#########################################openstack m版本部署安装#################################
# 控制节点、网络节点、计算节点======控制节点#1、防火墙 关闭#2、主机规划:192.168.40.151#3、主机名:controller vim /etc/hosts#4、yum配置:#5、系统更新#6、时间同步,时间服务器 ntp#####################################################################################################1、关闭防火墙[root@localhost ~]# systemctl stop firewalld[root@localhost ~]# systemctl disable firewalld[root@localhost ~]# setenforce 0[root@localhost ~]# vim /etc/selinux/configSELINUX=disabled[root@localhost ~]# systemctl stop NetworkManager[root@localhost ~]# systemctl disable NetworkManager#2、静态IP地址配置[root@localhost ~]# vim /etc/sysconfig/network-scripts/ifcfg-eno16777736HWADDR=00:0C:29:A9:29:A9TYPE=EthernetBOOTPROTO=staticDEFROUTE=yesPEERDNS=yesPEERROUTES=yesIPV4_FAILURE_FATAL=noIPV6INIT=yesIPV6_AUTOCONF=yesIPV6_DEFROUTE=yesIPV6_PEERDNS=yesIPV6_PEERROUTES=yesIPV6_FAILURE_FATAL=noNAME=eno16777736UUID=69b7cbcb-4f9a-4a3e-85f1-332a76f233c4ONBOOT=yesIPADDR=192.168.40.151NETMASK=255.255.255.0GATEWAY=192.168.40.2#3、主机名设置
[root@localhost ~]# hostnamectl set-hostname controller[root@localhost ~]# vim /etc/hosts
192.168.40.151 controller#4、yum配置:[root@localhost yum.repos.d]# vim 122.repo [base]name=CentOS-$releasever - Basebaseurl=http://10.1.1.161/centos-yum/7/os/x86_64/gpgcheck=0enabled=1[m]name=mbaseurl=http://10.1.1.161/openstack-rpms/openstack-mitaka/openstack-mitaka/gpgcheck=0enabled=1#released updates [updates]name=CentOS-$releasever - Updatesbaseurl=http://10.1.1.161/centos-yum/7/updates/x86_64/gpgcheck=0enabled=1#additional packages that may be useful
[extras]name=CentOS-$releasever - Extrasbaseurl=http://10.1.1.161/centos-yum/7/extras/x86_64/gpgcheck=0enabled=1#5、系统更新[root@localhost yum.repos.d]# yum update#重启系统,主机名称生效[root@localhost ~]# reboot#6、时间同步服务端[root@controller ~]# yum install chrony[root@controller ~]# vim /etc/chrony.conf 添加server controller iburstallow 192.168.40.0/24[root@controller ~]# systemctl enable chronyd.service[root@controller ~]# systemctl start chronyd.service#7、安装数据库MySQL
[root@controller ~]# yum install mariadb mariadb-server python2-PyMySQL -y[root@controller ~]# vim /etc/my.cnf.d/openstack.cnf[mysqld]bind-address = 192.168.40.151default-storage-engine = innodbinnodb_file_per_tablemax_connections = 4096collation-server = utf8_general_cicharacter-set-server = utf8[root@controller ~]# systemctl enable mariadb.service
Created symlink from /etc/systemd/system/multi-user.target.wants/mariadb.service to /usr/lib/systemd/system/mariadb.service.[root@controller ~]# systemctl start mariadb.service#8、nosql安装
[root@controller ~]# yum install mongodb-server mongodb -y[root@controller ~]# vim /etc/mongod.confbind_ip = 192.168.40.151smallfiles = true[root@controller ~]# systemctl enable mongod.serviceCreated symlink from /etc/systemd/system/multi-user.target.wants/mongod.service to /usr/lib/systemd/system/mongod.service.[root@controller ~]# systemctl start mongod.service#9、消息队列安装[root@controller ~]# yum install rabbitmq-server -y[root@controller ~]# systemctl enable rabbitmq-server.serviceCreated symlink from /etc/systemd/system/multi-user.target.wants/rabbitmq-server.service to /usr/lib/systemd/system/rabbitmq-server.service.[root@controller ~]# systemctl start rabbitmq-server.service[root@controller ~]# rabbitmqctl add_user openstack 123Creating user "openstack" ......done.[root@controller ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"Setting permissions for user "openstack" in vhost "/" ......done.#10、memcached安装[root@controller ~]# yum install memcached python-memcached -y
[root@controller ~]# systemctl enable memcached.serviceCreated symlink from /etc/systemd/system/multi-user.target.wants/memcached.service to /usr/lib/systemd/system/memcached.service.[root@controller ~]# systemctl start memcached.service########################################################################################################
# 第一个组件:keystone部署安装#########################################################################################################1、数据库创建以及用户授权[root@controller ~]# mysql -u root -pEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 4Server version: 10.1.12-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)] GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)] create database keystone;
#验证 查看数据库======================================================================================show databases;select * from mysql.user \G;=======================================================================================================#2、keystone 认证组件部署安装
[root@controller ~]# yum install python-openstackclient openstack-keystone httpd mod_wsgi -y
#3、配置keystone配置文件
[root@controller ~]# vim /etc/keystone/keystone.conf[database]
connection = mysql+pymysql://keystone:123@controller/keystone[token]provider = fernet[DEFAULT]admin_token = 1234567890vim /etc/httpd/conf/httpd.conf
ServerName controllervim /etc/httpd/conf.d/wsgi-keystone.confListen 5000Listen 35357<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-public WSGIScriptAlias / /usr/bin/keystone-wsgi-public WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>
Require all granted </Directory></VirtualHost><VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP} WSGIProcessGroup keystone-admin WSGIScriptAlias / /usr/bin/keystone-wsgi-admin WSGIApplicationGroup %{GLOBAL} WSGIPassAuthorization On ErrorLogFormat "%{cu}t %M" ErrorLog /var/log/httpd/keystone-error.log CustomLog /var/log/httpd/keystone-access.log combined<Directory /usr/bin>
Require all granted </Directory></VirtualHost>#http启动
[root@controller ~]# systemctl enable httpd.service[root@controller ~]# systemctl start httpd.service#keystone数据库初始化su -s /bin/sh -c "keystone-manage db_sync" keystone #----------需要验证=====进到数据库里查看keystone库是否有表keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone#验证mysql use keystone;show tables;#设置客户登录令牌
[root@controller ~]# export OS_TOKEN=1234567890 #令牌字符串 一定和admin_token = 1234567890要一致[root@controller ~]# export OS_URL=http://controller:35357/v3[root@controller ~]# export OS_IDENTITY_API_VERSION=3#创建keysthone服务[root@controller ~]# openstack service create --name keystone --description "OpenStack Identity" identity+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Identity || enabled | True || id | e888e28f3f984274ad2e2c95a2645017 || name | keystone || type | identity |+-------------+----------------------------------+#注意:不能能重复执行、是重复的
#验证: 只能有一个[root@controller ~]# openstack service list +----------------------------------+----------+----------+| ID | Name | Type |+----------------------------------+----------+----------+| e888e28f3f984274ad2e2c95a2645017 | keystone | identity |+----------------------------------+----------+----------+ #如果多创建的话#删除多出的注意:没有多的就不用删除[root@controller ~]# openstack service delete e888e28f3f984274ad2e2c95a2645017 #实例化keystone服务[root@controller ~]# openstack endpoint create --region RegionOne \ identity public http://controller:5000/v3+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 3cbb0b02ab3242378a37af6bd3427c0a || interface | public || region | RegionOne || region_id | RegionOne || service_id | e888e28f3f984274ad2e2c95a2645017 || service_name | keystone || service_type | identity || url | http://controller:5000/v3 |+--------------+----------------------------------+#实例化keystone服务
