Openstack部署

news2025/2/26 20:01:14

搭建基础环境

#网络

#防火墙

#用户用

#解析

#同步时间

实验角色

OpenStack01OpenStack02OpenStack03
192.168.1.101192.168.1.102192.168.1.103
srv1srv2srv3

同步时间

[root@srv1]# yum install chrony -y
[root@srv1]# vim /etc/chrony.conf
# 修改第3行,将NTP Server改为cn服务器
server 0.cn.pool.ntp.org iburst
server 1.cn.pool.ntp.org iburst
server 2.cn.pool.ntp.org iburst
server 3.cn.pool.ntp.org iburst

# 修改第25行,允许本地其他服务器同步
allow 192.168.1.0/24

[root@srv1 ~]# systemctl restart chronyd
# 确认同步信息
[root@node1 ~]# chronyc sources -v

安装openstack源并修改为本地服务器源 

[root@srv1 ~]# yum install centos-release-openstack-queens -y
CentOS-Base.repo              CentOS-QEMU-EV.repo         epel.repo          remi-php54.repo  remi-php81.repo
CentOS-Ceph-Luminous.repo     CentOS-SCLo-scl.repo        epel-testing.repo  remi-php70.repo  remi.repo
CentOS-CR.repo                CentOS-SCLo-scl-rh.repo     remi-glpi91.repo   remi-php71.repo  remi-safe.repo
CentOS-Debuginfo.repo         CentOS-Sources.repo         remi-glpi92.repo   remi-php72.repo
CentOS-fasttrack.repo         CentOS-Storage-common.repo  remi-glpi93.repo   remi-php73.repo
CentOS-Media.repo             CentOS-Vault.repo           remi-glpi94.repo   remi-php74.repo
CentOS-OpenStack-queens.repo  CentOS-x86_64-kernel.repo   remi-modular.repo  remi-php80.repo
yum --enablerepo=centos-openstack-queens install mariadb-server -y

升级本地所有软件包

[root@srv1 ~]# yum update -y

安装MairaDB

[root@srv1 ~]# yum --enablerepo=centos-openstack-queens install mariadb-server -y

[root@srv1 ~]# vim /etc/my.cnf
#于[mysqld]区段最后添加如下内容
[mysqld]
character-set-server=utf8

[root@srv1 ~]# systemctl enable --now mariadb

[root@srv1 ~]# netstat -anptu | grep 3306
tcp6       0      0 :::3306                 :::*                    LISTEN      2459/mysqld      

# 密码设置为password
[root@srv1 ~]# mysql_secure_installation

安装及配置Memcached与RabbitMQ(缓存与消息队列)

[root@srv1 ~]# yum --enablerepo=epel install rabbitmq-server memcached -y
[root@srv1 ~]# systemctl enable --now rabbitmq-server memcached

#在RabbitMQ中添加一个新用户,用户名为 "openstack",密码为 "password"。
[root@srv1 ~]# rabbitmqctl add_user openstack password
Creating user "openstack"

#为用户 "openstack" 设置权限。其中,".*" 参数表示获取了读、写配置,所有消息队列和交换机权限
[root@srv1 ~]# rabbitmqctl set_permissions openstack ".*" ".*" ".*"
Setting permissions for user "openstack" in vhost "/"

[root@srv1 ~]# netstat -anptu | grep 5672
tcp        0      0 0.0.0.0:25672           0.0.0.0:*               LISTEN      2691/beam.smp       
tcp6       0      0 :::5672                 :::*                    LISTEN      2691/beam.smp       
[root@srv1 ~]# netstat -anptu | grep 11211
tcp        0      0 127.0.0.1:11211         0.0.0.0:*               LISTEN      2727/memcached      
tcp6       0      0 ::1:11211               :::*                    LISTEN      2727/memcached     

添加数据库keystone用户并赋予权限

[root@srv1 ~]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 11
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database keystone;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on keystone.* to keystone@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> exit
Bye

安装keystone先安装python以来否则出现以下错误

============================================错误汇总============================================
1. 出现以下错误:
Error: Package: python2-pyngus-2.3.0-1.el7.noarch (epel)
           Requires: python2-qpid-proton >= 0.28.0

2.解决方法
[root@srv1 ~]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
============================================汇总结束============================================

[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-keystone openstack-utils python-openstackclient httpd mod_wsgi -y

配置keystone

[root@node1 ~]# vim /etc/keystone/keystone.conf
# 修改605行,指定Memcached的信息
memcache_servers = 192.168.11.101:11211

# 修改737行,指定数据库相关信息
connection = mysql+pymysql://keystone:password@192.168.1.101/keystone

# 于[token],添加2879行内容
[token]
provider = fernet

# 同步数据库
[root@node1 ~]# su -s /bin/bash keystone -c "keystone-manage db_sync"

# 初始化秘钥(生成令牌加密)
[root@node1 ~]# keystone-manage fernet_setup --keystone-user keystone --keystone-group keystone
[root@node1 ~]# keystone-manage credential_setup --keystone-user keystone --keystone-group keystone

# bootstrap keystone
[root@node1 ~]# keystone-manage bootstrap \
--bootstrap-password adminpassword \ 
--bootstrap-admin-url http://192.168.1.101:5000/v3/ \
--bootstrap-internal-url http://192.168.1.101:5000/v3/ \
--bootstrap-public-url http://192.168.1.101:5000/v3/ \
--bootstrap-region-id RegionOne

#设置管理员用户admin的密码为
#设置管理员用户admin的管理员URL,用于管理Keystone服务。
#设置管理员用户admin的内部URL,用于Keystone服务内部组件之间的通信。
#设置管理员用户admin的公共URL,用于对外提供服务的接口。
#设置Keystone的区域ID为 "RegionOne"。

在Apache上配置Keystone

[root@srv1 ~]# ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/
[root@srv1 ~]# systemctl enable --now httpd

[root@srv1 ~(keystone)]# netstat -lantp | grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      10137/httpd         
[root@srv1 ~(keystone)]# netstat -lantp | grep 35357
tcp6       0      0 :::35357                :::*                    LISTEN      10137/httpd   

