OpenStack-Ocata-單點(diǎn)部署教程

OpenStackOcata版本單點(diǎn)部署姓名：日期：

目錄1OpenStack安裝環(huán)境搭建 41.1CenOS7初始配置 41.2基礎(chǔ)環(huán)境配置 52Keystone—認(rèn)證服務(wù) 72.1概述 72.2keystone安裝與配置 72.3創(chuàng)建域/項(xiàng)目/用戶/角色 92.4keystone功能驗(yàn)證 102.5創(chuàng)建客戶端認(rèn)證腳本 113Glance—鏡像服務(wù) 133.1概述 133.2glance安裝與配置 133.3glance功能驗(yàn)證 174Nova—計(jì)算服務(wù) 184.1概述 184.2controller節(jié)點(diǎn)安裝與配置 184.3compute節(jié)點(diǎn)安裝與配置 254.4nova功能驗(yàn)證 275Neutron—網(wǎng)絡(luò)服務(wù) 295.1概述 295.2controller節(jié)點(diǎn)安裝與配置 295.3neutron功能驗(yàn)證 356Horizon—前臺(tái)界面 366.1概述 366.2horizon安裝與配置 366.3horizon功能驗(yàn)證 377Cinder—塊存儲(chǔ)服務(wù) 387.1概述 387.2controller節(jié)點(diǎn)安裝與配置 387.3storage節(jié)點(diǎn)安裝與配置 427.4cinder功能驗(yàn)證 448實(shí)例部署 45

1OpenStack安裝環(huán)境搭建1.1CenOS7初始配置單點(diǎn)虛擬機(jī)配置：CPU8核，內(nèi)存16GB，存儲(chǔ)100GB，網(wǎng)卡2塊。操作系統(tǒng)：CentOS7在搭建OpenStack安裝環(huán)境之前需要初始化centos的系統(tǒng)配置，包括網(wǎng)絡(luò)、在線更新源、安全三個(gè)部分。1.網(wǎng)絡(luò)兩塊網(wǎng)卡一塊設(shè)置為外網(wǎng)訪問IP，另一塊設(shè)置為本地管理網(wǎng)絡(luò)IP。修改配置文件/etc/sysconfig/network-scripts/ifcfg-xxx(根據(jù)網(wǎng)卡名稱修改)：2.在線更新源備份原有源文件：mv/etc/yum.repos.d/CentOS-Base.repo/etc/yum.repos.d/CentOS-Base.repo.backup下載網(wǎng)易源文件并更改文件名為CentOS-Base.repo：/.help/CentOS7-Base-163.repo建立緩存并更新：yumcleanallyummakecacheyumupdate3.安全關(guān)閉防火墻與selinux：systemctldisablefirewalld.servicesystemctlstopfirewalld.servicesetenforce0配置文件/etc/selinux/config，將SELINUX設(shè)置為disabled。1.2基礎(chǔ)環(huán)境配置1.啟用OpenStack倉庫yuminstallcentos-release-openstack-ocata完成安裝：安裝OpenStack客戶端--yuminstallpython-openstackclient安裝selinux安裝包--yuminstallopenstack-selinux2.設(shè)置內(nèi)外網(wǎng)IP對(duì)應(yīng)主機(jī)名修改配置文件/etc/hosts退出重新登錄即可生效3.MySQL數(shù)據(jù)庫安裝配置安裝相關(guān)軟件包：yuminstallmariadb-serverpython2-PyMySQL編輯配置文件/etc/f.d/f：?jiǎn)?dòng)數(shù)據(jù)庫服務(wù)：systemctlenablemariadb.servicesystemctlstartmariadb.service設(shè)置數(shù)據(jù)庫密碼：mysql_secure_installation測(cè)試登錄：mysql–uroot–p4.消息隊(duì)列RabbitMQ安裝與配置安裝軟件包：yuminstallrabbitmq-server啟用消息隊(duì)列服務(wù)：systemctlenablerabbitmq-server.servicesystemctlstartrabbitmq-server.service添加opensatck用戶：rabbitmqctladd_useropenstackPASS設(shè)置權(quán)限：rabbitmqctlset_permissionsopenstack".*"".*"".*"5.Memcached安裝與配置Memcached的作用為緩存tokens。安裝相關(guān)軟件包：yuminstallmemcachedpython-memcached配置文件/etc/sysconfig/memcached啟動(dòng)服務(wù)：systemctlenablememcached.servicesystemctlstartmemcached.service

