centos7 搭建openstack Liberty

来源：互联网发布：淘宝打印快递单步骤编辑：程序博客网时间：2024/06/10 15:55

1、配置主机名和host文件

主控节点和计算节点

cat >> /etc/hosts << OFF192.168.10.102    controller192.168.10.104    compute1OFF

主控节点ping计算机点

[root@localhost ~]# ping compute1PING compute1 (192.168.10.104) 56(84) bytes of data.64 bytes from compute1 (192.168.10.104): icmp_seq=1 ttl=64 time=0.309 ms64 bytes from compute1 (192.168.10.104): icmp_seq=2 ttl=64 time=1.08 ms

计算机节点ping主控

[root@compute1 ~]# ping controllerPING controller (192.168.10.102) 56(84) bytes of data.64 bytes from controller (192.168.10.102): icmp_seq=1 ttl=64 time=0.537 ms64 bytes from controller (192.168.10.102): icmp_seq=2 ttl=64 time=0.459 ms

2、配置时间同步

主控节点配置

安装chrony

yum install chrony

修改配置文件

server NTP_SERVER iburst    （NTP_SERVER修改为网络ntp服务器地址）allow 192.168.10.0/24

启动并设置开机启动

systemctl enable chronyd.servicesystemctl start chronyd.service

计算节点配置

安装chrony

yum install chrony

修改配置文件

server controller iburst    (server指向controller，注释其他ntp-server选项)

启动并设置开机启动

systemctl enable chronyd.servicesystemctl start chronyd.service

主控节点同步时间

[root@controller ~]# chronyc sources210 Number of sources = 3MS Name/IP address         Stratum Poll Reach LastRx Last sample===============================================================================^- dns2.synet.edu.cn             2   8   221   320   -682us[ +186us] +/-   11ms^* dns1.synet.edu.cn             2   7   337    67   +727us[+1338us] +/-   10ms^? 2001:da8:9000::130            0   6     0   10y     +0ns[   +0ns] +/-    0ns

计算节点同步时间

[root@compute1 ~]# chronyc sources210 Number of sources = 1MS Name/IP address         Stratum Poll Reach LastRx Last sample===============================================================================^? controller                    0  10     0   10y     +0ns[   +0ns] +/-    0ns

3、安装openstack软件包

主控和计算安装

yum -y install centos-release-openstack-libertyyum -y install https://rdoproject.org/repos/openstack-liberty/rdo-release-liberty.rpmyum -y upgradeyum -y install python-openstackclientyum -y install openstack-selinuxyum -y install openstack-utils

4、SQL database

主控节点安装SQL database

yum -y install mariadb mariadb-server MySQL-python

修改配置文件

cat > /etc/my.cnf.d/mariadb_openstack.cnf << OFF[mysqld]bind-address = 192.168.10.102default-storage-engine = innodbinnodb_file_per_tablecollation-server = utf8_general_ciinit-connect = 'SET NAMES utf8'character-set-server = utf8OFF

启动mariadb并设置开机启动

systemctl enable mariadb.servicesystemctl start mariadb.service

设置mariadb

 mysql_secure_installation

5、Message queue

主控节点安装rabbitmq-server、启动并设置自启

 yum -y install rabbitmq-server systemctl enable rabbitmq-server.service systemctl start rabbitmq-server.service

添加rabbitmq用户

rabbitmqctl add_user openstack PASS (将PASS更改为自己的密码)

rabbitmqctl add_user openstack  openstack

给rabbit的用户添加权限

rabbitmqctl set_permissions openstack ".*" ".*" ".*"

6、Identity service

创建keystone数据库

mysql -e "CREATE DATABASE keystone;"mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone';"mysql -e "GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone';"

安装软件包

yum -y install openstack-keystone httpd mod_wsgi  memcached python-memcachedsystemctl enable memcached.servicesystemctl start memcached.service