设定Keystone Shell环境及创建租户

设定环境
[root@srv1 ~]# vim ~/keystonerc
export OS_PROJECT_DOMAIN_NAME=default
export OS_USER_DOMAIN_NAME=default
export OS_PROJECT_NAME=admin
export OS_USERNAME=admin
export OS_PASSWORD=adminpassword
export OS_AUTH_URL=http://192.168.1.101:5000/v3
export OS_IDENTITY_API_VERSION=3
export OS_IMAGE_API_VERSION=2
export PS1='[\u@\h \W(keystone)]\$ '

#设置项目域名为 "default",用于指定项目所属的域。
#设置用户域名为 "default",用于指定用户所属的域。
#设置项目名称为 "admin",表示要操作的项目为 "admin"。
#设置用户名为 "admin",表示要使用的用户名为 "admin"。
#设置密码为 "adminpassword",用于进行身份验证。
#设置认证URL为 "http://192.168.1.101:5000/v3",用于身份验证和访问OpenStack服务。
#设置身份验证API版本为 "3",表示要使用OpenStack标识服务的API版本。
#设置镜像API版本为 "2",表示要使用OpenStack镜像服务的API版本。
#设置命令行提示符的格式。在提示符中显示当前用户名、主机名和当前工作目录,并指示当前环境为 "keystone"。

[root@srv1 ~]# chmod 600 ~/keystonerc
[root@srv1 ~]# source ~/keystonerc
[root@srv1 ~(keystone)]# echo "source ~/keystonerc " >> ~/.bash_profile

#执行~/keystonerc文件中的环境变量导入当前会话。keystonerc文件通常包含了OpenStack客户端命令行工具所需的各种环境变量,如认证信息、API版本等。
#将source ~/keystonerc命令添加到当前用户的~/.bash_profile文件中。这样,在每次用户登录时,~/.bash_profile文件中的内容会被执行,从而自动加载OpenStack客户端的环境变量设置。

创建租户并验证

#用于创建一个名为 "service" 的项目(Project),并将其关联到默认的域(Domain)中。
[root@srv1 ~(keystone)]# openstack project create --domain default --description "Service Project" service
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | Service Project                  |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| is_domain   | False                            |
| name        | service                          |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

#查看当前OpenStack环境中所有项目的概览信息
[root@srv1 ~(keystone)]# openstack project list
+----------------------------------+---------+
| ID                               | Name    |
+----------------------------------+---------+
| 045c8b0eb3e04e329f2fd1b0b0e8d164 | service |
| 221b4ddca2a4482dbf169d45771b3c27 | admin   |
+----------------------------------+---------+

#用于显示admin的详细信息/admin是要显示详细信息的项目的名称或ID。
[root@srv1 ~(keystone)]# openstack project show admin
+-------------+-----------------------------------------------+
| Field       | Value                                         |
+-------------+-----------------------------------------------+
| description | Bootstrap project for initializing the cloud. |
| domain_id   | default                                       |
| enabled     | True                                          |
| id          | 221b4ddca2a4482dbf169d45771b3c27              |
| is_domain   | False                                         |
| name        | admin                                         |
| parent_id   | default                                       |
| tags        | []                                            |
+-------------+-----------------------------------------------+

#查看用户列表
[root@srv1 ~(keystone)]# openstack user list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 63948f840014441fa5b6dbf032e13104 | admin |
+----------------------------------+-------+

#查看终端列表
[root@srv1 ~(keystone)]# openstack endpoint list
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| ID                               | Region    | Service Name | Service Type | Enabled | Interface | URL                           |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+
| 4be9ebda8f83471fa59f389f9512f485 | RegionOne | keystone     | identity     | True    | internal  | http://192.168.1.101:5000/v3/ |
| 6db3f9752db5432ab5e36b0a70eca23d | RegionOne | keystone     | identity     | True    | admin     | http://192.168.1.101:5000/v3/ |
| 74c7fc497a8e462bb0c2be1af0ef08ac | RegionOne | keystone     | identity     | True    | public    | http://192.168.1.101:5000/v3/ |
+----------------------------------+-----------+--------------+--------------+---------+-----------+-------------------------------+

#查看目录列表
[root@srv1 ~(keystone)]# openstack catalog list
+----------+----------+-------------------------------------------+
| Name     | Type     | Endpoints                                 |
+----------+----------+-------------------------------------------+
| keystone | identity | RegionOne                                 |
|          |          |   internal: http://192.168.1.101:5000/v3/ |
|          |          | RegionOne                                 |
|          |          |   admin: http://192.168.1.101:5000/v3/    |
|          |          | RegionOne                                 |
|          |          |   public: http://192.168.1.101:5000/v3/   |
|          |          |                                           |
+----------+----------+-------------------------------------------+

添加及配置Glance用户及设定endpoint信息

# 添加glance账户,并定义其隶属于service租户,密码为servicepassword
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword glance
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 9bba7fbed99e4301a92ed02a34c99f4a |
| name                | glance                           |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

# 授权glance账户为admin角色
[root@srv1 ~(keystone)]# openstack role add --project service --user glance admin

# 创建glance服务
[root@srv1 ~(keystone)]# openstack service create --name glance --description "OpenStack Image service" image
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Image service          |
| enabled     | True                             |
| id          | 8a780cc7bc784e85bcafcadebe034027 |
| name        | glance                           |
| type        | image                            |
+-------------+----------------------------------+

# 创建glance endpoint的public、internal、admin信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image public http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3adda7db76e54106b27ee450936279e7 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.1.101:9292        |
+--------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image internal http://192.168.1.101:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3dfb2787e2714007922dfd9306b1c3d7 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.1.101:9292        |
+--------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne image admin http://192.168.10.11:9292
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 34c426ddb1f84941b988c38573e13638 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 8a780cc7bc784e85bcafcadebe034027 |
| service_name | glance                           |
| service_type | image                            |
| url          | http://192.168.10.11:9292        |
+--------------+----------------------------------+

设定Glance数据库

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database glance;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on glance.* to glance@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

安装及配置Glance

1) 安装Glance
[root@node1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-glance -y

2) 配置Glance
(1) 配置Glance API
[root@node1 ~(keystone)]# mv /etc/glance/glance-api.conf /etc/glance/glance-api.conf.bak
[root@node1 ~(keystone)]# vim /etc/glance/glance-api.conf
[DEFAULT]
bind_host = 0.0.0.0
[glance_store]
stores = file,http
default_store = file
filesystem_store_datadir = /var/lib/glance/images/