2Keystone—認(rèn)證服務(wù)2.1概述云安全需要考慮數(shù)據(jù)安全、身份與訪問管理安全、虛擬化安全和基礎(chǔ)設(shè)施安全四個(gè)部分。Keystone為OpenStack中的一個(gè)獨(dú)立的提供安全認(rèn)證的模塊，主要負(fù)責(zé)OpenStack用戶的身份認(rèn)證、令牌管理、提供訪問資源的服務(wù)目錄，以及基于用戶角色的訪問控制。在OpenStack整體框架中，Keystone作用類似于服務(wù)總線，其他服務(wù)需要通過Keystone注冊(cè)服務(wù)端點(diǎn)，其中服務(wù)端點(diǎn)為服務(wù)的訪問點(diǎn)或URL。Keystone幾個(gè)基本概念：1.User--用戶通過Keystone訪問OpenStack服務(wù)的個(gè)人、系統(tǒng)或者某個(gè)服務(wù)，Keystone通過認(rèn)證信息驗(yàn)證用戶請(qǐng)求合法性。2.Role--角色一個(gè)用戶所具有的角色，代表其被賦予的權(quán)限。3.Service--服務(wù)4.Endpoint--端點(diǎn)一個(gè)可以用來訪問某個(gè)具體服務(wù)的網(wǎng)絡(luò)地址。5.Token--令牌6.Catalog--服務(wù)查詢目錄2.2keystone安裝與配置1.安裝前準(zhǔn)備使用root用戶登錄數(shù)據(jù)庫mysql–uroot–p創(chuàng)建keystone數(shù)據(jù)庫CREATEDATABASEkeystone;授權(quán)數(shù)據(jù)庫訪問GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONkeystone.*TO'keystone'@'%'IDENTIFIEDBY'PASS';退出數(shù)據(jù)庫2.Keystone組件安裝與配置安裝相關(guān)軟件包：yuminstallopenstack-keystonehttpdmod_wsgi修改配置文件/etc/keystone/keystone.conf：[database]connection=mysql+pymysql://keystone:PASS@controller/keystone[token]provider=fernet填充認(rèn)證服務(wù)數(shù)據(jù)庫：su-s/bin/sh-c"keystone-managedb_sync"keystone初始化Fernetkey倉庫：keystone-managefernet_setup--keystone-userkeystone--keystone-groupkeystonekeystone-managecredential_setup--keystone-userkeystone--keystone-groupkeystone引導(dǎo)認(rèn)證服務(wù)：keystone-managebootstrap--bootstrap-passwordPASS--bootstrap-admin-urlhttp://controller:35357/v3/--bootstrap-internal-urlhttp://controller:5000/v3/--bootstrap-public-urlhttp://controller:5000/v3/--bootstrap-region-idRegionOne3.ApacheHttp服務(wù)器配置修改配置文件/etc/httpd/conf/httpd.conf：ServerNamecontroller創(chuàng)建鏈接：ln-s/usr/share/keystone/wsgi-keystone.conf/etc/httpd/conf.d/4.啟動(dòng)服務(wù)systemctlenablehttpd.servicesystemctlstarthttpd.service5.配置管理賬戶export

