当前位置: 代码迷 >> 综合 >> centos7部署openstack(queens)
  详细解决方案

centos7部署openstack(queens)

热度:17   发布时间:2023-12-26 23:05:11.0

目录

1 基础环境配置

1.1 配置网络、主机名

1.2  配置域名解析

1.3配置防火墙和Selinux

1.3.1 在controller和compute节点上编辑selinux文件

1.3.2 controller和compute节点关闭防火墙

1.4 安装chrony服务

1.4.1 controller和compute节点安装chrony

1.4.2 配置controller 节点

1.4.3 配置compute节点

1.4.4 验证

1.5 安装openstack存储库包

1.5.1 在controller和compute节点安装

1.5.2 controller和compute节点升级软件包

1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务

1.5.4 重启系统

1.6 安装数据库服务

1.6.1 在controller节点安装数据库

1.6.2修改数据库配置文件

1.6.3 启动数据库服务

1.6.4 设置数据库密码

1.7 安装消息队列服务

1.7.1 在controller节点安装rabbitmq-server

1.7.2 启动消息队列服务

1.7.3 添加openstack用户

1.7.4 设置openstack用户最高权限

1.8 安装memcached 服务

1.8.1 在controller节点上安装memcached

1.8.2 修改memcached配置文件

1.8.3 启动memcached服务

1.9 安装etcd服务

1.9.1 在controller节点上安装etcd服务

1.9.2 修改etcd配置文件,使其他节点能够访问

1.9.3 启动etcd服务

2 安装Keystone认证服务

此服务只安装在controller节点上

2.1 创建keystone数据库

2.2 安装keystone服务软件包

2.3 修改配置文件

2.3.1修改/etc/keystone/keystone.conf配置文件

2.4同步数据库

2.5 初始化秘钥库

2.6 引导身份服务

2.7 配置Apache服务

2.8 创建wsgi-keystone.conf文件连接

2.9 启动服务

2.10 设置环境变量

2.11 创建service项目

2.12 创建demo项目

2.13 创建demo用户

2.14 添加user角色到demo项目和用户

2.15 创建环境变量脚本

2.16 验证环境变量

3 安装Glance镜像服务

此服务只安装在controller节点上

3.1 创建glance数据库

3.2 创建glance用户

3.3 添加admin角色到glance用户和service项目中

3.4 创建glance服务实体

3.5 创建glance服务端点

3.6 安装glance软件包

3.7 修改glance相关配置文件

3.7.1在/etc/glance/glance-api.conf中添加以下内容

3.7.2在/etc/glance/glance-registry.conf文件中添加以下内容

3.8 同步数据库

3.9 启动服务

3.10 上传镜像

4 安装Nova服务

首先先在controller节点安装(4.1-4.19)

4.1 创建nova,nova_api,nova_cell0数据库

4.2 创建nova用户

4.3 添加admin角色到nova用户

4.4 创建nova服务实体

4.5 创建nova服务端点

4.6 创建placement用户

4.7添加admin角色到placement用户

4.8 创建placement服务实体

4.9 创建 placement服务端点

4.10 安装nova软件包

4.11 编辑/etc/nova/nova.conf文件

4.12 编辑/etc/httpd/conf.d/00-nova-placement-api.conf,添加以下内容

4.13 重启httpd服务

4.14 同步nova_api数据库

4.15 注册cell0数据库

4.16 创建cell1单元格

4.17 同步nova数据库

4.18 验证nova cell0和cell1是否注册正确

4.19 启动服务

在compute节点安装nova-compute服务(4.20-4.24)

4.20 安装nova-compute软件包

4.21 编辑/etc/nova/nova.conf文件

4.22 验证系统是否支持硬件加速

4.23 启动服务

4.24 在controller节点添加compute到cell数据库中

5 安装Neutron服务

首先在controller安装Neutron服务(4.1-4.16)

4.1 创建neutron数据库

4.2 创建neutron用户

4.3 添加admin角色到neutron用户

4.4 创建服务实体

4.5 创建服务端点

4.6 安装neutron相关软件包

4.7 编辑/etc/neutron/neutron.conf文件

4.8 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件

4.9 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

4.10 编辑/etc/neutron/l3_agent.ini文件

4.11 编辑/etc/neutron/dhcp_agent.ini文件

4.11 编辑/etc/neutron/metadata_agent.ini文件

4.12 编辑/etc/nova/nova.conf文件

4.13 创建链接

4.14 同步数据库

4.15 重启nova-api服务

4.16 启动neutron相关服务

在compute节点执行以下操作(4.17-4.22)

4.17 安装neutron相关服务

4.18 编辑/etc/neutron/neutron.conf文件

4.19 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

4.20 编辑/etc/nova/nova.conf文件

4.21 重启nova-compute服务

4.22 启动网桥代理服务

4.23 验证neutron服务是否成功安装

5 安装dashboard组件

5.1 安装dashboard软件包

5.2 编辑 /etc/openstack-dashboard/local_settings文件

5.3 编辑/etc/httpd/conf.d/openstack-dashboard.conf文件

5.4 重启web服务

5.5 浏览器访问

6 启动云主机

6.1 创建flavor

6.2 创建keypair

6.3设置安全组规则

6.4 创建provider网络

6.4.1 创建provider网络

6.4.2 设置provider的子网ip网段

6.5 创建Self-service网络

6.5.1 创建Self-service网络

6.5.2 创建Self-service的子网ip网段

6.6 创建路由

6.7 添加Self-service网络到router的接口上

6.8 在router上provider网络设置网关

6.9 验证router

6.6 创建云主机

6.7 查看云主机列表

 

 


1 基础环境配置

controller节点:172.24.19.10

compute节点:172.24.19.20

1.1 配置网络、主机名

修改和添加/etc/sysconfig/network-scripts/ifcfg-enp*(具体的网口)文件。

1controller节点

配置网络:

enp8s0: 172.24.19.10

DEVICE=enp8s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.19.10

PREFIX=24

GATEWAY=172.24.19.1

 

enp9s0: 172.24.20.10

DEVICE=enp9s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.20.10

PREFIX=24

配置主机名:

# hostnamectl set-hostname controller

ctrl+d 退出  重新登陆

2compute 节点

配置网络:

enp8s0: 172.24.19.20

DEVICE=enp8s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.19.20

PREFIX=24

GATEWAY=172.24.19.1

 

enp9s0: 172.24.20.20

DEVICE=enp9s0

TYPE=Ethernet

ONBOOT=yes

NM_CONTROLLED=no

BOOTPROTO=static

IPADDR=172.24.20.20

PREFIX=24

 

配置主机名:

# hostnamectl set-hostname compute

ctrl+d 退出  重新登陆

 

1.2  配置域名解析

controllercompute节点上修改/etc/hosts添加一下内容

172.24.19.10   controller

172.24.19.20   compute

 

1.3配置防火墙和Selinux

1.3.1 在controller和compute节点上编辑selinux文件

# vi /etc/selinux/config

SELINUX=disabled

1.3.2 controller和compute节点关闭防火墙

关闭防火墙,并且开机不自启

[root@compute ~]# systemctl stop firewalld

syst[root@compute ~]# systemctl disable firewalld

 

清空防火墙规则

[root@compute ~]# iptables -F

[root@compute ~]# iptables -X

[root@compute ~]# iptables -Z

[root@compute ~]# /usr/sbin/iptables-save

 

1.4 安装chrony服务

1.4.1 controller和compute节点安装chrony

# yum install -y chrony

1.4.2 配置controller 节点

编辑/etc/chrony.conf文件

添加以下内容

server controller iburst

allow 172.24.0.0/16

 

启动服务

[root@controller ~]# systemctl start chronyd

[root@controller ~]# systemctl enable chronyd

 

1.4.3 配置compute节点

编辑/etc/chrony.conf文件

添加以下内容

server controller iburst

 

启动服务

[root@compute ~]# systemctl start chronyd

[root@compute ~]# systemctl enable chronyd

 

1.4.4 验证

在controller和compute节点运行以下命令查看是否同步成功

[root@compute ~]# chronyc sources

 