[database]
connection = mysql+pymysql://glance:password@192.168.1.101/glance

# 定义连接keystone的信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = glance
password = servicepassword

[paste_deploy]
flavor = keystone
(2) 配置Glance Registry
[root@srv1 ~(keystone)]# mv /etc/glance/glance-registry.conf /etc/glance/glance-registry.conf.bak
[root@srv1 ~(keystone)]# vim /etc/glance/glance-registry.conf

[root@srv1 ~(keystone)]# chmod 640 /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# chown root:glance /etc/glance/glance-api.conf /etc/glance/glance-registry.conf
[root@srv1 ~(keystone)]# su -s /bin/bash glance -c "glance-manage db_sync"
...
...
...
INFO  [alembic.runtime.migration] Running upgrade pike_contract01 -> queens_contract01
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Upgraded database to: queens_contract01, current revision(s): queens_contract01
INFO  [alembic.runtime.migration] Context impl MySQLImpl.
INFO  [alembic.runtime.migration] Will assume non-transactional DDL.
Database is synced successfully.

[root@srv1 ~(keystone)]# systemctl enable --now openstack-glance-api openstack-glance-registry
[root@srv1 ~(keystone)]# cat /sys/module/kvm_intel/parameters/nested 
[root@srv1 ~(keystone)]# cat /proc/cpuinfo | grep vmx

创建实例并将实例,并将镜像注册至Glance中

#下载本地服务器镜像
[root@srv1 mnt(keystone)]# curl -O http://192.168.1.254/repos/CentOS/7/isos/x86_64/CentOS-7-x86_64-Minimal-2207-02.iso
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
  8  988M    8 988M    0     0  7602k      0  0:02:13  0:00:11  0:02:02 7622k

1) 安装KVM并设置桥接
[root@srv1 mnt(keystone)]# yum install qemu-kvm libvirt virt-install bridge-utils -y

[root@srv1 mnt(keystone)]# lsmod | grep kvm
kvm_intel             188793  0 
kvm                   653928  1 kvm_intel
irqbypass              13503  1 kvm
[root@srv1 mnt(keystone)]# systemctl enable --now libvirtd

#创建一个名为 "c7.img" 的qcow2格式镜像文件,并将其大小设置为5G,这个镜像文件可以用于创建和管理虚拟机。
[root@srv1 mnt(keystone)]# qemu-img create -f qcow2 /var/lib/libvirt/images/c7.img 5G

2) 安装实例
[root@srv1 ~(keystone)]# virt-install \
--name c7 \
--ram 1024 \
--disk path=/var/lib/libvirt/images/c7.img,format=qcow2 \
--vcpus 2 \
--os-type linux \
--os-variant rhel7 \
--graphics none \
--console pty,target_type=serial \
--location '/mnt/CentOS-7-x86_64-Minimal-2207-02.iso' \
--extra-args 'console=ttyS0,115200n8 serial'

根据提示安装 

注:不是X号的都需要进去调试

最小化安装完成回车重启

配置KVM用户名与云设置

CentOS Linux 7 (Core)
Kernel 3.10.0-1160.71.1.el7.x86_64 on an x86_64

lwj login: root
Password: 
[root@lwj ~]# systemctl disable --now firewalld
[root@lwj ~]# vi /etc/sysconfig/selinux 
SELINUX=disabled

[root@lwj ~]# vi /etc/sysconfig/network-scripts/ifcfg-eth0 
删除UUID

[root@lwj ~]# yum install cloud-init -y

[root@lwj ~]# useradd snow
[root@lwj ~]# passwd snow
Changing password for user snow.
New password: 
BAD PASSWORD: The password fails the dictionary check - it is based on a dictionary word
Retype new password: 
passwd: all authentication tokens updated successfully.

[root@lwj ~]# vi /etc/cloud/cloud.cfg
      5 ssh_pwauth:   1
     57     name: snow
     58     lock_passwd: false
[root@lwj ~]# systemctl enable cloud-init sshd
[root@lwj ~]# poweroff

删除虚拟机

[root@srv1 mnt(keystone)]# openstack image create "c7" --file /var/lib/libvirt/images/c7.img --disk-format qcow2 --container-format bare --public
+------------------+------------------------------------------------------+
| Field            | Value                                                |
+------------------+------------------------------------------------------+
| checksum         | 3dcc3a6d02c738ac66304a45b101e4e0                     |
| container_format | bare                                                 |
| created_at       | 2023-10-12T12:12:49Z                                 |
| disk_format      | qcow2                                                |
| file             | /v2/images/e6876582-15ff-44df-b3ef-34ec424438a1/file |
| id               | e6876582-15ff-44df-b3ef-34ec424438a1                 |
| min_disk         | 0                                                    |
| min_ram          | 0                                                    |
| name             | c7                                                   |
| owner            | 221b4ddca2a4482dbf169d45771b3c27                     |
| protected        | False                                                |
| schema           | /v2/schemas/image                                    |
| size             | 1832583168                                           |
| status           | active                                               |
| tags             |                                                      |
| updated_at       | 2023-10-12T12:13:05Z                                 |
| virtual_size     | None                                                 |
| visibility       | public                                               |
+------------------+------------------------------------------------------+
 

[root@srv1 mnt(keystone)]# openstack image list
+--------------------------------------+------+--------+
| ID                                   | Name | Status |
+--------------------------------------+------+--------+
| e6876582-15ff-44df-b3ef-34ec424438a1 | c7   | active |
+--------------------------------------+------+--------+

[root@srv1 mnt(keystone)]# cd /var/lib/glance/images/
[root@srv1 images(keystone)]# ls
e6876582-15ff-44df-b3ef-34ec424438a1
[root@srv1 images(keystone)]# file e6876582-15ff-44df-b3ef-34ec424438a1
e6876582-15ff-44df-b3ef-34ec424438a1: QEMU QCOW Image (v3), 5368709120 bytes
[root@srv1 images(keystone)]# virsh list --all
 Id    Name                           State
----------------------------------------------------
 -     c7                             shut off

[root@srv1 images(keystone)]# virsh undefine c7
Domain c7 has been undefined

[root@srv1 images(keystone)]# virsh list --all
 Id    Name                           State
----------------------------------------------------