OS_USERNAME=adminexport

OS_PASSWORD=PASSexport

OS_PROJECT_NAME=adminexport

OS_USER_DOMAIN_NAME=Defaultexport

OS_PROJECT_DOMAIN_NAME=Defaultexport

OS_AUTH_URL=http://controller:35357/v3export

OS_IDENTITY_API_VERSION=32.3創(chuàng)建域/項(xiàng)目/用戶/角色1.創(chuàng)建service項(xiàng)目openstackprojectcreate--domaindefault--description"ServiceProject"service2.創(chuàng)建Demo項(xiàng)目openstackprojectcreate--domaindefault--description"DemoProject"demo3.創(chuàng)建Demo用戶openstackusercreate--domaindefault--password-promptdemo(需輸入密碼)4.創(chuàng)建demo用戶相關(guān)的角色openstackrolecreateuser5.將角色加入對(duì)應(yīng)的用戶和項(xiàng)目中openstackroleadd--projectdemo--userdemouser2.4keystone功能驗(yàn)證1.關(guān)閉token臨時(shí)認(rèn)證機(jī)制編輯/etc/keystone/keystone-paste.ini：刪除以下三個(gè)部分中的admin_token_auth2.取消臨時(shí)環(huán)境變量unsetOS_AUTH_URLOS_PASSWORD3.admin用戶token認(rèn)證openstack--os-auth-urlhttp://controller:35357/v3--os-project-domain-namedefault--os-user-domain-namedefault--os-project-nameadmin--os-usernameadmintokenissue4.demo用戶token認(rèn)證openstack--os-auth-urlhttp://controller:5000/v3--os-project-domain-namedefault--os-user-domain-namedefault--os-project-namedemo--os-usernamedemotokenissue2.5創(chuàng)建客戶端認(rèn)證腳本1.創(chuàng)建文件admin-openrc：export

OS_PROJECT_DOMAIN_NAME=Defaultexport

OS_USER_DOMAIN_NAME=Defaultexport

OS_PROJECT_NAME=adminexport

OS_USERNAME=adminexport

OS_PASSWORD=PASSexport

OS_AUTH_URL=http://controller:35357/v3export

OS_IDENTITY_API_VERSION=3export

OS_IMAGE_API_VERSION=22.創(chuàng)建文件demo-openrc：export

OS_PROJECT_DOMAIN_NAME=Defaultexport

OS_USER_DOMAIN_NAME=Defaultexport

OS_PROJECT_NAME=demoexport

OS_USERNAME=demoexport

OS_PASSWORD=PASSexport

OS_AUTH_URL=http://controller:5000/v3export

OS_IDENTITY_API_VERSION=3export

OS_IMAGE_API_VERSION=23.測(cè)試腳本.admin-openrcopenstacktokenissue

3Glance—鏡像服務(wù)3.1概述Glance為OpenStack提供虛擬機(jī)的鏡像服務(wù)，由glance-api與glance-registry兩個(gè)服務(wù)組成。glance-api是進(jìn)入Glance的入口，負(fù)責(zé)接收用戶的RESTful請(qǐng)求，再通過后臺(tái)的存儲(chǔ)系統(tǒng)完成鏡像的存儲(chǔ)與獲取。3.2glance安裝與配置1.安裝前準(zhǔn)備創(chuàng)建glance數(shù)據(jù)庫及后續(xù)操作：mysql–uroot–pCREATEDATABASEglance;GRANTALLPRIVILEGESONglance.*TO'glance'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONglance.*TO'glance'@'%'IDENTIFIEDBY'PASS';2.使用admin認(rèn)證.admin-openrc3.創(chuàng)建glance用戶openstackusercreate--domaindefault--password-promptglance4.將admin角色加入glance用戶及service項(xiàng)目openstackroleadd--projectservice--userglanceadmin5.創(chuàng)建glance服務(wù)實(shí)體openstackservicecreate--nameglance--description"OpenStackImage"image6.創(chuàng)建鏡像服務(wù)API接入點(diǎn)openstackendpointcreate--regionRegionOneimagepublichttp://controller:9292openstackendpointcreate--regionRegionOneimageinternalhttp://controller:9292openstackendpointcreate--regionRegionOneimageadminhttp://controller:92927.glance組件安裝及配置(1)安裝軟件包yuminstallopenstack-glance(2)編輯文件/etc/glance/glance-api.conf[database]connection=mysql+pymysql://glance:PASS@controller/glance[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

glancepassword

=

PASS[paste_deploy]#

...flavor

=

keystone[glance_store]#

...stores

=

file,httpdefault_store

=

filefilesystem_store_datadir

=

/var/lib/glance/images/(3)編輯文件/etc/glance/glance-registry.conf[database]connection=mysql+pymysql://glance:PASS@controller/glance[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

