME_ZONE = "UTC"
TIME_ZONE = "Asia/Shanghai"
vi /etc/httpd/conf.d/openstack-dashboard.conf 头部添加
WSGIApplicationGroup %{GLOBAL}
启动服务
systemctl restart httpd.service memcached.service
访问网页版
http://10.10.162.38/dashboard 这里的/dashboard就是上面的WEBROOT路径
域输入default,账户admin,密码admin
查看账户密码去这个脚本查看
cat /etc/profile.d/openstack-admin.sh
export OS_USERNAME=admin
export OS_PASSWORD=admin
关闭防火墙,selinux
systemctl stop firewalld
systemctl disable firewalld
sed -i 's/SELINUX=enforcing$/SELINUX=disabled/g' /etc/selinux/config
setenforce 0
systemctl disable NetworkManager.service
配置时区同步
yum install -y chrony
timedatectl set-timezone Asia/Shanghai
vi /etc/chrony.conf 注释一些,加入最后一行
#注释这些
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
#写对准这个时间服务器
server time1.aliyun.com iburst
systemctl enable chronyd
systemctl start chronyd
#查看是否开始校对
chronyc sources -V
编辑host文件 vi /etc/hosts
10.10.162.38 master.openstack
10.10.162.39 node1.openstack
hostnamectl set-hostname node1.openstack
node1安装openstack源
yum install -y centos-release-openstack-train.noarch
yum install python-openstackclient openstack-selinux wget -y 安装依赖包
安装配置nova
yum install openstack-nova-compute -y
配置nova
vi /etc/nova/nova.conf
[DEFAULT]
#设置组件和连接master的rabbitmq的信息
enabled_apis = osapi_compute,metadata
transport_url = rabbit://openstack:sunny@master.openstack
use_neutron = true
firewall_driver = nova.virt.firewall.NoopFirewallDriver
vif_plugging_timeout = 10
vif_plugging_is_fatal = False
[api]
#设置认证方式
auth_strategy = keystone
[keystone_authtoken]
#设置master的nova的账户信息
www_authenticate_uri = http://master.openstack:5000/
auth_url = http://master.openstack:5000/
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = Default
user_domain_name = Default
project_name = service
username = nova
password = tomson1234
[vnc]
#10.10.162.39为node的IP,虚拟机的出口就是整个IP
enabled = true
server_listen = 0.0.0.0
server_proxyclient_address = 10.10.162.39
novncproxy_base_url = http://master.openstack:6080/vnc_auto.html
[glance]
#设置连接master的glance组件
api_servers = http://master.openstack:9292
[oslo_concurrency]
lock_path = /var/lib/nova/tmp
[placement]
#设置连接master的placement组件信息
region_name = RegionOne
project_domain_name = Default
project_name = service
auth_type = password
user_domain_name = Default
auth_url = http://master.openstack:5000/v3
username = placement
password = tomson1234
启动服务
systemctl enable libvirtd.service openstack-nova-compute.service
systemctl start libvirtd.service openstack-nova-compute.service
systemctl status libvirtd.service openstack-nova-compute.service
yum install openstack-neutron-linuxbridge ebtables ipset -y
vi /etc/neutron/neutron.conf 修改配置
[DEFAULT]
#设置rabbitmq的账户和密码
transport_url = rabbit://openstack:sunny@master.openstack
auth_strategy = keystone
[keystone_authtoken]
#连接master的neutron组件,账户信息都是master的neutron信息
www_authenticate_uri = http://master.openstack:5000
auth_url = http://master.openstack:5000
memcached_servers = master.openstack:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = tomson1234
[oslo_concurrency]
lock_path = /var/lib/neutron/tmp
配置ml2插件的linuxbridge_agent.ini文件
插件文档:linuxbridge_agent.ini
https://docs.openstack.org/ocata/config-reference/networking/samples/linuxbridge_agent.ini
vi /etc/neutron/plugins/ml2/linuxbridge_agent.ini
用浏览器打开网址,将内容全部复制替换掉老的文件,并加上如下的内容
[linux_bridge]
physical_interface_mappings = external:eth0
[vxlan]
enable_vxlan = false
[securitygroup]
enable_security_group = true
firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver
配置nova
vi /etc/nova/nova.conf
[neutron]
auth_url = http://master.openstack:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = tomson1234
[libvirt]
virt_type=qemu
重启nova服务
systemctl restart openstack-nova-compute.service
启动neutron组件
启动服务
systemctl enable neutron-linuxbridge-agent.service
systemctl start neutron-linuxbridge-agent.service
systemctl status neutron-linuxbridge-agent.service
查看CPU的选项
virsh capabilities |grep pc
修改nova
vi /etc/nova/nova.conf
[libvirt]
virt_type=qemu
cpu_mode=host-model
hw_machine_type=x86_64=pc-i440fx-rhel7.6.0
重启服务
systemctl restart libvirtd.service openstack-nova-compute.service