[root@srv1 images(keystone)]# rm -rf /var/lib/libvirt/images/c7.img 

下载虚拟机

[root@srv1 images(keystone)]# openstack image save --file c7.qcow2 c7
[root@srv1 images(keystone)]# ls
c7.qcow2  e6876582-15ff-44df-b3ef-34ec424438a1

Openstack配置手册-Nova配置

添加Nova账户并注册至Keystone

[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword nova
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 14a8b1c6d8e745ef86767614112af49f |
| name                | nova                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project service --user nova admin
[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword placement
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 7b0529346650470a83e27f9ecf52d8de |
| name                | placement                        |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name nova --description "OpenStack Compute service" compute
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Compute service        |
| enabled     | True                             |
| id          | 0076fdf1b440414ebf0f12e15e2fd9f5 |
| name        | nova                             |
| type        | compute                          |
+-------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack service create --name placement --description "OpenStack Compute Placement service" placement
+-------------+-------------------------------------+
| Field       | Value                               |
+-------------+-------------------------------------+
| description | OpenStack Compute Placement service |
| enabled     | True                                |
| id          | 91c96fcb64484e74929f5247d9c7f20d    |
| name        | placement                           |
| type        | placement                           |
+-------------+-------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute public http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | b340db6b089a4c68b0debbdb8067175a             |
| interface    | public                                       |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute internal http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | fa70f77eb1f94ac286a04d46fd53832d             |
| interface    | internal                                     |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne compute admin http://192.168.1.101:8774/v2.1/%\(tenant_id\)s
+--------------+----------------------------------------------+
| Field        | Value                                        |
+--------------+----------------------------------------------+
| enabled      | True                                         |
| id           | 6b6d59429f6c478aba389051ff52b4a8             |
| interface    | admin                                        |
| region       | RegionOne                                    |
| region_id    | RegionOne                                    |
| service_id   | 0076fdf1b440414ebf0f12e15e2fd9f5             |
| service_name | nova                                         |
| service_type | compute                                      |
| url          | http://192.168.1.101:8774/v2.1/%(tenant_id)s |
+--------------+----------------------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement public http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 5b7572cfd16842129efc3c9a09799cb6 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement internal http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6cfc5c62f6434a369345f56482d2fda4 |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne placement admin http://192.168.1.101:8778
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 3fe84b02d2af4645ade2f9139b804a7c |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 91c96fcb64484e74929f5247d9c7f20d |
| service_name | placement                        |
| service_type | placement                        |
| url          | http://192.168.1.101:8778        |
+--------------+----------------------------------+

设置Nova数据库

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 7
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database nova;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database nova_api;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_api.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> grant all privileges on nova_api.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database nova_placement;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_placement.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> create database nova_cell0;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'localhost' identified by 'password';
Query OK, 0 rows affected (0.01 sec)

MariaDB [(none)]> grant all privileges on nova_cell0.* to nova@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

安装及配置Nova

1) 安装Nova
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova -y

# 使用openstack源自带的novnc工具
[root@srv1 ~(keystone)]# yum remove novnc -y
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens install openstack-nova -y

2) 配置Nova
[root@srv1 ~(keystone)]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
[DEFAULT]
# 定义本机IP
my_ip = 192.168.1.101
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova

# RabbitMQ所在位置
transport_url = rabbit://openstack:password@192.168.1.101

[api]
auth_strategy = keystone

# glance位置
[glance]
api_servers = http://192.168.1.101:9292

[oslo_concurrency]
lock_path = $state_path/tmp

# 定义连接数据库的信息
[api_database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova_api

[database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova

# 定义keystone信息
[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword

[placement]
auth_url = http://192.168.1.101:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword

[placement_database]
connection = mysql+pymysql://nova:password@192.168.1.101/nova_placement

[wsgi]
api_paste_config = /etc/nova/api-paste.ini


[root@srv1 ~(keystone)]# chmod 640 /etc/nova/nova.conf
[root@srv1 ~(keystone)]# chgrp nova /etc/nova/nova.conf
[root@srv1 ~(keystone)]# vim /etc/httpd/conf.d/00-nova-placement-api.conf
# 于15行一下添加如下内容
  <Directory /usr/bin>
    Require all granted
  </Directory>

同步数据库并启动Nova相关服务

[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage api_db sync"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 map_cell0"
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage db sync"
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `block_device_mapping_instance_uuid_virtual_name_device_name_idx`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
/usr/lib/python2.7/site-packages/pymysql/cursors.py:170: Warning: (1831, u'Duplicate index `uniq_instances0uuid`. This is deprecated and will be disallowed in a future release.')
  result = self._query(query)
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 create_cell --name cell1"
[root@srv1 ~(keystone)]# systemctl restart httpd
[root@srv1 ~(keystone)]# chown nova. /var/log/nova/nova-placement-api.log
[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-api openstack-nova-consoleauth \
> openstack-nova-conductor openstack-nova-scheduler openstack-nova-novncproxy
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-api.service to /usr/lib/systemd/system/openstack-nova-api.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-consoleauth.service to /usr/lib/systemd/system/openstack-nova-consoleauth.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-conductor.service to /usr/lib/systemd/system/openstack-nova-conductor.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-scheduler.service to /usr/lib/systemd/system/openstack-nova-scheduler.service.
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-novncproxy.service to /usr/lib/systemd/system/openstack-nova-novncproxy.service.
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:03:00.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:03:01.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:03:02.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+
1) 确认KVM已经安装完毕

2) 安装Nova-Compute
[root@srv1 ~(keystone)]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y

3) 配置VNC(便于后续直接通过浏览器控制实例)
# 于文档最后追加如下内容
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
......
......
......
......
......
......