[root@controller ~]# openstack endpoint create --region RegionOne \ identity internal http://controller:5000/v3+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | df7f6ff4993241bab8057e2b3314c4d8 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | e888e28f3f984274ad2e2c95a2645017 || service_name | keystone || service_type | identity || url | http://controller:5000/v3 |+--------------+----------------------------------+#实例化keystone服务[root@controller ~]# openstack endpoint create --region RegionOne \ identity admin http://controller:35357/v3+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 109cc84d9446455b82e9013e7a2c8556 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | e888e28f3f984274ad2e2c95a2645017 || service_name | keystone || service_type | identity || url | http://controller:35357/v3 |+--------------+----------------------------------+#验证:[root@controller ~]# openstack endpoint list-----------------------------------------------------------------------------------------------------------------------
#创建default域[root@controller ~]# openstack domain create --description "Default Domain" default+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Default Domain || enabled | True || id | 904d501c4e7545b5a532b11838648a89 || name | default |+-------------+----------------------------------+#验证:[root@controller ~]# openstack domain list#在default域里创建一个admin项目
[root@controller ~]# openstack project create --domain default \ --description "Admin Project" admin+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Admin Project || domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | a5aabcc966b24cdfa3dd0992e06c91e7 || is_domain | False || name | admin || parent_id | 904d501c4e7545b5a532b11838648a89 |+-------------+----------------------------------+#验证:[root@controller ~]# openstack project list# [root@controller ~]# openstack user create --domain default \ --password-prompt adminUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | 5d89fa642a17460285b49838a2007798 || name | admin |+-----------+----------------------------------+ #验证:[root@controller ~]# openstack user list[root@controller ~]# openstack role create admin
+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | None || id | 8336f472aeea4541a67d8f2734ed5c82 || name | admin |+-----------+----------------------------------+#验证:[root@controller ~]# openstack role list#赋予权限
[root@controller ~]# openstack role add --project admin --user admin admin#创建服务项目
[root@controller ~]# openstack project create --domain default \ --description "Service Project" service+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Service Project || domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | ebdc49f3845248818e2cf83a26adf2f5 || is_domain | False || name | service || parent_id | 904d501c4e7545b5a532b11838648a89 |+-------------+----------------------------------+#创建项目
[root@controller ~]# openstack project create --domain default \ --description "Demo Project" demo+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | Demo Project || domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | 44d8fbbb7d0340fb832e082a8c6537c9 || is_domain | False || name | demo || parent_id | 904d501c4e7545b5a532b11838648a89 |+-------------+----------------------------------+ #创建普通用户[root@controller ~]# openstack user create --domain default \--password-prompt demoUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | 1ad0bbfa8b044d5da05157859acefb1b || name | demo |+-----------+----------------------------------+#创建普通权限[root@controller ~]# openstack role create user+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | None || id | f1a40d9c758d473e8cab974897849e78 || name | user |+-----------+----------------------------------+#赋予普通权限[root@controller ~]# openstack role add --project demo --user demo user
#卸载令牌
[root@controller ~]# unset OS_TOKEN OS_URLexport OS_IDENTITY_API_VERSION=3#通过用户登录keystone 管理keystone(查看、修改、添加)[root@controller ~]# openstack --os-auth-url http://controller:35357/v3 \--os-project-domain-name default --os-user-domain-name default \--os-project-name admin --os-username admin token issuePassword: +------------+----------------------------------------------------------------------------------------------------------------------+| Field | Value |+------------+----------------------------------------------------------------------------------------------------------------------+| expires | 2016-11-03T11:43:30.818127Z || id | gAAAAABYGxTTdl7AMYBkoqmgjJwiFn4EPwXtmLw4MqRg2YZxpRrTVeaaNoDWM0_4DtUtjfhKuPItHYG-WT_vplj_AgHtOCt- || | PJDdI_5aMn2Y2nag3Dqc2zsHhqfz21sCovhqNuTZSPrz03hj10NjlSkif2ssRlb9knf7kd-ryA2FP5w1SMoBA8w || project_id | a5aabcc966b24cdfa3dd0992e06c91e7 || user_id | 5d89fa642a17460285b49838a2007798 |+------------+----------------------------------------------------------------------------------------------------------------------+==============================================================================================================================
#keysone identity#!/bin/bashread -p "请输入登录keystone用户名称:" name read -p "请输入登录密码:" passwd read -p "请输入项目名称:" projectexport OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=$projectexport OS_USERNAME=$nameexport OS_PASSWORD=$passwdexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2=============================================================================================================================
[root@controller ~]# vim admin.sh
export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=123export OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2[root@controller ~]# vim demo-openrc
export OS_PROJECT_DOMAIN_NAME=defaultexport OS_USER_DOMAIN_NAME=defaultexport OS_PROJECT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=123export OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3export OS_IMAGE_API_VERSION=2[root@controller ~]# . admin.sh
[root@controller ~]# openstack token issue+------------+----------------------------------------------------------------------------------------------------------------------+| Field | Value |+------------+----------------------------------------------------------------------------------------------------------------------+| expires | 2016-11-03T12:02:26.826413Z || id | gAAAAABYGxlCjWGgBPM7fdyHei47fmfq8eyC3A5NFBHkEzaDLYaJAoMSAvrnZ2bD7_zysjERbyROuHeqKNV5SeJoG1L6uPntOI9gLqnvs2iNcOq5Rrlx || | fb9Wm53psciBCR5pb06KLcXQavz1IspQGiUmeV7fMfkgJIEtf91LowiwdS-otoyWesg || project_id | a5aabcc966b24cdfa3dd0992e06c91e7 || user_id | 5d89fa642a17460285b49838a2007798 |+------------+----------------------------------------------------------------------------------------------------------------------+[root@controller ~]# #注意:#1、拷贝正确#每一步都要验证#看日志:、[root@controller keystone]# tail -f /var/log/keystone/keystone.log+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++# glance 镜像管理组件安装部署------------------------------------------------------------------------------------------------------------------------------
#1、创建数据库
#2、glance 使用mysql权限[root@controller keystone]# mysqlWelcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 7Server version: 10.1.12-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> \q
#安装glance组件[root@controller ~]# openstack user create --domain default --password-prompt glance
User Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | f3b94d472f1e4a66ae2cc7a5143875fe || name | glance |+-----------+----------------------------------+#添加admin权限