glancepassword

=

PASS[paste_deploy]#

...flavor

=

keystone8.填充glance數(shù)據(jù)庫su-s/bin/sh-c"glance-managedb_sync"glance9.啟動(dòng)服務(wù)systemctlenableopenstack-glance-api.serviceopenstack-glance-registry.servicesystemctlstartopenstack-glance-api.serviceopenstack-glance-registry.service3.3glance功能驗(yàn)證1.使用admin認(rèn)證.admin-openrc2.下載鏡像wget/0.3.5/cirros-0.3.5-x86_64-disk.img3.上傳鏡像至服務(wù)器openstackimagecreate"cirros"--file

cirros-0.3.5-x86_64-disk.img--disk-formatqcow2--container-formatbare–public4.查看鏡像是否上傳成功openstackimagelist

4Nova—計(jì)算服務(wù)4.1概述Nova為OpenStack的計(jì)算組件，由API、Compute、Conductor、Scheduler四個(gè)核心服務(wù)所組成，服務(wù)之間通過AMQP消息隊(duì)列進(jìn)行通信。API是進(jìn)入Nova的HTTP接口，Compute和VMM交互運(yùn)行虛擬機(jī)并管理虛擬機(jī)的生命周期。Schedular從可用資源池中選擇最合適的計(jì)算節(jié)點(diǎn)來創(chuàng)建新的虛擬機(jī)實(shí)例，Conductor為數(shù)據(jù)庫的訪問提供一層安全保障。虛擬機(jī)創(chuàng)建服務(wù)流程：首先用戶執(zhí)行novaclient提供的用于創(chuàng)建虛擬機(jī)的命令，API服務(wù)監(jiān)聽到novaclient發(fā)送的HTTP請(qǐng)求并且將它轉(zhuǎn)換成AMQP消息，通過消息隊(duì)列(Queue)調(diào)用Conductor服務(wù)，Conductor服務(wù)通過消息隊(duì)列接受到任務(wù)之后，先完成一些準(zhǔn)備工作，再通過消息隊(duì)列告訴Schedular去選擇一個(gè)滿足虛擬機(jī)創(chuàng)建要求的主機(jī)，Conductor拿到Schedular提供的目標(biāo)主機(jī)之后，會(huì)要求Compute服務(wù)創(chuàng)建虛擬機(jī)。4.2controller節(jié)點(diǎn)安裝與配置安裝前準(zhǔn)備工作：1.添加nova數(shù)據(jù)庫mysql–uroot-pCREATEDATABASEnova_api;CREATEDATABASEnova;CREATEDATABASEnova_cell0;GRANTALLPRIVILEGESONnova_api.*TO'nova'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova_api.*TO'nova'@'%'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova.*TO'nova'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova.*TO'nova'@'%'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova_cell0.*TO'nova'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONnova_cell0.*TO'nova'@'%'IDENTIFIEDBY'PASS';2.使用admin認(rèn)證.admin-openrc3.創(chuàng)建nova用戶openstackusercreate--domaindefault--password-promptnova4.將admin角色加給nova用戶openstackroleadd--projectservice--usernovaadmin5.創(chuàng)建nova服務(wù)實(shí)體openstackservicecreate--namenova--description"OpenStackCompute"compute6.創(chuàng)建計(jì)算API服務(wù)端點(diǎn)openstackendpointcreate--regionRegionOnecomputepublichttp://controller:8774/v2.1openstackendpointcreate--regionRegionOnecomputeinternalhttp://controller:8774/v2.1openstackendpointcreate--regionRegionOnecomputeadminhttp://controller:8774/v2.17.創(chuàng)建placement用戶openstackusercreate--domaindefault--password-promptplacement8.將placement用戶添加到service項(xiàng)目及admin角色中openstackroleadd--projectservice--userplacementadmin9.創(chuàng)建placementAPI實(shí)體openstackservicecreate--nameplacement--description"PlacementAPI"placement10.創(chuàng)建placementAPI服務(wù)端點(diǎn)openstackendpointcreate--regionRegionOneplacementpublichttp://controller:8778openstackendpointcreate--regionRegionOneplacementinternalhttp://controller:8778openstackendpointcreate--regionRegionOneplacementadminhttp://controller:8778安裝與配置組件：1.安裝nova相關(guān)軟件包yuminstallopenstack-nova-apiopenstack-nova-conductoropenstack-nova-consoleopenstack-nova-novncproxyopenstack-nova-scheduleropenstack-nova-placement-api2.修改配置文件/etc/nova/nova.conf[DEFAULT]#