 

 

1.5 安装openstack存储库包

1.5.1 在controller和compute节点安装

# yum install -y centos-release-openstack-queens

 

1.5.2 controller和compute节点升级软件包

# yum upgrade

 

 

1.5.3 controller和compute节点安装openstack客户端和openstack-selinux服务

# yum install python-openstackclient openstack-selinux -y

1.5.4 重启系统

controller和compute节点安装完以上服务后,重启系统

# reboot

 

1.6 安装数据库服务

1.6.1 在controller节点安装数据库

[root@controller ~]# yum install -y mariadb mariadb-server python2-PyMySQL

 

1.6.2修改数据库配置文件

新建数据库配置文件/etc/my.cnf.d/openstack.cnf,添加以下内容

[mysqld]

bind-address = 172.24.19.10

 

default-storage-engine = innodb

innodb_file_per_table = on

max_connections = 4096

collation-server = utf8_general_ci

character-set-server = utf8

 

1.6.3 启动数据库服务

[root@controller ~]# systemctl enable mariadb.service

[root@controller ~]# systemctl start mariadb.service

1.6.4 设置数据库密码

运行mysql_secure_installation命令,创建数据库root密码

[root@controller ~]# mysql_secure_installation

 

NOTE: RUNNING ALL PARTS OF THIS SCRIPT IS RECOMMENDED FOR ALL MariaDB

      SERVERS IN PRODUCTION USE!  PLEASE READ EACH STEP CAREFULLY!

 

In order to log into MariaDB to secure it, we'll need the current

password for the root user.  If you've just installed MariaDB, and

you haven't set the root password yet, the password will be blank,

so you should just press enter here.

 

Enter current password for root (enter for none):

OK, successfully used password, moving on...

 

Setting the root password ensures that nobody can log into the MariaDB

root user without the proper authorisation.

 

Set root password? [Y/n] y

New password:                                   ## 此处为root用户密码,这里设为000000

Re-enter new password:

Password updated successfully!

Reloading privilege tables..

 ... Success!

 

 

By default, a MariaDB installation has an anonymous user, allowing anyone

to log into MariaDB without having to have a user account created for

them.  This is intended only for testing, and to make the installation

go a bit smoother.  You should remove them before moving into a

production environment.

 

Remove anonymous users? [Y/n] y

 ... Success!

 

Normally, root should only be allowed to connect from 'localhost'.  This

ensures that someone cannot guess at the root password from the network.

 

Disallow root login remotely? [Y/n] n

 ... skipping.

 

By default, MariaDB comes with a database named 'test' that anyone can

access.  This is also intended only for testing, and should be removed

before moving into a production environment.

 

Remove test database and access to it? [Y/n] y

 - Dropping test database...

 ... Success!

 - Removing privileges on test database...

 ... Success!

 

Reloading the privilege tables will ensure that all changes made so far

will take effect immediately.

 

Reload privilege tables now? [Y/n] y

 ... Success!

 

Cleaning up...

 

All done!  If you've completed all of the above steps, your MariaDB

installation should now be secure.

 

Thanks for using MariaDB!

 

 

 

1.7 安装消息队列服务

1.7.1 在controller节点安装rabbitmq-server

[root@controller ~]# yum install -y rabbitmq-server -y

 

1.7.2 启动消息队列服务

[root@controller ~]# systemctl start rabbitmq-server.service

[root@controller ~]# systemctl enable rabbitmq-server.service

Created symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.

 

1.7.3 添加openstack用户

[root@controller ~]# rabbitmqctl add_user openstack 000000

Creating user "openstack" ...

1.7.4 设置openstack用户最高权限

[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"

Setting permissions for user "openstack" in vhost "/" ...

 

1.8 安装memcached 服务

1.8.1 在controller节点上安装memcached

[root@controller ~]# yum install -y memcached

 

1.8.2 修改memcached配置文件

编辑/etc/sysconfig/memcached,修改以下内容

修改OPTIONS="-l 127.0.0.1,::1"为

OPTIONS="-l 127.0.0.1,::1,controller"

 

1.8.3 启动memcached服务

[root@controller ~]# systemctl start memcached.service

[root@controller ~]# systemctl enable memcached.service

 

 

1.9 安装etcd服务

1.9.1 在controller节点上安装etcd服务

[root@controller ~]# yum install etcd -y

 

1.9.2 修改etcd配置文件,使其他节点能够访问

编辑/etc/etcd/etcd.conf,在各自的位置修改以下内容

#[Member]

ETCD_DATA_DIR="/var/lib/etcd/default.etcd"

ETCD_LISTEN_PEER_URLS="http://172.24.19.10:2380"

ETCD_LISTEN_CLIENT_URLS="http://172.24.19.10:2379"

ETCD_NAME="controller"

#[Clustering]

ETCD_INITIAL_ADVERTISE_PEER_URLS="http://172.24.19.10:2380"

ETCD_ADVERTISE_CLIENT_URLS="http://172.24.19.10:2379"

ETCD_INITIAL_CLUSTER="controller=http://172.24.19.10:2380"

ETCD_INITIAL_CLUSTER_TOKEN="etcd-cluster-01"

ETCD_INITIAL_CLUSTER_STATE="new"

 

1.9.3 启动etcd服务

[root@controller ~]# systemctl start etcd

[root@controller ~]# systemctl enable etcd

 

WARNING:(在我想查看集群状态的时候,报错了,但是不影响后面的操作)

[root@controller ~]# etcdctl cluster-health

cluster may be unhealthy: failed to list members

Error:  client: etcd cluster is unavailable or misconfigured; error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

; error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

 

error #0: dial tcp 127.0.0.1:4001: getsockopt: connection refused

error #1: dial tcp 127.0.0.1:2379: getsockopt: connection refused

2 安装Keystone认证服务

此服务只安装在controller节点上

2.1 创建keystone数据库

[root@controller ~]# mysql -uroot -p000000(此处为之前设置的数据库密码)

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 9

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> CREATE DATABASE keystone;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

2.2 安装keystone服务软件包

[root@controller ~]# yum install openstack-keystone httpd mod_wsgi -y

 

2.3 修改配置文件

2.3.1修改/etc/keystone/keystone.conf配置文件

[database]

connection = mysql+pymysql://keystone:000000@controller/keystone

 

[token]

provider = fernet

 

2.4同步数据库

[root@controller ~]# su -s /bin/sh -c "keystone-manage db_sync" keystone

 

2.5 初始化秘钥库

[root@controller ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone

[root@controller ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

 

2.6 引导身份服务

[root@controller ~]# keystone-manage bootstrap --bootstrap-password 000000 --bootstrap-admin-url http://controller:5000/v3/ --bootstrap-internal-url http://controller:5000/v3/ --bootstrap-public-url http://controller:5000/v3/ --bootstrap-region-id RegionOne

 

2.7 配置Apache服务

编辑/etc/httpd/conf/httpd.conf,添加以下内容

ServerName controller

 

2.8 创建wsgi-keystone.conf文件连接

[root@controller ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ 

 

2.9 启动服务

[root@controller ~]# systemctl enable httpd.service

 [root@controller ~]# systemctl start httpd.service

 

2.10 设置环境变量

[root@controller ~]# export OS_USERNAME=admin

[root@controller ~]# export OS_PASSWORD=000000

[root@controller ~]# export OS_PROJECT_NAME=admin

[root@controller ~]# export OS_USER_DOMAIN_NAME=Default

[root@controller ~]# export OS_PROJECT_DOMAIN_NAME=Default

[root@controller ~]# export OS_AUTH_URL=http://controller:35357/v3

[root@controller ~]# export OS_IDENTITY_API_VERSION=3

 

2.11 创建service项目

[root@controller ~]# openstack project create --domain default --description "Service Project" service

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Service Project                  |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 81f0e32c420540b5b8fad85a3eba2bbf |

| is_domain   | False                            |

| name        | service                          |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

 

2.12 创建demo项目

[root@controller ~]# openstack project create --domain default --description "Demo Project" demo