修改keystone配置文件
命令中的token可以通过 openssl rand -hex 10命令获取。

openstack-config --set /etc/keystone/keystone.conf DEFAULT admin_token 9776252a40ab6d597ae1openstack-config --set /etc/keystone/keystone.conf database connection mysql://keystone:keystone@192.168.10.102/keystoneopenstack-config --set /etc/keystone/keystone.conf memcache servers localhost:11211openstack-config --set /etc/keystone/keystone.conf token provider uuidopenstack-config --set /etc/keystone/keystone.conf token driver memcacheopenstack-config --set /etc/keystone/keystone.conf revoke driver sqlopenstack-config --set /etc/keystone/keystone.conf DEFAULT verbose True

初始化keystone数据库

 su -s /bin/sh -c "keystone-manage db_sync" keystone

修改http配置,并启动服务

sed -i "s/#ServerName www.example.com:80/ServerName controller/" /etc/httpd/conf/httpd.conf cat > /etc/httpd/conf.d/wsgi-keystone.conf << OFFListen 5000Listen 35357<VirtualHost *:5000>    WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-public    WSGIScriptAlias / /usr/bin/keystone-wsgi-public    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    <IfVersion >= 2.4>      ErrorLogFormat "%{cu}t %M"    </IfVersion>    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined    <Directory /usr/bin>        <IfVersion >= 2.4>            Require all granted        </IfVersion>        <IfVersion < 2.4>            Order allow,deny            Allow from all        </IfVersion>    </Directory></VirtualHost><VirtualHost *:35357>    WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}    WSGIProcessGroup keystone-admin    WSGIScriptAlias / /usr/bin/keystone-wsgi-admin    WSGIApplicationGroup %{GLOBAL}    WSGIPassAuthorization On    <IfVersion >= 2.4>      ErrorLogFormat "%{cu}t %M"    </IfVersion>    ErrorLog /var/log/httpd/keystone-error.log    CustomLog /var/log/httpd/keystone-access.log combined    <Directory /usr/bin>        <IfVersion >= 2.4>            Require all granted        </IfVersion>        <IfVersion < 2.4>            Order allow,deny            Allow from all        </IfVersion>    </Directory></VirtualHost>OFFsystemctl enable httpd.servicesystemctl start httpd.service

创建keystone服务和api endpoints

export OS_TOKEN=9776252a40ab6d597ae1export OS_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3openstack service create --name keystone --description "OpenStack Identity" identityopenstack endpoint create --region RegionOne identity public http://controller:5000/v2.0openstack endpoint create --region RegionOne identity internal http://controller:5000/v2.0openstack endpoint create --region RegionOne identity admin http://controller:35357/v2.0openstack project create --domain default --description "Admin Project" adminopenstack user create admin --domain default --password adminopenstack role create adminopenstack role add --project admin --user admin adminopenstack project create --domain default --description "Service Project" serviceopenstack project create --domain default --description "Demo Project" demoopenstack user create demo  --domain default --password demoopenstack role create useropenstack role add --project demo --user demo user

验证操作

unset OS_TOKEN OS_URLopenstack --os-auth-url http://controller:35357/v3 \--os-project-domain-id default --os-user-domain-id default \--os-project-name admin --os-username admin --os-auth-type password \token issueopenstack --os-auth-url http://controller:5000/v3 \--os-project-domain-id default --os-user-domain-id default \--os-project-name demo --os-username demo --os-auth-type password \token issue

创建环境变量,并验证

cat > /root/admin-openrc.sh << OFFexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=adminexport OS_TENANT_NAME=adminexport OS_USERNAME=adminexport OS_PASSWORD=adminexport OS_AUTH_URL=http://controller:35357/v3export OS_IDENTITY_API_VERSION=3OFFcat > /root/demo-openrc.sh << OFFexport OS_PROJECT_DOMAIN_ID=defaultexport OS_USER_DOMAIN_ID=defaultexport OS_PROJECT_NAME=demoexport OS_TENANT_NAME=demoexport OS_USERNAME=demoexport OS_PASSWORD=demoexport OS_AUTH_URL=http://controller:5000/v3export OS_IDENTITY_API_VERSION=3OFFsource admin-openrc.shopenstack token issuesource demo-openrc.sh openstack token issue