...enabled_apis

=

osapi_compute,metadata[api_database]#

...connection

=

mysql+pymysql://nova:PASS@controller/nova_api[database]#

...connection

=

mysql+pymysql://nova:PASS@controller/nova[DEFAULT]#

...transport_url

=

rabbit://openstack:PASS@controller[api]#

...auth_strategy

=

keystone[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

novapassword

=

PASS[DEFAULT]#

...my_ip

=

05[DEFAULT]#

...use_neutron

=

Truefirewall_driver

=

nova.virt.firewall.NoopFirewallDriver[vnc]enabled

=

true#

...vncserver_listen

=

$my_ipvncserver_proxyclient_address

=

$my_ip[glance]#

...api_servers

=

http://controller:9292[oslo_concurrency]#

...lock_path

=

/var/lib/nova/tmp[placement]#

...os_region_name

=

RegionOneproject_domain_name

=

Defaultproject_name

=

serviceauth_type

=

passworduser_domain_name

=

Defaultauth_url

=

http://controller:35357/v3username

=

placementpassword

=

PASS3.修改配置文件/etc/httpd/conf.d/00-nova-placement-api.conf末尾增加：<Directory

/usr/bin>

<IfVersion

>=

2.4>

Require

all

granted

</IfVersion>

<IfVersion

<

2.4>

Order

allow,deny

Allow

from

all

</IfVersion></Directory>4.重啟httpd服務(wù)systemctlrestarthttpd.service5.填充nova-api數(shù)據(jù)庫su-s/bin/sh-c"nova-manageapi_dbsync"nova6.注冊(cè)cell0數(shù)據(jù)庫su

-s

/bin/sh

-c

"nova-manage

cell_v2

map_cell0"

nova7.創(chuàng)建cell1cellsu

-s

/bin/sh

-c

"nova-manage

cell_v2

create_cell

--name=cell1

--verbose"

nova8.填充nova數(shù)據(jù)庫su

-s

/bin/sh

-c

"nova-manage

db

sync"

nova9.驗(yàn)證cell0和cell1nova-managecell_v2list_cells10.啟動(dòng)服務(wù)systemctlenableopenstack-nova-api.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.servicesystemctlstartopenstack-nova-api.serviceopenstack-nova-consoleauth.serviceopenstack-nova-scheduler.serviceopenstack-nova-conductor.serviceopenstack-nova-novncproxy.service4.3compute節(jié)點(diǎn)安裝與配置1.安裝與配置compute組件yuminstallopenstack-nova-compute修改文件/etc/nova/nova.conf[DEFAULT]#...enabled_apis=osapi_compute,metadata[DEFAULT]#...transport_url=rabbit://openstack:PASS@controller[api]#...auth_strategy=keystone[keystone_authtoken]#...auth_uri=http://controller:5000auth_url=http://controller:35357memcached_servers=controller:11211auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultproject_name=serviceusername=novapassword=PASS[DEFAULT]#...my_ip=MANAGEMENT_INTERFACE_IP_ADDRESS[DEFAULT]#...use_neutron=Truefirewall_driver=nova.virt.firewall.NoopFirewallDriver[vnc]#...enabled=Truevncserver_listen=vncserver_proxyclient_address=$my_ipnovncproxy_base_url=http://controller:6080/vnc_auto.html[glance]#...api_servers=http://controller:9292[oslo_concurrency]#...lock_path=/var/lib/nova/tmp[placement]#...os_region_name=RegionOneproject_domain_name=Defaultproject_name=serviceauth_type=passworduser_domain_name=Defaultauth_url=http://controller:35357/v3username=placementpassword=PASS2.查看硬件支持信息egrep-c'(vmx|svm)'/proc/cpuinfo修改配置文件/etc/nova/nova.conf[libvirt]#...virt_type=qemu3.啟動(dòng)服務(wù)systemctlenablelibvirtd.serviceopenstack-nova-compute.servicesystemctlstartlibvirtd.serviceopenstack-nova-compute.service4.將計(jì)算節(jié)點(diǎn)加入cell數(shù)據(jù)庫中.admin-openrcopenstackhypervisorlistsu-s/bin/sh-c"nova-managecell_v2discover_hosts--verbose"nova4.4nova功能驗(yàn)證.admin-openrcopenstackcomputeservicelistopenstackcataloglistnova-statusupgradecheck