[root@controller ~]# openstack role add --project service --user glance admin [root@controller ~]# openstack service create --name glance \--description "OpenStack Image" image+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Image || enabled | True || id | 3991b06fe09543b4aadbe53895823bb5 || name | glance || type | image |+-------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \image public http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 5a8360ee94144508ab84a98a4edbe49c || interface | public || region | RegionOne || region_id | RegionOne || service_id | 3991b06fe09543b4aadbe53895823bb5 || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \image internal http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | b58a1141f7e84f24a813e73d9ceb4f31 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 3991b06fe09543b4aadbe53895823bb5 || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \image admin http://controller:9292+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 3319922b552c4ff087ac4572a1f4ede1 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 3991b06fe09543b4aadbe53895823bb5 || service_name | glance || service_type | image || url | http://controller:9292 |+--------------+----------------------------------+[root@controller ~]#yum -y install openstack-glance
[root@controller ~]#vim /etc/glance/glance-api.conf[database]...connection = mysql+pymysql://glance:123@controller/glance[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = 123[paste_deploy]
...flavor = keystone[glance_store]...stores = file,httpdefault_store = filefilesystem_store_datadir = /var/lib/glance/images/
[root@controller ~]#vim /etc/glance/glance-registry.conf
[database]...connection = mysql+pymysql://glance:123@controller/glance[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = glancepassword = 123[paste_deploy]
...flavor = keystone[root@controller ~]#su -s /bin/sh -c "glance-manage db_sync" glance
[root@controller ~]# systemctl enable openstack-glance-api.service \ openstack-glance-registry.service[root@controller ~]# systemctl start openstack-glance-api.service \ openstack-glance-registry.service[root@controller ~]# . admin.sh
[root@controller ~]# yum -y install wget[root@controller ~]# wget http://192.168.253.20/openstack-images//cirros-0.3.4-x86_64-disk.img--2016-11-04 05:02:45-- http://192.168.50.22/openstack-images//cirros-0.3.4-x86_64-disk.imgConnecting to 10.1.1.161:80... connected.HTTP request sent, awaiting response... 200 OKLength: 13287936 (13M) [application/octet-stream]Saving to: ‘cirros-0.3.4-x86_64-disk.img’100%[===========================================================================================>] 13,287,936 802KB/s in 16s
2016-11-04 05:03:00 (827 KB/s) - ‘cirros-0.3.4-x86_64-disk.img’ saved [13287936/13287936]
[root@controller ~]# openstack image create "cirros" \ --file cirros-0.3.4-x86_64-disk.img \ --disk-format qcow2 --container-format bare \ --public+------------------+------------------------------------------------------+| checksum | ee1eca47dc88f4879d8a229cc70a07c6 || container_format | bare || created_at | 2016-11-04T09:03:06Z || disk_format | qcow2 || file | /v2/images/894a754d-7a1a-4e47-a6cf-897c49f97709/file || id | 894a754d-7a1a-4e47-a6cf-897c49f97709 || min_disk | 0 || min_ram | 0 || name | cirros || owner | a5aabcc966b24cdfa3dd0992e06c91e7 || protected | False || schema | /v2/schemas/image || size | 13287936 || status | active || tags | || updated_at | 2016-11-04T09:03:06Z || virtual_size | None || visibility | public |+------------------+------------------------------------------------------+[root@controller ~]# openstack image list+--------------------------------------+--------+--------+| ID | Name | Status |+--------------------------------------+--------+--------+| 894a754d-7a1a-4e47-a6cf-897c49f97709 | cirros | active |+--------------------------------------+--------+--------+############################################################################################################################ nova 控制节点部署安装(nova管理控制端)###########################################################################################################################1、数据库创建以及用户授权[root@controller ~]# mysql -u root -pEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 18Server version: 10.1.12-MariaDB MariaDB Server
Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE nova_api;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> CREATE DATABASE nova;
Query OK, 1 row affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'localhost' \
IDENTIFIED BY '123';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova_api.* TO 'nova'@'%' IDENTIFIED BY '123';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> \q
2、[root@controller ~]# source admin.sh [root@controller ~]# openstack user create --domain default \ --password-prompt novaUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | 904d501c4e7545b5a532b11838648a89 || enabled | True || id | f775452c47e24ae29acb7c4facb733ea || name | nova |+-----------+----------------------------------+[root@controller ~]# openstack role add --project service --user nova admin[root@controller ~]# openstack service create --name nova \ --description "OpenStack Compute" compute+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Compute || enabled | True || id | 42213df2abd2445c996b345cb886f7b3 || name | nova || type | compute |+-------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
compute public http://controller:8774/v2.1/%\(tenant_id\)s+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | f0d1c58e865c418daf4c862a352930bc || interface | public || region | RegionOne || region_id | RegionOne || service_id | 42213df2abd2445c996b345cb886f7b3 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1/%(tenant_id)s |+--------------+-------------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \ compute internal http://controller:8774/v2.1/%\(tenant_id\)s+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | f25b5f23664c4d8691b374fecaea7730 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | 42213df2abd2445c996b345cb886f7b3 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1/%(tenant_id)s |+--------------+-------------------------------------------+
[root@controller ~]# openstack endpoint create --region RegionOne \
compute admin http://controller:8774/v2.1/%\(tenant_id\)s+--------------+-------------------------------------------+| Field | Value |+--------------+-------------------------------------------+| enabled | True || id | 96fad63994894a85aa540454a83f9847 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | 42213df2abd2445c996b345cb886f7b3 || service_name | nova || service_type | compute || url | http://controller:8774/v2.1/%(tenant_id)s |+--------------+-------------------------------------------+ [root@controller ~]# yum install openstack-nova-api openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler -y[root@controller ~]# vim /etc/nova/nova.conf
[DEFAULT]enabled_apis = osapi_compute,metadata #开启api服务[api_database]connection = mysql+pymysql://nova:123@controller/nova_api #关联nova api数据库[database]
connection = mysql+pymysql://nova:123@controller/nova #关联nova数据库[DEFAULT]rpc_backend = rabbit #指定消息队列 为rabbit[oslo_messaging_rabbit] #关联上rabbitrabbit_host = controller
rabbit_userid = openstackrabbit_password = 123[DEFAULT]auth_strategy = keystone #指定keystone为认知机制
[keystone_authtoken] #关联上keystone 后台自动认证
auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = 123[DEFAULT]my_ip = 192.168.253.141[DEFAULT]use_neutron = True #启动网络组件neutronfirewall_driver = nova.virt.firewall.NoopFirewallDriver[vnc]...vncserver_listen = $my_ip #vnc监听地址vncserver_proxyclient_address = $my_ip #vnc代理地址[glance] #关联镜像组件glanceapi_servers = http://controller:9292[oslo_concurrency] #生成锁文件目录lock_path = /var/lib/nova/tmp [root@controller ~]# su -s /bin/sh -c "nova-manage api_db sync" nova #两个数据库初始化[root@controller ~]# su -s /bin/sh -c "nova-manage db sync" nova#开机自启动[root@controller ~]# systemctl enable openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service#开启所有服务[root@controller ~]# systemctl start openstack-nova-api.service openstack-nova-consoleauth.service openstack-nova-scheduler.service openstack-nova-conductor.service openstack-nova-novncproxy.service############################################################################################################################
# nova 计算节点部署安装(nova 运行端)############################################################################################################################1、环境准备 1、防火墙关闭 2、yum配置 3、主机名修改 4、vim /etc/hosts 5、重启系统reboot 确保: 在控制节点上 ping computer01 能通 在计算节点上 ping controller 能通2、安装nova-computer组件卸载lvm2[root@computer01 ~]# yum remove lvm2 -y[root@computer01 ~]# yum install openstack-nova-compute -y [root@computer01 ~]# vim /etc/nova/nova.conf[DEFAULT]
...rpc_backend = rabbituse_neutron = Truefirewall_driver = nova.virt.firewall.NoopFirewallDriver[oslo_messaging_rabbit]
...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 123[DEFAULT]...auth_strategy = keystone[keystone_authtoken]
...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = novapassword = 123[DEFAULT]
...my_ip = 192.168.253.142[vnc]...enabled = Truevncserver_listen = 0.0.0.0vncserver_proxyclient_address = $my_ipnovncproxy_base_url = http://controller:6080/vnc_auto.html[glance]...api_servers = http://controller:9292[oslo_concurrency]...lock_path = /var/lib/nova/tmp[libvirt]...virt_type = qemu[root@computer01 ~]# systemctl enable libvirtd.service openstack-nova-compute.service
[root@computer01 ~]# systemctl start libvirtd.service openstack-nova-compute.service#到控制节点上验证. admin.sh
[root@controller ~]# openstack compute service list
+----+------------------+-----------------------+----------+----------+-------+----------------------------+| Id | Binary | Host | Zone | Status | State | Updated At |+----+------------------+-----------------------+----------+----------+-------+----------------------------+| 1 | nova-conductor | controller | internal | enabled | up | 2016-11-07T13:15:26.000000 || 2 | nova-consoleauth | controller | internal | enabled | up | 2016-11-07T13:15:23.000000 || 3 | nova-scheduler | controller | internal | enabled | up | 2016-11-07T13:15:22.000000 || 6 | nova-compute | localhost.localdomain | nova | disabled | down | 2016-11-07T07:59:15.000000 || 7 | nova-compute | computer01 | nova | enabled | up | 2016-11-07T13:15:22.000000 |+----+------------------+-----------------------+----------+----------+-------+----------------------------+#state状态必须是up
###########################################################################################################################
# neutron 网络组件 控制节点###########################################################################################################################1、创建数据库[root@controller ~]# mysql -u root -pEnter password: Welcome to the MariaDB monitor. Commands end with ; or \g.Your MariaDB connection id is 50Server version: 10.1.12-MariaDB MariaDB ServerCopyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.
Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.
MariaDB [(none)]> CREATE DATABASE neutron;
MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY '123';Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'controller' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)MariaDB [(none)]> GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY '123';
Query OK, 0 rows affected (0.00 sec)2、获得 admin 凭证来获取只有管理员能执行的命令的访问权限:[root@controller ~]# . admin.sh3、要创建服务证书openstack user create --domain default --password-prompt neutronUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | e0353a670a9e496da891347c589539e9 || enabled | True || id | b20a6692f77b4258926881bf831eb683 || name | neutron |+-----------+----------------------------------+4、添加``admin`` 角色到``neutron`` 用户:[root@controller ~]# openstack role add --project service --user neutron admin5、创建``neutron``服务实体:openstack service create --name neutron \ --description "OpenStack Networking" network+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Networking || enabled | True || id | f71529314dab4a4d8eca427e701d209e || name | neutron || type | network |+-------------+----------------------------------+6、创建网络服务API端点:[root@controller ~]# openstack endpoint create --region RegionOne \ network public http://controller:9696+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 85d80a6d02fc4b7683f611d7fc1493a3 || interface | public || region | RegionOne || region_id | RegionOne || service_id | f71529314dab4a4d8eca427e701d209e || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
network internal http://controller:9696+--------------+----------------------------------+| Field | Value |+--------------+----------------------------------+| enabled | True || id | 09753b537ac74422a68d2d791cf3714f || interface | internal || region | RegionOne || region_id | RegionOne || service_id | f71529314dab4a4d8eca427e701d209e || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ network admin http://controller:9696+--------------+----------------------------------+
| Field | Value |+--------------+----------------------------------+| enabled | True || id | 1ee14289c9374dffb5db92a5c112fc4e || interface | admin || region | RegionOne || region_id | RegionOne || service_id | f71529314dab4a4d8eca427e701d209e || service_name | neutron || service_type | network || url | http://controller:9696 |+--------------+----------------------------------+################网络选项2:私有网络############################
[root@controller ~]# yum install openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge ebtables -y#配置服务组件
[root@controller ~]# vim /etc/neutron/neutron.conf[database]connection = mysql+pymysql://neutron:123@controller/neutron[DEFAULT]notify_nova_on_port_status_changes = Truenotify_nova_on_port_data_changes = Truecore_plugin = ml2service_plugins = routerallow_overlapping_ips = Truerpc_backend = rabbitauth_strategy = keystone[oslo_messaging_rabbit]rabbit_host = controllerrabbit_userid = openstackrabbit_password = 123[keystone_authtoken]
auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123 [nova]auth_url = http://controller:35357
auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = novapassword = 123 [oslo_concurrency]lock_path = /var/lib/neutron/tmp[oslo_messaging_rabbit]
...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 123[root@controller ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini[ml2]tenant_network_types = vxlantype_drivers = flat,vlan,vxlanmechanism_drivers = linuxbridge,l2populationextension_drivers = port_security[ml2_type_flat]...flat_networks = provider[ml2_type_vxlan]...vni_ranges = 1:1000[securitygroup]...enable_ipset = True[root@controller ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini[linux_bridge]physical_interface_mappings = provider:eno16777736[vxlan]enable_vxlan = Truelocal_ip = 192.168.253.141l2_population = True[securitygroup]