7、Image service

创建glance 数据库

mysql -e  "CREATE DATABASE glance;"mysql -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance';"mysql -e "GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance';"

创建glance 服务和api endpoints

source admin-openrc.shopenstack user create glance --domain default --password glanceopenstack role add --project service --user glance adminopenstack service create --name glance --description "OpenStack Image service" imageopenstack endpoint create --region RegionOne image public http://controller:9292openstack endpoint create --region RegionOne image internal http://controller:9292openstack endpoint create --region RegionOne image admin http://controller:9292

安装glance软件包

 yum -y install openstack-glance python-glance python-glanceclient

配置glacne

openstack-config --set /etc/glance/glance-api.conf database  connection mysql://glance:glance@controller/glanceopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken  auth_uri http://controller:5000openstack-config --set /etc/glance/glance-api.conf keystone_authtoken  auth_url http://controller:35357openstack-config --set /etc/glance/glance-api.conf keystone_authtoken  auth_plugin  passwordopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken  project_domain_id  defaultopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken  user_domain_id defaultopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken  project_name serviceopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken  username glanceopenstack-config --set /etc/glance/glance-api.conf keystone_authtoken  password  glanceopenstack-config --set /etc/glance/glance-api.conf paste_deploy flavor keystoneopenstack-config --set /etc/glance/glance-api.conf glance_store default_store fileopenstack-config --set /etc/glance/glance-api.conf glance_store filesystem_store_datadir /var/lib/glance/images/openstack-config --set /etc/glance/glance-api.conf DEFAULT notification_driver noopopenstack-config --set /etc/glance/glance-api.conf DEFAULT verbose Trueopenstack-config --set /etc/glance/glance-registry.conf database connection mysql://glance:glance@controller/glanceopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  auth_uri http://controller:5000openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  auth_url http://controller:35357openstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  auth_plugin  passwordopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  project_domain_id  defaultopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  user_domain_id defaultopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  project_name serviceopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  username glanceopenstack-config --set /etc/glance/glance-registry.conf keystone_authtoken  password  glanceopenstack-config --set /etc/glance/glance-registry.conf paste_deploy flavor keystoneopenstack-config --set /etc/glance/glance-registry.conf DEFAULT notification_driver noopopenstack-config --set /etc/glance/glance-registry.conf DEFAULT verbose True

初始化glance数据库

su -s /bin/sh -c "glance-manage db_sync" glance

启动glance服务并设置自启

systemctl enable openstack-glance-api.service openstack-glance-registry.servicesystemctl start openstack-glance-api.service openstack-glance-registry.service

上传镜像验证

echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.shsource admin-openrc.shcurl -O  http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.imgglance image-create --name "cirros" \--file cirros-0.3.4-x86_64-disk.img \--disk-format qcow2 --container-format bare \--visibility public --progressglance image-list

8、控制节点配置nova服务

创建nova数据库

mysql -e "CREATE DATABASE nova;"mysql -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova';"mysql -e "GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova';"

创建nova服务和api endpoints

source admin-openrc.shopenstack user create nova  --domain default --password novaopenstack role add --project service --user nova admin openstack service create --name nova --description "OpenStack Compute" computeopenstack endpoint create --region RegionOne compute public http://controller:8774/v2/%\(tenant_id\)sopenstack endpoint create --region RegionOne compute internal http://controller:8774/v2/%\(tenant_id\)sopenstack endpoint create --region RegionOne compute admin http://controller:8774/v2/%\(tenant_id\)s

安装nova软件包

yum -y install openstack-nova-api openstack-nova-cert \openstack-nova-conductor openstack-nova-console \openstack-nova-novncproxy openstack-nova-scheduler \python-novaclient