5Neutron—網(wǎng)絡(luò)服務(wù)5.1概述OpenStack所在的整個(gè)物理網(wǎng)絡(luò)在Neutron中被泛化為網(wǎng)絡(luò)資源池，Neutron能夠?yàn)橥晃锢砭W(wǎng)絡(luò)的每個(gè)租戶提供獨(dú)立的虛擬網(wǎng)絡(luò)環(huán)境。通用配置：一個(gè)管理員創(chuàng)建的外部網(wǎng)絡(luò)對(duì)象來負(fù)責(zé)OpenStack環(huán)境與Internet的連接，一個(gè)私有網(wǎng)絡(luò)提供給租戶創(chuàng)建自己的虛擬機(jī)。為了使內(nèi)部網(wǎng)絡(luò)中的機(jī)器能夠連接互聯(lián)網(wǎng)，必須創(chuàng)建一個(gè)路由器將內(nèi)部網(wǎng)絡(luò)連接到外部網(wǎng)絡(luò)。在該過程中，Neutron提供了一個(gè)L3(三層)的抽象router與一個(gè)L2(二層)的抽象network，router對(duì)應(yīng)于真實(shí)網(wǎng)絡(luò)環(huán)境中的路由器，為用戶提供路由、NAT等服務(wù)，network則對(duì)應(yīng)于一個(gè)真實(shí)物理網(wǎng)絡(luò)中的二層局域網(wǎng)(LAN)。另一個(gè)重要概念是子網(wǎng)subnet，功能為附加在二層網(wǎng)絡(luò)上指明屬于這個(gè)網(wǎng)絡(luò)的虛擬機(jī)可使用的IP地址范圍。5.2controller節(jié)點(diǎn)安裝與配置1.創(chuàng)建neutron數(shù)據(jù)庫mysql-uroot-pCREATEDATABASEneutron;GRANTALLPRIVILEGESONneutron.*TO'neutron'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONneutron.*TO'neutron'@'%'IDENTIFIEDBY'PASS';2.使用admin認(rèn)證.admin-openrc3.創(chuàng)建neutron用戶openstack

usercreate--domaindefault--password-promptneutron

4.將admin角色加入neutron用戶中openstackroleadd--projectservice--userneutronadmin5.創(chuàng)建neutron服務(wù)實(shí)體openstackservicecreate--nameneutron--description"OpenStackNetworking"network6.創(chuàng)建網(wǎng)絡(luò)服務(wù)API端點(diǎn)openstackendpointcreate--regionRegionOnenetworkpublichttp://controller:9696openstackendpointcreate--regionRegionOnenetworkinternalhttp://controller:9696openstackendpointcreate--regionRegionOnenetworkadminhttp://controller:96967.網(wǎng)絡(luò)類型配置-self-servicenetwork(1)安裝neutron網(wǎng)絡(luò)組件yuminstallopenstack-neutronopenstack-neutron-ml2openstack-neutron-linuxbridgeebtables(2)修改配置文件/etc/neutron/neutron.conf

：[database]#...connection=mysql+pymysql://neutron:PASS@controller/neutron使能ModularLayer2(ML2)插件、路由服務(wù)、重疊IP

[DEFAULT]#...core_plugin=ml2service_plugins=routerallow_overlapping_ips=true[DEFAULT]#...transport_url=rabbit://openstack:PASS@controller[DEFAULT]#...auth_strategy=keystone[keystone_authtoken]#...auth_uri=http://controller:5000auth_url=http://controller:35357memcached_servers=controller:11211auth_type=password