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = 192.168.1.101
novncproxy_base_url = http://192.168.1.101:6080/vnc_auto.html

启动并验证Nova-Compute

[root@srv1 ~(keystone)]# systemctl enable --now openstack-nova-compute
Created symlink from /etc/systemd/system/multi-user.target.wants/openstack-nova-compute.service to /usr/lib/systemd/system/openstack-nova-compute.service.
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:14:51.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:14:51.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:14:52.000000 |
|  6 | nova-compute     | srv1 | nova     | enabled | up    | 2023-10-12T13:14:50.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+

添加扩展节点配置openstack2服务器

#网络节点192.168.1.102

#防火墙

#vim /etc/hosts

#同步网络时间

#安装依赖

[root@srv1 yum.repos.d]# yum install -y http://192.168.1.254/repos/epel/7/x86_64/Packages/p/python2-qpid-proton-0.34.0-2.el7.x86_64.rpm http://192.168.1.254/repos/epel/7/x86_64/Packages/q/qpid-proton-c-0.34.0-2.el7.x86_64.rpm
2) 在扩展的计算节点上安装KVM并启动
[root@srv2 ~]# yum install qemu-kvm libvirt virt-install bridge-utils  -y
[root@srv2 ~]# lsmod | grep kvm
[root@srv2 ~]# systemctl enable --now libvirtd

3) 安装Nova-Compute
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-nova-compute -y

4) 配置Nova Compute
[root@srv2 ~]# mv /etc/nova/nova.conf /etc/nova/nova.conf.bak
[root@srv2 ~]# vim /etc/nova/nova.conf
[DEFAULT]
my_ip = 192.168.1.102
state_path = /var/lib/nova
enabled_apis = osapi_compute,metadata
log_dir = /var/log/nova

transport_url = rabbit://openstack:password@192.168.1.102

[api]
auth_strategy = keystone

[vnc]
enabled = True
server_listen = 0.0.0.0
server_proxyclient_address = $my_ip
novncproxy_base_url = http://192.168.1.102:6080/vnc_auto.html 

[glance]
api_servers = http://192.168.1.102:9292

[oslo_concurrency]
lock_path = $state_path/tmp

[keystone_authtoken]
www_authenticate_uri = http://192.168.1.102:5000
auth_url = http://192.168.1.102:5000
memcached_servers = 192.168.1.102:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = nova
password = servicepassword

[placement]
auth_url = http://192.168.1.102:5000
os_region_name = RegionOne
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = placement
password = servicepassword

[wsgi]
api_paste_config = /etc/nova/api-paste.ini

[root@srv2 ~]# chmod 640 /etc/nova/nova.conf
[root@srv2 ~]# chgrp nova /etc/nova/nova.conf
6) 启动Nova Compute
[root@srv2 ~]# systemctl enable --now openstack-nova-compute
7) 确认
# 未添加扩展计算节点时
[root@srv1 ~(keystone)]# su -s /bin/bash nova -c "nova-manage cell_v2 discover_hosts"
[root@srv1 ~(keystone)]# openstack compute service list
+----+------------------+------+----------+---------+-------+----------------------------+
| ID | Binary           | Host | Zone     | Status  | State | Updated At                 |
+----+------------------+------+----------+---------+-------+----------------------------+
|  1 | nova-consoleauth | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  2 | nova-conductor   | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  3 | nova-scheduler   | srv1 | internal | enabled | up    | 2023-10-12T13:53:33.000000 |
|  6 | nova-compute     | srv1 | nova     | enabled | up    | 2023-10-12T13:53:32.000000 |
|  7 | nova-compute     | srv2 | nova     | enabled | up    | 2023-10-12T13:53:32.000000 |
+----+------------------+------+----------+---------+-------+----------------------------+

Openstack配置手册-添加一个租户

[root@srv1 ~(keystone)]# openstack project create --domain default --description "1000y Project" 1000y
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | 1000y Project                    |
| domain_id   | default                          |
| enabled     | True                             |
| id          | 56a31c210f36466b80717dcb26f1cf2c |
| is_domain   | False                            |
| name        | 1000y                            |
| parent_id   | default                          |
| tags        | []                               |
+-------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack user create --domain default --project 1000y --password userpassword snow
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 56a31c210f36466b80717dcb26f1cf2c |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 067ee6c7f54c40dc802fce4a34397dfc |
| name                | snow                             |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+

[root@srv1 ~(keystone)]# openstack role create CloudUser
+-----------+----------------------------------+
| Field     | Value                            |
+-----------+----------------------------------+
| domain_id | None                             |
| id        | 39ffc364b3e54fdfa097e97a8852b717 |
| name      | CloudUser                        |
+-----------+----------------------------------+
[root@srv1 ~(keystone)]# openstack role add --project 1000y --user snow CloudUser

# 创建云实例所需的模板,名称为m1.small
[root@srv1 ~(keystone)]# openstack flavor create --id 0 --vcpus 1 --ram 2048 --disk 10 m1.small
+----------------------------+----------+
| Field                      | Value    |
+----------------------------+----------+
| OS-FLV-DISABLED:disabled   | False    |
| OS-FLV-EXT-DATA:ephemeral  | 0        |
| disk                       | 10       |
| id                         | 0        |
| name                       | m1.small |
| os-flavor-access:is_public | True     |
| properties                 |          |
| ram                        | 2048     |
| rxtx_factor                | 1.0      |
| swap                       |          |
| vcpus                      | 1        |
+----------------------------+----------+

[root@srv1 ~(keystone)]# openstack flavor list
+----+----------+------+------+-----------+-------+-----------+
| ID | Name     |  RAM | Disk | Ephemeral | VCPUs | Is Public |
+----+----------+------+------+-----------+-------+-----------+
| 0  | m1.small | 2048 |   10 |         0 |     1 | True      |
+----+----------+------+------+-----------+-------+-----------+

添加Neutron用户并注册至Keystone中

[root@srv1 ~(keystone)]# openstack user create --domain default --project service --password servicepassword neutron
+---------------------+----------------------------------+
| Field               | Value                            |
+---------------------+----------------------------------+
| default_project_id  | 045c8b0eb3e04e329f2fd1b0b0e8d164 |
| domain_id           | default                          |
| enabled             | True                             |
| id                  | 250a06bd443a41bbb58bb45e64440cc2 |
| name                | neutron                          |
| options             | {}                               |
| password_expires_at | None                             |
+---------------------+----------------------------------+


[root@srv1 ~(keystone)]# openstack role add --project service --user neutron admin
[root@srv1 ~(keystone)]# openstack service create --name neutron --description "OpenStack Networking service" network
+-------------+----------------------------------+
| Field       | Value                            |
+-------------+----------------------------------+
| description | OpenStack Networking service     |
| enabled     | True                             |
| id          | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| name        | neutron                          |
| type        | network                          |
+-------------+----------------------------------+

# 设定endpoint信息
[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network public http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 6e6b2b9c15f8479e8072a750b911ba01 |
| interface    | public                           |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+


[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network internal http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | 309a75f4209c4d8e80dda692cb3b644f |
| interface    | internal                         |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+