配置nova

openstack-config --set /etc/nova/nova.conf database connection mysql://nova:nova@controller/novaopenstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbitopenstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controlleropenstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstackopenstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstackopenstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin passwordopenstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id defaultopenstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id defaultopenstack-config --set /etc/nova/nova.conf keystone_authtoken project_name serviceopenstack-config --set /etc/nova/nova.conf keystone_authtoken username novaopenstack-config --set /etc/nova/nova.conf keystone_authtoken password novaopenstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.10.102openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.APIopenstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutronopenstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriveropenstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriveropenstack-config --set /etc/nova/nova.conf vnc vncserver_listen $my_ipopenstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ipopenstack-config --set /etc/nova/nova.conf glance host controlleropenstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmpopenstack-config --set /etc/nova/nova.conf DEFAULT enabled_apis osapi_compute,metadataopenstack-config --set /etc/nova/nova.conf DEFAULT verbose True

同步nova数据库,启动nova服务并设置自启

su -s /bin/sh -c "nova-manage db sync" nova systemctl enable openstack-nova-api.service \openstack-nova-cert.service openstack-nova-consoleauth.service \openstack-nova-scheduler.service openstack-nova-conductor.service \openstack-nova-novncproxy.servicesystemctl start openstack-nova-api.service \openstack-nova-cert.service openstack-nova-consoleauth.service \openstack-nova-scheduler.service openstack-nova-conductor.service \openstack-nova-novncproxy.service

9、计算节点安装nova服务

安装nova软件包

yum -y install openstack-nova-compute sysfsutilsyum -y install openstack-utils

修改nova配置

openstack-config --set /etc/nova/nova.conf DEFAULT rpc_backend rabbitopenstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_host controlleropenstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_userid openstackopenstack-config --set /etc/nova/nova.conf oslo_messaging_rabbit rabbit_password openstackopenstack-config --set /etc/nova/nova.conf DEFAULT auth_strategy keystoneopenstack-config --set /etc/nova/nova.conf keystone_authtoken auth_uri http://controller:5000openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_url http://controller:35357openstack-config --set /etc/nova/nova.conf keystone_authtoken auth_plugin passwordopenstack-config --set /etc/nova/nova.conf keystone_authtoken project_domain_id defaultopenstack-config --set /etc/nova/nova.conf keystone_authtoken user_domain_id defaultopenstack-config --set /etc/nova/nova.conf keystone_authtoken project_name serviceopenstack-config --set /etc/nova/nova.conf keystone_authtoken username novaopenstack-config --set /etc/nova/nova.conf keystone_authtoken password novaopenstack-config --set /etc/nova/nova.conf DEFAULT my_ip 192.168.10.104openstack-config --set /etc/nova/nova.conf DEFAULT network_api_class nova.network.neutronv2.api.APIopenstack-config --set /etc/nova/nova.conf DEFAULT security_group_api neutronopenstack-config --set /etc/nova/nova.conf DEFAULT linuxnet_interface_driver nova.network.linux_net.NeutronLinuxBridgeInterfaceDriveropenstack-config --set /etc/nova/nova.conf DEFAULT firewall_driver nova.virt.firewall.NoopFirewallDriveropenstack-config --set /etc/nova/nova.conf vnc enabled Trueopenstack-config --set /etc/nova/nova.conf vnc vncserver_listen  0.0.0.0openstack-config --set /etc/nova/nova.conf vnc vncserver_proxyclient_address $my_ipopenstack-config --set /etc/nova/nova.conf vnc novncproxy_base_url http://controller:6080/vnc_auto.htmlopenstack-config --set /etc/nova/nova.conf glance host controlleropenstack-config --set /etc/nova/nova.conf oslo_concurrency lock_path /var/lib/nova/tmpopenstack-config --set /etc/nova/nova.conf DEFAULT verbose True openstack-config --set /etc/nova/nova.conf libvirt virt_type qemu

启动nova服务，并设置自启

systemctl enable libvirtd.service openstack-nova-compute.servicesystemctl start libvirtd.service openstack-nova-compute.service

10、主控节点验证nova服务

修改环境变量（官网未变）

echo "export OS_REGION_NAME=RegionOne" >> admin-openrc.shsource admin-openrc.sh

验证

nova service-listnova endpointsnova image-list

11、Controller node Networking service

创建neutron数据库

mysql -e "CREATE DATABASE neutron;"mysql -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron';"mysql -e "GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron';"