...enable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver[root@controller ~]# vim /etc/neutron/l3_agent.ini[DEFAULT]...interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriverexternal_network_bridge =[root@controller ~]# vim /etc/neutron/dhcp_agent.ini[DEFAULT]...interface_driver = neutron.agent.linux.interface.BridgeInterfaceDriverdhcp_driver = neutron.agent.linux.dhcp.Dnsmasqenable_isolated_metadata = True[root@controller ~]# vim /etc/neutron/metadata_agent.ini
[DEFAULT]...nova_metadata_ip = controllermetadata_proxy_shared_secret = METADATA_SECRET[root@controller ~]# vim /etc/nova/nova.conf[neutron]...url = http://controller:9696auth_url = http://controller:35357auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 123service_metadata_proxy = True
metadata_proxy_shared_secret = METADATA_SECRET[root@controller ~]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini[root@controller ~]# su -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \ --config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutron[root@controller ~]# systemctl restart openstack-nova-api.service[root@controller ~]# systemctl enable neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service[root@controller ~]# systemctl start neutron-server.service neutron-linuxbridge-agent.service neutron-dhcp-agent.service neutron-metadata-agent.service[root@controller ~]# systemctl enable neutron-l3-agent.service[root@controller ~]# systemctl start neutron-l3-agent.service[root@controller ~]# . admin.sh[root@controller ~]# neutron agent-list+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+| id | agent_type | host | alive | admin_state_up | binary |+--------------------------------------+--------------------+------------+-------+----------------+--------------------------| 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent || 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | :-) | True | neutron-l3-agent || dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | :-) | True | neutron-dhcp-agent || f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | :-) | True | neutron-metadata-agent |+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+neutron ext-list+---------------------------+-----------------------------------------------+| alias | name |+---------------------------+-----------------------------------------------+| default-subnetpools | Default Subnetpools || network-ip-availability | Network IP Availability || network_availability_zone | Network Availability Zone || auto-allocated-topology | Auto Allocated Topology Services || ext-gw-mode | Neutron L3 Configurable external gateway mode || binding | Port Binding || agent | agent || subnet_allocation | Subnet Allocation || l3_agent_scheduler | L3 Agent Scheduler || tag | Tag support || external-net | Neutron external network || net-mtu | Network MTU || availability_zone | Availability Zone || quotas | Quota management support || l3-ha | HA Router extension || flavors | Neutron Service Flavors || provider | Provider Network || multi-provider | Multi Provider Network || address-scope | Address scope || extraroute | Neutron Extra Route || timestamp_core | Time Stamp Fields addition for core resources || router | Neutron L3 Router || extra_dhcp_opt | Neutron Extra DHCP opts || dns-integration | DNS Integration || security-group | security-group || dhcp_agent_scheduler | DHCP Agent Scheduler || router_availability_zone | Router Availability Zone || rbac-policies | RBAC Policies || standard-attr-description | standard-attr-description || port-security | Port Security || allowed-address-pairs | Allowed Address Pairs || dvr | Distributed Virtual Router |+---------------------------+-----------------------------------------------+####################################################################################################################### 秘钥认证: server01 ------远程------ server02
server01 生成一对密码(私钥和公钥) -----------把公钥上传到server02 /root/.ssh/authorized_keys
server01操作
1、生成一对秘钥: ssh-keygen -t rsa 一直敲回车2、把公钥上传到所要远程的服务器上server02 ssh-copy-id -i /root/.ssh/id_rsa.pub 192.168.253.142地址3、验证server01远程登录server02
ssh server02优先秘钥认证:###########################################################################################################################@ neutron 计算节点安装部署###########################################################################################################################安装组件
1、yum install openstack-neutron-linuxbridge ebtables ipset[root@computer01 ~]# vim /etc/neutron/neutron.conf
[DEFAULT]...rpc_backend = rabbitauth_strategy = keystone[oslo_messaging_rabbit]
...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 123[keystone_authtoken]...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = neutronpassword = 123[oslo_concurrency]
...lock_path = /var/lib/neutron/tmp[root@computer01 ~]# vim /etc/neutron/plugins/ml2/linuxbridge_agent.ini
[linux_bridge]physical_interface_mappings = provider:eno16777736[vxlan]enable_vxlan = Truelocal_ip = 192.168.253.142l2_population = True [securitygroup]...enable_security_group = Truefirewall_driver = neutron.agent.linux.iptables_firewall.IptablesFirewallDriver[root@computer01 ~]# vim /etc/nova/nova.conf[neutron]...url = http://controller:9696auth_url = http://controller:35357auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultregion_name = RegionOneproject_name = serviceusername = neutronpassword = 123[root@computer01 ~]# systemctl restart openstack-nova-compute.service
[root@computer01 ~]# systemctl enable neutron-linuxbridge-agent.service[root@computer01 ~]# systemctl start neutron-linuxbridge-agent.service#############################登录控制节点进行验证
[root@controller ~]# source admin.sh [root@controller ~]# neutron ext-list+---------------------------+-----------------------------------------------+| alias | name |+---------------------------+-----------------------------------------------+| default-subnetpools | Default Subnetpools || network-ip-availability | Network IP Availability || network_availability_zone | Network Availability Zone || auto-allocated-topology | Auto Allocated Topology Services || ext-gw-mode | Neutron L3 Configurable external gateway mode || binding | Port Binding || agent | agent || subnet_allocation | Subnet Allocation || l3_agent_scheduler | L3 Agent Scheduler || tag | Tag support || external-net | Neutron external network || net-mtu | Network MTU || availability_zone | Availability Zone || quotas | Quota management support || l3-ha | HA Router extension || flavors | Neutron Service Flavors || provider | Provider Network || multi-provider | Multi Provider Network || address-scope | Address scope || extraroute | Neutron Extra Route || timestamp_core | Time Stamp Fields addition for core resources || router | Neutron L3 Router || extra_dhcp_opt | Neutron Extra DHCP opts || dns-integration | DNS Integration || security-group | security-group || dhcp_agent_scheduler | DHCP Agent Scheduler || router_availability_zone | Router Availability Zone || rbac-policies | RBAC Policies || standard-attr-description | standard-attr-description || port-security | Port Security || allowed-address-pairs | Allowed Address Pairs || dvr | Distributed Virtual Router |+---------------------------+-----------------------------------------------+ #验证代理[root@controller ~]# neutron agent-list+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+| id | agent_type | host | alive | admin_state_up | binary |+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+| 08905043-5010-4b87-bba5-aedb1956e27a | Linux bridge agent | compute1 | :-) | True | neutron-linuxbridge-agent || 27eee952-a748-467b-bf71-941e89846a92 | Linux bridge agent | controller | :-) | True | neutron-linuxbridge-agent || 830344ff-dc36-4956-84f4-067af667a0dc | L3 agent | controller | :-) | True | neutron-l3-agent || dd3644c9-1a3a-435a-9282-eb306b4b0391 | DHCP agent | controller | :-) | True | neutron-dhcp-agent || f49a4b81-afd6-4b3d-b923-66c8f0517099 | Metadata agent | controller | :-) | True | neutron-metadata-agent |+--------------------------------------+--------------------+------------+-------+----------------+---------------------------+ ############################################################################################################################ Dashboard部署安装#############################################################################################################################安装dashboard仪表盘组件