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Demo Project                     |

| domain_id   | default                          |

| enabled     | True                             |

| id          | 3e3303c90e3f402fab379e6df5e88714 |

| is_domain   | False                            |

| name        | demo                             |

| parent_id   | default                          |

| tags        | []                               |

+-------------+----------------------------------+

 

2.13 创建demo用户

[root@controller ~]# openstack user create --domain default --password-prompt demo

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 21a99cec8f9048bd9b926a2f263fa27a |

| name                | demo                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

[root@controller ~]# openstack role create user

+-----------+----------------------------------+

| Field     | Value                            |

+-----------+----------------------------------+

| domain_id | None                             |

| id        | 03a3dd3efd1c4867ba928922a11531a9 |

| name      | user                             |

+-----------+----------------------------------+

 

2.14 添加user角色到demo项目和用户

[root@controller ~]# openstack role add --project demo --user demo user

 

2.15 创建环境变量脚本

admin用户环境变量脚本

[root@controller ~]# cat admin-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=admin

export OS_USERNAME=admin

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

 

demo用户环境变量脚本

[root@controller ~]# cat demo-openrc

export OS_PROJECT_DOMAIN_NAME=Default

export OS_USER_DOMAIN_NAME=Default

export OS_PROJECT_NAME=demo

export OS_USERNAME=demo

export OS_PASSWORD=000000

export OS_AUTH_URL=http://controller:5000/v3

export OS_IDENTITY_API_VERSION=3

export OS_IMAGE_API_VERSION=2

 

2.16 验证环境变量

[root@controller ~]# source admin-openrc

[root@controller ~]# openstack token issue

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| Field      | Value                                                                                                                                                                                   |

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

| expires    | 2018-06-19T19:16:03+0000                                                                                                                                                                |

| id         | gAAAAABbKUhj2ER9OBwUrpgSZw_x347DjgN53JKCu7gQaDCAZUwQosVZ-OOV-YZbJnr-WcascWMfetb_OUN5H_lV8-gjAuag_bJmsa23kywejyUwOkh1viiyqyqQMyJbLXrUuHJI5bvErxnywad4dMhvg8HCjA9-ZDxsWOKV0zwHhSvNtz-wcdw |

| project_id | 14774f73585d4ed48d5198c778645baa                                                                                                                                                        |

| user_id    | a07017719a364efa913cae79bbddbe19                                                                                                                                                        |

+------------+-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+

 

 

3 安装Glance镜像服务

此服务只安装在controller节点上

 

3.1 创建glance数据库

[root@controller ~]# mysql -uroot -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 21

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> CREATE DATABASE glance;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost'  IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%'    IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

 

3.2 创建glance用户

[root@controller ~]# openstack user create --domain default --password-prompt glance

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 5cf132cea4a44ca9808128882e038325 |

| name                | glance                           |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

 

3.3 添加admin角色到glance用户和service项目中

[root@controller ~]# openstack role add --project service --user glance admin

3.4 创建glance服务实体

[root@controller ~]# openstack service create --name glance  --description "OpenStack Image" image

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Image                  |

| enabled     | True                             |

| id          | 12949e3ce6c64e8ca22ad9fad7631fd9 |

| name        | glance                           |

| type        | image                            |

+-------------+----------------------------------+

 

3.5 创建glance服务端点

[root@controller ~]# openstack endpoint create --region RegionOne image public http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 85185d1a024b47fa8a510d4b067fab52 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 12949e3ce6c64e8ca22ad9fad7631fd9 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne image internal http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 1a82b050c3424ccfae705e11eaa8ca10 |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 12949e3ce6c64e8ca22ad9fad7631fd9 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne  image admin http://controller:9292

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 10d426a80d324d4f9742c5727a47013c |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 12949e3ce6c64e8ca22ad9fad7631fd9 |

| service_name | glance                           |

| service_type | image                            |

| url          | http://controller:9292           |

+--------------+----------------------------------+

 

 

3.6 安装glance软件包

[root@controller ~]# yum install openstack-glance -y

 

3.7 修改glance相关配置文件

3.7.1在/etc/glance/glance-api.conf中添加以下内容

[database]

connection = mysql+pymysql://glance:000000@controller/glance

 

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = 000000

 

[paste_deploy]

flavor = keystone

 

[glance_store]

stores = file,http

default_store = file

filesystem_store_datadir = /var/lib/glance/images/

 

3.7.2/etc/glance/glance-registry.conf文件中添加以下内容

[database]

connection = mysql+pymysql://glance:000000@controller/glance

 

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:5000

memcached_servers = controller:11211

auth_type = password

project_domain_name = Default

user_domain_name = Default

project_name = service

username = glance

password = 000000

 

[paste_deploy]

flavor = keystone

 

 

3.8 同步数据库

[root@controller ~]# su -s /bin/sh -c "glance-manage db_sync" glance

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:1336: OsloDBDeprecationWarning: EngineFacade is deprecated; please use oslo_db.sqlalchemy.enginefacade

  expire_on_commit=expire_on_commit, _conf=conf)

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

INFO  [alembic.runtime.migration] Running upgrade  -> liberty, liberty initial

INFO  [alembic.runtime.migration] Running upgrade liberty -> mitaka01, add index on created_at and updated_at columns of 'images' table

INFO  [alembic.runtime.migration] Running upgrade mitaka01 -> mitaka02, update metadef os_nova_server

INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_expand01, add visibility to images

INFO  [alembic.runtime.migration] Running upgrade ocata_expand01 -> pike_expand01, empty expand for symmetry with pike_contract01

INFO  [alembic.runtime.migration] Running upgrade pike_expand01 -> queens_expand01

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

Upgraded database to: queens_expand01, current revision(s): queens_expand01

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

Database migration is up to date. No migration needed.

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

INFO  [alembic.runtime.migration] Running upgrade mitaka02 -> ocata_contract01, remove is_public from images

INFO  [alembic.runtime.migration] Running upgrade ocata_contract01 -> pike_contract01, drop glare artifacts tables

INFO  [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

Upgraded database to: queens_contract01, current revision(s): queens_contract01

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

Database is synced successfully.

 

3.9 启动服务

[root@controller ~]# systemctl enable openstack-glance-api.service openstack-glance-registry.service

[root@controller ~]# systemctl start openstack-glance-api.service openstack-glance-registry.service

 

3.10 上传镜像

[root@controller ~]# glance image-create --name cirros --disk-format qcow2 --container-format bare --progress < cirros-0.3.5-x86_64-disk.img

[=============================>] 100%

+------------------+--------------------------------------+

| Property         | Value                                |

+------------------+--------------------------------------+

| checksum         | f8ab98ff5e73ebab884d80c9dc9c7290     |

| container_format | bare                                 |

| created_at       | 2018-06-19T18:28:33Z                 |

| disk_format      | qcow2                                |

| id               | deabc87d-43c4-487f-aa83-dc555bf04976 |

| min_disk         | 0                                    |

| min_ram          | 0                                    |

| name             | cirros                               |

| owner            | 14774f73585d4ed48d5198c778645baa     |

| protected        | False                                |

| size             | 13267968                             |

| status           | active                               |

| tags             | []                                   |

| updated_at       | 2018-06-19T18:28:33Z                 |

| virtual_size     | None                                 |

| visibility       | shared                               |

+------------------+--------------------------------------+

查看镜像是否上传成功

[root@controller ~]# openstack image list

+--------------------------------------+--------+--------+

| ID                                   | Name   | Status |

+--------------------------------------+--------+--------+

| deabc87d-43c4-487f-aa83-dc555bf04976 | cirros | active |

+--------------------------------------+--------+--------+

 

 

4 安装Nova服务

此服务安装在controller节点和compute节点

 

首先先在controller节点安装(4.1-4.19)

4.1 创建nova,nova_api,nova_cell0数据库

 [root@controller ~]# mysql -u root -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 26

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

 

MariaDB [(none)]> CREATE DATABASE nova_api;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]>  CREATE DATABASE nova;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> CREATE DATABASE nova_cell0;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%'    IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost'  IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%'    IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'localhost'  IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_cell0.* TO 'nova'@'%'    IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