创建neutron服务和api endpoints

source admin-openrc.shopenstack user create neutron --domain default --password neutronopenstack role add --project service --user neutron adminopenstack service create --name neutron --description "OpenStack Networking" networkopenstack endpoint create --region RegionOne network public http://controller:9696openstack endpoint create --region RegionOne network internal http://controller:9696openstack endpoint create --region RegionOne network admin http://controller:9696

11、Controller Provider networks

安装软件包

yum -y install openstack-neutron openstack-neutron-ml2 \openstack-neutron-linuxbridge python-neutronclient ebtables ipset

配置neutron 服务

openstack-config --set /etc/neutron/neutron.conf database connection mysql://neutron:neutron@controller/neutronopenstack-config --set /etc/neutron/neutron.conf DEFAULT core_plugin ml2openstack-config --set /etc/neutron/neutron.conf DEFAULT service_pluginsopenstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbitopenstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controlleropenstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstackopenstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstackopenstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystoneopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin passwordopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id defaultopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id defaultopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name serviceopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutronopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutronopenstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_status_changes Trueopenstack-config --set /etc/neutron/neutron.conf DEFAULT notify_nova_on_port_data_changes Trueopenstack-config --set /etc/neutron/neutron.conf DEFAULT nova_url http://controller:8774/v2openstack-config --set /etc/neutron/neutron.conf nova auth_url http://controller:35357openstack-config --set /etc/neutron/neutron.conf nova auth_plugin passwordopenstack-config --set /etc/neutron/neutron.conf nova project_domain_id defaultopenstack-config --set /etc/neutron/neutron.conf nova user_domain_id defaultopenstack-config --set /etc/neutron/neutron.conf nova region_name RegionOneopenstack-config --set /etc/neutron/neutron.conf nova project_name serviceopenstack-config --set /etc/neutron/neutron.conf nova username novaopenstack-config --set /etc/neutron/neutron.conf nova password novaopenstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmpopenstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True openstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 type_drivers flat,vlanopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 tenant_network_typesopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 mechanism_drivers linuxbridgeopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2 extension_drivers port_securityopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini ml2_type_flat flat_networks publicopenstack-config --set /etc/neutron/plugins/ml2/ml2_conf.ini securitygroup enable_ipset  Trueopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:eno16777728openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan  Falseopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing Trueopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group Trueopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver neutron.agent.linux.iptables_firewall.IptablesFirewallDriveropenstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT interface_driver neutron.agent.linux.interface.BridgeInterfaceDriveropenstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT dhcp_driver neutron.agent.linux.dhcp.Dnsmasqopenstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT enable_isolated_metadata Trueopenstack-config --set /etc/neutron/dhcp_agent.ini DEFAULT verbose True

12、Controller完成neutron安装

配置文件

openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_uri http://controller:5000openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_url http://controller:35357  openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_region RegionOne  openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT auth_plugin password  openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_domain_id  defaultopenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT user_domain_id defaultopenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT project_name  service openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT username  neutronopenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT password  neutronopenstack-config --set /etc/neutron/metadata_agent.ini DEFAULT nova_metadata_ip  controller openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT metadata_proxy_shared_secret neutron openstack-config --set /etc/neutron/metadata_agent.ini DEFAULT verbose  Trueopenstack-config --set /etc/nova/nova.conf neutron url http://controller:9696 openstack-config --set /etc/nova/nova.conf neutron auth_url http://controller:35357 openstack-config --set /etc/nova/nova.conf neutron auth_plugin passwordopenstack-config --set /etc/nova/nova.conf neutron project_domain_id  defaultopenstack-config --set /etc/nova/nova.conf neutron user_domain_id  defaultopenstack-config --set /etc/nova/nova.conf neutron region_name RegionOneopenstack-config --set /etc/nova/nova.conf neutron project_name service openstack-config --set /etc/nova/nova.conf neutron username neutron openstack-config --set /etc/nova/nova.conf neutron password neutron openstack-config --set /etc/nova/nova.conf neutron service_metadata_proxy  Trueopenstack-config --set /etc/nova/nova.conf neutron metadata_proxy_shared_secret  neutron