[root@controller ~]# yum install openstack-dashboard[root@controller ~]# vim /etc/openstack-dashboard/local_settings OPENSTACK_HOST = "controller"ALLOWED_HOSTS = ['*', ]SESSION_ENGINE = 'django.contrib.sessions.backends.cache'CACHES = {
'default': { 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', 'LOCATION': 'controller:11211', }}OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST#通过仪表盘创建的用户默认角色配置为 user :OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"#配置API版本OPENSTACK_API_VERSIONS = { "identity": 3, "image": 2, "volume": 2,}#启用对域的支持
#OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True#通过仪表盘创建用户时的默认域配置为 default #OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = "default"[root@controller ~]# systemctl restart httpd.service memcached.service###############################################################################################################
# 创建虚拟网络###############################################################################################################1、创建虚拟网络#创建外网网络[root@controller ~]# . admin.sh[root@controller ~]# neutron net-create --shared --provider:physical_network provider \ --provider:network_type flat providerCreated a new network:+---------------------------+--------------------------------------+| Field | Value |+---------------------------+--------------------------------------+| admin_state_up | True || id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad || mtu | 1500 || name | provider || port_security_enabled | True || provider:network_type | flat || provider:physical_network | provider || provider:segmentation_id | || router:external | False || shared | True || status | ACTIVE || subnets | || tenant_id | d84313397390425c8ed50b2f6e18d092 |+---------------------------+--------------------------------------+#创建子网[root@controller ~]# neutron subnet-create --name provider \ --allocation-pool start=192.168.50.37,end=192.168.50.39 \ --dns-nameserver 8.8.4.4 --gateway 192.168.50.30 \ provider 192.168.50.0/24Created a new subnet:+-------------------+----------------------------------------------------+| Field | Value |+-------------------+----------------------------------------------------+| allocation_pools | {"start": "203.0.113.101", "end": "203.0.113.250"} || cidr | 203.0.113.0/24 || dns_nameservers | 8.8.4.4 || enable_dhcp | True || gateway_ip | 203.0.113.1 || host_routes | || id | 5cc70da8-4ee7-4565-be53-b9c011fca011 || ip_version | 4 || ipv6_address_mode | || ipv6_ra_mode | || name | provider || network_id | 0e62efcd-8cee-46c7-b163-d8df05c3c5ad || subnetpool_id | || tenant_id | d84313397390425c8ed50b2f6e18d092 |+-------------------+----------------------------------------------------+#创建私有网
[root@controller ~]# neutron net-create selfservice
Created a new network:+-----------------------+--------------------------------------+| Field | Value |+-----------------------+--------------------------------------+| admin_state_up | True || id | 7c6f9b37-76b4-463e-98d8-27e5686ed083 || mtu | 0 || name | selfservice || port_security_enabled | True || router:external | False || shared | False || status | ACTIVE || subnets | || tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |+-----------------------+--------------------------------------+#创建内网子网
[root@controller ~]# neutron subnet-create --name selfservice \ --dns-nameserver 8.8.4.4 --gateway 172.16.1.1 \ selfservice 172.16.1.0/24Created a new subnet:+-------------------+------------------------------------------------+| Field | Value |+-------------------+------------------------------------------------+| allocation_pools | {"start": "172.16.1.2", "end": "172.16.1.254"} || cidr | 172.16.1.0/24 || dns_nameservers | 8.8.4.4 || enable_dhcp | True || gateway_ip | 172.16.1.1 || host_routes | || id | 3482f524-8bff-4871-80d4-5774c2730728 || ip_version | 4 || ipv6_address_mode | || ipv6_ra_mode | || name | selfservice || network_id | 7c6f9b37-76b4-463e-98d8-27e5686ed083 || subnetpool_id | || tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |+-------------------+------------------------------------------------+#添加’ router:external ‘ 到’ provider’ 网络[root@controller ~]# neutron net-update provider --router:externalUpdated network: provider#创建路由[root@controller ~]# neutron router-create routerCreated a new router:+-----------------------+--------------------------------------+| Field | Value |+-----------------------+--------------------------------------+| admin_state_up | True || external_gateway_info | || id | 89dd2083-a160-4d75-ab3a-14239f01ea0b || name | router || routes | || status | ACTIVE || tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c |+-----------------------+--------------------------------------+#给路由器添加一个私网子网的接口[root@controller ~]# neutron router-interface-add router selfservice Added interface bff6605d-824c-41f9-b744-21d128fc86e1 to router router.#给路由器设置公有网络的网关:[root@controller ~]# neutron router-gateway-set router providerSet gateway for router router#验证操作
#列出网络命名空间。你应该可以看到一个’ qrouter ‘命名空间和两个’qdhcp ‘ 命名空间[root@controller ~]# ip netnsqrouter-89dd2083-a160-4d75-ab3a-14239f01ea0bqdhcp-7c6f9b37-76b4-463e-98d8-27e5686ed083qdhcp-0e62efcd-8cee-46c7-b163-d8df05c3c5ad#列出路由器上的端口来确定公网网关的IP 地址:[root@controller ~]# neutron router-port-list router+--------------------------------------+------+-------------------+------------------------------------------+| id | name | mac_address | fixed_ips |+--------------------------------------+------+-------------------+------------------------------------------+| bff6605d-824c-41f9-b744-21d128fc86e1 | | fa:16:3e:2f:34:9b | {"subnet_id": || | | | "3482f524-8bff-4871-80d4-5774c2730728", || | | | "ip_address": "172.16.1.1"} || d6fe98db-ae01-42b0-a860-37b1661f5950 | | fa:16:3e:e8:c1:41 | {"subnet_id": || | | | "5cc70da8-4ee7-4565-be53-b9c011fca011", || | | | "ip_address": "203.0.113.102"} |+--------------------------------------+------+-------------------+------------------------------------------+页面测试访问:http://192.168.253.141/dashboard
成功访问后测试创建云主机
##############################################################################################
#从控制节点或任意公共物理网络上的节点Ping这个IP地址:[root@controller ~]# ping -c 4 203.0.113.102PING 203.0.113.102 (203.0.113.102) 56(84) bytes of data.64 bytes from 203.0.113.102: icmp_req=1 ttl=64 time=0.619 ms64 bytes from 203.0.113.102: icmp_req=2 ttl=64 time=0.189 ms64 bytes from 203.0.113.102: icmp_req=3 ttl=64 time=0.165 ms64 bytes from 203.0.113.102: icmp_req=4 ttl=64 time=0.216 ms