4.2 创建nova用户

[root@controller ~]# openstack user create --domain default --password-prompt nova

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | c48345d654554ba68104c59e3d8724a9 |

| name                | nova                             |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

 

4.3 添加admin角色到nova用户

[root@controller ~]# openstack role add --project service --user nova admin

 

4.4 创建nova服务实体

[root@controller ~]# openstack service create --name nova --description "OpenStack Compute" compute

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Compute                |

| enabled     | True                             |

| id          | 61fa204435574f0989d0f78b92c9d255 |

| name        | nova                             |

| type        | compute                          |

+-------------+----------------------------------+

 

4.5 创建nova服务端点

[root@controller ~]# openstack endpoint create --region RegionOne compute public http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | cd2662a786ce491eab8d483e4733b867 |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 61fa204435574f0989d0f78b92c9d255 |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute internal http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | e4c7eece6d21456d92b8e7c4af54194e |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 61fa204435574f0989d0f78b92c9d255 |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne compute admin http://controller:8774/v2.1

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 2d21bf8f39e44e5990260cf7448fabd3 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 61fa204435574f0989d0f78b92c9d255 |

| service_name | nova                             |

| service_type | compute                          |

| url          | http://controller:8774/v2.1      |

+--------------+----------------------------------+

 

4.6 创建placement用户

[root@controller ~]# openstack user create --domain default --password-prompt placement

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | d05b003df0414edca8471af25939630d |

| name                | placement                        |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

 

4.7添加admin角色到placement用户

[root@controller ~]# openstack role add --project service --user placement admin

 

4.8 创建placement服务实体

[root@controller ~]# openstack service create --name placement --description "Placement API" placement

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | Placement API                    |

| enabled     | True                             |

| id          | 41125e0802b44b9c9e3c3dd49b9c318d |

| name        | placement                        |

| type        | placement                        |

+-------------+----------------------------------+

 

4.9 创建 placement服务端点

[root@controller ~]# openstack endpoint create --region RegionOne placement public http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 1ba5893725554f5b9d0b2a5924c8ee9d |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 41125e0802b44b9c9e3c3dd49b9c318d |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne placement internal http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | 954b8f09691449b0954f628618bdb984 |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 41125e0802b44b9c9e3c3dd49b9c318d |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne placement admin http://controller:8778

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | e6392e6f6d5143e8aa38a25c497c4b0b |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 41125e0802b44b9c9e3c3dd49b9c318d |

| service_name | placement                        |

| service_type | placement                        |

| url          | http://controller:8778           |

+--------------+----------------------------------+

 

4.10 安装nova软件包

[root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler openstack-nova-placement-api -y

 

 

 

4.11 编辑/etc/nova/nova.conf文件

[DEFAULT]

enabled_apis = osapi_compute,metadata

 

[api_database]

connection = mysql+pymysql://nova:000000@controller/nova_api

 

[database]

connection = mysql+pymysql://nova:000000@controller/nova

 

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

 

[api]

auth_strategy = keystone

 

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = 000000

 

[DEFAULT]

my_ip = 172.24.19.10

 

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

 

[vnc]

enabled = true

server_listen = $my_ip

server_proxyclient_address = $my_ip

 

[glance]

api_servers = http://controller:9292

 

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

 

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = 000000

 

4.12 编辑/etc/httpd/conf.d/00-nova-placement-api.conf,添加以下内容

<Directory /usr/bin>

   <IfVersion >= 2.4>

      Require all granted

   </IfVersion>

   <IfVersion < 2.4>

      Order allow,deny

      Allow from all

   </IfVersion>

</Directory>

 

4.13 重启httpd服务

[root@controller ~]# systemctl restart httpd

 

4.14 同步nova_api数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported

  exception.NotSupportedWarning

 

4.15 注册cell0数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 map_cell0" nova

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported

  exception.NotSupportedWarning

 

4.16 创建cell1单元格

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 create_cell --name=cell1 --verbose" nova

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported

  exception.NotSupportedWarning

d63d4ede-d5dd-4467-ba53-4bb1a3cac73f

 

4.17 同步nova数据库

[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported

  exception.NotSupportedWarning

/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')

  result = self._query(query)

/usr/lib/python2.7/site-packages/pymysql/cursors.py:166: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')

  result = self._query(query)

 

4.18 验证nova cell0和cell1是否注册正确

[root@controller ~]# nova-manage cell_v2 list_cells

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported

  exception.NotSupportedWarning

+-------+--------------------------------------+------------------------------------+-------------------------------------------------+

|  Name |                 UUID                 |           Transport URL            |               Database Connection               |

+-------+--------------------------------------+------------------------------------+-------------------------------------------------+

| cell0 | 00000000-0000-0000-0000-000000000000 |               none:/               | mysql+pymysql://nova:****@controller/nova_cell0 |

| cell1 | d63d4ede-d5dd-4467-ba53-4bb1a3cac73f | rabbit://openstack:****@controller |    mysql+pymysql://nova:****@controller/nova    |

+-------+--------------------------------------+------------------------------------+-------------------------------------------------+

4.19 启动服务

[root@controller ~]# systemctl enable openstack-nova-api.service  openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service

 

在compute节点安装nova-compute服务(4.20-4.24)

4.20 安装nova-compute软件包

[root@compute ~]# yum install openstack-nova-compute -y

 

4.21 编辑/etc/nova/nova.conf文件

 

[DEFAULT]

enabled_apis = osapi_compute,metadata

 

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

 

[api]

auth_strategy = keystone

 

[keystone_authtoken]

auth_url = http://controller:5000/v3

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = nova

password = 000000

 

[DEFAULT]

my_ip = 172.24.19.20

 

[DEFAULT]

use_neutron = True

firewall_driver = nova.virt.firewall.NoopFirewallDriver

 

[vnc]

enabled = True

server_listen = 0.0.0.0

server_proxyclient_address = $my_ip

novncproxy_base_url = http://controller:6080/vnc_auto.html

 

[glance]

api_servers = http://controller:9292

 

[oslo_concurrency]

lock_path = /var/lib/nova/tmp

 

[placement]

os_region_name = RegionOne

project_domain_name = Default

project_name = service

auth_type = password

user_domain_name = Default

auth_url = http://controller:5000/v3

username = placement

password = 000000

 

4.22 验证系统是否支持硬件加速

大于0则支持硬件加速

[root@compute ~]# egrep -c '(vmx|svm)' /proc/cpuinfo

12

否则则需要在/etc/nova/nova.conf配置文件的[libvirt]部分添加

virt_type = qemu

 

4.23 启动服务

[root@compute ~]# systemctl enable libvirtd.service openstack-nova-compute.service

[root@compute ~]# systemctl start libvirtd.service openstack-nova-compute.service

 

4.24 在controller节点添加compute到cell数据库中

controller节点上执行

查看compute机

[root@controller ~]# openstack compute service list --service nova-compute

+----+--------------+---------+------+---------+-------+------------+

| ID | Binary       | Host    | Zone | Status  | State | Updated At |

+----+--------------+---------+------+---------+-------+------------+

|  9 | nova-compute | compute | nova | enabled | up    | None       |

+----+--------------+---------+------+---------+-------+------------+

添加到数据库中

[root@controller ~]# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova

/usr/lib/python2.7/site-packages/oslo_db/sqlalchemy/enginefacade.py:332: NotSupportedWarning: Configuration option(s) ['use_tpool'] not supported

  exception.NotSupportedWarning

Found 2 cell mappings.

Skipping cell0 since it does not contain hosts.

Getting computes from cell 'cell1': d63d4ede-d5dd-4467-ba53-4bb1a3cac73f

Checking host mapping for compute host 'compute': 42685555-b68f-467e-90e1-2bb5ff0da035

Creating host mapping for compute host 'compute': 42685555-b68f-467e-90e1-2bb5ff0da035

Found 1 unmapped computes in cell: d63d4ede-d5dd-4467-ba53-4bb1a3cac73f

 

 

 

5 安装Neutron服务

此服务安装在controller节点和compute节点

首先在controller安装Neutron服务(4.1-4.16)

4.1 创建neutron数据库

[root@controller ~]# mysql -u root -p000000

Welcome to the MariaDB monitor.  Commands end with ; or \g.