同步数据，启动并设置自启

ln -s /etc/neutron/plugins/ml2/ml2_conf.ini /etc/neutron/plugin.inisu -s /bin/sh -c "neutron-db-manage --config-file /etc/neutron/neutron.conf \--config-file /etc/neutron/plugins/ml2/ml2_conf.ini upgrade head" neutronsystemctl restart openstack-nova-api.servicesystemctl enable neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.servicesystemctl start neutron-server.service \neutron-linuxbridge-agent.service neutron-dhcp-agent.service \neutron-metadata-agent.servicesystemctl enable neutron-l3-agent.servicesystemctl restart neutron-l3-agent.service

13、Compute node Networking service

安装neutron软件包

yum -y install openstack-neutron openstack-neutron-linuxbridge ebtables ipset

配置neutron

openstack-config --set /etc/neutron/neutron.conf DEFAULT rpc_backend rabbitopenstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_host controlleropenstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_userid openstackopenstack-config --set /etc/neutron/neutron.conf oslo_messaging_rabbit rabbit_password openstackopenstack-config --set /etc/neutron/neutron.conf DEFAULT auth_strategy keystoneopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_uri http://controller:5000openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_url http://controller:35357openstack-config --set /etc/neutron/neutron.conf keystone_authtoken auth_plugin passwordopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_domain_id defaultopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken user_domain_id defaultopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken project_name serviceopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken username neutronopenstack-config --set /etc/neutron/neutron.conf keystone_authtoken password neutronopenstack-config --set /etc/neutron/neutron.conf oslo_concurrency lock_path /var/lib/neutron/tmpopenstack-config --set /etc/neutron/neutron.conf DEFAULT verbose True

14、Compute Provider networks

openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini linux_bridge physical_interface_mappings public:eno16777728openstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini vxlan enable_vxlan Falseopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini agent prevent_arp_spoofing Trueopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup enable_security_group Trueopenstack-config --set /etc/neutron/plugins/ml2/linuxbridge_agent.ini securitygroup firewall_driver  neutron.agent.linux.iptables_firewall.IptablesFirewallDriver

15、comput完成neutron安装

配置

openstack-config --set /etc/nova/nova.conf neutron url http://controller:9696openstack-config --set /etc/nova/nova.conf neutron auth_url  http://controller:35357openstack-config --set /etc/nova/nova.conf neutron auth_plugin passwordopenstack-config --set /etc/nova/nova.conf neutron project_domain_id  defaultopenstack-config --set /etc/nova/nova.conf neutron user_domain_id  defaultopenstack-config --set /etc/nova/nova.conf neutron region_name  RegionOneopenstack-config --set /etc/nova/nova.conf neutron project_name  serviceopenstack-config --set /etc/nova/nova.conf neutron username  neutronopenstack-config --set /etc/nova/nova.conf neutron password  neutron

启动并设置开机自启

systemctl restart openstack-nova-compute.servicesystemctl enable neutron-linuxbridge-agent.servicesystemctl start neutron-linuxbridge-agent.service

17、Add the dashboard

安装软件包

yum -y install openstack-dashboard

修改配置文件

vi /etc/openstack-dashboard/local_settingsOPENSTACK_HOST = "controller"ALLOWED_HOSTS = ['*', ]CACHES = {    'default': {         'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache',         'LOCATION': '127.0.0.1:11211',    }}OPENSTACK_KEYSTONE_DEFAULT_ROLE = "user"OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = TrueOPENSTACK_API_VERSIONS = {    "identity": 3,    "volume": 2,}OPENSTACK_NEUTRON_NETWORK = {    ...    'enable_router': False,    'enable_quotas': False,    'enable_distributed_router': False,    'enable_ha_router': False,    'enable_lb': False,    'enable_firewall': False,    'enable_vpn': False,    'enable_fip_topology_check': False,}TIME_ZONE = "TIME_ZONE"

启动服务

systemctl enable httpd.service memcached.servicesystemctl restart httpd.service memcached.service

1 0