#####################################创建实例云主机################################################################
[root@controller ~]# . admin.sh#一个实例指定了虚拟机资源的大致分配,包括处理器、内存和存储。 列出可用类型:[root@controller ~]# openstack flavor list
+----+-----------+-------+------+-----------+-------+-----------+| ID | Name | RAM | Disk | Ephemeral | VCPUs | Is Public |+----+-----------+-------+------+-----------+-------+-----------+| 1 | m1.tiny | 512 | 1 | 0 | 1 | True || 2 | m1.small | 2048 | 20 | 0 | 1 | True || 3 | m1.medium | 4096 | 40 | 0 | 2 | True || 4 | m1.large | 8192 | 80 | 0 | 4 | True || 5 | m1.xlarge | 16384 | 160 | 0 | 8 | True |+----+-----------+-------+------+-----------+-------+-----------+#列出可用镜像:
[root@controller ~]# openstack image list+--------------------------------------+--------+--------+| ID | Name | Status |+--------------------------------------+--------+--------+| 390eb5f7-8d49-41ec-95b7-68c0d5d54b34 | cirros | active |+--------------------------------------+--------+--------+
#列出可用网络:
[root@controller ~]# openstack network list+--------------------------------------+--------------+--------------------------------------+| ID | Name | Subnets |+--------------------------------------+--------------+--------------------------------------+| 4716ddfe-6e60-40e7-b2a8-42e57bf3c31c | selfservice | 2112d5eb-f9d6-45fd-906e-7cabd38b7c7c || b5b6993c-ddf9-40e7-91d0-86806a42edb8 | provider | 310911f6-acf0-4a47-824e-3032916582ff |+--------------------------------------+--------------+--------------------------------------+#列出可用的安全组:
[root@controller ~]# openstack security group list+--------------------------------------+---------+------------------------+| ID | Name | Description |+--------------------------------------+---------+------------------------+| dd2b614c-3dad-48ed-958b-b155a3b38515 | default | Default security group |+--------------------------------------+---------+------------------------+#启动实例:[root@controller ~]# openstack server create --flavor m1.tiny --image cirros \ --nic net-id=PROVIDER_NET_ID --security-group default \ --key-name mykey provider-instance+--------------------------------------+-----------------------------------------------+
| Property | Value |+--------------------------------------+-----------------------------------------------+| OS-DCF:diskConfig | MANUAL || OS-EXT-AZ:availability_zone | nova || OS-EXT-STS:power_state | 0 || OS-EXT-STS:task_state | scheduling || OS-EXT-STS:vm_state | building || OS-SRV-USG:launched_at | - || OS-SRV-USG:terminated_at | - || accessIPv4 | || accessIPv6 | || adminPass | hdF4LMQqC5PB || config_drive | || created | 2015-09-17T21:58:18Z || flavor | m1.tiny (1) || hostId | || id | 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf || image | cirros (38047887-61a7-41ea-9b49-27987d5e8bb9) || key_name | mykey || metadata | {} || name | provider-instance || os-extended-volumes:volumes_attached | [] || progress | 0 || security_groups | default || status | BUILD || tenant_id | f5b2ccaa75ac413591f12fcaa096aa5c || updated | 2015-09-17T21:58:18Z || user_id | 684286a9079845359882afc3aa5011fb |+--------------------------------------+-----------------------------------------------+#检查实例的状态:
[root@controller ~]# openstack server list+--------------------------------------+-------------------+--------+---------------------------------+| ID | Name | Status | Networks |+--------------------------------------+-------------------+--------+---------------------------------+| 181c52ba-aebc-4c32-a97d-2e8e82e4eaaf | provider-instance | ACTIVE | provider=203.0.113.103 |+--------------------------------------+-------------------+--------+---------------------------------+#使用虚拟控制台访问实例
[root@controller ~]# openstack console url show provider-instance+-------+---------------------------------------------------------------------------------+| Field | Value |+-------+---------------------------------------------------------------------------------+| type | novnc || url | http://controller:6080/vnc_auto.html?token=5eeccb47-525c-4918-ac2a-3ad1e9f1f493 |+-------+---------------------------------------------------------------------------------+#登录云主机,验证能否ping通公有网络的网关:[root@controller ~]# ping -c 4 203.0.113.1PING 203.0.113.1 (203.0.113.1) 56(84) bytes of data.64 bytes from 203.0.113.1: icmp_req=1 ttl=64 time=0.357 ms64 bytes from 203.0.113.1: icmp_req=2 ttl=64 time=0.473 ms64 bytes from 203.0.113.1: icmp_req=3 ttl=64 time=0.504 ms64 bytes from 203.0.113.1: icmp_req=4 ttl=64 time=0.470 ms#验证能否连接到互联网
#验证控制节点或者其他公有网络上的主机能否ping通实例:#在控制节点或其他公有网络上的主机使用 SSH远程访问实例:######################################################################################################################## 块存储 cinder 安装 控制节点#######################################################################################################################登录数据库[root@controller ~]# mysql -u root -p
CREATE DATABASE cinder;
GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' \ IDENTIFIED BY '123';GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' \ IDENTIFIED BY '123';GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'controller' \
IDENTIFIED BY '123'; . admin-openrc [root@controller ~]# openstack user create --domain default --password-prompt cinderUser Password:Repeat User Password:+-----------+----------------------------------+| Field | Value |+-----------+----------------------------------+| domain_id | e0353a670a9e496da891347c589539e9 || enabled | True || id | bb279f8ffc444637af38811a5e1f0562 || name | cinder |+-----------+----------------------------------+ [root@controller ~]# openstack role add --project service --user cinder admin[root@controller ~]# openstack service create --name cinder \
--description "OpenStack Block Storage" volume+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Block Storage || enabled | True || id | ab3bbbef780845a1a283490d281e7fda || name | cinder || type | volume |+-------------+----------------------------------+[root@controller ~]# openstack service create --name cinderv2 \
--description "OpenStack Block Storage" volumev2+-------------+----------------------------------+| Field | Value |+-------------+----------------------------------+| description | OpenStack Block Storage || enabled | True || id | eb9fd245bdbc414695952e93f29fe3ac || name | cinderv2 || type | volumev2 |+-------------+----------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ volume public http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 03fa2c90153546c295bf30ca86b1344b | | interface | public | | region | RegionOne | | region_id | RegionOne | | service_id | ab3bbbef780845a1a283490d281e7fda | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ volume internal http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 94f684395d1b41068c70e4ecb11364b2 | | interface | internal | | region | RegionOne | | region_id | RegionOne | | service_id | ab3bbbef780845a1a283490d281e7fda | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