Your MariaDB connection id is 102

Server version: 10.1.20-MariaDB MariaDB Server

 

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

 

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> CREATE DATABASE neutron;

Query OK, 1 row affected (0.00 sec)

 

MariaDB [(none)]>  GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '000000';

Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%'    IDENTIFIED BY '000000';        

Query OK, 0 rows affected (0.00 sec)

 

MariaDB [(none)]> Ctrl-C -- exit!

Aborted

 

4.2 创建neutron用户

[root@controller ~]# . admin-openrc

[root@controller ~]# openstack user create --domain default --password-prompt neutron

User Password:

Repeat User Password:

+---------------------+----------------------------------+

| Field               | Value                            |

+---------------------+----------------------------------+

| domain_id           | default                          |

| enabled             | True                             |

| id                  | 12583c3a232f40e191cc5426599207af |

| name                | neutron                          |

| options             | {}                               |

| password_expires_at | None                             |

+---------------------+----------------------------------+

 

4.3 添加admin角色到neutron用户

[root@controller ~]# openstack role add --project service --user neutron admin

 

4.4 创建服务实体

[root@controller ~]# openstack service create --name neutron --description "OpenStack Networking" network

+-------------+----------------------------------+

| Field       | Value                            |

+-------------+----------------------------------+

| description | OpenStack Networking             |

| enabled     | True                             |

| id          | 363fc67582d64936a4b4752c528c2a3e |

| name        | neutron                          |

| type        | network                          |

+-------------+----------------------------------+

 

4.5 创建服务端点

[root@controller ~]# openstack endpoint create --region RegionOne network public http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | f77f1d7a05ac483591cd3bb07ebceded |

| interface    | public                           |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 363fc67582d64936a4b4752c528c2a3e |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne  network internal http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | e672461de0514c29b4cdbd01a7db39cb |

| interface    | internal                         |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 363fc67582d64936a4b4752c528c2a3e |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

[root@controller ~]# openstack endpoint create --region RegionOne  network admin http://controller:9696

+--------------+----------------------------------+

| Field        | Value                            |

+--------------+----------------------------------+

| enabled      | True                             |

| id           | a032bb86afa3409d8614d7de9fdbcb48 |

| interface    | admin                            |

| region       | RegionOne                        |

| region_id    | RegionOne                        |

| service_id   | 363fc67582d64936a4b4752c528c2a3e |

| service_name | neutron                          |

| service_type | network                          |

| url          | http://controller:9696           |

+--------------+----------------------------------+

4.6 安装neutron相关软件包

这里选择了Self-service networks的网络模式

[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y

 

4.7 编辑/etc/neutron/neutron.conf文件

[database]

connection = mysql+pymysql://neutron:000000@controller/neutron

 

[DEFAULT]

core_plugin = ml2

service_plugins = router

allow_overlapping_ips = true

 

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

 

[DEFAULT]

auth_strategy = keystone

 

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = 000000

 

[DEFAULT]

notify_nova_on_port_status_changes = true

notify_nova_on_port_data_changes = true

 

[nova]

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = nova

password = 000000

 

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

 

4.8 编辑/etc/neutron/plugins/ml2/ml2_conf.ini文件

 

[ml2]

type_drivers = flat,vlan,vxlan

 

[ml2]

tenant_network_types = vxlan

 

[ml2]

mechanism_drivers = linuxbridge,l2population

 

[ml2]

extension_drivers = port_security

 

[ml2_type_flat]

flat_networks = provider

 

[ml2_type_vxlan]

vni_ranges = 1:1000

 

[securitygroup]

enable_ipset = true

4.9 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

此文件为配置Linux网桥代理

 

 

[linux_bridge]

physical_interface_mappings = provider:enp9s0  ## 根据实际网卡

 

[vxlan]

enable_vxlan = true

local_ip = 172.24.20.10      # enp9s0的ip地址

l2_population = true

 

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

4.10 编辑/etc/neutron/l3_agent.ini文件

 

[DEFAULT]

interface_driver = linuxbridge

 

4.11 编辑/etc/neutron/dhcp_agent.ini文件

 

[DEFAULT]

interface_driver = linuxbridge

dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq

enable_isolated_metadata = true

 

4.11 编辑/etc/neutron/metadata_agent.ini文件

 

[DEFAULT]

nova_metadata_host = controller

metadata_proxy_shared_secret = 000000

 

4.12 编辑/etc/nova/nova.conf文件

 

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 000000

service_metadata_proxy = true

metadata_proxy_shared_secret = 000000

 

4.13 创建链接

[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

 

4.14 同步数据库

[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf  --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

  Running upgrade for neutron ...

INFO  [alembic.runtime.migration] Context impl MySQLImpl.

INFO  [alembic.runtime.migration] Will assume non-transactional DDL.

INFO  [alembic.runtime.migration] Running upgrade  -> kilo, kilo_initial

INFO  [alembic.runtime.migration] Running upgrade kilo -> 354db87e3225, nsxv_vdr_metadata.py

INFO  [alembic.runtime.migration] Running upgrade 354db87e3225 -> 599c6a226151, neutrodb_ipam

INFO  [alembic.runtime.migration] Running upgrade 599c6a226151 -> 52c5312f6baf, Initial operations in support of address scopes

INFO  [alembic.runtime.migration] Running upgrade 52c5312f6baf -> 313373c0ffee, Flavor framework

INFO  [alembic.runtime.migration] Running upgrade 313373c0ffee -> 8675309a5c4f, network_rbac

INFO  [alembic.runtime.migration] Running upgrade 8675309a5c4f -> 45f955889773, quota_usage

INFO  [alembic.runtime.migration] Running upgrade 45f955889773 -> 26c371498592, subnetpool hash

INFO  [alembic.runtime.migration] Running upgrade 26c371498592 -> 1c844d1677f7, add order to dnsnameservers

INFO  [alembic.runtime.migration] Running upgrade 1c844d1677f7 -> 1b4c6e320f79, address scope support in subnetpool

INFO  [alembic.runtime.migration] Running upgrade 1b4c6e320f79 -> 48153cb5f051, qos db changes

INFO  [alembic.runtime.migration] Running upgrade 48153cb5f051 -> 9859ac9c136, quota_reservations

INFO  [alembic.runtime.migration] Running upgrade 9859ac9c136 -> 34af2b5c5a59, Add dns_name to Port

INFO  [alembic.runtime.migration] Running upgrade 34af2b5c5a59 -> 59cb5b6cf4d, Add availability zone

INFO  [alembic.runtime.migration] Running upgrade 59cb5b6cf4d -> 13cfb89f881a, add is_default to subnetpool

INFO  [alembic.runtime.migration] Running upgrade 13cfb89f881a -> 32e5974ada25, Add standard attribute table

INFO  [alembic.runtime.migration] Running upgrade 32e5974ada25 -> ec7fcfbf72ee, Add network availability zone

INFO  [alembic.runtime.migration] Running upgrade ec7fcfbf72ee -> dce3ec7a25c9, Add router availability zone

INFO  [alembic.runtime.migration] Running upgrade dce3ec7a25c9 -> c3a73f615e4, Add ip_version to AddressScope

INFO  [alembic.runtime.migration] Running upgrade c3a73f615e4 -> 659bf3d90664, Add tables and attributes to support external DNS integration

INFO  [alembic.runtime.migration] Running upgrade 659bf3d90664 -> 1df244e556f5, add_unique_ha_router_agent_port_bindings

INFO  [alembic.runtime.migration] Running upgrade 1df244e556f5 -> 19f26505c74f, Auto Allocated Topology - aka Get-Me-A-Network

INFO  [alembic.runtime.migration] Running upgrade 19f26505c74f -> 15be73214821, add dynamic routing model data