[root@srv1 ~(keystone)]# openstack endpoint create --region RegionOne network admin http://192.168.1.101:9696
+--------------+----------------------------------+
| Field        | Value                            |
+--------------+----------------------------------+
| enabled      | True                             |
| id           | ca3c046a519e440ab6857c4c3895b693 |
| interface    | admin                            |
| region       | RegionOne                        |
| region_id    | RegionOne                        |
| service_id   | 1cfb2e0bd42c4a63bd2bcf625fb9a0e8 |
| service_name | neutron                          |
| service_type | network                          |
| url          | http://192.168.1.101:9696        |
+--------------+----------------------------------+

添加Neutron数据库信息

[root@srv1 ~(keystone)]# mysql -uroot -p
Enter password: 
Welcome to the MariaDB monitor.  Commands end with ; or \g.
Your MariaDB connection id is 26
Server version: 10.1.20-MariaDB MariaDB Server

Copyright (c) 2000, 2016, Oracle, MariaDB Corporation Ab and others.

Type 'help;' or '\h' for help. Type '\c' to clear the current input statement.

MariaDB [(none)]> create database neutron_ml2;
Query OK, 1 row affected (0.00 sec)

MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'localhost' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> grant all privileges on neutron_ml2.* to neutron@'%' identified by 'password';
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> flush privileges;
Query OK, 0 rows affected (0.00 sec)

MariaDB [(none)]> exit
Bye

在控制节点安装srv1及配置Neutron

1) 安装Neutron Service到控制节点
[root@srv1 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron openstack-neutron-ml2  -y

2) 配置Neutron主配置文件
[root@srv1 ~(keystone)]# mv /etc/neutron/neutron.conf /etc/neutron/neutron.conf.bak
[root@srv1 ~(keystone)]# vim /etc/neutron/neutron.conf
[DEFAULT]
core_plugin = ml2
service_plugins = router
auth_strategy = keystone
state_path = /var/lib/neutron
dhcp_agent_notification = True
allow_overlapping_ips = True
notify_nova_on_port_status_changes = True
notify_nova_on_port_data_changes = True

transport_url = rabbit://openstack:password@192.168.1.101

[keystone_authtoken]
www_authenticate_uri = http://192.168.1.101:5000
auth_url = http://192.168.1.101:5000
memcached_servers = 192.168.1.101:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = servicepassword

[database]
connection = mysql+pymysql://neutron:password@192.168.1.101/neutron_ml2

[nova]
auth_url = http://192.168.1.101:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = servicepassword

[oslo_concurrency]
lock_path = $state_path/tmp

[root@srv1 ~(keystone)]# chmod 640 /etc/neutron/neutron.conf
[root@srv1 ~(keystone)]# chgrp neutron /etc/neutron/neutron.conf

3) 配置metadata_agent
[root@srv1 ~(keystone)]# vim /etc/neutron/metadata_agent.ini
# 修改22行,指定Nova AIP
nova_metadata_host = 192.168.1.101

# 取消34行注释,并指定共享秘钥
metadata_proxy_shared_secret = qyy_openstack

# 取消260行注释,并指定Memcache Server
memcache_servers = 192.168.1.101:11211


4) 配置ml2
[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,[ml2]区段下添加如下内容
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security

5) 配置nova
[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
# 于[DEFAULT]区段下添加如下内容
......
......
......
......
......
......

use_neutron = True
linuxnet_interface_driver = nova.network.linux_net.LinuxOVSInterfaceDriver
firewall_driver = nova.virt.firewall.NoopFirewallDriver

......

# 于文件最后,添加Neutron认证信息及设定认证共享密码
[neutron]
auth_url = http://192.168.10.11:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = neutron
password = servicepassword
service_metadata_proxy = True
metadata_proxy_shared_secret = qyy_openstack
6)启动Neutron
[root@srv1 ~(keystone)]# ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.ini

[root@srv1 ~(keystone)]# su -s /bin/bash neutron -c "neutron-db-manage \
> --config-file /etc/neutron/neutron.conf \
> --config-file /etc/neutron/plugin.ini upgrade head"

.....
.....
.....
.....

INFO  [alembic.runtime.migration] Running upgrade 349b6fd605a6 -> 7d32f979895f, add mtu for networks
INFO  [alembic.runtime.migration] Running upgrade 7d32f979895f -> 594422d373ee, fip qos
INFO  [alembic.runtime.migration] Running upgrade b67e765a3524 -> a84ccf28f06a, migrate dns name from port
INFO  [alembic.runtime.migration] Running upgrade a84ccf28f06a -> 7d9d8eeec6ad, rename tenant to project
INFO  [alembic.runtime.migration] Running upgrade 7d9d8eeec6ad -> a8b517cff8ab, Add routerport bindings for L3 HA
INFO  [alembic.runtime.migration] Running upgrade a8b517cff8ab -> 3b935b28e7a0, migrate to pluggable ipam
INFO  [alembic.runtime.migration] Running upgrade 3b935b28e7a0 -> b12a3ef66e62, add standardattr to qos policies
INFO  [alembic.runtime.migration] Running upgrade b12a3ef66e62 -> 97c25b0d2353, Add Name and Description to the networksegments table
INFO  [alembic.runtime.migration] Running upgrade 97c25b0d2353 -> 2e0d7a8a1586, Add binding index to RouterL3AgentBinding
INFO  [alembic.runtime.migration] Running upgrade 2e0d7a8a1586 -> 5c85685d616d, Remove availability ranges.
  OK