project_domain_name=defaultuser_domain_name=defaultproject_name=serviceusername=neutronpassword=PASS[DEFAULT]#...notify_nova_on_port_status_changes=truenotify_nova_on_port_data_changes=true[nova]#...auth_url=http://controller:35357auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultregion_name=RegionOneproject_name=serviceusername=novapassword=PASS[oslo_concurrency]#...lock_path=/var/lib/neutron/tmp(3)修改ModularLayer2插件配置文件/etc/neutron/plugins/ml2/ml2_conf.ini：使能flat/vlan/vxlan類型[ml2]#...type_drivers=flat,vlan,vxlan[ml2]#...tenant_network_types=vxlan[ml2]#...mechanism_drivers=linuxbridge,l2population[ml2]#...extension_drivers=port_security[ml2_type_flat]#...flat_networks=provider[ml2_type_vxlan]#...vni_ranges=1:1000[securitygroup]#...enable_ipset=true(4)修改linuxbridgeagent配置文件：/etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]physical_interface_mappings=provider:INTERFACE[vxlan]enable_vxlan=truelocal_ip=05l2_population=true[securitygroup]#...enable_security_group=truefirewall_driver=neutron.agent.linux.iptables_firewall.IptablesFirewallDriver(5)修改layer-3agent配置文件/etc/neutron/l3_agent.ini：[DEFAULT]#...interface_driver=linuxbridge(6)修改DHCPagent配置文件/etc/neutron/dhcp_agent.ini：[DEFAULT]#...interface_driver=linuxbridgedhcp_driver=neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata=true(7)修改metadataagent配置文件/etc/neutron/metadata_agent.ini：[DEFAULT]#...nova_metadata_ip=controllermetadata_proxy_shared_secret=PASS(8)在計(jì)算服務(wù)配置文件nova.conf中添加neutron網(wǎng)絡(luò)配置：[neutron]#...url=http://controller:9696auth_url=http://controller:35357auth_type=passwordproject_domain_name=defaultuser_domain_name=defaultregion_name=RegionOneproject_name=serviceusername=neutronpassword=PASS service_metadata_proxy=truemetadata_proxy_shared_secret=PASS8.建立鏈接ln-s/etc/neutron/plugins/ml2/ml2_conf.ini/etc/neutron/plugin.ini9.填充neutron數(shù)據(jù)庫su-s/bin/sh-c"neutron-db-manage--config-file/etc/neutron/neutron.conf--config-file/etc/neutron/plugins/ml2/ml2_conf.iniupgradehead"neutron10.重啟nova-api服務(wù)systemctlrestartopenstack-nova-api.service11.啟動(dòng)服務(wù)systemctlenableneutron-server.serviceneutron-linuxbridge-agent.serviceneutron-dhcp-agent.serviceneutron-metadata-agent.serviceneutron-l3-agent.servicesystemctlstartneutron-server.serviceneutron-linuxbridge-agent.serviceneutron-dhcp-agent.serviceneutron-metadata-agent.service

neutron-l3-agent.service5.3neutron功能驗(yàn)證.admin-openrcopenstackextensionlist--networkopenstacknetworkagentlist

6Horizon—前臺(tái)界面6.1概述模塊化的基于web的圖形界面，通過瀏覽器訪問。Horizon采用Django框架，一種基于Python語言的開源Web應(yīng)用程序框架。6.2horizon安裝與配置1.安裝horizon軟件包yuminstallopenstack-dashboard2.修改配置文件/etc/openstack-dashborad/local_settingsOPENSTACK_HOST="controller"ALLOWED_HOSTS=['*']SESSION_ENGINE='django.contrib.sessions.backends.cache'CACHES={

'default':{

'BACKEND':'django.core.cache.backends.memcached.MemcachedCache',

'LOCATION':'controller:11211',

}}OPENSTACK_KEYSTONE_URL="http://%s:5000/v3"%OPENSTACK_HOSTOPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT=TrueOPENSTACK_API_VERSIONS={

"identity":3,

"image":2,

"volume":2,}OPENSTACK_KEYSTONE_DEFAULT_DOMAIN="Default"OPENSTACK_KEYSTONE_DEFAULT_ROLE="user"OPENSTACK_NEUTRON_NETWORK={...