INFO  [alembic.runtime.migration] Running upgrade 15be73214821 -> b4caf27aae4, add_bgp_dragent_model_data

INFO  [alembic.runtime.migration] Running upgrade b4caf27aae4 -> 15e43b934f81, rbac_qos_policy

INFO  [alembic.runtime.migration] Running upgrade 15e43b934f81 -> 31ed664953e6, Add resource_versions row to agent table

INFO  [alembic.runtime.migration] Running upgrade 31ed664953e6 -> 2f9e956e7532, tag support

INFO  [alembic.runtime.migration] Running upgrade 2f9e956e7532 -> 3894bccad37f, add_timestamp_to_base_resources

INFO  [alembic.runtime.migration] Running upgrade 3894bccad37f -> 0e66c5227a8a, Add desc to standard attr table

INFO  [alembic.runtime.migration] Running upgrade 0e66c5227a8a -> 45f8dd33480b, qos dscp db addition

INFO  [alembic.runtime.migration] Running upgrade 45f8dd33480b -> 5abc0278ca73, Add support for VLAN trunking

INFO  [alembic.runtime.migration] Running upgrade kilo -> 30018084ec99, Initial no-op Liberty contract rule.

INFO  [alembic.runtime.migration] Running upgrade 30018084ec99 -> 4ffceebfada, network_rbac

INFO  [alembic.runtime.migration] Running upgrade 4ffceebfada -> 5498d17be016, Drop legacy OVS and LB plugin tables

INFO  [alembic.runtime.migration] Running upgrade 5498d17be016 -> 2a16083502f3, Metaplugin removal

INFO  [alembic.runtime.migration] Running upgrade 2a16083502f3 -> 2e5352a0ad4d, Add missing foreign keys

INFO  [alembic.runtime.migration] Running upgrade 2e5352a0ad4d -> 11926bcfe72d, add geneve ml2 type driver

INFO  [alembic.runtime.migration] Running upgrade 11926bcfe72d -> 4af11ca47297, Drop cisco monolithic tables

INFO  [alembic.runtime.migration] Running upgrade 4af11ca47297 -> 1b294093239c, Drop embrane plugin table

INFO  [alembic.runtime.migration] Running upgrade 1b294093239c -> 8a6d8bdae39, standardattributes migration

INFO  [alembic.runtime.migration] Running upgrade 8a6d8bdae39 -> 2b4c2465d44b, DVR sheduling refactoring

INFO  [alembic.runtime.migration] Running upgrade 2b4c2465d44b -> e3278ee65050, Drop NEC plugin tables

INFO  [alembic.runtime.migration] Running upgrade e3278ee65050 -> c6c112992c9, rbac_qos_policy

INFO  [alembic.runtime.migration] Running upgrade c6c112992c9 -> 5ffceebfada, network_rbac_external

INFO  [alembic.runtime.migration] Running upgrade 5ffceebfada -> 4ffceebfcdc, standard_desc

INFO  [alembic.runtime.migration] Running upgrade 4ffceebfcdc -> 7bbb25278f53, device_owner_ha_replicate_int

INFO  [alembic.runtime.migration] Running upgrade 7bbb25278f53 -> 89ab9a816d70, Rename ml2_network_segments table

INFO  [alembic.runtime.migration] Running upgrade 5abc0278ca73 -> d3435b514502, Add device_id index to Port

INFO  [alembic.runtime.migration] Running upgrade d3435b514502 -> 30107ab6a3ee, provisioning_blocks.py

INFO  [alembic.runtime.migration] Running upgrade 30107ab6a3ee -> c415aab1c048, add revisions table

INFO  [alembic.runtime.migration] Running upgrade c415aab1c048 -> a963b38d82f4, add dns name to portdnses

INFO  [alembic.runtime.migration] Running upgrade a963b38d82f4 -> 3d0e74aa7d37, Add flavor_id to Router

INFO  [alembic.runtime.migration] Running upgrade 3d0e74aa7d37 -> 030a959ceafa, uniq_routerports0port_id

INFO  [alembic.runtime.migration] Running upgrade 030a959ceafa -> a5648cfeeadf, Add support for Subnet Service Types

INFO  [alembic.runtime.migration] Running upgrade a5648cfeeadf -> 0f5bef0f87d4, add_qos_minimum_bandwidth_rules

INFO  [alembic.runtime.migration] Running upgrade 0f5bef0f87d4 -> 67daae611b6e, add standardattr to qos policies

INFO  [alembic.runtime.migration] Running upgrade 89ab9a816d70 -> c879c5e1ee90, Add segment_id to subnet

INFO  [alembic.runtime.migration] Running upgrade c879c5e1ee90 -> 8fd3918ef6f4, Add segment_host_mapping table.

INFO  [alembic.runtime.migration] Running upgrade 8fd3918ef6f4 -> 4bcd4df1f426, Rename ml2_dvr_port_bindings

INFO  [alembic.runtime.migration] Running upgrade 4bcd4df1f426 -> b67e765a3524, Remove mtu column from networks.

INFO  [alembic.runtime.migration] Running upgrade 67daae611b6e -> 6b461a21bcfc, uniq_floatingips0floating_network_id0fixed_port_id0fixed_ip_addr

INFO  [alembic.runtime.migration] Running upgrade 6b461a21bcfc -> 5cd92597d11d, Add ip_allocation to port

INFO  [alembic.runtime.migration] Running upgrade 5cd92597d11d -> 929c968efe70, add_pk_version_table

INFO  [alembic.runtime.migration] Running upgrade 929c968efe70 -> a9c43481023c, extend_pk_with_host_and_add_status_to_ml2_port_binding

INFO  [alembic.runtime.migration] Running upgrade a9c43481023c -> 804a3c76314c, Add data_plane_status to Port

INFO  [alembic.runtime.migration] Running upgrade 804a3c76314c -> 2b42d90729da, qos add direction to bw_limit_rule table

INFO  [alembic.runtime.migration] Running upgrade 2b42d90729da -> 62c781cb6192, add is default to qos policies

INFO  [alembic.runtime.migration] Running upgrade 62c781cb6192 -> c8c222d42aa9, logging api

INFO  [alembic.runtime.migration] Running upgrade c8c222d42aa9 -> 349b6fd605a6, Add dns_domain to portdnses

INFO  [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks

INFO  [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos

INFO  [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port

INFO  [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project

INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA

INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam

INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies

INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table

INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding

INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.

  OK

 

4.15 重启nova-api服务

[root@controller ~]# systemctl restart openstack-nova-api.service

 

4.16 启动neutron相关服务

[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

 

[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service neutron-l3-agent.service

 

在compute节点执行以下操作(4.17-4.22)

4.17 安装neutron相关服务

# yum install openstack-neutron-linuxbridge ebtables ipset -y

 

4.18 编辑/etc/neutron/neutron.conf文件

 

[DEFAULT]

transport_url = rabbit://openstack:000000@controller

 

[DEFAULT]

auth_strategy = keystone

 

[keystone_authtoken]

auth_uri = http://controller:5000

auth_url = http://controller:35357

memcached_servers = controller:11211

auth_type = password

project_domain_name = default

user_domain_name = default

project_name = service

username = neutron

password = 000000

 

[oslo_concurrency]

lock_path = /var/lib/neutron/tmp

 

4.19 编辑/etc/neutron/plugins/ml2/linuxbridge_agent.ini文件

 

[linux_bridge]

physical_interface_mappings = provider:enp9s0

 

[vxlan]

enable_vxlan = true

local_ip = 172.24.20.20            

l2_population = true

 

[securitygroup]

enable_security_group = true

firewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

 

4.20 编辑/etc/nova/nova.conf文件

 

[neutron]

url = http://controller:9696

auth_url = http://controller:35357

auth_type = password

project_domain_name = default

user_domain_name = default

region_name = RegionOne

project_name = service

username = neutron

password = 000000

4.21 重启nova-compute服务

[root@compute ~]# systemctl restart openstack-nova-compute.service

 