[root@node1 ~(keystone)]# systemctl enable --now neutron-server neutron-metadata-agent
[root@node1 ~(keystone)]# systemctl restart openstack-nova-api
[root@srv1 ~(keystone)]# openstack network agent list
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| ID                                   | Agent Type     | Host | Availability Zone | Alive | State | Binary                 |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
| 339aaf32-0f12-428a-b7a2-15d9a1880d40 | Metadata agent | srv1 | None              | :-)   | UP    | neutron-metadata-agent |
+--------------------------------------+----------------+------+-------------------+-------+-------+------------------------+
[root@srv1 ~(keystone)]# openstack network service list
openstack: 'network service list' is not an openstack command. See 'openstack --help'.
Did you mean one of these?
  network agent add network
  network agent add router
  network agent delete
  network agent list
  network agent remove network
  network agent remove router
  network agent set
  network agent show
  network auto allocated topology create
  network auto allocated topology delete
  network create
  network delete
  network flavor add profile
  network flavor create
  network flavor delete
  network flavor list
  network flavor profile create
  network flavor profile delete
  network flavor profile list
  network flavor profile set
  network flavor profile show
  network flavor remove profile
  network flavor set
  network flavor show
  network list
  network log create
  network log delete
  network log list
  network log set
  network log show
  network loggable resources list
  network meter create
  network meter delete
  network meter list
  network meter rule create
  network meter rule delete
  network meter rule list
  network meter rule show
  network meter show
  network qos policy create
  network qos policy delete
  network qos policy list
  network qos policy set
  network qos policy show
  network qos rule create
  network qos rule delete
  network qos rule list
  network qos rule set
  network qos rule show
  network qos rule type list
  network qos rule type show
  network rbac create
  network rbac delete
  network rbac list
  network rbac set
  network rbac show
  network segment create
  network segment delete
  network segment list
  network segment set
  network segment show
  network service provider list
  network set
  network show
  network subport list
  network trunk create
  network trunk delete
  network trunk list
  network trunk set
  network trunk show
  network trunk unset
  network unset
  endpoint add project
  endpoint create
  endpoint delete
  endpoint list
  endpoint remove project
  endpoint set
  endpoint show

在网络节点[srv3]配置Neutron

1) 安装Neurton
[root@srv3 ~]# yum --enablerepo=centos-openstack-queens,epel install \
openstack-neutron openstack-neutron-ml2 openstack-neutron-openvswitch libibverbs -y

如果出现以下错误可以去别的有pki下这个rpm包传过来
获取 GPG 密钥失败:[Errno 14] curl#37 - "Couldn't open file /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-SIG-Cloud"
[root@srv1 ~(keystone)]# scp /etc/pki/rpm-gpg/* srv3:/etc/pki/rpm-gpg/

[root@srv3 ~]# chmod 640 /etc/neutron/neutron.conf
[root@srv3 ~]# chgrp neutron /etc/neutron/neutron.conf
3) 配置L3
[root@node3 ~]# vim /etc/neutron/l3_agent.ini
添加如下内容
 16 interface_driver = openvswitch

4) 配置dhcp_agent
[root@node3 ~]# vim /etc/neutron/dhcp_agent.ini
添加如下内容
 16 interface_driver = openvswitch
 28 dhcp_driver = neutron.agent.linux.dhcp.Dnsmasq
 37 enable_isolated_metadata = true

5) 配置metadata_agent
[root@srv3 ~]# vim /etc/neutron/metadata_agent.ini
 22 nova_metadata_host = 192.168.1.101
 34 metadata_proxy_shared_secret = qyy_openstack
260 memcache_servers = 192.168.1.101:11211

6) 配置ML2
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/ml2_conf.ini
# 于129行,添加所支持的驱动及相关信息
[ml2]
136 type_drivers = local,flat,vlan,gre,vxlan,geneve
141 tenant_network_types =
145 mechanism_drivers = openvswitch,l2population
150 extension_drivers = port_security

7) 配置OVS
[root@srv3 ~]# vim /etc/neutron/plugins/ml2/openvswitch_agent.ini
# 于307行,如下内容
[securitygroup]
313 firewall_driver = openvswitch
318 enable_security_group = true
322 enable_ipset = true

计算节点配置Neutron

1) 安装Neutron组件
[root@srv2 ~]# yum --enablerepo=centos-openstack-queens,epel install openstack-neutron \
openstack-neutron-ml2 openstack-neutron-openvswitch -y

[root@srv1 ~(keystone)]# vim /etc/neutron/plugins/ml2/ml2_conf.ini 
254 firewall_driver = openvswitch
259 enable_security_group = true
263 enable_ipset = true

[root@srv1 ~(keystone)]# vim /etc/nova/nova.conf
 12 vif_plugging_isfatal = True
 13 vif_plugging_timeout = 300

[root@srv1 ~(keystone)]# systemctl enable --now openvswitch
[root@srv1 ~(keystone)]# systemctl restart openstack-nova-compute
[root@srv1 ~(keystone)]# systemctl enable --now neutron-openvswitch-agent

[root@srv1 ~(keystone)]# openstack network agent list

本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若转载,请注明出处:http://www.coloradmin.cn/o/1087560.html

如若内容造成侵权/违法违规/事实不符,请联系多彩编程网进行投诉反馈,一经查实,立即删除!

相关文章

铅华洗尽,粉黛不施,人工智能AI基于ProPainter技术去除图片以及视频水印(Python3.10)

视频以及图片修复技术是一项具有挑战性的AI视觉任务&#xff0c;它涉及在视频或者图片序列中填补缺失或损坏的区域&#xff0c;同时保持空间和时间的连贯性。该技术在视频补全、对象移除、视频恢复等领域有广泛应用。近年来&#xff0c;两种突出的方案在视频修复中崭露头角&…

不同类型的球幕影院对观影体验有何影响?

随着各类投影技术在内容展示场所中的广泛应用&#xff0c;使大众看到了投影技术形式的魅力&#xff0c;其中在内容展示场所中基于球幕投影技术布置的多媒体展项&#xff0c;所表现出来的沉浸式观影体验&#xff0c;更是让人眼前一亮&#xff0c;不过随着各类主题场所对它的呈现…

Unity 表面凝结水珠效果(无需编码案例分享)

文章目录 前言正文1、准备工作2、瓶子的表面会先慢慢变白3、身周围的物体的反射会慢慢变得模糊4、周围的反射又会慢慢的变回清晰5、出现一个个不跪着的小水珠 结语 前言 今天跟大家分享一一个非常简单的使用Unity制作出在物体便面凝结小水珠的过程动画&#xff0c;老规矩先上图…

Java 中 Volatile 关键字

基本概念 补充一下 java 内存模型中的 可见性、原子性和有序性 可见性&#xff1a; 指的是线程之间的可见性&#xff0c;一个线程修改的状态对另一个线程是可见的。也就是一个线程修改的结果&#xff0c;另一个线程马上可以看到。比如 &#xff1a;用 volatile 修饰的变量&am…