'enable_router':False,

'enable_quotas':False,

'enable_distributed_router':False,

'enable_ha_router':False,

'enable_lb':False,

'enable_firewall':False,

'enable_vpn':False,

'enable_fip_topology_check':False,}TIME_ZONE="TIME_ZONE"3.啟動(dòng)服務(wù)systemctlrestarthttpd.servicememcached.service6.3horizon功能驗(yàn)證訪問http://controller/dashboard

7Cinder—塊存儲(chǔ)服務(wù)7.1概述Cinder類似于AWS的EBS服務(wù)，為虛擬機(jī)提供持久化的塊存儲(chǔ)能力，實(shí)現(xiàn)虛擬機(jī)存儲(chǔ)卷的創(chuàng)建、掛載卸載、快照等生命周期管理，默認(rèn)使用LVM作為后端存儲(chǔ)。7.2controller節(jié)點(diǎn)安裝與配置1.創(chuàng)建cinder數(shù)據(jù)庫mysql-uroot-pCREATEDATABASEcinder;GRANTALLPRIVILEGESONcinder.*TO'cinder'@'localhost'IDENTIFIEDBY'PASS';GRANTALLPRIVILEGESONcinder.*TO'cinder'@'%'IDENTIFIEDBY'PASS';2.使用admin認(rèn)證.admin-openrc3.創(chuàng)建用戶cinderopenstackusercreate--domaindefault--password-promptcinder4.將admin角色添加至cinder用戶中openstackroleadd--projectservice--usercinderadmin5.創(chuàng)建cinderv2和cinderv3服務(wù)實(shí)體openstackservicecreate--namecinderv2--description"OpenStackBlockStorage"volumev2openstackservicecreate--namecinderv3--description"OpenStackBlockStorage"volumev36.創(chuàng)建塊存儲(chǔ)服務(wù)API端點(diǎn)openstackendpointcreate--regionRegionOnevolumev2publichttp://controller:8776/v2/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev2internalhttp://controller:8776/v2/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev2adminhttp://controller:8776/v2/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev3publichttp://controller:8776/v3/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev3internalhttp://controller:8776/v3/%\(project_id\)sopenstackendpointcreate--regionRegionOnevolumev3adminhttp://controller:8776/v3/%\(project_id\)s7.安裝cinder相關(guān)軟件包yuminstallopenstack-cinder8.修改配置文件/etc/cinder/cinder.conf[database]#

...connection

=

mysql+pymysql://cinder:PASS@controller/cinder[DEFAULT]#

...transport_url

=

rabbit://openstack:PASS@controller[DEFAULT]#

...auth_strategy

=

keystone[keystone_authtoken]#

...auth_uri

=

http://controller:5000auth_url

=

http://controller:35357memcached_servers

=

controller:11211auth_type

=

passwordproject_domain_name

=

defaultuser_domain_name

=

defaultproject_name

=

serviceusername

=

cinderpassword

=

PASS[DEFAULT]#

...my_ip

=

05[oslo_concurrency]#

...lock_path

=

/var/lib/cinder/tmp8.填充cinder數(shù)據(jù)庫su

-s

/bin/sh

-c

"cinder-manage

db

sync"

cinder9.在計(jì)算服務(wù)nova.conf文件中添加cinder配置[cinder]os_region_name

=

RegionOne10.啟動(dòng)服務(wù)systemctl

restart

openstack-nova-api.servicesystemctl

enable

openstack-cinder-api.service

openstack-cinder-scheduler.servicesystemctl

start

openstack-cinder-api.service

openstack-cinder-scheduler.service7.3storage節(jié)點(diǎn)安裝與配置需要添加一塊新盤，lvm模式創(chuàng)建。1.fdisk–l查看新添加的磁盤2.fdisk/dev/sdb創(chuàng)建lvm分區(qū)3.修改分區(qū)類型為lvm輸入t選擇類型：4.partprobe更新/dev目錄5.新建pv物理卷pvcreate/dev/sdb16.創(chuàng)建lvm卷組cinder-volumesvgcreatecinder-volumes/dev/sdb17.修改配置文件/etc/lvm/lvm.confdevices{...filter=["a/sdb/","r/.*/"]8.安裝相關(guān)軟件包yuminstallopenstack-cindertargetclipython-keystone9.修改配置文件/etc/cinder/cinder.conf[database]#...connection=mysql+pymysql://cinder:PASS@controller/cinder[DEFAULT]#...transpo