4.22 启动网桥代理服务

[root@compute ~]# systemctl start neutron-linuxbridge-agent.service

[root@compute ~]# systemctl enable neutron-linuxbridge-agent.service

 

4.23 验证neutron服务是否成功安装

controller节点执行以下命令

[root@controller ~]# openstack network agent list

+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |

+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

| 46db35ee-6b99-4a4d-b99c-90ca1778a3f8 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |

| 5b9447d1-61a2-44bb-83d0-47319dec0e86 | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |

| 847f718f-92d8-482c-9648-ccdfda20c7f6 | L3 agent           | controller | nova              | :-)   | True           | neutron-l3-agent          |

| a616a047-f6ea-4d36-b76f-0f657f8eb850 | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |

| ddbeff42-476c-41d5-983c-c70f402cfb46 | Linux bridge agent | compute    |                   | :-)   | True           | neutron-linuxbridge-agent |

+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

 

5 安装dashboard组件

此组件安装在controller节点

5.1 安装dashboard软件包

[root@controller ~]# yum install openstack-dashboard -y

 

5.2 编辑 /etc/openstack-dashboard/local_settings文件

OPENSTACK_HOST = "controller"

 

ALLOWED_HOSTS = ['*', 'two.example.com']

 

SESSION_ENGINE = 'django.contrib.sessions.backends.cache'

CACHES = {

    'default': {

         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',

         'LOCATION': 'controller:11211',

    }

}

 

OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST

 

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True

 

OPENSTACK_API_VERSIONS = {

    "identity": 3,

    "image": 2,

    "volume": 2,

}

 

OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "Default"

 

OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"

 

5.3 编辑/etc/httpd/conf.d/openstack-dashboard.conf文件

添加以下内容

WSGIApplicationGroup %{GLOBAL}

 

5.4 重启web服务

[root@controller ~]# systemctl restart httpd.service memcached.service

 

5.5 浏览器访问

浏览器打开 http://172.24.19.10/dashboard

 

6 启动云主机

6.1 创建flavor

[root@controller ~]# openstack flavor create --id 0 --vcpus 1 --ram 64 --disk 1 m1.nano

+----------------------------+---------+

| Field                      | Value   |

+----------------------------+---------+

| OS-FLV-DISABLED:disabled   | False   |

| OS-FLV-EXT-DATA:ephemeral  | 0       |

| disk                       | 1       |

| id                         | 0       |

| name                       | m1.nano |

| os-flavor-access:is_public | True    |

| properties                 |         |

| ram                        | 64      |

| rxtx_factor                | 1.0     |

| swap                       |         |

| vcpus                      | 1       |

+----------------------------+---------+

 

6.2 创建keypair

[root@controller ~]# ssh-keygen -q -N ""

Enter file in which to save the key (/root/.ssh/id_rsa):

[root@controller ~]# openstack keypair create --public-key ~/.ssh/id_rsa.pub mykey

+-------------+-------------------------------------------------+

| Field       | Value                                           |

+-------------+-------------------------------------------------+

| fingerprint | ad:9c:b4:24:74:03:6d:ed:d1:2f:66:5a:a5:e2:e6:f3 |

| name        | mykey                                           |

| user_id     | a07017719a364efa913cae79bbddbe19                |

+-------------+-------------------------------------------------+

查看秘钥对

[root@controller ~]# openstack keypair list

+-------+-------------------------------------------------+

| Name  | Fingerprint                                     |

+-------+-------------------------------------------------+

| mykey | ad:9c:b4:24:74:03:6d:ed:d1:2f:66:5a:a5:e2:e6:f3 |

+-------+-------------------------------------------------+

 

6.3设置安全组规则

# . demo-openrc

允许ICMP

[root@controller ~]# openstack security group rule create --proto icmp default

+-------------------+--------------------------------------+

| Field             | Value                                |

+-------------------+--------------------------------------+

| created_at        | 2018-06-19T19:27:51Z                 |

| description       |                                      |

| direction         | ingress                              |

| ether_type        | IPv4                                 |

| id                | 563b0014-5e06-45d3-ba99-5c51e16be980 |

| name              | None                                 |

| port_range_max    | None                                 |

| port_range_min    | None                                 |

| project_id        | 14774f73585d4ed48d5198c778645baa     |

| protocol          | icmp                                 |

| remote_group_id   | None                                 |

| remote_ip_prefix  | 0.0.0.0/0                            |

| revision_number   | 0                                    |

| security_group_id | bc9a62d0-6229-4881-a75c-ac597a3180be |

| updated_at        | 2018-06-19T19:27:51Z                 |

+-------------------+--------------------------------------+

开放22端口

[root@controller ~]# openstack security group rule create --proto tcp --dst-port 22 default

+-------------------+--------------------------------------+

| Field             | Value                                |

+-------------------+--------------------------------------+

| created_at        | 2018-06-19T19:28:00Z                 |

| description       |                                      |

| direction         | ingress                              |

| ether_type        | IPv4                                 |

| id                | 5579ad50-8183-4197-a28e-1c1fd0271bc3 |

| name              | None                                 |

| port_range_max    | 22                                   |

| port_range_min    | 22                                   |

| project_id        | 14774f73585d4ed48d5198c778645baa     |

| protocol          | tcp                                  |

| remote_group_id   | None                                 |

| remote_ip_prefix  | 0.0.0.0/0                            |

| revision_number   | 0                                    |

| security_group_id | bc9a62d0-6229-4881-a75c-ac597a3180be |

| updated_at        | 2018-06-19T19:28:00Z                 |

+-------------------+--------------------------------------+

 

6.4 创建provider网络

6.4.1 创建provider网络

[root@controller ~]# . admin-openrc

[root@controller ~]# openstack network create  --share --external  --provider-physical-network provider  --provider-network-type flat provider

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | UP                                   |

| availability_zone_hints   |                                      |

| availability_zones        |                                      |

| created_at                | 2018-06-19T19:29:29Z                 |

| description               |                                      |

| dns_domain                | None                                 |

| id                        | e196990c-e2f8-4fca-ae96-070b33831c75 |

| ipv4_address_scope        | None                                 |

| ipv6_address_scope        | None                                 |

| is_default                | False                                |

| is_vlan_transparent       | None                                 |

| mtu                       | 1500                                 |

| name                      | provider                             |

| port_security_enabled     | True                                 |

| project_id                | 14774f73585d4ed48d5198c778645baa     |

| provider:network_type     | flat                                 |

| provider:physical_network | provider                             |

| provider:segmentation_id  | None                                 |

| qos_policy_id             | None                                 |

| revision_number           | 5                                    |

| router:external           | External                             |

| segments                  | None                                 |

| shared                    | True                                 |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tags                      |                                      |

| updated_at                | 2018-06-19T19:29:29Z                 |

+---------------------------+--------------------------------------+

 

6.4.2 设置provider的子网ip网段

[root@controller ~]# openstack subnet create --network provider --allocation-pool start=172.24.20.100,end=172.24.20.200 --gateway 172.24.20.1 --subnet-range 172.24.20.0/24 provider

+-------------------+--------------------------------------+

| Field             | Value                                |

+-------------------+--------------------------------------+

| allocation_pools  | 172.24.20.100-172.24.20.200          |

| cidr              | 172.24.20.0/24                       |

| created_at        | 2018-06-19T19:30:38Z                 |

| description       |                                      |

| dns_nameservers   | 223.5.5.5                            |

| enable_dhcp       | True                                 |

| gateway_ip        | 172.24.20.1                          |

| host_routes       |                                      |

| id                | ebd1255b-8c52-474b-86c9-8ddc0fadc71b |

| ip_version        | 4                                    |

| ipv6_address_mode | None                                 |

| ipv6_ra_mode      | None                                 |

| name              | provider                             |

| network_id        | e196990c-e2f8-4fca-ae96-070b33831c75 |

| project_id        | 14774f73585d4ed48d5198c778645baa     |

| revision_number   | 0                                    |

| segment_id        | None                                 |

| service_types     |                                      |

| subnetpool_id     | None                                 |

| tags              |                                      |

| updated_at        | 2018-06-19T19:30:38Z                 |

+-------------------+--------------------------------------+

 