volume admin http://controller:8776/v1/%\(tenant_id\)s +--------------+-----------------------------------------+ | Field | Value | +--------------+-----------------------------------------+ | enabled | True | | id | 4511c28a0f9840c78bacb25f10f62c98 | | interface | admin | | region | RegionOne | | region_id | RegionOne | | service_id | ab3bbbef780845a1a283490d281e7fda | | service_name | cinder | | service_type | volume | | url | http://controller:8776/v1/%(tenant_id)s | +--------------+-----------------------------------------+ [root@controller ~]# openstack endpoint create --region RegionOne \ volumev2 public http://controller:8776/v2/%\(tenant_id\)s+--------------+-----------------------------------------+| Field | Value |+--------------+-----------------------------------------+| enabled | True || id | 513e73819e14460fb904163f41ef3759 || interface | public || region | RegionOne || region_id | RegionOne || service_id | eb9fd245bdbc414695952e93f29fe3ac || service_name | cinderv2 || service_type | volumev2 || url | http://controller:8776/v2/%(tenant_id)s |+--------------+-----------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
volumev2 internal http://controller:8776/v2/%\(tenant_id\)s+--------------+-----------------------------------------+| Field | Value |+--------------+-----------------------------------------+| enabled | True || id | 6436a8a23d014cfdb69c586eff146a32 || interface | internal || region | RegionOne || region_id | RegionOne || service_id | eb9fd245bdbc414695952e93f29fe3ac || service_name | cinderv2 || service_type | volumev2 || url | http://controller:8776/v2/%(tenant_id)s |+--------------+-----------------------------------------+[root@controller ~]# openstack endpoint create --region RegionOne \
volumev2 admin http://controller:8776/v2/%\(tenant_id\)s+--------------+-----------------------------------------+| Field | Value |+--------------+-----------------------------------------+| enabled | True || id | e652cf84dd334f359ae9b045a2c91d96 || interface | admin || region | RegionOne || region_id | RegionOne || service_id | eb9fd245bdbc414695952e93f29fe3ac || service_name | cinderv2 || service_type | volumev2 || url | http://controller:8776/v2/%(tenant_id)s |+--------------+-----------------------------------------+[root@controller ~]# yum install openstack-cinder
[root@controller ~]# vim /etc/cinder/cinder.conf
[database]...connection = mysql+pymysql://cinder:123@controller/cinder [DEFAULT]...rpc_backend = rabbit[oslo_messaging_rabbit]
...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 123[DEFAULT]
...auth_strategy = keystone[keystone_authtoken]
...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = cinderpassword = 123[DEFAULT]...my_ip = 192.168.50.123 [oslo_concurrency]...lock_path = /var/lib/cinder/tmp [root@controller ~]# su -s /bin/sh -c "cinder-manage db sync" cinder [root@controller ~]# vim /etc/nova/nova.conf[cinder]
os_region_name = RegionOnesystemctl restart openstack-nova-api.servicesystemctl enable openstack-cinder-api.service openstack-cinder-scheduler.servicesystemctl start openstack-cinder-api.service openstack-cinder-scheduler.service############################################存储节点也可以安装到控制节点###########################################
#需要添加两块硬盘做lvm[root@controller ~]# yum install lvm2
[root@controller ~]# systemctl enable lvm2-lvmetad.service[root@controller ~]# systemctl start lvm2-lvmetad.service [root@controller ~]# pvcreate /dev/sdb /dev/sdcPhysical volume "/dev/sdb" successfully created[root@controller ~]# vgcreate cinder-volumes /dev/sdb /dev/sdc
Volume group "cinder-volumes" successfully created[root@controller ~]# vim /etc/lvm/lvm.conf
devices { ...filter = [ "a/sdb/", "r/.*/"] }[root@controller ~]# yum install openstack-cinder targetcli python-keystone[root@controller ~]# vim /etc/cinder/cinder.conf[database]...connection = mysql+pymysql://cinder:123@controller/cinder [DEFAULT]...rpc_backend = rabbit[oslo_messaging_rabbit]
...rabbit_host = controllerrabbit_userid = openstackrabbit_password = 123[DEFAULT]...auth_strategy = keystone[keystone_authtoken]
...auth_uri = http://controller:5000auth_url = http://controller:35357memcached_servers = controller:11211auth_type = passwordproject_domain_name = defaultuser_domain_name = defaultproject_name = serviceusername = cinderpassword = 123 [DEFAULT]...my_ip = 192.168.50.123[lvm] #添加上
...volume_driver = cinder.volume.drivers.lvm.LVMVolumeDrivervolume_group = cinder-volumesiscsi_protocol = iscsiiscsi_helper = lioadm[DEFAULT]...enabled_backends = lvmglance_api_servers = http://controller:9292[oslo_concurrency]...lock_path = /var/lib/cinder/tmpsystemctl enable openstack-cinder-volume.service target.servicesystemctl start openstack-cinder-volume.service target.service[root@controller ~]# . admin-openrc[root@controller ~]# cinder service-list
+------------------+------------+------+---------+-------+----------------------------+-----------------+| Binary | Host | Zone | Status | State | Updated_at | Disabled Reason |+------------------+------------+------+---------+-------+----------------------------+-----------------+| cinder-scheduler | controller | nova | enabled | up | 2014-10-18T01:30:54.000000 | None || cinder-volume | block1@lvm | nova | enabled | up | 2014-10-18T01:30:57.000000 | None |+------------------+------------+------+---------+-------+----------------------------+-----------------+ ############################################################################################################### 创建一个卷 添加到一个云主机上 ###############################################################################################################################
[root@controller ~]# openstack volume create --size 1 volume1
+---------------------+--------------------------------------+| Field | Value |+---------------------+--------------------------------------+| attachments | [] || availability_zone | nova || bootable | false || consistencygroup_id | None || created_at | 2016-03-08T14:30:48.391027 || description | None || encrypted | False || id | a1e8be72-a395-4a6f-8e07-856a57c39524 || multiattach | False || name | volume1 || properties | || replication_status | disabled || size | 1 || snapshot_id | None || source_volid | None || status | creating || type | None || updated_at | None || user_id | 684286a9079845359882afc3aa5011fb |+---------------------+--------------------------------------+[root@controller ~]# openstack volume list
+--------------------------------------+--------------+-----------+------+-------------+| ID | Display Name | Status | Size | Attached to |+--------------------------------------+--------------+-----------+------+-------------+| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | available | 1 | |+--------------------------------------+--------------+-----------+------+-------------+[root@controller ~]# openstack server add volume provider-instance volume1
[root@controller ~]# openstack volume list
+--------------------------------------+--------------+--------+------+--------------------------------------------+| ID | Display Name | Status | Size | Attached to |+--------------------------------------+--------------+--------+------+--------------------------------------------+| a1e8be72-a395-4a6f-8e07-856a57c39524 | volume1 | in-use | 1 | Attached to provider-instance on /dev/vdb |+--------------------------------------+--------------+--------+------+--------------------------------------------+[root@controller ~]# fdisk -l
Disk /dev/vda: 1073 MB, 1073741824 bytes
255 heads, 63 sectors/track, 130 cylinders, total 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000Device Boot Start End Blocks Id System
/dev/vda1 * 16065 2088449 1036192+ 83 LinuxDisk /dev/vdb: 1073 MB, 1073741824 bytes
16 heads, 63 sectors/track, 2080 cylinders, total 2097152 sectors Units = sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disk identifier: 0x00000000Disk /dev/vdb doesn't contain a valid partition table