程序员自由创业周记#13:第一桶金

国庆假期 对于我而言是没有放假的概念的&#xff0c;可以说每天都是假期&#xff0c;但是孩子放假就不能做软件了&#xff0c;得陪着他&#xff0c;尤其他生了半个月的病&#xff0c;隔三差五就得去医院排两小时队看个医生&#xff0c;周记因此耽搁了两次。没有看到我的更新不…

【Java每日一题】——第二十九题:超市购物程序设计(2023.10.13)

&#x1f383;个人专栏&#xff1a; &#x1f42c; 算法设计与分析&#xff1a;算法设计与分析_IT闫的博客-CSDN博客 &#x1f433;Java基础&#xff1a;Java基础_IT闫的博客-CSDN博客 &#x1f40b;c语言&#xff1a;c语言_IT闫的博客-CSDN博客 &#x1f41f;MySQL&#xff1a…

二十一、动态内存管理

1 动态内存开辟 目前为止&#xff0c;我们已经掌握的内存开辟方式有&#xff1a; int val 20;//在栈空间上开辟四个字节 char arr[10] {0};//在栈空间上开辟10个字节的连续空间上述开辟空间的方式其实有两个缺点&#xff1a; 空间开辟的大小是固定的&#xff0c;一旦开辟就…

go语言基础之变量

目录 视频学习地址&#xff1a;Go零基础入门_在线视频教程-CSDN程序员研修院 一. 单变量声明和赋值 1、变量的声明 2、变量赋值 3、声明并赋值 二. 多变量声明和赋值 1、多变量声明 2、多变量赋值 三. 变量声明赋值的简易写法 1、单变量简易写法 2、多变量简易写法 …

14. SpringBoot项目之数据保存到数据库

SpringBoot项目之数据保存到数据库 1. 创建数据库&表 本栏目前面文章中已经讲过MySql连接SqlYog以及创建数据库&表 —>传送门 2. 导入ORM依赖&配置 在pom.xml中导入 要更新maven环境 <dependency><groupId>org.mybatis.spring.boot</groupI…

十个面试排序算法

一、 前言 最常考的是快速排序和归并排序&#xff0c;并且经常有面试官要求现场写出这两种排序的代码。对这两种排序的代码一定要信手拈来才行。还有插入排序、冒泡排序、堆排序、基数排序、桶排序等。面试官对于这些排序可能会要求比较各自的优劣、各种算法的思想及其使用场景…

Python爬虫(二十三)_selenium案例:动态模拟页面点击

本篇主要介绍使用selenium模拟点击下一页&#xff0c;更多内容请参考:Python学习指南 #-*- coding:utf-8 -*-import unittest from selenium import webdriver from selenium.webdriver.common.keys import Keys from bs4 import BeautifulSoup import timeclass douyuSelenium…

hive 之select 中文乱码

此处的中文乱码和mysql的库表 编码 latin utf 无关。 直接上案例。 有时候我们需要自定义一列&#xff0c;有时是汉字有时是字母&#xff0c;结果遇到这种情况了。 说实话看到这真是糟心。这谁受得了。 单独select 没有任何问题。 这是怎么回事呢&#xff1f; 经过一番检查&…

记录遇到的前端面试题,欢迎指正

css 1.隐藏元素的方式 转自将页面元素隐藏的10种方法 display:none display属性用于设置页面元素的显示方式&#xff0c;能够控制元素的显示或者隐藏&#xff0c;当他的值被设置为none时&#xff0c;就会隐藏对应的元素&#xff0c;使其不可见。 这种方法是最常用的隐藏元素的…

uboot启动流程-board_init_r函数执行过程

一. uboot启动流程 本文来了解 board_init_r 函数执行过程。_main函数会调用到 board_init_r 函数。 二. board_init_r函数执行过程 _main 函数会调用到 board_init_r 函数。 _main 函数在 uboot的 /arch/arm/lib/crt0.S 文件中。_main函数中&#xff0c;执行完 relocate_…

SLAM从入门到精通(ROS网络通信)

【 声明&#xff1a;版权所有&#xff0c;欢迎转载&#xff0c;请勿用于商业用途。 联系信箱&#xff1a;feixiaoxing 163.com】 之前我们学习ros的时候&#xff0c;大部分都是基于仿真来做的。但是最终&#xff0c;我们还是要把ros部署到小车上的。这就带来一个问题&#xff0…

qgis c++ api 整体框架详解

文章目录 整体架构QGis库官方文档编译生成的库 core地图和图层矢量图层(Vector layers)图层要素符号图层要素要素渲染(feature renderer)符号(symbol) 坐标映射数据源(data provider) Raster layers图层符号数据源坐标映射 core库其他有用类 guiQgsMapCanvasQgsMapToolQgsLayer…

VIT(Vision Transformer)学习(三)-纯VIT之swin transformer模型理解

语义分割网络纯 TRF 结构&#xff1a;VIT主干作为编码器&#xff0c;设计一个基于 TRF 架构的解码器。 今天学习swin transformer 源码地址: https://github.com/microsoft/Swin-Transform 哔哩哔哩讲解&#xff1a;12.1 Swin-Transformer网络结构详解_哔哩哔哩_bilibili 博…

支付宝开放平台第三方代小程序开发,消息服务推送通知总结

大家好&#xff0c;我是小悟 关于支付宝开放平台第三方代小程序开发的消息服务推送通知&#xff0c;是开放平台代小程序实现业务的重要功能。 消息服务推送通知&#xff0c;支持商家两种通讯协议来接收消息&#xff0c;分别为websocket 长连接和http。 关于websocket方式&am…

CentOS 7 编译安装Boost

1、前提条件 linux平台/CentOS 7 下要编译安装Boost除gcc和gcc-c之外&#xff0c;还需要两个开发库&#xff1a;bzip2-devel 和python-devel &#xff0c;因此在安装前应该先保证这两个库已经安装。 安装指令: yum install bzip2 bzip2-devel bzip2-libs python-devel Cent…

学习开发一个RISC-V上的操作系统(汪辰老师) — 01-helloRVOS程序讲解

前言 &#xff08;1&#xff09;此系列文章是跟着汪辰老师的RISC-V课程所记录的学习笔记。 &#xff08;2&#xff09;该课程相关代码gitee链接&#xff1b; &#xff08;3&#xff09;PLCT实验室实习生长期招聘&#xff1a;招聘信息链接 &#xff08;4&#xff09; start.S &a…