6.5 创建Self-service网络

6.5.1 创建Self-service网络

[root@controller ~]# openstack network create selfservice

+---------------------------+--------------------------------------+

| Field                     | Value                                |

+---------------------------+--------------------------------------+

| admin_state_up            | UP                                   |

| availability_zone_hints   |                                      |

| availability_zones        |                                      |

| created_at                | 2018-06-19T19:35:34Z                 |

| description               |                                      |

| dns_domain                | None                                 |

| id                        | 18fd2a7a-b710-4762-a5bb-97f8a0092cd0 |

| ipv4_address_scope        | None                                 |

| ipv6_address_scope        | None                                 |

| is_default                | False                                |

| is_vlan_transparent       | None                                 |

| mtu                       | 1450                                 |

| name                      | selfservice                          |

| port_security_enabled     | True                                 |

| project_id                | 14774f73585d4ed48d5198c778645baa     |

| provider:network_type     | vxlan                                |

| provider:physical_network | None                                 |

| provider:segmentation_id  | 90                                   |

| qos_policy_id             | None                                 |

| revision_number           | 2                                    |

| router:external           | Internal                             |

| segments                  | None                                 |

| shared                    | False                                |

| status                    | ACTIVE                               |

| subnets                   |                                      |

| tags                      |                                      |

| updated_at                | 2018-06-19T19:35:35Z                 |

+---------------------------+--------------------------------------+

6.5.2 创建Self-service的子网ip网段

[root@controller ~]# openstack subnet create --network selfservice --gateway 172.16.1.1  --subnet-range 172.16.1.0/24 selfservice

+-------------------+--------------------------------------+

| Field             | Value                                |

+-------------------+--------------------------------------+

| allocation_pools  | 172.16.1.2-172.16.1.254              |

| cidr              | 172.16.1.0/24                        |

| created_at        | 2018-06-19T19:35:42Z                 |

| description       |                                      |

| dns_nameservers   | 8.8.4.4                              |

| enable_dhcp       | True                                 |

| gateway_ip        | 172.16.1.1                           |

| host_routes       |                                      |

| id                | 85bd2c54-6173-4020-87e3-bb2428771361 |

| ip_version        | 4                                    |

| ipv6_address_mode | None                                 |

| ipv6_ra_mode      | None                                 |

| name              | selfservice                          |

| network_id        | 18fd2a7a-b710-4762-a5bb-97f8a0092cd0 |

| project_id        | 14774f73585d4ed48d5198c778645baa     |

| revision_number   | 0                                    |

| segment_id        | None                                 |

| service_types     |                                      |

| subnetpool_id     | None                                 |

| tags              |                                      |

| updated_at        | 2018-06-19T19:35:42Z                 |

+-------------------+--------------------------------------+

 

6.6 创建路由

[root@controller ~]# openstack router create router

 

+-------------------------+--------------------------------------+

| Field                   | Value                                |

+-------------------------+--------------------------------------+

| admin_state_up          | UP                                   |

| availability_zone_hints |                                      |

| availability_zones      |                                      |

| created_at              | 2018-06-19T22:33:42Z                 |

| description             |                                      |

| distributed             | False                                |

| external_gateway_info   | None                                 |

| flavor_id               | None                                 |

| ha                      | False                                |

| id                      | 58b01826-e129-4728-85af-12c9651384ae |

| name                    | router                               |

| project_id              | 5b0f6f774ff343be9d997e38b13adc90     |

| revision_number         | 1                                    |

| routes                  |                                      |

| status                  | ACTIVE                               |

| tags                    |                                      |

| updated_at              | 2018-06-19T22:33:42Z                 |

+-------------------------+--------------------------------------+

 

6.7 添加Self-service网络到router的接口上

[root@controller ~]# neutron router-interface-add router selfservice

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

Added interface e3240016-6838-46a0-9119-fa1f18e09927 to router router.

6.8 在router上provider网络设置网关

[root@controller ~]# neutron router-gateway-set router provider

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

Set gateway for router router

 

6.9 验证router

[root@controller ~]# ip netns

qrouter-58b01826-e129-4728-85af-12c9651384ae (id: 2)

qdhcp-e1171328-5b84-4007-879b-ce46a1187b2f (id: 1)

qdhcp-77ef6c61-15bc-46f2-ac64-8c5035759880 (id: 0)

[root@controller ~]# neutron router-port-list router

neutron CLI is deprecated and will be removed in the future. Use openstack CLI instead.

+--------------------------------------+------+----------------------------------+-------------------+----------------------------------------------------------------------------------------+

| id                                   | name | tenant_id                        | mac_address       | fixed_ips                                                                              |

+--------------------------------------+------+----------------------------------+-------------------+----------------------------------------------------------------------------------------+

| 79053435-c963-4a52-9fd8-c27634475da6 |      |                                  | fa:16:3e:ea:27:f9 | {"subnet_id": "f563efea-3749-440f-99c4-d8a1eff923d1", "ip_address": "192.168.152.116"} |

| e3240016-6838-46a0-9119-fa1f18e09927 |      | 5b0f6f774ff343be9d997e38b13adc90 | fa:16:3e:65:8e:6f | {"subnet_id": "61e10789-b3cf-45c5-92e9-2feb5aa9dcea", "ip_address": "172.16.1.1"}      |

+--------------------------------------+------+----------------------------------+-------------------+----------------------------------------------------------------------------------------+

6.6 创建云主机

[root@controller ~]# openstack server create --flavor m1.nano --image cirros --nic net-id=e1171328-5b84-4007-879b-ce46a1187b2f selfservice-instance

+-------------------------------------+-----------------------------------------------+

| Field                               | Value                                         |

+-------------------------------------+-----------------------------------------------+

| OS-DCF:diskConfig                   | MANUAL                                        |

| OS-EXT-AZ:availability_zone         |                                               |

| OS-EXT-SRV-ATTR:host                | None                                          |

| OS-EXT-SRV-ATTR:hypervisor_hostname | None                                          |

| OS-EXT-SRV-ATTR:instance_name       |                                               |

| OS-EXT-STS:power_state              | NOSTATE                                       |

| OS-EXT-STS:task_state               | scheduling                                    |

| OS-EXT-STS:vm_state                 | building                                      |

| OS-SRV-USG:launched_at              | None                                          |

| OS-SRV-USG:terminated_at            | None                                          |

| accessIPv4                          |                                               |

| accessIPv6                          |                                               |

| addresses                           |                                               |

| adminPass                           | h7RdXxTVWa7F                                  |

| config_drive                        |                                               |

| created                             | 2018-06-19T22:48:23Z                          |

| flavor                              | m1.nano (0)                                   |

| hostId                              |                                               |

| id                                  | d9c5a8a1-480a-4348-88d7-33cd8f01a5ab          |

| image                               | cirros (d7b6d19a-8ec6-46ac-a959-4d6ca0c1acb8) |

| key_name                            | None                                          |

| name                                | selfservice-instance                          |

| progress                            | 0                                             |

| project_id                          | 5b0f6f774ff343be9d997e38b13adc90              |

| properties                          |                                               |

| security_groups                     | name='default'                                |

| status                              | BUILD                                         |

| updated                             | 2018-06-19T22:48:23Z                          |

| user_id                             | bf40feeba15a488b868ede2916bbaa86              |

| volumes_attached                    |                                               |

+-------------------------------------+-----------------------------------------------+

 

6.7 查看云主机列表

[root@controller ~]# openstack server list

+--------------------------------------+----------------------+--------+------------------------+--------+---------+

| ID                                   | Name                 | Status | Networks               | Image  | Flavor  |

+--------------------------------------+----------------------+--------+------------------------+--------+---------+

| d9c5a8a1-480a-4348-88d7-33cd8f01a5ab | selfservice-instance | ACTIVE | selfservice=172.16.1.8 | cirros | m1.nano |

+--------------------------------------+----------------------+--------+------------------------+--------+---------+